Phishing in the Ebay
Locked
 
|
Good Lord, Owen,
If that is phishing, how would I EVER recognize the real thing. I would have been fooled. Nick Nicholas S. Thompson Professor of Psychology and Ethology Clark University [hidden email] http://home.earthlink.net/~nickthompson/ [hidden email] > [Original Message] > From: <[hidden email]> > To: <[hidden email]> > Date: 5/3/2005 10:00:36 AM > Subject: Friam Digest, Vol 23, Issue 3 > > Send Friam mailing list submissions to > [hidden email] > > To subscribe or unsubscribe via the World Wide Web, visit > http://redfish.com/mailman/listinfo/friam_redfish.com > or, via email, send a message with subject or body 'help' to > [hidden email] > > You can reach the person managing the list at > [hidden email] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Friam digest..." > > > Today's Topics: > > 1. Princeton News: Programmable cells: Engineer turns bacteria > into living computers (Belinda Wong-Swanson) > 2. Phishing (Owen Densmore) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Mon, 02 May 2005 15:50:00 -0600 > From: Belinda Wong-Swanson <[hidden email]> > Subject: [FRIAM] Princeton News: Programmable cells: Engineer turns > bacteria into living computers > To: The Friday Morning Applied Complexity Coffee Group > <[hidden email]> > Message-ID: <[hidden email]> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > There is an interesting article on the Princeton University Web site at > > > > > > > ------------------------------ > > Message: 2 > Date: Tue, 3 May 2005 08:50:57 -0600 > From: Owen Densmore <[hidden email]> > Subject: [FRIAM] Phishing > To: The Friday Morning Applied Complexity Friam <[hidden email]> > Message-ID: <[hidden email]> > Content-Type: text/plain; charset=ISO-8859-1; delsp=yes; format=flowed > > I suspect many of us are getting these Phishing attempts. Needless to > say, responding is a bad idea! > > -- Owen > > Owen Densmore - http://backspaces.net - http://redfish.com - > [hidden email] > > > Begin forwarded message: > > > From: "[hidden email]"<[hidden email]> > > Date: May 3, 2005 2:44:09 AM MDT > > To: [hidden email] > > Subject: Open now and verify your email at eBay > > > > Dear eBay User, > > > > Due to recent activity, including possible unauthorized listings, we > > have temporarily suspended activity on your account in order to allow > > us > > to investigate this matter further. If you believe that this action may > > have been taken in error, or, if you feel that your account may have > > been tampered with, please contact our Live Help team so that we can > > provide additional information and work with you to resolve this > > issue. > > > > > > > > To protect your account please click here: > > > > http;//cgi.ebay.com/saw-cgi/eBayISAPI.dll?RegisterEnterInfo& > > siteid=1& > > > > > > You can reach the Account Theft Live Help team by clicking the > > "Security Center" link located near the bottom of the eBay.com home > > page. After > > clicking "Security Center" link: > > > > 1. Click the "Protecting Your eBay Account" link located under the > > "General Marketplace Safety" heading. > > 2. When the "Securing Your Account and Reporting Account Theft" window > > appears, scroll to the middle of the page and click on the button > > labeled "Live Help." > > > > Once you have clicked on the "Live Help" link, you will be prompted to > > enter a chat name or email address along with a topic related to your > > reason for contacting eBay. After you have entered this information, > > the > > next available representative will assist you. > > > > In the event that you are unable to contact eBay through Live Help > > after taking these steps, respond directly to this message to request > > assistance. We will contact you by email after we have received your > > response. > > > > Please allow at least 72 hours for an email reply. Emailing us prior to > > receiving our reply will result in an additional delay. In order to > > handle your concern as quickly and efficiently as possible, we > > encourage > > you to contact us through Live Help if you are able to do so. > > > > If you received this notice and you are not the authorized account > > holder, please be aware that it is in violation of eBay policy to > > represent > > oneself as another eBay user. Such action may also be in violation of > > local, national, and/or international law. eBay is committed to assist > > law enforcement with any inquiries related to attempts to > > misappropriate > > personal information with the intent to commit fraud or theft. > > Information will be provided at the request of law enforcement > > agencies to > > ensure that perpetrators are prosecuted to the fullest extent of the > > law. > > > > > > > > > > > > > > Do not respond to this email, as your reply will not be received. If > > you would like additional information related to this notice, please > > refer to the eBay Contact Customer Support page at the address provided > > below and contact us with your concern: > > > > Thank you for your patience in this matter. > > > > Regards, Customer Support (Trust and Safety Department) > > ebay International AG > > > > > ------------------------------ > > _______________________________________________ > Friam mailing list > [hidden email] > http://redfish.com/mailman/listinfo/friam_redfish.com > > > End of Friam Digest, Vol 23, Issue 3 > ************************************ |
|
|
Number one, they never actually referenced the account that has been
suspended. However, if in doubt, go to ebay, and see if your account is suspended. On May 3, 2005, at 2:14 PM, Nicholas Thompson wrote: > Good Lord, Owen, > > If that is phishing, how would I EVER recognize the real thing. > > I would have been fooled. > > Nick > > Nicholas S. Thompson > Professor of Psychology and Ethology > Clark University > [hidden email] > http://home.earthlink.net/~nickthompson/ > [hidden email] > > >> [Original Message] >> From: <[hidden email]> >> To: <[hidden email]> >> Date: 5/3/2005 10:00:36 AM >> Subject: Friam Digest, Vol 23, Issue 3 >> >> Send Friam mailing list submissions to >> [hidden email] >> >> To subscribe or unsubscribe via the World Wide Web, visit >> http://redfish.com/mailman/listinfo/friam_redfish.com >> or, via email, send a message with subject or body 'help' to >> [hidden email] >> >> You can reach the person managing the list at >> [hidden email] >> >> When replying, please edit your Subject line so it is more specific >> than "Re: Contents of Friam digest..." >> >> >> Today's Topics: >> >> 1. Princeton News: Programmable cells: Engineer turns bacteria >> into living computers (Belinda Wong-Swanson) >> 2. Phishing (Owen Densmore) >> >> >> ---------------------------------------------------------------------- >> >> Message: 1 >> Date: Mon, 02 May 2005 15:50:00 -0600 >> From: Belinda Wong-Swanson <[hidden email]> >> Subject: [FRIAM] Princeton News: Programmable cells: Engineer turns >> bacteria into living computers >> To: The Friday Morning Applied Complexity Coffee Group >> <[hidden email]> >> Message-ID: <[hidden email]> >> Content-Type: text/plain; charset=ISO-8859-1; format=flowed >> >> There is an interesting article on the Princeton University Web site >> at >> > http://www-cms-edit.princeton.edu//main/news/archive/S11/47/07I63/ > index.xml >> >> >> >> >> >> ------------------------------ >> >> Message: 2 >> Date: Tue, 3 May 2005 08:50:57 -0600 >> From: Owen Densmore <[hidden email]> >> Subject: [FRIAM] Phishing >> To: The Friday Morning Applied Complexity Friam <[hidden email]> >> Message-ID: <[hidden email]> >> Content-Type: text/plain; charset=ISO-8859-1; delsp=yes; format=flowed >> >> I suspect many of us are getting these Phishing attempts. Needless to >> say, responding is a bad idea! >> >> -- Owen >> >> Owen Densmore - http://backspaces.net - http://redfish.com - >> [hidden email] >> >> >> Begin forwarded message: >> >>> From: "[hidden email]"<[hidden email]> >>> Date: May 3, 2005 2:44:09 AM MDT >>> To: [hidden email] >>> Subject: Open now and verify your email at eBay >>> >>> Dear? eBay User, >>> ? >>> Due to recent activity, including possible unauthorized listings, we >>> have temporarily suspended activity on your account in order to allow >>> us >>> to investigate this matter further. If you believe that this action >>> may >>> have been taken in error, or, if you feel that your account may have >>> been tampered with, please contact our Live Help team so that we can >>> provide additional information and work with you to resolve this >>> issue. >>> ? >>> ? >>> >>> To protect your account please?click?here: >>> ? >>> http;//cgi.ebay.com/saw-cgi/eBayISAPI.dll?RegisterEnterInfo& >>> siteid=1& >>> ? >>> ? >>> You can reach the Account Theft Live Help team by clicking the >>> "Security Center" link located near the bottom of the eBay.com home >>> page. After >>> clicking "Security Center" link: >>> ? >>> 1. Click the "Protecting Your eBay Account" link located under the >>> "General Marketplace Safety" heading. >>> 2. When the "Securing Your Account and Reporting Account Theft" >>> window >>> appears, scroll to the middle of the page and click on the button >>> labeled "Live Help." >>> ? >>> Once you have clicked on the "Live Help" link, you will be prompted >>> to >>> enter a chat name or email address along with a topic related to your >>> reason for contacting eBay. After you have entered this information, >>> the >>> next available representative will assist you. >>> ? >>> In the event that you are unable to contact eBay through Live Help >>> after taking these steps, respond directly to this message to request >>> assistance. We will contact you by email after we have received your >>> response. >>> ? >>> Please allow at least 72 hours for an email reply. Emailing us prior >>> to >>> receiving our reply will result in an additional delay. In order to >>> handle your concern as quickly and efficiently as possible, we >>> encourage >>> you to contact us through Live Help if you are able to do so. >>> ? >>> If you received this notice and you are not the authorized account >>> holder, please be aware that it is in violation of eBay policy to >>> represent >>> oneself as another eBay user. Such action may also be in violation of >>> local, national, and/or international law. eBay is committed to >>> assist >>> law enforcement with any inquiries related to attempts to >>> misappropriate >>> personal information with the intent to commit fraud or theft. >>> Information will be provided at the request of law enforcement >>> agencies to >>> ensure that perpetrators are prosecuted to the fullest extent of the >>> law. >>> ? >>> ? >>> ? >>> ? >>> ? >>> ? >>> Do not respond to this email, as your reply will not be received. If >>> you would like additional information related to this notice, please >>> refer to the eBay Contact Customer Support page at the address >>> provided >>> below and contact us with your concern: >>> ? >>> Thank you for your patience in this matter. >>> ? >>> Regards, Customer Support (Trust and Safety Department) >>> ebay International AG >> >> >> >> >> ------------------------------ >> >> _______________________________________________ >> Friam mailing list >> [hidden email] >> http://redfish.com/mailman/listinfo/friam_redfish.com >> >> >> End of Friam Digest, Vol 23, Issue 3 >> ************************************ > > > > ============================================================ > FRIAM Applied Complexity Group listserv > Meets Fridays 9:30a-11:30 at ad hoc locations > Lecture schedule, archives, unsubscribe, etc.: > http://www.friam.org |
|
|
In reply to this post by Nick Thompson
Nicholas Thompson wrote:
> Good Lord, Owen, > > If that is phishing, how would I EVER recognize the real thing. > > I would have been fooled. 1. Never, ever, believe any email that asks for information you use to authenticate yourself to an on-line web-site or entity. If it's real, consider ending any relationship with an entity that insecure and stupid. 2. Never believe any email that asks you to open a file, with or without encryption. If your friends insist on sending you files either explain why you won't open them (it could be a worm) or send a separate email asking for explicit confirmation that your friend did, indeed, send you the file via email. This includes pictures (which you shouldn't see if you use text-only email). 3. Never believe any email that asks you to click on a supplied link to perform some function you normally do in another way (e.g. Windows update or sign in to your web-banking account). Corollary: Never believe any email that asks you to click on a supplied link to perform some function you've never before needed to perform - if you haven't done it before, you probably don't need to do it. 4. Always use some form of current spyware detection - I favour SpyBot Search and Destroy, but there are other good ones out there. For me, it mostly acts as confirmation that my other policies are a good idea - it has never found spyware on my computers. 5. Always pay attention to whether your connection is secure (i.e. using https). Most browsers have a lock symbol or something similiar to indicate this state. I simply have the browser tell me whenever I enter or leave a secure web-page. Mozilla family browsers all come default configured to do this, but most people get impatient and check the box to never have that message appear again. 6. Set your browser to ask you about any cookie not going back to the web-site you are visiting. If you accept a cookie, do so for the session only unless the web-site starts complaining and you really need to use the web-site. My personal policy is that any web-site that requires cookies for destinations other than the web-site is one I don't want to visit. I've told ebusiness sites that I won't visit them unless they dispense with the illegal cookies and, guess what, they eventually get the message. I also have a policy of setting a session deny policy to any web-site that has more than three illegal cookies. Usually these are used to track whether you've seen some ad or other. 7. Set your email client to display header information and check that information to see if it matches the content of the email. All of my email clients (home, work, and Yahoo) are set to display headers. You don't have to be able to trace the "Received:" trail, but you should check to see that the sending user and system make sense. 8. Turn off all pop-ups except for sites where you have no choice but to use them. If you are using Infernal Exploder, get a third-party plug-in to do this for you or, better yet, switch to something that supports pop-up blocking internally (Mozilla, Opera, Firefox). 9. Your safest way to avoid phishing is to limit your email to text-only (i.e. no html). I don't think you can do that with Microsoft LookOut, but I may be wrong. You can set Mozilla, Thunderbird and Netscape to display only text. Even better, use an email client that doesn't understand html. Nearly all phishing schemes and email worms depend upon the prevalence of html email to hide the false urls. Email was originally intended to be a text-only medium - all of the current problems stem from attempts to extend email with features it was never intended to have. -- Ray Parks [hidden email] IDART Project Lead Voice:505-844-4024 IORTA Department Fax:505-844-9641 http://www.sandia.gov/idart Pager:800-690-5288 |
«
Return to Friam
|
1 view|%1 views
| Free forum by Nabble | Edit this page |