Please give us your personal information so we may rob you:
—–Original Message—–
From: PayPal Billing [mailto:billing@customerdata.com]
Sent: Wednesday, August 26, 2009 8:13 PM
Subject: Account Verification Form
Dear PayPal customer,
During our regularly scheduled account maintenance and verification
procedure we have detected a slight error in your billing information.
This might be due to the following reasons:
1.A recent change in your personal information (ie. change of
address, email address)
2.An inability to accurately verify your selected option of payment
due to an internal error within our systems.
Please verify your information. To do this we have attached a form to this
email. Please download the form and follow the instructions on your screen.
NOTE: The form needs to be opened in a modern browser which has javascript
enabled (ex: Internet Explorer 7, Firefox 3, Safari 3, Opera 9)
We are requesting this information to verify and protect your identity. This
is in order to prevent the illegal activity of PayPal accounts.
Please do not reply to this email.
We apologize for any inconvenience this may have caused.Sincerely, PayPal
security team.
PayPal Email ID PP836
Remember, this is the Internet. Just because you’re not the type of person who would sell your grandmother to Russian gangsters for a dollar doesn’t mean there aren’t a thousand and one other people out here who would. (Sell your grandmother to Russian gangsters that is, and probably their own as well.)
This email was good. No spelling or obvious grammar mistakes. The only warning signs were (a) the sending email address (billing@customerdata.com) and (b) the fact that they attached an html form for the user to fill out. The html document was encrypted and wrapped in a javascript tag. NOT GOOD!!
be wary of applications that take you to a page that requires you to enter your facebook login.
Don’t click on suspicious links! e.g., “If it hadnt of been for the internet I would of never got out of debt. Here is how I earned extra cash to be debt free http://urlite.com/15233/”
Don’t use the same password for facebook as you use elsewhere on the internet.
Don’t share your password!
Cleaning up after you’ve been infected:
As of right now, it looks like user accounts are being hijacked via applications that re-direct users to a page where they enter their facebook password. To clean up after being compromised:
run anti-virus and anti-spyware software on your computer to make sure your computer is not infected. If you don’t have an up to date antivirus program, download and install either clamwin or AVG. Links to safe places to download these applications from are below.
change your facebook password.
Double check that you don’t have suspicious applications installed.
Wednesday August 19th 2009, 8:04 am
Filed under: interweb
Facebook, the hot internet bubble property in search of a business model has officially entered a new, and more dangerous, era: spam. The party is over folks! Over the past couple of days I’ve noticed several of my friends posting strange messages on people’s walls. For instance:
Fortinet’s Global Security Research Team warned that Wall posts containing links must be handled with care and recommends they should not be followed.
At this point, it seems like people aren’t exactly sure what the attack vector is. Are these spam posts coming from applications that the user installed on their local machines? Were the accounts hacked? Possibly this is coming from a rogue application that was installed? Facebookadvice.com discusses several possibilities on his post on the “Secret Crush” application here.
A couple of days ago this message floated through faceblah status updates:
FACEBOOK has agreed to let a third party advertisers use your posted pictures WITHOUT your permission. Click on SETTINGS up at the top by the Log out link. Select Privacy, then NEWSFEEDS and WALL. Select the FACEBOOK ADS tab. There is a drop down box, select NO ONE. Then SAVE your changes. (REPOST To LET YOUR FRIENDS KNOW!)
Today I saw this advertisement on a picture:
Jason Espino featured in facebook advertising
So, it really wasn’t an email rumor after all. Facebook, the hot internet application of the 21st century has, in it’s perpetual quest for a business model that actually generates money, hit upon the novel idea of whoring out it’s users’ information to advertisers.
Ultimately, it’s your decision whether or not you want to let them do that. If you don’t want it, be sure to update your privancy settings.
“War, Nobby. Huh! What is it good for?” he said.
“Dunno, Sarge. Freeing slaves, maybe?”
“Absol–well, okay.”
“Defending yourself against a totalitarian aggressor?”
“All right, I’ll grant you that, but–”
“Saving civilization from a horde of–”
“It doesn’t do any good in the long run is what I’m saying, Nobby, if you’d listen for five seconds together,” said Fred Colon sharply.
“Yeah, but in the long run, what does Sarge?”
I’ve spent the better part of the last year trying to figure out exactly what Twitter is good for. I think I might be getting an inkling.
Saving civilization from a horde of black-robed Mullahs?
We’ll see.
Twitter seems to be what newsgathering will look like in a post-Journalism world. CNN was 24 hours behind twitter in picking up on the brewing crisis after the election. And Twitter re-scheduled maintenance on their server farm to not interfere with Iranians using it. As wired put it recently, when commenting on the MySpace loosing ground to Facebook:
When your server farm’s service schedule has an impact on Middle East Peace you are onto something big — much bigger than which garden-variety walled garden has more members.
Monday June 15th 2009, 8:56 am
Filed under: interweb
So, our new phone salesman started today. Older guy, very personable. Got him set up on the domain and email. He had an HTC Touch from Sprint that he wanted set up to access email. Tried downloading the Mobile Gmail application, but it didn’t seem to work. It installed fine, but said something about not being able to connect securely. Around the internets, there were a number of people blogging about this issue, and this posting by Sherif Mansour back in October seemed to be the go-to blog post on getting it to work.
I found that Sprint’s “mobile email” application seemed to support gmail natively, however, without needing to install the gmail mobile application. I was able to send a test message, we’ll see how well it continues to work for him.
