| 1:35 am on May 1, 2006 (gmt 0)|
Latest scam I've been sent is an email asking me to confirm my new Yahoo account - it was set up using a gmail account I own. Yahoo does provide an option to decline and state that you never asked for the account to be created.
I was weird because it uses a gmail account that I do not use publicly - so someone did some real hard looking to find it.
| 3:39 am on May 1, 2006 (gmt 0)|
I get phishing requests on just about everything I own. I get some pretty clever ones claiming to be from major banks in the area asking me to confirm information.
|too much information|
| 3:43 am on May 1, 2006 (gmt 0)|
I'm so freaked out about getting caught that I send most legitimate emails to spam @ paypal. I almost fell for one of them because it said something about a transfer of funds and even the legit paypal emails about transfers are fairly vague.
Funny thing is I get around 100 junk emails a night so usually you have to be very noticable with your subject line or you get trashed with the other 99 emails without me even opening the thing.
I don't answer my phone because of sales calls or recordings, I don't read my email because of spam, and I don't usually check my phone messages because they are mostly junk anyway. I guess the only real way to contact me is through my blog! Hopefully I won't start getting blog spam or I'm in trouble!
| 5:44 am on May 1, 2006 (gmt 0)|
I got phished after being online since 97. I also thought I'd never get tricked into it and have even demonstrated to friends how it could happen to them.
I had just rolled out of bed and was checking my mail. It was an ebay thing about "where's my item?". I immediately clicked the link thinking there had been a problem with a customer not recieving something and as soon as I entered my password a couple of times and it didn't work realized I had fallen for one.
I immediately changed the password and then proceeded to flood the phisher with real user names but bogus passwords and multiple times on them. over and over just kept entering them.
Figured I'd waste some of his time and spoil his party a bit.
| 6:59 am on May 1, 2006 (gmt 0)|
|I immediately changed the password and then proceeded to flood the phisher with real user names but bogus passwords and multiple times on them. over and over just kept entering them. |
If everyone ANSWERED the scammers, they'd be out of business in a flash. They send millions of emails; last thing they want are millions of replies!
| 11:56 am on May 1, 2006 (gmt 0)|
Iguana it doesnt surprising me,i have seen Yahoo,domain regsistrar,bank account etc phishing emails,just make sure to read that email in details before you act,usually links like mail.yahoo.com.something.com only looks like Yahoo mail landing page
| 2:25 pm on May 1, 2006 (gmt 0)|
Ah, I remember those first Phishing emails way back when. I followed a link from an email once and saw the discrepancies immediately. In the beginning, it was a nightmare for many financial institutions, or anyone performing ecommerce. Millions of usernames and passwords were phished from the unsuspecting.
Spear Phishing. A rather new term with a new twist on the same technique. Target a specific group like a college or teacher's credit union where the users are more likely to fall prey to the miscreant's technical foul play.
And then add Pharming, the latest technique where the user ends up at a website that is an exact replica of the target destination, pixel for pixel. The Pharming attacks occur at many levels, not just email.
The unexperienced Internet user is at severe risk these days if they are not aware of the potential problems. I think most have caught on to the Phishing emails, but they still occur. It's the Pharming that people need to worry about now.
These are great topics to discuss at the public level. At least we can spread the word to our clients who in turn will spread the word to their clients, who in turn...
| 2:58 pm on May 1, 2006 (gmt 0)|
|I keep a very sharp machete in my bedroom closet! |
Gross, that's way too personal of a way to handle self-protection. Get a shotgun or a small pistol - much nicer! (And possibly less dangerous for both parties.)
|If everyone ANSWERED the scammers, they'd be out of business in a flash. They send millions of emails; last thing they want are millions of replies! |
The've already gotten around this one - spoof the headers so they never have to deal with replies. I like the idea of flooding their systems with a ton of bogus info, though.
RE "duckaloof," I heard that many years ago when seeing a very short snippet of a Ma & Pa Kettle movie somewhere or other. Pa suggested to his daughter-in-law that his son was a big duckaloof, which, as I remember, met with approval all around, including the son. I've remembered the term ever since, though I can't say I've used it much over the years. ;)
| 3:19 pm on May 1, 2006 (gmt 0)|
MatthewHSE nice idea,actualy heard many times but no one has implemented it
| 3:20 pm on May 1, 2006 (gmt 0)|
I really want to thank you for starting this thread. There is a certain amount of reassurance when you hear OTHERS have made a bonehead move. Mainly because, I at least, have made plenty of bonehead moves in my life.
It gives just a small bit of comfort to hear others admit it so I don't feel all alone here. I imagine the ones that called you names are the ones that have made moves so bad, your's pales in comparison.
| 8:21 am on May 2, 2006 (gmt 0)|
So that's what you mean by 'too much information'.;)
|I don't answer my phone because of sales calls or recordings, I don't read my email because of spam, and I don't usually check my phone messages because they are mostly junk anyway. I guess the only real way to contact me is through my blog! Hopefully I won't start getting blog spam or I'm in trouble! |
I get five or six phishing emails/day each from chase, washington mutual, paypal, ebay, yahoo, etc. each day. It's a fun exercise to go through them and find the fake link (most of the links on these pages will be to real sites, it's usually the 'call to action' link that is spoofed).
One thing i know is my av software which is supposed to be good at detecting these is rarely correct both as far as false positives and false negatives go.
Perhaps large companies could make it easier on virus software companies by using a set of protocols that must be met with emails of a certain nature such as those involving financial info.
1. Use identity (like Paypal with the user's name)
2. All links in email must be to same domain (perhaps even to the same subdomain).
3. No IP Address links allowed
4. All links should be written out on the page rather than hyperlinked text.
5. All emails should include the from field in the email. Their should be a database of ip addresses of trusted email servers that can be matched to the domains.
maybe this already happens, I don't know.
| 12:50 pm on May 2, 2006 (gmt 0)|
Not long ago I got an email from what seemed to be Paypal notifying me of a item I supposedly purchased totalling $589.00. It had a link to dispute this claim so I clicked on it. That lead me to another page to sign into my paypal account. Put in my email address then started to type in my password. Just by chance I looked up at the address bar and it definitely wasn't a paypal url.
Just to be safe I immediately withdrew all the funds from my paypal account and changed my password.
Since then I get these same kind of emails everyday. What is strange is that the originating url leads to legitimate ecommerce sites...some well known. These sites have to be hijacked or spoofed some kind of way to re-direct to the phisher site. What is odd...all the hijacked websites are powered by <snip>.
[edited by: lawman at 8:38 pm (utc) on May 2, 2006]
| 12:56 pm on May 2, 2006 (gmt 0)|
|What is odd...all the hijacked websites are powered by <snip>. |
How many sites are we talking about? A few? 10? 20? More than 100?
[edited by: lawman at 8:35 pm (utc) on May 2, 2006]
| 1:09 pm on May 2, 2006 (gmt 0)|
The site with my phishing pages was also running <snip>. The pages had been uploaded from a Romanian IP. Seems that there is a security problem with the software
[edited by: lawman at 8:38 pm (utc) on May 2, 2006]
| 7:54 pm on May 2, 2006 (gmt 0)|
Just pulled out an old DVD "The Sting" with Paul Newman and Robert Redford.
If the setup is good (really good), I'm sure everybody can be fooled. When greed sets in, brains seem to pause...
| 8:25 pm on May 2, 2006 (gmt 0)|
|How many sites are we talking about? A few? 10? 20? More than 100? |
I have probably gotten at least 20 emails from the same phisher in the past two weeks. The seller name and address is the same. I did a white pages search of this name and address and it is fake. Furthermore, the address given is not a valid mailing address according to USPS. With each email the item it says I purchased is an item which is sold on the spoofed site.
Every one of the spoofed/hijacked sites use <snip>. Most of them are reputable companies with strong branding. I am thinking I should probably notify paypal of this scam since it has been going on awhile.
The question is....why is it that <snip> powered sites are the target?
[edited by: lawman at 8:38 pm (utc) on May 2, 2006]
| 10:34 am on May 3, 2006 (gmt 0)|
There's a program called Mailwasher that shows the actual hyperlinks in HTML emails. Some of the phishing ones are very clever, now. All of the links are valid, except the login one.
| 4:02 pm on May 3, 2006 (gmt 0)|
I get UK Bank, US Bank, Yahoo, eBay, PayPal, and other fake emails every day. They always direct to a website that is a copy of whatever it is that they are purporting to be, but ask for too much information to be genuine. It is great fun to fill in fake (and rude) details and send them off. I always wonder if anyone turned up in person at any of the affected banks, and tried to pass themselves off as Mr. **** Head, 10 Turds Road, Stinkytown or whatever random stuff I entered on to the form.
[edited by: eelixduppy at 8:08 pm (utc) on Feb. 18, 2009]
| 4:19 pm on May 3, 2006 (gmt 0)|
A word of caution. Not all of these sites are after your login information. In some cases, just visiting the pages can compromise your system if you are running IE6 (which I'm pretty sure is not the case for g1smd).
|I get UK Bank, US Bank, Yahoo, eBay, PayPal, and other fake emails every day. They always direct to a website that is a copy of whatever it is that they are purporting to be, but ask for too much information to be genuine. |
I've recently been getting "Question from Ebay member...." and "You've added a new address to your Paypal...". The latter is going to fool some folk imo because the links look like a standard yahoo redirect. rds.yahoo.com/verylongtextstringthathidestheredirecttotheotheripaddress-
| 6:19 pm on May 3, 2006 (gmt 0)|
Thats true,they are getting smarter and now almost every URL noted in any email should eb double checked
| 4:24 pm on May 6, 2006 (gmt 0)|
You are right; these "phishermen" are much more clever now! In the past they were so stupid! I got one that was so stupid as to advise me "it is important that you not access your online banking for 48 hours". What a laugh!
But more recently, they're getting away from this "update account" line that they've been using. Now, I get e-mails from "ebay" informing me of an unpaid item strike. My best clue to this being "phish" was that the e-mail came to my business e-mail address, and I know that the only e-mail that ebay has on file is my personal one.
| 12:57 pm on May 7, 2006 (gmt 0)|
This is redundant but I got fooled by an ebay PHISH - like everybody else, was not thinking clearly. Quickly changed PWD. I get paypay PHISes all the time. What amazes me, is how accurate these PHISH pages are. They are getting quite clever.
Question? Most of the PHISes I have seen, or that have been referenced here are Ebay,Paypal, Amazon, and Chase. I have never seen one for Bank of America, for example. Is there safety in having a small regional bank account, or is there something about the majors mentioned above that make them super targets?
Another thing that I do not understand, is why eBay and paypal do not take a more agressive role is stopping this nonsense. They certainly get enough "spoof" reports from me. Along the lines of another post, why cannot ebay/paypal engineer an automated response FLOOD to these idiots that makes their data uselss? Not a denial of service attack, but Phishing the Phisers.
| 1:46 pm on May 7, 2006 (gmt 0)|
Goose, I couldn't swear to it but I believe that I have received phish from Bank of America. I know that I have received phish from Amsouth Bank and First Tennessee, so these regional banks are not immune.
So far, I have not been victim; but they are getting more clever, getting away from that "update your account information". The one that I got about the "unpaid item strike" gave an item number, etc. It might make anyone wonder, "did I buy something and forget to pay?".
| 10:59 am on May 10, 2006 (gmt 0)|
I nearly got caught by an eBay phishing email a while ago. I clicked on a link in an email and saw what to all intents did look like the eBay login page, except that this one asked for extra information. As I scanned down the page, preparing to type away, I noticed it asked for a Social Security Number ... I'm British, I don't have one - I have a National Insuarance Number. Then it clicked.
But who would give eBay a SS or NI number anyway, surely that would stop many people?
The main reason I was nearly fooled however was, as has been noted before, the pixel perfect redition of the web page. It could fool anyone!
I know the phishers could still copy the images, but a majority of the phishing sites I've (carefully) reviewed do directly link to the genuine servers for images.
I'm being genuine, surely I'm not being that simple!
| 3:45 pm on May 10, 2006 (gmt 0)|
I got a phone call the other day from a client.
Client - "Powdork, I'm not sure what's going on but I keep getting these emails to miy, site's email from all these koreans. t's so bad now paypal sent me an email that says they have compromised my account. I had to change all my passwords with them. What can WE do?"
Me - "Er, Uh, tell me more about this Paypal email."
Anyway, the interesting thing (although I'm hearing this from him and I'm not sure how much he fully understands) is that after the phishing site got his info the small deposit was deposited into his account and both the bank and paypal say it did come from paypal, even though they did not initiate it.
| 4:33 pm on May 10, 2006 (gmt 0)|
|is why eBay and paypal do not take a more agressive role is stopping this nonsense. |
|a majority of the phishing sites I've (carefully) reviewed do directly link to the genuine servers for images. |
On one hand, the big guys could stop the image hotlinking by disabling hotlinbking on their servers (although that would just make the phishers download the images and serve from their own sites).
On the other hand, having the phishing sites showing their graphics gives the big guys logs of the phishing sites using their images.
So I also agree that the big guys could and should be more proactive in shutting these sites down. How difficult is it to check your server logs at least daily for images being pulled from other sites?
| 11:23 am on May 14, 2006 (gmt 0)|
Iguana, a thousand thank-yous for starting this thread. My other half and I each received one of the extremely authentic-looking "Amazon" emails this morning. I wonder how many people have been taken in by this scam?
The phishers must be hacking a variety of servers, the path for this one was hidden on a German site.
May the fleas of a thousand camels infest them, and may their arms be too short to reach the itch :)
| 9:06 am on May 16, 2006 (gmt 0)|
Glad to be of service, malachite!
I went over to the support forums of the <snip> software. There are a few mentions of the security problem. It is purely that the default installation leaves certain directories open to the world. Only those experienced in the web will make their sites secure.
| This 58 message thread spans 2 pages: < < 58 ( 1  ) |