StreetWise Home  >  Remar's Reviews Archives  >  This Scam Will Hit You This Week! But You Don't Have to Be “Phished”

“Phishing” Examples

Here we provide you with several different types of phish. There are many other variants. But as you look through these you'll see that all have several factors in common. 1. They try to appear legitimate using a variety of means. 2. They use scare tactics to try to get you to act without thinking or checking anything out. 3. They try to assure you of their interest in your “security” when they are actually trying to steal it.
Also note that the emails also rip-off legitimate financial institutions or companies. Anyone with a little knowledge of how websites are coded can steal images from legitimate sites and companies. This ability to take images has nothing to do with the security of the services (such as online banking) offered by the companies whose identity has been stolen by the scammers who also hope to steal yours.
Example 1
Fake Paypal messages are a favorite phishing method. Here are 2 Paypal phish. The first claims that the account will be suspended if your account information isn't updated. In the second, the scam claims your account information needs to be updated because they found incompatible information during a billing information check. Both have nothing to do with PayPal though they are designed to look “official.” Both use scare tactics to try to get you to act without thinking. The real PayPal never sends such emails.
 
Example 2
This phish indicates that your online bank account could be suspended if you don't verify your bank information. The scam artists have stolen the “look” of the real bank and broadcast their email knowing it will hit some actual customers of the bank in question. Variants of this scam using the names of other banks or financial institutions abound on the Web. Never respond to such an email. This bank and other financial institutions never use this method to “verify” or “confirm” information. Again scare tactics try to con you into acting without checking it out.
Note that the scam tries to get you to ignore your doubts by including fake “security“ information. This fake information may mimic the actual financial institution's process or protocols or even link to the appropriate page on the real institution's real website. Remember, however, that real financial institutions never ask for account information via emails, instant messages or letters that direct you to a website. If you think it might be real, call the institution using the number on your statement (not in the email or on the letter) or from the phone book.
 
Example 3
This phish indicates that conditional approval for a mortgage has been granted but your information needs to be verified. Chances are that you never applied for a mortgage or refinance, but they'll hit enough people who have to make their scam profitable. The scamsters also hope that you'll think that it's a “pre-approved” offer that looks too good to refuse and jump on the offer without questioning. Never respond to such “offers”—all they want is to steal your personal information and your money.
 
Example 4
Phish can come in fancy or plain text emails. These 2 emails show the same phish in text and HTML form. The phish is to click the customer service link—which is bogus and takes you to the scam artists' site, where they steal your information. The real credit union is equally a victim of the scam. Again, remember that real credit unions and other financial institutions never send this type email. These emails also use scare tactics and try to look legitimate by faking security measures such as “Verisign.”
[Text version]
[HTML version]
 
Example 5
Here is an example of an online banking phish that uses a security feature many banks and credit unions have in place—if an online banking user attempts to log onto online banking and fails a third time, the user is then locked out. They want you to panic, thinking someone is attacking your account and respond without stopping to think and check it out. Never respond to emails such as this. Your financial institution NEVER asks you to respond through an email link as this phish requests. If you were really locked out, you would have to initiate contact with the institution to get it unlocked.
 
Example 6
Here is an example of a fake lottery phish which is asking for bank account information in order to transfer the lottery winnings. Never respond to emails indicating you've won a lottery or a sweepstakes. This type scam has been around forever in snail mail and phone calls—email versions are just the latest.
 
Prepared by Remar Sutton and Associates for DCU, December 2005. All rights reserved.

To beginning of page
Digital Federal Credit Union
Digital Federal Credit Union
220 Donald Lynch Boulevard
PO Box 9130
Marlborough, MA 01752-9130
508.263.6700 • 800.328.8797
 DCU is an Equal Housing Lender    Your savings federally insured to at least $250,000 and backed by the full faith and credit of the United States Government. National Credit Union Administration, a U.S. Government Agency. Select for more information.

© 2008. Digital Federal Credit Union