Phishing Phollies

"Received: from notes.cc.sunysb.edu ([129.49.2.164])
          by notesmta2.cc.sunysb.edu (Lotus Domino Release 7.0.3)
          with ESMTP id 2008020111481487-113823 ;
          Fri, 1 Feb 2008 11:48:14 -0500
Received: from mail.orlando.bz (mail.orlando.bz [64.34.168.182])
         by notes.cc.sunysb.edu (8.14.0/8.14.0) with ESMTP id m11Gm7e9008048
Received: from User [72.253.13.67] by mail.orlando.bz with ESMTP
  (SMTPD32-7.07) id ACE17C4F00B2; Fri, 01 Feb 2008 11:46:25 -0500
Reply-To: <noreply@tcunet.com>
From: "Teachers Credit Union"<tcunet@securitydepartment.com>
Subject: Card Deactivation
Date: Fri, 1 Feb 2008 06:46:35 -1000
MIME-Version: 1.0
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-Id: <200802011146997.SM01648@User>
X-MIMETrack: Itemize by SMTP Server on notesmta2.cc.sunysb.edu/DoIT(Release 7.0.3|September
 26, 2007) at 02/01/2008 11:48:14 AM,
         Serialize by Notes Client on Melissa Bishop/DoIT(Release 7.0.3|September 26, 2007) at
 02/01/2008 11:56:20 AM,
         Serialize complete at 02/01/2008 11:56:20 AM
Content-Transfer-Encoding: 7bit
Content-Type: text/html;
         charset="Windows-1251"

  

Visa Check Card Deactivation
Message from: Customer Service
Date: 1/31/2008

We detected irregular activity on your TCU Visa Check Card  on 1/31/2008.

For your protection we have had to suspend any future authorizations being conducted with your TCU Visa Check Card.

For your security we have deactivate your card.

How to activate/re-activate your card ?

You may stop by your branch or call our Card Department. Card Department: (712) 560-0162 (24 Hour Line)

Our automated system allows you to quickly activate your card.

We apologize for any inconvenience this may cause.

©2008 Teachers Credit Union.
P.O. Box 1395 South Bend, IN 46624-1395"

"Received: from notes.cc.sunysb.edu ([129.49.2.164])
          by notesmta2.cc.sunysb.edu (Lotus Domino Release 7.0.3)
          with ESMTP id 2008020111131769-109737 ;
          Fri, 1 Feb 2008 11:13:17 -0500
Received: from front1.netvisao.pt (front3.netvisao.pt [213.228.128.91])
         by notes.cc.sunysb.edu (8.14.0/8.14.0) with SMTP id m11GD9lO009308
Received: (qmail 17112 invoked from network); 1 Feb 2008 16:07:47 -0000
Received: from av-front2.netvisao.pt (213.228.128.153)
  by front1.netvisao.pt with SMTP; 1 Feb 2008 16:07:47 -0000
Received: (qmail 8358 invoked from network); 1 Feb 2008 16:07:19 -0000
Received: from webmail1.netvisao.pt (HELO webmail.cabovisao.pt) ([213.228.128.123])
          (envelope-sender <1@excite.com>)
          by av-front2.netvisao.pt (qmail-ldap-1.03) with SMTP
          for <montreallimousine@rogers.com>; 1 Feb 2008 16:07:19 -0000
Received: from 196.220.9.138
        (SquirrelMail authenticated user cand1255)
        by webmail.cabovisao.pt with HTTP;
        Fri, 1 Feb 2008 16:07:13 -0000 (WET)
Message-ID: <21447.196.220.9.138.1201882033.squirrel@webmail.cabovisao.pt>
Date: Fri, 1 Feb 2008 16:07:13 -0000 (WET)
Subject: FROM CHEVRON-TEXACO LOTTERY DEPARTMENT
From: "Chevron Texaco Oil and Gas Company" <1@excite.com>
Reply-To: mrcortswilliams@hotmail.com
User-Agent: SquirrelMail/1.4.5
MIME-Version: 1.0
X-Priority: 3 (Normal)
Importance: Normal
X-MIMETrack: Itemize by SMTP Server on notesmta2.cc.sunysb.edu/DoIT(Release 7.0.3|September
 26, 2007) at 02/01/2008 11:13:17 AM,
         Serialize by Notes Client on Melissa Bishop/DoIT(Release 7.0.3|September 26, 2007) at
 02/01/2008 12:07:29 PM
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

Chevron Texaco Oil and Gas Company,
#2 Chevron Drive Lekki Peninsula PMB 12825.
LAGOS STATE , NIGERIA.
FROM CHEVRON-TEXACO LOTTERY DEPARTMENT
ATTENTION:Winner,
We wish to inform you that the JANUARY 2008 DRAWS OF THE
CHEVRON-TEXACO LOTTERY HELD IN NIGERIA .Your email address attached
 toPIN NUMBER:CHTX5512286,SERIAL NUMBER:CHTX5073-11
which drew the lucky numbers that won you the LotteryFunds in thefirst
 winning category You have therefore been approve
for a lump sum of $1,000,000 U.SDollars.For your claim do send
 your:(1)Name:(2)Age:(3)Occupation:(4)Country:
TO YOUR CLAIMS AGENT:
AGENT NAME:Mr Corts Williams
E-MAIL: mrcortswilliams@hotmail.com
Tel: +(234) 07034247943"

"Received: from mail.adp-hvac.com (dsl017-030-060.lax1.dsl.speakeasy.net [69.17.30.60])
Received: from User ([202.65.139.14]) by mail.adp-hvac.com with Microsoft SMTPSVC(5.0.2195.6713);
          Tue, 29 Jan 2008 17:36:52 -0800
Reply-To: <service@navyfcu.org>
From: "service@navyfcu.org"<service@navyfcu.org>
Subject: Message from Navy Federal Customer Service
Date: Wed, 30 Jan 2008 07:05:31 +0530
MIME-Version: 1.0
X-Priority: 1 (High)
X-MSMail-Priority: High
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <ADP-SERVERPe8vZ3fC8000005ff@mail.adp-hvac.com>
X-OriginalArrivalTime: 30 Jan 2008 01:36:53.0230 (UTC) FILETIME=[976600E0:01C862E0]
X-MIMETrack: Itemize by SMTP Server on notesmta2.cc.sunysb.edu/DoIT(Release 7.0.3|September
 26, 2007) at 01/29/2008 08:37:03 PM,
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
         charset="Windows-1251"

Message from Navy Federal Credit Union accounts Customer Service
Account : Savings
Date: 1/29/2008

All Navy Federal Credit Union accounts were recently update with a new security enhancement.

You need to reactivate your VISA debit card by the end of January 2008.

For your security, we recommends that you activate this feature.

To continue click on the link :

http://www.sigmapens.co.uk/shop/catalog/navyfederalcreditunion/

Thank you for banking with Navy Federal Credit Union accounts"

1. I’m in the United States, NOT the United Kingdom.
2. My alliances with maritime military are with the United States Coast Guard, NOT the "Navy".
3. I don’t have any accounts with a military based credit union.
4. Why would a military credit union have a website for Sigma Pens?

Ye be a friggin idiot. It’s the keelhaul fer all ye scurvy dogs.

 "Phishing kit pits wannabe scammers against pro fraudsters
Big rats, little rats compete in a Net fraud pro-am; you still lose

January 23, 2008 (IDG News Service) — In a twist, security researchers have discovered a group of hackers who are exploiting a new category of victims — aspiring Internet scammers.

A Moroccan group called "Mr. Brain" is offering free phishing kits on a Web site hosted in France, said Paul Mutton, Internet services developer at Netcraft, a security company in Bath, England.

The software packages make it easy to quickly set up a fraudulent Web site mimicking a known brand in order to trick people into divulging credit card details or bank account numbers. Templates for spam e-mail are also included, targeting brands such as Bank of America, eBay, PayPal and HSBC.

Mr. Brain’s Web site lists the kits and what kind of details each one is capable of collecting, such as usernames, passwords or Social Security numbers. Netcraft posted screenshots on its Web site.

But what the aspiring scammer doesn’t know is that the phishing kits are designed to send any sensitive information that’s collected back to e-mail accounts controlled by Mr. Brain, Mutton said.

"Obviously, that’s why they are offering this stuff for free," Mutton said. "I was impressed by it."

Mr. Brain hides the special e-mail function in a blend of PHP scripts, one of which is encrypted, Mutton said. Just in case someone decrypts it, Mr. Brain has written at the top of the file "Don’t need to change anything here. Created by Mr. Brain Morocco Team."

The scheme seems to be targeted at new phishers, Mutton said. Mr. Brain benefits since other wannabe scammers shoulder the cost and risk of finding an ISP (Internet Service Provider) to host the phishing site, Mutton said.

"Essentially, they’re exploiting all these novice phishers — basically getting them to do all the hard work," Mutton said.

It’s difficult to tell without further research how many of the free phishing kits linked with this latest scam are live on the Internet, but Mutton said Netcraft noticed one earlier this month targeting Bank of America.

"Clearly, these are actively being used in phishing attacks," Mutton said."

From ComputerWorld

"January 14, 2008 (Network World) — A new Trojan program is targeting unwitting users’ bank data by intercepting account information before it is encrypted and sending it to an attacker’s central database."

"Crime and punishment: The white knight of phish-busting

Robert McMillan

December 31, 2007 (IDG News Service) Until just a few months ago,

Gary Warner did not have the kind of day job you’d expect from an antiphishing crusader. He didn’t work for a security vendor or a bank, or any kind of company you’d expect to care about phishing.

Warner’s career as a cyber-sleuth began on Halloween 2000. That’s when his company’s Web site was defaced by an entity named Pimpshiz as part of a pro-Napster Internet graffiti campaign.

"My boss came to me and said, ‘Find out who did this and put them in jail,’" said Warner, who was at the time an IT staffer with Energen, a Birmingham, Alabama oil and gas company.

It was an eye-opening experience. "I called the police and they were like, ‘What do you want us to do?’" he said.

Months later, when Pimpshiz struck servers at NASA, Warner reached out, calling staff there and saying "Hey, we know who this guy is. Here’s his name and address."

Since then, Warner has quietly become one of the most-respected authorities on phishing in the U.S. — the kind of guy that federal agents and banking IT staff call when they want to know how to catch the bad guys and shut down their credit-card-stealing Web sites.

With Warner’s help, authorities eventually arrested Pimpshiz, whose real name is Robert Lyttle, in connection with the defacements.

Fishing for phishers

Warner said that the Pimpshiz case was formative, underlining how hard it is for law enforcement to catch the bad guys on the Internet.

"The experience showed me that it’s not that they don’t care," Warner said. "Their hands are tied by the legal process."

Soon, Warner found himself spending dozens of hours each week compiling data on spammers and phishing attacks. "I would sit for a couple of hours every morning and find all the new phishing sites that I could," he said.

He’d take screenshots of the sites, e-mail the Webmasters who were hosting them and ask them for Web logs, and eventually he started making connections — he’d connect one phishing group with several different attacks — and learn who he needed to call to get Web sites removed, no matter where in the world they were hosted.

He’d get calls from IT staff at small credit unions asking for help taking down fraudulent sites, every day, all day long. It was cutting in on his work. Late last year, he decided to make a change. "I went to my boss and told him that I’m going to look for a way to do this full time."

Helping the feds crack down on online fraud

In July, with recommendations from FBI and Secret Service agents, Warner took a job as Director of Research in Computer Forensics with the University of Alabama at Birmingham (UAB).

He also began working with law enforcement, not only educating FBI and Secret Service agents on how crimes were committed, but also helping to track down the criminals and helping with take-downs.

"He’s an outstanding resource for the FBI," said Dale Miskell, supervisory special agent with the FBI’s Birmingham Cyber Crime unit, who has worked with Warner since 2005.

Miskell said Warner has helped the FBI with investigations and taught staff about his antiphishing techniques.

"He could be a multimillionare by his skillsets… he’s a very gifted speaker, he can talk to the techies, and then he can turn around and talk to the non-techies and everyone will understand."

Warner is now focusing on fighting cyber-crime full-time and on training a new generation of network forensics investigators. "You wouldn’t believe the looks on their eyes the first time they got an e-mail back from a Webmaster saying, ‘Thanks for letting me know. I just shut that down.’"

When he spoke with IDG News, it was five days after final exams at the University of Alabama at Birmingham and though it would have no effect on their marks, four students were still coming into the labs to help shut down phishers.

"That idea that as a private citizen, you can help, that’s the kind of thing we’re trying to inspire," he said.

The future of phish-busting

At the University, Warner is building up a 256-node supercomputer which could eventually become the largest collection of spam email on the planet, processing as many as 100 million email messages per day and providing researchers and law enforcement with valuable analysis data.

For Warner, the work isn’t so much a job, as it is his moral responsibility as a computer scientist. "One of the things that really bothered me from the very beginning was people who were using my field to attack other people," he said. "The way I see it, this is our Internet. I’m going to stand at the end of my driveway and protect what’s mine."

He says that his anti-phishing work hardly feels like work at all. "This is what I like to do," he said. "It’s cheaper than golf, and you can do it when the weather’s bad."

What you can do to protect yourself

"The best people that help law enforcement have no motive other than to catch the bad guy," said one law enforcement official who declined to be identified because he hadn’t been authorized to speak with the press.

But even if you’re not a cyber sleuth, if you get hit by a computer criminal there are some things you can do to help police catch the criminal. What you should do depends a little bit on the crime. If you’re the victim of identity theft, it’s worth filing a report with state and local police so that you have a record of the crime.

That comes in handy later, in case you need to prove that it was the thief, and not you, that incurred any subsequent charges. Another good place to stop is the Federal Trade Commission (FTC) site, which has a variety of tools to help identity theft victims get organized and set their credit back on track. And if things get really bad, the Social Security Administration can help you, too. This site has instructions on how to report social security fraud and get a new social security number.

You can file a report with the FTC, but if you want your data to be used to catch the bad guys, the Internet Crime Complaint Center (IC3) is a better bet. Run in part by the FBI, the IC3 data is used regularly by law enforcement to link together large schemes. The more factual data you can report about your crime, the more useful it will be to police. Sometimes a single fax number or eBay ID can help crack open an entire case.

The FBI is most interested in crimes that involve malicious software, phishing, and child pornography. Spam and auction fraud get a lower priority and, worse, if you’re the victim of an auction fraud, the odds of you ever getting your money back are very low.

Still, if you’re rigorous about documenting the crime, and you fill out that IC3 complaint, you just may be helping to bring down your criminal — some day."