Announcement

Collapse
No announcement yet.

Spoofing - It's not a joke

Collapse
X
Collapse
 
  • Page of 2
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 template Next
  • #1

    Spoofing - It's not a joke

    Last year I bought some games for my kids on Amazon.com because the ones they asked for were not on stock locally. Last week I received an e-mail from "Amazon.com Inc." reporting possible irregularities with my account. The e-mail provided a link to contact them in order to fix the problem. I followed the link to a webpage that did indeed look a lot like an Amazon.com webpage. It had the correct colors, banners, ads and buttons, so I started to fill in the identification forms, but after completing the first page I was sent to a page with blanks for my credit card number, and more ominously my credit card PIN number. I thought about it for a second and decided that Amazon.com simply wouldn't need my PIN number, so I backed out. I decided to google Amazon.com outside of the e-mail link, but found that when I accessed "My Account" I was back on the same pages. I was still suspicious so I just quit. A few days later I revisited Amazon.com and found that the "My Account" page was completely different - it no longer asked for my credit card and PIN numbers. I contacted Amazon.com, reported the incident and sent to them an attachment including the headers of the offending e-mail. Their support person replied that the e-mail did not come from them and that I had been "spoofed".
    I still don't understand how the "spoof" managed to redirect my attempt to contact Amazon.com from outside of the link they provided.
    "I say shoot'em all and let God sort it out in the end!
    Tags: None
  • #2
    Because you don't have an eye for detail, nor a client that detects phishing.

    Upgrade your mail client and web browser.
    "The issue is there are still many people out there that use religion as a crutch for bigotry and hate. Like Ben."
    Ben Kenobi: "That means I'm doing something right. "

    Comment

    • #3
      I get those occassionally for ebay. I just foward them onto the Ebay fraud link. I've always been curious what they do to them if anything.
      I make no bones about my moral support for [terrorist] organizations. - chegitz guevara
      For those who aspire to live in a high cost, high tax, big government place, our nation and the world offers plenty of options. Vermont, Canada and Venezuela all offer you the opportunity to live in the socialist, big government paradise you long for. –Senator Rubio

      Comment

      • #4
        Sometimes when I'm bored, I fill out the forms with bogus credit card/bank account numbers, and swear words for my login and passwords.
        THEY!!111 OMG WTF LOL LET DA NOMADS AND TEH S3D3NTARY PEOPLA BOTH MAEK BITER AXP3REINCES
        AND TEH GRAAT SINS OF THERE [DOCTRINAL] INOVATIONS BQU3ATH3D SMAL
        AND!!1!11!!! LOL JUST IN CAES A DISPUTANT CALS U 2 DISPUT3 ABOUT THEYRE CLAMES
        DO NOT THAN DISPUT3 ON THEM 3XCAPT BY WAY OF AN 3XTARNAL DISPUTA!!!!11!! WTF

        Comment

        • #5
          I think it would really be fun

          if I could fill out one of those things with the personal details of a high ranking Russian Mafia member.
          “It is no use trying to 'see through' first principles. If you see through everything, then everything is transparent. But a wholly transparent world is an invisible world. To 'see through' all things is the same as not to see.â€

          ― C.S. Lewis, The Abolition of Man​

          Comment

          • #6
            I too get them occasionally. Anything that doesn't directly link to an official host (ebay.com, amazon.fr etc) gets immediately ignored.

            Anything that looks like a legitimate host, I look whether the link actually leads to said host.

            And I never even give my credit card numbers when I'm not buying something. If they need my bank number, they'll have it when I'll also need something from them.
            "I have been reading up on the universe and have come to the conclusion that the universe is a good thing." -- Dissident
            "I never had the need to have a boner." -- Dissident
            "I have never cut off my penis when I was upset over a girl." -- Dis

            Comment

            • #7
              One time while late at night I entered in info also. I should have caught it at the same time as you, but was tired. I froze my account and had to deal with it for a while (got a new account/etc).

              Currently, if I get an email from anything financially related online, I go and enter in the base web address by hand(Like I would go to www.amazon.com). Then I go and find out from there what info I need to put in.

              Jon Miller
              Jon Miller-
              I AM.CANADIAN
              GENERATION 35: The first time you see this, copy it into your sig on any forum and add 1 to the generation. Social experiment.

              Comment

              • #8
                Re: Spoofing - It's not a joke

                Originally posted by Dr Strangelove

                I still don't understand how the "spoof" managed to redirect my attempt to contact Amazon.com from outside of the link they provided.
                If it somehow also contained a script, that written something in the hosts file, or your browser's DNS cache...

                Comment

                • #9
                  I often see such phishing mails when I look up the spam filter, mostly from Ebay, Amazon and several banks. For me they're especially easy to tell, since neither of them would write me in English (I use the German portals in all cases). In most cases I just ignore them. Sometimes when I'm bored, I fill out their forms, as Santa Claus, George W. Bush, Donald Duck or Timothy Truckle, with phantasy addresses, card numbers and pins.

                  Comment

                  • #10
                    Wheren I have the slightest doubt about the email being real or not I always check all links in the mail to see where they direct, usually you can at first sight see that they direct to some place else than where they're supposed to
                    One time when I got such email from Paypal I went to the site (knowing it was fake), entered some fake login information, and surprise surprise it actually logged me in

                    Often I get such email talking about my ebay account... but since I don't have one there's nothing to be worried about
                    This space is empty... or is it?

                    Comment

                    • #11
                      NEVER click on the link provided in these e-mails as they are almost always phishing attempts. If you really feel like you need to check something out then manually go to the webpage (amazon.com etc) as clicking on that link could literally take you anywhere.
                      Try http://wordforge.net/index.php for discussion and debate.

                      Comment

                      • #12
                        Well, as I said in my post when I got suspicious I closed the link then Goggle searched "Amazon.com". I then clicked on the link for Amazon.com listed on the search results page. So somehow it also managed to redirect a completely seperate link? I wonder if it would have made a difference if I had hand entered the URL for Amazon.com? Oh well, if it happens again I'll see if that makes a difference.

                        A couple months ago I received a similar e-mail purporting to be from my bank, but it was so obviously a fake I didn't bother to click on the link.
                        "I say shoot'em all and let God sort it out in the end!

                        Comment

                        • #13
                          Are you sure the credit card/PIN page was also there, or did you just see that the first page matched?
                          Civilization II: maps, guides, links, scenarios, patches and utilities (+ Civ2Tech and CivEngineer)

                          Comment

                          • #14
                            I love when you get that kind of crap from banks you don't even have accounts with... but obviously, somebody must be stupid enough to offer up their account and pin number, or they still wouldn't be doing it
                            Keep on Civin'
                            RIP rah, Tony Bogey & Baron O

                            Comment

                            • #15
                              Originally posted by Ming
                              I love when you get that kind of crap from banks you don't even have accounts with... but obviously, somebody must be stupid enough to offer up their account and pin number, or they still wouldn't be doing it
                              I followed the link to a webpage that did indeed look a lot like an Amazon.com webpage. It had the correct colors, banners, ads and buttons, so I started to fill in the identification forms
                              "The issue is there are still many people out there that use religion as a crutch for bigotry and hate. Like Ben."
                              Ben Kenobi: "That means I'm doing something right. "

                              Comment

                              Previous 1 2 template Next
                              Working...
                              X