Phishing Attempt - Coincidence ?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I've never ever had a phishing email about my own bank - it's an Irish one -
lots from banks that I've never dealt with but never purporting to be my own
bank.

Did a couple of transactions on my online banking about 10 mins ago and I've
suddenly received my first ever phishing attemp pretending to be that bank.

A weird coincidence or is there something here I should be worrying about ?

I'm well up to date on AV and anti-Spyware*, I'm just a tad nervous that
there could be a key trapping programme they've missed.


(*AVG, Search and Destroy, Adaware and Windows Defeneder)



Re: Phishing Attempt - Coincidence ?

Ex_OWM wrote:

Quoted text here. Click to load it

I just answered you in alt.www.webmaster ...

--
   -bts
   -Motorcycles defy gravity; cars just suck

Re: Phishing Attempt - Coincidence ?

Ex_OWM wrote:

Quoted text here. Click to load it

You are fooling yourself if you think that _anyone's_ anti-phishing
solutions will ever be of any use. If the malware developers are two
steps ahead of the AV vendors, the phishers are ten steps ahead. And
will remain so. Text-only with no inline images for email goes a long
way toward mitigating the problem.

And so, in your case, coincidence? Depends. Do you routinely keep
Javascript and cookies, particularly third-party cookies, enabled in
your browser(s) for non-trusted sites?

  http://en.wikipedia.org/wiki/Cross-site_scripting

  http://en.wikipedia.org/wiki/HTTP_cookie

The fact that these creeps now have your email address is probably the
least of your worries. They might also have all of your passwords and
credit card info.

Ron :)

Re: Phishing Attempt - Coincidence ?

Ron Lopshire wrote:

Quoted text here. Click to load it

Speaking of phishing ...

  http://www.computing.co.uk/computing/news/2174236/phishing-technique

Ron :)

Re: Phishing Attempt - Coincidence ?

Ron Lopshire wrote:
[snip]
Quoted text here. Click to load it

even this?
http://anti-virus-rants.blogspot.com/2006/12/how-to-recognize-phishing-emails-easy.html

Quoted text here. Click to load it

agreed... when you can see the disparity between the reported url and
the actual url it's very telling...

Quoted text here. Click to load it

now, now... if they had all that there wouldn't be any reason to send
him phishing emails...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

Re: Phishing Attempt - Coincidence ?

kurt wismer wrote:
Quoted text here. Click to load it
http://anti-virus-rants.blogspot.com/2006/12/how-to-recognize-phishing-emails-easy.html

Thanks for the link and your thoughts, Kurt.

Of course, as you point out, this starts to become cumbersome with
more than a few domains. And I have seen reports from people who are
now getting spam with their Gmail addresses being used exactly as you
suggest, one address used only for one domain. This was not the case
even 6 months ago. Dictionary attacks? Domains getting hacked?

Unless I request something through email, like a license key, I assume
that any piece of email, particularly HTML-formatted email, from any
business entity is a scam. Does eBay or any of the financial concerns
actually use email for anything except junk mail (like snail mail junk
mail, not really spam)?

Quoted text here. Click to load it

People using ActiveX, Java, Javascript, cookies, iFrames, Flashcrap,
animation, etc. in their email client, IMNSHO, get what they deserve.
Unfortunately, these are the same people who scream for government
solutions to every problem in their sorry existences. Screw 'em. [bg]

Quoted text here. Click to load it

When you have 150,000,000 people connected by botnets, phishing and
spamming is not about quitting after the first success. [g]

  http://arstechnica.com/news.ars/post/20070125-8707.html

Ron :)

Re: Phishing Attempt - Coincidence ?

Ron Lopshire wrote:
Quoted text here. Click to load it

it does with throwaway addresses, but less so with dedicated disposable
email address providers like sneakemail... those scale quite nicely -
one account can have an arbitrary number of disposable email addresses
and they can forward to multiple different real addresses...

Quoted text here. Click to load it

you mean the {gmail id}+@gmail.com addresses? yeah, that was
pretty much destined not to work as a security feature...

Quoted text here. Click to load it

dictionary attacks are a possibility... i recently started receiving
junk mail at work even though my work email address is unknown on the
internet - the only possibilities i can think of are dictionary attacks
or a compromised machine on the network at work leaked our corporate
email addresses...

Quoted text here. Click to load it

actually, ebay specifically does send you emails about your
transactions, telling you that you've won the item you were bidding on,
reminding you that you now need to pay, etc... also, messages sent to
your ebay id are also sent to your email address...

of course, since i signed up using a disposable email address, emails
that don't go through that specific disposable email address are clearly
fraudulent...

Quoted text here. Click to load it

those are duh-faults (to borrow a term from cquirke) for a number of
common email clients...

Quoted text here. Click to load it

reminds me of "c'est la faute du federal" by bowser and blue...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

Re: Phishing Attempt - Coincidence ?

kurt wismer wrote:

Quoted text here. Click to load it

Duh-faults? LOL. I like it. I like it. Thanks, Kurt

Ron :)

Re: Phishing Attempt - Coincidence ?

kurt wismer wrote:

Quoted text here. Click to load it

I have had the same problem, and traced it back to some of those chain
mail jokes/funny stories people used to send to everyone in their
address book.

Oddly, I get more junk mail at my work account than any of the others,
including this one.

That reminds me, Alaska Scare lines sent an important notification to
everyone who ships through them, but it was html and the Surf Control
junk mail filters tossed it, then the junk mail filter in my machine
tossed it. So far as I can tell, I'm the only one in the company who
bothered to check the junk mail file to see if anything important got
dropped.

Re: Phishing Attempt - Coincidence ?


Quoted text here. Click to load it



My reference to anti-vrus and anti-spware was in the context of worrying
about a key trapper having got into my system. I don't see any real software
solution to phishing except text only to a limited extent as you suggest and
I already do this.  Avoiding phishing is basically a matter of common sense,
unfortunately common sense isn't too common ;)

Quoted text here. Click to load it




Site Timeline