Re: [H] Possible Phishing Attack? Fwd: Amazon Payments Billing Issue

2005-12-07 Thread Thane Sherrington (S)

At 02:39 PM 06/12/2005, Stan Zaske wrote:
I just received issue #23 of the Astalavista Security Newsletter. Does 
anybody else read it and

what do you think? @:)


Never read it.  How do I get a copy?

T 



Re: [H] Possible Phishing Attack? Fwd: Amazon Payments Billing Issue

2005-12-07 Thread Stan Zaske

Check it out! @:D

http://www.astalavista.com/media/archive1/newsletter/issue_23_2005.pdf


Thane Sherrington (S) wrote:

At 02:39 PM 06/12/2005, Stan Zaske wrote:

I just received issue #23 of the Astalavista Security Newsletter. Does 
anybody else read it and

what do you think? @:)



Never read it.  How do I get a copy?

T




Re: [H] Possible Phishing Attack? Fwd: Amazon Payments Billing Issue

2005-12-07 Thread Thane Sherrington (S)

At 02:27 PM 07/12/2005, Stan Zaske wrote:

Check it out! @:D

http://www.astalavista.com/media/archive1/newsletter/issue_23_2005.pdf


Cool, thanks.

T 



Re: [H] Possible Phishing Attack? Fwd: Amazon Payments Billing Issue

2005-12-06 Thread Anthony Q. Martin

Veech wrote:
:: I have never responded to these types of requests.  Never never give
:: personal info on these.  A common denominator to all of these
:: things, no matter where they come from, is bad grammar or misspelled
:: words.  Once they figure this out, then we're in trouble.  Until
:: then, if I can spot a grammatical or spelling error, it's to the
:: trash file they go. 


I would not count on this...they are already getting much, much better.



Re: [H] Possible Phishing Attack? Fwd: Amazon Payments Billing Issue

2005-12-06 Thread Anthony Q. Martin
IMO, the fact that they are writing you tell you of unauthorized activity 
and then asking you to follow any link to update your info is the dead 
giveaway - regardless of spelling and grammar or what's really coded behind 
a link.  If Amazon (or anyone) wants to suspend my account - I'd let them go 
right ahead.  They need me way more than I need them.



Neil Davidson wrote:
:: The fact it is addressed to Dear [EMAIL PROTECTED]  instead
:: of your actual name is also a bit of a giveaway
::
::: -Original Message-
::: From: [EMAIL PROTECTED]
::: [mailto:[EMAIL PROTECTED] On Behalf Of Brian
::: Weeden Sent: 03 December 2005 17:13
::: To: hwg
::: Subject: [H] Possible Phishing Attack? Fwd: Amazon Payments
::: Billing Issue
:::
::: I got the following from Amazon which seems kind of suspicious.
::: Clicking the link looks to me like it does take you to the
::: real Amazon but you can't be 100% sure these days.  I typed
::: in Amazon myself and verified my account settings and
::: everything looked ok.
:::
::: The formatting is a bit screwed up because I converted it
::: from Rich Text to plain text for this list.
:::
::: -- Forwarded message --
::: From: [EMAIL PROTECTED] [EMAIL PROTECTED]
::: Date: 3 Dec 2005 14:28:30 -
::: Subject: Amazon Payments Billing Issue - [EMAIL PROTECTED]
::: To: [EMAIL PROTECTED]
:::
:::
:::
:::  Dear [EMAIL PROTECTED]  ,
:::
:::  Greetings from Amazon
:::   Payments.
:::
:::  Your bank has contacted
::: us regarding some attempts of charges
::: from your credit card via the  Amazon  system.
::: We have reasons to believe that you changed your registration
::: information or that someone  else has unauthorized access to
::: your Amazon account
:::   Due to recent activity, including possible
::: unauthorized listings  placed on your account,
::: we will require a second confirmation  of your
::: identity with us in order to allow us to investigate
:::this matter further. Your account is not suspended, but if
::: in 48 hours after you receive this message your account
:::  is not confirmed we reserve the right to
::: suspend
::: your Amazon  registration. If you received this
::: notice and you are not  the authorized account
::: holder, please be aware that it is in  violation
::: of Amazon policy to represent oneself as another
::: Amazon user. Such action may also be in violation of local,
:::   national, and/or international law. Amazon is committed to
:::assist law enforcement with any inquires related
::: to attempts  to misappropriate personal
::: information with the intent to  commit fraud or
::: theft. Information will be provided at the
::: request of law enforcement agencies to ensure that
::: perpetrators are prosecuted to the full  extent
::: of the law.
:::
:::
:::
:::
:::
:::  To confirm your identity with us click here:
:::
::: https://www.amazon.com/exec/obidos/flex-sign-in/ref=pd_irl_gw_
::: r/103-3177084-7567864?opt=oapage=recs/sign-in-secure.html
:::
:::  After responding to the
::: message, we ask that you allow at least 72 hours for the case
::: to be investigated. Emailing us before that time will
::: result  in delays. We apologize in advance for
::: any inconvenience this  may cause you and we
::: would like to thank you for your cooperation
::: as we review this matter.
:::
:::
:::
:::
:::
:::
:::   Thank you for your interest in selling at Amazon.com.
:::
:::   Amazon.com Customer Service
:::  http://www.amazon.com
:::
::: This message and any files or documents attached may contain
::: classified  information. It is intended only for the
::: individual or entity named and others  authorized to receive
::: it. If you are not the intended recipient or authorized to
::: receive it, you are hereby notified that any disclosure,
::: copying, distribution  or taking any action in reliance on
::: the contents of this information is strictly prohibited and
::: may be unlawful. If you have received this communication in
::: error, please notify us immediately then delete it from your
::: system. Please also  note that transmission cannot be
::: guaranteed to be secure or error-free.
:::
:::
:::
:::
:::
::: --
::: Brian 



Re: [H] Possible Phishing Attack? Fwd: Amazon Payments Billing Issue

2005-12-06 Thread Stan Zaske
I agree, my bank never solicits me online only by snailmail. They know 
better. I never click on any links from any SPAM either and the only 
reason I leave it unfiltered is that sometimes it excludes the wrong 
email and I miss stuff being sent to me from legitimate sources like 
NewEgg. @:)



Anthony Q. Martin wrote:
IMO, the fact that they are writing you tell you of unauthorized 
activity and then asking you to follow any link to update your info is 
the dead giveaway - regardless of spelling and grammar or what's really 
coded behind a link.  If Amazon (or anyone) wants to suspend my account 
- I'd let them go right ahead.  They need me way more than I need them.



Neil Davidson wrote:
:: The fact it is addressed to Dear [EMAIL PROTECTED]  instead
:: of your actual name is also a bit of a giveaway
::
::: -Original Message-
::: From: [EMAIL PROTECTED]
::: [mailto:[EMAIL PROTECTED] On Behalf Of Brian
::: Weeden Sent: 03 December 2005 17:13
::: To: hwg
::: Subject: [H] Possible Phishing Attack? Fwd: Amazon Payments
::: Billing Issue
:::
::: I got the following from Amazon which seems kind of suspicious.
::: Clicking the link looks to me like it does take you to the
::: real Amazon but you can't be 100% sure these days.  I typed
::: in Amazon myself and verified my account settings and
::: everything looked ok.
:::
::: The formatting is a bit screwed up because I converted it
::: from Rich Text to plain text for this list.
:::
::: -- Forwarded message --
::: From: [EMAIL PROTECTED] [EMAIL PROTECTED]
::: Date: 3 Dec 2005 14:28:30 -
::: Subject: Amazon Payments Billing Issue - [EMAIL PROTECTED]
::: To: [EMAIL PROTECTED]
:::
:::
:::
:::  Dear [EMAIL PROTECTED]  ,
:::
:::  Greetings from Amazon
:::   Payments.
:::
:::  Your bank has contacted
::: us regarding some attempts of charges
::: from your credit card via the  Amazon  system.
::: We have reasons to believe that you changed your registration
::: information or that someone  else has unauthorized access to
::: your Amazon account
:::   Due to recent activity, including possible
::: unauthorized listings  placed on your account,
::: we will require a second confirmation  of your
::: identity with us in order to allow us to investigate
:::this matter further. Your account is not suspended, but if
::: in 48 hours after you receive this message your account
:::  is not confirmed we reserve the right to
::: suspend
::: your Amazon  registration. If you received this
::: notice and you are not  the authorized account
::: holder, please be aware that it is in  violation
::: of Amazon policy to represent oneself as another
::: Amazon user. Such action may also be in violation of local,
:::   national, and/or international law. Amazon is committed to
:::assist law enforcement with any inquires related
::: to attempts  to misappropriate personal
::: information with the intent to  commit fraud or
::: theft. Information will be provided at the
::: request of law enforcement agencies to ensure that
::: perpetrators are prosecuted to the full  extent
::: of the law.
:::
:::
:::
:::
:::
:::  To confirm your identity with us click here:
:::
::: https://www.amazon.com/exec/obidos/flex-sign-in/ref=pd_irl_gw_
::: r/103-3177084-7567864?opt=oapage=recs/sign-in-secure.html
:::
:::  After responding to the
::: message, we ask that you allow at least 72 hours for the case
::: to be investigated. Emailing us before that time will
::: result  in delays. We apologize in advance for
::: any inconvenience this  may cause you and we
::: would like to thank you for your cooperation
::: as we review this matter.
:::
:::
:::
:::
:::
:::
:::   Thank you for your interest in selling at Amazon.com.
:::
:::   Amazon.com Customer Service
:::  http://www.amazon.com
:::
::: This message and any files or documents attached may contain
::: classified  information. It is intended only for the
::: individual or entity named and others  authorized to receive
::: it. If you are not the intended recipient or authorized to
::: receive it, you are hereby notified that any disclosure,
::: copying, distribution  or taking any action in reliance on
::: the contents of this information is strictly prohibited and
::: may be unlawful. If you have received this communication in
::: error, please notify us immediately then delete it from your
::: system. Please also  note that transmission cannot be
::: guaranteed to be secure or error-free.
:::
:::
:::
:::
:::
::: --
::: Brian




RE: [H] Possible Phishing Attack? Fwd: Amazon Payments Billing Issue

2005-12-04 Thread Neil Davidson
The fact it is addressed to Dear [EMAIL PROTECTED]  instead of your
actual name is also a bit of a giveaway

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On Behalf Of Brian Weeden
 Sent: 03 December 2005 17:13
 To: hwg
 Subject: [H] Possible Phishing Attack? Fwd: Amazon Payments 
 Billing Issue
 
 I got the following from Amazon which seems kind of suspicious. 
 Clicking the link looks to me like it does take you to the 
 real Amazon but you can't be 100% sure these days.  I typed 
 in Amazon myself and verified my account settings and 
 everything looked ok.
 
 The formatting is a bit screwed up because I converted it 
 from Rich Text to plain text for this list.
 
 -- Forwarded message --
 From: [EMAIL PROTECTED] [EMAIL PROTECTED]
 Date: 3 Dec 2005 14:28:30 -
 Subject: Amazon Payments Billing Issue - [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 
 
 
  Dear [EMAIL PROTECTED]  ,
 
  Greetings from Amazon
   Payments.
 
   Your bank has contacted 
 us regarding some attempts of charges
 from your credit card via the  Amazon  system. We
 have reasons to believe that you changed your registration 
 information or that someone  else has unauthorized access to 
 your Amazon account  
   Due to recent activity, including possible
 unauthorized listings  placed on your account, we
 will require a second confirmation  of your
 identity with us in order to allow us to investigate  
this matter further. Your account is not suspended, but if 
 in 48 hours after you receive this message your account is
  not confirmed we reserve the right to suspend
 your Amazon  registration. If you received this
 notice and you are not  the authorized account
 holder, please be aware that it is in  violation
 of Amazon policy to represent oneself as another 
 Amazon user. Such action may also be in violation of local,   
   national, and/or international law. Amazon is committed to  
assist law enforcement with any inquires related to
 attempts  to misappropriate personal information
 with the intent to  commit fraud or theft.
 Information will be provided at the  request of
 law enforcement agencies to ensure that 
 perpetrators are prosecuted to the full  extent of
 the law.
 
 
 
 
 
  To confirm your identity with us click here:
 
 https://www.amazon.com/exec/obidos/flex-sign-in/ref=pd_irl_gw_
 r/103-3177084-7567864?opt=oapage=recs/sign-in-secure.html
 
  After responding to the 
 message, we ask that you allow at least 72 hours for the case 
 to be investigated. Emailing us before that time will
 result  in delays. We apologize in advance for any
 inconvenience this  may cause you and we would
 like to thank you for your cooperation  as we
 review this matter.
 
 
 
 
 
 
   Thank you for your interest in selling at Amazon.com.
 
   Amazon.com Customer Service
  http://www.amazon.com
 
 This message and any files or documents attached may contain 
 classified  information. It is intended only for the 
 individual or entity named and others  authorized to receive 
 it. If you are not the intended recipient or authorized to  
 receive it, you are hereby notified that any disclosure, 
 copying, distribution  or taking any action in reliance on 
 the contents of this information is strictly prohibited and 
 may be unlawful. If you have received this communication in  
 error, please notify us immediately then delete it from your 
 system. Please also  note that transmission cannot be 
 guaranteed to be secure or error-free.
 
 
 
 
 
 --
 Brian
 



RE: [H] Possible Phishing Attack? Fwd: Amazon Payments Billing Issue

2005-12-03 Thread Veech
The bad grammar in the first two sentences is a dead giveaway.  Fry this
phish...

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Brian Weeden
Sent: Saturday, December 03, 2005 9:13 AM
To: hwg
Subject: [H] Possible Phishing Attack? Fwd: Amazon Payments Billing
Issue


I got the following from Amazon which seems kind of suspicious.
Clicking the link looks to me like it does take you to the real Amazon
but you can't be 100% sure these days.  I typed in Amazon myself and
verified my account settings and everything looked ok.

The formatting is a bit screwed up because I converted it from Rich
Text to plain text for this list.

-- Forwarded message --
From: [EMAIL PROTECTED] [EMAIL PROTECTED]
Date: 3 Dec 2005 14:28:30 -
Subject: Amazon Payments Billing Issue - [EMAIL PROTECTED]
To: [EMAIL PROTECTED]



 Dear [EMAIL PROTECTED]  ,

 Greetings from Amazon  Payments.

Your bank has contacted us regarding 
some attempts of charges
from your credit card via the  Amazon  system. We
have reasons to believe that you changed your registration information
or that someone  else has unauthorized access to your Amazon account
  Due to recent activity, including possible
unauthorized listings  placed on your account, we
will require a second confirmation  of your
identity with us in order to allow us to investigate
   this matter further. Your account is not suspended, but if
in 48 hours after you receive this message your account is
 not confirmed we reserve the right to suspend
your Amazon  registration. If you received this
notice and you are not  the authorized account
holder, please be aware that it is in  violation
of Amazon policy to represent oneself as another
Amazon user. Such action may also be in violation of local,
  national, and/or international law. Amazon is committed to
   assist law enforcement with any inquires related to
attempts  to misappropriate personal information
with the intent to  commit fraud or theft.
Information will be provided at the  request of
law enforcement agencies to ensure that
perpetrators are prosecuted to the full  extent of
the law.





 To confirm your identity with us click here:

https://www.amazon.com/exec/obidos/flex-sign-in/ref=pd_irl_gw_r/103-3177084-
7567864?opt=oapage=recs/sign-in-secure.html

 After responding to the
message, we ask that you allow at least 72 hours for the case
to be investigated. Emailing us before that time will
result  in delays. We apologize in advance for any
inconvenience this  may cause you and we would
like to thank you for your cooperation  as we
review this matter.






  Thank you for your interest in selling at Amazon.com.

  Amazon.com Customer Service
 http://www.amazon.com

This message and any files or documents attached may contain
classified  information. It is intended only for the individual or
entity named and others  authorized to receive it. If you are not the
intended recipient or authorized to  receive it, you are hereby
notified that any disclosure, copying, distribution  or taking any
action in reliance on the contents of this information is strictly
prohibited and may be unlawful. If you have received this
communication in  error, please notify us immediately then delete it
from your system. Please also  note that transmission cannot be
guaranteed to be secure or error-free.





--
Brian



Re: [H] Possible Phishing Attack? Fwd: Amazon Payments Billing Issue

2005-12-03 Thread Brian Weeden
On 12/3/05, Veech [EMAIL PROTECTED] wrote:
 The bad grammar in the first two sentences is a dead giveaway.  Fry this
 phish...


What makes me wonder is the link - it is to https://www.amazon.com
which unless I am missing something is the correct site.  Could there
be some sort of proxy or DNS relay that takes you to the phisher's
site?

---
Brian



Re: [H] Possible Phishing Attack? Fwd: Amazon Payments Billing Issue

2005-12-03 Thread Winterlight
I have been getting these, and a similar Paypal one, on a daily bases, on 
one of my work accounts for at least six months.


At 12:52 PM 12/3/2005, you wrote:

On 12/3/05, Veech [EMAIL PROTECTED] wrote:
 The bad grammar in the first two sentences is a dead giveaway.  Fry this
 phish...


What makes me wonder is the link - it is to https://www.amazon.com
which unless I am missing something is the correct site.  Could there
be some sort of proxy or DNS relay that takes you to the phisher's
site?

---
Brian




RE: [H] Possible Phishing Attack? Fwd: Amazon Payments Billing Issue

2005-12-03 Thread Chris Reeves
Well, that's the link as to what it -looks- like.  But the a href is not
always the same as the linked text.. A common phish.




--
FIGHT BACK AGAINST SPAM!
Download Spam Inspector, the Award Winning Anti-Spam Filter
http://mail.giantcompany.com

 

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On Behalf Of Brian Weeden
 Sent: Saturday, December 03, 2005 2:53 PM
 To: The Hardware List
 Subject: Re: [H] Possible Phishing Attack? Fwd: Amazon 
 Payments Billing Issue
 
 On 12/3/05, Veech [EMAIL PROTECTED] wrote:
  The bad grammar in the first two sentences is a dead giveaway.  Fry 
  this phish...
 
 
 What makes me wonder is the link - it is to 
 https://www.amazon.com which unless I am missing something is 
 the correct site.  Could there be some sort of proxy or DNS 
 relay that takes you to the phisher's site?
 
 ---
 Brian
 



RE: [H] Possible Phishing Attack? Fwd: Amazon Payments Billing Issue

2005-12-03 Thread Wayne Johnson

At 05:03 PM 12/3/2005, Chris Reeves typed:

Well, that's the link as to what it -looks- like.  But the a href is not
always the same as the linked text.. A common phish.


You're using Gmail therefore the email message is in html which makes 
it easy to hide the real link in the a href=.. You want to make 
sure that you view source  check out the a href=  I 
can almost guarantee you that it's not Amazon.com.



--+--
   Wayne D. Johnson
Ashland, OH, USA 44805
http://www.wavijo.com 



Re: [H] Possible Phishing Attack? Fwd: Amazon Payments Billing Issue

2005-12-03 Thread Bill Cohane

At 16:21 12/03/05, Steve Tomporowski wrote:

I got the same thing the other day. The key is to type in the wrong
password and see if it lets you in.  If it does, then it's phsihing



I also get these almost every day. I've checked view source for many of
them and I've seen some where the underlying link is maybe a thousand
characters long. This leads me to think that if you merely click on one of
these links from within your email program (and it opens in your browser),
it's possible that some dangerous script or unchecked buffer overflow might
attempt to execute. I don't feel 100% confident that Microsoft has patched
all vulnerabilities like these.

It's getting so that I really hesitate to click on links in any message,
even in ones from vendors and organizations that I've been getting for 
years.


Regards,
Bill