Discussion:
Lots of phishing emails "from" Yahoo and Hotmail this week.
(too old to reply)
Shadow
2016-12-30 20:50:09 UTC
Permalink
Raw Message
Telling me to change my password, and use two factor security, "for my
safety". Apparently I can send a hash of my fingerprints, my cell
phone number or my social security details.

The headers appear to be authentic, but the Yahoo emails redirect to a
site in Bosnia, and the Microsoft emails to a rent-an-IP company in
Brazil.

No serious company would ever demand you use two factor
authentication. It's two vulnerabilities to exploit. Just use a STRONG
password.
HTH
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012
David B.
2016-12-31 22:06:02 UTC
Permalink
Raw Message
Post by Shadow
Telling me to change my password, and use two factor security, "for my
safety". Apparently I can send a hash of my fingerprints, my cell
phone number or my social security details.
The headers appear to be authentic, but the Yahoo emails redirect to a
site in Bosnia, and the Microsoft emails to a rent-an-IP company in
Brazil.
Sadly, it appears that your computer has been compromised. Sorry about
that. :-(
Post by Shadow
No serious company would ever demand you use two factor
authentication. It's two vulnerabilities to exploit. Just use a STRONG
password.
HTH
[]'s
You are giving incorrect information.

https://en.wikipedia.org/wiki/Multi-factor_authentication
--
"Do something wonderful, people may imitate it."
Shadow
2017-01-01 02:48:58 UTC
Permalink
Raw Message
On Sat, 31 Dec 2016 22:06:02 +0000, "David B."
Post by David B.
Post by Shadow
Telling me to change my password, and use two factor security, "for my
safety". Apparently I can send a hash of my fingerprints, my cell
phone number or my social security details.
The headers appear to be authentic, but the Yahoo emails redirect to a
site in Bosnia, and the Microsoft emails to a rent-an-IP company in
Brazil.
Sadly, it appears that your computer has been compromised. Sorry about
that. :-(
What a moron. If it had been compromised, they wouldn't need
to send the phishing mail.

OMG !!!!
Post by David B.
Post by Shadow
No serious company would ever demand you use two factor
authentication. It's two vulnerabilities to exploit. Just use a STRONG
password.
You are giving incorrect information.
https://en.wikipedia.org/wiki/Multi-factor_authentication
Try using your brain. When you are sober.
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012
David B.
2017-01-10 23:44:22 UTC
Permalink
Raw Message
Post by Shadow
On Sat, 31 Dec 2016 22:06:02 +0000, "David B."
Post by David B.
Post by Shadow
Telling me to change my password, and use two factor security, "for my
safety". Apparently I can send a hash of my fingerprints, my cell
phone number or my social security details.
The headers appear to be authentic, but the Yahoo emails redirect to a
site in Bosnia, and the Microsoft emails to a rent-an-IP company in
Brazil.
Sadly, it appears that your computer has been compromised. Sorry about
that. :-(
What a moron. If it had been compromised, they wouldn't need
to send the phishing mail.
OMG !!!!
What a load of crap you spout! SAD. :-(
Post by Shadow
Post by David B.
Post by Shadow
No serious company would ever demand you use two factor
authentication. It's two vulnerabilities to exploit. Just use a STRONG
password.
*You are giving INCORRECT information*.
https://en.wikipedia.org/wiki/Multi-factor_authentication
Try using your brain. When you are sober.
[]'s
Think you’re already immune? Think again. Scams evolve every day. Even
the most savvy among us can fall victim to a scam if we’re not aware of
the danger. Scammers are learning how to be better scammers – you can
learn how to keep yourself safe.

AntiFraudNews.com presents articles about internet fraud to help you
learn about the classic scams, the new trends in scams, the places on
the internet where you can get help and information, and what part you
can do to help combat this type of fraud.

http://www.antifraudnews.com/
--
"Do something wonderful, people may imitate it."
Diesel
2017-01-15 02:19:23 UTC
Permalink
Raw Message
Post by David B.
Post by Shadow
Telling me to change my password, and use two factor security,
"for my safety". Apparently I can send a hash of my fingerprints,
my cell phone number or my social security details.
The headers appear to be authentic, but the Yahoo emails redirect
to a site in Bosnia, and the Microsoft emails to a rent-an-IP
company in Brazil.
Sadly, it appears that your computer has been compromised. Sorry
about that. :-(
Post by Shadow
No serious company would ever demand you use two factor
authentication. It's two vulnerabilities to exploit. Just use a
STRONG password.
HTH
[]'s
You are giving incorrect information.
https://en.wikipedia.org/wiki/Multi-factor_authentication
Security

According to proponents, multi-factor authentication could
drastically reduce the incidence of online identity theft and other
online fraud, because the victim's password would no longer be enough
to give a thief permanent access to their information. However, many
multi-factor authentication approaches remain vulnerable to phishing,
[21] man-in-the-browser, and man-in-the-middle attacks.[22]

Multi-factor authentication may be ineffective against modern
threats, like ATM skimming, phishing, and malware.[23]

Next time, dipshit, read the contents of the url before you share it
with us. Might change your mind about writing the nonsense you did...
--
Sarcasm, because beating the living shit out of deserving people is
illegal.
David B.
2017-01-15 06:04:11 UTC
Permalink
Raw Message
Post by Diesel
Post by David B.
Post by Shadow
Telling me to change my password, and use two factor security,
"for my safety". Apparently I can send a hash of my fingerprints,
my cell phone number or my social security details.
The headers appear to be authentic, but the Yahoo emails redirect
to a site in Bosnia, and the Microsoft emails to a rent-an-IP
company in Brazil.
Sadly, it appears that your computer has been compromised. Sorry
about that. :-(
Post by Shadow
No serious company would ever demand you use two factor
authentication. It's two vulnerabilities to exploit. Just use a
STRONG password.
HTH
[]'s
You are giving incorrect information.
https://en.wikipedia.org/wiki/Multi-factor_authentication
Security
According to proponents, multi-factor authentication could
drastically reduce the incidence of online identity theft and other
online fraud, because the victim's password would no longer be enough
to give a thief permanent access to their information. However, many
multi-factor authentication approaches remain vulnerable to phishing,
[21] man-in-the-browser, and man-in-the-middle attacks.[22]
Multi-factor authentication may be ineffective against modern
threats, like ATM skimming, phishing, and malware.[23]
Next time, dipshit, read the contents of the url before you share it
with us. Might change your mind about writing the nonsense you did...
Dustin

Thank you for your reply. I'd like to apologize to you for this prime
example of me teasing Shadow. Another one of my 'tongue-in-cheek
comments. Truly!

It appears that 'RoadRunnerLA' identified that this was a troll post by
me, something which I shouldn't really do. He's obviously a very well
educated guy (or gal!).

See line 108, here:- http://shakespeare-navigators.com/ado/AdoText23.html

FWIW I've been using 'Two-factor authentication' for many years, most
notably with Google and Apple. Sometimes a nuisance when I can't
remember where I left my mobile phone! :-)
--
"Do something wonderful, people may imitate it."
Shadow
2017-01-15 15:16:59 UTC
Permalink
Raw Message
On Sun, 15 Jan 2017 06:04:11 +0000, "David B."
Post by David B.
Post by Diesel
Post by David B.
Post by Shadow
Telling me to change my password, and use two factor security,
"for my safety". Apparently I can send a hash of my fingerprints,
my cell phone number or my social security details.
The headers appear to be authentic, but the Yahoo emails redirect
to a site in Bosnia, and the Microsoft emails to a rent-an-IP
company in Brazil.
Sadly, it appears that your computer has been compromised. Sorry
about that. :-(
Post by Shadow
No serious company would ever demand you use two factor
authentication. It's two vulnerabilities to exploit. Just use a
STRONG password.
HTH
[]'s
You are giving incorrect information.
https://en.wikipedia.org/wiki/Multi-factor_authentication
Security
According to proponents, multi-factor authentication could
drastically reduce the incidence of online identity theft and other
online fraud, because the victim's password would no longer be enough
to give a thief permanent access to their information. However, many
multi-factor authentication approaches remain vulnerable to phishing,
[21] man-in-the-browser, and man-in-the-middle attacks.[22]
Multi-factor authentication may be ineffective against modern
threats, like ATM skimming, phishing, and malware.[23]
Next time, dipshit, read the contents of the url before you share it
with us. Might change your mind about writing the nonsense you did...
Dustin
Thank you for your reply. I'd like to apologize to you for this prime
example of me teasing Shadow. Another one of my 'tongue-in-cheek
comments. Truly!
It ALWAYS is when the truth comes out. "A Joke". "Tongue in
Cheek", "Pulling your leg" "I was kidding", "I never meant to post
accusing you of pedophily", "Those private emails just slipped out", I
Photoshopped those photos and re-posted them in your name by mistake"
etc.
The problem is that people that do not have much experience
might think you actually READ the article you posted about and believe
you.
The easiest way to get someone's password is by cloning their
phone. Login with a wrong password, a temporary password is sent via
SMS to their (your) cell, and you are in, and can change their
password.
Very often, people are asked to leave their cells at reception
at lectures and other events, and your email is right there on your
registration form. Not even necessary to clone the IMEI.
Not possible without 2 factor authentication.
[]'s

To the newcomers here, David Brooks(he posts under over a
dozen nyms) is a worthless drunk, 100% of his posts are about either
directly STALKING, or enlisting the help of other to illegally STALK
his victims..
--
Don't be evil - Google 2004
We have a new policy - Google 2012
David B.
2017-01-15 16:07:26 UTC
Permalink
Raw Message
On 15/01/2017 15:16, Shadow claimed
by cloning their phone.
*HOW*????
--
"Do something wonderful, people may imitate it."
David B.
2017-01-15 16:38:19 UTC
Permalink
Raw Message
Post by Shadow
The easiest way to get someone's password is by cloning their
phone. Login with a wrong password, a temporary password is sent via
SMS to their (your) cell, and you are in, and can change their
password.
That is *NOT* how it works!

A code - by way of usually 4 or 6 numbers - is sent to one's 'phone.

That code is then posted into the company web page.

*QED*
--
"Do something wonderful, people may imitate it."
rikijo
2017-01-15 17:04:05 UTC
Permalink
Raw Message
Post by Shadow
To the newcomers here, David Brooks(he posts under over a
dozen nyms) is a worthless drunk, 100% of his posts are about either
directly STALKING, or enlisting the help of other to illegally STALK
his victims..
your a firkin liar Shadow

YOU were struck off for being an alcholic, don't deny it.
Shadow
2017-01-16 09:45:16 UTC
Permalink
Raw Message
Post by rikijo
Post by Shadow
To the newcomers here, David Brooks(he posts under over a
dozen nyms) is a worthless drunk, 100% of his posts are about either
directly STALKING, or enlisting the help of other to illegally STALK
his victims..
your a firkin liar Shadow
YOU were struck off for being an alcholic, don't deny it.
Still incapable of using a decent Usenet client, or updating
your email client, eh, BD ?
OMG, if the real rikijo sees you using his nick in vain you
are in such deep shit.
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012
James Wilkinson Sword
2016-12-31 22:23:36 UTC
Permalink
Raw Message
Post by Shadow
Telling me to change my password, and use two factor security, "for my
safety". Apparently I can send a hash of my fingerprints, my cell
phone number or my social security details.
The headers appear to be authentic, but the Yahoo emails redirect to a
site in Bosnia, and the Microsoft emails to a rent-an-IP company in
Brazil.
No serious company would ever demand you use two factor
authentication. It's two vulnerabilities to exploit. Just use a STRONG
password.
I don't care about anyone stupid enough to fall for those.
--
Before you set out on a journey, ring your local radio station and say there's a terrible congestion on your road. Everybody avoids it and it's clear for you! -- Jack Dee
Shadow
2017-01-01 02:55:10 UTC
Permalink
Raw Message
On Sat, 31 Dec 2016 22:23:36 -0000, "James Wilkinson Sword"
Post by James Wilkinson Sword
Post by Shadow
Telling me to change my password, and use two factor security, "for my
safety". Apparently I can send a hash of my fingerprints, my cell
phone number or my social security details.
The headers appear to be authentic, but the Yahoo emails redirect to a
site in Bosnia, and the Microsoft emails to a rent-an-IP company in
Brazil.
No serious company would ever demand you use two factor
authentication. It's two vulnerabilities to exploit. Just use a STRONG
password.
I don't care about anyone stupid enough to fall for those.
Some of them are almost perfect, from the faked header to the
long link with a redirect so far to the right it does not appear on
the screen when you hover over it. You only see the "yahoo"or
"live.com" followed by the usual (expected) string of datamining.
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012
James Wilkinson Sword
2017-01-01 18:34:07 UTC
Permalink
Raw Message
Post by Shadow
On Sat, 31 Dec 2016 22:23:36 -0000, "James Wilkinson Sword"
Post by James Wilkinson Sword
Post by Shadow
Telling me to change my password, and use two factor security, "for my
safety". Apparently I can send a hash of my fingerprints, my cell
phone number or my social security details.
The headers appear to be authentic, but the Yahoo emails redirect to a
site in Bosnia, and the Microsoft emails to a rent-an-IP company in
Brazil.
No serious company would ever demand you use two factor
authentication. It's two vulnerabilities to exploit. Just use a STRONG
password.
I don't care about anyone stupid enough to fall for those.
Some of them are almost perfect, from the faked header to the
long link with a redirect so far to the right it does not appear on
the screen when you hover over it. You only see the "yahoo"or
"live.com" followed by the usual (expected) string of datamining.
[]'s
I've never seen one that even made me look twice. Spelling and grammatical errors everywhere, bad alignment, wrong server used on all the links, blatantly obvious.
--
There is no such thing as a law abiding motorist, just those who have been scammed and those yet to be scammed!
(PeteCresswell)
2017-01-02 01:10:10 UTC
Permalink
Raw Message
I've never seen one that even made me look twice. Spelling and grammatical errors everywhere, bad >alignment, wrong server used on all the links, blatantly obvious.
One idea I have heard is that:

- Sending spam email is essentially cost-free, so you send
lots of the stuff.

- The overhead starts kicking in when the scam's followup involves
people contacting the target.

- They want to minimize the number of contacts with people above a
certain intelligence/sophistication level because they tend to
be unproductive ("False Positives") - yet eat up resources.

- Consequently they craft the email so that anybody with half a brain
will ignore it and the people left - who respond - are the easiest
of targets.

There is an interesting thread on this subject in Quora:
https://www.quora.com/Why-are-email-scams-written-in-broken-English

Microsoft has a white paper on this subject:
http://tinyurl.com/hem9h9j
https://www.microsoft.com/en-us/research/publication/why-do-nigerian-scammers-say-they-are-from-nigeria/

I didn't download the entire PDF - just read the abstract... but it
seems to be consistent with other comments.
--
Pete Cresswell
Big Bad Bob
2017-01-10 20:08:59 UTC
Permalink
Raw Message
Post by (PeteCresswell)
I've never seen one that even made me look twice. Spelling and grammatical errors everywhere, bad >alignment, wrong server used on all the links, blatantly obvious.
- Sending spam email is essentially cost-free, so you send
lots of the stuff.
- The overhead starts kicking in when the scam's followup involves
people contacting the target.
- They want to minimize the number of contacts with people above a
certain intelligence/sophistication level because they tend to
be unproductive ("False Positives") - yet eat up resources.
- Consequently they craft the email so that anybody with half a brain
will ignore it and the people left - who respond - are the easiest
of targets.
https://www.quora.com/Why-are-email-scams-written-in-broken-English
http://tinyurl.com/hem9h9j
https://www.microsoft.com/en-us/research/publication/why-do-nigerian-scammers-say-they-are-from-nigeria/
I didn't download the entire PDF - just read the abstract... but it
seems to be consistent with other comments.
how about this: http://www.419eater.com/
--
your story is so touching, but it sounds just like a lie
"Straighten up and fly right"
(PeteCresswell)
2017-01-10 21:02:04 UTC
Permalink
Raw Message
Post by Big Bad Bob
how about this: http://www.419eater.com/
Warms my heart....
--
Pete Cresswell
Big Bad Bob
2017-01-10 20:03:55 UTC
Permalink
Raw Message
Post by Shadow
Telling me to change my password, and use two factor security, "for my
safety". Apparently I can send a hash of my fingerprints, my cell
phone number or my social security details.
don't be like a DEMOCRAT and give them your password (or any OTHER such
information), nor use "password" as a password...

[yeah the so-called 'smart people' that want to run my life, falling for
a phishing scam any 14-year-old could've managed, and using "password"
as a password - HA HA HA HA HA HA HA]

OK I couldn't resist making THOSE comments!
--
your story is so touching, but it sounds just like a lie
"Straighten up and fly right"
Loading...