Announcement

Collapse
No announcement yet.

Gone Phishing in Hawaii

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Gone Phishing in Hawaii

    A while back, Bank of Hawaii was targeted by phishing scammers. Last year, it was First Hawaiian Bank. While phishing scams are not new, attacks focused on regional banks (rather than big targets like Bank of America or Paypal) are still noteworthy... in part because the scammers seem to be targeting their e-mails at potential victims in the neighborhood of the financial institution.

    It's easy to ignore phishing e-mails pretending to be from companies you don't do business with. But as the scammers get more sophisticated and choose smaller targets and get smarter about who they e-mail, you're going to have to be extra careful. The chances you will get a phishing e-mail posing as a company you do do business with are increasing every day.

    This week, on more than one of my various e-mail accounts, I've gotten phishing e-mails aimed at Hawaiian Tel Federal Credit Union. Set to appear to be from accounts@htefcu.org with the subject "New regulations placed on visa card usage overseas," it claims my Visa card has been deactivated and that I need to log in to reactivate it. Of course, the link points not to HTFCU, but to a foreign IP address.

    I've dropped a note to HTFCU though I'm sure they're aware of it.

    Be careful out there!

  • #2
    Re: Gone Phishing in Hawaii

    This isn't fool-proof, but if you keep a separate email just for those businesses you do serious business with (credit cards, banks, utilities), you can usually avoid this as long as you never post that address anywhere on the web or give it out to friends or enemies. I get the ubiquitous PayPal phishing emails all the time, but never, ever at the actual email address I use with PayPal.

    By the way, PayPal and eBay ask that you forward phishing emails to spoof@paypal.com and spoof@ebay.com.

    And yes. Be careful.
    Last edited by scrivener; June 20, 2006, 09:21 AM. Reason: "she's my best friend's girlfriend...but she used to be mine..."
    But I'm disturbed! I'm depressed! I'm inadequate! I GOT IT ALL! (George Costanza)
    GrouchyTeacher.com

    Comment


    • #3
      Re: Gone Phishing in Hawaii

      Originally posted by scrivener
      This isn't fool-proof, but if you keep a separate email just for those businesses you do serious business with (credit cards, banks, utilities), you can usually avoid this as long as you never post that address anywhere on the web or give it out to friends or enemies.[...]
      This is a good idea, Scriv, but I'm wondering...
      I pay my credit card online.
      I do my banking online.
      I use PayPal.
      I purchase on eBay and half.com.
      All of these require an email address under the 'My Account' section...which means posting that address on their web sites. I guess as long as these companies don't sell their email lists then spam can be kept to a minimum. What's been your experience with this?

      BTW...I use one email address for all internet activity, including the above list. When PayPal and eBay spam comes to my other address I know immediately it's fraudulant. Regardless, I consider all requests for account updates, regardless of the source, as fraudulant. Still, I'd like to change to another email address for just the list above but it does involve posting the address to those sites.

      As an aside, I purchased a laptop via amazon.com earlier this year using my credit card. As soon as that "large purchase" was posted to my CC account, I received a phone call from the CC company stating: "This is not a telemarketing call, please don't hang up. This is in regard to a large purchase to your account ending in <last 4 numbers>." The customer service rep asked me for no further personal information. She just wanted to verify that I had, indeed, made the purchase. I was extremely grateful for that phone call and told her so! I'm also signed up with that CC to receive email notifications when charges to my account exceed a limit I set. In the case of the laptop I received an email and a phone call.

      Comment


      • #4
        Re: Gone Phishing in Hawaii

        As long as those email addresses (amazon, paypal, ebay) are never actually displayed for general viewing, you should be fine. I use one email address for paypal and ebay; I use another for amazon, barnes and noble, various mail-order music stores, utilties, credit cards, and banks, and have had no problems SO FAR with any of them. The way these phishers get your email is usually with some kind of spambot, or a program that scours the web for email addresses. Your address is safe at Amazon, because spambots can't see your email address unless they log in as you, which they shouldn't be able to do.

        Another way these places can get emails is with spyware or viruses (I may be using the wrong terms here) that get ahold of your address books, especially if you're using Microsoft Outlook. Which is a good enough reason not to, if you ask me.

        Another aside: My colleagues were complaining last year about the ton of spam they get in their school email account. I'd never received a single spam email at that address, because I only use it for school-related stuff. I was a little nervous when some students and well-meaning parents would forward me those silly things people forward, with my address going out to all those other people who got the email, but I still never got any spam.

        My experiment was to give my email to one reputable business, just to see if privacy policies meant anything to these people. I chose Office Depot, a company I do a lot of business with (heck, I'd have church in there if they'd let me -- I'm a total office-supply junkie!), when I signed up for the Star Teacher program. I get promotional email (so far never very useful to me) from Office Depot every couple of weeks, but so far NOTHING else as a result. I am pleasantly surprised. And still no spam from anywhere in that address.
        Last edited by scrivener; June 20, 2006, 10:14 AM. Reason: "tried to be your boy scout, tried to be your ice cream man..."
        But I'm disturbed! I'm depressed! I'm inadequate! I GOT IT ALL! (George Costanza)
        GrouchyTeacher.com

        Comment


        • #5
          Re: Gone Phishing in Hawaii

          I got the Hawaiian Tel FCU phishing email as well--to my work email, an email address that wasn't in use when I closed my HTFCU account about 8 years ago.

          I get paypal phishing all the time. I send everyone of them to the spoof reporting address. I don't care whether a human deals with it or not. My reasoning is that if enough of them get sent to spoof@paypal.com or spoof@ebay.com, then maybe they'll do something about it.

          And as many of you have realized, they are looking much more sophisticated. Very well done. I got one with a military pitch and it was very clever.

          But what bugs me a lot now is that my cellular phone is getting lots of crap calls.
          Aloha from Lavagal

          Comment


          • #6
            Re: Gone Phishing in Hawaii

            Originally posted by lavagal
            I got the Hawaiian Tel FCU phishing email as well--to my work email, an email address that wasn't in use when I closed my HTFCU account about 8 years ago.

            I get paypal phishing all the time. I send everyone of them to the spoof reporting address. I don't care whether a human deals with it or not. My reasoning is that if enough of them get sent to spoof@paypal.com or spoof@ebay.com, then maybe they'll do something about it.

            And as many of you have realized, they are looking much more sophisticated. Very well done. I got one with a military pitch and it was very clever.

            But what bugs me a lot now is that my cellular phone is getting lots of crap calls.
            And it's on YOUR dime, too! Did you know that you can register your cellphone number on the national do not call list, just like a landline phone?

            It might slow those calls down a bit, especially if you know who's calling, so you can complain to the FTC.

            Miulang
            "Americans believe in three freedoms. Freedom of speech; freedom of religion; and the freedom to deny the other two to folks they don`t like.” --Mark Twain

            Comment


            • #7
              Re: Gone Phishing in Hawaii

              Mahalo, Miulang. I just signed up our three phone numbers, although I suspect that our home was already on the do-not-call list.

              And on a not totally unrelated note: I was preparing to take off on my walk this morning at 4:45 when the phone rang. Wrong number. Some young lady asking for Diane. This was rather a late departure for me by some 10-15 minutes and I was happy to still be home to answer it quickly, although it did wake my husband. Then she called again. Of course I let her have it. Once you get a wrong number between the hours of 10 p.m. and 6 a.m. would it be more trouble to actually open your eyes and pay attention to what you are doing than it is to disturb the slumber of little children and hard working fathers?

              I was happy to get home from my power walk to learn that she had not called again.
              Aloha from Lavagal

              Comment


              • #8
                Re: Gone Phishing in Hawaii

                Another attack is underway. Just got a phishing email in three of my accounts, pretending to be from First Hawaiian Bank. Sent from a fake address, accounts-security@fhb.com, and claiming that someone's futzing around with my account via an ATM, one fun touch is that it includes the statement, "First Hawaiian Bank customers are not held liable for any fraudulent charges to their accounts."

                Comment


                • #9
                  Re: Gone Phishing in Hawaii

                  Yesterday I got one from Bank of Hawaii. They are well done. I blew it off. If BoH wants to get ahold of me, they can try something other than my email address.
                  Aloha from Lavagal

                  Comment


                  • #10
                    Re: Gone Phishing in Hawaii

                    Wow. Phishing scammers have come a long way from going after only the Bank of Americas and Citibanks. I just got a phishing attempt claiming to be from the Kauai Community Federal Credit Union. They even set up an actual fake domain name (rather than feeding victims to obscure sites on Romania or Korea), though they didn't try too hard to make it look like the genuine article.

                    In fact, the fake domain name's WHOIS record gives what looks like a home address in Freeport, Maine. I can't imagine a scammer being so dense, so I imagine it's faked information (you can list any address with your domain).

                    I forwarded it to KCFCU's contact address, but thought I'd mention it 'case there are any KCFCU customers here.
                    Last edited by pzarquon; August 15, 2006, 10:19 AM.

                    Comment


                    • #11
                      Re: Gone Phishing in Hawaii

                      There was an article that my bank, Hawaii USA had successfully busted some people last week for phishing scams. I cant seem to find a link, but its nice to know that some people are getting caught or shut down.
                      Aquaponics in Paradise !

                      Comment


                      • #12
                        Re: Gone Phishing in Hawaii

                        There was a story on the Hawaii State FCU getting their phishing site taken down, though working toward takedowns are standard operating procedure for all banks. The bigger banks have shut down dozens of fake sites. It's actually catching and prosecuting the folks behind them that's a challenge.

                        The Advertiser also reported the Kauai Community FCU phishing attack yesterday, with a little more information on the difficulties in prosecuting the fraudsters.

                        I'm still getting dozens of KCFCU phishing e-mails. As I mentioned above, they're using fully-qualified domain names rather than obscure IP addresses. KCFCU.ORG is the real site for KCFCU, but the phishing e-mails point to KCFCUX.ORG, KAUACU.NET, KCFCUACTIVATE.ORG, and other variations. Even more interestingly, all domains appear to have been registered the day I get the e-mails, and using in-the-clear WHOIS information. The domain owners' names are apparently real people from across the country, but are so random, I'm thinking their names and addresses are just being used arbitrarily... or that they are themselves phishing victims whose stolen financial information is being used to register the domains.

                        Comment


                        • #13
                          Re: Spam via PM

                          I juss got this via email Hawaiian Tel Federal Credit Union https://www.htefcu.org/log_into.cfm

                          Due to concerns, for the safety and integrity of the Hawaiian Tel Federal Credit Union
                          account we have issued this warning message.

                          It has come to our attention that your Hawaiian Tel Federal Credit Union account information needs to be
                          updated as part of our continuing commitment to protect your account and to
                          reduce the instance of fraud on our website. If you could please take 5-10 minutes
                          out of your online experience and update your personal records you will not run into
                          any future problems with the online service.


                          I am not a member of Hawaiian Tel Federal Credit Union.

                          Be careful.

                          Auntie Lynn
                          Last edited by 1stwahine; September 15, 2006, 12:13 PM.
                          Be AKAMAI ~ KOKUA Hawai`i!
                          Philippians 4:13 --- I can do all things through Christ who strengthens me.

                          Comment


                          • #14
                            Re: Gone Phishing in Hawaii

                            In my inbox right now, simultaneous phishing attacks on Hawaiian Tel FCU, Honolulu FCU, and Hickam FCU. Suddenly, the islands are a pretty hot target for scammers.

                            Comment


                            • #15
                              Re: Gone Phishing in Hawaii

                              I got a couple purportedly from the Kauai Community Federal Credit Union. I deleted without even opening it. I thought it was weird because what are the chances that most people on Oahu would have a Kauai FCU account?

                              Comment

                              Working...
                              X