Sunday, September 30, 2007
Cave Springs
We visited Cave Springs today, in Kansas City. It was an interesting place, with several old chimneys left over from whatever houses used to stand in the area. We walked a good portion of the trails and managed to work up quite an appetite! I took the camera along and got a few neat pictures, click here to check out the photos. I also found a toad on the porch later that afternoon that sat so still for me, I guess he was ready for his close-up.
Wednesday, September 12, 2007
Danger, Will Robinson!
I got this email today, and I wanted to share it with y'all. My spam filter is pretty good, but this one got through. This is what is known as "phishing," the art of convincing someone to reveal their most important information, such as passwords, Social Security numbers, bank account numbers, you name it. This one is pretty slick, but with a bit of careful examination, we can see how the magician makes the rabbit appear from an empty hat. Have a look-see, my comments are in red.
---------- Message Text Follows ----------
From: Bank of America [noreply-mail@google.com] Here is our first clue. BoA would be sending email from username@bankofamerica.com
Date: Sep 12, 2007 6:07 PM
Subject: Unauthorized Activity
To: Nothing to see here, move along. Oh wait, no, this is blank. Ask yourself why.
Dear Bank of America client,
Bank of America client? You mean they don't know my name? Huh, that's weird. Even weirder, I don't have a BoA account.
You have received this email because you or someone had used your account from different locations. For security purpose, we are required to open an investigation into this matter.
This is the hook they use to scare you into reading further. Good, isn't it? Also, note the bad grammar. Without getting too technical, that whole first sentence is wonky. And "for security purpose" is a classic native Chinese speaker's mistake, though the writer is clearly familiar with English business phrases. (For the record, China has a problem with online fraudsters that they're not really trying to fix.) What BoA exec is going to let a form letter out of their mail servers looking like that? But our intrepid black hats are hoping you're too alarmed to proofread.
In order to safeguard your account, we require that you confirm your banking details. Red Flag #3: No self-respecting financial institution will EVER ask you for this information via email. Email is notoriously lacking security, and why would they need that info? They already have it.
The help speeed up to this process (Say what?), please access the following link so we ca (???) complete the verification of your Bank of America Online Banking Account registration information. If you use online banking, you're already registered and verified. You will not have to do this a second time.
DO NOT FOLLOW THIS LINK, BUT LOOK AT IT CAREFULLY.
http://211.72.75.244/icons/www.bankofamerica.com/sslencrypt218bit/online_banking/
It has some of the right words in it, bankofamerica.com, sslencrypt (by the way, there's no such thing as 218-bit encryption, computer numbers are always evenly divisible by 8), but the important thing is the beginning of the address. You're looking for the text between the second and third slashes. That string of numbers is an internet address that is in no way shape or form associated with Bankofamerica.com. In fact, it's owned by a company called Asian Pacific Network Information Centre with a post office box in Australia. Doesn't sound much like BoA, does it?
If we do no (no? No what?) receive the appropriate account verification within 48 hours, then we will assume this Bank of America account is fraudulent and ("it" belongs here) will be suspended.
More scare tactics, bad grammar and and stupid spelling mistakes.
The purpose of this verification is to ensure that your bank account has not been fraudulently used Bullhockey! and to combat the fraud from our community. Bullhockey and more bad grammar!
We appreciate your support and understanding and thank you for your prompt attention to this matter.
Not bullhockey. Because if you do what they ask, they will have all the information they need to ruin your life.
This is actually where the email ended. Had this been a real email from a real bank with whom I really had an account,it most likely would have included names, email addresses, perhaps even telephone numbers of bank personnel with whom I could speak should I have any questions or concerns.
---------- Message Text Follows ----------
From: Bank of America [noreply-mail@google.com] Here is our first clue. BoA would be sending email from username@bankofamerica.com
Date: Sep 12, 2007 6:07 PM
Subject: Unauthorized Activity
To: Nothing to see here, move along. Oh wait, no, this is blank. Ask yourself why.
Dear Bank of America client,
Bank of America client? You mean they don't know my name? Huh, that's weird. Even weirder, I don't have a BoA account.
You have received this email because you or someone had used your account from different locations. For security purpose, we are required to open an investigation into this matter.
This is the hook they use to scare you into reading further. Good, isn't it? Also, note the bad grammar. Without getting too technical, that whole first sentence is wonky. And "for security purpose" is a classic native Chinese speaker's mistake, though the writer is clearly familiar with English business phrases. (For the record, China has a problem with online fraudsters that they're not really trying to fix.) What BoA exec is going to let a form letter out of their mail servers looking like that? But our intrepid black hats are hoping you're too alarmed to proofread.
In order to safeguard your account, we require that you confirm your banking details. Red Flag #3: No self-respecting financial institution will EVER ask you for this information via email. Email is notoriously lacking security, and why would they need that info? They already have it.
The help speeed up to this process (Say what?), please access the following link so we ca (???) complete the verification of your Bank of America Online Banking Account registration information. If you use online banking, you're already registered and verified. You will not have to do this a second time.
DO NOT FOLLOW THIS LINK, BUT LOOK AT IT CAREFULLY.
http://211.72.75.244/icons/www
It has some of the right words in it, bankofamerica.com, sslencrypt (by the way, there's no such thing as 218-bit encryption, computer numbers are always evenly divisible by 8), but the important thing is the beginning of the address. You're looking for the text between the second and third slashes. That string of numbers is an internet address that is in no way shape or form associated with Bankofamerica.com. In fact, it's owned by a company called Asian Pacific Network Information Centre with a post office box in Australia. Doesn't sound much like BoA, does it?
If we do no (no? No what?) receive the appropriate account verification within 48 hours, then we will assume this Bank of America account is fraudulent and ("it" belongs here) will be suspended.
More scare tactics, bad grammar and and stupid spelling mistakes.
The purpose of this verification is to ensure that your bank account has not been fraudulently used Bullhockey! and to combat the fraud from our community. Bullhockey and more bad grammar!
We appreciate your support and understanding and thank you for your prompt attention to this matter.
Not bullhockey. Because if you do what they ask, they will have all the information they need to ruin your life.
This is actually where the email ended. Had this been a real email from a real bank with whom I really had an account,it most likely would have included names, email addresses, perhaps even telephone numbers of bank personnel with whom I could speak should I have any questions or concerns.
Subscribe to:
Comments (Atom)