I'm not exactly a lover of computing but a thought got to me today when some toss-potts tried to rip me off...

When you click the link to a 'fishing' web site after your bank details, why not simply go with it and give them a load of crap information to keep them busy?

Thoughts?

I'm not exactly a lover of computing but a thought got to me today when some toss-potts tried to rip me off...

When you click the link to a 'fishing' web site after your bank details, why not simply go with it and give them a load of crap information to keep them busy?

Thoughts?Possibilities there. Make up some numbers, and give them the name and address of your state's attorney general or banking commissioner.

I'm not exactly a lover of computing but a thought got to me today when some toss-potts tried to rip me off...

When you click the link to a 'fishing' web site after your bank details, why not simply go with it and give them a load of crap information to keep them busy?

Thoughts?
It won't make one iota of difference, and you also run the risk that the site may push some nasties to your computer. Just ignore.

I'm not exactly a lover of computing but a thought got to me today when some toss-potts tried to rip me off...

When you click the link to a 'fishing' web site after your bank details, why not simply go with it and give them a load of crap information to keep them busy?

Thoughts?

Don't click on the link in the first place - you risk installing a trojan.

Just make sure that the URL is not specific to you - otherwise you might flag up your email as live which will result in a deluge of spam.

Best thing to do is to check out the real URL and the origitating IP of the email etc and report the phishing to the relevant sites and providers who will shut it down rapidly.

Talking of trojans; I've had a few of those and nothings happened to my computer.

So I wonder if some of these are just out there, put in palce by the software companies to frighten you into buying protection?

Umm...

I'm not exactly a lover of computing but a thought got to me today when some toss-potts tried to rip me off...

When you click the link to a 'fishing' web site after your bank details, why not simply go with it and give them a load of crap information to keep them busy?

I do that sometimes, not with fake information (except where required), but primarily with insults.

I also do as NeilC suggested. If everyone did so, it would cut down a lot on this crap.

I've sometimes gone and entered nonsense stuff or insults just for the fun of it. Since I use a Mac I don't fear any trojans or other virus forms. (And, as NeilC says, first make sure that the URL is not specific to your e-mail address.)

Do report them. There are a number of agencies to whom these things can be reported: do a search on something like "reporting phishing".

You might want to consider the fact that the Mac OS is no more secure, a priori, than Windows, and that the only reason Windows gets attacked is that there is more bang for the buck there because there are more of them. However, I have little doubt that there are Mac hackers out there who are occasionally willing to go out on a lark and try your luck...

And, as NeilC says, first make sure that the URL is not specific to your e-mail address.)

The above, to me, is meaningless drivel (I am useless with these terms)

So I check my URL or the lack of it?

Explain please.... for the stupid (me).

And, as NeilC says, first make sure that the URL is not specific to your e-mail address.)

The above, to me, is meaningless drivel (I am useless with these terms)

So I check my URL or the lack of it?

Explain please.... for the stupid (me).

On the phishing e-mail there's a link which will take you to a site where the crooks hope you will enter useful information (account number, PIN, passwords, etc.). You need to check that the link does not contain a reference to your e-mail address. There are different ways to do this, depending on what platform you're on and what software you're using. Probably if you right-click (Windows) or control-click (Mac) on the link, you'll get a pop-up menu where one of the options is "copy link". Choose this, then paste the link into any text document. You'll probably see something that doesn't look at all like the link as it appears in the e-mail. If you see something in that copied link that looks like your e-mail address, don't go visiting it! Maybe the link looks something like this:

http://citibusinessonline.citibank.com.wtowto.name/citibusinessonline/CBF.do?CID=039966366101455433120296773840501190678 75306957333&systemid=0593292374323

It could be that the stuff after the question mark is a code for identifying the address to which the mail was sent. Copy everything before the question mark and point your browser to that address: you'll see what a phishing site looks like. (The link above is a real phishing link from a mail I received: I just changed the numbers at random).

Just make sure that the URL is not specific to you - otherwise you might flag up your email as live which will result in a deluge of spam.

Best thing to do is to check out the real URL and the origitating IP of the email etc and report the phishing to the relevant sites and providers who will shut it down rapidly.


Yes, correct, sometimes phishing attempts are twofold: To both validate an email address as being viewed by a live person (no, not as opposed to a dead person :D, but rather as opposed to being automatically monitored, or being a spamtrap), as well as trying to capture bank/credit card/financial-whatever info.

Yes, there are people that input false info, but given that those responses are probably merely recorded automatically, and given that most harvesters actually don't give a damn about a few false entries as long as they have some bank/CC/financial info to sell to crooks, filling in fake info won't really show up as even a speed bump to those folks.

In short, don't bother. I usually just submit the messages to Spamcop, and if it comes into one of by spamtraps, I bounce the message with Mailwasher. If I think it's a real clever phish, or something really very original, I may do the good citizen thing and notify the bank or institution the message claims to come from, and also report it to spam@uce.gov address the US Department of Justice advertises.

If you really want to experience a vicarious thrill, go to the 419 Eater's site (http://www.419eater.com/). Those folks deliberately bait Nigerian-scam spammers, and sometimes go so far as to entice them to meet in person so they can get pictures of them. Now, this is exceptionally risky behavior, as people who've met some Nigerian scammers have ended up dead, so I sure as hell don't recommend it. But sometimes I go to that site just for a laugh, despite my instincts screaming that it's a bad thing to enable in any way. Anyway, view as you will, just don't actually do it!

[/digression]

Talking of trojans; I've had a few of those and nothings happened to my computer.

So I wonder if some of these are just out there, put in palce by the software companies to frighten you into buying protection?

Umm...


Uh, emphatic "No", sir or ma'am. A trojan has the potential to allow people access to your computer remotely; some only rise to the level of annoyance rather than being openly harmful, but some is not all, and trojans are still risks however you cut it. If you catch one it should still be quarantined or cleaned away by antivirus software.

Look up "botnet (http://en.wikipedia.org/wiki/Botnet)" on Google to understand why trojans exist, and why no one should consider them to be benign.

Ignore Even to click the link can be flag your address as active. They send them to random mail addresses or to those in a certain string/range, a similar way of doing it is to have an "unsubscribe" link at the bottom, which in fact, reports to them that someone is actually using that mail box.

Also, quick hint for you lovely people, if you need to sign up for something and it requires an email, don't waste time creating a spam account, go to mailexpire.com. It takes your email address and gives you an alias to use, which directs it to your inbox until the predetermined time period elapses.

Very Handy for dodging spam mailing lists ^^

Oh I see.

Don't click on the link in the first place - you risk installing a trojan.


Only if you're foolish enough to be running a certain security-ignorant operating system from a large company based in Redmond, Washington.

You might want to consider the fact that the Mac OS is no more secure, a priori, than Windows, and that the only reason Windows gets attacked is that there is more bang for the buck there because there are more of them.


This is patently false. Windows has, for nearly its entire existence, been plagued by security-related vulnerabilities, the likes of which simply do not exist in any form of Unix or MacOS.

Consider the site at http://windowsupdate.microsoft.com/. I'm not sure if this still works in Vista, but I know that in Windows 2000, at least, and I am fairly sure of XP as well, if you visit that site using Internet Explorer, this site will check for available updates to the operating system, and if available, allow you to install and download them, straight from the browser.

Consider what this means. The very same web browser that a very large, benighted portion of the Windows user base uses to access all web sites, has the authority to make alterations to the operating system itself according to the content of a web site which it may be browsing. As easily as it can download and install legitimate updates from Microsoft, it could just as easily download and install malicious “updates” from any other site that offers them.

Microsoft also included similar vulnerabilities in the Outlook programs, which have allowed arbitrary code to be included in email messages and newsgroup posts, to be run when messages containing it are read.

It is for these reasons, and not because of the sheer number of users, that Windows is so heavily targeted by the various forms of malware that are completely unknown to Macintosh, Unix, and Linux users.

If 99% of all computers were running MacOS X, Unix, or Linux, and only 1% were running Windows, I contend that the Windows systems would still account for nearly 100% of all the malware problems, just as they do now, for exactly the same reason. It is only Windows that openly invites these kind of attacks.

This is patently false. Windows has, for nearly its entire existence, been plagued by security-related vulnerabilities, the likes of which simply do not exist in any form of Unix or MacOS.

Consider the site at http://windowsupdate.microsoft.com/. I'm not sure if this still works in Vista, but I know that in Windows 2000, at least, and I am fairly sure of XP as well, if you visit that site using Internet Explorer, this site will check for available updates to the operating system, and if available, allow you to install and download them, straight from the browser.

Consider what this means. The very same web browser that a very large, benighted portion of the Windows user base uses to access all web sites, has the authority to make alterations to the operating system itself according to the content of a web site which it may be browsing. As easily as it can download and install legitimate updates from Microsoft, it could just as easily download and install malicious “updates” from any other site that offers them.

Microsoft also included similar vulnerabilities in the Outlook programs, which have allowed arbitrary code to be included in email messages and newsgroup posts, to be run when messages containing it are read.

It is for these reasons, and not because of the sheer number of users, that Windows is so heavily targeted by the various forms of malware that are completely unknown to Macintosh, Unix, and Linux users.

If 99% of all computers were running MacOS X, Unix, or Linux, and only 1% were running Windows, I contend that the Windows systems would still account for nearly 100% of all the malware problems, just as they do now, for exactly the same reason. It is only Windows that openly invites these kind of attacks.

Whilel not disputing your general opinion of Windoze and its lack of security, do you really think that this would be the case, or would it simply require a more concerted and powerful effort on the part of the malware authors? Windows is a sitting duck, but someone might still want to take a shot at a flying goose if it has enough meat on it.

Whilel (sic) not disputing your general opinion of Windoze and its lack of security, do you really think that this would be the case, or would it simply require a more concerted and powerful effort on the part of the malware authors? Windows is a sitting duck, but someone might still want to take a shot at a flying goose if it has enough meat on it.


I don't know that it would be impossible to target MacOS X with malware similar to that which plagues Windows, but if it is possible, it would certainly be a great deal more difficult. It seems to me that most of what ails Windows is getting in through some rather stupid vulnerabilities in Windows. You will not ever find, on MacOS X, a general-purpose web browser that has the ability to download and install “updates” to the operating system itself; in the manner that Internet Explorer can under Windows; nor do I think you will ever see, on MacOS X, an email program that will arbitrarily run executable code found in a message, as Outlook will under Windows.

And don't forget that copy perversion scheme that Sony/BMG was caught using on some of its audio CDs a while back, that installed malware on any Windows system on which one tried to play these CDs.

It is things like this that are allowing Windows to be attacked in the manner that it is.

This is patently false. Windows has, for nearly its entire existence, been plagued by security-related vulnerabilities, the likes of which simply do not exist in any form of Unix or MacOS.


Well, you are just flat out wrong. This site (http://machacking.net/kb/) may change your mind.