Skip to content


How Pishers steal your identity!

If you are new to the internet then PLEASE read this post. I will post new threats relating to identity theft on the web and how to prevent them.

Moderator: AlphaSquirell


How Pishers steal your identity!

Postby 2coolbaby » November 10th, 2004, 11:52 pm

Pisher's or spoof email hoaxes are a real threat to anyone online. Their goal is to steal your identity and the result is your life in ruins.

Pishers typically send spam purporting to be from a legitimate business, asking recipients to go online to manage accounts or take care of problems. For example, one piece of spam allegedly from Citibank asked recipients to verify their e-mail addresses.

When unwary Citibank customers clicked on the link in the e-mail, however, they were taken to a look-alike site operated by the scamsters. At this phony site, they were asked to fill out a form with personal information including credit card numbers, social security numbers, account passwords and PIN numbers. The goal of the grift is identity theft.

Now I will only say this once. Do NOT proceed with any request that these emails make, do NOT enter any information and do NOT click on any link in the spoof email. Here is a list of companies that pishers typically imitate:

eBay, Paypal, AOL, Yahoo, Earthlink, MSN, Microsoft, AT&T, Hotmail, FDIC, MBNA, Citibank, Barclays iBank, Nat West, Bank One, Nationwide, Halifax, Fleet Bank, SunTrust Bank and eGold

These are just a few. These people are creative and they will use other businesses & will constantly be coming up with new ones.

While most people would probably just delete one of these emails, it is important to remember that the only way to end the scam is to report it to those who it pretends to be from. Reports should also be made to the relevant authorities (such as the FBI's Internet Fraud Complaint Centre). http://www1.ifccfbi.gov/cf1.asp

eBay and Paypal have their own department which deals with hoax email scams, and they take steps to make sure that any website that the email may point you to is closed down as soon as is possible. So, its imperative that they receive a copy of the hoax email at your earliest opportunity.

eBay or Paypal will require you to send the entire email (by 'forwarding' the email, do NOT use copy and paste) to spoof@ebay.com or spoof@paypal.com and they will respond later with a confirmation as to whether it is a spoof or not and what they are doing to counteract it.

Once you've made the reports and forwarded the spoof, just delete it.

Next, let's consider what to do if you are too late, and you've given information in response to the spoof email... If you've fallen victim to a hoax email scam and/or a bogus web page, then you need to act very quickly. Complete the following in the order shown...

- Call your Credit Card company and tell them that your account may be compromised (do everything that they tell you to do). If you had more than one card registered with the sites involved, you will have to call each and every one of them.

- Call your bank tell them that your account details may have been compromised and how this occured (do everything that they ask you to).

- Change your password on your email account - the one that you have registered with the relevant site - such as eBay or Paypal - and therefore the one that you use to receive emails from these sites.

- Change passwords on the relevant sites. If you cannot log into your accounts then the fraudsters may have already changed the passwords, go to the next step...

- Contact the websites involved and not only should you tell them that your account may have been compromised, but you should also include a copy of the email which led to the problem.

- Make a report to the Police.



Be prepared! Prevention is better than a cure

Follow these rules to prevent disaster from striking...

- Do NOT use your User Name(s) or email address(es) in any forums or discussion groups, use a completely different ID instead and use a 'disposable' web based email address (such as Hotmail or Yahoo). Many user names/email addresses are picked up from these groups by fraudsters (especially the Usenet groups which are almost completely unmoderated and full of personal abuse and spamming and subsequently receive a plethora of spoof and spam emails).

- Do NOT use the same password for more than one site. This is very dangerous, if for example, you had used the same password for eBay and Paypal, then it would take the fraudster a few more seconds to completely wrap up your auctions and accounts. Many people have used the same password over and over again when they really should not.

- NEVER, and I do mean never click on any link, or complete any form in any email whatsoever! That applies whether it is genuine or not, and this is because any link can be disguised with a little knowledge of HTML code. It is best to open your internet browser and manually type in the address of the web page you want to go to.

- NEVER supply your user ID and password in response to any email whatsoever. eBay and Paypal will never ask you to do this, so DON'T DO IT!!

- Always sign up with any online payment scheme (such as Paypal) using a private email address that you do not use elsewhere. Your email for eBay does not have to be the same email address that you use for payments.

- Always use a secure sign in, reputable and responsible sites offer this, if they don't - DO NOT USE THEM! Once signed in, you are contained within a secure connection. Secure connections have a URL beginning with "https://" and will show a 'locked gold padlock' symbol in your browser's status bar.

- NEVER write down your password(s) OR share them with anyone (hell hath no fury like a friend/partner scorned)!

- Always ensure your physical privacy when entering your User ID and password - make sure that no one can see what you are typing.

- BE AWARE of the URL address of the website that you are visiting and be satisfied that you are at the correct site before interacting with it in any way. For instance, if you were at the sign in page of eBay.com (US site), the address will be http://signin.ebay.com/aw-cgi/eBayISAPI.dll?SignIn. Get familiar with those site address prefixes and if you need to be sure that you are at the right site in the first place, simply enter the address of the site's homepage in the address bar of your browser (e.g. www.ebay.com). Once you are at the site, check the URL in the address bar.

- NEVER remain logged into your account unnecessarily - do what you have to do and, when finished, log out staight away.

- DISABLE JAVASCRIPT (or active scripting) while browsing auction pages and' About Me' (or any other user compiled) pages in eBay. We've seen a demonstration of Cookie data being gleaned from users' machines from within these pages in eBay (such as other users' 'About Me' pages - as was perilously shown by a now banned eBay user). Log in only to buy or sell, and log out when you are finished.

- CONFIGURE YOUR EMAIL program to read emails in plain text only

- USE reputable firewall and anti-virus software at ALL times. Also, keep the programs updated on a daily basis (including virus definitions.

- USE a reputable trojan horse and/or privacy scanner program, such as Spycop. Also, keep these programs and your operating system (such as Windows) up to date on a daily basis.

I hope this article will help you become a little more computer savvy. If the right protections are implemented to protect your computer and yourself the internet can offer a wonderful world to us. For those that don't take the right precautions it can become a nightmare. This is why I post advise in the forum. I want everyone to experience the joys of the internet, but to insure it stays a joy you have to do your homework and take the neccessary precautions. I wish everyone was honest and cared about their fellow men, but alas this isn't the way the world is. Too many people out there have no problem with ruining your life.

Safe Surfing!
Mary Lee
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Dinner and a Murder Mystery Games
For murder, intrigue, extortion & back stabbing with no scripts to read!
http://www.dinnerandamurder.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
User avatar
2coolbaby
Site Admin
 
Posts: 1311
Joined: November 10th, 2004, 1:37 am

Return to Board index

Return to Protect yourself from Identity Theft!

Who is online

Users browsing this forum: No registered users and 1 guest