DH Blog: Something smells phishy

WhO_KnOwS · Jul 24, 2007, 07:36 PM

None of you would ever get tricked into giving away your info to a phishing site. At least that's what you think. With scams becoming more elaborate by the day, it's only a matter of time before you give away something you'd rather not.
_______________________

Read how this almost happened to me here

Judas · Jul 24, 2007, 09:25 PM

Without looking at the sites, i just whipped through from what i could see in the little pictures quick, 8 out of 10...

The_Neon_Cowboy · Jul 24, 2007, 09:38 PM

I think I know someone who must of ran into that. AS it sent me a message advertising
their site from their account in a foreign language . I looked at it and said, enter
my password? my email? to find out who blocked or removed you on Msn messenger.
Checked the whois ran by a private guy in a foreign country righhhht, no thanks.

Problem is not only could they have gotten your contact list. They "can" download
every stored email in minutes regardless of the password change until they "disconnect".
a password change just mean they can't connect "again" with the new password.
Meaning they have what ever emails you have received or sent saved. passwords,
logins, confidential information etc... anything you may keep saved in your account.
all they have to do is connect not via the web interface but the readily available
MS outlook and they log in just like an pop email server. When the password changes
it doesn't take affect until they effectively log out or time out due to inactivity.

The thing is once their in they could of changed your contact info, secret question
and/or password. effectively taking over the account or loaveing it open to get
back in later. Short of MS having some sort of backup or you subscribing to a
premium account this would be hard to prove.

As for your paypal experience paypal does save the last user name used, via a cookie
in your browser so a failed login it still would maybe still saved. From you last login "
attempt. Not necessarily that it was a different site you tried to log into.

the matto is NEVER fallow email links to any site, type them in you selfs. As many
tricks just have html in the email that makes say www.paypal.com
mouse over the link thouigh a note the adress displayed in the bottom bar
of IE a made of adress myfakescamspoofsitethatstealsyourstuff is displayed.
usealy it a simular stite like paypal.biz.uk or something of the sort is what they use.

make sure to use strong passwords too and change them at lest once a year...
the weaker the password the more often it should be changed.

the scams are everywhere.... 15 years and I've yet to fall for something like this
mostly because I'm rightfully over paranoid

calidan · Jul 24, 2007, 10:21 PM

I do my best to not use links in emails from Paypal and the likes. Since I have the sites bookmarked there is no reason for me to click on those links. That's probably the best way to avoid fraudulent sites.

Tipstaff · Jul 24, 2007, 10:35 PM

What a coincidence that you should get hooked by an email that I too got, but didn't think twice about since it was sent to my gmail account. Thing is my PayPal account is tied to another account, so there's no way this would be legit. Instant tip off. The second one.. the email was from tp-paypal@GMAIL.COM.

Yeeeaah.. I'm sure PayPal, with all their billions of dollars, needs to be using Gmail for their mail needs.

BTW, Peter, is this the email that you got (I've witheld the link that was at the bottom of the page)?

______________________

Dear valued PayPal member,

It has come to our attention that your PayPal account information needs to be updated as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website. If you could please take 5-10 minutes out of your online experience and update your personal records you will not run into any future problems with the online service.

However, failure to update your records will result in account suspension. Please update your records on or before July 10, 2007.

Once you have updated your account records, your PayPal session will not be interrupted and will continue as normal.

calidan · Jul 24, 2007, 10:41 PM

Do any of you send those emails to spoof@paypal.com? I've sent several but I don't know if that helps any. i do get a response back from PayPal saying the site isn't legit.

GutterPunk · Jul 24, 2007, 11:38 PM

Sounds like... who is visiting your myspace scam. hah

Zelig · Jul 25, 2007, 12:32 AM

Opera has phishing prevention too, although it's disabled by default, it can be enabled for all sites, or run on a site by site basis.

brutusmaximus · Jul 25, 2007, 12:37 AM

the msn blog.info site is a scam but its not a malicious scam, they don't take over any account as all they are doing is logging into your MSN account and sending out random user messages to your contact list to visit their site. its a hit making project, the code isn't there to follow anything else up. solution is to change the password.

Moral of the story? never keep your passwords the same and don't follow microsoft's ludicrious ideals of having your email, live, 360 passwords all the same. if you keep your windows/MSN messenger password as a different password, anyone getting it basically has very little access to anything.

Also i think by now its common sense to never click a link from email to a website in the attempt of logging in.

Simple precautions? antivirus client, mailwasher pro, hardware firewall and a few anti spam programs (I followed the advice of zardon in another thread and installed superantispyware and found it to be by far the best program, especially the pro version which has preemptive blocking amongst other things).

Quite a lot of this is down to ignorance/arrogance. the former I can understand, the latter? is shameful. It is like the guy who has no antivirus client installed yet claims nothing is wrong or "on" his machine. a friend of mine is like this. I was around to his house and i was using his high end pc which seemed sluggish to me, after much persuading he let me install superantispyware and found 3 malicious apps in memory, 256 resident and another 123 waiting for the right time. He went quite the shade of red, I can tell you. Most of this is caused by people who download email directly into an app like outlook and have no antivirus client to monitor this. It is simply insane, if you utterly loate antivirus clients then use mailwasher and weed it out BEFORE you download it. With programs like avast (the free client is good too), there really is no excuse for basic cockups like this.

RobertBruce · Jul 25, 2007, 02:07 AM

9/10 I missed the obvious bofa page. damn.

OmegaRED · Jul 25, 2007, 03:48 AM

Damn...I think I used that site once before.

changes password

Phew! If I lost my hotmail access I'd never be able to email my full name, address and phone number to OLA JIMOH from the Bank of Africa. He's got 30 million bucks in an abandoned account and I'll get 30% of it!

franguinho · Jul 26, 2007, 03:28 PM

great article!

got 8/10 quickly here at work and i've yet to fall for one of these but i remember using a legit msn blocking website a couple years ago (or maybe it was a scam, but at least they were nice enough to tell me who had blocked me

)

bstef9950 · Jan 1, 2008, 06:49 PM

I also received a fake E-mail from paypal recently also.This one told me that it had put a temp hold on a transaction from the Middle East and i should log in and confirm or cancel it.The prob here was it also was sent to another of my E-Mail acct's not the right one.I even got one from my bank Chase asking me for info but it was also on the wrong E-Mail acct.You really have to be carefull with what you answer+who you give info 2.

Jul 24, 2007, 07:36 PM	#1
WhO_KnOwS The Knows Mister Join Date: Jul 2003 Location: Slovenia, Europe Posts: 409 Rep Power: 55	DH Blog: Something smells phishy None of you would ever get tricked into giving away your info to a phishing site. At least that's what you think. With scams becoming more elaborate by the day, it's only a matter of time before you give away something you'd rather not. _______________________ Read how this almost happened to me here __________________ How you can help DriverHeaven by using Digg!

Jul 24, 2007, 09:38 PM	#3
The_Neon_Cowboy HardwareHeaven Extreme Member Join Date: Dec 2002 Location: U.S.A. Posts: 16,009 Rep Power: 90 System Specs	I think I know someone who must of ran into that. AS it sent me a message advertising their site from their account in a foreign language . I looked at it and said, enter my password? my email? to find out who blocked or removed you on Msn messenger. Checked the whois ran by a private guy in a foreign country righhhht, no thanks. Problem is not only could they have gotten your contact list. They "can" download every stored email in minutes regardless of the password change until they "disconnect". a password change just mean they can't connect "again" with the new password. Meaning they have what ever emails you have received or sent saved. passwords, logins, confidential information etc... anything you may keep saved in your account. all they have to do is connect not via the web interface but the readily available MS outlook and they log in just like an pop email server. When the password changes it doesn't take affect until they effectively log out or time out due to inactivity. The thing is once their in they could of changed your contact info, secret question and/or password. effectively taking over the account or loaveing it open to get back in later. Short of MS having some sort of backup or you subscribing to a premium account this would be hard to prove. As for your paypal experience paypal does save the last user name used, via a cookie in your browser so a failed login it still would maybe still saved. From you last login " attempt. Not necessarily that it was a different site you tried to log into. the matto is NEVER fallow email links to any site, type them in you selfs. As many tricks just have html in the email that makes say www.paypal.com mouse over the link thouigh a note the adress displayed in the bottom bar of IE a made of adress myfakescamspoofsitethatstealsyourstuff is displayed. usealy it a simular stite like paypal.biz.uk or something of the sort is what they use. make sure to use strong passwords too and change them at lest once a year... the weaker the password the more often it should be changed. the scams are everywhere.... 15 years and I've yet to fall for something like this mostly because I'm rightfully over paranoid __________________ Last edited by The_Neon_Cowboy; Jul 27, 2007 at 04:41 AM.

Jul 24, 2007, 10:35 PM	#5
Tipstaff HardwareHeaven Extreme Member Join Date: Jul 2002 Location: Real capital of Canada: Torauna Posts: 6,658 Rep Power: 187 System Specs	What a coincidence that you should get hooked by an email that I too got, but didn't think twice about since it was sent to my gmail account. Thing is my PayPal account is tied to another account, so there's no way this would be legit. Instant tip off. The second one.. the email was from tp-paypal@GMAIL.COM. Yeeeaah.. I'm sure PayPal, with all their billions of dollars, needs to be using Gmail for their mail needs. BTW, Peter, is this the email that you got (I've witheld the link that was at the bottom of the page)? ______________________ Dear valued PayPal member, It has come to our attention that your PayPal account information needs to be updated as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website. If you could please take 5-10 minutes out of your online experience and update your personal records you will not run into any future problems with the online service. However, failure to update your records will result in account suspension. Please update your records on or before July 10, 2007. Once you have updated your account records, your PayPal session will not be interrupted and will continue as normal. __________________ Portal: The Flash Version _________________________________ Brain: So, you sacked the cocky khaki Kicky Sack sock plucker? Mr. Sackett: The second cocky khaki Kicky Sack sock plucker I've sacked since the sixth sitting sheet slitter got sick.

Jul 24, 2007, 11:38 PM	#7
GutterPunk I = Greatest Dood Join Date: Nov 2003 Location: Nebraska Posts: 5,949 Rep Power: 70	Sounds like... who is visiting your myspace scam. hah __________________ Rock On \m/ Thank you Mousey for the Sig! --------------- Intel Core2Duo E6660 (3.4GHZ) ~ Tuniq Tower 120 ~ Enermax Galaxy 1000W ~ Corsair Dominator @ 1090MHZ 5-5-5-15 (OCZ XTC Modded Cooler)~ EVGA 8800GTX W/ HR-03 Plus 120MM ~ Asus DVD-RW LiteScribe ~ LG DVD-RW ~ Corsair Voyager 2GB ReadyBoost Drive ~ Vantec Nexus Fan Controller ~ ThermalTake Armor 25CM fan ~ Personal Finance Blog: Dent Your Debt

Jul 25, 2007, 12:32 AM	#8
Zelig HardwareHeaven Extreme Member Join Date: Jun 2003 Location: Canada Posts: 3,187 Rep Power: 69 System Specs	Opera has phishing prevention too, although it's disabled by default, it can be enabled for all sites, or run on a site by site basis. __________________ --

Jul 24, 2007, 10:21 PM	#4
calidan Frozen in Carbonite Join Date: Mar 2003 Location: Kansas City, MO Posts: 1,409 Rep Power: 57 System Specs	I do my best to not use links in emails from Paypal and the likes. Since I have the sites bookmarked there is no reason for me to click on those links. That's probably the best way to avoid fraudulent sites.

Jul 24, 2007, 10:41 PM	#6
calidan Frozen in Carbonite Join Date: Mar 2003 Location: Kansas City, MO Posts: 1,409 Rep Power: 57 System Specs	Do any of you send those emails to spoof@paypal.com? I've sent several but I don't know if that helps any. i do get a response back from PayPal saying the site isn't legit.

Jul 25, 2007, 12:37 AM	#9
brutusmaximus DriverHeaven Senior Member Join Date: Apr 2005 Posts: 520 Rep Power: 74	the msn blog.info site is a scam but its not a malicious scam, they don't take over any account as all they are doing is logging into your MSN account and sending out random user messages to your contact list to visit their site. its a hit making project, the code isn't there to follow anything else up. solution is to change the password. Moral of the story? never keep your passwords the same and don't follow microsoft's ludicrious ideals of having your email, live, 360 passwords all the same. if you keep your windows/MSN messenger password as a different password, anyone getting it basically has very little access to anything. Also i think by now its common sense to never click a link from email to a website in the attempt of logging in. Simple precautions? antivirus client, mailwasher pro, hardware firewall and a few anti spam programs (I followed the advice of zardon in another thread and installed superantispyware and found it to be by far the best program, especially the pro version which has preemptive blocking amongst other things). Quite a lot of this is down to ignorance/arrogance. the former I can understand, the latter? is shameful. It is like the guy who has no antivirus client installed yet claims nothing is wrong or "on" his machine. a friend of mine is like this. I was around to his house and i was using his high end pc which seemed sluggish to me, after much persuading he let me install superantispyware and found 3 malicious apps in memory, 256 resident and another 123 waiting for the right time. He went quite the shade of red, I can tell you. Most of this is caused by people who download email directly into an app like outlook and have no antivirus client to monitor this. It is simply insane, if you utterly loate antivirus clients then use mailwasher and weed it out BEFORE you download it. With programs like avast (the free client is good too), there really is no excuse for basic cockups like this. __________________ Last edited by brutusmaximus; Jul 25, 2007 at 12:44 AM.

Jul 25, 2007, 02:07 AM	#10
RobertBruce HardwareHeaven Addict Join Date: Jun 2005 Posts: 255 Rep Power: 44 System Specs	9/10 I missed the obvious bofa page. damn.

Jul 25, 2007, 03:48 AM	#11
OmegaRED Relapsed Gamer Join Date: Oct 2002 Location: Ottawa , Canada Posts: 5,624 Rep Power: 171 System Specs	Damn...I think I used that site once before. changes password Phew! If I lost my hotmail access I'd never be able to email my full name, address and phone number to OLA JIMOH from the Bank of Africa. He's got 30 million bucks in an abandoned account and I'll get 30% of it! __________________ E Penis Specs: <------------- See System Specs

Jul 26, 2007, 03:28 PM	#12
franguinho Brazilian Fool Join Date: May 2002 Location: São Paulo Posts: 3,380 Rep Power: 0	great article! got 8/10 quickly here at work and i've yet to fall for one of these but i remember using a legit msn blocking website a couple years ago (or maybe it was a scam, but at least they were nice enough to tell me who had blocked me ) __________________ The Aliens mostly come out at night... mostly...

Jan 1, 2008, 06:49 PM	#13
bstef9950 -=[DHzer0point Team]=- Join Date: Jun 2003 Location: Chicago,IL Posts: 21 Rep Power: 0	I also received a fake E-mail from paypal recently also.This one told me that it had put a temp hold on a transaction from the Middle East and i should log in and confirm or cancel it.The prob here was it also was sent to another of my E-Mail acct's not the right one.I even got one from my bank Chase asking me for info but it was also on the wrong E-Mail acct.You really have to be carefull with what you answer+who you give info 2. __________________