|
Kevin Shortt 85 Posts ISC Handler Oct 10th 2012 |
Thread locked Subscribe |
Oct 10th 2012 8 years ago |
"woow I got my free $500 costco gift card , get yours at ......":
Spelling, capitalization, and punctuation errors. And it seems too good to be true. All the earmarks of spam. But I could buy many gallons of salsa with the $500. Tempting - NOT! |
Alan 57 Posts |
Quote |
Oct 10th 2012 8 years ago |
Received a text message this morning supposedly BestBuy "you won a prize of an iPad or iPhone 5" with a bit.ly link. I won't click on the link as it may be tied specifically to my cell number and I don't want them knowing it is a valid one, but I'm sure this is a nice Android/iPhone compromising end-link. Rule #1: There is no free lunch. Rule #2: If there is a free lunch, see Rule #1.
|
Alan 42 Posts |
Quote |
Oct 10th 2012 8 years ago |
We tweeted about this over the weekend:
New #Facebook credential stealer: Subj: :Hey friends got a $500 Gift Card from COSTCO!" URL: hxxp://bit.ly/Pi1X8O IP: 46.21.151.148 Blocked |
ByrneIT 8 Posts |
Quote |
Oct 10th 2012 8 years ago |
The full analysis shows that the URL us a double redirect, using Google Translate. We notified the SafeBrowsing guys on Sunday Afternoon, and they have been blocking it since:
More details below. Subject: "Hey friends got a $500 Gift Card from COSTCO! " URL: hxxp://bit.ly/Pi1X8O, redirects through Google Translate to hxxp://www.google.com/translate?hl=en&ie=UTF8&sl=auto&tl=en&u=hxxp://bit .ly/UvLPCO Which goes to: hxxp://ooyah.info/costco.php?bfxhpJ3X IP: 46.21.151.148 Old RBN IP. |
ByrneIT 8 Posts |
Quote |
Oct 10th 2012 8 years ago |
It actually ends up at https://mirrorgo[.]info/costco/ but only if you are from US, UK or AU.
var country = geoip_country_code(); if (country == 'US' || country == 'GB' || country == 'AU' || country == 'USA') { window.top.location = "https://mirro rgo[.]info/costco/"; } else { window.top.location = "https://google.com"; } |
ByrneIT 2 Posts |
Quote |
Oct 11th 2012 8 years ago |
I frequent Facebook often. My friends have posted a, Causes link on my page to turn my page pink, for Breast Cancer Awarness, Which I do not want to do, oddly because of a small spelling error. Question is, Do all spelling errors within these ads, emails, or Causes suggest that it is a scam every time? We are only human and have room for grammatical errors, right? I believe the Cause is a phishing scam, and I do not play social games through Facebook for fear of scams out there. Thank you in advanced.
![]() |
ByrneIT 1 Posts |
Quote |
Oct 11th 2012 8 years ago |
Sign Up for Free or Log In to start participating in the conversation!