Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

E-Mail phisher captured


  • Please log in to reply
17 replies to this topic

#1 EdBee

EdBee

  • Members
  • 208 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 12 November 2004 - 12:32 PM

Posted Image
To get you all started!-nobody, I mean nobody has called me "darling" lately--I count about 14 grammar, punctuation, syntax and verbiage miscues on this short phish.

But, I suppose, the bait doesn't need to be that good to get results--

Edited by EdBee, 12 November 2004 - 12:43 PM.

EDBEE from NMUSA- RENOWNED MALWARE FIGHTER AND SWORN ENEMY OF ALL INTERNET HIJACKERS

BC AdBot (Login to Remove)

 


#2 Scarlett

Scarlett

    Bleeping Diva


  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:09:17 PM

Posted 12 November 2004 - 12:42 PM

Link does not work. You could copy the img. tag from your Photobucket Album, then paste it in the reply box.




Darling :flowers: :thumbsup: Who do they think they are kidding. A professional legit notice would never start like that. :trumpet:

Edited by scarlett, 12 November 2004 - 12:46 PM.

Posted Image

#3 EdBee

EdBee
  • Topic Starter

  • Members
  • 208 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 12 November 2004 - 12:44 PM

I think I got it fixed--but, remain confused! :flowers: :thumbsup:
EDBEE from NMUSA- RENOWNED MALWARE FIGHTER AND SWORN ENEMY OF ALL INTERNET HIJACKERS

#4 Scarlett

Scarlett

    Bleeping Diva


  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:09:17 PM

Posted 12 November 2004 - 12:47 PM

Lol It is awful big. But hey it works. How are u confused? I do not have much time. Cab will arrive in 10. Scratch that. It is here already. Better early than late. :thumbsup: I'll check in this eve.

Edited by scarlett, 12 November 2004 - 12:49 PM.

Posted Image

#5 JEservices

JEservices

    helping hand


  • Members
  • 1,700 posts
  • OFFLINE
  •  
  • Location:Texas
  • Local time:08:17 PM

Posted 12 November 2004 - 01:15 PM

I am an Earthlink customer as well and get these all the time.

Oh wait, this is a game on how many errors there are right?

How about how many flags that make this bogus?

Starting from the top:

-There should be a space between Earthlink and Passwords (common trick to prevent a filter from catching it)
-Passwords should not be capitalized
-Information should not be capitalized
-It should have your E-mail addy in the to field
-Suspended should not be capt.
-Darling should not start the letter
-services should not appear
-no dash between email and address (common trick again)
-the statement saying not to reply to this
-just mentioning about stolen identities is at least a caution flag
-prologation means they want you to do something before you research it
-they want you to identify yourself online, even though they just cautioned about stolen identities
-"do something fast, before we terminate your service" is one of the biggest flags
-I will even be willing to bet that your particular link will go to a ligit 'looking' site.
-also notice that every instance of Earthlink, does NOT have a space after it. It is the same common trick

The one clue that flagged me immediately after the first one I got, was that it actually asked for me to verify my credit card information and had an attachment. Good luck on tring to get anything out of that one. When I initially signed up, I used a pre-paid credit card, that I canceled shortly after.

But, I suppose, the bait doesn't need to be that good to get results--



As sad as it sounds, you are 100% correct. In the reasearch that I have done, nearly 80% fell for this exact same E-mail. Over a month has past, and they are still cleaning up their system.

You do bring up an excellent point though. To ANYONE who receives something from their ISP, DO NOT reply or click one of the links. Call your ISP directly and ask them if they need the information.
We are all curious like a cat. We wonder, we ask, we learn.
Please post back when a suggestion works, so that others may learn.

#6 EdBee

EdBee
  • Topic Starter

  • Members
  • 208 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 12 November 2004 - 01:37 PM

Jason, you missed a couple,

Apparently they want me to take exactly 5 minutes (no more or less) to fill out the form. Also "result in a halt of your service" should be "halting"
How about "to suit the future prolongation of account billing"--WHAT the hell does that mean? bizzare

First paragraph--what is the "just" department?? Dept of Justice?

Explain to me about the lack of spacing after "earthlink" What does that cause??

Also, I thought the dash bet E-mail and address was just stupidity-what is the trick behind this?
We may yet become E-mail detectives!!!!
EDBEE from NMUSA- RENOWNED MALWARE FIGHTER AND SWORN ENEMY OF ALL INTERNET HIJACKERS

#7 EdBee

EdBee
  • Topic Starter

  • Members
  • 208 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 12 November 2004 - 01:43 PM

Scarlett,

Thanks for your input--I guess I can just copy and paste the "img" line from photobucket onto the post (where I'm typing now) correct? hopefully. next time I'll remember!--- :flowers: :thumbsup:
EDBEE from NMUSA- RENOWNED MALWARE FIGHTER AND SWORN ENEMY OF ALL INTERNET HIJACKERS

#8 JEservices

JEservices

    helping hand


  • Members
  • 1,700 posts
  • OFFLINE
  •  
  • Location:Texas
  • Local time:08:17 PM

Posted 12 November 2004 - 01:51 PM

Explain to me about the lack of spacing after "earthlink" What does that cause??


When I get the first one, and I see that it is junk, I may put a few of the words in the filter, for it to immediately go into the trash. One of those words would be Earthlink, in this E-mail. By not putting a space before and after the word, the filter will not really see it. It is looking for exactly "(space)Earthlink(space)", so it does not see that EarthlinkPasswords and Earthlink,(note no space before the comma), is not exactly the same thing. In the salutation, Darling Earthlink services..., if you did a message source of the E-mail, you will find that there is actually a hidden character for the space. Again, to fool the filter.

Also, I thought the dash bet E-mail and address was just stupidity-what is the trick behind this?


That trick is similar. If I wanted my filter to delete any E-mail that had "E-mail" in it, then the "typo" would circumvent it. If you think about it, if any message had E-mail in the text, then it is likely asking you to either verify your own(like calling your phone to verify your home number... :thumbsup: ) or having an opt-out this message, by clicking "this E-mail", which you would not do anyway.


Have you ever noticed that most junk E-mail has random words preceeding the message? That is meant to by-pass the filter as well, in a reverse kind of way. From my understanding, there is actually a program that will automatically produce random words before the actual message. Some filters will only filter a certain number of words, and then it stops. That junk would therefore, get though the filter.

Edited by JEservices, 12 November 2004 - 01:52 PM.

We are all curious like a cat. We wonder, we ask, we learn.
Please post back when a suggestion works, so that others may learn.

#9 EdBee

EdBee
  • Topic Starter

  • Members
  • 208 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 12 November 2004 - 02:21 PM

Hey thanks Jason,

I am on my way to becoming an E-mail detective!!!! :flowers: :thumbsup:
EDBEE from NMUSA- RENOWNED MALWARE FIGHTER AND SWORN ENEMY OF ALL INTERNET HIJACKERS

#10 JEservices

JEservices

    helping hand


  • Members
  • 1,700 posts
  • OFFLINE
  •  
  • Location:Texas
  • Local time:08:17 PM

Posted 12 November 2004 - 02:41 PM

No problem

It is nice to have another person in the fight against everything negative on the internet. I have a feeling that we are outnumbered :thumbsup:
We are all curious like a cat. We wonder, we ask, we learn.
Please post back when a suggestion works, so that others may learn.

#11 TexasAngel67

TexasAngel67

    Bleeping Helper


  • Members
  • 1,551 posts
  • OFFLINE
  •  
  • Location:Fort Worth
  • Local time:10:17 PM

Posted 12 November 2004 - 03:18 PM

Hope y'all don't mind my 2 cents.

I had Earthlink (and Mindspring before Earthlink took it over) and when I was between computers, I cancelled my service. I am one of the misfortunate customers that was taken for a ride. Just because I cancelled the service by calling the 1-800 number and even getting the runaround about "may I ask why you are cancelling?", "why not remain with us until you get another computer?", GEEZ! But anyway, he assured me it was no problem and it was in the system that I cancelled the service and I'd no longer be billed. Little did I know, upon close inspection of a future bank statement several months later, I was STILL being charged. No matter what I said to them, it meant nothing and I was taken. The best the idiot on the other end could do is prorate me credit for the remainder of that particular month. I never went back to them, obviously.
Their filter must not be so great for that to happen, seemingly it's an ongoing epidemic issue. When I hear about this email customers are getting, it seems it is always AOL or Earthlink.
I have AT&T dialup and I have never been happier, even when I had cable internet. First of all, Charter Cable stinks. I always had problems with connectivity and outages and never got a penny credit. Once, I even went without service for 5 days because that was the soonest they could get to me. No credit. Nothing. Once they fixed the problem (in the neighborhood, not my computer or my house), I kept the service til they disconnected it for nonpayment. I wrote them a letter with my final check and that was the end of it.
Anyway, AT&T has been awesome. I always connect with the fastest speed, always. I never get disconnected and downloading isn't a nightmare. No contract, no credit card, no harassment, nothing. Nothing but outstanding service, online and offline. For $11.95/mo right on my AT&T bill, how could you not be happy? I have never once gotten any spam in my email, not one. They even have a great website. Check it out if you have time.
I feel bad for people with different ISP troubles and complaints. I understand you are not sick and fed up or anything. It's just a Spam email you got. But, at least for me, AT&T dialup is fabulous. No complaints.
Also, as far as getting through email filters, there are a lot of tricks. I have an Excite email account that I've had for years and it's the WORST but the 100MB inbox is rather nice. Great until I learned about gmail, lol. Everything gets through to Excite. And I don't even mean junk mail. This is with your inbox too. They bypass it by using extra letters in the subject or 'real names' in the sender's name. So, it could look like this...

Tracy Jones Subject: Re: (or Fwd:) See Brittney gannggrappedd!

Of course, anyone with a brain would know not to open that but they are getting in, nonetheless.
Finally, if anyone here reads this and isn't happy with their ISP, consider going through your phone company. Easier to go right to the source of any problem when it's the phone company that has to check out your wiring and lines, etc... Plus, it goes right on your bill and it's half the price of the others.
My brother had wmconnect (Walmart) and the dial up stinks royally, let me tell ya, at least it did for him. $10/mo but uploading websites and such took forever with a brand new great computer. That also required a credit card or debit card. He went to MCI, they gave him a great deal and he's really happy.
I'm sure it all depends on the company and where you are located and I'm sure there are people who may not have been happy with their phone companies also. But if you aren't happy, it's worth looking into, I'd say. I'm all for convenience, esp if it works great.

~67~

P.S. There really should be some email detectives out there. The ISP's sure aren't doing it!

#12 Bluie

Bluie

  • Members
  • 160 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Here OR there
  • Local time:07:17 PM

Posted 12 November 2004 - 03:53 PM

TexasAngel do you really want your ISP to decide what mail you should receive? Just read a shout about a Canadian ISP that has been "censoring" their clients mail. Where is the line between stopping bad mail and censoring all mail? Who is to decide? Only you know what you want to receive. Maybe that Brittney thing :thumbsup: ... well never mind that one.

Even Verizon (local phone co & DSL connection) is targeted. The letter asked me to verify the charge card number and I do not use a charge card number. When I called Verizon customer service the dude working there had NEVER HEARD of Phishing scams. Super. Finally got through to the DSL service people and they had a routine report for it.

TIP: Do not use a simple email name. The scam artists use an automatic mail list generator which simply address to every possible spelling of the simple name including putting numbers after it. I have two Verizon email accounts the one with the long complicated name never gets hitm the other with a simple name gets hit about once a week.

PS Please don't count the typos in this post. And all spelling and grammer errors are typos :flowers:

#13 EdBee

EdBee
  • Topic Starter

  • Members
  • 208 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 12 November 2004 - 04:54 PM

Thanks all with the little insights--about Walmarts ISp--I have had their disk-was thinking of saving the $10 dif between Walmart and Earthlink-NOOOOO!-also re: using using complicated names to help reduce the phishers access. My EL name is basically an abbrev of my name. This was done in earlier, no problem times. One thing for sure when you deal with someone about some product and you give them your E-mail address it most likely will be sold. Not necessarily by the company, but by some little weasel at the company writing down every E-mail address he comes accross. Like moonlighting: the company probably doen't care that much because the little weasel/sob is probably doing a good job at min wage!! :inlove: :flowers: --note to Grinler: pls move ranting smiley to the clickable Smilies window :trumpet: :thumbsup:
EDBEE from NMUSA- RENOWNED MALWARE FIGHTER AND SWORN ENEMY OF ALL INTERNET HIJACKERS

#14 TexasAngel67

TexasAngel67

    Bleeping Helper


  • Members
  • 1,551 posts
  • OFFLINE
  •  
  • Location:Fort Worth
  • Local time:10:17 PM

Posted 12 November 2004 - 05:10 PM

Bluie,
I hear what you're saying but for me personally, I don't want anything from anyone that I don't know. Hotmail is great, the best filter I've seen so far. I'm still getting used to Gmail so I can't say much about it yet. With hotmail, I use the filter that keeps out ALL emails that are NOT from the people on your contact list. This suits me perfectly. I am not interested in those 'facelifts in a bottle' or 'increase 3" in your bust or manhood in less than 30 days' or 'Brittney with her dog Rated XXX' and etc... (Okay, ya had me laughing hysterically at your comment about that one, lmao).
I use Hotmail strictly for close friends and family. Until I know you better, I will give out my Yahoo or Excite addy.
I don't mean to be crass here but with all the Spam, viruses, threats, junk, spyware, and criminals out there, I'll just stick to a better filter. But, I'm with you, Ed, it was nice when we could create email accounts and screen names that weren't so difficult. Gone are the days of 'Bob42' and 'PandaBear'. Gone are the days when we could just figure out Spam and Junk from the good ones. Now, the threats lie with what appear to be good emails from good people. Or just having an instant message with a good friend or relative.
Incidently, I also never use AIM. I'm confused as to how AOL raves about their safety controls and parental controls and Spam blockers when they can't control their instant messenger program to keep users safe. And those emails that are the topic of this thread are rampant in AOL as well.
You hit it Ed, those weasels with the minimum wage jobs are sure doing a job on everyone, aren't they?

#15 EdBee

EdBee
  • Topic Starter

  • Members
  • 208 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 12 November 2004 - 05:39 PM

Yes, the internet has attracted many many robbers worldwide who are looking to pry upon wealthy (us) Americans. You don't believe we are wealthy? The E-mail that I received I'm sure came from somewhere in Asia. I've been there. I remember once (over there) that it was certain any fat person was for certain wealthy because thats the way it was-starving,struggling people dont get FAT. All Americans were/are wealthy and worthy of trying to rob. Imagine a 6ft tall blonde person walking thru the crowded street in the slums of an Asian city--a target ,you bettcha! That's why we are hated (and envied) we have it all and we have the opportunity in our great country to get more. People in some of these countries don't have the opportunity for anything except to be born and die (sooner than later). I think of those poor people in Dafur (Sudan) daily. I rant and I rave--sorry if you have made the mistake of reading this--Now, suddenly my clickable smilies(to the left of this window) are dancing and cavorting about. Could it be they are in agreement with what I have just written?? Maybe they wish to become my friends (only)--I will be kind to them-- I promise
EDBEE from NMUSA- RENOWNED MALWARE FIGHTER AND SWORN ENEMY OF ALL INTERNET HIJACKERS




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users