Interesting Phishing Email.... Don't get it.

This one is quite interesting as it actually provides a real phone number as the only contact. the reply to address is for government website:

_____________________________________________

Warning! This is a CONFIDENTIAL E-MAIL.
Please treat this matter with seriousity.
_____________________________________________

Dear Credit Union Member,

We are sorry to inform you that there was an error in our database issuing your ID Number (490-132-0015-DEBITCARD-5991), your Credit Union has engaged NCUA also known as National Credit Union Administration to help you update your records in order to restore valability of your DEBIT CARD.

With the help of NCUA you can easily regain full access to your debit card, otherwise withdrawing will not be permitted.

*YOUR DEBIT CARD IS TEMPORARILY UNAVAILABLE, IN ORDER TO CORRECT THIS PROBLEM FOLLOW THE STEPS LISTED BELLOW:

1. Take your debitcard so you can have it near you.
2. Call 201-***-**** and follow the steps.

Thank you for your patience and time.


_____________________________________________
The National Credit Union Administration (NCUA) is the independent federal agency that charters and supervises federal credit unions. NCUA, backed of the full faith and credit of the U.S. government, operates the National Credit Union Share Insurance Fund (NCUSIF) insuring the savings of 80 million account holders in all federal credit unions and many state-chartered credit unions.

I checked the number it's residential number in NJ, I actually got two of these and the other one has a residential phone number for NY. I can't seem to figure out the the catch though... Both numbers must be randomly generated

Here's the complete source with headers, only thing I,ve changed is the actual phone number.

Code: Select all

Return-Path: <do-not-reply@ncua.gov>
Received: from server1.highfive.nl (dsl-213-134-229-085.solcon.nl [213.134.229.85])
   by pro23.abac.com (8.14.1/8.14.1) with ESMTP id m0OHHJA6038387
   for <mailhead@40lbhead.com>; Thu, 24 Jan 2008 09:17:22 -0800 (PST)
   (envelope-from do-not-reply@ncua.gov)
Received: from User ([74.218.48.125]) by server1.highfive.nl with Microsoft SMTPSVC(6.0.3790.3959);
    Thu, 24 Jan 2008 18:16:15 +0100
Reply-To: <do-not-reply@ncua.gov>
From: "National Credit Union Administration"<do-not-reply@ncua.gov>
Subject: LAST WARNING
Date: Thu, 24 Jan 2008 12:17:21 -0500
X-Priority: 1
X-MSMail-Priority: High
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Bcc:
Message-ID: <SERVER1PNXRPmcarcR400000f05@server1.highfive.nl>
X-OriginalArrivalTime: 24 Jan 2008 17:16:15.0281 (UTC) FILETIME=[D351FA10:01C85EAC]
X-Spam-Score: 6.642 (DCC_CHECK,FORGED_MUA_OUTLOOK,FORGED_RCVD_HELO,SPF_SOFTFAIL,SUBJ_ALL_CAPS,UNDISC_RECIPS,X_MSMAIL_PRIORITY_HIGH,X_PRIORITY_HIGH)
X-Spam-Level: !!!!!!
X-Antivirus: AVG for E-mail 7.5.516 [269.19.10/1241]
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=Windows-1251

_____________________________________________

Warning! This is a CONFIDENTIAL E-MAIL.
Please treat this matter with seriousity.
_____________________________________________

Dear Credit Union Member,

We are sorry to inform you that there was an error in our database issuing your ID Number (490-132-0015-DEBITCARD-5991), your Credit Union has engaged NCUA also known as National Credit Union Administration to help you update your records in order to restore valability of your DEBIT CARD.

With the help of NCUA you can easily regain full access to your debit card, otherwise withdrawing will not be permitted.

*YOUR DEBIT CARD IS TEMPORARILY UNAVAILABLE, IN ORDER TO CORRECT THIS PROBLEM FOLLOW THE STEPS LISTED BELLOW:

1. Take your debitcard so you can have it near you.
2. Call 518-xxx-xxxx and follow the steps.

Thank you for your patience and time.


_____________________________________________
The National Credit Union Administration (NCUA) is the independent federal agency that charters and supervises federal credit unions. NCUA, backed of the full faith and credit of the U.S. government, operates the National Credit Union Share Insurance Fund (NCUSIF) insuring the savings of 80 million account holders in all federal credit unions and many state-chartered credit unions.



--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.516 / Virus Database: 269.19.10/1241 - Release Date: 1/24/2008 9:58 AM



i got that too and some people i know. you have to know better them give them anything , but some might get worried and do it.

I get 10-15+ different ones a day.!!! Some are very interesting...Everyone need to KNOW the signs of these letters, TOO many people are getting scammed or ripped off.

Most start out with...Dear blah blah Member....(No names normally).

Most of them lately are in the form of....

IRS Tax Refund. (Big one this time of year!)
Credit Unions (Like above)
Banks (Same thing)
Nigeria Scam Letters (Dear Beloved one....etc....hahahha,
Nigeria Scan Letters - ATM Payments
UK Lotterys
Microsoft Lotterys
Email Lotterys
Paypal (You paid someone, Click here for Dispute this payment)
Ebay (Questions on items or Failure to Pay!!) Ya, Right.

Just to name a few....

EVERYONE BE CAREFUL! If you don't know, Don't Open it.

I have pretty heavy duty spam filter so I see very few of them, this one for example was way above what would have got deleted on sight. It was sent to 40lbhead.com and that's on different server. The thing is though it has real phone number and it's the only point of contact, so it really makes no sense. There's no way to get in touch with them even if you were foolish enough to believe it.

ken wrote:i got that too and some people i know..

Exact same one and if so what is the area code for the phone number? the other one I received has area code for 518 .

opened it , read a second , deleted it.

Don't even open these. Some will contain embedded code that will run on opening depending on your email client. Most of the current crop are not attempts to obtain your info, rather, they are attempts to drop an executable onto your machine to allow it to become part of a botnet where thousands or millions of machines are used together, under control of a rogue to do nasty things to other machines/networks. Some will also phone home and then download dataloggers or key loggers which will record every keystroke and then mail it off to some bad guy for his consumption.

I do this stuff for a living on a very, very active network. it's a jungle out there!

AV8R and Richard

Whats the best virus package in your opinion?


BK

av8r wrote:Don't even open these. Some will contain embedded code that will run on opening depending on your email client.

Plain text only is your friend.

Richard S. wrote:

av8r wrote:Don't even open these. Some will contain embedded code that will run on opening depending on your email client.

Plain text only is your friend. :D

Damn straight....but tell that to the administration here..haaahahahha..they can't have their stupid "stationary" bacakgrounds in their email? OMG>...you'd think the world was coming to an end.

bksaun wrote:AV8R and Richard

Whats the best virus package in your opinion?


BK

I use AVG's free client on everything I need it on including client machines. My laptops have no antivirus and I get no problems. Google "free avg" and use that. It's all you need.

I use AVG too, its as good as others. Smaller footprint too and less invasive.

As far as emails go turn off HTML in your email client and don't open any attachments unless you know where they came from and are expecting them. If you do that you've pretty much made your self bullet proof from a email virus unless there's an exploit for the email client itself. That would be rare and such things are usually patched real quick.

OK

Thanks guy's.

BK

Here a version of the IRS Refund emails....Don't fall for these either.

As several have pointed out computer security and identity theft are critical issues. The problem is big and growing rapidly. Very, very few get caught. It's become big business for criminals and they are even hiring programming professionals, who then go to work for the software companies with the goal of putting trap doors into commercial software products. Some security experts claim college "scholarships" are being offered to our brightest computer whiz kids in exchange for future help in creating compromised software.

One effective technique is to surf the net with a computer that has no hardware that can be written to. That way there is nothing that can be changed because it's not possible to write to a hard disk because there is none. "Knoppix" is a way to achieve this on an Windows OS PC with a CD or DVD drive. See: http://en.wikipedia.org/wiki/Knoppix for the details. You do not use the operating system on your hard drive but instead boot from a CD the contains the Linux operating system and applications. Then you can surf without concern of key loggers, dial home software, etc. You give up a lot of convenience, because you don't have bookmarks, familiar programs, can't save files etc. I use Knoppix when I'm shopping on-line or accessing bank accounts. It's not a perfect solution. You still need to look out for look alike bogus web sites and social engineering tricks.