So i got this message from “Bank of America”
from: bankofamerica@locked.com

Message from Bank Of American. Debit Mastercard Locked. Please call : 8882119377

So I figure, sure i’ll bite. From a spoofed number I dial and wait to see what i get. In a computer synthesized voice, “Thank you for calling bank of America, we regret to inform you that your card has been locked. Press 1 to unlock and 2 to leave.” so i press 1. then it asks for my 16 digit card number. I try a fake 123456 sequence first. They have an algorithm in place to verify for proper card placement. Ok fine.. i’ll use a “real” card number.
This one took, then they asked for:
expiration date
pin number
and last 4 digits of the social security number.

they even built in a “please wait will you card is being reactivated”, 5 second pause, “your card has been reactivated”.

A few things stand out here that it’s not real. first of all, i don’t have a bank of america debit card, a valid intuition wouldn’t have a synthesized voice in their IVR. And they wouldn’t ask for all that information. at most perhaps a portion of that data. The safest way to see if your card really is “locked” is to call the institution directly, (not with the number provided in the email) and SPEAK to someone about your account.

New phishing scam

A new tactic is afoot.  This one is even more cleaver than other ones i’ve seen.  They go around the phishing philters and compromised websites by delivering the html directly to you via a hashed url.  PLEASE, take caution when opening links from email, even if they appear from someone you know.  Verify with the person before you actually do give up personal information..

I got an email today:

So this email is coming from someone i know, they are using that person’s name in the message.  The red flags in this message is.. the lack of consistency in the fonts, the urgency of clicking on the link, (it’s very important) and the fact that no other information is included such as what the document is that he wants me to read.

Continue reading New phishing scam

Scammers new tricks.

This email came through today.  They are banking on the chance that the person getting the email will think that someone they know has passed and want to find out more by clicking on the link.  The link actually takes users back to a different site that has been compromised to include the malicious link.  Take caution when an email wants you to click on a link.


Phishing Email

i got this email afternoon. It was one of the best scrapes i’ve seen.  Looks exactly like a real email from that might come from Apple.  The giveaway was the email address it was sent to is a junk address, not my iTunes email.. but i’ll bite and see where it leads.

itunesemailThe site it was directed to was even better than the email.  Safari didn’t even blink when the fake site appeared.


  Continue reading Phishing Email

$1542.77 Bill from Verizon

So recently I DID open a Verizon wireless account, didn’t think I was signed up for auto-payment but I could have.. but I’m sure I couldn’t have racked up $1500 in charges.. could I?  So the first thing this email is trying to do is get you to say “What?!”  and hastily click on the link to see what the deal is. 


An unsuspecting user would click on the link and get taken to a few redirect that eventually land on a blank page.  Unknowing their browser just became a victim of Troj JSRedir-GZ


Again, don’t click links in emails.  Ever.

Amazon needs to be updated?

This afternoon I get a semi-legitimate-looking email


Dear Amazon Member,
It has come to our attention that your Amazon Billing Information records are out of date. That requires you to update the Billing Information.
Failure to update your records will result in account termination. Please update your records within 24 hours. Once you have updated your account records, your Amazon session will not be interrupted and will continue as normal. Failure to update will result in cancellation of service, Terms of Service (TOS) violations or future billing problems.

You must click the link below and enter your login information on the following page to confirm your Billing Information records.

Click here to update your account

You can also confirm your Billing Information by logging into your Amazon account at https://www.amazon.com/
Thank you for using amazon.com
The Amazon Team


Log on to your Amazon account and choose the “Help” link in the footer of any page.
To receive email notifications in plain text instead of HTML, update your preferences here.

Amazon Email ID PP468

Well.. first off they address me “Amazon Member”.  Amazon knows my name.  They would use it.

2ndly in the world of phishing scams.. NEVER click links in emails.  Even if they are from someone you know. Instead visit the website directly. 

3rd.  This message was sent to an email address I created to use in Craiglist exclusively.  It’s not the address I use exclusively for amazon. 

Upon visiting the website..


It looks like they are just trying harvest username’s and passwords.  But still that’s usually enough to cause havoc. 

It’s a decent screen scrape of the real amazon website.. but the link pointing to http://kayako.mt.net/amazon is a good give away.

Scam #3

Just when i thought my luck couldn’t get any better today:


I am Mr.Ian Ranking Bill and Exchange Manager,Head of the World Bank Finance Group and Interpol London
Branch, set up to fight against Scam,Financial Crimes and Fraudulent activities worldwide.

This Group is responsible for investigating the legitimacy of unpaid contract, inheritance and lotto winning claims
by companies and individuals and directs the paying authorities (Fiduciary Agents) worldwide to make immediate
payment of verified claims to the beneficiaries without further delay.

You are being legally contacted regarding the release of your long awaited fund. After a detailed review of
your file, the World Bank Group has mandated that your fund should be release immediately.

This is to officially inform you that an ATM CARD worth ($6.3M USD) has been accredited in your favour.
Your Personal Identification Number is 2911.

Please immediately contact our appointed Fiduciary Agent below for the release of your ATM CARD.

Name:Dr.Paul Blair
Company:Global Financier Ltd
Email: infodesk1@financier.com

Please re-confirm to us the following:


Thanks for Your Cooperation.

Mr.Ian Ranking
(Bill and Exchange Manager)
World Bank Group. London U.K


Todays Scam #1

Mr Kanani sent me this rtf document to my word email the other day.  RTFs are typicaly not host for malicious files so I didn’t mind opening it up.  Who uses aol anyway?  Here was the original message;

—–Original Message—–
From: John Kanani [mailto:mrjohnkanani3@aol.com]
Sent: Monday, May 14, 2012 4:18 AM
Subject: Dear Munoz

Dear Munoz

I would like to seek your help in a business proposal , which although is sensitive by nature and not what I should discuss with someone I don’t know and have not met using a medium such as this but I do not have a choice.

View My Attach Message

Best regards,

John Kanani

and the RTF included: (DEAR MUNOZ.RTF)

Dear Munoz

I would like to seek your help in a business proposal , which although is sensitive by nature which is not what I should discuss with someone I don’t know and not met using a medium such as this but I do not have a choice .

I am Mr. John Kanani, I was the client service manager of the bank where late Dr. Edward Munoz. left behind a large sum of money, he died of a cardiac arrest a few years ago leaving behind a large sum of money with a commercial bank in the Island of Seychelles which is a tax free zone, a place where plenty of rich people tend to hide away funds not ready to be used or invested. I will not mention the amount of money which runs into several millions in United States Dollars and the name of bank presently until we have agreed to deal. I trust you will understand the need for such precautions.

So far, valuable efforts has been made to get to his people but to no avail, as he had no known relatives he left his next of kin column in his account opening forms blank. Due to this development the bank has been expecting someone to come forward as a close relative to claim the funds otherwise as the Seychelles national laws would have it, any dormant account for five years will be declared unclaimed and then paid into the government purse.

To avert this negative development I and my colleagues have decided to look for a reputable person to act as the next of kin to late Dr. Edward Munoz. So that the funds could be processed and released into any account provided by the person, which is where you come in. We shall make arrangements with a qualified and a reliable attorney to represent you locally to avoid any inconvenience of you coming down to claim the funds.

All legal documents to aid your claim for this fund and to prove your relationship with the deceased will be provided by us. Your help will be appreciated with 30% of the total sum which I would disclose in my next email Please accept my apologies and keep my confidence and disregard this letter if you do not appreciate this proposition i have offered you.

I wait anxiously for your response.

Yours Faithfully,

John Kanani

Fire Safety joint event

So April from HR sent this email this morning asking me to take three written test on fire and anti-terrorism safety.  Attached of course was a zip file trying to pretend to be a pdf file.  At least she could have used proper spelling?



Dear Colleagues
It might be useful for you to know that we are taking part in a joint event with Fire and Counter
Terrroism Safety inculding three written tests on Thursday.
Last year three in ten emplyoees suvreyed could not pass the Fire Safety test.
Each of you will find enclosed a FIRE INSTRUCTION NOTICE
and your role descrpition. Please take a look at the enclosed materials before April.
Kind regards,
Department of Human Resources