Western Union Deactivated Account

[Previous Example] [Share This Page] [Back To The Main SHPAMEE Index] [Next Example]

VERY IMPORTANT INFORMATION, READ THIS FIRST: The example and associated information published on this page are subject to the SHPAMEE Terms Of Use. Please familiarise yourself with these terms before viewing or using any information on this page.

Header:

From - Sat Aug 25 08:41:08 2012
X-Account-Key: account6
X-UIDL: x
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Delivered-To: x
Received: by 10.58.102.37 with SMTP id fl5csp663084veb;
Wed, 22 Aug 2012 08:38:46 -0700 (PDT)
Received: by 10.180.81.193 with SMTP id c1mr6824147wiy.12.1345649925583;
Wed, 22 Aug 2012 08:38:45 -0700 (PDT)
Return-Path: <westernunionresponse@westernunion.com>
Received: from hl132.dinaserver.com (hl132.dinaserver.com. [82.98.151.159])
by mx.google.com with ESMTPS id l62si6329402wei.98.2012.08.22.08.38.44
(version=TLSv1/SSLv3 cipher=OTHER);
Wed, 22 Aug 2012 08:38:45 -0700 (PDT)
Received-SPF: neutral (google.com: 82.98.151.159 is neither permitted nor denied by domain of
westernunionresponse@westernunion.com) client-ip=82.98.151.159;
Authentication-Results: mx.google.com; spf=neutral (google.com: 82.98.151.159 is neither permitted nor denied by domain
of westernunionresponse@westernunion.com) smtp.mail=westernunionresponse@westernunion.com
Received: from servidor.ITT.local (54.Red-88-26-238.staticIP.rima-tde.net [88.26.238.54])
        by hl132.dinaserver.com (Postfix) with ESMTPA id 0E72F4421C6;
        Wed, 22 Aug 2012 17:36:01 +0200 (CEST)
Received: from User ([67.111.252.130]) by servidor.ITT.local with Microsoft SMTPSVC(6.0.3790.4675);
         Wed, 22 Aug 2012 16:10:12 +0200
Reply-To: <noreply@paypa-europe.com>
From: <westernunionresponse@westernunion.com>
Subject: Deactivated account
Date: Wed, 22 Aug 2012 10:01:42 -0400
MIME-Version: 1.0
Content-Type: text/html;
        charset="Windows-1250"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <x@servidor.ITT.local>
X-OriginalArrivalTime: 22 Aug 2012 14:10:13.0015 (UTC) FILETIME=[D8C55A70:01CD806F]
X-DinaScanner-Information: DinaScanner. Filtro anti-Spam y anti-Virus
X-DinaScanner-ID: 0E72F4421C6.4B808
X-DinaScanner: Este E-Mail no ha sido analizado.
X-DinaScanner-SpamCheck:
X-DinaScanner-From: westernunionresponse@westernunion.com
X-Spam-Status: No

Body:

Dear Western Union Customer,

Your Western Union account has become inactive. If you want to continue using our services, please reactivate your account.
Vist westernunion now >

We apologize for any inconvenience this may have caused.
Thank you for using Western Union.

________________________

Comments:

Your Western Union account has become inactive.

That's it, for no reason at all, it just became inactive, just like that?

Thank you for using Western Union.

Yeah, as if Western Union will send an e-mail to a client, thanking him/her for using Western Union, just after deactivating that client's account. Bottom line: Western Union will NEVER send junk like this.

The wording of some scam e-mails are a bit different and even more misleading than this example, but the phishing link still takes you to the same phishing website:

Due to incorrect information provided during your signup process, your account has been deactivated from using our online services. Therefore, we invite you to verify your identity in order to regain full access to our services. Our enhanced security procedures will help protect your personal information.
Visit westernunion >
If your account information is not updated within the next 24 hours, your account will be permanently deleted and you will no longer be able to use our online services. We apologize for any inconvenience this may have caused.

The main purpose of this scam is to steal your credit card info:

The first page is a fake login page, bearing close resemblance to the real Western Union site. Not a single link works on this page, except the "Forgot your password" and "Sign In" button. They are making 100% sure you click where they want you to click.

Once you sign in, they take you to a page where you need to supply more information about your credit card, namely a 4 digit security code, the CVV2 number and the Verified by Visa / MasterCard Secure Code Password. All the links on this page are also inactive, only the Continue button works.

Once you click on continue, the page redirects to a page on the real Western Union website with information about SSL technology. This is to fool the victim into thinking that he/she was working on the real Western Union website all the time.

This scam has a lot of warning signs:

Your account is activated and you need to reactivate it. The oldest excuse in the book. Western Union will never send you requests like this.
The links on the website are inactive. This is highly unprofessional and should tell you that the site is not the real Western Union site.
The pages are not encrypted (the address does not begin with https://). Never enter your credit card info on unencrypted pages, NEVER!
They ask for your credit card info for verification purposes. That's what passwords are for and Western Union will never send you an e-mail asking for your credit card info, or an e-mail that takes you to a page that asks for your credit card info.

Related Cyber Criminal Profiles:

No related profiles found.

Similar Spam Examples:

Worldwide Economy Meltdown Scam
Lottery Scam - PICKUP OF YOUR $6,500 USD VIA WESTERN UNION OFFICE
SCAM VICTIM'S COMPENSATION FROM THE IMF BENIN REPUBLIC
The $10,000 a Day Western Union 419 Scam
Ebay Small Business Store Limited 419 Scam

Related Malware Samples:

No related malware samples found.

[Previous Example] [Share This Page] [Back To The Main SHPAMEE Index] [Next Example]