The con attempts never stop.

I received a bogus email, purportedly from VISA, today that informed me that someone had tried to use my VISA card at an ATM in Budapest, Hungary and that the transaction was refused for “security reasons.” However it was suggested strongly that I immediately contact an email address in order to change my PIN for my own protection.

Since I don’t deal directly with VISA, I immediately contacted the financial houses with which I do deal and they both confirmed that there had been no unusal activity on my cards in Hungary or anywhere else.

The security depts. of both places wanted a copy of the email which they will track down and doubtless squelch. However, these things are like the mythical dragon’s teeth. You kill one and a dozen more spring to life.

It sounds like it would work on many people. A lot of people are just starting to get into the internet and also starting to know that banks do have monitoring programs on credit card that search for fraudaulent activity on cards.
So, I think many people will fall for it, if it is done ‘well’.

The key is to realize that your card is not issued by VISA or MasterCard or whomever. Rather it is by a particular bank or other financial institution. Had there actually been such activity on my card the message would not have been from VISA but rather from XYZ Bank. And even so I would have immediately called the customer service number on my card and looked further into the matter that way.

I don’t know. It can’t be too easy to catch these people, otherwise they’d have to build a city of new prisons to hold them all.

Are there legal penalties for phishing scams? If not, there should be. Or, failing that, a private vigilante group to totally go Genghis Kahn on their asses.

That’s certainly true if they are in some foreign countries. Internet providers in countries that are cooperative and be forced to identify who owns what site and it can be closed. But the scammers always figure out another dodge.

I was dismayed to receive yesterday an email from someone I’ve dealt with on eBay; it was the rather infamous £3 PayPal pyramid scheme - you’re supposed to PP £3 to the person at the top, then remove them, add yourself to the bottom and forward to all your friends.

Stupid thing was that this wasn’t just naiveté on the part of the person who sent it to me; it was a deliberate scam - I know this because it was transparently obvious that all the email addresses on the list belonged to the sender, not just the bottom one.
I know they’re illegal anyway, but if not for the above, I’d have probably just sent back a message saying “hey, you probably don’t want to do this”. As it was, I reported it to PayPal, eBay and Hotmail - they will probably close the sender’s accounts on all three.

I get at least a dozen such scam e-mails every single day, most from “ebay” who is going to shut down my account IMMEDIATELY if I don’t respond to their request for information.

More recently, I’m getting e-mails that start off with “I’ve worked a lot of hours trying to pull the information together that YOU requested and this is my final attempt to get you to respond.”

Uh huh.

So now in addition to trying to scam me, they’re trying to bully/guilt me into stealing information.

I get the Paypal needs information/ accounts are being accessed in Bulgaria/your invoice for the $4000 watch all the time.

I have no money to give them.

I use Pegasus Mail for my E-Mail (have for years) and one of the cool things about its more recent versions is that it will detect and completely disable the hotlinks located in these phishing expeditions. Most of the time I can tell these dumbass scams from the subject like, but if there’s any doubt I just have to open the E-Mail and hover over the link; if I get the circle-and-cross instead of a finger, it’s fake.

Of course even if it doesn’t catch it and the link works, and if the notice seems like there could be some germ of validity to it (I do deal with PayPal and eBay quite a lot) then I go to PayPal and/or eBay manually and check my messages that way. If it’s fake, it won’t show up in my messages.

They’re not necessarily after your money; they often just want to hijack your account (if you have one) so that they can use (for example) it to list bogus items on ebay, getting the buyer to pay by some rapid, hard-to-reverse method, then disappearing.

The same thing happened to me. I contacted VISA and was told that it was, indeed, phishing. They didn’t want the e-mail, though. I suspect they’ve seen too many of these.

By the way, the mythology geek in me points out that you’ve got your myths crossed:

I think you mean that they’re like the hydra’s head

Right, the Hydra head is correct. The one I vaguely remembered as dragon’s teeth was Cadmus sowing serpent’s teeth from which fierce warriers sprouted and that’s not apropos.

I worked for several years in a call center, and the last account I was on was a major U.S. bank. We got phishing alerts at least once a week. I was amazed at the number of people who called us AFTER they’d already provided information to the phishers. Then they’d get mad at us because we had to close and re-open their account under a new number just to protect them from themselves!

I recently got a very official looking PayPal email (the spam filter caught it, regular PayPal emails come right on through), telling me I needed to log into my account or it would be shut down. The log in screen was identical to the real PayPal screen. I so wanted to type some really nasty remark as my user name and password and reply, but that would violate my “never reply to any spam” motto. So I sent it to spoof @ paypal. Sure enough, got a reply from PayPal, warning me about phishing. Thanks, heard of it :rolleyes:

I can see how people could fall for that and be screwed before they realized it. I had a buddy who sent out a “PayPal is a bunch of crooks! They cleaned out my buddy’s bank account!!” “public service” announcement. Come to find out, the buddy had replied to one of these phishing emails and got screwed. The guy I know still won’t use PayPal. They’re crooks :smack:

Also, make your Ebay and PayPal passwords different. I was amazed when I mentioned this and almost everybody that used both said they used a common password, since it’s “easier”. Yeah, sure is. Easier to get screwed.

Happens all the time here in Australia. My friend tells me that people tell the scammers their password. Then the person rings the bank saying "I gave out my password to this guy -said he was calling from Visa. Should I have done that?
They give out their password first. Then ring the bank to ask them whether they should have done it.

Last week I got a beautiful email from eBay about how my credit card was being used improperly and had been reported lost or stolen. When I clicked the link, the site I got was something like ebay.com.ebay-stats.com. Someone had done a real job. I logged in as “Wakko” with a password of “Warner”.

“Hello, Wakko”, said the page momentarily, and then took me to the real eBay page, which read my cookie and displayed my real user name.

If you hover over the real-looking hyperlink in the E-mail, and then check the status bar of your Outlook client (assuming you use Outlook), you’ll see the real url you’re about to head to if you click.

I have one of the fake paypal ones in my inbox right now. This is the url as it looks in the E-mail: https://www.paypal.com/cgi-bin/webscr?cmd=_login-run

Looks pretty real. in fact, I believe that is the exact url that will take you to paypal. However, that ‘url’ is just the description. The REAL url attached to that is: http://104179xxx/webscrr/index.php (I put the xxx’s in there to make sure it was invalid).

This is an old, old technique. If you go to the page, it will look like a real paypal login screen. So you type your name and password, and it comes back and says, “Your password was invalid. Please re-enter”. Only this time, you are redirected to the real page and log in normally. You have no idea that someone just phished your name and password - you just think, “I must have typoed that password”.

Truly, these things have been around for so long, and are so frequent, I have no sympathy for anyone who gets caught. They must have lived under a rock.

There used to be a website where you could post a phishing URL and a script would repeatedly log into it with bogus account id and passwords, hopefully creating enough chaff to make the phisher’s life more difficult.

I recently got an eBay version: eBay needs me to log in in order to retrieve a message from the winner of an auction I had that recently ended.