[Cialug] Time to change your passwords.

Dave Crouse crouse at usalug.net
Tue Oct 6 22:11:42 CDT 2009 

I've seen a "few" of these types of emails....... what....... I wasn't
supposed to respond to this was I ??????? ahhhhhhhhh crap......

>Due to the congestion in all Account users and removal of all unused Accounts,world-Web would be shutting down all unused Accounts,You will have to confirm your >E-mail by filling the space below. Your User name, password, date of birth and your country information would be neededto verify your account.
>
> Any *Accoount* user not verified will be suspended within 72 hours.You are to send the following informations to webnet admin center for verification
>
> * E-mail: ........
> * Password: ......
> * Date of Birth: .
> * Country.........
>
> Your response should be sent to admin manager
> Email:- supportteam at admin.in.th
>
> Waiting to receive the details of your Account
>
> Warning!!! Account owner that refuse to send this information after 48hours of receiving this warning will lose his/her Email account permanently.
>


On Tue, Oct 6, 2009 at 6:10 PM, Josh More
<morej at alliancetechnologies.net> wrote:
> Generally, yes, you are correct.  However, bear in mind that these
> accounts do more than just email these days.  It's not unusual for
> Google, Yahoo or MS to legitimately release services and say "just login
> with your Hotmail/Google/Yahoo ID".  That's not a hard thing to fake.
> You can direct people to gooogle.com, g00gle.com, googgle.com, etc and
> most wouldn't notice.  Sure, you can type everything in every time, but
> would the average user know that flickr.com, delicious.com, del.icio.us
> and yahoo.com are all legitimate, but weelble.com might not be?
>
> All they need is to trick the user once, and get access.  They can then
> leverage that access to send email to that user's contacts and direct
> them to a malicious site, and the attack just keeps spreading out.
>
> (There is also emerging evidence that a keylogger may also have been
> involved.)
>
>
>
> -Josh More, RHCE, CISSP, NCLP, GIAC
>  morej at alliancetechnologies.net
>  515-245-7701
>
>>>> kristau <kristau at gmail.com> 10/06/09 6:04 PM >>>
> On Tue, Oct 6, 2009 at 3:00 PM, Josh More
> <morej at alliancetechnologies.net> wrote:
>> In case you hadn't heard, it looks like the big phishing attack that
> we
>> thought only hit Hotmail also impacts Yahoo, AOL, and Gmail accounts
>> (and likely others).
>
> Isn't a phishing attach defined as an attempt to trick someone into
> giving up their password by sending an e-mail with a crafted link? If
> so, then always logging in to your gmail, hotmail, yahoo, et al
> accounts by first typing the URL in the address bar should protect you
> against such an attack.
>
> Or is this a new type of phishing? If so, please share the details ;)
>
> --
> Tired programmer
> Coding late into the night
> The core dump follows
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>

More information about the Cialug mailing list