AOPA Credit Card scam

AOPA warns that someone is trying the scam of spamming pilots saying that MBNA
needs for them to verify their account info. These mails are not from MBNA. Do
not click on the link.

This, by the way, is true of every similar scam. No legitimate company will send
you mail asking for account info by internet.

From the AOPA web site --

Urgent member advisory: Credit card fraud

Members with AOPA credit cards are warned to be on the lookout for e-mails that
appear to be from MBNA asking you to confirm or update your personal or credit
card information. These e-mails are not from MBNA. They are attempts by
criminals to gain access to your personal credit information in order to defraud
you. If you receive such an e-mail solicitation, you are warned not to respond
or provide any personal information.

As stated on MBNA's Web site:

MBNA is committed to ensuring that your personal and account information are
protected, both off and on the Internet. MBNA will never ask for personal or
account information to be submitted via e-mail. MBNA will never provide personal
information, such as an online account password, via e-mail.

This type of e-mail and Web site fraud, known as "phishing," is increasingly
prevalent with the scammers posing as a wide variety of businesses — banks,
credit card companies, insurance companies, and auction sites. There were an
estimated 20 million phishing e-mails in 2004, and the number is increasing
rapidly.

If you receive an e-mail that asks you to click a link and provide personal or
financial information, or suspect any fraudulent activity related to your MBNA
account(s), please contact MBNA immediately at 800/653-2465.

George Patterson
I prefer Heaven for climate but Hell for company.

George Patterson wrote in
:

AOPA warns that someone is trying the scam of spamming pilots
saying that MBNA needs for them to verify their account info.
These mails are not from MBNA. Do not click on the link.

I've discovered that most of them come from Korea and China. They pick
the images from a legitimate site but post your information to some
site in Seoul.

--

What they've been doing recently is opening the real site with the address
bar showing, and opening a login popup, showing no address bar. More often
than not, the popup doesn't work. They're getting shut down pretty quickly,
but I'm sure some people are going for it. I usually type in a few
obscenities after I send the report to the correct party.

"John Godwin" wrote in message
. 3.44...
George Patterson wrote in
:

AOPA warns that someone is trying the scam of spamming pilots
saying that MBNA needs for them to verify their account info.
These mails are not from MBNA. Do not click on the link.

I've discovered that most of them come from Korea and China. They pick
the images from a legitimate site but post your information to some
site in Seoul.

--

In article ,
"Steve Foley" wrote:

What they've been doing recently is opening the real site with the address
bar showing, and opening a login popup, showing no address bar. More often
than not, the popup doesn't work. They're getting shut down pretty quickly,
but I'm sure some people are going for it. I usually type in a few
obscenities after I send the report to the correct party.

They are also getting increasingly sophisticated. I used to be able to
tell immediately from the shoddy graphics that it wasn't the real thing.
Not long ago, I got one phishing for my Citibank info that I couldn't tell
apart from the real thing.

It also used to be that you could be careful and look in the status bar (or
wherever your particular browser shows you a preview of a link the mouse is
hovering over) to make sure it was real. The text on the screen would say
"www.citibank.com", but the URL preview would say "123.456.78.90" and you'd
know it was a fake. Now they're building URLs in the links with non-ascii
characters which display in your browser looking like the real thing, but
resolve to a different IP.

On Sat, 19 Mar 2005 06:30:01 -0000, John Godwin
wrote:

George Patterson wrote in
:

AOPA warns that someone is trying the scam of spamming pilots
saying that MBNA needs for them to verify their account info.
These mails are not from MBNA. Do not click on the link.

I've discovered that most of them come from Korea and China. They pick
the images from a legitimate site but post your information to some
site in Seoul.

They're also pretty easy to pick out because the link has an IP
address rather than a name. Sending you to http://1.2.3.4/whatever
and sucking the information from inattentive people is much easier
than having the link point to http://www.mbna.com and attempt to
redirect the real sitename to their data-gathering box.

One give-away is when your browser says it needs a non-english/latin
font set, e.g. Chinese...

Unless, of course, you're a Pacific customer of the bank or
organization, such as a number of brokerage houses.

George Patterson wrote in
:

AOPA warns that someone is trying the scam of spamming pilots
saying that MBNA needs for them to verify their account info.
These mails are not from MBNA. Do not click on the link.

I've discovered that most of them come from Korea and China. They pick
the images from a legitimate site but post your information to some
site in Seoul.

I assume that tracing such transaction would be fairly easy; is the problem
then that the host COUNTRIES are the laggards here in enforcing fraudulent
activity?

I can't recall any news about prosecutions for this "industry" that is
ripping off $$BILLIONS.

I guess the "zero tolerance" for pot users is MUCH MORE important.

On Sat, 19 Mar 2005 07:51:37 -0500, Peter Clark
wrote:

On Sat, 19 Mar 2005 06:30:01 -0000, John Godwin
wrote:

George Patterson wrote in
:

AOPA warns that someone is trying the scam of spamming pilots
saying that MBNA needs for them to verify their account info.
These mails are not from MBNA. Do not click on the link.

I've discovered that most of them come from Korea and China. They pick
the images from a legitimate site but post your information to some
site in Seoul.

They're also pretty easy to pick out because the link has an IP
address rather than a name. Sending you to http://1.2.3.4/whatever
and sucking the information from inattentive people is much easier
than having the link point to http://www.mbna.com and attempt to
redirect the real sitename to their data-gathering box.

Unfortuantely, not true! There are ways to fool your browser (any browser)
into displaying what looks like the legitimate URL in the status/message
bar, but which really is not. Uses special characters that have a defined
meaning in URL syntax, but are not displayed, and not widely knowm.

See also Roy Smith's reply earlier in this thread.



--
Jay.
(remove dashes for legal email address)

On Sat, 19 Mar 2005 12:09:52 -0500, Jay Somerset
wrote:

On Sat, 19 Mar 2005 07:51:37 -0500, Peter Clark
wrote:

They're also pretty easy to pick out because the link has an IP
address rather than a name. Sending you to http://1.2.3.4/whatever
and sucking the information from inattentive people is much easier
than having the link point to http://www.mbna.com and attempt to
redirect the real sitename to their data-gathering box.

Unfortuantely, not true! There are ways to fool your browser (any browser)
into displaying what looks like the legitimate URL in the status/message
bar, but which really is not. Uses special characters that have a defined
meaning in URL syntax, but are not displayed, and not widely knowm.

Perhaps I'm spoiled by Eudora, but I don't even click on an emailed
link unless the preview of what it's going to launch to
Explorer/whatever shows up with proper English characters, and a real,
known, sitename.

Boils down to if it doesn't seem/look right, it's not. Any question,
just launch the browser yourself and go to the site directly.

I check the Properties on suspicious e-mails...pretty easy to identify the
fakes. There are some super-good ones, though, like those spoofing
Washington Mutual...I send those to because the Properties
looks like a real Wamu link...but Wamu assures me that they do not send
e-mails requesting information.

Bob Gardner

"Roy Smith" wrote in message
...
In article ,
"Steve Foley" wrote:

What they've been doing recently is opening the real site with the
address
bar showing, and opening a login popup, showing no address bar. More
often
than not, the popup doesn't work. They're getting shut down pretty
quickly,
but I'm sure some people are going for it. I usually type in a few
obscenities after I send the report to the correct party.

They are also getting increasingly sophisticated. I used to be able to
tell immediately from the shoddy graphics that it wasn't the real thing.
Not long ago, I got one phishing for my Citibank info that I couldn't tell
apart from the real thing.

It also used to be that you could be careful and look in the status bar
(or
wherever your particular browser shows you a preview of a link the mouse
is
hovering over) to make sure it was real. The text on the screen would say
"www.citibank.com", but the URL preview would say "123.456.78.90" and
you'd
know it was a fake. Now they're building URLs in the links with non-ascii
characters which display in your browser looking like the real thing, but
resolve to a different IP.