Phishtank website

[susato]

Hi folks, especially Jim (airbusdriver) who first invited me here back in January.

May I cordially recommend http://www.phishtank.com/  a free community site for reporting, verifying, and tracking phishing email.  Now that phishing attempts have exceeded Nigerian 419 spam as the most common type of fraudulent email, the time is ripe for the 'net community to rise up and fight back.

I've been a volunteer in the spam wars for years, and have always sent phish reports to spoof@ebay.com and spoof@paypal.com - but this is much better, as it collects every kind of phishing scam from 'net users and makes the data openly available via an API and a web interface. That data is used by ISP's to flag phishing emails as malware and by anti-phishing software developers to test and tune their products.

The site info is very well written and friendly (though I can't imagine any site topping this one here for good vibes)  

[Xairbusdriver]

So, you need to start using that Mac for things other than 'Folding!' Like posting here!
I have no idea what my Folding stats are, almost all my work gets done while I sleep!

Will have to take a look at the phishtank site, although I'm a little upset that some of my Nigerian friends seem to have lost my email address...maybe if I send them some more money...

[D76]

Hey! I won $5 million, last week! So I'm typing this on my brand new solid gold keyboard with platinum keys. (I'll pay for it as soon as the cash shows up in my bank account.)

[susato]

Your folding stats are doing just fine, 37 work units and going strong.  

I can't say I miss getting emails from the Lads (and Lasses) from Lagos. Even if they stopped sending them I woudn't miss them.Still, I'm intrigued by their sob stories - each one more dramatic than the last.  Somewhere over there, in a hot airless server room, the Great Nigerian Screenplay is waiting to be written.

[Xairbusdriver]

Hey! I think I'm less 'rank' than the last time I checked! Probably because of people leaving and my being away from the house for a while!

Anyone ever hear why these 'Nigerian' scams started there and not somewhere else? Seriously. But other stories are welcome, of course.

It just boggles my mind that they would actually get money from anyone. I have assumed that they are actually a way to get verified info from people to be used in more productive "enterprises"!

[sandbox]

Thanks for the link susato, I can put the site to good use!  

[jcarter]

Wow, this is really amazing, (I always just delete them anyway) but I did save the Bank of America Phishings and forwarded them on to the bank.
I heard nothing, so just forgot, as usual.  I had forgotten to clean both of them out of my email.
But upon trying this interesting site, I clicked upon the link so that I could copy and paste it into Phishtank, it came up with big writing,,,,,"This is a fraud!"
So I guess Bank of America got onto it quickly, and somehow re-directed/intercepted it?
But tomorrow I will bookmark this site and see if I can learn how to decypher them from the headers.
Tacit had a lesson on this a while ago.
Interesting and fun.
Thanks for the link.
Jane

[krissel]

to TS, susato!  

Thanks for the link.

[susato]

QUOTE(jcarter @ Oct 17 2006, 09:05 PM) <{POST_SNAPBACK}>

... I clicked upon the link so that I could copy and paste it into Phishtank, it came up with big writing,,,,,"This is a fraud!"
So I guess Bank of America got onto it quickly, and somehow re-directed/intercepted it?
But tomorrow I will bookmark this site and see if I can learn how to decypher them from the headers.

If you use webmail, you can easily see if the site matches the address claimed for it by looking in your browser's status bar (that's the bar at the bottom of the window).  You can display it in Safari by going to the View menu and selecting "Show status bar".  Then when you mouse over the link, its address will show up in the status bar.  Just for instance:  http://www.paypal.com.  You'd think you were going to Paypal, but it takes you to ebay. You can also check it out with the links in my .sig.   The other way to see it without actually going to the site is to use "view source" which will display the html code.  (Works for email too)  It's safer than going to the site, especially if you're on a poorly protected Windows system, because sometimes the phishing site will also try to, er, "donate" a bit of malware to you.  

Be aware that sometimes the (real) site listed in the email is only a redirector or a domain pointed to another domain. Here's an example of pointing: Help Cure Cancer - if you mouse over it you'll see foldforlife.com in the status bar, but clicking on it takes you to teammacosx.com. (Foldforlife was a domain name I bought for the folding project, but never got round to developing... it's totally legit.)  Often a phisher will use a free geocities or yahoo page as a redirector. When they lose the free page, it's no big deal, because their real payoff page somewhere else is untouched.

Concerning the "This is a fraud!" message you saw - that would have been the webhosting company's response to notification of the phishing site.  A responsible host will take down the phishing site, put up a warning and of course cancel the offending user's account.  The host could have found out about it from your note forwarded by BOA, from a direct report to their abuse admin by someone else who saw the phishing mail, or by scanning their clients' webpages for suspicious content.  In any case, hats off to them for a quick and very appropriate response.

[Xairbusdriver]

QUOTE

I clicked upon the link so that I could copy and paste it into Phishtank

Jane, Jane, don't do that! Remember, that's exactly what the phisher is hoping for. You can select[ the link by clicking outside it and dragging your cursor across it. Then use command-c to copy what you've selected. If you got more than you want/need, paste it selection into TextEdit and edit it down to what you want.

But the whole exercise may be for naught, since, as susato wrote, the real link may be hidden behind what appears on screen or it may be a re-direction.

The safest way to copy a link is to look at the source of the page, whether an email or web page. An email shouldn't be too big and it will be quite easy to find any "<a href='http://...'" text(s). The part with the url is where the link will take you, first. Any decent email program should be able to display this 'source' for you.

Any decent email program will also show you the actual url of a link whether you want to copy it or not. Simply mousing over the link should make the url appear somewhere in the window dispaying the message. Eudora uses a little temporary, yellow-background box just big enough to display the url. Other apps may do it in areas above or below the message area. Learn where your app of choice does this and if it needs to be turned ON by the user. If it can't/wont' display this info, search for a better app.

But, by all means, never click on any link in any email unless you want to send information to the senders server because that's exactly what happens when you do. Even the 'warning' message you got was sent to you because the server that has that message knew you had asked for it. They probably won't use the info they now have about you, but that's one way the SPAMmers get much of what they need.

Practice safe surfing!

[jcarter]

Egads, I almost really goofed up badly, THANK YOU for the warning.

Here is one I just got a few minutes ago.
In Safari, I can mouse over and see the link below, but not in MacMail.
I cant view source in Mac Mail either, but here is the message and the long header.
http://www.picturetrunk.com/2006/10182006/04dffe35c6.jpg
http://www.picturetrunk.com/2006/10182006/3c9b79eb07.jpg
Let me know what I should or shouldnt do?  Or just plain delete them.
Perhaps check our credit card transactions too.
Jane

Just checked our credit accounts, everything is fine.
This Phishing stuff is certainly getting scary, from now on, I will click on absolutly nothing, I will just go to the regular log in pages and go from there.
Thanks,
Whew,,,,,,,,,

[Xairbusdriver]

Had to start up Mail since I haven't used it in months Might as well get ready to migrate from Eudora...

Anyway, in the older version I have ( 2.0.5 ), there is a "View->Message->Raw Source" menu item. That should show you all the text in a message.

[D76]

QUOTE(airbusdriver @ Oct 18 2006, 05:05 PM) <{POST_SNAPBACK}>

Had to start up Mail since I haven't used it in months Might as well get ready to migrate from Eudora...

Why the migration? Is it because of the Mozilla take-over thing? You can't turn off third-party html with Mail, the Help menu misinformation notwithstanding.

[jcarter]

I tried that too. I used to use Eudora, I should go back to that, I really liked it.
Thanks,
Jane

[Xairbusdriver]

QUOTE

I tried that too.

Are you saying that Mail doesn't do what that menu says it will? That seems to work in my version.

QUOTE

You can't turn off third-party html with Mail

I've gotta run, so I'll take your word on what the Help says. But there is a checkbox in the prefs ( Viewing ) that says "Display remote images in HTML messages. I assume ( I know! ) that this is the important 'switch' that should be OFF in Mail. I think Apple is highly committed to HTML mail display in Mail, so they want to let the user see it. But the only real threat of images, as I understand it, is exactly what this preference is allowing/preventing; the sending of your address back to the server so it will send the image ( without your knowing it or even seeing the image ). That 'conversation' between you and that server is where the SPAMmer can determine that your address is not only valid but that you tend to open most messages. Unchecking that box should prevent that possibility.

An image embedded directly in the message body should not cause this problem. Of course, that is sometimes risky in that all programs don't seem to be able to see them after I send them! I now include all images as attachments as well as embedding them!