Top

Phishing in eMail

October 3, 2007

Here’s my latest phishing email I got today. It supposedly came from ‘Technical support <accounts@citizensbank.com>’. This one isn’t really very sophisticated. It was sent to my personal email address that only friends and family are supposed to have. That was the worst part. I’ve tried to keep that address ‘secret’.

My mail program correctly identified it as a phish but I would have known because the subject line was, "Protect your Citizens Bank online account". I don’t have a Citizens Bank account. And, I got the email two days after the date my account needed to be ‘updated’. Maybe that was supposed to make me think I missed something and had better hurry up.

Here’s what it said – I disabled the link.

————————————————————————

CAUTION: On October 1, we will be moving to a new Internet Banking system.

You will need to print any previous records (statements, cancelled checks, Bill Pay information, etc.) you wish to retain since they will not move to the new service.

Your Internet Banking access will resume on Monday, October 1.

Previous merger with Signature Bank’s parent company, Money Manager GPS, Completed on March 1, 2007.

Payments with a scheduled payment date of October 1 or before will be processed and should not be resubmitted.

Any payment scheduled for payment after October 1 will not be processed and other payment arrangements should be made.

If you previously had e-bills or payees setup with Bill Pay, Wire, Ach, etc., you will need to re-apply for the service, and re-enter the bill payment information on the new system starting October 1.

If you have any questions about your Internet Banking service or our merger, please feel free to call us at 1-888-9797-7711. All information you provide to us on our web site is encrypted to ensure your privacy and security.

Beginning on October 1, you can access the new Citizens Internet Banking system by clicking here:

https://www.citizensbankmoneymanagergps.com/

Sincerely,
Citizens Bank Online Billing Services Team

© 2007 Citizens Bank Online, Inc. All Rights Reserved

————————————————————————–

That link looks safe enough – and it even has the ‘https’ at the beginning indicating it’s a secure site. So you may just go ahead and click without thinking.

Whoa – slow down, Sparky….

One of the the tip-offs to look for in a phishing email is to see if the link shown in the email actually is the same as the destination. When I held my mouse cursor over that link, the address bar at the bottom of my email program showed this address: securelogin-63815387.moneymanagergps.com.fgs45.com/login.htm.  At a quick glance you see it starts with ‘securelogin’ and you see ‘moneymanagergps.com’. It wants you to login right off the bat. If you do, you just gave up your username and password to your bank account.

That link is actually is taking you to a domain named ‘fgs45.com’ not ‘citizensbank.com’. All that stuff in in the address is just there to try to fool you into taking their bait. The link was created with a bit of script that showed one thing but led to another. If you google that domain name, you’ll see that it’s been identified as a phishing site.

Another thing to look for are misspelled words. I think someone writing from a bank  would know how to spell ‘canceled’. However, look in the second sentence – it’s misspelled as ‘cancelled’. What about that phone number – 1-888-9797-7711. It’s got an extra number in it. There are a few other boo-boo’s that should have been edited. Real corporations carefully edit and proofread anything they send.

This phishing email wasn’t one of the better ones out there. It didn’t have any official looking graphics or layout. It did have a gray background and was written in big letters – I guess to impress me. There are some very well-done phishes out there that look quite authentic – even the website the links take you to look like the real thing.

So here’s the Phishing Rule #1 – Never click on a link in an email. Especially if it is asking you to go to a site to provide secure or personal information. Type an address directly in the address bar on your browser if you think you need to go there.

I don’t know what’s at the domain the link tried to send me to and I’m not going to go there to see – I don’t recommend you go there either. It’s obviously a website run by crooks.

Comments

3 Responses to “Phishing in eMail”

  1. The Identity 'Protector' on October 4th, 2007 3:28 pm

    These guys don’t give up easy. I got a second email from the same outfit the day after I wrote this post. This time they’re trying to send me to a website named ‘kvr46.com’. They made a slight change in the subject line and the sender’s address – it’s from the very official looking ‘Bank Administration’.

    They also fancied-up the copyright notice in the footer of the email. They still can’t spell.

    I wonder if I’ll be getting mail from them every day?

  2. barry on September 8th, 2010 10:41 pm

    how can i send these idiots a good ass cussing email in return for fun. i want to get revenge badly you got any good safe ways to let them get a real email from some one who would kick there ass if i had them in front of me?

  3. The Identity 'Protector' on September 9th, 2010 8:16 am

    I feel your frustration. Years ago, it seems like I read about a group of guys who pulled a reverse scam on a spammer but it’s really hard to pull off.

    There’s been a surge lately in email accounts being hacked and messages that look like they’re from a friend or family member being sent out requesting money because the person has been robbed and stranded overseas. Poor English is generally a tip-off besides the fact that if you knew someone well enough to wire money, you’d probably also know they weren’t overseas!

    I generally just mark messages like this as spam and don’t open them. It’s part of living in the 21st century with the internet.

Got something to say?





Bottom