hertenberger.co.za

Another one in the “good enough to believe” department. Take care not to click on this link, and if you do, DO NOT enter any of your Google account details.

The mail is purportedly sent from the Google accounts team, wishing to inform you that they will be doing some routine server maintenance.

The link provided in the mail looks valid, as does the sender account (Gmail Team) As with other scams of this kind, the frontend interface is increasingly sophisticated and copied from the actual Google accounts page.

The actual URL of the page points to supplyurdemand.com/catalog/images/gmail.services/Login.htm. Clicking on any of the links takes you to the actual Google link. Entering your account details will undoubtedly capture them in the database of the phisher an provide easy access to your mail and other private information. A test with a dummy account shows that you may not even know that you’ve been had: if your browser has stored the cookie associated with your last succesful logon to Google‘s mail, for example, you’ll simply be transferred there without a hitch. And none the wiser.

Again: never provide log on details regardless how convinced you may be that you should provide log on details for the benefit of any institution. If you haven’t changed your Google accounts password in some time, now’s a good time to do that. If you’ve accidentally fallen for this trick, you may be able to save yourself by having your password changed through actual verification with Google.

Whilst Apple‘s products are amongst the best-designed and most stylish in the world, that company’s interaction with its developer community is rather archaic and worthy of being called dictatorial. The process I followed to be registered as an iPhone developer started innocuously enough: log on to the developer website and start entering details. But whilst every other process of purchasing goods on the Internet permits immediate purchase by credit card, the Apple iPhone developer program stops its web workflow and requires a form to be printed out, signed and faxed to developer central. I am generally not interested in faxing anything and I initially attempted to mail a scanned copy of the completed form to Apple. No response. So, I went the way of the 1980′s and reticently faxed them the piece of paper.

A fast turnaround time, to be fair. I had a confirmation of my enrollment within a few hours, but attempting to activate my paid-for membership resulted in another disappointment: a request for identity verification, no less!

Once again, I need to print out a form and complete it. Attach a certified copy of a passport or similar identification document and then fax it off to Apple. It’s as though I’m trying to gain access to CERN‘s LHC complex instead of wanting to potter around developing an iPhone application or trying to see what options there are for iPad development. Requesting identity verification for a developer program is a joke, specifically if my payment has already been completed and accepted. Why not request identity verification together with the payment if that’s so important? The fact that the enrollment procedure doesn’t take place completely electronically is an inconvenience. The fact that Apple requires identity verification for the download and use of an SDK to support their products is an absolute disgrace!

By providing your logon credentials to this version of the ABSA banking site you’re likely to reduce your banking charges quite significantly. Once the scum behind the email address onirekedouglasdale@webmail.co.za gets hold of your logon details, there’ll be little in the way of cash left in your account to charge banking fees on…

Documenting these scams is a bit boring, since they all rely on the same mechanisms: an end-user’s blind trust in technology, the promise of quick and easy transactions and an ability to dupe many people by showing them something that looks just like the real thing. I add this one here simply because it adds another twist to the usual provide your password routine. Played through, the spoof site indicates that an RVN (one-time password) has been sent to the user and that that message may, or may not, arrive due to an apparent system congestion.

The obvious play is that the RVN is never sent, requiring the user to click on a link to the actual ABSA site to retrieve a valid RVN.

I assume onirekedouglasdale@webmail.co.za next sends an email to the user requesting confirmation of the true RVN. Since an RVN is valid for a reasonable time period and because the user has already been duped once into providing personal data, it’s no stretch to believe that the RVN may well be sent to the scammer.

Like most modern scamming methods, the fake website looks like the real thing. A few things to notice: the address indicated in the browser is http://207.204.1.180/log/, not https://ib.absa.co.za/ib/ib.jsp. The image for some embedded content in the logon button indicates that something is amiss.

The message at the bottom right indicates system downtime scheduled for November 2009, most likely the time the real ABSA site was initially scraped and deployed for the fakery.

The site is not yet marked as a scam in Firefox, but has been reported to ABSA. Regardless of whether or not this site is blocked, continued vigilance is an absolute key in online system use. The sophistication of such enterprises is on the increase. Take care, check at least twice before entering anything into any website and as always, contact the organization if you have any doubts.

One way of verifying the veracity of the site is to initially enter incorrect logon credentials on purpose. Since a fake website can’t tell you whether or not your user name and password isn’t valid, the lack of an error message is one indication that may be used as a protective measure.

I join a long list of Twitter users whose accounts have been compromised. In the past few hours, I have seemingly been recommending a source of cool ringtones to all and sundry.

Pardon the intrusion…my password has been set to a more secure one and I trust that’ll be the end of that.

Brief tip: if you need ringtones, make your own

With three big South African banks already the target of online phishing scams I’ve come across in my spam mail, Standard Bank rounds out the collection of four banks whose customers are requested to log in and update personal details.

Of the four scam sites I’ve seen, the spoof of the ABSA Internet banking site is without doubt the most convincing, with only the URL a giveaway. For the rest, it looks identical and would fool a vast majority of unwary users. The fake Standard Bank runs a close second, though some careless HTML breaks some of the design and damages some of the graphics on the site. For the rest, it looks very convincing.

The ridiculous URL, http://www.tigerbasketball.org/templates/madeyourweb/signonmenu.htm, relates in no way to Standard Bank and may indicate how brazen and confident scammers are becoming – it takes only a few victims to make a phishing attack worthwhile.

Attempting to dupe Internet banking users out of their account numbers, PIN numbers and passwords seems to have become the latest hotbed of criminal activity. The attempt to catch unsuspecting FNB customers seemed amateurish – the fake website looked just that: fake, and unlikely to be taken seriously. The ABSA scam had me convinced after I had a look at the exact replica of the actual ABSA Internet banking site hosted at an obviously wrong location. In that case, the URL was the only giveaway.

Now, I’ve received a request to log on to a fake Nedbank Internet banking site. Scammers are taking advantage of the fact that Nedbank has indicated that some changes will be made to the official site and that additional services will be offered soon. The fake site lives at this URL: http://netbankonlinebanking.9hz.com and looks similar to the actual site.

Curiously, Nedbank refers to its own Internet banking service as Netbank, which I don’t fully understand. In any case, at first glance the fake website is quite convincing and mimics the style and layout of the actual site very well. All it takes is the entry of the Profile ID, PIN and password – don’t simply click on links and enter any details before you haven’t verified that you’re on the site you’re intending to be.

Call the institution if you suspect that something is awry and check the URL carefully before you do anything.  At the time of writing, Firefox doesn’t yet block the URL as one that is dubious.

The proliferation of phishing scams is increasing by leaps and bounds, as is the first-glance trust one may place in certain emails and websites that mimic services provided by real corporations. About two weeks ago, I received an email prompting me to enter my FNB account details. Today’s email from ABSA’s Online Account Directives is similar, but leads to a website that is an absolute dead ringer for the real thing.

Once again: the first thing to tip you off to the fact that this is a scam is the simple fact that no financial institution will ever request you to enter or update any information in this way. Still unsure? Pick up the telephone and call the call centre to find out whether or not a communication of this nature could be legitimate. In any case, I advise you not to react but simply to turf the email into your trash can and report it to the bank. In my case, GMail already completed the first step.

But since I enjoy sifting through my trash…I had a look at where the URL in the mail links. Even the mail is convincing, including a logo and various other details that make it look official. The URL in the mail does not, of course, link anywhere near the actual ABSA online banking website, a website you would generally not access directly but rather click on a link on the actual ABSA home page. The fraudster who has compiled this email has made use of the same trick the FNB email employed: spell out the URL to dupe the user into believing the actual text leads to the real website. Clicking on the URL leads to the following address: http://64.23.6.160/Renew/Main.html instead of the official https://ib.absa.co.za/ib/ib.jsp.

The fake website is absolutely indistinguishable from the real thing:

The only clue to indicate that the website is not the real ABSA online banking portal is the URL displayed in the address bar of the browser:

This is one scam that will catch many victims. As with the FNB scam, Firefox blocks access to the site whereas Internet Explorer does not.

Click with care and don’t divulge information anywhere without taking precautions.

I’m not an FNB customer, yet this mail still arrived in my inbox.

This is yet another example of a really poor phishing attempt, but one that is likely to catch out at least a few unsuspecting victims.

First off, never ever click on any link in an email provided without first checking where it goes to. In this case, the link for the online banking URL points to http://67.19.209.82/%7Eblack/www.fnb.co.za, which is in no way the official FNB banking URL. The page is already blocked by Firefox, but users with other browsers may still run into a phishing site.

Secondly, no bank or financial institution will ever request you to update your details in this way. Be wary of the Internet. Even though it’s a great place for gaining access to services that would ordinarily require us to spend a lot of time completing, it’s just as easy to be duped into providing too much personal information to the wrong people if you’re not careful.

Kaspersky Labs have issued a work-around and a fix for the google.com access denied issue I ran into this morning – trying to browse to various Google domains results in this error message being displayed:

An update to the virus database and/or an update to the currently running program version is supposed to fix the issue.

You know you’re in trouble when your anti-virus application decides you should no longer have access to the evil website Google. I’ve never, ever seen this message displayed before, not even when visiting rather dubious torrent search engines…

This is one of those typical occurrences with computers where I, the user, made no changes to anything and have to try and understand and solve the issue at hand. www.google.co.za works fine, so I’m not sure what Kaspersky is on about. Since this happened on G2S running Vista I’ll forgive Kaspersky and see whether a reboot will fix this rather odd warning…

…the reboot doesn’t fix it, so I’ve hard-fixed the issue for now by adding http://www.google.com* as a trusted site.

Could this problem be due to an error in a Kaspersky update, I wonder?

This type of problem worries me, especially since Apple has apparently stated that they recommend Mac users install and use not one, but multiple anti-virus packages to ensure attackers have more hurdles to cross. The relevant knowledge base article has since disappeared…

The last thing I want is for my Mac to be burdened with a layer of software that causes my pleasant user experience to be disrupted. Let’s leave that to Windows!