Phishing and Scam Letter Samples
Phishing
Nigerian 419 Fraud
Potential Virus - Dangerous Attachment
Lottery Winners
Cashier's Check Fraud
Phishing and Scam Letter Samples
The Internet has made it cheap and easy for criminals around the globe to attempt to trick individuals into revealing confidential information (such as credit card numbers, bank account data, social security numbers and more), as well as deceive computer users into clicking on links or attachments that will compromise the security of their computers and the information stored on them.
Some of the most common ploys are "phishing" emails, lottery winner notifications, urgent pleas to help with the transfer of funds of a deceased individual, invoices and gift card notifications for items never ordered, and bogus messages with dangerous attachments.
Educate yourself about these scams so that you don't fall victim to them. In addition to the samples we've collected below, banking regulators have also assembled some excellent resource information on scams and identity theft.
Office of the Comptroller of the Currency
Federal Deposit Insurance Corp.
Federal Reserve Board
National Credit Union Administration
Phishing Scam - Phishing emails appear to come from a financial institution or other company with whom the recipient may do business. The message attempts to trick the recipient into clicking a link. The link may take the user to a site with malicious code, such as a keystroke logger, that will capture confidential information and then email it surreptitiously to the fraudster. In other instances, the link takes the user to a Web site that is an evil clone of the financial institution's or company's Web site, where the user is deceived into believing they are entering information (such as an online banking user name and password, or ATM PIN, for example) in a safe environment when, in fact, it is a site controlled by the criminal. It is not uncommon for the email to threaten dire consequences if you do not immediately click the link to respond. Don't fall for it!
- From: Customer Service [pn1013@yahoo.com]
Subject: National City - Account Problem - From: support@eBay.com, Safeharbor Department
Subject: Account Verification - From: security-service@alliantcreditunion.org
Subject: Alliant Credit Union? Online Update - From: support@eBay.com, eBay Update Team
Subject: eBay Security Validation: Update Account Notice - From: National Credit Union Administration [service@ncua.gov]
Subject: *** WARNING: Security Issues *** - From: service@lasallebank.com
Subject: LaSalle NOTICE - From: PayPal? Security Department [security@paypal.com]
Subject: Update your PayPal account - From: aw-confirm@ebay.com
Subject: Your final warning from eBay - From: security@paypal.com
Subject: Update your PayPal account - From: Nick Pfeiffer - Federation Bank [npfeiffer@federationbankia.com]
Subject: Fw: Important Notification - From: SouthTrust Bank [identdep_op025642242509@southtrust.com]
Subject: SouthTrust Bank - Security Update, Please Read - From: Paypal [custserv@paypal.com]
Subject: Attention! Critical Information About Your Account - From: SouthTrust Online Banking [online-banking@southtrust.com]
Subject: SouthTrust Bank ATM cards attention bxbkjftbcsymsn - From: PayPal [security@paypal.com]
Subject: Security Measures - From: security-service@alliantcreditunion.org
Subject: Alliant Credit Union? Online Update - From: First Credit Union Security Service [service@flrstcu.coop]
RE: Notification of Limited Account Access (Routing Code: C840-L001-Q190-T1830) - From: customer.service@msufcu.org
Subject: MSUFCU Online Account Access - From: First Tennessee [update@firsttennessee.com]
Subject: Preview Account! - From: tito_beyachi@virgilio.it (El Gordo Sweepstake Lottery Program)
Subject: PROMOTION AWARD CLAIM NOTFICATION - From: Chase Bank [survey@chase-manhattan.com]
Subject: Chase Online? $20 Reward Survey - From: Credit Union National Association Service [mailto:service@cuna.org]
Subject: Credit Union National Association Service
IE7 warning screenshot depicting this as as a scam. - From: store-news@amazon.com [mailto:store-news@amazon.com]
Subject: Online Banking Notification: An update for your online profile (Important) - From: Fifth Third Bank [operator23196ver@security.53.com]
Subject: Fifth Third Bank: customer details confirmation! - From: Household Bank [account@household.com]
Subject: Accounts Authentication Required - From: BankofAmerica [onlinebanking@alert.bankofamerica.com]
Subject: Bank of America Alert: Online Account Blocked - From: PayPal Security Center [service@paypal.com]
Subject: IMPORTANT: PayPal Security Measures PP-052-CA-788 - From: Western Union [service@westernunion.com]
Subject: Update Your Western Union Account! - From: service@wamu.com [service@wamu.com]
Subject: Washington Mutual - Your E-mail Has Changed - From: PayPal Security Center [support@paypal.com]
Subject: Update you PayPal account informations - From: Internal Revenue Service [admin@irs.gov]
Subject: IRS Notification - Please Read This. - From: Bank of America [bankofamerica@secure.com]
Subject: Online Security Measures - From: this is actually a web page from the NCUA
Subject: Important Security Renewal - Assassin's Threat - Demo Message
Subject: Threat
For accurate representation we emailed the text of a threatening assassin's letter to ourselves. The text, complete with grammatical errors, is as was reported in the press. The letters are simply a scam. Do not respond to these. - From: jeff@jeffmackler.com on behalf of MILITARY ONLINE, [noreply@bankofamerica.military.com]
Subject: IMPORTANT NOTICE - Payments and Transfers services are expired - From: Internal Revenue Service [refunds@irs.gov]
Subject: IRS Notification - Tax refund
While the link in the letter appears to be going to the IRS, the actual code is sending the reader, and the confidential data they enter, to http://ip-36.net-89-2-128.rev.numericable.fr/~christine/.secure/.server/.data/.forms/refund/index.html, "fr" means it is headed to France. And the IRS is not sending emails unexpectedly to taxpayers telling them they have an unexpected refund coming, and 48 hours to claim it.
Nigerian 419 Fraud - In this type of scam, the crook will write an email that describes some tragic situation. Invariably, it states that someone is dead (sometimes claiming they are one of your relatives; in other cases they say you are chosen because you were recommended by a trusted friend) and a huge sum of money (millions!) is trapped in a foreign country and they need you to help them get it -- for which they say they will handsomely reward you. They appeal to you like you're a superhero who can fly to the rescue, but what they're really after is your bank account information so they can make a withdrawal -- not a deposit. In other instances, they'll string the recipient along, promising millions, but requiring the recipient to come up with cash along the way for various fees and charges. There's no pot of gold at the end of this rainbow.
- From: paul koko [paulkujo2004@yahoo.ca]
Subject: TRANSFER OF $38 MILLION U.S DOLLARS. - rom: Felizrichard2005@go.com, M/s.Elizabeth Richard
Subject: I NEED YOUR RESPONSE - From: Dr:Ratey William
RE: TRANSFER OF US$48.223 MILLION {FORTY EIGHT MILLION TWO HUNDRED & TWENTY THREE THOUSAND U.S DOLLARS ONLY TO YOUR ACCOUNT} - From: Mrs Amina Shettima [aminashettima@msn.com]
Subject: URGENT - From: professor charles soludo [payment_office101@yahoo.com]
Subject: CONTRACT PAYMENT NOTIFICATION - From: Richard Ferdinand
Subject: Enquiry on partnership. (Transfer Funds from Deceased Account) - From: john mark [john_mark201@yahoo.com]
Subject: Please Dear I Need Your Help From John Mark - From: larito14@o2.pl
Subject: From Mr.Larito Foreign Transaction!!! - From: ANGELE BOGA [boga_angele_6@yahoo.fr]
Subject: Good Morning Daddy - From: DAVIES MALULEKE [daviesmalu3@yahoo.com]
Subject: PROJECT NOTIFICATION - From: The Office of TUNDE LEMO cbn_financial_tundelemo cbn_financial [cbn_financial_tunde@yahoo.it]
Subject: VERY URGENT - From: hadi asinada [hadi2005_asinada@yahoo.co.uk]
Subject: please reply this information - From: David [thirdinfantrydiv001@myway.com]
Subject: FROM IRAQ
This is a variation on the 419 appealing to those interested in the war in Iraq.
Potential Virus - Dangerous Attachment. Crooks use a technique called "social engineering" to trick you into opening emails and attachments and/or clicking on links in emails. The technique involves making the email appear to come from someone you know, or a trusted source. It may even appear to be returned email supposedly sent from you originally. The goal of the criminal is to get you to let down your guard, believing the email is legitimate, so that you click to open the attachment or go to the link. Once you do so, your computer can be infected with a virus or other malicious code. Depending on the "payload" of the virus or trojan, you could lose data, lose functionality, or have the security of your information compromised. In some cases, a person whose computer was infected may have had the "To" and "From" addresses somewhere in their computer. The virus program randomly selects addresses and fills in the blank so it appears to be someone you may know.
- From: Department@fbi.gov, Steven Allison, FBI
Subject:Your IP was logged - From: Office@cia.gov, Steven Allison
Subject:Your_IP_was_logged
"You've won!" Lottery winner notification emails are scams. You can't win something you didn't enter. What's the deal? Tantalizing you with the prospect of a windfall, these lottery winner emails ultimately seek payment from you to get your "winnings." You may make the payment, but believe us -- you'll never receive winnings from these con artists.
- From smithlinda@virgilio.it, Google Lottery Int.
Subject: YOU MADE IT 1,000,000,EUROS - From: tripplewins lottery [trip2winlottery@msn.com] MRS.MABEL VAN DYKE
Subject: CONGRATULATIONS YOUR EMAIL ADDRESS HAVE WON!!! - From: lottozomer1@go.com
Subject: AWARD/WINNING FINAL NOTIFICATION - From: maxwell jones [maxjones2@hotmail.com]
Subject: CONGRATULATIONS - From: UK NATIONAL LOTTERY [uk2005randomsearch@msn.com]
Subject: RESULT RELEASED(congratulations)!!! - From: Microsoft Word Lottery Program [mailto:msw.promotion2006@web.de]
Subject: CONGRATULATIONS!!! - From: Info Mail [InfoMail09@web.de]
Subject: YOUR E-MAIL ADDRESS HAS
ON
This puports to be related to Yahoo. - UNITED NATIONS NEW PAYMENT [mailto:info76n@poczta.onet.pl]
Subject: UNITED NATIONS NEW PAYMENT
Avoiding Cashier?s Check Fraud - The number of fraudulent cashier's checks has increased substantially. Many are excellent fakes and while neither the depositor nor their bank can know for sure, the paying bank will. When they detect it, they'll return it back through the payment system and eventually it will come back to the depositor. This return path is slower than the time in which the bank receiving the deposit will make the funds available to the depositor. This means the person who cashed the cashier's check may have spent some of the money or even returned some to the person who gave them the check. That is where the scam happens because when the bank wants money back from the depositor, the depositor has no one else to go to.
On January 16, 2007 the Office of the Comptroller of the Currency issued a Consumer Advisory (CA 2007-1) on Avoiding Cachier's Check Fraud.
Help us build our collection of scam emails. Create a PDF or screenshot of those you receive and email them to cindy@bankersonline.com.
Access other Banker Tools on BankersOnline.com:
print
share