The BBB says people are reporting seeing a new phishing scam going around that masquerades as an Amazon order alert. It arrives as a confirmation email with a product description, price, and Amazon logo. Naturally, if you click the provided account link to cancel the order or see whether you were actually charged for the item, the login screen you’ll be taken to won’t be Amazon.
How can you electronically drain someone’s bank account while also preventing their bank from contacting them to verify the transaction? Use telephony to flood all of their phone lines with anything from dead air to phone sex promo recordings. According to the Communication Fraud Control Association, these scams are increasing in recent weeks. Be wary.
If you spend a lot of time online, you’re probably aware of phishing scams and know what to look out for. In other words, you’re not one of those ignorant types who clicks on links and starts entering personal information without hesitation. Writer and blogger Cory Doctorow is what you might call hyper-vigilant–he keeps unique passwords, uses a VPN when going online in public, and generally knows not to trust strangers. Still, he got phished a couple of weeks ago.
Jeff received this email from Amazon warning against a phishing scam bent on swiping your password. Here’s the email:
It’s a new day, so there must be a new revelation about another way in which Google Buzz is an affront to the concept of personal privacy, right? But the latest complaint about the Internet giant’s unasked-for answer to Facebook and Twitter goes far beyond making your private contacts public or adding potential personal safety risks to your “followers” list. It looks like the phishers and botnet scammers have already begun taking advantage of the new feature.
I like flowcharts because they appeal to the part of me that wants to be a robot. I also like them because they make multi-step decision paths incredibly simple to follow, even if you don’t have a lot of insight into the big picture. This flowchart from LoginHelper.com will help even your PowerPoint-slideshow-forwarding relative (yes, that one) shoot down phishers as soon as they hit the In Box.
The Centers for Disease Control have issued a warning that there’s a new, swine flu-themed phishing email going around. It says something about an imaginary State Vaccination H1N1 Program, and asks you to create an account on the cdc.gov website–and if you click the link, malicious code may be installed on your system. Obviously you have brain worms if you fall for this.
An email claiming to be from the FDIC is making the rounds on the internet. It supposedly contains a “personal FDIC insurance file” that is really some sort of badness that will ruin your day. Do not click.
Scammers pretending to buy ads for Suzuki tricked Gawker’s ad sales team last week into running malware-laced ads that installed spyware and crashed the browsers of some readers before they were caught and pulled.
Since 2007, the FBI and authorities in Egypt have been running an investigation they’ve called “Operation Phish Phry,” sigh, and this week it paid off with 53 charges against U.S. defendants and 47 against people in Egypt. Three of the 53 in the U.S. have been arrested, and the FBI are looking for the other 50. To prove you’re not one of the remaining 50, please send the FBI your login credentials to your bank. Ha ha, we kid.
William wrote to us this weekend to point out how little Microsoft does to fight phishing attacks on their hugely popular Xbox LIVE network. It’s unfortunate they don’t take this sort of crime more seriously, since so many kids—who by all rights should have less experience with phishing—are on Xbox LIVE. Below is what two different Xbox CSRs told William when he contacted them to complain about phishing attacks.
Hey, we helped get an Ameriprise customer banned from the financial company’s consumer advisory panel! Sorry about that, Brendan.
[Note: The original headline for this post mistakenly identified Ameritrade as the subject of the post. It is actually Ameriprise Financial. I deeply regret the error.] Since March of this year, security expert Russ McRee of HolisticInfoSec.org has sent 6 messages to Ameriprise Financial warning them of easily exploitable security holes on their website. They ignored every request, while at the same time reassuring customers that “No one without the proper web browser configuration can view or modify information contained on our systems.”
No, Amazon is not contacting its members and performing regular fraud checks. Jason received this e-mail, which is associated with a rather convincing Amazon phishing site.
Back in March we posted a warning about thieves masquerading as Steam in order to get into customers’ accounts and download games to resell. One reader, Richard, just received this special “alert” on his Steam IM pane this evening.
Freddie writes that his friend was tricked by a phishing email. All the warning signs were there to tip off his friend—an email saying he needed to click a link, a suspicious url, a page asking for his login info—but he clicked and entered the info anyway. Please do not be like Freddie’s friend, who is now probably on the phone with the real Wells Fargo trying to get his account number changed.