The phishers are getting techincal...
This morning I got a phishing letter. Since it was not from my bank, I almost deleted it without looking, and then this caught my eye:
You are receiving this message, due to you protection, Our Online Technical Security Service Foreign IP Spy recently detected that your online account was recently logged on from am 220.127.116.11 without am International Access Code (I.A.C) and from an unregistered computer, which was not verified by the Our Online Service Department.
Now, besides the bad English, which I will not take time to correct, the IP address jumped out at me and caught my attention and I had two immediate thoughts.
First, my thought was, as a normal Joe User, where is 18.104.22.168 and what does it mean I was logged in from there. That does not look like a street address. As an end user, I do not care what an IP address is (frankly, I do not care that I have one, much less know what it is), so does putting it in a phishing scheme make the email seem more legitimate? I would not think so, but then I have not bothered to study the science too closely.
But what intrigued me more, especially as a network engineer was that the 88 supernet, where ever it might be allocated, cannot possibly be exposing itself to the Internet, can it? And certainly not down to the host level? I cannot think of any major (or minor) corporation or ISP that does not do some form of address translation anymore, so how would I, as an end user, even know I was “logged on” from that IP address even if I was? My IP address is 10.x.x.x or 192.x.x.x or some other non-routable address. I would have no clue what IP address I am ultimately presenting to the outside world, so even if the letter was “legitimate,” giving me the IP address is pointless. Better to say I had logged on from a bistro in France.
But of course, that would defeat the purpose, and the purpose here is to scam you into clicking that little blue hyperlink and typing in your user name and password for the bad guys to get. The Internet never was the domain of fools but it has gotten more dangerous and less safe every day. Caveat emptor and lasciate ogni speranza voi ch'entrate (that’s Dante…)
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- Client-Side Performance
- Tibbo Technology's Tibbo Project System
- Sony Settles in Linux Battle
- Peppermint 7 Released
- Libarchive Security Flaw Discovered
- Maru OS Brings Debian to Your Phone
- The Giant Zero, Part 0.x
- Profiles and RC Files
- Git 2.9 Released
With all the industry talk about the benefits of Linux on Power and all the performance advantages offered by its open architecture, you may be considering a move in that direction. If you are thinking about analytics, big data and cloud computing, you would be right to evaluate Power. The idea of using commodity x86 hardware and replacing it every three years is an outdated cost model. It doesn’t consider the total cost of ownership, and it doesn’t consider the advantage of real processing power, high-availability and multithreading like a demon.
This ebook takes a look at some of the practical applications of the Linux on Power platform and ways you might bring all the performance power of this open architecture to bear for your organization. There are no smoke and mirrors here—just hard, cold, empirical evidence provided by independent sources. I also consider some innovative ways Linux on Power will be used in the future.Get the Guide