Image courtesy: peevee@ds

I was wandering what to post today. When I was thinking about the topic, I received another interesting email to my admin email address of this blog. That email is added below. Read it carefully.

From: CitiBusiness [mailto:csupport.id26701-9565967340CBF@citibank.com]
Sent: Tuesday, February 26, 2008 8:03 PM
To: Admin
Subject: CitiBusiness: please update your data.

Dear CitiBusiness customer,

CitiBusiness new Scheduled Maintenance Program protects your data from unauthorized access. CitiBusiness Online Form is important addition to our scheduled maintenance program.
Please use the link below to access CitiBusiness Online Form:

CitiBusiness Online Form

Please do not reply to this auto-generated email. Follow instructions above.

When you read this, you will get an idea that the real Citi bank customer service has written this. You will definitely click the link and impatiently wait until the web page loads. I don’t have any connection with the citi bank. Therefore I suspected that this is a scam. What I did was, I checked the URL in the link given in the email I received. Here it is and have a close look at it. Check whether you notice anything.

http://citibusiness.citibank.com.losao1.es/businessdir/cbof/start.do/

?ref=89359052406999261772635660432086023000757642467292293

1377109&session=7632008

You won’t notice much difference most probably. Because you will see the first few words as http://citibusiness.citibank.com and you will ignore the rest and continue with the instruction in the web page that you will see next. But if you have a closer look at it, you’ll find that the web address ends with .es (Not the whole URL). The web address is highlighted below.

http://citibusiness.citibank.com.losao1.es/businessdir/cbof/start.do/

?ref=89359052406999261772635660432086023000757642467292293

1377109&session=7632008

This is not the real web address of Citi bank. I have given the real web address beow.

http://www.citibank.com/us/index.htm

The people who are behind this scam are more intelligent than the PayPal scam I explained in an earlier post. Because they have used the citibank.com part in their web address as a sub domain. The actual web address is losao1.es which is a web address of Spain. When you click the URL in the email, you will be directed to a page like below.

You won’t think that this page is not an original one when you see it. I’m not quite sure about the Citi bank business code. If it is something important and confidential like a credit card number and if you have a code, you will definitely enter it. Then they have your id and they can use it for their evil intentions. I just put a random number with an English letter and hit enter.

There was no error given and directed to another page. Therefore I feel that there is no much usage of pirating this id. The next page I saw is given below.

It is a login form and I entered random values again. No error was thrown and I was directed to another page as shown below.

The details you have to enter here must be important to these people. Because a normal user will enter their real data believing that this is a real. The people who are behind this scam most probably contact you by using the details provided in this form and definitely ask for financial data like account number, pin number and credit card details. They will give you a good excuse for it like upgrade of the system. If you do this, you are doomed.

As I did earlier, I added random values and clicked “Confirm” button. Then a popup message box was shown as below.

If you look carefully, you will see the above mentioned fake Citi bank web address in the title of the message box. The only truth they have told, I could find here. When I clicked “OK” I was directed to the real Citi bank website. So I’m pretty confident that their needed information was in the form I mentioned above.

If you have a Citi bank id, you will definitely put your real data in that form and there is a very good chance that you will be caught into trouble. What I wanted to emphasis by revealing this scam is to ask you to be more careful when you receive these kinds of emails. Any bank or other monetary organization won’t ask your private details in a way like this. Therefore you must inquire about this from the real business entity. And you must also carefully examine the URLs given in the email and data validation in the pages you will be directed after clicking that link. By doing this you will be able to get rid off from your worst nightmares.

Image courtesy: mathowie

The seed for this post was an email I received yesterday. I’m a verified PayPal user using a Gmail address for the login user email address in PayPal.com. I haven’t made any transaction through PayPal within last 3 or 4 months. But I received an email to my admin email address of this website (admin@best-internet-guide.com if you are willing to contact me and don’t know my email address :-)), informing me that I have made a payment to a person having a PayPal login email id digishopbay123@macintosh.com and asking to click a link to dispute the transaction. The email I received is given below.

From: service@intl.paypal.com [mailto:service@intl.paypal.com]
Sent: Wednesday, February 20, 2008 4:50 PM
To: undisclosed-recipients:
Subject: Dispute Transaction

Dear PayPal Member,

This email confirms that you have sent an eBay payment of $47.75 USD to 

digishopbay123@macintosh.com for an eBay item. 

———————————–

Payment Details

———————————–

Amount: $38.75 USD

Transaction ID: KSUGS10992LAKLLX0909

Subject: Pioneer Cd Player 138

Note:

If you haven’t authorized this charge ,click the link below to dispute transaction 

and get full refund

Dispute transaction (Encrypted Link )

*SSL connection:

PayPal automatically encrypts your confidential information

in transit from your computer to ours using the Secure 

Sockets Layer protocol (SSL) with an encryption key length 

of 128-bits (the highest level commercially available)

———————————–

Item Information

———————————–

eBay User ID: multimediacdplr

—————————————————————-

Michael Rotenberg’s UNCONFIRMED Address

—————————————————————-

Michael Rotenberg

879 Markenson  St. 

76649 Iredell, TX

United States

Important Note: Michael Rotenberg has provided an Unconfirmed Address. If 

you are planning on shipping items to Michael Rotenberg, please check the 

Transaction Details page of this payment to find out whether you will 

be covered by the PayPal Seller Protection Policy. 

—————————————————————-

This payment was sent using your bank account. 

By using your bank account to send money, you just:

- Paid easily and securely

- Sent money faster than writing and mailing paper checks

- Paid instantly — your purchase won’t show up on bills at the end of 

the month. 

Thanks for using your bank account!

—————————————————————-

Thank you for using PayPal!

The PayPal Team

PayPal Email ID PP980

I was confused by hearing that I have made a payment which actually I didn’t. 

I was little curious and felt the scent of another probable scam. 

Therefore I thought to click that link and explore about this. 

The link which was asked to be clicked was having the URL given below.

http://mail.moraga.ca.us/users/manager/www.paypal.com/cgi-bin/webscr.php?

cmd=_flow&SESSION=60-SQEaP_wWvhPmjul-DllC5OkU8dzThCY4mF5LzvZxGdMv

LhBSjCflCmUW&dispatch=5885d80a13c0db1f02baca35d810c8ec1c019f6b4e949c

a66922b381ebbdcb08

It starts with http://mail.moraga.ca.us which is not http://www.paypal.com or a sub domain of paypal.com (Ex:http://dispute.paypal.com). My assumption was correct and I thought to explore further. When I clicked that link, I was taken to a webpage which I was stunned to see. It is added below.

It is identical to the real paypal.com home page except the URL. An average person will definitely click that link as he/she hasn’t made that transaction and visit this webpage. And he/she won’t notice that even though the home page is identical but the URL is different. Actually most of us don’t look at the URL of a familiar website. As I mentioned above, my real PayPal email (xxxxx@gmail.com, I will send you my real PayPal email address if you like to make a donation for me ), is not the same one which I received this email. Next part is the most interesting.

I wanted to check the mistakes these dangerous cheaters have done. Therefore I opened the real paypal.com webpage also. First I hit the submit button without entering the user email id or the password. A popup message box appeared as shown below.

Then I checked the same scenario with the real paypal.com website. It took me to another page and showed an error message which was embedded in the webpage (not a message box). The error message shown is given below.

You must enter both your email address and password. Please try again.

Then I hit the submit button only with the user email id. The fake PayPal website showed another error message box as shown below.

When I did that with real paypal.com, it gave the same error message mentioned above. If you noticed, you will find the title of the fake error message boxes have a URL http://mail.moraga.ca.us not something like http://dispute.paypal.com.

Then I added the email address a@a.com and password as 11111, which both are fakes. Surprisingly I was successfully verified and taken into another webpage which asks my credit card details to verify my payment and refund. That page is shown below.

If you don’t provide your real credentials to the real paypal.com, you will not be allowed to proceed further. My assumption was becoming a reality. I didn’t add my credit card details. Then I logged in to the real paypal.com with my real credentials and checked whether there are any pending dispute transactions. I couldn’t find any and I also checked all my transactions. But I couldn’t find any transaction related to that email address. I thought to do some research on this. But it didn’t take a long time as I found some information from the paypal.com site itself. They have mentioned about phishing emails and asked to report about those types of messages to an email address (spoof@paypal.com).

I forwarded the email received explaining everything as mentioned above. They replied me indicating that it is a phishing message. I have added the reply below.

—–Original Message—–
From: spoof@paypal.com [mailto:spoof@paypal.com]
Sent: Wednesday, February 20, 2008 6:21 PM
To: Sampath Wijeratne
Subject: RE: Q510 - Thank you for your email to PayPal (KMM95898866V11853L0KM) :kf1

Thanks for taking an active role by reporting suspicious-looking emails.

The email you forwarded to us is a phishing email, and our security team

is working to disable it.

————————-

What is a phishing email?

————————-

Phishing emails attempt to steal your identity and will often ask you to

reveal your password or other personal or financial information. PayPal

will never ask for your password over the phone or in an email and will

always address you by your first and last name.

Take our Fight Phishing Challenge at

https://www.paypal.com/fightphishing to learn 5 things you should know

about phishing. You’ll also see what we’re doing to help fight fraud

every day.

————————-

You’ve made a difference.

————————-

Every email counts. By forwarding a suspicious-looking email to

spoof@paypal.com, you’ve helped keep yourself and others safe from

identity theft.

Thanks,

The PayPal Team

_______________________________________________________________________

This email is sent to you by the contracting entity to your User

Agreement, either PayPal Inc, PayPal Pte. Ltd or PayPal (Europe) S.à

r.l. & Cie, S.C.A. Société en Commandite par Actions, Registered Office:

5th Floor 22-24 Boulevard Royal L-2449, Luxembourg RCS Luxembourg B 118

349.

_______________________________________________________________________

I hope that everything is clear for you now. Millions of PayPal users might have been trapped into this when you are reading this post and they might have lost millions of Dollars. I thought that informing others by posting this post will at least save some of their money. If you don’t believe what I mentioned here, just visit that URL and enter a fake user email address and password. You will experience the same what I experienced. But NEVER add your credit card details. If you think that this will be interesting for your friends, click the topic of this post. Then you will be allowed to tell a friend about this by sending an email. I will come with another interesting topic like this with the next post.

Image courtesy: ToastyKen

I just received another email asking for help to transfer a big amount of money. I thought that it is very good to inform you about this email request. Here is the email that I received.

FROM THE DESK OF :MOHAMED ADAMS
AUDITING AND ACCOUNTING SECTION,
BANK OF AFRICA(BOA),
OUAGADOUGOU BURKINA-FASO,WEST AFRICA.

Private E-mail:(mohamed_adams200@yahoo.fr )

(PLEASE SEND ALL INFORMATION BY EMAIL FOR THE SECRET OF THE TRANSITIONS / THE BANK INFORMATION’S PHONE NUMBER - 0022676634733)
( CONFIDENTIAL BUSINESS)

.Dear Friend,

This message might meet you in utmost surprise, however,it’s just my urgent need for foreign partner that made me to contact you for this transaction. I am a banker by profession from Burkina faso in west Africa and currently holding the post of Director Auditing and Accounting unit of the bank.I have the opportunity transferring the left over funds ($5.5million) of one of my bank clients who died along with his entire family on 31ST October 1999 in a plane crash.

You can confirm the genuine of the deceased death by clicking on this web site http://news.bbc.co.uk/1/hi/world/europe/859479.stm
Hence,i am inviting you for a business deal where this money can be shared between us in the ratio of 60/30 while 10% will be mapped out for expenses.If you agree to my business proposal.further details of the transfer will be forwarded to you as soon as i receive your return mail and phone call. have a great day.

With Best Regard.

MR MOHAMED ADAMS

This is the seventh and hopefully the last email I received from the person called as Peter Brown. This is the one that I was waiting for to prove you that he is asking money at some time later. Check the email I received.

From: PETER BROWN [mailto:brownpeter59@yahoo.co.uk]
Sent: Thursday, January 24, 2008 10:22 AM
To: MY EMAIL ADD
Cc: MY EMAIL ADD
Subject: I NEED YOUR HELP PLEASE

Dear Amila.

How are you onceagain? After sending you the 3 legal documents today, I contacted the lawyer Barrister Paul Mike on the remaining one document which is A Sworn Affidavit of Claims But the lawyer told me today that the remaining one document will cost a sum of 320 BRITISH POUNDS ONLY (Three Hundred & Twenty British Pounds only). I am very tense to receive this shocking information from the lawyer today because i had already spent almost all the money i have with me for hiring this lawyer and for processing all other legal documents which i have already sent to you today. Infact the problem now is that i cannot be able to raise this required sum of 320 British-Pounds for processing this last one remaining document as the lawyer said from the high court of London in your name.

By this message, I am writing to request for your assistance in processing this last remaining one document (Sworn Affidavit) from the high court of London in your name. Probably i want you to assist me in completing this transaction by sending me this required 320 British-Pounds or directly to the lawyer for processing the remaining one document so that we will successfully get over the whole problems holding us at a ransome in this transaction. The lawyer Barrister Paul Mike told me that he will be going to the high court of London today or tomorrow morning to process the remaining one document in your name only after he receives the 320 British-Pounds and please please my dear try your level best to arrange this needed money and send it immediately by Western Union Money Transfer using the following information:

Money Receiver’s name: Lindsay Hill. (Accountant Paul Mike Chambers).
Address: East London strand, British law council quarters England.
Send Money By Western Union Money Transfer only.

After sending the fees, Contact me immediately and send me some informations like:

Sender’s name: …………
Sender’s Address: …………………
Money Transfer Control Numbers (MTCN): …………………
Amount to send: (320 GBP Only).

I will forward these informations above to the office of the lawyer after receiving your message so that the lawyer’s account officer (Mr. Lindsay Hill) will receive the money from western union office here in London while the lawyer will take the final step of completing the process of securing the last remaining one legal document in your name from the high court of London. Even if you are going to borrow this money as loan from any one in your country, Please my brother try and do it because there is NO much time left and promise any one giving you this loan that you will pay back the loan within 2 days even with enough interest because you are going to have enough money at hand after Barclays Bank Plc, London finished transfering the US$6 Million into your bank account in your country.

Finally i hope to hear from you again after sending the fees to the lawyer only by western union money transfer. Onceagain i hope to meet you face to face in your country for investment by next week after successfully completed this transaction. Thank you onceagain and bye for now my dear.

Yours sincerely,
Peter Brown,
From London UK.

If you read this series of posts from the beginning, you can notice that I didn’t provide any correct detail. And I didn’t do anything they asked to do but I informed them that I did it. It means that they didn’t care about anything that they asked. Therefore they didn’t notice that I was doing the same thing that they did. If you inspect thoroughly, you will notice that the person who wrote all these emails didn’t follow a good English grammar pattern which is very rare to see from an Englishman.

I posted this series to inform you all about this bloody scam where many people around the world lose their hardly earned money by engaging in these types of scams willing to get rich quickly. But the truth is that how harder you work and dedicated, you will get richer. Newer trust these kinds of scams. As I was aware about this, they couldn’t catch me. The story of these kinds of emails will differ. But the general meaning will be asking for some money to make you rich.

If you are interested about this, here is a website which describes more type of internet scams in the internet with proofs.

http://www.hotscams.com

Hope you liked this series of posts. Good Luck!

This is the sixth email I received from the person called as Peter Brown. He has stated that he has spent all of his money for this. I sent a reply telling him that I sent my documents. In the next email he or she will definitely ask for the remaining money. Check the email I received and the reply I sent.

From: PETER BROWN [mailto:brownpeter59@yahoo.co.uk]
Sent: Wednesday, January 23, 2008 9:30 AM
To: MY EMAIL ADD
Cc: MY EMAIL ADD
Subject: call me

Dearest Amila
How are you today?

Attached below are 3 legal documents ie (Death Certificate, Funds Deposit Certificate AND Legal Clearance certificate) which the lawyer (Barrister Paul Mike) gave me today as processed in your name from the high court of London and London Population control agency But the funds deposit (FDC) is from my personal file which my client Late Johnson Pillars gave me before his sudden death here in London. We still have one more document which is “A SWORN AFFIDAVIT OF CLAIMS” to be submitted to the Barclays Bank PLC, London n for successful completion of this transaction But this document cannot be ready now because it will still cost me a lot of money and you know very well that i have already spent amost all my money since we started this transaction here in London. Please download and print out these 3 documents attached below and send them to the Barclays Bank PLC, London immediately by telfax and by email attachement at the same time informing the bank to wait for the remaining one document which is (”SWORN AFFIDAVIT OF CLAIMS”). Thanks again and bye for now.

Yours Brother,

Reply I sent

Hello Peter,

I sent the documents today. What should I do next?

Thanks
Amila

Attached images

Note that these attached images have a common feature. That is some text and drawings are clearly visible compared to back ground and these images are not very clear. As I know Graphics, I’m 100% sure that they have added text using a software on the scanned images of these certificates.