Phishing Attempt - Coincidence ?

[Ex_OWM]

I've never ever had a phishing email about my own bank - it's an Irish one -
lots from banks that I've never dealt with but never purporting to be my own
bank.

Did a couple of transactions on my online banking about 10 mins ago and I've
suddenly received my first ever phishing attemp pretending to be that bank.

A weird coincidence or is there something here I should be worrying about ?

I'm well up to date on AV and anti-Spyware*, I'm just a tad nervous that
there could be a key trapping programme they've missed.


(*AVG, Search and Destroy, Adaware and Windows Defeneder)

 

[Beauregard T. Shagnasty]

I've never ever had a phishing email ...

I just answered you in alt.www.webmaster ...

 

[Virus Guy]

I just answered you in alt.www.webmaster ...

Why there?

 

[Beauregard T. Shagnasty]

Why there?

Because that was the first place I saw his multi-post. He posted as
"Martin Harran" over there.

<http://groups.google.com/group/alt....t+my+own+bank"+martin+harran#006857584ca858d7>

(Yes, he cross-posted here, and separately posted over there.)

 

[Ex_OWM]

Because that was the first place I saw his multi-post. He posted as
"Martin Harran" over there.

<http://groups.google.com/group/alt....t+my+own+bank"+martin+harran#006857584ca858d7>

(Yes, he cross-posted here, and separately posted over there.)

I don't normally multiple-post, it was after I posted to AWW that I thought
of posting here..

 

[Beauregard T. Shagnasty]

I don't normally multiple-post, it was after I posted to AWW that I
thought of posting here..

'Twas what I suspected. AWW doesn't seem like a place to ask about
phishing. <g>

In the meantime, have you determined the email was legitimately from
your bank?

 

[Ron Lopshire]

I've never ever had a phishing email about my own bank - it's an Irish one -
lots from banks that I've never dealt with but never purporting to be my own
bank.

Did a couple of transactions on my online banking about 10 mins ago and I've
suddenly received my first ever phishing attemp pretending to be that bank.

A weird coincidence or is there something here I should be worrying about ?

I'm well up to date on AV and anti-Spyware*, I'm just a tad nervous that
there could be a key trapping programme they've missed.

(*AVG, Search and Destroy, Adaware and Windows Defeneder)

You are fooling yourself if you think that _anyone's_ anti-phishing
solutions will ever be of any use. If the malware developers are two
steps ahead of the AV vendors, the phishers are ten steps ahead. And
will remain so. Text-only with no inline images for email goes a long
way toward mitigating the problem.

And so, in your case, coincidence? Depends. Do you routinely keep
Javascript and cookies, particularly third-party cookies, enabled in
your browser(s) for non-trusted sites?

http://en.wikipedia.org/wiki/Cross-site_scripting

http://en.wikipedia.org/wiki/HTTP_cookie

The fact that these creeps now have your email address is probably the
least of your worries. They might also have all of your passwords and
credit card info.

Ron

 

[Ex_OWM]

'Twas what I suspected. AWW doesn't seem like a place to ask about
phishing. <g>

You get all sorts of things asked there - a surprising number of which get
answered - and people don't seem to mind if it's a regular or even
semi-regular like myself.

In the meantime, have you determined the email was legitimately from
your bank?

Sorry, I thought I'd made it clear that it wasn't from my bank, I could tell
that from the headers so I binned it without opening it.

 

[Ron Lopshire]

You are fooling yourself if you think that _anyone's_ anti-phishing
solutions will ever be of any use. If the malware developers are two
steps ahead of the AV vendors, the phishers are ten steps ahead. And
will remain so. Text-only with no inline images for email goes a long
way toward mitigating the problem.

And so, in your case, coincidence? Depends. Do you routinely keep
Javascript and cookies, particularly third-party cookies, enabled in
your browser(s) for non-trusted sites?

http://en.wikipedia.org/wiki/Cross-site_scripting

http://en.wikipedia.org/wiki/HTTP_cookie

The fact that these creeps now have your email address is probably the
least of your worries. They might also have all of your passwords and
credit card info.

Speaking of phishing ...

http://www.computing.co.uk/computing/news/2174236/phishing-technique

Ron

 

[Beauregard T. Shagnasty]

You get all sorts of things asked there - a surprising number of which
get answered - and people don't seem to mind if it's a regular or
even semi-regular like myself.

Sorry, I thought I'd made it clear that it wasn't from my bank, I
could tell that from the headers so I binned it without opening it.

Not from your bank? In your initial post, you said, "Did a couple of
transactions on my online banking about 10 mins ago and I've suddenly
received my first ever phishing attemp pretending to be that bank."

Your own Irish bank, you said. <g>

 

[kurt wismer]

Ron Lopshire wrote:
[snip]

You are fooling yourself if you think that _anyone's_ anti-phishing
solutions will ever be of any use.

even this?
http://anti-virus-rants.blogspot.com/2006/12/how-to-recognize-phishing-emails-easy.html

If the malware developers are two
steps ahead of the AV vendors, the phishers are ten steps ahead. And
will remain so. Text-only with no inline images for email goes a long
way toward mitigating the problem.

agreed... when you can see the disparity between the reported url and
the actual url it's very telling...

And so, in your case, coincidence? Depends. Do you routinely keep
Javascript and cookies, particularly third-party cookies, enabled in
your browser(s) for non-trusted sites?

http://en.wikipedia.org/wiki/Cross-site_scripting

http://en.wikipedia.org/wiki/HTTP_cookie

The fact that these creeps now have your email address is probably the
least of your worries. They might also have all of your passwords and
credit card info.

now, now... if they had all that there wouldn't be any reason to send
him phishing emails...

 

[Ron Lopshire]

Ron Lopshire wrote:
[snip]

You are fooling yourself if you think that _anyone's_ anti-phishing
solutions will ever be of any use.

even this?
http://anti-virus-rants.blogspot.com/2006/12/how-to-recognize-phishing-emails-easy.html

Thanks for the link and your thoughts, Kurt.

Of course, as you point out, this starts to become cumbersome with
more than a few domains. And I have seen reports from people who are
now getting spam with their Gmail addresses being used exactly as you
suggest, one address used only for one domain. This was not the case
even 6 months ago. Dictionary attacks? Domains getting hacked?

Unless I request something through email, like a license key, I assume
that any piece of email, particularly HTML-formatted email, from any
business entity is a scam. Does eBay or any of the financial concerns
actually use email for anything except junk mail (like snail mail junk
mail, not really spam)?

agreed... when you can see the disparity between the reported url and
the actual url it's very telling...

People using ActiveX, Java, Javascript, cookies, iFrames, Flashcrap,
animation, etc. in their email client, IMNSHO, get what they deserve.
Unfortunately, these are the same people who scream for government
solutions to every problem in their sorry existences. Screw 'em. [bg]

now, now... if they had all that there wouldn't be any reason to send
him phishing emails...

When you have 150,000,000 people connected by botnets, phishing and
spamming is not about quitting after the first success. [g]

http://arstechnica.com/news.ars/post/20070125-8707.html

Ron

 

[kurt wismer]

Ron Lopshire wrote:
[snip]

You are fooling yourself if you think that _anyone's_ anti-phishing
solutions will ever be of any use.

even this?
http://anti-virus-rants.blogspot.com/2006/12/how-to-recognize-phishing-emails-easy.html

Thanks for the link and your thoughts, Kurt.

Of course, as you point out, this starts to become cumbersome with
more than a few domains.

it does with throwaway addresses, but less so with dedicated disposable
email address providers like sneakemail... those scale quite nicely -
one account can have an arbitrary number of disposable email addresses
and they can forward to multiple different real addresses...

And I have seen reports from people who are
now getting spam with their Gmail addresses being used exactly as you
suggest,

you mean the {gmail id}+{whatever}@gmail.com addresses? yeah, that was
pretty much destined not to work as a security feature...

one address used only for one domain. This was not the case
even 6 months ago. Dictionary attacks? Domains getting hacked?

dictionary attacks are a possibility... i recently started receiving
junk mail at work even though my work email address is unknown on the
internet - the only possibilities i can think of are dictionary attacks
or a compromised machine on the network at work leaked our corporate
email addresses...

Unless I request something through email, like a license key, I assume
that any piece of email, particularly HTML-formatted email, from any
business entity is a scam. Does eBay or any of the financial concerns
actually use email for anything except junk mail (like snail mail junk
mail, not really spam)?

actually, ebay specifically does send you emails about your
transactions, telling you that you've won the item you were bidding on,
reminding you that you now need to pay, etc... also, messages sent to
your ebay id are also sent to your email address...

of course, since i signed up using a disposable email address, emails
that don't go through that specific disposable email address are clearly
fraudulent...

People using ActiveX, Java, Javascript, cookies, iFrames, Flashcrap,
animation, etc. in their email client, IMNSHO, get what they deserve.

those are duh-faults (to borrow a term from cquirke) for a number of
common email clients...

Unfortunately, these are the same people who scream for government
solutions to every problem in their sorry existences. Screw 'em. [bg]

reminds me of "c'est la faute du federal" by bowser and blue...

 

[Ron Lopshire]

those are duh-faults (to borrow a term from cquirke) for a number of
common email clients...

Duh-faults? LOL. I like it. I like it. Thanks, Kurt

Ron

 

[Offbreed]

dictionary attacks are a possibility... i recently started receiving
junk mail at work even though my work email address is unknown on the
internet - the only possibilities i can think of are dictionary attacks
or a compromised machine on the network at work leaked our corporate
email addresses...

I have had the same problem, and traced it back to some of those chain
mail jokes/funny stories people used to send to everyone in their
address book.

Oddly, I get more junk mail at my work account than any of the others,
including this one.

That reminds me, Alaska Scare lines sent an important notification to
everyone who ships through them, but it was html and the Surf Control
junk mail filters tossed it, then the junk mail filter in my machine
tossed it. So far as I can tell, I'm the only one in the company who
bothered to check the junk mail file to see if anything important got
dropped.

 

[Ex_OWM]

Ex_OWM wrote:


You are fooling yourself if you think that _anyone's_ anti-phishing
solutions will ever be of any use. If the malware developers are two
steps ahead of the AV vendors, the phishers are ten steps ahead. And
will remain so.

My reference to anti-vrus and anti-spware was in the context of worrying
about a key trapper having got into my system. I don't see any real software
solution to phishing except text only to a limited extent as you suggest and
I already do this. Avoiding phishing is basically a matter of common sense,
unfortunately common sense isn't too common