Tech – for Everyone

Tech Tips and Tricks & Advice – written in plain English.

Phishing Lessons, Hotmail Style

If you watch the news, read the papers, and/or peruse tech Web sites, you will be aware of a recent “news item” that thousands of people’s Hotmail login credentials had been stolen in a “phishing scam” and posted on the Internet. Just shy of 10,000 of them…

You may also be aware that Hotmail was not the only target of this scam (see Yahoo, Gmail passwords also phished in far-reaching scam).

But you might not be aware of the analysis that security researchers have done in the aftermath of this “incident”, and some of the conclusions they have come to. That is what I found interested, and followed up on.

Lesson 1:
The research found that the most common password used was “123456”.

All I can say is, I am not surprised. What I really want to say is not fit to print.

The next most popular user password was, “123456789”.

People — this is not good. Passwords are the primary means to prevent unauthorized access. Put a simpler way, a password keeps Joe Criminal from reading your e-mail (and sending a letter to your boss telling said boss to go fly a kite).. or transferring your saving account balance into his.

123456 is the world’s worst password (“password” is no good either), and if you did not know that, please read A Word About Words — Passwords, That Is and find out what you need to know about passwords. Pretty please with sugar on top?

Copyright 2007-9 © Tech Paul. All rights reserved.jaanix post to jaanix

Share this post :

October 15, 2009 Posted by | advice, computers, cyber crime, e-mail, hackers, Internet, Internet scam, News, Phishing | , , , , , | 8 Comments

AWARD WINNING NOTICE

Yawn. I Win Another $2,500,000 USD

From:     Johan Hans (info@lotto.nl)
Sent:     Wed 2/04/09 8:29 AM
To:

AWARD WINNING NOTICE
Ref No.67324/113
Batch No.312/00643374
Ticket/Series No.NL6775489
Amount Won: $2,500,000.00 USD
Attn: Internet User,
This is to formally inform and congratulate you on the result of the
online cyber lotto which was conducted from an exclusive list of 1,000.000
email addresses of individual and corporate bodies selected by an advanced
automated random computer ballot system from the internet.
Your e-mail address emerged as a winner in the category “A” with the
following information enclosed.
You are therefore to receive a cash prize of $2,500,000.00. (Two Million
Five Hundred Thousand United States Dollars).
To file in for the processing of your prize winnings, you are advised to
contact our Certified and Accredited claims agent for category “A” winners
with the information below:
*************************************
MR.   Johan HANS
Phone: 0031-647-372-865
Fax:   0031 847-390-336.
EMAIL: johanhans04@aol.com
*************************************
You are advice to provide him with the following information and a copy of
your international passport or driver’s license via email attachment or by
fax for vetting process which is a standard practice just to ensure that
we are dealing with the right individual.
First name:
Last Name:
Telephone/Fax number:
Nationality:
Age:
Occupation:
Winning Email:
NOTE: Ensure to quote your Reference Numbers in all your communication
with your claims agent. All winnings must be claimed not later than seven
working days, thereafter unclaimed funds would be included in the next
stake.
Congratulations! Thank you for being a user of the World Wide Web.
Yours Faithfully,
Mary Van Dotcha
http://www.lotto.nl/

Lottery Coordinator.

[note: for those of you regular readers.. does this verbage look familiar? I wonder why they all look the same..? You can do a little quick math, and see that I am one lotto-winning son of a gun. I win 2 -3 of these a week! Hey, better to be lucky than good, eh?]

Today’s free link: Malware Tools for Newbie Cyber Criminals This article shows you a hacker’s “kit”, which will help you understand why these spam letters look the same, and why the Internet is in need of a major overhaul…

Copyright 2007-9 © Tech Paul. All rights reserved. post to jaanix

Share this post :

February 5, 2009 Posted by | advice, cyber crime, e-mail, Internet scam, spam and junk mail | , , , , , , , , , , , , | 3 Comments

International cooperation busts cyber-crime ring

In a pair of related cases, a total of 38 people with links to global organized crime—mostly working out of Romania and the U.S., but also operating in Pakistan, Portugal, and Canada—were indicted for engineering a decidedly 21st century cyber-based scheme. (From the FBI Website.)

By using the fairly routine online crime of “phishing“, the online scam also used a clever offline payoff, and ultimately swindling thousands of people and hundreds of financial institutions out of millions before being shut down.

  • Phraudsters working primarily out of Romania—known as the “suppliers”—went phishing and obtained thousands of credit and debit card accounts and related personal information by sending out masses of spam. 
  • These suppliers then sent their ill-gotten financial data to their partners in the U.S.—so-called “cashiers”—through Internet chat and e-mail messages.
  • By using some sophisticated but readily available software and technologies, the cashiers manufactured their own credit, debit, and gift cards encoded with the stolen information, giving them unfettered access to large amounts of money via ATMs and point-of-sale terminals. 
  • Before these cards were used, cashiers directed “runners” to test the cards by checking balances or withdrawing small amounts of money from ATMs. Then, these “cashable” cards were used on the most lucrative accounts. 
  • The cashiers wired a percentage of the illegal proceeds back to the suppliers. (More details of the method used, the people charged, the charges and possible sentences, can be read here.)

    • Folks– were you one of the “thousands” who responded? One phish message was made to appear as if it originated from Connecticut-based People’s Bank.  (In fact, the e-mail message directed victims to a computer in Minnesota that had been “hacked,” and used to host a counterfeit People’s Bank Internet site. {called “pharming“})  During the course of the investigation, it was determined that the individuals had engaged in similar phishing schemes against many other financial institutions and companies, including Citibank, Capital One, JPMorgan Chase & Co., Comerica Bank, Wells Fargo & Co., eBay and PayPal.

    Tip of the day: I don’t care how “authentic” the e-mail, IM, or text message looks; don’t click the link!

    Today’s free link: This video quick tip on CNet TV shows you how to move your complete (including playlists and metadata) iTunes library to a new computer.

    Copyright 2007-8 © Tech Paul. All rights reserved.jaanix post to jaanix 

    Share this post :

    May 31, 2008 Posted by | advice, computers, Internet, Internet scam, Phishing, phraud, security, spam and junk mail, tech | , , , , , , , , , | 2 Comments