Robert Song...your e-mail has been hacked...

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Robert Song...your e-mail has been hacked...

    I received this message today:

    Hello,

    I'm sorry I didn't inform anyone about my trip to Madrid, Spain. Unfortunately I was mugged at gunpoint, at the hotel park am staying. My cell phone, cash and credit card was stolen in the process and I immediately file a report to the Police, but they seems to be taking things too slow. My flight leaves in few hrs from now and I need a quick loan to settle the hotel bills and my transport to the airport. I promise to reimburse immediately I arrive back home safely. Please get back to me asap.


    Thanks,
    Robert Song

  • #2
    Re: Robert Song...your e-mail has been hacked...

    I got the same message, letter by letter and point by point.

    Comment


    • #3
      Re: Robert Song...your e-mail has been hacked...

      Originally posted by Erwin Casareno View Post
      I got the same message, letter by letter and point by point.
      Thanks. Yes, my Gmail account was hacked today.:( Please kindly ignore the message. :)

      Robert

      Comment


      • #4
        Re: Robert Song...your e-mail has been hacked...

        Originally posted by Robert Song View Post
        my Gmail account was hacked today.
        May you share details if they are known? I thought that hotmail is really vulnerable. Seems google too.

        Comment


        • #5
          Re: Robert Song...your e-mail has been hacked...

          Originally posted by Egidijus Zeromskis View Post
          May you share details if they are known? I thought that hotmail is really vulnerable. Seems google too.
          The scam seems to be a rather elaborate one and there are a number of variants. The bogus emails all start with some variation on a sentence like:

          "I'm sorry I didn't inform anyone about my trip to Madrid, Spain. Unfortunately I was mugged at gunpoint, at the hotel park am staying."

          The email goes on to implore you as a friend, colleague, associate, etc. to contact them. It all looks legit because the return email goes back to your friend's email address. But in fact your reply goes back to the crooks. After a few back and forth emails, the crooks (posing as your friend or associate) ask for a wire transfer of money.

          There's a good article describing the mechanics of the scam and explaining how you can get control back of your Gmail account:

          http://www.infosecisland.com/blogvie...en-Hacked.html

          Basically the crook has gained access to your account (maybe by guessing a password, maybe by sniffing your network traffic, or a key logger or whatever). They create a bogus email that looks like it came from Gmail and then they forward all email received at the Gmail account to a Yahoo account.

          Very nasty stuff. I'll bet they've scammed more than a few trusting people.

          Comment


          • #6
            Re: Robert Song...your e-mail has been hacked...

            I received new cheques in the mail and included was a card asking me to call a phone number to activate free identity theft prevention services. The company is called idefense. They claim to work with Davis & Henderson, the company that prints cheques for most of the major banks.

            I called the number, believing it was necessary to validate the new cheques. Anyway, he started explaining the free services and the premium services, but I cut him off with, I will think about it. So he sent me an email and website address to investigate. www.idefense.com

            Can anyone recommend idefense? Are they legitimate? I worry too about identity theft, even from those offering identity theft protection. :D

            Comment


            • #7
              Re: Robert Song...your e-mail has been hacked...

              Originally posted by Bob Gillanders View Post
              So he sent me an email and website address to investigate. www.idefense.com

              Can anyone recommend idefense? Are they legitimate? I worry too about identity theft, even from those offering identity theft protection. :D
              The URL www.idefense.com redirects to:

              http://www.verisigninc.com/en_US/pro...html?loc=en_US

              which describes Verisign's Security Intelligence Services. Verisign was a spin-off from RSA (a company specializing in cryptography and the SecurID authentication token). Verisign made their fortune producing SSL certificates (which are used in secure web transactions). Recently Verisign spun off it's SSL certificate business to Symantec. Verisign now specialize in network security services.

              It's not obvious to me that Verisign has anything to do with identity theft protection.

              Now if the URL is www.idefence.com, then we get to a identity theft service. They've sold their services to BMO and some other places. There's not a heck of a lot of information on them so it is difficult to judge whether the service is worth buying. They appear to be for real. Whether of real value, that's another question which I can't answer.

              Comment


              • #8
                Re: Robert Song...your e-mail has been hacked...

                Originally posted by Steve Karpik View Post
                The URL www.idefense.com redirects to:

                http://www.verisigninc.com/en_US/pro...html?loc=en_US

                which describes Verisign's Security Intelligence Services. Verisign was a spin-off from RSA (a company specializing in cryptography and the SecurID authentication token). Verisign made their fortune producing SSL certificates (which are used in secure web transactions). Recently Verisign spun off it's SSL certificate business to Symantec. Verisign now specialize in network security services.

                It's not obvious to me that Verisign has anything to do with identity theft protection.

                Now if the URL is www.idefence.com, then we get to a identity theft service. They've sold their services to BMO and some other places. There's not a heck of a lot of information on them so it is difficult to judge whether the service is worth buying. They appear to be for real. Whether of real value, that's another question which I can't answer.
                Hi Steve,

                I received a letter from a group called PEAK saying that my statements were now online...and that I would no longer receive my statements by mail...and they gave a website to activate my account. First thought was...hmmm...I don't remember this company...but maybe a company I had investments with was bought by them at some point...and I didn't notice...so I went to the website...when they started asking questions like my social insurance number....I left the site :). Is there anything out there on these folks?

                Larry

                Comment


                • #9
                  Re: Robert Song...your e-mail has been hacked...

                  Originally posted by Steve Karpik View Post
                  Now if the URL is www.idefence.com, then we get to a identity theft service. They've sold their services to BMO and some other places. There's not a heck of a lot of information on them so it is difficult to judge whether the service is worth buying. They appear to be for real. Whether of real value, that's another question which I can't answer.
                  Thanks Steve. This the correct URL. I made a typo in my post, oops. :o

                  Comment


                  • #10
                    Re: Robert Song...your e-mail has been hacked...

                    Originally posted by Larry Bevand View Post
                    Hi Steve,

                    I received a letter from a group called PEAK saying that my statements were now online...and that I would no longer receive my statements by mail...and they gave a website to activate my account. First thought was...hmmm...I don't remember this company...but maybe a company I had investments with was bought by them at some point...and I didn't notice...so I went to the website...when they started asking questions like my social insurance number....I left the site :). Is there anything out there on these folks?

                    Larry
                    This is a very tricky area. Crooks will pick company names that are very close to the name of reputable companies. Or they will claim to be the real thing and give you a URL that is very similar to the the real URL but might differ by a single letter. Or the fake URL might be .net or something else rather than .com. It is so easy to be scammed.

                    Your PEAK might be a scam or it might be real. It never hurts to be overly cautious and it is often quite wise. One thing that you should look for is the SSL certificate for the web site. If you are providing a company with sensitive information (SIN, birthdate, address -- any of the things that could be used for identity theft by a scoundrel), the web connection should be https not http. And if it is https there will be a certificate that your browser can show you. The certificate will show who owns the web site in question. To get an SSL certificate a company has to prove that it is real and exists as a legal entity. Crooks don't usually like to provide so much documentation about their whereabouts and identity. If your browser tells you that the SSL certificate is expired or bogus, I would be very cautious about providing any information to the web site.

                    PEAK sounds suspicious from what you said. I'll bet the URL used just http not https.

                    Comment


                    • #11
                      Re: Robert Song...your e-mail has been hacked...

                      Originally posted by Bob Gillanders View Post
                      Thanks Steve. This the correct URL. I made a typo in my post, oops. :o
                      URL typos are one of the oldest forms of scams ... anyone remember

                      white house.com ? - I put the space in there deliberately so the insanely curious would not click on it

                      It is supposed to be .gov

                      Not a typo I suppose - more of a top level domain confusion, but this started back when zillions of the unwashed were getting on the WWW thingy and many people believed there only WAS .com

                      Sometimes it can be fun to deliberately check alternate spellings or alternate TLD and see where you go - most often it is an unused domain registration and you are just directed to a marketing page saying that you can get that domain name for just $29.95/year or whatever... Sometimes, it is already set up as an interesting trap for the unwary or fumblefingered.
                      ...Mike Pence: the Lord of the fly.

                      Comment


                      • #12
                        Re: Robert Song...your e-mail has been hacked...

                        Originally posted by Steve Karpik View Post
                        PEAK sounds suspicious from what you said. I'll bet the URL used just http not https.
                        I read this as my eyes move to the top of the page.
                        I see chesstalk site starts as http not https
                        oops, cfc site also
                        Last edited by Bob Gillanders; Tuesday, 28th February, 2012, 12:08 PM.

                        Comment


                        • #13
                          Re: Robert Song...your e-mail has been hacked...

                          The first time I received this scam, it was from a famous International Arbiter, who might reasonably have been travelling through the country in question at the time. Fortunately, I read on. Most of these email scams would not ultimately fool a person with an IQ of greater than Fahrenheit room temperature. Having written that, I may find a way to prove my true IQ by falling into such a piège.

                          In my experience, Canadian financial institutions don't use email intelligently. They have internal messaging systems, which they use to send advertising to your account. But they use insecure email to answer queries. It should be the other way around. They might use ordinary, insecure email to send you an automated notice that there's a confidential message waiting on their secure site. But so far as I know, they don't do that.

                          Incidentally, Bob G, the s in https stands for secure. These forums, whose result quickly becomes public, correctly use http rather than the bandwidth and CPU-cycle hungrier https.

                          I want to know if Robert Song's gmail account was really hacked, or if he was a bad boy and used an easily-guessed password, such as any word from a dictionary. Back in the 1980s, Compuserve used to come with pre-distributed passwords which were two dictionary words separated by punctuation. For example, mite*glads. Back then, that slight complication on dictionary lookup seemed to work well enough, and the passwords were easily remembered by their owners. I suppose that isn't well-regarded anymore. iTunes requires a password of 8 characters with a number, and both upper and lower case letters, a tedious process on a virtual keyboard. That's even if you're just downloading free apps, no credit card. I would think that online email should inspire the user to employ at least that level of craftiness in choosing a password.

                          Comment


                          • #14
                            Re: Robert Song...your e-mail has been hacked...

                            Originally posted by Jonathan Berry View Post
                            and the passwords were easily remembered by their owners..
                            On other chess forum, a discussion about passwords went to a conclusion that chessplayers should use chess variations
                            like
                            1.e4e52.Nf3Nc63.Bb5 with some exclamation and/or question marks :D

                            Comment

                            Working...
                            X