Phishing Scam And Phony Certificates
Results 1 to 6 of 6

Thread: Phishing Scam And Phony Certificates

  1. #1
    Senior Member hesperus's Avatar
    Join Date
    Jan 2005
    Posts
    416

    Phishing Scam And Phony Certificates

    The scams get more and more sophisticated, but defense has never been easier -- Don't click in the first place !!!

    A new, advanced form a phishing dubbed "secured phishing" because it relies on self-signed digital certificates, can easily fool all but the most cautious consumers, a security firm warned Thursday.
    The spoofed site uses the HTTPS protocol so that the browser shows the standard "lock" icon designating a secure site. Additionally, the site serves up a self-signed SSL digital certificate (self-signed, meaning the subject of the certificate is also the signer). That's where the trouble really starts, said Larson.
    http://www.informationweek.com/story...d_IWK_security
    Information Week :: Sept. 22, 2005
    .

  2. #2
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    I'm surprised this is just getting recognition now, I've seen quite a few sites that have used their own signed certificates... It's a great way to trick the user... I don't know how many times I've heard people say "Make sure you see that little lock, then you know it's safe".

    People are accountable for their actions in the real world... Half these people that are scammed deserve what they get... That doesn't mean we don't need to stop it, because we need to stop it and educate more users but why do a lot of people get scammed... because they're greedy... why do people succumb to phishing attempts... they don't pay attention... I love the number of people that use HOTorNOT... I'm waiting for someone to use it to obtain peoples passwords


    You have a new match! To see who it is, visit the following link: http://www.hotornot.com/XXXXXXXXXX

    Question: Why don't I see any new matches on my list?

    Answer: This email is automatically sent at the end of each day. If you logged in recently, you may have seen that person on your list already.

    Your username is: XXXXXXXX

    DON'T GET SUCKERED BY SPAM ARTISTS POSING AS US! Never reveal your email address and HOTorNOT password to anyone. We will *never* ask you for this information.

    -Jim and James
    I love the bolded part... they don't ask you for your email address or password, they just give you a link directly to a login form... It's dangerous.

    If people took the time to read the Digital Certs that came up on their screen and took the time to learn how it worked... You don't drive a car without knowing that it needs gas and oil, that you have to pay attention to the gauges and how to steer, signal and turn on the lights. Your browser should be the same way... learn how to use it...It's things like this and people that say "just look for the lock" that reaffirm my belief that computer usage should require a license.

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  3. #3
    Senior Member
    Join Date
    Oct 2002
    Posts
    1,130
    Just looking for the lock icon is basically the same thing as just looking for the check engine light. Although a car may seem fine, even a hobbyist mechanic can tell when things are wrong, such as improper timing, wrong fuel/air mixture, charging system faults, shorts to ground... all things you might never know unless you actually took the time to properly learn how to diagnose your car.

    Yet nobody expects people to know that. Which is why we have mechanics. Nobody is expected to realize when the water pump drive belt is slippping. Instead we wait until the car starts overheating, and then have a professional dignose the problem.

    The smart people have thier car tuned up at regular intervals, during which time the mechanic will also check for other potential problmes of which the owner is not expected or required to be aware of.

    Unfortunately, computers do not recieve the same attention. Nearly nobody has thier computer tuned up until problems appear, at which point it is already too late.

    The difference between tuning up computers and tuning up cars is that I need my car to get to work every day. I can live without a computer for a week and still put food on my table. Not true for a car.

    A car is a necessity for most who own them. A computer is a convenience. Even if you need computers to work, there are computers at work for most. So while we wish people would maintain thier computers more regularly, we can no more expect them to do so than expect them to tune up thier own car. That's what professionals are for. But unfortunately, I need a car. I don't need a computer. There are more important things to spend that money on, like heat and mortgages
    Government is like fire - a handy servant, but a dangerous master - George Washington
    Government is not reason, it is not eloquence - it is force. - George Washington.

    Join the UnError community!

  4. #4
    Senior Member
    Join Date
    Mar 2004
    Posts
    113
    Well, not sure if this e-mail that I received goes here or not, but

    Hello,

    We here at ebay are working 24 hours a day to keep you protected from identity theft.
    It has come to our attention that you have been trying to log into your account using
    multiple IP addresses. IF you have been logging in from work, or if you
    have dial-up Internet then you may not be affected. Please fill out this form below
    to verify your information. If you do not fill all the information required
    within 24 hours the account will be suspended until further notice.


    Please Click Here to Fill Out the form

    Rick Hamilton
    Ebay Fraud Division
    www.ebay.com

    MRG.

  5. #5
    Member
    Join Date
    Jan 2005
    Posts
    73
    The smart people have thier car tuned up at regular intervals, during which time the mechanic will also check for other potential problmes of which the owner is not expected or required to be aware of.

    Unfortunately, computers do not recieve the same attention. Nearly nobody has thier computer tuned up until problems appear, at which point it is already too late.
    The car metaphor is one I've used to try and explain things to non-technical folks on more than one occasion, and it's a very effective one. As well, I agree that most people don't get their computer looked at regularly, but then some people don't do that with their cars either.

    The difference between tuning up computers and tuning up cars is that I need my car to get to work every day. I can live without a computer for a week and still put food on my table. Not true for a car.
    Indeed, for most people a computer may NOT be essential, at least not at home (we won't get into corporate computers, or work-from-home computers, those are rants for another day). However, a computer IS a tool, and like any other tool, if you don't take care of it, you have to get it repaired or replaced more frequently. Some people in the general public have yet to see that they are tools, and as such are subject to the same basic principle.
    \"The future stretches out before us, uncharted. Find the open road and look back with a sense of wonder. How pregnant this moment in time. How mysterious the path ahead. Now, step forward.\"
    Phillip Toshio Sudo, Zen Computer
    Have faith, but lock your door.

  6. #6
    Banned
    Join Date
    Sep 2005
    Posts
    12
    so basically what you are saying is dont open anything ur not sure of, and just delete it right at that point. unless im wrong. i bet i am.. =(

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •