I'm being impersonated on FaceBook!
Noel Gama
Hi FaceBook friends,
My FaceBook accounts has been temporarily shut down because someone is
impersonating me!
Here's what the FaceBook Security team informed me via email:
******
Hi Noel,
Our systems indicate that your Facebook account has been compromised
by cybercriminals attempting to impersonate you. These criminals
often will try to trick your friends into sending them money by
claiming that you are stuck in a far away location and need
assistance. It is possible that your email account was compromised as
well. As such, we have sent this email to all email accounts recently
associated with your account. Obtaining access to a victim's email is
one of the primary ways these cybercriminals have been operating.
Please change the passwords to any email addresses associated with
your account.
Once you regain control of your Facebook account, be sure to verify
that you control all of the email addresses associated with your
account on the Contact Email section at:
https://register.facebook.com/editaccount.php
We strongly recommend that you select a new, unique password for any
email address associated with your Facebook account. You should make
sure to avoid using the same password for multiple sites. We also
encourage you to visit the following page for more information about
Facebook security and how to report suspicious material:
http://www.facebook.com/security
In order to regain control of your Facebook account reply to this
email to get the account verification process started.
Thanks,
Facebook Security
*****
Noel Gama
Daman
Gerard Fernandes
tempted! :)
This is the thing we have to be always very careful about when venturing
into the online world. We already know that the world is a big bad place
and we protect our children from it until they're old enough to face it
themselves.
But somehow, when it comes to things we can't see, we inherently trust
it.
Here's somethings all of us netizens should keep in mind:
1. Unless a site uses HTTPS, it is unencrypted - i.e. everything goes
back and forth in clear plain text.
2. Most free sites (Google, Facebook etc.) only encrypt the login page -
everything else is clear text.
3. Anyone can trivially hijack your connection - if you're using Wi-Fi
and don't use WPA2 with a strong random password, I can hijack your
connection in less than a minute. And actually so can you - the tools
are freely available and very easy to use. With wired connections it's
harder but not impossible - you simply have to know how to target the
computer you want to hijack. Again tools are freely available, though a
bit harder to use than the Wi-Fi tools.
4. Putting 2 and 3 together, we should all be able to arrive at the
conclusion that most data sent over our connections can be intercepted
by someone else.
5. Even if someone didn't want to go through the trouble of 2 & 3,
there's something even easier - I can just tell Facebook I'm Noel Gama
and ask for a password reset. Then I intercept Noel's mails and pick up
the new password and lock him out of it. This technique works with all
sites - some sites are stupid enough to let you specify where to send
the password reset mail so you don't even have to go through the trouble
of intercepting Noel's mail!
6. And of course there is phishing - the act of impersonating a
web-page, collecting user credentials and then forwarding them on to the
real page. E.g. I send you a link to google-mail and ask you to login as
you've just won a million pounds and there's an email waiting with
details. You click on the link. The link takes you to my site which only
looks like google-mail. You login, and I capture your user-name and
password and redirect you to the real google page. Where you're asked to
login again. You think you must have mis-typed and login again. Now I
have your account details. The same thing can be done with online
banking, credit card accounts etc.
Heres a few tips to avoid falling into such traps:
1. Keep your computer up-to-date with updates released by your vendor.
2. Don't use IE, use Firefox for browsing. Firefox will warn you about
potential problems and is generally a safer browser online. It's also
faster than IE.
3. Never click on links in emails claiming you've won a million pounds.
Just report them as spam.
4. Never open any attachment in emails from people you don't know
personally. And those you do know personally, call them up first and ask
them if they really sent that email before opening any attachment. It's
possible to embed viruses in image files - you have been warned.
5. Be very careful what you disclose about yourself online - the
information (even when password protected) is trivially easy to get at.
This can lead to identity fraud, robbery etc. This of course includes
Facebook, YouTube, Yahoo, Google, MSN etc. Think about how they make
money when they're not charging you - they sell your data and usage
patterns.
6. Most of us have trouble remembering passwords. Here's what I do. I
have:
a. Keep one strong password for use on the internet.
b. Keep one very strong password for encrypting files.
c. Encrypt my strong password and bank details (online login etc) with
(b). This way I only have to remember (b).
d. Protect the Wi-Fi connection with WPA2 with a randomly generated
maximum strength password which is also encrypted in the same file in
(c) with the password (b). So I don't have to remember this either.
Take care and don't trust anyone you don't know and you'll be fine
online.
Gerard Fernandes
> --~--~---------~--~----~------------~-------~--~----~
> You received this message because you are subscribed to the Google Groups "Daman Global" group.
> To post to this group, send email to daman-...@googlegroups.com
> To unsubscribe from this group, send email to daman-global...@googlegroups.com
> For more options, visit this group at http://groups.google.com/group/daman-global?hl=en
> -~----------~----~----~----~------~----~------~--~---
>
Gerard Fernandes
---------------
Trying to sell a used electronics item on e-bay? See this first:
http://www.schneier.com/blog/archives/2009/06/fraud_on_ebay.html
Note the bit about PayPal - I have been scammed on PayPal too (and I
don't even have an account!).
And here's a link that is linked to from the one above:
http://consumerist.com/5007790/its-now-completely-impossible-to-sell-a-laptop-on-ebay
On Mon, 2009-07-20 at 00:08 -0700, Noel Gama wrote:
>
>
Noel Gama
You're right about the 'I-told-you-so!' But as it's obvious, I did not
listen:)
They have restored my account now.
BTW, I'm the only one who uses WiFi in my office!
Noel
On Jul 21, 11:31 am, Gerard Fernandes <gerard.fernan...@gmail.com>
wrote:
> < 1KViewDownload
Noel Gama
Noel
On Jul 22, 11:13 am, Gerard Fernandes <gerard.fernan...@gmail.com>
wrote:
> ---------------
>
> Trying to sell a used electronics item on e-bay? See this first:
>
> http://www.schneier.com/blog/archives/2009/06/fraud_on_ebay.html
>
> Note the bit about PayPal - I have been scammed on PayPal too (and I
> don't even have an account!).
>
> < 1KViewDownload
Gerard Fernandes
scammers to make you (the seller) think you've been paid, when the funds
have actually been blocked (by the buyer opening a dispute).
But I have been impersonated on PayPal - and I don't even have an
account! That probably helped in the sense that there were no details
that could be stolen from my account. But it's only enough to make
PayPal think it's you to make you the target of any legal dispute.
This is perhaps the more scary aspect - online information can also be
misused by the legal system in your country.
In the UK, the police can get access to information about you without a
court order (as long as that information isn't in your house) - so an
email address (from PayPal) would be enough for the Police to force
Google to give out your IP which would then be easily traced to you via
your ISP.
BTW - it's also "legal" for the police to tap into your Wi-Fi connection
(e.g. from a car parked across the street) without a court order here in
the UK! This is why I use very strong encryption :) Not because I'm
doing anything that needs to be hidden, but because I value my privacy
and will do quite a lot to protect it.
The US is better in protecting individual privacy - at least so far.