Catalina - Capri - 25s International Assocaition Logo(2006)  
Assn Members Area · Join
h.jpg Home.
a.jpg Association Forum
s.jpg Ships Store
c.jpg Cruising
r.jpg Racing
t.jpg Technical Tips
g.jpg Photo Gallery - New
o.jpg Boat Search - Updated
m.jpg Manuals & Brochures
3rdrpt.jpg Swap Meet
l.jpg Links
f.jpg Officer Flag Line & Staff
b.jpg Bylaws & Constitution
 
1.jpg Members Area
1.jpg Join the Association
 
Notice:
The advice given on this site is based upon individual or quoted experience, yours may differ.
The Officers, Staff and members of this site only provide information based upon the concept that anyone utilizing this information does so at their own risk and holds harmless all contributors to this site.
 
Association Forum
Association Forum
Home | Profile | Register | Active Topics | Forum Users | Search | FAQ
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 Catalina/Capri 25/250 Sailor's Forums
 General Sailing Forum
 Possible FRAUD attempt - Sailnet Customers		  New Topic  Topic Locked
 Printer Friendly
Author Previous Topic Topic Next Topic  

ClamBeach
Master Marine Consultant

Member Avatar

3072 Posts
Initially Posted - 07/03/2004 :  00:08:47  Show Profile
Received an email tonight purporting to be from Sailnet. However the link involved briefly opens 'www.gasburn.com'... and attempts to do a cross-domain script to overlay the legitimate sailnet page.

Pasting the link provided directly into the browser address line results in a 404 error.. site not found.

This smells like a common 'phishing' scheme designed to con users into entering their credit card numbers. Citibank, Wells Fargo and others have been hit hard by these scams.

I am attempting to contact sailnet to verify. Timing of the message (Friday night before holiday) may be designed to hook as many people as possible before sailnet can react.

Never ever respond directly to an email like this by clicking the link in the email... it easy to spoof unless your browser is fully updated and your security settings are proper.

Letter below... (originally had sailnet graphics with it)

----------------------------------------------------
Dear SailNet customer,

During our regularly scheduled account maintenance and verification procedures, we have detected a slight error in your billing information.

This might be due to either of the following reasons:

1. A recent change in your personal informations (i.e. change of address).
2. Submiting invalid information during the initial checkout process.
3. An inability to accurately verify your selected option of payment due to an internal error within our processors.

Please update and verify your information by clicking the link below:

<<<DON'T BITE ON THIS>>>
http://www.sailnet.com/store/cust_update.cfm?UpdateEnterInfo

If your account information is not updated within 48 hours then your ability to buy from SailNet.com will become restricted.

Cheryl Boyle,
SailNet Acct. Dpt. (MarineNet, Inc.)
WOTAM - '77 Catalina 25 SK/SR Sail Number 158
Edited by - ClamBeach on 07/03/2004 00:11:48

Oscar
Master Marine Consultant

Members Avatar

USA
2030 Posts
Response Posted - 07/03/2004 :  10:31:13  Show Profile  Visit Oscar's Homepage
I smell a rat halfway the first sentence......

Oscar
Catalina 42 # 76, Lady Kay
Catalina 250WB#618 Currently FOR SALE:
http:www.woodenshoemusic.com/C250WB
Edited by - on
Go to Top of Page

ClamBeach
Master Marine Consultant

Members Avatar

3072 Posts
Response Posted - 07/03/2004 :  11:44:46  Show Profile
Yes... I received an email from the 'real' Sailnet people this morning.
It was a classic cross-site scripting scam 'phishing' for credit card numbers.

This was the first example of this particular fraud I'd seen targeting a
regular 'retail' business. (not a bank).

What will be a bit scary is if they had somehow obtained a list of sailnet
customers to target... most of these scams just use a random 'shotgun'
blast of emails using common names and domains.

Did anyone else here who's a sailnet customer get one of these?
Edited by - on
Go to Top of Page

Gloss
Master Marine Consultant

Members Avatar

USA
1916 Posts
Response Posted - 07/03/2004 :  12:59:56  Show Profile
I didn't.

and I'm a Sailnet member. It more than paid for itself already.
Edited by - on
Go to Top of Page

RL
1st Mate

Members Avatar

USA
76 Posts
Response Posted - 07/09/2004 :  08:53:02  Show Profile
ClamBeach, what type of internet connection do you have? If you are on a DSL cable type connection you may be infected with a spy virus that is targetting your use of SailNet to build the type of email you recieved. The same bunch of SOBs can modify the emails they send to target you according to the sites you use. If this is true, please be very carefull of what information you are putting in your communications. Make very sure your computer is free of any virus before even thinking about entering a credit card number.
Edited by - on
Go to Top of Page

ClamBeach
Master Marine Consultant

Members Avatar

3072 Posts
Response Posted - 07/09/2004 :  10:34:20  Show Profile
"...infected with a spy virus..."

Good thought, but hopefully not... I run both hard and soft firewalls, AV, Spybot, Spyware blaster, fully patch my XP, run with Active-X prompted only and regularly do HijackThis scans...
there's not a lot more that I can do.

Speculation... since this was a targeted attack on Sailnet... requires a considerable amount of work to set up, and there were other Sailnet customers involved, there may have been a theft of addresses from Sailnet. Sailnet issued a statement on the scam but didn't disclose if their site had been penetrated other than to say no credit card info was compromised.

Also, I guess logically if the bad guys had a keystroke logger on my machine, they wouldn't be trying to scam me... they'd be trying to harvest credit card information directly.

All that said, I'll run some fresh scans.

It's the wild west out there.. (the web)
Edited by - on
Go to Top of Page

Gloss
Master Marine Consultant

Members Avatar

USA
1916 Posts
Response Posted - 07/09/2004 :  14:38:54  Show Profile
so why is it that we don't execute these internet scum?
Edited by - on
Go to Top of Page

ClamBeach
Master Marine Consultant

Members Avatar

3072 Posts
Response Posted - 07/09/2004 :  16:13:34  Show Profile
Elusive... they stage their scams through multiple 'steps' making them hard to trace, bring them up and down quickly. Also most of the sites are hosted outside the US that makes investigation and prosecution an international affair.
Edited by - on
Go to Top of Page

RL
1st Mate

Members Avatar

USA
76 Posts
Response Posted - 07/09/2004 :  16:32:52  Show Profile
ClamBeach, it sounds like your doing all you can. I agree with your analysis, I was just trying to help. I see a lot of people with a cable connection and no protection, and end up with a computer that looks like it's been through the plague. Good luck and thanks for the warning.
Edited by - on
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Topic Locked
 Printer Friendly
Jump To:
Association Forum © since 1999 Catalina Capri 25s International Association Go To Top Of Page
Powered By: Snitz Forums 2000 Version 3.4.06
Notice: The advice given on this site is based upon individual or quoted experience, yours may differ.
The Officers, Staff and members of this site only provide information based upon the concept that anyone utilizing this information does so at their own risk and holds harmless all contributors to this site.