|
|
Phishing scams will be with us always. How can you spot them?
The easy way to spot a fake is that the email didn't come from me, or
in the case of your general FSU account, from the FSU IT
managers. Speaking only for the department, there are four ways to
get your account suspended:
- You do something naughty that is against the FSU acceptible use policy and are unrepentant
- You request the suspension
- Your major professor or the department chairman requests the suspension
- You fall prey to a phishing scam, and our server is being used to spam others, so I lock your account which locks out the spammer(s)
There are number of free webspace hosts, and some offer PHP forms, and
thus are vulnerable to hosting phishing scams. Some are just insecure
PHP installations, and they've been compromised and are hosting the
scam against their will. I try to alert the website to the problem and
get them to fix the issue. The links in the two examples no longer
work.
Here's an example, and my comments are in italics and the portions you should concentrate on are in bold.
From: Help Desk [mailto:ncsmith@colorado.edu]
Sent: Thursday, January 09, 2014 8:25 AM
To: undisclosed-recipients:
Subject: Warning!!! An HTK4S virus detected
Ok, from someone not associated with FSU, but claiming to be help
desk. First hint. undisclosed-recipients. Second hint.
Dear user,
An HTK4S virus has been detected in your FSU Statistics Web Email folders,
Your FSU Statistics Web Mail account therefore requires verification for
continuous activity. Your FSU Statistics Web Mail account has to be upgraded
to our new F-Secure R HTK4S anti-virus/anti-Spam version 2014 to prevent
damage to our mail log and your important files. To complete this, you will
have to click on the link below and enter your FSU Statistics email id and
password to validate your account against spy-ware and HTK4S virus.
Well written...well, except that mail log is a just file that logs
transactions, so that's some impressive sounding nonsense. Sort of
like reversing the polarity of the neutron flow.
http://isps-stat-fsu-edu.webs.com/ Click here
Sending you to a non-FSU website. Third hint. I captured a screen shot of that page, and it is pretty scary:
Warning!!! Failure by you to upgrade your FSU Statistics Web Mail account in
receipt of this notice will lead to De-activation of your FSU Statistics Web
Mail account to avoid the virus being spread to our mail log.
Dire warning of deactivation. Fourth hint.
Thank you for your anticipated cooperation.
FSU Webmail Support Team
Copy Right @ 2014 Florida State University - All Right Reseved.
Oh, falls apart badly at the end. As "boiler plate" language, it should be proper English and proofed:
Thank you for your cooperation.
FSU Webmail Support Team
Copyright © 2014 Florida State University - All Rights Reserved.
Here's another, simpler example. Can you spot the problems? I also captured
a screen shot of their web page, and it's not so scary.
Date: Thu, 09 Jan 2014 15:51:25 +0100
From: Florida State University <eamnorte@eam.esc.edu.ar>
To: undisclosed-recipients:;
Subject: IMPORTANT NOTICE
Dear Customer
Your E-mail account has exceeded its limit and needs to be verified, if
not verified within 24hours, we shall suspend your account.
Click Here: http://itservixz-admin.phpforms.net/f/firstform
to verify your email account now
Thank you
System Admin
|
|
|
