Anatomy of a Phishing Scam

 Security, Tech Meme  No Responses »
Jan 222012
 

Today I received an e-mail which made it past Google’s Junk E-mail protection.  It was sent from “Gmail Team” and titled “Google Verification”.  As I’ve had to do site verifications for Analytics and Webmaster tools, I took a look at the e-mail.

Within half a microsecond, I decided to compose this quick “Tech Meme”, breaking down all the tell tale signs of a Phishing attempt.  As far as they go, this one was pretty poor – but could still trip up some unfortunate folks.

Firstly, what is Phishing?

According to Wikipedia:

Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.

Does my e-mail constitute a Phishing attempt?  Check it out and see what you think.  Here’s the complete message:

image

So let’s break it down:

1. The “From“ Address

Although this e-mail was sent from a “@gmail.com” address (although most official Google E-mail is sent from @google.com), clearly the folks at Google would have a better reply-to email address than “customerservice.verifyinfor”

2. No Branding/Google “look and feel”. 

Although some authentic e-mails from Google are sent in a basic format, even they carry some kind of corporate signature, like the following:

“© 2011 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043”

Microsoft usually applies style sheets to their emails, most of the major banks do too.  If you receive an e-mail which doesn’t look or feel right (fonts, colours, lack of legalese in the footer), chances are it’s not an authentic e-mail.

3. Nature of the request

There’s just no way that Google (or any other large company) will ever expect end users to fill out details in text like this.  In fact, no big company or financial should ever contact their customers this way and request private information.

Even if they did, it would be horrible to import into their systems, and it would be very hard to validate the input text.

4. Grammar and spelling mistakes. 

Even in this age of decaying English, most big companies tend to proof read their e-mail text.  This email isn’t too bad for a phishing scam, but you likely won’t find these kind of mistakes in legitimate e-mails.image

Lastly, if you read this e-mail and thought “isn’t this information already located at accounts.google.com?” you’d be correct. 

Why would a company re-request this information?  You’ve already supplied your account and password when you logged into your account, your year of birth doesn’t change, and your name wouldn’t change that often either.

There’s a good chance you don’t remember the year you registered (and shouldn’t they be able to look it up?) and place of residency isn’t required.

Finally..

If you get an e-mail like this one from a bank, Microsoft, Apple or Google (or others like them) apply some simple logic before hitting reply.  As always please be careful with your personal information.

Your details should be as protected as your PIN number or bank account details.  Don’t give the information away freely.

R

 Posted by Rob at 8:10 am  Tagged with: Fake Email, Information, Phising

Lego Large Hadron Collider: ATLAS detector

 Tech Meme  No Responses »
Dec 252011
 

image

This is almost too cool for school – a Physicist at a university in Denmark has put together a scale replica of a part of CERN’s Large Hadron Collider – the ATLAS detector.

Apparently it took him 81 hours to recreate a 1:50 scale model of the detector, using Lego bricks.  How awesome is that?  I wonder how long it would take to build a model of the whole LHC?

[ http://www.geek.com/articles/geek-cetera/the-large-hadron-collider-has-been-recreated-in-lego-20111223/ ]

 Posted by Rob at 5:44 pm  Tagged with: Awesome, Lego

Did you forget to enable FILESTREAM during setup?

 Tech Meme  No Responses »
Dec 162011
 

What is FILESTREAM?

Much data is unstructured, such as text documents, images, and videos. This unstructured data is often stored outside the database, separate from its structured data. This separation can cause data management complexities. Or, if the data is associated with structured storage, the file streaming capabilities and performance can be limited.

FILESTREAM integrates the SQL Server Database Engine with an NTFS file system by storing varbinary(max) binary large object (BLOB) data as files on the file system. Transact-SQL statements can insert, update, query, search, and back up FILESTREAM data. Win32 file system interfaces provide streaming access to the data.

FILESTREAM uses the NT system cache for caching file data. This helps reduce any effect that FILESTREAM data might have on Database Engine performance. The SQL Server buffer pool is not used; therefore, this memory is available for query processing.

SQL Server 2008’s FILESTREAM support can be very handy, but often overlooked during installation.  It is disabled by default in the installer, but can be enabled at install time, and also post-installation.

Obviously, the easier option is to enable during installation, but if you missed it, the steps to enable are relatively straightforward.

Keep in mind that there are two areas you need to consider: SQL Server Configuration and SQL Server Management Studio – both are responsible for enabling Filestream, but for different reasons.

To enable and change FILESTREAM settings (from MSDN)

  1. On the Start menu, point to All Programs, point to Microsoft SQL Server 2008 R2, point to Configuration Tools, and then click SQL Server Configuration Manager.

  2. In the list of services, right-click SQL Server Services, and then click Open.

  3. In the SQL Server Configuration Manager snap-in, locate the instance of SQL Server on which you want to enable FILESTREAM.

  4. Right-click the instance, and then click Properties.

  5. In the SQL Server Properties dialog box, click the FILESTREAM tab.

  6. Select the Enable FILESTREAM for Transact-SQL access check box.

  7. If you want to read and write FILESTREAM data from Windows, click Enable FILESTREAM for file I/O streaming access. Enter the name of the Windows share in the Windows Share Name box.

  8. If remote clients must access the FILESTREAM data that is stored on this share, select Allow remote clients to have streaming access to FILESTREAM data.

  9. Click Apply.

  10. In SQL Server Management Studio, click New Query to display the Query Editor.

  11. In Query Editor, enter the following Transact-SQL code:

    Copy

    EXEC sp_configure filestream_access_level, 2
RECONFIGURE

  12. Click Execute.

Notes

The reason for the two locations (Configuration Manager and SQL Management Studio) is that FILESTREAM needs to be enabled at the network configuration level, and at the database engine level.  If you miss one or the other, Filestream will not be accessible or enabled!

Also note that you cannot enable FILESTREAM on a 32-bit version of SQL Server running on a 64-bit operating system.

Reference

http://msdn.microsoft.com/en-us/library/bb933993.aspx

http://msdn.microsoft.com/en-us/library/cc645923.aspx

 Posted by Rob at 6:08 am  Tagged with: FILESTREAM, SQL Server

Redundant UI

 Musings, Tech Meme  No Responses »
Dec 052011
 

I’m introducing a new category now – “Tech Meme” – which is going to be used more frequently for short, pithy articles usually highlighting something absurd, such as the following:

I was trying to install Server Virtualization templates for Visio, when I was prompted for PIA assemblies:

image

In a funny style, pressing either button achieves the same outcome – the update quits.  Seems a tad bit redundant asking me what I want to do then!

 Posted by Rob at 11:46 am  Tagged with: wtf

Aussie Wine Guy

Archives

© 2012 Rob Sanders: Sanders Technology Suffusion theme by Sayontan Sinha
WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera