Comments on: Phishing – Avoid Fraud by Knowing The Basics

By: eXPeri3nc3

eXPeri3nc3 — Sat, 08 May 2010 11:03:02 +0000

laughing_man, though it’s a bit late, but yeah. You CAN retract emails if you’re in an organisation that uses Novell Groupware.

Assuming that your IT Dept did not disable the function.

But what you’d said is true, free emails like Gmail or Hotmail of course you can’t retract what you’d sent.

By: » Phishing II – Avoid Fraud by Knowing The Basics at goldfries.com

» Phishing II – Avoid Fraud by Knowing The Basics at goldfries.com — Tue, 16 Feb 2010 09:47:27 +0000

[...] been a while since I wrote the article on phishing, I thought I’d write another one as my father had recently received this E-mail which is [...]

By: laughing_man

laughing_man — Thu, 20 Aug 2009 04:56:28 +0000

*laughing*……..*still laughing*…. uhm eXPeri3nc3, please tell me how exactly did the IT guys retract the emails ? Cuz i just sent an email with all my bank account info to thisisascam@fakemail.com and its only been 2h and 50m so I still got 10 mins maybe u can help me pleaseeee.
Oh and as for my advice to the matter, simple the “bank” will NEVER EVER ask you for your password or information that could be used to log into your account, like the answer to your security questions. The give them a call idea is actually really good, just google the name of the bank to make sure u have the right address.
I got an sms telling me i won 3000$ and a nokia n95… although i did check just to be sure and found aver 1000 other people who had received similar sms, i knew i was fake because of 3 resons:
1 I didn’t participate in any contest.
2 I’ve never seen a prize composed of Money and a Mobile Phone.
3 Nokia n95 is wayy to old to be given as a prize in 2009… maybe if it where an iPhone.
So just use common logic and btw u can not retract ur emails so think twice than think again before thinking of sending…*still laughing*

By: eXPeri3nc3

eXPeri3nc3 — Sat, 14 Mar 2009 18:17:41 +0000

Surprisingly, my campus’s email got hit by it, it took the IT Guys 3 hours to realise it and retracted back all of the emails.

But overall, this article should be able to give less computer savvy people a good heads up on what might be hitting them.

By: goldfries

goldfries — Sat, 28 Feb 2009 00:58:40 +0000

Unfortunately many would be clever enough to send from what looked like a seemingly valid .com E-mail.

As to checking the servier – the thing is, do we keep track of their IP address? And most people don’t even know how to read E-mail headers to begin with. In my opinion, most people would just reach as far as the “FROM” part and no further than that. So for point #1 I think is not sufficient unless you are SURE that they only send from a particular IP address or server.

It’s just a good start but surely not the final say on whether the mail is false.

As to your point #2 – yes, that one is always the most clear cut checking. Unfortunately again there are those not too savvy, where domain names could end up looking legitimate to them.

Which is why I find #1 and #2 in your comment, maybe sufficient for you but it is certainly not applicable to the rest with “All we need to do”, as there are many others who aren’t well versed enough to spot phishing mails just from those 2.

By: HeHeHunter

HeHeHunter — Fri, 27 Feb 2009 17:19:57 +0000

Normally, these e-mails will be filtered by Gmail or Y! Mail.

But sometimes if it passes through, I’ll look at the e-mail first. IF it’s like m2u@xxx.com prepare to delete.

I am well aware of such phishing attacks.

actually they can mask their e-mail address as well.

Example: they send as notify@maybank2u.com.my, but at different server. If you’re a wordpress user, you’ll know that your e-mail is used to send notification to users.

Therefore, I read the link as well.

All we need to do is,
1. check source e-mail.
2. check the URL that we are going to click.

Regards,
HeHeHunter