Robin Majumdar 2.0

Well this is one of the first ScotiaBank phishing email attempts I have received:

Dear Customer,

As part of our strict commitment to online security, we automatically terminate your secure
online session after an extended period of inactivity. This prevents unauthorized users from
accessing your account information,It’s just one of the many ways we strive to protect you
and your personal information online.

To return to your online session normally we are necessitating a verification process on your account
as an added measure to ensuring adequate security on your access online. Log in your access to complete
the verification process and ensure you fill in the required information. Sign-On to Scotia OnLine .

We are indeed sorry for the inconveniencies we have caused you, but also remember
that as a Scotiabank customer, your security remains our greatest priority.

Thanks for your co-operation.

Account Security Dept.
ScotiaBank.
________________________________________

Accounts Management As outlined in our User Agreement,& Scotia Bank will
periodically send you information about site changes and enhancements.
Please do not reply to this e-mail. Mail sent to this address cannot be answered.

The “Sign-On to Scotia OnLine” is a hyperlink to http://sp2lancut.scholaris.pl/mambots/editors/scotiaonline.htm

The sad part is that there still plenty of people being taken in by these phishing scams…

PHPizabi, makers of one of the more feature-packed and popular social networking systems, announced earlier this afternoon a fix for a critical security flaw which could allow a malicious user to intercept the site owners MD5 password by exploiting a weakness in the usercomments.php script.

Although MD5 passwords are indeed encrypted, a commited cracker could decrypt the password using a powerful enough compute cluster and appropriate software.

Well, there are export limitations on high tech equipment, but apparently reselling US Milirary Infrared Tabs on eBay is not really an issue…

It takes a bit of ingenious searching on eBay to find the IR tabs & patches, but they’re definitely there…

Well this is a new one for me: A phishing attempt trying to extract one (or more) of my Google AdWords accounts by getting me to sign in… the URL in the phishing email quoted below shows as http://adwords.google.com/select/login in the email, but a careful mouse-over shows that the actual target URL is http://adwords.google.com.frje8fdj.cn/select/Login/ …

The only other reference to the frje8fdj.cn is over at phishtank.com - and phishtank members (yes, I am one) have confirmed it as obviously being an AdWords phishing attempt. PhishTank has a great interface that actually shows what the target page looks like.

In this case it is a very convincing AdWords login page… now, some may think that stealing and AdWords SEM account is not great theft, but consider that some AdWords accounts may be tied to high credit limits and at the very least, they could use your account to drive traffic to their other sites… with you left holding the bill!

No the above is not phishing, it’s a direct link to Google.

From: Google AdWords [mailto:reactivation@google.com]
Sent: March 25, 2008 7:24 AM
To: [email suppressed]
Subject: Please Update Your Billing Information

This message was sent from a notification-only email address that does
not accept incoming email. Please do not reply to this message.
——————————————————————————–

Dear Google AdWords Customer,

Please sign in to your account at http://adwords.google.com/select/login , and update your billing information.
Your account will be reactivated as soon as you update your payment information.
Your ads will show immediately if you decide to pay for clicks via credit
or debit card. If you decide to pay by direct debit, we may need to receive
your signed debit authorization before your ads start running,
depending on your location.
If you choose bank transfer, your ads will show as soon as we receive your
first payment.

We look forward to providing you with the most effective advertising available.

Sincerely,

———————————————————————————-

The Google AdWords Team

Oui, si vous avez des contacts qui vous envoi des liens vers le site www.solvurus.info par MSN Messenger (ou Windows Live Messenger) c’est que leurs ordinateurs sont infectés par un virus.

De plus, www.solvurus.info est un site qui prétends vous permets de savoir qui vous a bloqué sur MSN … mais a condition que vous leur donnez votre compte et mot de passe MSN / Hotmail / Windows Live Messenger… euh.. non merci!

Now in English:

If you have contacts in Windows Live Messenger - or MSN Messenger - sending you links by IM to a site www.solvurus.info .. their machine is infected with a Trojan and propagating virally through their instant messenger. In other words: warn them, and do not click on the links.

In addition, solvurus.info is a site purporting to let you find out who has blocked you on MSN Messenger… as long as you provide them with your MSN / Windows Live Messenger / HotMail credentials … no thanks!