MoonPoint Support Logo

 


Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals



Advanced Search
January
Sun Mon Tue Wed Thu Fri Sat
 
17 18 19 20
21 22 23 24 25 26 27
28 29 30 31      
2018
Months
JanFeb Mar
Apr May Jun
Jul Aug Sep
Oct Nov Dec


Wed, Feb 22, 2017 11:10 pm

PhishMe Phishing Email

I received an email message today stating that all users of a system I use for work must update their security questions on a bi-yearly basis and that my account would be locked out in twenty four hours if my security questions were not updated within that time. Within the message was the Uniform Resource Locator (URL) for the relevant website. The message seemed suspicous, since I would expect to have received prior notices before one informing me I had only 24 hours left to update the questions and also I've not encountered instances of such sites requring security questions to be updated on a periodic basis, though it is common to require passwords to be updated periodically.

When I hovered my mouse pointer over the link in the message, I found that the first part of the name in the fully qualified domain name (FQDN) looked like something I would expect in a site name for my employer, but the ending of the domain name was securefileshares.com, which would not be a site I would go to to modify security questions for a work-related system. On my laptop, I use Outlook 2016 as my email; to view the email header for a message in Outlook 2016, you can take these steps, but most email clients provide a mechanism to view a message's header, which will show the originating system and other email servers a message has passed through. Viewing the header information, I saw the following lines:

Received-SPF: Temperror (SPF Temporary Error: DNS 'NoneType' object has no attri
bute 'header') identity=mailfrom; client-ip=52.1.96.230; helo=mail.nova.phishme.
com; envelope-from=postmaster@return--path.com; receiver=john.a.doe@example.com
<text snipped>
Received: from mail.nova.phishme.com (mail.nova.phishme.com [52.1.96.230])	by
<text snipped>
MIME-Version: 1.0
X-Priority: 3
X-PhishMe: Phishing_Training
X-PhishMeTracking: TjaVg7y+fe0Q/<text snipped>

The header lines showed it was a training exercise, since PhishMe is a company that helps organizations train their employees to avoid phishing attempts. But, if you have a question about whether a message you have received is legitimate or is a spoofed message that appears to come from a legitimate sender, such as your employer, bank, or some source you would trust, it is best to type in a link rather than click on one within an email, unless you observe the actual link very closely. It can also help to identify a message sent by someone spoofing a legitimate sender by examining message headers. It is trivially easy for a spammer, malware purveyor, or other malefactor to spoof a "From" address, so you should never assume that a "From" address is a reliable means of identifying a message's actual sender.

[/security/scams/phishing] permanent link

Thu, Oct 06, 2016 9:46 pm

Indian scammers posing as U.S. IRS employees busted

I heard some good news on the radio while driving home from the office this afternoon. Indian law enforcement officers arrested 70 people working in call centers on the outskirts of Mumbai who were involved in a phone scam operation where they would call U.S. citizens and leave voice mail messages where they claimed to be U.S. Internal Revenue Service (IRS) agents demanding payments for taxes those called supposedly owed with the threat of arrest if the callee doesn't pay. Assistant police commissioner Bharat Shelke stated that "Fearing arrest, some used to call back, and employees at the call center then demanded a few thousand dollars to settle the case." Shelke also stated that an estimated $36.5 million was extorted from Americans duped into paying the scammers. Unfortunately, the police haven't yet caught the ringleaders of the operation.

Indian authorities stated that the callers were trained to disguise their Indian accents, so that they would sound more like native-born Americans. Employees of the scammers were given a six-page script with tips on how to allay potential victims suspicions. For their jobs as criminals, callers were paid between 10,000 rupees and 70,000 rupees every month, which is equivalent to between $150 and $1,050 U.S. dollars, police said. Shelke stated "Employees were aware of the fraud, but since they were getting a good salary, they remained silent."

I received a call from a scammer pretending to be an IRS employee in February of this year. In that instance, the person I spoke to had an obvious Indian accent. When I told him I knew he was a fraudster, he responded with a reference to a sexual act and hung up. Subsequently, my wife has received many similar bogus IRS calls. In the case where I spoke to the caller in February, the scam operation was spoofing the calling phone number.

Such scammers don't target just Americans. Tax agencies in Canada and Australia have all issued warnings over such scam callers. Last year, Sahil Patel, a scammer residing in Pennsylvania, was sentenced to 14 1/2 years in prison for his role in a similar scam where callers posed as law enforcement officers or tax agents. He was also ordered to forfeit one million dollars. The call centers Patel worked with used software that allowed them to spoof calling numbers so that those called would see a phone number that appeared to be associated with the agency with which the callers claimed to be associated.

At a Senate hearing in 2015 prior to Patel's conviction, a U.S. Department of the Treasury official estimated that such scams generated between 9,000 and 12,000 complaints a week and had gained scammers more than $15.5 million from 3,000 victims.

So kudos to Indian law enforcement officers for the recent operation; I hope they catch the kingpin(s) for whom those arrested worked.

References:

  1. Indian police seek kingpins in tax scam aimed at Americans
    By Rajendra Jadhav and Rahul Bhatia | Mumbai
    Date: October 6, 2016
    Reuters
  2. Pennsylvania man gets 14-1/2 years in prison for India-based phone scam
    By Joseph Ax | New York
    Date: July 8, 2015
    Reuters

[/security/scams] permanent link

Sat, Jul 16, 2016 10:16 pm

Windows Technical Department Scam

My wife received a call at 1:02 PM Eastern Time today from someone with an Indian accent claiming he was from the "Windows Technical Department" calling because they noticed that our "computer is infected with some harmful viruses." The call was obviously a scam, but I picked up the phone and played along for several minutes to see what the person would try to do. He had me open the Windows Event Viewer and suggested that the entries I saw in the Application log indicated the system was infected with viruses. There will normally be a plethora of entries in the log associated with the normal functioning of a Microsoft Windows system, but I can undestand how such con artists might be able to scare someone who has never looked at such log entries before into thinking they were evidence of something being terribly wrong with his/her system. When I asked him what percentage of people he called fell for the scam, he insisted it wasn't a scam. When I asked him if he was calling from outside of the U.S. and so felt immune from prosecution in the U.S., he hung up. When I used *69 to get the calling number I found it was 315-825-8947. When I tried calling the number, I heard a recorded message stating "The person you are trying to reach is not accepting calls at this time. Please try your call again later."

When I then searched online for that number, I found others reporting receiving similar scam calls from that number, e.g., at the 800Notes page at 315-825-8947 I found reports such as "They called me 4 times. I finally picked up on the last time and it was a woman with an Indian accent claiming to be from Windows Tech Support and I immediately hung up. This is a scam."

Fifty minutes later, my wife received a similar call again at 1:52 PM from someone with an Indian accent. She informed the caller that she knew it was a scam and asked to be removed from the calling list. I used *69 again and this time I was informed that the caling number was 315-639-8222. I found that number also listed at the 800Notes site at 315-639-8222. When I tried calling that number I heard a message that "The number you have reached has been disconnected or is no longer in service."

We received two more "Windows Technical Departement" calls within a couple of hours. We were watching a series on Netflix during that period and I didn't try to check those two calling numbers with *69.

I think it was the second call where I again picked up the phone and talked to the caller who again had an Indian accent - my wife told me all four seemed to have an Indian accent. I asked where he was calling from and he told me New York. I asked him what company he worked for; he said "Windows Technical Department". I asked him if he knew what company produces Windows. He didn't answer, but attempted to continue with his spiel telling me where to click with the mouse. I tried to see if he knew anything except the spiel he had been given, but this caller wanted to stick with the spiel telling me where to click, though he eventually hung up when I told him to hold on for a minute while I went to another phone, where I was going to record our conversation.

My wife gets very annoyed by such calls; she's usually the one picking up the phone for our home phone number, which is a VoIP service from our cable provider. I haven't received such scam calls on my cell phone number, though I do get a fair number of unwanted telemarketing calls on that number, often from spoofed numbers. My wife said she frequently gets the Windows scam calls when I'm not home. A few months ago, I received a call on our home number from another scammer pretending to be from the IRS.

Our phone numbers are on the U.S. Federal Trade Commission (FTC) Do Not Call list, but, of course, scammers, and many telemarketers as well, don't bother checking that list.

Coincidentally, today I read an article on the Ars Technica site titled Mobile carriers aren’t doing enough to fight robocalls, senators say. I wasn't pleased by the following paragraph in that article:

AT&T CEO Randall Stephenson recently claimed that AT&T doesn't have the "authority" to implement new robocall blocking technology in its mobile network, even though the Federal Communications Commission clearly stated last year that carriers have the "green light" to offer robocall-blocking services to consumers.

[/security/scams] permanent link

Fri, Feb 26, 2016 10:11 pm

Scammer pretending to be calling from the IRS

This morning at 8:12 AM my time I received a call from someone speaking with what sounded like an Indian accent who claimed to work for the U.S. Internal Revenue Service (IRS) asking me if I was aware that a warrant had been issued in the state of Maryland by the IRS for my arrest. Since I have not received any correspondence recently from the IRS by postal mail and it seemed unlikely an IRS employee would call me to notify me that a warrant was issued for my arrest, I was angered, but not worried by the call. I asked the caller where he was calling from and he said he was located in Washington D.C., which is, of coure, the location for the IRS. I asked for the calling phone number and he told me 1-800-829-1040. I was so irked by what seemed like an obvious scam attempt that I didn't let him go through his whole spiel to learn the details of how the scam was conducted. Instead, I simply told him that the call seemed like a scam and he seemed like a fraudster. He immediately responded with profanity and hung up; his knowledge of American profanity at least seemed good. Section 10 Taxpayer Contact of Chapter 1 of Part 5 of the Internal Revenue Manual states that it is a violation of IRS policy for an employee to use "obscene, profane, or abusive language", so that was only another indicator that the call was fraudulent.

After he hung up, I used *69 on my phone to see what calling number was reported. The calling number reported was 1-800-829-4933. That number and the one he gave are actual IRS numbers. The 1-800-829-4933 number is the IRS main taxpayer assistance line listed at How to Get Tax Help from the IRS and the 1-800-829-4933 one is the one listed on that same page for taxpayers to call with small business-related questions. However, it is common for telemarketers and scammers to spoof the calling number. Unfortunately, it seems that is fairly easy for them to do. E.g., often when I receive telemarketing calls to my mobile phone I notice that the first six digits of the calling number match those of my phone, but if I call the number back, the person who that phone number actually belongs to will answer and knows nothing about such calls. Telemarketers spoofing calling numbers is a common way to make it more difficult for people to identify the actual originating phone number when they file a complaint, but also telemarketers will spoof a calling number to make it more likely that the callee will think that he/she is receiving a local call and thus answer the phone. Con artists will spoof a calling number from a legitimate business, organization, or government agency to dupe a callee into thinking the call is legitimate.

After I hung up, I found the October 15, 2015 article on the IRS website, IRS Warns of Pervasive Telephone Scam, which notes:

The Internal Revenue Service today warned consumers about a sophisticated phone scam targeting taxpayers, including recent immigrants, throughout the country.

Victims are told they owe money to the IRS and it must be paid promptly through a pre-loaded debit card or wire transfer. If the victim refuses to cooperate, they are then threatened with arrest, deportation or suspension of a business or driver’s license. In many cases, the caller becomes hostile and insulting.

The article notes "that the first IRS contact with taxpayers on a tax issue is likely to occur via mail", which is what I would expect and lists the following characteristics for the scam:

The article notes that you can file a complaint with the Federal Trade Commission (FTC), a consumer protection agency, regarding such calls:

You can file a complaint using the FTC Complaint Assistant; choose “Other” and then “Impostor Scams.” If the complaint involves someone impersonating the IRS, include the words “IRS Telephone Scam” in the notes.

Note: I found that I needed to select "Scams and Rip-offs" and then "Impostor Scams", which is for "Someone posing as a well-known business, a family/friend, or a government agency". After that I made the following selections (it didn't sem to be as obvious as I would have expected how one should file a complaint regarding someone pretending to represent a U.S. federal government agency):

  1. How were you contacted? Phone
  2. Are you contacting us to complain about the company’s telemarketing practices? No
  3. Did the person: Pretend to be a representative or employee of a local, state, or federal government?

You will then be taken to the "Information Collection" step where "In just a few moments you will be able to tell your story in your own words. But first we would like to collect some information." After I completed the complaint submission process, I saw the following information:

Thank you for submitting your complaint to the Federal Trade Commission. Based on the information you have given us, we believe the following links to our consumer website may be helpful to you:

Government Imposter Scams

If you have any questions or would like us to add additional information to your complaint, please call 877-382-4357 to speak with a counselor.

The webpages to which the FTC link pointed had a link to another IRS article on such phone scams titled IRS Warns of Phone Scam.

[/security/scams] permanent link

Tue, May 29, 2007 10:32 am

Commerce Bank Phishing Email

When I checked my email today, I found a phishing email that ostensibly pointed recipients to http://commerceconnections-session843435953.commercebank.com/ibank/cmserver/verify.cfm, but which actually pointed to a phishing webpage at http://commerceconnections-session843435953.commercebank.com.plosure.at/ibank/cmserver/verify.cfm/

I reported the spoofed site at the following phishing report wepbages:

OrganizationReporting Page
CastleCops Phishing Incident & Termination
Symantec Phish Report Network Report Suspected Phishing Sites

[/security/scams/phishing/commercebank] permanent link

Mon, Apr 23, 2007 9:00 pm

PayPal Phishing Page at Hong Kong University Removed

When I checked agin, I found the PayPal phishing page that was located on a webserver at the Hong Kong Polytechnic University this weekend was now gone.

[/security/scams/phishing/paypal] permanent link

Sun, Apr 22, 2007 2:59 pm

PayPal Phishing at Hong Kong Polytechnic University

When I checked to see if the spoofed PayPal webpages were still present at http://production.mic.polyu.edu.hk/pp/login.html, I found the pages were still accessible. Yesterday, someone forwarded a message to me which stated an email address had been added to his PayPal account. The message asked him to confirm the addition by going to a PayPal website, but the link in the message actually led to the server at the Media Innovation Centre in the School of Design at the Hong Kong Polytechnic University.

The recipient doesn't have a PayPal account. Whoever created the spam message probably sent it to thousands of people with no way of knowing how many of those recipients might have PayPal accounts.

I checked the online directory for the university today and sent another message regarding the spoofed site; this time I sent the message to the chair of the School of Design at the university plus email addresses for people who appeared to be IT people at the university, and some general contact addresses. Hopefully, one of them can get the spoofed webpages removed and take action that will result in the perpetrator being apprehended and disciplined.

[/security/scams/phishing/paypal] permanent link

Sat, Apr 21, 2007 8:15 pm

PayPal Phishing at a Hong Kong University

A user forwarded an email message to me today that attempts to lure gullible PayPal users to a website at a university in Hong Kong. The email message asked the recipient to verify the addition of an email address to his PayPal account by going to the PayPal website. But the link actually directed anyone who clicked on it to http://production.mic.polyu.edu.hk/pp/login.html. The "hk" at the end of the domain name indicates the site is in Hong Kong, since "hk" is the country code for Hong Kong. The "edu" before it indicates it is an educational institution.

Going to http://mic.polyu.edu.hk/ instead, I found the following information for the site:

Multimedia Innovation Centre, HK

I reported the spoofed site to to the contact address listed for the Hong Kong Polytechnic University. The webserver being used to host the spoofed PayPal site apparently belongs to the Multimedia Innovation Centre School of Design at that university. I also reported this phishing attempt to PayPal via the PayPal Report Fake Site/Spoofwebpage. And I reported the spoofed site at the following phishing report wepbages:

OrganizationReporting Page
CastleCops Phishing Incident & Termination
Symantec Phish Report Network Report Suspected Phishing Sites

[/security/scams/phishing/paypal] permanent link

Thu, Feb 08, 2007 11:19 am

PayPal Phising Site at bourke.pcpro.net.au

Someone forwarded a phishing email message to me this morning that was an attempt to garner PayPal userids and passwords as well as personal information, including a credit card number from unsuspecting PayPal users.

The message attempted to trick PayPal users to going to a spoofed PayPal website to confirm the addition of an email address to a user's PayPal account. In reality, the link in the message would take the victim to http://sv1.melbhosting.com.au/%7Eforcast/index.html, which would redirect him to http://bourke.pcpro.net.au/icons/.pay/pal/index.html. There he would see a website mimicking the PayPal site where he would be prompted for his PayPal userid and password. If he entered a userid and password, he would see a form asking for personal information, including a credit card number.

I reported the spoofed site at 10:33 A.M. using PayPal's Contact Us - Protections/Privacy/Security - Report Fake Site/Spoof form. I also reported the site to the Phishing Incident Reporting and Termination (PIRT) Squad at 10:48 A.M. At 11:15 A.M. the webpage to which the link pointed, http://sv1.melbhosting.com.au/%7Eforcast/index.html was removed from the webserver on which it resided, resulting in a "HTTP 404 - File not found" message, but the spoofed PayPal site at bourke.pcpro.net.au was still accessible.

[/security/scams/phishing/paypal] permanent link

Sat, Sep 16, 2006 12:23 pm

Fake FDIC Email

E-mails fraudulently claiming to be from the Federal Deposit Insurance Corporation (FDIC), which insures deposits in banks and thrift institutions, are attempting to trick recipients into installing unknown software on personal computers or into accessing a spoofed website. These e-mails falsely indicate that recipients should install software that was developed by the FDIC and other agencies or provide personal information at a spoofed, i.e. fake, website. The software may be a form of spyware or malicious code and may collect personal or confidential information. The spoofed website attempts to gain confidential information.

The subject line of such e-mail messages may include any of the following:

Online Access Agreement Update
SON Registration
Urgent Notification - Security Reminder
IMPORTANT: Notification of Federal Deposit Insurance Corporation

The e-mail may request that recipients click on a hyperlink that appears to be related to the FDIC, which directs recipients to an unknown executable file to be downloaded, or may direct recipients to a webpage requesting personal information. While the FDIC is working with the United States Computer Emergency Readiness Team (CERT) to determine the exact effects of the executable file, recipients should consider the intent of the software as a malicious attempt to collect personal or confidential information, some of which may be used to gain unauthorized access to on-line banking services or to conduct identity theft.

The FDIC is attempting to identify the source of the e-mails and disrupt the transmission. Until this is achieved, consumers and financial institutions are asked to report any similar attempts to obtain this information to the FDIC by sending information to alert@fdic.gov.

For further information on these "phishing" email messages, see the FDIC Consumer Alerts webpage at http://www.fdic.gov/consumers/consumer/alerts/index.html.

[/security/scams] permanent link

Once You Know, You Newegg AliExpress by Alibaba.com

Shop Amazon Local - Subscribe to Deals in Your Neighborhood

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo