Phishing Phollies

If you recall my post from Nov. 20, the ComputerWorld article mentioned that scammers had figured out a way for their malicious sites to rise to the top of Google searches. Well, my heros at Google have put a stop to that evil infiltration of my online existence!

ComputerWorld reported yesterday that:

"November 28, 2007 (Computerworld) — Google Inc. has purged its index of the thousands of malware sites that wormed their way into results lists for hundreds of legitimate search phrases, researchers confirmed today.

"They look gone to us," said Alex Eckelberry, the CEO of Sunbelt Software Distribution Inc., the company that broke the news Monday of a massive, coordinated campaign by attackers to spread malware through search results on Google, Yahoo, Microsoft Live Search and other sites."

Please read the article for more information.

In any event, you still need to be careful. While your most successful searches will usually give you what you want within the first 10 - 20 hits, you still need to be wary of hits returned with odd URLs that just don’t seem like they really match what you were looking for. Learn to decipher the URLs in the search results. If you are searching for a book, you’d expect that the URLs returned in a search would relate in some way to books: www.amazon.com; www.booksellers.blah; libraries, publishers, etc…. but if the URL does not seem to fit in the group you may want to skip that result.

I’ve been spending my evenings and weekends in my woodshop making ornaments. Take a look at my Google Picasa Albums. If you’d like to see them live I have a tree in my office with all of them displayed. I try to add one or two each day depending on how long my back lasts at the lathe.

Truffuls® Irresistible Delights

Many of you have seen these before, but if you haven’t, feel free to poke around. More will be added to this category when I get sick of making ornaments!

Lidded Vessels

Every day since my Florida trip I’ve gotten at least 5 phishing attempts, but since I’ve posted so many already I don’t see the value in posting them here.

Just be very sceptical of any email asking you to do anything concerning personal/financial information. There is an extremely high likelihood that it is an attempt to relieve you of your financial stability.

I’ll continue to post interesting samples to delight you, but for now, I’ll concentrate on other topics from the criminal underbelly.

Apparently, GPS Units are the hot item dirtbags are looking for this holiday "shopping" season. Last Monday, in broad daylight, in a busy parking lot, my car, not 30′ from my office, had its passenger side window smashed and my GPS stolen. Good thing they didn’t take the VHF Coast Guard radio or the Feds would be looking for them!

The joke is on them, our unit was broken; it didn’t hold a charge, and we were planning on getting a new one soon. But, I am disturbed that they have all my addresses that I frequent, even my dad’s in Florida. Now we have a groovy Garmin Nüvi 360! This thing has an 8 hour battery, interacts with your cellphone via Bluetooth and will even ready my Audible.com audio books! Oh, and it is password protected so it won’t unlock without the password or you are in our driveway!

From the intel I’ve gathered, they (the scum of the Earth), spot a GPS sucked to your window and smash and run. Some of them will even smash the window if they see a residual "suck mark" from the suction cup holder. A colleague reported that every car with a GPS on his block was broken into.

I made a small sign and am placing it on all the cars in my lot if I see evidence of a GPS Unit.

Ah, Christmas; it brings out the "BEST" in everyone!

A: Yes, and either way, you are screwed!

These are appearing more and more frequently in my inbox. They don’t send you to a bogus site, instead, they are sitting on their lazy backsides waiting for you to call them. Some of them claim this is a toll-free number, some claim they are in Indiana, or other states. Fact is, 641-665-XXXX is an exchange from New Haven, Iowa.

Interestingly enough, 641 is also used for calling card calls and other types of greedy tactics. Don’t people in Iowa have any legitimate business to attend to?

NEVER call a number provided in an email asking for personal info or telling you you’re a winner of some fortune or your card/account has been suspended/terminated, etc…. Call the number on your monthly statement or on the website you always go to (don’t click on a link in an email).

Can you spot the "Phake"? Take the PayPal Phishing Challenge and you too could become a PayPal Anti-Phishing Champion!

According to ComputerWorld "Black Friday" is one of the most profitable events for hackers trying to steal your holiday cheer and anything else they can get their filthy paws on.

There are usually a handful of "hot" items that everyone is vying for this time of year; be it a Tickle-Me-Elmo or a Wii. Don’t fall victim to that email claiming to have your Holy Grail at an unbelievable price/quantity on a very popular site. Do NOT click on the link! VERIFY the code behind that link to see where it is really trying to take you. The scammers are not only trying to take you to a fake site to steal your info, their fake site may also be installing key stroke monitoring code on your computer to collect what you type in the future.

I’m disturbed by the following excerpt from the ComputerWorld article:

"Online fraudsters have been busy this year. Fraud losses related to U.S. e-commerce will top $3.6 billion in 2007, up 20% from last year, according to a report by the vendor CyberSource this month. The increase in dollar loss is due mostly to growing e-commerce sales, as the percentage of transactions that are fraudulent has held steady.

The run-up to Christmas and tax filing season are the two most dangerous times of the year for online shoppers, Yaneza says.

In addition to being wary of e-mails, be careful when searching for holiday deals or specific products on Google and other search engines. Operators of malicious sites have figured out ways to rise to the top of search listings.

"We’ve seen instances where the top site that is ranked actually gets there by gaming the Google search algorithm," Yaneza says."

$3.6 BILLION, These dirtbags have stolen THREEPOINTSIX BILLION bucks out of your pockets! WAKE UP PEOPLE!!!!!! And, remember, that is only the reported amounts. Many victims are too embarrassed to report their losses.

I don’t know how many different ways we; the people who don the superhero capes to fight these criminals, can say it: DON’T BE FOOLED!  Even if you are a regular customer of "Company X" do not click on a link in an email purported to be from Company X without making damn sure that email is real. better yet, open your browser and type the URL you always go to (www.amazon.com) rather than clicking on any link in an email. It only takes a second people, it isn’t going to destroy your day to exercise those fingertips and type rather than clicking on your mouse.

A message from your local superhero; Super Pessimist

If the human body is 2/3 water and has an average internal temperature in the mid to high 90° range (mine is 96°) why do I feel hot and sticky when it is 80° and humid?

I’m just back from a long vacation visiting my dad and step-mom. We had a great time. Dad is 83 and still has that mischievous twinkle in his eye. We played tons of pinochle and shuffleboard.

I’ve got quite a collection of rotten phish awaiting posting so check back later this week for an update.

In the meantime, enjoy this interesting Flickr album taking SPAM subject lines and turning them into art.