Phishing emails are becoming more sophisticated. Thus, there are camouflaged mails from the boss to his employees, to transfer funds, which are highly successful.
Phishing emails are not only getting better disguised, but the attackers also always use bolder methods to reach their destination. Bosses are often pushed to reach the goal.
In the well-camouflaged phishing e-mails employees will be asked to transfer money because certain contracts have not yet been settled financially. Many employees would transfer the money instead of asking the boss once again if there everything is all right - or to look at the header of the mail more in detail.
Because is immediately visible in the header of the e-mail that the mail was not sent by the boss himself, but by a "non-corporate" e-mail address. But even these email addresses are now better camouflage than before and are similar to those of the bosses in most cases. The domains linked in the e-mail body and lead to the transfer portal, mostly resemble those of the real company address very strong. Who does not look exactly could really fall for this trick.
Once more Facebook users must be careful that their account does not fall into the hands of fraudsters. The warning of a friend turns out to be dangerous gateway.
Spam, viruses and Trojans on Facebook are already on the agenda for a long time. Many users have got it already. This increased the alertness at the present. Scammers are taking advance of this alertness for taking over user accounts in masses. There are currently fake warnings of real Facebook friends in circulation, indicating the user that a copied second profile of themselves and other images are to be found in other sections on Facebook.
Phishing attack
In some cases, the scammers even have added a screenshot of the copied second profile page (not logged in). In any case, the user will be prompted to enter the link to the alleged fake profile. However, this does not lead to Facebook, but to a well-camouflaged Facebook phishing page. Who logs in on this page will tell his username and password to the scammers.
This thus have access to the entire Facebook profile and all the friends. The scammers take advantage of the fact apparently immediately to move more potential victims with the same mesh for getting their login information. Despite the fact that the news are coming from actual Facebook friends (whose accounts have already been affected), there is something what should let your alarm bells ringing.
Check URL
That is the phishing link is not pointing to https://facebook.com/xyz, it is in the current pointing to the URL profil-numbercombination-fb.xyz.es. Such links should better even not get clicked. The attack also targets in other countries. Some grammatical errors, however, point out that the scammers have obviously not perfect knowledge of the language.
Who gets suspicious, you should report the relevant user profiles and alert the Facebook friends through other channels (email, phone) that presumably with their account something is not right. Who has the suspicion that the own account was hacked, be sure to change the password on Facebook and for other services, where the same log-in information is used. To impede unauthorized access to your own Facebook profile from the outset, Facebook offers a range of security settings such as two-way authentication and notifications.
Someone, who is posting fake messages about others and wrong proves for destroying the reputation of others, is a criminal and not trustworthy for making any business. It seems it is a fight between scammers. For this all involved parties are very suspect. I'll suggest to Ashish Chettri to start legal actions against Rohit Khatri and Navdeep Bhagia. Character assassination is a crime. Maybe the prosecutor has the opinion that there is an organized crime, as several people were involved.
It got proven that the posting of Rohit Khatri has been a big lie, because he needed to remove it yesterday. Nobody removes a posting if the content is without any harm for him or the content has expired.
Rohit Khatri posted yesterday in Facebook in the group Inbound Tech Support at Cheap Price (the posting is already removed):
Rohit Khatri - Inbound Tech Support Calls at Cheap Price
Guys once again i have blasted the scammer plan. This guy named Ashish Chettri basically from Rana Ghat West Bengal involved in many online scam like western union blocking and pop up calls. He never route any call to anyone neither transfer any cash after blocking the payment. See his bad luck ye mere hatthe chad gaya. "WARNING FOR ALL SCAMMERS I AM AFTER YOU" Seriously yahi haal karunga sabka jo scam karega. If this guy has scamm anyone do let me know this guy is in custody till monday then he will appear at court.
Navdeep Bhagia added the video from YouTube, published August 13, 2014, for proving their allegations:
@Ashish Chettri: I'm sorry, that I believed to the posting from yesterday and that I shared the the posting of this big liars. What seems too good to be true is mostly not true.
Facebook Navdeep Bhagla.pdf (960.81 kb)
Facebook Rohit Khatri.pdf (1.39 mb)
Update Jan. 18, 2017:
Link to the Facebook profiles of Rohit Khatri (https://www.facebook.com/rohit.khatri.566) and Navdeep Bhagia (https://www.facebook.com/binnysam) removed as they are returning error 404 - not found.
New Delhi - An uncomfortable officer has been placed in India for the 45th time. The NDTV Indian TV channel reported that Ashok Khemka got now moved to a simple job in the Department of Archaeology and Museums of the State of Haryana. Khemka is known all over India, because during his 23-years career he has uncovered numerous corruption scandals - and he was removed from his positions by various governments again and again.
Before Khemka has been transport officer in Haryana. He tweeted after the takeover of the position a few months ago: "We have to decide between road safety, protection of the public good and the environment on the one site and private profit on the other side". He said he wanted to tackle license purchase on the black market and make the names of all illegal profiteers public.
It never came. Now he tweeted: "I have taken great pains to fight corruption and enforce reforms in the transport sector, although my room was very limited and many stakeholders were involved deeply. That moment is now very painful."
What can we expect from a country where such a corruption and fraud is already public and nobody is doing something against it?
Why should in such a case the business to be honest?
India is a land of scam?
No! There are after all honest people there too. Don’t throw all into one pot. A good example for a honest person is Ashok Khemka. He leads by being a good example and I hope that many people will follow his example.
A LinkedIn member has asked me to reply to his email address. I have sent an email to him and got immediately a reply from boxbe-notifications@boxbe.com with the following content:
Hello Rudolf Faix,
Your message about "RE: NEW DEFENCE RESEARCH PAPER & BOOK" was waitlisted.
Please add yourself to my Guest List so your messages will be delivered to my Inbox. Use the link below.
Click here to deliver your message
Thank you,
china.research.team@gmail.com
Powered by Boxbe -- "End Email Overload"
Boxbe, Inc. | 65 Broadway, Suite 601 | New York, NY 10006
Privacy Policy | Unsubscribe
Final-Recipient: rfc822; china.research.team@gmail.com
Diagnostic-Code: X-Boxbe-Notice; message given low priority. To fix, see accompanying notice.
Status: 4.7.0
As I did not send any message to somebody from the domain @boxbe.com and I did not subscribe somewhere (see the unsubscribe link under their signature) is this email nothing else than SPAM. Following a link in an unsolicitous email will result in more spam, because with this you'll verify that your email exists. For this I did not press the "Click here to deliver your message" and the "Unsubscribe" link. I simple reported this e-mail as spam. In future, I'll not receive any message from them.
Don't expect any answer from me if you like to communicate with me per e-mail and use a similar service like boxbe.com. I'll even will not see in future a confirmation link from boxbe.com. If you are too lazy to filter out a few spam messages a week, then it would be better use snail mail instead of e-mail.
The full email headers:
Delivered-To: rudolffaix@gmail.com
Received: by 10.36.40.144 with SMTP id h138csp1291074ith;
Thu, 2 Apr 2015 03:16:40 -0700 (PDT)
X-Received: by 10.140.216.67 with SMTP id m64mr40519897qhb.6.1427969800053;
Thu, 02 Apr 2015 03:16:40 -0700 (PDT)
Return-Path: <bounces+rudolffaix=gmail.com@dynect-mailer.net>
Received: from mtaout-204-ewr.sendlabs.com (mtaout-204-ewr.sendlabs.com. [216.146.33.204])
by mx.google.com with ESMTPS id v32si4526164qge.71.2015.04.02.03.16.39
for <rudolffaix@gmail.com>
(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Thu, 02 Apr 2015 03:16:40 -0700 (PDT)
Received-SPF: pass (google.com: domain of bounces+rudolffaix=gmail.com@dynect-mailer.net designates 216.146.33.204 as permitted sender) client-ip=216.146.33.204;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of bounces+rudolffaix=gmail.com@dynect-mailer.net designates 216.146.33.204 as permitted sender) smtp.mail=bounces+rudolffaix=gmail.com@dynect-mailer.net;
dkim=pass (test mode) header.i=@boxbe.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=dyn; d=boxbe.com;
h=Date:From:Reply-To:To:Message-ID:Subject:MIME-Version:Content-Type:Sender:List-Unsubscribe; i=boxbe-notifications@boxbe.com;
bh=nKDuo8pxB1J4J6hCaChvgnPI9C4=;
b=cdwtGiTRGvon01+RJCS+dqntHGWxAp+v8N25wdwkhCu3IuepUzdikg/rUzrbQSEH3lpTqzY3cS24
3STK+6Eok+6MYxzhQnDk7wJAptLSKxPamb4JHOfmNfDaOoQarlZvGq//UfWxY1s/fZITgFSHevjs
lKI7t3v+B6M1NcupcJs=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=dynect1213; d=dynect.net;
h=Date:From:Reply-To:To:Message-ID:Subject:MIME-Version:Content-Type:Sender:List-Unsubscribe;
bh=nKDuo8pxB1J4J6hCaChvgnPI9C4=;
b=Yq4bM7gFViIQ0I7Ub0ED+6h2kQ8Dk+peB+OYSYkAW25NIRT5PGfTIs+zevzZNgg525KpuH/qCs2a
iccS1xHvPSQwkpl35PxT8X9jwmoSfyIrRQMkRHWqWMmvOVGZB3rQYZJGe94Z6vzLTnVrY3IbnB4U
MIDMlUodQ12ATNPo278=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=dyn; d=boxbe.com;
b=LjLN4/7AG2VUDIpuyB+Xj+SJjgwdfWYOBXUD2t/21Y13rlpJmJYvPR//x2njCz0rQtNk63YbDSZf
TeXc7Lqy036LOHGYgbZ40cFkWBGah/WeSjYlF611QMWNkK63ppfLfeO9meAm/Ny21o8oSFxAIBsA
ALsgoHYNecI2y38SZ/c=;
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=boxbe.com; s=s1;
t=1427969796; bh=MFvOv6JBBu06WCfwdUusWnzQxr+9B12zOnpolDxkvgs=;
h=Date:From:Reply-To:To:Subject;
b=VB2Ib/ijqsmnu3HWvPs+VSrnkxCsXRIMtEfk3M4GeS9fQziNdDiLy6caO4euHEVcF
tIQC3HX2Igt0dP9IVVkx8vka2N7xmeKZXpB5Elvc2GV6z7KSLASdaZBFFb28dxe/TX
rGnLaj9kpk9YE6pTfOqvHw4Gw8KLaPXJd76DBikc=
Date: Thu, 2 Apr 2015 03:16:36 -0700 (PDT)
From: boxbe-notifications@boxbe.com
Reply-To: china.research.team@gmail.com
To: Rudolf Faix <rudolffaix@gmail.com>
X-DynectEmail-Msg-Key: 20150402101637.07640F0F2130@mail6-01-pao.dynback.net
Message-ID: <977552929.15870.1427969796453.JavaMail.prod@ems-imap01.ny3>
Subject: Re: RE: NEW DEFENCE RESEARCH PAPER & BOOK (Action Requested)
MIME-Version: 1.0
Content-Type: multipart/report;
boundary="----=_Part_15869_1801915389.1427969796448";
report-type=delivery-status
Envelope-From: <>
Auto-Submitted: auto-replied
Sender: boxbe-notifications@boxbe.com
X-DynectEmail-Msg-Hash: fRSspyRTfXPA1bNH7n3imVZvebSdS9eyc4kWgmyq9SLBoK2B0cDq/sP+lmBC1F3v2eCnejSeu4OeejcjA6Fc96K38r8qii2AqNEEGQbgd3I=
X-DynectEmail-X-Headers:
X-Feedback-ID: R29sZFRyYW5WTVRBcw==:477795:315291:dyn06
List-Unsubscribe: <http://unsub.email.dynect.net/unsub??h=fRSspyRTfXPA1bNH7n3imVZvebSdS9eyc4kWgmyq9SLBoK2B0cDq%2FsP%2BlmBC1F3v2eCnejSeu4OeejcjA6Fc96K38r8qii2AqNEEGQbgd3I%3Di=20150402101637.07640F0F2130%40mail6-01-pao.dynback.netx=>, <mailto:unsubscribe@dynect-email.com?subject=fRSspyRTfXPA1bNH7n3imVZvebSdS9eyc4kWgmyq9SLBoK2B0cDq%2FsP%2BlmBC1F3v2eCnejSeu4OeejcjA6Fc96K38r8qii2AqNEEGQbgd3I%3D&message_id=20150402101637.07640F0F2130%40mail6-01-pao.dynback.net&x_headers==>
------=_Part_15869_1801915389.1427969796448
Content-Type: multipart/alternative;
boundary="----=_Part_15868_923012810.1427969796447"
Content-Disposition: inline
Content-Description: Notification
The contents of this message require a modern email client
for correct display. If you are reading this message, it may
be because your reader is without MIME support.
------=_Part_15868_923012810.1427969796447
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline