[NTLK] OT spoof emails... FBI response

From: Dale A. Raby (daleraby_at_tds.net)
Date: Wed Sep 08 2004 - 04:51:33 PDT


Got this in an FBI response to a tip I gave them about a bogus Ebay
site. Since many Newtonians, myself included, do business with Ebay, I
thought it would be of interest to list members. I see this trend
continuing to escalate... so update your browsers and check the security
certificates... the crooks are only going to get better at it. Anybody
who wants to see the original spoof email with the link to the phony
site, email me off-list and I'll forward you a copy. I've virus checked
it and found it "clean".

THIS IS NOT AN AUTOMATED RESPONSE

Thank you for your submission to the FBI Internet
Tip Line. The FBIs Internet Fraud Complaint
Center (IFCC) has seen a steady increase in
complaints that involve some form of unsolicited
e-mail, such as the one you received, directing
consumers to a phony Customer Service type of
web site. That scam is contributing to a rise in
identity theft, credit card fraud, and other
Internet frauds.

Spoofing or phishing frauds attempt to make
Internet users believe they are receiving e-mail
from a specific, trusted source, or that they are
securely connected to a trusted website, when that
is not the case. Spoofing is generally used as a
means to convince individuals to provide personal
or financial information, which enables the
perpetrators to commit credit card/bank fraud or
other forms of identity theft. Spoofing also
often involves trademark and other intellectual
property violations.

The FBI offers the following tips for Internet users:

* If you encounter an unsolicited e-mail that
asks you, either directly, or through a website,
for personal financial or identity information,
such as Social Security number, passwords, or
other identifiers, exercise extreme caution.

* If you need to update your information online,
use the normal process youve used before, or open
a new browser window and type in the website
address of the legitimate companys account
maintenance page.

* If a website is unfamiliar, its probably not
real. Only use the address that you have used
before, or start at your normal homepage.

* Always report fraudulent or suspicious e-mail
to your Internet Service Provider. Reporting
instances of spoof websites will help get these
bogus websites shut down before they can do any
more harm.

* Most companies require you to log in to a
secure site. Look for the lock at the bottom of
your browser and https in front of the website
address.

* Take note of the header address on the
website. Most legitimate sites will have a
relatively short Internet address that usually
depicts the business name followed by .com or
possibly .org. Spoof sites are more likely to
have an excessively long string of characters in
the header, with the legitimate business name
somewhere in the string, or possibly not at all.

* If you have any doubts about an e-mail or
website, contact the legitimate company directly.
 Make a copy of the questionable web sites URL
address, send it to the legitimate business and
ask if the request is legitimate.

* If youve been victimized by a spoofed e-mail
or website, you should contact your local police
or sheriffs department, and file a complaint with
the FBIs Internet Fraud Complaint Center at
www.ifccfbi.gov.

We encourage you to share this information with
your friends, family and co-workers, and encourage
them to submit information they may deem of
interest to the FBI.

-- 
This is the NewtonTalk list - http://www.newtontalk.net/ for all inquiries
Official Newton FAQ: http://www.chuma.org/newton/faq/
WikiWikiNewt for all kinds of articles: http://tools.unna.org/wikiwikinewt/


This archive was generated by hypermail 2.1.5 : Wed Sep 08 2004 - 05:30:01 PDT