We can check your plugins and stuff

Sunday, November 13, 2011

Don't let the spammers get you!!!!!

A few days back I helped an acquaintance help recover and secure his/her cracked yahoo account. The hack was typical ruse played by the spammer, after taking over the account the entire contact book was copied. Deleted the original contact book from the email account. Make a fake new account by adding a letter to the original account. Set up a filter to auto forward all mails received to this account, also set a filter to add a blind carbon copy to another account (This is done so just in case the original account is recovered ... via password recovery and secret question. to monitor what is going on by the cracker).

The person concerned was worried as all his/her contact were deleted from the account and he/she suspected it was a hack attempt by a business rival. I had to scan ,examine and check the laptop for any attempt of deliberate cracking. The initial scanning and testing showed that the laptop was not secure by any stretch of imagination.

Multiple and glaring security omission were noted. The OS was not patched with any service packs and hot-fixes released thereafter. The account in use was an administrator level account. The system did had antivirus software installed ... but it was something I would not recommend to anyone. It has a known poor detection rate and does not protect from any web attacks like script based worms, code injection etc. Worst of all it does not have a dedicated anti root kit and anti spyware component. To top this all multiple Service Packs and patches were missing from popular software like MS office, web browsers, browser addons, old java virtual machine. All in all the system was crying to be taken over sooner or later.

Now on the actual ruse played by the cracker. As mentioned the cracker deleted the original contact list. Before doing this the entire address book was sent a mail .... this mail is typical of the phishing attack we see these days. All the contact were told that the owner of the account was stranded in Spain and had his/her Visa taken away. He/she pleaded them to send him money via online transfer so he/she could be back into his/her hotel and get back home safely. The actual account holder had been getting concerning calls since early morning from people all over the world. Some had also fallen for the con and replied to the mail

The reply was auto forwarded to the fake email account and details was sent back of a temporary western union transfer account to wire the money. Even a contact number was given in the fake mail. (Do not call such numbers as they could be ISD calls/Premium rate numbers or and even a collect call. You may end up paying a large amount in call charges). Sadly in this case a few people did sent some money. (If you are in such a fix always make sure to contact the actual person on his/her known landline or cellphone

The victim was educated on how to secure his/her laptop and update the OS and other software's. Email account setting were restored to normal, password changed and make use of strong password and features like Secure Text/Picture of yahoo. Account logs were checked to find that the crackers first accessed the account from Kenya and later from Australia. (At this point it is not clear if they were the same person/group using proxy servers or working over the Internet.)  All spoofed emails/headers/IP address details were noted and saved. The victim was advised to contact people in his address book to not to respond to any such emails. File a cyber crime report with the local cyber crime cell, and submit the details as evidence.

Conclusion: The ruse played on the emotion of the people in the address book to skim off money via online transfer. The address book was deleted to avoid let the people know that the mail was fake. If you have been using an email account for a long time, it is a good idea to take a backup of your contacts. Check all filters/forwarding setting and make use of all security features possible. Use common sense and contact the person on a known number to confirm of any such event.

P.S --- Case of the Internet con to get a good job!!!!!

Received a similar mail today that tries to exploit on another human emotion. This one is pure con, and promised you a very lucrative job offer. No hackers or hi tech involved.. in fact the attachment it's self is a plain text file. No virus or trojan etc. 

Head Office Maruti Suzuki,
India Limited Nelson Mandela Road,
Vasant Kunj, New Delhi-110070.


Your Resume has been shortlisted for our new plant.The Company selected 45 candidates list for Senior Engineer IT,Administration,Production,marketing and general service Departments, It is our pleasure to inform you that your Resume was selected as one of the 45 candidates shortlisted for the interview.

The Company SUZUKI is the best Manufacturing Car Company in India, The Company is recruiting the candidates for our new Plants in Delhi,Bangalore, Pune and Mumbai.Your interview will be held at The Company Corporate office in New Delhi on 23rd of November 2011,at 11.30 AM, you Will be pleased to know that the 45 candidates selected 34 candidates will be giving appointment,Meaning that your Application can progress to final stage. You will have to come to the Company corporate office in New
Delhi,your offer letter with Air Ticket will be sent to you by courier before date of interview.

The Company can offer you a salary with benefits for this post 62, 000/- to 200, 000/-P.M. + (HRA + D.A + Conveyance and other Company benefits.The designation and Job Location will be fixing by Company HRD. At time of final process.You have to come with photo-copies of all required documents.

1) Photo-copies of Qualification Documents.
2) Photo-copies of Experience Certificates (If any)
3) Photo-copies of Address Proof
4) Two Passport Size Photographs.
5) Mobile Number

Please note: All requirement should be sent to this email:

You have to deposit the (Cash) as an initial amount in favor of our company accountant name in charges to collect your payment department for Rs.16,200/- ( Sixteen Thousand two hundred rupees ) through any [STATE BANK OF INDIA] OR [AXIS BANK] Branch from your Home City to our Company accountant name in charges. Account NO:,which will be sent to you upon your response. This is a refundable interview security. Your offer letter with Air tickets will be sent to your Home Address by courier after
receiving the confirmation of interview security deposited in any of the STATE BANK OF INDIA OR AXIS BANK.
This Company will pay all the expenditure to you at the time of face-to-face meeting with you in Company. The Job profile, salary offer, and date -time of interview will be mentioned in your offer letter. Your offer letter will dispatched very shortly after receiving your confirmation of cash deposited in STATE BANK OF INDIA OR AXIS BANK.
We wish you the best of luck for the subsequent and remaining stage.The last date of security deposits in bank is 20th of November, 2011. You have to give the information after deposited the security amount in bank to the Company HRD-direct recruitment via email.Your Offer Letter with supporting document will be dispatched same time by courier to your postal address after receipt of security deposited confirmation in bank. The interview process and arrangement expenditure will be paid by SUZUKI COMPANY.Lodging, traveling and local conveyance actual will be paid by MARUTI SUZUKI COMPANY as per bills. The candidate has to deposit the initial refundable security as mentioned by HRD.NB: You are advice to reconfirm your mailing address and phone number in your reply.And 16,200/(Sixteen Thousand two hundred rupees) will be the refundable amount,as 200rupees will be deducted as bank charges for funds deposit and if you are been selected or not, still the amount will be refunded to you,as the amount is just to prove that you will be coming for the interview in order for us not to run at lost after sending you the air ticket Offer Letter and you don't show up on the day of interview.

Wishing you the best of luck.

Shinzo Nakanishi
Chief Executive Officer, Managing Director,


Conclusion: Now you have to use common sense, some of the details may be true. But how in the heaven I am being offered a job at MARUTI SUZUKI when I did not even apply. My CV is not even online at any job portals :P :P LOL. By reading the text marked in RED, it should be very clear that this is an attempt to rip you off the money and IS TOTALLY FAKE.  Do not send any details or the money to them. A company like MARUTI SUZUKI (automobile makers) will never use a Hotmail id to send you official emails from HR.

Gmail is not marking such mail as spam right now. If you happen to get such a mail, mark it as spam. Report to the company involved of the ongoing scam. Tell the world, your friends and your dog about this. Save them all :)
Be safe...

No comments:

Post a Comment