Author Topic: Dangerous Phish  (Read 981 times)

stoneaxe

  • Cortez Bank Status
  • *****
  • Posts: 10539
    • View Profile
    • Cape Cod Bay Challenge
Dangerous Phish
« on: March 13, 2017, 04:44:30 PM »
I'm far more security conscious on my email than the average person. Except for the Nigerian Prince that is soon sending me an annuity I look at everything very closely...I just received a phish that was very convincing looking telling me someone was attempting to change my gmail account. It used some other personal info that is easy to find about me in combination to create a gmail address, very convincingly too,  to which someone was purportedly trying to gain access. I never created the account. I also went to the Google account I do have to check security notifications. No activity there. One of the most convincing phishes I've seen. Nothing looked suspicious but the one thing......."if this is not your Google account...click here to disconnect"
« Last Edit: March 13, 2017, 04:46:18 PM by stoneaxe »
Bob

8-4 Vec, 9-0 SouthCounty, 9-8 Starboard, 10-4 Foote Triton, 10-6 C4, 12-6 Starboard, 14-0 Vec (babysitting the 18-0 Speedboard) Ke Nalu Molokai, Ke Nalu Maliko, Ke Nalu Wiki Ke Nalu Konihi

tautologies

  • Teahupoo Status
  • ******
  • Posts: 1671
    • View Profile
Re: Dangerous Phish
« Reply #1 on: March 13, 2017, 04:53:11 PM »
I'm far more security conscious on my email than the average person. Except for the Nigerian Prince that is soon sending me an annuity I look at everything very closely...I just received a phish that was very convincing looking telling me someone was attempting to change my gmail account. It used some other personal info that is easy to find about me in combination to create a gmail address, very convincingly too,  to which someone was purportedly trying to gain access. I never created the account. I also went to the Google account I do have to check security notifications. No activity there. One of the most convincing phishes I've seen. Nothing looked suspicious but the one thing......."if this is not your Google account...click here to disconnect"

Yeah the new google account one is pretty good. Shitloads of people have fallen for it.

Another crazy one:
I have friends who have lost TONS of bitcoin via another scam where they take over their phone number (get a new SIM card, and enable it in the store) then find and reset email pwd, and finally transfer the bitcoins to themselves.

PonoBill

  • Cortez Bank Status
  • *****
  • Posts: 18559
    • View Profile
    • Ponohouse is for sale. Great house but it's time for new adventures
Re: Dangerous Phish
« Reply #2 on: March 13, 2017, 04:59:41 PM »
Most email readers have a rollover function that lets you look at the URL that rests under a link, or sneakier yet, a fake URL that looks like an actual address but is actually a link with a different URL as the link. That's usually all it takes to detect a fraud. There's a lot more stuff getting through filters these days, and a lot more sophisticated scams.

Bitcoin fraud is growing quickly, which is the real reason that Bitcoin is getting a lot less popular.  Currently, accepting Bitcoin in your business is what one of my mentors called a "Doctor and Dentist" investment. When the Docs are entering the market, bail.



That's not a saturation curve.
« Last Edit: March 13, 2017, 05:06:11 PM by PonoBill »
Ponohouse is for sale: http://www.ponohouse.com
Foote 10'4X34", SIC 17.5 V1 hollow and an EPS one in Hood River. Foote 9'0" x 31", L41 8'8", 18' Speedboard, etc. etc.

tautologies

  • Teahupoo Status
  • ******
  • Posts: 1671
    • View Profile
Re: Dangerous Phish
« Reply #3 on: March 13, 2017, 05:22:22 PM »
Most email readers have a rollover function that lets you look at the URL that rests under a link, or sneakier yet, a fake URL that looks like an actual address but is actually a link with a different URL as the link. That's usually all it takes to detect a fraud. There's a lot more stuff getting through filters these days, and a lot more sophisticated scams.

Bitcoin fraud is growing quickly, which is the real reason that Bitcoin is getting a lot less popular.  Currently, accepting Bitcoin in your business is what one of my mentors called a "Doctor and Dentist" investment. When the Docs are entering the market, bail.



That's not a saturation curve.

haha yeah for sure. When the laggards come it might be time to look outside. I don't care too much about bitcoin, but blockchain technologies (or something similar) combined with 5G is really promising in these "show me your FB profile at the border government" times. I'm worried about other things when it comes to bitcoin...

I had an interesting chat with a pretty forward leaning and prominent VC, and their take was that when the big companies had already made their bet (FB, Sony, Google) it was too late for them to make money in the multiple they want. So when other VC's are still looking for promising VR application they had stopped that completely. I still think there are ways to make good applications that gain traction, but maybe not at the 100-1000x they are looking for.

Btw, no time like the current to register at  Keybase.io
:-)

PonoBill

  • Cortez Bank Status
  • *****
  • Posts: 18559
    • View Profile
    • Ponohouse is for sale. Great house but it's time for new adventures
Re: Dangerous Phish
« Reply #4 on: March 13, 2017, 06:46:43 PM »
as important as anonymity was at the beginning of the interweb era, absolute identity is critical now--so FB might soon have a big advantage, and get real about one person, one account. If I were starting a social network now I'd be considering absolute identity--maybe DNA based. Or registered retinal scan. No anonymity. My email filter just got really simple--if I don't know you, you don't get delivered.

Why wouldn't I do that? A minor bit of policing and verification vs. some shitbag trying to clean out my checking account.

I've been looking long and hard at net neutrality, and I've pretty much convinced myself it's meaningless. Carriers have a choice--be cheap, or be gone. In short order, there will be virtually no competitive performance advantage. The tech is outstripping the current need. It's like all that railway fiber that wound up being dark because multiplexing made it unimportant. People are going to need to invent shit to use 5G. The world is strange. The future is here, it's just unevenly distributed.
« Last Edit: March 13, 2017, 06:51:25 PM by PonoBill »
Ponohouse is for sale: http://www.ponohouse.com
Foote 10'4X34", SIC 17.5 V1 hollow and an EPS one in Hood River. Foote 9'0" x 31", L41 8'8", 18' Speedboard, etc. etc.

tautologies

  • Teahupoo Status
  • ******
  • Posts: 1671
    • View Profile
Re: Dangerous Phish
« Reply #5 on: March 13, 2017, 07:12:48 PM »
as important as anonymity was at the beginning of the interweb era, absolute identity is critical now--so FB might soon have a big advantage, and get real about one person, one account. If I were starting a social network now I'd be considering absolute identity--maybe DNA based. Or registered retinal scan. No anonymity. My email filter just got really simple--if I don't know you, you don't get delivered.

Why wouldn't I do that? A minor bit of policing and verification vs. some shitbag trying to clean out my checking account.

I've been looking long and hard at net neutrality, and I've pretty much convinced myself it's meaningless. Carriers have a choice--be cheap, or be gone. In short order, there will be virtually no competitive performance advantage. The tech is outstripping the current need. It's like all that railway fiber that wound up being dark because multiplexing made it unimportant. People are going to need to invent shit to use 5G. The world is strange. The future is here, it's just unevenly distributed.

Well, the identity has a yang...privacy. I think privacy errodes over time but right now it is important to people...well it seems to be important just in their relation to their government. I love the irony of someone using their gmail to send privacy complaint about the government. 

I disagree that net neutrality is meaninless..first of all it is one of the core tenets of how the Internet became so successful, and the second and biggest reason is barriers to entry. It is too expensive for a small competitor to enter the telecom market, and therefore you'll have to have unblocking regulation. It is just like a game where there are ground rules that everyone have to play by.

Of course the GOP is well on their way to dismantle any resemblance of privacy. 
https://www.privateinternetaccess.com/blog/2017/03/24-senators-introduced-bill-let-telecoms-sell-private-internet-history/

PonoBill

  • Cortez Bank Status
  • *****
  • Posts: 18559
    • View Profile
    • Ponohouse is for sale. Great house but it's time for new adventures
Re: Dangerous Phish
« Reply #6 on: March 13, 2017, 07:18:13 PM »
I disagree that net neutrality is meaninless..first of all it is one of the core tenets of how the Internet became so successful, and the second and biggest reason is barriers to entry. It is too expensive for a small competitor to enter the telecom market, and therefore you'll have to have unblocking regulation. It is just like a game where there are ground rules that everyone have to play by.

Little, yes, midsize, no. You can buy advanced switches and idle fiber for not a lot of money. If the telcos do anything stupid they'll open that floodgate. Too many people who would love a 30 percent ROI to allow those guys to play fast and loose.
Ponohouse is for sale: http://www.ponohouse.com
Foote 10'4X34", SIC 17.5 V1 hollow and an EPS one in Hood River. Foote 9'0" x 31", L41 8'8", 18' Speedboard, etc. etc.

tautologies

  • Teahupoo Status
  • ******
  • Posts: 1671
    • View Profile
Re: Dangerous Phish
« Reply #7 on: March 13, 2017, 07:21:44 PM »
Little, yes, midsize, no. You can buy advanced switches and idle fiber for not a lot of money. If the telcos do anything stupid they'll open that floodgate. Too many people who would love a 30 percent ROI to allow those guys to play fast and loose.

Yeah sure. Some friends of mine are building out this now. I believe there is a massive upcoming opportunity on the hardware edge between ISP / Telco and consumers.

PonoBill

  • Cortez Bank Status
  • *****
  • Posts: 18559
    • View Profile
    • Ponohouse is for sale. Great house but it's time for new adventures
Re: Dangerous Phish
« Reply #8 on: March 13, 2017, 07:38:30 PM »
My old business partner in my first software venture was Norman Worthington. Norm owns/ is CEO of Star to Star, which is a crazy cool swtiching system that can make a tiny telco compete with any size Telco. I notice Norm doesn't mention Spite Software (CP/M software for the Osborne 1) in his bio. I'm calling him on that next time I see him--which happens every third total eclipse.  His first venture, while he was still a law student at Reed College, was with me. We went from 0 to a million to 0, back when a million was serious money. But yeah, back to 0. Fucking MS-DOS.
« Last Edit: March 13, 2017, 07:41:20 PM by PonoBill »
Ponohouse is for sale: http://www.ponohouse.com
Foote 10'4X34", SIC 17.5 V1 hollow and an EPS one in Hood River. Foote 9'0" x 31", L41 8'8", 18' Speedboard, etc. etc.

Night Wing

  • Peahi Status
  • *****
  • Posts: 956
    • View Profile
Re: Dangerous Phish
« Reply #9 on: March 13, 2017, 08:11:33 PM »
I got the same email phish but I knew it was a fake instantly. How did I know? I don't have any gmail email accounts nor do I have any Google accounts.  Since it was in my Hotmail Junk (Spam) folder, I just deleted all the contents in my Junk folder.
SUP Sports Hammer: 8'11" x 31" x 4" @ 140 Liters

Quickbeam

  • Sunset Status
  • ****
  • Posts: 491
    • View Profile
Re: Dangerous Phish
« Reply #10 on: March 13, 2017, 11:20:43 PM »
We were down in Mexico recently and my wife got robbed. Nothing serious, but her wallet and phone were stolen from her purse. We had to cancel all her credit cards.

Then we were back home only a couple of days and I get an e-mail from Netflix that our account was going to be closed because there was a problem with our credit card. I of course thought it was because we had cancelled my wifeís card. So I logged into the Netflix account using my regular password. I caught myself just in time. The site I logged into asked me for my credit card number. This just didnít make any sense to me. Why would it be asking for my credit card number when it should already be on file with them. Thatís when I clued in.

I called Netflix to let them know about it and also changed my password as now whoever was doing the phishing had my Netflix password, although I donít know if they would be interested in that. Still changed it though.

Iím usually pretty good at recognizing these types of scams, but this one almost had me. The login to this site was identical to the login to my regular Netflix account. And given that we had just canceled my wifeís credit cards I didnít give it a second thought. Of course after this I realized our Netflix account was on a different credit card and not on the ones we canceled.  And in my defense, I was still suffering jet lag and was up very early in the morning when this happened. Showed me how aware you really need to be.


PonoBill

  • Cortez Bank Status
  • *****
  • Posts: 18559
    • View Profile
    • Ponohouse is for sale. Great house but it's time for new adventures
Re: Dangerous Phish
« Reply #11 on: March 13, 2017, 11:47:24 PM »
You can walk up to an ATM or a gas pump, scan your debit card, type in your password, and transmit that vital information to Romania before you finish pumping. Scammers fit a false front on an ATM, or a skimmer in a gas pump. Sophisticated stuff, and it's becoming a lot more common and organized.

That reminds me, I need to update some stuff on Lifelock.
Ponohouse is for sale: http://www.ponohouse.com
Foote 10'4X34", SIC 17.5 V1 hollow and an EPS one in Hood River. Foote 9'0" x 31", L41 8'8", 18' Speedboard, etc. etc.

Admin

  • Administrator
  • Cortez Bank Status
  • *****
  • Posts: 3784
    • View Profile
    • StandUpZone
    • Email
Re: Dangerous Phish
« Reply #12 on: March 14, 2017, 09:59:45 AM »
So many odd choices with Bitcoin.   Maxing at 7 transactions a second?  Amazon alone is that times 100 at peak.  The shady undertones of illegal participants.  Retailers that did sign on were converting Bitcoin sales back to dollars right away.  We retailers are simple creatures and we get dollars.  But the biggest fail was in marketing.  They took inherent complexity and made it a focal point.  They sold an ethos and an understanding.  The public wants nothing less.  I wonder what the next incarnation will look like.
« Last Edit: March 14, 2017, 10:01:39 AM by Admin »

Weasels wake

  • Cortez Bank Status
  • *****
  • Posts: 2594
    • View Profile
Re: Dangerous Phish
« Reply #13 on: March 14, 2017, 11:08:58 AM »
I'm far more security conscious on my email than the average person. Except for the Nigerian Prince that is soon sending me an annuity I look at everything very closely...I just received a phish that was very convincing looking telling me someone was attempting to change my gmail account. It used some other personal info that is easy to find about me in combination to create a gmail address, very convincingly too,  to which someone was purportedly trying to gain access. I never created the account. I also went to the Google account I do have to check security notifications. No activity there. One of the most convincing phishes I've seen. Nothing looked suspicious but the one thing......."if this is not your Google account...click here to disconnect"

Yeah the new google account one is pretty good. Shitloads of people have fallen for it.
Almost carbon copy of the one that John Podesta got suckered for.
It takes a quiver to do that.

Night Wing

  • Peahi Status
  • *****
  • Posts: 956
    • View Profile
Re: Dangerous Phish
« Reply #14 on: March 14, 2017, 04:22:36 PM »
After reading all the comments in this thread, I'm glad I'm old fashioned. Which means I don't have a gmail account, no google accounts, I don't withdraw money from an ATM machine and I don't use a credit card when I need gasoline for my truck.

If I need cash money, I go to my local bank and hand the teller a check made out to "Cash". I use cash for when I pay for gasoline for my truck and even groceries. For me, it's "cotbh" (cash on the barrel head).

About the only time I use a credit card is for a dinner at my favorite steak house. I then wait for the monthly credit card statement to arrive, pay it by mailing a check and then 5 days later, I call the credit card company to see if the credit card company has deposited my check into their account for that credit card statement.

As for my pharmacy medications, I pay by personal check.

SUP Sports Hammer: 8'11" x 31" x 4" @ 140 Liters

 


* Recent Posts

* Recent Topics