New scam?

Yeah, very new. I've only had several thousand of these to date...

Half the people in the world wake up every day thinking of how to cheat the other half. (The ratios might be reversed if you think I'm cynical)

Yes new scam it is trying to get your Social security number to open credit cards in your name.

Message ID and From do not match is the first clue it is a spamming dimwit

About once a month I get a few of these,purporting to be from various banks. So far, they have all been banks in which I have no accounts.

The first I got, claimed to be from BankAmerica. The fact that they misspelled "Customer Service" in their email address, was a dead give away.

Paul K. Dickman

On the BB&T home page "Some of our clients have been receiving e-mail messages seeming to be from BB&T that request confidential personal information. These e-mail messages are disguised to appear like a BB&T message, but do not come from BB&T. " etc. . . .

Hello Gunner,

I think this email was legit. The thing to look for if you suspect phishing, is the actual link target, and the return path of the email. In your case, the target began with https//blablabla... the important thing to look for is the https, as opposed to http. The "s" at the end denotes a secure connection, your first clue that it is "official". Secondly the link target points to bbant.com, instead of something like

From snipped-for-privacy@host.spiderweave.com Sun Aug 1 08:50:10 2004 Received: (from vpopmail@localhost) by mail.cvalley.net (8.11.6/8.11.6/SuSE Linux 0.5) id i71DoAh15253 for snipped-for-privacy@login.cvalley.net; Sun, 1 Aug 2004 08:50:10 -0500 X-Authentication-Warning: cvis3.private.cvalley.net: vpopmail set sender to snipped-for-privacy@host.spiderweave.com using -f Received: from psmtp.com (exprod5mx32.postini.com [12.158.34.187]) by mail.cvalley.net (8.11.6/8.11.6/SuSE Linux 0.5) with SMTP id i71DoAB15244 for ; Sun, 1 Aug 2004 08:50:10 -0500 Received: from source ([209.239.37.112]) by exprod5mx32.postini.com ([12.158.34.245]) with SMTP; Sun, 01 Aug 2004 06:50:09 PDT Received: (from www@localhost) by host.spiderweave.com (8.12.10/8.12.10) id i71Do9nt023514; Sun, 1 Aug 2004 09:50:09 -0400 Date: Sun, 1 Aug 2004 09:50:09 -0400 Message-Id: To: snipped-for-privacy@cvalley.net Subject: Personal Account Identity Verification From: " snipped-for-privacy@paypal.com" Reply-To: MIME-Version: 1.0 Content-Type: text/html Content-Transfer-Encoding: 8bit X-pstn-levels: (S: 0.36712/95.25261 R:95.9108 P:95.9108 M:100.0000 C:90.6865 ) X-pstn-settings: 5 (2.0000:2.0000) s gt3 gt2 gt1 r p m c X-pstn-addresses: from forward (user good) [1095/43]

Most of these scammers are from the old eastern block countries, where our major contribution seems to be showing them the joys of organized crime. The only thing that looks wrong with your bbandt email is the return address coming from snipped-for-privacy@plesk.evservers.com, but this isn't too troubling as ev1severs.com is a legit web hosting outfit, and could very well be providing services for bbandt.

As always, when in doubt call on a voice line to a known good number to check it out and change your password frequently. use a combination of numbers, letters, and a special character, (like an ampersand or underscore), alternating upper case and lower case is a good idea also. Use at least 8 characters, 10 would be better.

Pretty much sucks huh?

Maagman

news: snipped-for-privacy@4ax.com...

"Paul K. Dickman" wrote in news: snipped-for-privacy@news3.newsguy.com:

the thing that almost threw me was the link is to a secure site (https).

Yes, I have gotten some pretty impressive ones. But so far, if I put the cursor over the link, the display at the bottom of the screen shows that the link does not direct me to the site written in the text of the email, but to some other site.

Personally, I won't give out that sort of info to an email link. If appears legit, I will manually go to the site and see what's up.

Paul K. Dickman

Complain to: snipped-for-privacy@ev1.net and the FTC.

I'm assuming that the message came as HTML, not just the plain text we saw. In which case, the https://... is probably just the text of a link to another site.

Thats what I was wondering about. I read the source code carefuly, but it still made the hair on the back of my neck stand up.

Hence the New Face question. They are getting more devious.

And Ive never done any business with Bbant.com

Gunner

No 220-pound thug can threaten the well-being or dignity of a 110-pound woman who has two pounds of iron to even things out. Is that evil? Is that wrong? People who object to weapons aren't abolishing violence, they're begging for the rule of brute force, when the biggest, strongest animals among men were always automatically "right". Guns end that, and social democracy is a hollow farce without an armed populace to make it work. - L. Neil Smith

Yep. ^_^

I rather prefer the Nigerian scam, though. I mean, the idea of getting 10% of several hundred million dollars is just a LOT more appealing than having to worry about someone pilfering your account.

FW

I received something similar from a credit card company a few weeks ago. Called the company and they strongly said no - they did not send it. And then gave me an email address to send the message to for their research and action.

JonquilJan

Learn something new every day As long as you are learning, you are living When you stop learning, you start dying

I see your point now, I was assuming you were a customer. Wow, I never pay attention to email from firms I don't do business with and never imagined they had gotten that good.

Maagman

I missed the staff meeting but the minutes show Gunner wrote back on Tue, 24 Aug 2004 15:53:55 GMT in misc.survivalism :

I've been informed my paypal account, my citibank account, and my ebay account all have irregularities. I usually advise them to give them some prunes, that will fix them, seeing as how I don't have any of those three.

tschus pyotr

I missed the staff meeting but the minutes show "Tom Gardner" wrote back on Tue, 24 Aug 2004 16:36:54 GMT in misc.survivalism :

Yeah, but the paranoid half wake up thinking the other half is going to try and cheat them.

tschus pyotr

Its phishing again. They are doing it because it makes real money, the Wall St. Journal says millions.

Whats amazing to me is this is the easiest fraud to stop. They have to use USA based web sites to do it, which means that they have to have physical servers here somewhere. Raiding and shutting down phisher hosts would put a stop to this nonsense quickly.

For ev1.net: snipped-for-privacy@ev1.net, snipped-for-privacy@ev1.net, snipped-for-privacy@ev1.net, snipped-for-privacy@savvis.net

But it looks like it really came from galacticzero.net (which ev1.net hosts so keep them on the list) so you can add snipped-for-privacy@galacticzero.net (perhaps .. that's *perhaps* THEM but it looks like a smallish hosting firm with a rogue user). galacticzero.net is registered with godaddy so add: snipped-for-privacy@godaddy.com, snipped-for-privacy@godaddy.com, snipped-for-privacy@godaddy.com

For the FTC: snipped-for-privacy@ftc.gov

bbandt.com = 208.11.12.254 Abuse address snipped-for-privacy@bbandt.com, snipped-for-privacy@sprintnetops.net Perhaps add snipped-for-privacy@sprint.net, snipped-for-privacy@sprintnetops.net and snipped-for-privacy@sprint.net as it's clearly an attempt at fraud. bbandt.com is registered with networksolutions.com so a copy can go to: snipped-for-privacy@networksolutions.com, snipped-for-privacy@networksolutions.com, snipped-for-privacy@networksolutions.com, snipped-for-privacy@networksolutions.com

HTH

And right there is the clue. If you don't have an account with such a bank, you would be just be getting greedy and hoping to get some money that isn't yours. The basis of all scams.

-- W§ mostly in m.s -