A Word of Warning

Discussion in 'Off-Topic Chat' started by mikelyons, Jul 20, 2005.

  1. mikelyons

    mikelyons Supporting Member

    I have recently been receiving bogus e-greetings from 123greetings.com. This is a reputable firm, but nasty people out there have apparently spoofed their address. The first one fooled me because the name was very similar to one of my friends, the information in the header looked genuine and I opened it, to be confronted with some pretty explicit filth.

    Oh, and there was a key-logger in there as well.

    Since then I have had two others, neither of which I opened.

    Please be careful. Like any other terrorist, these people are out to get you. Get a spyware remover and a good virus checker and keep them up to date.

    You know it makes sense.
  2. Mister 4x4

    Mister 4x4 Member

    Yeah, I've recently been hit with a bunch of legitimate-looking PayPal, eBay, and Bank of America 'Customer Service' messages (phishing) asking me to log into their site and 'validate' my account numbers, credit account numbers, and other pertinent information.

    The big tip-off is that the sites they link you to aren't secure sites (http instead of https), even though they 'look' legitimate enough.

    Another big tip-off is when they don't use your personal identification information in the phishing e-mails - the companies you have legitimate dealings with, will use your personal information when addressing you, not salutations such as: "Dear Pay Pal customer," "Dear Bank of America account-holder," etc. They will address you by the name you have entered against your account information.

    Something else to look for is a single misspelling or reversal of characters in any of the text - the legitimate companies pay people lots of money to make sure they have run everything through spell check before it's published.

    As someone in the IT Security business, I can honestly say the best defense against this type of activity is when you receive something of this nature, to log into the site via the site's legitimate website address and check it out for yourself - don't use the links provided in the e-mails (they are HTML hyperlinks to phishing sites disguised with the legitimate address). Once you arrive at your account section of the legitimate site, 99 times out of 100 you won't have any of the issues the e-mail originator claims. Fortunately, there will usually be a 'spoof' e-mail address you can forward the suspicious e-mail to. They love receiving the messages from the spoofers, and it helps them make their sites more secure for their customers.

    The best defense, is knowledge and just a touch of paranoia. Knowing what to look for helps immensely, along with scrutinizing every e-mail that comes in from people you don't know closely.

    I'm off the soapbox for now.

Share This Page