lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed Dec 14 21:50:44 2005
From: jasonjones at brookshires.com (Jason Jones)
Subject: Phishing Alert: Inland Revenue Service 

I got your old school phishing scam; it's called you just won a trip to
Jamaica all you have to do is fill out this survey with your information
on it so we can setup your boarding passes. (Phone: ring, ring) This is
so en so from Visa, and we would like to offer you credit card
protection free of charge. Can you please read your card number to us to
verify your card number for me? Yeah it's DELFT. 

1. It's pretty simple if it's to good to be true, it probable is.

2. Copy and past the link, and don't just click on it.

I'm sure the people in FD are smart enough to know sites to find out
about new phishing scams, and maybe some have singed up for e-mails to
be sent to them.

So you might want to try the nursing homes n3td3v,that might care to
hear your new phishing story. 

If you have something sent to your site of that impotents, then report
it to the correct people and not to the FD list.

Then maybe Websense and the whole world will be saved because you did.




-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of
Valdis.Kletnieks@...edu
Sent: Wednesday, December 14, 2005 3:10 PM
To: n3td3v
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] Phishing Alert: Inland Revenue Service 

On Wed, 14 Dec 2005 20:56:58 GMT, n3td3v said:

> The phishing e-mail I am talking about was sent directly to my 
> security news wire (see headers), I feel I have a responsibility to 
> report on it.

Non-scalable.  If people actually start *reading* your news wire, then
the address *will* be harvested and spammed and phished.  If the spam
volume is so low that reporting a single incident is worthwhile, it
means nobody's reading.  And if by some odd circumstance it actually
gets readers, do you intend to report on each incident, out of the dozen
or 6 dozen a day you'll see?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ