I don't get it - normally get spam about Viagra, loans, lottery winnings, tax refund and fake rolexes. Big deal - ThunderBird's spam filter grabs, reports, ad dumps them. But the bank scam... I don't know who's black list I have been put, but they start to get annoying. One thing is to be a professional, do your job well (ether its for good or bad - its not up to me to decide that), but the latest batch is plain pathetic. Where has the ethics gone? 10 years ago, wen you got a scam - it was fine graded text with a meaning, it had a sense of personal touch, it was estethical. When you read the text, it was believable, it had the nice "personal touch". It had the feeling that even a little effort has put to it to make it more realistic. I miss the old days...
Nowadays, when you get a scam mail, its full of some random garbage, excessive grammar errors, all mails come in with some active content to harvest your mail address and/or contact list, infect you pc with a trojan/spyware/adware/malware. the mails contain embedded insults/garbage. They are filled with pictures with sites to harvest all they can on show you the finger at the end. It just gets frustrating to even open your mailbox. When you finally get the mood up to open it all you see is SPAM. Friends sending you "I love you", your bank asking for passwords, the lottery telling you won 100 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000$ USD even if you haven't participated in one (I wonder if there is enough currency in the world to cover that amount), the pharmacists telling you that you cant get it up, a "friend" telling you a way to pay off your 20 year mortgage in 6 months, etc... etc... etc....
Back to todays topic. Some unknown bank (BB&T) send me a mail like this:
Looks legit right? Well not really - this is not a screen shot, its the picture from the mail. I have seen a lot of nice scams, but this one was just cold - a template picture, a little text in photoshop, no personalization. This alone should arise alarms even if you secretly wish that you had an account with 1 000 000$ USD on it :) As usual it was a html mail with some embedded text from "Misery by Stephen King, 1987". I know its just for bypassing the spam filters as the optical recognition isn't so widely used to scan email pictures, but still isn't it and IP violation and if so what is the RIAA/MPAA/BSA for literature? I guess if there would be such a organization they could file charges against that person and by doing so they could enforce law enforcement organizations to fight spam - wouldn't that be a nice twist? :)
Well back to the scam - all looks legit except that the url the picture was pointing to. Poor Outlook (express) users would not even see to what they are clicking, but thanks to TB I can look at the link I'm about to click. Now look at the url in the picture and compare it to the link thats embedded to the url (I'll make comments in brackets): http://(hmm http is insecure why isn't it https wit ha valid cert? DEFCON 4) online.bbt(hmm why is the mail from @bbt.com, the url on the picture *.bbandt.* and the real url *.bbt.*? Right the author made a SMALL mistake when writing the url to the picture? DEFCON 3) .com.onlineservlet_(here comes some random numbers that can be tracked back to me, so I'm not releasing them - but still why is there a "." instead a "/"? Its part of the domain - this should rise a lot of alarms. DEFCON 1).sisopt.tk/cbus <- now the last part should put all the bells and whistles to scream on the maximum level (if the blinking read lights are not enough :)). Your right - this is not the right url for the bank - its a phishing site under the Tokelau TLD. A little more digging and the owner of the domain is Donald Williamson. Now there can be 3 explanations to why he would try to scam people like this 1) hes domain is hijacked and is used by criminal element and the owner is not aware of it 2) this person does not exist, is stolen identity, is forced to register by other parties 3) he is running the scam and was stupid enough to give out hes real information. A little more googleing gave me also this result. This means the domain is part of a larger group of domains focused on attacking BB&T.
The conclusion turn off javascript, turn off images and activex (if you are using windows), use ThunderBird or an alternative browser, look at the url before clicking on it (ant not the text that looks like a link) and finally rise your paranoia level - next time the mail might be from Your bank and it might contain personal info to make it more believable.
technorati tags:bank, scam, on, the, wild, bbt, BB&T, ThunderBird
Blogged with Flock
No comments:
Post a Comment