Sneaky bastards got me at last, hows this for an attack that even a reddit level geek fell for. Here are the steps of it, its how it started that got me I never heard of them starting out like this…
1) I place an ad on gumtree, with my mobile and email on there to contact me.
2) Several days later I get this SMS
Hi, I tried to call without answer..I want to buy your ad from gumtree, please contact me at:[email protected]
3) I email that address, and a little surprisingly coincidentally I get an email rather soon after from gumtree like this
You have a request from Chris Lucket to buy your Gumtree Ad. Click Here to view your request.
The Gumtree Team
Now on google chrome this is totally flagged as a suspicious email, but in apple mail on my iphone this has graphics and is VERY convincing… all spelling and details appear correct, plus its sunday morning.. so half asleep
Click the link and get a login to gumtree, login with what I later realise was not even my gumtree password, this then takes me to a payment details page.. so I think wtf.. why I have to pay at this point?, and stop what I am doing. But again on the iphone this whole login page etc is all very responsive web design and spelling spot on… so I dont think twice… it all started with a text message right?.
Then over the next 5-10 mins I put the above jigsaw pieces together and work out that some smart arse has been scraping mobile numbers off ad sites to start the phishing chain… given it was all handled by me on the phone it looks alarmingly more credible..
So I export my passwords from chrome, and fix up any accounts using that password.. and forward the SMS + email to the service providers to alert them about it.
Stay safe people.. the internet has some dark corner..
Today’s nice tip for a quick solution on how to display something like a word or excel file quickly in the browser rather than the server offering to download the file is to append the URL to the document at the end of this string
Try it out with a word file, rather slick.
This infographic was proudly plundered from http://platowebdesign.com/articles/fonts/
This list is mainly targeted at developers using windows computers, however any power user should be able to find a utility or three below which will enhance their computing experience and make things even more enjoyable.
Most of them you will be happy to hear are free, so zero risk to try then out.
Chocolatey – at NetEvolution we are comfortable with both Windows and Linux, installing software with Linux can usually be done with a package called apt-get which retrieves the software you want along with the required dependencies. What is Chocolatey?, its apt-get for windows, working in the same manner as nuget you will find a command line interface for installing all your software currently supported by their repository.
TeraCopy – when you want to speed up copy and paste of files across your filesystem this is just the ticket.
AutoHotKey – something I always try to promote when I see people typing things in repetitively such as email addresses, you can enter a little snippet and AutoHotKey will replace that snippet with a bulk of text you can define in a quick config file.
Paint.net – for most graphical things where what you really need is a good resizer, paint.net will get the job done
7-Zip – forget winzip and winrar etc, this program will handle your archives with ease
Dropbox – can be your free offsite backup for files working in realtime.
Fiddler - An easy, clean, and powerful debugging proxy for checking out HTTP between here and there. It even supports SSL sniffing.
Something I found while wading through LinkedIn, what do you think?.