justin
Australian
join:1999-05-28
Brooklyn, NY
Host:
IPv6
Business Connectiv..
Home/Office setup ..
Console/Handheld g..
Console Tech
| reply to KyleC
Re: Nice!
I don't think they are so easy to expose anymore.
At first the URLs were stupid
then they started looking good
now they actually START with the victim companies web server
how soon before someone figures out how to re-write the location bar in the browser to hide where you really are?
For sure these scams fool MORE people now than ever before, due to these "technical advances", even though the average level of suspicion has rised dramatically among everyone.
When YOU visit a secure site, do you actually check the certificate details and validity? for instance?
Only 1% of users, those who continue to read about all of the tricks, are really up with this stuff. Average users are not. At this rate I'd honestly think of advising non-computer friends to not use email AT ALL, for ANYTHING, ever AGAIN. And I'd advise legit companies to not use email for anything except no-action-required notifications. Just don't get an email address unless you want to make spam tools and scam tricks and security updates a personal hobby. Honestly it is getting that bad. |
|
joebear29
join:2003-07-20
Alabaster, AL
| said by justin  :
Only 1% of users, those who continue to read about all of the tricks, are really up with this stuff. Average users are not. At this rate I'd honestly think of advising non-computer friends to not use email AT ALL, for ANYTHING, ever AGAIN. And I'd advise legit companies to not use email for anything except no-action-required notifications. Just don't get an email address unless you want to make spam tools and scam tricks and security updates a personal hobby. Honestly it is getting that bad.
I don't think you need to go that far. E-mail address's are useful for many things, from newsletters to a notice your credit card payment is due.
What I would recommend is never pay or give any information through a link you followed in an e-mail, no matter how legitimate. Until now, I've been getting an e-mail from Discover every month, and I'll click the link and pay my bill. Now, what I'll do is still get the e-mail, but open a new browser and go to www.discovercard.com myself before I enter confidential information and pay the bill.
But there is no need to delete all your e-mail addresses. |
|
justin
Australian
join:1999-05-28
Brooklyn, NY
Host:
IPv6
Business Connectiv..
Home/Office setup ..
Console/Handheld g..
Console Tech
| yes for you and me and many others here (after all, if we can navigate to the new topic screen, we're pretty sophisticated users).
But as I read a NY times article the other day on "how spammers get hold of your email address" it occurs to me that millions of net users still happily use those sweepstakes type sites (good grief) not realizing they will end up getting diet pill offers for ever. These people are the majority of net users, and with so much identity now being online as well as off, and so much so loosely protected by both consumer and companies, the rewards for sophisticated con-men are insanely high. |
|
trisomy
Premium
join:2002-05-23
Houston, TX
| reply to joebear29
' http ://211.47.191.125:199/%63%67%69/%69%6E%64%65%78%2E%68%74%6D '
Just received this. Thought it would be of interest given the discussion. For those of you who are causally surfing do not enter your information !
(purposely broke the link - what is the point? -- mod)
[text was edited by moderator] |
|
KyleC
Nikon Guy
Premium
join:2001-12-13
Dallas, TX
 ·AT&T Southwest
| reply to justin
said by justin :
I don't think they are so easy to expose anymore.
yeah i guess for the average user. i don't trust anything that comes in email anymore at first sight. |
|
Transmaster
Don't Blame Me I Voted For Bill and Opus
join:2001-06-20
Cheyenne, WY
·Qwest.net
| reply to justin
I consider Juno 1.49 as one of the best pure e-mail clients
of all time. if you still have a dialup modem go below to
download it, any modem from 14.4 on up will work just fine.
»www.oldversion.com/program.php?n=juno
--
I love Irish Terriers, Low Brass, and the electric blue glow of an 866 mercury vapor rectifier tube at night. |
|
sadowski
I Am My Own Doppelganger
Premium,MVM
join:2000-04-14
Buffalo, NY
clubs:
| reply to justin
said by justin :
Only 1% of users, those who continue to read about all of the tricks, are really up with this stuff. Average users are not. At this rate I'd honestly think of advising non-computer friends to not use email AT ALL, for ANYTHING, ever AGAIN. And I'd advise legit companies to not use email for anything except no-action-required notifications. Just don't get an email address unless you want to make spam tools and scam tricks and security updates a personal hobby. Honestly it is getting that bad.
I think that's a bit of an exaggeration, more than a bit. I just tell everyone to PHONE the company (from a number printed on a paper bill or invoice) if they get any requests for password, credit card numbers or any other personal information. Most people will listen and take that kind of advice as long as you don't play the sky is falling game. Just let people know honestly that there are concerns and threats and they will most likely pay attention.
--
In this world of sin and sorrow, there is always something to be thankful for; as for me, I rejoice that I am not a Republican. -- H.L. Mencken
Liberals feel unworthy of their possessions. Conservatives feel theydeserve everything they've stole |
|
vfpguy
Alias Dotnetguy
join:2001-07-21
Wayne, NJ
| reply to justin
said by justin :
At this rate I'd honestly think of advising non-computer friends to not use email AT ALL, for ANYTHING, ever AGAIN. And I'd advise legit companies to not use email for anything except no-action-required notifications. Just don't get an email address unless you want to make spam tools and scam tricks and security updates a personal hobby. Honestly it is getting that bad.
So what's the alternative for non-computer literate people to communicate with each other over the Internet and for businesses to communicate with each other and their customers? E-Mail with a web-site address to click? No, can't use that one. Instant Messaging? No, if IM clients like Trillian have reversed engineered the IM protocols then how long until someone figures out how to spam IM? Change e-mail clients to only accept digitally signed mail? Not as long as certificates are relatively expensive and complicated (for the average user) to set up.
Much as I hate to admit it (donning flameproof suit) MS's Trustworthy Computing is sounding better and better (assuming they can pull if off with their "usual high quality"  )
--
"...a great, serene and peaceful future can slip from us quite as irrevocably by neglect, division and inaction, as by spectacular disaster." -- H. Truman, 6/21/56 |
|
RadioDoc
58ef2c0
Premium,ExMod 2000-03
join:2000-05-11
·AT&T Midwest
| reply to justin
That was an interesting exercise unravelling this last night. There were enough clues that a regular Earthlink customer should have at least raised an eyebrow over the email (which is what happened and led to the investigation in the Earthlink forum), but you just know that the bulk of the online population these days--especially the ones AOL and Earthlink are targeting--would mindlessly click along until they maybe got queasy about giving out ATM PINs. This is what was on that page: »Verify a Website |
|
Jason Levine
Premium
join:2001-07-13
USA
| reply to justin
said by justin :
how soon before someone figures out how to re-write the location bar in the browser to hide where you really are?
They already do this sometimes. A URL can contain a username and password in the form:
http: //username:password@www.somesite.com/
Now, make the username a site's URL and the password a long string to push the real site's URL off screen and you have a URL that will look like it's on Paypal/Ebay/whatever when it's really on some offshore account designed to harvest information from the people who fall for the scam.
For example, this URL might look like it's going to DSLReports.com, but it's really going to Google:
http://www.dslreports.com:dlsgjnsdlvnjsldvnlsdnvlsdvnlsdjkvnlsvnlsdkvnskldvnlsdkvnlsdjkvndjlvn@ww w.google.com/
(Of course, a scammer won't direct you to such a benign site.)
--
-Jason Levine
http://www.jasons-toolbox.com/
http://www.PCQandA.com/
http://www.urateit.com/ |
|
dbuth
My Circadian Rhythm Leans To The Night
join:2001-12-23
Turlock, CA
·Pacific Bell - SBC
| reply to justin
Justin,
All of your suggestions/ideas are warranted. The generation of AOL users, and proliferation of computer users has turned the internet into a SCAM goldmine. I have had no success in stopping my aunt from forwarding urban legends; regardless of repeated pasting of text from www.snopes.com.
With the vast majority of computer users they have no idea that the content they read does not come from AOL, Earthlink, or vanilla wrapped ISP. Scammers have found the golden nugget in the internet, instead of using their old fashioned scams via snail mail.
It seems that no matter how many times it is mentioned here at BBR or mainstream media, people will continue to click on bogus URLs, websites, complete web forms, and divulge personal material without thinking first.
There has to be a way to educate the 99% of users that fail to check certificates or use the most basic skill that our creator has given us. "If it sounds to good to be true it probably is;" also, "Why would they ask for my personal and private information if they already have it?"
--
Proud member of Team Discovery "A friend is a friend who knows everything about you and is still your friend." |
|
