Phishing? Sad!

For general computer discussion & help, come here

Moderators: Bakhtosh, EvilHomer3k

Post Reply
User avatar
killbot737
Posts: 5660
Joined: Wed Mar 02, 2005 11:19 pm
Location: Next to America Jr.

Phishing? Sad!

Post by killbot737 »

This weekend I got two odd email alerts from random websites. They said I was trying to sign up with them. Of course I hadn't tried to sign up with them, but that did not sate my curiosity. These were from Microsoft and Apple, btw, not BS mmorpg forums or whatever. I had signed up with these sites using a different email address before, but not the one that they were sending alerts to.

So I did whatever any person would do, I typed in the name of the site that emailed me and tried to log in. I could not! I then used the "I forgot my password!" links, which sent me a convenient link to reset "my" password on each of their sites. Fing Fam Foom, I now control those accounts.

As far as I can tell they were legit sites, and FF did not complain at the URLs. So I guess now identity theft thieves think they can sign up for sites that do email verification? Maybe they have a secret tunnel into my email account? I received all the notifications with no problem.

Very Strange.
There is no hug button. Sad!
User avatar
Kasey Chang
Posts: 20750
Joined: Sat Oct 30, 2004 4:20 pm
Location: San Francisco, CA
Contact:

Re: Phishing? Sad!

Post by Kasey Chang »

They may be expecting you to have a "core" email there where they can gleam your passwords and whatnot.

Another possibility is account "cloning". If they control one email address that ostensbily belong to you, they may be able to social engineer their way past some unsuspecting phone reps and convince them into accessing your "real" account.

I've heard of this done at banks, where some unsuspecting rep allowed someone to open an account under another guy's name (so the guy would appear to have two accounts), then engineer a failure (screw up the ATM card) then call customer support and convince them into giving up the "real" account to the faker. This probably won't work given the right security procedure at Apple or MS though.
My game FAQs | Playing: She Will Punish Them, Sunrider: Mask of Arcadius, The Outer Worlds
User avatar
Daehawk
Posts: 63524
Joined: Sat Jan 01, 2005 1:11 am

Re: Phishing? Sad!

Post by Daehawk »

I keep getting an email that some ip in China keeps attempting to log in with. I reported them to the ip report site. Bet that will do a big woop of good.

I also got a stupid English not first language email wanting my help getting their money :)
--------------------------------------------
I am Dyslexic of Borg, prepare to have your ass laminated.
I guess Ray Butts has ate his last pancake.
http://steamcommunity.com/id/daehawk
"Has high IQ. Refuses to apply it"
User avatar
FishPants
Server WhOOre
Posts: 4658
Joined: Fri Oct 15, 2004 1:38 pm
Location: Canada

Re: Phishing? Sad!

Post by FishPants »

Do yourself a favour and make sure you have 2FA enabled on key sites (Gmail, Amazon, LinkedIn, Paypal, Lastpass, iCloud etc). Someone is actively going after you, likely trying password reuse attacks. Honestly get google authenticator working on those if you haven't already.

Plug your email address that's being used into Have I been Pwned?. This is where I found my wife's email on a combo list (and explained why people were attacking her bank login, facebook etc).
No.
User avatar
Daehawk
Posts: 63524
Joined: Sat Jan 01, 2005 1:11 am

Re: Phishing? Sad!

Post by Daehawk »

Dont most of those 2nd and 3rd security measures require a smart phone? Dont have one.
--------------------------------------------
I am Dyslexic of Borg, prepare to have your ass laminated.
I guess Ray Butts has ate his last pancake.
http://steamcommunity.com/id/daehawk
"Has high IQ. Refuses to apply it"
User avatar
Punisher
Posts: 3946
Joined: Thu Mar 24, 2005 12:05 pm

Re: Phishing? Sad!

Post by Punisher »

killbot737 wrote:This weekend I got two odd email alerts from random websites. They said I was trying to sign up with them. Of course I hadn't tried to sign up with them, but that did not sate my curiosity. These were from Microsoft and Apple, btw, not BS mmorpg forums or whatever. I had signed up with these sites using a different email address before, but not the one that they were sending alerts to.

So I did whatever any person would do, I typed in the name of the site that emailed me and tried to log in. I could not! I then used the "I forgot my password!" links, which sent me a convenient link to reset "my" password on each of their sites. Fing Fam Foom, I now control those accounts.

As far as I can tell they were legit sites, and FF did not complain at the URLs. So I guess now identity theft thieves think they can sign up for sites that do email verification? Maybe they have a secret tunnel into my email account? I received all the notifications with no problem.

Very Strange.
Just out of curiosity, when you went to them, did you verify the sites security? Just in case someone was spoofing the site..
All yourLightning Bolts are Belong to Us
User avatar
FishPants
Server WhOOre
Posts: 4658
Joined: Fri Oct 15, 2004 1:38 pm
Location: Canada

Re: Phishing? Sad!

Post by FishPants »

Daehawk wrote:Dont most of those 2nd and 3rd security measures require a smart phone? Dont have one.
Yes ideally a separate device, but you could use Google authenticator in WinAuth or even just download blue stacks and use it in there.
No.
User avatar
GreenGoo
Posts: 42239
Joined: Thu Oct 14, 2004 10:46 pm
Location: Ottawa, ON

Re: Phishing? Sad!

Post by GreenGoo »

FishPants wrote: Plug your email address that's being used into Have I been Pwned?. .
Neat.

Came back in the clear for me, but my wife was part of the 2013 Tumblr breach. It's not the end of the world as she doesn't really use that account and I don't think the password is reused anywhere else, but you never know.

Also, according to the site Fishpants linked, the data included salted password hashes. Someone with a better understanding might need to correct me, but I would think that salted hashes would be a tough nut to crack. Since there were 65 million accounts grabbed, that would seem to be an insurmountable amount of computing power needed to crack those passwords. Plus 1 account in 65 million seems like pretty good odds that no one ever even tries working on her password.

edit: found an article that stated exactly that, so I guess the risk is minimal. Of course her email address is circulating unsavoury places on the 'net, but it's almost impossible to keep your address from existing in full view when nothing goes wrong, so...shrug.
User avatar
killbot737
Posts: 5660
Joined: Wed Mar 02, 2005 11:19 pm
Location: Next to America Jr.

Re: Phishing? Sad!

Post by killbot737 »

That combo list notification came up for me this time, but last time I checked I changed all my passwords on semi-important sites, or ones where I had used the same pw. Or at least as many as I could remember. Actual important sites have always had unique long/strong passwords.

I think it was just some dude testing random signups, my email is very high alphabetically and at one time I did use the same pw on a lot of "meh" sites. Well, sometimes I still do. Oh noes! Some haxx0r has taken over my forum privileges at <random too-grindy Korean MMO>. :)
There is no hug button. Sad!
User avatar
Rumpy
Posts: 12672
Joined: Sun Mar 27, 2005 6:52 pm
Location: Sudbury, Ontario, Canada

Re: Phishing? Sad!

Post by Rumpy »

I've had something similar happen for quite a while now. But basically it's because of my old email address that I'd had for so long and that I had put out there on websites that I had created, where the address was publicly visible. I can easily see how spammers would have collected the address. Occasionally, I'll get emails from services I'm not a member of. The latest ones have been LinkedIn and Instagram, but I don't really pay much attention to them. I figure there's not much I can do about it at this point. I have a redirect from this address and it had been my ISP address up until about a year or two ago when I decided I needed to change it and I've been planning on turning it off. It's been taking a bit longer than I've wanted to because of the legitimate services I do use that were linked to that address.
PC:
Ryzen 5 3600
32GB RAM
2x1TB NVMe Drives
GTX 1660 Ti
User avatar
FishPants
Server WhOOre
Posts: 4658
Joined: Fri Oct 15, 2004 1:38 pm
Location: Canada

Re: Phishing? Sad!

Post by FishPants »

Put it this way, my wife started randomly (and sporadically over a year):

1. Posting weird shit on Facebook and would change her password.. Then it would happen again.
2. Got Amazon notifications that she had just ordered a couple televisions, computers etc. She called Amazon (how the hell she found a phone number for them I don't know) and they cancelled the order and she reset her password (and added 2FA).
3. Got locked out of her facebook, she caught that fairly quickly and changed her password again.
4. Started getting locked out of online banking, whomever it was wasn't able to get in but they were trying -- that's when I got involved seriously.

I turned on 2FA on every site that she visits that supported it, and forced her into a LastPass account. That's when I realized she used similar passwords on a lot of sites; and lastpass forced her to change them (and has the ability to do a lot of it automatically).

So don't use the same passwords (obviously) and don't do just simple iterations of the same password (these guys look for patterns and then use them).
No.
User avatar
LordMortis
Posts: 70100
Joined: Tue Oct 12, 2004 11:26 pm

Re: Phishing? Sad!

Post by LordMortis »

FishPants wrote: Plug your email address that's being used into Have I been Pwned?. This is where I found my wife's email on a combo list (and explained why people were attacking her bank login, facebook etc).

How does it know?
User avatar
Isgrimnur
Posts: 82085
Joined: Sun Oct 15, 2006 12:29 am
Location: Chookity pok
Contact:

Re: Phishing? Sad!

Post by Isgrimnur »

This site came about after what was, at the time, the largest ever single breach of customer accounts — Adobe. I often did post-breach analysis of user credentials and kept finding the same accounts exposed over and over again, often with the same passwords which then put the victims at further risk of their other accounts being compromised.

The FAQs page goes into a lot more detail, but all the data on this site comes from publicly leaked "breaches" or in other words, personal account data that has been illegally accessed then released into the public domain. Have I been pwned? aggregates it and makes it readily searchable.
It's almost as if people are the problem.
Post Reply