Citigroup

 

According to the media, Citigroup have a few problems.

Their clients are also getting targeted by lots of phishing e-mails.

Talk about kicking someone when they're down.

PayPal Scams

 

Yesterday, I received eight messages purporting to come from PayPal.

I knew all were scams as they didn't come to the special e-mail address that I use for PayPal. I would recommend that everybody do this, as it means nearly all of the scams are instantly recognisable.

One scam recommended that I visit a web site called paypal-account-protection.com. Sounds pretty feasible, but I checked the registration.

Registrant: xiaowne
No.12 chang'an road
100001

Administrative Contact: ca wen xiaowne
No.12 chang'an road
beijing Beijing 100001
China
tel: 86 010 24902994
fax: 86 010 24092409
24@24.com

Technical Contact: ca wen xiaowne
No.12 chang'an road
beijing Beijing 100001
China
tel: 86 010 24902994
fax: 86 010 24092409
24@24.com

Billing Contact: ca wen xiaowne
No.12 chang'an road
beijing Beijing 100001
China
tel: 86 010 24902994
fax: 86 010 24092409
24@24.com

Registration Date: 2007-08-08
Update Date: 2007-09-05
Expiration Date: 2008-08-08

Primary DNS: dns1.curreton.com 200.72.139.67
Secondary DNS: dns2.curreton.com 85.29.132.178

Next time you want to buy those cheap goods made in China, think again!

North Island Credit Union

 

They can't even spell island.

What a bunch of anal-retentive tossers.

Nought out of five.

AN IMPORTANT MESSAGE TO NORTH ISLAN CREDIT UNION CUSTOMERS.

Dear Customer,

This is your official notification that the service(s) listed below will be deactivated and deleted if not renewed
immediately. Previous Notifications have been sent to the Billing Contact assigned to this account.

As the Primary Contact, you must renew the service(s) listed below.

SERVICE : North Island Credit Union Online Banking and services.
EXPIRATION : September 1st 2007

What you need to do:

It`s easy to renew your Online Banking Services :

- Go to MYISLAND Sign On
- Update your North Island Credit Union information immediately.

Thank you.
North Island Credit Union.

Copyright 1998-2007 North Island Credit Union. All rights reserved
Island Paradise artwork property of North Island Credit Union.

HSBC Goes Green

 

It's a scam.

Green Option for current accounts

Why not do your bit and help the environment by Going Green with an HSBC current account?

HSBC is committed to finding ways of reducing its impact on the environment through saving paper and the energy used to produce, transport and dispose of it.
Going Green with an HSBC current account is all about doing your everyday banking, but in ways that do not impact the environment, through the removal of unnecessary paper.

It's based on a Hong Kong web site.

DON'T FALL FOR IT!!!

Royal Bank of Scotland

 

The spammers are hitting this company a lot.

It doesn't bother me, as I don't have an on-line bank account.

Instant Reward From the Co-Operative Bank

 

I have had 100 copies of this scam.

Have you ever heard of free rewards from a bank? Although I did get a very good offer from the Daily Telegraph to fill in a form to get a £10 voucher from John Lewis. It worked to!


But the amateurishness of this scam gives criminals a bad name.

You would have to be truly stupid to fall for this one, as the link isn't even activated.

Fifth Third Bank and H-BoS - Part 3

 

Just after two this morning, bank phishing scams for H-BoS stopped. But they are still continuing at the same rate for Fifth Third Bank.

I find this odd, as all the scams appear to be similar and coming from the same place. Surely, the banks are all working together to fight the spammers in which case both sets of scams would have died together.

But they didn't!

Does this mean that there is none or only a rudimentary anti-spam network amongst the banks?

Fifth Third Bank and H-BoS - Part 2

 

They're still going!

Two more URLs to add; caeresi.jp and acimeddits.jp. Both point to the same place in Canada. Well it might be in Canada.

I would have thought by now that the two banks could have done something to protect their customers. Or is it that they just don't care? Or are they frightened of these crooks who try to ruin their customers?

Fifth Third Bank and H-BoS - Part 1

 

I'm now getting bank phishing e-mails for just these two banks.

As they use the same URLs, they are from the same crook in possibly Canada.

Does this show how few of these crooks there are out there and how easily they can be stopped? But judging by the response of the banks, who seem to take weeks to clear up an attack, their performance in this area is bad.

H-BoS Erupts

 

I've had a massive amount of bank phishing scams from Bank of Scotland/Halifax today. The count was eventually 221 e-mails and they're still coming.

All but two have come from a server registered in Canada at www.epaeiddea.net. (Click the link and you get nothing!) Domains named include www.andoesn.biz, affdns.cc, daereasds.bz, ertyhnkj.org.nz and pocketmakedoor.com. All domains and the server have been registered in the last few days.

I suspect all the registrations are bogus, but they may not be, so if you feel like checking some of the phone numbers, who am I to say no. Perhaps the unfortunates might complain to the police and something would be done about those that register domain names in the names of innocents.

Most of the details lead to :-

Domain Discreet
P.O. Box 278
Yarmouth, NS B5A 4B2
Canada
Phone: 1-902-7495331

It does seem that the Canadians don't seem to bother too much.

Perhaps, it would be a good idea not to buy anything Canadian.

Michael Peel and Nigerian Fraud

 

Michael Peel of Chatham House and the Financial Times has written a very interesting report accusing governments, and especially the British government, of ignoring the problem of fraud carried out by Nigerian nationals, both in their home country and abroad.

Governments, financial institutions and banks just hope there problems will go away. They won't unless positive action is taken.

Nationwide Drops a Laptop

 

I hate laptops.

They are difficult to use, the screen is small, the mouse is awful and above all they are fragile. Drop one and say good-bye to your data. My Son, George, makes money by resurrecting them. Often people don't back them up which makes matters worse.

But then so many people think of a laptop as an extension of their ego and want the biggest and best, when quite frankly a better desktop would be much more suitable.

They have their uses, but these are much more in the fields of collecting data and doing demonstrations.

So what do we read this morning?

A story about how an employee of Nationwide Building Society had his laptop stolen in a domestic burglary. And everybody's account details were on it!

Two questions must be asked?

1. What was that data doing on his machine in a place where it could be stolen?

2. Why did Nationwide take three months to release details of the theft, when account security might have been compromised?

It shows yet again, how some banks do not treat the security and the Internet in particular seriously.

Are Alliance and Leicester the New Barclays?

 

Last week I got 4395 phishing e-mails for Barclays. That's just over 700 a day!

This week, since Sunday, I've had 128, 5, 2 and none.

At about six on Sunday morning someone put the boot in to the crooks who were sending this stuff. A lot of all bank phishing has now disappeared, with the average last week at 900 a day and this week so far at 240. Let's hope there are some nice people in a jail somewhere. I will not speculate, but judging by most of the countries where this evil rubbish comes from, I doubt that it will be as pleasant as a guest of Her Majesty.

Now though most of the scams are aimed at customers of the Alliance and Leicester.

It's funny but why are most scams aimed at British banks?

I certainly would never bank on-line with anybody that featured in my databases. Most seem indifferent to scams, with one or two notable exceptions, who strangely hardly feature at all.

The Rise and Rise of Bank Phishing E-Mails

 

This last week has been the worst since I started collecting Bank Phishing Scams. I got about 6,000 this week which was a record.


The graph shows the rise since the beginning of May.

Note that the blue on the graph is Barclays. They still seem to be the bank of choice for Bank Phishing e-mails.

I would never bank with them on-line.

A note is now available for downloading and distribution which gives full details.

The Rise and Rise of Phishing E-Mails
Feel free to read and distribute as you require.

On-Line Banking

 

Many on-line banking systems are not fit for purpose.

This is why we get large amounts of phishing e-mails. I have received over 4,000 in the last week, of which over 80% were for one UK bank. I would certainly not bank with that bank, as they must be targeted because their customers are easier to fool.

Before you bank on-line, make sure you use a system which has a password system that can't be easily fooled. And never bank with one for which there are large numbers of phishing e-mails, as this must be a bank with poor security.

Amazon and Phishing

 

I get about 300 phishing e-mails a day purporting to come from Barclays Bank. That is about 90% of all the phishing e-mails I get.

I wrote to Barclays and they didn't even reply.

For Amazon I get only one or two fraudulent e-mails every month. Perhaps this is because Amazon take this type of fraud very seriously and are prepared to turn up and talk about it on the radio.

Is Barclays Serious About Fighting Phishing Scams?

 

I am compelled to write yet another note about phishing attacks on Barclays Bank. It did appear that they have stopped but now they are more numerous than ever.


The graph shows all bank phishing scams I have received from the 5th of May until the 7th of October to about ten different web domain names. Blue are messages supposedly from Barclays and the other banks with significant attacks are also shown.

1. As you can see from the graph, phishing scams are increasing in number, rather than decreasing.

2. Barclays now constitute over ninety percent of the phishing messages that I receive and this share has been increasing in recent weeks.

3. Seven of the receiving domains are .com’s so I would hope I’d get a share of messages for foreign banks. I don’t! So have US and Continental banks got a grip on phishing.

4. Bank of Scotland was targeted for several weeks. They stopped on the 9th September and have not resumed. This behaviour has also been seen with the Co-operative Bank, NatWest and Nationwide. I suspect that they may have stopped the problem.

5. I wrote to the Chief Executive of Barclays, John Varley, explaining what I had found and didn’t even get the courtesy of a reply.

I can only assume that either I am being specifically targeted, in the mistaken belief that I have a Barclays account or Barclays are indifferent to security. Note that I would never open an on-line account with Barclays, until they convinced me they had solved the problem of phishing.

A note is now available for downloading and distribution which gives full details.

Is Barclays Serious about Fighting Phishing Scams?
Feel free to read and distribute as you require.

Phishing Explosion

 

For the last few days there has been an explosion of bank phishing e-mails.

I have been receiving about ten times more than I normally do. They were aimed at customers of Bank of Scotland, Lloyds TSB and NatWest. All seemed to be of a similar format and pointed at the same web sites in Russia.

But then at 15:00 on the 1st August, they all stopped.

I hope this was due to actions by the banks and the police.

A note is now available for downloading and distribution which gives full details.

Phishing Explosion
Feel free to read and distribute as you require.

Barclays Phishing Scams Start Again

 

It must be hell being the Managing Director of Barclays.

Barclays seems to be attacked all the time by criminals. And much more than other banks. Why? Is the security bad? Or is it so good, they just keep trying to beat it as they've beaten everybody else? Or is it just because they're the largest Internet bank.

I did send a letter to the MD, but he didn't reply. Does it show what he thinks of customers?

Anyway today I've received over 60 phishing e-mails aimed at Barclays. All point at sabma.info which is based in Russia. Do Barclays have their Internet servers there? I don't think so.

As I've said before don't bank with any Internet bank for which you get phishing attacks. You might just make a mistake.

Are Barclays Phishing Scams Going To Start Again?

 

I have just received a phishing e-mail purporting to come from Barclays. Incidentally, I haven't received any for some weeks.

It doesn't come from Barclays of course, but it points to a web site called barclayss.com which was registered in Pakistan on the 19th of July.

Now shouldn't Barclays have registered this name themselves.

This is another reason why I son't trust their on-line banking.

Is This the End of Bank Phishing E-Mails?

 

This note is a follow up to my previous note on Bank Phishing scams of the 1st of June. You can see from the graph below, that it appeared that the attacks on Barclays (in blue) and their customers may have stopped.


The graph shows all bank phishing scams I have received from the 5th of May until the 16th of July to about ten different web domain names. The banks shown are in order; Barclays, Co-Operative Bank, Lloyds TSB, Nationwide BS, PayPal, Foreign and Others. Colours are shown in the legend above the graph.

Phishing scams are where you are sent a fake e-mail and asked to enter your username, password and other details into a fake web site. If you do enter your details, your bank account is quickly emptied.

The graph shows some interesting patterns :-

1. Barclays have received the highest number of messages and the fiercest attacks for some time, but I have only had a couple of messages in the last four weeks.

2. There have been significant attacks on the Co-Operative Bank, Nationwide BS and Lloyds TSB. Analysis of these messages shows they could have been sent by the same group.

3. For the last ten days, there has not been more than a couple of messages each day. Most have been amateurish and aimed at a varied selection of banks.

The question that has to be asked is have we reached the end of this type of phishing scam?

If this is so, where will the criminals attack next?

A note is now available for downloading and distribution which gives full details.

Is This the End of Bank Phishing E-Mails?
Feel free to read and distribute as you require.

Bank Phishing E-Mails

 

Keep it quiet, but it does seem that most bank phishing e-mails seem to have stopped.

In the last few days, I have had very few. All seem poor uncoordinated and perhaps one or two at each bank targetted.

Let's hope this is the end of this scam.

Letter to Barclays

 

On the 9th of June I wrote the following letter to John Varley, the Chief Executive of Barclays Bank about the phishing attacks on their bank.

Why I Won’t Use Barclays On-Line Banking

I have been a computer professional for the last forty years and in that time I’ve created two world class businesses.

For the last ten years I’ve been involved with the Internet, in the analysis of its use and misuse, with respect to promotion of companies, development of software, eCommerce and fraud. Since the beginning of 2001, I’ve shown increasing interest in the so-called phishing scams and have collected an extensive database.

All of this knowledge is soon to be published in a book called Making the Most of the Internet. The various frauds and scams form a large part.

Around the 19th of May, I thought that Barclays had finally removed the curse of phishing scams that have affected it for many years. The enclosed chart shows how I used to receive about fifty of these scams every day on the e-mail traps I have set. But since about the 3rd of June they have started again!

It puzzles me why Barclays is being singled out in this way! Is it because they are the largest on-line Bank? Is it because scams against Barclays are more likely to succeed?

I would certainly not bank on-line with any on-line bank that was being attacked in this way.

I have not received a reply.

Perhaps this sums up their attitude to phishing attacks. I shall be moving my Woolwich account elsewhere.

No Barclays and All Nationwide

 

Have the crooks decided to move all of their attacks from Barclays to Nationwide?

Over the last few days, I've had none for Barclays and about thirty every day for Nationwide Building Society. Interestingly, I don't think they are the same group who attacked Barclays, as the pattern is different. The Nationwide attacks tend to come in small groups of two or three, whereas those for Barclays come in larger bunches.

Interestingly, I note that Nationwide add your post code to every e-mail they send you. That sounds a simple idea that might help the careful to identify the good from the poison.

Have NatWest and Nationwide Merged?

 

Take a good look at this bank phishing e-mail.


A few points to note :-

1. The e-mail address of customercare@natwest.co.uk. This is why I put the header.
2. Nationwide is spelt as Nation Wide. Certainly English is not their native tongue.
3. There is an extra semi-colon between the two logos at the top of the e-mail.
4. The text in the e-mail is not very professional. The capitalisation and use of commas is not what you'd expect of a professional organisation like Nationwide Building Society.
5. What does Reference * mean?
6. The URL points to http://64.207.173.147 which is registered to Media Temple in Culver City, California.
7. Have you ever heard anybody talk about Customers Service.

At least they got the spelling of Nationwide Building Society correct in the last line.

Reputable Banks Don't Go Phishing

 

There was a letter in The Independent yesterday from Stuart Dawkins at the Alliance and Leicester, about how the banks are not responsible for phishing scams and customers should be more vigilant.

I wrote a letter to the paper.

For some years now, I have been collecting phishing e-mails. My method of collection may not be one hundred percent scientifically correct, but as I collect about 1000 spam e-mails a day, it gives a pretty good indication of the scale of the problem.

In the last few weeks from the 17th May until the 20th June, I have collected a total of 1,727 phishing e-mails aimed at the customers of banks, credit cards and financial institutions . The break-down is as follows :-

Barclays - 1,236
Co-Operative Bank - 173
MBNA - 110
HSBC - 23
Lloyds TSB - 11
PayPal - 7
Halifax - 6
Egg - 4
Alliance and Leicester - 21
Abbey - 3
NatWest - 1

In addition there were 106 e-mails aimed at the customers of foreign banks. I used to get a lot more of this category of e-mails, but it would appear that they have substantially decreased.

Stuart Dawkins just gives the standard response, about how the banks don't send them and about not replying to such e-mails.

The banks may not send these e-mails, but I don't think they do enough to stop them and hence protect their customers. But then if the customer gets his account emptied by a crook, it's up to him to prove to the bank that he's been a victim of crime. So I can understand their apparent complacency.

It surprises me that seventy-one percent are aimed at Barclays. I leave everybody to draw their own conclusions.

James Miller

It will be interested if I get a response from any bank.

Barclays Bank Phishing E-Mails Start Again

 

This note is a follow up to my previous note on Bank Phishing scams of the 1st of June. At that point it appeared that the attacks on Barclays and their customers may have stopped.


The graph shows all bank phishing scams I have received from the 5th of May until the 10th of June to about ten different web domain names.

As before, in the graph, blue are messages supposedly from Barclays and red shows other smaller attack on the Co-Operative Bank. Cream is attacks on PayPal accounts, light blue is anything outside of the UK and all other UK phishing is green.

The great majority of the new attacks on Barclays customers are very similar to many of those that occurred before the 19th of May. Could it be that the crooks and their servers had been located and supposedly destroyed, but that the interruption was only an irritance?

A note is now available for downloading and distribution which gives a full analysis.

Barclays Bank Phishing E-Mails Start Again
Feel free to read and distribute as you require.

Note - An Analysis of Bank Phishing E-Mails

 

A note is now available for downloading and distribution on this subject.

An Analysis of Bank Phishing E-Mails
Feel free to read and distribute as you require.

An Analysis of Bank Phishing E-Mails - Co-operative Bank

 

For the last seven days, there have been just two attacks on Barclays customers!

Instead, the Co-operative Bank now seems to be a target, through e-mails which point to www.cooperative-banking.com, which is registered in California.

They are all the same.

Most of them are to a series of generated e-mail addresses on daisy.co.uk. Again, someone has been conned into buying a list of worthless e-mail addresses. So we have two and possibly more levels of crook.

View the Latest Bank Phishing Data!

An Analysis of Bank Phishing E-Mails - Barclays

 

It really is amazing that Barclays customers have been directly targetted in this way. Is it because Barclays has more customers? Is it because their customers are more vulnerable? Is Barclays security not as good as other banks?

I don’t know and can only guess.

The good news is that as from the 19th, the amount of phishing scams seem to have dropped significantly. Interestingly since then, ninety percent of the e-mails seem to be very amateurish with very bad spelling.

The last two e-mails to Barclays on the 28th and 29th are almost a joke. One points to a domain in Australia and the other to one in France.

If anybody is stupid enough to be taken in by either of those, they deserve to be conned.

Tip - If you are using Outlook 2003, move the mouse pointer over the link and the program will tell you the real link. If it's not Barclays, then don't click it.

View the Latest Bank Phishing Data!

An Analysis of Bank Phishing E-Mails

 

I collect spam and bank phishing e-mails in particular.

I should say that as I have had an Internet presence since about 1992, my e-mail addresses at daisy.co.uk have been severely compromised. They have been distributed to virtually all of the spammers, whether they are in the US, Russia, Eastern Europe, China or elsewhere.

To make matters worse, but much better for the purpose of collecting spam, some bright spark has generated lots of e-mail addresses based on daisy.co.uk, so they can tell the crooks that they’ve sent many times more than they actually have. Sometimes I get twenty or thirty copies of the same message to different addresses. Most of these addresses bear no relation to reality, typically being something like fred_smithth@daisy.co.uk.


To illustrate the scale of the problem, I’ve taken just one source of spam; bank phishing scams, where criminals are trying to get details of bank accounts through fake sites.

In the graph, blue are messages supposedly from Barclays, red shows the Co-Operative Bank and yellow shows all the other phishing attempts on other banks. I have included messages to about ten domain names, most of which are .coms, in addition to daisy.co.uk.