homepage Welcome to WebmasterWorld Guest from 54.167.41.199
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Local / Foo
Forum Library, Charter, Moderators: incrediBILL & lawman

Foo Forum

This 58 message thread spans 2 pages: 58 ( [1] 2 > >     
I Can't Believe I Got Phished!
Iguana




msg:309918
 9:24 pm on Apr 27, 2006 (gmt 0)

I actually clicked on the link in a Phishing email and entered my Amazon password! What was I doing?

Under pressure at work, I saw this email apparently from Amazon.com - questioning my account with them. For some reason I wasn't thinking. In my head was the possibility that they were checking accounts that had never been used and had no credit card details. Obviously I didn't enter my Credit Card details as asked and immediately sent a email off to the Associates support mail to say "so you need a Credit Card to be an associate now do you". I had this whole elaborate scheme in my head about what Amazon were doing - such as had forgotten about people with accounts who never bought anything because they were associates from another country.

I was called "lower than a country bumkin" on the Amazon discussion board - someone defended me by saying remember what it was like when you were first online. But I was programming computers before the IBM PC was invented! My first program was for a computer that had 4K of RAM and that was a mainframe! I just wasn't thinking clearly.

The rather well-done pages were on a legit US site selling stuff. I contacted the host company who immediately removed them. They identified the rogue IP and I geolocated that to Romania.

No harm was done, I didn't enter a Credit Card number, my Amazon password was changed but there's no credit card associated with that and I got it reset through the Associates support pretty quickly.

The thing is, I really believed I would never get caught by such a scam - I've been online for too long. Maybe I've become lazy because I've become used to clicking on embedded links in MySpace emails to see any messages. Maybe I'm just an idiot looking for a village.

 

LifeinAsia




msg:309919
 9:27 pm on Apr 27, 2006 (gmt 0)

I was called "lower than a country bumkin" on the Amazon discussion board

... so you post your story here to see what kinds of names *we* call you? ;)

trillianjedi




msg:309920
 9:29 pm on Apr 27, 2006 (gmt 0)

Bad luck iguana.

You know it can catch anybody if the circumstances are right and the phisher is good enough. I have a friend who's head of security for a very big software company (who I won't name ;)) and he fell for an eBay phishing email a few weeks ago.

If you gets you in the wrong frame of mind, too tired, not enough coffee etc....

Thanks for posting about it - it's a reminder that we all need to ensure we don't click on email links in the above state!

TJ

Iguana




msg:309921
 9:39 pm on Apr 27, 2006 (gmt 0)

LifeInAsia - yes I am expecting "was the lifeguard not looking when you got out of the gene pool"!

Thanks trillianjedi - I kind of blame it on my male inability to multitask. Had to get a system modification out by lunchtime and persuade the Test team to accept it while the customer was on the phone to my boss asking for more changes.

I think the key is the "internal story" - the only other time I clicked on such a link was when it was appently from Paypal and I have a Paypal account of a few years standing but have never ever bought anything. That time I stopped myself.

LifeinAsia




msg:309922
 9:48 pm on Apr 27, 2006 (gmt 0)

was the lifeguard not looking when you got out of the gene pool

Oh, I LIKE that!

Don't feel too bad. I keep getting a very short, abrupt message on my answering machine telling me to call an 800 number. No company identification or anything. I finally decide to call and tell them to stop leaving me recorded messages. So I call the number and the recorded voice (a different one) answers with "[major credit card company] customer service. Please enter your credit card number to continue." So I figure there must be some issue since I still haven't gotten the new card they were supposed to send. I start entering the number before sanity kicks back in and I ask myself why I'm so willing to give my credit card information to a recording that called me! So I hung up before giving any additional information.

That reminds me that I still need to call the credit card company and find out about the card. And if it's actually them sending the recorded message. If so, they're going to get an earful about poor customer service!

BeeDeeDubbleU




msg:309923
 9:50 pm on Apr 27, 2006 (gmt 0)

I kind of blame it on my male inability to multitask.

A local, recently retired policewoman recently got stung for £15,000 in my area by a phisher.

Iguana




msg:309924
 9:54 pm on Apr 27, 2006 (gmt 0)

The real reason I told my story on the Amazon discussion boards was because I had started a thread to express anger at what I saw as Amazon's mistake in checking accounts were legitimate rather than just spam yahoo accounts (my very first post). I had to retract that stupid post and explain why I made it - that's when I got called names.

This is where I expect some sympathy and, at the very least, better quality insults!

JollyK




msg:309925
 10:07 pm on Apr 27, 2006 (gmt 0)

This is where I expect some sympathy and, at the very least, better quality insults!

You mean better than "lol" and "learn2play n00b" and "omg ur so dum?"

Not if it's the Associates board that I know and love.

Err ... "know and tolerate."

Amazon associates board has some awesome flamewars from time to time, though.

JK

Iguana




msg:309926
 10:12 pm on Apr 27, 2006 (gmt 0)

I think Brett studied the Amazon boards before he set up WebmasterWorld - "always be respectful of others" as he says!

MatthewHSE




msg:309927
 2:03 am on Apr 28, 2006 (gmt 0)

If you're after insults, I know some jim-dandies. (Have you ever been called a duckaloof before? ;) ) But instead I think I'll just give an understanding smile, and act like I've never done anything stupid before... And if you believe that, you'll believe anything! Oh, wait, you already DO believe anything, or you'd have never fallen for a phishing scam in the first place, eh? ;)

grelmar




msg:309928
 9:02 am on Apr 28, 2006 (gmt 0)

I hvae *yet* to get stung by a phishing e-mail, but I've come within inches a few times. Err, prolly more than I care to admit, really.

My main problem is that the first thing I do when I wake up is sit down at the computer with my first cup o', and start going through e-mails on one monitor and scanning the BBSes and news on another. Flipping my attention back and forth between the two monitors, before I've even finished my first cup of coffee... I get a wee bit distracted sometimes.

I'm not going to call you names. That would just be inviting karmic payback.

BeeDeeDubbleU




msg:309929
 10:14 am on Apr 28, 2006 (gmt 0)

I once thought I had a problem with my phone then realised I was trying to dial through the numeric keypad on my keyboard :)

Then there was the time my wife came into the room as I was watching television. She said something that I didn't hear and I absent mindedly pointed the remote at her and tried to turn her up!

The worst part of this was that she saw me and told everyone I knew about it. (I tried turning her down but that didn't work either),

Essex_boy




msg:309930
 12:51 pm on Apr 30, 2006 (gmt 0)

Ive done it to, ive been using computers since 1981 so should know better.

A moment where I didnt concentrate, they attempted to take £500 then £250, my credit company flagged this as odd and stopped the transactions.

Never use a debt card on the web.

Liane




msg:309931
 2:13 pm on Apr 30, 2006 (gmt 0)

Don't beat yourself up Iguana, I am as gullible as they come and I once did just about the stupidest thing a teenaged girl can do!

When I was 14, (a very long time ago) I answered the phone just after I had gotten home from school. The man asked for my father using his first name. I explained he wasn't home, but that I would take a message. He then said, is your mom home then? I said no, she was out.

He asked if perhaps I could help him? He then said he was from the alarm company and my father had asked him for a quote to have an alarm installed in the house. He was in the neighbourhood and wanted to stop in to see how many windows and doors there were in the house which he would have to wire. Otherwise, he could come back in a about three weeks when he would be in the neighbourhood again.

I hadn't been aware that my Dad was planning to install an alarm, but I didn't want to be the one to tell him he was going to have to wait another three weeks to get the quote. You guessed it, I let him in! I stayed with him while he measured the windows and doors and made note of the measurements on his clipboard pad. Then he left.

Being an air-headed teen ager who couldn't retain information for any length of time, I completely forgot to tell my father until almost a week later. His jaw just about hit the floor! I don't recall ever seeing him so angry or upset. My parents went through the house with a fine toothed comb, but nothing was missing. My parents called the police, but as there was nothing missing and I hadn't been hurt, they said there wasn't much we could do ... but suggested my parents have an alarm installed.

A week had gone by and nothing had happened so my mother figured the man was probably legit and simply had the wrong house. But I reminded her that he had asked for my dad using his first name which was why I had trusted him in the first place. As my Dad pointed out, I hadn't thought about the fact that my Dad's first name was listed in the phone book!

My father (an ex Major in the Canadian army) called both of my brothers (big lads) who were both married and asked them to help him with a plan to catch the robber(s). Each night, one or the other of my brothers or my dad would sit up all night (with my dad's shotgun) and wait. This went on for a full two weeks. My mother thought my father was crazy and begged him to stop!

Finally, three weeks to the day after I got the call, a man dressed all in black with a ski mask over his face, jimmied the basement door open in the middle of the night, only to be met by my oldest brother holding a shotgun in his face and my other brother's doberman pincer waiting to rip the guy apart.

My Dad tied him up in his Lazy Boy chair and called the police while my brother (an ex-policeman) held the gun on him. When the police arrived, my father woke me up from a sound sleep and the police asked me to identify the man. Sure enough, it was the same fellow I had let into our house three weeks earlier.

He went to jail and I learned a very valuable lesson. I won't tell anyone anything over the phone or in an e:mail. I want a written letter from any company I deal with. I want to see their letterhead and be able to match the address and phone number to that listed in the phone book before I will do business of any kind. I want references from people who I can also match to a name, phone number and address in the phone book before I will even deal with any tradesmen or allow them to enter my home.

I also have a dog who doesn't particularly like men he doesn't know ... and I keep a very sharp machete in my bedroom closet!

When I had grown up, had my own place and my Dad had passed away, I listed my phone number using my Dad's first name. I was amazed by the number of calls I would get asking for "Fred". I always asked, may I tell him who's calling? ... then I'd leave the phone on the desk and walk away, leaving the caller to twist in the wind for as long as they cared to wait on the line for "Fred". Served them right for trying to be familiar ... whatever their reason for calling! ;)

Any one of us can be taken in if the story is good enough. My Dad was an army man (a trained sniper) and the CEO of a large insurance company. He taught us to be very cautious ... yet I was taken in anyway! Never again though.

pmac




msg:309932
 3:34 pm on Apr 30, 2006 (gmt 0)

Wow Liane, thats an amazing story!

mack




msg:309933
 3:49 pm on Apr 30, 2006 (gmt 0)

Liane,

as I was reading that story I couldent help but think it could have been a lot worse. Especisly asking if your parents where out!

Glad your dad was able to catch him though.

Mack.

JollyK




msg:309934
 3:50 pm on Apr 30, 2006 (gmt 0)

If you're after insults, I know some jim-dandies. (Have you ever been called a duckaloof before? wink )

Oh my lord. "Duckaloof" is my new, all-purpose insult. I don't know what it means, but who cares?

As a side note on creative insults, an acquaintance used to use things like "Ya Big Girl's Blouse!" and "Ya Pancake!"

I'm about as clueless on those as I am on "Duckaloof," but they sure sounded pejorative when uttered by a 6-foot-four, 250-pound dude from Scotland.

Oh, and Liane: great story. Talk about lesson learned! My parents drummed it into my head that I was NEVER to say that mom and dad weren't home. It was always, "He/She's busy/in the shower right now, can I take a message?"

JK

Brett_Tabke




msg:309935
 4:45 pm on Apr 30, 2006 (gmt 0)

Phishes can also come over the phone:

I got a phone call about a credit card a year ago. It referenced a credit card offer for business that came in the mail from that company. The offer was quite good and tempting.

After talking on the phone about the offer for quite some time, I went ahead and was going to sign up for the upgraded credit card for business. They could take care of it right there on the phone - no problem. I thought that was pretty cool.

As one of the last things they had to get for info was my ss number. I opened my mouth to give it to them, and it hit me - they Called ME and there is no way I was going to give out my ss number to someone who called me. I said thanks and that I would not give out my ss number over the phone to someone who called me and hung up. I never heard about that offer ever again...


The other popular scam running is the "copier toner" scam.

Scammer: "Hello, this is bob with acme copy supplies. WE didn't have the right number for the copier order, what is the correct model number of your copier?"

Office person: "Oh, it is a HP 41229".

Scammer: "Thanks".

A week later, you get an invoice sent for the "Hp 41229" toner you ordered. You do remember ordering it right?

Some times they will even send you the toner at a very high price...

Lilliabeth




msg:309936
 4:58 pm on Apr 30, 2006 (gmt 0)

The other popular scam running is the "copier toner" scam.

I once told one of those that we have an off-brand. The lady wanted to know the model number, so I gave it to her...

G zero 2 H E

Click.

WebDon




msg:309937
 5:44 pm on Apr 30, 2006 (gmt 0)

We used to get the toner gag quite a bit too. It happens with all kinds of stuff to, office supplies, flourescent tubes for the light fixtures, etc.

Another thing to be wary of is people looking for folks with student loans. They get lists of people recently graduated and just start calling...

pontifex




msg:309938
 6:41 pm on Apr 30, 2006 (gmt 0)

another good one OFFLINE is the advertising invoice... if you advertise in newspapers/magazines, you get an additional invoice for "layout services" of lets say 3.49$... on the fake stationary of the newspaper. I got that once and almost paid.

with passwords online i actually have an internal block, which kicks in quite hard, when someone asks me to click in an email :-)

P!

greedy player




msg:309939
 6:48 pm on Apr 30, 2006 (gmt 0)

phisers are good but I'm pretty sure I'll never be stung because I check the ip address and headers :)

Tapolyai




msg:309940
 7:04 pm on Apr 30, 2006 (gmt 0)

We have started to see "spear phishing" more and more.

One of my jobs involves a lot of high profile financial organizations.

Phishing e-mails come to these organizations by reviewing job offers and HR pages to see what special benefits they offer - for example one big bank posted their medical insurance carrier name in an online job offer.

Within a week or so employees of big bank started to receive e-mails at work from Rumania purporting to be the "medical insurnace" <sic> company - beautiful HTML forms with images from the insurance web site asking for very detailed information. Major headache both at the insurance and at the big bank.

It seems that spear phishing works even better then the vanilla phishing.

Bondings




msg:309941
 7:13 pm on Apr 30, 2006 (gmt 0)

>>Oh my lord. "Duckaloof" is my new, all-purpose insult. I don't know what it means, but who cares?

Even Google doesn't know it, apparantly.

Rightz




msg:309942
 8:21 pm on Apr 30, 2006 (gmt 0)

I almost fell for a really clever fake paypal website from an email. It asked me to update my details so I followed the link. The address was actually something like <snip> (or something) because I remembered I did actually glance at the url and just thought it was an international paypal. I filled in my mothers madien name and my phone number. Then went on to fill in my card number and expiry date. It then asked for the 3 digit code on the back of the card. Only at this point did I think something as wrong so clicked the help link - it even was a very clever site with everything exactly the same as paypal. The email even said it from paypal accounts or whatever. The scary thing is if the site hadn't asked for the 3 digit code I would have submitted all the rest of my information.

Too easily done. Paypal later told me they always email using my name. I didn't even notice the fake email didn't.

[edited by: lawman at 8:31 pm (utc) on April 30, 2006]
[edit reason] No Links - Espicially To Illegitimate Sites [/edit]

skibum




msg:309943
 9:22 pm on Apr 30, 2006 (gmt 0)

I tripped on one of the Ebay emails once but then quickly realized if was a phishing scam and quickly went in and changed the password so no harm done. After falling for one of them, I look at everythign with much more scrutiny but they are getting more and more clever.

Iguana




msg:309944
 9:31 pm on Apr 30, 2006 (gmt 0)

Wow, I finally made the front page after all these years as a member! That would have been such an ego boost in other situations (haha on me).

I am cautious. I hold my mouse over links in emails to check where it is really going. Anything remotely financial based I wouldn't click on - hey, I'm not stupid! My Amazon.co.uk account or my bank or Adsense, I know enough to always go there under my own steam.

The problem comes down to this: In my head I must have been half-expecting an email from Amazon.com about my account. I looked at the PR of personal profile pages in Amazon recently in terms of how I could use them to get a link to my sites and noted that reviews etc only appeared if you had actually bought something (that is, had used your account).

So, if I had just gone over my overdraft limit with my bank and I got an email from them then I think I would be in danger of clicking on a link - because my mind would be on my worries about the unauthorised spending rather than the fact that I never trust the source of emails. Just like the Paypal confirmation I nearly filled in - I set up a Paypal account two years ago, confirmed the trial transaction, but have never used it. If ebay emailed me about my account, then I would liable to first think about the fact that I haven't ever bought or sold anything over ebay so perhaps it was legitimate that they were questioning my account.

What really worries me is that I was at least awake enough to spot the problem and do something about it and so the only inconvenience was to think of a new password. There must be so many people who are not as 'net-savvy' as I thought I was. I now think that all email systems should not allow embedded links - they should be converted to text and the instructions for copy and paste into the address bar should be included.

...and yet I got an Event Invitation from MySpace today and I clicked on the link in the email to look at it.

tictoc




msg:309945
 11:39 pm on Apr 30, 2006 (gmt 0)

I was on Yahoo instant messenger one day and clicked on a message someone sent me saying they had some new pics they wanted me to see. The link sent me to a Yahoo Photos page that made me sign on (again) which I did not think was strange because sometimes you have to sign in again to view photos or use other yahoo features besides mail. I signed on without even thinking about it being a scam and it sent me to some strange site with pop-ups and took my Yahoo password that had control of my email, messenger, calendar, address book, etc.

I then tried to sign into Yahoo and they had already changed my password. I called Yahoo and finally proved to them I was me by my alternate email on the account and got it changed back over before the spammer had fully damaged my email account. I felt so dumb to have fallen for that scam but itís when you are half way paying attention that you get caught off guard. I guess that is why they send 50 or so Paypal looking emails a day to hope they catch us when we are not paying attention. I am more careful now but it just makes me sick that these people get away with these phising emails from Paypal, Ebay, and Amazon. It amazes me they are not caught more often because I get hundreds in my email box every week without even going to my spam mail.

kaled




msg:309946
 12:13 am on May 1, 2006 (gmt 0)

Everyone get's caught by a scam sometime or other, but consider this...

About six months or so a go, a large telecoms company (UK) started phoning customers to remind them if a bill was outstanding and asking the bill to paid by credit card. Being paranoid, I declined when I was called (but it was legit - I checked) but I'm sure many people happily obliged, and would do so again.

Kaled.

jsinger




msg:309947
 1:01 am on May 1, 2006 (gmt 0)

I got a phone call from my state about some old income taxes that were due. They offered to take a credit card right over the phone. I was 99.9% certain it was a scam. Had all the ear marks. My CPA, who I immediately called, thought so too.

I called the dept of revenue (using phone number from book) and was shocked learn it wasn't a scam!

In fact the revenuers said I was almost the only one who had EVER questioned their veracity.

This 58 message thread spans 2 pages: 58 ( [1] 2 > >
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Local / Foo
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved