If you’ve received an email with the subject “NOTIFICATION – Storage Full” (it may also have your email address in the subject), or an email which comes from, apparently, firstname.lastname@example.org, don’t open it! It’s a phishing scam trying to scam you out of your personal information!
There is an evil new phishing spam going around that is using Google Docs to do its dirty work. The subject is along the lines of “(Someone) has shared a document on Google Docs with you” – in many of the samples it is ‘Brett Schager has shared a document on Google Docs with you.” Many of the samples are also sent “to” email@example.com (you receive it because you are in the bcc: field).
Here is the full text of one of the newest Wells Fargo Phishing Spam, which started showing up this month (May, 2014). This one comes with an attached HTML file named “Wells Fargo Instruction Form.html”. Whatever you do, don’t download or open it!
If you get an email saying that your password on Pinterest was successfully changed, and you know that you didn’t change your Pinterest password, don’t go running to Pinterest, and definitely don’t click any links, before reading this!
Two massive spam runs were unleashed on the Internet today, and odds are very good that you will receive at least one of the two. Either you will be offered the opportunity to “Buy Cheap Watches (Rado,Rolex) and other products!”, or you will be told that you have received an “Electronic Federal Tax Payment System Notification number” (with some number appended at the end). Or, perhaps you’ll be extra-popular and receive both spams.
Did you get an email from Amazon telling you about an order that you don’t remember ordering? That’s probably because you didn’t – it’s a phishing scam! Don’t fall for it! The “Your Amazon.com Order” email, which purportedly comes from “firstname.lastname@example.org” actually is an effort to get you to point your web browser to BookSalon.kr (the actual phishing URL is http://booksalon.kr/index2.html).
Not content with sending fake Amazon confirmation emails, the outfit sending out the Canadian pharmacy spam is now sending out fake Amazon.com order cancellation emails, too, claiming that your Amazon order has been cancelled. “Amazon.com – Your Cancellation (0046-68878-96071)” says the email’s subject (although the “order number” may change) – but of course the link to check “ORDER INFORMATION” really takes you to a Canadian pharmacy spam site, hawking Viagra, Cialis and the like. In the example below, the fake cancellation contains links to http://www.dinnerinperu.com/quadratical, which redirects to http://weightbreezy.com, which is a Canadian pharmacy spam site.
A spate of fake “Amazon.com – Your Confirmation” emails is making the rounds – they are phishing emails, with the supposed ‘Amazon’ links actually being hidden links going to such interesting places as http://drevmash.alfaspace.net/admiral.html, http://gofiberzone.com/upper.html, and meeknew.com. The subject (which so far appears to use the same “confirmation” number for everyone), is “Amazon.com – Your Confirmation (0113-567494-3518071)” and supposedly comes from the email address email@example.com. In reality, they are coming from IP address 22.214.171.124, and the emails are sent from (almost certainly spoofed) email addresses such as firstname.lastname@example.org and email@example.com.
A plague of rogue Facebook applications that are stealing user credentials – such as usernames and passwords – has been sweeping Facebook in the past week. The phishing Facebook apps work the same way that many other applications do – including sending an email to your Facebook friends, with links to click on, and when you type in your username and password, BAM! Your login credentials have been stolen.
How many times have you received email that purports to be from a friend, or from someone with whom you do business, only to find out that you nearly got taken in by a fake? We here at the Internet Patrol, and our parent company, the Institute for Social Internet Public Policy, are offering readers of the Internet Patrol an exciting opportunity to take part in the testing of a new browser add-on that will help to protect you against such spoofing.
Paypal has announced that they are going to block the Apple Safari web browser, along with a few other browsers. The online payment service, purchased by eBay for $1.5B back in 2002, in the good old days of rampant Internet mergers and acquisitions, has become a frequent target of phishers and hackers. Anxious to recapture their good name and to offer to sellers and buyers alike a more secure environment, PayPal plans to discontinue support for web browsers that do not include anti-phishing capabilities. If this plan goes through, PayPal will block Safari and older versions of Internet Explorer, Firefox, Opera, and Netscape.
Paypal phish are as common as the cold. Here, the newest one claims that there have been foreign attempts to log into your Paypal account, and explains that if it wasn’t you (which, of course, it wasn’t) you should click on the link to verifiy your identity. Where does the link really go? Not to Paypal, that’s for sure. In fact, it really goes to http://i-195-137-106-138.freedom2surf.net/login, which is a very convincing Paypal phishing site.