Reporting e-Mail Fraud

Hey everyone,

When I first joined this site, I used an e-mail address specifically created for here, from my domain.  I don’t recall using it elsewhere.  I’ve gotten some minor spam, but a couple of days ago I started to receive “phishing” fraudulent e-mails at this particular address.  Three pretended to be from eBay, and today I got one pretending to be from LaSalle Bank.  It said that after clicking on the link, I should enter my Social Security number as username and first six digits of SS# as password. 

Here is what I have done about it; if anyone can think of more useful ways to destroy these criminals, I’ll be glad to know about it.

I report all spam and fraudulent e-mails to SpamCop.  Additionally, I forward fraudulent e-mails to the FTC at spam|@|uce.gov I went to eBay and reported each fake eBay e-mail, and I went to LaSalle Bank and did the same.  The place on these sites to look is generally called “Security”.

Anyone else had this happen lately?  If so, I suggest taking action on each one.  I think it’s worth the time.

13 thoughts on “Reporting e-Mail Fraud

  1. I’ve gotten about half a dozen bogus e-bay e-mails within the last week and a half, and each time I report it to the ebay or paypal fraud centers. I hate spam.

  2. Over the few weeks I’ve recieved emails reportedly from eBay and PayPal, even though I don’t use either service. Guessing email addresses must be a large contributor.

  3. I think you’re wasting your time. With eBay at least. They won’t even send so much as an acknowledgement. I have a feeling the other places are the same.

    Even if there was something they could do, and they were negligent for not doing it, it’s cheaper to pay the damage than resolve the cause.

    That’s the way banks have been doing old-fashioned VISA and Creditcard fraud for years. Ignore the issue and pay the damage. Most banks don’t even check for a signature on cheques under $10K (ask your bank what their limit is, and prepare to be shocked).

    They don’t even care enough to risk their image by even trying to educate people about the problem. When is the last time you saw them spend any significant amount from their multi-million dollar advertising budgets on any sort of informative commercial?

  4. Information Week’s Bob Evans delivers a smackdown on financial institutions in Protecting customer data is good business.  He’s pissed:

    …The next nominee for Hall of Shame is the venerable Bank of America, whose bungling resulted in the loss of 1.2 million customer records. According to our May 4 story, those files were, simply, “lost in transit.” What happened—did the carrier pigeon get lost? Or maybe the shipping office didn’t use enough duct tape strapping the drives to the pigeon’s back before sending it off on its appointed rounds?

    Say—when was the last time you heard a story about Bank of America “losing in transit” massive piles of cash? Or gold? Or bearer bonds? Maybe the reason we don’t hear about such things is because they don’t happen, and maybe they don’t happen because the bank makes the necessary investments and takes the appropriate precautions to ensure that they don’t happen. The Bank of America story tells us something very clearly: The bank placed a low value on customer-data privacy. Now, bank officials can deny that up and down, and they can get all huffy and say all the right things like customer privacy is sacred, and we will spare no investment and our proud history shows this and that, but the fact is they lost those records because they didn’t care enough about them…

    The larger context of his article is that business brought Sarbanes-Oxley down on themselves by not giving a shit.  Of course it’ll be no more effective than most laws bceause the lawmakers’ aim is only poor-to-fair.  Far better if the companies could be persuaded to care.  But we have the wrong administration in power for that.

    Next up; a cyber-financial 9/11.  I am already closing unnecessary accounts and lines of credit because I do think it will happen.

  5. Internet Fraud Complaint Center :

    The Internet Fraud Complaint Center (IFCC) is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C).

    IFCC’s mission is to address fraud committed over the Internet. For victims of Internet fraud, IFCC provides a convenient and easy-to-use reporting mechanism that alerts authorities of a suspected criminal or civil violation. For law enforcement and regulatory agencies at all levels, IFCC offers a central repository for complaints related to Internet fraud, works to quantify fraud patterns, and provides timely statistical data of current fraud trends.

    __________

    A good site.

  6. I bet reporting those can’t help any… problem is that senders’ addresses are very propably faked!

    Even bigger problem is that there isn’t any deterrent against spammers… even if they’re tracked down there won’t be any real punishment compared to the trouble they cause.
    Public executions of spammers would be way to go for lowering spamming… or using them as “test rats” to study Ebola.

  7. Frac, I’ve sent eBay some phishing emails I’d recieved, and I thought I had gotten replies from them.  I don’t keep them, so I can’t say definately.  I do get replies from Paypal. 

    I’ve gotten phishes ala Citibank and some other banks.  One of them, I don’t remember which, when I went to look for the addy to report it, didn’t have jack for contacting them online.  Guess they don’t care or don’t know jack about being on the internet.

    Sometimes I wonder if the companies really give a shit, but if we keep forwarding the scam emails, they’ll at least know we aren’t happy with it.

    I always check suspicious email by viewing the source so I can see everything in it.  Ironically, I like the fact that spammers have to make subject lines like “b1G 93n15 *$%$en#%”, since those get deleted with no delay.  I white list my email, which lets the eBay and Paypal spoofs through, but I know the game, so it’s no big deal. 

    Lilymaris, they may have gotten yours by war-mailing.  When I look at the headers at some of my spam, I see addys who are alphabetically similar to mine in the list – usually less than a dozen addys to slip under somebody’s radar.

  8. As for banks seemingly not caring, my advice is to switch to a credit union if it bothers you. My credit union (DCU) has a whole section of their website devoted to educating people about scam email.

    As for spam in general, at this time the most effective means of dealing with it is not to prevent it, but to filter it once you’ve got it. Spamassassin does a pretty good job – it combines a list of rules with an (optional) Bayesian filter. Eventually, steps will probably be made to change the email system itself to make it harder for spammers.

  9. I have quite a few domains, and I’ve simply given up on trying to actually stop spammers and instead just let the filtering handle the many hundreds of spam emails I get every day.  I still end up with quite a few that need to be manually deleted, but oh well…

    The problem of protection my personally identifiable information, however, is another story altogether.  I’ve always been pretty vigilant about that, and have never had any incidents of identity theft or the like.  So of course, I’m a bit pissed off about the Bank of America clusterfuck – I’ve been with them for a dozen years or more… and I’ve got to wonder that if they’re not on top of things NOW, how shitty was their oversight years ago?  Bastards.

    To top it all off, on May 2nd, this came in the company email (names changed):

    To: The Company Colleagues

    From: Joe SecurityDude, Senior Vice President and Chief Security Officer

    Re: Employee Data Tapes

    For several years, as part of our company’s regular processes to protect our computerized data, The Company has used a leading data storage firm to ship and store our computer back-up tapes offsite.  I am writing to let you know that this outside firm recently lost a container of these back-up tapes during transport to one of its storage facilities.

    The missing tapes contained company data including names and U.S. Social Security numbers of: current and former U.S.-based employees of The Company and its current and former affiliates (and U.S. citizens working for the company abroad); some of their dependents and beneficiaries; and certain other individuals who have provided services to the company.

    With respect to non-U.S. citizens who work for The Company outside the U.S., there was no information comparable to a Social Security number on the missing tapes.  Accordingly, we are providing this letter to non-U.S. employees as a courtesy, but do not believe that there is a need for them to consider options like those presented below.

    The U.S. Secret Service is involved in an active investigation of this matter, working closely with The Company and the outside data storage firm.  We have now determined that public disclosure of this matter will not interfere with the investigation.  To date, the investigation has not found any evidence that the tapes or their contents have been accessed or misused.  In addition, the information on the tapes is in a form that is not easily accessed.

    The Company takes the security of our employees’ personal information very seriously and we deeply regret that this incident occurred.  We are aggressively investigating this situation and are committed to staying in touch with you as the investigation unfolds.  In addition, we have taken the following steps:

    (blah blah blah, and some of the credit reporting agencies will give you free or discounted access to monitor your reports)

    God damn… as if it’s not bad enough that my information is in the hands of who-knows-whom or who-knows-what, now the fucking SECRET SERVICE is involved?  Jesus H. Christ, they’d be the LAST people I’d want having even a GLANCE at my information!

  10. PenetratingShaft,

      I’m sure there are many places that explain the rise of the term SPAM to describe unsolicited email, but since you love Spam so,
    here
    ‘s what the makers of that fine meatlike product have to say on the matter:

    RE: SPAM: SPAM and the Internet
    “You’ve probably seen, heard or even used the term “spamming” to refer to the act of sending unsolicited commercial email (UCE), or “spam” to refer to the UCE itself. Following is our position on the relationship between UCE and our trademark SPAM.

    Use of the term “spam” was adopted as a result of the Monty Python skit in which our SPAM meat product was featured. In this skit, a group of Vikings sang a chorus of “spam, spam, spam . . . ” in an increasing crescendo, drowning out other conversation. Hence, the analogy applied because UCE was drowning out normal discourse on the Internet.”

  11. I got an eBay phish yesterday.  eBay does reply, they emailed me back.  They don’t like you to cut and paste the source into an email, they want the offending email forwarded to them.

    ALERT: Your email has not been received by eBay.

    We reserve the spoof@ebay.com email address for handling reports of
    Websites that have been set up to impersonate eBay. In order to
    investigate these reports in a timely manner and provide help to members
    who have been affected by this type of activity, we only accept emails
    that are forwarded to this address.

    If you received this message after attempting to report an email that
    appears to have come from eBay but actually directs you to another site,
    you must forward the message to us again by using the forward function
    of your email program. Make certain that spoof@ebay.com is in the “to”
    field. Do not alter the subject line, add text to your message or
    forward the email as an attachment.

    I did so, and they did send back a couple of thank you replies.

  12. I was gone all last week and am currently checking up on what’s been up around here since then.  I was surprised my junk folder in my inbox had almost 150 suspected junk mail things in it.  Yahoo says if they sit in there for more than a month they will be automatically deleted and added to some master SPAM list, but at the rate I’m getting junk mail I wish they’d shorten it to a week.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.