Click to return to BOL home page
Banker Store Read A Reg BOL Insiders Career Connect Learning Connect Bankers Information Network

Search BankersOnline
using Google


MAIN CONTENT 

Compliance

Lending

Marketing

Operations

Security

Technology/eBanking


REGULATIONS 


Alphabet Soup







SHOP 


Banker Store

Bankers Info Ntwk


CONNECT 

Career Connect

Learning Connect

Guru Central


INTERACT 

Ask a Guru

Bankers Threads

Contact Us

Give Us Feedback


LEARN MORE 

About Our Sponsors

About Us





Phishing
Nigerian 419 Fraud
Potential Virus - Dangerous Attachment
Lottery Winners
Cashier's Check Fraud

Phishing and Scam Letter Samples

The Internet has made it cheap and easy for criminals around the globe to attempt to trick individuals into revealing confidential information (such as credit card numbers, bank account data, social security numbers and more), as well as deceive computer users into clicking on links or attachments that will compromise the security of their computers and the information stored on them.

Some of the most common ploys are "phishing" emails, lottery winner notifications, urgent pleas to help with the transfer of funds of a deceased individual, invoices and gift card notifications for items never ordered, and bogus messages with dangerous attachments.

Educate yourself about these scams so that you don't fall victim to them. In addition to the samples we've collected below, banking regulators have also assembled some excellent resource information on scams and identity theft.

Office of the Comptroller of the Currency
Federal Deposit Insurance Corp.
Federal Reserve Board
National Credit Union Administration

Phishing Scam - Phishing emails appear to come from a financial institution or other company with whom the recipient may do business. The message attempts to trick the recipient into clicking a link. The link may take the user to a site with malicious code, such as a keystroke logger, that will capture confidential information and then email it surreptitiously to the fraudster. In other instances, the link takes the user to a Web site that is an evil clone of the financial institution's or company's Web site, where the user is deceived into believing they are entering information (such as an online banking user name and password, or ATM PIN, for example) in a safe environment when, in fact, it is a site controlled by the criminal. It is not uncommon for the email to threaten dire consequences if you do not immediately click the link to respond. Don't fall for it!
  1. From: Customer Service [pn1013@yahoo.com]
    Subject: National City - Account Problem

  2. From: support@eBay.com, Safeharbor Department
    Subject: Account Verification

  3. From: security-service@alliantcreditunion.org
    Subject: Alliant Credit Union® Online Update

  4. From: support@eBay.com, eBay Update Team
    Subject: eBay Security Validation: Update Account Notice

  5. From: National Credit Union Administration [service@ncua.gov]
    Subject: *** WARNING: Security Issues ***

  6. From: service@lasallebank.com
    Subject: LaSalle NOTICE

  7. From: PayPal® Security Department [security@paypal.com]
    Subject: Update your PayPal account

  8. From: aw-confirm@ebay.com
    Subject: Your final warning from eBay

  9. From: security@paypal.com
    Subject: Update your PayPal account

  10. From: Nick Pfeiffer - Federation Bank [npfeiffer@federationbankia.com]
    Subject: Fw: Important Notification

  11. From: SouthTrust Bank [identdep_op025642242509@southtrust.com]
    Subject: SouthTrust Bank - Security Update, Please Read

  12. From: Paypal [custserv@paypal.com]
    Subject: Attention! Critical Information About Your Account

  13. From: SouthTrust Online Banking [online-banking@southtrust.com]
    Subject: SouthTrust Bank ATM cards attention bxbkjftbcsymsn

  14. From: PayPal [security@paypal.com]
    Subject: Security Measures

  15. From: security-service@alliantcreditunion.org
    Subject: Alliant Credit Union® Online Update

  16. From: First Credit Union Security Service [service@flrstcu.coop]
    RE: Notification of Limited Account Access (Routing Code: C840-L001-Q190-T1830)

  17. From: customer.service@msufcu.org
    Subject: MSUFCU Online Account Access

  18. From: First Tennessee [update@firsttennessee.com]
    Subject: Preview Account!

  19. From: tito_beyachi@virgilio.it (El Gordo Sweepstake Lottery Program)
    Subject: PROMOTION AWARD CLAIM NOTFICATION

  20. From: Chase Bank [survey@chase-manhattan.com]
    Subject: Chase Online® $20 Reward Survey

  21. From: Credit Union National Association Service [mailto:service@cuna.org]
    Subject: Credit Union National Association Service
    IE7 warning screenshot depicting this as as a scam.

  22. From: store-news@amazon.com [mailto:store-news@amazon.com]
    Subject: Online Banking Notification: An update for your online profile (Important)

  23. From: Fifth Third Bank [operator23196ver@security.53.com]
    Subject: Fifth Third Bank: customer details confirmation!

  24. From: Household Bank [account@household.com]
    Subject: Accounts Authentication Required

  25. From: BankofAmerica [onlinebanking@alert.bankofamerica.com]
    Subject: Bank of America Alert: Online Account Blocked

  26. From: PayPal Security Center [service@paypal.com]
    Subject: IMPORTANT: PayPal Security Measures PP-052-CA-788

  27. From: Western Union [service@westernunion.com]
    Subject: Update Your Western Union Account!

  28. From: service@wamu.com [service@wamu.com]
    Subject: Washington Mutual - Your E-mail Has Changed

  29. From: PayPal Security Center [support@paypal.com]
    Subject: Update you PayPal account informations

  30. From: Internal Revenue Service [admin@irs.gov]
    Subject: IRS Notification - Please Read This.

  31. From: Bank of America [bankofamerica@secure.com]
    Subject: Online Security Measures

  32. From: this is actually a web page from the NCUA
    Subject: Important Security Renewal

  33. Assassin's Threat - Demo Message
    Subject: Threat
    For accurate representation we emailed the text of a threatening assassin's letter to ourselves. The text, complete with grammatical errors, is as was reported in the press. The letters are simply a scam. Do not respond to these.

  34. From: jeff@jeffmackler.com on behalf of MILITARY ONLINE, [noreply@bankofamerica.military.com]
    Subject: IMPORTANT NOTICE - Payments and Transfers services are expired

  35. From: Internal Revenue Service [refunds@irs.gov]
    Subject: IRS Notification - Tax refund
    While the link in the letter appears to be going to the IRS, the actual code is sending the reader, and the confidential data they enter, to http://ip-36.net-89-2-128.rev.numericable.fr/~christine/.secure/.server/.data/.forms/refund/index.html, "fr" means it is headed to France. And the IRS is not sending emails unexpectedly to taxpayers telling them they have an unexpected refund coming, and 48 hours to claim it.

Nigerian 419 Fraud - In this type of scam, the crook will write an email that describes some tragic situation. Invariably, it states that someone is dead (sometimes claiming they are one of your relatives; in other cases they say you are chosen because you were recommended by a trusted friend) and a huge sum of money (millions!) is trapped in a foreign country and they need you to help them get it -- for which they say they will handsomely reward you. They appeal to you like you're a superhero who can fly to the rescue, but what they're really after is your bank account information so they can make a withdrawal -- not a deposit. In other instances, they'll string the recipient along, promising millions, but requiring the recipient to come up with cash along the way for various fees and charges. There's no pot of gold at the end of this rainbow.

  1. From: paul koko [paulkujo2004@yahoo.ca]
    Subject: TRANSFER OF $38 MILLION U.S DOLLARS.

  2. rom: Felizrichard2005@go.com, M/s.Elizabeth Richard
    Subject: I NEED YOUR RESPONSE

  3. From: Dr:Ratey William
    RE: TRANSFER OF US$48.223 MILLION {FORTY EIGHT MILLION TWO HUNDRED & TWENTY THREE THOUSAND U.S DOLLARS ONLY TO YOUR ACCOUNT}

  4. From: Mrs Amina Shettima [aminashettima@msn.com]
    Subject: URGENT

  5. From: professor charles soludo [payment_office101@yahoo.com]
    Subject: CONTRACT PAYMENT NOTIFICATION

  6. From: Richard Ferdinand
    Subject: Enquiry on partnership. (Transfer Funds from Deceased Account)

  7. From: john mark [john_mark201@yahoo.com]
    Subject: Please Dear I Need Your Help From John Mark

  8. From: larito14@o2.pl
    Subject: From Mr.Larito Foreign Transaction!!!

  9. From: ANGELE BOGA [boga_angele_6@yahoo.fr]
    Subject: Good Morning Daddy

  10. From: DAVIES MALULEKE [daviesmalu3@yahoo.com]
    Subject: PROJECT NOTIFICATION

  11. From: The Office of TUNDE LEMO cbn_financial_tundelemo cbn_financial [cbn_financial_tunde@yahoo.it]
    Subject: VERY URGENT

  12. From: hadi asinada [hadi2005_asinada@yahoo.co.uk]
    Subject: please reply this information

  13. From: David [thirdinfantrydiv001@myway.com]
    Subject: FROM IRAQ
    This is a variation on the 419 appealing to those interested in the war in Iraq.

Potential Virus - Dangerous Attachment. Crooks use a technique called "social engineering" to trick you into opening emails and attachments and/or clicking on links in emails. The technique involves making the email appear to come from someone you know, or a trusted source. It may even appear to be returned email supposedly sent from you originally. The goal of the criminal is to get you to let down your guard, believing the email is legitimate, so that you click to open the attachment or go to the link. Once you do so, your computer can be infected with a virus or other malicious code. Depending on the "payload" of the virus or trojan, you could lose data, lose functionality, or have the security of your information compromised. In some cases, a person whose computer was infected may have had the "To" and "From" addresses somewhere in their computer. The virus program randomly selects addresses and fills in the blank so it appears to be someone you may know.

  1. From: Department@fbi.gov, Steven Allison, FBI
    Subject:Your IP was logged

  2. From: Office@cia.gov, Steven Allison
    Subject:Your_IP_was_logged


"You've won!" Lottery winner notification emails are scams. You can't win something you didn't enter. What's the deal? Tantalizing you with the prospect of a windfall, these lottery winner emails ultimately seek payment from you to get your "winnings." You may make the payment, but believe us -- you'll never receive winnings from these con artists.

  1. From smithlinda@virgilio.it, Google Lottery Int.
    Subject: YOU MADE IT 1,000,000,EUROS

  2. From: tripplewins lottery [trip2winlottery@msn.com] MRS.MABEL VAN DYKE
    Subject: CONGRATULATIONS YOUR EMAIL ADDRESS HAVE WON!!!

  3. From: lottozomer1@go.com
    Subject: AWARD/WINNING FINAL NOTIFICATION

  4. From: maxwell jones [maxjones2@hotmail.com]
    Subject: CONGRATULATIONS

  5. From: UK NATIONAL LOTTERY [uk2005randomsearch@msn.com]
    Subject: RESULT RELEASED(congratulations)!!!

  6. From: Microsoft Word Lottery Program [mailto:msw.promotion2006@web.de]
    Subject: CONGRATULATIONS!!!

  7. From: Info Mail [InfoMail09@web.de]
    Subject: YOUR E-MAIL ADDRESS HAS WON
    This puports to be related to Yahoo.

  8. UNITED NATIONS NEW PAYMENT [mailto:info76n@poczta.onet.pl]
    Subject: UNITED NATIONS NEW PAYMENT





Avoiding Cashier’s Check Fraud - The number of fraudulent cashier's checks has increased substantially. Many are excellent fakes and while neither the depositor nor their bank can know for sure, the paying bank will. When they detect it, they'll return it back through the payment system and eventually it will come back to the depositor. This return path is slower than the time in which the bank receiving the deposit will make the funds available to the depositor. This means the person who cashed the cashier's check may have spent some of the money or even returned some to the person who gave them the check. That is where the scam happens because when the bank wants money back from the depositor, the depositor has no one else to go to.

On January 16, 2007 the Office of the Comptroller of the Currency issued a Consumer Advisory (CA 2007-1) on Avoiding Cachier's Check Fraud.


Help us build our collection of scam emails. Create a PDF or screenshot of those you receive and email them to cindy@bankersonline.com.


Access other Banker Tools on BankersOnline.com:




[an error occurred while processing this directive]