Topic '[Phish] Telephone phishing thread' in forum 'Scam and Phishbusters' - dslreports.com

Re: [Phish] Telephone phishing thread

Thu, 05 Jan 2012 00:12:51 EDT

nwrickert posted : Post here.

If you think it's a serious enough case, you can report to your local police and possibly to the FBI. However, unless strong evidence is there, you will have difficulty getting the police to take it seriously.
--
AT&T Uverse; Zyxel NBG334W router (behind the 2wire gateway); openSuSE 12.1; firefox 9.0

Re: [Phish] Telephone phishing thread

Wed, 04 Jan 2012 23:00:01 EDT

legendvpn12 posted : Where to report if this happens?

Thanks!

Re: [Phish] Telephone phishing thread

Wed, 12 Oct 2011 09:54:31 EDT

nwrickert posted : That was probably sent to many people, on the off chance that some would have accounts.

The general rule applies - if you are concerned that there might be a problem, call the number that is on your credit card or bank statement. DO NOT call the number received in unsolicited text message, email, phone calls, etc.
--
AT&T Uverse; Zyxel NBG334W router (behind the 2wire gateway); openSuSE 11.4; firefox 7.0

Re: [Phish] Telephone phishing thread

Wed, 12 Oct 2011 00:04:07 EDT

jmorlan posted : Got the following text on my cell phone:

From: Important1
Subj: Important1
Msg: Important information regarding your Wells Fargo Account. For more information please contact us at 888-854-3824. Thank you.

I don't have a Wells Fargo Account.

Re: [Phish] Telephone phishing thread

Wed, 23 Feb 2011 09:45:08 EDT

nwrickert posted :

said by DC DSL:

DON'T GIVE THE CALLER ANY INFO, no matter what caller ID says.

As always, if you have any doubts about the legitimacy of a caller, hang up immediately and contact the company on the phone number from your statement.

Yes, good advice.

Most of the phone calls that we get, with the exception of those from friends and work colleagues, seem to be fraudulent. They are either an attempt to get account information; a violation of DO NOT CALL; a dubious charity.

We have pretty much adopted a "just say no" and if they keep talking we hang up. And I decline to participate in telephone opinion surveys/polls, because too many of those turn out to be disguised marketing.
--
AT&T Uverse; Zyxel NBG334W router (behind the 2wire gateway); openSuSE 11.3; firefox 3.6.13

Re: [Phish] Telephone phishing thread

Wed, 23 Feb 2011 09:19:46 EDT

DC DSL posted : I just got a call on my landline from "000-000-0000 VERIZON DSL" Some snarky-sounding dude with an Indian accent said he was "from Verizon Security Department" to let me know my online account has been taken over by pirates because "Homeland Security Association" says they "detected copyright music, movies or adult material in [my] home." "If you please give your login ID, password, full name, SSN, and the bank account you pay your Verizon bill, I will verify I spoke with you and remove the restrictions imposed on you by law."

I told him I really appreciated his taking the time to contact me but "I am the Chief Executive Superior of Homeland Security Association and have to put [him] on report for not following the script correctly." He told me that I was going to "experience extreme legal difficulty," dropped a couple of f-bombs and hung up.

This is plainly an attempt to get account login credentials, along with bank account info. The scammers could also easily use the name of any ISP (AT&T, Comcast, etc.) DON'T GIVE THE CALLER ANY INFO, no matter what caller ID says.

As always, if you have any doubts about the legitimacy of a caller, hang up immediately and contact the company on the phone number from your statement.
--
"Keep calm and carry on."

Re: [Phish] Telephone phishing thread

Tue, 08 Feb 2011 02:12:39 EDT

Snowy posted :

said by nwrickert:

1. They knew I had a Visa ATM (which only the bank and Google know)

They probably don't know that. It is more likely that they try this on many people, and some will have Visa and might fall for the scam.

Agreed
It's a hit or miss proposition for the visher, nothing to worry about.

said by nwrickert:

2. They knew my cell number

Or maybe they are just calling a range of numbers. You did say that the voice was automated, so the whole scam is probably automated.

Your number would be in this format along with hundred's of 1000's of other numbers. It's not personal to you at all.
x143090000
x143090001
x143090002
x143090003
x143090004
x143090005
x143090006
x143090007
x143090008
x143090009
x143090010
x143090011
x143090012
x143090013
x143090014
x143090015
x143090016
x143090017
x143090018
x143090019
x143090020
x143090021
x143090022
x143090023
x143090024
x143090025
x143090026
x143090027
x143090028
x143090029
x143090030
x143090031
x143090032
x143090033
x143090034
x143090035
x143090036
x143090037
x143090038
x143090039
x143090040
x143090041
x143090042
x143090043
x143090044
x143090045
x143090046
x143090047
x143090048
x143090049
x143090050
x143090051
x143090052
x143090053
x143090054
etc...
The image is from an SMS vish but it works the same for an automated voice vish.
Note the speed of the dialer, vishing is coming of age.

9827 messages in ~3 minutes

Re: [Phish] Telephone phishing thread

Sat, 05 Feb 2011 22:53:50 EDT

nwrickert posted :

1. They knew I had a Visa ATM (which only the bank and Google know)

They probably don't know that. It is more likely that they try this on many people, and some will have Visa and might fall for the scam.

2. They knew my cell number

Or maybe they are just calling a range of numbers. You did say that the voice was automated, so the whole scam is probably automated.
--
AT&T Uverse; Zyxel NBG334W router (behind the 2wire gateway); openSuSE 11.3; firefox 3.6.13

Re: [Phish] Telephone phishing thread

Sat, 05 Feb 2011 20:46:11 EDT

SSidlov posted : Hi, I got one of these today on my cellphone. The Caller ID said 1402. (edit) I just checked my cell phone incoming calls log online and it says that the incoming call at that moment was 'me' -my phone number. (edit)

The automated voice was very poor quality.

The script went something like this:

"Hello, this is an automated message from Visa regarding your Visa Debit Card which has shown unusual activity. Due to this activity we have deactivated your card. To reactivate your card please press 1"

I thought at the time that this was fishy due to the low quality and that my Visa atm card messages would have come from my bank, rather than Visa. My bank has a pretty decent voice system. I called them and notified them that someone was phishing customers and ran it up to a supervisor level and suggested that they post something on their web page (as they do for other phishing) and maybe in the voice messages for the phone call center.

I'm concerned that

1. They knew I had a Visa ATM (which only the bank and Google know)
2. They knew my cell number (which is registered with the bank and Google) my cell is NOT associated with the card for payment purposes.
3. The new web Android market which I was playing around with the other day, has no HTTPS service on it only regular HTTP. I have my google sign-in set for HTTPS. (I keep getting that it's a insecure site, and market.android.com is an alias for goggle - which we know it is.)
--
»www.Warpstock.org

Re: [Phish] Telephone phishing thread

Mon, 13 Sep 2010 17:50:05 EDT

sivran posted : I kept getting calls with a recorded voice asking "do you own a small dog?"

Finally, I googled it: »whocalled.us/lookup/5712145430

Bleh!
--
Think Outside the Fox.

Re: nice website

Tue, 06 Apr 2010 12:23:13 EDT

nwrickert posted : I am glad you are finding it useful.

nice website

Tue, 06 Apr 2010 07:20:23 EDT

50934898 posted : this is really a nice website and i found some useful and informative material on it.

Re: [Phish] Telephone phishing thread

Wed, 03 Feb 2010 09:06:32 EDT

carpetshark3 posted : Did you ever get a reply from T Mobile? I have had the same problem. I do have messaging blocked as I don't want the service.
I have noticed, that if you pay your bill, TM sends an IM to all of the lines to thank you - I asked about that, and they have no fix apparently.
I'm also wondering about stolen numbers. The number I have was ported in from Verizon, and I never had a solicitor call. I do not give out the phone number except to those who need it.
CS

Re: SMS sent to cell phone

Wed, 16 Sep 2009 14:42:46 EDT

SYNACK posted : Here's an interesting followup to this after checking my online bill in more details. We have 4 lines on that account and not all numbers are adjacent. Still, all phones received the same text message literally within seconds of each other.

I called t-mobile to see if there are any security measures in place to possibly prevent such things in the future, similar to e.g. spam filters for e-mail.

I am curious if the target numbers were skimmed from the stolen t-mobile data.

Re: SMS sent to cell phone

Fri, 28 Aug 2009 13:55:55 EDT

SYNACK posted : phishing MMS received on cell (t-mobile):

310@tmomail.net: We found a problem in your California account. Call urgently at (888) 666-9128

(Googling that number show numerous similar messages)

Re: SMS sent to cell phone

Mon, 03 Aug 2009 01:21:25 EDT

MGD posted : Your number must have been one of the first batches called. It has now shown up on several of the phone number websites:

»800notes.com/Phone.aspx/1-877-245-1472

»whocallsme.com/Phone-Number.aspx/8772451472

»www.callercomplaints.com/SearchR···245-1472

MGD

Re: SMS sent to cell phone

Sun, 02 Aug 2009 23:36:49 EDT

anon posted : That's funny, I got the same text today. I noticed that it said receive instead of received after looking at it a couple of times. I didn't even bother calling, especially after that grammatical error. So then I googled (hah it's a verb) the 3878 text number and nothing showed up. Then I searched the message through google and found that people actually gave up their account information lol.

Re: SMS sent to cell phone

Sun, 02 Aug 2009 22:19:26 EDT

Snowy posted :

said by NightVisor:

*deadpan* Define "special". *deadpan:end*

"rare, uncommon, unique..."
in a complimentary way

Re: SMS sent to cell phone

Sun, 02 Aug 2009 21:25:37 EDT

nwrickert posted : Good thinking. And thanks for posting.

Re: SMS sent to cell phone

Sun, 02 Aug 2009 21:15:42 EDT

NightVisor posted : *deadpan* Define "special". *deadpan:end*

I wanted to see what the message hook was. I already knew it was a scam, but the number didn't show up in any search engines. Since this thread (the whole forum, actually) is regularly monitored by Google et al., might as well drop in the number and the message so if someone else searches, they'll find the info.

Re: SMS sent to cell phone

Sun, 02 Aug 2009 20:29:59 EDT

Snowy posted :

said by NightVisor:

At that point, I hung up.

Wow! You're in a special class of people.
Off the top of my head I'll say less than 1 in a half million people who receive these respond to them.
Did you call out of irritation or were you initially unsure about the message?

SMS sent to cell phone

Sun, 02 Aug 2009 17:04:22 EDT

NightVisor posted : From: 3736

Message:
customer.notification@visa.com / "Card Block Alert". To find out why you receive this alert call 1-877-245-1472. Thank you. /

What happens when I call that number?
"Your credit union has identified your account as having fraudulent entries and your credit card has been blocked. Please stay on the and a credit union security specialist will assist you."

*sounds of call being transfered*

"To assist you with your account, please enter your credit card number"

At that point, I hung up.

Re: [Phish] Paypal vish

Sat, 27 Jun 2009 09:15:20 EDT

Snowy posted : Here's where he was routing the calls to
sip:cacat0099@proxy01.sipphone.com

Re: [Phish] Telephone phishing thread

Wed, 24 Jun 2009 20:53:33 EDT

Rowan posted : My SO has a new cell phone -- TWO DAYS OLD -- and has received 6 calls today (one per hour or so). The first few were "caller unknown", but the most recent call showed up as 877-648-0958. I've called that no. from another phone and I get 'invalid number'. They've left no messages, so not sure what they're up to, but Goog sez lots of other ppls are having this recent prob with this same no.

Just thought I'd report in.

~Rowan

Re: [Phish] Paypal vish

Mon, 22 Jun 2009 21:34:40 EDT

MGD posted : I thought it was Italy, then I wondered how low the IQ of a Phisher would have to be in order to think that a victim would make an international call to Italy to contact PayPal support.

I guess that must be the downside of dropping out of Phishing 101.

MGD

Re: [Phish] Paypal vish

Mon, 22 Jun 2009 19:57:45 EDT

nwrickert posted : Yes, I assume foreign.

If I am reading it correctly, the "00" is a prefix for US callers, then the 39 is the international code for Italy.
--
AT&T dsl; Speedstream 5100b modem; openSuSE 11.0; firefox 3.0.11

Re: [Phish] Paypal vish

Mon, 22 Jun 2009 19:26:00 EDT

MGD posted :

said by nwrickert:

Excerpt from vish:

Restore your account .
Please Call our Card Department at 0039-069-165-7836

A foreign number perhaps ?, there are too many digits for it to be a US number

MGD

Re: [Phish] Paypal vish

Wed, 17 Jun 2009 17:43:10 EDT

nwrickert posted : Excerpt from vish:

Restore your account .
Please Call our Card Department at 0039-069-165-7836

Received: from mail.bccnews.us (mail.bccnews.us [208.70.72.115])        by mp.cs.niu.edu (8.14.3/8.14.3) with ESMTP id n5HGYf0e029439        for ; Wed, 17 Jun 2009 11:34:46 -0500 (CDT)Received: from User [207.178.222.51] by mail.bccnews.us with ESMTP  (SMTPD32-7.07) id A04A3D70040; Wed, 17 Jun 2009 07:40:10 -0700From: "PayPal"Subject: Notice.Date: Wed, 17 Jun 2009 07:35:48 -0700

--
AT&T dsl; Westell 327w modem/router; openSuSE 11.0; firefox 3.0.11

F & M Bank Express Online - vish at (641) 410 2293

Tue, 06 Jan 2009 20:13:52 EDT

nwrickert posted :

said by vish body :
Dear F&M Bank customer,

We are hereby notifying you that we've recently suffered a phishing-Attack. Beca
use we have registered too many frauds we suspended your account. For security r
easons you must call us and provide the requested information so we can verify t
he integrity of your F&M ExpressOnline Banking account. If you fail to complete
the verification in the next 24 hours your account will be blocked.

***************************************************

Call us at: +1 (641) 410 2293 and confirm your identity.

***************************************************

Note: The call is free of charge for you!

Please comply and thanks for understanding.

\251 2009 F&M Bank

Headers:

Return-Path: Received: from mail.tekonet.de (mail.tekonet.de [194.39.185.4])        by mp.cs.niu.edu (8.14.3/8.14.3) with ESMTP id n070egAR027175        for ; Tue, 6 Jan 2009 18:40:51 -0600 (CST)Received: by mail.tekonet.de with MERCUR Mailserver (v5.00.19 MTA1LTI1NjQtNjQxNA==) for ; Tue, 6 Jan 2009 22:28:57 +0100From: "F&M Bank"Subject: [URGENT NOTICE] We've recently suffered a phishing-AttackDate: Tue, 6 Jan 2009 16:56:25 -0500MIME-Version: 1.0Content-Type: text/plain;        charset="Windows-1251"Content-Transfer-Encoding: 7bitX-Priority: 1X-MSMail-Priority: HighX-Mailer: Microsoft Outlook Express 6.00.2600.0000X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000To: Message-Id: <0901062228579700@mail.tekonet.de>

--
AT&T dsl; Westell 327w modem/router; openSuSE 11.0; firefox 3.0.5

Capital One vish

Thu, 01 Jan 2009 21:19:36 EDT

nwrickert posted : A vish for Capital One, at +1(315-235-1392)

said by mail body :
In our terms and contidions you have agreed to state that your
account must always be under your control or those you designate
at all times. We have noticed some activity related to your account that
indicates that order parties may have tried gaining access or control of your
information in your account.

Therefore, to prevent unauthorized access to your Capital One Bank
Internet Banking account,you are limited to five failed login attempts in
a 24-hour period. You have exceeded this number of attempts.*

To reactivate your debit card , please call: +1(315-235-1392)

Copyright Capital One Bank, All Rights Reserved.

Headers:

Return-Path: Received: from southeasterngeothermal.com (mail.southeasterngeothermal.com [208.103.1.222])        by mp.cs.niu.edu (8.14.3/8.14.3) with ESMTP id n022CGfj008721        for <*munged*>; Thu, 1 Jan 2009 20:12:22 -0600 (CST)Received: from User ([207.181.121.72]) by southeasterngeothermal.com with Microsoft SMTPSVC(6.0.3790.3959);         Sun, 14 Dec 2008 10:08:29 -0500Reply-To: From: "Capital One Services, Inc."Subject: Important Member Service InformationDate: Sun, 14 Dec 2008 10:09:12 -0500MIME-Version: 1.0Content-Type: text/plain;        charset="Windows-1251"Content-Transfer-Encoding: 7bitX-Priority: 1X-MSMail-Priority: HighX-Mailer: Microsoft Outlook Express 6.00.2600.0000X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000Bcc:Message-ID: X-OriginalArrivalTime: 14 Dec 2008 15:08:29.0486 (UTC) FILETIME=[D2673CE0:01C95DFD]

--
AT&T dsl; Westell 327w modem/router; openSuSE 11.0; firefox 3.0.5

Re: [Phish] Telephone phishing thread

Tue, 16 Dec 2008 10:16:29 EDT

Doctor Four posted : Credit Union Access:

 Return-Path:     Authentication-Results: mta170.mail.re4.yahoo.com from=; domainkeys=neutral (no sig)Received: from 68.99.120.49 (EHLO dukecmmtar02.coxmail.com) (68.99.120.49) by mta170.mail.re4.yahoo.com with SMTP; Mon, 15 Dec 2008 21:15:46 -0800Received: from creditunionaccess.com ([98.191.101.166]) by dukecmmtar02.coxmail.com (InterMail vM.6.01.06.05 201-2131-130-106-20070212) with ESMTP id <20081216051546.XOJQ18528.dukecmmtar02.coxmail.com@creditunionaccess.com> for ; Tue, 16 Dec 2008 00:15:46 -0500Reply-To: card@creditunionaccess.comFrom: "Credit Union Access"    To: x@yahoo.comSubject: Account Status AlertDate: 15 Dec 2008 22:15:45 -0700Message-ID: <20081215221545.860840C6428CA82A@creditunionaccess.com>MIME-Version: 1.0Content-Type: text/html; charset="iso-8859-1"Content-Transfer-Encoding: quoted-printableContent-Length: 788

Dear CU Member:

This is not a promotional e-mail. Please call us immediately at (877) 898-7930 regarding recent restriction placed on your account. We're available 24/7 to take your call.

Please disregard this e-mail if you've already call us since the date this e-mail was sent.

We appreciate your prompt attention to this matter.

Thank you
CU Fraud Prevention Security Department

--
"The trouble with computers, of course, is that they are very sophisticated idiots." - Doctor Who (from Robot)

Re: [Phish] Telephone phishing thread

Tue, 09 Dec 2008 23:03:39 EDT

Doctor Four posted : U.S. Bank telephone phish (there were two of these, with the same image and telephone number):

#1:

  Return-Path:     Authentication-Results: mta569.mail.mud.yahoo.com from=; domainkeys=neutral (no sig)Received: from 68.230.240.9 (EHLO eastrmmtao103.cox.net) (68.230.240.9) by mta569.mail.mud.yahoo.com with SMTP; Tue, 09 Dec 2008 16:10:50 -0800Received: from eastrmimpo03.cox.net ([68.1.16.126]) by eastrmmtao103.cox.net (InterMail vM.7.08.02.01 201-2186-121-102-20070209) with ESMTP id <20081210001049.DUTA18445.eastrmmtao103.cox.net@eastrmimpo03.cox.net>; Tue, 9 Dec 2008 19:10:49 -0500Received: from User ([70.187.22.254]) by eastrmimpo03.cox.net with bizsmtp id pCAj1a0085Uvfce02CAkUW; Tue, 09 Dec 2008 19:10:48 -0500 a=gMMwTlpgCVsA:10 a=nDDMXIyUaCkA:10 a=oJL9TIRMo0YA:10 a=HWowFZCwAAAA:8 a=6VBaUAmcAAAA:8 a=vzUeNKtdRj-0HKc1hJIA:9Reply-To: rtkxxo@yahoo.comFrom: U.S. Bank  Subject: Multiple password failures ! Please call our 24-hours Security DepartmentDate: Wed, 10 Dec 2008 01:14:07 +0100MIME-Version: 1.0Content-Type: text/html; charset="Windows-1251"Content-Transfer-Encoding: 7bitMessage-Id: <20081210001049.DUTA18445.eastrmmtao103.cox.net@eastrmimpo03.cox.net>Content-Length: 173

 Return-Path:     Authentication-Results: mta149.mail.re1.yahoo.com from=; domainkeys=neutral (no sig)Received: from 68.230.240.13 (EHLO eastrmmtai106.cox.net) (68.230.240.13) by mta149.mail.re1.yahoo.com with SMTP; Tue, 09 Dec 2008 15:16:23 -0800Received: from eastrmimpo03.cox.net ([68.1.16.126]) by eastrmmtao107.cox.net (InterMail vM.7.08.02.01 201-2186-121-102-20070209) with ESMTP id <20081209231458.FIYS4842.eastrmmtao107.cox.net@eastrmimpo03.cox.net>; Tue, 9 Dec 2008 18:14:58 -0500Received: from User ([70.188.140.60]) by eastrmimpo03.cox.net with bizsmtp id pBEt1a00K1JP2Ge02BEuhr; Tue, 09 Dec 2008 18:14:58 -0500 a=gMMwTlpgCVsA:10 a=5a7zk8gS10wA:10 a=oJL9TIRMo0YA:10 a=HWowFZCwAAAA:8 a=6VBaUAmcAAAA:8 a=vzUeNKtdRj-0HKc1hJIA:9Reply-To: dsmxzu@yahoo.comFrom: U.S. Bank  Subject: Multiple password failures ! Please call our 24-hours Security DepartmentDate: Wed, 10 Dec 2008 00:18:17 +0100MIME-Version: 1.0Content-Type: text/html; charset="Windows-1251"Content-Transfer-Encoding: 7bitMessage-Id: <20081209231458.FIYS4842.eastrmmtao107.cox.net@eastrmimpo03.cox.net>Content-Length: 173

The body of the email is an image only (the screenshot above). It is clickable, but appears to lead to the real U.S. Bank website.

--
"The trouble with computers, of course, is that they are very sophisticated idiots." - Doctor Who (from Robot)

Re: [Phish] Telephone phishing thread

Fri, 28 Nov 2008 04:36:53 EDT

Doctor Four posted : 800-523-8103 Capital One

Sent to my mother's Yahoo email. Only thing changed is the first part of the To: address

Return-Path: Authentication-Results: mta198.mail.ac4.yahoo.com from=; domainkeys=neutral (no sig)Received: from 208.34.106.236 (EHLO vocal-net.net) (208.34.106.236) by mta198.mail.ac4.yahoo.com with SMTP; Thu, 27 Nov 2008 23:35:42 -0800Received: from westnotificationsgroup.com (unverified [72.54.106.166]) by ntvop4.netaccnt.net (Vircom SMTPRS 4.5.654.13) with ESMTP id for ; Fri, 28 Nov 2008 02:10:33 -0500From: "Capital One" <216.57.96.8 (HELO mailout04.westnotificationsgroup.com)> To: x@yahoo.comSubject: Capital One Alert: Irregular Credit Card ActivityDate: 28 Nov 2008 00:13:11 -0700Message-ID: <20081128001311.B0F742BDBB2F8318@capitaone.com>MIME-Version: 1.0Content-Type: text/html; charset="iso-8859-1"Content-Transfer-Encoding: quoted-printableContent-Length: 3634 Irregular Credit Card Activity Account: Capital One® credit cardDate: 11/28/2008 We detected irregular activity on your Capital One® credit card on 11/28/2008. For your protection, you must verify this activity before you can continue using your card. Please call us immediately at 1-800-523-8103 or collect using the number listed on the back of your card. We will review the activity on your account with you and upon verification, we will remove any restrictions placed on your account. Important Information from Capital One Contact Us | Privacy This e-mail was sent to you and contains information directly related to your account with us, other services to which you have subscribed, and/or any application you may have submitted. The site may be unavailable during normal weekly maintenance or due to unforeseen circumstances. Capital One and its service providers are committed to protecting your privacy and ask you not to send sensitive account information through e-mail. If you are not a Capital One customer and believe you received this message in error, please notify us by responding to this e-mail. ©2008 Capital One. Capital One is a federally registered service mark. All rights reserved. 15000 Capital One Drive, Attn: 12038-0111, Richmond, Virginia 23238. To contact us by mail, please use the following address: Capital One, PO Box 30285, Salt Lake City, Utah 84130-0285. 09860 023 001

The attached logo is the one the phisher used. They left off "what's in your wallet?", which normally is positioned beginning right below the 'One' part of the name.

--
"The trouble with computers, of course, is that they are very sophisticated idiots." - Doctor Who (from Robot)

877-214-0565 - Community Financial Members Federal Credit Union

Wed, 19 Nov 2008 07:03:47 EDT

DC DSL posted : The message:

ADVISORY: Some members and non-members of Community Financial Members Federal Credit Union have received fraudulent emails. This email was NOT issued by Community Financial Members Federal Credit Union, and should be deleted. Do not follow the instructions in the email. Do not click the link. For security reasons we have deactivated your debit card. Please call our toll-free hotline at (877) 214-0565 to activate your debit card.

Headers:

Return-Path: Received: from dukecmfep05.coxmail.com [68.99.120.40] by mail.rueckgauer.com with SMTP;   Tue, 18 Nov 2008 15:46:44 -0500Received: from User ([24.248.209.212]) by dukecmmtar02.coxmail.com          (InterMail vM.6.01.06.05 201-2131-130-106-20070212) with SMTP          id <20081118194108.LMXS4924.dukecmmtar02.coxmail.com@User>;          Tue, 18 Nov 2008 14:41:08 -0500From: "Community Financial Members Federal Credit Union"Subject: Contact Us!Date: Tue, 18 Nov 2008 13:40:56 -0600MIME-Version: 1.0Content-Type: text/html;charset="Windows-1251"Content-Transfer-Encoding: 7bitX-Priority: 3X-MSMail-Priority: NormalX-Mailer: Microsoft Outlook Express 6.00.2600.0000X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000Message-Id: <20081118194108.LMXS4924.dukecmmtar02.coxmail.com@User>X-Rcpt-To: X-SmarterMail-Spam: SPF_None

It's so touching how much they care for "members and non-members" alike, and have deactivated my debit card for me!

Frickin morons...they couldn't even send well-formed HTML!

--
There is no giant fur-bearing trout.

Re: [Phish] Telephone phishing thread

Tue, 04 Nov 2008 13:55:27 EDT

nwrickert posted : Resource bank. Phone number is 815-981-4765

Return-Path: accounts@resourcebank.comDelivery-Date: Tue, 04 Nov 2008 07:57:29 -0600Received: from mail.nelsonmazda.com (mail.nelsonmazda.com [68.99.76.194])        by mp.cs.niu.edu (8.14.3/8.14.3) with ESMTP id mA4DvN65018274        for ; Tue, 4 Nov 2008 07:57:28 -0600 (CST)Received: from User ([142.176.87.114]) by mail.nelsonmazda.com with Microsoft SMTPSVC(6.0.3790.3959);         Tue, 4 Nov 2008 08:01:57 -0600Reply-To: From: "Resource Bank"Subject: NoticeDate: Tue, 4 Nov 2008 09:56:07 -0400MIME-Version: 1.0Content-Type: text/html;        charset="Windows-1251"Content-Transfer-Encoding: 7bitX-Priority: 1X-MSMail-Priority: HighX-Mailer: Microsoft Outlook Express 6.00.2600.0000X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000Bcc:Message-ID: X-OriginalArrivalTime: 04 Nov 2008 14:01:57.0348 (UTC) FILETIME=[E6615240:01C93E85]  Resource Bank    Dear Customer, 
  Resource Bank temporarily suspended your account.
  Reason: Security Issues.
  We need you to complete an account update so we can unlock your account.
 
  To start the update process call at the following number : 815-981-4765
  
  The information provided will be treated in confidence and stored in our secure database.
 
           Copyright  Resource Bank. All Rights Reserved

--
AT&T dsl; Westell 327w modem/router; openSuSE 11.0; firefox 3.0.3

Re: [Phish] Telephone phishing thread

Wed, 15 Oct 2008 07:12:24 EDT

Doctor Four posted : One from Uniter Heritage Credit Union:

 Return-Path:     Authentication-Results: mta435.mail.mud.yahoo.com from=uhcu.org; domainkeys=neutral (no sig)Received: from 194.116.199.143 (EHLO thb-mta-05.emailfiltering.com) (194.116.199.143) by mta435.mail.mud.yahoo.com with SMTP; Wed, 15 Oct 2008 03:34:41 -0700Received: from host217-41-113-124.in-addr.btopenworld.com ([217.41.113.124]) by thb-mta-05.emailfiltering.com with emfmta (version 3.6.5.44.1.r-3.2.3-libc2.3.2) vanilla id 3044468324 ; Wed, 15 Oct 2008 11:34:40 +0100Received: from User ([68.191.184.90]) by mail.bbs.eu.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 15 Oct 2008 11:33:10 +0100Reply-To: From: "United Heritage C.U"   Subject: Important Member Service Information !Date: Wed, 15 Oct 2008 05:34:39 -0500MIME-Version: 1.0Content-Type: text/plain; charset="Windows-1251"Content-Transfer-Encoding: 7bitBcc: Return-Path: service@uhcu.orgMessage-ID: Content-Length: 735 Dear Member: According to our clients needs United Heritage Credit Union is currently launching a newsecurity system that will improve the level of member service we can provide. We strongly urge that all our members need to update their credit card withinthe next 48 hours, so we can add them to our new database. To start the update process call us now on our service number : +1(818) 824 4009 Sorry for any inconvenience this may cause! Sincerely,Jenny LaudadioMarketing director, United Heritage Credit Union. ---------------------------------------------------------------------------------- --Scanned by BBS MessageAngel for viruses and unwanted content.Powered by emailsystems. Visit www.bbs.eu.com/messageangel

--
"The trouble with computers, of course, is that they are very sophisticated idiots." - Doctor Who (from Robot)

Re: [Phish] Telephone phishing thread

Tue, 14 Oct 2008 21:07:26 EDT

Doctor Four posted : Two more from ANB Texas, with a different phone number:

  Return-Path:     Authentication-Results: mta244.mail.re2.yahoo.com from=anbtx.com; domainkeys=neutral (no sig)Received: from 216.126.204.132 (EHLO mail.acninc.net) (216.126.204.132) by mta244.mail.re2.yahoo.com with SMTP; Tue, 14 Oct 2008 15:02:07 -0700Received: from User [208.69.57.85] by mail.acninc.net with ESMTP (SMTPD32-8.15) id A4F9581009C; Tue, 14 Oct 2008 14:45:45 -0600Reply-To: From: "American National Bank of Texas"   Subject: Important Member Service Information !Date: Tue, 14 Oct 2008 16:45:43 -0400MIME-Version: 1.0Content-Type: text/plain; charset="Windows-1251"Content-Transfer-Encoding: 7bitMessage-Id: <200810141445360.SM01716@User>Content-Length: 688 Dear Customer, In our terms and contidions you have agreed to state that youraccount must always be under your control or those you designateat all times. We have noticed some activity related to your account thatindicates that order parties may have tried gaining access or control of yourinformation in your account. Therefore, to prevent unauthorized access to your American National Bank of TexasInternet Banking account,you are limited to five failed login attempts ina 24-hour period. You have exceeded this number of attempts.* To reactivate your debit card , please call: +1(804-684-8586) Copyright © 2008 American National Bank of Texas. All Rights Reserved.

Second message has the same phone number and message body,
but different headers:

 Return-Path:     Authentication-Results: mta119.mail.re1.yahoo.com from=anbtx.com; domainkeys=neutral (no sig)Received: from 67.58.160.20 (HELO mail.zitomedia.net) (67.58.160.20) by mta119.mail.re1.yahoo.com with SMTP; Tue, 14 Oct 2008 15:24:52 -0700Received: (qmail 24961 invoked from network); 14 Oct 2008 22:24:51 -0000Received: from unknown (HELO User) (lucas@68.191.184.90) by mail.zitomedia.com with SMTP; Tue, 14 Oct 2008 18:24:51 -0400Reply-To: From: "American National Bank of Texas"   Subject: Important Member Service Information !Date: Tue, 14 Oct 2008 17:24:51 -0500MIME-Version: 1.0Content-Type: text/plain; charset="Windows-1251"Content-Transfer-Encoding: 7bitContent-Length: 667

--
"The trouble with computers, of course, is that they are very sophisticated idiots." - Doctor Who (from Robot)

Re: [Phish] Telephone phishing thread

Tue, 14 Oct 2008 17:31:47 EDT

Doctor Four posted : American National Bank Of Texas:

  Return-Path:     Authentication-Results: mta230.mail.re4.yahoo.com from=anbtx.com; domainkeys=neutral (no sig)Received: from 67.79.177.26 (EHLO wsrv1.wiringtech.local) (67.79.177.26) by mta230.mail.re4.yahoo.com with SMTP; Tue, 14 Oct 2008 04:10:11 -0700Received: from User ([68.191.184.90]) by wsrv1.wiringtech.local with Microsoft SMTPSVC(6.0.3790.3959); Tue, 14 Oct 2008 07:04:42 -0400Reply-To: From: "American National Bank of Texas"   Subject: Important NotificationDate: Tue, 14 Oct 2008 06:06:31 -0500MIME-Version: 1.0Content-Type: text/plain; charset="Windows-1251"Content-Transfer-Encoding: 7bitBcc: Return-Path: memberservice@anbtx.comMessage-ID: Content-Length: 670 In our terms and contidions you have agreed to state that youraccount must always be under your control or those you designateat all times. We have noticed some activity related to your account thatindicates that order parties may have tried gaining access or control of yourinformation in your account. Therefore, to prevent unauthorized access to your American National Bank of TexasInternet Banking account,you are limited to five failed login attempts ina 24-hour period. You have exceeded this number of attempts.* To reactivate your debit card , please call: +1(805-617-4170) Copyright © 2008  American National Bank of Texas. All rights reserved.

--
"The trouble with computers, of course, is that they are very sophisticated idiots." - Doctor Who (from Robot)

Re: [Phish] Telephone phishing thread

Mon, 06 Oct 2008 15:41:31 EDT

Lizz posted :

From Merchants National Bank Mon Oct 6 11:00:37 2008Return-Path: Authentication-Results: mta102.sbc.mail.mud.yahoo.com from=merchantsnat.com; domainkeys=neutral (no sig)Received: from 72.242.21.146 (EHLO flpi119.prodigy.net) (207.115.20.159) by mta102.sbc.mail.mud.yahoo.com with SMTP; Mon, 06 Oct 2008 11:13:20 -0700Received: from russellmassey.com (server.russellmassey.com [72.242.21.146]) by flpi119.prodigy.net (8.13.8 inb regex/8.13.8) with ESMTP id m96IDFL3030348 for ; Mon, 6 Oct 2008 11:13:19 -0700Received: from User ([68.213.58.58]) by russellmassey.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 6 Oct 2008 14:00:37 -0400From: "Merchants National Bank"  Add sender to ContactsSubject: MNB - Fraud AlertDate: Mon, 6 Oct 2008 13:00:37 -0500MIME-Version: 1.0Content-Type: text/html; charset="Windows-1251"Content-Transfer-Encoding: 7bitBcc: Message-ID: Content-Length: 876Compact Headers ADVISORY: Some members and non-members of Merchants National Bank have received fraudulent emails. This email was NOT issued by Merchants National Bank, and should be deleted. Do not follow the instructions in the email. Do not click the link. For security reasons we have deactivated your debit card. Please contact us at (888) 425-2294 to activate your debit card.

Salin Bank

Wed, 24 Sep 2008 21:28:53 EDT

nwrickert posted : The Salin Bank phish #31431 is really a voice/telephone vish for 1-800-681-2713.
--
AT&T dsl; Westell 327w modem/router; openSuSE 11.0; firefox 3.0.1

Farmers State Bank

Tue, 09 Sep 2008 18:08:45 EDT

nwrickert posted : Submitted phish #31133 is really a voice/telephone vish for phone number (888) 687-5642.
--
AT&T dsl; Westell 327w modem/router; openSuSE 11.0; firefox 3.0.1

Re: [Phish] Telephone phishing thread

Sat, 16 Aug 2008 18:31:16 EDT

nwrickert posted : Not a problem.

This thread is mainly for reporting specific instances. So discussing the phenomenon in a different thread is fine.

I'll add a link to your other thread:
»Criminals have now gone 'vishing'
--
AT&T dsl; Westell 327w modem/router; openSuSE 11.0; firefox 3.0.1