Posts Tagged ‘phishing’

Just a little PSA from Munkin Arts LLC

Monday, June 21st, 2010

Hi folks!

Do you love email? Sure, we all do.

But it’s important to use email safely.  That’s why we here at Munkin Arts LLC wanted to share this important message with you, our earnest readers.

Recently a new exploit has cropped up in the ever expanding attempt to infect your computer with viruses.

Email messages are coming in saying that you need to complete an order at bluemountain.com, an online virtual greeting card company.   Or in another example, I received this message saying  my account was set up, but I need to log in to complete the process.

Thank you for becoming a member on our site

You have entered your email address and screen name:

Email: tom@[REDACTED]
Screen name: boosas05

Please login with the password you created.

In order to complete the free membership process, you must click on the attached link to activate your account:

You will have 30 days to confirm your registration or you will need to re-register on the site.

There are a few problems with this.

  • I never use my home address to sign for web sites
  • There’s no mention of what site it’s actually for.   The email came from boosas05@raschella.com, which you’ll notice happens to also be the password they sent.
  • I’d never do any business that emails a username and password combination in one email.

Being a smart user, I saved the login.html attachment locally, scanned it with the virus software, then opened it in notepad to have a look.

The html is a mess, but it takes you to some URL no one has ever heard of or would have construct on their own.

So in conclusion, if it looks suspicious, don’t double click it.

Have a great day!

Tags: , , , , ,
Posted in computers | Comments Off

A new, and almost clever scam

Tuesday, March 23rd, 2010

I got this in my Yahoo! mail today.   I recognized how ridiculous it sounded and how poorly executed it was, but if someone you love that may not have their wits about them uses this mail service, give them a gentle tip off.

The brilliance of this one is that it goes to?  A Yahoo.com address.  So maybe it is from corporate, right?   No. I have a yahoo.com address I use as a spam trap, but I certainly don’t work there.

Nice try!

Nice try!

Tags: , ,
Posted in looney | Comments Off

Dear Phishermen

Wednesday, February 3rd, 2010

If you’re going to take the time to rip off Bank of America’s graphics and email template, and even figure out how to place a Registration mark in an odd place, at least have the good sense to buy a cheap domain that *might* fool someone into clicking your log in link.

Here’s one example from a message in my spam trap:

http://chavdaphotographers.com/gallery/online.bankofamerica.com/

online.bankofamerica.com/ccss-rva.bankofamerica.com/ccss/102%26target=
acctOverview%26acid=1%26os/SSOEntrypageid=102%26target=
acctOverview%26acid=/onlineid-sessionload/signon.do/

Three free bits of advice, take them for what you will:

  1. Don’t ever click a log-in link from an email.  Go to the site in question and log in correctly.
  2. In many cases, if you move your mouse over a link you can see the destination in the browser’s status bar.  At best it should direct you to the actual site you think it’s heading towards.   Just be wary of bankoffamerica.com or bankofameirca.com   Two misspellings that look so similar to the real thing you might be fooled.
  3. Be wary of bit.ly and other types of shortened links in email.  You can’t see the destination of where they’ll take you, it’s best just not to click on them.

    Tags: , , ,
    Posted in looney | Comments Off