Categories
Hack

Analyzing A First Bank Scam Email

Possibly the same bunch of never-do-wells behind the GTBank scam email that I published on this site last week are also behind the First Bank scam email I received last week – reproduced below.

However, this scam mail is a little less sophisticated than the previous.

My comments, in red, details the red flags you should look out for in any correspondence from your bank;

From: First Online <aabukomsan@maktoob.com> Email originates from a non-First Bank domain address.(@firstbanknigeria.com). SCAM ALERT!!!! More sophisticated scammers may send email purportedly originating from a First Bank email account using a technique called Email Spoofing.
To: Recipients <aabukomsan@maktoob.com> Email was BCC to me. SCAM EMAIL CONFIRMED. Bank mails are sent directly and personally to each recipient.
Sent: Monday, 11 April 2016, 7:01
Subject: First Online New Monthly Debit
Missing Salutation. FBN has a tradition of addressing their mails directly to their customers, with your account number in brackets. “Dear XXXX, XXXXXXX (333XXX3333)”


According to our records, you registered for our FirstOnline Customer Digest monthly bulletin and this comes with a monthly charge of N15,050:00., we would like to ask you to confirm this request
https://www.firstbanknigeria.com/contact-us/feedback-and-complaints/=confirmdebit Hyperlink masks a URL not on any First Bank internet domain, http://autozspa.in/wp-content/plugins/fn.php . The link further redirects to another URL that hosts a cloned version of First Bank Internet banking platform http://www.ecopeas.com.au/tel/fbns/fbn/fbn/fbn.htmlIf you wish to reject the registration request, follow the cancel reference below
https://www.firstbanknigeria.com/contact-us/feedback-and-complaints/=canceldebit  URL masks malicious site hosting a cloned version of First Bank Internet bankingYou would have to confirm you are an active account holder with us by following the procedures from your First Bank account.

Thank you for choosing First Bank

 PRIVACY POLICY ACCESSIBILITY TERMS OF USE SITEMA© FirstOnline2016

Categories
Hack

How To Spot A Scam Bank Email

One common feature of most Nigerian scam emails is the lack of sophistication. They are fraught with grammatical errors and typos. The perpetrators of these scam emails are usually not very educated.

Their lack of sophistication is a good thing. It makes us spot a scam email easily from afar. Many of us have survived thus far because of this.

However, we are witnessing a new crop of “scammers” that are more technologically savvy and much more sophisticated. Grammar is no longer an issue and they are extremely good in writing malicious scripts (softwares).

All hope is not lost though.

Let’s review a scam email that was sent to me earlier this week. We will try to point out the red flags to look out for. With this, we can keep ourselves educated.

My comments in Bold Red.

 

 

From: GTBank <wingerter@snet.net>  Sender’s email address is not from gtbank.com domain. Even if it is, it could be faked by a technique called EMAIL SPOOFING.
Date: Mon, Apr 04, 2016 at 9:22 PM
Subject: Customer Update Alert
To: <*******@yahoo.com> The scammer was smart enough to send the mail to me directly and not BCC. But this email is not associated with any of my bank accounts!

 

Dear customer GTBank sends out personalised emails, with your name in full.

Guaranty Trust Bank eLectronic Notification Service (GeNS)

We wish to inform you that your account with us is due for an update.
Kindly login and update your details:

https:/www.gtbank/ibank3/customer-update/ This hyperlink masks the malicious site I was expected to click on. The URL was further masked using a URL shortening service. However, the link will lead you to BerryLaneDesigns.com where a cloned version of GTBank internet banking site is hosted. 

Please update within 24 Hours of notice to avoid Service Interuption/Suspension.

Thank you for choosing Guaranty Trust Bank plc
alert “Your Internet Banking user ID and password, ATM card number and PIN are confidential and should never be disclosed to anyone”.
Kindly log on to our website www.gtbank.com hyperlink leads to a cloned gtbank internet banking site hosted on BerryLaneDesigns.com  OR
Call GTConnect on 0700 GTConnect (0809 7393494), 01 328 0000, for more information.
NB:
Our notification service sent this mail to you using a default setting and the information you supplied to us when your account was opened.
If you wish to Iimit the type of mails you receive or the email address(es) in use, please send an email to us by clicking on the link below:
Send a Mail to Guaranty Trust Bank eLectronic Notification Service (GeNS)