[Kulei]

K@nyan type the list of the people who fell for it.

[a.k.a]

the best way is you tafuta keyloggers and you install on your whoever wherever computer...how to do it especially kama you stay way way apart is the thing to beat.

[dotNet]

I know of a better and cleaner way of doing this, provided the person whose password you wanna get aint that smart on reading the url. Hit my inbox. Charges range depending on gender.

[keny@n]

Quote:

Originally Posted by Kulei

K@nyan type the list of the people who fell for it.

LOL
You sure you aint on it?
Anyway, I closed the mail down. Too tempting. More than 250 people, meaning that guys sambazad the idea to their friends.
Of course a lot of them will claim that they were just seeing if it actually works and did not use real emails.
I highly doubt that!

[froggy]

damn,

I was still in campus when Yahoo warned users about this trick.

I'm sure the address is blacklisted by Yahoo by now. You'll get a mailer-daemon message if you send your address and password to this quack.

Anyway, I'm not an IT expert, but even I cant fall for a trick that old. With 256 bit encryption, i feel pretty safe with Yahoo.

quick tip. Open many addresses. Build many different profiles for the various forums you visit. cover your tracks well since this stuff is obviously monitored. If you gonna say something really acrimonious and you in Kenya, use an IP that cant be traced back to you (instead of your blackberry, go to a cyber)

[Jamela]

Quote:

Originally Posted by keny@n

LOL
You sure you aint on it?
Anyway, I closed the mail down. Too tempting. More than 250 people, meaning that guys sambazad the idea to their friends.
Of course a lot of them will claim that they were just seeing if it actually works and did not use real emails.
I highly doubt that!

i want you to open my email and read it. See if it works or not.

yes mashadites i was one of the victims. *tears*

[stunner]

if you know anything about the software industry, any server that takes 20 mins to return a query will be upgraded in a crazy hurry.

Secondly, password info would be encoded when passed from the database so there would be no way of figuring it out on the mail text....unless you can decode that machine language

[keny@n]

Quote:

Originally Posted by Jamela

i want you to open my email and read it. See if it works or not.

yes mashadites i was one of the victims. *tears*

Jamela, since you want me to open and read, it must be a junk box.
Anyway, iI already closed the phish mail down.

Thing is, it is just a trick. Meaning it is 100% foolproof if you follow the instructions.
You basically end up sending your own password to someone who owns the supposed password server. Theres no hack there.

The system is what is termed as social engineering. This one though is probably one of the weaker ones.
Have you ever tried to open an email and you got a box asking you to relogin because your session had expired? Did you think twice about it?..... but thats another scam all together.

Quote:

stunner
if you know anything about the software industry, any server that takes 20 mins to return a query will be upgraded in a crazy hurry.

Secondly, password info would be encoded when passed from the database so there would be no way of figuring it out on the mail text....unless you can decode that machine language

You are right. Thats the reason no one bothers to hack secure emails like yahoo or hotmail
run on a secure server.

But:

If YOU know anything about the 'software' industry, you will know that most email proggies eg sendmail are rife with security holes. The issue is not the software my man. Its the server that the software is installed on.
Do an audit on sites that run their own email servers and see for yourself (If you are in Kenya then it ain't illegal since we have no laws governing the internet).

Generally, its silly to bother breaking passwords online. Breaking into the server that holds the mail makes a whole lot more sense.

eg; nmap -v -P0 www. kibakitena. co.ke
The results are just amazing and prove that this guys are clowns. How can you be hosted on godaddy's (p3slh055.shr.phx3.secureserver.net) server and have more than 45 ports open ??????
Basically cause they figure godaddy will look after them on those cheap shared hosting plans.
Ngoja tu!!

[froggy]

Keny@n enyewe uko mbele. I didnt know its called social engineering.

What I cant figure is how a person can send you his or her username + his or her password, and NOT SMELL A RAT. are there real people that gullible?

[keny@n]

Quote:

Originally Posted by froggy

Keny@n enyewe uko mbele. I didnt know its called social engineering.

What I cant figure is how a person can send you his or her username + his or her password, and NOT SMELL A RAT. are there real people that gullible?

Man, you should hear the heart breaking stories of the guys who fall for those Nigerian email scams:
"I am the lawyer to Daniel Moi and need to dispose of some assets....."

Check out this intricate scam using Gideon Moi's name: Dangerous Liaisons
And we thought it was only Nijas!

By the way, if you ever get one of those emails, don't just call it a scam and leave it at that. Have fun with the guy and follow instructions for a months while thinking of ingenious ways to thread them:
"Why not come visit me at my ranch in the middle of the Maasai Mara, I own 5,000 wildebeest!!"
This pays of as they spent quite some money when they think they have a wired 'Mark". Give them phone numbers etc. Even open a cheap bank account and give them details (Including a fake bank statement)
Then have a laugh for a whole year.