Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Online Scammers Go Spear-Phishing

Zonk posted more than 8 years ago | from the fishing-with-a-'ph' dept.

Privacy 144

Ant wrote to mention an examination at C|NET looking into the increasingly more effective techniques employed by phishers. From the article: "More recently, however, a hybrid form of phishing, dubbed "spear-phishing," has emerged and raised alarms among the digital world's watchdogs. Spear-phishing is a distilled and potentially more potent version of phishing. That's because those behind the schemes bait their hooks for specific victims instead of casting a broad, ill-defined net across cyberspace hoping to catch throngs of unknown victims."

cancel ×

144 comments

Sorry! There are no comments related to the filter you selected.

This is weird. (4, Insightful)

meringuoid (568297) | more than 8 years ago | (#14183793)

According to records of the Israeli investigation, Wieseltier told authorities that she received a Trojan-infested e-mail message bearing the address of gur_r@zahav.net.il, which she believed came from a friend.

But her friend's e-mail was actually gur-r@zahav.net.il. As Israeli investigators traced the origin of the bogus account they discovered that the person who had opened it lived in London and had charged the cost of the account to his American Express card.

Are we to believe that these super-phishers don't know how to spoof a From: header?

the path! Re:This is weird. (5, Interesting)

leuk_he (194174) | more than 8 years ago | (#14183832)

als form the article:

Some computer security specialists suggest at least one basic approach that might allow e-mail recipients to learn right away that a communique appearing to come from a company like Amazon.com actually originated somewhere in the Ukraine, Romania, Bulgaria, Poland, Russia or any of the other places that law enforcement officials say are hot spots for phishing scams. "It strikes me that this is just a failure of most e-mail systems to reveal the history of an e-mail," said Whitfield Diffie, a pioneer in computer cryptography who is the chief security officer of Sun Microsystems. "You could post a warning flag indicating that the 'from' address doesn't seem consistent with the path history."

I have yet too see an applcation that does (only) this. And "8 out of 10 collegues here (in the IT) don't have a clue what a "path" in a e-mail is.

Anyway the gist of the article was in the start that some phisher used a fake-emial address where the from was NOT faked, but contained a small alteration that does not show at first. Since no anti-spam/anti-phissher can protect against that ou leave the people who run the most up to date anti-spam will beleive the mail is trusted. Even the journalist has problems to explain that a technical solution is not the final solution.

by the way: you americans do not have to worry so much since you seem to care so much for privacy.

Re:the path! Re:This is weird. (1)

darkmeridian (119044) | more than 8 years ago | (#14184104)

I am not sure what GMail is doing exactly, but it does give a warning at times that a particular e-mail may not be from the claimed sender. Is this a path check or merely spam-filtering based on content?

Re:the path! Re:This is weird. (3, Interesting)

Red Alastor (742410) | more than 8 years ago | (#14184268)

In the interest of science, I tried to forge the from field into mails I sent myself to my Gmail address. The first one was sent using Gmail smtp server and they changed it back to my real one.

The second one was sent from my ISPs smtp server and pretended to be from admin@gmail.com, I got a bright red :

"Warning: This message may not be from whom it claims to be. Beware of following any links in it or of providing the sender with any personal information."

The third pretended to from Bill Gates himself (billg@microsoft.com) and didn't raise any flag.

Re:the path! Re:This is weird. (4, Insightful)

Technician (215283) | more than 8 years ago | (#14184370)

I have yet too see an applcation that does (only) this. And "8 out of 10 collegues here (in the IT) don't have a clue what a "path" in a e-mail is.

And if I was phishing, there are ways to get completely valid headers. For example, I live in the US. From here it is a simple task to send you a valid e-mail from the Cayman Islands. I have an account in the Cayman Islands. Using the Webmail interface, I can send an e-mail from there. If I scam someone in England for example and got the password for one of their e-mail accounts, I could scam someone in England by using the ISP Webmail interface and send a perfectly valid e-mail from the US that originated in England. By signing up for an account in England, using a bogus credit card, I could use VOIP and dial into the ISP in England from England (local number) and send a scam that way. Think outside the box. A local call doesn't have to be local anymore.

Some Nigerian scammers are using Canadian, Australian, and UK VOIP phones so they don't look like Nigerian scammers until you are hooked and find out where to send the Western Union money. I'm in England and not a Nigerian scammer.

Re:the path! Re:This is weird. (1)

Technician (215283) | more than 8 years ago | (#14184728)

I just checked my e-mail and this is just in...

                                Information Regarding Your account:

                    Dear PayPal Member!

                        Attention! Your PayPal account has been violated!

                        Someone with ip address 140.201.76.1 tried to access your personal account!

Please click the link below and enter your account information to confirm that you are not currently away. You have 3 days to confirm account information or your account will be locked.

                                                                Click here to activate your account


The best part is.. I don't have a pay pal account. This scam is so old news. Does anybody still fall for it?

Re:the path! Re:This is weird. (0)

Anonymous Coward | more than 8 years ago | (#14184836)

I'm in England and not a Nigerian scammer.

Yeahh, i trust you since i am a blonde russian 18 year old girl that wants to get married to you ;). please send me mony now.

Re:This is weird. (0)

Anonymous Coward | more than 8 years ago | (#14184047)

Perhaps the phisher did this so that a reply to the email wouldn't reveal the scam.

Re:This is weird. (1)

Zleeper (189901) | more than 8 years ago | (#14184073)

Except when it got bounced back by the email admin because the domain did not have that account recognized. You can't just put a user name in front of a domain and expect the admin to let it through. DUH!

Its the viruses you don't know about... (2, Interesting)

MichaelSmith (789609) | more than 8 years ago | (#14183802)

...which you should worry about. Viruses which create havoc and draw attention to themselves should be less of a concern.

If software has been created for a specific attack, then standard virus scanners will never pick up its signature.

Re:Its the viruses you don't know about... (1, Funny)

Anonymous Coward | more than 8 years ago | (#14183846)

How on Earth do you worry about something you don't know about? Wouldn't this consume all of your time?

Re:Its the viruses you don't know about... (1)

maxwell demon (590494) | more than 8 years ago | (#14183993)

Didn't you get the message [bind.org] ?

bullshit article (5, Insightful)

eobanb (823187) | more than 8 years ago | (#14183811)

I particularly love this part:

Jackont took his computer to the Israeli police last fall and was told to reformat it. But his problems persisted. So the police examined his computer more closely and discovered that a malicious program known as a Trojan horse lay hidden deep inside and had hijacked the machine from a remote location.

So he reformatted his drive but the virus was still there? What?

I'm sorry, but does it really take much effort to get the facts right? EVERYONE seems to get it wrong: CNN, MSNBC, the NY Times, CNET. Somehow, the writers chosen to pump out articles like this either don't really understand technology or just pick subjects of which they don't really know anything.

Re:bullshit article (2, Insightful)

Renraku (518261) | more than 8 years ago | (#14183834)

Its entirely possible to reformat and still have a virus. What about MBR viruses and memory-resident ones?

WTF? (1, Informative)

Anonymous Coward | more than 8 years ago | (#14183876)

When you install the OS, the MBR is overwritten.
Memory resident ones? If he reformatted then he reinstalled the OS and if he reinstalled he rebooted and if he rebooted.... you figure it out.

GP is correct, the story makes no sense.

Re:WTF? (1)

Andrewkov (140579) | more than 8 years ago | (#14184044)

Maybe he had a cracked application that was infected, and re-installed it after wiping the machine, thereby reinfecting himself.

Re:bullshit article (1)

Faluzeer (583626) | more than 8 years ago | (#14183885)

True enough, though I suspect it is just as likely that the person did format it, then reloaded the OS from the original media and either did not patch or got infected whilst online and trying to patch...

Re:bullshit article (2, Insightful)

KiloByte (825081) | more than 8 years ago | (#14183969)

Or, more likely, the person who did "reformat" it just reinstalled the OS without actually formatting anything. Most of people who work in tech support don't know the difference.

Re:bullshit article (4, Informative)

Sir Runcible Spoon (143210) | more than 8 years ago | (#14183860)

There is more than one way to format a disk. If you do it with FDISK and don't provide the /MBR option it does not recreate the master boot record. If your virus is hiding there it will survive.

Re:bullshit article (1)

ajs318 (655362) | more than 8 years ago | (#14183945)

Running lilo, as you do from within the installation chroot just before you boot into your new kernel, does overwrite the master boot record.

GUI installers still do all this behind the scenes, they just hide it from you. I am guessing Windows must do something similar with its own bootstrap loader.

Re:bullshit article (2, Insightful)

oolon (43347) | more than 8 years ago | (#14183979)

No i does NOT! It infact installs it where the "boot" line in your lilo.conf tells it too. Yes alot of distro default to this behavior but they don't HAVE to. For example from my lilo.conf

boot=/dev/ide/host0/bus0/target0/lun0/part2

Why don't I install it on my MBR? because when you install windows it wipes the MBR, creates a boot block on its partition and changes the active partion. So if I don't use the MBR all I have to do to get lilo back is to change my active partition back to partition 2, which is much less hassle then having to boot a rescue disk etc.

James

Re:bullshit article (5, Interesting)

Motherfucking Shit (636021) | more than 8 years ago | (#14183900)

EVERYONE seems to get it wrong: CNN, MSNBC, the NY Times, CNET. Somehow, the writers chosen to pump out articles like this either don't really understand technology or just pick subjects of which they don't really know anything.
And unfortunately, it's not all that unusual. After reading the article, I'm not so sure that "phishing" played a part at all, and I'm disappointed that C|Net is playing the media-hype-buzzword game beyond what could reasonably be expected. I figure that [MS]NBC, CNN, and the other networks will get this sort of thing wrong, but C|Net is fairly reputable when it comes to tech reporting.

FTA,
Last spring, staff, faculty and students at the University of Kentucky opened e-mail messages purporting to be from the university's credit union and requesting confidential information to access their accounts (something no financial institution in the country ever seeks via e-mail).
That isn't "spear phishing," and sure as hell doesn't warrant the coining of a new term. It might be considered normal "phishing," if only the author had a clue. Just because a "phish" is targeted at a particular group doesn't make it any more special than the everyday eBay "phish" spammed at random to ten million email addresses. This whole "spear phishing" thing is a contrived buzzword like "spim" (or "Cyber Monday [slashdot.org] "). Spam over IM is still spam, it doesn't need a new term. Phishing for particular targets is still phishing - I even hate that term, really - and doesn't need a new cyberbuzzword.

Free clue-by-four: the term "phishing" gained popularity on AOL some 6 or 8 years ago, and described the practice of attempting to solicit passwords from unsuspecting users. No matter how simplistic or elaborate the scheme, and regardless of whether normal users or employees were targeted in a blanket or with a direct ploy, it was always "phishing" (or ><> 'ing). Back then, the media hadn't yet caught on to the idea. Now that they've caught up, they want to call anything and everything "phishing."

From TFA,
About two weeks ago, a more traditional phishing scam infected about 30,000 individual computers worldwide, according to CipherTrust, a computer security firm.
Are you kidding me? How does a "phishing scam" "infect" computers? "Phishing" is asking for information; it's impossible for a "phish" to infect anything.

I've really lost some respect for C|Net on this one.

Re:bullshit article (4, Insightful)

Stiletto (12066) | more than 8 years ago | (#14184168)


How about we just drop all the silly cyber-words and start calling it what it is: Fraud.

Re:bullshit article (1)

RollingThunder (88952) | more than 8 years ago | (#14184382)

Ah, but what kind of fraud is it? Phishing describes a very specific type, even if the media outlets are starting to make the two equivalent.

Re:bullshit article (4, Insightful)

Woldry (928749) | more than 8 years ago | (#14184386)

Nah, let's get even less specific and just call it "crime." Or wait! How about maybe just "bad"? While we're at it, let's stop all this silly talk of Fords and Saturns and SUVs and just call 'em all "cars". And we can definitely do without all of the ridiculous kitchen words like "fry" and "roast" and "microwave" and "steam" and "simmer" and just call it what it is: Cooking.

"All the silly cyber-words" are useful means of distinguishing nuances of meaning -- identifying specific methods of fraud, for instance. "Phishing" refers to a specific method of fraud, and as such adds precision and power to the language. The coining of the new term -- "spear phishing" -- makes it clear that this is a special type of the more general method of phishing, and even provides a pretty clear image to identify the particular type. Identifying this particular subtype also is the first step toward arming people against it -- which may require slightly different methods of self-defense than arming people against more general phishing, or mail fraud, or flimflam scams at the bank, or car-in-distress fraud, or white collar crime, or "blind" panhandlers who can see perfectly well, or any of the other myriad varieties of fraud that exist out there. Lumping them all together with a single word is sometimes useful, but "just dropping" all the language that draws useful distinctions between them is what is "silly".

Re:bullshit article (2, Funny)

Pollardito (781263) | more than 8 years ago | (#14184504)

How about we just drop all the silly cyber-words and start calling it what it is: Fraud.
i prefer the term "Unsmurfy"

Re:bullshit article (0)

Anonymous Coward | more than 8 years ago | (#14183910)

The Israeli police does free tech support?

Re:bullshit article (1)

oolon (43347) | more than 8 years ago | (#14183926)

lso if his email was on a server so stored externally to his computer he might have redownloaded the virus. However (from reading the article) the X was envolved so could have just got access to the machine and put it back on again or even just posted another infected email to the victim.

Personally i thought it was rather sophisicated and could see how many people could fall for it. Particularly the reposting with payload, people who only check there email one a day or less could very easily fall victim to the second email trick.

It is a shame the orginal poster forgets even though people do reformat their machines they oftain try to save there work from it first as it is unacceptable for most people to just start with a "blank" machine. It is Documents and emails that are preserved between formats and this is perfect place for and unknown trojans to hide.

I do not think the article was bullshit, I however do think the orginal poster represents the normal tech arogance of

A) Expecting users not to be able to carry out instructions or not to be able to get someone to do it for them!
B) Assuming because something went wrong again it must be the users fault for not doing what they were told (See A)
C) Assuming after they know what the problem is that they naturally would have been able to fix it and never to have suffered the problem in the first place because it was just due to stupidity.
X) This was not fighting a computer anyway, it was fighting a person (the X) and anyone who has had one will know that is alot harder.

James

Re:bullshit article (1)

geo_2677 (593590) | more than 8 years ago | (#14184001)

Poorly written indeed.
What I think the author tried to mean was after the drive was formatted, Jackson installed his so called trusted softwares and found that the virus was again on it.
The author needs to get his basic lessons in computers

Second Hard Drive (1)

RandoX (828285) | more than 8 years ago | (#14184023)

It's possible that the user had an infected secondary hard drive.

Re:bullshit article (2)

samureiser (903923) | more than 8 years ago | (#14184792)

In the writer's defense, it only states that the Israeli police told him to reformat his drive and then problems persisted. It never explicitly stated that he actually did format his hard drive. As a tech support monkey, I've had many users simply listen to my advice/instructions and then ignore it.

Of course, the writer was probably not technically knowledgable to pick up on this little omission or its significance.

Format the disk (3, Insightful)

jurt1235 (834677) | more than 8 years ago | (#14183816)

Jackont took his computer to the Israeli police last fall and was told to reformat it. But his problems persisted.

So either he did not format it, or after formatting it, he did not properly protect it and got infected again.

Poor (usually Microsoft Windows) users who also have to be administrators. The key problem is just that current OSes are not for people without CS knowledge to use. They need appliances which are protected, on which they can not install more software and which are protected by a mixed contract of anti-virus anti-spyware and system update vendors.
As long as users have to administrate their system, whatever system, these kind of problems will continu to exist.

Re:Format the disk (1)

maxwell demon (590494) | more than 8 years ago | (#14184012)

So either he did not format it, or after formatting it, he did not properly protect it and got infected again.

Another possible scenario: After he had formatted the disk, he restored a backup which already contained the infection.

Re:Format the disk (1)

jurt1235 (834677) | more than 8 years ago | (#14184163)

Darn it, I missed that one. Probably because of my own bad habit of making little backups.....

Re:Format the disk (1, Insightful)

Anonymous Coward | more than 8 years ago | (#14184642)

But... but... but what if the spear-phishing email stored itself in the video memory, then it restored itself upon the reinstallation of the operating system!

Not news (2, Interesting)

ajs318 (655362) | more than 8 years ago | (#14183819)

People run an operating system known to be vulnerable to Trojan Horse infections. They haven't had the source code independently audited and verified. They believe the headers in e-mail messages. And then they get infected by a Trojan horse.

The only surprise is it's taken this long for it to get noticed.

As long as people have had weaknesses, there have been other people out there seeking to exploit those weaknesses. That's just human nature; and if you fail to account for it, you might just as well have failed to account for gravity. The moment you put someone in front of a computer, they panic and lose all semblance of common sense. That also is human nature.

I believe Microsoft are complicit in all this, because it was Microsoft's deliberate design decision that the users of those computers did not have to give consent for a process to run as root. But whoever picked Microsoft must share some of the blame, since they basically decided that the integrity of their computer systems was less important than a pretty user interface.

Re:Not news (1)

jrockway (229604) | more than 8 years ago | (#14183851)

> Anyone who uses ^ when they mean ** is obviously a BASIC programmer.

Or a TeX user.

Re:Not news (1)

ajs318 (655362) | more than 8 years ago | (#14183894)

In TeX, the up-arrow indicates a superscript {as in ax^2+bx+c}; I'll give you half a point on that one. However, in languages which support bitwise operations {some people do still use them}, 7 ^ 2 means 5 and not 49.

Re:Not news (3, Insightful)

antifoidulus (807088) | more than 8 years ago | (#14183963)

Hate to burst your bubble here, but it's incredibly EASY to create a trojan horse in Linux. All you have to do is convince the user to run the program, and if they do that, no matter what the OS, the program the user runs has all the same privlidges as the user. Meaning if I want to covertly send all the user's files to an offsite location, I can because the user has read access to all those files. Sure I can't delete the whole hard drive, but seriously, what is the point in doing that? Even if you do delete the whole drive, outside of the home directories, who cares? Seriously, the kernel files are easily replaceable, the home directory files much less so....In conclusion, that was a pointless, completely wrong post by an open source fanboy, ie something that is incredibly common here...

*Note:I did not say that open source OSs do not have any security advantages, they usually do. However, the parent decided to mention trojan horses which are the easiest of all malware to write and probably the hardest to protect against.

Re:Not news (2, Insightful)

ajs318 (655362) | more than 8 years ago | (#14184078)

You're forgetting the rather obvious.

If somebody is bothered enough to be running GNU/Linux or a BSD variant, they probably are already smarter than to go running unknown programs without at least checking what they do. Of course, there are plenty of Windows users who know that already. But they aren't the ones you hear about.

Windows has made it possible for computer users to be ignorant and proud of it, and ignorant people have created all manner of problems for them and the rest of us. A computer is not a single-purpose appliance like a washing machine or a hoover. It is a highly general-purpose device; and that very generality of purpose is a double-edged sword which cuts both ways.

Re:Not news (1, Insightful)

Anonymous Coward | more than 8 years ago | (#14184106)

If you can see this, it means that the installation of the Apache web server [apache.org] software on this system was successful. You may now add content to this directory and replace this page.

Seeing this instead of the website you expected?

This page is here because the site administrator has changed the configuration of this web server. Please contact the person responsible for maintaining this server with questions. The Apache Software Foundation, which wrote the web server software this site administrator is using, has nothing to do with maintaining this site and cannot help resolve configuration issues.

The Apache documentation [slashdot.org] has been included with this distribution.

You are free to use the image below on an Apache-powered web server. Thanks for using Apache!

Re:Not news (0)

Anonymous Coward | more than 8 years ago | (#14184141)

195.137.81.174

Re:Not news (0)

Anonymous Coward | more than 8 years ago | (#14184153)

it's like magic!

Re:Not news (1)

Woldry (928749) | more than 8 years ago | (#14184419)

that very generality of purpose is a double-edged sword which cuts both ways.

As opposed to a double-edged sword that cuts only one way?

:-)

Re:Not news (4, Insightful)

Technician (215283) | more than 8 years ago | (#14184427)

All you have to do is convince the user to run the program, and if they do that, no matter what the OS, the program the user runs has all the same privlidges as the user.

This is a little harder to do. In windows all you have to do is convince the user to look at these pictures of my naked wife wife.gif.pif (the .pif does not show)

In linux you have to convince the user to save the attachment, change it's attributes to include execute and explain why the file must be executed instead of viewed.

Convincing the user is much harder in Linux. Microsoft has blurred the line between executing a program and viewing a file. Linux still makes it harder to trick a user into running a program.

Re:Not news (1)

Greyfox (87712) | more than 8 years ago | (#14184457)

Yeah, back in the late 80's, my university's mainframe would always go down around Christmas because none of the freshmen knew not to run that christmas card program that showed up in their email inboxes. The program would then merrily redistribute itself to everyone in their mailboxes, and most of those people would run it too. Fun stuff!

You could probably mitigate the danger by running your browser and mail client chrooted or as another user. Or both. And possibly have them drop any unecessary regular-user privs. Currently that'd all have to be set up manually, so no end user will do it, but I could see some security minded distribution adding that sort of capability in the future.

Is this really phishing? (2, Insightful)

Zog The Undeniable (632031) | more than 8 years ago | (#14183820)

Looks like good old-fashioned social engineering to me, probably kicking off with some even more old-fashioned dumpster-diving to get the names and addresses of the target's friends and acquaintances.

duh !!!! (1)

earthstar (748263) | more than 8 years ago | (#14183822)

Spear-phishing, say security specialists, is much harder to detect than phishing. Bogus e-mail messages and Web sites not only look like near perfect replicas of communiqués from e-commerce companies like eBay or its PayPal service, banks or even a victim's employer, but are also targeted at people known to have an established relationship with the sender being mimicked.
Its just phishing.Yea ,it carries names of people whom you know.but they have always been around!What is so new here?

Re:duh !!!! (1)

ajs318 (655362) | more than 8 years ago | (#14183930)

What is new about it is that the security companies have a new product to hawk. Windows already requires firewall, anti-virus and anti-spam software to be usable; anti-phishing software is a new market. There are other operating systems, with privilege separation designed in from the ground up, which only run necessary services; won't execute arbitrary code without a user's say-so and definitely not in privileged mode; and allow for mail filtering at several levels, privileged and non-privileged. With some of them, you can even conduct your own independent audit of the source code {or pay somebody you really trust to do it for you} so you need not take anyone's word for it how secure your system is or is not.

However, people don't actually want their computer systems to be secure. Security is boring and having a secure system is evidence that you have been thinking about things. They just want the latest versions of Windows and Office and hacks to play pirated games, and if this computer breaks they'll just throw it away and buy another one. Thinking about things like security, stability and integrity is evidence that you have goals beyond immediate gratification and are therefore a bore who sits in a rocking chair wearing a knitted cardigan.

Re:duh !!!! (0)

Anonymous Coward | more than 8 years ago | (#14184742)

I wear a knitted cardigan you insensitive clod!

Re:duh !!!! (1)

BenjyD (316700) | more than 8 years ago | (#14184042)

I find it incredible that people fall for these things. I've heard otherwise perfectly sensible people saying "the online scammers are so clever, the email looked exactly like the real thing". Of course it does, it's called copy-and-paste, something a ten-year old could do.

yeah rite (-1, Troll)

Anonymous Coward | more than 8 years ago | (#14183849)

this is about as real as 'toothing'.

i go spear fishing for beaver tho

C Food (5, Funny)

mysticwhiskey (569750) | more than 8 years ago | (#14183852)

From the beginning, life in the C was perilous. Once in the 'net, our shells were vulnerable. They tried to bait us with spam & worms, and while most found those tasteless, some were hooked.

Explicitly casting further with new lures, the phishers trolled, hoping for more bytes on the (on)line. The emails of the species were particularly at risk, as their outlook was not so good to begin with.

Some sought harbour in the eBay, hoping their bet paid off. Last I heard, the feedback was good.

Maybe our only hope is growing legs and migrating to the LAN.

Re:C Food (2, Funny)

MollyB (162595) | more than 8 years ago | (#14184015)

Does that make us all Bourne-again Crustaceans?

The problem isn't Windows (4, Insightful)

wk633 (442820) | more than 8 years ago | (#14183853)

Phishing isn't a technology problem. If your computer has a virus, the bad guys can get your critical data without tricking it out of you. Phishing will always exist due to human nature.

Case in point: http://www.schneier.com/cgi-bin/mt/mt-tb.cgi/474/ [schneier.com]

in which a bank manager was convinced to leave 5 million under the door to a bathroom stall in a bar in Paris.

Re:The problem isn't Windows (3, Insightful)

Anonymous Coward | more than 8 years ago | (#14184282)

The link about the bank fraud doesn't work. Here's the correct link:

http://www.timesonline.co.uk/article/0,,13509-1814 531,00.html [timesonline.co.uk]

Wow Mods, pay attention at all? (2, Informative)

OverlordQ (264228) | more than 8 years ago | (#14184579)

A) Not only does your link not work
B) The man only left 358,000 Euros, not 5 million.

The man, described by detectives as the greatest conman they had encountered, convinced one bank manager to leave him 358,000 in the lavatories of a Parisian bar.

FROM GOVERNMENT SOFTWARE FOUNDATION OF NIGERIA (4, Funny)

n0dalus (807994) | more than 8 years ago | (#14183855)

DO NOT WORRY, my GOOD FRIEND.

PHISHING claims many LIVES, but YOU TOO can be SAFE when you use our SECURE SOFTWARE to protect your family from PHISHING. BUT alas, my COMPANY lacks FUNDS to share this SECURE SOFTWARE with GOOD PEOPLE like you. THIS TRAGIC moment for our company can only be FIXED by your kind SERVICES. PLEASE transfer ONE THOUSAND DOLLARS to me at the GOVERNMENT SOFTWARE FOUNDATION OF NIGERIA so we can all SHARE this SECURE SOFTWARE.

ATTACHED is a special TRIAL of this very SECURE SOFTWARE, just for YOU. DO NOT HESITATE to protect yourself from the deadly THREAT of PHISHING.

Re:FROM GOVERNMENT SOFTWARE FOUNDATION OF NIGERIA (1)

halleluja (715870) | more than 8 years ago | (#14183994)

Go find your own scam, Mr. Nigerian Ambassador.

Re:FROM GOVERNMENT SOFTWARE FOUNDATION OF NIGERIA (2, Funny)

Maradine (194191) | more than 8 years ago | (#14184607)

Wait a minute, you're using definite articles, prepositions, and proper plurality! You're not from Nigeria!

Scam! Scam!!

That does it. (5, Funny)

sticks_us (150624) | more than 8 years ago | (#14183861)

I'm calling the "Metaphor and Analogy" police, if there is such a thing.

Why is it that EVERYTHING involving computers and the internets ends up becoming some cutesy-cutesy thing?

What's next?

Employee 1: "You hear about Bob?"

Employee 2: "Yeah, I hear he got spear-phished this weekend. I guess they gutted and scaled him, and supposedly they're going to pan-phry him."

Employee 1: "Well, it beats being served in a tuna salad!"

Employee 2: "What the hell, exactly, are we talking about?"

Re:That does it. (1)

dajak (662256) | more than 8 years ago | (#14184290)

I'm calling the "Metaphor and Analogy" police, if there is such a thing.

Why is it that EVERYTHING involving computers and the internets ends up becoming some cutesy-cutesy thing?

What's next?


Spear-spamming?

Re:That does it. (1)

tim_abell (707856) | more than 8 years ago | (#14184364)

Well, sponge bob is an obvious target for phishing really, given that he lives in the sea.

What's next? (1)

Ugly American (885937) | more than 8 years ago | (#14184394)

I predict dynamite phishing.

In other news... (1)

penguinoid (724646) | more than 8 years ago | (#14183862)

Technology is advancing on all sectors.

Or does it? Jackont took his computer to the Israeli police last fall and was told to reformat it. But his problems persisted. So the police examined his computer more closely and discovered that a malicious program known as a Trojan horse lay hidden deep inside and had hijacked the machine from a remote location. Trojan horse? That's sooo 1000 BC. Was this trojan hiding in his BIOS or is this guy incompetent?

The only new thing is this "spear-phishing" is a specialized group of phishers concentrating on specific targets, using usual techniques but more effectively. Hmm, I just *might* use a CD from a friend. I suppose I should point out that Linux is perfectly vulnerable to trojans (sure they won't run as root, but they can do nasty enough stuff as you)

Re:In other news... (0)

Anonymous Coward | more than 8 years ago | (#14184214)

How could one possibly be so incompetent?


Well, for a starter, the standard way to reformat a Wondows machine, in my experience, doesn't wipe the hard disk, or even the partition. It only removes the top-level directory and lets the rest wait around in empty space.


Second, from long-ago, partly forgotten experience trying to restore the C: partition containing a Windows XP system fron a tar archice (made and restored using Linux) I suspect that XP has some part of the bootstrap code somewhere outside any file, and outside the MBR. So a so-called quick format could very well fail to touch this. Does anyone know whether there are corners of the system that escape an unquick format?

Drama queen (5, Funny)

bumptehjambox (886036) | more than 8 years ago | (#14183888)

Sorry for the 'spoiler,' but what a grand finale at the end of the article.

People don't like it when I say this, but it's like being raped. It's like my underwear was spread all over the streets. It was a severe breach of privacy.

I'd like to be the cop that treats this like they do when they try to tell young girl rape victims its their fault...
Well, look at ya! is that all you put on as a browser?!
Yea, this is just what I usually put on, Internet Explorer.
Well there ya go... You're going out on the internet putting on nothing but a skimpy browser, making all sorts of purchases, without any sort of protection? No wonder you're gettin yourself raped!

Re:Drama queen (0)

Anonymous Coward | more than 8 years ago | (#14184640)

Sorry for the 'spoiler,' but what a grand finale at the end of the article. People don't like it when I say this, but it's like being raped. It's like my underwear was spread all over the streets. It was a severe breach of privacy. I'd like to be the cop that treats this like they do when they try to tell young girl rape victims its their fault... Well, look at ya! is that all you put on as a browser?! Yea, this is just what I usually put on, Internet Explorer. Well there ya go... You're going out on the internet putting on nothing but a skimpy browser, making all sorts of purchases, without any sort of protection? No wonder you're gettin yourself raped!
wtf?!

what's the relationship btw phishing scam (no software involved) and IE?

but the enraging thing about this post is: using IE, you WILL make your self vulnerable to 'software' attacks... so if a girl is raped, that really is her fault?!

it is now clear that geeks should NOT make social/political remarks. Stay in your apolitical closet please-

Better habits.... (3, Insightful)

Chaffar (670874) | more than 8 years ago | (#14183891)

Wieseltier told authorities that she received a Trojan-infested e-mail message bearing the address of gur_r@zahav.net.il, which she believed came from a friend.[...]But her friend's e-mail was actually gur-r@zahav.net

See why whitelisting your contacts is important ? The problem is that people want to use they computer the way they use their washing machine. They think that just because they have "auto-update on" for Windows and Norton, then they're safe. Unfortunately, they're not. If they use emails irresponsibly, they will get spammed/phished/worse. There is no miracle cure, but good internet "security" habits can help a lot. No amount of software can replace good habits and experience.

However, I feel that this is a battle that is already lost. How can I convince strangers to pick up good habits if I can't even convince my sister and father? All they care about is having a functional computer to send their emails and type their .docs whenever they need to do so. Any downtime is unacceptable, yet they refuse to acknowledge the fact that any downtime is usually their fault. PCs have become the 'automobiles' of the 21st century:" I don't care how it works, as long as it gets me to where I want to be."

Bah, maybe I'm wrong. Maybe I have too much free time, others don't have the luxury to care about these things. Still I'm the one who ends up fixing the PC/ taking the car to the mechanic....

Re:Better habits.... (1)

L-s-L69 (700599) | more than 8 years ago | (#14183987)

The 'automobiles' and PC's analogy just doesnt stand up. To use a car I have to demonstrate I can handle it and most things that im likley to come accross when using it. In the UK at least drivers have to be proficient in the theory and practise of driving, but any idiot can own a PC. I like to think of PC infection etc like getting pregnant. Yes accidents might happen but most people are bright enough to stop it. If someone does get knocked up (phished or virus infected) then the only deserve help and sympathy if they had taken sufficient steps to prevent it.

Re:Better habits.... (0)

Anonymous Coward | more than 8 years ago | (#14184414)

It does stand up. Maybe in the UK you have to be knowledgable to drive a car, but in America any idiot can drive a car with the most minimal training.

Re:Better habits.... (1)

Woldry (928749) | more than 8 years ago | (#14184513)

All this idiot (i.e., myself) needed to drive a car in the UK about ten years ago was my Pennsylvania driver's license. And trust me, I would have done better with some "minimal training" in the rules of the road in Britain. The friend with whom I was traveling had to keep reminding me every time we turned onto a new road, "Left! Stay on the left!"

Now americans get to experience what arabs feel! (-1, Flamebait)

Anonymous Coward | more than 8 years ago | (#14183892)

What is so new about this story? It is well known that most of spammers, scammers, phishers and on-line criminals in general are jews, especially ethnic russian jews. No other race is so much bent on money and wealth. They will trick you front and rear.

software patents on SPAM (0)

Anonymous Coward | more than 8 years ago | (#14183902)

Can't some of you come up with some software patents on SPAM, spam techniques, etc. Can someone publish some spam code under GPL? We could then use the MPAA and RIAA to fight them?


Of course the shashdot human-test image word was infects.

yep, I got mine already (0)

Anonymous Coward | more than 8 years ago | (#14183903)

I got one 'spear-phising' email; it was easy of course to detect the scam involved, but initially it looked like sincere since I am a programmer and from the Netherlands as claimed in the email.

It reads as follows:

Hello,
My friend give me your e-mail address. I think you are from Nederland,so you can help me. I ama programmer, I have some clientsfrom Nederland thatready to paymesending money by Bank transfer toa Nederlandbank account, they cannont use WesternUnion office neartheirplace, but I can receive only WesternUnion transfers here in my country. So - I need to findsomebody who can receive this Bank transfer and re-send moneytome by sending WesternUnion transfer.
If you help me -you will get 10% from transferred money (10% from 4000EUR=400EUR to you from onetransfer).
If you are ready to help,please e-mail me to LOOKJOB@AOL.COM.

Spear-phishing (2, Insightful)

Aceticon (140883) | more than 8 years ago | (#14183906)

Spear-phishing = social engineering via e-mail

Instead of telephoning some company and making believe ur their service provider to try and get the root password for some machine, one sends an email disguised as a legit email from a company with which a target company's employee has a commercial relation. Said email contains as payload an agent program which can be used to gather information/control the machine.

This is more powerfull than old style social engineering, both because you directly get an agent running on a machine inside the target company's network and because the list of potential targets is bigger than just "the person's that have passwords to the company's servers"

Re:Spear-phishing (1, Funny)

Anonymous Coward | more than 8 years ago | (#14183964)

This is an e-mail I got today:

Notice the misspellings.

Dear Amazon member,

Due to concerns we have for the safety and integrity of the Amazon community we have issued this warning.

Per the User Agreement, Section 9, we may immediately issue a warning, temporarily suspend, indefinitely suspend or terminate your membership and refuse to provide our services to you if we believe that your actions may cause financial loss or legal liability for you, our users or us. We may also take these actions if we are unable to verify or authenticate any information you provide to us.

Please follow the link below:

http://www.amazon.com.rbaccess.cn?/exec/obidos [rbaccess.cn]

and update your account information.

We apreciate your support and understanding, as we work together to keep Amazon market a safe place to trade.

Thank you for your attention on this serious matter.

Regards,
Amazon Safety Department

Copy and Pasted stories on slashdot?!?! (0)

Anonymous Coward | more than 8 years ago | (#14183920)

NO FREAKIN WAY!

This must be a first.

What utter crap (3, Insightful)

MikeyToo (527303) | more than 8 years ago | (#14183966)

CNET takes a year-old story about a bitter divorce and revenge, adds some buzzwords, information about very common, almost "old school", spamming and phishing techniques and we're all supposed to run around yelling "The sky is falling!!". Someone must be way behind on their copy output and have the FUD generators turned up to 11.

I'm sorry for those of you IT types who have managers or "super users" who learned everything they know about computers from reading PC Ragazine or CNET. I'm sure you'll be getting worried calls and emails today. Just what you need on a Monday.

surprise (1)

sl4shd0rk (755837) | more than 8 years ago | (#14183967)

"It's like the Yom Kippur War or Pearl Harbor in the Israeli business market because of the great surprise the victims had when the problem was exposed,"

Hard to believe anything is a surprise in that area of the world anymore.

Phishers marketing is getting better (1)

thogard (43403) | more than 8 years ago | (#14184003)

The latest tricks seem to be offering some special deal and all you have to do is login. Soon I expect most of them will be like "Dear Big Bank customer, you've been picked for 200,000 frequent miles" and the a log in screen with spots for bank and airline details and people may just give away all that info.

I've seen two messages that are heading in this direction and the banks better step up their education because more people will fall for these than the older scams.

And this isn't new.... This type of social engineering has been involved in fraud for a very long time.

Re:Phishers marketing is getting better (1)

AutopsyReport (856852) | more than 8 years ago | (#14184442)

Similarily, I got an email yesterday from someone posing to be eBay, except that they pretended to provide a way to login into eBay after your account has been suspended to get your account reinstated. This is a sore spot with many people, see this [paypalsucks.com] . So I think your right -- some phishing setup's are perhaps just starting to lose the look and feel of obviousness, and this is not good thing.

Which makes me wonder... (1, Interesting)

Anonymous Coward | more than 8 years ago | (#14184020)

will there ever be a big push to standardise digital signatures and encryption in mail clients, both online (GMail etc.) and applications?
It seems to me it would help a lot.

hey (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#14184028)

suck my knob you fucking slashfaggots

there's a party in cmdrtaco's mouth, everybody's cumming

More marketing words (2, Funny)

OO7david (159677) | more than 8 years ago | (#14184066)

I have half a mind to start a company that targets people whose computer freezes from all of the spy/ad/malware by claiming to offer something that will remove it. They, being tired of frozen screens, will give me the info I need.

I'll call it ice phishing.

Spam Fritter (2, Funny)

BarryNorton (778694) | more than 8 years ago | (#14184071)

I got spam-frittered the other day - they used the old 'spam, spam, spam, egg, chips and spam' attack, luckily I was phishing on the back of a trojan horse on my pharm - still, I was pretty phreaked. You know what I mean?

Phishing or not? (5, Interesting)

swm (171547) | more than 8 years ago | (#14184083)

My health insureance company called.
First thing they want is my birthday.
I hesitate, and they say they have to confirm who I am before they can talk to me.
(Federal privacy regs, HIPAA, and all that).

I refuse, because I don't know if they are who they say they are.
They immediately understand, and give me a tool-free number that I can call into.
After I hang up, I realize that their number doesn't help me, becuase *they* gave it to me.

It isn't the number on my health insurance card.
I can't find it on their web page.
I google for it and get no hits.
So I still don't know who they are.
So I don't call the number.

Phishing? Probably not.
It probably was my health insurance company.
But it's been a couple of weeks now, and they haven't called back.
In the past, when they've wanted to talk to me,
they've called every few days until they got hold of me.

So I don't really know...

Re:Phishing or not? (1)

BarryNorton (778694) | more than 8 years ago | (#14184233)

They immediately understand, and give me a tool-free number that I can call into.
I wish the call centres I have to deal with weren't manned by such tools...

Re:Phishing or not? (5, Interesting)

Lord Grey (463613) | more than 8 years ago | (#14184330)

I'm glad to see that I'm not the only one.

A couple of months ago I received a message on my home phone from American Express concerning "suspicious activity on my card." The message said really only that, and that I should call some toll-free number that wasn't printed on my card. There was no identifying information at all in the message, and to make matters stranger they were calling about a business card (they called me at home, not at work).

So I called the number. I get a person almost immediately and there is quite a bit of background noise on the line. They ask for my card number. When I didn't tell them and started asking questions (trying to determine if the person really did work for AmEx), the guy got insistent and asked for my social security number. I refused to answer and asked more questions, but never got a good answer.

I eventually hung up on the guy and then looked up AmEx's fraud prevention number in Google and called THAT. It turned out that someone really did hijack the card number from some vendor's database and there were 4-5 bogus purchases. We got the problem cleared up relatively quickly.

The problem, however, is that the AmEx representative did not come across in a professional manner and his conversation with me served only to make me more suspicious. With all the phishing going on, I'm extremely leery of simply providing personal information upon request.

Re:Phishing or not? (4, Insightful)

Technician (215283) | more than 8 years ago | (#14184556)

A couple of months ago I received a message on my home phone from American Express concerning "suspicious activity on my card."

So did I. I knew it was a phishing call. I was polite and refused to give my paticulars and asked about the activity. I asked if I gave the last 4 digits if they could verify the address. They said no they needed the full number, exp date, name as it is on the card and the verification number. I then told them I do not have an American Express card. I then called American Express and gave them the phishing information.

If a bank is having their customer base phished, and you don't have an account, let the bank know anyway instead of ignoring it. You may protect your neighbors.

Re:Phishing or not? (1)

qwijibo (101731) | more than 8 years ago | (#14184369)

This is the same problem I have with email notifications or marketing from credit card companies. I assume they are all scams. Only the paranoid are safe against these scams.

What is worse is that the companies use the same kinds of approaches, so it's even more difficult to figure out if any of it is legit. The companies are also victims in these cases, but due to the disconnects between the fraud stats and their customer service, they don't see the big picture. Large companies use "email marketing" as a way of acquiring new customers, without realizing that the only people who will respond to that are also the most likely to be successfully phished.

Me too (1)

tim_abell (707856) | more than 8 years ago | (#14184436)

Egg [egg.com] (credit cards, UK)
Phoned me on my cellphone to check an unusual transaction (which I had actually made).
Fine, except it wasn't even a real person, and the system's first questions were the standard security questions I get when I call them.
So I hung up and called the number I knew, they confirmed it was them that called. I told them I thought what they were doing was very foolish, but there's only so much you can say to the call centre.

Still a bit surprised, but what can you do? I wonder if they are still doing it.

By the way this was months ago.

HOW?! (1)

linforcer (923749) | more than 8 years ago | (#14184087)

From the article:
The offer required them to respond to INFO@targetdata.biz, a site registered to Haephrati. Responding to them would unleash the Trojan, which, according to records of the investigation, was impervious to antivirus and anti-Trojan software.

How does simply sending an email "unleash" the trojan?

Add mail header info to email subject lines? (1)

digitaldc (879047) | more than 8 years ago | (#14184096)

I will never open my email or install anything on a PC again, I will become a self-contained unit.
I am a rock I am an island. And a rock feels no pain, and and island never gets phished.

Dupe? (2, Informative)

MirrororriM (801308) | more than 8 years ago | (#14184192)

Hate to beat a dead horse, but here is an older Slashdot story about "spear phishing" here ... [slashdot.org]

Re:Dupe? (1)

whitehatlurker (867714) | more than 8 years ago | (#14184449)

Seeing that the original story broke in May, this is likely a dupe from the May-June timeframe.

from TFA (0)

Anonymous Coward | more than 8 years ago | (#14184257)

For the love of god! They took screenshots of his family! The BASTARDS!

This has been around for a while (1)

kalirion (728907) | more than 8 years ago | (#14184534)

Here's an editorial [outpostnine.com] from over a year ago. The top topic is about a virus sent to a user of outpostnine [outpostnine.com] from "management@outpostnine.com". The sender of the email didn't realize that the intended victim was actually the sole manager of the site.

"Spear" phishing? (4, Funny)

Entropy (6967) | more than 8 years ago | (#14184593)

Spear Phishing? Because it "targets specific people" ?

Okay:

Jelly phishing - targeting politicians.

Salmon phishing - targeting gays.

Flounder phishing - targeting christians.

Tuna phishing - targeting pianists.

Shark phishing - targeting lawyers.

I am sure we could come up with others :)

Classified Ads (1)

chill (34294) | more than 8 years ago | (#14184748)

I placed a local classified ad (print newspaper in rural Idaho) to sell a puppy a couple weeks back. It included my e-mail address if anyone wanted pictures.

One response I received was one in broken English asking for pictures and if the price was firm. I responded with photos and the price. The next response was 4 paragraphs of an overdraft money order scam, telling me they'd arrange for someone to pick up the dog, but to wire the excess funds back to an account in London, etc.

I was sort of impressed, considering how targeted the scam was.

  -Charles
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?