Category Archives: Technology/New Stuff

Readers Beware! — A particularly clever Phishing Attack


Now here’s a nifty little phishing attack that targeted me over a two-day period, and this one is both unique and, if you’re not careful, very effective.

On Monday my iPad informed me that I needed to log into my Apple ID account, which I attempted using my Apple ID and password.  That attempt was rewarded with an admonition, “This Apple ID has been locked for security reasons,” or something similar to that wording.  Apparently, someone attempted multiple logins with my Apple ID and an incorrect password, and Apple took the precaution of locking my account after too many such attempts.  I managed to log in my iPad using other contingencies employed by Apple.

It never occurred to me that the actual objective was not to break into my account, but rather to intentionally lock the account for the follow-up attack the next day.  Clever.

The next morning I received a security alert email from Apple advising me that my Apple ID account had been logged onto from an I.P. address from Indonesia.  Included in the email was a link to verify machines from which my account had recently been accessed.  I tapped the link and was taken to an HTTPS site with what appeared to be the Apple ID login page.  HTTPS normally means that you’re safe, right?  Well, not really.  It just means that the communications between your computer and that specific site are encrypted to discourage electronic “eavesdropping” of the conversation between the two computers.  Clever.

What I had failed to do was hover over the email link before clicking on it, which if I had would have revealed a bitsy URL link, meaning the real address was hidden behind a URL totally unrelated to Apple.  Not clever, but for some reason I fell for it.

At what appeared to be the Apple ID login screen I entered my Apple ID and password, but instead of being logged into my Apple ID account I was instead directed to another screen that asked for my name, address, and other information.  By now the phishing scum would have my Apple ID and the associated password, but I now was onto the game when the site also asked for credit card information, date of birth, Social Security Number (oh, come on now . . . really?), etc.

I immediately closed out that window, logged into my Apple ID account, and reset my password since I had just compromised my previous password.  I then reported as a phishing scam the offending email with the bogus link.

So, to recap, here’s how this rather ingenious phishing attack works using against Apple its requirement to pair the user’s Apple ID with a functioning email address:

  • Day 1:  The phisher obtains an email address and checks if that email address is linked to an existing Apple ID account
  • Once that link is established, the phisher intentionally makes numerous attempts to log into that Apple ID account until Apple freezes any further attempts
  • The account owner is now wary because, obviously, someone made multiple attempts to log into the account until it was locked; this sets up the user for the follow up email the next day
  • Day 2:  The phisher sends a “security warning” email that appears to be from Apple; the “warning” advises the account owner that his account has been logged into from a foreign I.P. address
  • The account owner then lets his suspicions from the previous day override his normal caution, and he “logs into” his Apple ID account through the bogus link supplied in the “security warning” email.
  • The phisher then captures the account owner’s password and, if the account owner continues to fall for the phishing attack, other even more critical personal information

This is by far the most sophisticated phishing attack I’ve yet seen, or at least it appears so to me because it’s the only one that’s ever duped me into revealing anything.  It’s an extremely fine piece of social engineering that uses a two-pronged con deliberately tailored to instill suspicion on Day 1 of the attack in order to override caution on Day 2 of the attack.

Do not fall for this attack.  Just because your Apple ID account was locked does not mean that the attacker managed to break in later.  Indeed, the chances are that he has not, and that your account is still secure.  Just report as a phishing scam the follow-up email and delete it.  If you’re paranoid after the initial Day 1 attack, just check your Apple ID account over the next several days and make sure you still have access.  If you do, the phisher has not taken over and changed your password to transfer to him control of your account.

Please help spread the word by linking this article to your friends and family members, as I suspect this is going to be the next big scam.

© 2017 R. Doug Wicker (RDougWicker.com)

Advertisements

Comments Off on Readers Beware! — A particularly clever Phishing Attack

Filed under R. Doug Wicker, Social Networking, Technology/New Stuff

WhiteKnightTwo


Something you don't see every day

Something you don’t see every day — WhiteKnightTwo

On September 11 of this year we had a visitor come to El Paso International Airport.  What you see above is WhiteKnightTwo, the launch vehicle for Virgin Galactic’s suborbital tourist thrill ride SpaceShipTwo.

SpaceShip 2 (center) suspended for a ride aloft on WhiteKnightTwo — Launch altitude 50,000 feet/15,240 meters; Upper diagram is of WhiteKnightOne and SpaceShipOne

Fortunately I was at work that day, and doubly fortunately Ursula was able to snatch a couple of my cameras and bring them out to the control tower.  Triply fortunately, the wonderful folks at Atlantic Aviation were gracious enough to escort both Ursula and me out onto the ramp so that I could take the photographs you see here today as well as some of my favorite shots of this encounter on this week’s Fun Photo Friday.

WhiteKnightTwo taxiing out for departure

WhiteKnightTwo taxiing out for departure

All in all I managed to snag some 50 photographs, including those I later stitched together for a couple of detailed panoramas, one of which you’ll see Friday.  Of course, I couldn’t just waste all that ramp time photographing just one aircraft, so I diversified a bit.

Beech King Air 200

Beech King Air 200

The FAA registry number for this wondrous aircraft is N348MS (MS standing for “Mother Ship), and  WhiteKnightTwo has been christened VMS Eve — Virgin Mother Ship “Eve” named after Virgin Galactic owner Richard Branson’s mother.  The second WhiteKnightTwo in the series will be christened VMS Steve Fossett after the famous aviator.

VMS Eve is larger than she appears:

  • Crew: 2 pilots, 6 passengers/launch crew
  • Capacity: payload 37,000 lb/16,783 kilos
  • Length: 78 ft 9 in/24 meters
  • Wingspan: 141 ft 1 in/43 meters
  • Powerplant: Four Pratt & Whitney PW308 turbofans each rated at 6,900 lbs/30.69 kN thrust
  • Launch Altitude: 50,000 ft/15,240 meters
  • Service ceiling: 70,000 ft/21,336 meters (service ceiling is defined as the maximum useable altitude of an aircraft)

Coincidentally, that 141-foot wingspan almost precisely matches that of another famous mother ship — The Boeing B-29 Superfortress that served as the launch vehicle for Chuck Yeager and the Bell X-1 rocket plane that first broke the sound barrier exactly 67 years ago yesterday, on October 14, 1947.

Boeing B-29 acting as mother ship to Chuck Yeager and the Bell X-1 Rocket Plane

But let’s get down to today’s gallery.  Enjoy, and remember to click on any of the images below to bring up today’s slide show.

Bibliography:

2 Comments

Filed under Aircraft, Photography, Technology/New Stuff

Coming Up This Week


Because of several things that have come up in the news and in the theaters, I’ll be pushing back my remaining blogs on our Montreal-to-Boston cruise aboard the MS Maasdam.  In an attempt at timeliness, I’ll be presenting my take on the Chicago En Route (ARTCC) Center fiasco and why those pushing for both consolidation and privatization of ATC are yet again being proven as off their collective rockers.  Also this week I’ll put forth one of my famous double-reviews.

This time I’ll be comparing The Equalizer:

Robert McCall versus . . .

to The Equalizer:

. . . Robert McCall

Comments Off on Coming Up This Week

Filed under Author, Movies, R. Doug Wicker, Technology/New Stuff, Television