Banks and Phishing!


Banks &
Financial Services

   Just about everyone hates to see spam, or Unsolicited Commercial Email(UCE), filling up their inboxes. The right side of this page is an archive of the financial phishing emails I've been receiving for the last few months. They are copied exactly, except for changing the url's....don't want to give the phishers any free traffic. These phishers send emails that look exactly like they are coming from Chase, Citibank and others.

There is a little trick to allow you to see the actual url. Make sure you can see your status bar at the bottom of your browser window. If it's not there, click on View, then click Status Bar. This will place the status bar at the bottom of your browser window. Place your mouse pointer over the link in the email (www.citibank.com, etc) and look in the status bar to see the real url. It definitely won't be Citibank.com, more likely it will be an ip address (like http://12.345.67.89 or something). That way it's difficult for you to tell what the actual domain is.

If you are just looking at the email, right click within the body of the email and choose View Source. Scroll down until you find the line that has the url in it. It will look something like <*a href="http://12.345.67.89etc."*>http://www.chasebank.com etc.<*/a>. If the blue part isn't the same as the red part (like here), there is a problem.

Rule #1 - Don't ever click on the link in one of those emails and log in to your account. If you do, you've just sent your user id and password to a criminal somewhere who will know just what to do with them. Always open your browser and then go in through your favorites link or typing the url directly into the browser.

Rule #2 - If you did make the mistake and log in through one of the email links, close the browser immediately, open a new browser window and open the correct website, login and change your password to something completely different. If you are too late, contact the company immediately and let them know your account security has been compromised.

Subject: Customer Notification: Data Confirmation [Tue, 24 Apr 2007 13:00:08 -0500]

Date: Tue 4/24/2007 12:00 PM

Dear Fifth Third bank business/commercial customer,

Fifth Third Protection Department requests you to start the client details confirmation procedure. By clicking on the link at the bottom of this letter you will get all necessary instructions how to start and to complete the confirmation procedure. The following steps are to be taken by all business and commercial customers of the Fifth Third bank.

Fifth Third Protection Department apologizes for the inconveniences caused to you, and is very grateful for your cooperation.

To start the confirmation procedure, click the following link:

http:// businessbanking.53.com /session402767/clientbase/form.asp


The underlying url is http:// businessbanking. 53.com.session402767.mainid.sh/clientbase/form.asp

Copyright © 2007 Fifth Third Bank, Member FDIC, Equal Housing Lender, All Rights Reserved

===================================

Subject: Important: Please update your Bank of America account

Date: Fri 4/13/2007 6:35 AM

Dear Bank of America Client :

We are encountered some tehnical errors in our database, Please update your profile .

You can access your profile at https:// www. bankofamerica.com


The underlying url is http:// dhcp-212-18-42-146. amis.si/Redirect/redirect.html

This process is mandatory, and if not completed within the nearest time your account

may be subject for temporary suspension.

For help please contact Bank of America Customer Service immediately by

email at customerservice@bankofamerica.com or call us at 1-800-552-7302 .

Thank you for using bankofamerica.com!


-----------------------------------------------------------------------------------