|
E-Mail Hoaxes
and Scams
The latest E-mail virus threat:
Many of you have emailed or called to find out why we
are sending out e-mails regarding your online email
accounts, the simple fact is it is not coming from us it
is the result of the latest email virus W32.Mytob.
This is a virus that is attached to an email with one of
the following subject lines:
SUBJECT:
-
Your password has been updated
-
Your password has been successfully updated
-
You have successfully updated your password
-
Your new account password is approved
-
Your Account is Suspended
-
*DETECTED* Online User Violation
-
Your Account is Suspended For Security Reasons
-
Warning Message: Your services near to be closed.
-
Important Notification
-
Members Support
-
Security measures
-
Email Account Suspension
-
Notice of account limitation
ˇ
Note: [DOMAIN] is the domain part
of the recipient's email address, [USER NAME] is the
username part of the recipient's email address, [SPOOFED
EMAIL] is a spoofed email address on the same domain,
and [EMAIL] is the recipient's email address.
The body of the message then
contains:
ˇ
Dear user [USER NAME],
You have successfully updated the password of your
[DOMAIN] account. If you did not authorize this change
or if you need assistance with your
account, please contact [DOMAIN] customer service
at: [SPOOFED EMAIL]
Thank you for using [DOMAIN]!
The [DOMAIN] Support Team
+++ Attachment: No Virus (Clean)
+++ [DOMAIN] Antivirus - www.[FULL DOMAIN]
ˇ
Dear user [USER NAME],
It has come to our attention that your [DOMAIN] User
Profile ( x ) records are out of date. For further
details see the attached document.
Thank you for using [DOMAIN]!
The [DOMAIN] Support Team
+++ Attachment: No Virus (Clean)
+++ [DOMAIN] Antivirus - www.[FULL DOMAIN]
ˇ
Dear [DOMAIN] Member,
We have temporarily suspended your email account
[EMAIL].
This might be due to either of the following
reasons:
1. A recent change in your personal information
(i.e. change of address).
2. Submitting invalid information during the initial
sign up process.
3. An inability to accurately verify your selected
option of subscription due to an internal error within
our processors.
See the details to reactivate your [DOMAIN] account.
Sincerely, The [DOMAIN] Support Team
+++ Attachment: No Virus (Clean)
+++ [DOMAIN] Antivirus - www.[FULL DOMAIN]
ˇ
Dear [DOMAIN] Member,
Your e-mail account was used to send a huge amount of
unsolicited spam messages during the recent week. If you
could please take 5-10 minutes
out of your online experience and confirm the attached
document so you will not run into any future problems
with the online service.
If you choose to ignore our request, you leave us no
choice but to cancel your membership.
Virtually yours,
The [DOMAIN] Support Team
+++ Attachment: No Virus found
+++ [DOMAIN] Antivirus - www.[FULL DOMAIN]
The user is instructed to open the
attached document:
-
updated-password
-
email-password
-
new-password
-
password
-
approved-password
-
account-password
-
accepted-password
-
important-details
-
account-details
-
email-details
-
account-info
-
document
-
readme
-
account-report
with
one of the following extensions:
Results:
If the user then opens the attachment their machine is
infected with the virus and the process begins again. On
infection the virus attempts to disable security related
programs and virus detection systems. It will also
attempt to disable any firewall software running on the
system.
Our
Policy:
It is our policy at both Tomorrow River
and CWWIS will not send out unsolicited emails regarding
customer accounts. Password changes and account problems
are handled through direct customer contact either by
telephone or standard mail.
Identity Theft: "Phishing"
Many of us
have seen the emails from US Bank, Microsoft, Pay Pal
and even E-Bay that request our personal information
concerning account information Credit Card numbers and
even PIN numbers. If you should receive any of these
emails do not send the information
none of the companies listed send direct mails
requesting this type of information. Changes to your
account information must be initiated by you by going to
the site logging in to an existing account and making
the changes.
Here is an
example of how good they are getting at this:
Dear eBayŠ Sellers And
Buyers.
We were unable to process
your billing information. Did you recently change your
bank, address or credit card?
To ensure that your service is not interrupted, please
update your billing information today by clicking here.
If you have recently updated your billing information in
last week, please disregard this message as we are
processing the changes you have made.
Once you have updated your
account records, your eBay session will not be
interrupted and will continue as normal.
Failure to update will result in cancellation of
service, Terms of Service (TOS) violations or future
billing problems.
Please click here to update your billing records.
They want you to click on this
link:
http://billing.eBay.com
Which really
goes to:
http://64.177.165.201/docs/upgrades/www.eBay.com/eBay
Company/ssl~security~Customer~Services/2005eBayupdatefraudsecurity
serversystemjavasecureserver/ebay_ssl_check_secure_ssl_server_non-restricted_activations_contine_verify_admin_security_ebay_SSLSECUREDVerifyuser.htm
Which even
though it looks very official has nothing to do
with E-Bay! It then continues:
P.S. If your account
information is not updated within 48 hours then your
ability to sell or bid on eBay will be restricted.
Thank you for your time.
John Judy,
Members Service Team
Do not release any of this
information without being sure of the source of the
email if in doubt call the company and confirm the
request.
Copyright 2004 Inc. All Rights Reserved.
Designated trademarks and brands are the property of
their respective owners.
and the logo are trademarks of Inc
Site Map
HOME |
FAQ | Site Testing
Support |
Downloads
Contact Us
|
