SwiftVets.com Forum Index SwiftVets.com
Service to Country
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Brilliant phishing scam almost hooked me
Goto page 1, 2  Next
 
Post new topic   Reply to topic    SwiftVets.com Forum Index -> Geedunk & Scuttlebutt
View previous topic :: View next topic  
Author Message
GenrXr
Master Chief Petty Officer of the Navy


Joined: 05 Aug 2004
Posts: 1720
Location: Houston

PostPosted: Fri Mar 24, 2006 4:14 pm    Post subject: Brilliant phishing scam almost hooked me Reply with quote

the email

From : PayPal Inc. <service@paypal.com>
Sent : Thursday, March 23, 2006 6:57 PM
To : xxxx@hotmail.com
Subject : Account Notification!


This email confirms that you have added the following address to your
account:

1515 6th Street
Manhattan Beach, CA 90266
United States

If you did not authorize this change please contact us using the link
below:

https://xxxpaypal.com/webscreen=?cmd_remove/value=cookie?newadress (added the x's so this link would not work, although it does appear this link when copied and clicked takes you to the legit paypal site when it is clicked through the email it takes you to a different site.)

Thank you for using PayPal!
The PayPal Team

Please do not reply to this e-mail. Mail sent to this address cannot be
answered. For assistance, log in to your PayPal account and choose the
"Help" link in the header of any page.


Security Advisory: When you log in to your PayPal account, be sure to open
up a new web browser (e.g. Internet Explorer or Netscape) and type in the
PayPal URL (https://www.paypal.com/us/) to make sure you are on a secure
PayPal page.



PayPal Email ID PP0341


Looks completely legit and when you click the link it takes you to the Paypal website. Only problem is when you look into the url box it shows numbers instead of paypal.com. This raised a huge red flag so I closed down the all my windows and re-opened IE and typed in paypal.com then logged in. Checked my addresses and no california address.

Also, remember whenever you are on a financial website the bank or credit company will always have their name dot com then numbers as opposed to just numbers.

Please be careful when entering any passwords and account names. Always make sure to be on the legitimate url.
_________________
"An activist is the person who cleans up the water, not the one claiming its dirty."
"All that is necessary for evil to triumph is for good men to stand by and do nothing." Edmund Burke (1729-1797), Founder of Conservative Philosophy
Back to top
View user's profile Send private message Visit poster's website
Me#1You#10
Site Admin


Joined: 06 May 2004
Posts: 6503

PostPosted: Fri Mar 24, 2006 5:17 pm    Post subject: Re: Brilliant phishing scam almost hooked me Reply with quote

GenrXr wrote:
Looks completely legit and when you click the link it takes you to the Paypal website.

Well...um, no it doesn't. It takes you to the scam site (but I know that's what you meant Wink ).

Paypal will ALWAYS use your registered name in legitimate communications...that should be your FIRST and only needed clue.

FWIW while we're on the subject...

Quote:
10 ways to recognize fake (spoof) emails

  1. Generic greetings. Many spoof emails begin with a general greeting, such as: "Dear PayPal member." If you do not see your first and last name, be suspicious and do not click on any links or button.

  2. A fake sender's address. A spoof email may include a forged email address in the "From" field. This field is easily altered.

  3. A false sense of urgency. Many spoof emails try to deceive you with the threat that your account is in jeopardy if you don't update it ASAP. They may also state that an unauthorized transaction has recently occurred on your account, or claim PayPal is updating its accounts and needs information fast.

  4. Fake links. Always check where a link is going before you click. Move your mouse over it and look at the URL in your browser or email status bar. A fraudulent link is dangerous. If you click on one, it could:
    • Direct you to a spoof website that tries to collect your personal data.
    • Install spyware on your system. Spyware is an application that can enable a hacker to monitor your actions and steal any passwords or credit card numbers you type online.
    • Cause you to download a virus that could disable your computer.

  5. Emails that appear to be websites. Some emails will look like a website in order to get you to enter personal information. PayPal never asks for personal information in an email.

  6. Deceptive URLs. Only enter your PayPal password on PayPal pages. These begin with https://www.paypal.com/



  7. Misspellings and bad grammar. Spoof emails often contain misspellings, incorrect grammar, missing words, and gaps in logic. Mistakes also help fraudsters avoid spam filters.

  8. Unsafe sites. The term "https" should always precede any website address where you enter personal information. The "s" stands for secure. If you don't see "https," you're not in a secure web session, and you should not enter data.

  9. Pop-up boxes. PayPal will never use a pop-up box in an email as pop-ups are not secure.

  10. Attachments. Like fake links, attachments are frequently used in spoof emails and are dangerous. Never click on an attachment. It could cause you to download spyware or a virus. PayPal will never email you an attachment or a software update to install on your computer.
If you receive a spoof email, forward the entire email - including the header information - to us at: spoof@paypal.com, then delete it from your mailbox. Please note that the automatic response you get from us may not address you by name.

PayPal Security
Back to top
View user's profile Send private message
AMOS
Senior Chief Petty Officer


Joined: 30 Jul 2004
Posts: 558
Location: IOWA

PostPosted: Fri Mar 24, 2006 9:36 pm    Post subject: EbAY. Reply with quote

Same thing happens with Ebay.. If your NAME ain't on it, delete it.
Back to top
View user's profile Send private message
kate
Admin


Joined: 14 May 2004
Posts: 1891
Location: Upstate, New York

PostPosted: Sat Mar 25, 2006 12:00 am    Post subject: Reply with quote

Quote:
If you receive a spoof email, forward the entire email - including the header information - to us at: spoof@paypal.com, then delete it from your mailbox. Please note that the automatic response you get from us may not address you by name.


Ebay also has a fraud unit to track these criminal spoofers. When I got one of those messages, I emailed EBay, and their fraud unit immediately replied and asked me to forward the offending email (ie with all headers).

It's worth the small effort, if it helps them track down some of these jokers.
_________________
.
one of..... We The People
Back to top
View user's profile Send private message
GoophyDog
PO1


Joined: 10 Jun 2004
Posts: 480
Location: Washington - The Evergreen State

PostPosted: Sat Mar 25, 2006 1:47 am    Post subject: Reply with quote

If you have an email client such as Outlook and even Thunderbird and have the html coding turned on, the actual link can be faked with decimal or hex encoding. (Fancy words for you see one thing, the link takes you elsewhere).

Unless you look at the full mail headers with the actual IP address showing, or view the source coding of the email, you can fall prey to this method of spoofing. Just an FYI PayPal uses one address block with octets after 64.4.240 and EBay uses 216.113.160 through 216.113.191.

Rule of thumb - Never respond to an unsolicited request or confirmation of account information. If in doubt, go to the main page of the organization (without using provided links) and make your contact that way.

Personally, I would love to have seen the headers on this one just so I could add more addresses to my blacklist.
_________________
Why ask? Because it needs asking.
Back to top
View user's profile Send private message
Schadow
Vice Admiral


Joined: 30 Sep 2004
Posts: 936
Location: Huntsville, Alabama

PostPosted: Sat Mar 25, 2006 2:39 am    Post subject: Reply with quote

WhitePages.com turned up the following on a reverse lookup of the Manhattan Beach address:

We're sorry. Your search returned no results.

There is one in Alhambra, though, belonging to one Yuh Lee. Culprit?

Schadow
_________________
Capt, 8th U.S. Army, Korea '53 - '54
Back to top
View user's profile Send private message
GenrXr
Master Chief Petty Officer of the Navy


Joined: 05 Aug 2004
Posts: 1720
Location: Houston

PostPosted: Sat Mar 25, 2006 4:32 am    Post subject: Reply with quote

GoophyDog wrote:
If you have an email client such as Outlook and even Thunderbird and have the html coding turned on, the actual link can be faked with decimal or hex encoding. (Fancy words for you see one thing, the link takes you elsewhere).

Unless you look at the full mail headers with the actual IP address showing, or view the source coding of the email, you can fall prey to this method of spoofing. Just an FYI PayPal uses one address block with octets after 64.4.240 and EBay uses 216.113.160 through 216.113.191.

Rule of thumb - Never respond to an unsolicited request or confirmation of account information. If in doubt, go to the main page of the organization (without using provided links) and make your contact that way.

Personally, I would love to have seen the headers on this one just so I could add more addresses to my blacklist.


Thanks for the info GD and as #1 pointed out these links should never be clicked. Being very tired after a 12 hour drive I did click the link, but as soon as it was clicked realized my mistake. Fortunately, clicking the link was not a problem and the intent was for me to enter my password, but my foolish error did give rise to the importance of explaining how careful people must be when responding to emails of uncertain origin.

The anti-virus run on my computers is the very best from norton. It is corporate server protection which is run on my father and brothers computers to shield us, because we all remote access a server. Ran a scan and all is good.
_________________
"An activist is the person who cleans up the water, not the one claiming its dirty."
"All that is necessary for evil to triumph is for good men to stand by and do nothing." Edmund Burke (1729-1797), Founder of Conservative Philosophy
Back to top
View user's profile Send private message Visit poster's website
GenrXr
Master Chief Petty Officer of the Navy


Joined: 05 Aug 2004
Posts: 1720
Location: Houston

PostPosted: Sat Mar 25, 2006 4:47 am    Post subject: Reply with quote

Schadow wrote:
WhitePages.com turned up the following on a reverse lookup of the Manhattan Beach address:

We're sorry. Your search returned no results.

There is one in Alhambra, though, belonging to one Yuh Lee. Culprit?

Schadow


They are probably Russians in China, Nigerians in Bermuda, or Saudi's in Kansas running proxies which take effort to discern. Impossible to know unless the NSA or DOD put its math pin heads on it. Best just to be aware of the red flags and steer clear.
_________________
"An activist is the person who cleans up the water, not the one claiming its dirty."
"All that is necessary for evil to triumph is for good men to stand by and do nothing." Edmund Burke (1729-1797), Founder of Conservative Philosophy
Back to top
View user's profile Send private message Visit poster's website
dusty
Admiral


Joined: 27 Aug 2004
Posts: 1264
Location: East Texas

PostPosted: Sat Mar 25, 2006 5:19 am    Post subject: Reply with quote

Quote:
The anti-virus run on my computers is the very best from norton. It is corporate server protection which is run on my father and brothers computers to shield us, because we all remote access a server. Ran a scan and all is good.


It might be the very best from Norton, but it's certainly not the best. Might even qualify for worst if it wasn't for the McAfee junk being out there.
GenrXr, I take care of most of the computers and networks in our little town. The state of Texas has supplied all the county courthouses with the same version of Norton that you mentioned. The corporate version. Our county courthouse network has 18 computers online through a DSL connection. I had to install the Norton corporate ed. on all of them as per the state instructions. Prior to that I had simply been using the AVG free edition on each computer although it has no provisions for deploying over a network and requires being installed on each computer manually. But we had experienced no virus infections for two years until I had to put the Norton product on them.
To make a long story short, within 3 mo. of having Norton installed, all the computers at the courthouse had virues on them. Now Norton didn't tell me they had any viruses. It had no idea that the computers it was supposed to be protecting had been infected. But when computers start slowing down and dragging and weird things start going on with them, it's a pretty safe bet they have something going on. So I get called back up there to see what the problem is. I always check to see if a computer that is running very slow has Norton on it because the program itself is a giant system resource hog. I can usually disable Norton and the computer will immediatly respond better.
Also, if Norton or McAfee is the anti-virus solution on a computer the first thing I do is install the free AVG program, update it and run a scan. It will invariably find at least two or three viruses that Norton and McAfee both miss.
I now have the free AVG solution running on all the computers at our courthouse in addition to Norton Corp. Ed. and it continously finds and cleans viruses that Norton totally ignores. (I have sent scan results from Norton and AVG showing the performance difference to the person in charge of procuring the software for the State of Texas but all I can say is that somebody has their head someplace it don't belong because they haven't made an adjustment in policy)(yet)
For one of the best spyware solutions, Microsoft's free Antispy (recently renamed Defender) is hard to beat. The only one that is better is Computer Associates Pest Patrol. (The federal govt. switched from Symantec products to Computer Associates EZ Armor last year for the same reasons I am putting forth here)
Now folks, ya'll can argue about all this til the moon turns blue but I have to deal with real world problems and solutions every day. I don't argue with what works and what don't. It's way too obvious when you clean viruses and spyware off 8 to 10 computers a week.
I have the AVG Network edition protecting the City Hall network with no infections and trouble free service for the last two years now. The CA network solution was just flat out of their reach financially but the AVG is doing a very nice job.
This is just a big FYI I thought I'd pass along for the benifit of my friends.
On my home machine I run the EZ Armor suite along with Pest Patrol. The CA firewall is the best there is and compares favorably with hardware firewalls.

Dusty
_________________
Left and Wrong are the opposite of Right!
Back to top
View user's profile Send private message
GenrXr
Master Chief Petty Officer of the Navy


Joined: 05 Aug 2004
Posts: 1720
Location: Houston

PostPosted: Sat Mar 25, 2006 5:27 am    Post subject: Reply with quote

dusty wrote:
Quote:
The anti-virus run on my computers is the very best from norton. It is corporate server protection which is run on my father and brothers computers to shield us, because we all remote access a server. Ran a scan and all is good.


It might be the very best from Norton, but it's certainly not the best. Might even qualify for worst if it wasn't for the McAfee junk being out there.
GenrXr, I take care of most of the computers and networks in our little town. The state of Texas has supplied all the county courthouses with the same version of Norton that you mentioned. The corporate version. Our county courthouse network has 18 computers online through a DSL connection. I had to install the Norton corporate ed. on all of them as per the state instructions. Prior to that I had simply been using the AVG free edition on each computer although it has no provisions for deploying over a network and requires being installed on each computer manually. But we had experienced no virus infections for two years until I had to put the Norton product on them.
To make a long story short, within 3 mo. of having Norton installed, all the computers at the courthouse had virues on them. Now Norton didn't tell me they had any viruses. It had no idea that the computers it was supposed to be protecting had been infected. But when computers start slowing down and dragging and weird things start going on with them, it's a pretty safe bet they have something going on. So I get called back up there to see what the problem is. I always check to see if a computer that is running very slow has Norton on it because the program itself is a giant system resource hog. I can usually disable Norton and the computer will immediatly respond better.
Also, if Norton or McAfee is the anti-virus solution on a computer the first thing I do is install the free AVG program, update it and run a scan. It will invariably find at least two or three viruses that Norton and McAfee both miss.
I now have the free AVG solution running on all the computers at our courthouse in addition to Norton Corp. Ed. and it continously finds and cleans viruses that Norton totally ignores. (I have sent scan results from Norton and AVG showing the performance difference to the person in charge of procuring the software for the State of Texas but all I can say is that somebody has their head someplace it don't belong because they haven't made an adjustment in policy)(yet)
For one of the best spyware solutions, Microsoft's free Antispy (recently renamed Defender) is hard to beat. The only one that is better is Computer Associates Pest Patrol. (The federal govt. switched from Symantec products to Computer Associates EZ Armor last year for the same reasons I am putting forth here)
Now folks, ya'll can argue about all this til the moon turns blue but I have to deal with real world problems and solutions every day. I don't argue with what works and what don't. It's way too obvious when you clean viruses and spyware off 8 to 10 computers a week.
I have the AVG Network edition protecting the City Hall network with no infections and trouble free service for the last two years now. The CA network solution was just flat out of their reach financially but the AVG is doing a very nice job.
This is just a big FYI I thought I'd pass along for the benifit of my friends.
On my home machine I run the EZ Armor suite along with Pest Patrol. The CA firewall is the best there is and compares favorably with hardware firewalls.

Dusty


You are correct and I have been thinking about writing an article called 'Norton Anti-Virus is the greatest virus ever created', but although it does render our very expensive machines very slow, we have yet to encounter an outside threat.

pfft, Dusty you pre-empted my article on anti-virus software being viruses. If you are not attributed later on dinner on me for the family. Smile
_________________
"An activist is the person who cleans up the water, not the one claiming its dirty."
"All that is necessary for evil to triumph is for good men to stand by and do nothing." Edmund Burke (1729-1797), Founder of Conservative Philosophy
Back to top
View user's profile Send private message Visit poster's website
SBD
Admiral


Joined: 19 Aug 2004
Posts: 1022

PostPosted: Sun Mar 26, 2006 7:25 am    Post subject: Reply with quote

What's your opinion of ClamWin?

http://www.clamwin.net

SBD
Back to top
View user's profile Send private message
dusty
Admiral


Joined: 27 Aug 2004
Posts: 1264
Location: East Texas

PostPosted: Sun Mar 26, 2006 2:48 pm    Post subject: Reply with quote

SBD, if you're asking me I can't really comment on how good or bad that one is. I've never used it. However just reading on their site about it they say it does not include realtime scanning. You have to manually perform a scan.
While that's not a necessarily a bad thing it's not that good a thing either. It is free which is good.
For my customers (most of them have no idea how to do a manual scan or update their software) I need an antivirus that will keep an eye on systems in real time and include e-mail scanning on download as the free AVG product does.
I've tested a lot of the name brand anti-virus solutions against each other. (back to back scanning of infected systems) I have yet to have any anti-virus product come in behind an AVG scan and find anything. I have had AVG (on an almost daily basis) come in behind some major ones and find several infections the others missed. For free, complete feature set including e-mail scanning, almost no impact on system resources, confidence in the product, the AVG solution is my choice.
For a paid for solution, CA's EZ Armor is the established leader, top of the line product.
Also, let me mention a solution that a lot of public libraries including the one in my town use. The public will just flat out download trash to the computers they have access to. Now techs can try as they will to keep the public from downloading malware but these kids today will get around your best efforts to lock a system down I guarentee. The Gates foundation supplies a lot of computers to libraries around the country and even they cannont lock NT down good enough.
So there is a solution out there called Deep Freeze by Faronics. Real nifty. It takes a snapshot of the system on boot. (you must start with a clean system) From then on, people can download whatever they want, viruses can infect all they want, malware can be installed all over the system and all it takes to get back to a clean state is a reboot. You can disable the 'frozen' state with a password you set so you can install programs as necessary.
Before Deep Freeze, libraries were having to have their computers formatted and images reapplied almost weekly. Deep Freeze in effect, does the same thing just by rebooting the computer.
http://www.faronics.com/html/deepfreeze.asp

Dusty
_________________
Left and Wrong are the opposite of Right!
Back to top
View user's profile Send private message
Schadow
Vice Admiral


Joined: 30 Sep 2004
Posts: 936
Location: Huntsville, Alabama

PostPosted: Sun Mar 26, 2006 6:32 pm    Post subject: Reply with quote

Get a Mac! Very Happy

Schadow
_________________
Capt, 8th U.S. Army, Korea '53 - '54
Back to top
View user's profile Send private message
LimaCharlie
PO2


Joined: 25 Aug 2004
Posts: 386
Location: Oregon

PostPosted: Sun Mar 26, 2006 6:53 pm    Post subject: Reply with quote

Macs are a communist plot. They put everyone in a little box with no freedom to change, grow, or experiment.
_________________
I was going to become an anarchist, but they had too many rules.
Back to top
View user's profile Send private message
Schadow
Vice Admiral


Joined: 30 Sep 2004
Posts: 936
Location: Huntsville, Alabama

PostPosted: Sun Mar 26, 2006 7:38 pm    Post subject: Reply with quote

LimaCharlie wrote:
Macs are a communist plot. They put everyone in a little box with no freedom to change, grow, or experiment.


Surely you jest. Micro$oft's Larry, Moe and Curly's never-ending quest to get Windoze right is a constant source of amazement and amusement to us who live in our little boxes safe from the hackers' best efforts - at least so far.

Steve Jobs is seemingly content to have a 5% market share in computers as long as his iPod pacifiers sell so well.

Virus? What's that? Rolling Eyes

Schadow
_________________
Capt, 8th U.S. Army, Korea '53 - '54
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    SwiftVets.com Forum Index -> Geedunk & Scuttlebutt All times are GMT
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group