Friday, July 23, 2010

example of apparent "Turkish" email sting (עוקץ) in the wild

You may be aware that there are recommendations to change your email (and other) passwords following a reported heist and broadcast by Turkish hackers of tens of thousands of email addresses and passwords of Israelis which took place after the Mavi Marmara flotilla event. There is also indication that if your email address(es) and password(s) is not on the list (which may or may not be available any longer on the net) you should act as though it(they) are not secure.

This morning, I received what appears to be a cry for help from a friend.

Perhaps I should have immediately called this person to verify if this was real or not. Instead, I responded which is not recommended since in sender details IP is exposed. However, I am sharing their responses which may offer further detail and may be of use to readers of this posting.

In any case, I report it here as a heads-up to other people, and hopefully the relevant authorities in Israel who should be reading this.

In retrospect, there are several giveaways or tells that might have alerted me but this was good enough to get me motivated to want to help my friend. In fact, there is another spoiler or two but I will not reveal them openly here.

I did call my friend after the last response and he established that he was locked out of his yahoo account and was about to send "real" warnings to the email addresses he remembers that were on his contact list. He also reported the lock out to yahoo.

I now report this here, leaving out names.

Heads Up!!!

Email exchange:

first email received:

urgent help needed

Hey!

I'm writing this with tears in my eyes,I came down here to London,England for a short vacation and i was mugged at gun point last night at the park of the hotel where i lodged all cash,credit cards and cell were stolen off me.

I've been to the embassy and the Police here but they're not helping issues at all,My flight leaves in less than 3hrs from now and am having problems settling the hotel bills.

The hotel manager won't let me leave until i settle the hotel bills now am freaked out.

I need your help.

Regards

------------------------------------

I answered:

Just saw your email. I trust if you don't reply, that you are on your way back.
If you can answer and you are still in UK, supply hotel name and manager's name
and telephone number and anything else that can help us help you.

------------------------------------

response:

[my name], i actually have limited time on the internet as the hotel manager has directed that the phone in my room be disconnected. all they want is for meto settle their bills. You can call him on this number +447045791223.i am so glad you replied back to my email. I have nothing left on me and I'm grateful to God that i still have my life and my passport.it would have been worst if they made away with my passport.$1,300 will cover all my expenses but i will appreciate whatsoever you can afford to wire right now, I promise to refund it to you as soon as I arrive home. You can wire it to my name from a western union outlet around. Here are the details you need to get it to me;

Name - [the person you know]
Location - 22 St. John Street London, EC1M 4AY United Kingdom

I still have my passport so I can use it as identification, e-mail me the transfer details and the confirmation number include the amount sent.
we shall talk when this is over.


------------------------------------

my answer:

Please tell me something that only you would know. So I can be sure it is you.

------------------------------------
response:

My wife's name is [her actual maiden name] she is a [profession] and am an [actual profession] .my abode is Canaan, Safed, Israel.[my name],it is me.....there's really no time to talk much...

------------------------------------
(end of email thread)

1 comment:

traintalk said...

update. Dan Shapiro in his blog posting of May 31, 2010 talks about a similar sting
http://www.danshapiro.com/blog/2010/05/hackers-targeting-jews/
But hold it - the boarding of the Mavi Marmarma took place on the same day as the post, May 31. The flotilla set out from near Cyprus the day before. So when were the hundred thousand plus email accounts hacked?