Analyzing A First Bank Scam Email

Possibly the same bunch of never-do-wells behind the GTBank scam email that I published on this site last week are also behind the First Bank scam email I received last week – reproduced below.

However, this scam mail is a little less sophisticated than the previous.

My comments, in red, details the red flags you should look out for in any correspondence from your bank;

From: First Online <> Email originates from a non-First Bank domain address.( SCAM ALERT!!!! More sophisticated scammers may send email purportedly originating from a First Bank email account using a technique called Email Spoofing.
To: Recipients <> Email was BCC to me. SCAM EMAIL CONFIRMED. Bank mails are sent directly and personally to each recipient.
Sent: Monday, 11 April 2016, 7:01
Subject: First Online New Monthly Debit
Missing Salutation. FBN has a tradition of addressing their mails directly to their customers, with your account number in brackets. “Dear XXXX, XXXXXXX (333XXX3333)”

According to our records, you registered for our FirstOnline Customer Digest monthly bulletin and this comes with a monthly charge of N15,050:00., we would like to ask you to confirm this request Hyperlink masks a URL not on any First Bank internet domain, . The link further redirects to another URL that hosts a cloned version of First Bank Internet banking platform you wish to reject the registration request, follow the cancel reference below  URL masks malicious site hosting a cloned version of First Bank Internet bankingYou would have to confirm you are an active account holder with us by following the procedures from your First Bank account.

Thank you for choosing First Bank



Spot and Avoid Facebook Scams

“THERE’S A SUCKER born every minute.” That quotation, widely attributed to P.T. Barnum, originally referred to deceptive carnival sideshow attractions, but it’s just as relevant to online scams—in particular, Facebook scams—today.

None of the common Facebook frauds—the “Facebook dislike button,” the “stalker tracker” (which purports to tell you who’s visiting your profile), and “watch this video” tricks, for instance—are new, says Chris Boyd, senior threat researcher for UK-based GFI Software. “You’d think that people wouldn’t continue to fall for them,” he says. But of course, they do.

Resisting the urge to click can be difficult, and scammers know it. They prey on a combination of users’ curiosity and trust, and on their own ability to disguise scams as legitimate online promos. Fortunately, you have some clues to watch for.

False Friends

One ploy that Facebook scammers use is to encourage people to click a compelling URL. But instead of seeing the promised site, the deceived person inadvertently spams friends with links to the same URL. Some messages are so persuasive that victims may provide personal information such as credit card or phone numbers, which the scammer can then exploit to run up unauthorized charges.

The key element in a successful scam is its ability to exploit the victim’s trust, says Dr. Robert D’Ovidio, associate professor of sociology at Drexel University in Philadelphia. Many scams pose as links in posts from people you know. “These schemes are coming from people in our network, and our guard is already down; that’s a very tough thing to police against.”

If a friend posts a link to what appears to be a video on your wall with the comment, “Is this you? LOL!”, you’ll probably click it. But it may be a scam or a link to a malicious site posted by a crook using a hijacked Facebook account.

Here are two red flags to watch for when you click a link: It doesn’t take you to the page promised; or it takes much longer to load than you’d expect. A delayed load may mean that you’re being bounced between proxy servers to hide a hacker’s location, instead of being sent directly to the destination.

Also watch out for pages that unexpectedly ask you to enter your Facebook login information. Once scammers manage to gain access to your account details, they can use it to spam your friends. If that happens, or if you suspect foul play of any kind, change your password immediately.

Even shortened URLs may pose risks, since users can’t tell by looking at a shortened Web address whether it’s authentic. So if someone posts a shortened link to your wall or by using a Facebook message or Chat, proceed with caution.

Ultimately, most scams are designed to generate revenue for the scammers through pay-per-click schemes or through access to information that can lead to unauthorized charges on credit cards or phone bills.

You’ve heard about the scams and you may have seen some of the lures. Here are practical ways to ensure that you won’t become the next victim.

What to Do If You Fall Victim

If you find that you’ve been scammed, first delete the offending app (go to Account•Privacy Settings•Edit your settings [under ‘Apps and Websites’]•Edit Settings [under ‘Apps you use’], and click the X next to the app you want to delete). Then delete any posts that the app has made in your name, alert your friends to what happened, and change your Facebook account password.

J.R. Parker, an attorney with Kershaw, Cutter & Ratinoff, LLP, says the key to not getting scammed is to be vigilant. He recommends tying down all privacy settings and restricting what apps can do with your information or your Facebook page. To modify these settings, log in to Facebook and click Account in the top right; then select Edit your settings under ‘Apps and Websites’ at the bottom left, and click Edit Settings next to ‘Info accessible through your friends’

A healthy skepticism is critical, too. Here are some specific tips:

• Verify app authors. Click the author’s name and follow it to the app’s home page. Look for anything that seems odd or unprofessional. Run a Google search on both the app name and the author.

• Check other users’ experience. A simple search can yield results indicating what’s legit and what may not be.

• Don’t give out personal information (including your Facebook login name and password) to anybody, unless you’re certain of the recipient’s legitimacy and the distribution channel’s security.

• Be aware that your security on social networks depends in part on the security-mindedness of the other people who belong to your network.

• It may not be rocket science, but security experts say it’s your best protection: “Be careful what you click on.”


– Posted using BlogPress from my iPad