Zyra
Front Page
//// Internet //// Banks //// Finance //// Scams //// e-mails //// Crime-fighting
links
and anti-virus measures //// site
index
Bank Hoaxes by email
Part of the Rogues Gallery of Suspicious e-mails. Let's expose these ridiculous scam messages and warn people to avoid being caught out by such scams!
(You are reading this at a scam-busting website!)
It's important to know that banks do not send out email messages to "Dear Customer" asking you to confirm your security details. If you receive a message claiming to be from your bank, building society, insurance company, or from PayPal, telling you about some new security update, it is generally a hoax! The emails are most likely to be from crooks impersonating the bank and hoping to fool you into divulging your personal security data so they can steal your money!
Here are a few examples...
NatWest Bank Security Update:
| ----- Original Message ----- From: From: support@natwest.com To: [your harvested email address] Sent: Monday, December 08, 2003 9:44 PM Subject: NatWest Bank Security Update  Dear Valued Customer, - Our new security system will help you to avoid frequently fraud transactions and to keep your investments in safety. - Due to technical update we recommend you to reactivate your account. Click on the link below to login and begin using your updated NatWest account. To log into your account, please visit the NatWest Online Banking https://www.nwolb.com/ If you have questions about your online statement, please send us a Bank Mail or call us at 0846 600 2323 (outside the UK dial +44 247 686 2063). We appreciate your business. It's truly our pleasure to serve you. NatWest Customer Care This email is for notification only. To contact us, please log into your account and send a Bank Mail. |
Definitely NOT from NatWest! Here's a similar one, this time pretending to be from Lloyds TSB
Lloyds TSB Security Server Update:
| ----- Original Message ----- From: customerservice@lloyds.co.uk To: [your harvested email address] Sent: Sunday, January 20, 2002 8:10 AM Subject: Security Server Update  Dear Valued Customer, - Our new security system will help you to avoid frequently fraud transactions and to keep your investments in safety. - Due to technical update we recommend you to reactivate your account. Click on the link below to login and begin using your updated Lloyds account. To log into your account, please visit the Lloyds Online Banking https://online.lloydstsb.co.uk/ For business banking login here https://online-business.lloydstsb.co.uk/customer.ibc If you have questions about your online statement, please send us a Bank Mail or call us at 0846 600 2323 (outside the UK dial +44 247 686 2063). We appreciate your business. It's truly our pleasure to serve you. Lloyds Customer Care This email is for notification only. To contact us, please log into your account and send a Bank Mail. |
As well as Lloyds TSB (bank) hoax email messages, there are also hoax messages pretending to be from Lloyds TSB Insurance - see Lloyds TSB Insurance Security email message. Typically, these messages claim to be from the SECURITY department, and often acknowledge the existence of hoax messages, as a kind of double-bluff. Well if they're that good at bluffing they should play Poker!
Incidentally, the links in these messages don't go to the banks, but somehow are spoof sites which mimic the official bank sites and try to steal your personal bank security details.
Another similar hoax message, this time pretending to be from the Halifax. Again, you should avoid being fooled by the genuine looking header, which the spoofers have simply copied, as they aren't exactly worried about copyright or trademark issues!:
| ----- Original Message ----- From: Halifax To: [everyone's Tiscali address] Sent: Thursday, August 04, 2005 8:57 PM Subject: Halifax Internet banking EmaiI Verification - [%To_Email] [Thu, 04 Aug 2005 16:54:36 -0300]
|
Note the curious use of English, suggesting the sender is more likely to be from China than from Halifax! Plus, on careful inspection of the spoof message, the text was sent as an image, suggesting an attempt to get through various spam filters. Also note that the Halifax actually know their customers well enough to avoid addressing them as "Dear client of the Halifax Internet banking"!
Here's another bank hoax e-mail, this time faked up to look like it's supposed to be from Barclays Bank! As well as being sent to a harvested address, other things that give it away as a foolish scam message are the "Dear Barclays customer", the false premise, and the random dodgy text stuck on the end, (invisible to some systems, but not if you HIGHLIGHT it!)
| ----- Original Message ----- From: Barclays To: Circ Sent: Saturday, March 11, 2006 11:07 PM Subject: URGENT SECURITY NOTICE [Sun, 12 Mar 2006 07:08:53 -0800]  Surely they had seen what was coming. cleric bellatrix It began to move. A couple of National Guard chopper-jockeys sent out as part of a random drug-control sweep (looking for back-country pot-farmers, in other words) had seen a sunflash on what remained of the Camaro's windshield and set down in a nearby clearing for a closer look. lions on either side of him. The third-floor apartment was vacant at the time of the fire. The cloud, he thought. Same M. "The axe came whistling down and buried itself in Paul Sheldon's left leg just above the ankle. He heard a light shuffle-scuffle and looked quickly in the corner, expecting to see the trooper crawling toward him, |
If you'd like to visit the real Barclays Bank we have some links to the place! At the actual site you'll almost certainly be able to find some dire warnings about these bogus messages which might come in. Remember: If you have a bank account, the bank knows your name and account number, oh, and also they won't put a paragraph transplanted from a thriller novel on the end of official bank correspondence!
Here's another email, this time pretending to be from HSBC:
| ----- Original Message -----
|
|||||||
(Some versions have slightly different text, for example: Access Suspended, To protect your accounts, we automatically suspend your online access when your sign in details have been entered incorrectly several times. To get back into the service, you can reset your details quickly and easily using our online reset process - just click the 'Continue' button below. Continue. Thank you for banking with us). Again not really from the bank, and the address is not the real bank address. A close inspection of http;//www,hsbc.co.uk.session52-en.us/1/2/personal/internet-banking/jsessionid=000LaRtPDWhNR7X4O/ reveals it is NOT www.hsbc.co.uk which is the destination but session52-en.us preceded by a subdomain!
There's also one claiming
to be from the Nationwide and asking you to Please Update
Your Account. This is also a hoax, and the message did not
originate from the Nationwide. The hoax message has been stuffed and
mounted for you to examine. See Nationwide hoax message
Now, the Royal Bank of Scotland. During some of the months of 2007 this was an especially popular target for spam senders hoping to lure unsuspecting customers of the Royal Bank of Scotland into confirming their security details, a hoax of course!
| ----- Original Message ----- From: Royal Bank of Scotland To: Circular (harvested address) Sent: Tuesday, August 07, 2007 10:22 PM Subject: The Royal Bank of Scotland customer service: important information! (mess_id: O9814630578698) Royal Bank of Scotland Group Dear
Royal Bank of Scotland customer, 0x70,
0x6, 0x1383, 0x76, 0x76, 0x840, 0x7, 0x5, 0x08 type rev
rev update WVIS 9EA YOH function include 1J2G: 0x04, 0x67666732,
0x513, 0x451, 0x18972110, 0x748, 0x4, 0x6433, 0x09, 0x40,
0x45 0x5, 0x19272349, 0x8, 0x25305478, 0x1, 0x3754, 0x401,
0x6, 0x69173826, 0x0, 0x87, 0x05 0x5625, 0x356, 0x2, 0x4179,
0x88, 0x581, 0x23799786, 0x2172, 0x6741, 0x064, 0x444
type: 0x85345844, 0x4, 0x67, 0x3996, 0x9, 0x41671632 R1S:
0x88144152, 0x301, 0x5, 0x6, 0x7773, 0x8963, 0x80, 0x7, 0x0,
0x779 0x77 file: 0x37372463, 0x3, 0x36, 0x293, 0x0, 0x059,
0x23950420, 0x5 |
Again, the link was faked-up, so whereas it looked like it was going to http;//sessionid-16744,rbs.co.uk/customerdirectory/direct/ccf.aspx, it was in fact going to http;//sessionid-16744 .rbs.co.uk.hfie22.hk/customerdirectory/direct/ccf.aspx which is a subdomain within hfie22.hk in Hong Kong.
And here's an even more frightening message, this time pretending to be from US Bank. It is of course NOT from U.S. Bank at all, but from some hoaxer hoping to scare you into following a bogus link which would be unwise to say the least! It's a panicmail
| -----
Original Message ----- From: From: U.S. Bank To: [harvested email address] Sent: Monday, January 19, 2004 8:49 PM Subject: Your account at U.S. Bank has been suspended. Dear U.S. Bank account holder, We regret to inform you, that we had to block your U.S. Bank account because we have been notified that your account may have been compromised by outside parties. Our terms and conditions you agreed to state that your account must always be under your control or those you designate at all times. We have noticed some activity related to your account that indicates that other parties may have access and or control of your information in your account. These parties have in the past been involved with money laundering, illegal drugs, terrorism and various Federal Title 18 violations. In order that you may access your account we must verify your identity by clicking on the link below. Please be aware that until we can verify your identity no further access to your account will be allowed and we will have no other liability for your account or any transactions that may have occurred as a result of your failure to reactivate your account as instructed below. Thank you for your time and consideration in this matter. https://www.usbank.com/account_verify/cgi/index.htm Before you reactivate your account, all payments have been frozen, and you will not be able to use your account in any way until we have verified your identity. |
I tell you, I'd be worried if I thought the bank considered I'd been to such outrageous all-night rave events that my bank account had been "compromised by outside parties"! However, it's important to understand these messages aren't genuine, so be calm about it and don't get caught up in an epidemic of fear. In truth, bank accounts such as those at US Bank for example are sufficiently secure that a security problem like this would warrant more personal attention than "Dear (anonymous) account holder".
And how about this, pretending to be from PayPal? The attachment is a virus, so if you've opened it you should get some anti-virus software!
YOUR PAYPAL.COM ACCOUNT EXPIRES:
| <attachment:
www.paypal.com.scr> (virus) ----- Original Message ----- From: PayPal.com donotreply@paypal.com To: [your email address here] Sent: Tuesday, December 09, 2003 8:37 AM Subject: YOUR PAYPAL.COM ACCOUNT EXPIRES Dear PayPal member, PayPal would like to inform you about some important information regarding your PayPal account. This account, which is associated with the email address [your email address here] will be expiring within five business days. We apologize for any inconvenience that this may cause, but this is occurring because all of our customers are required to update their account settings with their personal information. We are taking these actions because we are implementing a new security policy on our website to insure everyone's absolute privacy. To avoid any interruption in PayPal services then you will need to run the application that we have sent with this email (see attachment) and follow the instructions. Please do not send your personal information through email, as it will not be as secure. IMPORTANT! If you do not update your information with our secure application within the next five business days then we will be forced to deactivate your account and you will not be able to use your PayPal account any longer. It is strongly recommended that you take a few minutes out of your busy day and complete this now. DO NOT REPLY TO THIS MESSAGE VIA EMAIL! This mail is sent by an automated message system and the reply will not be received. Thank you for using PayPal. [random letters here to try to fool anti-spam filters] |
Again, PayPal would know your actual ID and not need to say "Dear PayPal member". If you get any of this kind of stuff pretending to be from PayPal, you can tell them about it by sending to spoof@paypal.com and they'll thank you for it.
It's also currently suspected that spam email messages apparently from eBay are not actually from eBay, but are some kind of hoax like these bank hoaxes, and are sent to try to get you to divulge your personal security info! See eBay Spam
Rarely, in fact very rarely, do bank hoax phishing-attackers actually phone you, but it has been known to happen. You get a bank call and someone says they are the bank and they want you to confirm something. Beware! However, you can deal with this awkward situation by some sensible security measures, as detailed at the page Bank Call, which explains how easy these bank hoax callers are to rumble.
Also be careful if you receive an online bill from O2 as it's a similar hoax. Also beware of supposed messages from Tk Maxx and a similar Update Account message from Very and various other messages which are a Scam
With any of these, and with the Microsoft virus scam, the key feature is that the perpetrators are pretending to be someone you might trust in order to get one up on you, either by getting you to run a virus or to give away security information.
If it were a comedy movie, bank robbers might dupe people by disguising themselves as "Bank Security Team" or some such thing, and you'd laugh at how easy the on-screen customers fell for the joke and ended up with the bank robbers stealing the money, but this e-mail scenario is just as silly. So, don't be fooled by it!
Other warnings about scams and suspicious e-mails:
Yahoo Games Screensaver message
PanicMail - you are on a video on Youtube?!
Co Op Bank Devoted Customer Reward
Amazon sent this message - oh no they didn't!
Qualifications on Qualifications
Congratulations you have won the National Lottery
Also see ROGUES GALLERY PAGE 1 (including the Nigeria Scam) and ROGUES GALLERY PAGE 2
Extra note! Here's another PayPal scam!
 |
|
|
|||||||||||
(Strange that the tracker-pixels in this hoax e-mail are hosted at PayPal! This doesn't prove PayPal are sending the spam themselves, but will be a bit concerning if the URLs of the images remain the same!)
