Author |
Message |
pablo
419Eater is my life
Joined: 10 Jul 2008
Posts: 366
|
Posted:
Thu Aug 06, 2009 2:47 pm |
|
My RL email address gets a lot of phishing email. A few times a year something like this shows up.
Quote: |
Subject: Webmail Account Verification Update!
Date: Thu, 06 Aug 2009 05:04:46 +0200
From: Webmail Service Help Desk <[email protected]>
Reply-To: [email protected]
To: [email protected]
Your mailbox quota has been exceeded the storage limit which is 20GB
as set by your administrator, you are currently running on 20.9GB.
You may not be able to send or receive new mails until you re-validate
your mailbox.
To re-activate your account please click the link below:
http://www.logiforms.c0m/formdata/user_forms/22769_4612653/73972/
Thanks and we are sorry for the inconviniences
Localhost.
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program. |
82.128.15.41 Lagos Nigeria
Clicking the link (do this with a separate secure computer) gets a formatted screen looking for
Quote: |
Webmail Verification Form
In order to verify your webmail account, please enter your full name, e-mail address, user id and password in the space provided below.
First Name:
Last Name:
Email:
Username:
Password:
Please confirm password:
SUBMIT
|
The hacked website page in this case should be down within an hour or two.
A few months ago Wrightbhindu posted a mass bait for someone who had been victimized by this type of phishing email.
The real question is starting from the phishing email can we find a way to seriously disrupt this lad. It might be setting up an email account with list of baiter accounts as personal directory list. We can kill the phishing URL in the same way we do now after the bait email information gets through.
That is quite a bit of work with a low protential result.
Ideas?
p. |
|
|
|
|
pocket_fisherman
Not quite a Newb
Joined: 05 Aug 2009
Posts: 49
|
Posted:
Thu Aug 06, 2009 3:18 pm |
|
best thing i could think of is, find someone who has an email bomb email and put it in an account and hand it over to the phishers.
you can easily make the email name something like "bank details" or something like that, you know theyll have to open it then haha.
the dumbasses probably have no clue about m@lwarebytes and c0mb0fix |
|
|
|
|
Scammy Scameroo
419Eater is my life
Joined: 15 Apr 2009
Posts: 296
|
Posted:
Thu Aug 06, 2009 3:22 pm |
|
@pablo
There's a bait running at the moment doing exactly what you're talking about- in the hints & tips forum, entitled "Why would a scammer want a hotmail password". It's an excellent, excellent bait, and has caused the lad many months of pain and has even led to a new M7CN 5ecure world record.
I highly recommend trying same tactic with your own phisher, it's great fun. |
_________________ "Being a president is like Controlling the whole america and making Good things Happen" - President Barack Obama
"YOU ARE FUCKING DIFFERENT FROM OTHERS PEOPLE AND HUMAN BEING." - International property tycoon
"Once again reset all your email informations in other to afford your box been stolen by the men of the underworld." - Chrissy, my phished friend
<br>
Chrissy's M7CN S3cur3 World Record is currently at: 167 + 1214 + 181 + 167 + 172 + 204 + 159 + 359 + 182 + 1 = 2806 clicks!
<br>
x 5 |
|
|
|
HarvestMoon
Elite Baiter
Joined: 02 Sep 2008
Posts: 1006
Location: a sorta fairy tale
|
Posted:
Thu Aug 06, 2009 4:08 pm |
|
Pocket Fisherman, Welcome to Eater! You might want to read the FAQ's found here: http://forum.419eater.com/forum/viewtopic.php?t=5413
And particularly this topic: http://forum.419eater.com/forum/viewtopic.php?t=5413#disallow
Quote: |
We do not support the sending of viruses and “trojans” to the scammers, nor attempts to hack or hijack their email accounts and/or computers. Viruses and “trojans” will be unknowingly spread to the computers of innocent people and we are only trying to make it difficult for the scammers. On top of that, the spreading of viruses and hacking attempts is an illegal activity in the UK, where this Board is located, as well as many other jurisdictions. Please do not start topics on such subjects. Such threads can and will be deleted on sight. |
|
_________________ After the Gold Rush?
x11 x37 x25 x7 x4 x3 x3 x3 x2 x2
"You must really think i am a fool.God punish you for taking me for a joke" Dead George |
|
|
|
pablo
419Eater is my life
Joined: 10 Jul 2008
Posts: 366
|
Posted:
Thu Aug 06, 2009 5:59 pm |
|
@@Scammy Scameroo Looks like the the general approach I was looking for. I get these once every six weeks or so.
p. |
|
|
|
|
GSN_fan
Hellish Taskmaster
Joined: 31 Dec 2008
Posts: 537
|
Posted:
Thu Aug 06, 2009 7:36 pm |
|
You could also try phishfighting.com. It types in fake entries so lads don't get many legit bank info. |
_________________ x12
x23
x6 x4 x2 x2
Listen very openly Barrister Koffi Adams forward to this or what you sent to him how der you sent such a thing to him with is age am very disapointed in you if by your next mail you could not comeplete sending the right way sorry.
Even my little child know how to send money and give to the taker on how to take it so
Austria is a the name of a country near Australia.
This are the details we required from you so our customer cab infect payment to you.
Our is not ready to receive your incandesces message
send to me their pin code and asses code
Click here to support 419Eater.com |
|
|
|
jose_cuervo
Baiting Guru
Joined: 01 Mar 2006
Posts: 8175
Location: Packing Vaseline in my frilly boots, I can’t help if it gets in other places.
|
Posted:
Thu Aug 06, 2009 7:51 pm |
|
@ pocket_fisherman
HarvestMoon is correct, we don't send any nasties to the lads. They all operate from internet cafes and it only hurts the cafe owner, not the lad. It's also illegal.
And, Welcome here! |
_________________ ~
“I guess a man is the only kind of varmint sets his own trap, baits it, and then steps in it.” ~ John Steinbeck |
|
|
|
pocket_fisherman
Not quite a Newb
Joined: 05 Aug 2009
Posts: 49
|
Posted:
Thu Aug 06, 2009 9:48 pm |
|
@harvest and jose.
yeah, your right. i did read that stuff, but forgot about it. although, youre technically not sending it to them if they are hacking into and email account and taking it lol.
but yeah, would suck for the cafe owners. and probably for someone the lad decided to unleash it on. |
|
|
|
|
pablo
419Eater is my life
Joined: 10 Jul 2008
Posts: 366
|
Posted:
Fri Aug 07, 2009 3:38 am |
|
@@GSN_fan ^^^In this case the phishing is for email account information. We do have a chance to misdirect them, perferably to a trap. Even so the trap set up time is quite high to the proability that they will take the bait.
In the bank phishing scams the lads use the bank to validate the information automatically and as good as it may feel they know when they get the information that it is fake or more likely is automatically discarded and they never see it.
The only thing that is even a modestly effective tool in the bank phishing is to take down the hacked page needed for the intermediate transfer point as soon as possible.
Email phishng scams have a lot of lad uses. By taking over an account to some degree they point blame back to the account owner for their activities. Some of them exercise contact lists to send out "I'm Stranded" messages asking for WU cash transfers. Some normally smart high profile people have been caught in this type of scam.
p. |
|
|
|
|
|