| Author |
Topic: another pfishing scam |
Bill Ford
From:
Graniteville SC Aiken
|
Posted 1 Mar 2012 9:38 am |
|
Got this email this morning, don't recall making any such transaction..It included a pdf link, Google said it was a scam/pfishing thing...Bill
The Electronic Payments Association
Dear Customer,
We have to notify you, that Direct Deposit payment could not be completed, because of discontinued receipient account.
Directed Deposit request rejected
_________________
Bill Ford S12 CLR, S12 Lamar keyless, Misc amps&toys Sharp Covers
Steeling for Jesus now!!! |
|
|
|
Richard Sinkler
From:
aka: Rusty Strings -- Missoula, Montana
|
Posted 1 Mar 2012 2:27 pm
|
|
I get crap like that fairly often. I don't even open the email. I know that I have nothing that is direct deposit.
_________________
Carter D10 8p/8k, Dekley S10 3p/4k C6 setup,Regal RD40 Dobro, Recording King Professional Dobro, NV400, NV112,Ibanez Gio guitar, Epiphone SG Special (open D slide guitar) . Playing for 55 years and still counting. |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 1 Mar 2012 7:25 pm
|
|
Guys; this is not a phishing scam. If only it were...
The links in these ACH, NACHA and FDIC failed bank transfer/deposit transaction scams lead to the Russian Blackhole malware exploit kit.
Bill;
Thank your lucky stars Google warned you not to go to that website. If you have any out-dated version of Java, Flash, or Adobe Reader installed on your computer, you would have been botted, plus the Zeus bank account stealing Trojan would be installed.
I have blogged many times about these scam emails in my weekly spam analysis reports. Read them regularly on Wiz's computer and website security blog.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Bill Ford
From:
Graniteville SC Aiken
|
Posted 2 Mar 2012 5:27 am
|
|
Wiz,
There was a PDF file link, is that a form to give them your banking info (account #s etc)or can just opening the link do damage?
As always, thank you for your help...Bill
_________________
Bill Ford S12 CLR, S12 Lamar keyless, Misc amps&toys Sharp Covers
Steeling for Jesus now!!! |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 2 Mar 2012 10:06 am
|
|
| Bill Ford wrote: |
Wiz,
There was a PDF file link, is that a form to give them your banking info (account #s etc)or can just opening the link do damage?
As always, thank you for your help...Bill |
Bill;
Listen up Pilgrim!
If you still have that email, open it again. Find the link to the file and hover over it with your mouse pointer. Read the details about the link in the bottom status bar of whatever program you are using to "do" email. Chances are high that the actual link will lead to a .htm, .html, or .php file, as shown in the status bar. The link you saw displayed in plain text was octopus ink to fool the unwary.
Let me show you how this works. The following link claims to go to a .pdf file on my website. Hover over it and read what the URL really is in your status bar.
http://www.wizcrafts.net/articles/details1.pdf
The actual link code goes to: http://www.wizcrafts.net/blogs/spam_issues/
| Code: |
[url=http://www.wizcrafts.net/blogs/spam_issues/]http://www.wizcrafts.net/articles/details1.pdf[/url]
|
Use this system to reveal all links before clicking on them, whether in a web page, IM, or email. If the revealed code is different than the printed text link, treat it as hostile until proved otherwise.
Note: many spammers use URL shortener services to conceal the true destination of their links. There are only a few add-ons that will reveal the actual destination of these shortened links, so don't click on them automatically. If the message comes from a stranger, or a source with which you have had no previous contact, treat it as hostile unless proven otherwise.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
Last edited by Wiz Feinberg on 2 Mar 2012 10:14 am; edited 1 time in total |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 2 Mar 2012 10:26 am
|
|
Here is a code example of how cybercriminals conceal the actual link destination, while showing their victims what they want to see:
| Code: |
<a href="http://www.wizcrafts.net/blogs/spam_issues/index.html">Transaction Report</a>
|
The victim only sees a link claiming to go to "Transaction Report" ...
Transaction Report
If you hover over my link, you'll see where it actually leads in your browser's status bar (bottom-left).
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Bill Ford
From:
Graniteville SC Aiken
|
Posted 2 Mar 2012 11:28 am
|
|
This is on the form, leading you to fill out the proper info so they can "send you the money"...Yea right..
Thank you Wiz.
Please print out the transfer correction request below to submit the correct recipient information. The next box was Transfer Status, then a string of numbers, and letters that highlighted as a link.
_________________
Bill Ford S12 CLR, S12 Lamar keyless, Misc amps&toys Sharp Covers
Steeling for Jesus now!!! |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 2 Mar 2012 11:33 am
|
|
| Bill Ford wrote: |
This is on the form, leading you to fill out the proper info so they can "send you the money"...Yea right..
Thank you Wiz.
Please print out the transfer correction request below to submit the correct recipient information. The next box was Transfer Status, then a string of numbers, and letters that highlighted as a link. |
Why don't you forward it to me as an attachment? If you don't know how to do that, read my sticky article at the top of this forum. Send the attached original to me at wizardodelasteel at hotmail dot com
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
