| View previous topic :: View next topic |
| Author |
Message |
GomerPyle
Cadet
Joined: Oct 20, 2007
Posts: 7
Location: Wherever I Lay My Hat
|
 Posted: Thu Nov 01, 2007 12:16 pm Post subject: cu.org |
|
|
Can I ask you to look into this please
I must say at the outset that I am a 419scam baiter and arrived here as a result of the DDoS attacks we all suffered, so this is not my area of expertise for me, though I have used your site to report phishing mails before.
I received this mail into a mail account I use largely to receive scam mail, and it would only receive mail that has been gleaned from website guestbooks where I have purposely left it to pick up scam mail.
| Quote: | Return-Path: <costumerserv@cu.org>
Received: from rly-dd07.mx.aol.com (rly-dd07.mail.aol.com [172.19.141.154]) by air-dd07.mail.aol.com (v120.9) with ESMTP id MAILINDD074-b8b47290b9b1ea; Wed, 31 Oct 2007 19:11:27 -0400
Received: from simmts6-srv.bellnexxia.net (simmts6.bellnexxia.net [206.47.199.164]) by rly-dd07.mx.aol.com (v120.9) with ESMTP id MAILRELAYINDD075-b8b47290b9b1ea; Wed, 31 Oct 2007 19:11:24 -0400
Received: from User ([74.15.185.37]) by simmts6-srv.bellnexxia.net
(InterMail vM.5.01.06.13 201-253-122-130-113-20050324) with SMTP
id <20071031231121.MXNY8742.simmts6-srv.bellnexxia.net@User>;
Wed, 31 Oct 2007 19:11:22 -0400
From: "Credit Union"<costumerserv@cu.org>
Subject: Identity Theft Protection Program
Date: Wed, 31 Oct 2007 19:11:21 -0400
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 1
X-MSMail-Priority: High
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-Id: <20071031231121.MXNY8742.simmts6-srv.bellnexxia.net@User>
X-AOL-IP: 206.47.199.164
X-AOL-SCOLL-SCORE:0:2:394328576:9395240
X-AOL-SCOLL-URL_COUNT:
X-AOL-SCOLL-AUTHENTICATION: listenair ; SPF_helo :
X-AOL-SCOLL-AUTHENTICATION: listenair ; SPF_822_from :
Dear Credit Union customer,
We regret to inform you that we have received numerous fraudulent emails which ask for personal account information. The emails contained links to fraudulent pages that looked legit. Please remember that we will never ask for personal account information via email or web pages.
Because of this we are launching a new security system to make Credit Union accounts more secure and safe. To take advatage of our new consumer Identity Theft Protection Program we had to deactivate access to your card account.
To activate it please call us immediately at (phone number removed by moderator)
Activation is free of charge and will take place as soon as you finish the activation process.
If you think your identity has been stolen, here's what to do now:
1) Contact the fraud departments of any one of the three major credit bureaus to place a fraud alert on your credit file. The fraud alert requests creditors to contact you before opening any new accounts or making any changes to your existing accounts. As soon as the credit bureau confirms your fraud alert, the other two credit bureaus will be automatically notified, and all three credit reports will be sent to you free of charge.
2) Close accounts that you know or believe have been tampered with or opened fraudulently. Use the ID Theft Affidavit (PDF) when disputing new unauthorized accounts.
3) File a police report. Get a copy of the report to submit to your creditors and others that may require proof of the crime.
4) File your complaint with the Federal Trade Commission (FTC). The FTC maintains a database of identity theft cases used by law enforcement agencies for investigations. Filing a complaint also helps the FTC gather more information about identity theft and the problems victims are having.
For more information, go to: http://www.consumer.gov/idtheft/.
Please do not reply to this message. For any inquiries, contact Customer Service.
NCUA, CUNA, Credit Union - Copyright © 2007 |
| Quote: | cu.org = [ ]
(Asked whois.pir.org:43 about cu.org)
Domain ID: D817870-LROR
Domain Name: CU.ORG
Created On: 10-May-1995 04: 00: 00 UTC
Last Updated On: 28-Mar-2006 17: 05: 06 UTC
Expiration Date: 11-May-2011 04: 00: 00 UTC
Sponsoring Registrar: Network Solutions LLC (R63-LROR)
Status: CLIENT TRANSFER PROHIBITED
Registrant ID: 22398149-NSI
Registrant Name: FloridaCreditUnion League Service Group Inc.
Registrant Organization: FloridaCreditUnion League Service Group Inc.
Registrant Street1: 3773 Commonwealth Boulevard
Registrant Street2:
Registrant Street3:
Registrant City: Tallahassee
Registrant State/Province: FL
Registrant Postal Code: 32303
Registrant Country: US
Registrant Phone: 1.9999999999
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email: sshafer [at] JSSINC.COM
Admin ID: 5483965-NSI
Admin Name: Steve Shafer
Admin Street1: P.O. Box 15492
Admin Street2:
Admin Street3:
Admin City: Tallahassee
Admin State/Province: FL
Admin Postal Code: 32317
Admin Country: US
Admin Phone: 1.8506689874
Admin Phone Ext.:
Admin FAX:
Admin FAX Ext.:
Admin Email: sshafer [at] JSSINC.COM
Tech ID: 5814371-NSI
Tech Name: Jim Helms
Tech Street1: 3246 Albert Dr.
Tech Street2:
Tech Street3:
Tech City: Tallahassee FL 32308
Tech State/Province:
Tech Postal Code:
Tech Country: UA
Tech Phone: 1.9048932387
Tech Phone Ext.:
Tech FAX:
Tech FAX Ext.:
Tech Email: jhelms [at] TALSTAR.COM
Name Server: SCO.FCUL.COM
Name Server: EXCHANGE3.FCUL.COM |
It appears to be linked to this organisation mentioned here
http://www.aboutus.org/Fcul.com
and a forum behind a login here
http://councils.fcul.com/login.php?redirect=portal.php
This isn't my field but I have sensitive nostrils and would welcome an expert in this field letting me know if there is something rotten about this.
Even if it's genuine - I am in the UK - not a member of a Credit Union and they are spamming if not phishing.
|
|
| Back to top |
|
 |
brewt
SIRT Handler
Premium Member
Joined: May 29, 2007
Posts: 792
Location: USA
|
| Posted: Thu Nov 01, 2007 2:13 pm Post subject: |
|
|
It's highly likely that there is some kind of link to a phishing site in that email, possibly in the html portion of the email.
see http://wiki.castlecops.com/Retrieving_Email_Source_Code
It may be worth re-pasting the body if you find more than what is pasted above.
|
|
| Back to top |
|
|
GomerPyle
Cadet
Joined: Oct 20, 2007
Posts: 7
Location: Wherever I Lay My Hat
|
| Posted: Thu Nov 01, 2007 3:42 pm Post subject: |
|
|
I didn't leave any bits out. That was all there was, but I did read some of the posts here afterwards which referred to a phish where you were asked to ring a telephone number (as this one does) and it's then that the phishing attempt takes place.
It just seemed to me that if cu.org had the status it claimed, it was funny that it existed only as an 'aboutus' page and as a forum behind a login. On the DDoS forum someone mentions forums like that, that are populated with one post new users as a facade to lend credibility.
I'm a 'fish out of water' in this area, but it smells funny. If it's worthwhile I don't mind ringing them  - now that is what I do.
|
|
| Back to top |
|
|
eaglewolf
Captain
Joined: Apr 22, 2006
Posts: 597
Location: USA
|
| Posted: Thu Nov 01, 2007 5:07 pm Post subject: |
|
|
There is *no* link to any phish site, yet this IS a phishing scam. It's all being done by phone.
These started up earlier this week.
ew
|
|
| Back to top |
|
|
eaglewolf
Captain
Joined: Apr 22, 2006
Posts: 597
Location: USA
|
|
| Back to top |
|
|
GomerPyle
Cadet
Joined: Oct 20, 2007
Posts: 7
Location: Wherever I Lay My Hat
|
|
| Back to top |
|
|
eaglewolf
Captain
Joined: Apr 22, 2006
Posts: 597
Location: USA
|
| Posted: Thu Nov 01, 2007 10:13 pm Post subject: |
|
|
Don't call the number in the e-mail! That will make the scammer happy.
This scam doesn't cast any more 'doubt' on the credit union than it does on any other corporation or financial institution that has also been 'misrepresented' in a phishing scam.
The biggest effort has to be with the end-user .. basic safety information. For example:
No financial institution (bank/credit union/investments) or corporation (eBay/PayPal and others) will contact you via e-mail and ask you to go to any link or make any phone calls.
If they do have to contact you, they will never address you as: "Dear Credit Union customer" ..they will use your name. They have it .. the scammer doesn't.
NEVER click a link out of an e-mail. Learn to 'mouse-over' (no click, just place the mouse pointer over the link) all your links and check where you're *actually* going to be sent by looking on the left side of your status bar. If the link in the e-mail says 'PayPal' and you see on the status bar: www.gotchascammed.com ..that's a clue!
If in doubt, *call* the institution/corporation at their business number and ask. Scam e-mails make use of what's called 'social engineering' .. they 'engineer' you into a rush/panic decision based on fear: fear of having your account restricted or suspended within a number of hours/days if you don't comply. As they say .. balderdash! Don't fall for it.
If you do get a phone call asking for *any* personal information, do NOT give it. Tell the caller you'll contact the [bank/corp/etc] directly yourself. Do NOT let yourself be pressured into a response.
Monitor your bank/credit union balance. Get your free credit bureau reports. If you're a member of eBay or PayPal, log in and check your activity. Has there been any attempt to transfer funds? Are there things offered for auction that you never entered?
Change passwords .. and change them often. Use a *secure* password and do NOT use the same one for multiple accounts. Especially with eBay/PayPal .. the scammers take advantage of the fact that many memebers use the same login/password for both .. for convenience. Yes, you're now making it *very* convenient for the scammer!
Think safety at all times on the internet. In fact, being slightly paranoid doesn't hurt!
|
|
| Back to top |
|
|
eaglewolf
Captain
Joined: Apr 22, 2006
Posts: 597
Location: USA
|
| Posted: Thu Nov 01, 2007 10:13 pm Post subject: |
|
|
Moderator:
Please delete this one .. it tried to double-post.
Thanks ...
|
|
| Back to top |
|
|
GomerPyle
Cadet
Joined: Oct 20, 2007
Posts: 7
Location: Wherever I Lay My Hat
|
|
| Back to top |
|
|
eaglewolf
Captain
Joined: Apr 22, 2006
Posts: 597
Location: USA
|
| Posted: Fri Nov 02, 2007 2:19 am Post subject: |
|
|
It's really *not* a good idea to be 'playing' with those phone numbers. This stuff isn't a 'game.'
|
|
| Back to top |
|
|
GomerPyle
Cadet
Joined: Oct 20, 2007
Posts: 7
Location: Wherever I Lay My Hat
|
| Posted: Fri Nov 02, 2007 6:33 am Post subject: |
|
|
I know what you mean, but I assure you that my set up makes my number untraceable and I am in control of what happens. All I was seeking to do was uncover what the scam was, and that was the only way to do it.
I am flippant by nature - forgive me. It's an act.
|
|
| Back to top |
|
|
|
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
