mybebook.com spam/phishing/trojan email

[Tomsk]

Firstly I'm confident that this email did NOT come from mybebook.com.

It's a typical spam/phishing/trojan/virus email. The link to download the bill will download a file called 'bill.exe', which undoubtedly contains a trojan/virus of some sort.

image of email


I'm guessing that they may have found my email from this forum, so I'm posting this to alert less tech savvy ereader users to be on the lookout.

[t-town]

Yes, I had it too.
Please do not download the bill.exe file!!!

[Freeshadow]

I know it's a stupid question but...
have you alerted the bebook ppl about this?

[Nexutix]

Me too. I added a comment on virus total. Paste the url and see results. It is detected as malware by 16% antiviruses. How could Bebook leak emails? You also had an account at bebook?



And observe that everyone has recieved same Order number, plus bad grammar, non-professional lay-out. I detected it at first sight.

[Magnesus]

I hope at least the passwords were hashed in the database... I got the same e-mail. It landed in spam folder anyway.

[Worldwalker]

I use unique email addresses for everyone I do business with. Not only does it spot spammers, but it makes filtering a snap. While this might be more work than some people want to go through, you should at least consider having a few: one for family and friends, one for forums, one for business emails, etc. Buying your own domain name is trivial at this point, and you can just alias all the incoming addresses into one if you prefer it that way. That makes it possible to keep secure email addresses protected from random spammers, as well as making it obvious where the spam is coming from.

As an example, a forum leaked. A spammer got their email addresses. I know because I've gotten spam at that address warning me my account is about to be deleted from a game I've never played. Yeah, they're reaching. But I know who's spamming that and more or less why, whereas if it was showing up on a general-purpose address, I wouldn't have a clue.

As for how any given company could leak email addresses: They might not have done it at all (see the game "threats" above). They might have done it deliberately (the Southern California BBB once gave an address used only with them to a spammer I complained about -- one who was bragging about his BBB membership). Users might have put their email addresses somewhere visible from the Web. A legitimate website or entire system could have been cracked: see T.J. Maxx. Or someone could be selling addresses out the back door -- back in the day, Earthlink had someone doing that. Without knowing where they got the address, you can only take wild guesses.

That's where your second layer of defense comes in. You don't use Outlook. You don't open strange .exe files. You turn off "hide extensions for known file types" so you know if they're .exe files or not -- spammers are smart enough to send out picture.jpg.exe. You know what you expect to get, and get suspicious when something unexpected shows up. You know how to read headers. You have a virus scanner watching your email. And, of course, you let the right people know -- likely targets and the purported source. Believe it or not, there are companies who don't find out someone is phishing as them for days, because everyone says "oh, someone else probably told them" and nobody does, so by the time they find out and try to do something, the phisher is long gone.

[imaredr]

So I see I wasn't the only one that got this. I figured that something was wrong and deleted the email. Has Bebook responded to this problem?

[frozennorth]

I got the same one and same order number. When I hovered the mouse over the download link it shows:

"http://jackecruise.fileave.com/Bill.exe"
Strange file name if it had been from bebook.

[Worldwalker]

Quote:

Originally Posted by imaredr

So I see I wasn't the only one that got this. I figured that something was wrong and deleted the email. Has Bebook responded to this problem?

There's not a whole lot Bebook can do. I could send out spam appearing to be from you, for instance (it's called a "Joe job") and the most you could do would be say "no, that's not me." At least, assuming I was smart enough that it couldn't be traced to me, which the scumsuckers are. I get phishing attempts regularly that are supposedly about Aion accounts, but they're really from a random collection of zombie computers (this is why you need to learn to read headers, btw) and never went near SquareSoft. They can say "nope, not us" but as far as doing anything about it, they're no better off than I am except for being bigger. And, of course, playing Aion.

[pholy]

Actually, I got an email from BeBook shortly after I sent them a reply complaining about the security hole.

So they were at least sort of on top of it.

[Magnesus]

Quote:

Originally Posted by Worldwalker

There's not a whole lot Bebook can do. I could send out spam appearing to be from you, for instance (it's called a "Joe job") and the most you could do would be say "no, that's not me."

Yes, but the spammer has e-mail adresses of mybebook site clients from somewhere. Only people who bought something there got the spam.

[JSWolf]

I never bought anything there. But I did register there.

Also, the threat is over.

Quote:

user Account Excceded Bandwidth

This account is not valid.

I went there to try to download bill.exe so I could see if Comodo recognized it as a trojan or virus.