advertisement
Looking for something on the site? Search for it here! Also see Clark's Greatest Hits

Apr 17, 2008 -- Whaling ups the phishing ante

RIP-OFF ALERT: You've heard of phishing, right? That's where you get those scam e-mails purporting to be from your bank or other financial institution. Now there's a new phenomenon called "whaling." According to CNET.com, top corporate executives and business owners have been getting e-mails alerting them to a bogus U.S. District Court subpoena. When you click on the link in the e-mail, you're taken to what looks like a real subpoena. But it's not, and it loads a key-logger virus onto your computer. The key-logger captures all your account numbers and passwords, and it even alerts the criminals when you log on to your bank or brokerage account. The criminals then sign in, change your password and steal your money.

Phishing is targeted at the general public. But whaling only targets the big fish in corporate America or small business owners, hence the name. It's been estimated that 2,000 people have fallen prey so far to whaling. If you're among them, here's what you need to do: Run an anti-virus program on your computer to remove the key-logger. Clark has a couple of suggestions for spyware blockers that you might want to check out. Then change all your passwords at your bank or brokerage house.

Hear the podcast: Listen  |Download

Unfortunately, Clark won't be able to answer any questions submitted via commenting. If you have a question, please try posting it to our message boards.

Avg. rating: N/A

What others are saying

  • MagicJack
    My husband and I wanted to let you know that we really love the MagicJack. We use it at home for all long distance calls and used it on our Carribean cruise while on the ship. We haven't had any problems and would highly recommend it. I don't understand what the complaints are about.
    By Carole A. Norman @ 01/02/09 04:46:04 PMreport abuse
  • Ignore Magic Jack EULA "concern" below...
    Those with a vested interest to bash the Magic Jack (Vonage, Skype and/or other VoIP company staff perhaps?) have been trying to spread FUD (Fear, Uncertainty and Doubt) about it by using scare tactics about the Magic Jack EULA lately. No need to worry...

    This issue has already been hashed over ad nauseum, but the facts are not ONE single ad has EVER appeared to date!

    If they wanted to spy on us MJ users, they would include language to give them even more rights to monitor us (but they do not). There's been many tests run and it does not do anything at all underhanded. Yes, they track phone numbers you call. Duh! What phone company doesn't also do that?

    Don't fall for this latest effort to turn away folks who just want to save money on long distance bills. They must think this campaign is effective or they would not go to so much trouble.

    Oh, thank you for this heads up about whaling (not that I'm a whale myself).
    By MagicJackFan @ 11/20/08 03:54:16 AMreport abuse
  • Internet Crime
    Clark,
    you receive so many calls and comments regarding internet fraud... you HAVE to start advising people about the FBI's Internet Crime Complaint Center (IC3 - http://www.ic3.gov/). If they can't remember that... yo ucan link to it from the FBI homepage. I recently received an email from someone supposedly on Paypal asking me to use my verified account to transfer funds from the Ukraine to god-only-knows where. Yeah right. I'm no dummy, and I never replied. BUT, I did file a complaint with IC3!! I never suffered a loss, but I still reported it and it is being investigated by the FBI. I provided them with the original email AND the header information which lists where the message REALLY originated from. People can find the headers in Outlook by right-clicking the message and selecting "options." The headers can be found in the "internet headers" field. PLEASE start telling people about this organization. People are not powerless. IC3 has significantly more resources than any local Police Dept.
    By Kodiak @ 04/27/08 11:06:04 PMreport abuse
  • MagicJack
    Clark, I am using Magicjack as the result of your support. Could this info be true?? And if so, is Magicjack safe to use??

    MagicJack's EULA says it will spy on you and force you into arbitration
    Posted by Rob Beschizza, April 14, 2008 8:09 AM | permalink
    MagicJack, a cheapie $20-a-year internet phone service, comes with a shriveled and shaking devil EULA.
    "You also understand and agree that use of the magicJack device and Software will include advertisements and that these advertisements are necessary for the magicJack device to work ... Our computers may analyze the phone numbers you call in order to improve the relevance of the ads"
    ...

    Any claims, legal proceeding or litigation arising in connection with the magicJack device or Software will be resolved by binding arbitration ... in Palm Beach, Florida."


    Oh God, not Palm Beach!

    In short, it not only has one agree to ads with its paid-for system, but claims that the ads are necessary for it to work. It will also snoop on your calls to target ads more accurately, and has you sign away your legal right to take it to court if it defrauds or otherwise harms you. Delightful.

    Neither the EULA itself, nor any other privacy or legal information, can be easily found at its homepage. It's not even provided at the point of sale, where one enters credit card info, email and street addresses as such, so as to gain access to the service and have your MagicJack dongle delivered. I found the EULA's URL through Google.

    It gets sexier. When you access MajicJack's instant web help page, a bizarre series of "compatibility tests" take place first, reporting lies like "Your MagicJack is functioning properly" even if you don't have one installed.

    Even the "look how many people came for a free trial" counter on the homepage is a fake, a javascript applet that increments itself automatically:

    // the interval (ms) between new visitors
    var interval = Math.round(86400000/perday);

    As if targeted advertising, systematic privacy invasion and the signing away of your legal rights wasn't evil enough!

    [Thanks, Joseph!]
    By Bob @ 04/19/08 04:45:58 PMreport abuse
  • Computer Security, can NEVER exist.
    The Lavasoftusa.com link (AdAware) is good, BUT its also the most easily manipulated by rootkits if the attackers know you have it. AVG is free, and you get what you pay for. I use NOD32 and have for years, I have even as a DARE went to those "hacker" sites (they just fool people into thinking they are downloading pirated software and hacker tools, but you're the only one getting hacked!), "Adult" sites, and even went to URLs of phishing sites, and downloaded every attachment sent to my free email account. NOTHING got past it. Not bad for $39 your first year, $29 refills. can buy at newegg.com 2 years for $25 when its on sale (CD and jacket only, still full rights, just no book). I'd advise AGAINST the google toolbar, or ANY toolbar, especially for IE6 or below. Its best, if you care about security, to buy a new computer, and install NOD32 as well as a hardware-firewall router, and software router also. AND know you STILL arent safe. Read up on "proof of concepts" and "Blue pill". There are undetectable rootkits that exist even after a COMPLETE harddrive wipe and reinstallation of Windows. Yeah, I know, hard to believe. Blackhat Conferences, google it, read up :)
    By Vissy @ 04/18/08 08:32:36 PMreport abuse
  • subpoena phishing scam
    I have read that this was a recent example of what they call a whaling attack – a phishing attack targeting executives in corporate offices like CEO’s, etc.. There have been many articles and blogs suggesting that this attack was especially sophisticated and difficult for spam filters to catch.


    Remember, that it is not legal to send a subpoena via email unless it has been agreed to by all parties. Also the URL for all U.S. federal courts is “courtname.uscourts.gov” and not
    “uscourts.com” as listed in the email. So beware of this and other sophisticated phishing attacks. The Abaca Email Protection Gateway (www.abaca.com) service was the only service I know that quarantined these emails.
    By victor louis @ 04/18/08 02:42:51 AMreport abuse
  • Info.
    When people who not pay for service, the person should request a criminal Charge. Ga. Code 16-8-5 Theft of service. That will make them pay. A civil issue will get them nothing.
    By Carson Tyler @ 04/17/08 06:59:26 PMreport abuse
send to a friend  view as printer-friendly  RSS feeds
advertisement
advertisement
THIS WEEK'S POLL
advertisement