Did you get an email from Amazon telling you about an order that you don’t remember ordering? That’s probably because you didn’t – it’s a phishing scam! Don’t fall for it! The “Your Amazon.com Order” email, which purportedly comes from “email@example.com” actually is an effort to get you to point your web browser to BookSalon.kr (the actual phishing URL is http://booksalon.kr/index2.html).
In an effort to clean up after a phishing attack on Twitter, Twitter is targeting some Twitter accounts as “possibly compromised”, and proactively disabling the current password for the account, and sending a “Please change your twitter password” email, which asks you to “please create a new password by opening this link”. While we give them a great deal of credit for being so proactive, the irony is that the email Twitter is sending looks just like the phishing efforts that lead to this problem in the first place! So, if you get a “Please change your twitter password” email, what should you do? Read on.
Not content with sending fake Amazon confirmation emails, the outfit sending out the Canadian pharmacy spam is now sending out fake Amazon.com order cancellation emails, too, claiming that your Amazon order has been cancelled. “Amazon.com – Your Cancellation (0046-68878-96071)” says the email’s subject (although the “order number” may change) – but of course the link to check “ORDER INFORMATION” really takes you to a Canadian pharmacy spam site, hawking Viagra, Cialis and the like. In the example below, the fake cancellation contains links to http://www.dinnerinperu.com/quadratical, which redirects to http://weightbreezy.com, which is a Canadian pharmacy spam site.
A spate of fake “Amazon.com – Your Confirmation” emails is making the rounds – they are phishing emails, with the supposed ‘Amazon’ links actually being hidden links going to such interesting places as http://drevmash.alfaspace.net/admiral.html, http://gofiberzone.com/upper.html, and meeknew.com. The subject (which so far appears to use the same “confirmation” number for everyone), is “Amazon.com – Your Confirmation (0113-567494-3518071)” and supposedly comes from the email address firstname.lastname@example.org. In reality, they are coming from IP address 18.104.22.168, and the emails are sent from (almost certainly spoofed) email addresses such as email@example.com and firstname.lastname@example.org.
As is so often the case, what appears to be an evil mastermind plot really turns out to be a petty criminal looking to support their drug habit. This is as true of phishers as it is of the armed muggers of yore. Interestingly, GE Capital helped to make the identity and financial account theft easy enough for even the most strung-out druggie to accomplish.
A plague of rogue Facebook applications that are stealing user credentials – such as usernames and passwords – has been sweeping Facebook in the past week. The phishing Facebook apps work the same way that many other applications do – including sending an email to your Facebook friends, with links to click on, and when you type in your username and password, BAM! Your login credentials have been stolen.
How many times have you received email that purports to be from a friend, or from someone with whom you do business, only to find out that you nearly got taken in by a fake? We here at the Internet Patrol, and our parent company, the Institute for Social Internet Public Policy, are offering readers of the Internet Patrol an exciting opportunity to take part in the testing of a new browser add-on that will help to protect you against such spoofing.
Paypal has announced that they are going to block the Apple Safari web browser, along with a few other browsers. The online payment service, purchased by eBay for $1.5B back in 2002, in the good old days of rampant Internet mergers and acquisitions, has become a frequent target of phishers and hackers. Anxious to recapture their good name and to offer to sellers and buyers alike a more secure environment, PayPal plans to discontinue support for web browsers that do not include anti-phishing capabilities. If this plan goes through, PayPal will block Safari and older versions of Internet Explorer, Firefox, Opera, and Netscape.
Paypal phish are as common as the cold. Here, the newest one claims that there have been foreign attempts to log into your Paypal account, and explains that if it wasn’t you (which, of course, it wasn’t) you should click on the link to verifiy your identity. Where does the link really go? Not to Paypal, that’s for sure. In fact, it really goes to http://i-195-137-106-138.freedom2surf.net/login, which is a very convincing Paypal phishing site.