Skip to main content

USAA Phish

MIJN Security Partner.
Placotiweg 2K
4131 NL Vianen (Netherlands)

You are the proud hoster of alpacasvomhahnerfeld.de, which resolves to 185.41.127.3. This domain is the landing domain for a phishing email targeting USAA members.

 "Dear Customer,

Your account has been locked due to an update in our security features, we were unable to update your account. For your protection, online access to your account will remain locked until we properly verify your identity.

To re-instate your access, view your account below to start the update process."

Good try. You even go as far as embedding USAA content (usaa.com) into the email. There is even a twitter.com link, of all things. Very good try.

 Farther down in the email you try to distance yourself from pretending to be the USAA:

"USAA means United Services Automobile Association and its insurance, banking, investment and other companies . Banks Member FDIC."

The email "from" is "foi at gkclasses.com" which is entirely irrelevant.Except that the email originated out of 104.239.173.146, which is a Rackspace IP (hoster of gkclasses.com).

This was the weakest phish I've seen in a long time. If this was you, Bearded Michiganite and neighbor of the beast, then I am disappointed. That AMEX phish you did was a Rembrandt compared to this rubbish.

Received: from [104.239.173.146] ([127.0.0.1]) by gkclasses.com with Microsoft SMTPSVC(7.5.7601.17514);
Wed, 1 Mar 2017 14:03:18 +0000
boundary="===============1676980232=="

There was even a facebook link: USAA?EID=3D87909-0411_body haha. 

What does Status=CONNECT mean at ICANN though? That's pretty clever. 

Popular posts from this blog

THE RISE OF FASCIST SOCIAL MEDIA

The Merriam-Webster dictionary defines fascism as: a tendency toward or actual exercise of strong autocratic or dictatorial control .  The phrase "dictatorial control" is important for the case that I am going to make about fascism in social media. The word "dictatorial" means "of or relating to a dictator," and a dictator is "one ruling in an absolute and often oppressive way." In 2020, social media has seen a rise in the number of autocratic events of censorship. The two social media outlets that I am going to focus on are Facebook and Twitter.  Background Facebook is a semi-private curated blogging platform where you, the user, share information at your leisure. The public part of Facebook is in Facebook Groups. With a group, outside people who are not privy to your "Facebook Wall" will join your group and establish a communal discourse. This can be private, by invitation only, or public. The Facebook is auth-walled so that you must ...
Read more

Clustered Foolishness

I had morning coffee with a well respected friend of mine recently. Aside from chatting about the usual wifery and family, we touched on the subject of clustered indices and SQL Server performance. A common misconception in the software industry is that a clustered index will make your database queries faster. In fact, most cases will demonstrate the polar opposite of this assumption. The reason for this misconception is a misunderstanding of how the clustered index works in any database server. A clustered index is a node clustering of records that share a common index value. When you decide on an index strategy for your data, you must consider the range of data to be indexed. Remember back to your data structures classes and what you were taught about hashtable optimizations. A hashtable, which is another way of saying a database index, is just a table of N values that organizes a set of M records in quickly accessible lists that are of order L, where L is significantly less than M. ...
Read more

Trademarks In The Dark

If you have a business, then you know that filing for a trademark is pretty easy in the USA. You just go to the USPTO web site ( www.uspto.gov ) and start filling out the form. The cost is significantly less now, nearly a third of what it was a couple of years ago. That's great news. What you don't know about your mark, though, is that there is a plethora of common law that dictates whether or not you can file with your specimens. The specimens are documents that clearly show your mark being used in commerce. Well, my last mark registration came back to me with the examiner asking for a better specimen that places the mark in closer proximity to evidence of commerce. Closer proximity. Yeah. Right. Apparently Lands’ End, Inc. v. Manbeck, 797 F. Supp. 511, 514, 24 USPQ2d 1314, 1316 (E.D. Va. 1992); In re Dell Inc., 71 USPQ2d 1725, 1727-1729 (TTAB 2004); In re MediaShare Corp., 43 USPQ2d 1304 (TTAB 1997); TMEP §§904.06(a) and (b), establish some common law that determines an acce...
Read more