David_S85 - please explain

Andy

So David_S85 is our resident conspiracy theorist. In 25 years, btw, we'll find out that it was HIM on the grassy knoll :evil

anyhow, got thinking about spam, and phishing lately. Got phished for my online banking last week (unusual, becuase it came to my private email) and then today got this in my yahoo spam folder:

CIA wrote:

Dear Sir/Madam,

we have logged your IP-address on more than 30 illegal Websites.

Important:
Please answer our questions!
The list of questions are attached.


Yours faithfully,
Steven Allison



++++ Central Intelligence Agency -CIA-
++++ Office of Public Affairs
++++ Washington, D.C. 20505

++++ phone: (703) 482-0623
++++ 7:00 a.m. to 5:00 p.m., US Eastern time

Oh and there was a juicy zip file attached (of course it was caught in the spam filter)

These people are funny.

Osprey Whisperer

At least your breasts are not going to grow overnight.

DavidTO

I got the same one.

Man, they ask a lot of questions....

Dee

Yours faithfully

Andy wrote:

So David_S85 is our resident conspiracy theorist. In 25 years, btw, we'll find out that it was HIM on the grassy knoll

anyhow, got thinking about spam, and phishing lately. Got phished for my online banking last week (unusual, becuase it came to my private email) and then today got this in my yahoo spam folder:



Oh and there was a juicy zip file attached (of course it was caught in the spam filter)

These people are funny.

From the CIA?

David_S85

Andy wrote:

So David_S85 is our resident conspiracy theorist. In 25 years, btw, we'll find out that it was HIM on the grassy knoll

anyhow, got thinking about spam, and phishing lately. Got phished for my online banking last week (unusual, becuase it came to my private email) and then today got this in my yahoo spam folder:

Oh and there was a juicy zip file attached (of course it was caught in the spam filter)

These people are funny.

I more enjoy the Nigerian lottery scams, or whatever they pretend to be.

At least your spamming filter got the scummy email. Usually, these things are good enough to break right on through.

And BTW, I am just old enough to have held that rifle above my 7-year old head, but I wasn't yet tall enough to have rested it against the notch in the fence without a ladder. And at 7, I wasn't allowed to play with ladders.

Phishing scams and spoofs are everywhere. I get them from PayPal (not the actual PayPal mind you) almost every day. But then again so does everybody. There's even a paypal.txt cookie laid into my cache folders daily from somewhere. I don't have a PayPal account. The cookie is there to help me navigate to a spoofed site if and when I get PayPal. I will never open a PayPal account.

When (not if) you get email from a bank for ANY reason, be suspicious. Call the bank, at their real number from the phone book, and never from whatever numbers or hyperlinks within the email. Odds are, they want you to contact a spoofed site or phone number to enter your PIN, account #, passwords, social security # (US), or mother's maiden name so they can gain access to your money, and lock you out. Heck, they might even call you on your phone; people today are becoming vulnerable to that old game again, thinking that scams are only from the web nowadays. My mom got hit with that phone call scam a few years ago. I'll never let her use a computer.

But lately, pharming attacks are more in the news. These crimeware scams are installed by small (and possibly remote) trojan programs and will re-write portions of your local host file's DNS numbers, directiong your next MyBank.com trip to a spoofed bank site. They'll install phoney IP numbers in the host file for banks you don't even deal with, just in case you may open up a legitamate account at one of those banks someday. Whatever goes for bank IP's can work with any other site too. Pharming attacks are not solved by using Firefox, or other more secure browsers, since the browser only seeks the help of the local hosts file to send the IP# out that is connected to MyBank.com. Plug-ins are being developed to help identify a pharmed IP number(s), but don't totally rely on those either. YMMV. Spoofed DNS numbers are a moving target. They could change hourly. I'd also be suspicious of the actual browser add-on that is supposed to filter out these scams. That's probably the next crime game -- to make a phoney plug-in that is riddled with the pharmed IP's. Then after that happens, the next next scam will be to update the plug-in with newer bogus data. Perceived security is the most dangerous kind, just like a handgun will keep you safe from danger. Not.

I have resorted to actually opening up my mailed bank statements and manually checking off deposits and transactions again. Bank by web? I used to. Not anymore.

Supposedly, the new IE7 (due real soon) will include an anti-pharming and anti-phishing filter.

David_S85 is sponsored by these quality on-line merchants:
Read recently released area 51 diaries on your cellphone
Stop phishing attacks safely while you communte to work
Add amazing weight-loss formula to your coffee
Avoid early death by eating 2 pounds of ribs & steak each day

Andy

David_S85 wrote:

I

David_S85 is sponsored by these quality on-line merchants:
Read recently released area 51 diaries on your cellphone
Stop phishing attacks safely while you communte to work
Add amazing weight-loss formula to your coffee
Avoid early death by eating 2 pounds of ribs & steak each day

love your "commercial"

So question: I'm smart enough to never open mail from my online banking deal - if they have something for me it shows up in my messaging system on the online banking itself - I'm not so concerned about it, but tell me again how I could get "pharmed?"

David_S85

Andy wrote:

love your "commercial"
...tell me again how I could get "pharmed?"

100's of articles on it if you Google how to avoid pharming scams. Here's one from that list:

http://www.csmonitor.com/2005/0505/p13s01-stin.html

The threat is real. Where the attacks come from is anyone's guess. There are utilities out there that let you do an inspection of your local hosts.file, and compare the DNS numbers to the real sites, but I've never looked into those programs yet. I'm paranoid, but not that paranoid.

I'm just waiting to be snooked into a opening up a fake imdb.com
site to give me incorrect movie reviews.

JohnR

Now...all these pharms, etc...would this be mainly a Windows problem? Because I haven't ever gotten emails like those that you guys mention.

Andy

David_S85 wrote:

The threat is real.

Hrm... Hey, Other-David: can Mac's be Pharmed?

DavidTO

Andy wrote:

Hrm... Hey, Other-David: can Mac's be Pharmed?

dunno. I do know that downloading will always warn you if it contains an application. And the system tells you when you're running one for the first time, which should help. But I'm sure that no one's completely safe.

DavidTO

Let me put it this way: I keep up on Mac news on a daily basis and have never heard of a Mac being pharmed. I imagine it would require a virus or a trojan horse, which has never been successful in propagating out in the wild on a Mac.

That having been said, I'm sure those low-lifes can do anything they put their minds to.

DavidTO

Online banking is good. Some dirtbag charged over $400 to my checkcard yesterday (which I have on me, so it wasn't stolen) and I would not have found out for weeks if not for online banking. Bummer is now with the holiday and all it'll be nearly two weeks before I get a replacement.

DavidTO

The bank says that most likely they got the card stripe at the gas station, and that there's a problem with that in SoCal especially with Arco. Dirtbags.

Andy

DavidTO wrote:

The bank says that most likely they got the card stripe at the gas station, and that there's a problem with that in SoCal especially with Arco. Dirtbags.

That stinks! How do they get it from a gas station?

DavidTO

Andy wrote:

That stinks! How do they get it from a gas station?

Don't know if that's what they did, but they put a stripe reader in the machine and steal card numbers that way. Then they make forged cards from it. It's called skimming.

Andy

DavidTO wrote:

Don't know if that's what they did, but they put a stripe reader in the machine and steal card numbers that way. Then they make forged cards from it. It's called skimming.

So, did your bank eat the $$?

DavidTO

Andy wrote:

So, did your bank eat the $$?

they're processing the dispute. they say they will, though. and they give a provisional credit during the dispute process. haven't seen it yet, but they say they will.

cabbey

IIRC the specific email you mentioned Andy is a virus (the zip file is infected) more than a phishing expedition. And for the record, the mac is phishable. Ya see it's not the OS so much that is, but the user, and some people just ain't too bright. Now the mac does go a LONG way to help, the aforementioned warnings that you're about to run a program for example, and the generally secure unix infrastructure under neath OS/X, as opposed to the wide open DOS basis for any windows with numbers in it's name. NT and XP are more unix like than 3.1,95,98,2000... however, as generally deployed, they are usually just as vulnerable as their predesesors. Mac OS/X by contrast, the default depolyment is more secure, and the hoops required to get to a more insecure setup are more difficult than using the built in user friendly interfaces for doing things securely.

Andy

cabbey wrote:

IIRC the specific email you mentioned Andy is a virus (the zip file is infected) more than a phishing expedition. And for the record, the mac is phishable. Ya see it's not the OS so much that is, but the user, and some people just ain't too bright. Now the mac does go a LONG way to help, the aforementioned warnings that you're about to run a program for example, and the generally secure unix infrastructure under neath OS/X, as opposed to the wide open DOS basis for any windows with numbers in it's name. NT and XP are more unix like than 3.1,95,98,2000... however, as generally deployed, they are usually just as vulnerable as their predesesors. Mac OS/X by contrast, the default depolyment is more secure, and the hoops required to get to a more insecure setup are more difficult than using the built in user friendly interfaces for doing things securely.

Yeah I know anyone on any platform is phishable. But I was asking if Macs are pharmable....?

patch29

Now your email has made the news.

Anti-virus and e-mail security companies warned Internet users Tuesday about a new variant of the Sober worm that was flooding e-mail servers around the world, with help from zombie machines infected by earlier editions of the same worm.

Sober.AG is the latest in a long line of mass e-mail worms.

It appeared Monday, after machines infected with older variants began spamming out the new version in a massive e-mail flood.

The e-mail messages use a variety of subterfuges to trick recipients into opening the virus attachment, including messages that pretend to come from the FBI and CIA, security firms said Tuesday.

The rest of the article is here.

Andy

patch29 wrote:

Now your email has made the news.



The rest of the article is here.

who are you again???

System

I bet smugmug and dgrin are really pharming for my EXIF data in order to steal my soul.

Awais Yaqub

Btw i also get a lot spam
what i always wonder what is profit to them who send these emails

Dee

I wonder too

Awais Yaqub wrote:

Btw i also get a lot spam
what i always wonder what is profit to them who send these emails

But there must be some profit or they wouldn't spend the time and money to send this stuff. I'd like to know how much money they make from all these spams, phishes, etc.

I got a notice that I won the lottery in the UK a few months back, and I was so hopeful some kind dgrinner in the UK had entered me!

When I went to the real site, it was a pretty good rip off -- only my "winning" number wasn't listed on the real site.

I love the ones from supposed people I've never heard of who are leaving me money in their will. Hmmm, like I believe this unknown person has "my" e-mail in their will?

It must be more fun for people who use an alias for their e-mail accounts!

I once filled in the name of my dog on some snail mail in card -- and to this day I get offerings in my snail mail.

I really resent all the ebay and paypal ones, and ones from banks I don't even have an account at.

But why these spammers are interested in a piece of anatomy, that as a female I don't have, is beyond me!

David_S85

truth wrote:

I bet smugmug and dgrin are really pharming for my EXIF data in order to steal my soul.

:s85

Ummmm. Errrrrr. I could tell you that you're right on the money with this theory of yours; I've pondered the same thing often. Truth (ahem) is that I'm not close enough to the top here to actually know if this is the case. And those that are, aren't saying.

There are ways to save your images without EXIF data and you could then post them to Smugmug and Dgrin worry-free. I might also suggest aluminum foil to wear as a hat, and perhaps to also cover your camera preventing the evil doers from harvesting both souls and EXIFs. As always, YMMV.

Andy

David_S85 wrote:

And those that are, aren't saying

Saying what?

David_S85

Andy wrote:

Saying what?

Exactly!

wxwax

Andy wrote:

Saying what?

Ideally.

Awais Yaqub

I receive a lot spam of something rolleyesrolleyes i think they dont know i am not married yet

Belive it or not in other forum i had a conflict with few people since then my email is bombed with a lot spam !