Email Scam/Official Looking Web Pages

[BrooklynAndy]

I recently received this email from the "IRS".

We are pleased to inform you that upon review of your
fiscal activity we have determined that you are eligible to
receive a tax refund under section 501 (c) (3) of the Internal Revenue Code.

For more information of your tax refund, please go here http://61.8.210.77:9777/mortii-matii/0,,id=96596,00.html


Sincerely,
Natasha Morgan
Tax Refunds Department


Copyright 2007, Internal Revenue Service U.S.A. All rights reserved.

The link which is embeded in the email so as not to look quite as faked as it is takes you to a very good replica of the actual IRS site (except all of the links keep you locked in on the scam pages - you can actually go thru the steps without filling any of the info in).

I seem to be getting a lot more of these... usually its designed to look like it came from my bank (well I get them for many banks... sometimes its my bank). This is my first from the "IRS".

The IRS - actual IRS - has this to say on their web site

http://www.irs.gov/newsroom/article/0,,id=170894,00.html

Are others seeing a lot more of this?

Do these scams seem to be getting more "professional" - less spelling and grammar errors - more complete web links?

Does anyone know about the Anti-Phishing Working group - they seem legit, are they http://www.antiphishing.org/ ?

Who combats this crap?

 

[rjh01]

If you get e-mails from anybody either
1. It contains personal information, eg your name
2. It is a scam and you are not to click on any link. Use your own links to go to the website.

The best ones are e-mails asking you to click on this link to go to your bank. Then put in your account name and password. One hour later your account is empty.

NB The e-mail will give you urgent reasons for clicking on the link. Like your account has been suspended due to hacker activity.

 

[my_wan]

Hey they didn't even do basic alpha-numeric checks of data entered on that site. I inserted some nasty little messages in place of credit card numbers and bank info. I can't even say what email I input due to [rule 8].

 

[krelnik]

Yes, antiphishing.org is a legitimate site working against this. In general, the companies that make SPAM filtering products for email also try to combat these types of emails.

You should NEVER visit the websites in these emails, not even to "check them out". Often they will incorporate malicious scripts or applets onto their web pages, whose goal is to install software surreptitiously on your system. If you get one that is from a bank or other organization with which you actually have a relationship, type the legitimate URL (not the one in the message) yourself into your browser and log in.

--Tim Farley

 

[Susan Gerbic]

The San Jose Mercury Newspaper just did a 3 day article on this topic. They say that by clicking on the email you may insert a trojan virus into your computer.

The jist of the articles were that the U.S. is having billions sucked out of its economy, the government is only using millions to combat it. Most people who are doing this are coming from Europe and it only costs about $1,000 to start up, they can quickly make a million from that investment. They are almost impossible to catch as they can work anywhere they can get an internet connection.

Businesses and Banks are taking the biggest hit, people are still sending them their account info and/or sending money. Also every 3 seconds another new person joins the Internet community. That is a lot of uninformed people.

They also said that America has had another Pearl Harbor but no one is aware of it.

Susan

 

[my_wan]

<snip> Most people who are doing this are coming from Europe and it only costs about $1,000 to start up, <snip>

$1,000 to startup! I can do it for $15!! The scammer in the OP probably spent $0!!!

That $15 I quoted is domain and hosting cost. Take note of the URL the OP posted. It used an IP directly (61.8.210.77:9777). The 9777 is the port number meaning this scammer has FULL admin rights on that machine (no hosting service used). I'd give 1000 to 1 odds this website is sitting on this scammers personal computer in their home. It was even a quick butcher job done on the submit forms.

Oh, by the way BrooklynAndy, by posting the full url of that scammer here anybody that followed it reported your email address as a live address to that scammer. Also by linking from here the scammer has probably seen the randi.org referer in the logs and read this thread. It looks like it scared them and they pulled the website even though the actual computer is still online.

 

[my_wan]

I started querying the scammers computer. All I got was that it was a IIS web server before the whole computer went offline. They are probably really scared now.

 

[jsfisher]

I got a telephone call from my cell phone provider. The call was actually legitimate, but since the caller was asking me to update my online account login information (=password), I politely declined.

He got rather indignant. I don't know why. Odd, too, I thought telephone provider people were trained to NEVER hang up first. He did.

 

[my_wan]

Since psychics can be wrong I can't say too much but I'm getting female. Is that Beverly? That's a big corporation. Seems that it helps get you around, or is that over. Ohh, school. Is that your friend Reina? She's cute. I don't do recipes. I'm not 100% but 2 years of synchronism kinda lends credence.

P.S. They asked for your comment here;
http://www.siteadvisor.com/sites/61.8.210.77/postid?p=557950

 

[my_wan]

I got a telephone call from my cell phone provider. The call was actually legitimate, but since the caller was asking me to update my online account login information (=password), I politely declined.

He got rather indignant. I don't know why. Odd, too, I thought telephone provider people were trained to NEVER hang up first. He did.

I doubt it was legitimate. It's called a social engineering hack. It's how most hacks really work.

ETA: Facking caller ID is easy.

 

[DoubtingStephen]

$1,000 to startup! I can do it for $15!! The scammer in the OP probably spent $0!!!

That $15 I quoted is domain and hosting cost. Take note of the URL the OP posted. It used an IP directly (61.8.210.77:9777).

This IP address is listed as belonging to SCI Manufacturing S'pore Pte Ltd in Singapore.


It is most likely that the criminals in this matter hacked the machine and that the actual owners are not involved in this crime.

 

[Susan Gerbic]

One of the articles the San Jose Mercury News did was on how safe are our government orgs. Somebody in the govt has tried to test them, an entire IRS group was called one by one saying they were the "help desk" and they needed the IRS worker to change their log-in and password right then. Over 85% did it. They have been doing this test for years and the numbers are still scary but improving. The article referred to a whole bunch of government agencies that they test.

Susan

 

[my_wan]

This IP address is listed as belonging to SCI Manufacturing S'pore Pte Ltd in Singapore.


It is most likely that the criminals in this matter hacked the machine and that the actual owners are not involved in this crime.

This company is in over 20 nations. I meant what I said about synchronism. Same user, same IP, 2 years. Proof? NO. Worthy of a psychic? What's not worthier than a psychic?

To open a non-standard port for a IIS server and shut it down when queried requires a high level of access and monitoring. Then when the computer itself is queried it gets shut down to? Accident? Not likely. Bot computer? Not likely with that rate of response and complete power off of the computer itself. Proof? Of course not!!! It's plenty lead to start an investigation with.

 

[sinclairmcevoy]

I doubt it was legitimate. It's called a social engineering hack. It's how most hacks really work.

ETA: Facking caller ID is easy.

Yeah, facking caller ID is easy. You just look and are able to see who the fack is calling. Or did you mean faking? ( I know you did)

 

[Rasmus]

I used to work in a company that managed a customer loyalty scheme, based on a smart card similar to those banks would issue. (In fact, our cards *were* issued by a bank but had a unique layout.)

When we went out of business we asked a few tenth of thousands customers to mail in their cards so we could reimburse them for the points they had collected.

We received quite a number of actual banking cards. (And it would probably have been relatively easy to use them for some basic shopping at least, too. Even today there are plenty stores where all it takes is a signature.)

I still wonder how "successful" it would have been to mail all these same people and ask them directly to send in their banking card and (!) PIN for one reason or another...

 

[my_wan]

Yeah, facking caller ID is easy. You just look and are able to see who the fack is calling. Or did you mean faking? ( I know you did)

I seen that as soon as I posted. I figured what the heck, nobody cares or got confused.

 

[bigred]

Bottom line, if you get an email or call asking for ANY PERSONAL INFO, ESP ACCOUNT NUMBERS, ODDS ARE ABOUT 99% + IT IS FAKE; DO NOT RESPOND!

Speaking of hackers/frauds, this is small potatos but I still tip my hat to this guy - some funny stuff if you have time to read thru it:

http://www.ebolamonkeyman.com/

 

[shadron]

As has been stated above, the best approach is to never, ever double click on any link in an email message. (I would normally add here "unless you know the sender", but be aware that frauds, like cold readers, can be exceedingly clever.) If you think the message may be relevant to you (after all, you *do* have an account with Wells Fargo or 5th/3rd or whoever) then close the email, open your browser and go to the firm's website by Google search or by the URL (as in your favorites), and log in there - after all, if they know you, then you, at some point in the past, registered to use the "My Account" part of their website - if you didn't, you know immediately something's wrong. If they don't immediately bring up the problem the email was harping about when you log in, then you can trust the email to be bogus. Simply delete it.

The key - never double click on an email link. If you do, you may, without any further action on your part, be immediately directed to a website that will attempt to use some Windows or browser fault (and there are myriads of them) to load "trap door" software that can be controlled remotely. You'll not notice anything wrong; it will just happen, and your computer will join the ranks of other zombie computers in the world, ready to forward spam to others of engage in Denial of Service attacks on websites on cue from some scumbag in China, or report out everything you type.

The same principle goes for phone calls. Don't ever give out personal data on a phone call that you did not initiate. If asked to supply such, regard the call as faked - legitamate callers would never do such. Hang up, and call the firm back, and then discuss the matter, on a call that you initiated.

Being in business for myself with the same email address for the last eight years, I receive about 2500 emails a day, all but maybe a dozen on the average being phishing requests, spam, "Nigerian" money makers and other trash. I'm even getting spam in Russian and German, though I speak and read neither.

 

[grayman]

Another site that may be of help is www.phishfighting.com

 

[The Man]

I got a call some time ago from someone saying there was a $4 or so erroneous charge to my phone and wanted to know if I would like it reversed. I said “Sure, fine, whatever”. The person then asked if Verizion was still my carrier. I said “I don’t know, is it?”. I then heard a mumbled exchange in the background and the caller hung up. It’s pretty bad when the scammers don’t even know what company they are pretending to be from.


It has been stated before but can never be over stressed, never click on any link in an E-mail you have not requested. Never give any personal information in a phone conversation you have not initiated. Even if the person seems to have information only a true company representative should know. If someone calls or E-mails claiming to be from a company you do business with then always use your own bookmark or enter the correct URL yourself and for phone conversations hang up on the original caller and use the phone number in your records to contact the company. No legitimate representative will have a problem with you taking such actions.