Cataloguing Phishing and Scamming Attacks

[devpon]

posted Today 02:44 PM
Viewing user-hidden post
Now if you can keep your ****ing mouth shut let me concentrate on that mails header and by the way have you ever before seen a mail header son?

b3mok, damm son, it has now been over 7 hours, where is that mail header info I told you to get?

[|3lack|ce]

I think we're still waiting on it - I just HAD to add this though, after maintaining silence rather than letting it degenerate to a flamewar between (yet another) idiot and myself:

Now... It's Bam time..... You ever watch Emeril?

GO TIGER!!!!!!!!

And yet again we see truth to the old addage about not needing common sense because we have Tiger Shark.

Oh, and one more tip of the rapier - I could've *walked* that header report to AO by now...son. *cackle* He missed on the 'son' bit too - I'm 39. Bet my kid is his age.

[littlenick]

Now if you can keep your ****ing mouth shut let me concentrate on that mails header and by the way have you ever before seen a mail header son?

I guess He made a mistake and he is never gonna come back to AO.Shouldn't there be some enterance test for people who want to join AO.
Atleast a simple mathematical question paper + some questions from c c++ and networking .........
What the hell was he thinking ?
I mean when you see a post by MsMittens you know it is something damn good and for someone to question its credibility is .............WTF(i don't have proper words i mean to call it stupidity or a hactic and imprudiant move will me insulting these words )

[b3mok]

yah yah yah two red dot great isn't it?

Littlenick you ******* you are wrong i am right here facing all you idiots who think of themself as some one special.

Now i guess i am about to be banned after this post of mine but you *******s should remember tat i am coming back in a few days with anather id and with a bang that will prove you all that you guys are nothing more then newbies.

[Tiger Shark]

That's it?????

No startling revelations from the headers? No phone number and photograph of the perpetrator of this henous crime?

Why do I have the horrible feeling that your "bang" will be more of a "phhhht"....

You're right, not one of us here have a clue......

This is all a big joke right..... Memory?

[Negative]

Let me end your suffering, b3mok... you're welcome.

BTW: if we're going to catalogue scams, let's definitely include the "I need to buy some hardware from you and I'll pay with a cc if you ship to Nigeria!" scam

Here's one I got this morning:

Return-path: <tom_deen1@yahoo.com>
Envelope-to: XXX
Delivery-date: Fri, 28 Jan 2005 08:23:04 -0500
Received: from [68.142.200.162] (helo=web30909.mail.mud.yahoo.com)
by server78.totalchoicehosting.com with smtp (Exim 4.44)
id 1CuW5X-0005Cg-Oe
for XXX; Fri, 28 Jan 2005 08:23:03 -0500
Received: (qmail 16077 invoked by uid 60001); 28 Jan 2005 13:24:10 -0000
Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
b=RUm5oSYt7oYUdZ6dCznpRvCUQlzfx+KVQrP0bjpYaSrmHqPUEKHbx0+arUZ+s0BcIZbVNF6qVdrY7+lAQ2vO5biVQwgseCCezXiNkOKEpf80591ziOHuaAHe8y6BmJVm3O7upmwVTAyAjZkcl/GnctfIO2uKtRR+dMX/c83jlNg= ;
Message-ID: <20050128132410.16075.qmail@web30909.mail.mud.yahoo.com>
Received: from [81.18.42.115] by web30909.mail.mud.yahoo.com via HTTP; Fri, 28 Jan 2005 05:24:10 PST
Date: Fri, 28 Jan 2005 05:24:10 -0800 (PST)
From: tom deen <tom_deen1@yahoo.com>
Subject: products enquiry needed
To: tom_deem1@yahoo.com
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-578902174-1106918650=:15605"
X-Antivirus: avast! (VPS 0504-3, 01/27/2005), Inbound message
X-Antivirus-Status: Clean

--0-578902174-1106918650=:15605
Content-Type: text/plain; charset=us-ascii


Hello sales
I will like to order some items from your store but first i'll
really appreciate if you can give me an approval to the products
available in your store before i' proceed with the items
needed.i'll also like you to know that my mode of payment is with my
Credit Card Accounts and i want those items to shipped to NIGERIA ,so
please let me know your response. notes:i will like to know your
acceptable credit card for the payment
Regards
mr tom deen

I've learned that asking for the cc info right away usually works... even before they tell you what they want to order
More stuff to send to the FBI... This one seems to be actually located in Nigeria... that's a new one... heh... the others were in Germany/Holland.

[Tiger Shark]

Ohhhh... Neg.... You killed him.....

Now... Should we get back to the topic at hand?

My personal feeling is that there are already places out there where much of this stuff is categorized... Wouldn't we be re-inventing the wheel?

[MrLinus]

The biggest place I know of is Antiphishing.org but them seem rather selective at posting the phishing samples they receive. Additionally, there is a bit of a delay (2-3 days) before it appears on their archive or on their website. This might provide a quicker heads up and might also make others more aware of the risks.

[Tiger Shark]

I'd suggest the delay is because they are waiting for the server to be shut down... But that's speculation....

Outside of that thhis would only be useful on a personal level. I'm surely not going to send out a warning to my users every time something gets posted... It would end up a lot like "crying wolf".

What might be handy is cataloging the the trick/technique that the scammer is using and how to defeat/recognize the redirection. That would result in a more compact forum and "cut to the quick" rather then being an endless list of the same old phish perpetrated in the names of 100 financial institutions....

Just my $2....

[nihil]

£$%^&!

I missed this one,

Tiger~ shame on you sir!

I'm negging you because you have all the experience and skill of a retarded slug

Shame on you sir! have you any idea of the hours of hard work that my wife puts into the care and maintenance of a rest centre for those poor creatures? (it is called "our garden" by the way )

I don't think that worms, viruses trojans are really relevant here. This seems to be about scams, frauds, identity thefts which are more in the social engineering area? I personally feel that social engineering is an important facet of IT security that quite a few of us do not pay enough attention to, because it has little or no technical content.

What might be handy is cataloging the the trick/technique that the scammer is using and how to defeat/recognize the redirection. That would result in a more compact forum and "cut to the quick" rather then being an endless list of the same old phish perpetrated in the names of 100 financial institutions....

That is very true IMHO, it is the underlying methodology rather than the detail that is important.

My, hopefully, constructive suggestion is that the title should contain "identity theft", "fraud" and "confidence tricks". That way people searching might find the information somewhat more easily. The victims of these activities almost certainly are not familiar with terms like "phishing"