Checked my e-mail account. In an addition to the normal assortment of spam, porn comeons and ‘enlargement’ ads I see a post from “earthlink.net’ about an account problem. The e-mail links to an official looking page asking for detailed account and credit card information. Looked very official with earthlink logos, colors and similar formatting.
Seems legitimate until I thought about when Earthlink bills. So I call their accounts department, automated, and find my account is fine and the card was billed some time ago. Needless to say I didn’t provide any information to the spoofed page.
Called the rep from Earthlink and they say they are aware of the problem and advising not to give any information. Good advice. I wish, when I dial in, that Earthlink would have, in two inch high letters, warned its users clearly and in no uncertain terms. Fairly important this because you could easily have your bank and credit card accounts drained in a thrice if you get fooled.
I have seen other attempts at getting account information but this is the first, at least for me, that was believable. Be careful. In the spirit of the season there are some trying to play Grinch. Don’t get Grinched.
Replies
I had exactly the same thing happen....got an official looking Earthlink email saying my acct. was overdue because my credit card was denied. Well, I'd paid my bill about 2 weeks before with a check via snail mail, so I called customer service.
Thing is, at customer service, I never talked to a human....there was a recording that said something like "if you're calling in response to an email about an overdue account, ignore it because it is an illicit attempt at identity theft and was not prompted by Earthlink and blah, blah, blah."
I agree that these ISP's need to be a little more proactive about informing customers about this kind of crap!
These are the latest attempts at fraud - some call it phishing or something like that - it's pretty easy to fake a site's look, and there's a security issue with IE which allows them to fake the address to look official as well:
2 sources of info:
http://www.securityfocus.com/news/7626
http://www.wpuniverse.com/vb/showthread.php?s=&threadid=11930
_______________________
Tool Donations Sought
I'm matching tool donors to a church mission to Haiti - we're shipping a bus converted to a medical facility in January (we hope) and can fill it with clothes, tools and all sorts of stuff needed in that poorest of all countries. A few hand tools or power tools can provide a livelihood for an otherwise destitute family. Please email me if you have tools to donate.
Thanks to Jeff and David and Jim for their offers!
You can "fake" the web site address also.
I go one from "ebay". The address that you are supose to was something like http://[email protected] or something like that.
I forgot the exact details, but there are several methods used to allow overridiing of the url. So a quick glance at the url would make one think that it was for ebay.
These are also aim at AOL and a bank (Citibank I think).
While people with a list of email addy's know who use AOL or earthlink, but they don't know who has a Citibank or Ebay account. They are just sent blind and not limited to people that uses those services.
>>You can "fake" the web site address also.
The first link I gave talks about that, although apparently the fake only works in MS's IE, doesn't wok in Mozzilla or Netscape (I'm not sure about Opera.)
_______________________
Tool Donations Sought
I'm matching tool donors to a church mission to Haiti - we're shipping a bus converted to a medical facility in January (we hope) and can fill it with clothes, tools and all sorts of stuff needed in that poorest of all countries. A few hand tools or power tools can provide a livelihood for an otherwise destitute family. Please email me if you have tools to donate.
Thanks to Jeff and David and Jim for their offers!
No that works in in Mozilla and Netscape also. I assume that it will work in the others.
You need to put on both your inspectors hat and lawyers hat and read the artical again.
Was exploiter does is not show that part of the link after the @. So it will display http://www.ebay.com while the other will display http://[email protected], but both all of them will go to scumbag.com.
The one site that I had some across had a whole list of things that could be done to obscure URL's.
One of them is to use the IP address and that be represented by hex coding. So it might be http://www.ebay.com@AC45F1, even if people see that it would not be enough to raise alarm to the average person. There is a lot of strange looking stuff even in some legit URL's.
For example here is a legit ebay url for a listing.
http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=2367826542&category=300
And if they email comes as a html and viewed as html then the URL might not show at all, just the name of the link.
I blame MS for lots of stuff, but I don't think that is one that I put on them.
BTW, I view all my mail as text, an old display it as html when there is someting that I want to see, such as some formated newsletters that I get. Most of the scam stuff sticks out like a sort thumb.
Edited 12/21/2003 11:23:22 AM ET by Bill Hartmann
They were...
I got a warning email with reporting and more information links.
Who ever invented work didn't know how to fish....
I was involved in an identity theft trial in September. The loan processor for my mortgage broker absconded with 150 complete credit histories about January of 2002. She and her husband were also running a bunch of other identity theft scams to pay for their drug habits and high lifestyle. They eventually got caught with some bad checks and our info was discovered when the police did a search of a storage unit.
I went and testified that they had my information without my permission. We did not suffer any damage other than a nervous week while waiting for our credit reports to get mailed to us so we could verify everything. FWIW, a year earlier we had put stops on new credit w/o prior written notification, which may have prevented our info from being used. In this case, the mortgage broker did not notify any of his clients that their info had been taken. Needless to say he is not getting a word of mouth recommendation from us. He also had to eat the cost of paperwork and an appraisal as we took our refi elsewhere.
I no longer give out info to anyone, especially my phone number to the cashier at Toys R us when they ask for it. On a local forsale usenet group a guy was asking for old hard drives that his son could disassemble for the magnets for a school project. Clearly he was looking for hard drives with financial info on them as myself and others pointed out. If you ever get rid of a computer, run eraser 5.3 or higher on the drives to wipe them clean. And shred your financial docs, especially those credit card checks they mail out every month. Several people who testified were ripped off with those checks.
Take those hard drives out for target practice. A slug through the discs inside makes reading them tough. A couple more shots and you need a Ouija board and divine intervention to get anything off them.
You can also use a bulk tape demagnetizer or, less secure, a military grade wipe. But they lack the flare and fun of the ballistic approach and if I'm not going to have any fun I'm not going to do it.
My sister had a real strange thing happen.
She gets a check in the mail from some one for something that the sender of the check had bought on ebay.
It had her name and address on it.
BUT, she has never bought and sold on ebay and is not registered there.
From the buyer she got the item number and it was the first thing that seller had sold.
She could not contact the seller without registering so she called me. I did not want to get in the middle (not that I did not want to help, but adding a 4th party to this would just add to the confusion).
I would a place that she could email security without registering.
But I have not heard if she has found out anything yet.
Well, we have been known to dispose of monitors this way in the past.
American 180, 240 round drum in 8 seconds. You can see the rows of cartridges decreasing as the drum unloads. Using minimags, that is $7.50 in 8 seconds, or around $3500/hr.
Nice shooting. Fancy toy.
Don't forget to recycle or otherwise properly dispose of your targets. Wouldn't want all the nasties to get into the water supply.
Got that same email, sent it to earthlink, they told me it was fraudulent and they knew about it. What makes me uneasy is why didn't they notify all subscribers...and then of course, my first spam for low mortgages shows up. Can #### enlargement be far behind? LOL but pissed.
EliphIno!