topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 1:04 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Nearly caught by spam.. [or 'Saved by Thunderbird']  (Read 11626 times)

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,959
    • View Profile
    • Donate to Member
Nearly caught by spam.. [or 'Saved by Thunderbird']
« on: February 09, 2010, 04:03 AM »
I dont bank online so I dont have to think twice about any mail asking me to confirm my account details etc.

But today I got a mail from Synplicity saying that as I havent used my (free) acount in over 60 days (which is true) it would be canceled if I didnt login.
I almost clicked on a link - no actually I *did* click on a link (...I was thinking about something else) & Thunderbird warned me that the link was not what it seemed and true - there were 9 links and all were leading to the same link
http://lfov.net/webrecorder.........[etc]

I dont know did Thunderbird always do that, but if you hold the mouse over a link - the url will show in the statusbar.
Tom

housetier

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 1,321
    • View Profile
    • Donate to Member
Re: Nearly caught by spam.. [or 'Saved by Thunderbird']
« Reply #1 on: February 09, 2010, 09:36 AM »
I have made it a habit to never click but to always copy and paste the url. I assume this helps against a few scams.

KynloStephen66515

  • Animated Giffer in Chief
  • Honorary Member
  • Joined in 2010
  • **
  • Posts: 3,741
    • View Profile
    • Donate to Member
Re: Nearly caught by spam.. [or 'Saved by Thunderbird']
« Reply #2 on: February 09, 2010, 11:49 AM »
Your BANK will NEVER ask for you to confirm ANYTHING via e-mail, this is a scam that has been going around for a long time, if they require you to confirm anything they will call you and ask for you to come into the bank.  Even if they ask you to do it over the phone, you can refuse and request to go into your local branch.

I have received e-mails off banks that i do not even have an account with, telling me that there has been 'fraudulent activity' on my account.  These have been arriving for about 12 months, the easiest thing to do, if you have ANY concerns, is to simply ignore them and contact your bank directly to ask if the info you have been given is correct.

Just remember, make sure they have your up-to-date contact details and you will be OK.

NEVER TRUST E-MAILS CLAIMING TO BE FROM OFFICIAL SOURCES AS THEY WILL 99.9% OF THE TIME, BE A SCAM.

The following link is for the UK but it is also valid for the rest of the world.

http://www.shropshir...9E4E802574C100447396
(RAW LINK) - Always hover over a link and look in your status bar to check if the link is actually what it seems to be...


Example:

Hover over the following links and look in your status bar:

Http://www.google.com

Http://www.google.com

Notice, the first link, takes you to google, and the 2nd link looks like the same thing, but if you hover over the second link, you will notice (in your status bar at the bottom of your browser) that it takes you to Microsoft.com...

Hope this helps :)

jaden

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 145
    • View Profile
    • Donate to Member
Re: Nearly caught by spam.. [or 'Saved by Thunderbird']
« Reply #3 on: February 11, 2010, 06:10 PM »
While I agree wholeheartedly with not clicking links in emails and being wary, in this case the email wasn't spam, it was legitimate.  I received the same one and the links were similar, but different.  If you look closely, you'll see the lid field has different values.  If you click on the links you'll also see they take you to different pages.

http://lfov.net/webr...8b-9ad4-0615c9ef55a1
http://lfov.net/webr...8b-9ad4-0615c9ef55a1
http://lfov.net/webr...8b-9ad4-0615c9ef55a1

lfov.net redirects to LoopFuse.net, a sales and marketing automation service.  These services allow the sender (in this case Syncplicity) to track what links were clicked along with other analytics.

You'll never go wrong if you manually type in the company's URL when you get an email, but in some cases (like the survey) the links are masked for the sake of email tracking.  The only way to the survey is through the tracked link.

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,959
    • View Profile
    • Donate to Member
Re: Nearly caught by spam.. [or 'Saved by Thunderbird']
« Reply #4 on: February 12, 2010, 03:24 AM »
While I agree wholeheartedly with not clicking links in emails and being wary, in this case the email wasn't spam, it was legitimate.  I received the same one and the links were similar, but different.  If you look closely, you'll see the lid field has different values.  If you click on the links you'll also see they take you to different pages.

http://lfov.net/webr...8b-9ad4-0615c9ef55a1
http://lfov.net/webr...8b-9ad4-0615c9ef55a1
http://lfov.net/webr...8b-9ad4-0615c9ef55a1

lfov.net redirects to LoopFuse.net, a sales and marketing automation service.  These services allow the sender (in this case Syncplicity) to track what links were clicked along with other analytics.

You'll never go wrong if you manually type in the company's URL when you get an email, but in some cases (like the survey) the links are masked for the sake of email tracking.  The only way to the survey is through the tracked link.

ahhh, interesting. thanks Jaden
Tom

jaden

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 145
    • View Profile
    • Donate to Member
Re: Nearly caught by spam.. [or 'Saved by Thunderbird']
« Reply #5 on: February 12, 2010, 04:11 AM »
No problem :)

parkint

  • Supporting Member
  • Joined in 2010
  • **
  • Posts: 119
  • It's bad luck to be superstitious
    • View Profile
    • Donate to Member
Re: Nearly caught by spam.. [or 'Saved by Thunderbird']
« Reply #6 on: February 13, 2010, 08:52 AM »
By the same token, whenever I receive a phone call from "your bank" or "the phone company" I simply ask for the person's name or department and tell them I will hang up now and call the published phone number for that company - asking for them.

I recommend a simply solution to Fight Phishing.

A funny story is an argument I had over the phone once - someone from "my bank" called and I wanted me to verify my identity.  I immediately challenged them by asking for my account number.  She could not provide it.  I asked for the last four digits of my social security number.  She said, "I do not have that information in front of me".
So, I asked, how can you confirm my identity over the phone when you don't have any of my personal information?
I think she was about to cry (apparently a college kid just hired by some fly-by-nigh company to make these phone calls and collect information).

J-Mac

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 2,918
    • View Profile
    • Donate to Member
Re: Nearly caught by spam.. [or 'Saved by Thunderbird']
« Reply #7 on: February 14, 2010, 12:51 AM »
Your BANK will NEVER ask for you to confirm ANYTHING via e-mail, this is a scam that has been going around for a long time, if they require you to confirm anything they will call you and ask for you to come into the bank. 

Uhh, wrong. Banks like to profess that they are the ultimate in security but most of the time they are anything but.

I received an email from Wachovia about 18 months ago asking me to click a link and login to my Online Banking page to change my login credentials - claimed they were converting to a more secure authentication system. I forwarded the email to their fraud division and got a call from them. I asked for a number and called back after verifying the number. Lady there told me that it wasn’t a phish email; that the login upgrade was indeed real. I blasted here for such a security lapse, which she didn't understand, and followed up with snail mail letters to their corporate office and their Fraud division.

My wife - who was an assistant manager for them at the time - told me later what a stink I made! Special training, etc. and a revamping of their "online presence".

Sorry, but banks are basically stupid, simple animals who will violate any security parameter for the sake of cutting spending and making money!

Jim

jaden

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 145
    • View Profile
    • Donate to Member
Re: Nearly caught by spam.. [or 'Saved by Thunderbird']
« Reply #8 on: February 14, 2010, 02:34 AM »
My wife - who was an assistant manager for them at the time - told me later what a stink I made! Special training, etc. and a revamping of their "online presence".

That's awesome!  Who knew you had such power? :)

Sorry, but banks are basically stupid, simple animals who will violate any security parameter for the sake of cutting spending and making money!

Truer words were never spoken.  Banks often include links in the emails and can be very hard to distinguish from a phishing scam.  Two days ago I received an email from Discover Bank informing me that external bank accounts had been added.  I went to login (using my bookmark) and Firefox complained that while the page I was on was secure, the username and password were going to be transmitted in plain text.  This didn't make any sense, and after a few times of trying different ways to login, I gave up, never logging in because I didn't trust the site.

Yesterday I received this email.

You may have received an email indicating that you have successfully enabled one or more of your bank accounts for funds transfer service. Please disregard this e-mail as it was sent in error as part of the upgrade to our new Account Center. Please note that the Account Center is currently unavailable as we upgrade and will be available beginning Sunday, February 14. We apologize for any confusion this may have caused.

Krishean

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 75
  • I like pie
    • View Profile
    • Draconis Labs
    • Donate to Member
Re: Nearly caught by spam.. [or 'Saved by Thunderbird']
« Reply #9 on: February 14, 2010, 03:17 AM »
you should also not click on spam links because if they use http://www.example.com/filename?id=something&whatever=numbersandletters the parameters after the ? can be a unique identifier that links the click to your email address in their database backend, clicking the link confirms your existence = more spam
Any sufficiently advanced technology is indistinguishable from magic.

- Arthur C. Clarke
« Last Edit: February 14, 2010, 03:25 AM by Krishean »

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,884
    • View Profile
    • Donate to Member
Re: Nearly caught by spam.. [or 'Saved by Thunderbird']
« Reply #10 on: February 14, 2010, 03:22 AM »
Your BANK will NEVER ask for you to confirm ANYTHING via e-mail, this is a scam that has been going around for a long time, if they require you to confirm anything they will call you and ask for you to come into the bank.

Uhh, wrong. Banks like to profess that they are the ultimate in security but most of the time they are anything but.

I received an email from Wachovia about 18 months ago asking me to click a link and login to my Online Banking page to change my login credentials - claimed they were converting to a more secure authentication system. I forwarded the email to their fraud division and got a call from them. I asked for a number and called back after verifying the number. Lady there told me that it wasn’t a phish email; that the login upgrade was indeed real. I blasted here for such a security lapse, which she didn't understand, and followed up with snail mail letters to their corporate office and their Fraud division.

My wife - who was an assistant manager for them at the time - told me later what a stink I made! Special training, etc. and a revamping of their "online presence".

Sorry, but banks are basically stupid, simple animals who will violate any security parameter for the sake of cutting spending and making money!

Jim

My bank will NEVER email me about ANYTHING. Nor will they request info over the phone.

I can't even set up any sort of automatic bill payment through them unless I go there in person and fill out a bunch of forms authorizing a reoccurring payment, stating the name & address of company, specific amount to be paid and how often, and if the company tries to submit an amount that differs from what I put on that form, it gets rejected.

I once lost internet access because of this, right after a price increase, because I failed to go to the bank in person and file an update to the original authorization, with the new amount. They refused to pay the ISP one penny, and the ISP shut me off for nonpayment.

The bank doesn't even offer ATM cards, because they are worried about security...things like unauthorized use, lost or stolen cards, people being robbed at ATM machines, and something about 4 char PIN codes using only numbers 0-9 being too easy to crack. So, we can't have them.

But I love this bank. Yeah, they can be a little backwards where technology is concerned, but that can have some benefits. It's small, but run much different than your typical bank. It's not a big corporation owned by a bunch of tycoons and speculating stockholders. It's a very conservative community bank that is owned by its depositors, and we all have voting rights. (Yup, because I have money in there, I own a piece of that bank) It was set up after the stock market crash of 1929, by a bunch of people that wanted a more secure place to keep their money, after they nearly lost it all to the bigger banks that collapsed. Ever since then, every time there has been some sort of banking crisis, our bank hasn't really been affected by it. In fact, they always seem to come out even stronger. They never lost sight of their original mission of safety & security for your money and service to the local community. And that's why I have kept my money there for almost 30 years.

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Nearly caught by spam.. [or 'Saved by Thunderbird']
« Reply #11 on: February 14, 2010, 10:15 AM »
I recommend a simply solution to [url=http://www.wistful-thinking.com/archives/121]Fight Phishing.
Now that's an interesting idea. I might just have to try automating that next time I'm board (and feeling evil) - See how phishing site X likes getting 8,000+ lines of bogus login info.

J-Mac

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 2,918
    • View Profile
    • Donate to Member
Re: Nearly caught by spam.. [or 'Saved by Thunderbird']
« Reply #12 on: February 14, 2010, 01:28 PM »
My bank will NEVER email me about ANYTHING. Nor will they request info over the phone.

I can't even set up any sort of automatic bill payment through them unless I go there in person and fill out a bunch of forms authorizing a reoccurring payment, stating the name & address of company, specific amount to be paid and how often, and if the company tries to submit an amount that differs from what I put on that form, it gets rejected.

I once lost internet access because of this, right after a price increase, because I failed to go to the bank in person and file an update to the original authorization, with the new amount. They refused to pay the ISP one penny, and the ISP shut me off for nonpayment.

The bank doesn't even offer ATM cards, because they are worried about security...things like unauthorized use, lost or stolen cards, people being robbed at ATM machines, and something about 4 char PIN codes using only numbers 0-9 being too easy to crack. So, we can't have them.

But I love this bank. Yeah, they can be a little backwards where technology is concerned, but that can have some benefits. It's small, but run much different than your typical bank. It's not a big corporation owned by a bunch of tycoons and speculating stockholders. It's a very conservative community bank that is owned by its depositors, and we all have voting rights. (Yup, because I have money in there, I own a piece of that bank) It was set up after the stock market crash of 1929, by a bunch of people that wanted a more secure place to keep their money, after they nearly lost it all to the bigger banks that collapsed. Ever since then, every time there has been some sort of banking crisis, our bank hasn't really been affected by it. In fact, they always seem to come out even stronger. They never lost sight of their original mission of safety & security for your money and service to the local community. And that's why I have kept my money there for almost 30 years.

Then you are fortunate indeed. But keep an eye on them anyway. Never know when a new CEO decides to change things up a bit!

After my last post here I went through my email archive just to see what was there: a total of four phish-looking emails that were really from Wachovia, two from Citizens, and even one from Vanguard. My replies are classic - had me snickering myself while reading them now. Amazingly, as aggressively sarcastic as my replies sometimes were, the first reply back from almost all of the institutions read like they still didn't get my point at all. Sad really...

Thank you.

Jim

jaden

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 145
    • View Profile
    • Donate to Member
Re: Nearly caught by spam.. [or 'Saved by Thunderbird']
« Reply #13 on: February 16, 2010, 01:15 PM »
That reminds me of this Phishing Test I took a while back.  I got a 10/10 on it, but from a quick search through my inbox, phishing emails can look more legitimate than the real thing.

I've never bothered to reply to banks' emails.  I tend to think they're not really listening to their customers, even though they want you to think they are.

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Nearly caught by spam.. [or 'Saved by Thunderbird']
« Reply #14 on: February 16, 2010, 07:50 PM »
That reminds me of this Phishing Test I took a while back.  I got a 10/10 on it, but from a quick search through my inbox, phishing emails can look more legitimate than the real thing.

Love the test - I'm going to have the entire office take it tomorrow -LOL- this outa be fun...

Seriously, the verification methods that most financial institutions use are so flimsy is no wonder the entire planet hasn't be stolen 10 times over. Here's an example: My mortgage company will not let my wife make changes to the account, because she is not on the mortgage. However... They'll happily sit there and talk to her about it all day long. If she wants to make a change, she has to get me to verify that it's ok for her to make said change. ...Almost sounds perfectly secure there doesn't it... The "verification" consists of her handing me the phone, the agent asks me my name, last 4 digits of SSN, and birth date.

Now what has actually been verified in that scenario? Only that some guy (or person with a deep voice), has my wallet, and wants to screw with my finances.

Oh yeah, here's my all time favorite ... Shell Oil decided to enforce a protection scheme on their gas cards. It consists of requiring one to enter their zip code when using the card. Apparently nobody at Shell knew that Address & Zip Code are a standard part of the information contained on every driver's license ever made. (Add what two cards are guaranteed to be in anybodies wallet) ... Doh!!

jaden

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 145
    • View Profile
    • Donate to Member
Re: Nearly caught by spam.. [or 'Saved by Thunderbird']
« Reply #15 on: February 18, 2010, 12:20 AM »
Oh yeah, here's my all time favorite ... Shell Oil decided to enforce a protection scheme on their gas cards. It consists of requiring one to enter their zip code when using the card. Apparently nobody at Shell knew that Address & Zip Code are a standard part of the information contained on every driver's license ever made. (Add what two cards are guaranteed to be in anybodies wallet) ... Doh!!

I don't remember when this started, but every time I fill up with my credit card I have to type in my zip code.  It's such a flimsy means of verifying someone's identification it probably stops more honest people from getting gas than crooks with a stolen card.

Like airport security, it inconveniences the consumer and is easily subverted by crooks.  I've heard the whole reason for these changes are to appease the public rather than reduce crime.  Corporations want to make sure people feel more secure, even if they're progressively less so as time goes by.

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Nearly caught by spam.. [or 'Saved by Thunderbird']
« Reply #16 on: February 18, 2010, 06:06 AM »
Ding! Ding! Ding! Ding! BINGO ...Give That Man A Prize!!!

 :D

J-Mac

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 2,918
    • View Profile
    • Donate to Member
Re: Nearly caught by spam.. [or 'Saved by Thunderbird']
« Reply #17 on: February 18, 2010, 02:53 PM »
"Security Theater", as security guru Bruce Schneier calls it. Doesn’t do a thing to actually authenticate the purchase but it is supposed to look like it does. Bunch of crap!

Worse yet are all the financial institutions I use now requiring me to add so-called "security questions" to my login, supposedly to enhance my online security. All that does is reduce my security online. Idiots - and then some.

Jim

jaden

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 145
    • View Profile
    • Donate to Member
Re: Nearly caught by spam.. [or 'Saved by Thunderbird']
« Reply #18 on: February 18, 2010, 06:30 PM »
Worse yet are all the financial institutions I use now requiring me to add so-called "security questions" to my login, supposedly to enhance my online security. All that does is reduce my security online. Idiots - and then some.

Those are truly awful.  With the amount of personal information available online, those so-called security questions should be renamed account entry questions.  A 15 character password with uppercase, lowercase, digits and special characters?  Who cares, you wrote your dog's name and where you went to high school on your public Facebook profile and someone's already transferring money out of your account.

That's why I provide nonsensical answers to those questions and store them in KeePass.

What is your best friend's name? Flesh wound
What is your dog's name? Anybody want a peanut?

J-Mac

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 2,918
    • View Profile
    • Donate to Member
Re: Nearly caught by spam.. [or 'Saved by Thunderbird']
« Reply #19 on: February 18, 2010, 09:07 PM »
Yeah, I do the same but I'm not so consistent as to where I store them. Next time I need them I'm searching all over the place. Just a big pain in my arse!!

Jim