Standup Zone Forum

General => Random => Topic started by: stoneaxe on March 13, 2017, 04:44:30 PM

Title: Dangerous Phish
Post by: stoneaxe on March 13, 2017, 04:44:30 PM
I'm far more security conscious on my email than the average person. Except for the Nigerian Prince that is soon sending me an annuity I look at everything very closely...I just received a phish that was very convincing looking telling me someone was attempting to change my gmail account. It used some other personal info that is easy to find about me in combination to create a gmail address, very convincingly too,  to which someone was purportedly trying to gain access. I never created the account. I also went to the Google account I do have to check security notifications. No activity there. One of the most convincing phishes I've seen. Nothing looked suspicious but the one thing......."if this is not your Google account...click here to disconnect"
Title: Re: Dangerous Phish
Post by: tautologies on March 13, 2017, 04:53:11 PM
I'm far more security conscious on my email than the average person. Except for the Nigerian Prince that is soon sending me an annuity I look at everything very closely...I just received a phish that was very convincing looking telling me someone was attempting to change my gmail account. It used some other personal info that is easy to find about me in combination to create a gmail address, very convincingly too,  to which someone was purportedly trying to gain access. I never created the account. I also went to the Google account I do have to check security notifications. No activity there. One of the most convincing phishes I've seen. Nothing looked suspicious but the one thing......."if this is not your Google account...click here to disconnect"

Yeah the new google account one is pretty good. Shitloads of people have fallen for it.

Another crazy one:
I have friends who have lost TONS of bitcoin via another scam where they take over their phone number (get a new SIM card, and enable it in the store) then find and reset email pwd, and finally transfer the bitcoins to themselves.
Title: Re: Dangerous Phish
Post by: PonoBill on March 13, 2017, 04:59:41 PM
Most email readers have a rollover function that lets you look at the URL that rests under a link, or sneakier yet, a fake URL that looks like an actual address but is actually a link with a different URL as the link. That's usually all it takes to detect a fraud. There's a lot more stuff getting through filters these days, and a lot more sophisticated scams.

Bitcoin fraud is growing quickly, which is the real reason that Bitcoin is getting a lot less popular.  Currently, accepting Bitcoin in your business is what one of my mentors called a "Doctor and Dentist" investment. When the Docs are entering the market, bail.

(https://lovelace-media.imgix.net/uploads/1080/42fb15c0-1a84-0133-f539-0e18518aac2f.png?w=740&h=500&fit=crop&crop=faces&auto=format&q=70)

That's not a saturation curve.
Title: Re: Dangerous Phish
Post by: tautologies on March 13, 2017, 05:22:22 PM
Most email readers have a rollover function that lets you look at the URL that rests under a link, or sneakier yet, a fake URL that looks like an actual address but is actually a link with a different URL as the link. That's usually all it takes to detect a fraud. There's a lot more stuff getting through filters these days, and a lot more sophisticated scams.

Bitcoin fraud is growing quickly, which is the real reason that Bitcoin is getting a lot less popular.  Currently, accepting Bitcoin in your business is what one of my mentors called a "Doctor and Dentist" investment. When the Docs are entering the market, bail.

(https://lovelace-media.imgix.net/uploads/1080/42fb15c0-1a84-0133-f539-0e18518aac2f.png?w=740&h=500&fit=crop&crop=faces&auto=format&q=70)

That's not a saturation curve.

haha yeah for sure. When the laggards come it might be time to look outside. I don't care too much about bitcoin, but blockchain technologies (or something similar) combined with 5G is really promising in these "show me your FB profile at the border government" times. I'm worried about other things when it comes to bitcoin...

I had an interesting chat with a pretty forward leaning and prominent VC, and their take was that when the big companies had already made their bet (FB, Sony, Google) it was too late for them to make money in the multiple they want. So when other VC's are still looking for promising VR application they had stopped that completely. I still think there are ways to make good applications that gain traction, but maybe not at the 100-1000x they are looking for.

Btw, no time like the current to register at  Keybase.io
:-)
Title: Re: Dangerous Phish
Post by: PonoBill on March 13, 2017, 06:46:43 PM
as important as anonymity was at the beginning of the interweb era, absolute identity is critical now--so FB might soon have a big advantage, and get real about one person, one account. If I were starting a social network now I'd be considering absolute identity--maybe DNA based. Or registered retinal scan. No anonymity. My email filter just got really simple--if I don't know you, you don't get delivered.

Why wouldn't I do that? A minor bit of policing and verification vs. some shitbag trying to clean out my checking account.

I've been looking long and hard at net neutrality, and I've pretty much convinced myself it's meaningless. Carriers have a choice--be cheap, or be gone. In short order, there will be virtually no competitive performance advantage. The tech is outstripping the current need. It's like all that railway fiber that wound up being dark because multiplexing made it unimportant. People are going to need to invent shit to use 5G. The world is strange. The future is here, it's just unevenly distributed.
Title: Re: Dangerous Phish
Post by: tautologies on March 13, 2017, 07:12:48 PM
as important as anonymity was at the beginning of the interweb era, absolute identity is critical now--so FB might soon have a big advantage, and get real about one person, one account. If I were starting a social network now I'd be considering absolute identity--maybe DNA based. Or registered retinal scan. No anonymity. My email filter just got really simple--if I don't know you, you don't get delivered.

Why wouldn't I do that? A minor bit of policing and verification vs. some shitbag trying to clean out my checking account.

I've been looking long and hard at net neutrality, and I've pretty much convinced myself it's meaningless. Carriers have a choice--be cheap, or be gone. In short order, there will be virtually no competitive performance advantage. The tech is outstripping the current need. It's like all that railway fiber that wound up being dark because multiplexing made it unimportant. People are going to need to invent shit to use 5G. The world is strange. The future is here, it's just unevenly distributed.

Well, the identity has a yang...privacy. I think privacy errodes over time but right now it is important to people...well it seems to be important just in their relation to their government. I love the irony of someone using their gmail to send privacy complaint about the government. 

I disagree that net neutrality is meaninless..first of all it is one of the core tenets of how the Internet became so successful, and the second and biggest reason is barriers to entry. It is too expensive for a small competitor to enter the telecom market, and therefore you'll have to have unblocking regulation. It is just like a game where there are ground rules that everyone have to play by.

Of course the GOP is well on their way to dismantle any resemblance of privacy. 
https://www.privateinternetaccess.com/blog/2017/03/24-senators-introduced-bill-let-telecoms-sell-private-internet-history/
Title: Re: Dangerous Phish
Post by: PonoBill on March 13, 2017, 07:18:13 PM
I disagree that net neutrality is meaninless..first of all it is one of the core tenets of how the Internet became so successful, and the second and biggest reason is barriers to entry. It is too expensive for a small competitor to enter the telecom market, and therefore you'll have to have unblocking regulation. It is just like a game where there are ground rules that everyone have to play by.

Little, yes, midsize, no. You can buy advanced switches and idle fiber for not a lot of money. If the telcos do anything stupid they'll open that floodgate. Too many people who would love a 30 percent ROI to allow those guys to play fast and loose.
Title: Re: Dangerous Phish
Post by: tautologies on March 13, 2017, 07:21:44 PM
Little, yes, midsize, no. You can buy advanced switches and idle fiber for not a lot of money. If the telcos do anything stupid they'll open that floodgate. Too many people who would love a 30 percent ROI to allow those guys to play fast and loose.

Yeah sure. Some friends of mine are building out this now. I believe there is a massive upcoming opportunity on the hardware edge between ISP / Telco and consumers.
Title: Re: Dangerous Phish
Post by: PonoBill on March 13, 2017, 07:38:30 PM
My old business partner in my first software venture was Norman Worthington. Norm owns/ is CEO of Star to Star, which is a crazy cool swtiching system that can make a tiny telco compete with any size Telco. I notice Norm doesn't mention Spite Software (CP/M software for the Osborne 1) in his bio. I'm calling him on that next time I see him--which happens every third total eclipse.  His first venture, while he was still a law student at Reed College, was with me. We went from 0 to a million to 0, back when a million was serious money. But yeah, back to 0. Fucking MS-DOS.
Title: Re: Dangerous Phish
Post by: Night Wing on March 13, 2017, 08:11:33 PM
I got the same email phish but I knew it was a fake instantly. How did I know? I don't have any gmail email accounts nor do I have any Google accounts.  Since it was in my Hotmail Junk (Spam) folder, I just deleted all the contents in my Junk folder.
Title: Re: Dangerous Phish
Post by: Quickbeam on March 13, 2017, 11:20:43 PM
We were down in Mexico recently and my wife got robbed. Nothing serious, but her wallet and phone were stolen from her purse. We had to cancel all her credit cards.

Then we were back home only a couple of days and I get an e-mail from Netflix that our account was going to be closed because there was a problem with our credit card. I of course thought it was because we had cancelled my wife’s card. So I logged into the Netflix account using my regular password. I caught myself just in time. The site I logged into asked me for my credit card number. This just didn’t make any sense to me. Why would it be asking for my credit card number when it should already be on file with them. That’s when I clued in.

I called Netflix to let them know about it and also changed my password as now whoever was doing the phishing had my Netflix password, although I don’t know if they would be interested in that. Still changed it though.

I’m usually pretty good at recognizing these types of scams, but this one almost had me. The login to this site was identical to the login to my regular Netflix account. And given that we had just canceled my wife’s credit cards I didn’t give it a second thought. Of course after this I realized our Netflix account was on a different credit card and not on the ones we canceled.  And in my defense, I was still suffering jet lag and was up very early in the morning when this happened. Showed me how aware you really need to be.

Title: Re: Dangerous Phish
Post by: PonoBill on March 13, 2017, 11:47:24 PM
You can walk up to an ATM or a gas pump, scan your debit card, type in your password, and transmit that vital information to Romania before you finish pumping. Scammers fit a false front on an ATM, or a skimmer in a gas pump. Sophisticated stuff, and it's becoming a lot more common and organized.

That reminds me, I need to update some stuff on Lifelock.
Title: Re: Dangerous Phish
Post by: Admin on March 14, 2017, 09:59:45 AM
So many odd choices with Bitcoin.   Maxing at 7 transactions a second?  Amazon alone is that times 100 at peak.  The shady undertones of illegal participants.  Retailers that did sign on were converting Bitcoin sales back to dollars right away.  We retailers are simple creatures and we get dollars.  But the biggest fail was in marketing.  They took inherent complexity and made it a focal point.  They sold an ethos and an understanding.  The public wants nothing less.  I wonder what the next incarnation will look like.
Title: Re: Dangerous Phish
Post by: Weasels wake on March 14, 2017, 11:08:58 AM
I'm far more security conscious on my email than the average person. Except for the Nigerian Prince that is soon sending me an annuity I look at everything very closely...I just received a phish that was very convincing looking telling me someone was attempting to change my gmail account. It used some other personal info that is easy to find about me in combination to create a gmail address, very convincingly too,  to which someone was purportedly trying to gain access. I never created the account. I also went to the Google account I do have to check security notifications. No activity there. One of the most convincing phishes I've seen. Nothing looked suspicious but the one thing......."if this is not your Google account...click here to disconnect"

Yeah the new google account one is pretty good. Shitloads of people have fallen for it.
Almost carbon copy of the one that John Podesta got suckered for.
Title: Re: Dangerous Phish
Post by: Night Wing on March 14, 2017, 04:22:36 PM
After reading all the comments in this thread, I'm glad I'm old fashioned. Which means I don't have a gmail account, no google accounts, I don't withdraw money from an ATM machine and I don't use a credit card when I need gasoline for my truck.

If I need cash money, I go to my local bank and hand the teller a check made out to "Cash". I use cash for when I pay for gasoline for my truck and even groceries. For me, it's "cotbh" (cash on the barrel head).

About the only time I use a credit card is for a dinner at my favorite steak house. I then wait for the monthly credit card statement to arrive, pay it by mailing a check and then 5 days later, I call the credit card company to see if the credit card company has deposited my check into their account for that credit card statement.

As for my pharmacy medications, I pay by personal check.

Title: Re: Dangerous Phish
Post by: pdxmike on March 14, 2017, 04:54:48 PM
You have to be careful.  People are incredibly naive and stupid when it comes to avoiding fraud.  I just read how about half of the passwords used for credit cards, bank accounts, etc. are things like "1234", "password", the person's name, etc.  Those people almost deserve to get their accounts drained.  That's why I either use "566-89-7444" which is my social security number, or "588OCCx081361" which seems hard to remember but isn't because I use it for US Bank, Lowe's, American Express, and Sprint, so I only have to remember it once for all of those, plus it's not really random because the first half is my license plate and the last is my birthday.
Title: Re: Dangerous Phish
Post by: PonoBill on March 14, 2017, 06:33:06 PM
Most people have hideous passwords. I use pretty simple ones for things that I don't feel matter or that have no direct connection to other sites that do, but it's important to remember that sites like Facebook provide identification to other sites, so you want a pretty solid password there.

Here's my simple recipe for a reasonably solid password. Pick a three word phrase that you can give yourself an easy clue for. Like "Color of the pot" (outside my door: blue) "scotch" (Dalwhinnie) and  "Miss- Coupland" (Wyoming). then pick two numbers from 1-0 and put them between your words. So your password is:

Blue 6 Dalwhinnie 3 Wyoming

Now substitute numbers for the letters that look like numbers, as i =1 e-3, a=4, o-0 and use the shifted symbols for your two numbers. Your password is now:

Blu3^D4lwh1nn13#Wy0m1ng

And your clue to reconstruct is: color of pot 6 scotch 3 Miss- coupland

Yes it can be broken with a very clever dictionary attack and a few weeks on a fast computer. Or someone that knows you well who has access to both the hints and your home. But it beats the shit out of your first dog plus your cousin's name.
SimplePortal 2.3.7 © 2008-2024, SimplePortal