Something Smells Phishy To Me…

This is a spear-phishing (see Cybercrime Definitions) attempt by the Scammers.  It is considered spearphishing since they used my last name in their scam email in an attempt to make the scam appear legitimate.  Love these guys…

+++++++++++++++++++++++++++++

Dear Harrell,

I would like to seek your help in a business proposal which although is sensitive by nature and not what I should discuss with someone I don’t know and have not met using a medium such as this but I do not have a choice .

I am Mr. Thomas Brogger, personal account manager of late Dr. Norman Harrell, who died of a cardiac arrest a few years ago leaving behind a large sum of money with a commercial bank in the Island of Seychelles which is a tax free zone, a place where plenty of rich people tend to hide away funds not ready to be used or invested, I am also the Client Service manager of the Kenyan branch. I will not mention the amount of
money which runs into several millions in United States Dollars and name of bank presently until we have agreed to deal. I trust you will understand the need for such precautions.

So far, valuable efforts has been made to get to his people but to no avail, as he had no known relatives more because he left his next of kin column in his account opening forms blank and he has no known relative. Due to this development the bank has been expecting someone to come forward as a close relative to claim the funds otherwise as the Seychelles national laws would have it, any dormant account for five years will be declared unclaimed and then paid into the government purse.

To avert this negative development my colleagues and I have decided to look for a reputable person to act as the next of kin to late Dr. Norman Harrell So that the funds could be processed and released into his account, which is where you come in. We shall make arrangements with a qualified and a reliable attorney to represent you locally to avoid any inconveniency of you coming down to claim the funds all legal documents to aid your claim for this fund and to prove your relationship with the deceased will be provided by us. Your help will be appreciated with 30% of the total sum which I would disclose in my next email Please accept my apologies, keep my confidence and disregard this letter if you do not appreciate this proposition I have offered you.

I wait anxiously for your response.

Yours Faithfully,

Thomas Brogger

Too bad, by the time I received this scam email the IRS had already shut it down.

From: Department of the Treasury [mailto:service@irs-usa.com]
Sent: Monday, January 05, 2009 5:25 AM
Subject: Notice from Department of the Treasury

After the last annual calculations of your fiscal activity
we have determined that you are eligible to receive
a tax refund under section 501(c) (3) of the
Internal Revenue Code. Tax refund value is $189.60.
Please submit the tax refund request and allow us 6-9 days
in order to IWP the data received.
If u don’t receive your refund within 9 business
days from the original IRS mailing date shown,
you can start a refund trace online.

If you distribute funds to other organization, your records must show wether
they are exempt under section 497 (c) (15). In cases where the recipient org.
is not exempt under section 497 (c) (15), you must have evidence the funds will
be used for section 497 (c) (15) purposes.

If you distribute fund to individuals, you should keep case histories showing
the recipient’s name and address; the purpose of the award; the maner of
section; and the realtionship of the recipient to any of your officers, directors,
trustees, members, or major contributors.

To access the form for your tax refund, please click here

This notification has been sent by the Internal Revenue Service,
a bureau of the Department of the Treasury.

Sincerely Yours,

John Stewart
Director, Exempt. Organization
Rulings and Agreements Letter
Internal Revenue ServiceNo

I received the following vishing attempt today.  The scam email asks its intended victims to call a number, (800) 927-1839 and tries to fool them into believing that they are calling their bank, U.S. Bank.  It then asks for secret US Bank account information, which of course will be used by the thieves to steal the victim’s identity and money.

Do not fall for these fake phone numbers.  If you have a question about a bank account or your credit card account always call the number printed on the card or call your local bank branch directly.

From: U.S. Bank Alerts [mailto:alerts@cs.usbank-email.com]
Sent: Saturday, December 06, 2008 2:15 PM
To: [redacted]
Subject: U.S. Bank (Message from Customer Service)

.

My wife received today this fake email in a attempt to scam Capital One credit card information.  Since the email tried to get her to call a fake phone number for Capital One, (800) 523-8103, this is technically a vishing attempt.  If you call the provided number you will hear that it is a poor quality recording trying to elicit account information.  Remember, ALWAYS call the number on the back of your credit card and NEVER the number provided in the email.

From: “Capital One” [service@capitaone.com> <216.57.96.8 (HELO mailout04.westnotificationsgroup.com)]
Sent: 11/27/2008 11:50 PM MST
Subject: Capital One Alert: Irregular Credit Card Activity

A pathetic attempt at fraud really…

From: Chase [mailto:survey@chase.net]
Sent: Sunday, November 23, 2008 2:43 PM
Subject: Customer Center: Claim Your $50 Reward

CONGRATULATIONS !

You’ve been chosen by Chase Customer Center to take part in our quick and easy 5 question survey. In return we will credit $50 to your account within the next three business days.

Helping us better understand how our customers feel benefits everyone. With the information collected we can decide to direct a number of changes to improve and expand our online service.
The information you provide us is all non-sensitive and anonymous - No part of it is handed down to any third party groups.
It will be stored in our secure database for three days while we process the results of this nationwide survey.

We kindly ask you to spare two minutes of your time and take part to this unique offer!

To take the survey now, please visit our affiliate website:
http:/static-71-119-20-180.lsanca.dsl-w.verizon.net/ssl/CustomerCenter/onlinesurvey.chase.net/

Best regards,
Chase Customer Center

My Favorite part of this email:  “Deliberate wrong imputs are criminally pursued and indicted” [sic]  I did it anyway; I’m crazy like that.

From: Internal Revenue Service [mailto:online.survey@IRS.gov]

Sent: Wednesday, October 22, 2008 1:21 PM
Subject: IRS Survey: $90.00 to your account - Just for your time
Importance: High

Congratulations!

You’ve been selected to take part in our quick and easy 9 questions survey In return we will credit $90.00 to your account - Just for your time!

Please spare two minutes of your time and take part in our online survey so we can improve our services.
Don’t miss this chance to change something.

To participate in this survey Click Here

This notification has been sent by the Internal Revenue Service,a bureau of the Department of the Treasury.

© Copyright 2008, Internal Revenue Service U.S.A.
________________________________________

Note:
▪ If you received this message in your SPAM/BULK folder, that is because of the restrictions implemented by your ISP
▪ For security reasons, we will record your ip address, the date and time.
▪ Deliberate wrong imputs are criminally pursued and indicted.

Survey ID :
JNEFJQCPNPQKBVIDFNRUQVZBZGTCLRCORQLORS

Investigator’s Notes

IRS Phishing Email.  It should be noted that the fraudulent IRS website looks pretty convincing except for the fact that it asks for complete debit card account information and none of the rest of the navigation links work.

The link directs the visitor to http://cyber.skuniv.ac.kr:8080/complete.IRS.online/survey.php?Where_is_my_survey&Get_Survey

From: customerservice@susquehanna.net [mailto:customerservice@susquehanna.netroot@root]
Sent: Friday, October 10, 2008 6:06 PM
To: [redacted]
Subject: Your Susquehanna Statement is ready

Your Susquehanna statement is now available at http://www.susquehanna.net www.susquehanna.net.  This notification is part of the All-Electronic Program you enrolled in to receive your statements online only instead of in the mail.

To ensure that you receive monthly statement notifications via e-mail, please keep your contact information current.  If you’re planning to change your e-mail address, sign-on to www.susquehanna.net, go to the Manage My Account menu, and choose Update Personal Profile to edit your Email Profile.  To change your postal address, just use the same menu and choose Address & Phone Change.

If you use your work e-mail address, keep in mind some employers may block receipt of employees’ personal e-mail. Please update your e-mail address at www.susquehanna.net -see instructions above.

We hope you continue to enjoy the many benefits of the All-Electronic Program.

Sincerely,
S. Larson
Customer Service

FEDERAL REGULATIONS REQUIRE THE STATEMENT PRINTED BELOW

Your account is issued by Susquehanna Bancshares, Inc.,
26 N. Cedar Street, Lititz, PA 17543.

NOTICE: The federal Equal Credit Opportunity Act prohibits creditors from discriminating against credit applicants on the basis of race, color, religion, national origin, sex, marital status, age (provided the applicant has the capacity to enter into a binding contract); because all or part of the applicant’s income derives from any public assistance program; or because the applicant has in good faith exercised any right under the Consumer Credit Protection Act.  The federal agency that administers
compliance with this law concerning Susquehanna, N.A. is the Office of the Comptroller of the Currency, Customer Assistance Group, 26 N. Cedar Street, Lititz, PA 17543.

0/L0/050004/001/ZZ/SY/ZP/8000/SYSTEMB /I2008082870169241/66604

Investigator Notes:

The spoofed email link led to http://mail.savantresources.com/images/clientsetup.gif

Dear Member, The primary email address you have registered for your Navy Federal Credit Union was changed on Sep/28/2008. This e-mail has been send to you based on the Member Notification preferences you previously established.If you would like to change you Member Notification preferences, please sign on to Navy Federal Online Account Access and click on the Other Services link, go to the Member Notifications by E-Mail option, and then click on the Manage My Notification tab. If you did not change you email address, please sign on and review your email addresses. Please Note: This Member Notification e-mail address is only used to generate Member Notifications.We will not read or respond to e-mail send to this e-mail address.If you would like to contact Navy Federal Online Account Access and click the Check Messages link send us and e-message.

Investigator Notes:

Links pointed to a fake website at http://www.cormupa.cl/cormupa/sistema/myaccounts.navyfcu.org/index.html?https://myaccounts.navyfcu.org/cgi-bin/ifsewwwc?Logon

Investigator’s Notes:

This another vishing attempt using a phony phone number to try and scam people- albeit not a very good one.  The first thing that caught my eye was that the phone number; the scammers are trying to get their intended victims to call a Utah number, when in fact, GTE Federal Credit Union is headquartered in Tampa, FL.  When I called the provided number, 801-807-0323, it forwarded to another phone number, 515-414-6098 (an Ogden, Iowa number), and I received a standard generic voicemail prompt to leave a message.

From: GTE Federal Credit Union, [mailto:notice@gtefcu.org]
Sent: Tuesday, September 23, 2008 11:36 AM
Subject: Security Notice!