Here’s a screenshot of an email message I got the other day (click to enlarge):
There are a total of five links within this message, all of which lead to a different website and none of which lead to a page hosted at LinkedIn.com. The links were located in these places:
The yellow “Accept” button
The white “Ignore Privately” button
“Marva Leonard”
“Unsubscribe”
“Learn why we included this”
Of course, the real issue here is that this looks like it could be a real email from LinkedIn (and hey, the VP Operations from Allstate wants to know you, wow!). But look what happens when I hover the mouse over the “Unsubscribe” link, for example (detail):
I’m not sure what’s on that site (I didn’t click to find out), but I can promise you it’s not a real LinkedIn page. Most likely it’s a hacked website that will attempt to infect your computer with malicious software.
If you’re a LinkedIn user, it’s important to be careful with email messages that appear to be from the network. Hover your mouse over any links before you click. Better yet, just visit the site directly and log in to your account; if you’ve got pending invitations, they’ll show up.
Also, most email clients these days don’t display embedded images unless you manually tell them to (note the red “X” and the word “LinkedIn” in the upper right corner of the message). There’s usually a box or a bar that says something like this:
Unless you know who the message is from and what it contains, never click on that box.
Note: for maximum atmosphere, first scroll to the bottom of this post and play the YouTube video, and listen to the music while you read.
The night meowed at the window of the dingy third-floor office on the wrong side of town like a housecat left out in the rain, trying to draw my gaze from the hand of solitaire laid out on the desk between half-empty cups of cold coffee, old newspapers and an ashtray spilling over with stale butts. I glanced at the window and shuddered for some reason, then wondered who left all the spent Chesterfields there, seeing as how I don’t smoke. They made a good prop, though, so I returned to my cards. If I could just find the other red queen, I was set.
It was the kind of night that slithers through the gutters and alleyways, around garbage cans and dumpsters, up fire escapes and into the ventilation. It always finds a way in, always creeps up behind you, always gets you in the end. There was a knock at the door, and a woman entered.
She was one sad-luck dame by the look of her, all switchblade sadness and razor gloom, whatever that means. She was carrying a laptop computer (which seemed anachronistic given the setting, but this was the Fraud Prevention Unit, and these newfangled bean-counters were the rule these days).
She just stood there for a minute and looked unsure. “Are…are you the one they call ‘Sledge?’”
“That’s me,” I said. “Hank Sledge, Private Fraud Investigator.”
“Oh. I…oh.” She swayed on the spot, as if trying to decide something.
“C’mon, spill it, sister,” I spat.
“Well, it’s just…I got this email the other day and I don’t know what to do.”
I looked at the gray computer tucked under her arm. “And you figure some mug’s got you pegged as an easy mark? Toss that mill up here on the table. Let’s see what we got.”
She placed the laptop on the desk and hit the power button. It took a minute to start up, and the awkwardness hung in the air like burnt toast. “So…um…read any good books lately?” I started to say, but the machine was ready.
“This one right here,” she said, and I read the email.
The message said it was from Facebook, and if it was a ringer it was a darn good one. It went like this:
From: Facebook <notification+tnejvqakyz@notifierfacebook.com> Subject: You have 3 lost messages on Facebook…
At the bottom was a green button that said “Frequently Asked Questions.”
“Did you click on anything in this mess?” I said.
“No, I don’t think so.”
“You can’t think so. You either clicked or you didn’t. Think hard.”
“No, I didn’t. Jeez. Jerk.”
“Sorry ma’am. Hardboiled crime fiction. I have to talk to everybody that way.”
“Oh.’”
“Anyway,” I continued, “it’s good you didn’t click. This is a swindle through and through. See this?” I showed her the message header. “If it was from Facebook, it wouldn’t be coming from some ‘notifierfacebook.com’ domain.”
“And check this out.” I moused over the link. “It says ‘facebook.com,’ but it’s disguised. Every link in the message takes you to this weird ‘winesofworld.org’ website. Classic phishing message. These punks either want to infect your computer with malware or steal your password. There’s also the crummy English; see where it says, ‘to recover a messages?’ Makes no sense. Finally, there’s no such thing as ‘lost’ messages on Facebook.”
Her eyes were dinner plates. “So what do I do with it?”
“If I was you, lady, I’d drill it with my heater,” I spat.
“What?”
“Just delete it.”
“Oh,” she said, and snapped the laptop shut. “Okay, cool. Thanks. Nice hat, by the way.”
I nodded thanks as she disappeared out the door and went back to my game. Black eight to red nine. The card underneath was the queen of diamonds. “There’s my lady,” I murmured over the lonesome wail of a siren echoing across the night.
Posts will appear in the list of postings and in search results in about 15 minutes. If you are trouble finding them,
please check our help page at http://www.craigslist.org/about/help/where.html
Please login into your account if you need to edit of delete your posting:
For your protection please check our list of common scams: htttp://www.craigslist.org/about/scams.html
Thanks for using craigslist!
The only problem is, all the links are disguised; they actually lead to a site hosted at cen.thegigabit.com. I guess you’re supposed to go, “Whoa! I’m not selling a Playstation! I gotta fix this now!” and start clicking.
Here’s the thing I don’t get: why are they trying to steal Craigslist passwords? To my knowledge, Craigslist isn’t like eBay where you pay through the site itself; don’t Craigslist buyers just contact the seller and arrange for payments on their own? Is it that difficult to just create a fake Craigslist account from which to run your cashier’s check and wire transfer scams?
I just don’t get it. Somebody fill me in if I’m wrong about this; I don’t use online classifieds at all, so I don’t know firsthand how it works.
Here’s a message I got just the other day. It’s pretty goofy.
From: Tom Lavigne To: [blank] Date: Wednesday, June 08, 2011 9:27:37 AM Subject: Deactivation of Your Email Address
THIS MESSAGE IS FROM OUR TECHNICAL SUPPORT TEAM This message is sent automatically by the computer. If you are receiving this message it means that your email address has been queued for deactivation; this was as a result of a continuous error script (code:505)receiving from this email address. Click here and fill out the required field to resolve this problem Note: Failure to reset your email by ignoring this message or inputting wrong information will result to instant deactivation of this email address
Normally I include the email address when I paste these, but apparently Tom is a real person whose email address has been used without his authorization. I don’t want to make it look like some YMCA in Massachusetts is running a phishing scheme.
Anyway, let’s poke holes in it!
Execrable grammar and usage. It used to be that tech people weren’t always the best writers (see also: any software manual written between 1980 and 1995 or so), but “will result to instant deactivation?” No.
“Click here” links to a TinyURL site. Yeah, no.
“This message is sent automatically by the computer.” Yeah. THE COMPUTER. Really? Really? No technical support team would ever use that sentence, because it makes zero sense.
“Reset your email” also makes no sense. How do you reset an email? (You can, however, declare email bankruptcy).
It’s asking you to click a hidden link and provide personal information. It might as well said, “Hi. This is a phishing attack. Can we have your password?”
If you’re an Apple iPhone or iPad user, be on the lookout for a recently discovered phishing scam, reported by security firm F-Secure.
It seems users of these devices are receiving emails informing them that their recent App Store purchase has been successfully cancelled. There is a link for order information, but it actually takes users to one of those pharmacy websites where they try to mine personal information.
The above linked article tells you more about it, and they make an excellent point: while the emails currently direct you to a drugstore site, which most savvy Internet users will reject right away, what if they decide to build an App Store lookalike page? Lots more people will be tricked.
There was one part of that made me laugh, though:
[T]he phony Apple AppStore message appears in email inboxes immediately after you purchase an app from Apple’s legitimate App Store. F-Secure is not sure how the scammers know you just bought something from the App Store.
Oh, I can tell you right now how they know you just made an App Store purchase: people who have iPhones and iPad always just made an App Store purchase. Do you have one of these devices? You’ve been to the App Store today, haven’t you? Come on, admit it!
Maybe I’m just jealous of your neat-o phone. Or maybe I’m not. I’ll never tell. Welcome to the Fraud Prevention Unit: your source for ambiguous digs at vast swathes of popular culture.
Posted by Clint 
