Phishing scams: T-mobile also called as Smishing
written by yuri
On march 20, 2015 at 10:58 am, I received a text message saying that I am “one lucky customer”. The message was sent to many others from +(828)200-0119. I immediately clicked it. The link took me to what looked like a T-mobile page asking me to log in with my phone number, password and last 4 digits of my social security number.
I thought this was not unusual but it turns out that this was not a legit website. After hitting log in, it did not sign me in. It sent me the same text message again so I got a little confused. After a few minutes I realized something is seriously wrong. I thought ”oh my god, this might not be a real website. So i immediately asked my husband who is an IT guy. He told me to never click on random links sent via email and never log in to any link that does not look real. I was devastated knowing that I had almost put our T-mobile account at risk. I did not know that these types of scams exist.
We changed all my actual T-mobile account information.
We did research on the actual t-mobile website on my laptop to check if there were people who had experienced the same thing. The site shared informations about “smishing” and where to report the incident if you think you got scammed. http://www.t-mobile.com/Company/PrivacyResources.aspx?tp=Abt_Tab_PhishingSMishing&tsp=Abt_Sub_IdentityTheft_SMiShing
You can also report the spam to t-mobile support .https://support.t-mobile.com/docs/DOC-2747
+(828)200-0119. This is the number of the sender. I searched it in google and found out it is from China .
“congratulations, you are one lucky customer getting credit applicable to your next month bill, for more detail vist https://tr.im/15585“
If you get this message or something similar do NOT click the link. If you do click the link and put in your information, you will need to go to your actual T-Mobile site and change all your password. Contact T-Mobile and tell them what is going on.
Phishing scams International Monetary Fund IMF submitted by User:
This Phishing attempt is accompanied by attachment: “25299_IMF_Official”
Which does not seem to have any macro malware according to VirusTotal
From: firstname.lastname@example.org [mailto:email@example.com]
Sent: Friday, March 20, 2015 2:46 AM
Subject: Outstanding Depts (Released).
This message and any enclosures are intended only for the addressee. Please
notify the sender by email if you are not the intended recipient. If you are
not the intended recipient, you may not use, copy, disclose, or distribute this
message or its contents or enclosures to any other person and any such actions
may be unlawful. Ball reserves the right to monitor and review all messages
and enclosures sent to or from this email address.
Attempt to get information 25299_IMF_Official:
The International Monetary Fund (IMF) has come to notice that you are among the unsettled Fund Transactions long time ago. The (IMF) have directed all individual/Organizations who for one reason or the other did not receive their Transaction Fund in their home of origin or bank account, Your Amount is now available with The Foreign Exchange Department Reserve Bank of India New Delhi.
To channel your reports, please kindly send to us:
1, Your Full Names:
3, Date of Birth:
4, Contact Mobile Numbers:
5, Your Email address:
6, Your Full House Address:
And reconfirm us with your batch No.”2277’’ to the below Email ID: firstname.lastname@example.org
Contact Persons: Mr. Michael Morrison
Mrs. Pinto Mishra
Beware: This is a financial scams that has been around for a while.
Subject: FW: Account Alert: IMPORTANT Notification, Action Required
An apparent fishing attempt…
From: Capital One [mailto:CapitalOneRetailServices@ebusiness.partnercardservices.com]
Subject: Account Alert: IMPORTANT Notification, Action Required
Account Alert: Service Validation.
Dear Valued Holder,
As requested, We’re writing to make sure you’re aware of a NEW change in security procedure for all account holders.Your profile and billing information needs to be validated.
Kindly follow the ONE-TIME action below in order to opt with our recent security improvement. By passing back and forth private information that only you and us know, you can feel even more secure with your online access experience. We recognize you and you recognize us.
ONE TIME ACTION:
To continue, we have sent you an attached HTML Web Page.
See e-mail attachedweb page
Download and save it
Open the attached web page
Get started by confirming your informations
Online Customer Center.
|ACCOUNT RELATED QUESTIONS
Do not reply to this message with Account-related questions. If you wish to submit a question, please contact us at capitalone.com/contactus.Capital One
P.O. Box 5226
Carol Stream, IL 60197-5226
Date/Romance Profile Using the name: Novella Holloway username “LadySweetxxx” with the pictures of a US Adult film star.
Confirmation of this being a scam is that all the images used are from adult film star Jessica Cooper. A quick search of the name “Novella Holloway” will come back to a few real people with the same name. Holloway is a very common last name and there are quite a few people named “Novella”.
Introduction Novella e. Holloway/Jessica Cooper Scam Profile:
I think I’m shy when first meeting people. I am very sociable and enjoy being around people. In my free time I like to spend time in the outdoors. I like to take things slow and ease my way into conversations. I like my partner to be honest. Everything else flows from there. If you contact me I might not reply immediately since I’m new to this and still a bit shy. I look forward to seeing where this leads us.
From “Novella Holloway/Jessica Cooper”
Thanks for your email.. My name is Novella as I said, I am 28 years old, I am single and I don’t have kids yet. My parents are still married and they live together. I grew up in New York, in the United State of America. I moved to Thailand from USA 2years ago on business, but after I finished the business, I decided to stay because I liked it and it is very beautiful also. I don’t have a boyfriend now and I am looking for a honest, caring, loving, someone with a good heart, someone I can really trust and confide in, someone who is family oriented and someone who wants to hang out with me?
Right now, I am in Sheffield, England on a business trip and I will tell you more about why am in England in my next email to you. I have been in England for 2 weeks now, I will be flying back by next week once I finish my business here, if you would like to meet, I will be glad to meet u in person. I love to have sex and my favorite position is doggy. But sex shouldn’t be the only important and I will not have sex with someone i don’t have feelings for. I will like to know more about you. What’s your name? Where do you live? What do you do for a living? What are you looking for in a woman? do you have kids? How old are you? Please send me more of your pics. I will look forward to hearing from you soon so we can talk more.
from elamb Reader:
**SCAM**The first email I have opened for my St. Patrick’s day morning.
From: Kristina Bondesson
Posted: March 17, 2015 13:38
To: Kristina Bondesson
This Email ID have been choose and Makes You lucky of 1,000,000.00 into the NOKIA UK. Send Name: / Address: / Tel No. To (email@example.com
From elamb.org – reader
I received a suspicious email last February 20,2015.
This was the email address : Shannon Micah <firstname.lastname@example.org> .
We are a specialized agency in (Global) Customer Service Research.
We are starting a big research project in the USA.There is no charge to join us and this project takes place every month. You will get Usd 2OO per each assignment.
Payment check will be a certain amount that you will be required to cash your bank, deduct your wages then have the rest used for evaluation.- DESCRIPTI0NS_______
* You will be assigned to visit a shop.
* You will then finish an on-line questionnaire to share with us your customer experience.- REQUIREMENTS_______
* 19 Years old or above.
* Can speak the local language well.
* Can read and write English.Give me your i.n.f.o for register.FullN.a.m.e,,,,,,,,,,,,,,,,,,,,,
My recently purchased PlayStation 4 is not booting into the operating system. Instead, it prompts me to update the software to 2.3. When I try to update the the ps4, it gives me an error: ps4 error SU-34311-2
I could not get in contact with Sony PlayStation (maybe due to the HUGE hack that just hit them -2014). So I decided to take it back to Walmart. The moral of this story is to GET the WARRANTY!
ps4 storage error
ps4 error SU-34311-2
Here is a scam I received today:
FROM THE JP MORGAN CHASE BANK (JP Morgan Chase Bank <email@example.com>)
Winchester Virginia United States
We have been informed this day by the concern authority to have your (FUNDS) release process completed otherwise, the funds will be declared unserviceable by the bank and consequently, it’s confiscation.
The time frame is very short and technically, bank transfer is the fastest means of getting this done, so we have reverted to status qua.
Mandate has been issued to a commission namely UNCLAIMED ASSET/ASSETS RE-UNITED, USA here in the UNITED STATES to effect this payment to you using it’s traditional banking procedure, VIA WIRE TRANSFER and you are to contact the Executive director of JP MORGAN CHASE BANK for the release of the funds to be transferred into your nominated bank account, and here is the contact information below.
Executive Director JP MORGAN CHASE BANK
Timothy P. Flynn
Contact Address: 270 North Avenue New Rochelle
NY 10801 United States.
If you are receiving this notification for the first (Ten Million Five Hundred Thousand Dollars) which is on your name, can only be paid upon our receipt of your beneficiary identification security transfer CODE which is (LN2932K12CP) for clearance of the funds. Send it immediately to us for instant accreditation of your proceeds into your account as listed below.
1) Your full name:
2) Phone, fax and mobile:
3) Address :
6) Marital status:
7) Copy of your any valid ID card:
Ensure you contact Timothy P. Flynn with all your Full contact details regarding of your Funds and get back to us for more information.
NB. THIS TRANSACTION IS BEING MONITORED BY THE UNITED STATES GOVERNMENT IN ORDER TO GUARDS US FOR INTERNET IMPOSTOR AND AWARE OF SCAM..
Re-United Asset Manager
JP MORGAN CHASE BANK
information systems security salary
Information system security salary is usually above average within the IT career field, but what salary you get will vary. The main factors affecting information systems security salary are experience level, title/position, credentials.
Also, the term “information systems security” is very broad. As information technology has gotten more complex and diverse, it has broken into sub-specializations within specializations. For example, within information system security there are engineers, analysts, information system security officers, information system security managers, architects and many others.
The words “engineer”, “analyst”, “specialist” and others are thrown around a lot, but can really mean anything as far as what you end up doing so its best to look at the description of the position and talk to those doing the hiring. Information system security managers have the potential for the highest amount. For engineers and analysts it depends on the complexity of the work. Architects can sometimes make as much or more than even a manager. An information system security architect knows so many aspects of technology, that they usually are in charge of the security vision of an organization or business unit.
So to figure out the salary of an information system security professional you will really have to know the specifics of the job.
One of the best places to go to look up salaries of a position is Glassdoor.com and salary.com. Glassdoor is an incredible site featuring anonymous people that give information on their pay, the environment, the interview process and ratings of the company.
example of information systems security salary:
When conducting security assessments I have noticed that many organizations neglect one of the most important parts of the network security. The neglect the actual network devices.
Its understandable. The switches and routers are invisible to users and most system administrators. As long as the network works, no one questions it. Not securing network devices physically, technically and administratively puts the entire networks confidentiality, availability and integrity at risk.
Physical Router Security
router security rack
If someone physically access the router, they can break into it and change the password or just erase configuration to cause a denial of service so the first step is to provide physical security of the router. It should be literally locked up so that only essential personnel have physical access to the router. Essential personnel does NOT mean anyone with an admin account, or even anyone with an account on the router. Its should ONLY be your network engineers, the person(s) you call when the network is completely down.
The router should be in a room with limited physical access and in a cage or locked rack with further restrictions on physical access. Remember how important that router is. ALL data goes through it. Your data depends on that routers functionality so protected it accordingly.
Technical Router Security
Basic router security for the enterprise is actually not hard. The hard part is getting the organization to accept that its necessary. The reason its easy is because the router is build for security.
router planes from NSA Router Configuration Security Guide (2005)
A router has three main planes (aka domains): Management, Control and Data planes and each plane can have security.
Management – is for administration, configuration of the router. Remote management is inevitable in enterprise environment.
- using secure protocols like SSH and avoiding telnet
- restrict remote management access to a few machines
- set time out sessions
- use Banners
Control plane – for monitoring, route tables updates, and and dynamic operations happening in the background:
- password protect enable mode and console
- turn on audit logs
Data Plane (aka forwarding plane) – handles packet transiting the router among the networks.
- disable all non essential services (i.e. no http if its not necessary, no snmp if its not used)
- shutdown ports that are not used
There are much more advanced things that can be done (and should be done depending on the
Basic Router security set up on a Cisco (from Cisco.com):
- Router#configure terminal
- Router(config)#hostname router_security_enterprise
- router_security_enterprise(config)#service password-encryption
- router_security_enterprise(config)#enable secret “PASSWORD”
- router_security_enterprise(config)#username “USER” privilege 15 secret “PASSWORD”
- router_security_enterprise(config)#ip domain-name “your.domainname”
- router_security_enterprise(config)#crypto key generate rsa modulus 1024
- router_security_enterprise(config)#ip ssh version 2
- router_security_enterprise(config)#ip ssh authentication-retries 3
- router_security_enterprise(config)#ip ssh time-out 120
- router_security_enterprise(config)#ip http authentication local
- router_security_enterprise(config)#no ip http server
- router_security_enterprise(config)#ip http secure-server
- router_security_enterprise(config)#line vty 0 4
- router_security_enterprise(config-line)#login local
- router_security_enterprise(config-line)#transport input ssh
- router_security_enterprisec(config-line)#exec-timeout 3
- router_security_enterprise(config)#line console 0
- router_security_enterprise(config-line)#login local
- router_security_enterprise(config-line)#exec-timeout 3
- router_security_enterprise(config)#banner login ” MESSAGE “
- router_security_enterprise(config)#banner exec ” MESSAGE “
- router_security_enterprise(config)#login block-for 10 attempts 3 within 20
- router_security_enterprise(config)#login delay 10
- router_security_enterprise(config)#login on-failure log
- router_security_enterprise(config)#login on-success log
ACL + ACCESS LOG
- router_security_enterprise(config)#ip access-list standard SSH-ADMIN
- router_security_enterprise(config-std-nacl)#remark Admin Management ACL
- router_security_enterprise(config-std-nacl)#permit X.X.X.X log
- router_security_enterprise(config)#login quiet-mode access-class SSH-ADMIN
- router_security_enterprise(config)#line vty 0 4
- router_security_enterprise(config-line)#access-class SSH-ADMIN in
- router_security_enterprise#show running-config
- router_security_enterprise#show login
- router_security_enterprise#show login failures
- router_security_enterprise#sh access-lists
Administrative Router Security
Probably the most over looked part of router security is documentation. A lack of updated documentation on the architecture and network scheme is a security concern. Without proper documentation on the network there is a lack of continuity.
Back up and contingency plans should be documented.
Contingency planning also should consider network-connecting devices, such as hubs, switches, routers, and bridges. The BIA should characterize the roles that each device serves in the network, and a contingency solution should be developed for each device based on its BIA criticality. As an example of a contingency strategy for network-connecting devices, redundant intelligent network routers may be installed in a network, enabling a router to assume the full traffic workload if the other router failed. — NIST Special Publication 800-34 Rev. 1, Contingency Planning Guide for Federal Information Systems
Back ups of the router configurations, firmware, and redundant spares should also be documented and protected. Additionally, audits and testing should be conducted by outside or internal units then, reported and documented.
There is a lot more to the physical, technical and administrative protection of routers and switches. Switches can have things port security, 802.1x, VLANS and lot of other things that span a volume of books. We aslo did not even mention routing protocol security which is also a book unto itself.
Here are some good references to good router configurations: