Archive for the ‘scams’ Tag

How to Get Any Drug Package (Even if Compromised) Conclusion

Thursday, November 30th, 2017

How to Get Any Drug Package (Even if Compromised) Conclusion

These are all options that the investigator may take into consideration.

The U.S. Postal Inspection Service is the investigative arm of the U.S. Postal Service.

Postal inspectors are federal law enforcement officers who enforce over 200 federal laws in investigations of crime to include controlled substances.

Under U.S. Code 21, U.S. C841, 843, and 844, postal inspectors initiate investigations related to transportation and distribution of narcotics through the U.S. Mail or other postal facilities.

The U.S. Postal Inspection Service cooperates with local, state, and other federal law enforcement agencies in controlled substance operations.

These joint investigative efforts with local authorities are part of parcel interdiction groups around the country.

Read the rest of this entry »

The Phishing Guide Part 2 : Man-in-The-Middle

Saturday, June 17th, 2017

For a Phishing attack to be successful, it must use a number of methods to trick the customer into doing something with their server and/or supplied page content. There are an ever increasing number of ways to do this. The most common methods are explained in detail below, will include:

Man-in-the-middle Attacks

• URL Obfuscation Attacks

• Cross-site Scripting Attacks

• Preset Session Attacks

• Observing Customer Data

• Client-side Vulnerability Exploitation

I will go into more deatil about others in anouther post but today we are going to learn how to do Man-in-the-Middle attack

Man-in-the-middle Attacks One of the most successful vectors for gaining control of customer information and resources is through man-in-the-middle attacks. In this class of attack, the attacker situates themselves between the customer and the real web-based application, and proxies all communications between the systems. From this vantage point, the attacker can observe and record all transactions. This form of attack is successful for both HTTP and HTTPS communications. The customer connects to the attackers server as if it was the real site, while the attackers server makes a simultaneous connection to the real site. The attackers server then proxies all communications between the customer and the real web-based application server – typically in real-time. In the case of secure HTTPS communications, an SSL connection is established between the customer and the attackers proxy (hence the attackers system can record all traffic in an unencrypted state), while the attackers proxy creates its own SSL connection between itself and the real server.

Read the rest of this entry »

Scam Prevention: Money Laundering Phishing Scam

Friday, June 16th, 2017
Before I get started with the Money Laundering Phishing scam, first you must understand customer vigilance. Customers may take a number of steps to avoid becoming a victim of a phishing attack that involve inspecting content that is presented to them and questioning its authenticity. General vigilance  includes:

• If you get an email that warns you, with little or no notice, that an account of yours will be shut down unless you reconfirm billing information, do not reply or click on the link in the email. Instead, contact the company cited in the email using a telephone number or Web site address you know to be genuine.

• Never respond to HTML email with embedded submission forms. Any information submitted via the email (even if it is legitimate) will be sent in clear text and could be observed. • Avoid emailing personal and financial information. Before submitting financial information through a Web site, look for the “lock” icon on the browser’s status bar. It signals that your information is secure during transmission.

• For sites that indicate they are secure, review the SSL certificate that has been received and ensure that it has been issued by a trusted certificate authority. SSL certificate information can be obtained by double-clicking on the “lock” icon at the bottom of the browser, or by right-clicking on a page and selecting properties.

• Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.

Money Laundering Job Scams

Given the successes of phishing scams in obtaining personal financial information from their victims, Phishers have needed to develop follow-up scams in order to safely transfer stolen monies from the accounts and country. An increasingly popular method of accomplishing this is through fake job scams. For those not aware of what we are talking about here’s how these job scams work.

• The Phishers exploit a number of bank accounts via standard phishing attack vectors. • They then have a problem of getting the money out of them as most Internet banking facilities do not allow direct transfers to overseas accounts.

• A common way to avoid these restrictions is through job scams. Phishers offer these “jobs” via spam emails, fake job advertisements on real job websites or instant messaging spam.

Read the rest of this entry »