Category Archives: Social Networking

Readers Beware! — A particularly clever Phishing Attack


Now here’s a nifty little phishing attack that targeted me over a two-day period, and this one is both unique and, if you’re not careful, very effective.

On Monday my iPad informed me that I needed to log into my Apple ID account, which I attempted using my Apple ID and password.  That attempt was rewarded with an admonition, “This Apple ID has been locked for security reasons,” or something similar to that wording.  Apparently, someone attempted multiple logins with my Apple ID and an incorrect password, and Apple took the precaution of locking my account after too many such attempts.  I managed to log in my iPad using other contingencies employed by Apple.

It never occurred to me that the actual objective was not to break into my account, but rather to intentionally lock the account for the follow-up attack the next day.  Clever.

The next morning I received a security alert email from Apple advising me that my Apple ID account had been logged onto from an I.P. address from Indonesia.  Included in the email was a link to verify machines from which my account had recently been accessed.  I tapped the link and was taken to an HTTPS site with what appeared to be the Apple ID login page.  HTTPS normally means that you’re safe, right?  Well, not really.  It just means that the communications between your computer and that specific site are encrypted to discourage electronic “eavesdropping” of the conversation between the two computers.  Clever.

What I had failed to do was hover over the email link before clicking on it, which if I had would have revealed a bitsy URL link, meaning the real address was hidden behind a URL totally unrelated to Apple.  Not clever, but for some reason I fell for it.

At what appeared to be the Apple ID login screen I entered my Apple ID and password, but instead of being logged into my Apple ID account I was instead directed to another screen that asked for my name, address, and other information.  By now the phishing scum would have my Apple ID and the associated password, but I now was onto the game when the site also asked for credit card information, date of birth, Social Security Number (oh, come on now . . . really?), etc.

I immediately closed out that window, logged into my Apple ID account, and reset my password since I had just compromised my previous password.  I then reported as a phishing scam the offending email with the bogus link.

So, to recap, here’s how this rather ingenious phishing attack works using against Apple its requirement to pair the user’s Apple ID with a functioning email address:

  • Day 1:  The phisher obtains an email address and checks if that email address is linked to an existing Apple ID account
  • Once that link is established, the phisher intentionally makes numerous attempts to log into that Apple ID account until Apple freezes any further attempts
  • The account owner is now wary because, obviously, someone made multiple attempts to log into the account until it was locked; this sets up the user for the follow up email the next day
  • Day 2:  The phisher sends a “security warning” email that appears to be from Apple; the “warning” advises the account owner that his account has been logged into from a foreign I.P. address
  • The account owner then lets his suspicions from the previous day override his normal caution, and he “logs into” his Apple ID account through the bogus link supplied in the “security warning” email.
  • The phisher then captures the account owner’s password and, if the account owner continues to fall for the phishing attack, other even more critical personal information

This is by far the most sophisticated phishing attack I’ve yet seen, or at least it appears so to me because it’s the only one that’s ever duped me into revealing anything.  It’s an extremely fine piece of social engineering that uses a two-pronged con deliberately tailored to instill suspicion on Day 1 of the attack in order to override caution on Day 2 of the attack.

Do not fall for this attack.  Just because your Apple ID account was locked does not mean that the attacker managed to break in later.  Indeed, the chances are that he has not, and that your account is still secure.  Just report as a phishing scam the follow-up email and delete it.  If you’re paranoid after the initial Day 1 attack, just check your Apple ID account over the next several days and make sure you still have access.  If you do, the phisher has not taken over and changed your password to transfer to him control of your account.

Please help spread the word by linking this article to your friends and family members, as I suspect this is going to be the next big scam.

© 2017 R. Doug Wicker (RDougWicker.com)

Advertisements

Leave a comment

Filed under R. Doug Wicker, Social Networking, Technology/New Stuff

Election 2016 — A Call to Arms


I call it the NOTAP.  The NOTAP is the None Of The Above Party.  And I offer up as NOTAP’s first presidential candidate . . . well, we’ll get to that in a moment.

NOTAP’s primary platform is the ultimate delegitimization of the eventual winner of this year’s U.S. presidential election, and the abject humiliation of a two-party system that foisted these two candidates upon us.  That’s it.  One issue.  One objective.  Everything else at this point is secondary to that one goal.  E-v-e-r-y-t-h-i-n-g, whether we’re talking about abortion, guns, immigration, taxation, whatever; because none of any of those issued means one damned thing to anyone if we continue down this path.

Here’s what you can do:  Research your state’s voting laws.  See what candidates other than the Donald Trump or Hillary Clinton may be on the ballot.  For instance, there are 27 alternate parties on the ballot of several states, and various self-identified “Independent” or “Independence” parties on the ballot of fifteen states.

Here’s a rundown of just a few of the more prominent:  The Libertarian Party is on 33 ballots.  Twenty-one ballots will display the Green Party candidate.  The Constitution Party is on the ballots of thirteen states.  The Reform and the Working Families Party are each on four ballots, and the Progressive Party is on two.  There’s even an American Shopping Party on the ballot in Hawai’i this year, if shopping is your thing, but the candidate on that ballot is running for the U.S. Senate rather than president.  Anyway, you get the idea — there are other choices out there, choices that haven’t a prayer.  Hold your nose and pick one.  Any one.  Just pick.  If you have no alternative, and if your state does not allow a write-in (more on that in a moment), then I suggest you withhold your vote for either of the two other candidates unless either Donald Trump or Hillary Clinton truly appeals to you and you feel either of those candidates holds with the issues dearest to your heart.

In states that offer the alternative of a write-in, even if that write-in vote will not be tallied because of arbitrary and punitive regulation, I offer up one other choice, and that would be the self-appointed, first-ever nominee of the NOTAP — R. Doug Wicker.  No, this is not an ego trip.  I do not expect to garner any significant vote tally.  Indeed, if you have any other choice then I implore you to please pick it.

If you agree with this treatise, and if you desire to act based upon its proposals, please forward all this week’s articles to your social networking list.  The time to organize a true and effective protest is rapidly dwindling.

Monday:  Election 2016 — How the Hell Did We Get Here?

Tuesday:  Election 2016 — Why the Hell Did We Get Here?

Wednesday:  Election 2016 — Fixing This System Long Term

Thursday:  Election 2016 — But How Do We Fix This Year’s Mess?

Today:  Friday:  Election — A Call to Arms

4 Comments

Filed under Opinion Piece, R. Doug Wicker, Social Networking

Election 2016 — But How Do We Fix This Year’s Mess?


The short answer is, we can’t.  Barring a federal indictment, or someone being crushed to death in the tragic collapse of an enormous ego, or other unforeseen and unlikely circumstance, Donald Trump and Hillary Clinton are this year’s disastrous nominees.  Get used to the idea.  We can’t fix it . . . but we might, just might be able to mitigate the damage regardless of the outcome.

Why we can’t fix things this year:  Bernie Sanders and Donald Trump were right about one thing — the system is rigged, just not in the way they think it is.  It’s already too late to put a credible third-party candidate on the ballot in some states and impossible in many others; and, no, I don’t consider the Libertarian Party’s ticket a credible alternative (but that ticket just might be useful in mitigation, which we’ll get to shortly).

Why is it too late?

The Big Two get their nominees on the November ballot pretty much automatically.  The Big Two have seen to that.  But that’s not all they’ve managed to rig in their favor.  They’ve also made it pretty much impossible for an alternative to get on the ballot to spoil their monopoly.  An “independent” candidate (meaning not affiliated with either the Republican, Democrat, or other “state-recognized” parties) has to jump through innumerable obstacles to get on state ballots.  In order to accomplish that an independent would need to gather an estimated 900,000+ petition signatures in order to make the ballots in all fifty states.  Suppose our independent managed to meet that insurmountable hurdle?  Well, then the next hurdle is arbitrary “deadlines” set at the state level.  For instance, the deadline to submit for inclusion on the November ballot has already passed in several states, including here in Texas.  I find that interesting, considering that technically neither party has yet fielded an official candidate, and won’t until their respective conventions, yet the names Donald Trump and Hillary Clinton will be on the ballot of all fifty states despite these “deadlines” having passed.  Finally, the last hurdle is that several states want you to pay for the privilege of putting your name on their November ballot.  It may be easy for a state party to fork over a couple hundred to a thousand bucks to just one state for ballot access for the eventual nominee, but it’s unrealistic for anyone but the extremely wealthy to pay tribute to all the states that charge such a fee.  Outraged yet?  Read on.

What about write-in candidates?  Again, the system is rigged in favor of the Big Two.  Forty-three states allow for write-ins.  Of those, thirty-five of them require advance submission of the write-in, otherwise those votes will not even be tallied regardless of how many votes are cast for that individual.  That’s leads to the ludicrous possibility that a write-in candidate could conceivably garner 51% of the votes in one of those states, yet one of the other two “Big Two” party candidates would “win” all the electoral votes for that state.  Seven states flat-out deny you the basic right to write in the name of someone other than those who appear on those states’ ballots, which usually means you’re limited to two, perhaps three choices as arbitrarily decided by the state (i.e., “The Big Two”).  The states on that wall of shame are Arkansas, Hawaii, Louisiana, Mississippi, Nevada, Oklahoma, and South Dakota.  Only eight states in the entire country honor their law-abiding, taxpaying citizens enough to allow them true freedom of choice in a presidential election —Alabama, Delaware, Iowa, New Hampshire, New Jersey, Oregon, Vermont, and Wyoming.

Well, if we can’t fix it, how the hell are we going to mitigate it?  With the only tool left to us, and that is to effectively delegitimize the ultimate “winner” in such a way that the he or she becomes a powerless figurehead “leader” until the next election cycle.  In other words, you vote.  You vote for third party candidates, write in someone even if your ballot will not be tallied, you do anything in your very limited power to ensure that the “winner”, be it Donald Trump or Hillary Clinton, has far less than anything even remotely smacking of 50% of the vote.  Ideally one would want to see neither of the two front runners get even one third of the popular vote, meaning that a solid two-thirds of the country voted against either individual, but that’s not going to happen.  We all know that going into this, because as I’ve already noted the system is rigged by the Big Two.

No president with a significant and solid majority of the electorate having voted against them can claim any sort of mandate to do anything, whether it be negotiating treaties, attempt to bully sovereign nations into paying for walls we all know are never going to be built, submitting for consideration proposals to the now-cowering legislative branch of government, or attempting to seed ideologues into the federal judiciary and the Supreme Court.  Moderation wins by default.  Extremism loses and begins an inevitable downward spiral into oblivion.

Tomorrow I wrap up with this minor treatise with a call to arms.  It’s time the true patriots take back this country away from the special interests and the Big Two that have become indistinguishable from those special interests.

Monday:  Election 2016 — How the Hell Did We Get Here?

Tuesday:  Election 2016 — Why the Hell Did We Get Here?

Wednesday:  Election 2016 — Fixing This System Long Term

Today:  Election 2016 — But How Do We Fix This Year’s Mess?

Friday:  Friday:  Election — A Call to Arms

4 Comments

Filed under Opinion Piece, R. Doug Wicker, Social Networking