Phishers becoming stupid?

Aug 05 2010 Published by jayras under Posts

Looking at the batch of Phishes I got over the past week I swear these guys are becoming stupid.

Or just plain lazy.

Look at this new Phish I got:  Controversial Currency Transaction

Everything about it, from the lousy subject, the typical “engrish” to the pasting in of irrelevant garbage just screams Laziness!

Or else, they have no clue what they are doing…

Which is actually good news for the likes of you and me…the stupider they get, the easier it is to identify.

I even got a Phish that had the title of “Blizzard Entertainment Cataclysm beta” but it was a Password Change phish.

….lazy….

The number of Phishes are starting to increase, mainly on the Beta front, but I also got 3 Aion Phishes, which is triple what I’ve ever received!

Here’s the count:

14 Beta Phishes

2 “Illegal Transaction” Phishes.

3 Aion Phishes

2 “Hacker IP” Phishes

1 LOTR Phish

2 Password Phishes (Beta)

2 Account Selling Phishes

For a total of 25.  Been busy…

One of the e-mails I got linked to the domain “bate.blizzcon-logincheck.com”

Which I got a chuckle out of…get it?  BATE….Phish…HAR HAR HAR

On another note….there’s a new tool I found in the fight against Phishes (Well, new to me at least…)

This is a Firefox plugin called “Interclue” which I got for decoding shortened URL’s before I click on them.

I was pleasantly surprised that, without fail, it recognized the links in these e-mails and popped up a warning saying these are reporting Phishing links.

I *LOVE* it!!

You can get it here:

http://interclue.com/

and I recommend it highly.

Oh…one more thing…

As you may have been aware of (and if you aren’t you live under a rock…) Starcraft II was released.

There is an apparent targeted Phishing attack directed at receiving keys or registering keys.  I haven’t seen any of them yet, but here is a post with more information about it:

http://www.lazygamer.co.za/general-news/psa-starcraft-ii-accounts-being-phished/

Comments are off for this post

Security Update at Blizzard, and new Phishes…

Jul 29 2010 Published by jayras under Posts

Posting a day early, this is just a notice about a specific change Blizzard made last week (That I missed..sorry for not mentioning it sooner.)

I had the unfortunate pleasure of getting locked out of my account.  Luckily it wasn’t a case of getting Hacked.  No, it was more stupid than that.

I got a new iPhone!!

Of course, I didn’t prep my account and I did format and turn in my old iPhone so I no longer had access to it.

When I got home, I soon realized my mistake when I went to login to Warcraft and when I launched my Authenticator it was giving me steps to register my NEW authenticator (WHOOPS)

So, next morning, I use my new iPhone and a headset and sat on Hold for 37 minutes (Yes, I counted…)

They drilled me, asking me question after question, making me PROVE to them that I am who I say I am (Good for you Blizzard!!)

In the end they pulled my old authenticator off, and sent me on my way to put the new one on.

During the process I noticed they added a step.

No longer can you just simply drop in a Serial number and wam BAM you have an authenticator (Which, unfortunately, hackers did all the time.)

No, now you put in the serial number, and then they send you an e-mail!

And from that e-mail you must click the link!

This is perfect…it means any hacker would be notifying themselves to you when they attempt to steal your account, and you are smart enough to scream HEY!! I didn’t do that, and NOT click the link!!

Here’s the new process:

  • Log onto Battle.net Account Management (http://www.battle.net/account/)
  • Click on Settings, then click Manage Security Options
  • Click on Add this authenticator
  • [new]—>Required confirmation link sent to your Battle.net account email address
  • You log onto your email account itself, look for an email titled Battle.net Account Authenticator Addition from noreply@blizzard.com with a link to loop back to Account Management. This contains a one-time use token.
  • Add a mobile or keychain authenticator
  • Now you have an authenticator

More information on the change can be found here:

Forum Post on the new change.

Now, for the bad news…

Blizzard broke one of their cardinal rules…the e-mail you get is not Personalized.

AND…I’ve already received a fishing attempt with this new e-mail (Its is a direct copy…with a new link….)

So, if you are adding an authenticator…make sure you are looking at a good e-mail and not a phish, scrutinize the header and make sure it isn’t from Hotmail, and it is from Blizzard.

Comments are off for this post

Branching out.

Jun 09 2010 Published by jayras under Posts

Last couple of days have been interesting on the Phish Front (heh…or is that Phish Phront…I kill me…)

I received a dangerous Phish regarding my Facebook account.  It’s a copy of the REAL e-mail, right down to the graphics and the formatting.

The link, of course, was anything but Facebook.

Interestingly enough, the SMTP Server used for this phish was Bagcrafters.

Quick Google shows that one version of the Homepage is X-Cart, and another version is Replica (Fake) Bags.

eh…who knows, maybe the hacker can’t hack selling fake bags so decided to branch out in fake e-mail market (Oh ya, I kill me…)

I also received a Phish for “Lord of the Rings Online”, which is a game I’ve never played.

This e-mail has to be the worst crafted Phish on the planet.

The e-mail’s “Rely To” is Codemaster, which in my limited research actually shows it as a competitor to Turbine, and has no affiliation with Turbine or Lord of the Rings Online.

(Do a search for the game on Codemaster’s site and you get a couple of screenshot links and that’s it.)

The fake link the Phish to drawing you too is also a misspelling of Codemaster instead of Turbine.

And then, the Body of the e-mail.  Oh Boy…

Again, I don’t have a Turbine Account nor do I play Lord of the Rings Online, but the body of the e-mail is exactly the e-mail I get when I change my Battle.net password.

One final word for today:
Symantec is reporting an increase in Phish Spam going out in the wild in regards to the World Cup.  So, be leary of updates for the World Cup out of the blue promising you some cool updates or cool video footage.  It could very well be a lure to get your keys.  More info here:

http://www.symantec.com/connect/blogs/spammers-begin-their-games-early

Comments are off for this post

Ͼ http://www.pthkm.com/xpjylc/ http://www.pthkm.com/bgylc/ Ͼֳ http://www.pthkm.com/pjylc/ ewinֳ http://www.ybewv.com/ewinylc/ Ŷij http://www.ybewv.com/amdc/ ˰ټ http://www.eklhp.com/zrbjl/ Ŷij http://www.aojxq.com/amdcgl/ bet http://www.lpmwq.com/bet365ylc/ ȫѶ http://www.wfgpb.com/qxwgw/ 188 http://www.ywiql.com/jbb188gq/ bet http://www.nwiza.com/bet365ylc/ 365 http://www.rvodp.com/bet365tyzx/ Ͼ http://www.yjzhv.com/smxpjgw/ Ͼij http://www.utssx.com/ampjdc/ ˹˶ij http://www.bkrft.com/amwnsrdc/ Ͼij http://www.bkrft.com/pjdc/ ƶij http://www.bkrft.com/yddc/ Ŷij淨 http://www.bkrft.com/amdcwf/ ȫѶ http://www.bkrft.com/qxwzx/ ˹ά˹ij http://www.fldwd.com/lswjsdc/ ζij http://www.fldwd.com/lwdc/ ŶijЩ http://www.fldwd.com/amdcynx/ ij http://www.fldwd.com/mddc/ ˹˶ij http://www.fldwd.com/wnsrdc/ Ͼij http://www.yuwew.com/amxpjdc/ ĥij http://www.yuwew.com/mddc/ ijϷ http://www.yuwew.com/dcyx/ ĥƽij http://www.yuwew.com/mdhjdc/ ĥij http://www.hgvnk.com/lwmddc/ Űټ http://www.hgvnk.com/ambjl/ ټϷ http://www.hgvnk.com/bjlyx/ ˰ټ http://www.hgvnk.com/zrbjl/ http://www.dnczv.com/bcw/ Ŷij http://www.ybewv.com/amdc/ ˰ټ http://www.eklhp.com/zrbjl/ ټ http://www.zytygb.com/baijiale/ Ŷij http://www.luyouren.com/amdc/ ֳ http://www.yjzhv.com/ozylc/ Ŷij http://www.luyouren.com/aomenduchan/ bet http://www.lsylnj.com/bet365/ Ŷij http://www.lsylnj.com/amdc/ ټ http://www.lsylnj.com/bjl/ http://www.lsylnj.com/bcw/ ˹ http://www.lsylnj.com/wnsrylc/ Ͼ http://www.lsylnj.com/xpjylc/ ټ http://www.zytygb.com/baijiale/ Ŷij http://www.luyouren.com/aomengdushang/ ewinֳ http://www.luyouren.com/ewinyulechen/ bet http://www.luyouren.com/bet365/ ټ http://www.luyouren.com/bjl/ Ŷij http://www.luyouren.com/amdc/ Ŷij http://www.luyouren.com/amduchan/ Ŷij http://www.luyouren.com/aomendc/ Ŷij http://www.luyouren.com/aomenduchan/ Ŷij http://www.luyouren.com/aomengdushang/ ewinֳ http://www.luyouren.com/ewinylc/ ewinֳ http://www.luyouren.com/ewinylchen/ ewinֳ http://www.luyouren.com/ewinylec/ ewinֳ http://www.luyouren.com/ewinyulc/ ewinֳ http://www.luyouren.com/ewinyulechen/ http://www.dnczv.com/bcw/ ټ http://www.dnczv.com/bjl/ bet http://www.dnczv.com/bet365/ ˹ http://www.pthkm.com/wnsrylc/