Archive for March, 2012

Late last year, we posted a notice from Verizon itself about scams like these, but a reminder won’t hurt.

Over the past week or so, we’ve seen multiple instances of fake billing notices from Verizon. They look good at first because the scammers have stolen language and artwork from real Verizon Wireless billing notices. We’ve seen messages with two different legitimate-sounding subjects: “Your Bill is Now Available” and “Thank You for your Verizon Wireless Payment.” Spend just a few seconds examining either, and you’ll see they are phishing scams with “pharming” links.

  • Both contain information about a large bill or a large payment, designed to shock you into an over reaction–like clicking one of the links to find out what’s going on NOW!
  • Both have been sent to mailing lists–and you can see the other addresses. Did all of us end up with the same exact bill for $928.39? How likely is that? And why would a reputable company expose other customers’ email addresses to anybody?
  • If you hover your mouse over any of the links in the messages, you’ll see that they would take you to non-Verizon sites designed to harvest your personal information.

Want to check on your Verizon account, go to the real Verizon site where you usually sign in.

Get a message like one of the ones below? Just delete it.

Another phish spoofing Verizon billing notice

Don't click any of the links in a message like this one. Instead, log in to Verizon's real Web site to check on your account.


Another phish, this one spoofing Verizon's payment acknowledgement

Don't freak. Your card hasn't REALLY been charged that amount. Don't click any of the links in this message. Instead, log in to your credit card company site or the Verizon site to check your account status.

Comments Comments Off

This phish seen this morning at UD may catch you if you’re unaware. It’s a variation of a phish seen in our mailboxes earlier this month.

  • Similar “official sounding” boilerplate language about forwarding and maintenance.
  • Similar use of a udel.edu URL in the text as a link to a bad non-UD site. (Hover your computer mouse over the link to see where it really will take you.)

    Phishing Scam

    Phishing Scam: Note where the link REALLY goes.


    If you click the link and enter your UDelNet ID and password, change your UDelNet password immediately by going to the UD Network page.

  • Similar spoofing of an official-looking UD email address. Remember, UD will never ask you to verify your personal information by clicking a link in an email message. Nor will UD ever ask you to send personal information via email.
  • Same bogus paragraph about what the “Primary owner” must do. At UD, we instruct you not to share your email account. “Primary owner” implies “secondary” use of an email account.

See this scam in your inbox? Delete it.

Comments Comments Off

PNC Bank has cautioned us about a scam they are seeing at branches near college campuses. The scam takes advantage of college students’ naivete and desire for part-time work. In one case, the scam job advertisement was listed at a college’s official placement office.

Here’s how it works:

  • A student responds to an online ad or to email inviting applications for personal assistants, secret shoppers, that sort of thing.
  • The student receives email saying, “You have the job!”
  • The “employer” gives the student a task: “Help me transfer some money between my bank accounts.”
  • The scammer sends the student one or more money grams, money orders, or other commercial wire transfers.
  • The instructions are, “Deposit the money orders in your account, then have your bank wire me the money, but keep $XX for yourself.” ($XX could be $25, $35, $100 — some small fraction of the amount being sent.)

What the student doesn’t know is that he or she has received a fraudulent or stolen money gram or money order and that he or she could be liable for the entire amount of the transaction.

Never accept money from unknown persons who want to give you a sum of money to hold then transfer back to them.

Below is an excerpt from the notification we received from PNC:

Subject: Fraud Attempts

  1. A female student deposited two $925 money grams yesterday at the Ben Franklin office of PNC. During the conversation with the Head Teller, she said she found a job as a personal assistant. When she came in today, the Branch Manager had a further conversation with the student. She said she found the job through her college placement office, and that the person lived somewhere else. The Branch Manager asked if she had to send money back. The student initially said no, but then told her that money was supposed to be transferred to another account.
  2. Today, a student presented two Money Gram money orders, each for $925.00, for deposit at the Farmers office of PNC. The teller began to question her as to where the money orders came from, and if she knew the person who sent them to her. She told the Teller they were from her employer, who travels extensively, and that she was to run some errands for him. In response to further questioning, she told the Teller that she was to keep a small portion of the funds, and send the remainder via Western Union to the Philippines. The Teller explained that this was a scam, and that the student would be personally responsible in the event that these money orders were returned. The Teller then placed a call to our Loss Prevention Department, who also confirmed that it was fraud.

Scammers are targeting students who are looking for employment. The scammers have been placing ads looking for personal assistants, secret shoppers, nannies, etc. Please, let’s make the students aware that they must be VERY cautious of online job offers, and of any individual asking a student to send monies back to them after depositing a check or money order.

Brian E. Tymon
Vice President, University Banking
PNC Bank

Comments Comments Off

Superficially, this phish looks convincing. A lot of us shop at amazon.com using an American Express card. Oh, no! We’re in trouble! Only if any of us click any of the links in this message.

Look at this message for about 10 seconds and it becomes apparent that it’s just another rotten phish.

  • Sent to a list of addresses. Real banks and credit card companies do not do that. They know that it’s a security breach to expose customers’ email addresses to other customers.
  • Bad links: hover your mouse over either of the two links in the message body that allegedly go to an American Express site. As the screen shot below indicates, they will take you to an identity-harvesting site. Actually, three of the links in the footer will also take you to non American Express Web sites.
  • Message content: Do not click any links in this email message. If you are an American Express customer, instead, in your web browser, go to the standard credit card site where you usually log in, log in there, and look for a secure message to you from your credit card company.

Even though this phish has the stolen logos and a serious looking footer, if you just pay attention for a few seconds, you’ll draw the proper conclusion: Just delete the message!

An AmEx Amazon phishing scam

Study this message for a few seconds and you'll see it's another rotten phish. Delete it.


Click the image to see a larger version of this phish.

Comments Comments Off

An eagle-eyed colleague sent us this phishing scam today. Looks pretty convincing until you hover your mouse over the alleged link to UD’s mail service and see a non-UD link! Other tell-tale signs:

  • Since UD tells you not to share your accounts or passwords with anyone, why would we refer to you as the “Primary owner”?
  • Why would we tell you to forward your other email accounts to your UD Webmail account AND tell you when we do system maintenance in the same message in which we tell you about a problem with your account?

Just delete it.

Webmail phishing scam

Webmail phishing scam--look where that link really goes.

If you do click the link and enter your UDelNet ID and password? Change your UDelNet password immediately by going to the UD Network page.

Comments Comments Off