Date Reported 17th January 2005
Apparent Sender TCF Bank
Return Address TCF < support-auto20@tcfexpress.com >
Subject TCF Alert!
Format HTML
Method Spoof email links to a spoof webpage where victim is prompted to enter their details believing the site is genuine. Details are then forwarded to a local script and captured.
Bogus Web Content? Yes
URL of web content http://clientinfo.tcf-online.com/index.php?rekV=4567741655006697988659
281328728184959125635204092858787819682401906919472903302688
55624820 74575582]>&ssl=]>&eml=x@x&Yb=492874777
170869325663870338887126303881609695528195572615&zqx=59420683
721637634580871726543608
RISK LEVEL MEDIUM
WARNINGS 1. Email claims to be from TCF asking you to confirm your account data by clicking on the link. You will be taken to a spoof login page where your details will be captured by the phishers.
2. TCF never send users emails requesting details in this way.
3. URL of spoof website choosen to look real at a glance, as is very similar but NOT THE SAME!
4. URL not disguised - relies on similarity to real URL to fool victims.
5. One of several variations on the same scam currently in circulation. Only real difference between them is the email subject.
6. Clicking on the link in the email also sends your email address to the phishers via a script on the spoof website.
" Dear valued TCF Express customer. We ask you to confirm immediately of your parity the debit account to given e-mail."
If you have received this email, please remember that it is very common for these email scams to be redistributed at a later date with only slightly different content or the same but with the fake page(s) hosted by a different provider. Also, once you have received one of these hoaxes, it is also common place to receive at least another one and usually a day or two after the first, although not necessarily from the same apparent sender.
|
