Phishing attempt at Linux.com

fjgold

Hi Folks,

I'm not sure where to post this but I figure here is as good a place as any. If the moderators need to move it thats OK with me.

So here's the problem. I joined the Linux.com community on May 17. I made it a point to leave the contacts fields in the enrollment

form blank, further I made sure only friends could view my profile

but the radio button to allow messages from Linus.com is checked yes.

Today I received a message at the email account that is supposed to be known only to Linux.com.

It was from an Elizabeth and appeared to be a friend invitation.

It was however a "phishing" attempt

The text of the message is posted below.

Dear Friend, I know that this is an unusual platform for us to be discussing this Kind of business but the situation has necessitated me to use this Medium to communicate you for now. But let me introduce myself to you. I am Miss. Elizabeth Mark, the manager of bill and exchange at the foreign remittance department of my Bank. In my department I discovered an abandoned sum of US$14.5M, (Fourteen Million, and Five Hundred Thousand US Dollars) at our head office Accra Ghana, that belongs to one of our foreign customers, who died along with his wife and only son in a plane crash of Alaska Airlines Flight number 261 which crashed on 31 January, 2000. The owner of this account is Mr. Morris Thompson an American and great industrialist and a resident of Alaska. It is therefore upon this discovery that I now decided to make this Business proposal to you and for our bank to release the money to You, for more detail send me an email in my private email address( e.mark11@yahoo.xxx or elizamark@lycos.xxx ) Yours truly, Miss. Elizabeth Mark.

I deliberately changed the .com of the email addresses in the body of the message to prevent someone here from accidentally clicking on these links and getting into some sort of trouble. Please don't click these email links.

Furthermore on the 17 th I received more spam messages at this mail account than I normally receive in a week. I sometimes go quite awhile before seeing spam at this account.

This spam issue may be a coincidence but the "phishing" message is very real.

My guess is that some lowlife has "hacked" Linux.com.

Has anyone else experienced this invasion of privacy.

Thanks.

mfillpot

I have noticed that if you have an RSS subscription to the Linux.com blogs, every blog comes over with the author's e-mail address. That is most likely were they got your email from.

fjgold

Nope, no RSS subscriptions for me, I don't like RSS so I don't use it. If I want to read a blog I do it manually.

I don't blog either.

This is a serious issue and I hope we can get it fixed.

mfillpot

Were these messages sent from Linux.com as friend requests? I so I would recommend sending a message to Brian Profitt reporting g the spammer.

samjh

This would probably be the second attack against high-profile Linux websites recently. First was Debian Forums, and now here.

Definitely worth reporting to the admins.

Nice catch.

fjgold

Yep, I reported this to Brian about 10-12 hours ago.
Unfortunately I deleted the email without thinking so I can't provide headers etc., just the body of the message.

This was in my inbox as coming from Linux.com as a friend
invite from Elizabeth.

I opened it without thinking, assuming it was from a legitimate member. I opened it in Thunderbird on my Win 7 install.

Gee, I hope I haven't infected my Windows machine with some nasty.:laugh:

Seriously I will run a virus scan to be sure.

mfillpot

All friend requests are send as text from linux.com, you don't have to worry about any bugs, that is unless they are masking their email server as linux.com.

vtel57

Thanks for posting this, Frank. If it is an issue, others will pop in and post here, I'm sure.

On a probably unrelated note: The Linux.com server has BEEN SLOW AS MOLASSES this evening from the Tampa area. I bypassed my local DNS by using their IP (140.211.167.55) and it was still slow as hell. I wonder what's up with that.

Hey mfillpot, this is why I accidently double-posted on the Slackware Linux Users group earlier. I felt like I was on dial-up again.

Anywho... :side:

mfillpot

I'm not feeling the delay, have you ran trace route to determine the point of lag?

vtel57

No. I didn't. It seems to be all better now, anyway. Probably just a local node that was slowing things up.

Hmm... a drop out at nero.net (node 25). This is Linux.com's nameserver at Oregon State U. *scratching head*

fjgold

Brian is aware of this issue and has banned the account in question. He is also searching for anti spam solutions to prevent this from happening again.:)

vtel57

COOL! So it wasn't just your imagination. I still wonder how they got your email addy?

mfillpot

Actually it sounds like they sent spam through a friend request and did not actually get the email address.

wdavies285

just been spammed as well, shame that i have already sent all my money to an uncle i did not know i had in Nigeria, linux spammed come on we can't have that!

bproffitt

We are aware of these attempts. We're implementing some fixes to the system to prevent, but for now, e-mail webteam@linux.com anytime you get these things, and try to ID the user so we can kick them off immediately. There will be zero-tolerance of spamming, via forums, e-mails, and DMs.

BKP

darkixion

It won't be long before there will be posts directing us to cheap Nike gear from a Chinese website. That's what continues to happen on the interactive fiction usenet group.

zabouth

Hi just a quick note to say I got the same message today form the user with the id 4576