Tag Archives: security




I received this suspicious email today, “Dear Costumer”. At first glance it looks like a legit email, especially when you view it from your phone where the full email address it’s from is cropped.


The email shows it links to “http://appleid.apple.com” but it actually links to x.co… which redirects to “http://appleid.apple.com.support.managed-account.com.2b68c6c9n1a5df2a3e.co.vu/Login.php?sslchannel=true&sessionid=Cnf6UHjnR5Om2LiozvNq7R2nqIIjzuvbSKhMsBajGYGIKY6jtTKBLMZcuHw3b1f3MwQf70yNZewJdC3H” the site looks legit but note the full domain.





Full text of the email reads is below. “Costumer” is already a red flag. I was almost resetting my password through the link but the costumer spelling error stopped me because i was going to tweet about it. This is also another reason why I am peeved whenever brands are careless with their spelling. The day phishers learn to spell will be the day we are all Phucked.

    Dear Costumer,    
    Your Apple ID was used to sign in to iCloud via a web browser.    
    Date and Time: 26 April 2017, 4:08 AM PDT
Browser: Chrome
Operating System: Windows    
    If the information above looks familiar, you can disregard this email.    
    If you have not signed in to iCloud recently and believe someone may have accessed your account, go to Apple ID (
https://appleid.apple.com) and change your password as soon as possible.

    Apple Support    

NQMS2 auto-sent SMS

Not sure what happened but my phone just suddenly sent an SMS. Not sure if i clicked on an ad or if it was something in an app. The automated message was NQMS2 N242044526QA. Posting it in case someone else tries to google it. Still not sure what the culprit is.  The automated SMS triggered a subscription and based on the message, it seems i have purchased an “NQ Mobile Service” looking at their site http://www.nq.com/ ironically, it seems like it’s a security app. I am not sure what i did to trigger this, but this was definitely not intentional. Not sure if i accidentally clicked on an in-app add or something, if i did, i don’t even remember being prompted to send an SMS. I’ve emailed the customer support email indicated in the message, and thankfully they seem to be helpful. I’m just glad it wasn’t some shady company taking advantage of whatever method was used to send this automated email. I’m going to monitor my apps more closely and see if this happens again. If you stumble onto this blog from googling the code above because you’ve experienced something similar, let me know!



Phishing on the Mobile + Internet Front

I received an SMS from DBS this afternoon:

Fr DBS: Due to security reasons, your DBS/POSB Card(s) must be urgently replaced. Please call the Bank now on 18001111111 or +6563272265.

Of course, I straight away clicked on the number in the message to make the call. I went through their IVR system, to a customer care officer and he proceeded to ask me for passport information, how many cards I had, who do I have a joint account with, for verification purposes. They proceeded to investigate but found that my account was not compromised by the suspicious merchant making fraudulent charges on people’s account. I’m still regretting not asking why the SMS was triggered in the first place, though he implied it was targetted at accounts that made frequent internet purchases.

I called my husband after that and told him about it. He didn’t get the SMS (I don’t think he shops online as much as I do) but asked me whether I called DBS or the number in the SMS. I didn’t even think about it because I often call DBS for whatever reason and I know their hotline by heart so I knew it was the correct number.

Looking back at the whole scenario, several aspects make it a perfect setting for some serious social engineering. Apart from the fact that the number for customer service in the SMS is actually the real number, this could have very well been a social engineering attack.

Today’s mobile phones make it easier to just click on a number in a message to dial it so rather than looking up your phone book or the bank’s website for the customer service number, they would just click on the message and proceed. That plus “urgently replaced”, “call bank now” trigger a bit of panic to the targets (in this case me) enough for them to resort to the quickest possible way to make contact which is clicking on the message.

The SMS sender’s number is a number that isn’t the same as what they use to send SMS’s for OTPs. Looking at the message, there’s no history of me every receiving any messages from this number so there’s no way for me to verify that this is a legit message from DBS.

An attacker could potentially have exactly the same message, but a different phone number listed, and he could have their victims call them up and freely provide all the security questions and answers typically used to verify accounts ( passport, account/credit card details, etc ) across a number of web services, and not limited to banking.

Potential Solutions

1. Getting a vanity customer service number (think 1-800-FLOWERS) that’s easy for the customers to remember (1-800-DBSHELP Maybe?) and market the heck out of it so customers know the 1 number they should be calling for anything related to banking.

2. It wouldn’t hurt if their systems use 1 number for all their SMSs as well to assure the customer they’re dealing with the same entity. I guess i would have felt more at ease if this alert came in the same thread as the messages with my OTP and transaction alerts

3. Smartphones can do their part by making their OSes even smarter by allowing the dialling of these vanity numbers direct from the SMS messages.


Update: Interesting how this Netflix phishing scam is using fake customer service reps as part of their scheme http://www.huffingtonpost.com/2014/03/03/netflix-phishing-scam-customer-support_n_4892048.html

Setting yourself up for Phishing Scams

If I were an unscrupulous phishing scammer, I would replicate this email, replacing it with my own phishing email address and proceed with my phishing scams.


I’m no expert or anything but I don’t think this is the proper way to roll out an email address change to your database. Cebu pacific is basically setting precedent that this is something that they would normally do: send you information that they’ve changed domains, and that you should go ahead and add this to your safe senders list so you can trust what ever content comes from this new mail.

You can see how unscrupulous people can take advantage of this by sending the same email from a different but maybe similar email address and it’ll be deemed authentic because they have done it before.

But then again, maybe this is a phishing email since I don’t see any mention of this said change of email address on their official website.

protect yourself from click-jacking!

Click jacking happens when you visit a website that shows you content to mislead you into interacting with it. When you do, suddenly messages/wall posts/ etc (because this usually happens on facebook) get sent with your knowledge. Sometimes it can be an embarrassing post on your own wall, and sometimes annoying post to ALL your friends’ walls (which is a pain to delete).

We’ve seen those intriguing videos being posted around our friends’ walls and usually curiosity gets the better of us, so we *click*. It leads to a page that can either be a fake video page, or a fake captcha page, or who knows what these malicious folks come up with these days. So, if you’re the really curious type, or you have friends who really do post weird videos that you’re often interested in watching yourself, make it a habit to browse these links in private, so at least you’re safe from being possibly click jacked.


1.Download and install a browser that supports in-private browsing. I use either IE 8 for XP, IE9 for Win7 or Chrome

2. whenever you see a link to a video that you’d like to view and it doesn’t play directly within facebook (that is, it takes you to another page or opens a new window) right click on the link and select “Copy Shortcut” (IE) or “Copy link address” (chrome)



3. To start a private session, hold Ctrl and shift then press P for IE and for chrome Ctrl+Shift+N. Your new browser windows should look like this:

IE 9





4. Go to the address bar of your browser and press Ctrl+V and press enter. Already the link looks malicious, but since we’re in private and not logged into any accounts, there’s no risk of your accounts being compromised (unless you already have an in private session going on where you’re logged in)



The example above just redirects to google now so they’ve probably taken it down. But since it’s not loading a proper page, we can safely assume that that was a malicious link. At this point, I can either ignore any future posts of the friend who posted since he clearly easily falls into these things, or I can help him out by letting him know that there’s a link to a malicious site that’s been posted on his wall in case he’s not aware. And if you’re feeling extra helpful, teach them what you’ve learned about in private browsing. You can do your part to make the internet (well, maybe just facebook) a safer place. Smile