Email Spoofing: (Posted February 2009)
The residents of Nahant should be aware of an increase in attempts to gain access to their personal identity information and or financial institutional account information. These attempts are being perpetrated using the internet and email systems. This type of scam is not new, but is becoming more frequent due to the affordability of computers and their additions into more households.
The terms applied to these scams are “Email Spoofing” or “IP Spoofing” where a pirated, copied, or forged email header logo is attached to an email, so that the message appears to have originated from popular commercial related web sites such as Visa, Master Card, Discover Card, eBay, America Online, and PayPal - cited as only a few examples.
The potential victims are advised that it is possible their account information has been compromised, or that several attempts have been made by off shore internet addressed to access the victim’s accounts.
The recipient will then be directed to click on an enclosed link located within the email.
If this link is accessed the potential victim of fraud will be transported to a web site in order to ‘update’ their account information for “security reasons”. These sites will look exactly like the legitimate web sites they profess to be.
Once a victim enters his / her user account or personal information into one of these ‘spoofed’ sites, the information is quickly used to open fraudulent credit card or bank accounts to commit fraud by identity theft or to drain money from the accounts.
In the case of on-line auctions, accounts may be hijacked and passwords changed. The fraudulent user can then offer for sale high end items such as electronic or computer equipment. Unsuspecting buyers bidding on the items will make the payments, but never receive the equipment, opening up the legitimate owner of the auction account to face the initial fraud related charges.
Most victim’s of this scam do not know that they are victim’s until much later, after receiving a credit card bill having never opened an account, or after receiving their bank statement listing charges the victim did not make.
In recent days several Nahant residents have reported to the Nahant Police Department that they received these ‘spoofed’ emails.
Here are two example of these emails:
“Dear U.S. Bank account holder,
We recently reviewed your account, and suspect that your U.S. Bank Internet Banking account may have been accessed by an unauthorized third party. Protecting the security of your account and of the U.S. Bank network is our primary concern. Therefore, as a preventative measure, we have temporarily limited access to sensitive account features.
To restore your account access, please take the following steps to ensure that your account has not been compromised:
1. Login to your U.S. Bank Internet Banking account. In case you are not enrolled for Internet Banking, you will have to use your Social Security Number as both your Personal ID and Password.
2. Review your recent account history for any unauthorized withdrawals or deposits, and check your account provirtual to make sure not changes have been made. If any unauthorized activity has taken place on your account, report this to U.S. Bank staff immediately.
To get started, please click the link below:
We apologize for any inconvenience this may cause, and appreciate your assistance in helping us maintain the integrity of the entire U.S. Bank system. Thank you for your prompt attention to this matter.
The U.S. Bank Team
Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your U.S. Bank account and choose the "Help" link in the header of any page.”
“Recently there have been a large number of identity theft attempts targeting Citibank customers. In order to safeguard your account, we require that you update your Citibank ATM/Debit card PIN.
This update is requested of you as a precautionary measure against fraud. Please not that we have no particular indications that your details have been compromised in any way.
This process is mandatory, and if not completed within the nearest time your account may be subjected to temporary suspension.
Please make sure you have your Citibank ATM/Debit card and recent statement at hand.
To securely update your Citibank ATM/Debit card PIN please go to:
Please note that this update applies to your Citibank ATM/Debit card - which is linked directly to your checking account, not Citibank credit cards.
Thank you for your prompt attention to this matter and thank you for using Citibank!
Head of Citi Identity Theft Solutions
Do not reply to this email as it is an unmonitored alias.”
Notice that some of the wording in the emails is slightly off. Some of these scams have originated in countries outside of the United States.
In most cases anyone receiving an email like this will ignore the message and delete the email. Please be very careful about answering emails. Never provide personal information or personal account information to anyone unless you initiated the correspondence or transaction.