MyCRA Specialist Credit Repair Lawyers

Tag: phishing emails

  • Westpac customers warned: don’t be fooled by scam emails

    phishing emailBE CAUTIOUS WITH EMAILS FROM BANKS –EVEN YOURS. You may have received a “Security Upgrade” email from Westpac recently. If you are a Westpac customer, you may have read this email. You may have even taken it seriously… We want to warn you, this email is a scam! We describe what this email looks like, what it’s designed to do, and what you need to do if you come across it. If you are not a Westpac customer, this may still be extremely important for you, as these types of emails are targeting you in different forms every day and can impact not only your bank accounts, but also your personal and financial identity.

     

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repair and www.fixmybadcredit.com.au.

    On Tuesday the Government’s ‘Stay Smart Online’ website sent out an alert about a very fishy phishing email targeting Westpac Bank customers. The SSO alert is below:

     

    Westpac customers targeted again by phishing emails

    28 May 2013

    Email warns of security upgrade, but links to fake banking site

    On 23 May 2013, antivirus vendor AVG issued a warning about the circulation of fake security notification emails pretending to originate from Westpac.

    Like similar fake emails that have targeted Westpac, this example claims to be addressing security concerns over a “recent spate of fraud and identity theft”. It advises that a security upgrade is being undertaken and will be effective once customers login to their account.

    The email includes a number of tell-tale errors that suggest it is a fake. In the image below, AVG has provided an overview of the errors which can help to identify it as a scam.

    AVG Westpac phishing email

    Image credit: AVG

    The fake banking website linked from this email looks similar to Westpac’s current online banking logon page.

    Don’t be fooled. This page is set up explicitly to capture your banking details.

    Westpac phishing email

     [fusion_builder_container hundred_percent=”yes” overflow=”visible”][fusion_builder_row][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][Image: SSO]

    Avoid phishing emails

    Always be suspicious of unsolicited emails.

    Do not click links or open attachments. The best advice is to simply delete the email.

    If you are uncertain about an email you can always cross check the information by going independently to the company’s website or by calling the company directly.

    Westpac hosts a list of examples of ghost sites/fake sites that mimic its online banking page.

    Many reputable websites will specify how they will communicate with you on their website. Anything outside of this is suspicious. Westpac provides useful information about security on its website.

     

    The ins and outs of phishing scams

    Phishing scams are generally emails or text messages like the Westpac email, which impersonate genuine companies in the hope of tricking victims into giving out their personal and financial information.

    The aim of phishing is to steal information like bank and credit account numbers, passwords, and other crucial data.

    The ACCC’s Scamwatch website warns about phishing emails also. It warns they are not easily distinguishable from genuine corporate communication:

    “Phishing emails often look genuine and use what look to be genuine internet addresses—in fact, they often copy an institution’s logo and message format, which is very easy to do. It is also common for phishing messages to contain links to websites that are convincing fakes of real companies’ home pages.

    The website that the scammer’s email links to will have an address (URL) that is similar to but not the same as a real bank’s or financial institution’s site. For example, if the genuine site is at ‘www.realbank.com.au’, the scammer may use an address like ‘www.realbank.com.au.log107.biz’ or ‘www.phoneybank.com/realbank.com.au/login’.”

    The ramifications of falling for a phishing scam

    Clicking on links in phishing scams can mean your banking details are captured by fraudsters and can be accessed in order to drain your bank accounts. But in addition to this, just the simple act of clicking on the link can put you in danger. Many phishing emails are also designed to infect computers through virus-containing links in the emails.

    This could mean that you could download a Trojan or similar virus designed to steal your financial information – and you may have no idea its happening.

    This could be dangerous for your credit file. Because while you are carrying out your normal online transactions, the Malware that you have installed could be tracking passwords, financial details and personal details about you. This could be used by a clever and determined cyber-crook in order to build a fake identity in your name.

    Suddenly credit could be accessed in your name, and you probably won’t know about it until you apply for credit yourself and are refused. This presents real problems for fixing your credit rating, because what we know about removing unfair or inaccurate listings from your credit file is that you must provide evidence and proof that you didn’t initiate the credit. This can be difficult to do when you have no idea how the theft of your information occurred. It can be a nightmare for victims.

    So don’t get hooked by a phishing scam. If you receive an email that looks legitimate – go independently to the Bank or other company’s website to verify it. Or use the official Bank phone number (not the phone number presented on the email) to call the bank directly to verify the email is legitimate.

    Top image: David Castillo Dominici/ www.FreeDigitalPhotos.net

     [/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]

  • Personal information…the gateway to identity theft

    Hackers access databases searching for personal information that can be extracted and misused or traded to fraudsters for purposes of identity theft. We look at how your identity and ultimately your clean credit file can be put at risk. By GRAHAM DOESSEL.

    It’s Saturday night in Las Vegas. Thousands of pairs of shoes sit neatly in boxes on warehouse shelves in the dark. The store’s customers and staff are at home enjoying their evening. In the credit information office, the lights are off, the filing has been done. But in the dark, thousands of the store’s computers are being remotely accessed by hackers.

    The personal information of the shoe store’s customers is likely being transferred. It is likely this information will now be sold on the black market to fraudsters. This information could now be used to further attack those unsuspecting customers. Those customers could now be a target for identity theft and receive phishing emails in order to get further information from victims, including the credit card number.

    This may have been how the saga transpired for shoe company, Zappo.com on the weekend. In a story from the Sydney Morning Herald this morning it was reported that on Sunday Amazon.com owned shoe retailer Zappos.com announced it was hacked. Hackers broke into the credit card database. Up to 24 million of its customers’ personal information may have been accessed. The company said customers’ credit card information was not stolen, but names, phone numbers, email addresses, billing and shipping addresses, along with the last four digits from credit cards and more may have been accessed in the attack.

    Here is an excerpt from that story, titled ‘Zappo’s customers details walk out the door’:

    It is not yet known how hackers gained access to the database or if a zero day exploit was used, but a security expert said it is likely customer data will now be sold in the cyber underground.

    Robert Siciliano, a McAfee consultant and identity theft expert, told Mashable he expects whoever hacked Zappos’s site to now sell the data to people who run phishing scams.

    “They’ll sell it 10,000 accounts at a time, short money, like $100,” he said adding there is enough information for a hacker to approach affected users as either Zappos or the credit card company and then ask them for more data — the classic phishing scam — which might be supplemented with a voicemail “vishing” attack as well, Mashable reported.

    Zappos said it was contacting customers by email and urging them to change their passwords.

    Las Vegas-based Zappos said the hackers gained access to its internal network and systems through one of the company’s servers in Kentucky.

    And in the news last week, we get an insight in to the type of crime ring that hackers may sell this information to. AFP report titled ’50 held in Puerto-Rico based identity ring’.

    The U.S. Justice Department announced late last week it has charged 50 people with conspiracy in a scheme to acquire personal identification information on US citizens in Puerto Rico and then sell it through fraudulent documents.

    Typically, the documents consisted of forged Social Security cards and birth certificates. They were sold for prices ranging between $700 and $2,500.
    The documents were sold from April 2009 until December 2011 to buyers throughout the United States.

    “The alleged conspiracy stretched across the United States and Puerto Rico, using suppliers, identity brokers and mail and money runners to fill and deliver orders for the personal identifying information and government-issued identity documents of Puerto Rican US citizens,” said Assistant Attorney General Lanny Breuer in a statement.
    The indictment alleges that identity brokers ordered the forged documents for their customers from Puerto Rican suppliers by making coded telephone calls.
    They would refer to “shirts,” “uniforms” or “clothes” as codes for various kinds of identity documents.
    “Skirts” meant female customers and “pants” meant male customers who needed documents in various “sizes,” which referred to the ages of the identities sought by the customers.

    Payment was made through money transfers while the documents were sent by mail.

    Some of the persons receiving the forged documents used them to obtain drivers licenses, US passports and visas, the Justice Department reported. Others are accused of using the documents to commit financial fraud.

    Sure this crime went on in the U.S. but it couldn’t happen here – could it?

    Well, to begin with – how many Australians have credit card details registered with Amazon, for example? We might live on an island, but U.S. crime can always reach our shores via the internet. Just look at the Sony PlayStation saga as a specific incident of how our details are not immune to theft on overseas shores.

    With identity theft being the fastest growing crime in Australia – it seems criminals here will be hot on the heels of the U.S. with newer, better, more sophisticated ways to get something for nothing.

    Interestingly, many hacks are actually not instigated to commit identity theft, but are statements to different industry bodies. For example the recent Robin Hood-style hacking of Texas security analysis company, Stratfor on Christmas Eve. Hackers obtained thousands of credit card numbers and other personal information from the firm’s clients and started making payments to several charities.

    “The assault was believed to have been orchestrated by a branch of the loosely affiliated hacker group called Anti-Sec and appeared to be inspired by anger at the imprisonment of Bradley Manning, the US army private accused of leaking US government files to WikiLeaks. An online statement from the group said the attack would stop if Manning was given ”a holiday feast … at a fancy restaurant of his choosing”,” the Brisbane Times reports.

    MP Malcolm Turnball and billionare businessman David Smorgon were amongst the victims who had relatively small amounts extracted from their credit card and donated to charities such as Save the Children, Red Cross and CARE.

    But for those hackers whose main aim is to extract details from databases and onsell them to fraudsters – we should all be very wary. And unfortunately, there is always that element of doubt about the security of our personal information in company databases.

    A leading fraud expert made this suggestion for online credit card use:

    In a story the Courier Mail featured in October last year, titled ‘Queensland Police Fraud chief Brian Hay calls for banks to bring in credit cards that can only be used in Australia to stop cyber-crime’, Det. Supt. Hay made some valid suggestions about how Australians can protect themselves from this type of fraud. One included for shoppers to have a credit card specifically for online purchases with a small credit limit. This is good advice to follow to prevent having large amounts extracted from credit cards if the companies with those details are ever hacked.

    Unfortuanately, it doesn’t stop identity thieves ‘phishing’ for further information on their victim for purposes of full-blown identity theft.

    If credit is taken out by fraudsters in the victim’s name, they can end up with defaults on their credit file – and this is not easy to recover from. First the victim has to prove they didn’t initiate the credit themselves. This would require documentary evidence and Police reports. But the identity theft victim would be virtually banned from obtaining credit until they are able to wade through the mess that has been created for them on their credit report, and clear their good name.
    For help with credit repair following identity theft, contact MyCRA Credit Repairs on 1300 667 218 or visit our main website www.mycra.com.au.

    Image: Danilo Rizzuti / FreeDigitalphotos.net