AOPA Credit Card scam

On Sat, 19 Mar 2005 07:42:40 -0500, Roy Smith wrote:

In article ,
"Steve Foley" wrote:

What they've been doing recently is opening the real site with the address
bar showing, and opening a login popup, showing no address bar. More often
than not, the popup doesn't work. They're getting shut down pretty quickly,
but I'm sure some people are going for it. I usually type in a few
obscenities after I send the report to the correct party.

They are also getting increasingly sophisticated. I used to be able to
tell immediately from the shoddy graphics that it wasn't the real thing.
Not long ago, I got one phishing for my Citibank info that I couldn't tell
apart from the real thing.

It also used to be that you could be careful and look in the status bar (or
wherever your particular browser shows you a preview of a link the mouse is
hovering over) to make sure it was real. The text on the screen would say
"www.citibank.com", but the URL preview would say "123.456.78.90" and you'd
know it was a fake. Now they're building URLs in the links with non-ascii
characters which display in your browser looking like the real thing, but
resolve to a different IP.

They've even gone farther than that, with redirects.
I've gone to sites that looked and felt real. The URL was real, but
the site actually wasn't.

This is one of the hazards of using HTML e-mail. I use text only.
Clicking on the link can take you to the bogus site while typing in
will not. Usually with plain text you see the actual link, rather
than the bogus one.

But they are getting very sophisticated.

Roger Halstead (K8RI & ARRL life member)
(N833R, S# CD-2 Worlds oldest Debonair)
www.rogerhalstead.com

Roger wrote:

This is one of the hazards of using HTML e-mail. I use text only.
Clicking on the link can take you to the bogus site while typing in
will not.

I've never been able to find the setting for this in Netscape. There's a setting
to specify text/HTML in outgoing mail, but not for incoming.

George Patterson
Drink up, Socrates -- it's all-natural.

George Patterson wrote in
:

AOPA warns that someone is trying the scam of spamming pilots
saying that MBNA needs for them to verify their account info.
These mails are not from MBNA. Do not click on the link.

I've discovered that most of them come from Korea and China. They pick
the images from a legitimate site but post your information to some
site in Seoul.

I assume that tracing such transaction would be fairly easy; is the problem
then that the host COUNTRIES are the laggards here in enforcing fraudulent
activity?

I can't recall any news about prosecutions for this "industry" that is
ripping off $$BILLIONS.

I guess the "zero tolerance" for pot users is MUCH MORE important.

On Sat, 19 Mar 2005 09:44:56 -0700, "Matt Barrow"
wrote:

George Patterson wrote in
:

AOPA warns that someone is trying the scam of spamming pilots
saying that MBNA needs for them to verify their account info.
These mails are not from MBNA. Do not click on the link.

I've discovered that most of them come from Korea and China. They pick
the images from a legitimate site but post your information to some
site in Seoul.

What? The South African connection is missing?

I assume that tracing such transaction would be fairly easy; is the problem
then that the host COUNTRIES are the laggards here in enforcing fraudulent
activity?

I can't recall any news about prosecutions for this "industry" that is
ripping off $$BILLIONS.


Very few are prosecuted, but they are making millions.

I guess the "zero tolerance" for pot users is MUCH MORE important.

Tis a bit difficult to grab someone out of a thrid world country.

Roger Halstead (K8RI & ARRL life member)
(N833R, S# CD-2 Worlds oldest Debonair)
www.rogerhalstead.com

On Sat, 19 Mar 2005 06:30:01 -0000, John Godwin
wrote:

George Patterson wrote in
:

AOPA warns that someone is trying the scam of spamming pilots
saying that MBNA needs for them to verify their account info.
These mails are not from MBNA. Do not click on the link.

I've discovered that most of them come from Korea and China. They pick
the images from a legitimate site but post your information to some
site in Seoul.

They're also pretty easy to pick out because the link has an IP
address rather than a name. Sending you to http://1.2.3.4/whatever
and sucking the information from inattentive people is much easier
than having the link point to http://www.mbna.com and attempt to
redirect the real sitename to their data-gathering box.

One give-away is when your browser says it needs a non-english/latin
font set, e.g. Chinese...

Unless, of course, you're a Pacific customer of the bank or
organization, such as a number of brokerage houses.

On Sat, 19 Mar 2005 07:51:37 -0500, Peter Clark
wrote:

On Sat, 19 Mar 2005 06:30:01 -0000, John Godwin
wrote:

George Patterson wrote in
:

AOPA warns that someone is trying the scam of spamming pilots
saying that MBNA needs for them to verify their account info.
These mails are not from MBNA. Do not click on the link.

I've discovered that most of them come from Korea and China. They pick
the images from a legitimate site but post your information to some
site in Seoul.

They're also pretty easy to pick out because the link has an IP
address rather than a name. Sending you to http://1.2.3.4/whatever
and sucking the information from inattentive people is much easier
than having the link point to http://www.mbna.com and attempt to
redirect the real sitename to their data-gathering box.

Unfortuantely, not true! There are ways to fool your browser (any browser)
into displaying what looks like the legitimate URL in the status/message
bar, but which really is not. Uses special characters that have a defined
meaning in URL syntax, but are not displayed, and not widely knowm.

See also Roy Smith's reply earlier in this thread.



--
Jay.
(remove dashes for legal email address)

On Sat, 19 Mar 2005 12:09:52 -0500, Jay Somerset
wrote:

On Sat, 19 Mar 2005 07:51:37 -0500, Peter Clark
wrote:

They're also pretty easy to pick out because the link has an IP
address rather than a name. Sending you to http://1.2.3.4/whatever
and sucking the information from inattentive people is much easier
than having the link point to http://www.mbna.com and attempt to
redirect the real sitename to their data-gathering box.

Unfortuantely, not true! There are ways to fool your browser (any browser)
into displaying what looks like the legitimate URL in the status/message
bar, but which really is not. Uses special characters that have a defined
meaning in URL syntax, but are not displayed, and not widely knowm.

Perhaps I'm spoiled by Eudora, but I don't even click on an emailed
link unless the preview of what it's going to launch to
Explorer/whatever shows up with proper English characters, and a real,
known, sitename.

Boils down to if it doesn't seem/look right, it's not. Any question,
just launch the browser yourself and go to the site directly.

I have my email set up to forward messages from certain providers into
specifid sub-mailboxes...

So.. stuff that is really FROM ebay goes to an EBAY folder to be read...
and stuff really from my bank goes to its own folder. Helps cut down on
the riffraff..

Its not hard to set up and use... if you use Outlook or Netscape.

Dave

Peter Clark wrote:
On Sat, 19 Mar 2005 12:09:52 -0500, Jay Somerset
wrote:


On Sat, 19 Mar 2005 07:51:37 -0500, Peter Clark
wrote:


They're also pretty easy to pick out because the link has an IP
address rather than a name. Sending you to http://1.2.3.4/whatever
and sucking the information from inattentive people is much easier
than having the link point to http://www.mbna.com and attempt to
redirect the real sitename to their data-gathering box.

Unfortuantely, not true! There are ways to fool your browser (any browser)
into displaying what looks like the legitimate URL in the status/message
bar, but which really is not. Uses special characters that have a defined
meaning in URL syntax, but are not displayed, and not widely knowm.


Perhaps I'm spoiled by Eudora, but I don't even click on an emailed
link unless the preview of what it's going to launch to
Explorer/whatever shows up with proper English characters, and a real,
known, sitename.

Boils down to if it doesn't seem/look right, it's not. Any question,
just launch the browser yourself and go to the site directly.

On Sat, 19 Mar 2005 15:00:35 -0500, Peter Clark wrote:

Perhaps I'm spoiled by Eudora, but I don't even click on an emailed
link unless the preview of what it's going to launch to
Explorer/whatever shows up with proper English characters, and a real,
known, sitename.

and it helps to have your email client set to PLAIN TEXT.

and it helps your recipients when sending as TEXT ONLY. There is almost
never a need for HTML in emails.

#m
--
It's not like I'm a terrorist or a hair dresser or anything.
http://www.ensight.org/archives/2005...ion/trackback/