The following (sad) letter yesterday from reader H demonstrates why phishing works:
Dear Sir:
Thanks for visiting Consumerist.com. As of October 2017, Consumerist is no longer producing new content, but feel free to browse through our archives. Here you can find 12 years worth of articles on everything from how to avoid dodgy scams to writing an effective complaint letter. Check out some of our greatest hits below, explore the categories listed on the left-hand side of the page, or head to CR.org for ratings, reviews, and consumer news.
The following (sad) letter yesterday from reader H demonstrates why phishing works:
Dear Sir:
The popular conception of phishers is of shadowy electronic masterminds, using a mix of technical prowess, deception and anonymity to trick consumers into handing over the bank account details. Actually, most of them are too stupid to design their own websites. That’s what two security researchers found when they delved deep into the online phishing community.
Chris went ahead and added some animal pictures to make a video of that phone call between a scammer and a Southern gentleman. A weasel plays the Indian phisher, a houndog plays the gentleman, and a goose plays his wife. Go back to the post and watch it, it’s even funnier than the original.
–> A man in Virginia who apparently likes to record suspicious phone calls captured a very funny 10-minute talk with the world’s clumsiest phisher who called his house trying to get his bank account number. His local news station reports, “Howard says he recorded it because he wanted to help people by putting it on the news.”
Today we received a handy brochure (PDF) in the mail from the postal service. “Deter, Detect, Defend,” it reads, and it offers a bunch of handy reminders of what to look out for when it comes to protecting your identity, and what to do if you suspect it’s been stolen. If yours was stolen (ha ha, we kid!), you can read read or download it from the FTC’s ID theft website.
If you’re an HSBC customer, check your account, as there may be a wave of fraudulent activity hitting your bank. Two days ago we wrote about the guy in the U.S. who discovered his account had been drained by someone in Bulgaria. Later that day we received an email from Emily in NYC who was having similar problems, only her fraud-buddy was in California and Canada making withdrawals on her account.
Emily’s fiancé wrote back to us today with an update, and according to Emily, the HBSC Fraud Investigator who spoke to her “said that their fraud department was so overwhelmed, it was ‘still in the developing stage of how we’re going to handle’ it. I asked if she knew how many customers were affected and she stated ‘We don’t even know.'”
The IRS would like you to know that its not planning on emailing you about your tax rebate. “The IRS does not send unsolicited e-mail about tax account matters to individual, business, tax-exempt or other taxpayers,” the agency warned yesterday.
Phishers are now turning to text messages to get people to fork over their personal banking information. Con artists targeting southwest Missouri sent text messages to hundreds of cellphone users, telling them that their bank account expired and directing them to a fake website with a URL containing the bank’s name. There the website captured the login and password of anyone who logged in. Phishers will use any medium they can. If you receive a message purporting to be from your bank and you’re not sure if it’s legit, call your bank directly to verify its authenticity
Ars Technica reports that “42 percent of adults in the UK feel that their trust in a brand would be greatly reduced by receiving a phishing e-mail claiming to be from that brand, according to an online survey conducted by research firm YouGov.”
The IRS is warning consumers of a new email scam going around posing as the IRS and soliciting donations for the California wildfire victims.
It’s not a good week for Vonage. VoIP Security firm Sipera has announced that they’ve discovered a vulnerability in Vonage’s equipment that can allow hackers to take control of user accounts to intercept calls, make calls via the accounts, eavesdrop, or launch DoS attacks. Although most VoIP systems are about as secure as sending IM messages over a public wifi network (that is, not secure at all), Vonage has a couple of special problems with its Motorola adapters not authorizing requests, which leaves a special door open for bad people doing bad things. The problem also affects adapters from Grandstream and Globe7.
If you have a PayPal or eBay account, or use OpenID to login to participating sites, then for $5 you can add a second layer of security that is virtually impossible to break unless the thief physically locates you and steals a little plastic device. The PayPal Security Key is a small, keychain-ready fob with a unique ID that’s tied to your account. It generates a new six-digit code very 30 seconds, which you have to enter whenever you log in. The down side is you have to have your security key with you in order to read the code. But the benefits are huge: you basically have a 2nd password that changes 2,880 times every day—and that isn’t available anywhere online.
1. Missing Auction Goods – Auction fraud represents over a third of Internet scam complaints every year. Your safest bet is to pay with plastic so you gain the protections of the Fair Credit Billing Act. When plastic’s not an option, setting up an account through PayPal or BillPay that connects to your credit card is the next best bet.
eBay has been hacked, says Ars Technica, and several members have had their accounts disabled. eBay’s Trust and Safety team issued a statement in which they said (adorably) that the hacker was “a known fraudster to us.”
Stopbadware.org has just released its “Trends in Badware 2007” report, a free overview of all the ways you and your computer can be slipped digital roofies while you’re online looking at LOLpornography and doing your banking through Twitter. It’s written in a deliberately non-technical style, so if you’re put-off or intimidated by the Slashdot crowd, this is a great way to educate yourself or a naive loved one about the dangers of drive-by downloads, website hacking, and so on.
According to a demonstration by Chris Soghoian over at CNet, Bank of America’s “SiteKey” picture authentication feature can be spoofed by phishers and is, basically, worthless.
../../../..//2007/09/13/after-an-18-month-long-investigation/
After an 18-month-long investigation, German police have arrested 10 Russians, Ukrainians, and Germans who they think were involved in phishing scams that bilked users out of “hundreds of thousands of euros.” The suspects targeted customers of eBay and Deutsche Telekom, among other companies, and lived “luxurious lifestyles involving expensive jewelry, cars and travel.” [Reuters]
When you consider the risk and high cost of identity theft, it pays to be skeptical whenever someone calls you and claims to be from your credit card company. How can you verify that they’re legit? Reader Cathy points us to bloggingawaydebt.com, which offers five simple things to do if you want to make sure you’re not being scammed.
Part of
Founded in 2005, Consumerist® is an independent source of consumer news and information published by Consumer Reports.