Phishing: A Lazy man's fraud!

[Guest]

[Melih]

Phishing: A Lazy man's fraud!
 
Phishing is a type of fraud that is ideally suited to a lazy fraudster! After all, what work do they have to do? They don't have to build a website, just simply copy one of the bank's site, and they don't have to even send the email themselves, just go to your nearest spammer who will be more than happy to do that for you! And writing the email!!?? Worry not Mr Lazy Fraudster, you will also get that from your nearest bank. All you have to do is add your domain voila, now you can collect people's bank account details. And we are sorry, Mr. Fraudster that we can't automate the withdrawals from each account - you have to do that manually! But then again maybe a 14 year old script kiddie could automate that for you too! Just ask your nearest nerd. 
 
The point is Phishing is not even intelligent, nor require such hard work! It hardly is your "Italian Job"! Where is your strategist, disciplined and clever fraudster who is after your money!
 
Well, they are on their way!
 
When I invented this tool called Verification Engine to verify web content, people said what for? I said: Wait and see! I called it a tool to eliminate "spoofing a website" – today’s term for  "phishing". Was I a “scare monger” then? Time has proving that I wasn't! Am I scare mongering now when I claim that these phishers are just the "first wave of attackers" or the  foot soldiers . Unhappily, this first wave will be followed by the "armoured cavalry" as the next wave and they will keep coming! Just wait and see! Today, we mainly have the opportunist fraudster, but we are seeing the organised crime with more resources moving into the Internet feeding ground. Now it’s commercially viable for organised crime to exploit Internet.

We have this castle called Internet and someone has left the castle gates open so all these opportunists fraudster are waltzing in! We have built the internet with no authentication “doors”, no verification whatsoever!

Is that wrong? No of course not. In any technological development you first get it to work, then you get it to work, faster, more secure, more efficient etc. It’s the way the technology gets built! Just look at cars, in 1950s security was not the biggest selling feature - was it! It is now! People were getting killed at 30 Miles an hour crashes, because they did not have seat belts and cars were not built with security in mind! Compare that to today's cars with Side Impact Bars, Air bags everywhere, with Anti Lock Brake systems and so on...

What’s important is to understand when we need security, authentication and assurance! Did we need assurance technologies on the internet on early 90s, maybe we did maybe we did not. But do we need it now because now we have built "Value" into Internet which needs protection. We do our banking there, we purchase things there and we share confidential information with other people on the Internet. And anything of value it must be protected!

Where would we be without Side impact bars, air bags, Anti lock brake systems? Roads would be more dangerous for all of us. Internet must be secured, authenticated and I as a user must have assurances that I can confidently use Internet......... Funny.. As I am writing this article, I just received an email from "Paypal" asking me to login to my account and I don't have a paypal account and the URL is not a Paypal URL, but nevertheless I went to that side and entered my "Username and password" for the lazy fraudster who now has to enter one more password to paypal account only to realize that its the wrong one . ...................

Anyway, here is the point - let’s understand the underlying problem and fix that! The reason why Phishing and Pharming exist is because we cannot verify what we see! It has little to do with the way we receive emails. Unless we give the users the ability to "verify what they see" we will continue to suffer from this vulnerability called phishing. Instead of trying to fight the enemy once they through the open castle doors, let’s close the doors!

Melih

[panic]

Phishing: A Lazy man's fraud!
 
As I am writing this article, I just received an email from "Paypal" asking me to login to my account and I don't have a paypal account and the URL is not a Paypal URL, but nevertheless I went to that side and entered my "Username and password" for the lazy fraudster who now has to enter one more password to paypal account only to realize that its the wrong one . ...................

Are you saying you've stolen my " F U [at]paypal.com" ID??? LOL

e

[Melih]

Are you saying you've stolen my " F U [at]paypal.com" ID??? LOL

e

LOL :-) and your bank of America account (even though you are in the Aussie land :-)

Melih

[1nf3s73d]

I don't know if this would catagorize as phishing but my favorite (and feared) are the full paged duplicate bank pop ups almost exactly the same as the banks or credit card companies... may be just one letter off and voila a form of phishing and if you don't look close enough at the url you just gave some schmuck your money/account and ID / info.
I mean how many so far were affected
citi bank
amex
red cross
and how many others....

[Wiz619]

Aloha, Melih

  Panic nudged me to read your posts. He likes your humor. Now, So do I .
  Allow a brief introduction. I'm an old timer.
Built a Xerox CP/M machine from chips in '81 (could not afford to buy one.)
Started a company called A. Blinkin'  in S.F. Got named in the top ten homebrewers in the U.S.
(For quality rather than quantity, only actually sold a few hundred).
   Realized my real love was troubleshooting. Went freelance in '91. Prospered, grinned a lot
Then got real lucky and worked as an independent contractor for Intel for 3 years.
   Most fun I've ever had.
   Went into harness with Intel in '97 as a Server Support Specialist. Least fun I'd had in a long time.
   Good product, good people, trapped in corporate hell. Would put Dilbert on the phone to Kevorkian.
   I tell you all this, why?
   So, you will know that it is not "faint praise" , when  I write a testamonial for your Firewall of the first water, and for Comodo as an entity
  Companies have a personality and a heart, (sometimes ;-})
  The approachability of this company warms my heart. And, that's a very good thing when you consider that my favorite recent quote has been;
" No matter how cynical you get, you just can't keep up!" -Lily Tomlin.
  So, for the first time in more than 5 years, I wrote a little testamonial to your Firewall and stuck it in your He'p us forum.

    Phew! now to the topic.
  The first 3 or 4 paypal phish phorays came to an address that the real
PayPal is unaware of. So, I promptly forwarded to Spoof[at], etc.
When they kept coming, I got irritated, and used NeoTrace to track down the site.
     They were using a host in Italy.
    Now, I'm no hacker, but getting to their directory on the server was trivial. That's about as far as I went. Suppose I could have just quietly scrambled the captured passwords, given an Italian/English lookup and a little time.
   It's not the ethics that detered, more the legality.
  "Just 'cause a bugger deserves to be shot, don't mean it's legal to shoot 'em." -Will Rogers
   What I did, was capture all the info and send it to the security guys at PayPal.
   That was last month. Just checked the bogus site, it's still up. I hope they are at least keeping an eye on it.   

Mahalo nui loa for your fine work. If there's anything I can do for you folks, don't be shy.
You have a friend on the Island.

John Scott
Onna rock inna ocean

[Melih]

Aloha, Melih

  Panic nudged me to read your posts. He likes your humor. Now, So do I .
  Allow a brief introduction. I'm an old timer.
Built a Xerox CP/M machine from chips in '81 (could not afford to buy one.)
Started a company called A. Blinkin'  in S.F. Got named in the top ten homebrewers in the U.S.
(For quality rather than quantity, only actually sold a few hundred).
   Realized my real love was troubleshooting. Went freelance in '91. Prospered, grinned a lot
Then got real lucky and worked as an independent contractor for Intel for 3 years.
   Most fun I've ever had.
   Went into harness with Intel in '97 as a Server Support Specialist. Least fun I'd had in a long time.
   Good product, good people, trapped in corporate hell. Would put Dilbert on the phone to Kevorkian.
   I tell you all this, why?
   So, you will know that it is not "faint praise" , when  I write a testamonial for your Firewall of the first water, and for Comodo as an entity
  Companies have a personality and a heart, (sometimes ;-})
  The approachability of this company warms my heart. And, that's a very good thing when you consider that my favorite recent quote has been;
" No matter how cynical you get, you just can't keep up!" -Lily Tomlin.
  So, for the first time in more than 5 years, I wrote a little testamonial to your Firewall and stuck it in your He'p us forum.

    Phew! now to the topic.
  The first 3 or 4 paypal phish phorays came to an address that the real
PayPal is unaware of. So, I promptly forwarded to Spoof[at], etc.
When they kept coming, I got irritated, and used NeoTrace to track down the site.
     They were using a host in Italy.
    Now, I'm no hacker, but getting to their directory on the server was trivial. That's about as far as I went. Suppose I could have just quietly scrambled the captured passwords, given an Italian/English lookup and a little time.
   It's not the ethics that detered, more the legality.
  "Just 'cause a bugger deserves to be shot, don't mean it's legal to shoot 'em." -Will Rogers
   What I did, was capture all the info and send it to the security guys at PayPal.
   That was last month. Just checked the bogus site, it's still up. I hope they are at least keeping an eye on it.   

Mahalo nui loa for your fine work. If there's anything I can do for you folks, don't be shy.
You have a friend on the Island.

John Scott
Onna rock inna ocean

Interesting info John.

Paypal might not have a "take down" service to take these people down. Thats why we have VE www.vengine.com which allows the users to see what is real what is not.

thanks for your support!
spread the word! tell everyone! write to magazines, inform the univerisities/schools, about what Comodo is trying to do.

thank you

Melih

[Alwin]

Hi,

I am new to this forum. I have heared about www.LivePCSupport.com and I have also gone through that website...
When I googled for a techsupport website I have found a similiar website like LivePCSupport. Here is the one www.vsupportu.com.. Is that a phishing website of LPS or it belongs to you...?

Phishing: A Lazy man's fraud!
 
Phishing is a type of fraud that is ideally suited to a lazy fraudster! After all, what work do they have to do? They don't have to build a website, just simply copy one of the bank's site, and they don't have to even send the email themselves, just go to your nearest spammer who will be more than happy to do that for you! And writing the email!!?? Worry not Mr Lazy Fraudster, you will also get that from your nearest bank. All you have to do is add your domain voila, now you can collect people's bank account details. And we are sorry, Mr. Fraudster that we can't automate the withdrawals from each account - you have to do that manually! But then again maybe a 14 year old script kiddie could automate that for you too! Just ask your nearest nerd. 
 
The point is Phishing is not even intelligent, nor require such hard work! It hardly is your "Italian Job"! Where is your strategist, disciplined and clever fraudster who is after your money!
 
Well, they are on their way!
 
When I invented this tool called Verification Engine to verify web content, people said what for? I said: Wait and see! I called it a tool to eliminate "spoofing a website" – today’s term for  "phishing". Was I a “scare monger” then? Time has proving that I wasn't! Am I scare mongering now when I claim that these phishers are just the "first wave of attackers" or the  foot soldiers . Unhappily, this first wave will be followed by the "armoured cavalry" as the next wave and they will keep coming! Just wait and see! Today, we mainly have the opportunist fraudster, but we are seeing the organised crime with more resources moving into the Internet feeding ground. Now it’s commercially viable for organised crime to exploit Internet.

We have this castle called Internet and someone has left the castle gates open so all these opportunists fraudster are waltzing in! We have built the internet with no authentication “doors”, no verification whatsoever!

Is that wrong? No of course not. In any technological development you first get it to work, then you get it to work, faster, more secure, more efficient etc. It’s the way the technology gets built! Just look at cars, in 1950s security was not the biggest selling feature - was it! It is now! People were getting killed at 30 Miles an hour crashes, because they did not have seat belts and cars were not built with security in mind! Compare that to today's cars with Side Impact Bars, Air bags everywhere, with Anti Lock Brake systems and so on...

What’s important is to understand when we need security, authentication and assurance! Did we need assurance technologies on the internet on early 90s, maybe we did maybe we did not. But do we need it now because now we have built "Value" into Internet which needs protection. We do our banking there, we purchase things there and we share confidential information with other people on the Internet. And anything of value it must be protected!

Where would we be without Side impact bars, air bags, Anti lock brake systems? Roads would be more dangerous for all of us. Internet must be secured, authenticated and I as a user must have assurances that I can confidently use Internet......... Funny.. As I am writing this article, I just received an email from "Paypal" asking me to login to my account and I don't have a paypal account and the URL is not a Paypal URL, but nevertheless I went to that side and entered my "Username and password" for the lazy fraudster who now has to enter one more password to paypal account only to realize that its the wrong one . ...................

Anyway, here is the point - let’s understand the underlying problem and fix that! The reason why Phishing and Pharming exist is because we cannot verify what we see! It has little to do with the way we receive emails. Unless we give the users the ability to "verify what they see" we will continue to suffer from this vulnerability called phishing. Instead of trying to fight the enemy once they through the open castle doors, let’s close the doors!

Melih

[eXPerience]

Hi,

I'm not sure, they copied most of the text from Comodo, but as far as I know, it's not Comodo's. So I guess you're safer logging in here : http://www.livepcsupport.com/

I'll pm Melih in the meantime

Xan

[panic]

Doesn't look good

Have a look at the whois record for the IP of vsupportu.com

http://whois.domaintools.com/65.55.194.74

Smell phishy or what?

[Eric Cryptid]

Not W.O.T. (Web Of Trust) rating.

Incidentally, you can check ratings for any website by going to www.mywot.com

Definately fishy though.

[Alwin]

Hi all,

Thanks for replying to my post. If that website a phishing website then is there any way to block that website?

[LaserWraith]

I just had to post a comment on WOT. 

[Alwin]

Hi,

Thank you. Any updates on this phishing website www.vsupportu.com ?

Hi,

I'm not sure, they copied most of the text from Comodo, but as far as I know, it's not Comodo's. So I guess you're safer logging in here : http://www.livepcsupport.com/

I'll pm Melih in the meantime

Xan

[Ovidiu Bucsa]

Hello,

   The services on the site that Alwin mentioned are not provided by Comodo's Live PC Support Team or by any Comodo employees.

[Tags:]