Working in tech support for internet services, I can say first hand the phishing emails these days seem to be getting weirder and weirder. I don't even understand what they are trying to accomplish anymore. Some just have gibberish in them and don't even ask you to do anything that would be dangerous to you. Maybe this is an attempt to gain your trust before scamming you? \o_O/
My suspicion is along the lines of what Tim was thinking. It's either an infected server, a legit email (someone could have typed their own email wrong), or they are just baiting you before the true scam -- in other words just trying to see if you're a legit email and will respond. I have seen some with 1-800 numbers lately, and have even had customers say they were contacted by "someone from microsoft" who "determined they had a serious virus" and needed to "perform repair work immediately". Of course, the person in question (this was a real customer of mine...) promptly paid the guy on the phone to remote control into her PC and infect it beyond belief. My route of action would be completely reverse. This is how I would handle: - If she has a credit monitoring service, check it to verify there have been no changes - Verify if the bank is a legitimate establishment - If it is, do your own research to find the customer support number and contact them - Do not assume the customer support rep will be completely knowledgeable about phishing emails (silly, I know) and approach it from a perspective of has she opened an account or not This is how I would handle any phishing attempt that seemed so real I didn't feel comfortable ignoring it. Unfortunately, these days that also includes phone calls (hang up, call the number of the place directly and verify it's really them). Just so you know, it is AT&T company policy to not to send anything "official" except through standard snail mail. So if you ever get an email or phone call claiming they need something from you in reference to AT&T you can safely ignore it. Of course, AT&T does send generalized emails regarding privacy updates or things like that, this is only in reference to things that could affect your bill or sensitive personal information. On Wed, Jun 27, 2012 at 9:20 PM, Dean, Mike <[email protected]> wrote: > Tim, > > Great point, I had forgotten that some of these phishing expeditions are > really fishing expeditions -- and they are looking for live emails and > people who will respond to them. > > Along those lines though, since there wasn't any java script in the source > of the emails, or any images or URLs that loaded automatically (the one > image was a attached to the email, not remotely loaded), thus letting the > senders know they caught one, how would they know they caught one? > > The one phone number appears to be valid. For those that want to look into > the phone number, it is 888.588.2623. > > Thanks for all the responses and ideas! > > Mike > > > On Wed, Jun 27, 2012 at 8:49 PM, Tim Holloway <[email protected]> wrote: > > > Well, I don't claim to be an expert on all things hacking, but sometimes > > just getting a mail delivered is information enough - it means that > > there's a live recipient that can then be targeted. > > > > A popular approach that I have seen lately is to include an HTML page > > that has obscured JavaScript in it, although I think you would have seen > > that. > > > > I would be concerned about identity theft, though, proper email address > > or no. It's possible that the bank cross-checks and that was an attempt > > to fool the bank. > > > > It's also, alas, very, VERY possible that the bank itself is infected > > and that visiting its webserver would then infect YOU. But hey, they got > > the Low Price on security, didn't they? Doesn't everybody? > > > > Speaking of infected servers, I got another LinkedIn malware "care > > package" yesterday. It was one of the bogus UPS notification types. Who > > on Earth would believe that LinkedIn is sending UPS packages to them? > > Never mind. People respond to Nigerian princes. > > > > The server that's sending this garbage from LinkedIn is NOT their normal > > news mailserver, incidentally. However, it definitely did come up as a > > LinkedIn IP address. > > > > Tim > > > > On Wed, 2012-06-27 at 18:07 -0400, Dean, Mike wrote: > > > Who feels like finding some phish? > > > > > > My step-daughter received three emails supposedly from a bank, that she > > > doesn't do business with, stating that an online account had been set > up > > > and that the password had been changed. > > > > > > At first, one would think that obviously these are phishing emails or > > > perhaps, and outside possibility that someone had opened an account in > > her > > > name. With regard to the latter thought, if so, why put down her email > > > address unless they also hacked her email account and forwarded copies > of > > > her emails (or changed her password). Neither of those things has > > happened. > > > > > > One of the emails states that a copy was sent to her "secure email > > address" > > > as verification, but again, why have a copy of the emails go to her > > actual > > > email? > > > > > > So, back to the phishing thought. One of the emails had a Customer > > Service > > > number (I know, Aha, that's it!). But, that phone number pops appears > > > legit. I did; however, find a reference to Harshad numbers and > spammers, > > > but haven't been able to get any concrete information on that line. > > > > > > The 2nd email had an image attached to it with the bank's logo. My > > thought > > > here was that something was embedded in the image. But, I have no way > to > > > really determine that. > > > > > > Finally, in none of the emails was there any links that pointed > anywhere > > > strange or any javascript (I have the original emails in the Gmail > "Show > > > Original" format, which includes the raw message along with the Base64 > > > encoded image file). > > > > > > I didn't want to send an email with attachments to the list, so if > anyone > > > wants to see if they can find the phish (or purpose of the emails), > reply > > > back and I'll forward you a copy of the "Show Original" emails. > > > > > > Mike > > > > > > > > --------------------------------------------------------------------- > > Archive http://marc.info/?l=jaxlug-list&r=1&w=2 > > RSS Feed http://www.mail-archive.com/[email protected]/maillist.xml > > Unsubscribe [email protected] > > > > >
