![Welcome to Orange Frog Productions Scams, Shams & Flim-Flams Section [Banner]](images/ssff/ofp_banner_ssff.jpg)
- You are here: Home
- » Scams/Shams/Flim-Flams
- » Scams
- » Spoof/Phising Scams
- »
Page Title:
Please be sure to read my Spoof/Phishing Scams Home Page
NOTE: This page Under Construction/Conversion
This page has not been completely converted to OFPv2 Standards.
When this is completed, this paragraph will go away.
Meanwhile, all external links on this page open a new window.
Things I Did, Below
I, personally, receive email in HTML format. Since the email headers could be included, I did not "forward" the email to get the brief headers. The following was received (and looks) like I received it, with the following exceptions:
- Any notes I added in the actual letter are in square brackets ("[" "]"), are bold, red in color, and highlighted. If what I found "behind the links" (email or website) are different than what was displayed, I will include them in this type of note.
- Actual links in the email message have been changed to null (allowing them to still appear as links), have arrows pointing to them ("<=="), have been "named", and appear as one of "my notes" (bold, red in color, and highlighted). They are listed below the email example using the "names".
- All spelling, spacing, line-wrapping, and punctuation errors are the ones that appeared in the original received email. (I may or may not analyze some or all of these.) This email started with the HTML from the email I received. Most of the HTML and the look is original to the email (making this page non-standard HTML 4.01!)
Scam Example
Received 11/22/2005
| Note: This is a service message with information related to your Chase account(s). It may include specific details about transactions, products or online services. If you recently cancelled your account, please disregard this message. |
©2005 Chase Bank & Co. |
[NOTE: I left any names, email addresses, and phone numbers in here for the search engines to find. DO NOT TRY TO CONTACT THEM! I'm SURE you will be ripped off! -LE]
Email Headers
[DO NOT send email to any of the following email addresses]
Received: from host-22-84.ktvmb.cz
([80.79.22.84](misconfigured sender))
by sccqmxc93.asp.att.net (sccqmxc93) with SMTP
id <20051123002410q9300h4nlqe>; Wed, 23 Nov 2005
00:24:40 +0000
X-Originating-IP: [80.79.22.84]
Received: (qmail 7327345 invoked from network); Wed, 23
Nov 2005 03:24:09 +0300
Received: from unknown (HELO localhost) (255.136.51.128)
by nm.ru with SMTP; Tue, 22 Nov 2005 22:22:09 -0200
Message-ID: <LBLOGNYHFYERDMSFKKVYGIJQ @ nm.ru>
From: "Support Chase" <accs @ chase.com>
Reply-To: "Support Chase" <accs @ chase.com>
To: exodus12 @ insightbb.com
Subject: Chase Bank Alerting confirmation code?17-CSKOY
Date: Tue, 22 Nov 2005 19:19:09 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--373318049769508"
X-Priority: 3
X-IP: 197.191.48.122
Notes
Links from email, above: (This information is from the SOURCE of the email.)
- Image Source: http:// www. chase. com/ cm/ shared/ cfs/ image/logo/chase_logo. gif
- Link Behind Image: http:// www. login-chase. com/
- Click Here Link: http:// users-chase. com/?Parm=MAHsDC
- Chase Link: http:// www. chase. com
Things to note in the links:
- Image Source: This was a REAL image, pulled into the email from Chase's site,
- Link Behind Image: While it SAYS "chase.com", the prefix "login-" changes it to a domain name of www. login-chase. com. I'm SURE this site looked almost exactly the same as Chase's login, and, if not, was a "pop-up" over Chase's home page.
- Click Here Link: Same as Link Behind the image, but the domain is "users-chase. com". There IS a parameter, attached to this link, probably either identifying the email address used, or the spammer who is responsible for "collecting" the information.
- Chase Link: THIS link was the only one that ACTUALLY went to Chase's site. The image may have been pulled from there, but this link would have taken you to Chase's site.
Other "problems" and things I see:
- The "spacing" error. I seriously doubt a real Chase email would have any such error. (I'm not pointing it out in case they use this scam again! - It wouldn't surprise me!)
- From the Email Headers:
- The "Message Id" says this came from Russia (.ru), though everything else says "Chase"! While Chase may have offices/banks in Russia, why would THEY be sending ANY email to a US email address?
- The "From" and "Reply-to" addresses appear to both be Chase email addresses.
- The "To" address was not to MY email address, but appears to be a mailing list.
- Speaking of that last point, there's NO WHERE in the email that mentions MY NAME.
- Oh, yeah... And while I may have a Chase card somewhere on my credit report, I have NEVER signed into the Chase site that I can recall.
As you can see, the email "looks" very official, but with a little checking BEFORE YOU CLICK A LINK OR REPLY, you can find inconsistencies that can save you from a world of hurt! (and empty bank accounts!)
Return to OFPv2/SSFF - Scams - Spoof/Phishing Scams Home page
Send email to Bill Sanders
()
with questions or comments about this page or site.
This site, all text and graphics (unless otherwise noted) on it
were designed, developed and published by Bill Sanders of Orange Frog Productions.
It and it's CSS was validated and complies with both the:
CSS and
HTML 4.01
validators from W3C.
NOTE: All CSS validates except the "New Window Buttons"
- Their CSS includes some invalid code (ie: hacks)
and warnings for using transparent backgrounds when color foregrounds defined.
Copyright © 2003, 2004, 2005, 2006 by Bill Sanders / Full site last modified: July 10, 2006
