How nice, but I don't read your blog and because of your arrogance I never will. So please stop spamming the forums with your blog and casting dispersions upon the articles posted for our enjoyment.
We have Mac users on this forum with a technical background that spell things like MAC and i-Phone all the time. That spelling is the least of the evidence in the email.
I hope that Apple puts anti-phishing back into Safari. I know it was only beta, but it's one of the reasons I recommend FF to people on Macs who aren't very internet savvy. Some understand what a URL is pretty quickly, some don't. As stated, it doesn't replace knowledge, but it is extra protection and one that can help to educate the end user when they wonder why they have weird screen instead of the website they were expecting.
You will never be able to instill common sense through a technical solution. I mean how hard is it to realize that a company that you do business with will never contact you via email and try to update your banking information or any other personal information.
The best solution is to never give your personal info out when asked. Period. If someone emails you or even calls do not give anything out. Instead call the company using a telephone number that you know.
There is no browser that offers better security than a little common sense provides, including Chrome. If a user can't defend themselves from these feeble attempts to steal their money, then they really should not be doing business on the internet, they should go to a brick and mortar store where the cashier is keeping their credit card number :-)
Why should we have to wade through all the security pop-ups because some people have no common sense?
Why can't these scammers be tracked down and brought to justice? It's like there's a sniper out there and all we're told to do is to "put on a bullet-proof vest and be careful out there". If they are ultimately getting people's credit card info and using it, isn't there enough of a trail to reach the perpetrators of these crimes so that they can be dealt with as the criminals that they are? Getting tough with these phishers and scammers seems like it would go a long way in deterring others from following their same criminal behavior.
http://www.opendns.com is your best option if you use Safari as I do. You can say goodbye to these types of phishing attacks. If you use Firefox and OpenDns together then you will have two layers of anti-phishing protection.
Besides anti-phishing protection, your web surfing will be much faster and it's all free.
Why can't these scammers be tracked down and brought to justice? It's like there's a sniper out there and all we're told to do is to "put on a bullet-proof vest and be careful out there". If they are ultimately getting people's credit card info and using it, isn't there enough of a trail to reach the perpetrators of these crimes so that they can be dealt with as the criminals that they are? Getting tough with these phishers and scammers seems like it would go a long way in deterring others from following their same criminal behavior.
Off topic slightly but a good warning on related scam:
You'd think that was the answer wouldn't you! My wife and I have a couple of condos we rent out. One recently was rented by a guy in UK who came across the condo on a well known vacation rental web site as most of our bookings do. It wasn't until we got the e-mail explaining we would receive a check for more than he owed from a third party and asking us to 'wire using Western Union the extra to him did' we see it was a scammer. I called the FBI and a nice guy said there was nothing they could do till after we were scammed! The FBI guy told me that this scam goes on day in day out and work because the funds do show up in your bank after depositing the check due to the way banks work. Only after the suckers wire the excess do they learn the funds were not really in their account. He said there are insiders in Western Union and Banks in on these scams too. I was in disbelief of this until a friend here in Florida who runs a fishing boat charter admitted he was taken for $7,000 by this exact scam, again interestingly by a British based operation.
FBI told me: Never wire excess payments. Also do not even cash such a check and if you get such a check hold it and call FBI. Only accept the correct amount.
Why should we have to wade through all the security pop-ups because some people have no common sense?
I don't expect the rest of the world to be as knowledgeable in the ways of the internet as we are on this forum. I know people whoa re new to computers and have spent so much of their lives without using the internet that their focus and concentration is all about grappling the little thing we take for granted. These people are not stupid in any way, just inexperienced. Should they not be allowed to use the internet until they've taken a gov't run course which gives them a license to ride the information highway? A part of me says that wouldn't be such a bad idea, but until then we have to realize that there are new people using the internet each day that don't know of the all plight Nigerian princes, would think fo Luke Skywalker if you said 'Star Wars kid',
couldn't tell you what Numa Numa is, and have never heard of phishing, much less how the computer in their home is gateway to losing any might they might have left.
Quote:
Originally Posted by digitalclips
Nor me! This is discrimination!!
Class action?
Quote:
Originally Posted by digitalclips
[...] It wasn't until we got the e-mail explaining we would receive a check for more than he owed from a third party and asking us to 'wire using Western Union the extra to him did' we see it was a scammer. [...]
A friend in Florida was scammed by someone in Florida using Western Union. There was absolutely nothing the police could do even within the same state.
Situation: Guy sees car engine on eBay for sale in Key West at a great price. A 'too good to be true' price. He contacts the seller. They talk about any forth on email. Then they move to using the phone. Friend wants to see the engine first and is willing to drive from Sarasota to Key West to see it. The seller says he is Miami right now and wants to make sure the buyer is on the up and up. In other words, has the funds available. The seller says he can use Western Union to send the money to himself, so it's under the buyer's name, not the sellers. So the seller can confirm the money is in this makeshift escrow account just email him the WU number that he got and he look verify it online. The seller was kind enough to only half of the $1,400 in 'escrow'.
Result: Within an hour the money was gone. It was pulled out of a WU kiosk by the seller. If the funds are under $1000 they don't require an ID. You can check a box for this that is hidden within the convoluted page you fill out, but it's not made obvious.
Why can't these scammers be tracked down and brought to justice
It's just slightly more complicated than that. First, how do you extradite or prosecute someone in Pakistan?
"The DNS registration for the domain points to Madih-ullah Riaz in Karachi, Pakistan"
Second, I'm guessing that either this guy's website was hacked and is being used by someone else for this purpose, or someone spoofed his name when registering that domain. The person behind a scam this elaborate isn't likely stupid enough to use a domain which leads directly back to them.
If it will make you feel better, you can send me your full name, date and place of birth, social security number, mother's maiden name, high school attended and 3-4 valid credit card numbers with the 3 digit security code.
I'll even sign you up for a free year of Mobile Me and as a Thank You, a brand new iPod touch delivered direct to your door!
This practice does not educate consumers and there are plenty more examples of the like from them over recent years.
yes but how many of them are like the one you posted and go to event pages and the like and now many go to pages that require you to input personal info.
It wasn't until we got the e-mail explaining we would receive a check for more than he owed from a third party and asking us to 'wire using Western Union the extra to him did' we see it was a scammer.
forget a scam, my first thought was that it was someone trying to use you to clean some dirty money for them.
Quote:
I called the FBI and a nice guy said there was nothing they could do till after we were scammed
yep. outside of murder and a few other things, the law can't go in on the basis of 'they were trying to do something bad'. sucks but there you go.
I used to work for a retail bookstore and we had a run of attempts on a scam ourselves. it was really rather clever. we saw it from the first time and contacted all of the other chains to warn them (yes we were nice and helped out our competition). but we figure somewhere someone fell for it.
oh and then there's all those emails about being a political enemy and please help me hide my money. I have a friend that loves to get those and answers them. but takes the other side through hell in the process. it's funny
Why should we have to wade through all the security pop-ups because some people have no common sense?
what we think of as common sense isn't always. and many browsers let you turn off those popups.
perhaps the answer to your question is to do something about instilling that common sense in folks.
that sweet little old lady next door got her first computer so she can talk to the grandkids across the country. why not go over one afternoon with a nice bundt cake and set her down for a little talk. or even offer to go talk to her bridge club. I'm sure that she'd be happy to have that nice young man -- remember him, he used to mow my grass for me when he was younger -- explain a few things about the internet and how to not get scammed by the not so nice young men.
I've done it several times. used to work with the local public library on meetings about identity protection, protecting kids on the internet etc.
I agree, although poor spelling and grammar are, unfortunately, increasingly common in some legitimate emails and websites.
However, I am not aware of Apple making such mistakes, so the missing apostrophe and typo in the request for 'Mothers Maiden Nane' should ring alarm bells
I have a set of rules I obey when dealing with the web to help protect myself.
1. Always have a throw away e-mail address to use for uncertain sites.
2. when asked to login & change account information for any web service always manually visit site & login, then navigate to accounts manually.
3. always double check links in an e-mail, you can put any text over the link you want.
4. Never trust personal information to social networking sites. You may be careful but your friends may not be.
5. Always be suspicious of "free". Nothing in life is free, there is a cost to be paid, though sometimes it's not you that pays it.
6. Learn how to use resources like truthorfiction.com or snopes.com
7. Keep a different password for social sites vs passwords used for more important things like banking.
8. Be paranoid about presentation quality, spammer e-mails are often ugly cause they're thrown together. Companies put a lot of money behind PR, they don't make mistakes often.
9. weigh your budget, it might be well worth it to pay for identity theft insurance.
10. USE A Mac! Vast majority of identity theft still occurs through malware, & all of that is for PC.
Probably could add a few but these 10 will eliminate almost all chance of being taken by these scams.
It's just slightly more complicated than that. First, how do you extradite or prosecute someone in Pakistan?
"The DNS registration for the domain points to Madih-ullah Riaz in Karachi, Pakistan"
Second, I'm guessing that either this guy's website was hacked and is being used by someone else for this purpose, or someone spoofed his name when registering that domain. The person behind a scam this elaborate isn't likely stupid enough to use a domain which leads directly back to them.
A simple Google search shows that that Mr Riaz has been previously been involved in black hat password cracking, credit card scams and the like. The modus operandi seems to be identical, even if this time he's given the FBI an inside lead on him by failing to anonymise his registrar details.
Comments
Already been done, blogged, and resolved with Apple. This is just an update to the same old email.
http://blog.joelesler.net/2008/07/ma...t-aint-so.html
How nice, but I don't read your blog and because of your arrogance I never will. So please stop spamming the forums with your blog and casting dispersions upon the articles posted for our enjoyment.
I wouldn't fall for that
Sadly apple doesn't have a very good record when it comes to observing anti-fraud-educating URL practices.
They quite happily link people to URLs such as:
http://events.apple.com.edgesuite.ne...ent/index.html
(Linked from: http://www.apple.com/hotnews/article...wsf/index.html)
This practice does not educate consumers and there are plenty more examples of the like from them over recent years.
We have Mac users on this forum with a technical background that spell things like MAC and i-Phone all the time. That spelling is the least of the evidence in the email.
I hope that Apple puts anti-phishing back into Safari. I know it was only beta, but it's one of the reasons I recommend FF to people on Macs who aren't very internet savvy. Some understand what a URL is pretty quickly, some don't. As stated, it doesn't replace knowledge, but it is extra protection and one that can help to educate the end user when they wonder why they have weird screen instead of the website they were expecting.
You will never be able to instill common sense through a technical solution. I mean how hard is it to realize that a company that you do business with will never contact you via email and try to update your banking information or any other personal information.
The best solution is to never give your personal info out when asked. Period. If someone emails you or even calls do not give anything out. Instead call the company using a telephone number that you know.
There is no browser that offers better security than a little common sense provides, including Chrome. If a user can't defend themselves from these feeble attempts to steal their money, then they really should not be doing business on the internet, they should go to a brick and mortar store where the cashier is keeping their credit card number :-)
Why should we have to wade through all the security pop-ups because some people have no common sense?
Besides anti-phishing protection, your web surfing will be much faster and it's all free.
maaan... I didn't get the email, I feel left out
Nor me! This is discrimination!!
Why can't these scammers be tracked down and brought to justice? It's like there's a sniper out there and all we're told to do is to "put on a bullet-proof vest and be careful out there". If they are ultimately getting people's credit card info and using it, isn't there enough of a trail to reach the perpetrators of these crimes so that they can be dealt with as the criminals that they are? Getting tough with these phishers and scammers seems like it would go a long way in deterring others from following their same criminal behavior.
Off topic slightly but a good warning on related scam:
You'd think that was the answer wouldn't you! My wife and I have a couple of condos we rent out. One recently was rented by a guy in UK who came across the condo on a well known vacation rental web site as most of our bookings do. It wasn't until we got the e-mail explaining we would receive a check for more than he owed from a third party and asking us to 'wire using Western Union the extra to him did' we see it was a scammer. I called the FBI and a nice guy said there was nothing they could do till after we were scammed! The FBI guy told me that this scam goes on day in day out and work because the funds do show up in your bank after depositing the check due to the way banks work. Only after the suckers wire the excess do they learn the funds were not really in their account. He said there are insiders in Western Union and Banks in on these scams too. I was in disbelief of this until a friend here in Florida who runs a fishing boat charter admitted he was taken for $7,000 by this exact scam, again interestingly by a British based operation.
FBI told me: Never wire excess payments. Also do not even cash such a check and if you get such a check hold it and call FBI. Only accept the correct amount.
Why should we have to wade through all the security pop-ups because some people have no common sense?
I don't expect the rest of the world to be as knowledgeable in the ways of the internet as we are on this forum. I know people whoa re new to computers and have spent so much of their lives without using the internet that their focus and concentration is all about grappling the little thing we take for granted. These people are not stupid in any way, just inexperienced. Should they not be allowed to use the internet until they've taken a gov't run course which gives them a license to ride the information highway? A part of me says that wouldn't be such a bad idea, but until then we have to realize that there are new people using the internet each day that don't know of the all plight Nigerian princes, would think fo Luke Skywalker if you said 'Star Wars kid',
couldn't tell you what Numa Numa is, and have never heard of phishing, much less how the computer in their home is gateway to losing any might they might have left.
Nor me! This is discrimination!!
Class action?
[...] It wasn't until we got the e-mail explaining we would receive a check for more than he owed from a third party and asking us to 'wire using Western Union the extra to him did' we see it was a scammer. [...]
A friend in Florida was scammed by someone in Florida using Western Union. There was absolutely nothing the police could do even within the same state.
Situation: Guy sees car engine on eBay for sale in Key West at a great price. A 'too good to be true' price. He contacts the seller. They talk about any forth on email. Then they move to using the phone. Friend wants to see the engine first and is willing to drive from Sarasota to Key West to see it. The seller says he is Miami right now and wants to make sure the buyer is on the up and up. In other words, has the funds available. The seller says he can use Western Union to send the money to himself, so it's under the buyer's name, not the sellers. So the seller can confirm the money is in this makeshift escrow account just email him the WU number that he got and he look verify it online. The seller was kind enough to only half of the $1,400 in 'escrow'.
Result: Within an hour the money was gone. It was pulled out of a WU kiosk by the seller. If the funds are under $1000 they don't require an ID. You can check a box for this that is hidden within the convoluted page you fill out, but it's not made obvious.
Why can't these scammers be tracked down and brought to justice
It's just slightly more complicated than that. First, how do you extradite or prosecute someone in Pakistan?
"The DNS registration for the domain points to Madih-ullah Riaz in Karachi, Pakistan"
Second, I'm guessing that either this guy's website was hacked and is being used by someone else for this purpose, or someone spoofed his name when registering that domain. The person behind a scam this elaborate isn't likely stupid enough to use a domain which leads directly back to them.
some phish attacks recently seem to have purposely attacked targets where a browser other than IE is likely to be used for this very reason.
oh and btw you would be amazed what some people will actually click on!
This happens a thousand times a day...
maaan... I didn't get the email, I feel left out
If it will make you feel better, you can send me your full name, date and place of birth, social security number, mother's maiden name, high school attended and 3-4 valid credit card numbers with the 3 digit security code.
I'll even sign you up for a free year of Mobile Me and as a Thank You, a brand new iPod touch delivered direct to your door!
(this is a joke peeps)
The rule of 1% applies here.
when it comes to Apple and iTunes in particular then not at all.
Sadly apple doesn't have a very good record when it comes to observing anti-fraud-educating URL practices.
They quite happily link people to URLs such as:
http://events.apple.com.edgesuite.ne...ent/index.html
(Linked from: http://www.apple.com/hotnews/article...wsf/index.html)
This practice does not educate consumers and there are plenty more examples of the like from them over recent years.
yes but how many of them are like the one you posted and go to event pages and the like and now many go to pages that require you to input personal info.
It wasn't until we got the e-mail explaining we would receive a check for more than he owed from a third party and asking us to 'wire using Western Union the extra to him did' we see it was a scammer.
forget a scam, my first thought was that it was someone trying to use you to clean some dirty money for them.
I called the FBI and a nice guy said there was nothing they could do till after we were scammed
yep. outside of murder and a few other things, the law can't go in on the basis of 'they were trying to do something bad'. sucks but there you go.
I used to work for a retail bookstore and we had a run of attempts on a scam ourselves. it was really rather clever. we saw it from the first time and contacted all of the other chains to warn them (yes we were nice and helped out our competition). but we figure somewhere someone fell for it.
oh and then there's all those emails about being a political enemy and please help me hide my money. I have a friend that loves to get those and answers them. but takes the other side through hell in the process. it's funny
Why should we have to wade through all the security pop-ups because some people have no common sense?
what we think of as common sense isn't always. and many browsers let you turn off those popups.
perhaps the answer to your question is to do something about instilling that common sense in folks.
that sweet little old lady next door got her first computer so she can talk to the grandkids across the country. why not go over one afternoon with a nice bundt cake and set her down for a little talk. or even offer to go talk to her bridge club. I'm sure that she'd be happy to have that nice young man -- remember him, he used to mow my grass for me when he was younger -- explain a few things about the internet and how to not get scammed by the not so nice young men.
I've done it several times. used to work with the local public library on meetings about identity protection, protecting kids on the internet etc.
I agree, although poor spelling and grammar are, unfortunately, increasingly common in some legitimate emails and websites.
However, I am not aware of Apple making such mistakes, so the missing apostrophe and typo in the request for 'Mothers Maiden Nane' should ring alarm bells
I have a set of rules I obey when dealing with the web to help protect myself.
1. Always have a throw away e-mail address to use for uncertain sites.
2. when asked to login & change account information for any web service always manually visit site & login, then navigate to accounts manually.
3. always double check links in an e-mail, you can put any text over the link you want.
4. Never trust personal information to social networking sites. You may be careful but your friends may not be.
5. Always be suspicious of "free". Nothing in life is free, there is a cost to be paid, though sometimes it's not you that pays it.
6. Learn how to use resources like truthorfiction.com or snopes.com
7. Keep a different password for social sites vs passwords used for more important things like banking.
8. Be paranoid about presentation quality, spammer e-mails are often ugly cause they're thrown together. Companies put a lot of money behind PR, they don't make mistakes often.
9. weigh your budget, it might be well worth it to pay for identity theft insurance.
10. USE A Mac! Vast majority of identity theft still occurs through malware, & all of that is for PC.
Probably could add a few but these 10 will eliminate almost all chance of being taken by these scams.
It's just slightly more complicated than that. First, how do you extradite or prosecute someone in Pakistan?
"The DNS registration for the domain points to Madih-ullah Riaz in Karachi, Pakistan"
Second, I'm guessing that either this guy's website was hacked and is being used by someone else for this purpose, or someone spoofed his name when registering that domain. The person behind a scam this elaborate isn't likely stupid enough to use a domain which leads directly back to them.
A simple Google search shows that that Mr Riaz has been previously been involved in black hat password cracking, credit card scams and the like. The modus operandi seems to be identical, even if this time he's given the FBI an inside lead on him by failing to anonymise his registrar details.
Sadly apple doesn't have a very good record when it comes to observing anti-fraud-educating URL practices.
They quite happily link people to URLs such as:
http://events.apple.com.edgesuite.ne...ent/index.html
(Linked from: http://www.apple.com/hotnews/article...wsf/index.html)
This practice does not educate consumers and there are plenty more examples of the like from them over recent years.
Well... I understand that. My point was, in a decent phishing attempt, the URL would be something like:
apple.billing.com VS billing.apple.com or whatever....
But this one was example.com/apple.com