Pissing my BSD boxers with laughter
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Pissing my BSD boxers with laughter

  1. #1
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177

    Pissing my BSD boxers with laughter

    So I check my mail a little bit ago, and I have 5 Emails all to me saying it's from a bank. Hmm, that's funny, I don't use banks, I pulled my money out when I read about the depression in Detention one day in high school.

    So I look further and can't help but laugh at how BAD these morons are at conning people.

    Here is the HTML I got. I checked my mail with Mutt but you can view things like this with v :


    <html>

    <head>
    <meta http-equiv="Content-Language" content="en-us">
    <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
    <meta name="GENERATOR" content="Microsoft FrontPage 4.0">
    <meta name="ProgId" content="FrontPage.Editor.Document">
    <title>Dear RegionsBank customer</title>
    </head>

    <body>

    <p><img border="0"
    src="http://www.coveredbridge.org/marchnewsletter_files/image004.gif"></p>

    <p>Dear RegionsBank customer,</p>
    <p>We recently noticed one or more attempts to log in your RegionsBank account from
    a foreign IP address and we have reasons to believe that your account was
    hijacked by a third party without your authorization.</p>
    <p>If you recently accessed your account while traveling, the unusual log in
    attempts may have initiated by you.<br>
    <br>
    However if you are the rightful holder of the account, click on the link below
    and submit, as we try to verify your account. (In case your are not enrolled use
    your Social Security Number as User ID and first 6 digits of Social
    Security Number as password):<br>
    <br>
    <a href="http://www.zaleo.homeunix.net/openwebmail/javascript/.EBanking/logon/CheckSession.php">https://www.regions.c<font face="Arial" size="1">0</font>m</a></p>
    <br>
    If you choose to ignore our request, you leave us no choice but to temporally
    suspend your account.</p>
    <p>We ask that you allow at least 48hrs for the case to be investigated and we
    strongly recommend not making any changes to your account in that time.</p>
    <p>If you received this notice and you are not the authorized account holder,
    please be aware that is in violation of RegionsBank policy to represent oneself as
    another RegionsBank account owner.Such action may also be in violation of local,
    national, and/or international law. RegionsBank is committed to assist law
    enforcement with any inquires related to attempts to misappropriate personal
    information with the Internet to commit fraud or theft.<br>
    Information will be provided at the request of law enforcement agencies to
    ensure that perpetrators are prosecuted to the fullest extent of the law.</p>
    <p>* <font color="#808080">Please do not respond to this email as your reply
    will not be received.</font><br>
    <br>

    </body>

    </html>


    Yea, like I was going to just go "OH NO SOMEONE IS TRYING TO GET INTO MY ACCOUNT!"

    The part I love the most here is the "Use your social security number for a password" bullshit. People fall for this? Hmmm, I have job security.

    you know in all the times I've conned people, like ALL of them, even when I was little and just trying to bullshit my way out of being grounded, I wouldn't even consider this sack of **** a C+ effort.

    I haven't changed or removed any links to protect the guilty. **** 'em.

  2. #2
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    I realised this is a fairly new forum and some people aren't good scam artists, so for the community at large I will now perform an autopsy on this very bad attempt of a scam I got today. Any questions can be asked here in the forum, any drugs or money are accepted:





    OK, let's crack open a bottle of pills and get crackin':



    <html>

    <head>
    <meta http-equiv="Content-Language" content="en-us">
    <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
    <meta name="GENERATOR" content="Microsoft FrontPage 4.0">
    <meta name="ProgId" content="FrontPage.Editor.Document">
    <title>Dear RegionsBank customer</title>



    ^ This is the first sign I had. I don't even have a bank account.





    </head>

    <body>

    <p><img border="0"
    src="http://www.coveredbridge.org/marchnewsletter_files/image004.gif"></p>

    <p>Dear RegionsBank customer,</p>
    <p>We recently noticed one or more attempts to log in your RegionsBank account from
    a foreign IP address and we have reasons to believe that your account was
    hijacked by a third party without your authorization.</p>


    ^ This is called fear tactics. They make you believe that someone may be in your personal information because humans are well.... Heh, people fall for ****. The human psyche has a natural responce to fear as in "Fight or Flight". Adrenaline. When someone gets into your bank account, your responce is the same as this, and you want to do anything you can to protect your money because you're greedy.

    This exploits that, although, it must be said, poorly.











    <p>If you recently accessed your account while traveling, the unusual log in
    attempts may have initiated by you.<br>



    This is again for nothing other than making it sound legitimate. It's an educated guess that someone they send this to may have in fact been out of the country or out of state, and this would strengthen the fact that they are your real bank because you would think "Well I was just in arkansas" or some box of drooling half wits we call a state. Then you think OK, they must be my real bank, they knew I checked my account from there.

    Again, play on the fear, then make it sound legit and you can make people do anything.







    <br>
    However if you are the rightful holder of the account, click on the link below
    and submit, as we try to verify your account. (In case your are not enrolled use
    your Social Security Number as User ID and first 6 digits of Social
    Security Number as password):<br>
    <br>


    This one..... LOL. I'm laughing at it as of yet.

    I bet they having something showing every log in attempt on that web site and maybe even a shitty looking page saying thank you for verifying your account..

    Heh, this is funny really, they get your SS # and you have way more than an account to worry about. If anyone was going to fall for this, please, send the information to me in a PM, I'll take care of it.







    <a href="http://www.zaleo.homeunix.net/openwebmail/javascript/.EBanking/logon/CheckSession.php">https://www.regions.c<font face="Arial" size="1">0</font>m</a></p>
    <br>
    If you choose to ignore our request, you leave us no choice but to temporally
    suspend your account.</p>



    Again, playing on the fear. You're afraid NOT to comply with them. It's so amature I almost can't stand the fact these *******s are making money on people.




    <p>We ask that you allow at least 48hrs for the case to be investigated and we
    strongly recommend not making any changes to your account in that time.</p>


    Yea, when you change account information, or bring up the fact to someone in your bank you got this mail, THEY GET CAUGHT..... They don't want you to change your account information because then it makes validating what you've given them hell.


    "and we
    strongly recommend not making any changes to your account in that time"


    Read between the lines, nonchalantly (SP?) suggesting you NOT edit your account information is a warning sign. They wanted to say please don't edit the account information until we get done with our new purchases, but saying it boldly would raise suspicion. This way it eases the thought into the back of your mind where you're less likely to act on it. Again, psychologically, is the way to **** someone out of money.





    <p>If you received this notice and you are not the authorized account holder,
    please be aware that is in violation of RegionsBank policy to represent oneself as
    another RegionsBank account owner.Such action may also be in violation of local,
    national, and/or international law. RegionsBank is committed to assist law
    enforcement with any inquires related to attempts to misappropriate personal
    information with the Internet to commit fraud or theft.<br>




    Well gee why don't you send them the email this came in so they can check that out?




    Information will be provided at the request of law enforcement agencies to
    ensure that perpetrators are prosecuted to the fullest extent of the law.</p>
    <p>* <font color="#808080">Please do not respond to this email as your reply
    will not be received.</font><br>
    <br>


    Again, play on the stupidity.




    Well that's all for now, I hope you enjoyed our time together here learning about phishing. But for now, this is a catch and release stream, so I'm out guys!

    .... Seriously if you guys liked me taking this apart and showing it for what it was let me knnow, I'm good at it I think.

  3. #3
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,534
    LMFAO...

    This is a great new forum and a good post at it !!

    The part that won't make it thrue my spam filter is at the very beginning..
    <meta name="GENERATOR" content="Microsoft FrontPage 4.0">
    <meta name="ProgId" content="FrontPage.Editor.Document">
    I don't have friends using Frontpage
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  4. #4
    Senior Member wiskic10_4's Avatar
    Join Date
    Jan 2004
    Location
    Corpus Christi, TX
    Posts
    254
    meh...

    However if you are the rightful holder of the account, click on the link below
    and submit, as we try to verify your account. (In case your are not enrolled use
    your Social Security Number as User ID and first 6 digits of Social
    Security Number as password:
    Now, I'm fully aware of the ignorance of the end-user, but... C'MON!!!

    I mean, why would a bank *need* your SSN??? - I'd shoot 'em back an e-mail (if I didn't already *know* this was a scam) and tell them "why don't you tell *me* - after all, you knew my e-mail address - how about you give me a call - you have my name and number, don't you??? Hell, I wrote it down on a little form for ya even! Check my records! If you can't even keep up w/ that information, I'm afraid I can't trust you w/ my money..."

    I mean, I *know* people are ignorant when it comes to computers, I know - I work w/ the morons on a daily basis... but, *please* - I mean, this *exact* same scam could have been carried out over the phone 15 years ago... well, w/out all the "e-fraud" nonsense, anyway... the fact of the matter is that people are *still* scared of computers and will believe whatever we (or *they*) tell them... nonetheless, I think that those that fall for a scam *this* obvious "have it coming"...

    now I love the little old ladies as much as you do, but, damnit - the Internet is the median of commerce of the future...

    AND IT'S TIME PEOPLE STOP FALLING FOR STUPID BULLSHIT!!!

    anyway, that's my 2 cents...

    -Wiski
    My Corner of the Intarwebz: Jeremy Dean Online

  5. #5
    Senior Member
    Join Date
    Mar 2005
    Posts
    400

    Exclamation

    As Groucho Marx and W.C. Fields used to say on TV:

    "There's a sucker born every minute!"
    ZT3000
    Beta tester of "0"s and "1"s"

  6. #6
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    gore you realize the depression was almost a century ago? Banks were just another business with no financial oversight controls. They are wrung so tight these days you can't **** without the FDICs permission.
    //EDIT I got one the other day advertising online protection from identity thefts, if I put my account number and personal info into this "service" they would graciously ALERT me if they detect any fraud.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  7. #7
    T̙͓̞̣̯ͦͭͅͅȂͧͭͧ̏̈͏̖̖Z̿ ͆̎̄
    Join Date
    Dec 2004
    Posts
    3,171
    Hi gore,

    Here's the fraud link...

    http://www.fraudwatchinternational.c...55_regions.htm
    Regions Bank phishing email - "RegionsBank® - Please Validate Your Account" - Fraud Alert - FraudWatch International

    and this is even more interesting...

    http://www.millersmiles.co.uk/search/regions
    Regions Bank Phishing Scams Archive

    very busy little beavers!

    Eg

  8. #8

    Overseas Bank Employee

    How many of you have gotten a letter(they can't speak english they pretend) wanting you to help defraud the bank they work for out of $40 million bucks!They want you to open an account or yours is better!So he can tell you all the details about the guy that owned the money!He was sadly killed in a plane crash and had no heirs!He will split the money 50/50 with you!!
    This is the second letter like this I have gotten!Do folks really fall for these scams?

  9. #9
    Member
    Join Date
    Feb 2003
    Posts
    49
    The weakest link in securty is the human factor. As you pointed out, often the tactics that are used will exploit a persons ignorance, or fear. Great post!

    Gore,
    I noticed that you mentioned BSD in the title of your post. I am trying to learn how to use freeBSD. I am running it in MS Virtual Machine for now, once I figure it out I plan on a real install.
    I am registered at the freeBSD forum, and have been doing alot of reading. I still don't get it.
    If you have the time, could you post a tutorial on installing software (firewall, and AV inparticular) because the port thing totally loses me. I would be happy with just a link to a tutorial that already exists.

    thanks.

  10. #10
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    pkg_add -r anything

    the -r grabs it from online. If you downloaded a package already though:

    pkg_add



    I'm getting ready for work, but I can explain more later.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •