Showing posts with label phishing. Show all posts
Showing posts with label phishing. Show all posts

Monday, 14 July 2008

Spammers target web nerds with Homer's email address

Now most spamming, even clever spamming, tends to reek of spam to even fairly innocent web users. But this recent scam reported on the Register (full details of the scam) about using a screenname from a Simpsons' episode, that was originally in use by none other than writer/producer Matt Selman, was particularly crafty.

I'm actually quite impressed with the ingenuity of these spammers but they've fallen at the last hurdle by picking on someone their own size!
  1. They've thought of a really clever way of contacting people where the person is likely to trust them and they can send them a personal message without it being picked up by a spam filter.
  2. Then they've sent them a message advertising a 'web only' Simpson's episode that links to spam.
  3. What they forgot was that the only people who watched this episode and then added chunkylover53 to their buddy list were nerds!
Don't target the most streetwise web users around. Nerds talk to each other on forums, they check before they click, and then they post blog articles (and another) about it to warn others.

You need to be targeting the elderly and the young, not walking up to 15 rugby players and asking for a fight.

I've always wondered why such technically adept spammers don't earn big money working for IT firms, now i know why. D'oh!

Related posts
7 top tips to avoid email spam, phishing and fraud
Posted by at No comments:
Labels: ,

Saturday, 8 December 2007

7 top tips to avoid email spam, phishing and fraud

As the web gets more sophisticated so does phishing (fraudsters trying to gain your personal information through masquerading as a trusted source).

One of my colleagues recently received the below spam/phishing email:
Date: Thu, 6 Dec 2007 19:18:58 +0800
From: Mars.zhou@netinchina.org.cn
To:
Subject: Domain names of Shedshow (to CEO)

Dear CEO,

We are the domain name registration organization in China, which mainly deal with international company's in china. We have something important need to confirm with your company.

On the Dec5, 2007, we received an application formally. One company named "Jufeng Holdings Limited" wanted to register following

Domain names:

shedshow.cn
shedshow.com.cn
shedshow.com.hk
shedshow.com.tw
shedshow.hk
shedshow.mobi
shedshow.net
shedshow.net.cn
shedshow.org.cn
shedshow.tw

Internet brand keyword:

shedshow

through our body.

After our initial examination, we found that the keywords and domain names applied for registration are as same as your company's name and trademark. These days we are dealing with it. If you do not know this company, we doubt that they have other aims to buy these domain names. Now we have not finished the registration of Jufeng company yet, in order to deal with this issue better, Please contact us by telephone or email as soon as possible.

Best Regards,

Mars zhou

China Net Technology Limited
Tel:+(852)-3059-3057
Fax:+(852)-3059-3080
Email: Mars.zhou@netinchina.org.cn

Web: http://www.netinchina.org.cn
A quick web search on some of the sentences within this email revealed other people who'd received this and replied, in many cases with quite shocking results (read the article comments). This forum also linked to in the above article features more people who've encountered this particular scam.

But what if you don't realise it's spam? In fact before this email was brought to my attention one of my colleagues had replied (any further emails i receive from these scammers i will be ignoring and deleting).

It's very easy to get duped. So, 7 top tips to avoid being scammed:
  1. Do you know the company / person emailing you?
    • If you answer 'no' to this question then this is where you should question the email's credibility.
  2. Do some research - the first hit i found on Google for "China Net Technology Limited scam" was somebody who'd received the same email.
  3. Does the email ask you to take action / spend money? - if 'yes', beware
  4. Can all the information they've included in the email be gained without knowing you? - if 'yes', beware
  5. Speak to people you know - if the email talks about domain names then contact your domain provider. If they ask for bank details contact your bank (using the number you know, not the number that may be in the scam email). If they ask to confirm your Paypal details contact Paypal (again not from links in the spam email but via the Paypal website).
  6. Beware lookalikes - It's very easy to make something look genuine online, for example a scammer could buy lloydstsb.org (as opposed to the real lloydstsb.com) to pretend to be your bank.
  7. Calm down - it may seem obvious but a genuine bank request or a genuine domain enquiry won't ask for immediate response and won't do so buy email, more likely than not they'll go through more official channels and post a letter to your home address or alert you when you log in to your ebanking or domain account (again using the URL you know NOT one in an email).
Related posts
Spammers target web nerds with Homer's email address
Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)