Scam emails can take several forms, including appearing to come from a bank, building society or similar financial institution, or from one of the online payment or auction sites, for example PayPal or eBay. Other messages appear to show that you have ordered an item, often an expensive electrical item, or that your email account is about to be closed for some spurious reason.
These messages commonly contain an invitation to visit a website to confirm or check details. An alternative is a request that you reply to the message, or open a document or run an application attached to the message.
You should be wary of these messages and invitations, particularly if phrases like "security checks" or "security updates" are used, or if you are invited to "update your credit/debit information", "verify your email address", "verify your information", "verify" or "track the status" of your "order". You should simply delete these messages. On no account should you visit the website apparently advertised, reply to the message, or open any attachment to the message.
Samples of messages
Below are samples of text taken from messages that have been addressed to people at Cambridge. In messages where the name of the company or institution has been replaced by the phrase
[COMPANY NAME] the same text is frequently used in messages apparently sent by several companies.
An important thing to note is that, when you receive one of these messages, the link to the website will look perfectly normal and will apparently show the name of the real website of the company. However they often exploit vulnerabilities in web browsers, together with features of HTML that allow redirection to another (false) site without it appearing that this has happened. The true nature of the URL hidden behind the apparent link is visible if you look at the source HTML of the message. For example in one message a link apparently to
http://www.barclays.co.uk actually contained
<a href="http://18.104.22.168/img/.b/1,,logon,00.html">http://ww w.barclays.co.uk</a> which would send you to a site set up to harvest information and card details. Other links use site names that are look as though they could belong to the company, frequently using part of the name in the link, for example
Please note that these are samples - they are intended to give a flavour of the types of message that you may receive. There are, of course, other variations in wording. The Anti-Phishing Working Group (phishing is the term used to describe attempts to obtain personal data such as account usernames and passwords, and credit card details) is building an archive of phishing scam emails and their site is a good place to check the range of scams.
- Two typical invitations to "reactivate your account"
Dear Customer This message is from [COMPANY NAME], to inform you that we had updated our anti-fraud system to prevent frequent fraud attempts. At this moment we need you to reactivate your account due to software security updates. All accounts that haven't been reactivated will be placed on hold. To verify your account, please visit the IBank website at http://www.[COMPANY NAME].co.uk If you have questions about your online statement, please send us a Bank Mail or contact the Online Banking Helpdesk on 0845 600 2323 We appreciate your business. It's truly our pleasure to serve you. [COMPANY NAME] Customer Care This email is for notification only. To contact us, please log into your account and send a Bank Mail. --------------------------- Dear Valued Customer, We have just installed our new security system which will help you to avoid frequently fraud transactions and to keep your investments in safety. Due to this technical update we are insisting our clients to verify reactivate their accounts. Please click on the link below and wait while a new window opens. Then fill out [COMPANY NAME] account verification form and click the 'submit' button. The verification process normally takes about 10 seconds but it may take longer during certain times of the day. When your information will be successfully updated, you will return to the main page. https://online.[COMPANY NAME].co.uk/applypassword.ibc We appreciate your business. It's truly our pleasure to serve you. [COMPANY NAME] Customer Care This email is for notification only. To contact us, please log into your account and send a Bank Mail.
- "Your account has been randomly chosen for verification"
Dear customer! Please read this important message about security. We are working very hard to protect our customers against fraud. Your account has been randomly chosen for verification. This is requested to us to verify that you are the real owner of this account. All you need to do is to click on the link below. You will see a verification page. Please complete all fields that you will see and submit the form. You will be redirected to [COMPANY NAME] IBank home page after verification. Please note that if you don't verify your ownership of account in 24 hours we will block it to protect your money. Thank you. https://[COMPANY NAME].co.uk/fp/1_2x/online/1,,logon,00.html
- "Verify your e-mail address"
Dear [COMPANY NAME] Internet Banking Customer! This email was sent by the [COMPANY NAME] server to verify your e-mail address. You must complete this process by clicking on the link below and submiting [COMPANY NAME]s secure verification form which appears in your browser This is done for your protection --- because some of our members no longer have access to their email addresses and we must verify it. Please use this unique link to the [COMPANY NAME] verification form to verify your e-mail: http://www.[COMPANY NAME].co.uk?EmailID=jksdf8sdgasJUYCvbb
- Credit/Debit card "Security Update" - this email also contained a link to a false site.
Dear Sir/Madam, We were informed that your card is used by another person or stolen. It could happen if you have been shopping on-line, and someone got your "Billing information" including your card number. To avoid and prevent any billing mistakes and to refund your credit card, it is strongly recommended to proceed filling in the secure form on our site and applying for our Zero Liability program. This program is free and it will help us to investigate this accident. Sincerely yours, [COMPANY NAME] Support Assistant, [NAME].
- Sample of message apparently in response to an order
ON-LINE ORDER CONFIRMATION Account Number: 24879712a password: ****** Order Number: PBW7992 Order Total: $4,490.50 Thank you for ordering from pcihotup.com, below is your order detail. Your order is currently being reviewed and processed. We will send you an e-mail confirming shipment and providing pertinent shipping information as soon as your order ships. The Following item(s) are included with this order: ------------------------------------------- Item : PANASONIC - TH42PHD6UY 42-IN HDTV PLASMA DISPLAY Product Code : TH42PHD6UY Price : $4,135.00 Quantity : 1 Price : $4,135.00 Subtotal $4,135.00 Shipping $355.50 Grand Total $4,490.50 ------------------------------------------- You can track the status of your order anytime you like (24/7) online by going to our website www.pcihotup.com and logging into your account. It was a pleasure to serve you and we hope you visit us again soon. If you have any questions, please contact us.
- PayPal scam - run the attached application to update your personal profile.. .
Dear PayPal member, We regret to inform you that your account is about to be expired in next five business days. To avoid suspension of your account you have to reactivate it by providing us with your personal information. To update your personal profile and continue using PayPal services you have to run the attached application to this email. Just run it and follow the instructions. IMPORTANT! If you ignore this alert, your account will be suspended in next five business days and you will not be able to use PayPal anymore. Thank you for using PayPal.
- eBay scam using a false site with a name that is quite plausible at first sight
Dear Customer, Update your credit /debit card on your eBay account http://www.ebaydbs.com/ Use this secure form to update your credit/debit card information on your eBay account. The transmitted credit/debit card information is protected by the industry standard encrypted SSL connection. Unfortunately, eBay has not been able to authorize your credit/debit card. Your credit/debit card information must be updated on your eBay account immediately. When you update your credit/debit card on eBay, eBay will attempt to authorize your card. The response from your credit/debit card company will appear on your account status page as either approved or declined within 24 hours of receipt. Note : If you have a Billpoint account, your credit/debit card will not be updated. Click to link http://www.ebaydbs.com/ and update your information.