Re: I NEED YOUR HELP.....

0 views
Skip to first unread message
Message has been deleted

Jon H

unread,
Dec 11, 2009, 9:19:12 PM12/11/09
to mang...@googlegroups.com
Looks like someone's email was hacked in to.  I've seen this email many times so don't go sending any money :)

On Fri, Dec 11, 2009 at 9:04 PM, Bill Lindau <blin...@yahoo.com> wrote:
Hello
 
Hope you get this on time ? Sorry I didn't inform you about my trip to the United Kingdom, I'm presently in Scotland and am having some difficulties here.I misplaced my bag on my way to the hotel where other valuable things were kept including my passport. I will like you to assist me with a loan of  $2,500 or whatever amount you can afford to borrow me to sort-out my hotel bills and to get myself back home. I will appreciate whatever you can afford to assist me with and I promise to Refund the money as soon as i return.

I would have loved to call you on the phone, but i don't have any money to pay for a PAYPHONE to call and i only have access to the internet and i do not have a mobile phone anymore because i lost my cell phone during the incident if not i would have given you a number to reach me. All that matters now is my well being, Please whichever way you can help me send the money or whatever amount you can afford to borrow me at the moment.

Kindly help me send the money via western union money transfer,I will get a temporary document in replacement for my stolen passport from the embassy,here is the information below:

Name; Bill Lindau
ADDRESS:19 North Bridge
STATE: Edinburgh
COUNTRY:United Kingdom
ZIP CODE: EH1 1SD
Write me immediately, so i know when the money has been wired,scan and send me the
western union money transfer receipt or just write out the details on the receipt and send to me. this mystery is enough..
Thank you.

Bill Lindau

--

You received this message because you are subscribed to the Google Groups "Mangum Track Club" group.
To post to this group, send email to mang...@googlegroups.com.
To unsubscribe from this group, send email to mangumtc+u...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/mangumtc?hl=en.

Jonathan Savage

unread,
Dec 12, 2009, 3:55:46 PM12/12/09
to mang...@googlegroups.com
A friend of mine had his Facebook account hacked, and they used the instant messaging feature to pretend to be him and ask for money. Currently, these attacks are given away by the poor grammar ("whatever amount you can afford to borrow me"), but I would not count on that indicator. If you honestly think it might be a friend in trouble, do the logical thing - ask them to call you. They can make a reverse charges call from a phone for instance. Alternatively, ask them something personal that only they would know.
 
I've seen these attacks take two approaches. One is to hack a site that contains lots of password, and try those username/passwords on more important sites. My friend had his monster.com account compromised, then used on facebook. So don't use the same username/password on low risk sites and financial sites (ebay, paypal, bank account). Remember that your email account is critical, as it can often be used to reset a password to something more important.
 
The other attack is to try common words (AKA dictionary attack) for password. Choose a password by finding a word or phrase that is easy to remember, then substituting numbers and symbols for the letters. So ultrarunner could become u1tr@Runn3r for instance. It makes a dictionary attack much, much harder. Adding numbers to the end increases the difficulty even further.
 
"Only the paranoid survive"
 
My $0.02
 

Marcus Barton

unread,
Dec 12, 2009, 6:46:45 PM12/12/09
to mang...@googlegroups.com
Unfortunately, most folks get their facebook accounts (and other accounts) hacked due to things that they do themselves, not by having weak passwords.
 
It is very, very common for folks to get their facebook account hacked by clicking on a link and going to a copy-cat, facebook-look-alike page asking them to sign in.  Invaribly, they do, not even paying attention to the address bar to see that it truly isn't facebook.
 
Very, very, very rarely is someone's facebook (or other account) hacked via dictionary or brute force attacks.  Only high-profile targets are usually worth a hackers time and risk by using dictionary or brute force methods.  They are too time consuming and highly detectible (very, very risky).
 
It's easier just to get the naive person to click on a link and hand over their username and password.

Anothe way is using trojans.  For example, not too long ago there was a worm spreading around via facebook.  The worm spreads when a compromised user’s account was used to send message to others with a title such as “LOL. You’ve been catched on hidden cam, yo:” and a link to a random URL.  The linked website was YouTube-like page that shows a video player along with what looks like a standard browser message to update your Flash installation.
 
Clicking on the button begins a malware installation of a file called “codecsetup.exe.” It would install software that "zombies" your computer, installs a keylogger, and other fun stuff.
 
A nasty feature of the worm is that it took the profile picture of the sending infected user and added it to the linked website. This makes it all look much more legitimate for the potential victim.  Facebook users are notoriously naive when it comes to security awareness, and a certain percentage of users will always end up falling for this kind of social hack. There’s little Facebook can do other than attempt to filter out the landing website in messages.

 
 
Marcus Barton




 

From: jfsa...@hotmail.com

To: mang...@googlegroups.com
Subject: Re: I NEED YOUR HELP.....
Date: Sat, 12 Dec 2009 15:55:46 -0500

Hotmail: Powerful Free email with security by Microsoft. Get it now.
Reply all
Reply to author
Forward
0 new messages