TM phish mails reach even more pathetic levels

Phishing scams, hijacking of TM accounts, keyloggers and all manner of other nasties. This is the place to report them and get help if you've been hit.
Post Reply
User avatar
Googlybear
Members
Posts: 2108
Joined: Mon Feb 19, 2007 10:51 am
Location: Auckland

TM phish mails reach even more pathetic levels

Post by Googlybear » Sat Apr 30, 2011 10:29 am

Please Check Your Account for Suspicious Activity Now

Dear Mr/Miss.

We have recently noticed abnormal activity on your account. We regret to inform you that this may be due to account theft.

As a precaution, we highly recommend that you sign in to My Trade Me to review and confirm your Member Profile and recent account activity. If you notice anything suspicious, please take the following steps:

1. Change your password to something more complicated.
(e.g. include both numbers and letters)
2. Consider changing your registered email address.
3. Install and run anti-virus and/or anti-spyware software on your PC.


In the future, please be careful.


Wishing you the very best of business,

Customer Service
Login link was http://www.kippy-de.net/mypage/xd/Login.html" onclick="window.open(this.href);return false;
Now deactivated

The most depressing thought is the reason these con artists are still sending these Emails is because idiots are still falling for them

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Re: TM phish mails reach even more pathetic levels

Post by digidog » Fri May 27, 2011 8:18 am

Poor English and a TM registration fee? Phooey!
We regret to inform you that if you did not re-update your account information your
Trade Me account will be suspended for a period of 3-4 days and as result it will be
terminated.

Also we regret to inform you that if you don't re-update your account, you have to
register a new one and this will require a new registration fee.

For the User Agreement, Section 9, we may immediately issue a warning, temporarily
suspend, indefinitely suspend of terminate your membership and refuse to provide our
services to you if we belive that your actions may cause financial loss or legal liability
for youi, our users or us.

Please click here and login to your account in order to re-update it.
http://trademe.co.nz.Members.Login.aspx ... rgy-sd.com" onclick="window.open(this.href);return false;
refers to...
http://login.trademe.co.nz.submitinfo.s ... swara.com/" onclick="window.open(this.href);return false;
Caution: LIVE phishing site

This one is hosted on the same Indonesian server as the current ANZ scam.

User avatar
Googlybear
Members
Posts: 2108
Joined: Mon Feb 19, 2007 10:51 am
Location: Auckland

Re: TM phish mails reach even more pathetic levels

Post by Googlybear » Fri May 27, 2011 8:56 am

Seems to be a rash of them today.

i also got a few `from` ANZ.
Please note that Your Customer ID has been flagged, due to recent changes we have made to our online banking system.

All flagged account requires immediate to remain active.

Activate my online Customer ID

Sincerely,
Online Customer Service Support
Link is http://anz.co.nz.inetbank.bankmain.asp. ... kunud.com/" onclick="window.open(this.href);return false; (STILL ACTIVE)

IE is now throwing up a warning, however i attempted access a few hours after the message was sent and the link took me directly to the phish site.
This reveals a major flaw in the malicous site warning that the browsers currently adopt. there is always a delay before the blacklist is updated.

is it too hard for browsers to be programmed to detect works such as BNZ.co.nz , password ETC in the URL or Page text that can trigger a warning intead if it is not the genuine URL.
Really makes you wonder if certain software companies dont really give a S*** about security.

Firefox is no better, its still currently allowing me access to the site with no warning

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

The Latest Is.....

Post by Foggyone » Mon May 30, 2011 3:31 am

Received from a business I wrote to a few days ago. They were used at that time to legitimise another attempted fraud.
From: Trade Me [mailto:info.allert@trademe.com]
Sent: Monday, 30 May 2011 2:03 p.m.
To: undisclosed-recipients:
Subject: Trade Me Property New Zealand's

Dear TradeMe Member,

We regret to inform you that your TradeMe account has been suspended due to
the violation of our site policy below:

    False or missing contact information - Falsifying or omitting your name,
address, and/or telephone number
     
      (including use of fax machines pager numbers, modems or disconnected
numbers).

    Due to the suspension of this account, please be advised you are
prohibited from using TradeMe in any way.

To continue Download attachment and complete the renew form with your
current information.

 

Thanks,

We appreciate your business!

 

Administrative Department Team
The link goes to http://web.skru.ac.th/qa/property/xd/Login.html" onclick="window.open(this.href);return false;

Care : Live Link

Link Domain Holder: Songkhla Rajabhat University

This phish then proceeds to steal (Bill Gates') Trademe login, and also his credit card details. To add injury to insult it then asks for the credit limit on the card
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

Re: TM phish mails reach even more pathetic levels

Post by Foggyone » Mon May 30, 2011 6:32 pm

Well, knock me down with a feather. This site is still up!
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Post by digidog » Fri Apr 06, 2012 1:49 am

I haven't received a TM phish for a while. This time the email's from India and the phishing site is (was)
in Sweden. At the moment the phishing page is blank.... which hopefully means it's been taken down.
----------------------------------------------------------------------
We need your help
----------------------------------------------------------------------

We need your help resolving an issue with your account. To give us time to
work together on this, we've temporarily limited what you can do with your
account until the issue is resolved.

We understand it may be frustrating not to have full access to your TradeMe
account. We want to work with you to get your account back to normal as
quickly as possible.

What's the problem?

For reasons relating to the safe use of the TradeMe service we need some
more information about the use of your credit or debit card linked to your
TradeMe account.

Reference Number: PP-001-593-849-323

How you can help

It's usually quite straightforward to take care of these things. Most of
the time, we just need some more information about your account or latest
transactions.

To help us with this and to find out what you can and can't do with your
account until the issue is resolved.

Yours sincerely,
TradeMe

----------------------------------------------------------------------
Log in
http://www.flator.se/blogs/index.php" onclick="window.open(this.href);return false;
Careful: that's a livephishing site
[email link concealed to appear as https:// www. TradeMe.co.nz/cgi-bin/loginweb?cmd=_login]

Safety Advice:
https://www.TradeMe.co.nz/security" onclick="window.open(this.href);return false;



TradeMe Email ID PP1589

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest