What is the "best" phishing email you have seen?

Discussion in 'other security issues & news' started by liang_mike, Jan 22, 2006.

Thread Status:
Not open for further replies.
  1. liang_mike

    liang_mike Registered Member

    Joined:
    Mar 12, 2004
    Posts:
    91
    Location:
    Canada
    We have all seen common paypal, ebay and bank phishing e-mails. What is the "best", "most believable", or "funny" phishing e-mail you have received?
     
  2. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Sorry, I don't collect spam/scam-emails.
     
  3. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    The scariest I've seen was one that redirected you to the REAL bank site (after going through the phishing site), yet on the real site was included an element from the scam site, probably as to read from the cookie when something was typed in the real site. I think it had something to do with the fact that the parameters which were then passed to a javascript element on the bank site were unsanitized http post parameters, so the scam site was able to manipulate it as to modify the page presented to the user on the fly. It was quite an ugly accomplishment, because the web address showed in the browser was the real bank IP, so there was no way to tell without analyzing each HTTP element called on the page (I used Odysseus to analyze the thing, a tool designed to act as a "man in the middle" to see the content of each http request). The phishing site was taken down incredibly fast, though, I don't think it lasted more than a couple of hours. I hope the bank fixed their site.
     
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Without a doubt the funniest was one from Internet Bank wanting me to update my info. Internet Bank, what a hoot. You have to wonder how dumb some people can be.

    I also get a kick out of the 419 emails. www.scamorama.com has provided quite a few good laughs, from people who scam these guys right back.
     
  5. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    If you think that's dumb, you should have seen the one received by one of co-workers; it listed like six or seven different banks and it said "if your bank is [bank name], click here", "if your bank is [name], click here", and so on... all in the same e-mail. :D
     
  6. A phishing email with a beg BEWARE warning at the top (to warn you of phishing emails).
     
  7. MakoFusion

    MakoFusion Registered Member

    Joined:
    Jun 25, 2003
    Posts:
    130
    Well I don't know about the best but here is the worst...

    http://forum.starmen.net/?t=msg&th=19897

     
  8. Hoot

    Hoot Guest

    If you think that's dumb, you should have seen the one received by one of co-workers; it listed like six or seven different banks and it said "if your bank is [bank name], click here", "if your bank is [name], click here", and so on... all in the same e-mail.

    lol!
     
  9. Hoot

    Hoot Guest

    the biggest scam was "free credit report" email, there was a link and the website had no content but asked for

    to process your free credit report we need the following..

    name:
    homr address:
    phone number:
    location:
    age:
    sex:
    creditcard info:
    social security#:
    bank account#:

    I bs'd it to see what i'd get if i clicked continue.. all i got was "thank you.. your report is being processed."
     
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,897
    Location:
    The Netherlands
    @ TNT

    Lately I have been receiving emails from Paypal but I don´t even have an account. The link will also sent me to the real paypal.com site, but I think it´s very strange :rolleyes:, this is the mail:

    Dear PayPal User,

    We recently noticed one or more attempts to log in to your PayPal account from a foreign IP address. If you recently accessed your account while traveling, the unusual log in attempts may have been initiated by you. However, if you did not initiate the log ins, please visit PayPal as soon as possible to update your account:

    https://www.paypal.com/us/cgi-bin/webscr?cmd=_login-run

    Changing your password is a security measure that will ensure that you are the only person with access to the account.

    Thanks for your patience as we work together to protect your account.

    Sincerely,
    PayPal
     
  11. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Hmmm... are you reading this mail in html or plain text? If HTML, have you checked the source?
     
  12. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Any email from "Paypal" is a scam.
    Paypal doesn't send any emails. They sometimes ask to verify your data, but that happens only on their website, after logging in.
     
  13. Anciet

    Anciet Guest

    @micrate, Are you sure they didn't send you followers? :D
     
  14. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,338
    Location:
    US
    Yo, folks, if you are curious about phish emails, and want to open them in order to read them ... DON'T!! Best to just remain curious; curiosity killed the cat.

    Acadia
     
  15. liang_mike

    liang_mike Registered Member

    Joined:
    Mar 12, 2004
    Posts:
    91
    Location:
    Canada
    Oh my god, this is one bad phishing..... :eek:
     
  16. liang_mike

    liang_mike Registered Member

    Joined:
    Mar 12, 2004
    Posts:
    91
    Location:
    Canada
    I would personally check the underlying URL next time because the underlying URL needs not match what is displayed.
     
  17. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,658
    Location:
    Sydney, Australia
    VERY sound advice indeed.

    If I were doing a phishing site, I'd have a WMF in the email that went out, and one on the site - just in case people went there. It wouldn't be a standard WMF either... one of those "special" ones :D

    Don't think you're safe, just because you don't key in your data.

    Back on topic, the scariest phishing email I received wasn't actually a phishing email. It was from a third party company (marketing) hired by the bank to contact their clients about some offer or other. One of the links was damaged and went to a poorly rendered login screen (for the mail reporting system)

    Extremely careful checking revealed it to be harmless - but it does go to show the damage that can be done - you just cannot tell on a visual inspection and you never know when a new exploit will be discovered.

    Always go to sites of high value by typing in the URL - it may be a bit of a PITA, but it's the safest way.
     
  18. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    That's what I call GOOD advice.
    In fact, I'm doing this with all my spam-emails, although not everybody agrees with me at Wilders.
    Most of these emails have a seducing subject title and that makes people curious to open them and that's where all the trouble starts.
    Even opening spam-emails can be a trigger to do something bad in your computer. That's what they told me at SWI.
    Is it really worth to read all that nonsense and get it trouble or make these scammers/spammers richer, than they already are ? Not me.
    Somebody who steals my email-address is a thief and doesn't deserve my attention. :)
     
  19. Really? What do you think will happen if you accidently open it?

    You telling me you never ever opened any spam mail before?
     
  20. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,658
    Location:
    Sydney, Australia
    Depends who's sending the spam.

    Maybe you just executed a nice wmf-exploited file :)
    Maybe you just validated your email address and will get more
    Maybe nothing.

    Maybe you found a great price on vi@gra, much better than your normal supplier :D
     
  21. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,279
    Hi,
    I have no friends, so I don't get any mails. And I do, they are erased automatically ... hihihihi
    Mrk
     
  22. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Right. Even my so called "internet friends" were spammers in the past.
    Each time, they found something interesting for them, I got an email from them as if I was interested too. Pffft.
     
  23. Most likely nothing. And if you know what you are doing 99.9999% nothing.

    Validated your email? In txt mode? That will be a nice trick. You can even get away with reading in html mode, if you know what you are doing.

    WMF exploit file? There's a patch you know. Sure there's no 100% protection and you never know if there' some zero day exploit that zaps your email client but so what? Are you going to live in fear because of that? Then you might as well stop web surfing as well, you never know if some reputable site is going to get compromised.

    My point is if you are going to live in fear of accidently opening some spam email, you might as well drop the idea of using email at all. Because it will happen one day.

    Besides i'm certain everyone in this thread even those who advocate not opening spam, have done it before. And they are all still here....

    Mike in your line of work you receive emails from new sources ,say people seeking support for online armor. Do you live in fear that some of them might actually be spammers trying to trick you? :)

    A subject that says "Online Armor questions", could actually be spam or some exploit. Does that stop you from opening emails?

    Also Is it really your position that users who are protected by every trick in the book, including online armor, shouldn't open spam at all because they are not protected and are at great risk at being compromised if they open spam mail?

    I'm sure the customers of Online Armor would be really disappointed to hear that....
     
  24. Indeed, best way not to accidently open spam, don't do email at all.
     
  25. For the record, i'm not saying people should open every spam email and start doing hours of research to prove that the phishing and cons are exactly what they are.

    If it quacks like a duck...

    I'm against this overblown fear of opening such emails,

    "for god's sake, whatever you do, please do not open it at all, DELETE AND IGNORE or bad things will happen".

    Either it will do some unspeakable evil to your computer and install some malware, or validate your email, or worse (since no software can protect you from your own foolishnees) the words itself will brainwash you into believing all the crap making you lose your money.

    Unspeakable evil indeed, that you should avoid glancing at even once..

    I suspect everyone in this thread is far smarter than believing in such simplistic advise of course, for one thing everyone here seems to have read these emails that they tell everyone else not to read!

    They see this email from such unknown source, the subject looks like it might be legimate, or it might not be. I bet almost everyone here ,even though who advocate delete and ignore, will open it. And even if it was not legimate, they would just shrug.

    However I can imagine some less experienced person who is told to FEAR all email that looks fishy, would just delete it, which is really unnecessary.

    Or someone who accidently opens some spam, goes in a state of panic because he thinks he is doomed because he has broken the rule....
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.