AOPA Credit Card scam

I have my email set up to forward messages from certain providers into
specifid sub-mailboxes...

So.. stuff that is really FROM ebay goes to an EBAY folder to be read...
and stuff really from my bank goes to its own folder. Helps cut down on
the riffraff..

Its not hard to set up and use... if you use Outlook or Netscape.

Dave

Peter Clark wrote:
On Sat, 19 Mar 2005 12:09:52 -0500, Jay Somerset
wrote:


On Sat, 19 Mar 2005 07:51:37 -0500, Peter Clark
wrote:


They're also pretty easy to pick out because the link has an IP
address rather than a name. Sending you to http://1.2.3.4/whatever
and sucking the information from inattentive people is much easier
than having the link point to http://www.mbna.com and attempt to
redirect the real sitename to their data-gathering box.

Unfortuantely, not true! There are ways to fool your browser (any browser)
into displaying what looks like the legitimate URL in the status/message
bar, but which really is not. Uses special characters that have a defined
meaning in URL syntax, but are not displayed, and not widely knowm.


Perhaps I'm spoiled by Eudora, but I don't even click on an emailed
link unless the preview of what it's going to launch to
Explorer/whatever shows up with proper English characters, and a real,
known, sitename.

Boils down to if it doesn't seem/look right, it's not. Any question,
just launch the browser yourself and go to the site directly.

"George Patterson" wrote in message
...
AOPA warns that someone is trying the scam of spamming pilots saying that
MBNA
needs for them to verify their account info. These mails are not from
MBNA. Do
not click on the link.

This, by the way, is true of every similar scam. No legitimate company
will send
you mail asking for account info by internet.

From the AOPA web site --

Urgent member advisory: Credit card fraud

Members with AOPA credit cards are warned to be on the lookout for e-mails
that
appear to be from MBNA asking you to confirm or update your personal or
credit
card information. These e-mails are not from MBNA. They are attempts by
criminals to gain access to your personal credit information in order to
defraud
you. If you receive such an e-mail solicitation, you are warned not to
respond
or provide any personal information.

As stated on MBNA's Web site:

MBNA is committed to ensuring that your personal and account information
are
protected, both off and on the Internet. MBNA will never ask for personal
or
account information to be submitted via e-mail. MBNA will never provide
personal
information, such as an online account password, via e-mail.

This type of e-mail and Web site fraud, known as "phishing," is
increasingly
prevalent with the scammers posing as a wide variety of businesses -
banks,
credit card companies, insurance companies, and auction sites. There were
an
estimated 20 million phishing e-mails in 2004, and the number is
increasing
rapidly.

If you receive an e-mail that asks you to click a link and provide
personal or
financial information, or suspect any fraudulent activity related to your
MBNA
account(s), please contact MBNA immediately at 800/653-2465.

George Patterson
I prefer Heaven for climate but Hell for company.

in reality the only real credit card scam is being run by the credit
card companies themselves. if you happen to keep a balance on your card i
suggest you read that multi page fine print thing called terms and
conditions. that is the real scam. it is designed to get you in debt and
keep you there.

tony zambon
grumman 9941L

In article ,
says...


in reality the only real credit card scam is being run by the credit
card companies themselves. if you happen to keep a balance on your card i
suggest you read that multi page fine print thing called terms and
conditions. that is the real scam. it is designed to get you in debt and
keep you there.

tony zambon
grumman 9941L

How do they make one buy things?

On Sat, 19 Mar 2005 15:00:35 -0500, Peter Clark wrote:

Perhaps I'm spoiled by Eudora, but I don't even click on an emailed
link unless the preview of what it's going to launch to
Explorer/whatever shows up with proper English characters, and a real,
known, sitename.

and it helps to have your email client set to PLAIN TEXT.

and it helps your recipients when sending as TEXT ONLY. There is almost
never a need for HTML in emails.

#m
--
It's not like I'm a terrorist or a hair dresser or anything.
http://www.ensight.org/archives/2005...ion/trackback/

"Roy Smith" wrote in message news:roy-
They are also getting increasingly sophisticated. I used to be able to
tell immediately from the shoddy graphics that it wasn't the real thing.
Not long ago, I got one phishing for my Citibank info that I couldn't tell
apart from the real thing.

Well, perhaps cosmetically. There's so many other clues that it is a scam
that one has to wonder at who would actually respond to these things.

Recently, I received a very legitimate SunTrust Bank scam. I was bored and
decided to go ahead click the links and fill out the form with required (but
fake) information. Y'all ought to do it sometime. It is quite interesting.

They asked for my name, address, phone number, mother maiden name, Social
Security number, bank account & routing number, and other information that
was very personal that no bank would ever request. It is very difficult for
me to imagine someone who would be so naive or stupid enough to actually
enter real information.

I consider it Digital Darwinism. Some folks just don't need to own a
computer.

--
Jim Fisher

On Sat, 19 Mar 2005 15:00:35 -0500, Peter Clark
wrote:

On Sat, 19 Mar 2005 12:09:52 -0500, Jay Somerset
wrote:

On Sat, 19 Mar 2005 07:51:37 -0500, Peter Clark
wrote:

They're also pretty easy to pick out because the link has an IP
address rather than a name. Sending you to http://1.2.3.4/whatever
and sucking the information from inattentive people is much easier
than having the link point to http://www.mbna.com and attempt to
redirect the real sitename to their data-gathering box.

Unfortuantely, not true! There are ways to fool your browser (any browser)
into displaying what looks like the legitimate URL in the status/message
bar, but which really is not. Uses special characters that have a defined
meaning in URL syntax, but are not displayed, and not widely knowm.

Perhaps I'm spoiled by Eudora, but I don't even click on an emailed
link unless the preview of what it's going to launch to
Explorer/whatever shows up with proper English characters, and a real,
known, sitename.
You can still get fooled -- even Eudora could display what looks like a
valid URL when it is bogus. The only way to be absolutely sure would be to
copy the URL to an ascii text editor that doesn't understand what a URL is
supposed to be, and cxheck that way.


Boils down to if it doesn't seem/look right, it's not. Any question,
just launch the browser yourself and go to the site directly.

--
Jay.
(remove dashes for legal email address)

"Jim Fisher" wrote:
They asked for my name, address, phone number, mother maiden name, Social
Security number, bank account & routing number, and other information that
was very personal that no bank would ever request. It is very difficult for
me to imagine someone who would be so naive or stupid enough to actually
enter real information.

Con games have been going on forever. I first heard of the "I found some
money and I'll split it with you, but you have to put up $X to show your
good faith" scam when I was a kid (my father told me how it worked).

I next heard of it a bunch of years later when a woman I was working with
fell victim to it. She came in one morning and started telling a strange
story of how somebody approached her and said they had found $10,000 or
some such. She was flabbergasted when I finished the story for her.

These days, the same scam is still going around, the only difference being
that email has taken over as the transmission mechanism. These scams
survive because they continue to work.

"Jay Somerset" wrote in message
...
On Sat, 19 Mar 2005 07:51:37 -0500, Peter Clark
wrote:


They're also pretty easy to pick out because the link has an IP
address rather than a name. Sending you to http://1.2.3.4/whatever
and sucking the information from inattentive people is much easier
than having the link point to http://www.mbna.com and attempt to
redirect the real sitename to their data-gathering box.

Unfortuantely, not true! There are ways to fool your browser (any
browser)
into displaying what looks like the legitimate URL in the status/message
bar, but which really is not. Uses special characters that have a defined
meaning in URL syntax, but are not displayed, and not widely knowm.

Bruce Schneier covered this URL hack in his latest
security report. Write-up and very convincing fake
paypal page he-
http://www.schneier.com/crypto-gram-0503.html#6

Be careful out there.

("Peter Duniho" wrote)
snip
For better or for worse, our society has decided that "survival of the
fittest" isn't an appropriate strategy.


Yikes!

http://www.eugenics.net/index.shtml
(Note to self: Do not return magazine subscription card)

Besides, it's all about your EQ these days anyway.


Montblack - nature's happy little accident

"Jim Fisher" wrote:
I consider it Digital Darwinism. Some folks just don't need to own a
computer.

Anybody who has ever worked in IT should recognize this story.

The help desk gets a call from somebody having trouble setting up their new
computer. The tech goes back and forth with the person, asking questions
like, "Can you read me exactly what it says on the screen now?" and getting
answers that can't possibly be correct.

After a half an hour of this, the tech says, "Sir, do you still have the
box the computer came in?". The hapless person on the phone admits that he
does. "OK, sir, what I want you to do is take the computer, put it back in
the box, and return it to the store you bought it from. You are obviously
too stupid to own a a computer".

That's the funny part. The sad part of it is that at least half of the
time, the problem is that the software that comes with these things is just
crap, and it's a miracle that most people can get it to work at all. I've
been doing network for the past 20 years. For the past 5 years, I've been
writing software to manage networks. Yet, for the past couple of weeks,
I've been fighting trying to get two off-the-shelf consumer devices talking
to each other over my home network. If I can't figure it out (armed with
packet sniffers, protocol debuggers, and a computer science degree), how
are Mr. and Mrs. J. Random Customer supposed to manage?