Beware: Kiwibank fishing email

[CookMySock]

Watchout, theres a new kiwibank fishing email doing the rounds.

Experienced users will recognise it right away, but the not-so-wary might get stung.

You will get an email seemingly from kiwibank, asking you to confirm your details. If you click the link (not recommended) it will take you to a logon page. By all means type some random shit into their page and fill their database with junk, but DONT type your real credentials in it, or they will make a mess for you.


Steve

[Crasherfromwayback]

Don't open them...and don't type anything into them is my advice!

[R6_kid:Me]

n00b. It's called phishing.

[CookMySock]

Don't open them...and don't type anything into them is my advice!

That is wise, but for those who don't use a vulnerable operating system, and want to just be a cunt, its good fun filling their database with useless shit, lol.

Steve

[Mom]

These things come from all sorts of banks at the moment. Pain in the arse, I vote for the dont go near option myself.

[FJRider]

By replying to "those" E.mails, merely confirms it's a valid E.mail address ... and may attract further mail ...

[Ronin]

Watchout, theres a new kiwibank fishing email doing the rounds.

Experienced users will recognise it right away, but the not-so-wary might get stung.

You will get an email seemingly from kiwibank, asking you to confirm your details. If you click the link (not recommended) it will take you to a logon page. By all means type some random shit into their page and fill their database with junk, but DONT type your real credentials in it, or they will make a mess for you.


Steve

Fantastic. Proof you know less about computers than riding.

Don't click on it. Don't type anything. Don't confirm your email address is a valid one by doing what Steve says.

Do buy some tasty icecream.

[CookMySock]

@Ronin, thats rubbish. The email will be sent from a virus, and will use a fake from: address. There is little or no point replying to the email, and if you do they will just delete it, or someone will get irate at you having accused them of doing something they didn't do.

Virus activity doesn't have any mechanism to handle replies.

The only bad thing that can happen, is they put some malware on the site as well as the phish, but I dont use windows so..

Thats all from an engineering perspective, not a user perspective. No way would I send that link to a user. Heres the link, now that its dead. http://188.72.216.184/~kiwiac/kiwi/kiwi.htm

I just reported it to their ISP and they were shut down in minutes. ISPs are really glad to have that type of shit reported.

Hello,

Thank you for your abuse report, we've taken action against it and the user/service been suspended.

Please feel free to report back in case of any further abuse issues in regards to this user or others.

Regards,

John Kasai
Level 2 customer support
Santrex Internet Services LTD

Steve

[rainman]

Virus activity doesn't have any mechanism to handle replies.

Um, pedantic mode on.
It it possible to see who is clicking on a link you send them by email, if in the URL you include a id of some sort to tie the two together. For example, this URL:
http://www.smartmailpro.co.nz/redire...x5x5xDxCx9xCxB, in which I have substituted some x's 'cos I'm paranoid, identifies two things.

These are probably the id of the company who sent me the email containing the link, and the id of the keyword it was linked to, but one could just as easily be a proxy for my email address. Of course for a spammer sending out gazillions of emails that does have some scale issues, but PCs are quite capable these days, I'm told.

In short, I could do it, so it can't be that hard.

Heres the link, now that its dead. http://188.72.216.184/~kiwiac/kiwi/kiwi.htm

Obviously, that URL doesn't follow the pattern of the tracking approach I explained above. So yes, you're likely to be relatively safe if you have penguin (or little bsd devil) power to protect you.

And good onya for dobbing them in sharply.

[Usarka]

It's a real email. Pay your overdraft dude.

[CookMySock]

It's a real email. Pay your overdraft dude.

LOL some will think its for real. I wonder how many got done. I like writing scripts to fill their database with shit and leaving them running all night, lol.

@rainman, yeah it's simple enough to put ?trackid=0x230832fe12 etc in a link. Phishers dont care about that crap. They just want your cash - fuck the repeat business lol..

Steve

[Ronin]

@Ronin, thats rubbish. The email will be sent from a virus, and will use a fake from: address. There is little or no point replying to the email, and if you do they will just delete it, or someone will get irate at you having accused them of doing something they didn't do.

Virus activity doesn't have any mechanism to handle replies.

The only bad thing that can happen, is they put some malware on the site as well as the phish, but I dont use windows so..

Thats all from an engineering perspective, not a user perspective. No way would I send that link to a user. Heres the link, now that its dead. http://188.72.216.184/~kiwiac/kiwi/kiwi.htm

I just reported it to their ISP and they were shut down in minutes. ISPs are really glad to have that type of shit reported.



Steve

You are partially correct. As rainman mentions, most phishing/malware email attacks track who replies to it. As you say, they can also embed other attacks on the site. Yes, you might use Ubuntu and be immune but the majority of users are not.

FWIW, the phishing site from your link doesn't appear very sophisticated as the good ones usually do a better job of pretending to be for real.

[Tank]

Taking IT security advise from someone who dosnt know the difference between phishing and fishing is like taking a hyosong riders advise on what bike to buy.

Stick with advise from the educated.

[CookMySock]

Taking IT security advise from someone who dosnt know the difference between phishing and fishing is like taking a hyosong riders advise on what bike to buy.

Stick with advise from the educated.

Post something useful, or at least relevant, Tank. Or maybe go start another non-biker related thread about some stupid news article. Do you every say anything biker-related?


Steve

[Tank]

Post something useful, or at least relevant, Tank. Or maybe go start another non-biker related thread about some stupid news article. Do you every say anything biker-related?


Steve

Given that this really isnt that useful (most people know what a fishing email is) or relevant either I dont see your problem. Next you will be emailing everyone a warning not to believe those emails from the Nigerian prince sending you $5 mil as you are nice person, or another obvious bit of information that you think will make everyone go "wow - that guys know his shit: yeah right!"

I generally post in R+R as I enjoy it - and have some intelligent debate with some people (not you obviously).

Yeah - I post bike stuff from time to time - often warning people not to buy Ho'bags as I think they are a second rate piece of shit. Fuck - then you have an issue with that as well.

You really need to work on having a more positive attitude.

Peace Out !