A Scam?

[Kriskah Arcanu]

I received this message at least 4 times this month. I haven't answered but now must say Im starting to have doubts.
Have any of you got this type of message? Seem stupid to me that they cannot solve this problem without asking people their passwords. I dont know, maybe I'm wrong.
Please tell me what you think, I have many important supscriptions linked to this mail so it would be quite complicated for me to loose it.

Saludations,
K



ps: Perhaps "saludations" is not a real word. I kinda like it thoug, and I might use it some times.

Edited March 22, 2010 by Kriskah Arcanu

[Grido]

No company should ever have the need to ask for customers/consumers passwords, there is no need for them to have them as they can do global updates, much like Mur can do changes to MD without needing our passwords.
Hotmail (and other large organisations), if you think about it, have many millions of people with accounts, it wouldnt be time-effective for them to have to collect passwords and work on individual accounts. If you look on their Terms of Service, it should say they will never ask for your personal details.


If you suspect an email is genuine, first check the email address of the person who's sent the email to you. The company will always have a normal sounding email address, like "webmaster" or "customerservices" or somesuch, note people could well fake those addresses, so dont always rely on that.


So in short, yes, it's a scam email.

[Yoshi]

100% Scam.

I never got that one, but recently I've gotten an email saying I've requested to recover a lost password,and to click one link to confirm, another to deny it. I just deleted the email instead because who knows where the deny link would lead me to. It went away after a week. Hope yours does too!

[Kriskah Arcanu]

Thank you Grido and Yoshi.
After the fourth email I started getting a bit upset.
Now I wont worry about it anymore.

Edited March 23, 2010 by Kriskah Arcanu

[Muratus del Mur]

As a rule of the internet, if a website ever asks you for the password in writing, it means its a scam, they are too retarded to actualy go without it, or they are too lazy (like me). The only case when you can give a pass out, is with your server admin that NEEEDSS it ... or you can ask him to be reset then you change it back. Most sites cant get your password but all sites can reset it to something else if needed.

Also basic scam tehnique, you are requested to login to the site, when actually the link points to a ip site or a similar looking domain BUT NOT THAT domain. Of course your password will get "cought" by them, you will get some stupid waring or error , and bye bye your real account ..later.

You need to be paranoid to survive. At least if you are to be scamed, let it happen when they fake yahoo dns for your isp, then there is realy nothing you could do or know.... but few do it right You should be honored if someone steals your accounts with that methid. (meaning you see url as http://yahoo.com, it looks like yahoo, but behind it its not)

If i ask you for passwords in md, remind me i don;t need it and pretend you are busy!
Then ask me next day if it was really me asking

[BFH]

I agree with all. And please report that mail (open it then go to "mark as" and select "phishing".

[Totenkopf]

[quote name='Muratus del Mur' date='23 March 2010 - 03:25 AM' timestamp='1269307526' post='56787']
You need to be paranoid to survive. At least if you are to be scamed, let it happen when they fake yahoo dns for your isp, then there is realy nothing you could do or know.... but few do it right You should be honored if someone steals your accounts with that methid. (meaning you see url as http://yahoo.com, it looks like yahoo, but behind it its not)
[/quote]

btw, there's an easier way to do the above, they don't need to fake the dns for your whole isp - check your hosts file once in a while (should be under windows\system32\drivers\etc for xp) - you should only have 127.0.0.1 bound to localhost there or any bindings you want to do yourself - if anything adds or anyone asks you to add let's say "xxx.xxx.xxx.xxx magicduel.com" in that file, it will translate magicduel.com to that ip instead of the real one and when you visit magicduel.com it will send you to their site, which can be a mirror of the original one and they catch your pass.

Edited March 23, 2010 by Totenkopf

[Izuel Flash]

The easiest way to spot its a scam is looking at who actually sent it to you. The email address is pretty lame, as is the overall aesthetics of the email itself. If I were you I would give them fake info and see how much of their time you can waste. (That is of course if it isn't all run by a bot.)

[Kamisha]

important is that the address is xllm113@hotmail.com. It would be sent from an administrator also hotmail has the right to freeze an account so they obviously have the right to look at your password.

[cutler121]

[quote name='Kamisha' date='26 March 2010 - 05:38 AM' timestamp='1269581920' post='56917']
important is that the address is xllm113@hotmail.com. It would be sent from an administrator also hotmail has the right to freeze an account so they obviously have the right to look at your password.
[/quote]

Thinking like this falls under the "survival of fittest", if you can convince yourself you should be giving your password away to anyone then you deserve what happens to you.

Do you really need people to tell you not to give your password away to anyone?



Cutler

[Totenkopf]

[quote name='Kamisha' date='26 March 2010 - 07:38 AM' timestamp='1269581920' post='56917']
important is that the address is xllm113@hotmail.com. It would be sent from an administrator also hotmail has the right to freeze an account so they obviously have the right to look at your password.
[/quote]

the email id it's apparently coming from should never be trusted, spoofing email id's was around even when i bought my first 2400bps modem (although back then it was more common spoofing fidonet id's)

this usually works by forging the mail headers and/or submitting the email through an open relay (a server kinda like a proxy which allows outsiders to send mail through it), it would be very easy for instance to send you an email from kamisha@magicduel.com, but that can by easily countered by checking the email headers, which will show either the original computer/server the mail originated from, or rather the open relay in case one is used.

Edited March 26, 2010 by Totenkopf

[Kriskah Arcanu]

Yes, I notice the email sender, that is one of many reasons I didn't answer it.
Thank you all for helping me clear this out.

K

[b]@ Any mod: Please, this thread can now be closed[/b]

Edited March 26, 2010 by Kriskah Arcanu