[CaptRon]

I get two a day from 'Citibank' and I have gotten them from 'Wells Fargo', with whom I don't even have an account.

[ReadyNow]

Does anybody trust the Washington Post to handle their sign-up information with integrity?

I don't.

[mlbford2]

He deserves what he got. Dumbasses get no sympathy from me.

[MineralMan]

Idiot. That's what this guy is. Anyone who clicks any link in any email that is supposed to be from eBay, PayPal, or any other company with which you do business is an idiot.

Instead, force your mail reader to show all header information, then forward these emails to spoof@eBay.com or spoof@PayPal.com, or whatever abuse address the company in question makes available.

Click nothing in emails. Period. Even emails that seem to come from someone you know may be spoofing the supposed "from" address.

I have not opened an attachment or clicked a link in any email for over three years. I don't care who it's from or what the attachment or link might be. It's a rule I never violate. If something comes from a trusted source, I contact that source and ask them what it is that they sent me. Only then, once I assure myself that it's harmless, do I do anything with it. Even my sainted old mom has forwarded malware to me by mistake. Trust noone.

The result? Even though my machine is scanned by anti-virus software every 24 hours, I have never had any virus on any computer I have owned.

Once more, if you didn't get it: DO NOT CLICK ON ANY LINK OR OPEN ANY ATTACHMENT IN AN EMAIL. TRUST NOTHING!

[ExpatCanuck]

I've received this type of email from someone professing to be Wells Fargo Bank (which I have no dealings with). I NEVER respond to any emails asking for information updates no matter who it appears to be from. Instead, I call the telephone number that I know is legit and inquire about the request.

[garyhope]

Like everyone else I get tons of junk mail in my bulk mail folder, much of it phishing and wishing.

Is everyone also getting $400K mortgage approvals, real cheap software offers, and of course various "erectile dysfunction" remedies as well as various bank and credit cards who need me to "reaffirm" my identity by giving them all my user names and passwords to everything I've ever owned in my entire life. Not to mention the people who want to share hundreds of millions of dollars with me for just a few minutes of my time.

Why are all those strings of random words down at the bottom? Why are they there. Why do I get junk mail addressed to other people?

[garyhope]

I almost got a virus from an American site that was selling Japanese kitchen knives of all things. It was advertised in a good national cooking magazine. I think someone hacked their site and planted the virus there. I emailed them to tell them what happened. Never heard from them. That's the only time I've ever experienced that. Luckily my McAfee caught it and cleansed it.

[Axenolith]

Phishers should be summarily shot after trial and conviction.

[norwaypinesavage]

"What do you do when these guys know the stuff that doesn't change?"

You put in a request to the three credit reporting agencies to notify you before approving any new credit of any kind.

[Retired Chemist]

I've had dozens of these fake emails from ebay, Citibank and others.

[NY Attitude]

This problem of scamming people out of their money is not just isolated to email. I received a notification through the US Mail to pay a bill from a credit collection company. I called the credit collection company and they said just pay the money or else your credit rating will suffer. I asked where the bill came from, the person stated that it came from one of the larger banks in America. I went to the bank and inquired about it and they said no such thing exists within their databases. I told the bank that I am treating it as a hoax. However, the bank did give me the number for the government ID theft department.

Be watchful of the Internet and now US mail requests for information and money.

[Boot Hill]

I regularly get these phishing trips spoofed from Wells Fargo, Citibank, Smith Barney, Sun Trust Bank (?!), etc. What upsets me is that when I contact the real institution to report these attempts at identity theft, the institution doesn't give a damn. (But I do have a nice collection of "yawns" from them.)

from the article:   "Basically every piece of personal data about me had been compromised,"

No dummy, you compromised them all by yourself, by being exceedingly stupid.

--Boot Hill

[Southack]

"The e-mail directed Jackson to a Web site that looked like PayPal's. He keyed in his checking, credit card, bank routing and Social Security numbers, his birthday, his mother's maiden name and the personal identification number for his bank card. The Web site was a fake."

Such spoof sites work only because civilian sites such as eBay/PayPal are not knowledgeable about military-style dual verification.

ATM machines have the same vulnerability. Many an ATM user has been unknowingly burned by crooks who set up fake ATM's in shopping malls and convenience stores. Innocent people insert their ATM cards, key in their PIN's, and get a message about the system being down, try again later.

In the meantime, the fake ATM machine has read their ATM cards, copied their PIN's, and the crooks will soon be making up duplicate *valid* ATM cards to drain your checking account.

...And again, it is because most banks are unfamiliar with military-style dual verification.

Dual Verification means that *you* verify that the other guy is real, and the other guy verifies that you are real. Then information can be exchanged securely.

But ATM keosks don't allow you, the consumer, to verify that the ATM is real...which is the very first thing that you have to establish in order to have a secure transaction.

What *should* happen is that every ATM should *first* show you a 4 digit number after you insert your ATM card (prior to you entering your PIN). If you don't see the correct number, then you should phone the bank and be given a reward for catching a fake ATM keosk scam.

On the other hand, should the ATM show you the correct number, then you should feel confident typing in your PIN.

The fake ATM's won't know which 4 digit number to first show you. You'll get a reward for calling the bank anytime you are shown an incorrect number...and thereby honest citizens will easily put the fake ATM crooks out of business.

That's dual verification. The ATM shows *you* a special, pre-agreed number, and only then do you show the ATM your PIN. Since fake ATM's aren't tapped into the bank's database, those fake ATM's won't know which number to show to you. The reward for catching machines that display the incorrect dual verification number will quickly shut them down.

...And the same thing goes for web sites like paypal and ebay. They should be showing *you* a unique number or phrase before you enter your final password to log on (or to input requested private information such as bank account numbers).

The eBay spoof sites run by crooks won't know which phrase or number to show you, so you'll know to call eBay to get your reward for identifying a criminal web site.

Simple dual verification, combined with public rewards, will shut down such criminal web sites.

Our military and spy agencies have been using this sort of security system for decades. It's time that civilians caught up.

[ralph rotten]

bump for later read