Nov 24 2009


New phishing scam:”Watch for errors on Social Security statement”

A new phishing scam is showing up and being caught by the district’s spam filters.  Please be wary of these scams in your personal e-mail accounts.

 

The scam comes posing as a message ostensibly from the Social Security Administration:

From: credentialj3@sermar.be [mailto:credentialj3@sermar.be]*
Sent: Mon 11/23/2009 5:28 PM
To: [Name Deleted]
Subject: Watch for errors on Social Security statement

Due to possible calculation errors, your annual Social Security statement may contain errors.

Use the link below to review your annual Social Security statement:

——————————————————————
This e-mail has been sent from an auto-notification system that cannot accept incoming e-mail.

If you click on the link, it takes you to a page that requests you “verify” your personal information, including your Social Security number. If you are foolish enough to do so, the site will say that it is generating a report on your account status.  You will then be asked to download a file called “statement.exe”, which is presented as a self-extracting ZIP archive.  In reality it is a Trojan called Zeus that will steal any banking information on your computer and turn your machine into a “zombie”, part of a bot-net controlled by criminals without your knowledge.

Pleast note a couple of characteristics of this phishing message.  First, the sender could be from any number of domains, but it will NOT be from “ssa.gov”, the domain of the Social Security Administration.

Second, if you hover your mouse over the link, you will see that the domain address of the link STARTS with “http://statements.ssa.gov”.Sounds official, right?  But remember that the true domain of a web URL is the last two components of the URL before the first “/”.  For example, in the address “http://www.egusd.net/”, the domain is “egusd.net”.  Looking more closely at the URL from the phishing e-mail I examined, the URL was “http://statements.ssa.gov.ujilld.be/”. So the actual domain this URL is directed to is “ujilld.be”, which is located somewhere in Belarus. The scammers added the “statements.ssa.gov” to the beginning of the URL to fool the unwary.

Finally, remember that agencies like the Social Security Administration will neve ask for your information in this manner.  If you receive e-mails like this and are concerned, go to the phone book and look up the number of the agency in question and call them. 

Happy Thanksgiving!

No responses yet




Trackback URI | Comments RSS

Leave a Reply