PDA

View Full Version : Re: absolutewrite.com account notification [Phishing email]



MacAllister
06-10-2010, 04:24 AM
This would be funny, if I didn't know how many people fall for this sort of thing -- especially since I own and run this site (albeit with a great deal of help) so I know full well what complete crap it is.

If you get this email, pretending to be from absolutewrite.com, it's NOT from us. It's a phishing scam spoofing an AW email address. Do NOT download anything. Do NOT open the attached file.

I've gotten three different versions of this today:


Dear Customer,

This e-mail was send by absolutewrite.com to notify you that we have temporanly prevented access to your account.

We have reasons to beleive that your account may have been accessed by someone else. Please run attached file and Follow instructions.

(C) absolutewrite.com

alleycat
06-10-2010, 04:35 AM
Why do I have a vision of a future post in Tech . . . "I got a virus from Absolute Write!"

I must be psychotic psychic.

MacAllister
06-10-2010, 04:49 AM
<sigh> yeah. Exactly.

If you care enough to look at full headers, it's obviously not actually from us. But for the record, we will NEVER ask you to download anything, and we will NEVER ask for a password or login information.

Medievalist
06-10-2010, 05:11 AM
Keep in mind that if an Official AW person needs to reach you, we can send you a PM or email you using the email you used to register at AW.

You can always use the Contact Us form, on the lower right of every screen, to contact MacAllister.

Snowstorm
06-10-2010, 05:47 AM
Not to mention official AW folks know how to spell.

William Haskins
06-10-2010, 06:40 AM
Not to mention official AW folks know how to spell.

in my defense, it was a rush job.

Gravity
06-10-2010, 06:54 AM
I hate it when my access is temporanly prevented. Makes mee want to shot somone.

robeiae
06-10-2010, 06:21 PM
If you culd spelt more better, they woodnt be preventeding it.

aadams73
06-10-2010, 06:57 PM
So let me get this straight: Absolute Write is NOT offering me a bigger pen1$?

Bufty
06-10-2010, 07:14 PM
Stop bragging - they're delivered in map mailing tubes.

Margarita Skies
06-10-2010, 11:04 PM
Thanks for the warning!! :) Absolute Write would never send a virus through any means or put viruses on their website, to anyone that might say they got a virus from AW. These people are great, ok? They're amazing and they would never do that to us. :)

Cyia
06-11-2010, 02:37 AM
I haven't gotten the AW "notice" yet, but I just got one from "SiFy".com (<--- check the "i" where there should be a "y"), so anyone who uses the SyFy boards might want to double check any "official" communications.

benbradley
06-11-2010, 04:32 AM
I haven't gotten the AW "notice" yet, but I just got one from "SiFy".com (<--- check the "i" where there should be a "y"), so anyone who uses the SyFy boards might want to double check any "official" communications.
Oh, that is SO LAME. It can't be that hard thesedays to still find an open server somewhere that lets you send anything through it and fake whatever address and domain name in the From: field you like. Or find some other Internet hole where you can spew the cyber equivalent of thousands of barrels of spam a day.

Reply to them and tell them don't send you anything more until they know how to do a REAL Joe Job.

Medievalist
06-11-2010, 06:17 AM
Oh, that is SO LAME. It can't be that hard thesedays to still find an open server somewhere that lets you send anything through it and fake whatever address and domain name in the From: field you like. Or find some other Internet hole where you can spew the cyber equivalent of thousands of barrels of spam a day.

Reply to them and tell them don't send you anything more until they know how to do a REAL Joe Job.

One of the things that's so odd about this particular attempt is it's TOTAL LAMNESS. Like the reply headers. Like the javascript--which some browsers will actually refuse to execute.

But.

It's working, clearly, well enough to keep sending it out.

dclary
06-12-2010, 02:33 AM
Pishaw. I used to get that email from Mac monthly.

:|

dclary
06-12-2010, 02:40 AM
Oh, that is SO LAME. It can't be that hard thesedays to still find an open server somewhere that lets you send anything through it and fake whatever address and domain name in the From: field you like. Or find some other Internet hole where you can spew the cyber equivalent of thousands of barrels of spam a day.

Reply to them and tell them don't send you anything more until they know how to do a REAL Joe Job.

Yes, but most email servers on the receiving end refuse to deliver emails sent from a location that isn't the address on the header anymore.

SWest
06-12-2010, 07:34 PM
I'm sorry, whatever Mac needs to know about my social security number - it will just have to wait.

Because right now I am dealing with a very important NOTIFICATION from Microsoft, some urgent situation at the ORPHANAGE where I launder most of my send a lot of my money, and corresponding with someone who has discovered that my WEB SITE DOES NOT WORK :eek: (duh! I've been nagging it to get a job for years).

:Shrug:

Lady Ice
06-12-2010, 08:27 PM
Not to mention official AW folks know how to spell.

Most phishing emails are badly spelt.

Catadmin
07-02-2010, 03:18 PM
Most phishing emails are badly spelt.

That's because many of them come from people to whom English is a second language (not their native language and the U.S. is not their home country). So they spell phoenetically and don't realize how obvious they're making it. That's not to say phishing emails don't come from inside the U.S. and that our citizenry has no spelling problems. It's just that a majority of these emails do actually come from third world countries.

(interesting- I just realized the ancestor of the word "phoenetic" is probably "Phoenician" as in the culture that created the common alphabet...)

Freelancer
07-02-2010, 04:12 PM
MacAllister. If it's happening again, report it to the F.B.I.s IC3 division. They can deal with it. I also reported a similar to them in the past and this sort of scam emailing is stopped shortly after I reported it.

Here is their link,
http://www.ic3.gov/default.aspx

Also check the integrity of AW servers and look for the clues of hacking. My site was hacked when I got similar things.

Medievalist
07-02-2010, 07:07 PM
MacAllister. If it's happening again, report it to the F.B.I.s IC3 division. They can deal with it. I also reported a similar to them in the past and this sort of scam emailing is stopped shortly after I reported it.

I'm an Admin for AW. The emails weren't from a person. They come from a bot net of infected zombie computers. This is one of the reasons to be careful about malware. A single computer can send thousands of infected or phishing spam in the course of a day. And a single bot net will have millions of zombie computers whose owners don't even realize they have a problem.

It's a nice thought but the FBI can't do anything about it at all.

dclary
07-02-2010, 08:11 PM
Most phishing emails are badly spelt.

Which would explain the PH.

Freelancer
07-02-2010, 08:21 PM
It's a nice thought but the FBI can't do anything about it at all.
As far as I know and as I experienced the FBI's IC3 division is for this. They're also warning users for this sort of letters and helping to protect the net. I also asked their help because my website is in U.S. sovereign territory. It's their jurisdiction. And it's worked.


Identity theft occurs when someone appropriates another's personal information without their knowledge to commit theft or fraud. Identity theft is a vehicle for perpetrating other types of fraud schemes. Typically, the victim is led to believe they are divulging sensitive personal information to a legitimate business, sometimes as a response to an email solicitation to update billing or membership information, or as an application to a fraudulent Internet job posting. See also, Phishing/Spoofing.

As phising is ID theft, you can report it to them anytime here.

http://www.ic3.gov/complaint/default.aspx

Also if someone is getting the AW phishing and if that virus or whatever that mail is containing is making damage to the user's computer, that one may sue AW anytime or it may give a bad highlight to AW. But with this you'll have a legal proof that you tried to do something against it as you was well aware of the situation. Just a helpful thought.

Medievalist
07-02-2010, 10:32 PM
As far as I know and as I experienced the FBI's IC3 division is for this. They're also warning users for this sort of letters and helping to protect the net. I also asked their help because my website is in U.S. sovereign territory. It's their jurisdiction. And it's worked.

No, really, they can't help.

I'm not talking out of my hat. The FBI regularly asks the Network supers on the private admin list for UC admins, a list I still help run, for help.

They ask US for help.


As phising is ID theft, you can report it to them anytime here.

http://www.ic3.gov/complaint/default.aspx

I realize that you're trying to help. But your understanding of this specific issue, and the larger issues, is that of a naive end-user.

These are generated by bot nets in China, Korea, Russia, and the former members of the Soviet Union, Nigeria, Botswana, and various other third-world nations. If it were easy to track, they would have been stopped.

There are large criminal organizations involved with a fair number of them.


Also if someone is getting the AW phishing and if that virus or whatever that mail is containing is making damage to the user's computer, that one may sue AW anytime or it may give a bad highlight to AW. But with this you'll have a legal proof that you tried to do something against it as you was well aware of the situation. Just a helpful thought.

Actually, no, Federal law specifically prohibits that.

I realize that you're trying to help. I do appreciate it. But really, not only do I know what I'm doing, Mac's other admin is the guy who wrote the book on Apache, and I have contacts at Symantec and Cisco, and Apple . . .

Our concern is merely for the large number of naive users who will click anything. There are rather a lot of them.

Freelancer
07-03-2010, 12:49 AM
I see. At least I learned something new today regarding how this thing is really working in the background. And I'm sorry to hear they can't help. :(