[MODERATOR] hello! Steve Mooney -- SPAM LINK, do not click
- View Source
On Jun 26, 2013, at 18:52 , Steve Mooney <moonjack12000@...> wrote:
[[[ MESSAGE CONTENT REDACTED FOR SAFETY ]]]
The account was compromised. I have placed this subscriber on moderated status to protect the list until the problem is corrected.
Good gentles, there have been A LOT of these compromised accounts on the list lately, and quite a few of them were for people who have been long-time subscribers. Every one of these costs significant time from one or more list moderators, and more importantly, it puts everyone on this list (well over 2,000 people) at risk. We need your help to contain this problem.
Remember: Do not EVER click an unexplained link in an email, even if it appears to be from someone you know. Insist on explanatory text that is TOPIC SPECIFIC rather than something that a phishing robot could generate.
Bad: "Here is an interesting link: ___________"
Bad: "I thought you should see this: ____________"
Bad: "Is this a picture of you? ______________"
Good: "Here is a link to the photos I took from last weekend's Coronation at the Kingdom of Blablledyboo: __________"
Good: "For those interested in period tweedle glomping, here is an excellent museum exhibit: __________"
And so on. If you are the one *sending* the email to the list, with a legitimate link, keep the above hint in mind, and make it easy for others to know clearly that your link is okay.
HOW PHISHING WORKS:
They send out a link and get you to click on it. You do so. They prompt for login credentials (username and password) for a major site like Yahoo, Facebook, Twitter, Hotmail, Google, etc. They present a realistic fake login page to make you think that's where you will go.
They capture your username and password from the fake login page. The really smart ones then forward you on to the *real* page with those credentials, so you never even know you've been tricked.
Now, they have your username and password. They login as you and use YOUR account and YOUR reputation to get other people to fall for their scheme. Now you know how you get email that seems to be from your best friend but is actually from some goober in a distant city.
The phishers will also try this same username/password on other sites, with slight variations, figuring most people are lazy and use the same username and password in lots of social networking sites.
WHY ANTIVIRUS SOFTWARE DOESN'T HELP:
Very simply, this isn't a virus. It's an old-fashioned con game, gone digital. Virus scanners protect computers against malicious software, and a text email with a URL in it doesn't contain any software at all, malicious or otherwise.
This is not a technology problem, and technology can't solve it. Only vigilance by human beings can stop these scumbags.
Use good, cryptic passwords. The bad guys are getting smart about demographics now. If your account here is "JoeSmith176" and they realize there is a "JoeSmith176" on Facebook who posts a lot about backpacking, their data mining software will try passwords like "mountain" and "camping" and so forth. (This is a very simple example...the data mining is actually much smarter than that.)
So your password needs to:
* Not be a dictionary word.
* Contain letters, numbers, and punctuation, and not all at the end of a word. "xylophone123" is not one iota better than "xylophone" as a password, because they'll try common numeric variants automatically.
* Contain upper and lowercase letters in non-obvious places.
* Not the same on social networking sites as it is on security-sensitive sites like your online bank account.
Incidentally, tricks like uPpeRcAse and L337-5p33k (that is, substituting numbers for letters) in a visually-obvious way do NOT help. Again, the bad guys have software that automatically tries these combinations for them.
Kind regards, and I hope this was informational and helpful,