Call Ozdachs at 415.347.6479|info_request@ozdachs.biz

Today's Phishing Trips

Two phishing attacks are hitting my in-box hard today.

Facebook Phishing AttackOne tries to trick you into logging into your Facebook account to see the new features available to you. This is a really clever angle since earlier this week Facebook unleashed a site redesign which has been widely panned in part because Facebook didn’t pre-announce the changes or explain them.

This phishing email sounds like Facebook is responding to criticism by telling you of changes and inviting you to learn more about them.

Of course, if you do click on the link, you’ll go to a site that looks like Facebook but is, in fact, a fraudulent site somewhere in the European Union. The crooks want you to give up your Facebook user name and password. From there they’ll have access to your Facebook account and can post and send messages coming from “you” to trick your friends into giving up more information. Or worse.

The second attack is an email supposedly from the FDIC telling me that my bank has been taken over. According to a warning I heard on the radio, if you click on the link to the phony FDIC site, you’re asked to put in your bank account number and other identifying information. Guess what happens after you do this?

Practicing Safer Computing

FDIC phishing attackHere’s how I quickly spotted these messages as phony:

  1. I hovered my cursor over the links. Microsoft Outlook pops up a message showing the real destination of any link when the cursor is held over it. In these cases the destination started out with “www.Facebook.com” or “www.FDIC.gov”, but the location kept going and in both emails ended with a “.eu”. This means I’d be taken to crooked sites in the European Union and not to a business or government site in the US. (Check out an earlier post about a phishing attack for more information on uncovering where a link is really going to take you.)
  2. The FDIC mail was sent to an email address that I don’t use for banking. [email protected] simply is not used for those activities, so why would I get messages in that inbox?
  3. I wasn’t expecting email from either organization. I don’t click on links in email when I am not expecting the message. Even when I do get a notice from my real credit card companies or bank, I don’t click on their link. Instead I type the address in myself (or use my bookmarked location).
  4. I am getting multiple copies of each message. They’re being sent to every email address I have displayed on the Internet, and I think I am getting multiple copies to the same email account. No real sender would be so unselectively spammy.

Yeah, I could wind up falling for tomorrow’s phishing attack. I know no one is immune. But, these two didn’t get me. Don’t let them get you!

By |2009-10-28T12:22:49-07:00October 28th, 2009|Scams|0 Comments

Major Email Attack Today

Outlook Update email -- it is a fake!You’re not falling for this email, are you?

I have received at least six copies of this bogus email message so far today.

The email message claims to be a Microsoft announcement notifying you of a new update to the Outlook or Outlook Express email programs. Prominent in the message is a link you’re suppose to click on to download the patch from Microsoft.

The link displays as “http://update.microsoft.com/microsoftofficeupdate/KB910737/default.aspx?ln=en-us&[email protected]&id=950469769888131599309836639492603233….7986“. It sure looks like that if you click on the link you’ll be going to Microsoft for a download.

Don’t do it!  The link is a phony!

How do I know?

First, Microsoft doesn’t send emails announcing updates. Their Windows Update program runs and, depending upon your preferences, installs updates or tells you do get them when you have time.

Second, when I read the email and place my cursor over the link, a pop-up tool tip appears showing the real location I’d be taken to. The real location doesn’t end with “microsoft.com”. The real location in the latest email I received ends with “ij1tli.com”. That domain is registered to:
Personal use
3-59-10 Izumi, Suginami-ku
Tokyo, Tokyo 1680063
JP

You could track this domain further, but all we really care about is that it’s not Microsoft!

If you click on the phony link to download the “patch”, you’ll download something. But, it won’t be a patch to your email problem. Instead it will be an evil program. One that maybe tracks your keystrokes when you log into your bank account and then sends your banking username and password to thieves. Or, a program that runs malicious software on your PC that will attack a website or send millions of spam messages.

Don’t fall for this attempt to fake you out. Just delete the emails… and make sure that your anti-virus software is up-to-date!

By |2009-10-21T13:02:00-07:00October 21st, 2009|Scams|1 Comment

Renew Your Domain and Pay Too Much

Yesterday a client forwarded an email to me that said his domain name registration was expiring. All he had to do was to click on a link and he’d be taken to a screen where he could renew the name for another year.
ISP Renewal web page
The renewal email is a scam, although possibly not illegal.

What was wrong with this reminder notice and renewal offer?

  • My client’s domain name (www.mycompany.com) is NOT registered with the sender of the email. He uses our recommended registrar, Webmasters.com.
  • The sender of the email notice, ISP Renewal Domain Name Services, prices the one-year renewal at $79.95. We pay $9.95 at Webmasters.com.
  • The renewal web page (at right) displays the logos of well-known companies, presumably to lend credibility to the web page. The companies whose logos are display, Oracle, Cisco Systems, IBM, and Microsoft have nothing to do with the renewal of my client’s domain registration. (I wonder if these companies know that their logos are displayed on the renewal page.)
  • The “from” address of the email is [email protected]. The ending “.org” makes it look like the sender is a not-for-profit organization. However, no one has to prove that they are a non-profit to have a .org address. For-profit companies are free to register .org addresses to trick people into thinking that they are a do-gooder organization instead of a profit-making company. This practice isn’t illegal, but it rings my warning bells.

The fine print in the renewal letter does confess that:

If you wish to assign (emphasis added) ISPRenewal to extend your domain, please click on the link above. If you do not not wish renew your domain, you may disregard this e-mail. Note! No changes will be made in the WHOIS information if you choose to your domain with us. You will still have your current Domain Service Provider (sic) . You may also request your resent (sic) Domain Service Provider to extend your domain.

In other words, this company has no relationship with you. But, they want you to pay them to pay your current domain registrar to renew. The fee for this renewal is only 8 times what you would pay yourself.

Although their boilerplate renewal email includes a typo and admits to the worthlessness of the service, I am sure that some businesses fall for this scam. My client almost fell for it!

The truth is that many web site owners don’t know what “domain registration” is. They’re confused by hosting services, domain name registration, and all that “tech stuff”. The email’s conflating of hosting services and domain name registration into “Domain Service Provider” encourages this confusion. So, many owners will simply pay whatever “bill” that comes in to keep their web site up.

This scheme is similar to the phony invoice-looking mailings that businesses receive all the time. You know, the come-ons disguised as bills which the sleazy sender hopes will trick some business owner into paying for something that they haven’t ordered.

Sigh!

Another sleazoid is loose in the market place. All I can do is recommend that if you get an offer from ISP Renewal, trash it. It’s misleading and designed to trick you into doing business with them. And, based on their domain registration renewal ethics, I don’t think you want to do any business with them.

By |2010-11-21T16:05:04-08:00October 13th, 2009|Scams|0 Comments
Go to Top