Archive for the ‘Spoof’ Category

I’ve been getting a flood of phishing attempts, supposedly for a “failed ACH payment”.  In fact, there are times when, in the time it takes me to delete the ones that made it past my filters and into my inbox, a dozen more show up.  Out of curiosity, I checked my spam filter, and found this:

Continue reading ‘Spammers are nothing if not persistent’ »

We’ve all seen those phishing e-mails, trying to steal your login information for banks, credit cards, and what-not. They all start “something bad happened, and if you don’t ‘confirm’ your identity within 72 hours, we’re going to delete your account”. So, when an e-mail with the subject “SourceForge.net passwords reset” hit my inbox the other day, I was a bit suspicious.

However, what followed did not look like your typical phishing scheme. In fact, it was a real e-mail from SourceForge.net.  Here’s the main part of the e-mail, along with my thoughts on what they did “right”.  (As well as what they could have done “better”.)

Hello,

We recently experienced a directed attack on SourceForge infrastructure
(http://sourceforge.net/blog/sourceforge-net-attack/) and so we are
resetting all passwords in the sf.net database -- just in case.  We're
e-mailing all sf.net registered account holders to let you know about this
change to your account.

So far, it’s not much different than all those phishing e-mails we’ve seen. (Well, except for the use of proper English grammar and spelling, that is.) But, it continues… Continue reading ‘SourceForge.net does it right’ »

What’ s the best anti-phishing tool? According to a recent “Ask Leo” article, the answer is “you”. And I heartily agree.

Phishing is interesting, and difficult to protect against.

But I do have a strong recommendation for the absolute best anti-phishing tool.

You

You are the best anti-phishing tool. In fact, in some cases you are the only possible anti-phishing tool.

Click here to read the rest of his article.

We’ve probably all seen it.  You go to a web page, and it tells you that you need to update your flash player in order to access the site, and gives you a handy link to download it.

Well, “the bad guys” saw those, too, and there has been a recent wave of fake “update” programs on scam sites, as well as “hacked” sites.  Sometimes, it will even come in the form of an “important message” supposedly from your bank, credit card company, or other well-known business.

The bad guys know that many people will simply click the link, and ignore any security warnings that come up, since similar warnings would be expected from a real install program.

The problem is that these e-mails and web pages don’t really have any flash content to display. They exist for the sole purpose of getting you to click on their “get the update” link, which, of course, is really a trojan meant to infect your system.

So, how can you tell if you really need to update your flash player (or other browser plugin)?

Continue reading ‘“Your flash player is out of date.”’ »