9 Types of Phishing Scams

There are 9 different types of Phishing attacks. How would you recognize a Phishing Scam? How do you know if you've been phished by a scammer and how to protect yourself from one.

Scamsters often try to convince you that they're authentic, respectable, important persons of the society. So let me ask you a question, Name some professions who get respect and adulation from their fellow citizens? 

First Doctor, A doctor is seen as a healer, a life giver and hence people associate many of their positive feelings towards a doctor. Maybe he once saved you or your near one, hence your gratitude gets attached to any doctor you see. He/She might ask for your passwords and you'll happily divulge your web accounts passwords. Another is an Astronaut but since the probability of an astronaut mailing you is excruciatingly low, we'll leave them aside. 

Another profession is a corporate big shot. The directors, chairmen etc are the people who sign your paychecks (Most of you), also a tinge of adulation comes from the fact that they've probably worked a lot and hence have reached at such a position. So, It is actually overwhelming that a corporate big shot actually mailed you something. So you'll be tempted to look for once.

Types of Phishing Scams

There are actually 9 Types of Phishing Scams

1. The Corrie Wright Scam

2. The Scam Victim Compensation Scam

3. Loner Loaner Phishers.

4. The Plastic Money Phishers

5. The ‘Make 400$ in a week’ scam

6. The ‘Damsel in Distress’ Phishing Scam

7. The Phishing Attachment Scam

8. The Dishonest Banker Phishing

9. The Threatening phishing Scam

The Corrie Wright Scam

In this type of Phishing Scam, Corrie is a doctor (Corrie could be an overweight unemployed bald man sitting in front of a computer with a pack of nachos in his hands).

I chose Corrie because majority of phishing scams of this type had the name of Corrie in it.

Now she tells the story of how she got scammed and traveled to Nigeria for her compensation. She finally advises to contact Mr. Michael Craig to whom she gave 420$ for the paper works. It is ironic to note that Section 420 of Indian Penal Code deals with scams and Cheating.

The Scam Victim Compensation Scam

Here the Phisher would innocently offer a way out of scams by shoving your mouth with another phishing attempt. They often disguise themselves as senior official (A director in this case who does not have any work other than sending emails to thousands of people with UPPERCASE subjects) of some really famous bank or a financial institution, who say that they have your file with them. 

Now they will claim that you have been scammed already and they’re here to help you get your compensation back. A dishonest person would think, “Wait! I was not scammed!” But “Sc** it! I’ll receive compensation, which means lots and lots of money!” 

Now, I’ll request you to read through the message first, find out the director’s name then come back to this page.

So be honest and think, “Why would a director of a company offer me compensation by putting the message subject in UPPERCASE? I’ll find out if the director is legal.” and then you’ll find the truth about the director. The director is a reputable figure Mr. Hikmet Ersek and his name nowhere resembles Mr. Mark James as given in the email.

Loner Loaner Phishers.

Phishing Loansters are another breed of scammers that scam you with loans with irresistible interest rates. But as usual, you need to pay some processing fees to make it happen. More than often your loans get rejected and you're left cursing.

The Plastic Money Phishers

They’ll offer you credit cards and an offer to save thousands of rupees. It is usually aimed at the mathematically challenged.

The ‘Make 400$ in a week’ scam

One of the most famous and intricate web scam is the make 2000$ or 4000$ per week scam. You'll encounter several testimonials from people who "used" the system and "got rich in a week”. The Website boasts of making you rich in a week. However, more daunting is the attempt from these websites to legalize the mail by adding a small Para at the end of the mail. 

It subsequently explains the readers that the mail was sent in compliance of a law or a bill and is in no way an infraction of the law. 

In this message there are two things wrong; 

• First, a bill is not a law, (It can be called as a draft as it has not been implemented) 

• Second, Spammers never provide actual email addresses/Names/Numbers etc so that you could unsubscribe.

They use the fact that people often don't check if the email was authentic or if the websites were certified. But, when many have used the law card, some often use the god card, i.e. some small phrases in the email like "God Bless us all" or "God bless you" etc. This is said to attach spiritual emotions filled with a theists' adulation. 

Some often use the confidentiality notice which essentially states that the mails between you and the party are confidential and should not be divulged to anyone. This tries to cement your understanding that the mail was authentic.

In short they'll use anything and everything to make sure you read and respond.

The ‘Damsel in Distress’ Phishing Scam

This was instantly recognized as a scam. However for the sake of this article, Reply was provided. They reply was to be short and sweet with a touch of interest and indifference. But to the two words I gave, the Phisher bombarded me with a 1600 worded essay delving into a girl’s heart breaking story. 

The scammer tries to include information based on real world events to fortify its lie. 

Phishing Attachment Scam

It is said that playing with fire will only burn you. On the search towards phishing and email scams, I burnt my hands too. The following message was delivered to my personal mail address, which never happened before.

Attaching a message/letter to an email actually lessens its chances to be read by any email provider’s filter. This sends the email directly into the inbox rather than your spam box thereby increasing the credibility of the mail.

The following mail was attached as a docx file. I’m sure, Gmail servers could not read through a docx file as it was delivered straight to the inbox.

The Dishonest Banker Phishing

There is always one banker who holds millions in his pocket but still wants to share it with you. The banker’s customer died without declaring a next of kin. Now the banker is interested in gulping down the money but instead wants you to pose as a beneficiary and get 50 % of the money.

The Threatening phishing Scam

You’ll be mailed by an authority,( Could be a policeman, toll booth, mail account provider etc) You’ll be threatened to do what they want or your services will be terminated immediately.

The Phisher Below did not provide me with a link, or else we could have gone further.

Related Reading,

You can read all about The Simple Steps to stay safe Online.

Find out about How Passwords are stored on Websites

Download Complete Report

Now you can download the Complete 23 Page Official Report on Different Types of Phishing Techniques.
You can also download the Funny Version of the Official Phishing Techniques Report, where we make fun of the phishers and their useless attempts at scamming people.

This was all about,

Read More

All about Phishing and Phishers

Have you ever encountered a mail saying you've just won a $#insert huge sum here# lottery? 

Or wondered why does the mail address looks suspicious? Such are just a glimpse into the evil machinations of a scammer that uses his online prowess and apparently your lack of, to scam you of your privacy and your money.

What is Phishing?

First comes the definition, Phishing is basically an attempt at finding personal and sensitive information about you. Such information if divulged can lead to compromised accounts and a lot of grief at the end. 

Where Does Phishing Occur?

'Phishing Nets' (Coined by codemakit) is the place from which the scammer starts getting your attention. Most common Phishing nets (in Order of preference of scamsters) is 

1. Email: The most common Phishing location. You can check if your mail is authentic or not (Too many Phishes out here)

2. Social Networks: By posting malicious links at Facebook, Twitter etc. You can check these too (Talking Phishes out here)

3. Websites: By hosting malicious Websites that let you fill forms thereby phishing for your personal information. You can check for Website Certifications (Fake Phishes around here).

What do Phishers want?

The Phishers want your personal information, everything from your email address (Which they can spam later) to your name, address, credit card information etc. (Though, I've given a few tips to protect yourself from divulging your passwords) Once they have enough information about you they can move on towards monetary pleasures. Meaning? They'll use your information against you. For an example, one of the most common phishing nets are Emails and the most common Phishing Practices include being a bank representative. They will probably tell you, that they're from a reputed bank and have your file with them. 

They’ll throw in a few informative pieces of information gathered from you before to let you believe they actually have an official file on you. Then they'll frighten you by stating that you're password is about to expire and if you do not send the required information, your account will be blocked. Once you send the information you can safely say goodbye to all your hard earned income.

The Types of Phishing Techniques

There are 4 different types of Phishing.

1. The good old Bland Phishing

They just send out millions of spams to every email address they could think of and wait if anyone gets caught in their Phishing net and replies.

2. Spear Phishing

As the name suggests, This technique is usually adopted by Phishers holding extraordinary grudges against some specific person. Which might be their second grade class teacher or a college professor who dropped him or a show-off neighbor who can't keep his dog quiet at night. The Phishers gain personal information about the particular person (Sometimes he/she already knows). Once they have the information, they'll use it in the way given above to scam you of your money.

3. Whaling

Again as the name suggests, Whaling includes phishing for a whale, i.e. a really big corporate honcho or just another person with a lot of green in their reserves. The victims can also be big shot executives who actually hold the rein to the security of their companies' databases. A successful whaling attempt can lead to divulging of company database passwords or the database itself, thus opening the door to countless other phishing attempts. No amount of extreme techniques to store your passwords will keep them safe unless you're willing to save the information from falling into the hands of cunning phishers.

4. Clone Phishing

This is a relatively new technique, where the Phishers create a mail that is really similar to the ones sent by authentic sources. For example, a bank website sending promotional emails are often copied and modified. Then, the modified email containing everything will be sent to the victim. All but one change, the links in the email will be changed so that the user is redirected to the scammers’ website where the user will give its Username and password to login. Only realizing minutes later that he/she was scammed.

Phishing Terms (codemakit)

Phishing: You already Know it.

Phishing Net: The place where Phishing Starts. (Email, Social Networks, Websites)

Phishers: Scammers who phish for your information

Phisheries: Shady places (might be in Nigeria) where scammers often sit in front of computers wearing an overcoat and dark glasses (Bazinga!). These are the places from where they send/create scam.

Related Reading,

You can read all about The Simple Steps to stay safe Online.
Find out about How Passwords are stored on Websites

Download Complete Report

Now you can download the Complete 23 Page Official Report on Different Types of Phishing Techniques.
You can also download the Funny Version of the Official Phishing Techniques Report, where we make fun of the phishers and their useless attempts at scamming people.

This gave you an introduction into

Read More

Add RSS Feeds to Outlook Mailbox

The professionals working at offices often get bored out of their wits at the end. What do they do? The computer issued to them often blocks a plethora of websites (Though some even help you in your work) that could provide a shred of decent, entertaining break they deserve. But, what if you could use your office issued technology to your advantage? 

When you could not open a website at your workstation (Simply because it is blocked), You can use your office issued email to access the content that has been kept away from you. For that you need your office issued mailbox. There are two very simple ways of accessing content that has been denied to you. 

The First Way

First, Subscribe. A lot of offices with a comparatively lenient IT department allow you to receive email subscriptions on your office mail.

However, If that is not the case, You should move to the second way which albeit interesting is a bit convoluted.

The Second Way

First find your personal folder in the mailbox, as depicted in the image below.
The folder will be named "RSS Feeds"

Now right click on the folder and select "Add a new RSS Feed"

You'll be presented with a simple window asking you to provide the feed details. (It is here when the RSS feed becomes really important. For more information on RSS feeds for any website or How to find the RSS Feed of a website, you could read some of codemakit previous articles.

Now after authenticating the RSS feed, just click enter and you're good to go.

After this, any new content on the website will be available instantly, as RSS feeds to your inbox. Let us assume, the Safety conscious IT guys do not know about our little arrangement.

This Showed about,

Read More

Simple Steps to stay safe online

With the advent and increased participation in hacking and phishing attempts, one must be sure to be safe. A busy blogger (obviously not a potato blogger) or a workaholic designer or an innocent professional who thinks that the web is safe enough is obviously and blatantly mistaken. The terms Online Privacy, cookies and IPs are being popular day by day. Staysafeonline.org celebrates world privacy day on 28th January too. So one must learn to retain their information and stop it from falling into the hands of bad guys. What do you do? Obviously a request on your Facebook page or personal blog will not deter the shady guys wearing a sly grin. (Notably this actually worked against spammers at codemakit when they were informed about Nofollow attribute.. digress..). So one must employ a better and sometimes more sophisticated way of hiding your personal data.

Why do we need to hide our data?

The answer can be very well explained to you through a rhetorical question. "Why do you keep your bank passbooks and checkbooks safely? Or why do you keep your credit cards, super safe?" Simply because there are chances of such things being misused and in most cases against you!

Let us take a really simple case, many people use their middle names or nick names or their combinations as passwords, a quick look by a cyber criminal on your Facebook/twitter page will reveal phenomenal details about you. A cyber criminal with a grudge against you (Now that's something you would not want) will skim through social networking sites and try accessing your email account through such passwords, eventually if he/she gets through, you will have a lot to worry about, as most online accounts have a facility of resetting passwords

The criminal can go to your account enter your email address and click "Forgot password". Now the website on receiving such request will innocently reset the password and send a new one to your mail. Only catch is that the cyber criminal has access to your email address. He/she can wreak all kinds of havoc on your life by messing with your online persona. Usually the popular ones include accessing your social network and posting a vulgar video or an obscene picture or a hilarious yet defaming comment about yourself like "I am coming out of the closet now!" or some other less subtle messages. But the ones which do not make the headlines are the sudden loss of a large amount of money from a bank account. Even less reported are the cases of Blackmail.

The Steps for staying safe online

In Order to Avoid hassles and to stay super safe, outlined are a few steps that your must follow to keep yourself safe online. remember better safe than sorry! So lets go through the process once.

Take Charge of your Accounts and Email

1. Keep your accounts close!

You might have many accounts at various websites, but do you know how to keep them safe. How to prevent your login information from a previous article where some offline methods are discussed to store your Usernames and Passwords.

2. But your Email closer!

First and foremost just as the above example depicted, You must first take control of your email. Conventional emails offer simple username password security out of which username is always known to people. You just rely on your password to keep your account safe. The password might be really long and extremely convoluted but in the end it is just a combination of characters (You would be shocked if you find how simply websites store usernames and passwords).

If you are using Gmail (If you're not See a complete list of features of Gmail) kindly opt for Google's two step protection. You will have to provide your mobile number for the same and if you're logging-in from an unknown computer, you will receive a code from Google as a text message which forms the second step of protection. Without entering the code you cannot go further. Some email service providers also provide an arrangement for two passwords, which is not as effective as Google but it does the job doesn't it?

3. Use Disposable/temporary email

Sometimes people need to provide email address for web content. Websites are often found begging and sometimes strutting while asking for your email address. In simple words, I have an eBook, You have an email address, lets exchange! (codemakit too asks for email address for its SEO and Content Guide ebook) but don't get us wrong. there is an inherent theory behind asking email addresses, Often websites with quality content are targeted by their competitors who employ hackers/helpers in large numbers to harm the website. An email authentication or just the provision of an email often helps curb this menance. But if you do not want to give your personal email address to a website you do not trust, you can either check out the website certifications, you can use a temporary one. here is a list of

Temporary mail providers

1. Guerrilla Mail is know to scramble the address too. It Updates the inbox in every 10 seconds and exists for about 12-15 minutes after which it vanishes.

2. The 10 minute mail obviously exists for 10 minutes and then disapears. Until then you will recieve mails to your temporary inbox.

3. Get airmail has one blatant advantage over every one of its competitors, there is no time-limit to your inbox. The mail will remain valid indefinitely until and unless you close your browser.

4. Yop mail is one of the most trusted providers among its competitors. You can even name your own email which would look more authentic than a bunch of randomly generated numbers.

But websites have their own ways to check. so sometimes the method does not work (maybe 5-10%) If you do not want such hassles of visiting the site again or creating a new one every time you need something, It is better You create a permanent mail which will hold all your junk emails. This mail must have really simple username with an even simpler password which can be recalled any time you need. Even if it is hacked, It will be the hacker's loss and not yours.

Take Charge of your Browser

There are cases when you need to employ security tactics at the root of internet surfing, i.e. the browser, It is the application which actually transforms your request and returns with a webpage. So, how fo you safeguard your browser?

1. Delete your traces

Firstly, your browsing history, stored cookies, passwords(important ones), and other information that the browser has stored for your luxury; in one word; DELETE. The above elements stored ina  browser are one of the richest source of information about you. Your cookies, browsing history tell a lot more that you could ever tell in a day. Also remember to disable chrome autofill settings. A regular deletion of such information will provide you an assurance of "My browser has nothing you can steal, (The Mojojojo Laugh)". 

2. Browse Incognito

Secondly If you're really cautious, You must operate your browser in the famed incognito mode. Nearly every browser offers an incognito mode where none of your personal data or browsing activity will be stored in the computer. So you don't have to come back and delete the stuff again. Usually the incognito mode(as Google Chrome Calls it) can be found in almost all browsers and can be activated by a shortcut key combination. Here are the list of browsers and Shortcut key combinations.

	Browser	Method
	Google Chrome	CTR + N
	Mozilla Firefox	CTR + SHIFT + P
	Internet Explorer	CTR + SHIFT + P
	Safari	Settings - Private Browsing
	Opera	CTR + SHIFT + N

3. Virtual Private Settings

You Can even surf cautiously. For places where you cannot afford to make a mistake, you can use a proxy server, where you hide yourself and then browse it is comparable to wearing an armor and going to war.

Geeks are often known to use VPN or Virtual private networks, a discussion of these methods is beyond the scope of the article. However you may find information at PCWorld or at Howtogeek. Information on IP Masking can be found at whatismyipaddress.

And Finally, Surf Safe

Another thing you can do to prevent your information from falling into the hands of smirking black hats is by setting your privacy policy at the other end, i.e. the websites you use like facebook, quora, twitter (list would have stopped at 5 miles). Go there, click on settings and find out privacy settings. Change them to your personal accord. Just five minutes once is enough to spare you the hassle of a lifetime. More the methods you employ, the safer you feel, the next time you surf on a website.

Note. If missed a step or if you know any better method, just post it in the comments section.

Do you feel safe now?

Read More

Tips to protect yourself from divulging your web account's passwords

How can you protect yourself from giving out your passwords? Here are simple points for protecting yourself from divulging your passwords. 

For any webmaster, there will be scores of usernames and passwords which must be kept as secret as possible. Though unintentional, but a leak is a leak and can be very disruptive if not handled carefully. There are hackers looming nearby, You could be the next target.

Here are some tips to keep yourself protected at all times. It is the small things that matter the most. The following are the tips 

1. Never use the default password given by the website itself, always change it whenever you get the time.
2. Also when you ask for a password reset, always change the password once its done. Do you know how passwords are actually stored on websites? Take a look.
3. Always keep your mail passwords with utmost privacy because once your mail password is divulged, anyone can reset your mail password or any website account password with just a click.
4. If you are a web personality or choose to live your life on the web, you would obviously be burdened with the task of storing the passwords somewhere. Never make the mistake of storing it in a simple text file. Use simple but advanced measures (Take a look). So that even if your PC/Laptop is out of your reach, you'll be at peace.
5. Never give your password to any website or authority. Keep it in mind that no one should ever ask for your password, if they do they’re not authentic.
6. When in a café, Hotel, Restaurant etc. with an unsafe Wi-Fi, never open up any of your important mail or website accounts like your bank accounts.
7. Never use the same password and username for every account but use a single password with slight modifications for each website account, Eg. Create a base password like 93110299, now for gmail the password might be 93110299gm, for your flight travel account, it might be 93110299ft or 93110299jet etc, this will save you the hassle to remember different passwords and thereby remove any need to write them down.

If you're still unsure or you need more information, You can have a look at some simple steps to stay safe online.

These were some

Read More

Copy and paste characters, that are not in your computer

Many people, sometimes encounter problems when typing and do not find a character for their writings,

This is especially the case with mathematicians and erudite scholars during research.

Though there are alternatives, like adobe fonts and so forth, but you cannot expect yourselves to be blessed with such software on every machine you sit on, So you'll need something more mobile, something that you can rely on.

Here's your solution, The website copypaste Characters is one of the most useful solution to such problems.

It is basically an internet application for copying and pasting characters that does not comes with the computer’s typefaces, to be pasted into emails, tweets, text documents, forums etc.

The website also allows you to create your own set of characters, Though you will have to sign-up with the website which is not a herculean task altogether.

According to the about page of the website, Copy Paste Character was developed in Stockholm, Sweden, by Konst; Teknik; Martin.

Here is a simple Flowchart about, how to operate the website.

Here is a video depicting the website,

This was all about

Read More

Create your own Online Newspaper in Minutes

Web enthusiasts are ever looking to publicise their creations on the web, Honestly, the higher number of pages owned by you and better the networking between them, search engines will rank you better than your competitors. Here is one way for it, start an online newspaper. But, problems do exist. Usually online newspapers have scores of people working on storeis and articles, Also, there' all professionals and you're not even a writer. 'paper.li' has started a web service which allows user to basically rob the prevailing online newspapers of their article and puts forward a newspaper with your creation's name on it.

Though technically, robbing would mean taking someone's content so that they cannot host, but since this is not happening so the 'do it right' people can relax.

The first step starts with going to the website,

Once you've authorized through some way, either facebook or twitter,

You'll be redirected to find content for your paper.

Find out users or websites with twitter accounts, sharing the same interest with you. Please remember to include your website's twitter page with them.

Once you're happy with you're selections, you can publish it on the web.

You're page once published will look like this.

http://paper.li/codemakit/1345891815#

You can even change the settings to personalize your newspaper.

The team behind paper.li strongly believe that publishing is strictly individual business.

In there own words, "We believe that people (and not machines) are the ones qualified to curate the content that matters most. We also think that these same people can greatly help their own communities to find their way through this “massive content world” we live in. We’re here to help!"

This was about,

Read More

Determine if your mail is authentic or not

When working on a blog and marketing it, Many a times you have to give an email address to avail some benefits. Now mostly you can be assured, that your email will not come out in public. But, this might not be true for every website. Because huge number of online players are willing to give you anything to get a list of few names with their email addresses interested in a particular topic.

So you may find your inbox filled with huge number of spam mails. Just because you gave your email to a website and for your generosity, the website in turn sold your email to spammers. Google's and yahoo's fine spam filtering skills might help a lot by transfering spam to your spam box. But, that is valid upto a point. Spammers have devised new an improved techniques for phishing and fraud using spam mails as a medium.
What should you do in order to determine which mail is valid and authentic. Here are some simple steps to do so.

For an example,
I recieved an email, a while ago, about facebook. Now gmail was very smart to understand the move and mark it as a spam. Here is the mail.

The mail looks a lot like Facebook alert email, but for preliminary examinations, just look at the sender's address. There is no Facebook domain (First Red Flag). Next see the message text, "You may be asked to enter the confirmation code ...." Facebook alerts do not use the same language,(If you remember) So this was (Second Red Flag). Now just hover you mouse over the link, do not click it but just move it over the link. If you're using Chrome or firefox, you can easily see the actual link it is pointed to, no the link displayed,( A nice trick by the poor scammer), This will be (the Third Red Flag). If the mail satisfies all the requirements but you still have doubts, just follow the steps given below.

STEP I : First select the mail, you've had your doubts on. Open the doubted mail

STEP II : Click on the downward arrow button given at the top right hand corner of your mail box.

 

STEP III : After clicking on 'Show Original' button in the options given above, You will be greeted by the following screen with the complete transaction details.

STEP IV : Find out the IP address of the sender and copy it.

Now go to SendScore

STEP V : And paste the ip address in the space provided. Now click on 'Go' and the website will analyze and give you a report almost instantly in addition to an idea about the authenticity of the website.

 However you can be sure of a website if it has been certified, by leading experts.

After seeing the report, now you can be sure, what should be done with the email.

 

This post gave you an insight on ways to

Read More

How to create a form using Google docs?

Google docs has always enjoyed a huge consumer base. The reason for such success is always attributed to the versatility and the ease through which a normal end user can perform his tasks through Google Docs.

Google’s entry into enterprise computing began nearly six years ago with the launch of Apps for Your Domain, now known as Google Apps. Since then Google has offered the product for free to businesses, and educational institutions. 

 

According to Wikipedia "Google Docs is a free, Web-based office suite and data storage service offered by Google. It allows users to create and edit documents online while collaborating in real-time with other users."

Google Docs have many advantages, (Discussed Earlier). Though the following article is about creating a form, You can always create different documents through Google docs.

We will learn, How to create a form using Google Docs?

Here we'll learn by example.
Here is an example on the use of Google Docs to create a Research paper review form.
Firstly go to https://docs.google.com/

1. Click on the Create button on the top left section of the page.
Click on form.

2. You will be redirected to a screen, whose portion looks like this.

 

In the Question Title, Write down the question which you would like to ask.
In the Help Text, Write down some text, which would be helpful in understanding the question.
The third Option, i.e. Question type gives you a variety of options to choose from, Ranging from text, multiple choice, Check boxes etc.

3. After you've entered a few questions, and you're happy about it. The form will look like this

 

4. Once this is over, chose a theme from the top left corner.
The answers to your form sent over to your friends or colleagues, will be stored in a Google spreadsheet, which may look like this.

5. Again if you are not sure with the final result, you can always come back and edit your form.

 

6. Once everything is finalized, You will receive a link to your form, from Google.

So you don't have to worry, where did your form went, after you've closed your browser.

  

From there you may select some recipients to your form

Just type in their email addresses and click on send.

If you are still unclear at some point, Here is a Video depicting the previous steps, with helpful subtitles

This is an awesome way of getting information through web based surveys and marketing studies. You can even embed the form in your site, which will be discussed later.

Now you know

Read More