gmail hijacked as hotmail?

[ChrisGreaves]

My friend has an email account with the school district through which she teaches (e.g. ???@sd67.ca).
About two months ago she got herself a gmail account for her "personal" email.
This morning I received an email, obviously NOT from her, but from the same mail prefix but with a hotmail suffix.
It's as if you suddenly received an email from CGreaves@hotmail.com when you already knew I had a gmail account as CGreaves@gmail.com.
In the example shown, the tone and content of the email is so unlike Linda that it's obviously a fake, but I bet it catches a significant portion of the population who don't think to discern between the different domain names - same genre (can I say that?), but one email address is NOT "genuine".

3.JPG

[HansV]

The spammers will keep on looking for new ways to fool people. So you have to remain alert.

Cf. the "tabnagging" hoax: Devious New Phishing Tactic Targets Tabs.

[ChrisGreaves]

Cf. the "tabnagging" hoax: Devious New Phishing Tactic Targets Tabs.

"When they click back to the fake Gmail tab, they’ll see the standard Gmail login page, assume they’ve been logged out, and provide their credentials to log in,” Raskin explained."

Hmmmm.
I have a horrible feeling this happened to me a couple of days ago.
Ouch!

And thanks for the link. A great read.
Now I shan't be able to go back to sleep ....

[HansV]

As you probably know, even if you tick the check box "Stay signed in" on Gmail's login page, you'll be logged out automatically once every 14 days and forced to log in again. So seeing the Gmail login page is not necessarily a phishing attempt. But that's precisely why this technique is so devious - people don't remember when exactly the next forced login is due, so if they see the Gmail login page, they don't check the URL in the address bar, and provide their username and password...
If you use (a recent version of) the NoScript add-on in Firefox, it'll protect you against this type of phishing.

[ChrisGreaves]

If you use (a recent version of) the NoScript add-on in Firefox, it'll protect you against this type of phishing.

I wasn't but I am now! Thanks.
Two points of interest:
(1) After the installation I elected to watch the video. Couldn't do so until I allowed the script!
(2) Tom is sitting in front of an Apple.

[HansV]

If you run NoScript in "paranoia" mode, i.e. have it block ALL scripts, it'll be rather annoying initially since you have to allow scripts for each site that you visit and that you trust. But once you have done this for the sites that you visit regularly, it'll be OK.

[ChrisGreaves]

If you run NoScript in "paranoia" mode,

OK. I give in. I can't see anywhere in the tabs settings that mentions, or even suggests paranoia.
I'm paranoid; please sign me up.

P.S. I *am* fascinated by the number of sites I visit regularly that now have blocked scripts.
It's a bit like a fresh installation of ZoneLabs ZoneAlarm.

5.JPG

[HansV]

There is no mode that is really named "Paranoia"

I only meant by this expression that scripts are turned off by default. And it is indeed very similar to "training" a firewall.

[ChrisGreaves]

There is no mode that is really named "Paranoia"

OK. Thanks.
(signed) Netvous" of Toronto.

P.S. I notice that the Toronto Star spends a lot of time chatting with Google Analytics.
Also that EileensLounge is in on the act:

2.JPG

[HansV]

Mike Wolfman uses Google Analytics to provide some statistics about Lounge usage, such as:
- Which browsers do visitors use.
- Where do visitors come from.
- What are the busiest times.
No personal information is gathered by Google Analytics.

[ChrisGreaves]

Mike Wolfman uses Google Analytics ...

Understandable.
To my mind, Google Analytics, The Royal Bank of Canada and a few other choice sites are the least of my problems.
I think that if Google/RBC gets hacked we may as well all give up and go home!

I'm just fascinated (as always) about the amount of stuff that goes on unnoticed until one looks.

[ChrisGreaves]

... the NoScript add-on in Firefox, it'll protect you against this type of phishing.

It's early days yet, but the add-on seems to have disabled those annoying semi-transparent un-closeable floating popup ads.

[ChrisGreaves]

(edited: Cosmetics)

... it is indeed very similar to "training" a firewall.

...ept that the Toronto Star newspaper site is chock-a-block with scripts.
Scripts for facebook, youtube, double-click, ad, analytics ....
I have developed a sort-of procedure that works.

1. When I click on "Comments" to view comments on a story the comments are blocked waiting for me to work out which one of 19 scripts is holding me up.
2. I click on the "Make temporarily available" for each script, one by one until Bingo! the Comments appear.
3. Then I have to Forbid that script and immediately Allow that script permanently.

I think that this is the only real way for a lay-person to leave blocked what can be blocked but unblock those scripts considered absolutely essential to daily living (!)

[HansV]

It's a bit of trial and error indeed.

[ChrisGreaves]

It's a bit of trial and error indeed.

At my end it's mainly acute puzzlement.
I'm reading a map in The Toronto Star - a prominent newspaper but if the security is anything like the proof-reading, quite prone to hijacking.
I "click to zoom in" and receive the pop-up warning about click-jacking.
At this point I'm not sure what's going on, so I abandon the view.
NoScript is probably going to make me spend more time on paid work and less time ogling over motor-collisions ... a good thing IMHO!

1.JPG

[HansV]

It's not necessarily malicious - the dialog allows you to see which element on the page was (partially) hidden.

See this article by Giorgio Maone, the author of NoScript: Hello ClearClick, Goodbye Clickjacking!.

[ChrisGreaves]

It's not necessarily malicious - the dialog allows you to see which element on the page was (partially) hidden.
See this article by Giorgio Maone,

Quite so. The issue for me is that here is yet another filter (to go along with Grisoft's AVG, Zonelab's ZoneAlarm, Spybot et al.) to which I must either respond or just back off.
Please don't (anyone) get me wrong. I understand that as the quality(?) of attacks improves (we've come a long way from an AutoExec in Normal.dot) so too must the countermeasures.
When I want to take advantage of improved security - and I must do that for my client's projects sakes - I must master a new form of defense.

ZoneAlarm is pretty intuitive; "something is trying to get access", and if that {something} is trusted by me (e.g. Grisoft) then sure, give 'em free reign. The range of trusted applications on my system is somewhat limited.
But now we are at web pages, and there are a great many more web pages out there than there are applications in here, so the number of popups and interventions increase dramatically.

Thanks for the article. At first glance much of it was above my head (partly because I have work to do), but I suspect that even if I do get my head around it I'll be the only one in my circle of Toronto-colleagues who does, and where does that leave all our parents and grandparents who are clicking on the web as we speak?

For me the parallel with the original post in the thread is similar.
It's one thing to filter out spam email in a Gmail account, but now the stakes have been raised to filtering out fake Gmail pages before I even get to considering spam in Gmail.
As usual, when the bad guys raise the stakes, everybody gets to pay.