I really can’t believe anyone will think the FBI issue or verify credit cards/ATM cards & charge you $95 insurance fee for the privilege

Once again the advice is, if it doesn’t look right, then it isn’t right so delete these scam emails and don’t reply to them or phone the numbers given. All that will do is get you a big phone bill from dialling a premium rate international phone number

A slightly different approach came into my inbox today which asked me to confirm the item in my shopping basket. Now I haven’t shopped with Littlewoods online but you can be sure that thousands of people have and the same scam will be applied to just about every well known online shopping site this season.

The email looks quite believable

The website if you follow the link looks exactly like the real Littlwoods shopping site Account sign in page EXCEPT that the real Littlewwoods or ALL reputable shopping sites will have a Padlock icon and the  site address will start with HTTPS and the address bar will turn green to show that you are on a secure site

This screenshot shows the fake site and I have blanked out the address for safety reasons

These show how a genuine site will appear in Internet Explorer 8 on left and Firefox on right. Both show the padlock icon and a green safe address bar. A genuine shopping site will always start HTTPS to show a secure site when you are asked to put in any details. The front page of the site might be a normal http:
Unfortunately a lot of well known shopping sites haven’t yet signed up to the Extended Valuation green bar very secure system yet so watch for the closed padlock and HTTPS in the address bar to show a secure site. In Firefox browser the closed padlock is on the bottom right hand corner of the page, not in the browser address bar

I strongly recommend using ROBOFORM which keeps all passwords in a secure encrypted database that only you (not a keylogger or malware) can access and use it to create safe secure passwords

These have a @live.com email address with what at first glance looks like it could be a proper microsoft or MSN email address ( they of course are not genuine Microsoft or associated with Microsoft in any way)

DO NOT fall for the scam & try to ring the 070240****** number . it is a premium rate number that will have along recorded message on it and cost you £0.50 per minute

You won’t get any money from these scammers but they will get money from you

I have blanked out the full email address and phone number from the image to save the unwary

That will take you to a page that looks very much like your bank log in page and ask you for lots of details. Once you enter the details, the phisher has your bank log on details and can access your account at any time and withdraw all your money . When you look carefully you see the url in the browser address bar is NOT the same as the bank’s genuine address.

If you enter the details it then takes you to the genuine bank log on page and you think that you entered the details wrongly so enter them again and log into your account normally

There are lots of variations on the theme and frequently it will be an email saying you need to update your hotmail/yahoo/gmail account details.

The important thing to remember is that banks or email services NEVER send emails asking you to update

On the rare occasion a bank or email provider sends you a message, NEVER follow the link in the email but instead manually type in the banks home page address or email account page

Obviously if you don’t have an account with that bank or provider then you won’t fall for it and just delete the email
If you do accidentally give the details then it is vital that you contact your bank, preferably by phone and tell them what has happened and arrange for all passwords and logins to be changed

Now many people use the same password for every site for convenience . That is the worse thing you can ever do and you need a different strong password for every site. I strongly recommend using a password manger like Roboform

Make sure you keep your computer updated and use the latest version of your browser. All the major browsers, Internet Explorer, Firefox and Google Chrome all have anti-phishing protection built in, Enable it. Use the WOT toolbar which warns about suspicious or unsavoury sites

BBC News has seen a list of more than 10,000 e-mail accounts, predominantly originating from Europe, and passwords which were posted online.

Microsoft said it had launched an investigation.

Phishing involves using fake websites to lure people into revealing details such as bank accounts or login names.

“We are aware that some Windows Live Hotmail customers’ credentials were acquired illegally and exposed on a website,” said a Microsoft spokesperson.

“Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers.”

Graham Cluley, consultant at security firm Sophos, told BBC News the published list may just be a subset of a longer list of compromised accounts.

“We still don’t know the scale of the problem,” he told BBC News.

Technology blog neowin.net was the first to publish details of the attack. It said the accounts were posted on 1 October to pastebin.com, a website commonly used by developers to share code.

Although the details have since been removed, BBC News and Neowin has seen a list of 10,028 names beginning with the letters A and B.

BBC News has confirmed that the accounts are genuine and predominantly originate in Europe.

The list included details of Microsoft’s Windows Live Hotmail accounts with email addresses ending hotmail.com, msn.com and live.com.

Mr Cluley advised Hotmail users to change their password as soon as possible.

“I’d also recommend that people change the password on any other site where they use it,” he said.

Around 40% of people use the same password for every website they use, he added.

Hotmail is currently the largest web-based e-mail service.

via BBC NEWS | Technology | Phishing attack targets Hotmail.