Tag Archives: phishing

Phishers of men

By Tom B. Taker on | 10 Comments

Holy carp! These phishermen are master baiters!

Musical interlude for this post: Fishers of Men by Rhonda Vincent.

Something amusing has happened at work. Twice. It made me chortle.

It all started when we got locked out of our Amazon.com merchant account. For a couple of days there, we couldn’t get inside our own online store!

It turned out that the boss had fallen for a phishing attempt. Wow. I don’t think I’ve ever personally known anyone who’s accomplished that before. Literally.

In case you’ve been living under a rock, phishing is the act of attempting to steal usernames, passwords and other personal information via email (and other means) masquerading as official communications. The goal is to lure victims to web sites that look official but were only designed to get people to enter their username and password for popular web sites, such as banks, eBay, Amazon, World of Warcraft, etc. These industrious phishers leave no stone unturned.

In the good old days, phishing was laughably easy to detect because it was so poorly composed, contained errors, and would contain many examples of Engrish, like, “All your base are belong to us.

Here’s an example of a poorly written phishing attempt:

Dear Customer, your aion account suspected fraud. Will be cancel within 24 hours. Fraud Evidence: many times in the game using the game chat function induced to provide the game to deceive the other players offer accounts and passwords.

If you do not fraud, as soon as possible to verify your account login http://www.worldofwarcraft.com.

Blizzard Customer Service Separtment.

“Aion?” I can’t even being to guess. 🙂

Come on now. Let’s be serious for a moment. If you received something written like that for your Bank of America checking account and you fall for it, you don’t really deserve to own your own money, do you?

Lately, however, these phishermen have ramped up their game. As usual, there is money on the line, and it has proven cost effective for them to improve their English grammar and create emails that look more like the real thing. The one I saw recently looked extremely well-written, professional, and contained no obvious errors of any kind. They did a really good job.

BTW, I struggled with the word “phishermen” here and the word “men” in the title, too. It’s not gender friendly, in my opinion, and something I generally try to avoid. But “phisherpersons” doesn’t roll off the tongue in quite the same way. So for now I guess I’m stuck with it. My apologies.

In other words, if you fail to remain vigilant and on your toes, even those of us who are already well aware that phishing exists may still get taken in. Like my boss.

Yes, the boss fell for a phishing attempt and gave up the username and password for our Amazon.com merchant account. The phishing email had a compelling psychological comment that turned out to be an effective lever on the boss. It said that our selling privileges on Amazon.com had been suspended because of negative feedback. Boy, did they know what level to pull on him! You can bet your ass the boss fell for that one and clicked the fake link faster than you can say, “Please, take our money. Here, take it!”

Surprise. The next morning we couldn’t log into Amazon.com account. It turns out that once they have your login information, the very first thing the bad people do is change your password to lock  you out of your own account. Good times.

Two days later Amazon.com sorted out the mess for us and restored our access. We changed our passwords and all is well.

The interesting thing here is that the boss is supposed to be a tech-savvy kind of guy, yet he still fell for it.

Cue the entrance of Boy Wonder. This is a guy I’ve never met who is partnered with the boss. He lives somewhere across the country. He’s supposed to be some kind of tech genius, literally a boy wonder of the online world. He sits at the right hand of the boss in the first chair position while my meager IT knowledge and skills are relegated to second fiddle.

You can guess what happened next, right?

Yup. A couple weeks later, Boy Wonder fell for that same phishing email, too! Even better, he didn’t realize it, even after he gave up our usernames and passwords. He had no clue.

At first we thought we were safe, because Boy Wonder said he never clicked any links in the phishing email. If true, that means we avoided exposure.

Turns out though, that Boy Wonder, thinking he was being clever and safe, had copied the links and pasted them in his browser.

The boss had to break the bad news to him. That’s exactly the same thing as clicking the link! The act of copy/paste does absolutely nothing to provide safety, especially when you are taken to a fake web site and then happily pound in our secure account information.

There are two very important aspects of phishing that you can remember to protect yourself.

  1. Links can be spoofed. By that, I mean that the way they appear visually may not be where they will really take you. For example, a link that says, “Amazon.com” could just as easily take you to the “StealAllMyMoney.com” web site. The only way to know for sure is to mouseover the link and find the real destination that is displayed somewhere else on your screen.
  2. Make sure you are on the genuine URL. Period. ebay.com is decidedly not the same as support-ebay.com. And that’s how they get you, by inventing a new domain name that looks and sounds legitimate. Most likely there is no such thing as marketplace-amazon.com, either. Make sure you are on the one and only official domain name or stop everything.

I have never fallen for a phishing attempt in my life. At my job that now makes me unique. I guess you could say I’m an endangered species. I will admit, however, that a couple attempts have been so good they made me look twice. But I was so suspicious they eventually failed. Eat that, suckers!

Let’s be careful out there, people! The reason phishing attempts continue, just like spam, is exceedingly simple. It’s because they work on some of the people some of the time. As long as that remains true, we’ll always have phishing and spam. Apparently somewhere in America is at least one more person who still wants to buy cheap pharmaceuticals online. Therefore the spam continues. They continue because it works and puts money in their pockets.

Chortle!

Posted in: fail | Tagged: , , , , , , , ,

They are out to get our web sites

By Tom B. Taker on | 4 Comments

Click to enlarge

The other day the Pleated Jeans blog was featured on WordPress’Freshly Pressed page. (Woot for them! They’ve gone someplace I’ve never been.) The post was one about cats entitled “Tweets From My Cat.” Obviously I went to take a look!

DANGER WILL ROBINSON! I received an alert in my browser that the web site was “suspicious.” You can see the ominous warning I received in the screen shot shown here.

What in the world was going on?

A feature advertising itself as “Check Point” was telling me the web site was suspicious. I clicked “read more” and was advised to “avoid entering sensitive data.” Mind you, not once did the Pleated Jeans blog ever ask me for any “sensitive data.”

Now this post really has nothing to do with the Pleated Jeans but I think that site got a really bum rap from this safety “feature” on my home computer. Pleated Jeans is a WordPress blog, just like mine, but it has its own domain name. So my security program considers it a different “web site” than WordPress.com (which is where my blog lives).

The “information” for pleated-jeanes.com from my security program went on to say:

  • Site is not a known phishing or spyware distributor
  • Site was first registered on 05/08/10 (less than 3 month) (sic)
  • Site is located in United States, North America

The alert window went on to say that I could get “immunity” from “this and other questionable sites.”

Yikes! Who’s Wheaties did Pleated Jeans piss on, anyway?

It turns out that this “Check Point” alert came from my installation of ZoneAlarm Free Firewall. A firewall is software (in this case) that allows you to specify what software on your computer can access the internet. (Firewalls can also be a physical device but that’s so hardcore I’ve never even seen one.) If a strange program tries to get on the net, the firewall will alert you and you can prevent the attempt if you wish. ZoneAlarm is a really cool program and I’ve always had it on my computers for years.

Here’s how a firewall typically works. You install a program like Microsoft Word. At some point during the installation your firewall will throw an alert and say, “A program identifying itself as Microsoft Word is attempting to access the internet. ALLOW or DENY?” Since you just happen to be installed that very same program it’s a good bet the attempt is legit. So you go ahead and click ALLOW.

On the other hand if you aren’t installing anything or doing anything out of the ordinary, you might see an attempt to access your computer. Since you don’t know who or what it is you can click DENY. (If it turned out to be something important you can always go back and change your mind once you know it is safe.)

This “Check Point” alert, though, is some kind of new thing that comes with ZoneAlarm these days. Apparently it works through me browser to alert users of “suspicious” web sites. What was the crime in this case? As far as I can tell absolutely nothing except for the fact that the Pleated Jeans domain name is less than three months old. That’s it!

What a bunch of bullshit. For having a domain name less than three months old Check Point is willing to throw the site under the bus and tell its users that the site is “suspicious.”

After years in ecommerce I can tell you one thing with a high degree of certainty. When non-savvy users see warnings like these they quickly void their bowels. They freak, hit the back button, close their browser and are too fearful to proceed. They freeze in their tracks and call their I.T. guy. The one thing they will not do is read the site and/or buy the product. They do this out of fear because they aren’t computer knowledgeable enough to know if the warning really means anything or not so they err on the side of caution.

Pleated Jeans had no history of doing anything bad, like distributing malware, spyware, phishing or anything else. They were simply “new.” I found myself wondering how many people saw the alert and exited without bothering to click the “read more” link and find out it was all a bunch of hooey about the age of the domain name? I’ll bet a lot of people panicked and fled. Too bad, because the post entitled “Tweets From My Cat” was funny as hell!

I’m glad I didn’t avoid such an excellent post simply because some lame feature was “warning” me their domain name was less than three months old!!

Posted in: fail | Tagged: , , , , , , , , , , , , , , ,