AOPA Credit Card scam

On Sat, 19 Mar 2005 06:30:01 -0000, John Godwin
wrote:

George Patterson wrote in
:

AOPA warns that someone is trying the scam of spamming pilots
saying that MBNA needs for them to verify their account info.
These mails are not from MBNA. Do not click on the link.

I've discovered that most of them come from Korea and China. They pick
the images from a legitimate site but post your information to some
site in Seoul.

They're also pretty easy to pick out because the link has an IP
address rather than a name. Sending you to http://1.2.3.4/whatever
and sucking the information from inattentive people is much easier
than having the link point to http://www.mbna.com and attempt to
redirect the real sitename to their data-gathering box.

One give-away is when your browser says it needs a non-english/latin
font set, e.g. Chinese...

Unless, of course, you're a Pacific customer of the bank or
organization, such as a number of brokerage houses.

On Sat, 19 Mar 2005 07:51:37 -0500, Peter Clark
wrote:

On Sat, 19 Mar 2005 06:30:01 -0000, John Godwin
wrote:

George Patterson wrote in
:

AOPA warns that someone is trying the scam of spamming pilots
saying that MBNA needs for them to verify their account info.
These mails are not from MBNA. Do not click on the link.

I've discovered that most of them come from Korea and China. They pick
the images from a legitimate site but post your information to some
site in Seoul.

They're also pretty easy to pick out because the link has an IP
address rather than a name. Sending you to http://1.2.3.4/whatever
and sucking the information from inattentive people is much easier
than having the link point to http://www.mbna.com and attempt to
redirect the real sitename to their data-gathering box.

Unfortuantely, not true! There are ways to fool your browser (any browser)
into displaying what looks like the legitimate URL in the status/message
bar, but which really is not. Uses special characters that have a defined
meaning in URL syntax, but are not displayed, and not widely knowm.

See also Roy Smith's reply earlier in this thread.



--
Jay.
(remove dashes for legal email address)

On Sat, 19 Mar 2005 12:09:52 -0500, Jay Somerset
wrote:

On Sat, 19 Mar 2005 07:51:37 -0500, Peter Clark
wrote:

They're also pretty easy to pick out because the link has an IP
address rather than a name. Sending you to http://1.2.3.4/whatever
and sucking the information from inattentive people is much easier
than having the link point to http://www.mbna.com and attempt to
redirect the real sitename to their data-gathering box.

Unfortuantely, not true! There are ways to fool your browser (any browser)
into displaying what looks like the legitimate URL in the status/message
bar, but which really is not. Uses special characters that have a defined
meaning in URL syntax, but are not displayed, and not widely knowm.

Perhaps I'm spoiled by Eudora, but I don't even click on an emailed
link unless the preview of what it's going to launch to
Explorer/whatever shows up with proper English characters, and a real,
known, sitename.

Boils down to if it doesn't seem/look right, it's not. Any question,
just launch the browser yourself and go to the site directly.

I have my email set up to forward messages from certain providers into
specifid sub-mailboxes...

So.. stuff that is really FROM ebay goes to an EBAY folder to be read...
and stuff really from my bank goes to its own folder. Helps cut down on
the riffraff..

Its not hard to set up and use... if you use Outlook or Netscape.

Dave

Peter Clark wrote:
On Sat, 19 Mar 2005 12:09:52 -0500, Jay Somerset
wrote:


On Sat, 19 Mar 2005 07:51:37 -0500, Peter Clark
wrote:


They're also pretty easy to pick out because the link has an IP
address rather than a name. Sending you to http://1.2.3.4/whatever
and sucking the information from inattentive people is much easier
than having the link point to http://www.mbna.com and attempt to
redirect the real sitename to their data-gathering box.

Unfortuantely, not true! There are ways to fool your browser (any browser)
into displaying what looks like the legitimate URL in the status/message
bar, but which really is not. Uses special characters that have a defined
meaning in URL syntax, but are not displayed, and not widely knowm.


Perhaps I'm spoiled by Eudora, but I don't even click on an emailed
link unless the preview of what it's going to launch to
Explorer/whatever shows up with proper English characters, and a real,
known, sitename.

Boils down to if it doesn't seem/look right, it's not. Any question,
just launch the browser yourself and go to the site directly.

Dave S wrote:
I have my email set up to forward messages from certain providers into
specifid sub-mailboxes...

So.. stuff that is really FROM ebay goes to an EBAY folder to be read...
and stuff really from my bank goes to its own folder. Helps cut down on
the riffraff..

Its not hard to set up and use... if you use Outlook or Netscape.

Hmmm. So you're using a Outlook or Netscape filter to sort your incoming mail
into mailboxes? ... and what field in the mail header are you using to do the
sort? ... and how can you be sure that field isn't being spoofed?

*No* legitimate business is going to send you an email asking for personal
information. Just don't respond, no matter how legitimate the reply address looks.

Dave B

On Sat, 19 Mar 2005 15:00:35 -0500, Peter Clark
wrote:

On Sat, 19 Mar 2005 12:09:52 -0500, Jay Somerset
wrote:

On Sat, 19 Mar 2005 07:51:37 -0500, Peter Clark
wrote:

They're also pretty easy to pick out because the link has an IP
address rather than a name. Sending you to http://1.2.3.4/whatever
and sucking the information from inattentive people is much easier
than having the link point to http://www.mbna.com and attempt to
redirect the real sitename to their data-gathering box.

Unfortuantely, not true! There are ways to fool your browser (any browser)
into displaying what looks like the legitimate URL in the status/message
bar, but which really is not. Uses special characters that have a defined
meaning in URL syntax, but are not displayed, and not widely knowm.

Perhaps I'm spoiled by Eudora, but I don't even click on an emailed
link unless the preview of what it's going to launch to
Explorer/whatever shows up with proper English characters, and a real,
known, sitename.
You can still get fooled -- even Eudora could display what looks like a
valid URL when it is bogus. The only way to be absolutely sure would be to
copy the URL to an ascii text editor that doesn't understand what a URL is
supposed to be, and cxheck that way.


Boils down to if it doesn't seem/look right, it's not. Any question,
just launch the browser yourself and go to the site directly.

--
Jay.
(remove dashes for legal email address)

Jay Somerset wrote:

The only way to be absolutely sure
would be to copy the URL to an ascii text editor that doesn't
understand what a URL is supposed to be, and cxheck that way.

Or save yourself a step and just set your email client to "text only" mode.


--
John T
http://tknowlogy.com/TknoFlyer
http://www.pocketgear.com/products_s...veloperid=4415
____________________

On Mon, 21 Mar 2005 13:18:45 -0500, "John T" wrote:

Jay Somerset wrote:

The only way to be absolutely sure
would be to copy the URL to an ascii text editor that doesn't
understand what a URL is supposed to be, and cxheck that way.

Or save yourself a step and just set your email client to "text only" mode.

People just don't realize, or won't believe just how many headaches
that eliminates. As far as I'm concerned they shouldn't even allow
HTML e-mail.

Roger Halstead (K8RI & ARRL life member)
(N833R, S# CD-2 Worlds oldest Debonair)
www.rogerhalstead.com

A comment about "preview windows" in email clients (Eudora, Outlook,
etc)..... if you have the preview window enabled, the client has to
render (executing anything allowed, in the process) whatever HTML might
be in the message to populate the preview. By the time you decide the
message is Something Bad, its too late.

Bottom line is that a preview window is a security risk. Be aware of
what is allowed to execute (Active X, Java, whatever,) and take
appropriate precautions if you use this feature.
Randy