Entries Tagged as 'phishing'

Criminal Justice Department? What?

So I ran across this website running an ad on becoming a CIA agent. Amusingly, I remembered back in college days when I was accepted to be a CIA intern, but couldn’t even get in with the FBI because of my grades. I suppose computer skills were more important than grades at the time with the CIA.

In any case, so knowing that there are GPA requirements to join certain agencies, I thought it was amusing that there was a site that was offering financial aid to become one, and on top of that was basically saying that you could join in 18 to 24 months. I could be wrong, but I’m pretty sure it depends on a lot of qualifications and all sorts of things.

So I looked it up and the site happens to be off a .org TLD. I could be wrong, but I have never seen any federal government agency use a .org TLD ever. In fact, this is registered to someone that’s using a domain proxy which means that it’s probably a private individual. On top of that, they want to see if you qualify for financial aid. Someone is trying to get personal data for financial aid? Sounds awfully like a phishing scam. Now, like I said, it might be legit. But all indications seem to point to the fact that it isn’t when you get right down to it.

Scary stuff. And this is from a legitimate ad. Caveat emptor.

Growing List of Hotmail Accounts Compromised Via Phishing

pirate Over the weekend, it seems that there was a compromise with Hotmail accounts. Five figures worth of accounts apparently. Now, the first thought would be that someone actually took action against Microsoft and busted through. But in this case, it was apparently ill-gotten from phishing scams. The password list was posted on Pastebin which is a place where developers share snippets of code to get more eyes on it. They have taken down the offending accounts and taken the necessary precautions.

Either way, Microsoft has identified this issue and has apparently locked down the compromised accounts. If you were compromised and are locked out, there is an email form that Microsoft Live has set up for you to reclaim your account. I took a look at it, and it asks for some serious private information.

All of this should teach you (the end user) something. Lesson here is that you don’t click on anything ever in emails or otherwise, when you can go directly to the site itself and look for it. One of the reasons I have always hated HTML emails since it stupefies the entire security aspect and makes it a more difficult problem since you go against human nature. Thus? You’ll never see me prefer text over HTML any day of the week. You can dump links there, but I can read them.