Results 1 to 48 of 48

Thread: iTunes Fraud watch out

  1. #1

    Default iTunes Fraud watch out

    I just got a very convincing looking email suggesting it was from Apple iTunes, and that I needed to reconfirm my account as a different device had logged into it. Luckily I clued in that it looks like just a robot to get my password.

    Here is the website it sends you to:

    http://forumvagos.com/wp-includes/im...x/apple/apple/

  2. #2
    Plug C2E into my veins!!!
    Join Date
    Apr 2007
    Location
    Edmonton, Alberta, Westwood
    Posts
    16,564

    Default

    Check the email address it comes from, it isn't an Apple address.

  3. #3

    Default

    ^not easy to spot though, my outlook just shows "iTunes" in header, but if you look closely, [email protected] with two e's, one p. On that web site they mess up the languages. This is a very convincing scam though (maybe how they got those celebrity photos, lol? They can have mine).

  4. #4

    Default

    This scam, and similar ones, have been going around since the modern era of the internet.

  5. #5

    Default

    A lot of similar scams for shaw as well saying stuff like you have to confirm your account and such rubbish.

    Funny how many times people attempting these scams can't even spell right. You think they'd put in enough effort to even make it credible.

    Basically they just copy paste letter head and hope that looks official and that nobody notices how unusual the messages are.

    Does anybody actually respond to these?
    "if god exists and he allowed that to happen, then its better that he doesn't exist"

  6. #6

    Default

    moahunter almost got suckered, and usually mis-spelt words are used to bypass spam filters.

  7. #7

    Default

    The thing is, sometimes there are legit messages informing you that your account has been logged in on another device or similar (typically one of my kids doing something). What they do is clever here. I'm guessing the spelling and such is language related, not English as first language. Just found out my "sister in law to be" filled in the details, told her to change her password ASAP.

  8. #8

    Default

    Can you copy/pasta the contents of the full email (minus any personal details)? I'm curious about something.

  9. #9

    Default

    Includes an Apple logo (big Apple with bite out of it):

    Your Apple account was recently logged into from a computer, mobile device or other location you've never used before.
    Now you need to re-confirm your account information to us .



    To confirm your Apple ID safely, click on the link below:
    View your last account activity.

    Note: If this is not done within 48 hours, we will block your account,
    Copyright 2014 Apple Inc. All rights reserved.
    "View your last account activity" is a link to website in the OP.
    Last edited by moahunter; 05-01-2015 at 09:12 AM.

  10. #10

    Default

    Quote Originally Posted by moahunter View Post
    The thing is, sometimes there are legit messages informing you that your account has been logged in on another device or similar (typically one of my kids doing something). What they do is clever here. I'm guessing the spelling and such is language related, not English as first language. Just found out my "sister in law to be" filled in the details, told her to change her password ASAP.
    One key thing to note is such service providers are not going to contact you through email to alert you even if there was such intrusion. A security team would likely contact you at home and leave messages to reply. Even at that I ask security for information that they have so that I have some confirmation of who I am speaking with. If anything sounds suspicious at all I ask them more to substantiate. I do this because fraudulent phone calls take place as well. I also check to see if the number given is a legitimate ph number that is of the provider.

    I'm not very computer savvy but enough to evade such solicitation. I've even played with scammers on the phone pretending to be gullible before telling them what their gig is and that I've just tied up their time for half an hour and that I'm on to them. They get aggravated. Done this twice while sitting outside on the deck enjoying the sun. At that point any feigned customer service skills evaporate and you start to hear the scammer get upset, even angry. I've reported a couple phone numbers but I don't know they can track them. Odd that they don't even use private number and that number is visible.

    ps moa. Apple is not going to contact you from a website called amigodias.com or some such bs. sorry for this but anybody using email should be able to confirm where such a message is emanating from as the first rule.
    Last edited by Replacement; 05-01-2015 at 09:33 AM.
    "if god exists and he allowed that to happen, then its better that he doesn't exist"

  11. #11

    Default

    Well, moahunter, you did the best thing you could - you noticed the spelling mistakes and the non-apple address it tried to send you to..

    http://www.symantec.com/connect/blog...picious-emails

  12. #12

    Default

    Quote Originally Posted by Replacement View Post
    ps moa. Apple is not going to contact you from a website called amigodias.com or some such bs. sorry for this but anybody using email should be able to confirm where such a message is emanating from as the first rule.
    While this is true, someone less computer savvy will easily be caught in this scam. They don't know to check URL, or what is a valid URL.

    appleid.apple.boguswebsite.com could easily trick me if I didn't know better. Looks like apple right? but the domain is actually boguswebsite.com

  13. #13
    I'd rather C2E than work!
    Join Date
    Dec 2006
    Location
    edmonton
    Posts
    4,804

    Default

    Some piece of **** sent me this on a fairly legit looking page a couple of hours ago. I quote:

    ------------------------------------

    "PayPal

    Your Account Will Be Closed

    Dear customer, Your Account Will Be Closed , Until We Here From You . To Update Your Information . Simply click on the web address below "

    --------------------------

    Another jerkface with a less than basic grasp of English.
    Nisi Dominus Frustra

  14. #14
    C2E Hard Core Contributor
    Join Date
    Jan 2012
    Location
    Grandin 2014--, Garneau 2012-2014, North Downtown 2006-2012
    Posts
    3,249

    Default

    I get one of this sort of thing every day or two on one of my accounts. For me, they're easy to weed out because it's an account that is only set up for reading and writing newsgroups and joining mailing lists. To say nothing of the fact that often it's services that I don't even subscribe to. It's spam. Just like all the other spam.

    Eve

  15. #15
    I'd rather C2E than work!
    Join Date
    Dec 2006
    Location
    edmonton
    Posts
    4,804

    Default

    I always send these things to the Junk/Phishing Scam folder. I just wonder how diligent/successful is Hotmail in actually doing something about the problem though, since they must be deluged with this stuff at any given minute of the day or night. Surely, they can't possibly keep up with it all?
    Nisi Dominus Frustra

  16. #16

    Default

    Quote Originally Posted by howie View Post
    I always send these things to the Junk/Phishing Scam folder. I just wonder how diligent/successful is Hotmail in actually doing something about the problem though, since they must be deluged with this stuff at any given minute of the day or night. Surely, they can't possibly keep up with it all?
    I would say not at all. Either that or these scams pop up quicker than they can play whacamole.

    I also find that filters, screens, mark as spam, etc, don't work too good either.

    I'm getting fairly inundated with spam and its a chore to keep the spammers to a minimum.

    I'm probably not up on all things one can do or have as protection. A bit of a luddite here. I'm basically answering so that it will elicit somebody to give better answers
    "if god exists and he allowed that to happen, then its better that he doesn't exist"

  17. #17

    Default

    its a game of cops and robbers. Once the cops catch the robbers, the robbers find a new way.

  18. #18
    I'd rather C2E than work!
    Join Date
    Oct 2007
    Location
    Strathcona - Mill Creek
    Posts
    5,627

    Default

    Quote Originally Posted by Replacement View Post
    Quote Originally Posted by moahunter View Post
    The thing is, sometimes there are legit messages informing you that your account has been logged in on another device or similar (typically one of my kids doing something). What they do is clever here. I'm guessing the spelling and such is language related, not English as first language. Just found out my "sister in law to be" filled in the details, told her to change her password ASAP.
    One key thing to note is such service providers are not going to contact you through email to alert you even if there was such intrusion.
    Umm, this is EXACTLY how Apple contacts you to let you know that you account was used on a new device.
    They're going to park their car over there. You're going to park your car over here. Get it?

  19. #19

    Default

    ^xbox live as well, and various other providers, I often get legit emails like this (although they take you to the legit website, not this fake one, again, not always easy to tell though unless you take the time to look carefully). In outlook you only see the "header" on the email received unless you hover over it as well (which read "Itunes"), I think its pretty easy to get scamed by these. I wonder how much money they make (and exactly how), or if its just for pictures or similar? Now, the paypal one I get, re going out and buying stuff, perhaps itunes links to Apple Pay somehow? I've heard with stolen credit card information, it gets sold on the internet (which is why when you get swipe stolen, the purchases always ends up in another city somewhere else).

    I remember once seeing a presentation by a former RCMP officer (fraud investigator). He argued the reason why violent crime is reducing is demographic, it was highest in the 60's and 70's when the young population was higher as a percentage of population. There will always be about 10% of population as criminal, with a bigger % in youth, there will be more violence. Many of those violent kids are now older baby boomers, who instead of doing violent attacks (e.g. the clockwork orange stuff), because they are older and less agressive, now do credit card frauds, and I'm guessing some of these sort of frauds.
    Last edited by moahunter; 06-01-2015 at 09:28 AM.

  20. #20

    Default

    Quote Originally Posted by Gord Lacey View Post
    Quote Originally Posted by Replacement View Post
    Quote Originally Posted by moahunter View Post
    The thing is, sometimes there are legit messages informing you that your account has been logged in on another device or similar (typically one of my kids doing something). What they do is clever here. I'm guessing the spelling and such is language related, not English as first language. Just found out my "sister in law to be" filled in the details, told her to change her password ASAP.
    One key thing to note is such service providers are not going to contact you through email to alert you even if there was such intrusion.
    Umm, this is EXACTLY how Apple contacts you to let you know that you account was used on a new device.
    Gord, that's strange and I find that to be inappropriate given the scams that exist. Some users are apparently not able to discern the difference between legitimate vs illegitimate domains as Medwards has indicated.

    If Apple does contact people through email to deliver important impending messages my opinion is its something to be reconsidered as an approach.

    I will admit on some occasions out of curiosity I've contacted my own providers and asked. "Did your company email me this message" only to be told that the provider does not email these warnings and would contact directly by phone, mail. That the email messages quoting the firm are fraudulent. I prefer that to what you are indicating is Apples protocol.
    Last edited by Replacement; 06-01-2015 at 11:55 AM.
    "if god exists and he allowed that to happen, then its better that he doesn't exist"

  21. #21

    Default

    Apple wont send you an email with a link to click to confirm your account though. They'll send you an email to let you know your account was used to log into a device you've never logged in to before, but it wont send an email with a link asking you to confirm your id

  22. #22
    I'd rather C2E than work!
    Join Date
    Aug 2007
    Location
    Edmonton -> -> Beautiful BC
    Posts
    5,395

    Default

    Wierd. I've never reveived any type of e-mail from Apple excpet my itunes receipts
    Over promise and under deliver. It’s the most Edmonton thing you can do.

  23. #23
    C2E Hard Core Contributor
    Join Date
    Jan 2012
    Location
    Grandin 2014--, Garneau 2012-2014, North Downtown 2006-2012
    Posts
    3,249

    Default

    I just checked a recent email I got from Apple after I changed my password.

    Dear Eve Bxxx,
    The following changes to your Apple ID (xxAppleIDxx) were made on 31 December 2014 at 03:00:48 (GMT):
    Password
    If you need additional help, contact Apple Support.
    Sincerely,
    Apple Support
    The Apple Support link leads to a "pick your country" site. But I can see someone getting a message like this (I get them when I add a device also), that is actually phishing where the Support link asks for an actual login.

    Eve

  24. #24

    Default

    ^the fake one I got is clearly modeled on that, with a pick your country page. Clever and devious.

  25. #25
    C2E Stole my Heart!!!!
    Join Date
    May 2008
    Location
    Clareview
    Posts
    9,925

    Default

    I usually ignore anything from iTunes anyway, though its good to know.
    Mom said I should not talk to cretins!

  26. #26
    I'd rather C2E than work!
    Join Date
    Oct 2007
    Location
    Strathcona - Mill Creek
    Posts
    5,627

    Default

    Quote Originally Posted by Replacement View Post
    Quote Originally Posted by Gord Lacey View Post
    Quote Originally Posted by Replacement View Post
    Quote Originally Posted by moahunter View Post
    The thing is, sometimes there are legit messages informing you that your account has been logged in on another device or similar (typically one of my kids doing something). What they do is clever here. I'm guessing the spelling and such is language related, not English as first language. Just found out my "sister in law to be" filled in the details, told her to change her password ASAP.
    One key thing to note is such service providers are not going to contact you through email to alert you even if there was such intrusion.
    Umm, this is EXACTLY how Apple contacts you to let you know that you account was used on a new device.
    Gord, that's strange and I find that to be inappropriate given the scams that exist. Some users are apparently not able to discern the difference between legitimate vs illegitimate domains as Medwards has indicated.

    If Apple does contact people through email to deliver important impending messages my opinion is its something to be reconsidered as an approach.

    I will admit on some occasions out of curiosity I've contacted my own providers and asked. "Did your company email me this message" only to be told that the provider does not email these warnings and would contact directly by phone, mail. That the email messages quoting the firm are fraudulent. I prefer that to what you are indicating is Apples protocol.
    You're really confused; the scams exist BECAUSE this is how many companies notify users. For example, if you go on vacation to Mexico and try logging into your account you'll probably wind up with an email from Google saying "hey, someone tried logging into your account from Mexico" (I have). They do this to let you know that someone tried accessing your account (if it's you, okay, if not maybe you should change your password), or that your account was accessed on a new device. How should they convey that information to you? Should Apple send you a letter in the mail telling you "hey, a few weeks ago someone logged in on this device"?

    Email is used because it's the best way for the company to send an automated message to a user.
    They're going to park their car over there. You're going to park your car over here. Get it?

  27. #27
    C2E Stole my Heart!!!!
    Join Date
    May 2008
    Location
    Clareview
    Posts
    9,925

    Default

    ^ Would this be in iTunes licensing agreement anyway?
    Mom said I should not talk to cretins!

  28. #28

    Default

    Quote Originally Posted by Gord Lacey View Post
    Email is used because it's the best way for the company to send an automated message to a user.
    Apple will also send you push notifications to your other devices to let you know that there's been activity involving your Apple ID, like a password change, or a new device setup or whatnot. I've got 2-factor turned on, so maybe that's why.

    Email is the lowest-common-denominator for an automated message, not the best. That's why they do both.
    Giving less of a damn than ever… Can't laugh at the ignorant if you ignore them!

  29. #29

    Default

    Quote Originally Posted by Gord Lacey View Post
    Quote Originally Posted by Replacement View Post
    Quote Originally Posted by Gord Lacey View Post
    Quote Originally Posted by Replacement View Post
    Quote Originally Posted by moahunter View Post
    The thing is, sometimes there are legit messages informing you that your account has been logged in on another device or similar (typically one of my kids doing something). What they do is clever here. I'm guessing the spelling and such is language related, not English as first language. Just found out my "sister in law to be" filled in the details, told her to change her password ASAP.
    One key thing to note is such service providers are not going to contact you through email to alert you even if there was such intrusion.
    Umm, this is EXACTLY how Apple contacts you to let you know that you account was used on a new device.
    Gord, that's strange and I find that to be inappropriate given the scams that exist. Some users are apparently not able to discern the difference between legitimate vs illegitimate domains as Medwards has indicated.

    If Apple does contact people through email to deliver important impending messages my opinion is its something to be reconsidered as an approach.

    I will admit on some occasions out of curiosity I've contacted my own providers and asked. "Did your company email me this message" only to be told that the provider does not email these warnings and would contact directly by phone, mail. That the email messages quoting the firm are fraudulent. I prefer that to what you are indicating is Apples protocol.
    You're really confused; the scams exist BECAUSE this is how many companies notify users. For example, if you go on vacation to Mexico and try logging into your account you'll probably wind up with an email from Google saying "hey, someone tried logging into your account from Mexico" (I have). They do this to let you know that someone tried accessing your account (if it's you, okay, if not maybe you should change your password), or that your account was accessed on a new device. How should they convey that information to you? Should Apple send you a letter in the mail telling you "hey, a few weeks ago someone logged in on this device"?

    Email is used because it's the best way for the company to send an automated message to a user.
    lol How is it the best way to reach customers when users are desensitized to these messages because the first thought is that they are scams. For a service provider to use a means of delivery that is heavily compromised by impersonating scammers is akin to them sticking their head in the sands pretending they're not being impersonated in emails every minute of every day. It would be like sending a valuable and confidential delivery through snail mail to a third world country.

    Man if you have to get a hold of me theres phone, courier, registered mail etc. I pay all my bills so if some service is hassling me over something and would ever disconnect due to me not paying attention to something like this I would just take that as a message they don't want my business and they can screw off. If something malicious did occur and they did not use legit means to contact me and I was impacted I would consider pursuing damages.

    If service providers want to send through email than make email more secure and legit with less scams, phishing, and Especially targeting scams that are impersonating them.

    Currently I view email as a kind of toilet that I flush once in awhile. I'd probably have a different view if email wasn't such a target of every malfeasance known.
    Last edited by Replacement; 08-01-2015 at 10:52 AM.
    "if god exists and he allowed that to happen, then its better that he doesn't exist"

  30. #30
    I'd rather C2E than work!
    Join Date
    Oct 2007
    Location
    Strathcona - Mill Creek
    Posts
    5,627

    Default

    Right, because Apple is going to call every user who activates a new device. This isn't a company sending sensitive information throught email, they're telling people that their account was used to sign on a device that hadn't been used before. Would you rather they NOT tell someone this information because some people have sent emails that look vaguely similar to this in order to get their account information? Maybe Google shouldn't email people to tell them that someone in another country tried to sign into their account? So should companies stop using the telephone because people have called others on the phone pretending to be someone they aren't?

    Sometimes you really do live up to your sig.
    They're going to park their car over there. You're going to park your car over here. Get it?

  31. #31

    Default

    Quote Originally Posted by Gord Lacey View Post
    Right, because Apple is going to call every user who activates a new device. This isn't a company sending sensitive information throught email, they're telling people that their account was used to sign on a device that hadn't been used before. Would you rather they NOT tell someone this information because some people have sent emails that look vaguely similar to this in order to get their account information? Maybe Google shouldn't email people to tell them that someone in another country tried to sign into their account? So should companies stop using the telephone because people have called others on the phone pretending to be someone they aren't?

    Sometimes you really do live up to your sig.
    The more I post here the more I figure this place should be called Connect2nonstoppointlessarguing.

    I could literally state anything, about any topic, anywhere on the board and you would come along and oppose it. For the sake of opposing it. If we're being honest here. Just to call out the dynamic.
    Last edited by Replacement; 08-01-2015 at 08:12 PM.
    "if god exists and he allowed that to happen, then its better that he doesn't exist"

  32. #32
    I'd rather C2E than work!
    Join Date
    Oct 2007
    Location
    Strathcona - Mill Creek
    Posts
    5,627

    Default

    I only call out the stupid stuff you post, which actually isn't everything you contribute here. If you don't want to be called out on posting stupid stuff, don't post the stupid stuff
    They're going to park their car over there. You're going to park your car over here. Get it?

  33. #33

    Default

    Quote Originally Posted by Gord Lacey View Post
    I only call out the stupid stuff you post, which actually isn't everything you contribute here. If you don't want to be called out on posting stupid stuff, don't post the stupid stuff
    This of course is your opinion. If my posts are stupid in your view then why respond?

    A chronic need for one upmanship online?

    Fwiw you actually only ever post in response to call out my posts. The only times you ever do quote my posts. Which is somewhat interesting.
    Last edited by Replacement; 09-01-2015 at 04:28 AM.
    "if god exists and he allowed that to happen, then its better that he doesn't exist"

  34. #34

    Default

    Quote Originally Posted by Replacement View Post
    If service providers want to send through email than make email more secure and legit with less scams, phishing, and Especially targeting scams that are impersonating them.
    I'd be interested to hear your ideas on how to do this. Especially ones that haven't already been fleshed out already. http://www.theregister.co.uk/2010/05...ail_and_trust/ article almost 5 years old, and still valid.

    do you think calling people is a more secure way with less scams and phishing? Nobody ever gets scammed over a phone call. Hold on a second, I just got a call from WestJet

  35. #35

    Default

    If you'd like to read how much needs to be done to make email secure, there's a great article here: http://arstechnica.com/security/2015...re-by-default/
    Giving less of a damn than ever… Can't laugh at the ignorant if you ignore them!

  36. #36

    Default

    the problem with any solution is getting the buy in from the actual email service providers to implement said solution, ie: anything from little guys running exchange 4.5 (still) to gmail and outlook.com and everyone in between.

  37. #37

    Default

    Yeah, Google has no interest in supporting any tech that'd prevent them from being able to datamine their users for information to sell to their customers & that's enough to kill any real efforts at end-to-end encryption of email, given the ubiquity of Gmail.
    Giving less of a damn than ever… Can't laugh at the ignorant if you ignore them!

  38. #38

    Default

    Quote Originally Posted by Medwards View Post
    Quote Originally Posted by Replacement View Post
    If service providers want to send through email than make email more secure and legit with less scams, phishing, and Especially targeting scams that are impersonating them.
    I'd be interested to hear your ideas on how to do this. Especially ones that haven't already been fleshed out already. http://www.theregister.co.uk/2010/05...ail_and_trust/ article almost 5 years old, and still valid.

    do you think calling people is a more secure way with less scams and phishing? Nobody ever gets scammed over a phone call. Hold on a second, I just got a call from WestJet
    If a service provider calls me on the phone the name of it usually comes up on my call display. Check one. When I have a phone call related to a security breach the provider will tell me account information to ensure to me, that this is not a scam ph call. So that my account information, security questions, address, phone #, email address etc will be confirmed further to ensuring this is a legit call made by the service provider. Check 2.. I find that they are willing to initiate giving, or respond to any confirmation related questions asked. Most such providers agents will appreciate you actually asking these questions before going further. Of course all of them have such assurances as stating that the phone call is recorded, monitored etc. Check 3 (agents handling the call and using protocol, and stating it, that all such reps are required to do) I would not provide further information even on the phone without insuring, to the utmost ability, that the other end is who they are saying they are. If they are able to provide all personal information on my account then I'm already likely breached. In anycase after and such contact I do subsequent monitoring of my service/account. to see if there are any other irregularities, breaches, intrusions etc. Check 4.

    So yes I do find phone real time question and answer interaction more secure. I do trust it more. Maybe I'm wrong. I make no claims to be an expert on such security but I've spoken at length with investigative security personnel at different service firms who similarly recommend the type of phone transaction I've described and that they would NEVER send email prompt for you to reply with all account information in an email to reset or confirm your account.

    Anyway its clear my opinion email is far from isolated;

    http://www.digitaltrends.com/mobile/...ver-be-secure/


    even from your link this was another article;

    http://www.theregister.co.uk/2014/11...y_half_google/

    Seems to be a lot of ongoing problems with email security, fraud, and serious intrusions.

    Of course if I've been wrong on one thing in this thread its how much people are being successfully scammed and how many people do compromise their security by responding to these scam requests and providing all their account information. Perhaps being more old fashioned and deferring to phone as I've described is more secure.
    Last edited by Replacement; 09-01-2015 at 10:46 AM.
    "if god exists and he allowed that to happen, then its better that he doesn't exist"

  39. #39

    Default

    http://en.wikipedia.org/wiki/Caller_ID_spoofing

    http://en.wikipedia.org/wiki/Social_...ring_(security)


    Caller ID isn't secure by a long shot. Someone could spoof the Caller ID of a company & through social engineering of both you & the company easily obtain enough information to make identity theft trivial. It's a pretty common technique.
    Giving less of a damn than ever… Can't laugh at the ignorant if you ignore them!

  40. #40

    Default

    Quote Originally Posted by Replacement View Post
    Quote Originally Posted by Medwards View Post
    Quote Originally Posted by Replacement View Post
    If service providers want to send through email than make email more secure and legit with less scams, phishing, and Especially targeting scams that are impersonating them.
    I'd be interested to hear your ideas on how to do this. Especially ones that haven't already been fleshed out already. http://www.theregister.co.uk/2010/05...ail_and_trust/ article almost 5 years old, and still valid.

    do you think calling people is a more secure way with less scams and phishing? Nobody ever gets scammed over a phone call. Hold on a second, I just got a call from WestJet
    If a service provider calls me on the phone the name of it usually comes up on my call display. Check one.
    If you trust this, you are a fool. This can easily be spoofed. Even real phone numbers can be spoofed.


    When I have a phone call related to a security breach the provider will tell me account information to ensure to me, that this is not a scam ph call. So that my account information, security questions, address, phone #, email address etc will be confirmed further to ensuring this is a legit call made by the service provider. Check 2..
    So every time someone activates or signs into a different apple ID (or other device registration) you want someone to call ? How does the person making the call ensure that they are talking to the right person before giving out your information?

    I find that they are willing to initiate giving, or respond to any confirmation related questions asked. Most such providers agents will appreciate you actually asking these questions before going further. Of course all of them have such assurances as stating that the phone call is recorded, monitored etc. Check 3 (agents handling the call and using protocol, and stating it, that all such reps are required to do) I would not provide further information even on the phone without insuring, to the utmost ability, that the other end is who they are saying they are. If they are able to provide all personal information on my account then I'm already likely breached. In anycase after and such contact I do subsequent monitoring of my service/account. to see if there are any other irregularities, breaches, intrusions etc. Check 4.
    Phone phishing never occurs in your mind right?

    So yes I do find phone real time question and answer interaction more secure. I do trust it more. Maybe I'm wrong. I make no claims to be an expert on such security but I've spoken at length with investigative security personnel at different service firms who similarly recommend the type of phone transaction I've described and that they would NEVER send email prompt for you to reply with all account information in an email to reset or confirm your account.

    Anyway its clear my opinion email is far from isolated;

    http://www.digitaltrends.com/mobile/...ver-be-secure/


    even from your link this was another article;

    http://www.theregister.co.uk/2014/11...y_half_google/

    Seems to be a lot of ongoing problems with email security, fraud, and serious intrusions.

    Of course if I've been wrong on one thing in this thread its how much people are being successfully scammed and how many people do compromise their security by responding to these scam requests and providing all their account information. Perhaps being more old fashioned and deferring to phone as I've described is more secure.
    Email is secure. The user isn't. The user blindly clicks on links with out doing research. You look at the call display, but don't examine a URL?

    Anyways, neither method is fool proof. The people who get scammed usually only have themselves to blame in the end.

  41. #41

    Default

    ^I responded and described the multiple types of checks I look out for. In response to your questions.

    I'm no expert, I stated that, and I concur that no method is 100% secure but again I find it surprising that nearly half of users have been "hoodwinked" into giving account information in response to email phishing attacks.

    That's interesting. Because the amount of times I've participated in compromising myself like that using email by providing that info is zero. Which I think I'll keep that way.

    Conversely theres not been one instance where I provided information on the phone in the method I've described that was later found to be a case of surreptitious violation by a scammer.

    Having said that again I'm obviously no expert in this and would defer to others expertise while I will continue to research this topic.

    Thanks for the exchange.

    ps When did I once state that I don't examine a URL? But afaik that can similarly be "spoofed".
    Last edited by Replacement; 09-01-2015 at 11:16 AM.
    "if god exists and he allowed that to happen, then its better that he doesn't exist"

  42. #42
    C2E Hard Core Contributor
    Join Date
    Jan 2012
    Location
    Grandin 2014--, Garneau 2012-2014, North Downtown 2006-2012
    Posts
    3,249

    Default

    Quote Originally Posted by noodle View Post
    http://en.wikipedia.org/wiki/Caller_ID_spoofing

    http://en.wikipedia.org/wiki/Social_...ring_(security)


    Caller ID isn't secure by a long shot. Someone could spoof the Caller ID of a company & through social engineering of both you & the company easily obtain enough information to make identity theft trivial. It's a pretty common technique.
    In fact I have stopped answering phone calls on my cell with my prefix on it because these are either (a) spoof calls, or (b) calls from people who simply return all calls that aren't answered, i.e., my number was used for the spoof. In the second case, I had an awful conversation with some dude who was mad at me because I claimed I never called him. So now I let those calls go to voicemail.

    I first started to notice this at work where some calls would come in with the work prefix, but no name would show up (which would be the case if a co-worker called). These are always spam calls.

    Eve

  43. #43

    Default

    Just further info and doesn't require a separate thread but global news just reported another scam involving enmax imposters that phone and state you need to send all your account information and payment info to pay immediately or they will disconnect services in 30minutes..

    But as per most phone scams people are smelling this one a mile away.

    One person that was called in the news report kept asking the caller. "You called me, you should have my account information already, you tell me"

    This phone scam sounds very suspicious, no energy provider is going to be disconnecting you in 30mins when all your bills are paid in the middle of the winter. If I got this call I'd keep the ahole on the phone 30mins haranguing them all the while and continuing to ask them "oh, when is my power being cut off" after 30 minutes have elapsed..I'd then say that the call had been traced and recorded for the last 25mins just to see if theres any nervousness on the other end. Well, just for fun. I've strung these people along before when I'm bored. Usually I just hang up upon realizing its a scam and then letting the provider in question know that they are being impersonated and that fraudulent activity is going on. I've cooperated with security investigations countless times just so these bastards get outed.

    But all that aside the current state of affairs is ridiculous. A hope that more of these scammers are detected, charged, and locked up.
    Last edited by Replacement; 09-01-2015 at 01:05 PM.
    "if god exists and he allowed that to happen, then its better that he doesn't exist"

  44. #44

    Default

    Quote Originally Posted by EveB View Post
    In fact I have stopped answering phone calls on my cell with my prefix on it because these are either (a) spoof calls, or (b) calls from people who simply return all calls that aren't answered, i.e., my number was used for the spoof. In the second case, I had an awful conversation with some dude who was mad at me because I claimed I never called him. So now I let those calls go to voicemail.

    Eve
    This strategy would work for me, however, many of my co-workers are on the same prefix for cells and also notice this spoofing is going on for the same numbers in my building...

  45. #45
    C2E Hard Core Contributor
    Join Date
    Jan 2012
    Location
    Grandin 2014--, Garneau 2012-2014, North Downtown 2006-2012
    Posts
    3,249

    Default

    ^ It's why I can't use that strategy at work. Even though I'm nearly certain that the call is a spoof, I have to put on my best business phone voice and answer the phone. I don't get many calls at work (I'm a data analyst, not a receptionist) but it still irritates me each time.

    Eve
    (does data analysis for free, gets paid handsomely for putting up with crappy phone calls)

  46. #46
    I'd rather C2E than work!
    Join Date
    Oct 2007
    Location
    Strathcona - Mill Creek
    Posts
    5,627

    Default

    Quote Originally Posted by Replacement View Post
    Quote Originally Posted by Gord Lacey View Post
    I only call out the stupid stuff you post, which actually isn't everything you contribute here. If you don't want to be called out on posting stupid stuff, don't post the stupid stuff
    This of course is your opinion. If my posts are stupid in your view then why respond?
    In the hopes that you can be educated, and to stop the spread of stupidity.

    Quote Originally Posted by Replacement View Post
    Fwiw you actually only ever post in response to call out my posts. The only times you ever do quote my posts. Which is somewhat interesting.
    Hardly.

    You want Apple to contact a user every time their account is used to sign into a new device, and that's completely absurd. Between June 2013 and June 2014 Apple had sold 200 million iOS devices. That's at least 200 million phone calls you think they should place because some people online try to spoof their emails. If each call lasts 10 seconds, that's over 63 YEARS spent on the phone, in one single year. Assuming they have people working 24 hours a day contacting everyone that's signed into their account. So, 3 shifts of 8 hours in a day, times 63, means Apple would have to hire at least 189 people to call their users on the phone to make sure they have actually logged into their account on a new device. Or, they could automatically email their users and let them know that someone using their account has signed into a new device. Which makes more sense?

    Many applications (email, web browsers) have tools that help to identify phishing attempts. I know Apple Mail shows you the actual URL you'd go to if you hover over a link in an email message, and I believe many other programs do the same thing. Phishing attempts like this aren't solved by turning towards phone calls, as then everyone would just get phone calls from "Apple" notifying them of activity on their account. You may not fall for it, but obviously people do, otherwise it wouldn't be something that's tried. Every got a call from "Windows Support"?

    One-Upped! My chronic need has been fulfilled for today.
    They're going to park their car over there. You're going to park your car over here. Get it?

  47. #47

    Default

    Quote Originally Posted by Gord Lacey View Post
    In the hopes that you can be educated, and to stop the spread of stupidity.
    The rest ignored. You are ignored.

    Would you state this to an individual in person?

    Then why be "that guy" saying it online?

    Don't bother responding.
    Last edited by Replacement; 10-01-2015 at 12:33 PM.
    "if god exists and he allowed that to happen, then its better that he doesn't exist"

  48. #48

    Default

    I thought this thread was going to be, maybe four or five posts long, sort of just a heads up warning, lol...

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •