Ask MetaFilter questions tagged with Phishing

Trolling, trolling, trolling, RawHide!

Mitheral — Tue, 26 May 2009 09:47:42 -0800

What is the attack vector on this apparent facebook phishing email? I received the following email (twice actually) this morning:
Hey Foo,

You recently registered for Facebook. To complete your Facebook registration, follow this link:

http://www.facebook.com/c.php?code=520372293&email=FooBar%40googlemail.com

Facebook helps you communicate and stay in touch with all of your friends. Once you join Facebook, you'll be able to share photos, plan events, and more.

Thanks,
The Facebook Team

Where Foo Bar is my real name and foobar@gmail.com is one of my email addresses. I don't have a facebook account and haven't tried to sign up for one. The link text matches the hover over text in Mozilla.

Does this seem scammy to you?

dejah420 — Tue, 07 Apr 2009 08:36:24 -0800

Recently, I've had recruiters asking for SS#s to submit my resume for positions. My husband has had the same thing happen, as have some friends. Is this the newest scam on the block? (as always...more inside) Recently, both my husband and I have gotten phone calls from recruiters who speak heavily accented English that have jobs which sound tailored to our public resumes. The recruiter has then asked for data which I consider ridiculous to give out, including birth date, social security numbers, place of birth, etc. This sounds like identity theft scamming to me.

The company that most recently asked for my SS# was itlogix.com, which has no contact information on their website, and the site is riddled with grammatical and spelling errors.

I think this is a scam being attempted on folks who have publicly posted their resumes on job search boards, as I've heard about it happening to a lot of people with Monster profiles.

Does this sound like a scam to y'all? If so, to which government agency should this activity be reported?

How to get rid of the phisher?

iconomy — Fri, 17 Oct 2008 08:12:40 -0800

Someone went phishing, and hooked my daughter. What can she do now? I'm asking this for my daughter. Macbook, OSX. I know nothing about phishing so couldn't help her with this. I've been bragging about AskMe for years, so I offered to post this here. The rest of this post is from her.

- - - - - - - - - - - - - - - - - -

On 10/10 I realized that I couldn’t log onto a couple of wesbites I normally visit. Facebook wouldn’t accept my password, Hotmail
(different account than the email linked with facebook) wouldn’t accept my password and my bank’s website wouldn’t recognize my log-in name. I got confirmation from the bank that nothing was being used and I changed my Facebook password (which sends an prompt to the uncompromised email address) and was able to log on and use it until 10/15.

Last night I tried logging onto Facebook but the same problem arose where it wouldn’t recognize my password. I tried changing my password but still couldn’t log on. This morning I changed my password again and when I finally logged in I saw that there were about 15 messages sent from my name to various individuals. All of these messages looked exactly like this:

Hello Seller.

Good Day..How are you doing and hope that everything is okay...Actually i come across this your item you placed on site which i have interesting on buying it , kindly may i know present condition of this item including your latest price you are willing to sell it to me...in other for us to be able to able about this item i will be happy to read back from and you should kindly get back to me vai this email address...******@hotmail.com

Cheers

All of these messages were sent to people posting laptops for sale and the email was different than my own. I changed my bank log-on through the phone but I still cannot access my email (because I can’t remember the access question “who is your favorite teacher?” from when I started my email in middle school!). So I’d like to know if anyone has any advice or insight into my problem, or even something I could run to find/get rid of what is compromising my computer. Thanks so much for any help!

Facebook Account compromised. Is there any way to stop the phishing?

valannc — Fri, 12 Sep 2008 07:35:30 -0800

My cousin's Facebook account was compromised and some person or bot is sending spam to his Facebook friend list. He canceled his Facebook account a month ago, but spam keeps arriving in my email box -- as if my cousin is still a Facebook member. The spam seems to be arriving from a legitimate Facebook domain. To make it worse, he is a young man just starting college and these spams are going out in his name. Not good for his social life. I'm trying to help him. He is distressed by this. Canceling the Facebook account didn't stop the problem.

Is there anything that can be done???

Here is an example of the spam. (For confidentiality, I changed my cousin's name and my own Facebook id number.)

=========================
---------- Forwarded message ----------
From: Facebook (wallmaster+oscowy89@facebookmail.com)
Date: Thu, Sep 11, 2008 at 3:58 PM
Subject: FIRSTNAME LASTNAME wrote on your Wall...
To: FIRSTHAME LASTNAME

FIRSTNAME wrote on your Wall:

"You have a new crush! check it out go here
yourcrushisreal . com (remove the spaces)"

To see your Wall or to write on FIRSTNAMES's Wall, follow the link below:
http://www.facebook.com/n/?profile.php&id=MYFACEBOOKID#wall

Thanks,
The Facebook Team

___
Want to control which emails you receive from Facebook? Go to:
http://www.facebook.com/editaccount.php?notifications&md=etc... (I truncated this)

==========================

The Facebook Security Page has the following info:
"It is possible that malicious software was downloaded to your friend's computer or that their login information was phished in an attempt to send spam from their profile. We would like to investigate this issue further, but unfortunately, we cannot release information regarding a user’s account to anyone but the account holder. Please tell your friend to visit the Facebook Help Center and contact us."

The "contact us" link does not work and I don't see any way to contact Facebook.

Suggestions?

What to do after a PayPal Phishing Scam?

JulianDay — Mon, 03 Mar 2008 16:20:00 -0800

My friend just - 30 minutes ago - entered a bunch of information in a PayPal phishing website. What should he do right now? I looked up the other questions and see he can do a Fraud Alert, which I'll tell him about right after I ask this, but is there anything else he should do?

He gave to the website his:

Full Name
Social Security Number
Mother's Madien Name
A CC number w/ Security Code
Full Address (I guess for the CC)

I told him to call his CC and I'll show him the www.ftc.gov site.

He's nervous about what he just did, but I explained to him he can watch this post and see the answers as they come in.

Thanks.

due to some reasons the eBay policy automatically proclaims you to be the winner by default !

acro — Wed, 02 Jan 2008 14:25:43 -0800

After bidding on a high-end cell phone on ebay, at a seemingly reputable Ebay store, I soon received several emails, all purporting to be from the seller (but appearing very automated), telling me that I had won the item (still active at Ebay) and to contact them by email to purchase it. Ebay seems to hide the bidder information and email address, so how are they sending me mail, and why from so many different phishers?
Delivered-To: {redacted}
Received: by 10.65.54.20 with SMTP id g20cs328254qbk;
Tue, 1 Jan 2008 23:45:49 -0800 (PST)
Received: by 10.100.34.16 with SMTP id h16mr29644415anh.114.1199259949461;
Tue, 01 Jan 2008 23:45:49 -0800 (PST)
Return-Path:
Received: from higgins.propagation.net (higgins.propagation.net [66.221.160.21])
by mx.google.com with ESMTP id 45si18201819wri.25.2008.01.01.23.45.49;
Tue, 01 Jan 2008 23:45:49 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of nobody@higgins.propagation.net designates 66.221.160.21 as permitted sender) client-ip=66.221.160.21;
Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of nobody@higgins.propagation.net designates 66.221.160.21 as permitted sender) smtp.mail=nobody@higgins.propagation.net
Received: from higgins.propagation.net (localhost [127.0.0.1])
by higgins.propagation.net (8.13.6/8.13.6) with ESMTP id m027Z3wn015982
for <>; Wed, 2 Jan 2008 01:45:49 -0600
Received: (from nobody@localhost)
by higgins.propagation.net (8.13.6/8.13.3/Submit) id m020eK6a021694;
Tue, 1 Jan 2008 18:40:20 -0600
Date: Tue, 1 Jan 2008 18:40:20 -0600
To: [redacted]
Subject: eBay Offer for Item ([redacted])
From: eBay
Reply-To: {redacted}@gmail.com
Message-ID: <1>
X-Mailer: PHP v4.4.2
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary = PHP-EMAIL477add7491cee

This is a MIME encoded message.
[encoded message redacted]
Dear Buyer,

I'm the seller of the item that you've recently bided through the eBay system - http://offer.ebay.com/ws/eBayISAPI.dll?ViewBids&item={redacted} and i`ve just been contacted by the eBay staff who informed me that due to some reasons the eBay policy automatically proclaims you to be the winner by default !
So if you are interested please tell me what is your best price for my item?And forward this email to {redacted}@gmail.com including this email.
You have oportunity to purchase my item if your offer is resonable for me !! I make this transaction only trought ebay !

Waiting for your answer!
Best regards!

How did the phishers get my email address?

DarkForest — Wed, 21 Mar 2007 14:37:20 -0800

My SO and I are receiving phishing emails on brand new email addresses. The addresses hadn't been given out to anyone when the first ones arrived. Are spammers just constructing likely email addresses and sending blindly? If not, how is this happening? We recently switched to one of the major ISPs. We didn't receive much spam on our little local ISP, though their filtering might have been better. Could our new ISP be leaking our email addresses?

Ethics: Should you hold someone unknowingly acting in the commission of a fraud responsible for your losses?

JakeWalker — Tue, 19 Sep 2006 14:19:29 -0800

Is it ethical to sue the victim of a phishing scam who agrees to take employment as someone who receives packages and ships them abroad if you have been victimized by the scam itself? Here's the (unfortunately not hypothetical) situation:

I sold a MacBook Pro at auction on eBay to someone who did a very good job of making it seem as if they were PayPal Address Verified without actually being verified. (They did this by craftily using eBay and not PayPal to provide their shipping address).

It now appears that a foreign scammer used phished paypal accounts to pay for the goods, and were shipping packages to someone they hired to forward packages to another country. In other words, a person unknowingly was receiving goods that were paid for with stolen accounts/credit cards, and forwarding them along to a foreign person. A reasonable person could have seen that this was a scam, but I believe that the person who is the victim here may not have known that it was a scam.

I think a strong case can be made that by accepting what was stolen property, that I could sue this person who accepted the package for the damages caused by accepting the stolen property and forwarding it outside of the country. But whether or not that case wuold be successful is not my question.

My question is, is it ethical for me to hold that person responsible for the damages (the over $2,000 I am out) that have been caused to me, knowing that she is the end of the chain and will be unlikely to be able to recover any damages from her supposed employer, who most likely never paid her anyway? Let's assume that she didn't know (though it could be reasonably expected that she should have known) that she was working for a scam artist, and that she did not profit from the scam in any way.

Did I just fall for a phishing attempt?

Esther Festers — Thu, 25 May 2006 02:44:04 -0800

I spotted this housing post on Craigslist, and when I clicked on the link posted inside it, it sent me straight into the inbox of my Yahoo mail account. Was this a phishing attempt? Because the Craigslist posting will inevitably be removed, the link "looked" (i.e. to the naked eye, without mousing over it) like this:
http://orangecounty.craigslist.org/roo/164188466.html

But when I held my mouse over it, I saw this:

http://mail.yahoo.com/config/login?/http://orangecounty.craigslist.org/roo/164188466.html

Unfortunately, I clicked on it without thinking. D'oh! I've deleted my Yahoo account, which I was barely using anyway.....but I'm still worried. Between the time that I clicked on it, and the time that I deleted my account, roughly 5-7 minutes passed. First I changed the password, but then my full-fledged paranoia kicked in and I went through Yahoo's procedure of making my account inactive. Could this person have seen or done anything involving my Yahoo account?

Am I in any danger after this phishing attempt?

Anonymous — Thu, 30 Mar 2006 23:36:56 -0800

I've fallen for a phishing attempt. Based on what they may have, what do I do now? I normally consider myself at least competent at noticing phishing attempts in my email and forwarding them to the appropriate abuse address (hi, PayPal scams). However, after coming home tired earlier this week, I fell prey to a scam.

The email purported to be from Chase financial. It mentioned that my account had recently been accessed from several locations (which is true, I've done that) and that there had been a wrong password entered at least once (also true). It directed me to a page that I should have immediately noticed was suspicious -- it had text entry for my first and last name, social security number, and credit card number.

I don't have a credit card through that company so I kind of paused and looked at it. I had started to enter data before my brain clicked and I thought, "Wow, this isn't right." I had my name entered along with my SSN (which was auto-populated by my browser, damn that convenience). I entered nothing in the credit card fields. I was planning on closing the browser but then absent-mindedly clicked submit first. Then I slammed my head into the desk repeatedly.

Obviously I'm kicking myself for this entire thing, so be kind on the advice. I consider this a fluke and this is the only time in my life I've done such a thing -- I shy away from entering most information online, even on secure financial sites. My question is this: how much damage can a phishing operation do with my name and SSN? I am considering putting a fraud check on my credit, but this could be more of a pain than a cure since I have plans to open up at least one line of credit in the coming months. Without any other information, and with the knowledge that these individuals will likely be preoccupied with the credit card numbers they likely harvested, am I at that much of a risk? I can only guess that they could attempt to open new accounts with my name, but
I don't believe this is possible with the little information they have.

Deliberate typos in phishing scams?

PinkStainlessTail — Tue, 13 Dec 2005 09:43:43 -0800

Why do phishing scam e-mails always seem to have at least one very obvious typo? even when one of these things is well written (like by someone who may actually be a native english speaker) there's always one, often quite a big one. For instance, the most recent message I've received has "Please note that this suspension does not relieve you of your agreed-upon obligation to !pay any fees you may owe to eBay." !pay looks like a hard mistake to make and an easy one to catch before sending, particularly when the scammer has taken the time to write a semi-plausible e-mail with a masked url, etc. Is there some scammer lore that says if there's an obvious typo, they can't arrest you or something?

Am I Unknowingly Phishing?

miss tea — Mon, 28 Nov 2005 08:27:54 -0800

I was just contacted by my company's ISP saying that our company's account is compromised by a virus as phishing emails have been sent out from here. I find this very hard to believe as we are an all-mac shop and I am fairly confident that these phishing emails generally spoof headers and such. Am I wrong? After an internet search I can't tell, although I have found lots of sites describing different phishing emails that people receive I haven't found any info about how they're sent out.

How do you get a stolen yahoo account back?

-harlequin- — Fri, 12 Aug 2005 02:43:43 -0800

How embarrassing - I actually got password spoofed and my account stolen. How can I get my Yahoo account back? Has anyone who lost a Yahoo account to a spoofer managed to get it back? How? How long did it take?
I have filled out the form here, and gave details of the (yahoo geocities) site housing the spoof, and asked that the email address change be undone, and the password reset. That was Monday. It's Friday now, and the spoof site has been deleted, and I have received a "Support Satisfaction Survey" which I suspect might mean that the case has been closed, but I don't have the account back.
What is the next step to take?

(Please don't suggest getting a new account or dropping this, the question is how to do I get the stolen account back.)

(I noticed that when I was emailed a receipt-confirmation copy of the information I submitted via the form, some extra information was attached to the form, like browser type, etc. Included in that was the fact that I was logged into the account that I was saying was stolen (Yahoo has a two-layer cookie security system, and I was still logged in when I filled out the form, even though I couldn't make changes to recover my account). I assumed this would demonstrate I wasn't trying to fraudulantly claim an account that wasn't mine, but I wonder if it was interpreted as suggesting the account was still in my control and nothing needed doing?)

Does anyone know Yahoo's policy for these cases?
I read elsewhere that a subpoena might be necessary. Does that sound right, and if so, how would I get one of those?

Can we stop the phishing?

trip and a half — Thu, 21 Jul 2005 20:34:43 -0800

MetaPhishing: I just got another phishing email "from" PayPal. My question is whether it might not be effective to go to whatever site it is and spam them with fake personal info. What if a lot of people did this? I mean, suppose we could somehow create a "meme" for doing this. It seems to (not very bright) me that we might be capable of flooding their databases with useless information. But do they have ways of filtering out this kind of thing? Is this a stupid idea?

Should I bother to FWD phishing attempts

trharlan — Mon, 06 Jun 2005 12:37:46 -0800

Someone tries to phish me every day. Until recently, I have dutifully FWDed these attempts to spoof@whatever.com. As phishing has become even more ubiquitous, it occurs to me that there's no way that the target companies can possibly wade through it all. Should I bother FWDing the attempts?

No Phishing

Saucy Intruder — Wed, 15 Dec 2004 22:47:29 -0800

I get a phishing e-mail on a daily basis. It probably accounts for 10% of my spam. The FTC and private industry groups are up in arms, but the problem keeps getting worse. Given the little old ladies who are losing their pensions by clicking on these links, why can't anyone catch these guys? What's the technological barrier?

PayPal

NorthCoastCafe — Wed, 08 Dec 2004 16:55:11 -0800

PayPal Filter: I recently started using PayPal--the first transaction was my 'donation' to MeFi. Then I sold a book on eBay and had $77.00 paid to me through PayPal. I, foolishly I guess, left the money there thinking I'd use it to buy stuff down the road. But yesterday within three minutes someone 'paid' me $660 and then paid out $723 which effectively deleted my balance save 31-cents. PayPal seems not too surprised and waffled shamelessly when I asked how this happened and if I could get my money back. It seems to me eBay could afford to make good on transactions gone wrong by their unsecured system. [I've mailed in an affidavit as they required.] I need $77 a lot more (for Christmas) than eBay does and yet IF I get my money back it's not likely to be in time to buy presents this year. Any ideas, suggestions, pointers to finding a remedy?

How do scammers know which bank I use?

shinnin — Thu, 16 Sep 2004 07:50:06 -0800

How do scammers who send email claiming to be from my bank and needing my account info know which banks I use? [More Inside] You know the email: “We are upgrading our system. Please follow this link [to facsimile of actual bank’s site] and confirm your account information to avoid having your account deleted.” I used to just get them from "Citibank" and assumed scammers were playing the odds on that one. But today I got one seeming to be from my fairly small local bank. I got the email at an old college address that the bank does not have on file--and my college is in a state where my bank does not operate. The only connection I can think of between the bank and the college is my student loan payments. The to: field has a slight variant of my address in it (usernames are initials and random numbers), so it looks like this was in fact sent to a computer generated list of possible addresses at the college (like 80% of my spam).

I followed the link this time out of curiosity and was actually redirected to my bank’s real site, which did not solicit my info and actually had a warning about spam scams. I presume my bank had already been tipped off and shut this one down. There was a phone number there to report such scams. I picked up the phone, then got confused and paranoid, then went to the bank’s site in another browser window and confirmed the number, then decided to Ask Metafilter….

Stopping Spoofing Spammers

Hackworth — Sat, 17 Jan 2004 13:00:33 -0800

Anyone care to drop some knowledge about stopping spammers from spoofing your address? [more] So, a company I do consulting work for seems to have a problem with a spammer spoofing their email address in either the "from" or the "reply to" field of their spam, as evidenced by the large amount of bounced mail they seem to be receiving. I'm pretty sure it's not a virus or trojan, as I spent a good amount of time scrubbing their computers for culprits, and have found nothing. What can you do in this situation? If we are able to track them down, could we file in small claims court?