http://www.bbc.co.uk/news/technology-21058591
17 January 2013 Last updated at 07:21 ET
'Nightclub bouncer' phishing scam found by researchers
If your name's not down... you are not getting phished by the criminals behind this attack.
Cyber-criminals have invented a cunning new method of targeting victims by developing a system that behaves like a bouncer at an exclusive nightclub.
Security firm RSA revealed how attackers assigned targets with a unique ID, meaning the scam could be aimed at specific people.
If a person's ID was not on the list, their computer would not be affected.
RSA said the advanced threat posed a new "detection challenge" to the security industry.
In a blog post, RSA cybercrime specialist Limor Kessem wrote: "As we adapt and improve our detection systems, we are reminded that in the never-ending cat-and-mouse game, only the nimble will survive."
The so-called Bouncer Phishing Kit targets preset lists of email addresses. For each target, a unique ID is automatically generated, creating a unique web address for the user to click on.
If someone has an ID that does not match the list of intended targets, they will simply be presented with a 404 Error page, and will be unharmed.
If, however, a person is one of the unfortunate ones, the same page will instead spring into life as an "attack page" ready to steal user credentials.
Using this method means attackers can harvest data from certain groups of users, rather than having to sift through large amounts of data.
For example, the Bouncer Phishing Kit could be used to gather personal details on people in one particular country.
"It holds this [bouncer] moniker because much like many high-profile night-time hotspots - if your name is not on the list, you're staying out," Mr Kessem said.
"Traditional phishers like to cast as wide of a net as possible.
"But with this tactic the phisher is laser-focusing the campaign in an effort to collect only the most pertinent credentials for his purposes.
"Keeping out uninvited guests also means avoiding security companies and prompt take-downs of such attacks."
Phishing is a growing problem for internet users. According to RSA's data, attacks of this type were up 59% in 2012 compared with the previous year, and cost the global economy $1.5bn (£940m).
What is phishing?
Phishing is a tactic used by cybercriminals to trick users into sharing personal data.
Typically, this is by pretending to be a legitimate website - such as as popular social network, or online banking. Assuming they are on the real site, users will enter their username and password, only for them then to be stolen.
Other phishing attacks can make use of emails designed to look like they come from a trustworthy source.
Internet users can take several common-sense steps to prevent being caught out, such as double-checking web addresses look legitimate, rather than a misspelling such as Facebok.com.
Using the latest version of your internet browser, as well as up-to-date security software, will give you extra help.
The UK Payment Council has set up a website with advice on how to stay protected from phishing scams.
More on This Story
Related StoriesThe hackers' seven deadly sins 16 DECEMBER 2012, TECHNOLOGY
Police in Facebook global arrests 12 DECEMBER 2012, TECHNOLOGY
Fraudsters phishing for pop music
From other news sitesTechworld.com
Phishing sites use whitelisting to keep out unwanted victims
7 hrs ago
http://www.bbc.co.uk/news/technology-21058591
From: http://www.rumormillnews.com/cgi-bin/forum.cgi?read=268518
QuoteFROM TERI HINKLE:
EXTREME CAUTION, BANKSTER ALERT!
Today a friend called to say that when his wife went down to their bank, Nashville Bank in Tenn. to renew the equity line of credit on their home she came home and told him to go up to the bank and sign the papers. His name has never been on the loan so he went to the bank to straighten everything out. When he got there and he was given the papers his wife had signed he found that on the bottom of every page in BOLD type it said that:
BY SIGNING THIS AGREEMENT YOU WAIVE YOUR RIGHT TO A JURY TRIAL IN REGARD TO ANY AND ALL EVENTS AND OR CLAIMS WHICH MAY ARISE FROM IT
Fortunately my friend is far to savvy to have fallen for that. He threw a fit and demanded the bank explain what they thought they were trying to pull. The loan officer called the main branch and then said, well we could take that off of there....( DUH! )
DO NOT UNDER ANY CIRCUMSTANCES SIGN ANY DOCUMENT WITH EVEN SIMILAR LANGUAGE TO THAT ON IT. By signing that agreement they would have been waiving all their rights to due process under the law and our Constitution. If the smaller banks like Nashville Bank are attempting this kind of entrapment you can bet the BIG BANKS LED THE WAY!
If you have inadvertently signed such a document in the last three days get your butt back down to the bank and exercise your three day right to rescission!
This is unconscionable and cannot be tolerated. If the fraudster banks can get you to renew your loans and or mortgages with language like that in the documents they have carte blanche ability to STEAL EVERYTHING YOU HAVE and you have NO POWER TO STOP THEM AND NO RECOURSE AFTERWARD!
--
Teri
SPAM SCAM and make BANK
Anyone haz an empty bank account and wants to play?
::)
Here is the latest email..
I am BD SAN a uk radiologist student.
Can you help me. I have access to my late fathers accounts and passwords containing millions of dollars in usa. Am ready to share this with you if you can help me as i have a lot to unfold to you as with your agreement I want to start making transfers to your account you will provide.
Please respond immediately via my email so that i will fill you in with further details.
Sincerely yours,
BDSAN@radiologist.net
Dang, Z, I think we all have basically empty bank accounts these days :o
but I wouldn't even want to play with this turkey unless I had a false account set up and there was absolutely no chance that any of us could ever be identified or located 8)
would be fun to snare some con artist in a trap...
seeker
I don't have a bank account. :)
I am tempted to set up one :P just for giggles... maybe I can use ArMaP :D
Here is one I got today... watcha think? Am I rich?
::)
On 2/25/2013 6:05 PM, WESTERN UNION HEAD OFFICE.CO.UK wrote:
> Please be inform you have £250,000 lodged in our western union to be
> transferred to you as compensation reward funds from the UNITED NATION
> COMPENSATION COMMISSION {UNCC} reply for more details
> www.westem_uniodept57@yahoo.co.uk,
> or call line: +4470-1291-1110.
And the second one...
On 2/25/2013 1:56 PM, Jurgen Henrich wrote:
>
>
> Ron,
>
> Thank you for your mail and the content well noted and am sorry for my late response to your mail because i have been on vacation holiday for the past 2 weeks now that is why i have not been able to respond to your mail quickly.
>
>
> Really, I do not know you before, I only asked my secretary to look for me a foreigner in the computer who will be capable to handle large amount, which she did without knowing you either, she brought three names and after praying I decided to start with you.
>
> This business is real and risk free because there will be complete clearance documents to prove the legality of the large amount to any financial institution, and it will come as a foreign investment fund as it may please your account.
>
> I come from a reputable family and in my position i can never get involved in anything that will bring shame to my family even for billions
>
> Personal Details:
>
> Date of birth: 01.09.1958
> Place of birth: Wertingen, Germany
> Home address: Stüssistrasse 46
> CH-8057 Zürich Switzerland
>
> Citizenship: German (permanent residency in the USA and Switzerland)
> Family status: married with four children
> Place of work: Bank UBS offshore department
>
> Anyway, let me give you the details to enable you understand the procedures.
> Firstly you need to send me your existing account information so that I will use it in securing the payment approval from the authorities in your name as the legal beneficiary.
>
> As soon as the payment are approved, you will be required to come to the bank holding the funds here in Switzerland to secure the Tax Deduction Certificate so that the heritage tax and all other fees will be deducted from the principal amount and in your presence the balance will be transferred into your account or to any account of your choice.
>
> This process was adopted because the Swiss banks insisted that the tax must be paid upfront before they can allow a direct transfer to your account, so with this process nobody will ask us to pay the tax or fees from our pocket.
>
> In view of the above, you should send me the existing account information to enable us proceed in securing the payment approval from the authorities which is the most important thing.
>
> The information i need are as follows: the bank name and bank address, the account number, routing number and the name you used in opening the account.
>
> To prove my business with you, I will take care of all the expenses involved in securing the payment approval in your name so you have nothing to worry about for now thank you.
>
> Awaiting for your urgent response
>
> Warmest Regard.
> Jurgen Henrich
--- she brought three names and after praying I decided to start with you. ---
Whahaha. They asked me here why I was laughing... tnx Ron.
They are amusing though LOL I am really tempted to set up an empty account
Hold them horses - we be having an update on Ms Pamilar and the 'Reverend Jude' ;D
We should merge that thread :D
I have had some very enlightening and frustrating out comes with such ventures, they are acquirable by credentials via internet and business search formats, but there is "ALWAYS" something a foot when it comes too the intentions presented.
Personal Example from walmart secret shopper job:
I was sent a cashiers check for $6,281.57 for purchase cash from walmart facilities with in my region. Of course, I had too submit this cashiers check to my bank and do too the amount , had too wait for validation of both check and funds for 7-10 days upon delivery of the check to the bank. This was a check drawn on a JP Morgan/ Chase cashiers check.
Long story short, the check cleared after 5 days, was leaving on a fishing trip so left funds with in my account and then returned from my fishing trip and was contacted from my bank that the cashiers check/funds were with drawn due too fraudulent and counterfeit attributes, told them no problem, left well enough alone and never signed up for such thing's again, but after approximately one month later, I was fined $500 for the incident and had to pay it off or be charged with intentional fraud charges.
Turns out the individuals that sent me the cashiers check for the Secret shopper position was located out of Quebec Canada, and even though the funds were drawn upon or acquired by me physically to start fullfilling the secret shoppers list of purchases they had provided, I was still an accomplice of the matter at hand.
I thought this would be a nice way to create another form of income with intentions of nothing short of purchase/report and fullfill obligations, I will and have never done anything similar to this again, they are all frauds as far as I am concerned. My personal information I had never given such as bank information or any other personal information, for that I am thankful. If I would have done that, I would have had too change everything to protect myself indefinitely from such predators.
If anyone is thinking of doing this "Don't!!!" If you are a resident of the US and have received information for such endeavors from either companies or secret shopper position offers, and they are located out of the US, it is illegal, no funds can be transmitted by either lottery or business financial gains.
After this had happened too me, which was quite some time ago now, I learned all I could on the subject at hand, and unless you are directly associated or affiliated with such Bs. or Lottery associations, it is all illegal, and funds can not be acquired via another nationality or out of USA payments. Took me a month of researching this type of incident because I wanted to re-coupe the $500 I was fined, there is nothing to assist in any such endeavor, basically, you lost the battle before it started, and these people know it.
Just a short story too allow others not to be drawn into such things from personal experience, it will cost you and you will have nothing to show for the event or association, sad as it may be, there is very little too thwart these individuals, I have tried reporting several people using the F8I as a form of credential, all the people told me when I called to inquire was "Don't do anything with them." Pretty lame for being the F8I and then being told that they don't really care, even though these people are using high ranking officials names fraudulently and representing themselves as associated "Safe Programs" of sorts.
Well, that's that. be careful. Be very very careful.
1WW
A Couple of NEW TWISTS This should solve all our Money Problems :P
Addressed to "Whom it may Concern" so we can all get in on it :P
TO WHOM IT MAY CONCERN
robert.rodriguez1@libero.it
My name is Barrister Robert Rodriguez. I am the family lawyer and personal
attorney of late Hugo Chavez, the late Venezuela president.
I have a business proposition which i think will interest you. My late client
has $15, 000, 000, 00 (Fifteen Million United States Dollars Only) in United
Nations(UN) office in Jakarta Indonesia. This fund was meant for the less
privilege before his sudden death.
If I try to inform the government of my country about this fund, they will use
this fund for their personal interest and the wish of my late boss will not be
fulfilled. I have all the details required to change the ownership of this
funds to your name.
I need you to assure me that you will carry out the wish of Hugo Chavez and
use this fund for the less privilege and that you will not betray his wishes.
If you are interested and will want to assist, please contact me so i can give
you more information's and how to transfer the ownership of this funds to your
name for investment.
Best Regards
Robert Rodriguez
geraldr31@aol.com
And THIS ONE... should follow up for sure
THE PRESIDENCY FEDERAL REPUBLIC OF NIGERIA
COMMITTEE ON CONTRACT PAYMENT REVIEW PANEL
PRESIDENTIAL COMPLEX BUILDING
ASO-ROCK, ABUJA
TEL: +2347045596018
presidencyoffice12@presidency.com
Our Ref: FGN/PRE/VP/XNX/2012
SUBJECT: LETTER OF APOLOGY FROM
DEMOCRATIC GOVERNMENT OF NIGERIA.
ATTN: BENEFICIARY:
PAYMENT ORDER!!!
I WAS SURPRISED THAT YOU HAVE NOT RECEIVED YOUR FUND UP TILL TODAY.I WISH
TO INFORM YOU THAT YOUR FUND WILL BE TRANSFER TODAY INTO YOUR NOMINATED
BANK ACCOUNT WITHIN 72 HOURS.
I AM THE PRESIDENT OF FEDERAL REPUBLIC OF NIGERIA, I BELIEVE YOUR PAYMENT
WILL BE CONCLUDED TODAY IMMEDIATELY I HEAR FROM YOU AND YOU ARE ADVISE TO
RECONFIRM YOUR DETAILS AND TELEPHONE NUMBER IMMEDIATELY.
BASED ON MY INVESTIGATION I NOTICED THAT YOU HAVE WASTED A LOT OF MONEY IN
REGARDS TO THIS TRANSFER. I AM ADVISING YOU TO STOP ANY COMMUNICATION WITH
ANY PERSON UNTIL YOU RECEIVE THIS FUND FROM MY OFFICE TODAY.
TO AVOID WRONG TRANSFER,RE-CONFIRM YOUR BANKING INFORMATION.THIS OFFICE IS
GIVEN YOU 100% GUARANTEE THAT YOU WILL RECEIVE YOUR FUND WITHIN 72 HOURS
AS SOON AS YOU COMPLY WITH THE INSTRUCTIONS GIVEN TO YOU.
CONGRATULATION IN ADVANCE ONCE MORE.REMEMBER THIS TRANSFER IS
CONFIDENTIAL, DUE TO A LOT OF IMPERSONATORS, I WANT US TO USE A CODE WHICH
IS WHAT IS THE CODE AND ANSWER IS IN GOD WE TRUST. YOUR ARE HOWEVER
STRONGLY ADVICE IN YOUR OWN INTEREST TO STOP ANY COMMUNICATION WITH ANY
OFFICE IF YOU NEED MY POWER TO HAVE YOUR FUND REMITED TO YOU AS STATED
ABOVE.
NOTE:YOU ARE ALSO ADVISE TO SEND TO US ALL INFORMATION OF ANY PERSON YOU
HAVE SENT MONEY SO THAT WE CAN RECOVER THE MONEY AND SEND IT BACK TO YOU.
YOU NEED TO CALL OFFICE OF THE PRESIDENCY ON :TEL: +2347045596018.
REGARDS
DR.GOODLUCK EBELE JONATHAN
PRESIDENT FEDERAL REPUBLIC OF NIGERIA
I would even lump some legit site's into this basket at time's purely because they prey on people. Or prey on themselves ???
The amount of outright crap I have received from survival life is astounding.
My son played their game and we laughed.
He got one a these in an email and responded.
The broken english alone is worth the fun.
Anyway, he responds he will do it which amounts to sending a portly sum for the treasure, by western union.
He emails the chap the money is on the way and he has just left western union so look for the cash in about an hour or so.
Time goes by and the peep emails back he was at western union and nothing came in. My son says he will check and get back to the peep. The son emails the peep again and says the money is there and to go back and any trouble, email him and he will get it straight at western union.
It ended with a laugh knowing the guy was given the greed driven run around.
I get them all the time and just delete the spam.
I dunno I think we should call the UN and report the President of Nigeria :P
See what comes of it :D
I mean they got the name right... looks like a Gangsta to me :P So maybe this is a legit apology for all the Nigerian scams LOL
(http://upload.wikimedia.org/wikipedia/commons/thumb/4/42/Goodluck_Jonathan_World_Economic_Forum_2013.jpg/400px-Goodluck_Jonathan_World_Economic_Forum_2013.jpg)
Goodluck Ebele Jonathan, President of Nigeria speaks during the televised session 'De-risking Africa - Achieving Inclusive Prosperity' at the Annual Meeting 2013 of the World Economic Forum in Davos, Switzerland, January 23, 2013..
. Copyright by World Economic Forum. .
Quote from: zorgon on April 21, 2013, 01:43:58 AM
I dunno I think we should call the UN and report the President of Nigeria :P
I suppose he wouldn't use an email address like presidencyoffice12@presidency.com...
They could be more creative. :)
Quote from: ArMaP on April 21, 2013, 01:51:59 AM
I suppose he wouldn't use an email address like presidencyoffice12@presidency.com...
They could be more creative. :)
Well damg it now you made me go look it up :P
Maybe we should follow up for fun :D
You Can Email Nigerian President – He Has A Contact Me Tab In His Facebook PageQuoteNigerian president has a Contact Me interface on his Facebook page so that people can email him, confidentially. It is one way he hopes to stay connected to what the people want. The president noted: "I will continue to be responsive to you and I urge you to please make use of these tools to further our engagements". President Goodluck President, we are still waiting for the good luck with light and that one does not need any confidential email. Just DO IT!
http://tekedia.com/31493/email-nigerian-president-contact-tab-facebook-page/
Ask Mr President a question (https://www.facebook.com/jonathangoodluck?sk=app_127087913984159)
Sent this :D
Greetings Mr President.
Thank you for taking the time to have a question page.
I received an email claiming to be from your office and we assumed it had to be a sacm of some type... but upon just checking we found that you do have contact available online so I just wanted to drop you a note that we had received the following email claiming to be from the presidency of Nigeria.
I would be curious what you think of this if you have the time to answer. Thanks in advance for your time.
This is a clip of the first portion showing address. If you would like a full copy with the header just send me an email where I can forward it to.
THE PRESIDENCY FEDERAL REPUBLIC OF NIGERIA
COMMITTEE ON CONTRACT PAYMENT REVIEW PANEL
PRESIDENTIAL COMPLEX BUILDING
ASO-ROCK, ABUJA
TEL: +2347045596018
presidencyoffice12@presidency.com
Our Ref: FGN/PRE/VP/XNX/2012
SUBJECT: LETTER OF APOLOGY FROM
DEMOCRATIC GOVERNMENT OF NIGERIA.
ATTN: BENEFICIARY:
PAYMENT ORDER!!!
I WAS SURPRISED THAT YOU HAVE NOT RECEIVED YOUR FUND UP TILL TODAY.I WISH
TO INFORM YOU THAT YOUR FUND WILL BE TRANSFER TODAY INTO YOUR NOMINATED
BANK ACCOUNT WITHIN 72 HOURS. ......
ends with....
NOTE:YOU ARE ALSO ADVISE TO SEND TO US ALL INFORMATION OF ANY PERSON YOU
HAVE SENT MONEY SO THAT WE CAN RECOVER THE MONEY AND SEND IT BACK TO YOU.
YOU NEED TO CALL OFFICE OF THE PRESIDENCY ON :TEL: +2347045596018.
REGARDS
DR.GOODLUCK EBELE JONATHAN
PRESIDENT FEDERAL REPUBLIC OF NIGERIA
Sincerely
Ron Schmidt
Pegasus Research Consortium
Las Vegas, Nevada
SPAM SCAM and make BANK
I like this one :D
From Mark Wilson
alexis.bonnin@ensil.unilim.fr
As part of the 2013 UN-Habitat compensation payment reconciliation
process,After several attempts to reach you, I deemed it necessary and
urgent to contact you via your e-mail address and to notify you finally
about your outstanding compensation payment of $2,811,041.00.
Please contact High-Speed Delivery Service with your name, resident address
and your direct telephone number for the delivery of your cashier check.
High-Speed Delivery Service
Contact Name: Mark Wilson
E-mail: highspeed.courierdelivery@syvip.com
PS: Take note that you will pay a shipping/handling fee of $95 USD for your
check delivery by the courier service.
Thanks for your attention.
Abu Sander
Program Manager
As part of the 2013 UN-Habitat compensation payment reconciliation
process,After several attempts to reach you, I deemed it necessary and
urgent to contact you via your e-mail address and to notify you finally
about your outstanding compensation payment of $2,811,041.00.
Please contact High-Speed Delivery Service with your name, resident address
and your direct telephone number for the delivery of your cashier check.
High-Speed Delivery Service
Contact Name: Mark Wilson
E-mail: highspeed.courierdelivery@syvip.com
PS: Take note that you will pay a shipping/handling fee of $95 USD for your
check delivery by the
courier service.
Thanks for your attention.
Abu Sander
Program Manager
Abu Sander? LOL