Announcement

**Qqmike** · Aug 23, 2015, 08:24 PM

I'm with you, I agree. But I believe the thinking among phisers is that it is a numbers game--like much of marketing. If they "contact" x potentials, and only y pop to a sale, where y<< x (like y ~ 0.1%x), then it can still pay off (in absolute $ amount). Ditto for telephone scams, especially among the elderly. If all consumers were like you and I, the scammers/pfishers wouldn't make even one red cent. But there's enough suckers to make the game worthwhile.

**DoYouKubuntu** · Aug 23, 2015, 08:29 PM

Originally posted by Qqmike View Post

I'm with you, I agree. But I believe the thinking among phisers is that it is a numbers game--like much of marketing. If they "contact" x potentials, and only y pop to a sale, where y<< x (like y ~ 0.1%x), then it can still pay off (in absolute $ amount).

Yeah, I guess so. But--thinking solely in terms of myself--they just piss me off!!

No way would I order something from someone who used deception to get me to their site.

Ditto for telephone scams, especially among the elderly.

Speaking of telephone scams, I've got one on my answering machine right now that I'm going to hand over to my local police department. I figure their cyber-crimes unit probably needs more work, so what the hell.

It's one of those, "this is URGENT...you MUST contact us right now to avoid [some terrible fate with the Treasury Department, I think]...blah blah blah!" Um, yeah, right.

**Qqmike** · Aug 23, 2015, 08:39 PM

It's one of those, "this is URGENT...you MUST contact us right now to avoid [some terrible fate with the Treasury Department, I think]...blah blah blah!"

I just got one like that, too, from Ontario. I've had one of those before, maybe a year ago. Last year, I reported it to some investigative dept of the US Treasury. If you google what you got, you will probably find all sorts of reports on it.

**DoYouKubuntu** · Aug 23, 2015, 09:46 PM

Originally posted by Qqmike View Post

I just got one like that, too, from Ontario. I've had one of those before, maybe a year ago. Last year, I reported it to some investigative dept of the US Treasury. If you google what you got, you will probably find all sorts of reports on it.

Are you shaking with fear...like I am?!

**Feathers McGraw** · Aug 24, 2015, 04:10 AM

Funny, I was reading about this just yesterday.

It could be a relected XSS attack aiming to steal a session cookie and take over your account for a web service, in which case it doesn't matter if you're on Windows or Linux...it always pays to be careful!

https://www.owasp.org/index.php/Cros...ting_%28XSS%29

Fascinating stuff

**otisklt** · Aug 24, 2015, 07:13 PM

Originally posted by DoYouKubuntu View Post

And from the user's point of view, as soon as they realize they've been had, they close the site and that's that.So what was the point? Why bother with all the deception?

Sadly that is not the end there... that is just the opening of the door in many cases anymore.

**DoYouKubuntu** · Aug 24, 2015, 10:48 PM

Originally posted by otisklt View Post

Sadly that is not the end there... that is just the opening of the door in many cases anymore.

No, not in the scenario I'm referring to. Yes, it's definitely just the beginning when you're talking about phishing that's done to wreak havoc on the user's computer, but not in the scenario I described. In that scenario, the user innocently follows a link disguised as something they may actually have, such as a Facebook or WhatsApp account, then ends up at some 'discount pharmacy' site. The objective is [apparently] to get the user to buy something at that site--but that's my whole point, i.e., WHO would want to do business with some scammer who deceived them in the first place?

**NickStone** · Aug 24, 2015, 11:05 PM

The definition of phishing as per Wikipedia

Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.[1][2] The word is a neologism created as a homophone of fishing due to the similarity of using fake bait in an attempt to catch a victim. Communications purporting to be from popular social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure unsuspecting victims. Phishing emails may contain links to websites that are infected with malware.[3] Phishing is typically carried out by email spoofing[4] or instant messaging,[5] and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users,[6] and exploits the poor usability of current web security technologies.[7] Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures. Many websites have now created secondary tools for applications, like maps for games, but they should be clearly marked as to who wrote them, and users should not use the same passwords anywhere on the internet.

Phishing is a continual threat that keeps growing to this day. The risk grows even larger in social media such as Facebook, Twitter, and Google+. Hackers commonly take advantage these sites to attack people using them at their workplace, homes, or in public in order to take personal and security information that can affect the user or company (if in a workplace environment). Phishing takes advantage of the trust that the user may have since the user may not be able to tell that the site being visited, or program being used, is not real; therefore, when this occurs, the hacker has the chance to gain the personal information of the targeted user, such as passwords, usernames, security codes, and credit card numbers, among other things.

What your describing DoYouKubuntu is not phishing, but simply spam.

**DoYouKubuntu** · Aug 25, 2015, 01:37 PM

Originally posted by NickStone View Post

What your describing DoYouKubuntu is not phishing, but simply spam.

I respectfully disagree. The e-mails I'm talking about PRETEND to be from Facebook, WhatsApp, or other known entities. Their links PRETEND to lead to Facebook, WhatsApp, etc., in other words the link looks like it's going to a Facebook, WhatsApp, etc., address, but actually it leads to a fake web site. So, yes, at that point the phishing part ends and it turns into spam, but it started out as phishing. (And if the clueless user actually decides to buy something at the fake pharmacy site, their credit card info will quickly be used with bad consequences, I'm sure!)

**otisklt** · Aug 27, 2015, 04:24 PM

Mixed content is one method to get past some spam filters

**oshunluvr** · Aug 28, 2015, 06:15 AM

I can't imagine why this sort of thing isn't illegal. Oh wait, I remember - Congress!

**elijathegold** · Aug 31, 2015, 03:01 PM

If you click a link in a spam email, you confirm that it is a genuine address among the many thousands randomly generated. Genuine addresses get added to a very valuable list which can be sold for quite a lot of money. They are a bit less valuable these days as computers can generate random addresses very quickly. A list of confirmed addresses still allows a higher hit rate.

Announcement

Spam that masquerades as something else: what's the point?

Spam that masquerades as something else: what's the point?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment