03.10.08

Fraud Prevention

Posted in IT, Interesting Stuff, Phishing / Scams at 3:43 am by Tyler Reguly

One of my favourite non-IT blogs has got to be The Consumerist. I really like the idea of a public online watchdog that has the freedom to publish pretty much anything.

Anyways, the other day this post caught my attention:

Why doesn't a bank (cough HSBC cough) offer the option to have text message alerts sent to a registered phone number any time a withdrawal is made from a specific account via ATM? "$120 was withdrawn at 2:51pm EST in Palo Verde, CA. Reference #293005"

I think this is a great idea... There's plenty of software that takes advantage of Pager/SMS/Email notifications, why can't the bank due the same? We're becoming more and more technologically advanced and cell phones are everywhere. even my 15 year old sister has an HTC S720.

I would love this feature. My fiance, a while back,  got a letter saying that her debit card had been used at a business known to have conducted malicious activities with customers banking information. She got a letter because the bank called, during business hours, and didn't leave a message (I've never quite figured out why service based businesses operate during the hours that people work... there should be an offset, especially if you're trying to contact the individual). Sure the proposed feature is for withdrawals, but why couldn't it exist for all fraudulent activities?

Now maybe the reason this doesn't exist is to avoid opening yet another avenue of attack. My bank "requires" (you don't HAVE to enter it, but they sure do want you to) an email address. They send me quasi-important information via email. The next think you know when I log into my online banking, there's a notice warning me about yet another phishing attack that's targeting customers of my bank. Perhaps they don't want to introduce a new method that phishers can take advantage of. I seem to recall getting random SMS spam with my first cell phone, coming from numbers like '00000' and '12345', however I haven't seen any of that in quite some time... either I'm really lucky or cell phone companies have figured out how to stop spoofed messages. (Which I find unlikely given that landlines can't prevent Caller ID spoofing.) So would we be making things riskier by allowing SMS Fraud Notifications?

Scenario

  • Customer gets SMS stating that their account has had $500 withdrawn in Mexico.
  • SMS asks customer to contact the bank, providing a number.
  • Customer is in a panic and calls the number immediately.
  • "Agent" asks customer to provide personal information (Bank Account info, SSN/SIN, Address, DoB) to verify that it isn't the fraudulent user.
  • Customer has just been scammed.

Do I foresee that scenario happening if SMS Fraud Notification is introduced? Definitely. Do I still think SMS Fraud Notification would be very beneficial? You bet! Banks simply have to remind customers to always contact the bank following an SMS, but to use the number on their debit card or a known trusted source (bank's website, phone book, bank statement, etc.) Banks also have to accept that this is for Fraud Notification only, if customers start getting non-fraud related notifications, they'll grow lax and be more likely to succumb to a targeted phishing attack.

So thoughts... SMS Fraud Notification -- Good or Bad? Beyond that would you pay for the option or only take advantage of it if it were free?

07.02.07

Beware Greeting Card Emails

Posted in IT, Phishing / Scams, Security at 5:57 pm by Tyler Reguly

In the past 24 hours I've received multiple "greeting card emails" telling me to visit the website and view my greeting card. A couple of points for people to keep in mind when receiving e-cards.

  1. 99% of the time, the e-card email will contain the name of the person who has sent you the e-card. If the email contains phrases like "an e-card from a mate" or "a worshiper has sent you an e-card", it's most likely not a valid email.
  2. The link that you are clicking on in the email will appear as a valid domain name. This doesn't mean you can automatically trust domain names, but you should instinctively delete any email where the link appears as an IP Address (dotted decimal formation, such as 1.2.3.4).
  3. The email will appear as either the address of the person sending it, or a generic address from the company providing the e-card. If you see an address such as abc123@randomletters.com.tr, the e-card is a scam.

Now let's take a look at a real e-card from E-Cards.com vs a malicious e-card spoofing E-Cards.com.

Valid E-Card

Tyler Testing

reply-to Tyler Testing 

to ht@xxx.org
date Jul 2, 2007 6:36 PM
subject E-CARD from Tyler Testing
mailed-by e-cards.com

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Greetings!

Tyler Testing has sent you an E-Card -- a virtual postcard from
E-Cards.com. You can pickup your card at the E-Cards.com website.

-> If your e-mail is hot-link enabled, click here:
http://cards.e-cards.com/pickup/pickup1.pl?code=xxxxx

-> You may also point your web browser to: http://www.e-cards.com/
Then, visit the card pickup page and input your pickup code:
xxxxx

Your E-Card will be available for 15 days from the sending date.
To keep your E-Card accessible indefinitely, you may want to join
"My E-Cards" -- an option to do so is provided in your E-Card!

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^    Save trees. Learn about wildlife nature and the environment.
^^^          Generate an advertising sponsored donation.
^^^^^  Every E-Card sent helps support wildlife and the environment!
%
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Malicious E-Card

From: E-Cards.Com [mailto:ngz@dostbilgisayar.com.tr]
Sent: Monday, July 02, 2007 12:21 PM
To: Tyler Reguly
Subject: You've received a greeting ecard from a mate!

Good day.

Your mate has sent you a greeting ecard from E-Cards.Com.

Send free ecards from E-Cards.Com with your choice of colors, words and music.

Your ecard will be available with us for the next 30 days. If you wish to keep
the ecard longer, you may save it on your computer or take a print.

To view your ecard, choose from any of the following options:

--------
OPTION 1
--------

Click on the following Internet address or
copy & paste it into your browser's address box.

http://xxx.209.67.xx/?XXXX

--------
OPTION 2
--------

Copy & paste the ecard number in the "View Your Card" box at
http://xxx.209.67.xx/

Your ecard number is
XXXX

Best wishes,
Mail Delivery System,
E-Cards.Com

I haven't visited the links in a secure VM to see where they point, so I don't quite feel comfortable providing the links on this page. If anyone wants the links, they can feel free to contact me.

04.12.07

Limited Whois Results

Posted in IT, Phishing / Scams at 11:29 am by Tyler Reguly

RSnake has an interesting post on the Whois Daemon that is running for the .to TLD. It seems as though their modified daemon returns minimal results... masking all contact and registration information.

root:# whois tonic.to
Tonic whoisd V1.0
tonic
root:# whois task.to
Tonic whoisd V1.0
task    ns1.perpetualconnections.com    64.90.96.130    ns2.perpetualconnections.com    64.90.96.230

As RSnake points out this is a spammers dream.  I would add that the same is true for phishers.

03.13.07

Rogers Communications Phish

Posted in Phishing / Scams at 9:48 pm by Tyler Reguly

This is just a quick heads up since it actually concerns me as well (being a Rogers customer)... Websense has published an alert on a new phishing attempt targeting Rogers customers..

The text of the email is:

Rogers is constantly working to ensure security by regularly screening the accounts in our system. We recently reviewed your account, and we need more information to help us provide you with secure service. Until we can collect this information, your access to sensitive account features will be limited. We would like to restore your access as soon as possible, and we apologize for the inconvenience.

Why is my account access suspended?

Your account access has been suspended for the following reason(s):
March 12, 2007: We have reason to believe that your account was accessed by a third party. Because protecting the security of your account is our primary concern, we have limited access to sensitive Rogers account features. We understand that this may be an inconvenience but please understand that this temporary limitation is for your protection.

(Your case ID for this reason is RR-257-057-154.)
To remove the limitation click on the following link:

Regards,
Rogers Security Departament

At this point, I can't say how wide spread this is. I've checked 3 Rogers Accounts that we have as well as a couple of "spam" accounts I maintain and I haven't seen anything yet... However it is a concern. Currently, Rogers highlights email specifically from Rogers Internet in blue if you used the web-based Yahoo! solution. It would be nice if Rogers (and other ISPs offering web-based mail) were to provide that same service... If you've sent the email, highlight it so users know it's legit, that little bit of extra warning.

So All you Rogers customers... take care when clicking email... If you are concerned about the validity of an email... contact Rogers @ 1-888-ROGERS-1

01.16.07

MySpace Phish Grabs 56000+ Usernames and Passwords

Posted in Phishing / Scams at 5:31 am by Tyler Reguly

It would seem that a lot of people still haven't learned to check their address bar prior to logging into a page... I say a lot because at least 1 or 2 of the 56000 users taken in by http://www.marcolano.com/login (google cache) provided false information.

I actually feel quite bad for the users involved in this phishing quest. Generally your password is obtained by the person running the phish attempt, however someone felt the need to provide a link to the list of passwords as it was being created. After the site was taken down, someone had the "genius" thought of circulating this list on the Full Disclosure mailing list.

A quick whois of the domain provides the following details:

Domain name: marcolano.com

Registrant Contact:
LunarDev Productions
Marc Olano (marcolano@hotmail.com)
+1.8583738773
Fax: none
1252 Grand Avenue
San Diego, CA 92109
US

I've fired off an email to Marc to see if he was responsible or if it was a website compromise. If he was responsible, I've also asked him what his motivation was, although I doubt I'll receive a response. I've also fired off an email to MySpace in case they were unaware of the issue (which seems doubtful), and I find it interesting that they don't have a generic security contact address that's easy to find on their website. This is something that all major websites should have, in my opinion, easily viewable on their main page.

I would like to note that this page was submitted to the FireFox 2.0 Phishing Protection page. As soon as I attempted to visit the page, even though the server was down and no page was loaded, I received a warning about the site being reported as a fake.

[UPDATE] Brian Krebs has published an article where he performs breakdowns of the passwords. Providing the most common passwords, the number of unique passwords, and a count of the length of the passwords.  

Peace,
HT

09.03.06

Reciept of your payment…

Posted in Phishing / Scams at 2:15 am by Tyler Reguly

Yet another phishing email... these guys are cleaver... I'll give them that, a few things could have made this a much better attempt but I'm not going to point out their mistakes to help them out... instead, here's yet another email to be on the lookout for.

Dear PayPal Member,

This email confirms that you have paid LWPELECTRONICS (sales@lwpelectronics.com) $474.99 USD using PayPal.

This credit card transaction will appear on your bill as "PAYPAL LWPELECTRONICS*".


PayPal Shopping Cart Contents
Item Name: BRAND NEW NOKIA 8800 CELL PHONE
Quantity: 1
Total: $474.99 USD
Cart Subtotal: $454.99 USD
Shipping Charge: $20.00 USD
Cart Total: $474.99 USD

Shipping Information
Shipping Info: Bill Chang
202 N Magnolia Dr.
Saco, ME 04072
United States
Address Status: Unconfirmed

If you haven't authorized this charge, click the link below to cancel the payment and get a full refund.

Dispute Transaction

 
Thank you for using PayPal!
The PayPal Team
Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your PayPal account and choose the "Help" link in the footer of any page.
PayPal Email ID PP120

Quite well done, no? Oh well, it's there for your viewing pleasure (Disclaimer: Don't be an idiot and provide information to any of the links you follow in it).

Peace,
HT

08.27.06

Title Fraud… or While you were sleeping I sold your house.

Posted in Phishing / Scams at 3:44 am by Tyler Reguly

<meta name="GENERATOR" content="OpenOffice.org 2.0 (Linux)" /><meta name="AUTHOR" content="HTRegz" /><meta name="CREATED" content="20060827;3524000" /><meta name="CHANGEDBY" content="HTRegz" /><meta name="CHANGED" content="20060827;4390200" /><br /> <style type="text/css"> <!-- @page { size: 8.5in 11in; margin: 0.79in } P { margin-bottom: 0.08in } --> </style> <p align="center" style="margin-bottom: 0in">Shocking...</p> <p align="center" style="margin-bottom: 0in">Mind-blowing...</p> <p align="center" style="margin-bottom: 0in">Ridiculous...</p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in">These are the words that came to mind today while reading the Saturday edition of the Toronto Star. Half the front page was dedicated to introducing <a onclick="javascript:pageTracker._trackPageview('/outgoing/www.thestar.com/NASApp/cs/ContentServer?pagename=thestar/Layout/Article_Type1&c=Article&cid=1156542610726&call_pageid=968332188774&col=968350116467');" title="The Story" href="http://www.thestar.com/NASApp/cs/ContentServer?pagename=thestar/Layout/Article_Type1&c=Article&cid=1156542610726&call_pageid=968332188774&col=968350116467">a story</a>... a story that took up 2 pages inside the paper... a story that made me think those words. An 89 year old man was the victim of title fraud... The first thing I asked myself was, “What is title fraud?” The answer to that question is why I'm posting here... Title fraud starts with Identity theft... Most people are well aware of identity theft these days.. Someone steals your identity, obtains a credit card in your name and runs up bill. However it can be much more serious. Generally with credit card companies, since it wasn't actually you, they forgive the debt... making that form of identity theft the least of your problems. Identity theft involving title fraud can leave you homeless.</p> <p style="margin-bottom: 0in">First, I steal your identity... remember that email you received last week from your bank asking you to confirm your account details.. Gotcha! So now I can pass myself off as you. Now I, acting as you, go with my buddy to a lawyers office and sign a deed over to my buddy. The lawyer checks out our ID and notarizes the deed for a couple hundred bucks. Now my buddy walks down to the local bank and applies for a mortgage. The bank does a quick title check and sees that indeed my buddy does have the title to that land. They give him $300,000 and he walks out. We then make a run for it and look for another city and another victim.</p> <p style="margin-bottom: 0in">So you're sitting there thinking big deal, it's the banks fault... well then, the jokes on you. Given current Ontario law the bank owns your house. That's right... the Ontario Court of Appeal decided that a fraudulent mortgage is valid. The bank can kick you out, and sell it. The ran a title search and my buddy was the owner according to the title search. You are left without a house and there's not a whole lot that you can do. You can attempt to obtain your money via the Land Titles Assurance Fund,however they are backlogged with claims and it could take years (in addition to thousands of dollars) before you see your money again. In the mean time I bet the back seat of your car looks like a wonderful place for your family of four to sleep.</p> <p style="margin-bottom: 0in">This has been happening for years, however with recent increases in identity theft, there are increases in title fraud. The government keeps saying that they are trying to help the victims but they still haven't stepped in and changed the laws or amended the Land Registry Act. In the mean time, you may want to look into title insurance but even that won't save you now, thanks to the Ontario Court of Appeal many insurance companies are refusing the claim because the mortgage is valid, even if the title was forged.</p> <p style="margin-bottom: 0in">So remember... the next time you're sitting back in your chair, enjoying a a steaming mug of mocha java... that knock at your door, it might not be a visitor. It might be the bank informing you that you no longer own your home. You can thank the government and the system for not feeling the need to protect you, perhaps the Prime Minister will let you sleep on his couch while they sort this out and do the right thing.</p> <p align="right" style="margin-bottom: 0in">Peace,<br /> HT</p> <p class="feedback"> <a href="http://www.computerdefense.org/2006/08/27/title-fraud-or-while-you-were-sleeping-i-sold-your-house/" rel="bookmark" title="Permanent link to Title Fraud… or While you were sleeping I sold your house." class="permalink">Permalink</a> <a href="http://www.computerdefense.org/2006/08/27/title-fraud-or-while-you-were-sleeping-i-sold-your-house/#comments" class="commentslink" title="Comment on Title Fraud… or While you were sleeping I sold your house."><script src='http://www.intensedebate.com/js/getCommentLink.php?acct=a5818b6aefeb4135aaa58d1dbf617369&postid=76&posttitle=Title+Fraud...+or+While+you+were+sleeping+I+sold+your+house.&posturl=http%3A%2F%2Fwww.computerdefense.org%2F2006%2F08%2F27%2Ftitle-fraud-or-while-you-were-sleeping-i-sold-your-house%2F&posttime=2006-08-27+08%3A44%3A55&postauthor=Tyler+Reguly' type='text/javascript' defer='defer'></script></a>      <a href="http://digg.com/submit?phase=3&url=http%3A%2F%2Fwww.computerdefense.org%2F2006%2F08%2F27%2Ftitle-fraud-or-while-you-were-sleeping-i-sold-your-house%2F&title=Title Fraud… or While you were sleeping I sold your house.">Digg this post</a>      <a href='http://digg.com/security/Title_Fraud_or_While_you_were_sleeping_I_sold_your_house' ping='http://www.computerdefense.org/2006/08/27/title-fraud-or-while-you-were-sleeping-i-sold-your-house/' target='_blank' title='Digg this story'>Digg this story</a> <Font Size="-2"><a href="http://www.aviransplace.com/index.php/digg-this-wordpress-plugin/" Title="This link was created automatically by Wordpress Digg This plugin (Download the plugin)">?</a></Font> </p> <script src="http://feeds.feedburner.com/~s/computerdefense?i=http://www.computerdefense.org/2006/08/27/title-fraud-or-while-you-were-sleeping-i-sold-your-house/" type="text/javascript" charset="utf-8"></script> <!-- <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/"> <rdf:Description rdf:about="http://www.computerdefense.org/2006/08/27/title-fraud-or-while-you-were-sleeping-i-sold-your-house/" dc:identifier="http://www.computerdefense.org/2006/08/27/title-fraud-or-while-you-were-sleeping-i-sold-your-house/" dc:title="Title Fraud… or While you were sleeping I sold your house." trackback:ping="http://www.computerdefense.org/2006/08/27/title-fraud-or-while-you-were-sleeping-i-sold-your-house/trackback/" /> </rdf:RDF> --> </div> <div class="post"> <h1 class="storydate">08.24.06</h1> <h2 id="post-72" class="storytitle"><a href="http://www.computerdefense.org/2006/08/24/spammailbagcom/" rel="bookmark" title="Permanent link to SpamMailBag.com">SpamMailBag.com</a></h2> <p class="meta">Posted in <a href="http://www.computerdefense.org/category/it/" title="View all posts in IT" rel="category tag">IT</a>, <a href="http://www.computerdefense.org/category/phishing-scams/" title="View all posts in Phishing / Scams" rel="category tag">Phishing / Scams</a>, <a href="http://www.computerdefense.org/category/spammailbagcom/" title="View all posts in SpamMailBag.com" rel="category tag">SpamMailBag.com</a> at 1:24 am by Tyler Reguly</p> <p>I'd like to introduce my latest project... <a onclick="javascript:pageTracker._trackPageview('/outgoing/www.spammailbag.com/');" title="SpamMailBag.com" href="http://www.spammailbag.com/">SpamMailBag.com</a>. Here's the plan:</p> <p>Using domain/task specific email addresses, I will be signing up for various services, websites and posting on various forums. I'm also hoping to pull some favours and have some fellow bloggers do blog specific ones.... For example I will be setting up computerdefense.org@spammailbag.com. I would give other examples but that would negate the effort. All emails will automatically be posted to <a onclick="javascript:pageTracker._trackPageview('/outgoing/www.spammailbag.com/');" title="SpamMailBag.com" href="http://www.spammailbag.com/">SpamMailBag.com</a>.</p> <p>What is the goal? Well, for me it's simply a social project. I'm curious to see which services and websites requiring sign-ups sell your information and who they sell it to. I'm curious to see which blogs are harvested and which aren't, I'm curious to see which forums are harvested. I may even ask users to create contacts for certain addresses in outlook and outlook express or maybe gmail or hotmail to see if those addresses end up elsewhere.</p> <p>For me, it will be a fun project... Maybe I'll even email The Colbert Report, or take out custom ads in the paper to see if anyone harvests from TV and Newspaper/Magazine ads.</p> <p>Additionally, as the addresses become more popular, I may end up with a bit of a honeypot for new email malware... Maybe I'll catalogue phishing attempts or scams... and maybe I'll see viagra advertisements so often that I'll end up buying some...</p> <p>It my flop... but it may work out really well and if it does I may be calling in favours as far as hosting goes, I'm not sure just how much I'll be able to effectively handle.</p> <p>Those of you eager to check it out... I've yet to deploy the site... it currently points to a VERY old domain that until recently was hosted elsewhere... I'm hoping to have the <a onclick="javascript:pageTracker._trackPageview('/outgoing/www.spammailbag.com/');" title="SpamMailBag.com" href="http://www.spammailbag.com/">SpamMailBag.com</a> blog up before I go to bed and if not, then in the very near future.</p> <p align="right">Peace,<br /> HT</p> <p class="feedback"> <a href="http://www.computerdefense.org/2006/08/24/spammailbagcom/" rel="bookmark" title="Permanent link to SpamMailBag.com" class="permalink">Permalink</a> <a href="http://www.computerdefense.org/2006/08/24/spammailbagcom/#comments" class="commentslink" title="Comment on SpamMailBag.com"><script src='http://www.intensedebate.com/js/getCommentLink.php?acct=a5818b6aefeb4135aaa58d1dbf617369&postid=72&posttitle=SpamMailBag.com&posturl=http%3A%2F%2Fwww.computerdefense.org%2F2006%2F08%2F24%2Fspammailbagcom%2F&posttime=2006-08-24+06%3A24%3A38&postauthor=Tyler+Reguly' type='text/javascript' defer='defer'></script></a>      <a href="http://digg.com/submit?phase=3&url=http%3A%2F%2Fwww.computerdefense.org%2F2006%2F08%2F24%2Fspammailbagcom%2F&title=SpamMailBag.com">Digg this post</a>      <a href='http://digg.com/security/SpamMailBag_com' ping='http://www.computerdefense.org/2006/08/24/spammailbagcom/' target='_blank' title='Digg this story'>Digg this story</a> <Font Size="-2"><a href="http://www.aviransplace.com/index.php/digg-this-wordpress-plugin/" Title="This link was created automatically by Wordpress Digg This plugin (Download the plugin)">?</a></Font> </p> <script src="http://feeds.feedburner.com/~s/computerdefense?i=http://www.computerdefense.org/2006/08/24/spammailbagcom/" type="text/javascript" charset="utf-8"></script> <!-- <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/"> <rdf:Description rdf:about="http://www.computerdefense.org/2006/08/24/spammailbagcom/" dc:identifier="http://www.computerdefense.org/2006/08/24/spammailbagcom/" dc:title="SpamMailBag.com" trackback:ping="http://www.computerdefense.org/2006/08/24/spammailbagcom/trackback/" /> </rdf:RDF> --> </div> <div class="post"> <h1 class="storydate">08.18.06</h1> <h2 id="post-69" class="storytitle"><a href="http://www.computerdefense.org/2006/08/18/phishers-are-getting-smarter/" rel="bookmark" title="Permanent link to Phishers are getting smarter">Phishers are getting smarter</a></h2> <p class="meta">Posted in <a href="http://www.computerdefense.org/category/phishing-scams/" title="View all posts in Phishing / Scams" rel="category tag">Phishing / Scams</a> at 1:26 am by Tyler Reguly</p> <p>I actually had to go and double check my wallet tonight after receiving an email from PayPal to one of my accounts... It's not an account I use a lot, and I didn't remember having a PayPal account linked to it so I doubted it was real, however it was interesting.. It was the one legit email that you do get from PayPal... the Credit Card expiration reminder... I actually had to get my wallet and double check that it wasn't the last four digits of my CC that were showing...</p> <p>Here's the email:</p> <pre>Dear <address removed>, Your credit card ending in 3812 will expire soon. To avoid any interruption to your service, please update your credit card expiration date by following the steps below. If you do not update your credit card expiration date - You will no longer be able to fund payments with this card To update your credit card expiration date: 1.  Log in to your PayPal account 2.  Go to the Profile subtab 3.  Click on the 'Credit Cards' link in the Financial Information column 4.  Choose the radio button next to the credit card you would like to update and click 'Edit' 5.  Enter your credit card verification number 6.  Enter the new credit card expiration date 7.  Click 'Save' Thank you for using PayPal! The PayPal Team ---------------------------------------------------------------- PROTECT YOUR PASSWORD NEVER give your password to anyone, including PayPal employees. Protect yourself against fraudulent websites by opening a new web browser (e.g. Internet Explorer or Netscape) and typing in the PayPal URL every time you log in to your account. ---------------------------------------------------------------- Please do not reply to this email. This mailbox is not monitored and you will not receive a response. For assistance, log in to your PayPal account and click the Help link located in the top right corner of any PayPal page. ---------------------------------------------------------------- PayPal (USA) Limited is authorized and regulated by the Financial Services Authority in the United States as an electronic money institution. PayPal Email ID PP031</address> </pre> <p>So yeah.... it's getting more and more difficult to distinguish the real from the not-so-real... Had this been a real account and I not been up on phishing and not checked my real credit card for comparison (or paid attention to the domain being used) I may have been taken in by this</p> <p align="right">Peace,<br /> HT</p> <p class="feedback"> <a href="http://www.computerdefense.org/2006/08/18/phishers-are-getting-smarter/" rel="bookmark" title="Permanent link to Phishers are getting smarter" class="permalink">Permalink</a> <a href="http://www.computerdefense.org/2006/08/18/phishers-are-getting-smarter/#comments" class="commentslink" title="Comment on Phishers are getting smarter">1 Comment</a>      <a href="http://digg.com/submit?phase=3&url=http%3A%2F%2Fwww.computerdefense.org%2F2006%2F08%2F18%2Fphishers-are-getting-smarter%2F&title=Phishers are getting smarter">Digg this post</a>       </p> <script src="http://feeds.feedburner.com/~s/computerdefense?i=http://www.computerdefense.org/2006/08/18/phishers-are-getting-smarter/" type="text/javascript" charset="utf-8"></script> <!-- <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/"> <rdf:Description rdf:about="http://www.computerdefense.org/2006/08/18/phishers-are-getting-smarter/" dc:identifier="http://www.computerdefense.org/2006/08/18/phishers-are-getting-smarter/" dc:title="Phishers are getting smarter" trackback:ping="http://www.computerdefense.org/2006/08/18/phishers-are-getting-smarter/trackback/" /> </rdf:RDF> --> </div> <div class="post"> <h1 class="storydate">08.12.06</h1> <h2 id="post-67" class="storytitle"><a href="http://www.computerdefense.org/2006/08/12/phishers-are-bold/" rel="bookmark" title="Permanent link to Scammers are bold">Scammers are bold</a></h2> <p class="meta">Posted in <a href="http://www.computerdefense.org/category/phishing-scams/" title="View all posts in Phishing / Scams" rel="category tag">Phishing / Scams</a> at 10:03 pm by Tyler Reguly</p> <p>I recently received yet another phishing attempt, this time to my email address associated with this site, from one Mr. Lord Freeman. I decided that for a change... I would reply and see what happened. I was rather impressed with how bold the individual was and how quickly they asked for information without any attempts to build comradery or familiarity. I'm interested to see how the individual will respond to the most recent email, and will keep you apprised... In the mean time.. here's how quickly it happens.</p> <p>Original Email:</p> <table width="100%" cellpadding="0"> <tr> <td> <table cellpadding="0"> <tr> <th valign="top" nowrap="nowrap" align="right"><strong>From: </strong></th> <td>Mr Lord Freeman < <a href="mailto:Mr%20Lord%20Freeman%20%3clord_freeman10@virgilio.it%3e">lord_freeman10@virgilio.it></td> </tr> <tr> <th valign="top" nowrap="nowrap" align="right"><strong>Reply-To: </strong></th> <td><a onclick="javascript:pageTracker._trackPageview('/mailto/mrlord_freeman05@latinmail.com');" href="mailto:mrlord_freeman05@latinmail.com">mrlord_freeman05@latinmail.com</a></td> </tr> <tr> <th valign="top" nowrap="nowrap" align="right"><strong>Subject: </strong></th> <td>WAITING FOR YOUR GOOD RESPONSE</td> </tr> <tr> <th valign="top" nowrap="nowrap" align="right"><strong>Date: </strong></th> <td>Tue, 8 Aug 2006 00:55:06 +0100 (GMT+01:00) <em> (Mon, 19:55 EDT)</em></td> </tr> </table> </td> </tr> </table> <table cellspacing="0" cellpadding="3"> <tr> <td> </td> </tr> </table> <p><tt><font color="#737373">>From Mr Lord Freeman</font></tt><br /> <tt>P.O Box 3038,</tt><br /> <tt>57 victoria Street, </tt><br /> <tt>London SW1H,</tt><br /> <tt>LONDON.</tt></p> <p><tt>Hello </tt></p> <p><tt>in order to transfer out (Twelve million, five hundred </tt><br /> <tt>thousand British pounds) from our Bank. I </tt><br /> <tt>have the courage to look for </tt><br /> <tt>a reliable and Honest Person who will be capable for this Important </tt><br /> <tt>business Transaction,believing that you will never let me down either </tt><br /> <tt>now or in Future.</tt></p> <p><tt>The owner of this account is Mr. David Hagen </tt><br /> <tt>foreigner and the Manager Of petrol chemical service,a chemical </tt><br /> <tt>engineer by Proffession and he died since 1990.the account has no other </tt><br /> <tt>beneficiary And my Investigation proved to me as well that his company </tt><br /> <tt>does not know anything About this account.</tt></p> <p><tt>I want to transfer this </tt><br /> <tt>money into a safe foreign account abroad but i Don't know any </tt><br /> <tt>foreigner,</tt><br /> <tt>i know that this message will come to you as a surprise as </tt><br /> <tt>we don't know ourselves before,but be sure that it isreal And A Genuine </tt><br /> <tt>business.</tt></p> <p><tt>I believe in God that you will never let me down in this </tt><br /> <tt>transaction,at the conclusion of this </tt><br /> <tt>business,you will be giving 30% </tt><br /> <tt>of the total amount, 70% will be for me.I look forward to your </tt><br /> <tt>earliestreply by email for more details. </tt></p> <p><tt>Best regards</tt></p> <p><tt>Mr. Lord </tt><br /> <tt>Freeman</tt></p> <p>My Response:</p> <table width="100%" cellpadding="0"> <tr> <td> <table cellpadding="0"> <tr> <th valign="top" nowrap="nowrap" align="right"><strong>To: </strong></th> <td><a onclick="javascript:pageTracker._trackPageview('/mailto/mrlord_freeman05@latinmail.com');" href="mailto:mrlord_freeman05@latinmail.com">mrlord_freeman05@latinmail.com</a></td> </tr> <tr> <th valign="top" nowrap="nowrap" align="right"><strong>Subject: </strong></th> <td>Re: WAITING FOR YOUR GOOD RESPONSE</td> </tr> <tr> <th valign="top" nowrap="nowrap" align="right"><strong>Date: </strong></th> <td>Sat, 12 Aug 2006 02:11:10 -0400</td> </tr> <tr> <th valign="top" nowrap="nowrap" align="right"><strong>Mailer: </strong></th> <td>Evolution 2.6.0</td> </tr> </table> </td> <td valign="top" align="right"><img width="16" height="16" border="0" align="bottom" src="icon:///em-format-html/.0x818b5c8.20/icon/header" /></td> </tr> </table> <table cellspacing="0" cellpadding="3"> <tr> <td> </td> </tr> </table> <p><tt>Hello,</tt></p> <p><tt>I apologize for the slow response, I've been busy lately.</tt></p> <p><tt>How can I assist you?</tt></p> <p>I then received:</p> <table width="100%" cellpadding="0"> <tr> <td> <table cellpadding="0"> <tr> <th valign="top" nowrap="nowrap" align="right"><strong>From: </strong></th> <td>Mr LORD FREEMAN < <a href="mailto:Mr%20LORD%20FREEMAN%20%3cmrlord_freeman2@yahoo.co.uk%3e">mrlord_freeman2@yahoo.co.uk></td> </tr> <tr> <th valign="top" nowrap="nowrap" align="right"><strong>To: </strong></th> <td>XXXX</td> </tr> <tr> <th valign="top" nowrap="nowrap" align="right"><strong>Subject: </strong></th> <td>send to me as a matter of urgency followings for the claim in your name!</td> </tr> <tr> <th valign="top" nowrap="nowrap" align="right"><strong>Date: </strong></th> <td>Sat, 12 Aug 2006 22:01:59 +0100 (BST) <em> (17:01 EDT)</em></td> </tr> </table> </td> </tr> </table> <table cellspacing="0" cellpadding="3"> <tr> <td> </td> </tr> </table> <p><strong><em> </em></strong> <strong>Thank you for your prompt response to my mail, The content therein is well understood. However, I quite appreciate your situation of been skeptical since we have not meet each other before and also because of too many bad people that one encounter with this days one do not know who to trust, But I thank you for seeing the sincerity in my mail as I have good intention for both of us. Be that as it may, One must trust each other some how because "There is no way you can identify an angel without having an encounter with one" So it is always good to have an open mind in what ever your dealings are. </strong><br /> <strong><em>Nevertheless, I can read from your mail that you are a truthful person like my self because there is this saying that "from there words we shall know them" So I can identify you even without meeting you, This is spiritual because I always trust my spiritual instinct and I do listen to it, I have feelings that we can do this transaction together if we understand our self. </em></strong><br /> <strong><em>Subsequently, Having accepted the above, Please let me have this from you so that we can commence the process of arranging the documents of claims of inheritance in your favor after which we will submit to the bank for approval of claims on your behalf. Modalities would be worked out at the highest levels at the Department of Justice for the immediate notarization and procurement of all needed back-up legal documentations. The process of funds transference would be concluded within 14 working days subject to your satisfaction of the stated terms. </em></strong> <strong><em>My assurance once again is that your role is risk free. To accord this transaction the legality it deserves and for mutual security of the fund, the whole procedures will be officially and legally processed with your name as the Bonafide beneficiary. This is the most important aspect of the project because it is at this stage that all important and vital back-up legal documents would be procured. Substantiating our claims with this document, we would await further fund release Approvals/Recommendations. Once they are issued, it means that the greater tasks of the processes of the fund transfer have been concluded. To proceed in earnest send me one of your personal checking accounts, You can either provide us with an existing bank account, or to set up a new Bank account immediately to receive this money, Your account details should go like this i.e. </em></strong> <strong><em>(a) BANK NAME </em></strong><br /> <strong><em>(b) BANK ADDRESS </em></strong><br /> <strong><em>(c) ACCOUNT NAME </em></strong><br /> <strong><em>(d) ACCOUNT NUMBER </em></strong><br /> <strong><em>(e) SORT CODE OR ROUTING NUMBER </em></strong> <strong><em>This is to enable the attorney draft an application, which he would be sending to the bank for claims on your behalf. The information as requested below would also be used by the attorney to raise legal back-up documents that will substantiate your claims. </em></strong><br /> <strong><em>1. Your Full Names: </em></strong><br /> <strong><em>2. Your Occupation: </em></strong><br /> <strong><em>3. Date of Birth/Age: </em></strong><br /> <strong><em>4. Marital Status: </em></strong><br /> <strong><em>5. Your Telephone/Cell Phone and Fax Numbers for effective communication between us. </em></strong><br /> <strong><em>6. A scanned copy of your ID, preferably your International Passport or Drivers License is as well needed to enable me set my eyes on the face of my partner. </em></strong> <strong><em>On my receipt of the above information and a strong assurance from you that my trust and confidence in you is never misplaced, I will then start to process the transfer of the fund to your account without further delays. The attorney with my assistance will forward an application for the release of the said amount on your behalf to the bank. He will also forward your account detail to the bank and to the H.M Treasury Department for foreign transfer approval in your favor. As soon as the fund is approved for transfer to your account, you as the foreign beneficiary of the fund will be required to go to the bank's offshore payment center closest to you for the signing of the Final Fund Release Order. You can see you would not necessarily come to London, as the attorney here would represent you down here. After the signing, the fund will be transferred to your account in your presence while you are still in the payment office and you will call your bank to confirm the receipt of the fund in your account. </em></strong><br /> <strong><em>At the moment, you should not tell your bank that huge amount is to be transferred into your account until after you must have signed the Final Fund Release Order Form (M) in the bank's foreign offshore payment office closest to you, because that will be the only time all the documents to back up the transfer as a legitimate fund which did not originate from drug, money laundry, terrorism or any other illegal act will be ready in your name and will accompany the fund to your account so that your bank or your government will not question the transfer. This information is highly confidential and you should always keep it only to yourself. </em></strong> <strong><em>I would like to receive in return your acceptance to proceed as suggested. Urgency is indeed needed. I am also looking forward to a mutual beneficial partnership with you. Call me at + 44 7040 111 132 for us to talk more on this transfer which we shall all benefit from. On my next email to you, I will send my international id to you as sign of good faith and any other clarification you may require as i will have to renuew my passport so that i will send it to you in my next mail hoping to see yours in your reply. </em></strong> <strong><em>Your Partner and Friend,</em></strong></p> <p><strong><em>Mr.lord freeman</em></strong><br /> My final response to date:</p> <table width="100%" cellpadding="0"> <tr> <td> <table cellpadding="0"> <tr> <th valign="top" nowrap="nowrap" align="right"><strong>To: </strong></th> <td>Mr LORD FREEMAN < <a href="mailto:Mr%20LORD%20FREEMAN%20%3cmrlord_freeman2@yahoo.co.uk%3e">mrlord_freeman2@yahoo.co.uk></td> </tr> <tr> <th valign="top" nowrap="nowrap" align="right"><strong>Subject: </strong></th> <td>Re: send to me as a matter of urgency followings for the claim in your name!</td> </tr> <tr> <th valign="top" nowrap="nowrap" align="right"><strong>Date: </strong></th> <td>Sat, 12 Aug 2006 22:45:30 -0400</td> </tr> <tr> <th valign="top" nowrap="nowrap" align="right"><strong>Mailer: </strong></th> <td>Evolution 2.6.0</td> </tr> </table> </td> <td valign="top" align="right"><img width="16" height="16" border="0" align="bottom" src="icon:///em-format-html/.0x818b5c8.22/icon/header" /></td> </tr> </table> <table cellspacing="0" cellpadding="3"> <tr> <td> </td> </tr> </table> <p><tt>G'day sir,</tt></p> <p><tt>I look forward to doing business with you and am glad to have received</tt><br /> <tt>your contact. I am however worried. A friend at work was recently</tt><br /> <tt>telling me about something called fishing... I'm not exactly sure what</tt><br /> <tt>it is... but it sounded a lot like this... How can I be sure that this</tt><br /> <tt>is indeed legit? Perhaps, since you contacted me, as a sign of good</tt><br /> <tt>faith you could provide me with a copy of your ID first? I've found I</tt><br /> <tt>can tell a good deal about a person by looking at their person and am</tt><br /> <tt>curious to see your picture to determine if I can trust you. </tt></p> <p><tt>Thank you...</tt></p> <p>I have not yet recieved anything else, however as soon as I do, I will update this blog.</p> <p align="right">Peace,<br /> HT</p> <p class="feedback"> <a href="http://www.computerdefense.org/2006/08/12/phishers-are-bold/" rel="bookmark" title="Permanent link to Scammers are bold" class="permalink">Permalink</a> <a href="http://www.computerdefense.org/2006/08/12/phishers-are-bold/#comments" class="commentslink" title="Comment on Scammers are bold">1 Comment</a>      <a href="http://digg.com/submit?phase=3&url=http%3A%2F%2Fwww.computerdefense.org%2F2006%2F08%2F12%2Fphishers-are-bold%2F&title=Scammers are bold">Digg this post</a>       </p> <script src="http://feeds.feedburner.com/~s/computerdefense?i=http://www.computerdefense.org/2006/08/12/phishers-are-bold/" type="text/javascript" charset="utf-8"></script> <!-- <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/"> <rdf:Description rdf:about="http://www.computerdefense.org/2006/08/12/phishers-are-bold/" dc:identifier="http://www.computerdefense.org/2006/08/12/phishers-are-bold/" dc:title="Scammers are bold" trackback:ping="http://www.computerdefense.org/2006/08/12/phishers-are-bold/trackback/" /> </rdf:RDF> --> </div> <p> </p> <!-- wpscanner --> </div> <div id="sidebar"> <ul> <li class="pagenav"><h2>Pages</h2><ul><li class="page_item page-item-107"><a href="http://www.computerdefense.org/about/" title="About">About</a></li> <li class="page_item page-item-343"><a href="http://www.computerdefense.org/cdo-mailing-list/" title="CDO Mailing List">CDO Mailing List</a></li> <li class="page_item page-item-32"><a href="http://www.computerdefense.org/link-exchange/" title="Link Exchange">Link Exchange</a></li> <li class="page_item page-item-356"><a href="http://www.computerdefense.org/press-clippings/" title="Press Clippings">Press Clippings</a></li> <li class="page_item page-item-345"><a href="http://www.computerdefense.org/sbn-mailing-list/" title="SBN Mailing List">SBN Mailing List</a></li> </ul></li><li id="archives"> <h2>Feedburner</h2> <ul><li><p><a href="http://networks.feedburner.com/Security-Bloggers-Network" title="Explore Security Bloggers Network, a FeedBurner Network." rel="alternate" type="application/rss+xml"> Explore Security Bloggers Network</a> (a FeedBurner Network)</p></li> <li><p><a href="https://www.feedburner.com/ads/add-campaign.do?n=111">Advertise on sites like these</a></p></li> </ul> </li> <li id="archives"> <h2>Archives</h2> <ul> <li><a href='http://www.computerdefense.org/2008/07/' title='July 2008'>July 2008</a></li> <li><a href='http://www.computerdefense.org/2008/06/' title='June 2008'>June 2008</a></li> <li><a href='http://www.computerdefense.org/2008/05/' title='May 2008'>May 2008</a></li> <li><a href='http://www.computerdefense.org/2008/04/' title='April 2008'>April 2008</a></li> <li><a href='http://www.computerdefense.org/2008/03/' title='March 2008'>March 2008</a></li> <li><a href='http://www.computerdefense.org/2008/02/' title='February 2008'>February 2008</a></li> <li><a href='http://www.computerdefense.org/2008/01/' title='January 2008'>January 2008</a></li> <li><a href='http://www.computerdefense.org/2007/12/' title='December 2007'>December 2007</a></li> <li><a href='http://www.computerdefense.org/2007/11/' title='November 2007'>November 2007</a></li> <li><a href='http://www.computerdefense.org/2007/10/' title='October 2007'>October 2007</a></li> <li><a href='http://www.computerdefense.org/2007/09/' title='September 2007'>September 2007</a></li> <li><a href='http://www.computerdefense.org/2007/08/' title='August 2007'>August 2007</a></li> <li><a href='http://www.computerdefense.org/2007/07/' title='July 2007'>July 2007</a></li> <li><a href='http://www.computerdefense.org/2007/06/' title='June 2007'>June 2007</a></li> <li><a href='http://www.computerdefense.org/2007/05/' title='May 2007'>May 2007</a></li> <li><a href='http://www.computerdefense.org/2007/04/' title='April 2007'>April 2007</a></li> <li><a href='http://www.computerdefense.org/2007/03/' title='March 2007'>March 2007</a></li> <li><a href='http://www.computerdefense.org/2007/02/' title='February 2007'>February 2007</a></li> <li><a href='http://www.computerdefense.org/2007/01/' title='January 2007'>January 2007</a></li> <li><a href='http://www.computerdefense.org/2006/12/' title='December 2006'>December 2006</a></li> <li><a href='http://www.computerdefense.org/2006/11/' title='November 2006'>November 2006</a></li> <li><a href='http://www.computerdefense.org/2006/10/' title='October 2006'>October 2006</a></li> <li><a href='http://www.computerdefense.org/2006/09/' title='September 2006'>September 2006</a></li> <li><a href='http://www.computerdefense.org/2006/08/' title='August 2006'>August 2006</a></li> <li><a href='http://www.computerdefense.org/2006/07/' title='July 2006'>July 2006</a></li> <li><a href='http://www.computerdefense.org/2006/06/' title='June 2006'>June 2006</a></li> <li><a href='http://www.computerdefense.org/2006/05/' title='May 2006'>May 2006</a></li> <li><a href='http://www.computerdefense.org/2006/04/' title='April 2006'>April 2006</a></li> <li><a href='http://www.computerdefense.org/2006/03/' title='March 2006'>March 2006</a></li> <li><a href='http://www.computerdefense.org/2006/02/' title='February 2006'>February 2006</a></li> </ul> </li> <li id="categories"> <h2>Categories</h2> <ul> <li class="cat-item cat-item-29"><a href="http://www.computerdefense.org/category/cdvt-version-tracker/" title="View all posts filed under CDVT - Version Tracker">CDVT - Version Tracker</a> </li> <li class="cat-item cat-item-28"><a href="http://www.computerdefense.org/category/daily-link-list/" title="View all posts filed under Daily Link List">Daily Link List</a> </li> <li class="cat-item cat-item-36"><a href="http://www.computerdefense.org/category/entertainment/" title="View all posts filed under Entertainment">Entertainment</a> </li> <li class="cat-item cat-item-37"><a href="http://www.computerdefense.org/category/interesting-stuff/" title="View all posts filed under Interesting Stuff">Interesting Stuff</a> </li> <li class="cat-item cat-item-16"><a href="http://www.computerdefense.org/category/it/" title="View all posts filed under IT">IT</a> <ul class='children'> <li class="cat-item cat-item-12"><a href="http://www.computerdefense.org/category/it/operating-systems/" title="View all posts filed under Operating Systems">Operating Systems</a> <ul class='children'> <li class="cat-item cat-item-14"><a href="http://www.computerdefense.org/category/it/operating-systems/linux/" title="View all posts filed under Linux">Linux</a> </li> <li class="cat-item cat-item-13"><a href="http://www.computerdefense.org/category/it/operating-systems/windows/" title="View all posts filed under Windows">Windows</a> </li> </ul> </li> <li class="cat-item cat-item-17"><a href="http://www.computerdefense.org/category/it/security/" title="View all posts filed under Security">Security</a> <ul class='children'> <li class="cat-item cat-item-2"><a href="http://www.computerdefense.org/category/it/security/exploits/" title="View all posts filed under Exploits">Exploits</a> </li> <li class="cat-item cat-item-3"><a href="http://www.computerdefense.org/category/it/security/vulnerabilities/" title="View all posts filed under Vulnerabilities">Vulnerabilities</a> </li> </ul> </li> <li class="cat-item cat-item-4"><a href="http://www.computerdefense.org/category/it/tools/" title="View all posts filed under Tools">Tools</a> </li> <li class="cat-item cat-item-5"><a href="http://www.computerdefense.org/category/it/tutorials/" title="View all posts filed under Tutorials">Tutorials</a> </li> </ul> </li> <li class="cat-item cat-item-6"><a href="http://www.computerdefense.org/category/news/" title="View all posts filed under News">News</a> <ul class='children'> <li class="cat-item cat-item-26"><a href="http://www.computerdefense.org/category/news/business/" title="View all posts filed under Business">Business</a> </li> <li class="cat-item cat-item-25"><a href="http://www.computerdefense.org/category/news/software-2/" title="View all posts filed under Software">Software</a> </li> </ul> </li> <li class="cat-item cat-item-7"><a href="http://www.computerdefense.org/category/personal/" title="View all posts filed under Personal">Personal</a> </li> <li class="cat-item cat-item-31 current-cat"><a href="http://www.computerdefense.org/category/phishing-scams/" title="View all posts filed under Phishing / Scams">Phishing / Scams</a> </li> <li class="cat-item cat-item-30"><a href="http://www.computerdefense.org/category/python/" title="Here's where all my cool Python stuff goes.">Python</a> </li> <li class="cat-item cat-item-20"><a href="http://www.computerdefense.org/category/reviews/" title="View all posts filed under Reviews">Reviews</a> <ul class='children'> <li class="cat-item cat-item-23"><a href="http://www.computerdefense.org/category/reviews/conferences-training-sessions/" title="View all posts filed under Conferences / Training Sessions">Conferences / Training Sessions</a> </li> <li class="cat-item cat-item-18"><a href="http://www.computerdefense.org/category/reviews/software/" title="View all posts filed under Software">Software</a> </li> <li class="cat-item cat-item-21"><a href="http://www.computerdefense.org/category/reviews/websites/" title="View all posts filed under Websites">Websites</a> </li> </ul> </li> <li class="cat-item cat-item-9"><a href="http://www.computerdefense.org/category/science/" title="View all posts filed under Science">Science</a> </li> <li class="cat-item cat-item-19"><a href="http://www.computerdefense.org/category/site-related/" title="View all posts filed under Site Related">Site Related</a> </li> <li class="cat-item cat-item-32"><a href="http://www.computerdefense.org/category/spammailbagcom/" title="View all posts filed under SpamMailBag.com">SpamMailBag.com</a> </li> <li class="cat-item cat-item-1"><a href="http://www.computerdefense.org/category/uncategorized/" title="View all posts filed under Uncategorized">Uncategorized</a> </li> </ul> </li> <li id="search"> <form method="get" action="/index.php"> <h2><label for="s">Search</label></h2> <p> <input type="text" value="" name="s" id="s" size="20" /> <input type="submit" id="searchsubmit" value="Go" /> </p> </form> </li> <li id="meta"> <h2>Meta</h2> <ul> <li><a href="http://www.computerdefense.org/wp-login.php?action=register">Register</a></li> <li><a href="http://www.computerdefense.org/wp-login.php">Log in</a></li> <li><a href="http://www.computerdefense.org/feed/" title="Syndicate this site using RSS">Entries <abbr title="Really Simple Syndication">RSS</abbr></a></li> <li><a href="http://www.computerdefense.org/comments/feed/" title="The latest comments to all posts in RSS">Comments <abbr title="Really Simple Syndication">RSS</abbr></a></li> <li><a href="http://wordpress.org" title="Powered by Wordpress, state-of-the-art semantic personal publishing platform.">Wordpress</a></li> </ul> </li> </ul> </div> <div id="footer"> <p> Design by <a href="http://beccary.com" title="Theme designed by Beccary">Beccary</a> and <a href="http://weblogs.us" title="Theme sponsored by Weblogs.us">Weblogs.us</a> · <a href="http://validator.w3.org/check/referer" title="This page validates as XHTML 1.0 Transitional"><abbr title="eXtensible HyperText Markup Language">XHTML</abbr></a> · <a href="http://jigsaw.w3.org/css-validator/check/referer" title="This page validates as CSS"><abbr title="Cascading Style Sheets">CSS</abbr></a> · <!-- Begin BlogToplist tracker code --> <a href="http://www.blogtoplist.com/computers/" title="Computers blogs"> <img src="http://www.blogtoplist.com/tracker.php?u=247" alt="Computers blogs" border="0"></a> <!-- End BlogToplist tracker code --> </p> </div> </div> <!-- tracker added by Ultimate Google Analytics plugin v1.6.0: http://www.oratransplant.nl/uga --> <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> var pageTracker = _gat._getTracker("UA-848045-1"); pageTracker._initData(); pageTracker._trackPageview(); </script> </body> </html>