Anatomy of a scam

The other day a client of mine called and asked about an email they received from PayPal.

The email stated that PayPal had seen some unusual activity on their account and needed them to verify their information.

A link to a login page was given in the email. (Red Flag One - PayPal will never direct you to their site concerning sensitive information with a link. The will instruct you to manually go to www.paypal.com and login there.)

Upon clicking the email link you are taken to a page that uses javascript to remove the status bar of your browser

window.(Red Flag Two - hides the fact that you are not on a secure page.)

The page also contains code to alter the address bar to display what seems to be the PayPal address.(Red Flag Three - the address for the page begins with http:// instead of https:// as it should for an ssl page.)

Right click is disabled and displays a copyright warning. (Red Flag Four - The are attempting to hide their malicious code)

Many will not notice these discrepancies and enter their emaile address and password to login. They are then taken to a page requesting credit card and checking account information (Red Flage Five- your back button no longer works)

At this point they have your PayPal email address and password and can access your account.

If you go back to the original email and start over you will find that any email/password combination will work to login(Red Flag Six)

Upon further investigation, I was able to find the actual address of the scam and access the site and directory containg the scam. The site is located somewhere in Asia and the home page appears to be an Asian company. The directory also contained a similar Ebay scam all neatly packaged complete with graphics and server side scripts. There was even a zip file which containd all the necessary components to run the scam.

Believe it or not the form action in the initiating script sent the information to a site operated here in the US. The scary part is that it could be your neighbor running this type of scam and you wouldn't even know it.

Hope the has been enlightening for some.

http://mtheoryit.com

Of course, I had just made a payment via Paypal just before I read your post (very informative) and immediately proceeded to crap myself! LOL!

Ok, I didn't do that but I did immediately rush to the PayPal website to verify I had indeed been using PayPal and not a scam site. Whew! It was all above board.

Good post though. Maybe we should have a forum here devoted to Scams and Internet Frauds? Whad'ya think?

McF

This particular scam is called a "Phisher" email and the DOJ/FBI is prosecuting.

REPORT PHISHING ATTEMPTS Do not hesitate to telephone a company to ask if an e-mail is legitimate. Let any organization being impersonated know of the scam and alert the Anti-Phishing Working Group at reportphishing@antiphishing.org, the Federal Trade Commission (UCE@FTC.GOV) and the F.B.I.'s Internet Crime Complaint Center (www.ic3.gov).

Good post!

To follow the trend, I'll say: "good post!" and let you take a look at my signature (eventually containing a link towards a web site = forum advertising).

Anyway, Paypal asks you to go to their web site and log into your account, if it happens to be anything wrong with it. A SSL gateway is provided by the merchant (e.g., you will see a yellow locker in the right corner of your web page). In addition, all web pages on Paypal relating to any account details are secured. The correct syntax for your account is https://www.paypal... The WWWs are optional.

There is a second method to check the authenticity of the e-mail sender:

1. Look into the message's header and find the IP of the sender.
If you are using a free e-mail provider like Yahoo, Hotmail, Mail.com etc. enable the "show full headers" options in your account). If you are using an e-mail client such as Outlook or Eudora are, click properties on a message.

2. Go to http://www.arin.net/whois and enter the IP in their database search. It will show you the IP owner and from there you'll be able to realize if the message is a fraud or not. More details about IP ownership are displayed on: http://www.iana.org/ipaddress/ip-addresses.htm

Etc. etc. etc. The main idea is that the correct Paypal web address for any private information (such as your account's history, personal info and so on) is https:// and that it is better to go manually to your account's web site, and not just follow an URL from an e-mail message.

I protect myself by never clicking on an email link from a company. I recieved the same paypal email a couple of days ago. I assumed it was a scam email but instead of tearning the message and headers appart to figure it out I opened internet explorer and typed in paypal.com and checked from there.

My point is always assume that an email from a company requesting any information is a scam and dont click on the links in ANY message. If you need to goto their site type it in the address bar.

joe

There is also one for Fleet Bank and Citi Bank...Please take notice if you use either one of these.

I have recieved both in my e-mail

Best Regards

I agree with the post. It should be obvious by now that the core piece of advice is don't give information if it is requested by email. Joe's point about not ever clicking on anything from an email is a little over the top, however. I wouldn't be here if I hadn't done so. Just like everything else in life, it takes a little common sense to know what has the hallmarks of a scam and what doesn't.

I get about 3-4 of these emails per week....I just forward them on to spoof@paypal.com .

I also get a few Ebay ones though not as many...

I personally don't have the time to bother with actually investigating these people...I just send it to the "impersonated" party's REAL Spoof Dept and let them handle it...

Call me lazy...

Good post!! (has somebody said this before?)

I got one this morning also, and, as usual ignored it. Jdiben, good advice and common practise for me.

I have had e-mails claiming to be from Barclays bank and Lloyds TSB. I am sure many of you have also had e-mails claiming to be from other banks.

There's only one thing you can do with these e-mails (other than check the owner of the IP and report them). DELETE the e-mail.

Anatomy of a scam

Believe it or not the form action in the initiating script sent the information to a site operated here in the US. The scary part is that it could be your neighbor running this type of scam and you wouldn't even know it.


One thing I do not understand..... maybe I am stupid......
If you do discover that it is your neighbour (or an Asian company) and you do report it to the police (or whatever force combats this), what happens to these people? Do they just get a (teachers) note not to do it again? Because that is what I think. Nothing is being done to SEVERLY fight this crime....

I get them for e-gold a lot. I got two saying my e-gold account was compromised and that I must click the link to update my information etc.

The hilarious part was the email address they were sent to is not the one I have registered with e-gold.

That is something else to watch out for because often these people just grab email addresses hoping that they will get the right ones or just people who are not paying attention.

I get them for paypal, ebay, several banks etc. and all to email accounts that are not even registered with the websites/institutions in question.

I report them and I also go to the website and enter a nice little message for the would be scammer in the username/password and whatever other field they have to fill in.

It gives me some satisfaction to tell them what a jerk I think they are.

Heidi

I noticed recently a lot of UK users are viewing this forum.
Just to let them know, most scams have run their course around the rest of the world, but the UK is new to the internet, so be aware we are the new targets for all the scammers out there!

I run a Internet based Boat sales, because the contact details are published on the clients adverts,they are receiving emails and telephone calls from people who sound as though they are of African decent.
Asking to buy their boat,stating they need the sellers Bank and other details, so as to able to send payment direct to their Bank.

I have warned all my clients of this situation, but i felt a need to warn others you can get scammed from internet use, not just by receiving emails.

To try and check if something your not sure of is a scam or genuine, just type the keywords from the suspect mail in a search engine and results should appear.

SO BEWARE

Janet
www.boatstogo.co.uk

Hi Everybody!

Thank you for the postings...

I have received many similar emails and they are immediately deleted.
Yes! those Red Flags everywhere.

Moreover, I have received "orders" from Vietnam and, you guess!, Nigeria, "paid" using valid PayPal Accounts, that were proven to be, as suspected, fraudulent. As a rule and without exception, I decline all payments received from unverified addresses and notify both PayPal and the genuine holders of the accounts (verified email addresses)
whenever they become victims of this kind of scams, as described in the post. Unfortunately, they seem to be "successful" in this repugnant activity.

Good luck in your enterprises!

Yeah, those phishers can be pretty tricky. Clever bastards!

Related to this topic is another thread that pertains mostly to Windows Internet Explorer users (90%+ of the users on the web):
http://www.webproworld.com/viewtopic.php?t=10350

Be weary of any emails with links to financial or otherwise personal web sites. Make sure you always use your browser to locate a web site and not use the link provided in an email.

When in doubt, open a browser window and go to the site, (PayPal, eBay, bank, etc.) and login there. If there are issues with your account they sh/would let you know there.

As another 'test', forward the whole email to spoof@ . If your email program is like mine(Outlook), it will reveal portions of the hidden scripts and addresses.

The page also contains code to alter the address bar to display what seems to be the PayPal address.(Red Flag Three - the address for the page begins with http:// instead of https:// as it should for an ssl page.)
You are right, a login/personal information page from any merchant should be https:// . However, be carerful, the reverse is not a proof of a secure site. Because as the http:// can be falsified (spoofed), so can the https:// . The only secure indicator is the one your browser shows you (the closed lock in Mozilla/Netscape, etc.)

Some folks, even some professional ones, are fairly careless. I currently battle my hosting company, that they have http:// access to their forms for service requests and they ask for example for usernames and passwords to transfer accounts on these. No! No! No! But their answer is, ups, here is the same form over SSL. I call this reckless.

Have a good day everyone
K<o>

I agree with tsindos.

Police all around the world is doing too little to fight the internet crimes.

There should be special forces and, very important, also offline newspapers should inform the public opinion about the crimes that occur and the risks there are for everyone.

Bank of America
Best Buy
Amazon
Citibank
Paypal
eBay

Are just SOME of the phishing scam fronts.

see www.ebayersthatsuck.com for other auction scams.

xoxoxo
Axzar

I used to get about 4 of the paypal emails a day. As well as several hundred other scams a day. Is there a good anti-spam software out there? How else can we combat this crap? The phone is just as bad but luckily with them I ask them how many brewers they want-where to ship-how do they want to pay? Usually I hear a dead silence the a click but a couple of times there has been a quick witted soul on the other end and we have some fun with it and I just politely tell (them) I am not interested. How can we run legit businesses with all this crap around us and not be able to combat it? thanks,jlh.

Joe's point about not ever clicking on anything from an email is a little over the top, however.

I didnt mean to suggest not ever clicking a link in any email. I meant you shouldnt ever click a link in an email if that email is requesting personal information including directing you to a site where you would need to enter a username and password.

I do make exceptions to my rule at times. If I order something online and get the confirmation email a few minutes later I wouldnt have a problem clicking on a link from that email.

Joe

So that you know, sometimes the scam site will be linked to what seems to be a secure site (ex. https://), so you should be aware of that too.

angel
http://www,victimsagainstscams.com


Anatomy of a scam

The other day a client of mine called and asked about an email they received from PayPal.

The email stated that PayPal had seen some unusual activity on their account and needed them to verify their information.

A link to a login page was given in the email. (Red Flag One - PayPal will never direct you to their site concerning sensitive information with a link. The will instruct you to manually go to www.paypal.com and login there.)

Upon clicking the email link you are taken to a page that uses javascript to remove the status bar of your browser

window.(Red Flag Two - hides the fact that you are not on a secure page.)

The page also contains code to alter the address bar to display what seems to be the PayPal address.(Red Flag Three - the address for the page begins with http:// instead of https:// as it should for an ssl page.)

Right click is disabled and displays a copyright warning. (Red Flag Four - The are attempting to hide their malicious code)

Many will not notice these discrepancies and enter their emaile address and password to login. They are then taken to a page requesting credit card and checking account information (Red Flage Five- your back button no longer works)

At this point they have your PayPal email address and password and can access your account.

If you go back to the original email and start over you will find that any email/password combination will work to login(Red Flag Six)

Upon further investigation, I was able to find the actual address of the scam and access the site and directory containg the scam. The site is located somewhere in Asia and the home page appears to be an Asian company. The directory also contained a similar Ebay scam all neatly packaged complete with graphics and server side scripts. There was even a zip file which containd all the necessary components to run the scam.

Believe it or not the form action in the initiating script sent the information to a site operated here in the US. The scary part is that it could be your neighbor running this type of scam and you wouldn't even know it.

Hope the has been enlightening for some.

http://mtheoryit.com

vfaulkner took the words out of my mouth: If you're at all worried, go to the website in a separate browser, and check your account. 99.999% of the time, there is nothing going on except someone trying to get your login and password.

I get hundreds of emails every day at work, and I've seen all of those listed in this forum countless times. I do forget that some people are seeing them for the first time. They must still be working, or the scammers would have switched to a new tactic.

Beware also of fake job postings. A sophisticated scam was brought to our attention because the scammers had actually pirated one of our websites (word for word) and used it on another domain as a landing page for a fake job opportunity ("processing" PayPal payments for a company in the Ukraine). The job leads were posted on Monster.com and other major job boards. The job sites were quick to take the ads down as soon as the scam was revealed to them, but I'm sure that the scammers will try again. We attempted to get the website shut down on grounds of copyright infringement, and also notified the hosting company of the illegal activity; unfortunately, they have so far chosen to leave the site live. To my internet-educated eyes, the scam had red flags all over it; however, at least one woman lost $3000 in just one month.

Scams will always be out there in some form or another, but I believe that education is our best defense. So, thanks to computermark and everyone else, who attempt to reveal them for what they are, and spare others from becoming victims!

Scams like this are called Phishing, linking to fraudulent website which are trying to obtain User names and Password so they can access and take money out your account.

Report PayPal scams to spoof@paypal.com

These Scams are not limited to PayPal but also include major banks etc.

PayPal Support Club. Review and helpful links, coding examples, warnings, other shopping cart links, etc. PayPal is a on-link banking system that allows website owners to integrate shopping cart technology into their site. Find out more, includes links to helpful site about PayPal shopping cart technology.

http://www.paypal.ukshoppers.com/index.html

REPORT PHISHING ATTEMPTS Do not hesitate to telephone a company to ask if an e-mail is legitimate. Let any organization being impersonated know of the scam and alert the Anti-Phishing Working Group at
reportphishing@antiphishing.org,
the Federal Trade Commission (UCE@FTC.GOV)
and the F.B.I.'s Internet Crime Complaint Center (www.ic3.gov).

The FTC works for the consumer to prevent fraudulent, deceptive and unfair business practices in the marketplace and to provide information to help consumers spot, stop and avoid them. To file a complaint or to get free information on consumer issues, visit www.ftc.gov or call toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261. The FTC enters Internet, telemarketing, identity theft and other fraud-related complaints into Consumer Sentinel, a secure, online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.

OR -- forward the email with full header information for all scam email to: sentinel@ftc.gov

I have an address book "group" set up with several addresses: 1) spamcop; b) sentinel@ftc.gov; c) uce@ftc.gov; and one to my ISP.

Plus, I have a copy of the FTC's Top "Dirty Dozen" (http://anchoragetechsupport.com/yabbse/index.php?board=14;action=display;threadid=94) Scams on my forum.

The so-called "Nigerian Scam (http://anchoragetechsupport.com/yabbse/index.php?board=14;action=display;threadid=93)" has 534 different examples that are known to have circulated at this time.

Note: While the FTC is an US Fed Agency, it has worked closely with other International organizations, most particularly with the ISMN.

International Organization (http://www.imsnricc.org/) -- Includes most of the EU, Australia, and US

A listing of International Organizations (http://www.icpen.org/imsn/related.htm)

These Scams are known as Phishing, the links in such email link to copycat fraudulent websites, which are trying to obtain User Names and Password so they can take money out of the account.

These Scams are not limited to PayPal but also include major banks.

Report PayPal scams to spoof@paypal.com

PayPal Support Club. Review and helpful links, coding examples, warnings, other shopping cart links, etc. PayPal is a on-link banking system that allows website owners to integrate shopping cart technology into their site. Find out more, includes links to helpful site about PayPal shopping cart technology.

http://www.paypal.ukshoppers.com/index.html

Because of scammers and consumers now being afraid to use their service, PayPal may have to start a new marketing campaign to make users feel comfortable using their service. I hear from the most avid online shoppers, yet most computer illiterate, "oh I heard that you shouldn't use PayPal because your money will be stolen". PayPal, which they don't understand is an FDIC bank, has now become an "urban legend".

I also advised customers with merchant accounts which include PayPal over and over again about this scam, and would you believe one actually asked me if the scam mail was legitimate and what to do next? *sigh*

I also can't believe that people would literally think a BANK would contact someone for information the bank would already have, even if they don't have the knowledge to know how to detect the email is fraudulent. The consumers who are usually defrauded by scams like this are basic computer users who just assume w/out questioning, which means more education is needed (but the question is how since some people won't read).

But unfortunately, this falls back to "common sense" because since their personal banking was involved, my first thought was "would you answer your phone and provide banking information to a complete stranger just because they identified themselves as 'Your Banker' without some type of instinct going off?"

This particular scam started occurring about 6 months or more ago.

I am surprised, as webmasters, or even paypal users, that fall for this scam and am shocked (really) that it is being brought up as some new scam and threat.

I reported my first scam email over 6 months to paypal proper, who responded immediately and posted warnings on their sign-in, and also sent email warnings to all of it's members. Obviously not many read those warnings. That sign-on screen, which u didn't read, was not just another notice on how to protect your security - it was specific to the emails you are discussing.

Firstly, NO company, be it AOL, Ebay, PayPal, Yahoo will ever ask you to clarify or provide your details via email. NONE...NEVER. You have already clarified by becoming a member. It's common sense, and the reason I reported this official looking email in the first place to Paypal, who investigated immediatley. I agree - the email looked official enough, but I wrote to them and said I didnt think any business would send out this type of information collecting email. I was right.

I'm sorry guys, but you are bringing up a scam which, if you use Paypal, you should have read carefully and thoroughly when Paypal started to issue it's warnings.

There is however a real threat that is emerging from the woodwork which i would like to bring your attention to: spyware removal programs that actually install their own spyware after getting rid of the competitors! They replace google search results, hijack system files, and even allow viruses to infect and forward via your system. I would suggest reading the following page,
http://www.flashfast.com/spyware_dangers.html
I am also going to post this as a topic.

That is another scam!!!! It is Based in Korea and The Ukraine they advertise jobs openings so you can act as a middle man to overnight Ebay Auction items out of the country.... they us the escrow service like it is legit and you lose your items and never get paid. I was lucky the middle man developed a conscience and returned my 1500 dollar camera I was attempting to sell.... I alerted Ebay.

My bank calls me on the phone to confirm some details, but before they will talk to me they want to confirm that I am who I say I am. This is despite them calling me on my phone number.

To do this they ask me for the 1st and 3rd letter / number of my password. I of course refuse and state that they could be anybody 'phishing' for my details - when would I get the call for the 2nd and 4th letters? That was about two years ago and I told the caller - who in fact was the bank, it was legit- that I was amazed at the abysmal level of security. They told me that everybody else gave their details, I was the 1st person to refuse or question the process.
(I called the bank and got put through to the same person)

The banks are still doing this, a colleague told me he had such a call recently, he questioned the request, the bank wouldn't talk about it. Again it was legit.

So, when this form of request is taken up by the 'phishers' are the banks going to compensate people who have been trained by them to divulge their details - I doubt it!

Realistically, for the banks handling £trillions and making £Billions each year, their customers losing the odd few thousand is irrelevant, the implementation of processes to stop this will cost more than the cost of the fraud, so don't expect this to go away!

Also, have you ever tried forwarding one of these emails - I tried to contact ebay, totally impossible, you even have to register to use their forms!

One of the main reasons this scam continues to be successful (if it weren't, the scammers would have given up long ago) is the simplicity with which the web allows one entity to impersonate another. Unfortunately, html based e-mail readers do NOTHING to stop the impersonation, but rather facilitate the scam.

TIP # 1 -
DO NOT USE MICROSOFT OUTLOOK(OR EXPRESS) TO READ YOUR E-MAIL.

This is the number one proven way to become the target/recipient/victim of virus propogation.

TIP # 2 -
DO NOT VIEW E-MAIL IN HTML.

I get a dozen of these things a week, and countless virus attached messages. One thing not mentioned in the original post is how to spot the spoofed web site, because when reading the message in html you do not see the real web url. Using a text viewer, it is easy to see that the link which looks like it is pointing to https://www.paypal.com is actually pointing to something like http://www.rbyndunken.com/.

TIP # 3 -
DO NOT USE MICROSOFT OUTLOOK (OR EXPRESS) TO VIEW E-MAIL IN HTML.

This has been documented to be the NUMBER ONE WAY to become a victim/target of the various paypal/ebay/citibank spoofs, virus/worm/trojan attacks, porn/gambling/viagra pop-up windows, etc. The makers of these various assaults upon innocent users are pure evil scum, and should be shot first and prosecuted later. Unfortunately, MS outlook/express and html e-mail make it too easy for the slimy ones to succeed.

My fiance' got one from E-Bay the other day. It said that someone from overseas had been accessing his account and he needed to verify his info within 72 hours or they would have no alternative but to suspend his account. When he clicked the link it was dead, and he wasn't going to do it anyway, because he figured it was a scam. It also said not to change anything on his account or also they would suspend his account. So, he went and changed his password, just to be safe. Thanks, for posting this...Jewel ;o)

Two rules to live by...

1.

When in doubt, open a browser window and go to the site, (PayPal, eBay, bank, etc.) and login there. If there are issues with your account they sh/would let you know there.
Vicki hit it in one! Use your own login link & not one in an email

2. (reputable) Banks do not ask for account information in emails! They dont ask you to login to a supplied link in an email to verify account details. They dont provide you with login links into your account via email. They dont ask you to ring certain phone numbers to verify accounts. When contacting banks (on a phone number YOU are familiar with) regarding account information they ask for customer numbers & passwords & birthdates...so if you havent revealed any of these in the past, they secure your query by phone. They also dont supply login (password) details via email. If your bank does follow any of these practices, find another bank!

So dont even ponder...notify your ISP, or report to relevent authorities, and delete.

An important thing to note, if you dont report these incidents they can slip through cracks & take longer to be acted on. Don't just delete the offending email..take the time to report it.

It doesnt really matter what email program you use - if you use your common sense. If you still think that the email is legit... ask yourelf "why they are asking this"... if you cant come up with a reason why, then ring your bank or merchant service on a phone number YOU already have & ask.

These scams only still happen because they know they can still sucker people in.

And if you are with a bank or a merchant that doesnt follow security procedures with your account, then change providers.

If people are credulous, there is no way of stopping these scammers. Most of them come from India, Pakistan and the Eastern European countries and their persuation to get your bank details is like an "intelligent" American football game being watched by a brain swimming in a KFC grease. Just read e-mails sent by people you trust. And since this is a forum "for e-business professionals", I don't see the need to explain users how to right-click on a web page to see its properties. I personally consider this subject to be some sort of web site identity failure.

Two points to contribute.

First: A new variation is that the email link takes you to the real bank/paypal/etc web site but an additional popup comes on screen asking you to enter your account and password info. You enter the info, the scammers get your info and now know your account and password, the popup disappears (sometimes with the message 'unsucessful' or similar), and you only see the remaining bank/paypal/etc web page. You haven't actually logged in at all.

Second: If you are using Internet Explorer as your browser there is a patch which prevents the real URL address being hidden. It was first released last year as part of a cumulative patch. The best bet is to make sure you at least have the last cumulative patch for IE, it will be in there too, see http://www.microsoft.com/technet/security/bulletin/MS04-004.mspx

Nevboyle, on your first point...

A new variation is that the email link takes you to the real bank/paypal/etc web site but an additional popup comes on screen asking you to enter your account and password info. You enter the info, the scammers get your info and now know your account and password, the popup disappears (sometimes with the message 'unsucessful' or similar), and you only see the remaining bank/paypal/etc web page. You haven't actually logged in at all.
Banks shouldnt be sending login points, or anything that requests you enter any confidential information, which is definately the practice in Australia, and all banks are advising their customers that they dont do that. So the automatic reaction should be to just delete the email, not travel to any form of link that would take you to any kind of login page.

I'm at a loss as to why people are getting taken in by this scam. I dont know about elsewhere, but I know in Oz the banks and financial institutions have taken out media ads, sent emails & have warnings on their homepages, advising that they do not send emails requesting that customers login.

This seems to be the standard warning on bank scams from the banks in Australia that have been issued everywhere people can read:


Identifying hoax emails
1. Be wary of emails from people you don't know or trust. Delete any emails you think are suspicious. Delete the email from your 'Inbox', and delete it again from your 'Deleted' folder, or 'Sent' folder if you have forwarded on the email
2. Never click onto a link or an attachment in an email, obtained from a source you don't know or trust
3. Never click onto a link in an email to go to your Internet sign-in page. Genuine emails from <name of bank> now do not contain any links to our internet banking
4. Never provide your personal or security details, including customer ID or passwords, in response to any email - even if the email looks like it has come from <name of bank> or another organisation
5. Always access <name of bank> Banking by typing www.bank.com.au into your browser and selecting Online Banking
6. Always scan any new programs or files for viruses before you open, install or use them
7. Check your last sign-in date and time (at the top of the screen) whenever you sign into Internet Banking to make sure it is correct
8. Always check your statements for any transactions that look suspicious (most banks allow 30days for discrepencies)
9. Always select Sign Out from the Internet Banking menu when you complete your banking
10. Close your internet browser after signing out at the end of each Internet Banking session
11. Do not disclose your account details or personal information over the telephone, email or mail unless you initiated the request yourself. The Bank would never contact you for this purpose

I received a gem in my mailbox yesterday, But before you check this out, http://www.imagescreativegroup.org/nuclear/index.html make sure you check out this jackass' bio page too. It's good for a laugh. Born again my ass.

That's right, he isn't spoofing his web address so just delete the "/nuclear/index.html" in the web address bar, and voila, you can read all about this future Darwin Award winner.

For those of you not in the know, the Darwin Awards honor those who improve our gene pool... by removing themselves from it.
www.darwinawards.com

I have already alerted Citibank and all of the autorities in the previous posting's list (FTC, antiphishing,,, etc.

-Joe
--------------------
"Eeeeexcellent" - Montgomery Burns

I received a gem in my mailbox yesterday, But before you check this out, http://www.imagescreativegroup.org/nuclear/index.html make sure you check out this jackass' bio page too. It's good for a laugh. Born again my ass.

That's right, he isn't spoofing his web address so just delete the "/nuclear/index.html" in the web address bar, and voila, you can read all about this future Darwin Award winner.

For those of you not in the know, the Darwin Awards honor those who improve our gene pool... by removing themselves from it.
www.darwinawards.com

I have already alerted Citibank and all of the autorities in the previous posting's list (FTC, antiphishing,,, etc.

-Joe
--------------------
"Eeeeexcellent" - Montgomery Burns

I visited today the site and there is a popup note telling the site was hacked with the phishing page you report and apoligise for this.

Against the phising messages about paypal or other services you are members of I suggest to always use the bookmarks to access their pages.

I do so and avoid any problem.