[ExI] nasty hijacking of my gmailaccount...extropian.pharmer at gmail.com

Emlyn emlynoregan at gmail.com
Fri Jun 19 05:43:27 UTC 2009


2009/6/19 spike <spike66 at att.net>:
>
>
>> ...On Behalf Of Morris Johnson
> ...
>> Subject: [ExI] nasty hijacking of my
>> gmailaccount...extropian.pharmer at gmail.com
>>
>> Nasty new phishing attack that sucked me in:
>>
>> had gmail ask me last night  for username/pass/birthday or
>> acct was to be "shut down in 24 hours and deleted  be deleted
>> in 14 days"  and gave it to them:
>>
>> "This Email is from Gmail Customer Care and we are sending it
>> to every Gmail Email User Accounts Owner for safety. We are
>> having congestions due to the anonymous registration of Gmail
>> accounts so we are shutting down some Gmail accounts and your
>> account was among'...
>> Morris Johnson
>
> Morris, look for small grammatical errors in these kinds of things.  They
> almost always exist, or if not errors, then nonstandard language usage.
> Africans generally learn Engish from textbooks instead of the proper method
> you and I were priveleged to have: on the playground from other
> preschoolers.  For example, "We are having congestions..."  That sounds
> Nigerian to me.  Dead giveaway.  spike

I didn't know the Nigerian scammers were actually Nigerian. eg:
http://www.abc.net.au/news/stories/2004/05/18/1110815.htm

But yeah, they often have little grammatical errors, and that's always
a giveaway.

Also look for classic manipulative techniques getting you to act now:
the threat to shut down your account and delete it is the second major
giveaway. Why would google be deleting accounts in such a hurry? They
have tremendous storage capacity, and their service relies on the
philosophy of never deleting anything. It'd be huge news if they were
doing this.

I think if you ever get mail like this from any major service online,
and don't feel comfortable to reject it out of hand, contact them
directly through a channel not suggested in the email, and verify the
veracity of the communication. So in this case, the right thing to do
would have been to contact their helpdesk (however you do that), and
ask if the email was from them.

On a related note, does everyone here know that people often get their
accounts stolen via people activating the "forgot my password"
functions of a service, and guessing answers to secret questions? You
can break into plenty of accounts that way, often by using publicly
available information to answer the question. They're a terrible
security risk. I've formulated a special password that I only use for
secret questions (with an algorithmic way of varying it that makes
sense only to me :-) ) and I use that as the answer, no matter what
the question is.

Harvey, are you around, got any comments on basic online identity security?

-- 
Emlyn

http://emlyntech.wordpress.com - coding related
http://point7.wordpress.com - ranting
http://emlynoregan.com - main site



More information about the extropy-chat mailing list