11 August, 2009

Phishing


It is called phishing. Symantec reports that in July spam averaged around 89 percent of all e-mail. This compares with about 90% for June. Image spam, which sneaks past filters by embedding spam in an image, accounted for 17%. Health related spam declined 17%. 419 spam (often better known as Nigerian hoax spam) rose 3 %. Phishing e-mail often includes official-looking logos and other identifying information taken directly from a legitimate web site. It may include convincing details about your personal information that scammers found on your social networking pages. The main thing phishing e-mail messages have in common is that they ask for personal data, or direct you to web sites or phone numbers to call where they ask you to provide personal data. Once you are at one of these spoofed sites, you might unwittingly send personal information to the con artists. If you enter your login name, password, or other sensitive information, a criminal can use it to steal your identity, use your credit card, and empty your bank account.


Knowing this, when I got a letter from an old friend in Jamaica I had no difficulty in recognizing it was a con job of some kind.


Hello,


How are you doing?hope all is well with you and family,I am sorry I didn't inform you about my traveling to England for a Seminar..


I need a favor from you because I misplaced my wallet on my way to the hotel where my money,and other valuable things were kept I will like you to assist me with a soft loan urgently with the sum of $2,500 US Dollars to sort-out my hotel bills and get myself back home.


I will appreciate whatever you can afford and i'll pay you back as soon as I return,Kindly let me know if you can be of help? so that I can send you the Details to use when sending the money through western union.


Thanks


(***** signed with her special logo)


I must admit, knowing my old friend’s skills, the pathetic punctuation was the main giveaway. I did not for one moment believe it was an authentic message from her. So, I immediately sent her an email (not clicking on reply, but taking her address from my address book). I copied the fake email to her, and added:


Subject: computer taken over by worm
Date: Thu, 6 Aug 2009 06:18:41 -0400


Hi *****,


Better get your computer checked!!


Sincerely,


Don


Within minutes I got a response. It read:


Subject: RE: computer taken over by worm


Hello don,

Thank you for your concern and help. My email address has not been compromised, I sent you the mail in-order for you to help me out. Let me know if you can be of help to me.


(***** signed with her special logo)


I was amazed and horrified at the same time. I knew it was not from her, pathetic spelling and punctuation and all. Someone must have taken over her e-mail lock, stock and barrel. They had intercepted my e-mail!


All I could think of doing was to send a message to another friend in the same country, asking him to telephone our mutual friend to warn her that her email, and possibly her computer, had been infiltrated by someone who was pretending to be her, and who was using her e-mail service to con her friends. I wrote:


Hello *****,


Somebody has taken over *****'s computer and is using it to con her correspondents. I don't have a telephone number for her, or I would ring her to warn her.


As you will see from the below, the person has such control of her machine that he can answer messages emailed to her.


Sorry to trouble you, but I can think of no one else in Jamaica, except my friend ******, to whom I am also copying this email in the hope that he also knows ***** and can express my concern to her.


Thanks,


Don


My friend tried to contact her, and, instead of telephoning her, sent her an e-mail. As I later responded to him,


Thanks, *****, but *****'s computer has been taken over by a phisher. Your email to her would have been intercepted. Best if you could give her a call. But, she probably knows by now from others of her friends.

Don


I have not heard from my friend whose computer was compromised. I am afraid to send her another message.


Tell me if that exchange of correspondence would not have you freaked out. Not only was the English much better, the punctuation nearly perfect as it progressed, but you can see how many people would fall for such a con.


You have to wonder how many friendships are being compromised right this moment by similar conmen.


5 comments:

  1. it's better if you are protected with an av solution. i use bitdefender for almost 3 moths and i am very pleased of it. you should give it a try.

    ReplyDelete
  2. One word: Macintosh.

    ;-)

    ReplyDelete
  3. Don, bad news. It's quite possible that YOUR computer is infected. And your entire e-mail list has been downloaded. And THAT is how they got your friend's adress(es).

    And that can be serious because:

    Once you give me an address, for $100 I can get the username and password to just about any email address at yahoo, hotmail, etc. Services in India do things like this. They'll unlock any phone if your local provider refuses, they'll get you usernames and passwords to services, etc.

    Scary stuff, especially if they log into other friends' accounts and figure out ways to SCAM THEM that you won't even know about. Best way for you to check this is...

    Just call her yourself. Reverse the charges if you can't afford it. If she can't accept the reversal, it's probably true.

    C'mon. Use the phone and get the facts. It's quite possible she needed the money, was brain-frazzled when writing (hence the grammar) and is on the verge of a breakdown. It's also quite possible this is a fraud.

    Just phone and know for sure. Then write your column (or don't bother if she neeed the $ -- it's a boring story, if personally sad story, if she just needed a loan). I've had friends I've not heard from for 10 years ask me for $20K in the last while. Times are tough.

    DonWatcher

    ReplyDelete
  4. My email was hijacked last year. Everyone on my email list was sent the news that I was now in the electronics business and a distributer of electronics made in China. All my contacts have of course blocked these emails but every couple of days I get a long list of attempted emails.

    ReplyDelete
  5. Don ,I experienced a similar problem when I received an email from someone known as Realistspikenice.It appeared that, in his fowarded bulk emails,he had most of my contact addresses.I know that I personally had no contact with this individual,yet still they were sending emails to my contact list and myself.It seems that somehow he infiltrated my system.I have advised the people on my list and askthem not to repond to any emails from that individual.its rather disgusting and a great inconveinence to everyone.

    ReplyDelete

Note: only a member of this blog may post a comment.