Saturday, October 16, 2004
Here is a brief summary from Wikipedia:
|Phishers usually work by sending out spam e-mail to large numbers of potential victims. These direct the recipient to a Web page which appears to belong to their online bank, for instance, but in fact captures their account information for the phisher's use.
Typically the email will appear to come from a trustworthy company and contain a subject and message intended to alarm the recipient into taking action. A common approach is to tell the recipient that their account has been de-activated due to a problem and inform them that they must take action to re-activate their account. The user is provided with a convenient link in the same email that takes the email recipient to a fake webpage appearing to be that of a trustworthy company. Once at that page, the user enters her personal information which is then captured by the fraudster.
Whenever you get an email that asks you about personal, financial or some kind of online account details, fire up your browser and type out the URL yourself (it is preferrable to bookmark it and use the same link everytime). Better still try and use the good old telephone and contact the company directly.
Unfortunately, like the offline world even the online world is full of scamsters, predators, con artists. Dont assume that things are safe here.
Also check out the FTC's consumer alert on spoofing: http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm
Saturday, October 09, 2004
GMail account as a windows filesystem
I downloaded the executable and installed it. It works pretty much as advertised. I even saw a new GMailFS drive under 'My Computer'. Tried to upload a couple of files, create a directory, delete a file and everything works perfectly fine. Heck, even the installation was super smooth - under 60 seconds.
How does Google get impacted? Well, they created GMail so that they could serve you ads side by side your email conversation. They make their moolah from ad revenue. Any attempt to bypass that mechanism is going to draw their attention. Sooner or later, they are going to stop/thwart these kind of attempts that want to capitalize on the 1 GB of space offered by Google. But this is the second cool hack, based upon using GMail as the filesystem, that I come across in the past 1 month. Sure, GMail hacks are gaining momentum.
Saturday, October 02, 2004
How scammers use craigslist to mint money
Hoping to find more info on the laptops, I clicked on the link inside the posting. The link took me to eBay's website on a page showing a bunch of Dell laptops put up for sale. Okay.. so what makes that interesting, you would wonder?
Well, the interesting part is my quick eye caught a couple of things: First, the link originally didnt point to eBay. Second, between the time I clicked on that link and ebay appeared on my browser, I was redirected a couple of times. In an instant, I realized that someone just make a few cents through my click. The more people click on that link, the more money the scammer makes.
Now because craigslist is a popular destination, a lot of people visit it daily. Lets say craigslist receives about 100,000 hits per day on a particular city site for a particular category - tech (lets say Seattle - http://seattle.craigslist.org/sys/). Assuming that 1/10th of those visitors open the post and click on the link provided by ABC, then ABC tends to make around 10000 * 0.05 = $500 per day per posting. What if ABC decides to perform the trick on users of other cities also? The scam could run into thousands of dollars.
I sent couple of emails to the folks that run craigslist and they deleted these kind of fraudelent posts, but how can they ensure that the scammer ABC doesnt post the same kind of ad again? If they cannot stop these kind of posts, then they risk a serious threat to the character of their site.
Copyright Anand Jain 2004, 2005. All rights