Re: [H] Possible Phishing Attack? Fwd: Amazon Payments Billing Issue
At 02:39 PM 06/12/2005, Stan Zaske wrote: I just received issue #23 of the Astalavista Security Newsletter. Does anybody else read it and what do you think? @:) Never read it. How do I get a copy? T
Re: [H] Possible Phishing Attack? Fwd: Amazon Payments Billing Issue
Check it out! @:D http://www.astalavista.com/media/archive1/newsletter/issue_23_2005.pdf Thane Sherrington (S) wrote: At 02:39 PM 06/12/2005, Stan Zaske wrote: I just received issue #23 of the Astalavista Security Newsletter. Does anybody else read it and what do you think? @:) Never read it. How do I get a copy? T
Re: [H] Possible Phishing Attack? Fwd: Amazon Payments Billing Issue
At 02:27 PM 07/12/2005, Stan Zaske wrote: Check it out! @:D http://www.astalavista.com/media/archive1/newsletter/issue_23_2005.pdf Cool, thanks. T
Re: [H] Possible Phishing Attack? Fwd: Amazon Payments Billing Issue
Veech wrote: :: I have never responded to these types of requests. Never never give :: personal info on these. A common denominator to all of these :: things, no matter where they come from, is bad grammar or misspelled :: words. Once they figure this out, then we're in trouble. Until :: then, if I can spot a grammatical or spelling error, it's to the :: trash file they go. I would not count on this...they are already getting much, much better.
Re: [H] Possible Phishing Attack? Fwd: Amazon Payments Billing Issue
IMO, the fact that they are writing you tell you of unauthorized activity and then asking you to follow any link to update your info is the dead giveaway - regardless of spelling and grammar or what's really coded behind a link. If Amazon (or anyone) wants to suspend my account - I'd let them go right ahead. They need me way more than I need them. Neil Davidson wrote: :: The fact it is addressed to Dear [EMAIL PROTECTED] instead :: of your actual name is also a bit of a giveaway :: ::: -Original Message- ::: From: [EMAIL PROTECTED] ::: [mailto:[EMAIL PROTECTED] On Behalf Of Brian ::: Weeden Sent: 03 December 2005 17:13 ::: To: hwg ::: Subject: [H] Possible Phishing Attack? Fwd: Amazon Payments ::: Billing Issue ::: ::: I got the following from Amazon which seems kind of suspicious. ::: Clicking the link looks to me like it does take you to the ::: real Amazon but you can't be 100% sure these days. I typed ::: in Amazon myself and verified my account settings and ::: everything looked ok. ::: ::: The formatting is a bit screwed up because I converted it ::: from Rich Text to plain text for this list. ::: ::: -- Forwarded message -- ::: From: [EMAIL PROTECTED] [EMAIL PROTECTED] ::: Date: 3 Dec 2005 14:28:30 - ::: Subject: Amazon Payments Billing Issue - [EMAIL PROTECTED] ::: To: [EMAIL PROTECTED] ::: ::: ::: ::: Dear [EMAIL PROTECTED] , ::: ::: Greetings from Amazon ::: Payments. ::: ::: Your bank has contacted ::: us regarding some attempts of charges ::: from your credit card via the Amazon system. ::: We have reasons to believe that you changed your registration ::: information or that someone else has unauthorized access to ::: your Amazon account ::: Due to recent activity, including possible ::: unauthorized listings placed on your account, ::: we will require a second confirmation of your ::: identity with us in order to allow us to investigate :::this matter further. Your account is not suspended, but if ::: in 48 hours after you receive this message your account ::: is not confirmed we reserve the right to ::: suspend ::: your Amazon registration. If you received this ::: notice and you are not the authorized account ::: holder, please be aware that it is in violation ::: of Amazon policy to represent oneself as another ::: Amazon user. Such action may also be in violation of local, ::: national, and/or international law. Amazon is committed to :::assist law enforcement with any inquires related ::: to attempts to misappropriate personal ::: information with the intent to commit fraud or ::: theft. Information will be provided at the ::: request of law enforcement agencies to ensure that ::: perpetrators are prosecuted to the full extent ::: of the law. ::: ::: ::: ::: ::: ::: To confirm your identity with us click here: ::: ::: https://www.amazon.com/exec/obidos/flex-sign-in/ref=pd_irl_gw_ ::: r/103-3177084-7567864?opt=oapage=recs/sign-in-secure.html ::: ::: After responding to the ::: message, we ask that you allow at least 72 hours for the case ::: to be investigated. Emailing us before that time will ::: result in delays. We apologize in advance for ::: any inconvenience this may cause you and we ::: would like to thank you for your cooperation ::: as we review this matter. ::: ::: ::: ::: ::: ::: ::: Thank you for your interest in selling at Amazon.com. ::: ::: Amazon.com Customer Service ::: http://www.amazon.com ::: ::: This message and any files or documents attached may contain ::: classified information. It is intended only for the ::: individual or entity named and others authorized to receive ::: it. If you are not the intended recipient or authorized to ::: receive it, you are hereby notified that any disclosure, ::: copying, distribution or taking any action in reliance on ::: the contents of this information is strictly prohibited and ::: may be unlawful. If you have received this communication in ::: error, please notify us immediately then delete it from your ::: system. Please also note that transmission cannot be ::: guaranteed to be secure or error-free. ::: ::: ::: ::: ::: ::: -- ::: Brian
Re: [H] Possible Phishing Attack? Fwd: Amazon Payments Billing Issue
I agree, my bank never solicits me online only by snailmail. They know better. I never click on any links from any SPAM either and the only reason I leave it unfiltered is that sometimes it excludes the wrong email and I miss stuff being sent to me from legitimate sources like NewEgg. @:) Anthony Q. Martin wrote: IMO, the fact that they are writing you tell you of unauthorized activity and then asking you to follow any link to update your info is the dead giveaway - regardless of spelling and grammar or what's really coded behind a link. If Amazon (or anyone) wants to suspend my account - I'd let them go right ahead. They need me way more than I need them. Neil Davidson wrote: :: The fact it is addressed to Dear [EMAIL PROTECTED] instead :: of your actual name is also a bit of a giveaway :: ::: -Original Message- ::: From: [EMAIL PROTECTED] ::: [mailto:[EMAIL PROTECTED] On Behalf Of Brian ::: Weeden Sent: 03 December 2005 17:13 ::: To: hwg ::: Subject: [H] Possible Phishing Attack? Fwd: Amazon Payments ::: Billing Issue ::: ::: I got the following from Amazon which seems kind of suspicious. ::: Clicking the link looks to me like it does take you to the ::: real Amazon but you can't be 100% sure these days. I typed ::: in Amazon myself and verified my account settings and ::: everything looked ok. ::: ::: The formatting is a bit screwed up because I converted it ::: from Rich Text to plain text for this list. ::: ::: -- Forwarded message -- ::: From: [EMAIL PROTECTED] [EMAIL PROTECTED] ::: Date: 3 Dec 2005 14:28:30 - ::: Subject: Amazon Payments Billing Issue - [EMAIL PROTECTED] ::: To: [EMAIL PROTECTED] ::: ::: ::: ::: Dear [EMAIL PROTECTED] , ::: ::: Greetings from Amazon ::: Payments. ::: ::: Your bank has contacted ::: us regarding some attempts of charges ::: from your credit card via the Amazon system. ::: We have reasons to believe that you changed your registration ::: information or that someone else has unauthorized access to ::: your Amazon account ::: Due to recent activity, including possible ::: unauthorized listings placed on your account, ::: we will require a second confirmation of your ::: identity with us in order to allow us to investigate :::this matter further. Your account is not suspended, but if ::: in 48 hours after you receive this message your account ::: is not confirmed we reserve the right to ::: suspend ::: your Amazon registration. If you received this ::: notice and you are not the authorized account ::: holder, please be aware that it is in violation ::: of Amazon policy to represent oneself as another ::: Amazon user. Such action may also be in violation of local, ::: national, and/or international law. Amazon is committed to :::assist law enforcement with any inquires related ::: to attempts to misappropriate personal ::: information with the intent to commit fraud or ::: theft. Information will be provided at the ::: request of law enforcement agencies to ensure that ::: perpetrators are prosecuted to the full extent ::: of the law. ::: ::: ::: ::: ::: ::: To confirm your identity with us click here: ::: ::: https://www.amazon.com/exec/obidos/flex-sign-in/ref=pd_irl_gw_ ::: r/103-3177084-7567864?opt=oapage=recs/sign-in-secure.html ::: ::: After responding to the ::: message, we ask that you allow at least 72 hours for the case ::: to be investigated. Emailing us before that time will ::: result in delays. We apologize in advance for ::: any inconvenience this may cause you and we ::: would like to thank you for your cooperation ::: as we review this matter. ::: ::: ::: ::: ::: ::: ::: Thank you for your interest in selling at Amazon.com. ::: ::: Amazon.com Customer Service ::: http://www.amazon.com ::: ::: This message and any files or documents attached may contain ::: classified information. It is intended only for the ::: individual or entity named and others authorized to receive ::: it. If you are not the intended recipient or authorized to ::: receive it, you are hereby notified that any disclosure, ::: copying, distribution or taking any action in reliance on ::: the contents of this information is strictly prohibited and ::: may be unlawful. If you have received this communication in ::: error, please notify us immediately then delete it from your ::: system. Please also note that transmission cannot be ::: guaranteed to be secure or error-free. ::: ::: ::: ::: ::: ::: -- ::: Brian
RE: [H] Possible Phishing Attack? Fwd: Amazon Payments Billing Issue
The fact it is addressed to Dear [EMAIL PROTECTED] instead of your actual name is also a bit of a giveaway -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Weeden Sent: 03 December 2005 17:13 To: hwg Subject: [H] Possible Phishing Attack? Fwd: Amazon Payments Billing Issue I got the following from Amazon which seems kind of suspicious. Clicking the link looks to me like it does take you to the real Amazon but you can't be 100% sure these days. I typed in Amazon myself and verified my account settings and everything looked ok. The formatting is a bit screwed up because I converted it from Rich Text to plain text for this list. -- Forwarded message -- From: [EMAIL PROTECTED] [EMAIL PROTECTED] Date: 3 Dec 2005 14:28:30 - Subject: Amazon Payments Billing Issue - [EMAIL PROTECTED] To: [EMAIL PROTECTED] Dear [EMAIL PROTECTED] , Greetings from Amazon Payments. Your bank has contacted us regarding some attempts of charges from your credit card via the Amazon system. We have reasons to believe that you changed your registration information or that someone else has unauthorized access to your Amazon account Due to recent activity, including possible unauthorized listings placed on your account, we will require a second confirmation of your identity with us in order to allow us to investigate this matter further. Your account is not suspended, but if in 48 hours after you receive this message your account is not confirmed we reserve the right to suspend your Amazon registration. If you received this notice and you are not the authorized account holder, please be aware that it is in violation of Amazon policy to represent oneself as another Amazon user. Such action may also be in violation of local, national, and/or international law. Amazon is committed to assist law enforcement with any inquires related to attempts to misappropriate personal information with the intent to commit fraud or theft. Information will be provided at the request of law enforcement agencies to ensure that perpetrators are prosecuted to the full extent of the law. To confirm your identity with us click here: https://www.amazon.com/exec/obidos/flex-sign-in/ref=pd_irl_gw_ r/103-3177084-7567864?opt=oapage=recs/sign-in-secure.html After responding to the message, we ask that you allow at least 72 hours for the case to be investigated. Emailing us before that time will result in delays. We apologize in advance for any inconvenience this may cause you and we would like to thank you for your cooperation as we review this matter. Thank you for your interest in selling at Amazon.com. Amazon.com Customer Service http://www.amazon.com This message and any files or documents attached may contain classified information. It is intended only for the individual or entity named and others authorized to receive it. If you are not the intended recipient or authorized to receive it, you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately then delete it from your system. Please also note that transmission cannot be guaranteed to be secure or error-free. -- Brian
RE: [H] Possible Phishing Attack? Fwd: Amazon Payments Billing Issue
The bad grammar in the first two sentences is a dead giveaway. Fry this phish... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Brian Weeden Sent: Saturday, December 03, 2005 9:13 AM To: hwg Subject: [H] Possible Phishing Attack? Fwd: Amazon Payments Billing Issue I got the following from Amazon which seems kind of suspicious. Clicking the link looks to me like it does take you to the real Amazon but you can't be 100% sure these days. I typed in Amazon myself and verified my account settings and everything looked ok. The formatting is a bit screwed up because I converted it from Rich Text to plain text for this list. -- Forwarded message -- From: [EMAIL PROTECTED] [EMAIL PROTECTED] Date: 3 Dec 2005 14:28:30 - Subject: Amazon Payments Billing Issue - [EMAIL PROTECTED] To: [EMAIL PROTECTED] Dear [EMAIL PROTECTED] , Greetings from Amazon Payments. Your bank has contacted us regarding some attempts of charges from your credit card via the Amazon system. We have reasons to believe that you changed your registration information or that someone else has unauthorized access to your Amazon account Due to recent activity, including possible unauthorized listings placed on your account, we will require a second confirmation of your identity with us in order to allow us to investigate this matter further. Your account is not suspended, but if in 48 hours after you receive this message your account is not confirmed we reserve the right to suspend your Amazon registration. If you received this notice and you are not the authorized account holder, please be aware that it is in violation of Amazon policy to represent oneself as another Amazon user. Such action may also be in violation of local, national, and/or international law. Amazon is committed to assist law enforcement with any inquires related to attempts to misappropriate personal information with the intent to commit fraud or theft. Information will be provided at the request of law enforcement agencies to ensure that perpetrators are prosecuted to the full extent of the law. To confirm your identity with us click here: https://www.amazon.com/exec/obidos/flex-sign-in/ref=pd_irl_gw_r/103-3177084- 7567864?opt=oapage=recs/sign-in-secure.html After responding to the message, we ask that you allow at least 72 hours for the case to be investigated. Emailing us before that time will result in delays. We apologize in advance for any inconvenience this may cause you and we would like to thank you for your cooperation as we review this matter. Thank you for your interest in selling at Amazon.com. Amazon.com Customer Service http://www.amazon.com This message and any files or documents attached may contain classified information. It is intended only for the individual or entity named and others authorized to receive it. If you are not the intended recipient or authorized to receive it, you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately then delete it from your system. Please also note that transmission cannot be guaranteed to be secure or error-free. -- Brian
Re: [H] Possible Phishing Attack? Fwd: Amazon Payments Billing Issue
On 12/3/05, Veech [EMAIL PROTECTED] wrote: The bad grammar in the first two sentences is a dead giveaway. Fry this phish... What makes me wonder is the link - it is to https://www.amazon.com which unless I am missing something is the correct site. Could there be some sort of proxy or DNS relay that takes you to the phisher's site? --- Brian
Re: [H] Possible Phishing Attack? Fwd: Amazon Payments Billing Issue
I have been getting these, and a similar Paypal one, on a daily bases, on one of my work accounts for at least six months. At 12:52 PM 12/3/2005, you wrote: On 12/3/05, Veech [EMAIL PROTECTED] wrote: The bad grammar in the first two sentences is a dead giveaway. Fry this phish... What makes me wonder is the link - it is to https://www.amazon.com which unless I am missing something is the correct site. Could there be some sort of proxy or DNS relay that takes you to the phisher's site? --- Brian
RE: [H] Possible Phishing Attack? Fwd: Amazon Payments Billing Issue
Well, that's the link as to what it -looks- like. But the a href is not always the same as the linked text.. A common phish. -- FIGHT BACK AGAINST SPAM! Download Spam Inspector, the Award Winning Anti-Spam Filter http://mail.giantcompany.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Weeden Sent: Saturday, December 03, 2005 2:53 PM To: The Hardware List Subject: Re: [H] Possible Phishing Attack? Fwd: Amazon Payments Billing Issue On 12/3/05, Veech [EMAIL PROTECTED] wrote: The bad grammar in the first two sentences is a dead giveaway. Fry this phish... What makes me wonder is the link - it is to https://www.amazon.com which unless I am missing something is the correct site. Could there be some sort of proxy or DNS relay that takes you to the phisher's site? --- Brian
RE: [H] Possible Phishing Attack? Fwd: Amazon Payments Billing Issue
At 05:03 PM 12/3/2005, Chris Reeves typed: Well, that's the link as to what it -looks- like. But the a href is not always the same as the linked text.. A common phish. You're using Gmail therefore the email message is in html which makes it easy to hide the real link in the a href=.. You want to make sure that you view source check out the a href= I can almost guarantee you that it's not Amazon.com. --+-- Wayne D. Johnson Ashland, OH, USA 44805 http://www.wavijo.com
Re: [H] Possible Phishing Attack? Fwd: Amazon Payments Billing Issue
At 16:21 12/03/05, Steve Tomporowski wrote: I got the same thing the other day. The key is to type in the wrong password and see if it lets you in. If it does, then it's phsihing I also get these almost every day. I've checked view source for many of them and I've seen some where the underlying link is maybe a thousand characters long. This leads me to think that if you merely click on one of these links from within your email program (and it opens in your browser), it's possible that some dangerous script or unchecked buffer overflow might attempt to execute. I don't feel 100% confident that Microsoft has patched all vulnerabilities like these. It's getting so that I really hesitate to click on links in any message, even in ones from vendors and organizations that I've been getting for years. Regards, Bill
