This Scam Will Hit You This Week! But You Don't Have to Be "Phished"

Search StraightTalk

Home

| Print | E-mail |

"Phishing" Examples

December 2005

Here we provide you with several different types of phish. There are many other variants. But as you look through these, you'll see that all have several factors in common. 1. They try to appear legitimate using a variety of means. 2. They use scare tactics to try to get you to act without thinking or checking anything out. 3. They try to assure you of their interest in your "security" when they are actually trying to steal it.

Also note that the emails also rip-off legitimate financial institutions or companies. Anyone with a little knowledge of how websites are coded can steal images from legitimate sites and companies. This ability to take images has nothing to do with the security of the services (such as online banking) offered by the companies whose identity has been stolen by the scammers who also hope to steal yours.

Example 1

Fake PayPal messages are a favorite phishing method. Here are 2 PayPal phish. The first claims that the account will be suspended if your account information isn't updated. In the second, the scam claims your account information needs to be updated because they found incompatible information during a billing information check. Both have nothing to do with PayPal though they are designed to look "official." Both use scare tactics to try to get you to act without thinking. The real PayPal never sends such emails.

Example 2

This phish indicates that your online bank account could be suspended if you don't verify your bank information. The scam artists have stolen the "look" of the real bank and broadcast their email knowing it will hit some actual customers of the bank in question. Variants of this scam using the names of other banks or financial institutions abound on the Web. Never respond to such an email. This bank and other financial institutions never use this method to "verify" or "confirm" information. Again, scare tactics try to con you into acting without checking it out.

Note that the scam tries to get you to ignore your doubts by including fake "security" information. This fake information may mimic the actual financial institution's process or protocols or even link to the appropriate page on the real institution's real website. Remember, however, that real financial institutions never ask for account information via emails, instant messages or letters that direct you to a website. If you think it might be real, call the institution using the number on your statement (not in the email or on the letter) or from the phone book.

Example 3

This phish indicates that conditional approval for a mortgage has been granted but your information needs to be verified. Chances are that you never applied for a mortgage or refinance, but they'll hit enough people who have to make their scam profitable. The scamsters also hope that you'll think that it's a "pre-approved" offer that looks too good to refuse and jump on the offer without questioning. Never respond to such "offers"—all they want is to steal your personal information and your money.

Example 4

Phish can come in fancy or plain text emails. These 2 emails show the same phish in text and HTML form. The phish is to click the customer service link—which is bogus and takes you to the scam artist's site, where they steal your information. The real credit union is equally a victim of the scam. Again, remember that real credit unions and other financial institutions never send this type email. These emails also use scare tactics and try to look legitimate by faking security measures such as "Verisign."

[Text version]

[HTML version]

Example 5

Here is an example of an online banking phish that uses a security feature many banks and credit unions have in place—if an online banking user attempts to log onto online banking and fails a third time, the user is then locked out. They want you to panic, thinking someone is attacking your account and respond without stopping to think and check it out. Never respond to emails such as this. Your financial institution NEVER asks you to respond through an email link as this phish requests. If you were really locked out, you would have to initiate contact with the institution to get it unlocked.

Example 6

Here is an example of a fake lottery phish which is asking for bank account information in order to transfer the lottery winnings. Never respond to emails indicating you've won a lottery or a sweepstakes. This type of scam has been around forever in snail mail and phone calls—email versions are just the latest.

blog comments powered by Disqus

This site contains links to other sites ("Linked Sites") which are not under the control or direction of the Credit Union. The inclusion of any link does not imply endorsement by the Credit Union of the site or any association with its operators. The Linked Sites are not bound by the Credit Union's privacy policy and therefore you access them at your own risk.

Web Links

July 2010

FTC Warns of Oil Spill Scams
Disasters tend to bring out the scammers and the oil spill in the Gulf of Mexico is generating its share. This consumer alert provides tips for spotting fraudulent offers or activity.

MyMoney.gov
This redesigned site from the federal government is a one-stop site that provides financial education information, resources, and tools from over 20 different federal websites. Topics include managing debt and credit, dealing with mortgages, planning for retirement, saving & investing, and much more.

Junk Mail? How Did They All Get My Address?
This fact sheet from the Privacy Rights Clearinghouse provides tips for removing your name from national mailing lists.

Zip Code Finder and Boundary Map
Want to know where a zip code is located? Need to know the zip code for an address? Then check out this interactive map.