AOPA warns that someone is trying the scam of spamming pilots saying that MBNA
needs for them to verify their account info. These mails are not from MBNA. Do
not click on the link.

This, by the way, is true of every similar scam. No legitimate company will send
you mail asking for account info by internet.

From the AOPA web site --

Urgent member advisory: Credit card fraud

Members with AOPA credit cards are warned to be on the lookout for e-mails that
appear to be from MBNA asking you to confirm or update your personal or credit
card information. These e-mails are not from MBNA. They are attempts by
criminals to gain access to your personal credit information in order to defraud
you. If you receive such an e-mail solicitation, you are warned not to respond
or provide any personal information.

As stated on MBNA's Web site:

MBNA is committed to ensuring that your personal and account information are
protected, both off and on the Internet. MBNA will never ask for personal or
account information to be submitted via e-mail. MBNA will never provide personal
information, such as an online account password, via e-mail.

This type of e-mail and Web site fraud, known as "phishing," is increasingly
prevalent with the scammers posing as a wide variety of businesses — banks,
credit card companies, insurance companies, and auction sites. There were an
estimated 20 million phishing e-mails in 2004, and the number is increasing
rapidly.

If you receive an e-mail that asks you to click a link and provide personal or
financial information, or suspect any fraudulent activity related to your MBNA
account(s), please contact MBNA immediately at 800/653-2465.

George Patterson
I prefer Heaven for climate but Hell for company.

George Patterson > wrote in
:

> AOPA warns that someone is trying the scam of spamming pilots
> saying that MBNA needs for them to verify their account info.
> These mails are not from MBNA. Do not click on the link.

I've discovered that most of them come from Korea and China. They pick
the images from a legitimate site but post your information to some
site in Seoul.

--

What they've been doing recently is opening the real site with the address
bar showing, and opening a login popup, showing no address bar. More often
than not, the popup doesn't work. They're getting shut down pretty quickly,
but I'm sure some people are going for it. I usually type in a few
obscenities after I send the report to the correct party.

"John Godwin" > wrote in message
. 3.44...
> George Patterson > wrote in
> :
>
> > AOPA warns that someone is trying the scam of spamming pilots
> > saying that MBNA needs for them to verify their account info.
> > These mails are not from MBNA. Do not click on the link.
>
> I've discovered that most of them come from Korea and China. They pick
> the images from a legitimate site but post your information to some
> site in Seoul.
>
> --

In article >,
"Steve Foley" > wrote:

> What they've been doing recently is opening the real site with the address
> bar showing, and opening a login popup, showing no address bar. More often
> than not, the popup doesn't work. They're getting shut down pretty quickly,
> but I'm sure some people are going for it. I usually type in a few
> obscenities after I send the report to the correct party.

They are also getting increasingly sophisticated. I used to be able to
tell immediately from the shoddy graphics that it wasn't the real thing.
Not long ago, I got one phishing for my Citibank info that I couldn't tell
apart from the real thing.

It also used to be that you could be careful and look in the status bar (or
wherever your particular browser shows you a preview of a link the mouse is
hovering over) to make sure it was real. The text on the screen would say
"www.citibank.com", but the URL preview would say "123.456.78.90" and you'd
know it was a fake. Now they're building URLs in the links with non-ascii
characters which display in your browser looking like the real thing, but
resolve to a different IP.

On Sat, 19 Mar 2005 06:30:01 -0000, John Godwin
> wrote:

>George Patterson > wrote in
:
>
>> AOPA warns that someone is trying the scam of spamming pilots
>> saying that MBNA needs for them to verify their account info.
>> These mails are not from MBNA. Do not click on the link.
>
>I've discovered that most of them come from Korea and China. They pick
>the images from a legitimate site but post your information to some
>site in Seoul.

They're also pretty easy to pick out because the link has an IP
address rather than a name. Sending you to http://1.2.3.4/whatever
and sucking the information from inattentive people is much easier
than having the link point to http://www.mbna.com and attempt to
redirect the real sitename to their data-gathering box.

One give-away is when your browser says it needs a non-english/latin
font set, e.g. Chinese...

Unless, of course, you're a Pacific customer of the bank or
organization, such as a number of brokerage houses.

> > George Patterson > wrote in
> > :
> >
> > > AOPA warns that someone is trying the scam of spamming pilots
> > > saying that MBNA needs for them to verify their account info.
> > > These mails are not from MBNA. Do not click on the link.
> >
> > I've discovered that most of them come from Korea and China. They pick
> > the images from a legitimate site but post your information to some
> > site in Seoul.

I assume that tracing such transaction would be fairly easy; is the problem
then that the host COUNTRIES are the laggards here in enforcing fraudulent
activity?

I can't recall any news about prosecutions for this "industry" that is
ripping off $$BILLIONS.

I guess the "zero tolerance" for pot users is MUCH MORE important.

On Sat, 19 Mar 2005 07:51:37 -0500, Peter Clark
> wrote:

> On Sat, 19 Mar 2005 06:30:01 -0000, John Godwin
> > wrote:
>
> >George Patterson > wrote in
> :
> >
> >> AOPA warns that someone is trying the scam of spamming pilots
> >> saying that MBNA needs for them to verify their account info.
> >> These mails are not from MBNA. Do not click on the link.
> >
> >I've discovered that most of them come from Korea and China. They pick
> >the images from a legitimate site but post your information to some
> >site in Seoul.
>
> They're also pretty easy to pick out because the link has an IP
> address rather than a name. Sending you to http://1.2.3.4/whatever
> and sucking the information from inattentive people is much easier
> than having the link point to http://www.mbna.com and attempt to
> redirect the real sitename to their data-gathering box.

Unfortuantely, not true! There are ways to fool your browser (any browser)
into displaying what looks like the legitimate URL in the status/message
bar, but which really is not. Uses special characters that have a defined
meaning in URL syntax, but are not displayed, and not widely knowm.

See also Roy Smith's reply earlier in this thread.

>

--
Jay.
(remove dashes for legal email address)

On Sat, 19 Mar 2005 12:09:52 -0500, Jay Somerset
> wrote:

>On Sat, 19 Mar 2005 07:51:37 -0500, Peter Clark
> wrote:

>> They're also pretty easy to pick out because the link has an IP
>> address rather than a name. Sending you to http://1.2.3.4/whatever
>> and sucking the information from inattentive people is much easier
>> than having the link point to http://www.mbna.com and attempt to
>> redirect the real sitename to their data-gathering box.
>
>Unfortuantely, not true! There are ways to fool your browser (any browser)
>into displaying what looks like the legitimate URL in the status/message
>bar, but which really is not. Uses special characters that have a defined
>meaning in URL syntax, but are not displayed, and not widely knowm.

Perhaps I'm spoiled by Eudora, but I don't even click on an emailed
link unless the preview of what it's going to launch to
Explorer/whatever shows up with proper English characters, and a real,
known, sitename.

Boils down to if it doesn't seem/look right, it's not. Any question,
just launch the browser yourself and go to the site directly.

I check the Properties on suspicious e-mails...pretty easy to identify the
fakes. There are some super-good ones, though, like those spoofing
Washington Mutual...I send those to because the Properties
looks like a real Wamu link...but Wamu assures me that they do not send
e-mails requesting information.

Bob Gardner

"Roy Smith" > wrote in message
...
> In article >,
> "Steve Foley" > wrote:
>
>> What they've been doing recently is opening the real site with the
>> address
>> bar showing, and opening a login popup, showing no address bar. More
>> often
>> than not, the popup doesn't work. They're getting shut down pretty
>> quickly,
>> but I'm sure some people are going for it. I usually type in a few
>> obscenities after I send the report to the correct party.
>
> They are also getting increasingly sophisticated. I used to be able to
> tell immediately from the shoddy graphics that it wasn't the real thing.
> Not long ago, I got one phishing for my Citibank info that I couldn't tell
> apart from the real thing.
>
> It also used to be that you could be careful and look in the status bar
> (or
> wherever your particular browser shows you a preview of a link the mouse
> is
> hovering over) to make sure it was real. The text on the screen would say
> "www.citibank.com", but the URL preview would say "123.456.78.90" and
> you'd
> know it was a fake. Now they're building URLs in the links with non-ascii
> characters which display in your browser looking like the real thing, but
> resolve to a different IP.

I have my email set up to forward messages from certain providers into
specifid sub-mailboxes...

So.. stuff that is really FROM ebay goes to an EBAY folder to be read...
and stuff really from my bank goes to its own folder. Helps cut down on
the riffraff..

Its not hard to set up and use... if you use Outlook or Netscape.

Dave

Peter Clark wrote:
> On Sat, 19 Mar 2005 12:09:52 -0500, Jay Somerset
> > wrote:
>
>
>>On Sat, 19 Mar 2005 07:51:37 -0500, Peter Clark
> wrote:
>
>
>>>They're also pretty easy to pick out because the link has an IP
>>>address rather than a name. Sending you to http://1.2.3.4/whatever
>>>and sucking the information from inattentive people is much easier
>>>than having the link point to http://www.mbna.com and attempt to
>>>redirect the real sitename to their data-gathering box.
>>
>>Unfortuantely, not true! There are ways to fool your browser (any browser)
>>into displaying what looks like the legitimate URL in the status/message
>>bar, but which really is not. Uses special characters that have a defined
>>meaning in URL syntax, but are not displayed, and not widely knowm.
>
>
> Perhaps I'm spoiled by Eudora, but I don't even click on an emailed
> link unless the preview of what it's going to launch to
> Explorer/whatever shows up with proper English characters, and a real,
> known, sitename.
>
> Boils down to if it doesn't seem/look right, it's not. Any question,
> just launch the browser yourself and go to the site directly.
>

"George Patterson" > wrote in message
...
> AOPA warns that someone is trying the scam of spamming pilots saying that
> MBNA
> needs for them to verify their account info. These mails are not from
> MBNA. Do
> not click on the link.
>
> This, by the way, is true of every similar scam. No legitimate company
> will send
> you mail asking for account info by internet.
>
> From the AOPA web site --
>
> Urgent member advisory: Credit card fraud
>
> Members with AOPA credit cards are warned to be on the lookout for e-mails
> that
> appear to be from MBNA asking you to confirm or update your personal or
> credit
> card information. These e-mails are not from MBNA. They are attempts by
> criminals to gain access to your personal credit information in order to
> defraud
> you. If you receive such an e-mail solicitation, you are warned not to
> respond
> or provide any personal information.
>
> As stated on MBNA's Web site:
>
> MBNA is committed to ensuring that your personal and account information
> are
> protected, both off and on the Internet. MBNA will never ask for personal
> or
> account information to be submitted via e-mail. MBNA will never provide
> personal
> information, such as an online account password, via e-mail.
>
> This type of e-mail and Web site fraud, known as "phishing," is
> increasingly
> prevalent with the scammers posing as a wide variety of businesses -
> banks,
> credit card companies, insurance companies, and auction sites. There were
> an
> estimated 20 million phishing e-mails in 2004, and the number is
> increasing
> rapidly.
>
> If you receive an e-mail that asks you to click a link and provide
> personal or
> financial information, or suspect any fraudulent activity related to your
> MBNA
> account(s), please contact MBNA immediately at 800/653-2465.
>
> George Patterson
> I prefer Heaven for climate but Hell for company.

in reality the only real credit card scam is being run by the credit
card companies themselves. if you happen to keep a balance on your card i
suggest you read that multi page fine print thing called terms and
conditions. that is the real scam. it is designed to get you in debt and
keep you there.

tony zambon
grumman 9941L

In article >,
says...
>

> in reality the only real credit card scam is being run by the credit
> card companies themselves. if you happen to keep a balance on your card i
> suggest you read that multi page fine print thing called terms and
> conditions. that is the real scam. it is designed to get you in debt and
> keep you there.
>
> tony zambon
> grumman 9941L

How do they make one buy things?

"Roy Smith" > wrote in message news:roy-
> They are also getting increasingly sophisticated. I used to be able to
> tell immediately from the shoddy graphics that it wasn't the real thing.
> Not long ago, I got one phishing for my Citibank info that I couldn't tell
> apart from the real thing.

Well, perhaps cosmetically. There's so many other clues that it is a scam
that one has to wonder at who would actually respond to these things.

Recently, I received a very legitimate SunTrust Bank scam. I was bored and
decided to go ahead click the links and fill out the form with required (but
fake) information. Y'all ought to do it sometime. It is quite interesting.

They asked for my name, address, phone number, mother maiden name, Social
Security number, bank account & routing number, and other information that
was very personal that no bank would ever request. It is very difficult for
me to imagine someone who would be so naive or stupid enough to actually
enter real information.

I consider it Digital Darwinism. Some folks just don't need to own a
computer.

--
Jim Fisher

On Sat, 19 Mar 2005 15:00:35 -0500, Peter Clark
> wrote:

> On Sat, 19 Mar 2005 12:09:52 -0500, Jay Somerset
> > wrote:
>
> >On Sat, 19 Mar 2005 07:51:37 -0500, Peter Clark
> > wrote:
>
> >> They're also pretty easy to pick out because the link has an IP
> >> address rather than a name. Sending you to http://1.2.3.4/whatever
> >> and sucking the information from inattentive people is much easier
> >> than having the link point to http://www.mbna.com and attempt to
> >> redirect the real sitename to their data-gathering box.
> >
> >Unfortuantely, not true! There are ways to fool your browser (any browser)
> >into displaying what looks like the legitimate URL in the status/message
> >bar, but which really is not. Uses special characters that have a defined
> >meaning in URL syntax, but are not displayed, and not widely knowm.
>
> Perhaps I'm spoiled by Eudora, but I don't even click on an emailed
> link unless the preview of what it's going to launch to
> Explorer/whatever shows up with proper English characters, and a real,
> known, sitename.
You can still get fooled -- even Eudora could display what looks like a
valid URL when it is bogus. The only way to be absolutely sure would be to
copy the URL to an ascii text editor that doesn't understand what a URL is
supposed to be, and cxheck that way.

>
> Boils down to if it doesn't seem/look right, it's not. Any question,
> just launch the browser yourself and go to the site directly.

--
Jay.
(remove dashes for legal email address)

"Jim Fisher" > wrote:
> They asked for my name, address, phone number, mother maiden name, Social
> Security number, bank account & routing number, and other information that
> was very personal that no bank would ever request. It is very difficult for
> me to imagine someone who would be so naive or stupid enough to actually
> enter real information.

Con games have been going on forever. I first heard of the "I found some
money and I'll split it with you, but you have to put up $X to show your
good faith" scam when I was a kid (my father told me how it worked).

I next heard of it a bunch of years later when a woman I was working with
fell victim to it. She came in one morning and started telling a strange
story of how somebody approached her and said they had found $10,000 or
some such. She was flabbergasted when I finished the story for her.

These days, the same scam is still going around, the only difference being
that email has taken over as the transmission mechanism. These scams
survive because they continue to work.

"Jay Somerset" > wrote in message
...
> On Sat, 19 Mar 2005 07:51:37 -0500, Peter Clark
> > wrote:
>
> >
> > They're also pretty easy to pick out because the link has an IP
> > address rather than a name. Sending you to http://1.2.3.4/whatever
> > and sucking the information from inattentive people is much easier
> > than having the link point to http://www.mbna.com and attempt to
> > redirect the real sitename to their data-gathering box.
>
> Unfortuantely, not true! There are ways to fool your browser (any
browser)
> into displaying what looks like the legitimate URL in the status/message
> bar, but which really is not. Uses special characters that have a defined
> meaning in URL syntax, but are not displayed, and not widely knowm.

Bruce Schneier covered this URL hack in his latest
security report. Write-up and very convincing fake
paypal page here:-
http://www.schneier.com/crypto-gram-0503.html#6

Be careful out there.

("Peter Duniho" wrote)
<snip>
> For better or for worse, our society has decided that "survival of the
> fittest" isn't an appropriate strategy.


Yikes!

http://www.eugenics.net/index.shtml
(Note to self: Do not return magazine subscription card)

Besides, it's all about your EQ these days anyway.


Montblack - nature's happy little accident

"Jim Fisher" > wrote:
> I consider it Digital Darwinism. Some folks just don't need to own a
> computer.

Anybody who has ever worked in IT should recognize this story.

The help desk gets a call from somebody having trouble setting up their new
computer. The tech goes back and forth with the person, asking questions
like, "Can you read me exactly what it says on the screen now?" and getting
answers that can't possibly be correct.

After a half an hour of this, the tech says, "Sir, do you still have the
box the computer came in?". The hapless person on the phone admits that he
does. "OK, sir, what I want you to do is take the computer, put it back in
the box, and return it to the store you bought it from. You are obviously
too stupid to own a a computer".

That's the funny part. The sad part of it is that at least half of the
time, the problem is that the software that comes with these things is just
crap, and it's a miracle that most people can get it to work at all. I've
been doing network for the past 20 years. For the past 5 years, I've been
writing software to manage networks. Yet, for the past couple of weeks,
I've been fighting trying to get two off-the-shelf consumer devices talking
to each other over my home network. If I can't figure it out (armed with
packet sniffers, protocol debuggers, and a computer science degree), how
are Mr. and Mrs. J. Random Customer supposed to manage?

Roy Smith wrote:

> After a half an hour of this, the tech says, "Sir, do you still have the
> box the computer came in?". The hapless person on the phone admits that he
> does. "OK, sir, what I want you to do is take the computer, put it back in
> the box, and return it to the store you bought it from. You are obviously
> too stupid to own a a computer".

True story, the problem was because the electricity was off, and the
computer owner thought it should work without any...

Tech was fired over that comment too...

> I consider it Digital Darwinism

i like it!

Of course if they'd just stop selling computers at the grocery store...

> wrote in message
h.net...
> In article >,
> says...
>>
>
>> in reality the only real credit card scam is being run by the
>> credit
>> card companies themselves. if you happen to keep a balance on your card i
>> suggest you read that multi page fine print thing called terms and
>> conditions. that is the real scam. it is designed to get you in debt and
>> keep you there.
>>
>> tony zambon
>> grumman 9941L
>
> How do they make one buy things?

Have to agree... Having to pay an interest rate is a known fact to having a
credit card. Who in their right mind thinks that they will not be paying
interist rates on the card? Now where i do think things get fuzzy is when
they advertise a 0% 2.99% or whatever, then in the very very very very fine
print you find a fixed monthly service fee, and that the rate is only valid
for a few months before jumping massively. But then again... those are so
common who gets a 2.9% card without the expectation that its an introductory
offer? I carry two cards, I have a balance on one, and yes a rather
considerable part of each monthly payment goes to pay for that interest fee,
BUT i do that willingly to have the convinience of a line of credit, comes
in hand now, especially in online commerce and when cash/check isn't
feasable. I personally don't buy an item on the credit card unless the
convinience of using the card for that purchase is worth 12.98% of that
purchase price over a year. Do the cards themselves put you in debt...
NOPE.... bout like blaming the pencil for spelling errors, the purchasers
puts themselves in debt, its how they manage that debt that can actually
affect how much interest they pay, be irrisponsible with the debt and that
rate goes through the roof, pay on time and a good history and you may be
able to qualify for a lower rate, the ball is in the purchasers' hands. Now
you want to know of a good psuedoscam in finance? Look at home loans that
offer an amazingly low interest rate, but want a points fee..... got news
for you... that points fee is an interest rate you can't escape! traditional
interest expenses (not rates) can be lowered by paying off a loan early, but
since those points fees are wrapped up into the principle of the loan your
stuck paying them, even if you pay the whole enchilada off next month (which
in some states means you can be stuck paying a prepayment penalty... another
load of crap if you ask me.) Bottom line... know your loan be it a credit
card, HEL HELOC or whatever... if its worth it its your own damn fault you
are in debt.

Dave S wrote:
> I have my email set up to forward messages from certain providers into
> specifid sub-mailboxes...
>
> So.. stuff that is really FROM ebay goes to an EBAY folder to be read...
> and stuff really from my bank goes to its own folder. Helps cut down on
> the riffraff..
>
> Its not hard to set up and use... if you use Outlook or Netscape.

Hmmm. So you're using a Outlook or Netscape filter to sort your incoming mail
into mailboxes? ... and what field in the mail header are you using to do the
sort? ... and how can you be sure that field isn't being spoofed?

*No* legitimate business is going to send you an email asking for personal
information. Just don't respond, no matter how legitimate the reply address looks.

Dave B

Jay Somerset wrote:
>
> The only way to be absolutely sure
> would be to copy the URL to an ascii text editor that doesn't
> understand what a URL is supposed to be, and cxheck that way.

Or save yourself a step and just set your email client to "text only" mode.
:)

--
John T
http://tknowlogy.com/TknoFlyer
http://www.pocketgear.com/products_search.asp?developerid=4415
____________________

On Sun, 20 Mar 2005 07:40:12 -0600, "Jim Fisher"
> wrote:

>"Roy Smith" > wrote in message news:roy-
>> They are also getting increasingly sophisticated. I used to be able to
>> tell immediately from the shoddy graphics that it wasn't the real thing.
>> Not long ago, I got one phishing for my Citibank info that I couldn't tell
>> apart from the real thing.
>
>Well, perhaps cosmetically. There's so many other clues that it is a scam
>that one has to wonder at who would actually respond to these things.
>
>Recently, I received a very legitimate SunTrust Bank scam. I was bored and
>decided to go ahead click the links and fill out the form with required (but
>fake) information. Y'all ought to do it sometime. It is quite interesting.
>
>They asked for my name, address, phone number, mother maiden name, Social
>Security number, bank account & routing number, and other information that
>was very personal that no bank would ever request. It is very difficult for
>me to imagine someone who would be so naive or stupid enough to actually
>enter real information.

Being a computing professional... I'd say about 90%, probably more.
These schemes are making *big* money, or they'd go away. Even the
spammers who use fake return addresses aren't worried. If they get
fined a few million it's only a drop in the bucket compared to what
they make.

If I ever do get a legit request via e-mail (which would really
surprise me) I'd never read it as they get trashed on the first line
or two if the spam checker doesn't catch them. So, if I really do owe
you money, don't bother with e-mail. <:-)) You'll just get an
answering machine on the telephone.

What bank, credit card co, or organization would be dumb enough to
ask such things in an e-mail? (they do exist)

A bad one from the user end is using HTML e-mail. It looks pretty, but
always set them to text only. I do get the occasional "get a capable
HTML mail reader" comment though. <:-)) At least every one is willing
to send me plain text versions of their news letters except the NRA
hasn't changed yet.

But, what the hey... with the money I've come into this last week from
three international lotteries, The widow who wants me to help her move
her late husband's money to the US, three oil investments, and 3 or 4
lawyers, trusts, estates, (you name 'em) I should have close to $200
million USD coming in. Oh, I forgot the two guys with terminal some
thing or other who want confidential help in moving their money out of
their country, or the guy who is trying to get his inheritance... I
should clear close to a quarter billion USD and all I have to do is
send them my bank account number.

Yup. In another month or two I can have all the planes I can fly and
all the toys I want ... and the Easter Bunny is going to leave solid
gold eggs in the front yard.

Roger Halstead (K8RI & ARRL life member)
(N833R, S# CD-2 Worlds oldest Debonair)
www.rogerhalstead.com
>
>I consider it Digital Darwinism. Some folks just don't need to own a
>computer.

"Roger" > wrote in message
> But, what the hey... with the money I've come into this last week from
> three international lotteries, The widow who wants me to help her move
> her late husband's money to the US, three oil investments, and 3 or 4
> lawyers, trusts, estates, (you name 'em) I should have close to $200
> million USD coming in.

Hey! Butt outta my territory! I'm handling the widow thing.

I also have an ex-prince wanting my help. Top that!

--
Jim Fisher

On Sat, 19 Mar 2005 09:44:56 -0700, "Matt Barrow"
> wrote:

>> > George Patterson > wrote in
>> > :
>> >
>> > > AOPA warns that someone is trying the scam of spamming pilots
>> > > saying that MBNA needs for them to verify their account info.
>> > > These mails are not from MBNA. Do not click on the link.
>> >
>> > I've discovered that most of them come from Korea and China. They pick
>> > the images from a legitimate site but post your information to some
>> > site in Seoul.

What? The South African connection is missing?
>
>I assume that tracing such transaction would be fairly easy; is the problem
>then that the host COUNTRIES are the laggards here in enforcing fraudulent
>activity?
>
>I can't recall any news about prosecutions for this "industry" that is
>ripping off $$BILLIONS.
>

Very few are prosecuted, but they are making millions.

>I guess the "zero tolerance" for pot users is MUCH MORE important.

Tis a bit difficult to grab someone out of a thrid world country.

Roger Halstead (K8RI & ARRL life member)
(N833R, S# CD-2 Worlds oldest Debonair)
www.rogerhalstead.com

>
>

On Sat, 19 Mar 2005 07:42:40 -0500, Roy Smith > wrote:

>In article >,
> "Steve Foley" > wrote:
>
>> What they've been doing recently is opening the real site with the address
>> bar showing, and opening a login popup, showing no address bar. More often
>> than not, the popup doesn't work. They're getting shut down pretty quickly,
>> but I'm sure some people are going for it. I usually type in a few
>> obscenities after I send the report to the correct party.
>
>They are also getting increasingly sophisticated. I used to be able to
>tell immediately from the shoddy graphics that it wasn't the real thing.
>Not long ago, I got one phishing for my Citibank info that I couldn't tell
>apart from the real thing.
>
>It also used to be that you could be careful and look in the status bar (or
>wherever your particular browser shows you a preview of a link the mouse is
>hovering over) to make sure it was real. The text on the screen would say
>"www.citibank.com", but the URL preview would say "123.456.78.90" and you'd
>know it was a fake. Now they're building URLs in the links with non-ascii
>characters which display in your browser looking like the real thing, but
>resolve to a different IP.

They've even gone farther than that, with redirects.
I've gone to sites that looked and felt real. The URL was real, but
the site actually wasn't.

This is one of the hazards of using HTML e-mail. I use text only.
Clicking on the link can take you to the bogus site while typing in
will not. Usually with plain text you see the actual link, rather
than the bogus one.

But they are getting very sophisticated.

Roger Halstead (K8RI & ARRL life member)
(N833R, S# CD-2 Worlds oldest Debonair)
www.rogerhalstead.com

On Sun, 20 Mar 2005 07:40:12 -0600, "Jim Fisher"
> wrote:

>"Roy Smith" > wrote in message news:roy-
>> They are also getting increasingly sophisticated. I used to be able to
>> tell immediately from the shoddy graphics that it wasn't the real thing.
>> Not long ago, I got one phishing for my Citibank info that I couldn't tell
>> apart from the real thing.
>
>Well, perhaps cosmetically. There's so many other clues that it is a scam
>that one has to wonder at who would actually respond to these things.

My profession has been computers since 1990. I've noted the scams
have gotten far more realistic in the last 6 months.

Only some one who knows enough not to use the new ones even if they do
appear to be legit would escape. That means the vast majority of
usres are vulnerable and without a clue.

Roger Halstead (K8RI & ARRL life member)
(N833R, S# CD-2 Worlds oldest Debonair)
www.rogerhalstead.com
>
>Recently, I received a very legitimate SunTrust Bank scam. I was bored and
>decided to go ahead click the links and fill out the form with required (but
>fake) information. Y'all ought to do it sometime. It is quite interesting.
>
>They asked for my name, address, phone number, mother maiden name, Social
>Security number, bank account & routing number, and other information that
>was very personal that no bank would ever request. It is very difficult for
>me to imagine someone who would be so naive or stupid enough to actually
>enter real information.
>
>I consider it Digital Darwinism. Some folks just don't need to own a
>computer.

On Sun, 20 Mar 2005 10:46:04 -0500, Roy Smith > wrote:

>"Jim Fisher" > wrote:
>> They asked for my name, address, phone number, mother maiden name, Social
>> Security number, bank account & routing number, and other information that
>> was very personal that no bank would ever request. It is very difficult for
>> me to imagine someone who would be so naive or stupid enough to actually
>> enter real information.
>
>Con games have been going on forever. I first heard of the "I found some
>money and I'll split it with you, but you have to put up $X to show your
>good faith" scam when I was a kid (my father told me how it worked).
>
>I next heard of it a bunch of years later when a woman I was working with
>fell victim to it. She came in one morning and started telling a strange
>story of how somebody approached her and said they had found $10,000 or
>some such. She was flabbergasted when I finished the story for her.
>
>These days, the same scam is still going around, the only difference being
>that email has taken over as the transmission mechanism. These scams
>survive because they continue to work.

They survive and continue to work because people are greedy and are
then embarrested too much to say they were scamed.

As you say, they are nothing new, but the delivery method has changed.

Roger Halstead (K8RI & ARRL life member)
(N833R, S# CD-2 Worlds oldest Debonair)
www.rogerhalstead.com

On Tue, 22 Mar 2005 16:49:31 -0600, "Jim Fisher"
> wrote:

>"Roger" > wrote in message
>> But, what the hey... with the money I've come into this last week from
>> three international lotteries, The widow who wants me to help her move
>> her late husband's money to the US, three oil investments, and 3 or 4
>> lawyers, trusts, estates, (you name 'em) I should have close to $200
>> million USD coming in.
>
>Hey! Butt outta my territory! I'm handling the widow thing.
>
>I also have an ex-prince wanting my help. Top that!

Maybe we can work out some kind of equitable trade. I'll take care of
the cash on this end and you fly over to take care of the deal in
person?

Roger Halstead (K8RI & ARRL life member)
(N833R, S# CD-2 Worlds oldest Debonair)
www.rogerhalstead.com

On Sat, 19 Mar 2005 15:00:35 -0500, Peter Clark
> wrote:

>On Sat, 19 Mar 2005 12:09:52 -0500, Jay Somerset
> wrote:
>
>>On Sat, 19 Mar 2005 07:51:37 -0500, Peter Clark
> wrote:
>
>>> They're also pretty easy to pick out because the link has an IP
>>> address rather than a name. Sending you to http://1.2.3.4/whatever
>>> and sucking the information from inattentive people is much easier
>>> than having the link point to http://www.mbna.com and attempt to
>>> redirect the real sitename to their data-gathering box.
>>
>>Unfortuantely, not true! There are ways to fool your browser (any browser)
>>into displaying what looks like the legitimate URL in the status/message
>>bar, but which really is not. Uses special characters that have a defined
>>meaning in URL syntax, but are not displayed, and not widely knowm.
>
>Perhaps I'm spoiled by Eudora, but I don't even click on an emailed
>link unless the preview of what it's going to launch to
>Explorer/whatever shows up with proper English characters, and a real,
>known, sitename.

What would you do in my case? I go to a number of Asian and Indonesian
sites and receive legitimate e-mail from those areas.? <:-))

Last year my Daughter spend over a month in mainland China and nearly
three weeks in Indonesia. (She left for home just one week before the
Tsunami)

The food caught up with Kevin on a long flight from Tibet to the
coast. They travel enough it usually doesn't stay with them for long.

Roger Halstead (K8RI & ARRL life member)
(N833R, S# CD-2 Worlds oldest Debonair)
www.rogerhalstead.com
>
>Boils down to if it doesn't seem/look right, it's not. Any question,
>just launch the browser yourself and go to the site directly.

On Mon, 21 Mar 2005 13:18:45 -0500, "John T" > wrote:

>Jay Somerset wrote:
>>
>> The only way to be absolutely sure
>> would be to copy the URL to an ascii text editor that doesn't
>> understand what a URL is supposed to be, and cxheck that way.
>
>Or save yourself a step and just set your email client to "text only" mode.

People just don't realize, or won't believe just how many headaches
that eliminates. As far as I'm concerned they shouldn't even allow
HTML e-mail.

Roger Halstead (K8RI & ARRL life member)
(N833R, S# CD-2 Worlds oldest Debonair)
www.rogerhalstead.com
>:)

Roger > writes:

>>
>>Perhaps I'm spoiled by Eudora, but I don't even click on an emailed
>>link unless the preview of what it's going to launch to
>>Explorer/whatever shows up with proper English characters, and a real,
>>known, sitename.

>What would you do in my case? I go to a number of Asian and Indonesian
>sites and receive legitimate e-mail from those areas.? <:-))


I read mail with elm and news with nn. Both text. I laugh
at all phishing and 419's.... as well as the virus attacks.

--
A host is a host from coast to
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433

Roger wrote:
>
> This is one of the hazards of using HTML e-mail. I use text only.
> Clicking on the link can take you to the bogus site while typing in
> will not.

I've never been able to find the setting for this in Netscape. There's a setting
to specify text/HTML in outgoing mail, but not for incoming.

George Patterson
Drink up, Socrates -- it's all-natural.

George Patterson > wrote:
> I've never been able to find the setting for this in Netscape.

The best way to configure Netscape mail is to drag it into the trash and
download Thunderbird instead :-)

("Roy Smith" wrote)
>> I've never been able to find the setting for this in Netscape.

> The best way to configure Netscape mail is to drag it into the trash and
> download Thunderbird instead :-)


I'm running T-bird. Couldn't find the HTML setting in question there either?


Montblack

In rec.aviation.owning David Lesher > wrote:
: I read mail with elm and news with nn. Both text. I laugh
: at all phishing and 419's.... as well as the virus attacks.

Hear, hear! Not to mention that IRIX is pretty immune to PC trojans..
--
Aaron Coolidge (elm for mail, tin for news!)

Montblack wrote:
>
> ("Roy Smith" wrote)
> >> I've never been able to find the setting for this in Netscape.
>
> > The best way to configure Netscape mail is to drag it into the trash and
> > download Thunderbird instead :-)
>
> I'm running T-bird. Couldn't find the HTML setting in question there either?

Not surprising. Netscape is just Mozilla repackaged.

It doesn't matter what the software package is -- you'll always find some clown
who will badmouth it.

George Patterson
Drink up, Socrates -- it's all-natural.

A comment about "preview windows" in email clients (Eudora, Outlook,
etc)..... if you have the preview window enabled, the client has to
render (executing anything allowed, in the process) whatever HTML might
be in the message to populate the preview. By the time you decide the
message is Something Bad, its too late.

Bottom line is that a preview window is a security risk. Be aware of
what is allowed to execute (Active X, Java, whatever,) and take
appropriate precautions if you use this feature.
Randy

"Darrel Toepfer" > wrote in message
. ..
> Roy Smith wrote:
>
>> After a half an hour of this, the tech says, "Sir, do you still have the
>> box the computer came in?". The hapless person on the phone admits that
>> he does. "OK, sir, what I want you to do is take the computer, put it
>> back in the box, and return it to the store you bought it from. You are
>> obviously too stupid to own a a computer".
>
> True story, the problem was because the electricity was off, and the
> computer owner thought it should work without any...
>
> Tech was fired over that comment too...

Nope, urban legend. http://www.snopes.com/humor/business/wordperf.htm

--Gary

Gary Drescher wrote:

>>True story, the problem was because the electricity was off, and the
>>computer owner thought it should work without any...
>>
>>Tech was fired over that comment too...
>
> Nope, urban legend. http://www.snopes.com/humor/business/wordperf.htm

Nope true story:
http://www.snopes.com/humor/business/wordperf.htm#stupid

Except for the getting fired part, he married her instead...

Darrel Toepfer wrote:
>
> Nope true story:
> http://www.snopes.com/humor/business/wordperf.htm#stupid
>
> Except for the getting fired part, he married her instead...

And except for the punch line.

George Patterson
Whosoever bloweth not his own horn, the same shall remain unblown.

George Patterson wrote:

> And except for the punch line.

She probably wouldn't have married him if he had...

On Fri, 1 Apr 2005 12:33:09 -0500, "Gary Drescher"
> wrote:

>"Darrel Toepfer" > wrote in message
. ..
>> Roy Smith wrote:
>>
>>> After a half an hour of this, the tech says, "Sir, do you still have the
>>> box the computer came in?". The hapless person on the phone admits that
>>> he does. "OK, sir, what I want you to do is take the computer, put it
>>> back in the box, and return it to the store you bought it from. You are
>>> obviously too stupid to own a a computer".
>>
>> True story, the problem was because the electricity was off, and the
>> computer owner thought it should work without any...
>>
>> Tech was fired over that comment too...
>
>Nope, urban legend. http://www.snopes.com/humor/business/wordperf.htm

Urban legend does not necessiarly mean it's false. It may have been
repeated so often as to have taken on a life of its own.

Roger Halstead (K8RI & ARRL life member)
(N833R, S# CD-2 Worlds oldest Debonair)
www.rogerhalstead.com

>
>--Gary
>