homepage Welcome to WebmasterWorld Guest from 54.205.254.108
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Local / Foo
Forum Library, Charter, Moderators: incrediBILL & lawman

Foo Forum

This 58 message thread spans 2 pages: < < 58 ( 1 [2]     
I Can't Believe I Got Phished!
Iguana




msg:309918
 9:24 pm on Apr 27, 2006 (gmt 0)

I actually clicked on the link in a Phishing email and entered my Amazon password! What was I doing?

Under pressure at work, I saw this email apparently from Amazon.com - questioning my account with them. For some reason I wasn't thinking. In my head was the possibility that they were checking accounts that had never been used and had no credit card details. Obviously I didn't enter my Credit Card details as asked and immediately sent a email off to the Associates support mail to say "so you need a Credit Card to be an associate now do you". I had this whole elaborate scheme in my head about what Amazon were doing - such as had forgotten about people with accounts who never bought anything because they were associates from another country.

I was called "lower than a country bumkin" on the Amazon discussion board - someone defended me by saying remember what it was like when you were first online. But I was programming computers before the IBM PC was invented! My first program was for a computer that had 4K of RAM and that was a mainframe! I just wasn't thinking clearly.

The rather well-done pages were on a legit US site selling stuff. I contacted the host company who immediately removed them. They identified the rogue IP and I geolocated that to Romania.

No harm was done, I didn't enter a Credit Card number, my Amazon password was changed but there's no credit card associated with that and I got it reset through the Associates support pretty quickly.

The thing is, I really believed I would never get caught by such a scam - I've been online for too long. Maybe I've become lazy because I've become used to clicking on embedded links in MySpace emails to see any messages. Maybe I'm just an idiot looking for a village.

 

podman




msg:309948
 1:35 am on May 1, 2006 (gmt 0)

Latest scam I've been sent is an email asking me to confirm my new Yahoo account - it was set up using a gmail account I own. Yahoo does provide an option to decline and state that you never asked for the account to be created.

I was weird because it uses a gmail account that I do not use publicly - so someone did some real hard looking to find it.

JerryOdom




msg:309949
 3:39 am on May 1, 2006 (gmt 0)

I get phishing requests on just about everything I own. I get some pretty clever ones claiming to be from major banks in the area asking me to confirm information.

Scary stuff

too much information




msg:309950
 3:43 am on May 1, 2006 (gmt 0)

I'm so freaked out about getting caught that I send most legitimate emails to spam @ paypal. I almost fell for one of them because it said something about a transfer of funds and even the legit paypal emails about transfers are fairly vague.

Funny thing is I get around 100 junk emails a night so usually you have to be very noticable with your subject line or you get trashed with the other 99 emails without me even opening the thing.

I don't answer my phone because of sales calls or recordings, I don't read my email because of spam, and I don't usually check my phone messages because they are mostly junk anyway. I guess the only real way to contact me is through my blog! Hopefully I won't start getting blog spam or I'm in trouble!

uhzoomzip




msg:309951
 5:44 am on May 1, 2006 (gmt 0)

I got phished after being online since 97. I also thought I'd never get tricked into it and have even demonstrated to friends how it could happen to them.

I had just rolled out of bed and was checking my mail. It was an ebay thing about "where's my item?". I immediately clicked the link thinking there had been a problem with a customer not recieving something and as soon as I entered my password a couple of times and it didn't work realized I had fallen for one.

I immediately changed the password and then proceeded to flood the phisher with real user names but bogus passwords and multiple times on them. over and over just kept entering them.

Figured I'd waste some of his time and spoil his party a bit.

:)

jsinger




msg:309952
 6:59 am on May 1, 2006 (gmt 0)

I immediately changed the password and then proceeded to flood the phisher with real user names but bogus passwords and multiple times on them. over and over just kept entering them.

If everyone ANSWERED the scammers, they'd be out of business in a flash. They send millions of emails; last thing they want are millions of replies!

wmuser




msg:309953
 11:56 am on May 1, 2006 (gmt 0)

Iguana it doesnt surprising me,i have seen Yahoo,domain regsistrar,bank account etc phishing emails,just make sure to read that email in details before you act,usually links like mail.yahoo.com.something.com only looks like Yahoo mail landing page

pageoneresults




msg:309954
 2:25 pm on May 1, 2006 (gmt 0)

Ah, I remember those first Phishing emails way back when. I followed a link from an email once and saw the discrepancies immediately. In the beginning, it was a nightmare for many financial institutions, or anyone performing ecommerce. Millions of usernames and passwords were phished from the unsuspecting.

Spear Phishing. A rather new term with a new twist on the same technique. Target a specific group like a college or teacher's credit union where the users are more likely to fall prey to the miscreant's technical foul play.

And then add Pharming, the latest technique where the user ends up at a website that is an exact replica of the target destination, pixel for pixel. The Pharming attacks occur at many levels, not just email.

The unexperienced Internet user is at severe risk these days if they are not aware of the potential problems. I think most have caught on to the Phishing emails, but they still occur. It's the Pharming that people need to worry about now.

These are great topics to discuss at the public level. At least we can spread the word to our clients who in turn will spread the word to their clients, who in turn...

MatthewHSE




msg:309955
 2:58 pm on May 1, 2006 (gmt 0)

I keep a very sharp machete in my bedroom closet!

Gross, that's way too personal of a way to handle self-protection. Get a shotgun or a small pistol - much nicer! (And possibly less dangerous for both parties.)

If everyone ANSWERED the scammers, they'd be out of business in a flash. They send millions of emails; last thing they want are millions of replies!

The've already gotten around this one - spoof the headers so they never have to deal with replies. I like the idea of flooding their systems with a ton of bogus info, though.

RE "duckaloof," I heard that many years ago when seeing a very short snippet of a Ma & Pa Kettle movie somewhere or other. Pa suggested to his daughter-in-law that his son was a big duckaloof, which, as I remember, met with approval all around, including the son. I've remembered the term ever since, though I can't say I've used it much over the years. ;)

wmuser




msg:309956
 3:19 pm on May 1, 2006 (gmt 0)

MatthewHSE nice idea,actualy heard many times but no one has implemented it

texasville




msg:309957
 3:20 pm on May 1, 2006 (gmt 0)

Iguana-
I really want to thank you for starting this thread. There is a certain amount of reassurance when you hear OTHERS have made a bonehead move. Mainly because, I at least, have made plenty of bonehead moves in my life.
It gives just a small bit of comfort to hear others admit it so I don't feel all alone here. I imagine the ones that called you names are the ones that have made moves so bad, your's pales in comparison.
Thanks again.

Powdork




msg:309958
 8:21 am on May 2, 2006 (gmt 0)

I don't answer my phone because of sales calls or recordings, I don't read my email because of spam, and I don't usually check my phone messages because they are mostly junk anyway. I guess the only real way to contact me is through my blog! Hopefully I won't start getting blog spam or I'm in trouble!
So that's what you mean by 'too much information'.;)
I get five or six phishing emails/day each from chase, washington mutual, paypal, ebay, yahoo, etc. each day. It's a fun exercise to go through them and find the fake link (most of the links on these pages will be to real sites, it's usually the 'call to action' link that is spoofed).
One thing i know is my av software which is supposed to be good at detecting these is rarely correct both as far as false positives and false negatives go.
Perhaps large companies could make it easier on virus software companies by using a set of protocols that must be met with emails of a certain nature such as those involving financial info.
1. Use identity (like Paypal with the user's name)
2. All links in email must be to same domain (perhaps even to the same subdomain).
3. No IP Address links allowed
4. All links should be written out on the page rather than hyperlinked text.
5. All emails should include the from field in the email. Their should be a database of ip addresses of trusted email servers that can be matched to the domains.

maybe this already happens, I don't know.

oldpro




msg:309959
 12:50 pm on May 2, 2006 (gmt 0)

Not long ago I got an email from what seemed to be Paypal notifying me of a item I supposedly purchased totalling $589.00. It had a link to dispute this claim so I clicked on it. That lead me to another page to sign into my paypal account. Put in my email address then started to type in my password. Just by chance I looked up at the address bar and it definitely wasn't a paypal url.

Just to be safe I immediately withdrew all the funds from my paypal account and changed my password.

Since then I get these same kind of emails everyday. What is strange is that the originating url leads to legitimate ecommerce sites...some well known. These sites have to be hijacked or spoofed some kind of way to re-direct to the phisher site. What is odd...all the hijacked websites are powered by <snip>.

[edited by: lawman at 8:38 pm (utc) on May 2, 2006]

pageoneresults




msg:309960
 12:56 pm on May 2, 2006 (gmt 0)

What is odd...all the hijacked websites are powered by <snip>.

How many sites are we talking about? A few? 10? 20? More than 100?

[edited by: lawman at 8:35 pm (utc) on May 2, 2006]

Iguana




msg:309961
 1:09 pm on May 2, 2006 (gmt 0)

The site with my phishing pages was also running <snip>. The pages had been uploaded from a Romanian IP. Seems that there is a security problem with the software

[edited by: lawman at 8:38 pm (utc) on May 2, 2006]

the_nerd




msg:309962
 7:54 pm on May 2, 2006 (gmt 0)

Just pulled out an old DVD "The Sting" with Paul Newman and Robert Redford.

If the setup is good (really good), I'm sure everybody can be fooled. When greed sets in, brains seem to pause...

nerd.

oldpro




msg:309963
 8:25 pm on May 2, 2006 (gmt 0)

How many sites are we talking about? A few? 10? 20? More than 100?

Pageon...

I have probably gotten at least 20 emails from the same phisher in the past two weeks. The seller name and address is the same. I did a white pages search of this name and address and it is fake. Furthermore, the address given is not a valid mailing address according to USPS. With each email the item it says I purchased is an item which is sold on the spoofed site.

Every one of the spoofed/hijacked sites use <snip>. Most of them are reputable companies with strong branding. I am thinking I should probably notify paypal of this scam since it has been going on awhile.

The question is....why is it that <snip> powered sites are the target?

[edited by: lawman at 8:38 pm (utc) on May 2, 2006]

tigertom




msg:309964
 10:34 am on May 3, 2006 (gmt 0)

There's a program called Mailwasher that shows the actual hyperlinks in HTML emails. Some of the phishing ones are very clever, now. All of the links are valid, except the login one.

g1smd




msg:309965
 4:02 pm on May 3, 2006 (gmt 0)

I get UK Bank, US Bank, Yahoo, eBay, PayPal, and other fake emails every day. They always direct to a website that is a copy of whatever it is that they are purporting to be, but ask for too much information to be genuine. It is great fun to fill in fake (and rude) details and send them off. I always wonder if anyone turned up in person at any of the affected banks, and tried to pass themselves off as Mr. **** Head, 10 Turds Road, Stinkytown or whatever random stuff I entered on to the form.

[edited by: eelixduppy at 8:08 pm (utc) on Feb. 18, 2009]

Powdork




msg:309966
 4:19 pm on May 3, 2006 (gmt 0)

I get UK Bank, US Bank, Yahoo, eBay, PayPal, and other fake emails every day. They always direct to a website that is a copy of whatever it is that they are purporting to be, but ask for too much information to be genuine.
A word of caution. Not all of these sites are after your login information. In some cases, just visiting the pages can compromise your system if you are running IE6 (which I'm pretty sure is not the case for g1smd).

I've recently been getting "Question from Ebay member...." and "You've added a new address to your Paypal...". The latter is going to fool some folk imo because the links look like a standard yahoo redirect. rds.yahoo.com/verylongtextstringthathidestheredirecttotheotheripaddress-
beyondwhatshowsinyourdisplaybar

wmuser




msg:309967
 6:19 pm on May 3, 2006 (gmt 0)

Thats true,they are getting smarter and now almost every URL noted in any email should eb double checked

kaylowe




msg:309968
 4:24 pm on May 6, 2006 (gmt 0)

You are right; these "phishermen" are much more clever now! In the past they were so stupid! I got one that was so stupid as to advise me "it is important that you not access your online banking for 48 hours". What a laugh!

But more recently, they're getting away from this "update account" line that they've been using. Now, I get e-mails from "ebay" informing me of an unpaid item strike. My best clue to this being "phish" was that the e-mail came to my business e-mail address, and I know that the only e-mail that ebay has on file is my personal one.

Watch out!

Quantam Goose




msg:309969
 12:57 pm on May 7, 2006 (gmt 0)

This is redundant but I got fooled by an ebay PHISH - like everybody else, was not thinking clearly. Quickly changed PWD. I get paypay PHISes all the time. What amazes me, is how accurate these PHISH pages are. They are getting quite clever.

Question? Most of the PHISes I have seen, or that have been referenced here are Ebay,Paypal, Amazon, and Chase. I have never seen one for Bank of America, for example. Is there safety in having a small regional bank account, or is there something about the majors mentioned above that make them super targets?

Another thing that I do not understand, is why eBay and paypal do not take a more agressive role is stopping this nonsense. They certainly get enough "spoof" reports from me. Along the lines of another post, why cannot ebay/paypal engineer an automated response FLOOD to these idiots that makes their data uselss? Not a denial of service attack, but Phishing the Phisers.

kaylowe




msg:309970
 1:46 pm on May 7, 2006 (gmt 0)

Goose, I couldn't swear to it but I believe that I have received phish from Bank of America. I know that I have received phish from Amsouth Bank and First Tennessee, so these regional banks are not immune.

So far, I have not been victim; but they are getting more clever, getting away from that "update your account information". The one that I got about the "unpaid item strike" gave an item number, etc. It might make anyone wonder, "did I buy something and forget to pay?".

RedTCat




msg:309971
 10:59 am on May 10, 2006 (gmt 0)

I nearly got caught by an eBay phishing email a while ago. I clicked on a link in an email and saw what to all intents did look like the eBay login page, except that this one asked for extra information. As I scanned down the page, preparing to type away, I noticed it asked for a Social Security Number ... I'm British, I don't have one - I have a National Insuarance Number. Then it clicked.

But who would give eBay a SS or NI number anyway, surely that would stop many people?

The main reason I was nearly fooled however was, as has been noted before, the pixel perfect redition of the web page. It could fool anyone!

I looked at the source ... all the images, javascript, etc, were served from the genuine eBay servers. Surely it is so easy (especailly for suce a large and frequently copied web site) to impliment a block on hotlinking to stop direct links to the original images?

I know the phishers could still copy the images, but a majority of the phishing sites I've (carefully) reviewed do directly link to the genuine servers for images.

I'm being genuine, surely I'm not being that simple!

Powdork




msg:309972
 3:45 pm on May 10, 2006 (gmt 0)

I got a phone call the other day from a client.

Client - "Powdork, I'm not sure what's going on but I keep getting these emails to miy, site's email from all these koreans. t's so bad now paypal sent me an email that says they have compromised my account. I had to change all my passwords with them. What can WE do?"
Me - "Er, Uh, tell me more about this Paypal email."

Anyway, the interesting thing (although I'm hearing this from him and I'm not sure how much he fully understands) is that after the phishing site got his info the small deposit was deposited into his account and both the bank and paypal say it did come from paypal, even though they did not initiate it.

LifeinAsia




msg:309973
 4:33 pm on May 10, 2006 (gmt 0)

is why eBay and paypal do not take a more agressive role is stopping this nonsense.

a majority of the phishing sites I've (carefully) reviewed do directly link to the genuine servers for images.

On one hand, the big guys could stop the image hotlinking by disabling hotlinbking on their servers (although that would just make the phishers download the images and serve from their own sites).

On the other hand, having the phishing sites showing their graphics gives the big guys logs of the phishing sites using their images.

So I also agree that the big guys could and should be more proactive in shutting these sites down. How difficult is it to check your server logs at least daily for images being pulled from other sites?

malachite




msg:309974
 11:23 am on May 14, 2006 (gmt 0)

Iguana, a thousand thank-yous for starting this thread. My other half and I each received one of the extremely authentic-looking "Amazon" emails this morning. I wonder how many people have been taken in by this scam?

The phishers must be hacking a variety of servers, the path for this one was hidden on a German site.

May the fleas of a thousand camels infest them, and may their arms be too short to reach the itch :)

Iguana




msg:309975
 9:06 am on May 16, 2006 (gmt 0)

Glad to be of service, malachite!

I went over to the support forums of the <snip> software. There are a few mentions of the security problem. It is purely that the default installation leaves certain directories open to the world. Only those experienced in the web will make their sites secure.

(self snipped)

This 58 message thread spans 2 pages: < < 58 ( 1 [2]
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Local / Foo
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved