NextBlogger - Phishing attempt almost fooled me...!

[nielsencl]

DO NOT REPLY TO THIS EMAIL!
***************************

Dear nielsencl,

You have received a new private message at NamePros.com from NextBlogger, entitled "Trader Rating Notification".

To read the original version, respond to, or delete this message, you must log in here:
http://www.namepros.com/private.php

This is the message that was sent:
***************
You have received a new Positive rating or comment from NextBlogger.

Details about this transaction can be found *on your iTrader page* (namepro.notlong.com).

Note: This is an automated message.
***************

Again, please do not reply to this email. You must go to the following page to reply to this private message:
http://www.namepros.com/private.php

All the best,
NamePros.com

 

[cmason]

Oh @#$@#$@#$@#!!!!

It did get me. I found this post quickly enough and changed my password.

@#$(*@#($)*@()#*$@()#*$

I would like to note that I am normally pretty conscious of this type of thing so this just sucks! Hope I caught/fixed it early enough.

 

[nielsencl]

I have posted to the admins here and sent an emergency email to the ISP hosting the site.

Luckily I was tipped off by it asking me for my password...!!!

Good Luck and I hope you only used your username and pasword on this site, and not 40 others like most people do (used to)!

 

[cmason]

Thank you very much Nielsencl! This is the first time I gave into something like this...thought it was strange that NP wanted me to log in again, but didn't think too much about it. Just glad that I don't use this password on other sites (well, 1).

 

[Reason]

Lol, cmon guys, look lively!

It was pretty crystal it wasn't legit, lol. I mean even BEFORE any mention of passwords. I never even got that far.

One sorry ass is reported.

 

[cmason]

Lol, cmon guys, look lively!

It was pretty crystal it wasn't legit, lol. I mean even BEFORE any mention of passwords. I never even got that far.

One sorry ass is reported.

Hahaha, that is why I am mildly embarrassed right now. (Shhh...don't tell people I work in computer security...)

 

[Reason]

I am mildly embarrassed right now. (Shhh...don't tell people I work in computer security...)

And I'm more than mildly WORRIED! Rofl

Oh btw, the mods handed him his deposit back pretty quick - he's out the door [til he thinks up another hare-brained scheme with an alter-ego].

 

[cmason]

No need to worry unless you work for a major US investment bank...but again...shhhhhhhhh!!!

Way to go mods!

 

[wrc]

The scammer registered wwwnamepros.com under the name Stover, James S. ( [email protected] ) , the place where it asks for the user/pass is
http://wwwnamepros.com/itrader.php

 

[Reason]

No need to worry unless you work for a major US investment bank...but again...shhhhhhhhh!!!

Way to go mods!

Ah, that's a relief then - I need my sweat for other matters

 

[-REECE-]

As a general rule, I would recommend never clicking links in emails or private messages under any circumstances. Most of the time when these links are phishing scams, they're either bringing you to a site which will download a keylogger onto your computer or they're hoping you will enter your password on a site that looks like Namepros but actually isn't Namepros -- eg. wwwnamepros.com. Anyone who has fallen for this and clicked the link, please pm me or another mod/staff so we can be on the lookout for any suspicious behavior coming from your account.

 

[nielsencl]

No one should feel bad for falling for this one. It might have nailed me if I had some transactions receintly, but I didn't. There was also the fact that I got TWO of them at the same time, and them of course it asked for my username and password. But the URL was so close I thought it was part of the upgrades that have been going on around here. I was so uncertain I thought the mods might get mad at me for reporting something legit...!

Anyway, if you use Outlook you may want to get the utility from PocketKnife Peek. I use it to look at most of my mail, and it shows you the "hidded" actual URL for a link so you can spot odd things that are used in Phishing. Except in this case I was too trusing of email from Namepros and the alarms did not go off when they should of. I'm normally pretty sharp about things like this, but if I almost fall for it, I am sure MOST people with less experience will be taken in.

There may be no connection, but I just tried to set up new hosting for a domain at Name.com and it would not let me change the name servers. And there is no way to see or change the domain lock for this one .com. Almost looks like they have locked things down...?

Oh, one last note: When I was unsure if this was a scam, I entered in a bogus username and password. When it told me I was logged in and sent me to NP I was then SURE it was a scam.

 

[krishmk]

Oh ya I got the email too!
Was surprised to see a itrader rating as I didnt involve in any transaction recently.
I saw the url in the email and understood that it was a phishing attempt. Came to namepros to see if anyone else got affected by this and saw this thread.

But the email headers look so genuine - sender email: [email protected] and mailed by sl.namepros.com