Page 1 of Phishing

Just received one which is VERY plausible.

Targeted at a subject we`ve been hammering in the last 24 hours.

Anyone come across Spanisheshop.
Also is there any organisation we can forward these things to because if it nearly fooled me, and I reckon I`m quite wide awake to this subject, then there must be shed loads of newbies who are falling for it.
This one actually says my payment of £294 has been accepted.
Obviously no payment has been made but you can see the way it`s heading.
"Oh we`re so sorry, give us your card details again and we`ll refund it"



Snaps

not that plausible.
A show properties on the email without even opening it indicates a return
address of ylonfruaiu[at]moc.sukcab which in no way resembles the supposed sender.

We had a few of these this morning at work with account numbers and account debits. as a business we cannot do anything except update the mimesweeper :-(

However, if it`s a personal address you could go after the information commissioner regarding the EU privacy directive regarding unsolocited emails and SMS (reminds me to do 2 SMS spammers while I am there).

Anyway, information commissioner web site.

Enjoy


Chris

This item was edited on Monday, 1st August 2005, 17:47

None of it is plausible. Much easier to phone the credit card issuer to confirm rather than falling for it. In fact, I don`t even bother phoning the credit card issuer at all as it is blatantly a con. If they manage to take money from the credit card in the first place then they must have the credit card number for a refund - no need to ask for it again.

It is possible to obtain the IP address of the originating email and notify the service provider. Unfortunately, some ISPs will turn a blind eye and many internet cafes will not bother checking who was logged on at a certain time.

I don`t know how any sort of phishing attack can be plausible, even to the most naive internet user. The banks tell you time and time *and time* again that they will not ask for details via email. If this doesn`t send alarm bells ringing then I don`t know what will.

I`m interested to know, purely out of curiosity, which bit of the email made you "nearly" fall for it, because for somebody who is "quite aware" of this sort of scam, I really cannot see anything that differentiates this from the "we`ve updated our security application. please click here and enter your user name and password" emails. If anything, this is less sophisticated than said emails.

This item was edited on Friday, 5th August 2005, 17:28

I always look for the spelling mistakes too, which there are usually quite a lot.