Remember that Facebook phishing email? There’s a MySpace version, too.

We all knew it was coming. Below is the full text:

From: Manager Stephan Goldman
To: [incorrect email address] 
Date: Thursday, January 07, 2010 9:02:10 AM 
Subject: MySpace Password Reset Confirmation!

Hey [incorrect username] ,

Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.

Thanks,
Your MySpace.

Attached was a file called “MySpace_document_49792.zip” that recipients would be advised to not touch with a thirty-nine-and-a-half-foot pole. Whatever’s in that ZIP file, you don’t want it. Trust me on this.

Once again, social networking sites are never going to email you a new password, and in general aren’t going to email you files at all.

Who the heck is “Manager Stephan Goldman?”

Anyway, delete this garbage if you receive it, okay?

Western Union phishing email: “Your Money Transfer Control Number: 590575482”

Here is the full text of an email message I received Wednesday morning:

From: westernunionresponse@mail.westernunion.com
To: [as usual, not my address] 
Sent: Wednesday, January 06, 2010 9:26 AM
Subject: Your Money Transfer Control Number: 590575482

Dear customer,

Thank you for using the Western Union Money Transfer®.

Your money transfer has been authorized and is now available for pick up by the receiver.

Transfers to certain destinations may be subject to further delay or additional restrictions.

TRANSACTION DETAILS:

Your Money Transfer Control Number [MTCN] is: 590575482

Please use this number for any inquiries.

Date of Order: Wed, 6 Jan 2010 16:26:48 +0100
Amount Sent: $94.50

You can cancel this transfer by using the hyperlink below:

http://wumt.westernunion.com/WUCOMWEB/transactions/HomePage/cancel.php?session=&mtcn=590575482&summ=94.50&date=Wed, 6 Jan 2010 16:26:48 +0100

Thank you for using Western Union!

————————————————————————–
DO NOT REPLY TO THIS EMAIL.

I knew right away this was a phishing email. If I didn’t have these articles to write, I would have deleted it without even looking at the message itself.

Usually, when we think of “phishing,” the first thing that comes to mind is an urgent message that appears to be from a financial institution, instructing us to visit a website and log in to “verify” our account information. This results in revealing personal and account information to someone who will use it for theft (financial, identity or both).

This is a different tactic: make the recipient think a withdrawal is about to be made from their account, and hope they panic and click the link to cancel the transaction.

There is a distinct advantage to this method: when you send a message that claims to come from a financial institution, you usually have to pick one, which limits your potential victims.

For example, if you send out a million messages that look like they came from Chase or HSBC, 90% of your potential victims don’t have accounts at the institution you picked. They recognize it as phishing right away (and will likely recognize your next attempt as such, even if you happen to pick an institution they have a relationship with).

With this Western Union attempt (and its direct ancestor, the PayPal Phishing Email), they take advantage of the fact that anyone can use Western Union. You don’t have to have an account with any particular institution to wire money this way.

Now, I’ve never used Western Union. In fact, at my previous job as a bank teller several years ago (!), I completely weaseled my way out of learning how to use their new Western Union machine, because it arrived during my last two weeks on the job and I didn’t feel like getting into it. Yes, I told them that.

However, a quick look at their website tells me you can wire money online, and I’d be willing to bet that the text of this phishing email is directly taken from a legitimate Western Union message. In fact, the text of the message uses a real website (wumt.westernunion.com).

The thing is, if you look at where the link actually takes you (it’s not the same as the text in the message), it’s a website hosted at “wumt.westernunion.com.yhe3essr.com.pl.” This is a classic phishing-style URL. Like I said, I’ve never used Western Union, and I don’t know much about them. However, I know this much: they’re not based out of Poland (.pl).

I wonder what happens if you follow that link—does it try to steal personal information, or does it install malicious software (or both)? I sort of wish I had a junk computer to try it out on. I’d probably just enter rude words in all the “name” and “address” fields.

I’m sure this message has been received by thousands of people already. It’s trickier than the usual “verify your information” attempt, and I’m sure the success rate will be much higher, unfortunately.

As usual, though, there are lots of telltale signs that something isn’t quite right. When you get these messages, just take a moment to relax and think about it, and you’ll be fine.

New phishing attempt: this one is just sort of pathetic.

I had two really sad phishing attempts in my inbox this morning, but just in case somebody out there isn’t sure, let me state this very clearly: these are fraudulent messages, and the only correct response is to delete them immediately.

Here is the full text of the first one:

From: Federal Credit Bureau
To: [not my email address]
Sent: Wednesday, December 23, 2009 10:00 AM
Subject: Your Credit Score has been decreased.

Your Credit Score has been decreased. You need to download your credit history file from Federal Credit Bureau website and carefully review it. Use your personal hyperlink.

==========================================
Federal Credit Bureau

And here’s attempt number two:

From: Federal Credit Bureau
To: [not my address again]
Sent: Wednesday, December 23, 2009 9:26 AM
Subject: You have some wrong items in your Credit Report.

You have some wrong items in your Credit Report. You need to download your credit history file from Federal Credit Bureau website and carefully review it. Use your personal hyperlink.

——————————————————————–
Federal Credit Bureau

In both cases, the word “hyperlink” contained a link to a website hosted at a “.co.uk” address.

The thing is, I know they’ll hook a few people with these messages, so let’s take a closer look.

For one thing, no federal entity is going to contact you via email, ever. Right away, you know this is a phishing attempt.

For another thing, federal entities (at least here in the U.S.) use a “.gov” domain. The “reply to” addresses for these were “information@fedcb.org” and files@fedcb.org.” That “.org” is a dead giveaway.

Finally, as stated above, the links contained in the messages took you to a “.co.uk” domain. For those of you who don’t know, that means a website hosted in the United Kingdom. The U.S. government doesn’t host its websites on overseas networks.

Of course, if you’re living in the U.K., this address might not immediately strike you as odd; but still, aren’t the British government’s websites hosted on “.gov.uk” domains, not commercial “.co.uk” sites?

As always, if you’ve received this message or anything similar, just delete it. That link takes you somewhere you do not want to visit, I guarantee it.

Fraud/Malware Alert: Intelligence Bulletin No. 267

Here is some text from a fraudulent email that’s been popping up lately:

INTELLIGENCE BULLETIN No. 267
Title: New Patterns in Al-Qaeda Financing
Date: August 15, 2009
THREAT LEVEL: YELLOW (ELEVATED)

THE INTELLIGENCE BULLETIN PROVIDES LAW ENFORCEMENT AND OTHER PUBLIC SAFETOFFICIALS WITH SITUATIONAL AWARENESS CONCERNING INTERNATIONAL AND DOMESIC TERRORIST GROUPS AND TACTICS.

HANDLING NOTICE: Recipients are reminded that FBI Intelligence Bulletins =ontain sensitive terrorism and counterterrorism information meant for us= primarily within the law enforcement community. Such bulletins are not =o be released either in written or oral form to the media, the general p=blic, or other personnel who do not have a valid ?eed-to-know?with=ut prior approval from an authorized FBI official, as such release could jeopardize national security

All the spelling errors and odd characters are exactly as they appear in the message.

Do I even need to tell you this one is fraudulent?

If so, it is.

Furthermore, the message often contains a file named “bulletin.exe.” If you open this file, it will install malicious software on your computer, which can lead to serious problems (like fraud and identity theft).

The FBI does not email official reports, nor does it send unsolicited email messages. If a document is confidential, they’re going to keep it that way.

Whenever you get an email message you weren’t expecting, from someone you don’t know, use extreme caution when dealing with it. My advice is to not even open unsolicited messages, and delete them right away. However, at the very least, never click on links or open attachments in emails unless you already know what the file (or link) is, why it’s being sent to you, and who sent it.

Fraud Alert: The Internet Crime Complaint Center (IC3) warns of new fraudulent email

United States Attorney General Eric Holder’s name is being used in a new fraudulent email currently making the rounds. Below is an excerpt from the IC3 Intelligence Note:

The current spam alleges that the Department of Homeland Security and the Federal Bureau of Investigation were informed the e-mail recipient is allegedly involved in money laundering and terrorist-related activities. To avoid legal prosecution, the recipient must obtain a certificate from the Economic Financial Crimes Commission (EFCC) Chairman at a cost of $370. The spam provides the name of the EFCC Chairman and an e-mail address from which the recipient can obtain the required certificate.

The full text of the Note further explains that the government does not use email to contact people in this way. I would also add that the FBI and the DHS are not going to let people suspected of terrorism or money laundering buy their way out of trouble for $370.