Jump to content

A Scam?


Kriskah Arcanu

Recommended Posts

I received this message at least 4 times this month. I haven't answered but now must say Im starting to have doubts.
Have any of you got this type of message? Seem stupid to me that they cannot solve this problem without asking people their passwords. I dont know, maybe I'm wrong.
Please tell me what you think, I have many important supscriptions linked to this mail so it would be quite complicated for me to loose it.

Saludations,
K



ps: Perhaps "saludations" is not a real word. I kinda like it thoug, and I might use it some times. ;)

Edited by Kriskah Arcanu
Link to comment
Share on other sites

No company should ever have the need to ask for customers/consumers passwords, there is no need for them to have them as they can do global updates, much like Mur can do changes to MD without needing our passwords.
Hotmail (and other large organisations), if you think about it, have many millions of people with accounts, it wouldnt be time-effective for them to have to collect passwords and work on individual accounts. If you look on their Terms of Service, it should say they will never ask for your personal details.


If you suspect an email is genuine, first check the email address of the person who's sent the email to you. The company will always have a normal sounding email address, like "webmaster" or "customerservices" or somesuch, note people could well fake those addresses, so dont always rely on that.


So in short, yes, it's a scam email.

Link to comment
Share on other sites

100% Scam.

I never got that one, but recently I've gotten an email saying I've requested to recover a lost password,and to click one link to confirm, another to deny it. I just deleted the email instead because who knows where the deny link would lead me to. It went away after a week. Hope yours does too!

Link to comment
Share on other sites

  • Root Admin

As a rule of the internet, if a website ever asks you for the password in writing, it means its a scam, they are too retarded to actualy go without it, or they are too lazy (like me). The only case when you can give a pass out, is with your server admin that NEEEDSS it ... or you can ask him to be reset then you change it back. Most sites cant get your password but all sites can reset it to something else if needed.

Also basic scam tehnique, you are requested to login to the site, when actually the link points to a ip site or a similar looking domain BUT NOT THAT domain. Of course your password will get "cought" by them, you will get some stupid waring or error , and bye bye your real account ..later.

You need to be paranoid to survive. At least if you are to be scamed, let it happen when they fake yahoo dns for your isp, then there is realy nothing you could do or know.... but few do it right :D You should be honored if someone steals your accounts with that methid. (meaning you see url as http://yahoo.com, it looks like yahoo, but behind it its not)

If i ask you for passwords in md, remind me i don;t need it and pretend you are busy!
Then ask me next day if it was really me asking :))

Link to comment
Share on other sites

[quote name='Muratus del Mur' date='23 March 2010 - 03:25 AM' timestamp='1269307526' post='56787']
You need to be paranoid to survive. At least if you are to be scamed, let it happen when they fake yahoo dns for your isp, then there is realy nothing you could do or know.... but few do it right :)) You should be honored if someone steals your accounts with that methid. (meaning you see url as http://yahoo.com, it looks like yahoo, but behind it its not)
[/quote]

btw, there's an easier way to do the above, they don't need to fake the dns for your whole isp - check your hosts file once in a while (should be under windows\system32\drivers\etc for xp) - you should only have 127.0.0.1 bound to localhost there or any bindings you want to do yourself - if anything adds or anyone asks you to add let's say "xxx.xxx.xxx.xxx magicduel.com" in that file, it will translate magicduel.com to that ip instead of the real one and when you visit magicduel.com it will send you to their site, which can be a mirror of the original one and they catch your pass.

Edited by Totenkopf
Link to comment
Share on other sites

The easiest way to spot its a scam is looking at who actually sent it to you. The email address is pretty lame, as is the overall aesthetics of the email itself. If I were you I would give them fake info and see how much of their time you can waste. (That is of course if it isn't all run by a bot.)

Link to comment
Share on other sites

important is that the address is xllm113@hotmail.com. It would be sent from an administrator also hotmail has the right to freeze an account so they obviously have the right to look at your password.

Link to comment
Share on other sites

[quote name='Kamisha' date='26 March 2010 - 05:38 AM' timestamp='1269581920' post='56917']
important is that the address is xllm113@hotmail.com. It would be sent from an administrator also hotmail has the right to freeze an account so they obviously have the right to look at your password.
[/quote]

Thinking like this falls under the "survival of fittest", if you can convince yourself you should be giving your password away to anyone then you deserve what happens to you.

Do you really need people to tell you not to give your password away to anyone?

:huh:

Cutler

Link to comment
Share on other sites

[quote name='Kamisha' date='26 March 2010 - 07:38 AM' timestamp='1269581920' post='56917']
important is that the address is xllm113@hotmail.com. It would be sent from an administrator also hotmail has the right to freeze an account so they obviously have the right to look at your password.
[/quote]

the email id it's apparently coming from should never be trusted, spoofing email id's was around even when i bought my first 2400bps modem (although back then it was more common spoofing fidonet id's) :huh:

this usually works by forging the mail headers and/or submitting the email through an open relay (a server kinda like a proxy which allows outsiders to send mail through it), it would be very easy for instance to send you an email from kamisha@magicduel.com, but that can by easily countered by checking the email headers, which will show either the original computer/server the mail originated from, or rather the open relay in case one is used.

Edited by Totenkopf
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Forum Statistics

    17.5k
    Total Topics
    182.1k
    Total Posts
  • Recently Browsing

    • No registered users viewing this page.
  • Upcoming Events

    No upcoming events found
  • Recent Event Reviews

×
×
  • Create New...