Silicon Valley - Public Access Link

Phishing Scams

What is Phishing?

Phishing is the use of email to get Internet users to divulge personal information. This information is usually financial information that can be used to steal from the individual providing the information. These scams usually work by warning the user that his/her account with some bank or financial institution is at risk and the user must provide information to the institution to keep the account open. Of course there are many variations on this, but you get the idea. Citibank, eBay, and PayPal are common targets of these scams.

How do I Recognize a Phishing Scam?

These scams are getting better and do a lot to make their message look legitimate. They use the style and icons of the institution they are scamming. Most of the web links even point back to that institution. If you carefully examine the source of the message you will typically see a link like href="http://www1-ebay .com/… This is not an eBay site, but might look like it if not examined carefully. In conclusion, it can be difficult to recognize one of these scams.

What Should I do if I Receive a Message like this?

The safest way to respond to one of these emails is to deal directly with the institution. If you don't have an account with that institution, then ignore the message. If have an account, then contact the institution directly. Don't click on any links in the email, they cannot be trusted. Open a new browser window and enter the institution's web address directly. You may want to call the customer support on the telephone. Again don't use numbers listed in the email, but obtain the number from the phone book, bank statements, or some other trusted source. If there really is a problem with your account, they should be able to help you.

Protective Measures

Turn off javascript in your email program. Javascript is not needed for email and can be used to make it more difficult to identify phishing scam emails. Install an URL toolbar such as Spoofstick from corestreet.com. This tool shows the actual name of the web site you are currently viewing.

Oh No, I Responded to one of these emails, What do I do now?

Contact your financial institution right away and let them know that you may have been scammed. They may be able to protect your account from the scammers. You should also contact the Federal Trade Commission (FTC) to report the fraud. You may also want to contact you local police to report the fraud.

Edited Example of an Actual Phishing Email


From: <nsbank@service.nsbank .com>
Subject: You have 1 new ALERT message
To: nobody@nosuch.nosuch
Reply-To: nsbank@service.nsbank .com
Date:Wed, 07 Feb 2007 05:20:23 -0500

You have 1 new ALERT message
Please login to your Personal Account Access Internet Banking
and visit the Message Center section in order to read the message.

To Login, please click the link below:

Go To Personal Account Access


© 2007 Nevada State Bank. All rights reserved.

And here's the source view of the message. Note that the email is not really from Nevada State Bank, but rather server749.peel7 .com. Also note the web link is not to Nevada State Bank, but to 91.92 .231.202, the scam web site.

Return-Path: <explore1@server749.peel7 .com>
Received: from enterprise.svpal.org (3b91s2nk3jqfkx7n@enterprise-pn.svpal.org [192.168.147.69])
	by svpal.svpal.org (8.13.8/8.13.8) with ESMTP id l17AR3sn038505
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <nobody@nosuch.nosuch>; Wed, 7 Feb 2007 02:27:09 -0800 (PST)
	(envelope-from explore1@server749.peel7 .com)
Received: from server749.peel7 .com (server749.peel7 .com [69.36.3.34])
	by enterprise.svpal.org (8.13.8/8.13.8) with ESMTP id l17AQPFs028395
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <nobody@nosuch.nosuch>; Wed, 7 Feb 2007 02:26:26 -0800 (PST)
	(envelope-from explore1@server749.peel7 .com)
Received: from localhost (localhost [127.0.0.1]) (uid 806)
	by server749.peel7 .com with local; Wed, 07 Feb 2007 05:20:23 -0500
	id 0004EECD.45C9A7E7.00003734
To: nobody@nosuch.nosuch
Subject: You have 1 new ALERT message
From: "nsbank@service.nsbank .com" <nsbank@service.nsbank .com>
Reply-To: nsbank@service.nsbank .com
Mime-Version: 1.0
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Message-ID: <courier.45C9A7E7.00003734@server749.peel7 .com>
Date: Wed, 07 Feb 2007 05:20:23 -0500

<HTML>
<CENTER>
<FONT face="verdana" size=2><B>You have
1 new ALERT message</B><BR>
Please login to your <B>Personal Account Access Internet
Banking</B><BR> and visit the <B>Message Center</B>
section in order to read the message.<BR><BR>

To Login, please click the link below:<BR><BR>

<a href="http:// 91.92. 231.202/ banking.nsbank .com/passwordreset/
praction/nsb/PasswordReset.htm">Go To Personal Account
Access </a></FONT><BR><BR>

<font face="verdana" color="99999" size=1> ©
2007 Nevada State Bank. All rights reserved.
</FONT></CENTER>
</HTML>





Another Edit Example of an Actual Phishing Email


From: "eBay User Agreement" <aw-confirm@ebay .com>
Subject: eBay - Billing Information Need To Update
To: nobody@nosuch.nosuch
Reply-To: aw-confirm@ebay .com
Date:Sun, 27 Mar 2005 14:49:48 +0200

Dear eBay Member,

Due to recent account takeovers and unauthorized listings, eBay is introducing a new account verification method. From time to time, randomly selected accounts (seller and/or buyer) are subjected to an advanced verification process based on our merchant accounts/bank relations and customers credit card. eBay may also request in an email message scanned/faxed copies of one or more photo ID's. Your account confirmation may go wrong if your credit card/bank account is expired, or if you have changed your credit card number, billing address etc. without notifying us about the change. Subject of this verification process are also the accounts that have unpaid dues to eBay.
Your account is not suspended, but if in 48 hours after you receive this message your account is not confirmed we reserve the right to suspend your eBay registration. If you received this notice and you are not the authorized account holder, please be aware that it is in violation of eBay policy to represent oneself as another eBay user. Such action may also be in violation of local, national, and/or international law. eBay is committed to assist law enforcement with any inquires related to attempts to misappropriate personal information with the intent to commit fraud or theft. Information will be provided at the request of law enforcement agencies to ensure that perpetrators are prosecuted to the full extent of the law.

Note: If this is the second time you receive this notice, it might be because you have made a mistake when you entered your details or that the account was not updated at all.


To confirm your identity with us click here:
http://signin.ebay .com/aw-confirm

We apologize in advance for any inconvenience this may cause you and we would like to thank you for your cooperation as we review this matter.


Respectfully,
Trust and Safety Department
eBay Inc.

And here's the source view of the message. Note that the email is not really from eBay, but rather HostMaster31.hostingbay .net. Also note the web link is not to eBay, but to 66.49.46.170, the scam web site.

Return-Path: <aw-confirm@ebay .com>
Received: from HostMaster31.hostingbay .net (HostMaster31.hostingbay .net [66.98.204.20])
	by enterprise.svpal.org (8.13.1/8.13.1) with ESMTP id j2RD6jGA031347
	for <nobody@nosuch.nosuch>; Sun, 27 Mar 2005 05:06:49 -0800 (PST)
	(envelope-from aw-confirm@ebay .com)
Message-Id: <200503271306.j2RD6jGA031347@enterprise.svpal.org>
Received: from [212.118.20.55] (helo=abood)
	by HostMaster31.hostingbay .net with esmtpa (Exim 4.44)
	id 1DFXD6-0005ta-Ez; Sun, 27 Mar 2005 22:49:46 +1000
From: "eBay User Agreement" <aw-confirm@ebay .com>
Subject: eBay - Billing Information Need To Update
To: nobody@nosuch.nosuch
Content-Type: text/html;iso-8859-1
Reply-To: aw-confirm@ebay .com
Date: Sun, 27 Mar 2005 14:49:48 +0200
X-Priority: 3
X-Library: Indy 8.0.25

<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<meta name="GENERATOR" content="Microsoft FrontPage 4.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<title>New Page 1</title>
</head>

<body>

<p><b>Dear eBay Member,</b><br>
<br>
Due to recent account takeovers and unauthorized listings, eBay is introducing a
new account verification method. From time to time, randomly selected accounts
(seller and/or buyer) are subjected to an advanced verification process based on
our merchant accounts/bank relations and customers credit card. eBay may also
request in an email message scanned/faxed copies of one or more photo IDs. Your
account confirmation may go wrong if your credit card/bank account is expired,
or if you have changed your credit card number, billing address etc. without
notifying us about the change. Subject of this verification process are also the
accounts that have unpaid dues to eBay.<br>
Your account is not suspended, but if in 48 hours after you receive this message
your account is not confirmed we reserve the right to suspend your eBay
registration. If you received this notice and you are not the authorized account
holder, please be aware that it is in violation of eBay policy to represent
oneself as another eBay user. Such action may also be in violation of local,
national, and/or international law. eBay is committed to assist law enforcement
with any inquires related to attempts to misappropriate personal information
with the intent to commit fraud or theft. Information will be provided at the
request of law enforcement agencies to ensure that perpetrators are prosecuted
to the full extent of the law.<br>
<br>
Note: If this is the second time you receive this notice, it might be because
you have made a mistake when you entered your details or that the account was
not updated at all.<br>
<br>
<br>
<b>To confirm your identity with us click here:</b><br>
<a href="http:// 66.49. 46.170">http://signin.ebay .com/aw-confirm</a><br>
<br>
<b>We apologize in advance for any inconvenience this may cause you and we would
like to thank you for your cooperation as we review this matter.</b><br>
<br>
<br>
Respectfully,<br>
Trust and Safety Department<br>
eBay Inc.</span></p>

</body>

</html>

[SVPAL Home] [Subscriber]

Contact Silicon Valley Public Access Link
Last Updated: Wednesday July 8, 2015
HTML5 UTF-8 (EURO €)