HP3000-L Archives

July 2004, Week 4

HP3000-L@RAVEN.UTC.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: OT: Spam from list
From:
Denys Beauchemin <[log in to unmask]>
Reply To:
[log in to unmask][log in to unmask]
Date:
Wed, 28 Jul 2004 08:26:39 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (135 lines) 
I have several small customers that are without a professional IT
department.  The biggest issue confronting these small companies is the
veritable frontal assault they experience with Spam and virii.  No
matter how often I tell them not to open an email which purports to be
from MS or other legitimate companies offering a free update or virus
patch, someone invariably will.

Thankfully, most times, the virus is caught by the AV software, but the
amount of spyware installed at these places is unbelievable.  Some
computers are literally drowning in that crap and it sometimes takes
quite a bit of work to get rid of all the junk.

I have created some rules for them:
- If an email promises to update your system or protect you from virus,
it won't.
- If an email says this attachment will be fun, it won't be for you.
- If a website wants to install some neat and exciting component, you
can be sure it will not be exciting for you.  Stay away.

I have seen just about every clock, calendar, screensaver and other
doodads I ever care to see.

Oh, and just to throw fuel on the fire; I despise Zone Alarm.  :-)


Denys


-----Original Message-----
From: HP-3000 Systems Discussion [mailto:[log in to unmask]] On
Behalf Of Senn, Bruce
Sent: Wednesday, July 28, 2004 7:43 AM
To: [log in to unmask]
Subject: Re: [HP3000-L] OT: Spam from list

The scariest thing about this kind of spam is that it shouldn't take
long for spammers/phishers to learn to write.  After all this is
grammar, punctuation, and a little psychology -- not rocket science.

The recent virus distributed as a Microsoft update came pretty close to
looking "completely" official.

FWIW.

Bruce.
------------------------------------------------------------------------
----
  Bruce J. Senn                 Phone:  (518) 388-6664
  Senior System Manager FAX:    (518) 388-6458
  Union College                 E-mail:  [log in to unmask]
  Schenectady, NY 12308 WWW:  http://www1.union.edu/~sennb
------------------------------------------------------------------------
----

-----Original Message-----
From: HP-3000 Systems Discussion [mailto:[log in to unmask]] On
Behalf Of Denys Beauchemin
Sent: Tuesday, July 27, 2004 2:43 PM
To: [log in to unmask]
Subject: Re: OT: Spam from list

Speaking of Spam, I got an interesting one yesterday.

It ostensibly comes from the eBay Billing Department with the subject
line of Credit/Debit card update.

The message looks very clean, very official.

It reads as follows:


"Dear eBay customer,

During our regularly scheduled account maintenance and verification
procedures, we have detected a slight error in your billing information.

This might be due to either of the following reasons:

1. A recent change in your personal information ( i.e.change of
address).
2. Submiting invalid information during the initial sign up process.
3. An inability to accurately verify your selected option of payment due
to an internal error within our processors.

Please update and verify your information by clicking the link below:

https://arribada.ebay.com/saw-cgi/eBayISAPI.dll?PlaceCCInfo

If your account information is not updated within 48 hours then your
ability to sell or bid on eBay will become restricted.

Thank you

The eBay Billing Deptartment ."


I just copied and pasted the message, leaving the spelling mistakes as
is.  A few things started ringing alarm bells in my mind.  Notice the
spelling of "Submiting" and "Deptartment".  Also notice the way the i.e.
is set up in the first point.

Another is the whole tenor of the message, I just sounds phony.

Also the URL looks a little bizarre.  What's with the arribada thing?

But I guess the biggest clue to the fact this is fake is that I do not
have an eBay account.

Just for fun, I clicked on the link as it is to see where I would be
sent.  I can assure you it was not eBay.  Yesterday it sent me to a very
official looking eBay page on blacksnow.web.aplus.net.  There I was
asked to supply my eBay user name and password (twice,) and to give my
name and credit card number and expiration date, along with the ccvn
from the back of the card.  I was also prompted fur my back account and
transit number.

I was only too happy to fill in all that information for a Mr. John F.
Kerry of Massachusetts, figuring his wife could spare the money.  Just
kidding, I just closed the browser.

Today the page cannot be found.

I wonder how many people actually got taken.

Denys

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2