Junk Mail and Phishing Mail, ENOUGH ALREADY!!!

Man I'm so tired of this crap. Every time I block one sender, another comes along.
Are these people really that stupid and think I would hand over all that info?
Do people actually respond to these things?

Some are pretty bad, the "Nigeria" type letters of course, but I have gotten mail claiming to be from PayPal, Chase, WAMU, Wells Fargo, Naval Credit Union (?) and BofA.

You gotta look close at the originating address and where the links actually go.
Got one the other day claiming to be from BofA saying that there was suspicious activitey on my account and I needed to fill out some form. Bullshit, BofA never does that, they just cancel the card and send a letter, I know, I've already been down that road.
Anyway this one was rather impressive, they managed to do a near perfect spoof of BofA's site, actually they just "hijacked" the site and all the links are live BofA links.

The only way, aside from knowing what the regular practice is, that I knew it was a scam was by looking at the source code for the page and looking at what the script was for the "submit" button.
Of course when you hit "submit" the info is routed to a different server, not BofA.

I imagine the majority of users would not know to dig into the html code to see what is really going on, so just remember, put your brain in gear before clicking on links.
If a link ends in .php, be extra wary as php code can execute commands on the client machine (your computer) and all it takes is clicking on the link to initiate it.

Be cyber safe out there, kiddies. oliceman:

 

What are you doing to get on thier lists?

I thought everyone had at least one bogus email for signing up for crap so that the spam and phishing goes to the crap email and not the real one.

 

Gmail does a good job filtering it all out for me. I'd say that only once every year or so does a legit email end up in spam.

 

Yeah. Between my bogus hotmail and Gmail's filtering. I don't really get any of this stuff at all.

 

I have multiple e-mail addy's. The one's that gets peppered the most are my "professional" one used on resume's and job apps. That one is floating around cyber-space for a couple of decades, and the other is our business e-mail, which is a available on our site, so that one is to be expected, but the hosting site does a pretty good job of catching the obvious ones.

All it took was one resume posting on Monster Jobs about 12 years ago, the rest is spammer history...

 

There's people phishing on these forums, at least trying to. They get banned and all their posts deleted pretty quick tho lol but they fill entire threads with that's shit and totally throw off other threads with that bullshit

 

https://www.youtube.com/watch?v=qaI4EMh9v7M"]Spam - The Documentary - YouTube

 

The internet would have me believe that I need a stronger erection. ^.^

 

Web developer here. PHP is a server side language. That's by convention and doesn't have to be true, a webpage could be made that had php that should be interpreted by the clients browser, but as, only web developers have php5 installed, you will never see it, you will only see the HTML. To test that, create a test document called hello.php and put this is.

Then try to open it in your browser. It'll be slipped right into the html body tags, and you'll process it as such.

http://i64.photobucket.com/albums/h181/Lodui/hello.png


JavaScript is client side. You can turn it off, but somewhat tragically, pretty much everything in the modern '2.0' web involves dynamic js. javascript security has gotten much better over the years, but there are a couple holes which are discovered and patched monthly. HTML is also executed on the clients browser.

The solution is DNSsec. It'll let you know that the bank of America site is actually from an IP registered with BOA. Unfortunately it's a solution that's long overdue, and depends on the strength of all DNSservers in a chain using it.

 

^yep, take it from a []...server side redirect is the way to go.

Also scripts that rewrite the hosts file on windows machine can really throw things off if someone gets tricked into running it.