Results 1 to 9 of 9

Thread: Attention GMail Users: Massive Phishing Attack Going Round

  1. #1
    Administrator Aragorn's Avatar
    Join Date
    17th March 2015
    Location
    Middle-Earth
    Posts
    20,241
    Thanks
    88,444
    Thanked 80,975 Times in 20,256 Posts

    Exclamation Attention GMail Users: Massive Phishing Attack Going Round

    For the "too long; didn't read" people: don't click on any Google Docs links sent to you by way of an e-mail to your GMail account, even if they appear to come from a person you know. Opening the link might give an attacker full access to your GMail account.







    Source: Independent


    A huge scam is sweeping the web and anyone with a Gmail account may be vulnerable.

    Huge numbers of people may have been compromised by the phishing scam that allows hackers to take over people's email accounts.

    It's not clear who is running the quickly spreading scam or why. But it gives people access to people's most personal details and information, and so the damage may be massive.

    The scam works by sending users an innocent looking Google Doc link, which appears to have come from someone you might know. But if it's clicked then it will give over access to your Gmail account — and turn it into a tool for spreading the hack further.

    As such, experts have advised people to only click on Google Doc links they are absolutely sure about. If you have already clicked on such a link, or may have done, inform your workplace IT staff as the account may have been compromised.

    The hack doesn't only appear to be affecting Gmail accounts but a range of corporate and business ones that use Google's email service too.

    If you think you may have clicked on it, you should head to Google's My Account page. Head to the permissions option and remove the "Google Doc" app, which appears the same as any other.

    You'll be able to tell if it is the malicious app if it has a recent authorisation time.

    That app has full access to a person's Google account as well as being able to send emails that appear to be from them, making the attack especially dangerous.

    The email itself comes addressed to hhhhhhhhhhhhhhhh@mailinator.com — which is the only way to know that the email is malicious. They otherwise look completely legitimate, including the account in the "from" field.


    Source: Independent
    = DEATH BEFORE DISHONOR =

  2. The Following 8 Users Say Thank You to Aragorn For This Useful Post:

    Aianawa (6th May 2017), Amanda (6th May 2017), Bob (4th May 2017), Dreamtimer (4th May 2017), Elen (4th May 2017), Greenbarry (4th May 2017), Mahakasyapa (5th May 2017), modwiz (3rd May 2017)

  3. #2
    Retired Member
    Join Date
    23rd December 2013
    Posts
    938
    Thanks
    2,656
    Thanked 5,320 Times in 939 Posts
    Could this be a psy op or a black op? Who is behind it? Somebody made this happen - yes????? I don't use a gmail account so that probably makes me a minority these days ....

    Much Peace - Amanda

  4. The Following 5 Users Say Thank You to Amanda For This Useful Post:

    Aragorn (4th May 2017), Dreamtimer (4th May 2017), Elen (4th May 2017), Greenbarry (4th May 2017), modwiz (4th May 2017)

  5. #3
    Retired Member
    Join Date
    25th July 2015
    Posts
    216
    Thanks
    208
    Thanked 831 Times in 207 Posts
    the frequency of massive hacks and the regularity of these makes one wonder how the e-banking ...e-currency thing would go
    for example.....went to the landfill today and my expense of 36 bucks was declined..... told the person manning the toll booth to get their machine re-calibrated as it wasn't the card....but got the now typical register jockey look of yah right...sure you do......fortunately i had cash
    went to the hardware store and no issues there
    so what would people do if their connection wasn't good or whatever issue told them you were broke....transaction declined
    hmmmmm
    lots of potential troubles ahead for cashless system....too vulnerable by far

  6. The Following 7 Users Say Thank You to ZShawn For This Useful Post:

    Aianawa (6th May 2017), Amanda (6th May 2017), Aragorn (4th May 2017), Dreamtimer (4th May 2017), Elen (4th May 2017), Mahakasyapa (5th May 2017), modwiz (4th May 2017)

  7. #4
    Retired Member Netherlands
    Join Date
    20th March 2015
    Location
    The Netherlands
    Posts
    1,369
    Thanks
    0
    Thanked 4,496 Times in 1,190 Posts
    Quote Originally posted by ZShawn View Post
    the frequency of massive hacks and the regularity of these makes one wonder how the e-banking ...e-currency thing would go
    for example.....went to the landfill today and my expense of 36 bucks was declined..... told the person manning the toll booth to get their machine re-calibrated as it wasn't the card....but got the now typical register jockey look of yah right...sure you do......fortunately i had cash
    went to the hardware store and no issues there
    so what would people do if their connection wasn't good or whatever issue told them you were broke....transaction declined
    hmmmmm
    lots of potential troubles ahead for cashless system....too vulnerable by far
    I tell you how that's gonna go: when all their plans have been executed and cash has been assassinated, all responsibility in case of hacks etc. will be put on the plate of the consumer.

    iow They're gonna rob us and there's little the sheeple can do about it.


  8. The Following 5 Users Say Thank You to Outlander For This Useful Post:

    Aianawa (6th May 2017), Amanda (6th May 2017), Aragorn (4th May 2017), Dreamtimer (4th May 2017), Elen (4th May 2017)

  9. #5
    Retired Member
    Join Date
    23rd December 2013
    Posts
    938
    Thanks
    2,656
    Thanked 5,320 Times in 939 Posts
    I would like to think that the cashless society will not proceed. People are waking up and that fact is heartening. Here's a item of information I received via a first person face to face conversation: A card was stolen from a person. It was one of those 'wave it' type debit cards where a PIN number is not required. That is a new type of theft - steal the card and even if it is a male 'waving' a stolen debit card that obviously belongs to a female - transaction cleared.

    I am all for cash. Whenever the conversation arises I always state to people: When you are using only cards and not cash, you are completely and utterly owned by the authorities. One day the authorities will make an announcement. Let's say for instance: We are overpopulated so everyone has to kill their first born. Extreme example I know but the masses would not comply. That is when all the 'plastic debit/credit cards' would be turned off. What are you going to do then? In every instance the person is struck down with no words - no reply.

    My understanding is that the 'plastic cards' will eventually be connected to not just finances but also medical records and vehicle registration et cetera. Here in Australia when renewing a Drivers Licence the licence is issued from a distant main office. The licence up until a couple of years ago was issued at the office where a person was renewing. The staff member took receipt of the money and took the photograph and the licence was available in a few minutes. It is the same with the vehicle registration - no more registration sticker - all conducted via wi-fi and other modern technology.

    I do not mean to derail the thread but one thing I do know is this: A lot of people are waking up and a lot of people who would not normally broach these types of subjects - are - asking questions.

    Much Respect - Amanda

  10. The Following 5 Users Say Thank You to Amanda For This Useful Post:

    Aianawa (6th May 2017), Aragorn (5th May 2017), Dreamtimer (5th May 2017), Elen (5th May 2017), Mahakasyapa (5th May 2017)

  11. #6
    Administrator Aragorn's Avatar
    Join Date
    17th March 2015
    Location
    Middle-Earth
    Posts
    20,241
    Thanks
    88,444
    Thanked 80,975 Times in 20,256 Posts
    Quote Originally posted by Amanda View Post
    [...] I am all for cash. [...]
    I'm all for the abolition of money and the barter-based society as a whole.


    Bringing this thread back on topic, I just wanted to say — just to clear up any misunderstandings — that I didn't post this thread as merely another subject we can debate, even though the thread is certainly open to that. My primary objective here is to warn our members not to click on any links to Google Docs which they may be receiving in their GMail inbox, given that the vast majority of our members has signed up here at The One Truth with a GMail address. So the threat described in the opening post poses a very real hazard to a great number of our members.

    A very significant attack vector when it comes to cyber-crime — including the distribution of malware — is the concept of social engineering. No matter how secure one's computer system is — but 90% of the world uses Microsoft Windows on their desktop and laptop/notebook computers, so that in itself already negates the pretense of security — the attackers know that the weakest link in the chain is always going to be the biological unit between the keyboard and the chair. Therefore, a lot of malware infections and computer security breaches stem from getting the user to click on something.

    The use of e-mail formatted as HTML has greatly facilitated this attack vector, because with HTML, you can present a malicious link to the user as a benevolent one. For that matter I can do the same thing right here and right now with the BBcode used here on the forum — any type of markup language will do.

    Here, let me give you an example. Click this link: "www.google.com". Go ahead, do it. And don't worry, it's harmless.

    HTML was intended as a markup language for static websites — dynamic sites such as web-based forums (or things like YouTube, Facebook et al) use PHP, which is more flexible — but it was promoted as an e-mail format by Microsoft, because it allows for fancy looking e-mails with all kinds of fonts and colors and pictures. And that is something which the marketing industry really likes, because such e-mails are a lot more tempting and/or convincing than plain text.

    Myself, I only allow HTML on incoming e-mails from trusted sources — I can set the view separately per mail folder — and e-mails which I myself am sending out to people are exclusively composed as plain text. So in other words, if an e-mail arrives on my computer from an unknown source, it'll show on my screen as unformatted plain text only. But then again, I use an e-mail client on my own computer, rather than a web-based mail service like GMail. And there's the problem: GMail and other web-based e-mail services don't even support plain text e-mails anymore. And yet, plain text is the most secure form of e-mail, because one cannot hide anything in plain text. If someone were to send you a malicious link in a plain text e-mail, you would see the full link for what it is and for what it points to, not for what it pretends to be.


    (P.S.: I do have a GMail account, but it's linked to a locally running e-mail client on my smartphones, and I only ever use that in the event of an emergency, such as when my computer unexpectedly died in December 2016 and I needed to inform Malc of that. I also use the GMail address itself for authenticating to YouTube and other personalized Google services such as Google Drive. That way, if any of them spams me with anything, it'll go to that mailbox only. Those who need to contact me via e-mail all have my real e-mail address.)
    = DEATH BEFORE DISHONOR =

  12. The Following 5 Users Say Thank You to Aragorn For This Useful Post:

    Aianawa (6th May 2017), Amanda (6th May 2017), Dreamtimer (6th May 2017), Elen (5th May 2017), Mahakasyapa (5th May 2017)

  13. #7
    Retired Member
    Join Date
    23rd December 2013
    Posts
    938
    Thanks
    2,656
    Thanked 5,320 Times in 939 Posts
    To come back to the thread topic - my apologies if I derailed the discussion. I don't use a gmail account, there is probably one sitting unused from when I opened a youtube account. Even without a gmail account I still receive unsolicited electronic mail. I have firewalls and my settings set to my specifications but still they come....

    A few times I have looked at the electronic mail and I could not press the delete button quick enough. I think the current article posted here is only a tip of the iceberg warning. The worldwideweb is just that - a huge complex network that can be circumvented by anyone with computer knowledge. Being careful these days is a skill in itself. Here's to people not getting caught when pressing buttons on their keyboard.

    Much Respect - Amanda

  14. The Following 4 Users Say Thank You to Amanda For This Useful Post:

    Aianawa (6th May 2017), Aragorn (6th May 2017), Dreamtimer (6th May 2017), Elen (6th May 2017)

  15. #8
    Administrator Aragorn's Avatar
    Join Date
    17th March 2015
    Location
    Middle-Earth
    Posts
    20,241
    Thanks
    88,444
    Thanked 80,975 Times in 20,256 Posts
    Quote Originally posted by Amanda View Post
    [...] Even without a gmail account I still receive unsolicited electronic mail. I have firewalls and my settings set to my specifications but still they come....
    Well, first thing you should bear in mind is that a firewall isn't going to do anything about unsolicited e-mail. A firewall is a device — whether implemented as hardware or as software — which filters out incoming and/or outgoing traffic by blocking certain IP addresses and/or ports.

    I think most people here will be familiar with what an IP address is, but fewer will be familiar with what a port is. The analogy with a home address would be that if your IP address is your home address, then the port number is the aperture through which parcels can be delivered or picked up.

    There are 65535 ports, each one of which can be made to listen to a particular type of traffic. Ports between 0 and 1023 are privileged, i.e. they are reserved for server processes — e.g. a web server runs on port 80 by default, a secure shell daemon runs on port 22 by default, an FTP server runs on port 21 by default, et al. It is of course possible to reconfigure a server process so that it listens on a non-standard port number instead of the default. Port numbers from 1024 up are considered unprivileged.

    Firewalls offer you a way to close certain ports, or reroute ports to a non-standard port number, either all across the board — which may not always be the wise thing to do — or for a specific IP address or a particular range of IP addresses. So the intent of a firewall is primarily to protect your computer from break-in attempts, but in some cases — e.g. Microsoft Windows and its own built-in firewall — the firewall may also be used to limit outgoing traffic on certain ports, given that Microsoft Windows "phones home". Another use for limiting traffic by way of a firewall could for instance be parental control — e.g. setting a time frame within which your computer cannot access the internet, or perhaps limit its internet access to only a few selected websites.

    Either way, a firewall won't protect you against spam, and nobody's immune to that without some extra filtering going on in your e-mail client. And even then, blocking the spam is going to be very hard, because you may also end up with false positives — i.e. legitimate e-mails which get marked as spam and end up being deleted before you've had a chance to read them.

    I've had such an issue about a decade ago with the spam filtering that my ISP offers and which operates directly on my mail account at their servers, before the e-mail is downloaded by my own computer. That's why I've now only set that filter to mark a suspect e-mail as spam, rather than to have it delete it. It marks whatever it suspects by adding the prefix "[SPAM]" to the subject of the e-mail. I then use filters in the e-mail client on my own computer in order to direct incoming e-mail into separate folders by looking at the sender address and the subject line.

    The filter which looks for the "[SPAM]" prefix in the subject line comes last in the line, so that even if a legitimate e-mail gets marked with that prefix by my ISP — which may on occasion happen to e-mails coming from the server of The One Truth — then the e-mail gets intercepted and sorted by my other filters first, and if the sender address does not match any of the other filters while the subject line has a "[SPAM]" prefix, only then will the e-mail be directed into my Trash folder. And the Trash folder gets periodically cleaned automatically.

    Quote Originally posted by Amanda View Post
    A few times I have looked at the electronic mail and I could not press the delete button quick enough.
    Oh yeah, I've had that happen to me too. The problem here is that most spam is not actually being sent out by any advertising companies, but by malware on the computer of someone who happens to have your e-mail address. Or maybe that person doesn't have your e-mail address, but the malware is clever enough to communicate with other infected computers and could be using e-mail addresses harvested from another infected machine, e.g. from someone who does have your e-mail address.

    A survey a number of years ago indicated that 80% of all e-mail traffic on the internet is spam. That's quite telling, isn't it?

    Quote Originally posted by Amanda View Post
    I think the current article posted here is only a tip of the iceberg warning. The worldwideweb is just that - a huge complex network that can be circumvented by anyone with computer knowledge.
    Well, yes. See, to most people, a computer is nothing more than a kitchen sink household appliance. 25 years ago, that was still very different. People who owned one or multiple computers were genuine enthusiasts, and they had a sufficient amount of knowledge on what a computer is, how it works, and what it can and cannot do. But today's average computer user doesn't have that knowledge. People use a computer as a turnkey appliance for e-mail and surfing, and maybe an occasional game, but they do not think of it as a genuine computation system, and they're also not interested in the technology itself. They are consumers, rather than tinkerers.

    And this is where the black hats and the script kiddies come in. They know that the vast majority of the people doesn't know how to circumvent certain threats, and that people are very lax on account of computer security. Furthermore, Microsoft Windows still has a 90% market share on the desktop, and Windows is the most promiscuous operating system there is — not to mention that Windows itself also spies on you and sends data back to Microsoft without your consent.

    So today's situation is like putting the fox in the hen house. Most desktop computers are wide open to attacks — both because of the Windows platform and because of the IT-related ignorance of the user — and there are lots of people waiting for their chance to attack, exploit or otherwise abuse other people at the first opportunity.

    Script kiddies are just hooligans. They use hacking tools developed by others, and they use them just for harassment or bragging rights. Black hats however — and I'm including the alphabet soup spooks among those — are of course another matter. And when it comes to what those guys all do, spam is most likely the least harmful offense, annoying as it may be.
    = DEATH BEFORE DISHONOR =

  16. The Following 4 Users Say Thank You to Aragorn For This Useful Post:

    Aianawa (6th May 2017), Amanda (6th May 2017), Dreamtimer (6th May 2017), Elen (7th May 2017)

  17. #9
    Retired Member
    Join Date
    23rd December 2013
    Posts
    938
    Thanks
    2,656
    Thanked 5,320 Times in 939 Posts
    Aragorn - Thank you for all your information. I am well aware that a firewall is a completely different application to my computer and electronic mail applications. Due to the fact we 'speak' via typing/text - a lot can get lost in translation.

    My point is - regardless of what applications and protective measures are in place on a persons computer - if the cabal/illuminati/whatever or a black hat/grey hat/white hat - want to access your computer, they will find a way. I include the term white hat due to the fact so many shills/trolls/disinformation agents purport to be decent but are in actual fact the opposite.

    The fact remains, the governments have GWEN (Ground Wave Emergency Network) and other means to literally access any computer they want - with override switches to the 'big' switch that can turn it all off. The other (lesser) fact is that companies sell our information. I have been subjected to unsolicited mail that came to my home address. I have a post box and am very very very careful as to who has my home address. Every now and then I experience a reminder that being careful is not always a solution.

    I do not live in fear nor am I concerned. I have no money. I do the best with what I have and I press on regardless. I am with you on the cash but as everything is a process - we still need cash as we make our way gradually back to a place where we share everything. Barter is not an option when no one actually 'owns' the Earth. One day we will get there - every day is a step closer to a better peaceful Earth - yes?

    Much Respect - Amanda

  18. The Following 3 Users Say Thank You to Amanda For This Useful Post:

    Aragorn (7th May 2017), Dreamtimer (7th May 2017), Elen (7th May 2017)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •