Tag Archive for: phishing

Things Are Looking Up

/2 Comments

I promised one of the readers of this blog that I would return to my optimism about the future and away from the bad economic news. And, thanks to an unexpected email, things are truly going my way.

Hopefully it is a really big amount of money. I can hardly contain my excitement! I am lucky, lucky, lucky!!

A.C.F
Rotterdam Branch,NL.
Dear Beneficiary,
This is to inform you that you have been chosen By the organizers of the Association Of Charity Foundations (A.C.F) and Canadian lottery organisers as one of the final recipients of a Cash grant prize.
You are required to Contact the Officer incharge below for confirmation.Endeavour to give him a call immediately you get this email for urgent response to your claim process and also to claim your confirmation number which is important to claim your cash grant win.Make sure you reply back to the email address stated below only.This is for your security as a online winner.
Confirmation numbers will not be stated via email for security reasons.
*****************************************
Rotterdam Branch Officer Incharge
Mr. A. Van Gogh
A.C.F NOTIFICATION DEPARTMENT
Rotterdam, The Netherlands.
TEL: +31 617 623 594
EMAIL: acfnldep@yahoo.com.hk
*****************************************

This was my response:

Ben E. Fishery
Canadian Branch, Canada
Dear Mr. Van Gogh,
i am xcited beyawn beleaf that i have been chosen By the organizers of the Association Of Charity Foundations (A.C.F) and Canadian lottery organisers as one of the final recipients of a Cash grant prize.
This is to confirm that I have Contacted the Contact Officer incharge below to confirm the confirmation.i did endevour to gave him a call immediately when you get this email for urgent response to my claim process and also to claim my confirmation number which is important to claim my cash grant win.Only Contact Officer incharge was not answering his telephone that day.Make sure you reply back to the email address stated below only.This is for your security as a online prize awarder.
Nothing else will not be stated via email for security reasons.
*****************************************
Canadian Branch Officer incharge
Mr. Ben E. Fishery
A.C.F RECIPIENT DEPARTMENT
Canada, Canada.
TEL: ++–245 5693002 –4993
EMAIL: ben.e.fishery@naive.ca
*****************************************

I hope I hear back soon.

Safe, Secure and Private

/4 Comments

The European Network and Information Security Agency highlighted numerous security issues for social networking sites such as Facebook and MySpace. Although I was aware of most of the issues, some of them are a bit troubling.

I maintain an online presence through a blog, a photoblog, Facebook, flickr, LinkedIn and Twitter. One of the threats is digital dossier aggregation. The profile information that is maintained online can be downloaded and stored by third parties without personal consent. Sadly, secondary data is also often present. For example, there are statistics maintained on the sites that can be readily accessed. Recent visits, lengths of connections, comments. All of this secondary data can also be gathered and associated with a profile.

One that I had not really considered was face recognition. Several of my sites include my digital image. Not only can primary and secondary information be gathered but a dossier could be populated with a recent photo.

Phishing can become more sophisticated as a result. Through the collection of such data, phishing attacks can become far more effective by leveraging names of known contacts through existing social networks. In extreme cases, a phishing attack could become a whaling attack by selecting higher profile targets.

Another threat is profile-squatting and reputation slander through identity theft. I will often visit sites like Fake Steve Jobs or Fake Steve Ballmer. And the content is obviously fabricated. However, the ability to assume a digital identity and slander or profit from identity theft is a real threat. And it is not hard to do.

Governments are attempting to understand the potential issues associated with incidental disclosure of personal information. And put in place a regulatory structure to ensure privacy. A necessary action.

For example, I started receiving much higher than normal unsolicited email content from vendors. In one case, the content originated from a vendor that I work with quite closely. I did not understand why I was receiving the material from someone else in their company. The reason? Identity theft. Some salesperson, desperate to obtain contact information, dumped his business card roster into Jigsaw, a website that offers an exchange of contact information. Once that website had my identity information, they traded it to other sales people looking for an entry point into a corporation.

I went to the website with only one objective: to get my identity information removed. And guess what? I can”™t. I do not own the data. Some website has taken data from my business card and they can circulate that data freely without my consent. They have over 8 million individual names in their database.

Although the security issues are more prevalent with social networking sites, it can also happen if you hand out a business card.

Welcome to 1984.