Cyberlover

 

Scambusters are always a good source of early warning on new scams. This morning I received this from them about a new product called Cyberlover.

So watch out.

A new class of bots (software robots) have found their way onto online dating forums, and we predict this is just the beginning of a new class of scams that will probably grow very fast.

These programs mimic online flirting with the goal of getting victims to provide personal information.

The first of these programs is called CyberLover.
Unfortunately, CyberLover is good enough at automating its chat so that victims have a hard time recognizing that it's an automated robot rather than a real person.

Further, CyberLover can establish up to 10 "relationships" in 30 minutes. That means that scammers can use this software to automate the scamming process: rather than having to spend time themselves, they can unleash this software to find hundreds or thousands of victims at a time.

CyberLover can be used for financial and identity theft, as well as leading to "personal" websites that deliver malware.

Currently, CyberLover is targeted at Russian dating sites.
However, it won't be long until we see similar bots in other countries (probably next month).

Action: Always use common sense. Don't provide financial or other personal information. And be on the alert that you may be flirting with a robot. ;-)

Citigroup

 

According to the media, Citigroup have a few problems.

Their clients are also getting targeted by lots of phishing e-mails.

Talk about kicking someone when they're down.

Unusual Activity Detected In Your Account

 

I bank with Nationwide, but not on-line as I don't trust on-line banking.

Late last night I got 15 of these e-mails to my main e-mail addresses and another 88 to my spam trap. Spammers really ought to cut the number of times they send a message to an individual as multiple copies are always a giveaway. Look at the reputable companies that send you e-mail messages. How many times do they send the same message more than once? Not often.

All of these com from onlineservice@nationwide.co.uk, which could be a valid e-mail address.

But it's still fraud.

Nationwide's Internet Banking,Due to concerns, for the safety and integrity of your Nationwide bank account we have issued this warning message.

It has come to our attention that your Nationwidewide account information needs to be updated as part of our continuing commitment to protect your account and to
reduce the instance of fraud on our website.

Due to this, You are requested to update your account information by following the link below:

http://www.nationwide.co.uk/signon?LOB=CONS&screenid=Update_Acct

Thank You.

I'm going to have a look at this one in more detail, as it could fool people, due to that feasible e-mail address.

But it leads you to http://www.justhomesforsale.co.uk/www.nationwide.co.uk/index.html, which is an address on http://www.justhomesforsale.co.uk.

The owner of this URL: is :-

Registrant:
Adrian Vines

Registrant's address:
Malvern
Worcs

Registrar:
Compila Limited [Tag = COMPILA]
URL: http://www.compila.com

Relevant dates:
Registered on: 27-Jul-2006
Renewal date: 27-Jul-2008

Which looks totally feasible, and judging by the dates is nothing to do with illegal activity.

Go to the web site and the heading is "Hacked by McJony", so that says it all. Incidentally, my anti-phishing filter in Internet Explorer blocked access to the web site. So install it for your protection.

The crook has also used a URL of http://www.access4deaf.co.uk/ in another e-mail. This appears to be a legitimate web site for Caron Lopez.

The registration details are :-

Registrant:
Caron Lopez

Trading as:
access4deaf

Registrant type:
UK Sole Trader

Registrant's address:
Borehamwood
Herts

Registrar:
Compila Limited [Tag = COMPILA]
URL: http://www.compila.com

Relevant dates:
Registered on: 19-Jun-2006
Renewal date: 19-Jun-2008
Last updated: 02-Nov-2006

Note that the registrant is the same as the http://www.justhomesforsale.co.uk and both domains were registered about the same time.

It I was Mr. Plod, then I'd banging on the door of Compila Ltd. They look very suspectable from their web site, so I suspect that it's either a coincidence or a rogue employee, customer or someone else.

Will they? Of course not! The Police have much better things to do, like sitting in Police Stations filling in forms about their performance on behalf of a Government that wants to micro-manage us all.

So can we learn anything from this?

1. Use the anti-phishing filter in Internet Explorer.

2. If you are the owner of a domain name, make sure you have keep it with a company, who has a very good reputation.

3. Change your access passwords to the domain regularly.

But I suspect that even then, you wouldn't stop a determined crook.

British Banks Get Phished Again

 

There is a large amount of phishing scams going on on British banks at present.

Alliance and Leicester has just joined the club.

Has UK Bank Phishing Ended? - Part 3

 

Barclays Bank phishing scams came back with a bang yesterday.

There were 371 of them of which 282 asked you to log into a web site based in Hong Kong.

I've mentioned before about Hong Kong and how a large proportion of spam uses .hk domains. It has gone beyond a joke in the last few days and I suggest that we do a bit more than give them a good kicking.

Has UK Bank Phishing Ended? - Part 2

 

They're still keeping at a very low level.

Even the US ones have dropped to a few a day.

A Day with no Bank Phishing

 

I don't believe it, but yesterday, I got no bank phishing e-mails. It was so surprising I checked I hadn't made a mistake.

Has UK Bank Phishing Ended?

 

Over the last month except for one day, there have been very few bank phishing e-mails.


The graph shows the rise and fall since the beginning of May last year.

Does this mean the end of them?

I suspect not.

A Phisher Goes To The Slammer

 

According to this article in the Mercury News in the US, Jeffrey Brett Goodin, 45, of Azusa, has been found guilty of running a phishing operation aimed at AOL users.

He might get 101 years in jail. That is too much, but even five would be enough deterrent for citizens of responsible countries.

But I don't give much hope, that other countries will apply the same rules to their own Internet crooks.

Do Spammers Ever Give Up?

 

We've just gone through Christmas and the number of messages from spammers has continued unabated.

Perhaps the odd thing was that I had a large number of Barclays messages on Christmas and Boxing Day. Some were very amateurish and targeted at Woolwich, a Barclays subsidiary, customers.

Typically they are registered to someone in the US. Take missch.biz which is registered to Leesa Christensen with an e-mail address of tom1altman@yahoo.com.

Why do the US authorities allow domain names to be registered to someone who uses an anonymous e-mail address? Probably for the same reason they champion the death penalty!

Instant Reward From the Co-Operative Bank

 

I have had 100 copies of this scam.

Have you ever heard of free rewards from a bank? Although I did get a very good offer from the Daily Telegraph to fill in a form to get a £10 voucher from John Lewis. It worked to!


But the amateurishness of this scam gives criminals a bad name.

You would have to be truly stupid to fall for this one, as the link isn't even activated.

Fifth Third Bank and H-BoS - Part 3

 

Just after two this morning, bank phishing scams for H-BoS stopped. But they are still continuing at the same rate for Fifth Third Bank.

I find this odd, as all the scams appear to be similar and coming from the same place. Surely, the banks are all working together to fight the spammers in which case both sets of scams would have died together.

But they didn't!

Does this mean that there is none or only a rudimentary anti-spam network amongst the banks?

Another Serious Article About Spam

 

This article on ZDNet backs up all the things I've been saying for several months.

I'm not pleased about the growth of spam, but I am please that their figures agree with mine.

Fifth Third Bank and H-BoS - Part 2

 

They're still going!

Two more URLs to add; caeresi.jp and acimeddits.jp. Both point to the same place in Canada. Well it might be in Canada.

I would have thought by now that the two banks could have done something to protect their customers. Or is it that they just don't care? Or are they frightened of these crooks who try to ruin their customers?

Fifth Third Bank and H-BoS - Part 1

 

I'm now getting bank phishing e-mails for just these two banks.

As they use the same URLs, they are from the same crook in possibly Canada.

Does this show how few of these crooks there are out there and how easily they can be stopped? But judging by the response of the banks, who seem to take weeks to clear up an attack, their performance in this area is bad.

H-BoS Erupts

 

I've had a massive amount of bank phishing scams from Bank of Scotland/Halifax today. The count was eventually 221 e-mails and they're still coming.

All but two have come from a server registered in Canada at www.epaeiddea.net. (Click the link and you get nothing!) Domains named include www.andoesn.biz, affdns.cc, daereasds.bz, ertyhnkj.org.nz and pocketmakedoor.com. All domains and the server have been registered in the last few days.

I suspect all the registrations are bogus, but they may not be, so if you feel like checking some of the phone numbers, who am I to say no. Perhaps the unfortunates might complain to the police and something would be done about those that register domain names in the names of innocents.

Most of the details lead to :-

Domain Discreet
P.O. Box 278
Yarmouth, NS B5A 4B2
Canada
Phone: 1-902-7495331

It does seem that the Canadians don't seem to bother too much.

Perhaps, it would be a good idea not to buy anything Canadian.

Michael Peel and Nigerian Fraud

 

Michael Peel of Chatham House and the Financial Times has written a very interesting report accusing governments, and especially the British government, of ignoring the problem of fraud carried out by Nigerian nationals, both in their home country and abroad.

Governments, financial institutions and banks just hope there problems will go away. They won't unless positive action is taken.

Are Alliance and Leicester the New Barclays?

 

Last week I got 4395 phishing e-mails for Barclays. That's just over 700 a day!

This week, since Sunday, I've had 128, 5, 2 and none.

At about six on Sunday morning someone put the boot in to the crooks who were sending this stuff. A lot of all bank phishing has now disappeared, with the average last week at 900 a day and this week so far at 240. Let's hope there are some nice people in a jail somewhere. I will not speculate, but judging by most of the countries where this evil rubbish comes from, I doubt that it will be as pleasant as a guest of Her Majesty.

Now though most of the scams are aimed at customers of the Alliance and Leicester.

It's funny but why are most scams aimed at British banks?

I certainly would never bank on-line with anybody that featured in my databases. Most seem indifferent to scams, with one or two notable exceptions, who strangely hardly feature at all.

The Rise and Rise of Bank Phishing E-Mails

 

This last week has been the worst since I started collecting Bank Phishing Scams. I got about 6,000 this week which was a record.


The graph shows the rise since the beginning of May.

Note that the blue on the graph is Barclays. They still seem to be the bank of choice for Bank Phishing e-mails.

I would never bank with them on-line.

A note is now available for downloading and distribution which gives full details.

The Rise and Rise of Phishing E-Mails
Feel free to read and distribute as you require.

On-Line Banking

 

Many on-line banking systems are not fit for purpose.

This is why we get large amounts of phishing e-mails. I have received over 4,000 in the last week, of which over 80% were for one UK bank. I would certainly not bank with that bank, as they must be targeted because their customers are easier to fool.

Before you bank on-line, make sure you use a system which has a password system that can't be easily fooled. And never bank with one for which there are large numbers of phishing e-mails, as this must be a bank with poor security.

Amazon and Phishing

 

I get about 300 phishing e-mails a day purporting to come from Barclays Bank. That is about 90% of all the phishing e-mails I get.

I wrote to Barclays and they didn't even reply.

For Amazon I get only one or two fraudulent e-mails every month. Perhaps this is because Amazon take this type of fraud very seriously and are prepared to turn up and talk about it on the radio.

Is Barclays Serious About Fighting Phishing Scams?

 

I am compelled to write yet another note about phishing attacks on Barclays Bank. It did appear that they have stopped but now they are more numerous than ever.


The graph shows all bank phishing scams I have received from the 5th of May until the 7th of October to about ten different web domain names. Blue are messages supposedly from Barclays and the other banks with significant attacks are also shown.

1. As you can see from the graph, phishing scams are increasing in number, rather than decreasing.

2. Barclays now constitute over ninety percent of the phishing messages that I receive and this share has been increasing in recent weeks.

3. Seven of the receiving domains are .com’s so I would hope I’d get a share of messages for foreign banks. I don’t! So have US and Continental banks got a grip on phishing.

4. Bank of Scotland was targeted for several weeks. They stopped on the 9th September and have not resumed. This behaviour has also been seen with the Co-operative Bank, NatWest and Nationwide. I suspect that they may have stopped the problem.

5. I wrote to the Chief Executive of Barclays, John Varley, explaining what I had found and didn’t even get the courtesy of a reply.

I can only assume that either I am being specifically targeted, in the mistaken belief that I have a Barclays account or Barclays are indifferent to security. Note that I would never open an on-line account with Barclays, until they convinced me they had solved the problem of phishing.

A note is now available for downloading and distribution which gives full details.

Is Barclays Serious about Fighting Phishing Scams?
Feel free to read and distribute as you require.

Phishing Explosion

 

For the last few days there has been an explosion of bank phishing e-mails.

I have been receiving about ten times more than I normally do. They were aimed at customers of Bank of Scotland, Lloyds TSB and NatWest. All seemed to be of a similar format and pointed at the same web sites in Russia.

But then at 15:00 on the 1st August, they all stopped.

I hope this was due to actions by the banks and the police.

A note is now available for downloading and distribution which gives full details.

Phishing Explosion
Feel free to read and distribute as you require.

Barclays Phishing Scams Start Again

 

It must be hell being the Managing Director of Barclays.

Barclays seems to be attacked all the time by criminals. And much more than other banks. Why? Is the security bad? Or is it so good, they just keep trying to beat it as they've beaten everybody else? Or is it just because they're the largest Internet bank.

I did send a letter to the MD, but he didn't reply. Does it show what he thinks of customers?

Anyway today I've received over 60 phishing e-mails aimed at Barclays. All point at sabma.info which is based in Russia. Do Barclays have their Internet servers there? I don't think so.

As I've said before don't bank with any Internet bank for which you get phishing attacks. You might just make a mistake.

Are Barclays Phishing Scams Going To Start Again?

 

I have just received a phishing e-mail purporting to come from Barclays. Incidentally, I haven't received any for some weeks.

It doesn't come from Barclays of course, but it points to a web site called barclayss.com which was registered in Pakistan on the 19th of July.

Now shouldn't Barclays have registered this name themselves.

This is another reason why I son't trust their on-line banking.

Is This the End of Bank Phishing E-Mails?

 

This note is a follow up to my previous note on Bank Phishing scams of the 1st of June. You can see from the graph below, that it appeared that the attacks on Barclays (in blue) and their customers may have stopped.


The graph shows all bank phishing scams I have received from the 5th of May until the 16th of July to about ten different web domain names. The banks shown are in order; Barclays, Co-Operative Bank, Lloyds TSB, Nationwide BS, PayPal, Foreign and Others. Colours are shown in the legend above the graph.

Phishing scams are where you are sent a fake e-mail and asked to enter your username, password and other details into a fake web site. If you do enter your details, your bank account is quickly emptied.

The graph shows some interesting patterns :-

1. Barclays have received the highest number of messages and the fiercest attacks for some time, but I have only had a couple of messages in the last four weeks.

2. There have been significant attacks on the Co-Operative Bank, Nationwide BS and Lloyds TSB. Analysis of these messages shows they could have been sent by the same group.

3. For the last ten days, there has not been more than a couple of messages each day. Most have been amateurish and aimed at a varied selection of banks.

The question that has to be asked is have we reached the end of this type of phishing scam?

If this is so, where will the criminals attack next?

A note is now available for downloading and distribution which gives full details.

Is This the End of Bank Phishing E-Mails?
Feel free to read and distribute as you require.

Bank Phishing E-Mails

 

Keep it quiet, but it does seem that most bank phishing e-mails seem to have stopped.

In the last few days, I have had very few. All seem poor uncoordinated and perhaps one or two at each bank targetted.

Let's hope this is the end of this scam.

Letter to Barclays

 

On the 9th of June I wrote the following letter to John Varley, the Chief Executive of Barclays Bank about the phishing attacks on their bank.

Why I Won’t Use Barclays On-Line Banking

I have been a computer professional for the last forty years and in that time I’ve created two world class businesses.

For the last ten years I’ve been involved with the Internet, in the analysis of its use and misuse, with respect to promotion of companies, development of software, eCommerce and fraud. Since the beginning of 2001, I’ve shown increasing interest in the so-called phishing scams and have collected an extensive database.

All of this knowledge is soon to be published in a book called Making the Most of the Internet. The various frauds and scams form a large part.

Around the 19th of May, I thought that Barclays had finally removed the curse of phishing scams that have affected it for many years. The enclosed chart shows how I used to receive about fifty of these scams every day on the e-mail traps I have set. But since about the 3rd of June they have started again!

It puzzles me why Barclays is being singled out in this way! Is it because they are the largest on-line Bank? Is it because scams against Barclays are more likely to succeed?

I would certainly not bank on-line with any on-line bank that was being attacked in this way.

I have not received a reply.

Perhaps this sums up their attitude to phishing attacks. I shall be moving my Woolwich account elsewhere.

Have NatWest and Nationwide Merged?

 

Take a good look at this bank phishing e-mail.


A few points to note :-

1. The e-mail address of customercare@natwest.co.uk. This is why I put the header.
2. Nationwide is spelt as Nation Wide. Certainly English is not their native tongue.
3. There is an extra semi-colon between the two logos at the top of the e-mail.
4. The text in the e-mail is not very professional. The capitalisation and use of commas is not what you'd expect of a professional organisation like Nationwide Building Society.
5. What does Reference * mean?
6. The URL points to http://64.207.173.147 which is registered to Media Temple in Culver City, California.
7. Have you ever heard anybody talk about Customers Service.

At least they got the spelling of Nationwide Building Society correct in the last line.

Reputable Banks Don't Go Phishing

 

There was a letter in The Independent yesterday from Stuart Dawkins at the Alliance and Leicester, about how the banks are not responsible for phishing scams and customers should be more vigilant.

I wrote a letter to the paper.

For some years now, I have been collecting phishing e-mails. My method of collection may not be one hundred percent scientifically correct, but as I collect about 1000 spam e-mails a day, it gives a pretty good indication of the scale of the problem.

In the last few weeks from the 17th May until the 20th June, I have collected a total of 1,727 phishing e-mails aimed at the customers of banks, credit cards and financial institutions . The break-down is as follows :-

Barclays - 1,236
Co-Operative Bank - 173
MBNA - 110
HSBC - 23
Lloyds TSB - 11
PayPal - 7
Halifax - 6
Egg - 4
Alliance and Leicester - 21
Abbey - 3
NatWest - 1

In addition there were 106 e-mails aimed at the customers of foreign banks. I used to get a lot more of this category of e-mails, but it would appear that they have substantially decreased.

Stuart Dawkins just gives the standard response, about how the banks don't send them and about not replying to such e-mails.

The banks may not send these e-mails, but I don't think they do enough to stop them and hence protect their customers. But then if the customer gets his account emptied by a crook, it's up to him to prove to the bank that he's been a victim of crime. So I can understand their apparent complacency.

It surprises me that seventy-one percent are aimed at Barclays. I leave everybody to draw their own conclusions.

James Miller

It will be interested if I get a response from any bank.

Barclays Bank Phishing E-Mails Start Again

 

This note is a follow up to my previous note on Bank Phishing scams of the 1st of June. At that point it appeared that the attacks on Barclays and their customers may have stopped.


The graph shows all bank phishing scams I have received from the 5th of May until the 10th of June to about ten different web domain names.

As before, in the graph, blue are messages supposedly from Barclays and red shows other smaller attack on the Co-Operative Bank. Cream is attacks on PayPal accounts, light blue is anything outside of the UK and all other UK phishing is green.

The great majority of the new attacks on Barclays customers are very similar to many of those that occurred before the 19th of May. Could it be that the crooks and their servers had been located and supposedly destroyed, but that the interruption was only an irritance?

A note is now available for downloading and distribution which gives a full analysis.

Barclays Bank Phishing E-Mails Start Again
Feel free to read and distribute as you require.

More Barclays Phishing Scams

 

I got 35 scams attacking Barclays customers yesterday.

They were all the same, except for different e-mail addresses and different URLs to go to get conned.

Some had a URL of www.ru, which probably is a clue to where they came from.

Come on Mr. Putin, please do something to protect us all from these crooks.

Note - An Analysis of Bank Phishing E-Mails

 

A note is now available for downloading and distribution on this subject.

An Analysis of Bank Phishing E-Mails
Feel free to read and distribute as you require.

An Analysis of Bank Phishing E-Mails - Co-operative Bank

 

For the last seven days, there have been just two attacks on Barclays customers!

Instead, the Co-operative Bank now seems to be a target, through e-mails which point to www.cooperative-banking.com, which is registered in California.

They are all the same.

Most of them are to a series of generated e-mail addresses on daisy.co.uk. Again, someone has been conned into buying a list of worthless e-mail addresses. So we have two and possibly more levels of crook.

View the Latest Bank Phishing Data!

An Analysis of Bank Phishing E-Mails - Barclays

 

It really is amazing that Barclays customers have been directly targetted in this way. Is it because Barclays has more customers? Is it because their customers are more vulnerable? Is Barclays security not as good as other banks?

I don’t know and can only guess.

The good news is that as from the 19th, the amount of phishing scams seem to have dropped significantly. Interestingly since then, ninety percent of the e-mails seem to be very amateurish with very bad spelling.

The last two e-mails to Barclays on the 28th and 29th are almost a joke. One points to a domain in Australia and the other to one in France.

If anybody is stupid enough to be taken in by either of those, they deserve to be conned.

Tip - If you are using Outlook 2003, move the mouse pointer over the link and the program will tell you the real link. If it's not Barclays, then don't click it.

View the Latest Bank Phishing Data!

An Analysis of Bank Phishing E-Mails

 

I collect spam and bank phishing e-mails in particular.

I should say that as I have had an Internet presence since about 1992, my e-mail addresses at daisy.co.uk have been severely compromised. They have been distributed to virtually all of the spammers, whether they are in the US, Russia, Eastern Europe, China or elsewhere.

To make matters worse, but much better for the purpose of collecting spam, some bright spark has generated lots of e-mail addresses based on daisy.co.uk, so they can tell the crooks that they’ve sent many times more than they actually have. Sometimes I get twenty or thirty copies of the same message to different addresses. Most of these addresses bear no relation to reality, typically being something like fred_smithth@daisy.co.uk.


To illustrate the scale of the problem, I’ve taken just one source of spam; bank phishing scams, where criminals are trying to get details of bank accounts through fake sites.

In the graph, blue are messages supposedly from Barclays, red shows the Co-Operative Bank and yellow shows all the other phishing attempts on other banks. I have included messages to about ten domain names, most of which are .coms, in addition to daisy.co.uk.