[ NNSquad ] New phishing technique

NNSquad - Network Neutrality Squad
NNSquad Home Page
NNSquad Mailing List Information

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] New phishing technique

To: nnsquad@nnsquad.org
Subject: [ NNSquad ] New phishing technique
From: Lauren Weinstein <lauren@vortex.com>
Date: Wed, 24 Jul 2013 08:09:30 -0700

New phishing technique
http://j.mp/19i2G2n  (This message on Google+)

A new phishing technique.  Well at least one I haven't noticed before.

Email message shows up that appears to have been intended for a
reasonable support address but was mistyped to my domain (common
enough, I initially saw two this morning, one of which was legit). My
standard practice is to reply with a "wrong address, don't know what
you're talking about" sort of note so they can retry to the correct
address. So, one of the two this morning appeared to be part of an
angry support conversation between a customer and an industrial parts
firm (ostensibly signed by the president of the firm complete with
normal looking address and phone number info). It seemed to be a
situation that had spun out of control (comments from the "president"
like "if you want to rip the skin off my face with a rusty fork let me
know and I'll put you on the special list I keep of people I hate and
don't talk to like the guy from Idol and people who take up two
parking places.") I mean, unprofessional sounding, but the sort of
thing that happens when people fly off the handle. So I sent my usual
"wrong address" note. Then when I dug further down in my email, I
found a couple more that were identical, to addresses that immediately
suggested they were all fakes. But man, creative fakes!  What was the
point?  My reply would indicate my address was valid, but the address
used is very public anyway in my case. There were attachments
including what might have been a photo (or not) -- but by policy I
never open those from such messages. And there was a link to a
"support" page the "president" asked the customer to visit. Looks like
that link (which of course, I didn't touch) was the real payload,
probably leading to various evil malware. Overall, I consider these to
have been among the most creative phishes I've seen in a long time --
way above the usual idiocy. I guess that's a backhanded compliment.
Sort of ...

--Lauren--
Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren 
Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info
Founder:
 - Network Neutrality Squad: http://www.nnsquad.org 
 - PRIVACY Forum: http://www.vortex.com/privacy-info
Member: ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Google+: http://google.com/+LaurenWeinstein 
Twitter: http://twitter.com/laurenweinstein
Tel: +1 (818) 225-2800 / Skype: vortex.com
_______________________________________________
nnsquad mailing list
http://lists.nnsquad.org/mailman/listinfo/nnsquad

Prev by Date: [ NNSquad ] Cybersecurity hacking estimates exaggerated for profit
Next by Date: [ NNSquad ] As Feds Demand the Keys, Preparing for the Death of Public-Key Encryption
Previous by thread: [ NNSquad ] Cybersecurity hacking estimates exaggerated for profit
Next by thread: [ NNSquad ] As Feds Demand the Keys, Preparing for the Death of Public-Key Encryption
Index(es):
- Date
- Thread