Helping people with computers... one answer at a time.
Read the article that everyone's commenting on.
to ask leo
just this morning i got quit asupprise i was advised by a solicitor that a person with the same last name as mine.he and his family where killed in a car accident.he was adopted but his parents had passed away in 1976.and the solicitor had no history off his prior life before being addopted saying that there is 6.8 million dollars left in said trust and that by some law in enland if aclose ralative is not found.his attorel has authority to nominate a benefiiary from the family,so finding me there is a lot more legal stuff but i am only a layman.he said that he would send ph,no ext when he my confidence.he has what seems to be a proper letter head ph,no,adress name it does seem to be orriganale but i have had a trojen before and it took weeks to get rid off it.i am temted but not sure if i should open it and reply or not .i could send you the full letter but do not know how.
yours sincerly garry
I to try to be very careful and check links, and i too have been duped by a better then average piece of spam. However, But I also tell people that they should have a pretty good idea of what emails they have signed up for, and those emails should have a higher then normal level of trust. People should also be aware of what they sign up for, and a good example is...
Down at the mall I occasionally see a new car with a table and small slips of paper asking for your name and address. The slips also state that they could win this car by entering. People write there info down then forget it about it. Weeks or months later they get a notice from some place that wants them to come hear a lecture (typically 2 hours) and win a prize! Many people fall to realize that the two events are directly related and that people signed them up for that junk mail. So i would add in be careful with what you sign up for a site should not be asking for your address to look around. Even then most providers give multiple email addresses and there are plenty of free ones, so have one email account for family and friends and make sure they know it is just for them. Then use an alternative email for signing up for things and when you start getting to much spam turn it off. Another point...if you suspect it is spam do not open it because then they know that address is legit and will give it/sell it to others...they might do so even if you do not open it, but you wont get as much spam.
I wrote some relevant blog postings on this
Defending against a phishing email message.
Test your e-mail program
Is that e-mail message legit? How a computer nerd analyzes it
Recently my credit card expired and was upgraded but I forgot/neglected to tell my ISP which tried billing me with the old details and they then sent me an email asking me to update my details via the link prrovided in the email. While the email turned out to be genuine, how different was that from the usual phishing emails which are always asking you to update details for your bank accounts or whatever. I contacted the ISP via my usual web link and commented about their look alike phishing email and they said they had always done it that way. So no wonder people keep getting caught by these things.
two things about this, one is perhaps a phish might look obvious to one machine but not the same to another, the second is that its as atrocious as what a computer attempting literal reasoning in speech...so maybe this is machine generated and unique to each machines display that receieves it...or set of common variables?
Leo, good buddy, I realize you know this 'work' better than Able himself BUT I am sure the phishers appreciate the information on how to improve their 'work'.BTW,what is "hovering" (as to email).How may one do that.Ole (_E=mc2_) here.
I find it hard to believe that most spam or phishing works but the social engineering can work well on people who would never open up spam or a money scam.
A friend realized (right after she clicked) that the "package cannot be delivered" message was suspicious. She was waiting for a package that was a little slow.
My bank has a second page that will display a picture that you have chosen and text that you create, that you have to go through before signing in. My mother and siblings probably wouldn't guess the correct picture or the text that I attached with it. They are the only ones who would say "that makes sense".
I did the same stupid thing just a few days ago, and I know better. Lucky for me my Spysweeper from Webroot caught it in time.
his is a question.
Let's suppose a user never clicks an email, web or any other link to any web site where financial transactions can be made, and does not respond to popups. He keeps his computer completely patched and all programs updated, has a stealthed firewall and high detection AV/AS programs.
The first time he visits a bank web site, he uses the URL he got from the bank. Then he bookmarks an https page within the web site after logging in.
He visits each bank site in a separate, dedicated sandbox (www.sandboxie.com). After each banking session he deletes the contents of the sandbox. When he does another banking session, he only uses the https bookmark to access the banking site. He opens only one tab in the sandboxed browser.
What I would like to know is how this user could get phished using these procedures and only these procedures?
My bank has now issued us all with a hardware device - free. But we can also buy more (at equivalent to about US$10 each) as spares and to carry or store in chosen locations. The device is useless in the wrong hands as it will only work if one of the correct, registered, ATM cards is inserted and the PIN entered when instructed by the readout on the device's LCD screen. At the last stage of screen login to online banking, on the final login webpage, the device must be set to generate a use-once numerical code and this must be entered into the on-screen fields, along with the last four digits of the registered ATM card that has been inserted in the device's reader. If it's all pukka, you're in. If you're outside the home and you have a shoulder-surfer or are being key-logged, the code is useless to anyone else as it won't work twice!!! The device is no bigger than a video iPod and has a battery life of several years. As I have more than one, battery failure is not an issue. When due, the bank will change them, or, for the tech savvy with the right screwdrivers, they are just internal button cells and there's no volatile memory to worry about. As an extra precaution, you get the usual three goes on each or your cards to enter the PIN when prompted. If you mess-up, that card - and only that one (so you can use your others in the meantime) - is locked-out until you can insert it in one of the bank's own ATMs, whereupon an unlock procedure will be supplied via the ATM's on-screen prompts. So, to hack one of this bank's accounts, you'd need all the preliminary on-screen login details, one of the devices, one of the registered ATM cards for that account and the correct PIN for that card. In addition to logging-in, different use-once codes will be required from the device to make instant online payments or credit transfers to any recipient who has not been pre-registered as a regular payee from that account. Oh yes, as this is European banking, all cards are, of course, "Smart" (Chip-n-PIN), so there's no way to clone any of them with magnetic readers either.
To post a comment on "If phishers had a clue...", please return
to that article's main page.
Question? Ask Leo!
The Tip Jar: Buy Leo a Latte!
By Date |
Business Card |
Advertisements do not imply my endorsement of any product or service.
Copyright © 2003-2013 Puget Sound Software, LLC and Leo A. Notenboom
Ask Leo! is a registered trademark ® of Puget Sound Software, LLC
Terms, Conditions & Privacy
Product Reviews, Recommendations and Affiliate Links Disclosure