eBay Scams and Bank Scams

How to protect yourself from bank and ebay scams… and protect your home while you’re away. Internet ScamBusters

It’s summertime, and the living is easy — except for scammers and spammers, who never seem to take a vacation.

This time, we’ve got really important information about emails supposedly coming from banks, Best Buy, and eBay — all trying to get you to hand over your personal information on an ‘official’ Web site.

These scams are growing increasingly sophisticated, so please pay close attention to the info below. Here is a mind-boggling statistic: According to the Federal Trade Commission (FTC), approximately one in every 50 consumers has been a victim of identity theft. Yikes!

In fact, identity theft is now the #1 consumer complaint in the US. It can be a real nightmare, so please take a few moments to protect yourself by reading the info below.

And in other important news, since so many people are going on vacation now, we’ve got eight interesting tips on how to protect your home while you’re away. Plus a bit of humor at the end of this issue about the ever-popular Nigerian email scam.

First, a quick announcements:

We’re honored to again be included in Forbes Best of the Web, this time in the Summer 2003 article, “Homepage Hucksters,” which is about Web schemes that prey on the newly unemployed.

OK. Let’s get started…

Beware of These Email Bank Scams

One of the most popular identity theft scams is to send spam to potential victims advising them that they need to visit a financial service’s Web site to update or confirm their personal information.

Naturally, the URL in the scam email sends the victim to a phony Web site, and when the victim has divulged his or her personal and credit card information, the scammer can make off with lots of cash — and perhaps the victim’s identity as well.

Later in this issue you’ll read about how scammers are targeting Best Buy and eBay users with similar schemes, but this section describes the latest forged emails purporting to be from banks. Don’t be fooled…

1. Citibank c2it

The scam: You’re a user of the c2it money transfer service from Citibank, and you receive an email saying that your account has been placed on hold for security measure maintenance. You’re asked to visit a Web site to confirm your account information.

Tip-offs that it’s a scam: Not many. It’s a professional looking email, with a Citibank logo. One tip is that the return header is from a Hotmail address. Another tip is that, if you click the submit button, the link takes the user to a site owned by the Harvard-Smithsonian Center for Astrophysics.

2. Bank of America

The scam: You’re a customer of the Bank of America, and you receive an email from custommersupport@bankofamerica.com with a subject line “Security Server Update.” It informs you that because of a ‘technical update’ you need to reactivate your account by visiting a URL and re-entering your personal information.

Tip-offs that it’s a scam: It contains many spelling and grammar errors. As well, the URL leads to a broken Web site (it has been taken down).

3. First Union Bank

The scam: You’re a customer of First Union, and you receive an email from bankaccount@firstunion.com telling you that First Union has lost your online banking user name and password. The email tells you to go to a Web site and re-enter the information.

This one is particularly nasty, because simply visiting the Web site downloads a ‘backdoor’ Trojan program to your computer that can give scammers the ability to control your computer remotely.

Tip-offs that it’s a scam: The URL given is a firstunion.com address. Wachovia.com is now the Internet address for both First Union and Wachovia customers.

How can you avoid getting scammed this way?

  1. First, be calm. Most of us receiving an email like this might be alarmed that our account was frozen or our credit card information had been stolen. But by being calm, you can make sure you assess the situation rationally instead of just following the instructions in the email.
  2. Recognize that legitimate companies never request this information via email. When you get this kind of email, realize the chances are excellent that it’s a scam.
  3. Go to the official Web site for the financial institution directly by typing its URL in the address bar of a Web browser, *not* by clicking any hyperlink in an email. If there is a real problem, it will most likely be on the home page.
  4. If you’re still uncertain, email or call the company’s customer support department, and ask them to confirm the email’s authenticity. They will then tell you what to do next.

Best Buy ‘Fraud Alert’ Spam

We got more requests to alert our subscribers about this scam than any other scam this year.

A colleague first alerted us to this one when he received an email with the alarming subject line “Best Buy Order #XXXXXXX. Fraud Alert.”

The email informed him that someone apparently had made an online order using his credit card information at the Best Buy Web site. The email requested him to visit a ‘special Fraud Department’ page at the Best Buy Web site where he could confirm or decline the transaction by providing him with the correct information.

To make it look more official, details of the supposed transaction were provided, along with an official-looking visible URL: http://www.BestBuy.com/fraud_department.html.

This is a new twist on the identity theft scam. If he’d gone to the URL, he’d have gone to a Web site not linked to Best Buy. And if he’d entered his personal information, the scammer would have had another victim.

But you may wonder how this could work, if the URL was going to www.BestBuy.com?

That’s one of the tricks the scammers now use.

Scammers send this email using HTML format (displayed as ‘Rich Text’ in Outlook, Outlook Express, Mac OS X mail, etc.). That way, they can make the hidden hyperlink different from the visible text on top of it.

In reality, if you clicked on that URL, you’d be going to a scammer Web site (they’re using multiple ones to try to stay ahead of the FTC).

To avoid getting scammed, see the tips in the previous section.

Hackers Masquerade As Best Buy To Steal Credit-Card Details

More information: Click Here

eBay Account Verification Scam

Audri actually received one of these emails, supposedly from eBay, the other day. It’s another variation on the ‘verify your account information’ online scam.

The email included the eBay logo, and links to the actual eBay User Agreement and Privacy Policy. Seems like scammers are getting even more bold these days.

The text of the email explains that eBay is “undertaking a period review of our member accounts,” and that as a result, you have to go to their Web site and fill out the required information.

Needless to say, the visible Web site URL, which does look somewhat official http://arribba.cgi3.ebay.com/aw-cgi/ebayISAPI.dll?UpdateInformationConfirm&bpuser=1 takes you to the scammer’s Web site linked with a hidden URL, using the same techniques described above in the Best Buy scam.

As always, you should be *very* suspicious of any email asking you to verify your account information, no matter how official it looks.

You should see a big red flag if the URL you’re being asked to visit starts with ‘http://’ rather than ‘https://’. The extra ‘s’ stands for secure, which means your information will be transmitted through a secure connection. That was one of the tip-offs that this was a scam.

Second, if you need to access your account, go to the Web site directly without using any link from the email (for example, type http://www.ebay.com in a Web browser window). Then, when you log on to your account, you can be sure you’re using the official site.

And lastly, if you have any question as to whether an email like this is legit (and 99% of the time, it isn’t), contact the site and ask them. You can contact eBay about Rules and Safety at:

More information: http://pages.ebay.com/help/basics/select-RS.html

EBay Spam Scam

More information: Click Here

These scams will continue to get more sophisticated. Use the principles above to avoid getting scammed.

8 Tips on How to Protect Your Home While You’re Away

This may surprise you: The FBI’s 2000 Uniform Crime Reports Program has found that the largest number of burglaries occur during July and August. Plus, 60 percent of all residential burglaries occur during the daytime — rather than at night, as most of us believe.

Here are 8 tips to help you reduce the chances that you’ll be victimized when you go on vacation:

  • Check all doors and windows (including those in your garage) to make sure they are secure. All doors, if possible, should have dead bolt locks.
  • Buy light timers, put them in different rooms, and set them so that different lights come on at different times while you’re away.
  • Check your outside lighting, and replace dim and burned out bulbs. Consider installing external motion-detection lights.
  • Make sure that hedges and trees are pruned so they don’t provide intruders with either access or cover.
  • Don’t leave spare keys hidden outside (burglars know all the hiding places). Instead, consider giving a key to a close friend or relative if you want someone to keep an eye on your home while you’re gone. Leave this trusted person your itinerary and contact info in case of an emergency.
  • Try to make your home look like people are living there while you’re away. Consider stopping newspaper deliveries and mail to make sure they don’t collect where burglars can see. (Or better yet, have someone pick them up daily so that your newspaper carrier, etc. don’t know you’re away.)
  • Don’t announce your travel plans publicly (such as posts on message boards or newsgroups). Don’t change your message on your answering machine. Do not use “on vacation” email bots. And be very selective about whom you tell your vacation plans.
  • When you leave, be very careful to double-check that all doors and windows are securely locked and that your light timers are properly set.

Print out a copy of the Home Safety Council’s Vacation Check List before you leave on your next trip.

Humor: The Third Annual Nigerian Email Conference

Have you ever wondered whether scam promoters get together to discuss the best way to defraud people? Well, wonder no more.

This satirical site promotes the fictitious ‘Third Annual Nigerian Email Conference.’ If you haven’t been following scams, the Nigerian Email Scam, also known as the Nigerian Fee Scam (see http://www.scambusters.org/NigerianFee.html), preys on people’s greed and the alleged need for secrecy by asking them to mail processing monies and other ‘fees’ in the hope of getting a large sum in return.

Of course, it’s all a fraud, and the most popular source of these email spams is Nigeria. So what better idea for a satire than a conference about how scammers can get the most out of their ‘business’?

That’s it for now. Wishing you a safe and productive month.