I must get at least 5-6 phish e-mails a day. (And that is what is getting past my e-mail filters.) They are starting to get a bit more "creative". (Not to mention, they are starting to use spellcheckers.) I am now seeing e-mails from "admin@private" saying that they have determined that they owe me a refund of $63.83 and to click here to get it. The e-mail originates in Poland and the web link goes to a server in Japan. I don't think they have outsourced that much. This one might become a "seasonal favorite". E-bay is also popular. I am getting a number of variants. The newest is they claim to be buyers on e-bay wanting to know what happened to the merchandise they bought. (Maying you think that your e-bay account has been hacked and panic and hit the link.) The Paypal ones are getting more complex as well. One of the last ones I received was claiming that my account had been accessed from servers in a bunch of countries and included a list of times and ip addresses. The phish attempts seem to break down into a couple of categories. - Mail to get you to panic. Something has gone wrong. Click on this link to fix it. - Something has gone right. Click here to claim your money. - Mail that looks like something that you normally do day to day. (If you do lots of business on e-bay, you could get faked out by one of these.) - Someone has made a mistake that you can take advantage of. (Misrouted bank information, etc.) It is interesting to see how some of these social engineering hacks evolve over a period of time. The smart ones are learning what works. [One a side note: I am waiting for some "Engineering Society" to complain about the term "Social Engineer" because they are not "real Engineers".] _______________________________________________ Crime mailing list Crime@private http://lists.whiteknighthackers.com/mailman/listinfo/crime
This archive was generated by hypermail 2.1.3 : Sun Mar 19 2006 - 10:14:19 PST