www.www.bussiapp.com

[bkrajashekar]

Hello,

How are you and your family? I'm so sorry I did not inform you about these before; it was impromptu and personal. Presently, I will be glad if I could confide in you and I want this issue to be confidential between You and I because I don't want people to get worried over this. I'm presently in Malaga (Spain) to complete a project and am having some problems here.

I misplaced my wallet and other valuables on my way to the hotel I lodged. I would have called you but there is no phone on me and I have limited access to the internet. I have no funds on me because I had to block my account immediately the incident happened. Please I will like you to assist me with a soft loan of �2,600 Euro or any amount you could afford to sort-out my hotel bills first and to get myself back home. I have reported the case to the embassy here and they are going through the necessary procedures but I will appreciate whatever you can afford to assist me with and I'll refund you the money as soon as I return. Please let me know if you could help me with the total sum or any amount you can afford. For the time been, you can reach me via my email because I'm at an internet Cafe now.

You can help me send the money via western union using my name and the address below.

Name: Raja Shekar
Address: Avenida de Velazquez 126, 29004 Malaga, SPAIN

Kindly email me the Scanned copy of the transfer Receipt so I can get all the details needed to receive the money.

Your reply will be appreciated.

Thanks so much.

Posted via Email

[admin]

====ALERT ====
Dear All

A message from sefi user bkrajashekar.DO NOT ACTon any Such messages even if it seems be coming from any source.

It seems to be result of some hack or virus from the concerned SEFI user 's personal email account which sent out "Loan request" which is not genuine and should not be acted upon.

Its a case of"Identity theft"

These days you often get spam like this and SEFI has enormous spam protection measures but when something this happen its difficult for us to classify message unless a human moderation is in place.

Please ignore last message bkrajashekar.

Its recommended as General Best Practice that one should change their email account passwords frequently and make them difficult to guess to avoid similar identity theft happening. And always keep a good antivirus and keep it updated.

You may reply to this if you have any doubts, or need to know more about how to securely interact online .

This has nothing related to security and integrity of SEFI website.

With best regards

Sanjeev Kumar

Admin

[manojkamra]

Thanks Sir, That spam message is in my inbox just before your message.
Manoj K.Kamra


On Fri, Nov 5, 2010 at 10:24 AM, admin forum@www.bussiapp.com)> wrote:

[V Ramachandran]

Thanks, Admin.

This is a regular racket similar to the Nigerian 'YOU HAVE WON A LOTTERY' one, where the fraudster only needs to have your mail ID. In the past one year itself I have received three such requests from some close associates/ friends - the language and matter are very similar, and obviously from the same group.

The modus operandi is as follows:

A mail arrives (for the victim) from the mail hosts like Hotmail or Yahoo saying that (due to some genuine sounding reasons) your mail ID is going to be closed down or discontinued. If you are a genuine user and need to keep the ID active, please respond immediately by giving/confirming the correct mail ID and your pass word.

一旦你给这两个人信息,夫人dster promptly logs in to your mail box, changes the pass word and starts his work of sending fraudulent mails. The main thing is that the victim will be unable to open his mail box and often loses important personal information in the mails as well as the contacts' mail addresses.

Please note the following.

1. The original mail is not actually from the Mail hosts, even though the mail looks very much genuine.
2. The pass word is never asked for by these agencies. Hence never give out your pass word under any circumstances.
   
3. If you notice any such ID theft, please immediately choose the "forgotten your pass word" option , answer your secret question and get a new pass word from the host - and change it immediately for a new one. The new pass word is usually sent to your alternate e-mail ID.
4. 如果你是这样一个欺诈邮件的收件人(问ing for cash), please do telephone your friend or a common friend who is closer to him (in the same city or organisation) and confirm the genuineness, (in case you feel bad, that you can't respond positively) and inform him of the theft, as it takes a while before they realise the Identity theft. Never send any money
   
5. Unfortunately, the culprit does not differentiate between the personal mails and the group mails and group cannot respond as required by him.

I strongly request the admin to

1. First remove the member's name from the forum temporarily, till he changes his mail ID for the forum mails. Otherwise SEFI's mails, including this warning, to the members can be read by the culprit.
2. Please advise the member by alternate means or telephone about the actions taken and ask him to give you a different mail ID for sending him SEFI mails.
   

Best wishes,

Wishing everyone a very Happy Deepavali

Ramachandran.


From:admin
To:general@www.bussiapp.com
Sent:Thu, November 4, 2010 11:54:26 PM
Subject:[SEFI]


[edited]
====ALERT ====

Posted via Email

[umeshrao]

[quote="admin"]====ALERT ====
Dear Sanjeev,
Appreciate a very prompt and lightening alert.May be, though repeated,

may I suggest that a small tip in terms of how a password should be such as minimum number of characters, composition, frequency at which it should be changed. Should change id have a very different characters, may be of use.
It was quite educative reminder that a mail received on SEFI from impostor of " Rajashekar" can post a mail on group mail account.

This can happen to everyone on any mail account any time. Hence may be as reminders SEFI can post this reminder- change password may be first Monday of every month. I know I am asking too much from already busy Admin, nevertheless, the request.
Regards Umesh Rao

[admin]

Dear Sh. Umesh Rao Sir and concerned sefians,

I appreciate concern and I am planning to conduct awebinaron "Securely Interacting Online" covering broadly many topics of interest to general web user. Expect it around the new year.

这里有一些什么ick tips.


a0)Click hereto watch videos (about 9) for easy background knowledge of online safety issues. Its from Norton Education



a01) Go tohttp://www.20thingsilearned.com/and learn more about internet , browsers and related terms . its worth it. Or download whole book attached below.


a) Password should be long, atleast 8 characters and memorise it, should not contain guessable numbers like your DL, PAN or other such numbers which people can easily find about you. It should contain special characters ($,@,# etc) and combination of upper and lower case and alphabet and numbers.

b) DO not use common password for all your accounts like internet banking , email and other social network sites.

c) DO never provide accurate personal info like DOB , Zip Codes where you live and mobile numbers etc on social network sites or others unless you trust them.

d) Email can be easily faked so if it asks for something serious do verify by calling the person/organisation concerned before acting. Banks Never sends email. Income tax departments never ask for user/pass etc via email.

Read more about various modes of operation by fraudsters here at RBI site.

http://rbi.org.in/scripts/NotificationUser.aspx?Id=5694&Mode=0

RelatedPress Releases
May 28, 2010	Do Not fall Prey to Fictitious Offers of Funds Transfer: RBI Advisory
Jul 30, 2009	Beware of Fictitious Offers/Lottery Winnings/Cheap Fund Offers: RBI
Dec 07, 2007	RBI cautions Public against Fictitious Offers of Remitting Cheap Funds from Abroad

c)Most important: Do check web site address (URL) in browser address bar. last part should be matching the domain name of service provider.



For example.

mail.gmail.com

or

mail.yahoo.com

Are genuine as they end with dot and then official Yahoo or Gmail address.

But

gmail.com.anyother-address.com is not genuine.

Or

mail.yahoo.com.sefindia.anyotheraddress.com isNOTgenuine Yahoo.

If every one understand this aspect it will minimise much of risk.

Example: A fake twitter site based on above example URLs.










Above examples shows the Pages have looks similar to Twitter, Facebook and PayPal sites but Address in all of them has slight differences that genuine address.

Easy thum rule :

The web address should contain office domain like these examples.

something.paypal.com/somethig...

something.paypal.com.somethig... is BAD
something-paypal.com/somethig... is BAD

Before the beginning of first / it should be complete officila domain. No exceptions. That would begin with a DOT and end with extension like .com or .in etc etc

If you do not see official web address correctly by above logic, DO NOT enter/login or register.



Before clicking on any Link in email, do right on that link and use (copy link/ copy short menu option ) or just put mouse pointer on link and see on windo status bar that shows what link it is.

If its not something you know to be worth trusted, do NOT click it.


d) Always have a Good Antivirus and keep it upto date. IF users do not want to pay, use AVG free fromhttp://free.avg.com

Its recommened to use AVG internet security which comes with firewall. Norton internet security is also Good.

Keep A/V but not updating is as good as having NO antivirus.

d) Never click on any Executable program (having extensions such as .exe, .vbs , .msi etc) unless you trust the source. Source can be verified by right click and view properties. If it has valid Digital Signature (code signing certificate) you may trust it.

Often File extensions and Icon can be manipulated to show you as if its something safe like PDF or txt file. Once can verify actual file extenson via DOS /Command Prompt using dir command.

somefile.txt.exe is BAD as its actually a Program which could do anything.
somefile.txt is safe as its only some information.

e) There a Fake / Scare wares floating on internet. Which often show that you are infected and do some action to fix it.

Remember there isNOGod sitting on internet offering you magical fixes. These are bad Guys who put traps.

If you get email attachment form unreliabe sources, there is online scanner service which uses multiple antiviruses to check it. Here it is.

http://virusscan.jotti.org/en-gb


http://en.wikipedia.org/wiki/Scareware
http://www.fbi.gov/news/stories/2010/july/scareware/scareware
http://en.wikipedia.org/wiki/Spyware
http://en.wikipedia.org/wiki/Phishing

A Good artical on How to Identify Phishing Emails:

http://www.microsoft.com/protect/fraud/phishing/symptoms.aspx


Some free tools which are reliable and can be used to scan computer to get reasonable assurance.



www.malwarebytes.org/
http://free.avg.com


On Windows always enable Firewall and VISTA user account control Feature.


When presented with popup window / error etc "DO NOT be in TO HURRY to CLICK OK " remember there may be program that may be asking " DO You wish me to cut off your head" Click OK or Cancel, usual habbit of click Ok can do what you never imagined. Just an example.

f)There are keyloggers which log your key stroke while running as hidden processes in your system. To avoid this threat on Internet Banking Sites use Virtual Keypad provided by most banks rather than using actual keyboard. That way key loggers can not trace your key strokes hence providing additional safety.

g) Do not use public computers like Cafe /Airport etc for financial transactions online.

h) If possible practice utilising digital signatures for signing email messages and encourage business partners to use the same that way you have assurance that email is actually from the sender. Without that, any email can come from any user "pretending to be so and so".

i) Never make critical decisions and judgments solely relying on email which is not digitally signed and not having valid digital id of person which it says to be coming from.



This email is just a quick response and can not be called complete reference in any sense. I will try to provide more comprehensive information as time permits. Advices /Commenets are provided as IS and views are my personal and not of official SEFI. I disclaim accuracy / completeness or usefulness of this and its for educational purpose only.


Best regards

Sanjeev Kumar



意思是虽然随着时间允许我将容易follow presentations, tips and Dos and Don'ts shortly here.

With best regards

Sanjeev

[umeshrao]

[ibarua]

8th Nov 2010

The moral of the story is:

NEVER DIVULGE YOU PASSWORD

to even your pillow.

Indrajit Barua.


On Sat, 06 Nov 2010 09:59:24 +0530 "V Ramachandran" wrote