SMS Account hijacked

Queries, errors or glitches regarding Member facilities
CoreyPlover
Volunteer Site Admin
Posts: 5922
Joined: Sat Nov 04, 2006 2:24 pm
Location: Melbourne, VIC

Re: SMS Account hijacked

Post by CoreyPlover » Sun Dec 28, 2008 1:31 pm

linuxlover wrote:Should I talk to James first or the AFP first?
I'd say talk to Exetel and have them direct you with regards to follow-up police reports.

I have emailed Exetel (via their central distribution list) warning them about the scam email, the phishing site and asked for someone to provide you an update.

NetworkAdmin
Exetel Staff
Posts: 559
Joined: Tue Jan 06, 2004 1:19 am
Contact:

Re: SMS Account hijacked

Post by NetworkAdmin » Sun Dec 28, 2008 1:37 pm

The account has been blocked to prevent further abuse.

jokiin
Volunteer Site Admin
Posts: 2970
Joined: Mon Feb 02, 2004 10:23 pm
Location: Sydney

Re: SMS Account hijacked

Post by jokiin » Sun Dec 28, 2008 3:14 pm

NetworkAdmin wrote:The account has been blocked to prevent further abuse.
is it possible to send any requests for that site to dev/null if it hasn't already (I'm outside of the Exetel network so can't tell if there is a route in place already) so that any other users don't get caught in the same trap?

JasonM

Re: SMS Account hijacked

Post by JasonM » Sun Dec 28, 2008 3:52 pm

jok11n wrote:
NetworkAdmin wrote:The account has been blocked to prevent further abuse.
is it possible to send any requests for that site to dev/null if it hasn't already (I'm outside of the Exetel network so can't tell if there is a route in place already) so that any other users don't get caught in the same trap?
It may be better to give them a lot of invalid data..

linuxlover
Posts: 18
Joined: Tue Mar 20, 2007 2:24 pm
Location: Dubbo

Re: SMS Account hijacked

Post by linuxlover » Sun Dec 28, 2008 4:12 pm

JasonM wrote:It may be better to give them a lot of invalid data..
I like this idea

jokiin
Volunteer Site Admin
Posts: 2970
Joined: Mon Feb 02, 2004 10:23 pm
Location: Sydney

Re: SMS Account hijacked

Post by jokiin » Sun Dec 28, 2008 4:55 pm

JasonM wrote: It may be better to give them a lot of invalid data..
it wouldn't be too hard from your side to be able to set a trap for them :wink:

jayday
Posts: 118
Joined: Thu Nov 06, 2008 9:10 pm

Re: SMS Account hijacked

Post by jayday » Sun Dec 28, 2008 6:16 pm

Did anyone contact the Blue Chip Hosting abuse department?

a) It's a phishing site.
b) Whoever made the site has totally voided Exetel's copyright, more information below:

Copyright Notice

© 2004 and 2005 Exetel Pty Ltd ABN 350 979 865 46

Copyright in all works on this site belongs to Exetel Pty Ltd (or other designated copyright holders) and all rights conferred by the law of copyright and by virtue of international copyright conventions are reserved to those companies. Documents published by Exetel Pty Ltd on this site may not be copied without the prior written consent of the company.


http://www.exetel.com.au/privacy.php

CoreyPlover
Volunteer Site Admin
Posts: 5922
Joined: Sat Nov 04, 2006 2:24 pm
Location: Melbourne, VIC

Re: SMS Account hijacked

Post by CoreyPlover » Sun Dec 28, 2008 6:47 pm

jayday wrote:Did anyone contact the Blue Chip Hosting abuse department?

a) It's a phishing site.
b) Whoever made the site has totally voided Exetel's copyright, more information below:
I think that such a task should be left to Exetel, as holders of the copyright

linuxlover
Posts: 18
Joined: Tue Mar 20, 2007 2:24 pm
Location: Dubbo

Re: SMS Account hijacked

Post by linuxlover » Sun Dec 28, 2008 6:56 pm

If my theory is correct, the villains are in Nigeria, where there is no effective police force, and corruption rules.

neb
Posts: 92
Joined: Fri Mar 23, 2007 9:26 am

Re: SMS Account hijacked

Post by neb » Sun Dec 28, 2008 8:40 pm

vk3xem wrote:There probably isn't a great deal you can do with the AFP over the weekend. The crime has already been committed and measures are in place to prevent it from continuing, so best to start collating information now.

From what I have seen Exetel are very helpful in all matters so I'm sure they will assist you with at least enough information to put together a crime report. In the mean time you need to collate what information you have. Starting with that email that tricked you into giving out your details, the more information you can get the better. Good Luck.
It wont be his place to do this, it will be Exetels to lodge a detailed report with the AHTCC, as Exetel are the ones who can track the accesses.

neb
Posts: 92
Joined: Fri Mar 23, 2007 9:26 am

Re: SMS Account hijacked

Post by neb » Sun Dec 28, 2008 8:46 pm

jok11n wrote:
NetworkAdmin wrote:The account has been blocked to prevent further abuse.
is it possible to send any requests for that site to dev/null if it hasn't already (I'm outside of the Exetel network so can't tell if there is a route in place already) so that any other users don't get caught in the same trap?
ciscos dont like dev/null :) they do however like 'ip route' blah blah null 0 :D

neb
Posts: 92
Joined: Fri Mar 23, 2007 9:26 am

Re: SMS Account hijacked

Post by neb » Sun Dec 28, 2008 8:56 pm

jayday wrote:Did anyone contact the Blue Chip Hosting abuse department?

a) It's a phishing site.
b) Whoever made the site has totally voided Exetel's copyright, more information below:

Copyright Notice

© 2004 and 2005 Exetel Pty Ltd ABN 350 979 865 46

Copyright in all works on this site belongs to Exetel Pty Ltd (or other designated copyright holders) and all rights conferred by the law of copyright and by virtue of international copyright conventions are reserved to those companies. Documents published by Exetel Pty Ltd on this site may not be copied without the prior written consent of the company.


http://www.exetel.com.au/privacy.php

That box has got everything running but the coffee maker
nmap -sS 38.102.41.117

Starting Nmap 4.76 ( http://nmap.org ) at 2008-12-28 19:50 EST
Interesting ports on 38.102.41.117:
Not shown: 987 filtered ports
PORT STATE SERVICE
20/tcp closed ftp-data
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop3
143/tcp open imap
443/tcp open https
465/tcp open smtps
993/tcp open imaps
995/tcp open pop3s
3306/tcp open mysql


the poor prick with that box most likely has no idea its been taken, the AHTCC can notify the secret service to seize and secure the box.

JasonM

Re: SMS Account hijacked

Post by JasonM » Sun Dec 28, 2008 9:01 pm

neb wrote:
jayday wrote:Did anyone contact the Blue Chip Hosting abuse department?

a) It's a phishing site.
b) Whoever made the site has totally voided Exetel's copyright, more information below:

Copyright Notice

© 2004 and 2005 Exetel Pty Ltd ABN 350 979 865 46

Copyright in all works on this site belongs to Exetel Pty Ltd (or other designated copyright holders) and all rights conferred by the law of copyright and by virtue of international copyright conventions are reserved to those companies. Documents published by Exetel Pty Ltd on this site may not be copied without the prior written consent of the company.


http://www.exetel.com.au/privacy.php

That box has got everything running but the coffee maker
nmap -sS 38.102.41.117

Starting Nmap 4.76 ( http://nmap.org ) at 2008-12-28 19:50 EST
Interesting ports on 38.102.41.117:
Not shown: 987 filtered ports
PORT STATE SERVICE
20/tcp closed ftp-data
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop3
143/tcp open imap
443/tcp open https
465/tcp open smtps
993/tcp open imaps
995/tcp open pop3s
3306/tcp open mysql


the poor prick with that box most likely has no idea its been taken, the AHTCC can notify the secret service to seize and secure the box.
It's a web server / web host box, having those open is acceptable (as long as the software configured on the box is configured correctly).

This is getting off topic from here tho. The OP's SMS issue will be investigated in due course.

This is a strong reminder to ALWAYS check the address bar and validity of the website you are supplying data to.

Locked