Search This Blog

Thursday, December 13, 2012

Phishing in the Form 470 Ocean

Just a bit of warning.  Some phisher is sending out emails to all the email addresses that were on Form 470s last fall.  Here is the text:
As part of our security measures, we deliver appropriate monitoring of transactions and customers to identify potentially unusual or suspicious activity and transactions in the American Express online system.

Please review the "Suspicious Activity Report" document attached to this email.

Your Cardmember information is included in the upper-right corner of this document to help you recognize this as a customer service e-mail from American Express. To learn more about e-mail security or report a suspicious e-mail, please visit us at

Thank you for your Cardmembership.

Tier III Support
American Express Account Security
Fraud Prevention and Detection Network
Copyright 2012 American Express Company. All rights reserved.
The message comes with a ZIP file, which contains the virus PSW.Fareit.A.Trojan.  According to Microsoft, "PWS:Win32/Fareit.A is a trojan that steals sensitive information from the affected user's computer and sends it to a remote attacker."  So if you clicked on the ZIP file, you had better start drastic action.

Now all the email addresses from 2012's Forms 470 have fallen into the hands of people spreading viruses.

I'll take this opportunity to repeat my call for a new Form 470 that does not allow spammers to download a file with a list of names and email addresses from every 470 in the country.  And, of course, repeat my opinion that the FCC should bow out of trying to force their vision of competitive bidding onto applicants' purchasing processes.


  1. Today, we're getting spammed by another phishing attack, this time spoofing a return address from our domain. The subject starts "INCOMING FAX REPORT."

    Anyone who's put their email address on a Form 470 had better start being *really* careful about opening email.

  2. And the beat goes on. Today "Webster Bank" spammed us with information about incoming wire transfers. As I feared, once these email addresses got into the phishers' hands, they are going to start hammering them.

    How long will it be before the ads for counterfeit Viagra start arriving?

  3. Today's phishing attack purports to be from ADP ClientServices and says:
    We were unable to process your recent transaction. Please verify your details and try again.
    If the problem persists, contact us to complete your order.

    Transaction details are shown in the attached file.

    Reference #451973001128

    This e-mail has been sent from an automated system.

    Needless to say, do not open the ZIP attachment.