Author Topic: New Phishing domains (Read 2078 times)

Xairbusdriver · « **on:** February 07, 2011, 12:31:14 PM »

Or, just don't click. I just created a new rule in Mail that includes most of the domains <listed in this article>. As has been stated many times before, by the time you get to the web site, you've already supplied info that "can and will be used against you."

kimmer · « **Reply #1 on:** February 07, 2011, 12:51:11 PM »

QUOTE(Xairbusdriver @ Feb 7 2011, 10:31 AM) <{POST_SNAPBACK}>

I just created a new rule in Mail that includes most of the domains <listed in this article>.

Would you please explain about this rule? Thanks.

Xairbusdriver · « **Reply #2 on:** February 07, 2011, 02:03:28 PM »

[attachment=2114:MailScreenSnapz001.jpg]
I have not tested it, of course!

kimmer · « **Reply #3 on:** February 07, 2011, 03:22:41 PM »

Thanks! Hope neither of us have to test it.

tacit · « **Reply #4 on:** February 07, 2011, 06:10:59 PM »

Those aren't actually phish sites; they're simply ordinary garden-variety spam sites, touting a phony get-rich-quick "work from home" scheme. They're all down now.

Xairbusdriver · « **Reply #5 on:** February 08, 2011, 09:29:55 PM »

True, the sites are up and down quickly, but the domains seem to last forever, at least the first parts of the main name. Notice the numbers, usually at the end. That's why I only entered the "name" part in my filter. And maybe my definition of Phishing is incorrect, but when an email asks me to click a link for one reason but leads me to something else, I call it Phishing. And those sires seem to be the secondary reason to send the emails, anyway. Just having your address verified by your opening the message (and the included graphics—whether seen or not) seems the primary reason to create the emails. Maybe I should call these things "Catch-and-Release-but-Take-Pictures-to-Prove-You-Have-a-Victim" emails? But that's not too 'catchy,' is it...

"CaRbTPtPYHaV"

Makes a nice password phrase, I guess.

Frankly, if I hadn't read the article, I wouldn't have known about the messages. I've been much more selective about using my valuable addy's and tend to use fake ones when I'm not really interested in returning to a site that requires one.

So, I admit to being a liar!

...but am I now telling the Truth?!

Paddy · « **Reply #6 on:** February 08, 2011, 11:19:25 PM »

Jim, phishing is when you get an email purporting to be from a trusted source, asking you to follow a link that will require you to enter your login and password info or other sensitive info, into a fake site masquerading as Paypal, a bank or some other site where stealing your info will be of some benefit to the phisher. It could be to steal money/credit card numbers or hijack your email (Yahoo, Gmail etc.) in order to send out viruses etc. that will in turn hijack your (Windows) computer or who knows what else. Phishing is not enticing someone to simply follow a link. If that was the case, virtually ALL spam would be "phishing"!

From Wikipedia

QUOTE

In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail or instant messaging,[1] and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to fool users,[2] and exploits the poor usability of current web security technologies.

Tacit is correct - these are just run-of-the-mill spam - although it's certainly possible that the sites in question were infested with malware (again - Windows only) although that isn't something that is mentioned in the blog post you linked to and now that all the sites are down, it's impossible to see what exactly they were doing. I don't think the person writing that blog post really knew what he/she was talking about, frankly. News sites don't generally require any input of sensitive info - so even a fake one isn't phishing. I meant to say something about it at the time, but never got around to checking the actual sites.

Xairbusdriver · « **Reply #7 on:** February 09, 2011, 05:08:11 PM »

I still consider all SPAM "Fishing," no matter how it's spelled. And, even if all they get is your confirmed address because you open the message.

Others may have their own definitions, but I never let things like that (or even "facts") get in the way of my own opinions!

Paddy · « **Reply #8 on:** February 09, 2011, 06:44:00 PM »

For those concerned about spam in general (particularly the bit about confirming your email address as Jim mentions) a re-reading of this Apple KB article might be good:

http://support.apple.com/kb/TA21166

I do have HTML email turned on, but I delete the rare bits of spam I get in the preview pane most of the time.

krissel · « **Reply #9 on:** February 09, 2011, 11:54:46 PM »

Just to clarify, having the preview pane open won't save you from being identified by spammers if you have html on. But if you delete the message before you open it as listed by title in the main inbox, then they won't know you are "real".

Paddy · « **Reply #10 on:** February 10, 2011, 12:57:18 PM »

Er, yes...that is what I meant (figured people would read the Apple article...which explains it)

News:

Author Topic: New Phishing domains (Read 2078 times)