Broadband Tech > Security > Scam and Phishbusters > [Phish] Telephone phishing thread

X-Apparently-To: x@yahoo.com via 66.163.178.140; Thu, 27 Mar 2008 19:46:30 -0700
X-YahooFilteredBulk:65.105.120.87
X-Originating-IP:[65.105.120.87]
Return-Path:<service@penfed.org>
Authentication-Results:mta506.mail.mud.yahoo.com from=penfed.org; domainkeys=neutral (no sig)
Received:from 65.105.120.87 (EHLO webmail.iconnectu.net) (65.105.120.87) by mta506.mail.mud.yahoo.com with SMTP; Thu, 27 Mar 2008 19:46:30 -0700
Received:from User [207.166.116.186] by webmail.iconnectu.net with ESMTP (SMTPD32-6.06) id AC88B3DC004A; Thu, 27 Mar 2008 21:48:40 -0500
Reply-to:<service@penfed.org>
From:"service@penfed.org" <service@penfed.org>  Add Mobile Alert
Subject:Pentagon Federal Credit Union Account Suspended
Date:Fri, 28 Mar 2008 10:40:50 -0400
MIME-Version:1.0
Content-Type:text/plain; charset="_iso-2022-jp$ESC"
Content-Transfer-Encoding:7bit
X-Priority:1
X-MSMail-Priority:High
X-Mailer:Microsoft Outlook Express 6.00.2800.1081
X-MimeOLE:Produced By Microsoft MimeOLE V6.00.2800.1081
Message-Id:<200803272149182.SM02700@User>
Content-Length:284
 
Dear Pentagon Federal Credit Union Customer, 
 
   ACCOUNT SUSPENDED
 
Your account has been suspended for invalid billing information
 provided.
 
To activate your account please call the security department at
 856-431-1109
 
Thank You
 
Pentagon Federal Credit Union Security Department
 

X-Apparently-To: x@yahoo.com via 66.163.178.135; Sun, 06 Apr 2008 10:14:58 -0700
X-YahooFilteredBulk:217.40.42.57
X-Originating-IP:[217.40.42.57]
Return-Path:<customerservice@cona.com>
Authentication-Results:mta134.mail.re3.yahoo.com from=; domainkeys=neutral (no sig)
Received:from 217.40.42.57 (EHLO erissrv1.eris.org.uk) (217.40.42.57) by mta134.mail.re3.yahoo.com with SMTP; Sun, 06 Apr 2008 10:14:57 -0700
Received:from cona.com ([74.7.27.50]) by erissrv1.eris.org.uk with Microsoft SMTPSVC(5.0.2195.6713); Sun, 6 Apr 2008 17:36:49 +0100
From:CUNA@  Add Mobile Alert
To:nataleemorse@yahoo.com
Subject:Wal-Mart Stores, Inc. Data Breach Announcment
Date:06 Apr 2008 11:36:39 -0500
Message-ID:<20080406113639.BCE6A283E7E711F5@from.header.has.no.domain>
MIME-Version:1.0
Content-Type:text/html; charset="iso-8859-1"
Content-Transfer-Encoding:quoted-printable
Return-Path:customerservice@cona.com
X-OriginalArrivalTime:06 Apr 2008 16:36:49.0531 (UTC) FILETIME=[6960ECB0:01C89804]
Content-Length:2742
 
WAL-MART STORES, INC. DATA BREACH ANNOUNCMENT
 
April/06/2008
 
CUNA is aware of the recent data breach at Wal-Mart Stores, Inc. and is taking
proactive steps to address the situation. The Customer Security Team at CUNA
is currently gathering information regarding the data breach and will react swiftly
in the best interests of its customers, including the re-issue of compromised
cards if necessary.
 
It is important to note that CUNA has effective fraud monitoring systems in
place and is constantly reviewing our accounts for fraudulent and/or suspicious
activity. The security of your account is very important to us.
 
Moving forward, we recommend that all CUNA customers review their account
activity on an ongoing basis and report to us any suspicious activity. In addition,
it is recommended that customers activate "Enhanced Card Security" to block 
 
Please call Customer Care at 1-800-794-9672, to activate (Enhanced Card Security)
for your debit or credit card.
 
Due to the extensive news coverage of this event, there have been reports of other
scams. If you receive a phone call or email from someone claiming to be from
Visa, or MasterCard DO NOT provide them with any personal or account information
Please visit http://www.nophishing.org/ for further information regarding fraud.
 
Finally, you may continue to use your debit card. Customers who have been affected
by the data breach will be notified, and be given further instructions via postal mail. If
you have immediate questions regarding your account, please contact Customer Care
at 1-800-794-9672, option 1.
 

X-Apparently-To: x@yahoo.com via 66.163.178.135; Tue, 15 Apr 2008 09:09:54 -0700
X-YahooFilteredBulk:64.34.200.180
X-Originating-IP:[64.34.200.180]
Return-Path:<bankfranklin@franklin.com>
Authentication-Results:mta112.mail.re3.yahoo.com from=franklin.com; domainkeys=neutral (no sig)
Received:from 64.34.200.180 (EHLO web420.linux-hosting.com) (64.34.200.180) by mta112.mail.re3.yahoo.com with SMTP; Tue, 15 Apr 2008 09:09:53 -0700
Received:from User (72-28-171-009-dhcp.aik.sc.atlanticbb.net [72.28.171.9]) (authenticated bits=0) by web420.linux-hosting.com (8.13.1/8.13.1) with ESMTP id m3FFmMlk010716; Tue, 15 Apr 2008 21:18:22 +0530
Message-Id:<200804151548.m3FFmMlk010716@web420.linux-hosting.com>
Reply-to:<noreply@franklinsecurity.com>
From:"Franklin Bank" <bankfranklin@franklin.com>  Add Mobile Alert
Subject:Card Deactivation
Date:Tue, 15 Apr 2008 12:01:07 -0400
MIME-Version:1.0
Content-Type:text/plain; charset="Windows-1251"
Content-Transfer-Encoding:7bit
X-Priority:3
X-MSMail-Priority:Normal
X-Mailer:Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE:Produced By Microsoft MimeOLE V6.00.2600.0000
Content-Length:563
 
Card Deactivation
Message from: Customer Service
Date: 04/15/2008
 
We detected irregular activity on your ATM/Check Card on 04/15/2008.
For your protection we have had to suspend any future authorizations 
being conducted with your card.
 
For your security we have deactivate your card.
 
How to activate/re-activate your card ?
 
You may stop by your branch or call our Activation Center:
 
Activation Center: (866) 797-5640   (24 Hour Line) 
 
Our automated system allows you to quickly activate your card.
We apologize for any inconvenience this may cause.. 
 

X-Apparently-To: x@yahoo.com via 66.163.178.140; Mon, 21 Apr 2008 12:15:14 -0700
X-YahooFilteredBulk:8.10.184.138
X-Originating-IP:[8.10.184.138]
Return-Path:<franklinbank@ddsadsa.com>
Authentication-Results:mta250.mail.re3.yahoo.com from=ddsadsa.com; domainkeys=neutral (no sig)
Received:from 8.10.184.138 (EHLO mail.wghco.com) (8.10.184.138) by mta250.mail.re3.yahoo.com with SMTP; Mon, 21 Apr 2008 12:15:14 -0700
Received:from User ([72.28.171.9]) by mail.wghco.com with Microsoft SMTPSVC(6.0.3790.3959); Mon, 21 Apr 2008 11:49:39 -0700
From:"Franklin Bank" <franklinbank@ddsadsa.com>  Add Mobile Alert
Subject:SECURITY ALERT!
Date:Mon, 21 Apr 2008 14:48:37 -0400
MIME-Version:1.0
Content-Type:text/html; charset="Windows-1251"
Content-Transfer-Encoding:7bit
X-Priority:3
X-MSMail-Priority:Normal
X-Mailer:Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE:Produced By Microsoft MimeOLE V6.00.2600.0000
Bcc:
Return-Path:franklinbank@ddsadsa.com
Message-ID:<HENSCHEN7n0swXX1sPt00000677@mail.wghco.com>
X-OriginalArrivalTime:21 Apr 2008 18:49:39.0703 (UTC) FILETIME=[742AE870:01C8A3E0]
X-TM-AS-Product-Ver:SMEX-7.5.0.1243-5.0.1023-15864.001
X-TM-AS-Result:Yes-21.877000-4.000000-31
X-TM-AS-User-Approved-Sender:No
X-TM-AS-User-Blocked-Sender:No
Content-Length:1586
 
  Dear Franklin Bank Customer,
 
  Franklin Bank is aware of new phishing e-mails that are circulating.
  These e-mails request consumers to click a link due to a compromise of a 
  credit card account. You should not respond to this message.
 
  Due to unusual levels of fraud we have had to suspend any future authorizations
  being conducted with your Visa ATM/Check Card.
 
  For your security we have deactivate your card.
 
  How to activate/re-activate your card ?
 
  Call our Card Department: (866) 797-5643
 
 
 
  Our automated system allows you to quickly activate your card.
 
  We apologize for any inconvenience this may cause.
 
  Corporate Office
  9800 Richmond, Suite 680
  Houston, TX 77042
 
  Copyright © 2006 Franklin Bank. All Rights Reserved.
 

X-Apparently-To: x@yahoo.com via 66.163.178.138; Tue, 22 Apr 2008 15:07:58 -0700
X-YahooFilteredBulk:74.52.162.130
X-Originating-IP:[74.52.162.130]
Return-Path:<franklinbank@mesanetworks.net>
Authentication-Results:mta209.mail.re4.yahoo.com from=; domainkeys=neutral (no sig)
Received:from 74.52.162.130 (EHLO mx11.mesanetworks.net) (74.52.162.130) by mta209.mail.re4.yahoo.com with SMTP; Tue, 22 Apr 2008 15:07:56 -0700
Received:(qmail 9582 invoked by uid 509); 22 Apr 2008 11:26:37 -0600
Received:from 72.19.158.63 by mx11.mesanetworks.net (envelope-from <franklinbank@mesanetworks.net>, uid 508) with qmail-scanner-1.25-st-qms (clamdscan: 0.87/2133. spamassassin: 3.0.6. perlscan: 1.25-st-qms. Clear:RC:1(72.19.158.63):. Processed in 0.525889 secs); 22 Apr 2008 17:26:37 -0000
X-Antivirus-MESANETWORKS-Mail-From:franklinbank@mesanetworks.net via mx11.mesanetworks.net
X-Antivirus-MESANETWORKS:1.25-st-qms (Clear:RC:1(72.19.158.63):. Processed in 0.525889 secs Process 9540)
Received:from 72-19-158-63.static.mesanetworks.net (HELO User) (72.19.158.63) by mx11.mesanetworks.net with SMTP; 22 Apr 2008 11:26:36 -0600
Reply-to:<noreply@mesanetworks.net>
From:"Franklin Bank" <franklinbank@mesanetworks.net>  Add Mobile Alert
Subject:SECURITY ALERT!
Date:Tue, 22 Apr 2008 11:26:31 -0600
MIME-Version:1.0
Content-Type:text/html; charset="Windows-1251"
Content-Transfer-Encoding:7bit
X-Priority:3
X-MSMail-Priority:Normal
X-Mailer:Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE:Produced By Microsoft MimeOLE V6.00.2600.0000
X-Antivirus-MESANETWORKS-Message-ID:<120888519710709540@mx11.mesanetworks.net>
Content-Length:1584
 
  Dear Franklin Bank Customer,
 
  Franklin Bank is aware of new phishing e-mails that are circulating.
  These e-mails request consumers to click a link due to a compromise of a 
  credit card account. You should not respond to this message.
 
  Due to unusual levels of fraud we have had to suspend any future authorizations
  being conducted with your Visa ATM/Check Card.
 
  For your security we have deactivate your card.
 
  How to activate/re-activate your card ?
 
  Call our Card Department: (866) 797-5643
 
 
 
  Our automated system allows you to quickly activate your card.
 
  We apologize for any inconvenience this may cause.
 
  Corporate Office
  9800 Richmond, Suite 680
  Houston, TX 77042
 
  Copyright © 2006 Franklin Bank. All Rights Reserved.
 

X-Apparently-To: x@yahoo.com via 66.163.178.133; Thu, 24 Apr 2008 07:31:59 -0700
X-Originating-IP:[65.104.246.242]
Return-Path:<customer_service@anb.com>
Authentication-Results:mta101.mail.re3.yahoo.com from=; domainkeys=neutral (no sig)
Received:from 65.104.246.242 (EHLO mail.kwp.org) (65.104.246.242) by mta101.mail.re3.yahoo.com with SMTP; Thu, 24 Apr 2008 07:31:57 -0700
Received:from ([]) by mail.kwp.org (Merak 4.2.3) with SMTP id KPJ36965 for <x@yahoo.com>; Thu, 24 Apr 2008 09:31:56 -0500
From:Amarillo@  Add Mobile Alert ,
To:x@yahoo.com
Subject:ANB Secure Email Notification
Date:24 Apr 2008 09:29:41 -0500
Message-ID:<20080424092941.2195C1DDD96B4626@from.header.has.no.domain>
MIME-Version:1.0
Content-Type:text/html; charset="iso-8859-1"
Content-Transfer-Encoding:quoted-printable
Content-Length:1653
 

Delivered-To: no.job.needed@gmail.com
Received: by 10.142.155.4 with SMTP id c4cs16970wfe;
        Wed, 14 May 2008 08:55:10 -0700 (PDT)
Received: by 10.35.28.12 with SMTP id f12mr2105619pyj.45.1210780510055;
        Wed, 14 May 2008 08:55:10 -0700 (PDT)
Return-Path: <test@telus.net>
Received: from defout.telus.net (defout.telus.net [199.185.220.240])
        by mx.google.com with ESMTP id f24si4254145pyh.26.2008.05.14.08.55.09;
        Wed, 14 May 2008 08:55:09 -0700 (PDT)
Received-SPF: pass (google.com: domain of test@telus.net designates 199.185.220.240 as permitted sender) client-ip=199.185.220.240;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of test@telus.net designates 199.185.220.240 as permitted sender) smtp.mail=test@telus.net
Received: from priv-edtnaa16.telusplanet.net ([206.116.132.29])
          by priv-edtnes25.telusplanet.net
          (InterMail vM.7.08.02.02 201-2186-121-104-20070414) with ESMTP
          id <20080514155450.QWUB16573.priv-edtnes25.telusplanet.net@priv-edtnaa16.telusplanet.net>;
          Wed, 14 May 2008 09:54:50 -0600
Received: from User (d206-116-132-29.bchsia.telus.net [206.116.132.29])
by priv-edtnaa16.telusplanet.net (BorderWare MXtreme Infinity Mail Firewall) with SMTP
id 83448V1ULV; Wed, 14 May 2008 09:55:09 -0600 (MDT)
From: "test" <test@telus.net>
Subject: fdfdfdfdfd55
Date: Wed, 14 May 2008 08:55:10 -0700
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-Id: <20080514155509.83448V1ULV@priv-edtnaa16.telusplanet.net>
To: undisclosed-recipients:;
 
Dear MasterCard customer, 
 
We regret to inform you that we have received numerous fraudulent emails which ask for personal
account information. The emails contained links to fraudulent pages that looked legit. 
 
Please remember that we will never ask for personal account information via email or web pages. 
 
Because of this we are launching a new security system to make MasterCard accounts more secure
and safe. To take advatage of our new consumer Identity Theft Protection Program we had to
deactivate access to your card account. 
 
To activate it please call us immediately at (615) 348-6681
 
Activation is free of charge and will take place as soon as you finish the activation process. 
 
? 1994-2008 MasterCard. All rights reserved.
 

X-Apparently-To: x@yahoo.com via 66.163.178.133; Thu, 29 May 2008 15:13:17 -0700
X-YahooFilteredBulk:71.165.227.158
X-Originating-IP:[71.165.227.158]
Return-Path:<american.airlines@aa.com>
Authentication-Results:mta361.mail.mud.yahoo.com from=aa.com; domainkeys=neutral (no sig)
Received:from 71.165.227.158 (EHLO rlmurawski.com) (71.165.227.158) by mta361.mail.mud.yahoo.com with SMTP; Thu, 29 May 2008 15:13:17 -0700
Received:from aa.com ([71.170.119.34]) by rlmurawski.com with Microsoft SMTPSVC(6.0.3790.211); Thu, 29 May 2008 15:05:34 -0700
Reply-to:American.Airlines@aas.com
From:American.Airlines@aa.com  
To:x@yahoo.com
Subject:Citi / AAdvantage MasterCard (Alerting Service)
Date:29 May 2008 16:55:03 -0500
Message-ID:<20080529165503.DE8515CF9B566BEF@aa.com>
MIME-Version:1.0
Content-Type:text/html; charset="iso-8859-1"
Content-Transfer-Encoding:quoted-printable
Return-Path:American.Airlines@aa.com
X-OriginalArrivalTime:29 May 2008 22:05:34.0265 (UTC) FILETIME=[1E213A90:01C8C1D8]
Content-Length:2060