AOPA Credit Card scam

AOPA warns that someone is trying the scam of spamming pilots saying that MBNA
needs for them to verify their account info. These mails are not from MBNA. Do
not click on the link.

This, by the way, is true of every similar scam. No legitimate company will send
you mail asking for account info by internet.

From the AOPA web site --

Urgent member advisory: Credit card fraud

Members with AOPA credit cards are warned to be on the lookout for e-mails that
appear to be from MBNA asking you to confirm or update your personal or credit
card information. These e-mails are not from MBNA. They are attempts by
criminals to gain access to your personal credit information in order to defraud
you. If you receive such an e-mail solicitation, you are warned not to respond
or provide any personal information.

As stated on MBNA's Web site:

MBNA is committed to ensuring that your personal and account information are
protected, both off and on the Internet. MBNA will never ask for personal or
account information to be submitted via e-mail. MBNA will never provide personal
information, such as an online account password, via e-mail.

This type of e-mail and Web site fraud, known as "phishing," is increasingly
prevalent with the scammers posing as a wide variety of businesses — banks,
credit card companies, insurance companies, and auction sites. There were an
estimated 20 million phishing e-mails in 2004, and the number is increasing
rapidly.

If you receive an e-mail that asks you to click a link and provide personal or
financial information, or suspect any fraudulent activity related to your MBNA
account(s), please contact MBNA immediately at 800/653-2465.

George Patterson
I prefer Heaven for climate but Hell for company.

George Patterson wrote in
:

AOPA warns that someone is trying the scam of spamming pilots
saying that MBNA needs for them to verify their account info.
These mails are not from MBNA. Do not click on the link.

I've discovered that most of them come from Korea and China. They pick
the images from a legitimate site but post your information to some
site in Seoul.

--

What they've been doing recently is opening the real site with the address
bar showing, and opening a login popup, showing no address bar. More often
than not, the popup doesn't work. They're getting shut down pretty quickly,
but I'm sure some people are going for it. I usually type in a few
obscenities after I send the report to the correct party.

"John Godwin" wrote in message
. 3.44...
George Patterson wrote in
:

AOPA warns that someone is trying the scam of spamming pilots
saying that MBNA needs for them to verify their account info.
These mails are not from MBNA. Do not click on the link.

I've discovered that most of them come from Korea and China. They pick
the images from a legitimate site but post your information to some
site in Seoul.

--

In article ,
"Steve Foley" wrote:

What they've been doing recently is opening the real site with the address
bar showing, and opening a login popup, showing no address bar. More often
than not, the popup doesn't work. They're getting shut down pretty quickly,
but I'm sure some people are going for it. I usually type in a few
obscenities after I send the report to the correct party.

They are also getting increasingly sophisticated. I used to be able to
tell immediately from the shoddy graphics that it wasn't the real thing.
Not long ago, I got one phishing for my Citibank info that I couldn't tell
apart from the real thing.

It also used to be that you could be careful and look in the status bar (or
wherever your particular browser shows you a preview of a link the mouse is
hovering over) to make sure it was real. The text on the screen would say
"www.citibank.com", but the URL preview would say "123.456.78.90" and you'd
know it was a fake. Now they're building URLs in the links with non-ascii
characters which display in your browser looking like the real thing, but
resolve to a different IP.

I check the Properties on suspicious e-mails...pretty easy to identify the
fakes. There are some super-good ones, though, like those spoofing
Washington Mutual...I send those to because the Properties
looks like a real Wamu link...but Wamu assures me that they do not send
e-mails requesting information.

Bob Gardner

"Roy Smith" wrote in message
...
In article ,
"Steve Foley" wrote:

What they've been doing recently is opening the real site with the
address
bar showing, and opening a login popup, showing no address bar. More
often
than not, the popup doesn't work. They're getting shut down pretty
quickly,
but I'm sure some people are going for it. I usually type in a few
obscenities after I send the report to the correct party.

They are also getting increasingly sophisticated. I used to be able to
tell immediately from the shoddy graphics that it wasn't the real thing.
Not long ago, I got one phishing for my Citibank info that I couldn't tell
apart from the real thing.

It also used to be that you could be careful and look in the status bar
(or
wherever your particular browser shows you a preview of a link the mouse
is
hovering over) to make sure it was real. The text on the screen would say
"www.citibank.com", but the URL preview would say "123.456.78.90" and
you'd
know it was a fake. Now they're building URLs in the links with non-ascii
characters which display in your browser looking like the real thing, but
resolve to a different IP.

"Roy Smith" wrote in message news:roy-
They are also getting increasingly sophisticated. I used to be able to
tell immediately from the shoddy graphics that it wasn't the real thing.
Not long ago, I got one phishing for my Citibank info that I couldn't tell
apart from the real thing.

Well, perhaps cosmetically. There's so many other clues that it is a scam
that one has to wonder at who would actually respond to these things.

Recently, I received a very legitimate SunTrust Bank scam. I was bored and
decided to go ahead click the links and fill out the form with required (but
fake) information. Y'all ought to do it sometime. It is quite interesting.

They asked for my name, address, phone number, mother maiden name, Social
Security number, bank account & routing number, and other information that
was very personal that no bank would ever request. It is very difficult for
me to imagine someone who would be so naive or stupid enough to actually
enter real information.

I consider it Digital Darwinism. Some folks just don't need to own a
computer.

--
Jim Fisher

"Jim Fisher" wrote:
They asked for my name, address, phone number, mother maiden name, Social
Security number, bank account & routing number, and other information that
was very personal that no bank would ever request. It is very difficult for
me to imagine someone who would be so naive or stupid enough to actually
enter real information.

Con games have been going on forever. I first heard of the "I found some
money and I'll split it with you, but you have to put up $X to show your
good faith" scam when I was a kid (my father told me how it worked).

I next heard of it a bunch of years later when a woman I was working with
fell victim to it. She came in one morning and started telling a strange
story of how somebody approached her and said they had found $10,000 or
some such. She was flabbergasted when I finished the story for her.

These days, the same scam is still going around, the only difference being
that email has taken over as the transmission mechanism. These scams
survive because they continue to work.

"Jim Fisher" wrote:
I consider it Digital Darwinism. Some folks just don't need to own a
computer.

Anybody who has ever worked in IT should recognize this story.

The help desk gets a call from somebody having trouble setting up their new
computer. The tech goes back and forth with the person, asking questions
like, "Can you read me exactly what it says on the screen now?" and getting
answers that can't possibly be correct.

After a half an hour of this, the tech says, "Sir, do you still have the
box the computer came in?". The hapless person on the phone admits that he
does. "OK, sir, what I want you to do is take the computer, put it back in
the box, and return it to the store you bought it from. You are obviously
too stupid to own a a computer".

That's the funny part. The sad part of it is that at least half of the
time, the problem is that the software that comes with these things is just
crap, and it's a miracle that most people can get it to work at all. I've
been doing network for the past 20 years. For the past 5 years, I've been
writing software to manage networks. Yet, for the past couple of weeks,
I've been fighting trying to get two off-the-shelf consumer devices talking
to each other over my home network. If I can't figure it out (armed with
packet sniffers, protocol debuggers, and a computer science degree), how
are Mr. and Mrs. J. Random Customer supposed to manage?

On Sun, 20 Mar 2005 07:40:12 -0600, "Jim Fisher"
wrote:

"Roy Smith" wrote in message news:roy-
They are also getting increasingly sophisticated. I used to be able to
tell immediately from the shoddy graphics that it wasn't the real thing.
Not long ago, I got one phishing for my Citibank info that I couldn't tell
apart from the real thing.

Well, perhaps cosmetically. There's so many other clues that it is a scam
that one has to wonder at who would actually respond to these things.

Recently, I received a very legitimate SunTrust Bank scam. I was bored and
decided to go ahead click the links and fill out the form with required (but
fake) information. Y'all ought to do it sometime. It is quite interesting.

They asked for my name, address, phone number, mother maiden name, Social
Security number, bank account & routing number, and other information that
was very personal that no bank would ever request. It is very difficult for
me to imagine someone who would be so naive or stupid enough to actually
enter real information.

Being a computing professional... I'd say about 90%, probably more.
These schemes are making *big* money, or they'd go away. Even the
spammers who use fake return addresses aren't worried. If they get
fined a few million it's only a drop in the bucket compared to what
they make.

If I ever do get a legit request via e-mail (which would really
surprise me) I'd never read it as they get trashed on the first line
or two if the spam checker doesn't catch them. So, if I really do owe
you money, don't bother with e-mail. :-)) You'll just get an
answering machine on the telephone.

What bank, credit card co, or organization would be dumb enough to
ask such things in an e-mail? (they do exist)

A bad one from the user end is using HTML e-mail. It looks pretty, but
always set them to text only. I do get the occasional "get a capable
HTML mail reader" comment though. :-)) At least every one is willing
to send me plain text versions of their news letters except the NRA
hasn't changed yet.

But, what the hey... with the money I've come into this last week from
three international lotteries, The widow who wants me to help her move
her late husband's money to the US, three oil investments, and 3 or 4
lawyers, trusts, estates, (you name 'em) I should have close to $200
million USD coming in. Oh, I forgot the two guys with terminal some
thing or other who want confidential help in moving their money out of
their country, or the guy who is trying to get his inheritance... I
should clear close to a quarter billion USD and all I have to do is
send them my bank account number.

Yup. In another month or two I can have all the planes I can fly and
all the toys I want ... and the Easter Bunny is going to leave solid
gold eggs in the front yard.

Roger Halstead (K8RI & ARRL life member)
(N833R, S# CD-2 Worlds oldest Debonair)
www.rogerhalstead.com

I consider it Digital Darwinism. Some folks just don't need to own a
computer.

On Sun, 20 Mar 2005 07:40:12 -0600, "Jim Fisher"
wrote:

"Roy Smith" wrote in message news:roy-
They are also getting increasingly sophisticated. I used to be able to
tell immediately from the shoddy graphics that it wasn't the real thing.
Not long ago, I got one phishing for my Citibank info that I couldn't tell
apart from the real thing.

Well, perhaps cosmetically. There's so many other clues that it is a scam
that one has to wonder at who would actually respond to these things.

My profession has been computers since 1990. I've noted the scams
have gotten far more realistic in the last 6 months.

Only some one who knows enough not to use the new ones even if they do
appear to be legit would escape. That means the vast majority of
usres are vulnerable and without a clue.

Roger Halstead (K8RI & ARRL life member)
(N833R, S# CD-2 Worlds oldest Debonair)
www.rogerhalstead.com

Recently, I received a very legitimate SunTrust Bank scam. I was bored and
decided to go ahead click the links and fill out the form with required (but
fake) information. Y'all ought to do it sometime. It is quite interesting.

They asked for my name, address, phone number, mother maiden name, Social
Security number, bank account & routing number, and other information that
was very personal that no bank would ever request. It is very difficult for
me to imagine someone who would be so naive or stupid enough to actually
enter real information.

I consider it Digital Darwinism. Some folks just don't need to own a
computer.