Lyrics & Knowledge Personal Pages Record Shop Auction Links Radio & Media Kids Membership Help
The Mudcat Cafemuddy

Post to this Thread - Sort Descending - Printer Friendly - Home


Tech: Lock up your websites (phishing scam)

George Papavgeris 18 Oct 10 - 05:58 AM
Rob Naylor 18 Oct 10 - 06:05 AM
pavane 18 Oct 10 - 06:28 AM
pavane 18 Oct 10 - 06:29 AM
Mr Red 18 Oct 10 - 07:03 AM
Sugwash 18 Oct 10 - 07:10 AM
treewind 18 Oct 10 - 07:22 AM
Jack Campin 18 Oct 10 - 07:24 AM
pavane 18 Oct 10 - 09:15 AM
treewind 18 Oct 10 - 10:31 AM
Share Thread
more
Lyrics & Knowledge Search [Advanced]
DT  Forum
Sort (Forum) by:relevance date
DT Lyrics:





Subject: Tech: Lock up your websites (phishing scam)
From: George Papavgeris
Date: 18 Oct 10 - 05:58 AM

There have been warnings about this sort of scam before, and it is very common, but as ti touched me and our club's website today, it is worth noting at least for those among us who have their own website or operate one for a club etc.

Phone call on mobile.

"Can I speak to Mr Papavgeris?" - "Speaking".

"Blardy-blardy-blah, new replacement handset from your mobile phone provider, can I confirm that your postcode is XXYYZZ?" - "Actually no, it isn't".

"Can you please tell me the correct postcode?" - "The thing is, I KNOW the postcode you mentioned; where did you get this from?"

*click*...

The postcode mentioned by the Mumbay spiv is in fact the one for Herga Folk Club. And guess what - the only place on the internet where my mobile phone number appears is on Herga's website. You guessed it, on the same page is Herga's address with the postcode in question. Clearly some automated process is sweeping the net gathering such information (name + mobile phone + postcode) and verifying them as a preliminary to either getting further info or starting to build an identity picture.

It's hard trying to evade such searches. I just updated the website to include fullstops between the digits in an effort to confuse search algorithms. And we all know the technique of replacing @ and . with (at) and (dot) etc when stating email addresses. But let's be honest - such ruses could easily be bypassed by a computer-savvy 5 year-old. Yet one does need to give out contact information in such cases.

Do you know any better methods for disguising such information, yet still making it available for the genuinely interested humans visiting a website?


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Lock up your websites (phishing scam)
From: Rob Naylor
Date: 18 Oct 10 - 06:05 AM

One thing I've done in the past is to put my email address and phone humbers on sites as GIF or JPEG images...perfectly readable by a human being, but not clickable or harvestable (is that a word?) by a "bot".


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Lock up your websites (phishing scam)
From: pavane
Date: 18 Oct 10 - 06:28 AM

It can help if you use the HTML codes for numbers or characters instead of the characters themselves. This displays fine in the browser, but shows up in the HTML file only as something like neil (stands for "neil").

Note that there are some clever "harvesting" programs out there which, I am informed, can perform OCR on images.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Lock up your websites (phishing scam)
From: pavane
Date: 18 Oct 10 - 06:29 AM

Sorry, I forgot the HTML would convert the characters. I will try with embedded spaces.
& # 110 ; & # 101 ; & # 105 ; & # 108;


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Lock up your websites (phishing scam)
From: Mr Red
Date: 18 Oct 10 - 07:03 AM

Pavane
I have a webpage that will do it for you. (In JavaScript- which is usually ON).
copy & paste the result. Spaces are allowed - there is a typo that I will correct tonight.

PS the URL in the hyperlink above was written with hashcodes so if Mudcat doesn't convert them, the scammers may not find the page - we can hope.



&



Don't forget the old phone scam - "You owe BT £XXX and we can cut you off, ring out in a minute and see if we can't" "then give us your credit card details"

they hold the call - of course.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Lock up your websites (phishing scam)
From: Sugwash
Date: 18 Oct 10 - 07:10 AM

I use this site clicky to encrypt email addresses. It's free and it works. You do have fairly web savvy to use it though as the resulting script needs to be pasted within the code of your website rather than through a wysiwyg user interface.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Lock up your websites (phishing scam)
From: treewind
Date: 18 Oct 10 - 07:22 AM

I've started using a simple PHP function to mangle email addresses into the #&64; style codes on mailto: links when I'm creating web pages for other people. As far as my own email is concerned, it's all over the net already and there's no point in trying to protect it.

I make a point of not publishing my postal address on the web - I think that's a more serious security risk.

My home and mobile phone numbers have been public property for years with no discernible ill effect.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Lock up your websites (phishing scam)
From: Jack Campin
Date: 18 Oct 10 - 07:24 AM

I don't think it's worth doing anything.

If they're calling your mobile it's costing them real money. This is not like email spamming, which is essentially free. So it's not likely to catch on widely.

Maybe you could add a few extra contact numbers which no human would ever call and which lead to premium-rate numbers in Russia or the Falklands.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Lock up your websites (phishing scam)
From: pavane
Date: 18 Oct 10 - 09:15 AM

Of course, as soon as someone sends you a mail, especially if they include a cc, it will be in their address book and vulnerable to those viruses which send emails without you knowing.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Lock up your websites (phishing scam)
From: treewind
Date: 18 Oct 10 - 10:31 AM

I don't think it's worth doing anything.
Agreed, though I'll comply when doing someone else's site if they've heard of that trick and ask for it.
Actually in the long run,
<?php mailto("somebody@example.com"); ?> is easier than
<a href="mailto:somebody@example.com">somebody@example.com</a>


Post - Top - Home - Printer Friendly - Translate
  Share Thread:
More...

Reply to Thread
Subject:  Help
From:
Preview   Automatic Linebreaks   Make a link ("blue clicky")


Mudcat time: 18 July 6:58 PM EDT

[ Home ]

All original material is copyright © 1998 by the Mudcat Café Music Foundation, Inc. All photos, music, images, etc. are copyright © by their rightful owners. Every effort is taken to attribute appropriate copyright to images, content, music, etc. We are not a copyright resource.