Email Phishing Scam Attack

It was brought to our attention from a customer, that 800HighTech has been a victim of a Phishing scam. This is actually a common attack to all major businesses, and a downside to being Number 1 in the military financing market. There is little we can do to combat this form of attack, and can only keep our customers educated. So lets start the lesson.

First let me give you a quick overview of the current scam. An Email were sent to some customers that looked like a Email that came from a real 800HighTech employee, requesting personal information sent to a random Gmail account.

We use web-based messaging which eliminates spam and offers the most secure way to communicate with one-another, while ensuring messages are available to our customers and not deleted or redirected because of everyone’s attempt to eliminate spam with various Firewalls and Spam Filters.

Below is a copy of the message with the customer’s name removed:

To: email@address.com
Subject: 800HighTech: Adding to an existing account
From:
Date: Fri, 31 Oct 2008 09:18:42 -0500

Hello Customer Name, We have received your application and we see that you are a previous account holder with Rome Finance and this is the finance company we use to finance these orders. We can easily check with the finance company for approval to add this order on to your account, however to do so we will need a copy of your LES. Please send your LES to vodafone.teleanu@gmail.com and we will submit your request off to finance and get back to you tomorrow. Please send all you information about your PayPal account and your Credit Card.We need that urgently for making the changes. If you should have any questions please feel free to contact me. Sincerely, Sean Brennan 800hightech.com 800-204-5247

To: email@address.com
Subject: 800HighTech: Payment Process Change
From: 800HighTech
Date: Thur, 25 December 2008 14:47:42 -0500

Sorry For The Payment Process Change
Now We Accept https://libertyreserve.com

So Create A Account there and Add A Funding Option There And While Sending The Payment ,In Subject, Put Your Email Id then we will Contact You Within 30 Mins

Send The Money Here In This Account Number-U2247499

Thank you…
800hightech Team

If you receive similar messages or ever unsure of an Email authenticity please forward us a copy. We will work to report the scam and notify our customers the most recent attack. Again, if you are ever unsure report it to us and beware of phishing from other companies as well. Our website is secure and we constantly work to prevent attacks, but some attacks require customers to alert as well.

Phishing scams are easy to spot because they look “Fishy” despite containing factual information (i.e. employee names, phone numbers, and looks to be from email address). The Anti-Phishing Working Group has compiled a list of recommendations below that will assist you from becoming a victim of these scams:

• Be suspicious of any email with urgent requests for personal financial information
• unless the email is digitally signed, you can’t be sure it wasn’t forged or ‘spoofed’
• phishers typically include upsetting or exciting (but false) statements in their emails to get people to react immediately
• they typically ask for information such as usernames, passwords, credit card numbers, social security numbers, date of birth, etc.
• phisher emails are typically NOT personalized, but they can be. Valid messages from your bank or e-commerce company generally are personalized, but always call to check if you are unsure
• Don’t use the links in an email, instant message, or chat to get to any web page if you suspect the message might not be authentic or you don’t know the sender or user’s handle
• instead, call the company on the telephone, or log onto the website directly by typing in the Web adress in your browser
• Avoid filling out forms in email messages that ask for personal financial information
• you should only communicate information such as credit card numbers or account information via a secure website or the telephone
• Always ensure that you’re using a secure website when submitting credit card or other sensitive information via your Web browser
• Phishers are now able to ‘spoof,’ or forge BOTH the "https://" that you normally see when you’re on a secure Web server AND a legitimate-looking address. You may even see both in the link of a scam email. Again, make it a habit to enter the address of any banking, shopping, auction, or financial transaction website yourself and not depend on displayed links.
• Phishers may also forge the yellow lock you would normally see near the bottom of your screen on a secure site. The lock has usually been considered as another indicator that you are on a ‘safe’ site. The lock, when double-clicked, displays the security certificate for the site. If you get any warnings displayed that the address of the site you have displayed does NOT match the certificate, do not continue.
• Remember not all scam sites will try to show the "https://" and/or the security lock. Get in the habit of looking at the address line, too. Were you directed to PayPal? Does the address line display something different like "http://www.gotyouscammed.com/paypal/login.htm?" Be aware of where you are going.
• Consider installing a Web browser tool bar to help protect you from known fraudulent websites. These toolbars match where you are going with lists of known phisher Web sites and will alert you.
• The newer version of Internet Explorer version 7 includes this tool bar as does FireFox version 2
• EarthLink ScamBlocker is part of a browser toolbar that is free to all Internet users – download at http://www.earthlink.net/earthlinktoolbar
• Regularly log into your online accounts
• don’t leave it for as long as a month before you check each account
• Regularly check your bank, credit and debit card satements to ensure that all transactions are legitimate
• if anything is suspicious or you don’t recognize the transaction, contact your bank and all card issuers
• Ensure that your browser is up to date and security patches applied
• Always report "phishing" or “spoofed” e-mails to the following groups:
• forward the email to reportphishing@antiphishing.org
• forward the email to the Federal Trade Commission at spam@uce.gov
• forward the email to the "abuse" email address at the company that is being spoofed (e.g. "spoof@ebay.com")
• when forwarding spoofed messages, always include the entire original email with its original header information intact
• notify The Internet Crime Complaint Center of the FBI by filing a complaint on their website: www.ic3.gov/

Related posts

• Jerry Hart Creative Email Newsletter Marketing Scam (17)
• Improve Your Online Security (0)
• How To Block Spam (0)
• 20 Gmail Tips (5)
• Top Social Media Sites For Finding Work (0)