Consumer alert!

Counterfeit money orders issued in the name of KeyBank are being used nationwide as part of an up-front fee that’s part of a variety of Internet scams.
Details are here.

In the last couple of days, bogus e-mails invoking the names of various financial institutions have been circulating in an effort to extract personal financial information from customers.
The messages aren’t necessarily specifically targeted at customers of the financial organizations, but are meant to saturate the Web with bogus messages in hopes that some legitimate customers will respond with their personal data.
In all cases, the financial firms do not gather such personal data through e-mail.
If you receive messages from the following financial institutions with the following subject headings, just delete them:
Comerica — “Your account need attention.”
Bank of America — “Restore your account has been blocked.”
RBS — “Reactivate your Digital Banking.”
PayPal — “Security Notice — We have limited access to your PayPal account.”

Monroe County Community Credit Union is the target of another scam attempting to gather customer credit card numbers. This one uses a combination of e-mail and telephone verification.

It starts out with this e-mail message:

“From: Monroe County Community Credit Union [mailto:info@mcccu.org]
Sent: Friday, February 15, 2008 7:03 AM
Subject: MCCCU - Account Suspended!

You have one new message at Monroe County Community Credit Union.

INBOX (1)

From: Customer Service
Date: 15/02/2008
Subject: Official service renewal notification.

To listen the message please call us free at: 1-734-274-2043

Monroe County Community Credit Union,
715 North Telegraph Road,
Monroe, MI 48162.

Copyright C 2008, Monroe County Community Credit Union. All rights reserved.”

When you call the phone number in the message, it is a robotic pre-recorded announcement that says your account has been suspended due to fraudulent activity. To reactivate the account, it requests that you punch in your 16-digit credit card number, expiration date and PIN number. Each number entered is reconfirmed by a robotic voice. After all the numbers are entered — no matter what numbers are entered — the message asks you to wait while the account is confirmed. After an appropriate “processing” pause, the voice says your account has been reactivated and thanks you. Although the quality of the phone recording leaves something to be desired, it follows a verification pattern that is common for many legitimate financial institutions.

MCCCU also has been the target of an earlier e-mail scam that takes recipients to a counterfeit Web site.

You can read about that scam by clicking here.

Monroe County Community Credit Union customers are being targeted by an online scam that apparently attempts to capture account numbers, login passwords and other information. The e-mailed message looks like this:

From: “Monroe County Community Credit Union”<admin@mcccu.org>

Date: February 10, 2008 3:40:46 PM GMT-05:00

Subject: New Inbox Message!

 

You have one new message at Monroe County Community Credit Union.

INBOX (1)

From: Customer Service
Date: 10/02/2008
Subject: Official service renewal notification.

In order to read the message click here to login at
Monroe County Community Credit Union and access your MAIL section.

Monroe County Community Credit Union,
715 North Telegraph Road,
Monroe, MI 48162.
Copyright © 2008, Monroe County Community Credit Union. All rights reserved.

If you ignore the futuristic date in the message and you click on the “click here” link, it takes you to a Web site that is almost an exact replica of the MCCCU home page that asks for your account number and password. But there are two distinct differences: The Web address in your browser doesn’t begin with the “https” prefix that indicates it’s a secure site. Second, it also doesn’t have the bright red “Scam” warning about halfway down the page that the legitimate site has. If you punch in any entries in the login and password boxes, you’re taken to a legitimate looking site that says “Suspended Account” and asks you to enter your name, a credit card number, an e-mail address and other personal information.

If your fooled by the bogus page into punching in your password, you probably should then go to the real site and change your password. If you’re fooled by the second page, you probably should report what you did to the credit union.

If you ever receive an e-mail from your financial institution for any reason, it’s best to give them a call and make sure it’s legit. Most financial institutions don’t ask for personal information via e-mails they send to you.

E-mailed messages asking recipients to contribute to a group calling itself the “Amway Children Charity Foundation” are bogus, according to Michigan-based Quixtar, Amway’s parent company.

The e-mail informs the recipient that he or she has been chosen to get a grant to help set up a children’s center to help poor kids in the area. A nomination code number might be provided, and banking information is requested. If the recipient reponsds, they are asked to send an indemnity bond of varying amounts. The e-mails might be signed by “Dr. Kevin Brown” or someone else claiming to be a grant-processing officer.

The fraud is known as an advance fee scam, which occurs when the victim pays money in advance to someone, expecting to receive something of greater value.

The scam has been circulated by e-mail in Europe, North America, Australia and Asia. Recipients are advised to not respond or reply in any way. Amway is investigating its origin and has notified authorities. Those with information or questions about this scam are asked to contact Amway through its Corporate Communications Department at (616) 787-7565.

Our friends at F-Secure found this phony, but realistic, Web site.

Watch out for this one. It’s not the real Microsoft Update site.

Note the real URL (cfm48.com) and the spelling errors (”Please intall”).

If you click the Urgent Install button, you’ll get a file called WindowsUpdateAgent30-x86-x64.exe, which is not signed by Microsoft. (i.e. Click the button — Download a Trojan-Dropper.)

The U.S. Department of Justice has learned that another bogus e-mail bearing the agency’s name and logo has been circulated to at least 20,000 Internet users.

The message is a hoax and recipients should not respond or open any of its attachments.

The Department of Justice did not send these unsolicited email messages—and would not send such messages to the public via e-mail, the agency said. Similar hoaxes recently have used the names of various other governmental entities, including the Federal Bureau of Investigation, the Federal Trade Commission, and the Internal Revenue Service. The e-mail messages contain a malicious attachment as well as random text used to defeat spam filters. E-mail users should be especially wary of unsolicited warning messages that purport to come from U.S. governmental agencies directing them to click on file attachments or to provide sensitive personal information.

Click here to view the sample hoax email

A widely e-mailed Blockbuster Video coupon is creating a lot of disappointment for customers who understandably think it’s legitmate.

Learn the sad truth here instead of at the Blockbuster check-out counter.

An old chain e-mail claiming Microsoft will send you a wad of money as part of a beta test is circulating again.

This thing’s been around for at least 10 years, has more lives than Dracula, and is just as bogus.

Here’s one of many debunkings you can find on the Net.

Owners of MacIntosh computers usually don’t have to worry much about viruses and malware booby traps. Virus-launching villains usually take aim at the broader population of IBM compatibles that can be a bit more susceptible.

Now there’s word about a new Trojan virus that prompts a Mac user to download a new version of a Codec program that presumably will enable the user to view a video. It’s aimed at those with Mac OS X 10.4 and 10.5 versions.

Here’s the link to the F-Secure lab that explains it all.

The Federal Trade Commission reports that a bogus e-mail is circulating the invokes the FTC name. It warns against opening the e-mail because it contains a computer virus.

Here are details.

The latest effort from the group that gets its kicks from infecting computers with a worm virus. If you get an e-mail with a link that takes you to this Web site, just delete everything. Don’t click on any part of it, and delete the original e-mail message. Yeah, I know, you can’t resist can you? That’s the idea. BTW, this is the same group that last had a link to a bogus “Game Arcade” site.

… responding to a fraudulent “URGENT NOTIFICATION” e-mail making the rounds that tells you you’re entitled to a fat refund from a utility. It’s a scam designed to snare personal info from you.

The U.S. Department of Energy put out a special alert about it.

An urban legend that began eight years ago still is alive and well and circulating through e-mails. It warns about strangers who will approach you in a parking lot, inquire about the perfume or cologne you’re wearing, offer you a chance to sniff a new or cheaper brand. When you do, you’re knocked out cold by the substance and the perfume purveyors make off with your wallet, purse, cell phone or first-born.

Snopes.com describes the origination and permutation of the story here.

Regardless of the validity of the story, it’s probably not a good idea to even think about buying stuff from people on the street, in parking lots, in public bathrooms or truck stops.

The Securities and Exchange Commission said the amount of e-mail spam messages that tout various stocks has fallen dramatically since it began an enforcement campaign.

The facts and figures are here.