 sj |
||
|
||
Tech: Lock up your websites (phishing scam)
|
|
|
|||||||
|
Tech: Lock up your websites (phishing scam) |
Share Thread
|
||||||
|
Subject: RE: Tech: Lock up your websites (phishing scam) From: treewind Date: 18 Oct 10 - 10:31 AM I don't think it's worth doing anything. Agreed, though I'll comply when doing someone else's site if they've heard of that trick and ask for it. Actually in the long run, <?php mailto("somebody@example.com"); ?> is easier than <a href="mailto:somebody@example.com">somebody@example.com</a> |
|
Subject: RE: Tech: Lock up your websites (phishing scam) From: pavane Date: 18 Oct 10 - 09:15 AM Of course, as soon as someone sends you a mail, especially if they include a cc, it will be in their address book and vulnerable to those viruses which send emails without you knowing. |
|
Subject: RE: Tech: Lock up your websites (phishing scam) From: Jack Campin Date: 18 Oct 10 - 07:24 AM I don't think it's worth doing anything. If they're calling your mobile it's costing them real money. This is not like email spamming, which is essentially free. So it's not likely to catch on widely. Maybe you could add a few extra contact numbers which no human would ever call and which lead to premium-rate numbers in Russia or the Falklands. |
|
Subject: RE: Tech: Lock up your websites (phishing scam) From: treewind Date: 18 Oct 10 - 07:22 AM I've started using a simple PHP function to mangle email addresses into the #&64; style codes on mailto: links when I'm creating web pages for other people. As far as my own email is concerned, it's all over the net already and there's no point in trying to protect it. I make a point of not publishing my postal address on the web - I think that's a more serious security risk. My home and mobile phone numbers have been public property for years with no discernible ill effect. |
|
Subject: RE: Tech: Lock up your websites (phishing scam) From: Sugwash Date: 18 Oct 10 - 07:10 AM I use this site clicky to encrypt email addresses. It's free and it works. You do have fairly web savvy to use it though as the resulting script needs to be pasted within the code of your website rather than through a wysiwyg user interface. |
|
Subject: RE: Tech: Lock up your websites (phishing scam) From: Mr Red Date: 18 Oct 10 - 07:03 AM Pavane I have a webpage that will do it for you. (In JavaScript- which is usually ON). copy & paste the result. Spaces are allowed - there is a typo that I will correct tonight. PS the URL in the hyperlink above was written with hashcodes so if Mudcat doesn't convert them, the scammers may not find the page - we can hope. & Don't forget the old phone scam - "You owe BT £XXX and we can cut you off, ring out in a minute and see if we can't" "then give us your credit card details" they hold the call - of course. |
|
Subject: RE: Tech: Lock up your websites (phishing scam) From: pavane Date: 18 Oct 10 - 06:29 AM Sorry, I forgot the HTML would convert the characters. I will try with embedded spaces. & # 110 ; & # 101 ; & # 105 ; & # 108; |
|
Subject: RE: Tech: Lock up your websites (phishing scam) From: pavane Date: 18 Oct 10 - 06:28 AM It can help if you use the HTML codes for numbers or characters instead of the characters themselves. This displays fine in the browser, but shows up in the HTML file only as something like neil (stands for "neil"). Note that there are some clever "harvesting" programs out there which, I am informed, can perform OCR on images. |
|
Subject: RE: Tech: Lock up your websites (phishing scam) From: Rob Naylor Date: 18 Oct 10 - 06:05 AM One thing I've done in the past is to put my email address and phone humbers on sites as GIF or JPEG images...perfectly readable by a human being, but not clickable or harvestable (is that a word?) by a "bot". |
|
Subject: Tech: Lock up your websites (phishing scam) From: George Papavgeris Date: 18 Oct 10 - 05:58 AM There have been warnings about this sort of scam before, and it is very common, but as ti touched me and our club's website today, it is worth noting at least for those among us who have their own website or operate one for a club etc. Phone call on mobile. "Can I speak to Mr Papavgeris?" - "Speaking". "Blardy-blardy-blah, new replacement handset from your mobile phone provider, can I confirm that your postcode is XXYYZZ?" - "Actually no, it isn't". "Can you please tell me the correct postcode?" - "The thing is, I KNOW the postcode you mentioned; where did you get this from?" *click*... The postcode mentioned by the Mumbay spiv is in fact the one for Herga Folk Club. And guess what - the only place on the internet where my mobile phone number appears is on Herga's website. You guessed it, on the same page is Herga's address with the postcode in question. Clearly some automated process is sweeping the net gathering such information (name + mobile phone + postcode) and verifying them as a preliminary to either getting further info or starting to build an identity picture. It's hard trying to evade such searches. I just updated the website to include fullstops between the digits in an effort to confuse search algorithms. And we all know the technique of replacing @ and . with (at) and (dot) etc when stating email addresses. But let's be honest - such ruses could easily be bypassed by a computer-savvy 5 year-old. Yet one does need to give out contact information in such cases. Do you know any better methods for disguising such information, yet still making it available for the genuinely interested humans visiting a website? |
| Share Thread: |