dslreports logo
    All Forums Hot Topics Gallery
spc
Search Topic:
uniqs
56677
share rss forum feed


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7

1 recommendation

reply to nwrickert

Farmers State Bank

Submitted phish #31133 is really a voice/telephone vish for phone number (888) 687-5642.
--
AT&T dsl; Westell 327w modem/router; openSuSE 11.0; firefox 3.0.1
Expand your moderator at work


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
reply to nwrickert

Salin Bank

The Salin Bank phish #31431 is really a voice/telephone vish for 1-800-681-2713.
--
AT&T dsl; Westell 327w modem/router; openSuSE 11.0; firefox 3.0.1


Lizz
Premium
join:2002-10-22
Fullerton, CA
reply to nwrickert

Re: [Phish] Telephone phishing thread



Doctor Four
My other vehicle is a TARDIS
Premium
join:2000-09-05
Dallas, TX
reply to nwrickert
American National Bank Of Texas:


--
"The trouble with computers, of course, is that they are very sophisticated idiots." - Doctor Who (from Robot)


Doctor Four
My other vehicle is a TARDIS
Premium
join:2000-09-05
Dallas, TX
reply to nwrickert
Two more from ANB Texas, with a different phone number:


Second message has the same phone number and message body,
but different headers:


--
"The trouble with computers, of course, is that they are very sophisticated idiots." - Doctor Who (from Robot)


Doctor Four
My other vehicle is a TARDIS
Premium
join:2000-09-05
Dallas, TX
reply to nwrickert
One from Uniter Heritage Credit Union:


--
"The trouble with computers, of course, is that they are very sophisticated idiots." - Doctor Who (from Robot)


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse
reply to nwrickert
Resource bank. Phone number is 815-981-4765


--
AT&T dsl; Westell 327w modem/router; openSuSE 11.0; firefox 3.0.3


DC DSL
There's a reason I'm Command.
Premium
join:2000-07-30
Washington, DC
kudos:2
reply to nwrickert

877-214-0565 - Community Financial Members Federal Credit Union

The message:
ADVISORY: Some members and non-members of Community Financial Members Federal Credit Union have received fraudulent emails. This email was NOT issued by Community Financial Members Federal Credit Union, and should be deleted. Do not follow the instructions in the email. Do not click the link. For security reasons we have deactivated your debit card. Please call our toll-free hotline at (877) 214-0565 to activate your debit card.


Headers:


It's so touching how much they care for "members and non-members" alike, and have deactivated my debit card for me!

Frickin morons...they couldn't even send well-formed HTML!

--
There is no giant fur-bearing trout.


Doctor Four
My other vehicle is a TARDIS
Premium
join:2000-09-05
Dallas, TX
reply to nwrickert

Re: [Phish] Telephone phishing thread

Click for full size
800-523-8103 Capital One

Sent to my mother's Yahoo email. Only thing changed is the first part of the To: address


The attached logo is the one the phisher used. They left off "what's in your wallet?", which normally is positioned beginning right below the 'One' part of the name.

--
"The trouble with computers, of course, is that they are very sophisticated idiots." - Doctor Who (from Robot)


Doctor Four
My other vehicle is a TARDIS
Premium
join:2000-09-05
Dallas, TX

1 recommendation

reply to nwrickert
Click for full size
U.S. Bank telephone phish (there were two of these, with the same image and telephone number):

#1:

#2

The body of the email is an image only (the screenshot above). It is clickable, but appears to lead to the real U.S. Bank website.

--
"The trouble with computers, of course, is that they are very sophisticated idiots." - Doctor Who (from Robot)


Doctor Four
My other vehicle is a TARDIS
Premium
join:2000-09-05
Dallas, TX
reply to nwrickert
Credit Union Access:


Dear CU Member:

This is not a promotional e-mail. Please call us immediately at (877) 898-7930 regarding recent restriction placed on your account. We're available 24/7 to take your call.

Please disregard this e-mail if you've already call us since the date this e-mail was sent.

We appreciate your prompt attention to this matter.

Thank you
CU Fraud Prevention Security Department

--
"The trouble with computers, of course, is that they are very sophisticated idiots." - Doctor Who (from Robot)


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse
reply to nwrickert

Capital One vish

A vish for Capital One, at +1(315-235-1392)

said by mail body :
In our terms and contidions you have agreed to state that your
account must always be under your control or those you designate
at all times. We have noticed some activity related to your account that
indicates that order parties may have tried gaining access or control of your
information in your account.

Therefore, to prevent unauthorized access to your Capital One Bank
Internet Banking account,you are limited to five failed login attempts in
a 24-hour period. You have exceeded this number of attempts.*

To reactivate your debit card , please call: +1(315-235-1392)

Copyright Capital One Bank, All Rights Reserved.
Headers:

--
AT&T dsl; Westell 327w modem/router; openSuSE 11.0; firefox 3.0.5


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse
reply to nwrickert

F & M Bank Express Online - vish at (641) 410 2293

said by vish body :
Dear F&M Bank customer,

We are hereby notifying you that we've recently suffered a phishing-Attack. Beca
use we have registered too many frauds we suspended your account. For security r
easons you must call us and provide the requested information so we can verify t
he integrity of your F&M ExpressOnline Banking account. If you fail to complete
the verification in the next 24 hours your account will be blocked.

***************************************************

Call us at: +1 (641) 410 2293 and confirm your identity.

***************************************************

Note: The call is free of charge for you!

Please comply and thanks for understanding.

\251 2009 F&M Bank

Headers:

--
AT&T dsl; Westell 327w modem/router; openSuSE 11.0; firefox 3.0.5


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse
reply to nwrickert

Re: [Phish] Paypal vish

Excerpt from vish:

Restore your account .
Please Call our Card Department at 0039-069-165-7836

--
AT&T dsl; Westell 327w modem/router; openSuSE 11.0; firefox 3.0.11

MGD
Premium,MVM
join:2002-07-31
kudos:9
said by nwrickert:

Excerpt from vish:

Restore your account .
Please Call our Card Department at 0039-069-165-7836

A foreign number perhaps ?, there are too many digits for it to be a US number

MGD


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Yes, I assume foreign.

If I am reading it correctly, the "00" is a prefix for US callers, then the 39 is the international code for Italy.
--
AT&T dsl; Speedstream 5100b modem; openSuSE 11.0; firefox 3.0.11

MGD
Premium,MVM
join:2002-07-31
kudos:9

1 recommendation

I thought it was Italy, then I wondered how low the IQ of a Phisher would have to be in order to think that a victim would make an international call to Italy to contact PayPal support.

I guess that must be the downside of dropping out of Phishing 101.

MGD

Rowan
Premium
join:2008-10-16
Longview, TX
reply to nwrickert

Re: [Phish] Telephone phishing thread

My SO has a new cell phone -- TWO DAYS OLD -- and has received 6 calls today (one per hour or so). The first few were "caller unknown", but the most recent call showed up as 877-648-0958. I've called that no. from another phone and I get 'invalid number'. They've left no messages, so not sure what they're up to, but Goog sez lots of other ppls are having this recent prob with this same no.

Just thought I'd report in.

~Rowan


Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
reply to MGD

Re: [Phish] Paypal vish

Here's where he was routing the calls to
sip:cacat0099@proxy01.sipphone.com

NightVisor
Premium
join:2001-02-28
Rialto, CA

1 recommendation

reply to nwrickert

SMS sent to cell phone

From: 3736

Message:
customer.notification@visa.com / "Card Block Alert". To find out why you receive this alert call 1-877-245-1472. Thank you. /

What happens when I call that number?
"Your credit union has identified your account as having fraudulent entries and your credit card has been blocked. Please stay on the and a credit union security specialist will assist you."

*sounds of call being transfered*

"To assist you with your account, please enter your credit card number"

At that point, I hung up.


Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Time Warner Cable
·Clearwire Wireless
said by NightVisor:

At that point, I hung up.
Wow! You're in a special class of people.
Off the top of my head I'll say less than 1 in a half million people who receive these respond to them.
Did you call out of irritation or were you initially unsure about the message?

NightVisor
Premium
join:2001-02-28
Rialto, CA
*deadpan* Define "special". *deadpan:end*

I wanted to see what the message hook was. I already knew it was a scam, but the number didn't show up in any search engines. Since this thread (the whole forum, actually) is regularly monitored by Google et al., might as well drop in the number and the message so if someone else searches, they'll find the info.


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Good thinking. And thanks for posting.


Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Time Warner Cable
·Clearwire Wireless
reply to NightVisor
said by NightVisor:

*deadpan* Define "special". *deadpan:end*

"rare, uncommon, unique..."
in a complimentary way


Avelos

@qwest.net
reply to NightVisor
That's funny, I got the same text today. I noticed that it said receive instead of received after looking at it a couple of times. I didn't even bother calling, especially after that grammatical error. So then I googled (hah it's a verb) the 3878 text number and nothing showed up. Then I searched the message through google and found that people actually gave up their account information lol.

MGD
Premium,MVM
join:2002-07-31
kudos:9
reply to NightVisor
Your number must have been one of the first batches called. It has now shown up on several of the phone number websites:

»800notes.com/Phone.aspx/1-877-24 ··· 245-1472

»whocallsme.com/Phone-Number.aspx ··· 72451472

»www.callercomplaints.com/SearchR ··· 245-1472

MGD
Expand your moderator at work


SYNACK
Just Firewall It
Premium,Mod
join:2001-03-05
Venice, CA

1 recommendation

reply to MGD

Re: SMS sent to cell phone

phishing MMS received on cell (t-mobile):

310@tmomail.net: We found a problem in your California account. Call urgently at (888) 666-9128

(Googling that number show numerous similar messages)


SYNACK
Just Firewall It
Premium,Mod
join:2001-03-05
Venice, CA
Here's an interesting followup to this after checking my online bill in more details. We have 4 lines on that account and not all numbers are adjacent. Still, all phones received the same text message literally within seconds of each other.

I called t-mobile to see if there are any security measures in place to possibly prevent such things in the future, similar to e.g. spam filters for e-mail.

I am curious if the target numbers were skimmed from the stolen t-mobile data.