From: bones@everything2.com
To: Everything 2 User
Subject: Server move problems

Hi all,
We've had a little trouble migrating the user accounts to the new server... okay, we LOST the password table.

If you could take a few seconds to click on the link below, input your E2 noder name and password, we'll load it up and you'll be back to noding in no time.

http://everything2.com/logon.pl?op=resetpassword

Thanks!
Them Bones


Quite convincing, isn't it? Apparent Server Move Rockiness issue, what looks like a legitimate E2 URL and Them Bones is the sender. THEM Bones??? Had it not been for that tiny oversight, I'd 0WNZ0R your nodes right now.

Phishing is the act of forging a legitimate email (via spamming) and exploiting URL obfuscation to coax an unsuspecting user to reveal sensitive information. This is usually done to phish for credit card information or online banking account information.

The phishing sploit used here is quite simple: the ablility to name a softlink differently than its corresponding node name. In IE many spoof exist: using the http://user@site.com with a ^A in front of the @, javascript events like onmouseover sets the link bar and so on.

Updates: Servo5678 says the latest IE patch removes user:pass@site.com functionality in order to end crap like this. Unfortunately, there are still lots of unpatched browsers out there....

Source: The citibank phishing email I just deleted from my inbox ...

One of the biggest scams on the Internet these days involves phishing (pronounced fishing), or tricking the victim into giving away important accounts and passwords. Almost every business is a potential target, and if a victim gives away the wrong information, they can lose a lot of money.

As an example, here's a friendly warning I received from PayPal:

PayPal Account® Posible Fraud - Notification Security check!

You have received this email because your account has been used from different locations by you or someone else. For security purpose, we are required to open an investigation into this matter.

In order to safeguard your account, we require that you confirm your banking details. To help speed up this process, please access the following link so we cancomplete the verification of your PayPal Account:

Alert code: 1366968850

https://www.paypal.com/cgi-bin/webscr?cmd=_login-submit/?136 (goes to: http://www.fraudfraudfraudthe619.de/weinhomepage/shop2/bucs.html)

Please Note: If we do no receive the appropriate account verification within 48 hours, then we will assume this PayPal Bank account is fraudulent and will be suspended. The purpose of this verification is to ensure that your bank account has not been fraudulently used and to combat the fraud from our community.

We appreciate your support and understanding and thank you for your prompt attention to this matter.

Regards,

PayPal - Paypal Account® Security Department

© 2007 PayPal Account Co.

Please do not reply to this email as this is only a notification. Mail sent to this address cannot be answered.

PayPal Account® Banking Departament




Note that they warn me that if I don't log in, my account (and any funds therein) will be placed on hold. Paypal is notorious for seizing accounts for almost ficticious reasons, and the users have to go through hell getting their funds returned. Go to Google and search for "Paypal sucks stolen" for many horror stories. If this was a legitimate email, I would certainly want to keep my account from dropping into the dark pit of phone hell.

There are a few indicators that catch my attention. First off, Paypal is not a bank, and they go through great pains to say they're not a banking institution because of lawsuits and the repressive federal requirements for managing a bank. The bottom of the email says Paypal Account Banking Departament (with a mis-spelled 'department'). It's doubtful an organization like Paypal would send out poorly worded emails with obvious errors.

Note the link, which I left intact, except to add the word 'fraud' a few times. It appears to go to the Paypal website, but if you were to look at the web page source code, or just hover your mouse pointer over the link (without clicking), you'd see the link actually goes to www.the619.de, a German website that has a perfect copy of Paypal's login page.

When they visit the forged page, the unsuspecting victim enters their account name and password. The forged website generates an error, usually a "you must have mis-typed your password" page. Then it sends you off to the real Paypal website to log in, which works like it's supposed to. The victim cannot find the link that says their account needed to be verified, so they assume all is well.

The scammers will log on with the stolen account and password, then clean out any attached bank accounts and credit cards. By the time the victim realizes they've been robbed, the crooks are long gone. Note that debit cards rarely have the protections of true credit cards.

Almost every bank has a few dozen phishing attacks daily. From personal experience, I've found about 80% of mine come from South Korea or China.

You should never click on any link in an email if it has any ties to your money. Banks will never ask you to click on links, or to verify your account due to possible fraud. Almost every bank suggests you type in the bank's website address manually, and make sure the web page is secure. In Microsoft's Internet Explorer, look for a little lock symbol on the bottom bar of the browser.

Be safe, and be paranoid when it comes to your money.

Log in or registerto write something here or to contact authors.