The spammers are getting clever

Discussion in 'Technical Corner' started by Sac Arrow, Jun 20, 2019.

  1. Sac Arrow

    Sac Arrow Touchdown! Greaser!

    Joined:
    May 11, 2010
    Messages:
    15,902
    Location:
    Oakland, CA
    Display Name:

    Display name:
    Eight Balla
    So I receive an email asking if I want to attend a major industry conference in Hanoi, which I have attended in the past, and I'll receive attendance and pricing information. The event, dates, location, etc... are legit.

    But wait, there's more. This email is not originating from the event's organization. Third party contractor? The guy's name is "Addison Harry."

    I do some digging. His email URL is real but doesn't seem to be associated with any type of publicized business. His name does not appear to be connected in any way, shape or form to the event. His name is, however, connected to compiled email lists up for sale. Needless to say I didn't reply.

    Gotcha, b*******.
     
  2. Skyrys62

    Skyrys62 Pattern Altitude PoA Supporter

    Joined:
    Apr 5, 2017
    Messages:
    2,444
    Location:
    KY
    Display Name:

    Display name:
    Meet the Fokkers
    They are getting amazingly good at their craft.
    I take care of the security for our company.....and if there was ever a crack in a dam, email is it.
     
    iflyvfr likes this.
  3. EdFred

    EdFred Touchdown! Greaser! PoA Supporter

    Joined:
    Feb 25, 2005
    Messages:
    22,735
    Location:
    Michigan
    Display Name:

    Display name:
    Ed Frederick
    So we actually sell to quite a few universities across the US. Every once in a while we get an email requesting a quote with the email address looking similar but not quite

    similar to something like this:

    some.guy@uwisc-edu.org

    Sometimes they get 'lucky' and actually get the name of someone who we have dealt with in the past.

    Sneaky, but not good enough.
     
  4. iflyvfr

    iflyvfr Pattern Altitude

    Joined:
    Sep 20, 2013
    Messages:
    1,573
    Location:
    Columbus, OH
    Display Name:

    Display name:
    Greg
    The weak link IME is the preoccupied reader who obediently clicks the link provided and blissfully gives up her creds to any old website that happens to look like Office365, Google, etc.
     
    Skyrys62 likes this.
  5. cessna182b

    cessna182b Line Up and Wait

    Joined:
    Sep 7, 2008
    Messages:
    535
    Location:
    SANTA BARBARA, CA
    Display Name:

    Display name:
    DAVID JOHNSON
    Yesterday I got an email from a supposed law firm informing me that "the city" was taking legal action against me (didn't say what city) - and to click on the link
    for further information (I didn't). Seeing as how I do not live in any city, own no property in one, nor have any other connection with one - that can hardly be true.

    Forwarded it to the spam bin.

    Dave
     
  6. bflynn

    bflynn En-Route

    Joined:
    Apr 24, 2012
    Messages:
    4,882
    Location:
    Fuquay Varina, NC
    Display Name:

    Display name:
    Brian Flynn
    Respectfully, the weak link is the web browser that allows code to be downloaded and run. That should never be allowed.
     
    DaleB likes this.
  7. iflyvfr

    iflyvfr Pattern Altitude

    Joined:
    Sep 20, 2013
    Messages:
    1,573
    Location:
    Columbus, OH
    Display Name:

    Display name:
    Greg
    But I'm not talking about an attack that downloads and runs PS for example, I'm talking about a link in an email that takes an end user to a scraped page made to mimic Google or O-365 and simply harvests the creds entered in the ID and PW field. Any firm who implements cloud without at least 2FA is asking for (and subsequently delivering to others) unwanted attention and trouble.
     
  8. RJM62

    RJM62 Touchdown! Greaser!

    Joined:
    Jun 15, 2007
    Messages:
    12,473
    Location:
    Catskill Mountains, New York
    Display Name:

    Display name:
    Geek On The Hill
    Yes, but only if they do so in a sensible way. Almost all sites that require 2FA do it by way of text messages, occasionally with a spoken PIN option on a landline. Using a cell number makes it impossible to log in unless you have a cell signal, and using a landline number makes it impossible to log in away from home unless you had the forethought to forward the number to wherever you'll be.

    Personally, I think pushing for 2FA using text messages is just a way for companies to get your cell number, which is a highly-valued piece of information in the datamining market. I've closed accounts with companies that insisted on it. It's also less secure than a simpler option, which is to use a PIN in addition to the email / password login. The PIN can be baked into the email and/or the password hash for even more security.

    The reason I say the PIN is more secure is because if you collect mail on your phone, and you lose your phone or it is stolen, and you were silly enough not to set a PIN on the phone itself, then the person possessing the phone has everything they need to change your passwords. This is even easier if you also have the bank's or organization's app installed. That tells them where you have accounts. Just tap "Forgot Password," and the bank or organization will send a link to the email and a text message to the phone. Voila. You're screwed.

    Facial recognition and fingerprints are also notoriously unreliable. But a combination of email, password, and PIN would be extremely difficult to crack in the amount of time a miscreant would have before you could secure the account, requires no cell connection, and works anywhere in the Interwebs-connected world.

    Rich
     
  9. Kenny Phillips

    Kenny Phillips Pattern Altitude

    Joined:
    Jul 29, 2018
    Messages:
    2,105
    Display Name:

    Display name:
    Kenny Phillips
    Our company sends cleverly disguised phishing to see who they can catch out [their filter for external mail is extraordinary, I've probably only gotten spammed five times in 14 years]. I'm on early, and warn all of my people about it!
    My personal email is 90% spam, including stealth emails like the one the OP describes.
     
  10. DaleB

    DaleB En-Route

    Joined:
    Aug 24, 2011
    Messages:
    3,696
    Location:
    Omaha, NE
    Display Name:

    Display name:
    DaleB
    We may work for the same place.
    My personal email gets about 0.5% spam, because squelching it has been a hobby of mine for years. I have very long header_checks and body_checks files in Postfix, and Postgrey eliminates a huge portion of it.
     
  11. Skyrys62

    Skyrys62 Pattern Altitude PoA Supporter

    Joined:
    Apr 5, 2017
    Messages:
    2,444
    Location:
    KY
    Display Name:

    Display name:
    Meet the Fokkers
    Lot's of C-level staff get targeted for this. Our CEO has thrice gotten burned from emails that say their email account is locked, and have to enter their username and password.
    Then, (no joke)...we have emails coming legit from his email box to other members in the company asking for checks, gift cards to surprise staff, etc.
    Most reply and ask questions, which legitimately get answered from his email, and some know it's a scam, while some happily travel to Walmart and buy gift cards (yes really).

    A recent trick for them is, they set rules in place on the mailbox to move any replies from the people they send messages to. Often to obscure folders such as RSS feeds, etc.
    Then the email is automatically deleted from sent items, so the compromised user can legitimately feel it isn't coming from them.....they know they aren't doing it! ;)
    Very clever, but I usually can handle them, and prevent future attacks with my own rules/logic.
    However, there are more of them working more hours than me to get in....so it's a never ending battle.

    They will peruse websites, find the financial staff, send emails with "ACH attachments" and while the staff are in the middle of processing ACH payments, of course they click on them, as they are sending/receiving legitimate ones all the while.

    Sneaky bastages...
     
  12. Capt. Geoffrey Thorpe

    Capt. Geoffrey Thorpe Touchdown! Greaser! PoA Supporter

    Joined:
    Jun 7, 2008
    Messages:
    11,193
    Location:
    DXO124009
    Display Name:

    Display name:
    Light and Sporty Guy
    Current employer decides that they need to train everyone in cyber security - so they set up the training somewhere where you log in with your work user id and password. Then, they send out an email with a link to the training site and tell you to click on it and log in. Really?
     
  13. GeorgeC

    GeorgeC En-Route PoA Supporter

    Joined:
    Dec 5, 2010
    Messages:
    2,630
    Display Name:

    Display name:
    GeorgeC
    "I am Chloe, Editorial assistant from Siam Publishing Group Ltd. contacting you with the reference from our editorial department. Basing on your outstanding contribution to the scientific community, we would like to write a book for you."