Ansett
22 November 2005, 13:20
A statement from the HSBC Bank's website
- you can find the original pages here (http://www.hsbc.com/hsbc/security/phishing) (Phishing) and here (http://www.hsbc.com/hsbc/security/online-fraud;brochid=4JOWCEBMCGRLPQFIYNLCGWQ) (Other Online Frauds)
Phishing - Phishing scams
An increasingly prevalent scam currently being employed by unscrupulous individuals is phishing.
Phishing involves an email message being sent out to as many Internet email addresses that the fraudster can obtain, claiming to come from a legitimate organisation such as a bank, online payment service, online retailer or similar. The email requests the recipient to update or to verify their personal and financial information, including date of birth, login information, account details, credit card numbers, PIN numbers, etc. Some of the email messages include a threat that failure to update or validate will result in, for example, the account being frozen. The objective is to induce unsuspecting recipients, who happen to be customers of the legitimate organisation being imitated, to respond to the email and to provide the information being requested.
The email will contain a link that takes you to a spoof web site that looks identical, or at least very similar, to the organisation's genuine site. In some cases, when the link in the email is clicked, the genuine site is accessed, but is overlaid with a smaller window with the spoof site, making it more believable. Clicking on a link may also download malicious software, known as "spyware" onto your PC which will record your use of the Internet and forward this information, and possibly a log of your keystrokes, to the fraudster. The fraudsters will use this financial information to compromise bank accounts, credit cards, etc.
To avoid getting phished you should never respond to email messages that request personal or financial information and never click on a link in such an email. Reputable organisations do not send unsolicited email messages asking their customers to update or verify their personal and security details. If you are in doubt about the legitimacy of the email, or if you think that you have been a victim of a phishing scam, you should contact the organisation in question immediately. You should, however, be careful to use the normal method you use to contact the organisation in question, rather than use any suggestions included in, or by responding to, the email.
Phishing mules
Once the fraudsters have collected financial information of individuals via phishing, they are then in a position to abuse this information and steal money out of the compromised accounts. In order to cover their tracks, however, they recruit unsuspecting individuals to act as go-betweens by placing a variety of tempting job adverts on the Internet promising the chance to earn money quickly without expending much effort. These recruits are known as mules.
The bank accounts of the mules will be used to accept transfers of money from the compromised accounts. The mules will be asked to withdraw the money from their accounts in the form of cash and forward it, minus their commission, to the fraudsters using an international money transfer agency. The fraudsters can therefore maintain their anonymity, but there is a trail to the phishing mules, which can be followed by the authorities.
Be very careful about job offers which involve the acceptance and release of funds to a bank account in return for commission. Mules recruited by phishing fraudsters are money laundering and are likely to face criminal prosecution.
Other online fraud
Common frauds to watch out for
It can be expensive to be unaware of the most common Internet fraud activities.
Advance Fee or "419 Fraud"
This involves unsolicited letters and email messages offering the recipient a generous reward for helping to move a staggeringly large balance of funds, usually in US Dollars. These funds are said to be anything from corporate profits / accumulated bribes / unspent government funds to unclaimed funds belonging to a deceased person.
The fraudsters are after banking details. The transactions typically require the recipient of the letter or email message to pay something like a fee/tax/bribe to complete the deal - this is the Advance Fee. Such fees will be lost.
A recent development is to convince the recipient that the funds are ready to be moved by getting them to log on to a fake bank website and look at a specific account which shows a credit balance of tens of millions of dollars. These funds do not exist.
It is also common for recipients' details to be used to perpetrate in other types of fraud.
Lottery Fraud
This involves letters or email messages which advise that the recipient has won a prize in a lottery. To obtain the funds the recipient has to respond to the letter or email message. A request will then be made for the recipient to provide his/her bank account details to allow for funds to be transferred. The recipient may also be asked to pay a handling/processing fee. This fee, if paid, will be lost. Also any details given will probably be used to perpetrate other fraud.
Virus hoax email
It is a sad fact of life that there are those who enjoy exploiting the concerns of others. Many emailed warnings about viruses are hoaxes, designed purely to cause concern and disrupt businesses.
Such warnings may be genuine, so don't take them lightly, but always check the story out by visiting an anti-virus site such as McAfee, Sophos or Symantec before taking any action, including forwarding them to friends and colleagues.© Copyright hsbc.com, inc 2005
Quoted here by Fraudwatchers.org for the convenience of people new to the internet and/or in the process of being scammed.
- you can find the original pages here (http://www.hsbc.com/hsbc/security/phishing) (Phishing) and here (http://www.hsbc.com/hsbc/security/online-fraud;brochid=4JOWCEBMCGRLPQFIYNLCGWQ) (Other Online Frauds)
Phishing - Phishing scams
An increasingly prevalent scam currently being employed by unscrupulous individuals is phishing.
Phishing involves an email message being sent out to as many Internet email addresses that the fraudster can obtain, claiming to come from a legitimate organisation such as a bank, online payment service, online retailer or similar. The email requests the recipient to update or to verify their personal and financial information, including date of birth, login information, account details, credit card numbers, PIN numbers, etc. Some of the email messages include a threat that failure to update or validate will result in, for example, the account being frozen. The objective is to induce unsuspecting recipients, who happen to be customers of the legitimate organisation being imitated, to respond to the email and to provide the information being requested.
The email will contain a link that takes you to a spoof web site that looks identical, or at least very similar, to the organisation's genuine site. In some cases, when the link in the email is clicked, the genuine site is accessed, but is overlaid with a smaller window with the spoof site, making it more believable. Clicking on a link may also download malicious software, known as "spyware" onto your PC which will record your use of the Internet and forward this information, and possibly a log of your keystrokes, to the fraudster. The fraudsters will use this financial information to compromise bank accounts, credit cards, etc.
To avoid getting phished you should never respond to email messages that request personal or financial information and never click on a link in such an email. Reputable organisations do not send unsolicited email messages asking their customers to update or verify their personal and security details. If you are in doubt about the legitimacy of the email, or if you think that you have been a victim of a phishing scam, you should contact the organisation in question immediately. You should, however, be careful to use the normal method you use to contact the organisation in question, rather than use any suggestions included in, or by responding to, the email.
Phishing mules
Once the fraudsters have collected financial information of individuals via phishing, they are then in a position to abuse this information and steal money out of the compromised accounts. In order to cover their tracks, however, they recruit unsuspecting individuals to act as go-betweens by placing a variety of tempting job adverts on the Internet promising the chance to earn money quickly without expending much effort. These recruits are known as mules.
The bank accounts of the mules will be used to accept transfers of money from the compromised accounts. The mules will be asked to withdraw the money from their accounts in the form of cash and forward it, minus their commission, to the fraudsters using an international money transfer agency. The fraudsters can therefore maintain their anonymity, but there is a trail to the phishing mules, which can be followed by the authorities.
Be very careful about job offers which involve the acceptance and release of funds to a bank account in return for commission. Mules recruited by phishing fraudsters are money laundering and are likely to face criminal prosecution.
Other online fraud
Common frauds to watch out for
It can be expensive to be unaware of the most common Internet fraud activities.
Advance Fee or "419 Fraud"
This involves unsolicited letters and email messages offering the recipient a generous reward for helping to move a staggeringly large balance of funds, usually in US Dollars. These funds are said to be anything from corporate profits / accumulated bribes / unspent government funds to unclaimed funds belonging to a deceased person.
The fraudsters are after banking details. The transactions typically require the recipient of the letter or email message to pay something like a fee/tax/bribe to complete the deal - this is the Advance Fee. Such fees will be lost.
A recent development is to convince the recipient that the funds are ready to be moved by getting them to log on to a fake bank website and look at a specific account which shows a credit balance of tens of millions of dollars. These funds do not exist.
It is also common for recipients' details to be used to perpetrate in other types of fraud.
Lottery Fraud
This involves letters or email messages which advise that the recipient has won a prize in a lottery. To obtain the funds the recipient has to respond to the letter or email message. A request will then be made for the recipient to provide his/her bank account details to allow for funds to be transferred. The recipient may also be asked to pay a handling/processing fee. This fee, if paid, will be lost. Also any details given will probably be used to perpetrate other fraud.
Virus hoax email
It is a sad fact of life that there are those who enjoy exploiting the concerns of others. Many emailed warnings about viruses are hoaxes, designed purely to cause concern and disrupt businesses.
Such warnings may be genuine, so don't take them lightly, but always check the story out by visiting an anti-virus site such as McAfee, Sophos or Symantec before taking any action, including forwarding them to friends and colleagues.© Copyright hsbc.com, inc 2005
Quoted here by Fraudwatchers.org for the convenience of people new to the internet and/or in the process of being scammed.