Help … just give me your account information

Hello.  Sorry for
emailing you out of the blue, but my name is Ishamal Nicker, and my
brother was killed in the Iraq war before he could move his money back
to Lebanon.  He had $20,000,000 in a Switzerland bank account and has
given me the codes but I can't move the funds due to restrictions.  Can
you help?  Just send me your bank details and I'll give you 50% of the
money ...

Good day sir.  Great apologies for emailing you this
way but may I introduce myself to you?  My name is James Fontagu,
grandson of Sir Harry Fontagu, the famous English lawyer.  Sir Harry
left his money to me but I can't get it without your help.  Can I have
your bank details ...

Congratulations dear FinanSer reader.  Your click onto Chris's blog is linked to the lottery of Mars and you happen to have just won $100 million!  Just give me your bank account number ...

Dear PayPal user.  Your PayPal account is suspended.  Click here to sort it out ...

Dear
Dafto.  We are your bank and we hate you as you've clicked the wrong
button and screwed up your account.  Click here and we might deign to
love you again ...

OK.

You may know it's all about email scams and phishing, but not everyone does.

According
to APACS research, 15.7 million people regularly use the internet to
access their current account, credit cards and savings in Britain of
which:

• 3.8% (an estimated half a million people) said they
  would still respond to an unsolicited email asking them to follow a
  link and re-enter personal security details, supposedly from their
  bank, unwittingly giving fraudsters access to their account (this is
  slightly down from 4% in 2004);
• only 1 in 10 people have anti-spam software installed and about a third have a firewall;
• a third record their password or security information by either writing it down or storing it somewhere on their computer;
• two thirds never change their password and 1 in 5 use the same password for non-banking websites as well as their online bank;
• older users are worst, with 70% of older people never changing their password (could be the memory, old boy); and
• under
  24 year olds are more susceptible to scam or ‘phishing' emails that are
  apparently from their banks with over 12% of them clicking on the link
  and divulging account details and security information – three times
  higher than the national average.

Stupid boys (and girls)!

By now phishing as an art form should be dead and gone, but it's still rife according to the anti-phishing league, who claim around 30,000 new phishing campaigns are out there each month (55,000 in April).

One of the most common scams however is still the one I opened with - the letter asking for help to move funds.

Originating as the Nigerian 419
operation - named after the criminal code it relates to - you would
think by now most folks would have sussed out that any site that asked
for your account information was dodgy.  But the suckers keep coming.
Mind you, if you haven't seen the 419eater trophy room, you must.  It's fandabadoozy.

Meanwhile,
on the phishing front, it appears that the really sophisticated bad
guys have now moved to using banking specific trojans that can do very
scary things at the client end, including manipulating the data to and
from online banking sites, to change what the client sees or has
entered.  These trojans are causing at least half of the online banking
losses and a significant amount of plastic card frauds as well,
according to my sources.

In the spirit of supporting our fight
against such filth, and for those who would like to chance their arm,
you may therefore want to try out the latest service from the
underworld. 

Yes, you guessed it, create your very own phishing website. 

It's easy, and here's how.

According
to RSA Security, cybercriminals are offering a "Plug and Play" phishing
kit contained in a single file which makes it possible for even
the most non-geek to create a phishing website in two seconds.

Funnily enough, this was posted on the Register  in July this year, when it was actually reported by RSA Security back in January.  That's why one of the comments on the Register states:

"Wow,
this just goes to show how out of the loop the so called experts are.
This is far from being something new. This kit has been in use way over
a year and from the reading they are refering to a kit that is outdated
over 6 months. The ones used now are far more advanced in code and a
lot more idiot friendly."

I'm off to go angling for the day.