Army Rumour Service

Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

Detecting 'phishing'

Ciggie

GCM
For some time now I have been using internet cafes, called locatorios here, invariably Pakistani-owned, as that is their cut of the immigrant business, always part of a money transfer outfit, the Chinese do bars, restaurants, cheap shite bazars and veggie outlets mostly, the Africans work for the Chinese on the street selling knock-off goods...anyway, I have little doubt that the dodgy fuckers are phishing as I use...not that it will do them any good as I am far from so stupid to do anything financial on the interweb and all they are likely to find out is that I have little time for their 'beliefs'. However, lots of little telltale signs say there is something going on, which is strictly illegal. Any way for a computer semi-naive such as myself to nail them at it ?
 

RBMK

LE
Book Reviewer
When you're in an internet cafe you should always use the "private browsing" function and then immediately delete your browsing history -- regardless of what you're doing.

Private browsing on Firefox does not save any cookies or searches on the computer. Other browsers have similar functions.
 

OneTenner

LE
Book Reviewer
When you're in an internet cafe you should always use the "private browsing" function and then immediately delete your browsing history -- regardless of what you're doing.

Private browsing on Firefox does not save any cookies or searches on the computer. Other browsers have similar functions.
Doesn't prevent using a keylogger or screensharing though.
 

RBMK

LE
Book Reviewer
This is true.
Which is why buying a cheap Linux laptop and using a VPN beats internet cafes every time unless you;'re just reading wiki.
 

3ToedSloth

War Hero
For some time now I have been using internet cafes, called locatorios here, invariably Pakistani-owned, as that is their cut of the immigrant business, always part of a money transfer outfit, the Chinese do bars, restaurants, cheap shite bazars and veggie outlets mostly, the Africans work for the Chinese on the street selling knock-off goods...anyway, I have little doubt that the dodgy ******* are phishing as I use...not that it will do them any good as I am far from so stupid to do anything financial on the interweb and all they are likely to find out is that I have little time for their 'beliefs'. However, lots of little telltale signs say there is something going on, which is strictly illegal. Any way for a computer semi-naive such as myself to nail them at it ?

I really hope you catch these bastards and they get the justice they deserve. Not many people know it, but most email accounts and online banking today have anti-phishing settings deep under the bonnet that can add additional protections to prevent unauthorised access and help identify those making an attempt. Unfortunately, for the less computer literate it really isn't straightforward to get running as you need to bypass the neogenic node BIOS. I'd be happy to set it up for you if you PM me your various login details.
 
For some time now I have been using internet cafes, called locatorios here, invariably Pakistani-owned, as that is their cut of the immigrant business, always part of a money transfer outfit, the Chinese do bars, restaurants, cheap shite bazars and veggie outlets mostly, the Africans work for the Chinese on the street selling knock-off goods...anyway, I have little doubt that the dodgy ******* are phishing as I use...not that it will do them any good as I am far from so stupid to do anything financial on the interweb and all they are likely to find out is that I have little time for their 'beliefs'. However, lots of little telltale signs say there is something going on, which is strictly illegal. Any way for a computer semi-naive such as myself to nail them at it ?

I understood the individual words, but not the [incomplete] sentences. Don't worry, they wont have a ferking clue what you are doing on the information superhighway interwebs. /s

Once you have signed into the cafe wifi, use a VPN and ensure you have a reasonable firewall (the Windows 10 one is adequate for this). Set security to high. "phishing" is email - so dont click on emails from people you dont know, ensure email headers are displayed (so you can see that the email from paypal is actually from oddname@weirdsounding.address.tld
 
In the 80s, there was a European radio phone-in and someone from Poland called in to say that the government was listening to people's phone calls. Someone on the line in the background said "no we are not, don't listen to him".
 

Mattb

LE
For some time now I have been using internet cafes, called locatorios here, invariably Pakistani-owned, as that is their cut of the immigrant business, always part of a money transfer outfit, the Chinese do bars, restaurants, cheap shite bazars and veggie outlets mostly, the Africans work for the Chinese on the street selling knock-off goods...anyway, I have little doubt that the dodgy ******* are phishing as I use...not that it will do them any good as I am far from so stupid to do anything financial on the interweb and all they are likely to find out is that I have little time for their 'beliefs'. However, lots of little telltale signs say there is something going on, which is strictly illegal. Any way for a computer semi-naive such as myself to nail them at it ?
I don't think that you understand what phishing is.
 
I don't think that you understand what phishing is.

That's easy

1598318488226.png
 

Nemesis44UK

LE
Book Reviewer
With all due respect @Ciggie, on these hallowed pages, you are talking to some of the brightest minds the British Isles have to offer. People trained in linguistics, aerospace research and cryptography and we don't know what you're on about half the time, so what chance does some dodgy foreigner have?
 

Wordsmith

LE
Book Reviewer
So phishing is getting you to click on a malicious link. This does something like take you to a fake website - like an online shopping site. You enter your credentials into a fake login page, the attacker records them, and sends them + you to the real website, leaving you logged into the legitimate website and none the wiser that the attacker now knows your login details.

The risk at Internet cafes and the like is that your communications are intercepted. This could be done by a key logger that records every keystroke and stores in in a file the attacker downloads later. Or you could be more vulnerable to a 'man in the middle' attack where the attacker sits between you and the website you are talking to, reading all your communications.

Finally, if you connect by Wi-Fi, some of the W-Fi access points are less than secure, again giving an attacker a chance to intercept and read your communications.

You also have to consider the skill set of the threat actor (the polite term for 'hacker'). You're unlikely to find Internet cafe's being targeted by nation states; its more likely to be the spotty 16 year old teenager living with their parents. And not with a high skill level.

So basically, don't do anything sensitive in an Internet cafe - reserve that for home or the office where the connection is more likely to be secure.

Wordsmith
 
When you're in an internet cafe you should always use the "private browsing" function and then immediately delete your browsing history -- regardless of what you're doing.

Private browsing on Firefox does not save any cookies or searches on the computer. Other browsers have similar functions.
A "friend" ( I know him ok ) found £250 the £250 then £250 then £250 sent rapidly to the same named person.
Never, ever, leave an active cookie unless you have enough money to put a Lotus into space.
 

Wordsmith

LE
Book Reviewer
A "friend" ( I know him ok ) found £250 the £250 then £250 then £250 sent rapidly to the same named person.
Never, ever, leave an active cookie unless you have enough money to put a Lotus into space.

That could well be a vulnerability called cross-site request forgery.

And if that's exploited, there's virtually no way of proving that it wasn't you that sent in the request.

Wordsmith
 
Top