I just got this e-mail:
I tried to copy-and-paste the above text but for some reason it’s impossible. Not only that, but even putting the mouse pointer in the text block opens the Internet link (which I closed before it could be finished).
I am not a customer of SunTrust Bank, by the way. Either this is a mistake, or it’s an attempt at identity theft.
Is there some law enforcement agency to which I can report this kind of thing?
Yeah, it’s a hoax, a version of the Citibank one that’s been floating around for a while I guess. Here’s Suntrust’s page on it.
http://www.suntrust.com/alert/index.asp
And a page with a copy of the email you received.
http://www.doshelp.com/Scams-fraud/SunTrust-Scams.htm
-Lil
Unquestionably a scam.
What you’ve ended up posting here is the real link to the Suntrust page, which is what the scammer wants you to think you’re going to when you click on the link they provided. What will actually happen on following the link from the original email is you’ll be taken to a clone of the Suntrust page, run by the banker.
Here’s Suntrust’s page explaining what to do: http://www.suntrust.com/alert/index.asp
There is Wells Fargo version as well.
I got from Commerce Bank.
Never heard of them. The email spelled Commerce three different ways (all wrong).
Usually you can tell from the WWW address, but in this case they use www.suntrust.com. How can they do that? Have they hacked the Suntrust website and installed their “asp” file there?
It’s probably an embedded hyperlink. Instead of saying “Click Here”, it says www.suntrust.com/whatever. Just like how the following link doesn’t take you to the Straight Dope, but to Fark: www.straightdope.com.
That’s exactly what it is. The entire message is a graphic (when I got my version, it was a .gif) and according to CitiBank’s website http://www.citibank.com/domain/spoof/learn.htm clicking the “link” can begin a background installation of viruses or keylogging programs. I’d run a thorough scan of your computer just to be safe.
Here’s a fun activity: there should be a way to view all the headers on the email. Check out the Received: lines. There should be at least 2 seperate instances. The second one listed will probably have an IP address, like so:
That number that starts 218 is the IP address for the computer (or network) that originally sent the email. The From: line and the supposed email address it was sent from are spoofed. In this case, the IP address is associated with hanero.com (according to
spambag.org), a known spammer. In any case, its obviously not affiliated in any way with CitiBank.
The same day, I got the same exact email, except it was supposedly from Sun Trust bank. This time, a search through spambag.org revealed the IP address was a Comcast IP address, meaning that one of Comcast’s internet subscribers was sending the email. Again, obviously not Sun Trust bank.
Also check out this link: http://vil.mcafeesecurity.com/vil/content/v_127728.htm
(Explaination of the .eml attachment you often find on these kind of emails - I only knew it was attached to my CitiBank email when it bounced back from the CitiBack email address that I forwarded it to in order to report it.)
And finally, you can also forward the email to spam@uce.gov.
Internet sleuthing can be fun! 
I’m intrigued to know how this works - seems like very weird behaviour :dubious:
Hmm, on second thoughts, do you mean clicking anywhere inside the “text block” (which is actually an image)? If so, that makes sense as the whole image is hyperlinked. I thought you meant that just moving the pointer into the area opened a link, which would be very odd indeed.
If you set your mail client to view all messages as plain text (which is what I do), then you can see right away if they have a hyperlink that takes you to a different server from the link’s text. Hyperlinks in these email scams typically point to a server with a numeric IP address.
Also, could a Javascript in an HTML email cause it to open the web page by hovering the mouse over the link? You should definitely set your email client up so that it doesn’t run Javascript in email messages. Also, if you do view messages as HTML, tell it not to load remote images, as sometimes images are used by the spammers for tracking who reads the messages. But IMHO, the best answer is just to view all messages as plain text. There are surprisingly few non-spam emails that can’t be read as plain text.
You are correct - the entire image is hyperlinked. They just did a really good job at putting the text in the graphic so that it looks like regular text.
JavaScript:
<A HREF="nasty.url" OnMouseOver="document.location='nasty.url';">www.suntrust.com</A>
Yes, there is JavaScript that will open up a window when you mouse over the link.
http://www.as400pro.com/TipsHTML2.htm#4
However, I’d imagine the only real use for it would be in the hands of spammers - code like that would be a nightmare if you try to use it in legitimate site design.
Your recommendations - shut off JavaScript, read email as plain text - are very good ones.
No - like the others have said, they’ve got the link displaying something other than the real destination of the link. I displayed the real URL one time to see where it led, and it led to “www-suntrust.com”, so they’re getting cleverer (usually when I display the real URLs, it’s to something obviously fake like www dot stealyourmoney dot ru or 123 dot 345 dot 567 dot 89).
The latter. I moved the mouse pointer over the text – and without my even clicking it, the pointer turned into a hand with index finger extended and the link-opening process began. They’re getting clever, aren’t they? :mad:
This is too weird. I always get these SDMB coincidences, where I read of or hear of something hitherto unknow to me, and then bam! I run straight into it again. I just came across this mouse-over trick for the first time ever, on a French hotel website I was checking for work: http://www.jardinssecrets.net/.
This within about 3 hours of first reading about it on here. Too weird.
To do this is Outlook 2002, see the Microsoft knowlege base.
On a related note, I read today in a security e-zine I get that most phishing scams are from just a handful of people.