What's new

WARNING - scientology may be sending phishing/malware emails re Ron Miscavige's book

Free to shine

Shiny & Free
This was just posted by Jeffrey Augustine on Facebook. It looks like quite a few people have received such emails today.


Warning!!! OSA appears to be using Ron Miscavige's book to engage in phishing and malware or spyware. I just received the attached e-mail. Please distribute and warn others!

So if you receive an email that appears to be about scientology from someone you don't know - beware and don't click on any links!

:angry:
 
Last edited:

CommunicatorIC

@IndieScieNews on Twitter
Re: WARNING - scientology sending phishing/malware emails re Ron Miscavige's book

This was just posted by Jeffrey Augustine on Facebook. It looks like quite a few people have received such emails today.




So if you receive an email that appears to be about scientology from someone you don't know - beware and don't click on any links!

:angry:
https://scientologymoneyproject.com/2016/04/29/warning-possible-osa-phishing-attempt/

* * * * * BEGIN EXCERPT * * * * *

Scientology High Strangeness Alert!

4/28/2016 @ 7:58 PM PST

On the eve of ABC 20/20’s broadcast about Ron Miscavige Sr.’s book Ruthless, OSA, or its agents, appear to be engaged in a phishing attempt. I just received this e-mail:
UPDATE: Dozens of people have reported receiving this e-mail in the past hour.

attachment.php



Please tweet, instagram, FB, etc. to warn others! Do not click the link.

* * * * * END EXCERPT * * * * *
 

Attachments

  • PossibleOSAPhishingAttempt.png
    PossibleOSAPhishingAttempt.png
    11.9 KB · Views: 393

programmer_guy

True Ex-Scientologist
Re: WARNING - scientology sending phishing/malware emails re Ron Miscavige's book

This was just posted by Jeffrey Augustine on Facebook. It looks like quite a few people have received such emails today.

So if you receive an email that appears to be about scientology from someone you don't know - beware and don't click on any links!

:angry:


Is anyone sure that it is from CofS? I would not assume that.
Cyber criminals try to take advantage of anything.

I don't even click on links that I get from friends & relatives in email.
 

Free to shine

Shiny & Free
Re: WARNING - scientology sending phishing/malware emails re Ron Miscavige's book

Thanks Communicator IC, I'm not good at sharing pics and that one shows the attachment. :)
 

Free to shine

Shiny & Free
Re: WARNING - scientology sending phishing/malware emails re Ron Miscavige's book

Is anyone sure that it is from CofS? I would not assume that.
Cyber criminals try to take advantage of anything.

I don't even click on links that I get from friends & relatives in email.

Certainly possible, however a concerted campaign on the eve of the book's publication kinda walks like a duck etc. :)
 

TheSneakster

More Skeptical Than You
Re: WARNING - scientology sending phishing/malware emails re Ron Miscavige's book

FFS!

That link is just an active redirect to a Hollywood Reporter article about the book and the legal threat.

OSA is certainly isn't likely to send anyone to a page effectively advertising Ronnie Miscavige's book about Dear Leader.

Michael A. Hobson
Independent Scientologist
email: [email protected]
Facebook: https://www.facebook.com/mhobson2011
 

CommunicatorIC

@IndieScieNews on Twitter
Re: WARNING - scientology sending phishing/malware emails re Ron Miscavige's book

FFS!

That link is just an active redirect to a Hollywood Reporter article about the book and the legal threat.

OSA is certainly isn't likely to send anyone to a page effectively advertising Ronnie Miscavige's book about Dear Leader.

Michael A. Hobson
Independent Scientologist
email: [email protected]
Facebook: https://www.facebook.com/mhobson2011
They might if:

(1) the person to whom the link is sent is already aware, or very likely aware, of the Hollywood Reporter article, in which case nothing is lost; and

(2) the person sending the link wants to record the subject's ip address, and/or install malware.
 

Jump

Operating teatime
Re: WARNING - scientology sending phishing/malware emails re Ron Miscavige's book

FFS!

That link is just an active redirect to a Hollywood Reporter article about the book and the legal threat.

OSA is certainly isn't likely to send anyone to a page effectively advertising Ronnie Miscavige's book about Dear Leader.

Michael A. Hobson
Independent Scientologist
email: [email protected]
Facebook: https://www.facebook.com/mhobson2011


* A www.247news .site URL is not a recognizable news site

* The URL in an email can be spoofed and actually redirect to a different URL entirely.

* As someone said, a malicious website can do nasty stuff without you knowing

* Even if it did redirect eventually to ABC-News website, it could have done nasty stuff meanwhile.


For general safety: Don't click on unknown links.
 

J. Swift

Patron with Honors
Re: WARNING - scientology sending phishing/malware emails re Ron Miscavige's book

FFS!

That link is just an active redirect to a Hollywood Reporter article about the book and the legal threat.

OSA is certainly isn't likely to send anyone to a page effectively advertising Ronnie Miscavige's book about Dear Leader.

Michael A. Hobson
Independent Scientologist
email: [email protected]
Facebook: https://www.facebook.com/mhobson2011

Michael, if you are publicly stating that it is safe to open e-mails from unknown senders with .php extensions then you are, FFS, giving people very bad advice. Further, you have produced no forensic scan, traceroute, IP, etc. of the e-mail to support your claim.

The e-mail in question is not safe. Anyone can Google "hacking using php extensions in e-mails" and read the dangers. .php can redirect to an innocent site while embedding malware or spyware. A php extension can also be a spoof, a fake extension.

If an e-mail wanted to direct people to The Hollywood Reporter article then no .php extension would be needed -- nor would fake names on numerous hotmail accts. The direct link to the Hollywood Reporter would be used: http://www.hollywoodreporter.com/bookmark/scientology-leader-david-miscavige-threatens-887678

And OSA would obviously use an attractive lure such as an article on Ron Miscavige to embed malware or spyware into the computers and other devices of critics, ex's, Indies, SP's, Marcabs, etc. The use of attractive lures -- the Trojan Horse --is the one of the oldest spy tricks in the world.

BTW, these e-mails are being sent under many different alias names. This is a real time threat.
 
Last edited:

Jump

Operating teatime
Re: WARNING - scientology sending phishing/malware emails re Ron Miscavige's book

Michael, if you are publicly stating that e-mails with .php extensions are safe to open then you are, FFS, giving people very bad advice. Further, you have produced no forensic scan, traceroute, IP, etc. of the e-mail to support your claims.

The e-mail in question is not safe. Anyone can Google "hacking using php extensions in e-mails" and read the dangers. .php can redirect to an innocent site while embedding malware or spyware.

If an e-mail wanted to direct people to The Hollywood Reporter article then no .php text would be needed. The direct link to the Hollywood Reporter would be used: http://www.hollywoodreporter.com/bookmark/scientology-leader-david-miscavige-threatens-887678

And OSA would obviously use an attractive lure such as an article on Ron Miscavige to embed malware or spyware into the computers and other devices of critics, ex's, Indies, SP's, Marcabs, etc. The use of attractive lures -- the Trojan Horse --is the one of the oldest spy tricks in the world.

BTW, these e-mails are being sent under many different alias names. This is a real time threat.

(Just clarifying for the n0obs :) )

I didn't want to smear the .php suffix because a lot of reputable sites do use that. You will notice that many sites use a 'no suffix' url format which means the site could be using any suffix they like (often .php)

Look at the DOMAIN NAME and be sure it looks legit. www.hollywoodreporter.xyz.com for example looks very suspicious because of the xyz before the .com .

Similarly www.hollywoodreporter.co is also suspect because '.co' is NOT '.com' .

If you hover over the link, the unspoofed address may be shown in your window somewhere - check there.

Hover over www.LegitLookingURL.com for the different spoofed address example!

However for general safety - don't click if not sure!
 

programmer_guy

True Ex-Scientologist
Re: WARNING - scientology sending phishing/malware emails re Ron Miscavige's book

(Just clarifying for the n0obs :) )

I didn't want to smear the .php suffix because a lot of reputable sites do use that. You will notice that many sites use a 'no suffix' url format which means the site could be using any suffix they like (often .php)

Look at the DOMAIN NAME and be sure it looks legit. www.hollywoodreporter.xyz.com for example looks very suspicious because of the xyz before the .com .

Similarly www.hollywoodreporter.co is also suspect because '.co' is NOT '.com' .

If you hover over the link, the unspoofed address may be shown in your window somewhere - check there.

Hover over www.LegitLookingURL.com for the different spoofed address example!

However for general safety - don't click if not sure!


Yeah, it's a bit weird. php is not necessarily evil.
It's quite common for php scripts (and ECMAScripts, javaScripts) to be embedded in html scripts.
 

HelluvaHoax!

Platinum Meritorious Sponsor with bells on
Re: WARNING - scientology sending phishing/malware emails re Ron Miscavige's book

Michael, if you are publicly stating that it is safe to open e-mails from unknown senders with .php extensions then you are, FFS, giving people very bad advice. Further, you have produced no forensic scan, traceroute, IP, etc. of the e-mail to support your claim.

The e-mail in question is not safe. Anyone can Google "hacking using php extensions in e-mails" and read the dangers. .php can redirect to an innocent site while embedding malware or spyware. A php extension can also be a spoof, a fake extension.

If an e-mail wanted to direct people to The Hollywood Reporter article then no .php extension would be needed -- nor would fake names on numerous hotmail accts. The direct link to the Hollywood Reporter would be used: http://www.hollywoodreporter.com/bookmark/scientology-leader-david-miscavige-threatens-887678

And OSA would obviously use an attractive lure such as an article on Ron Miscavige to embed malware or spyware into the computers and other devices of critics, ex's, Indies, SP's, Marcabs, etc. The use of attractive lures -- the Trojan Horse --is the one of the oldest spy tricks in the world.


BTW, these e-mails are being sent under many different alias names. This is a real time threat.


Thanks for valuable info.

By the way, as long as you mentioned it. . .

And OSA would obviously use an attractive lure such as an article on Ron Miscavige to embed
malware or spyware into the computers and other devices of critics, ex's, Indies, SP's, Marcabs, etc.

lololololololololol

Mr. Swift,

Is there any reliable methodolgy that you have found to positively identify Marcabs?

I think many people do not realize how problematic it is to have undetected Marcabians on your lines. Any tech you have on this would be greatly appreciated.



CBR.jpg

ca 1971
Captain Bill Robertson regales a standing room
only crowd on a recent huge win where he
single-handedly captured several Marcabians and
imprisoned them inside a force-field cage secured inside
a French mountain, powered by an eternal battery.​
 

Free to shine

Shiny & Free
Re: WARNING - scientology may be sending phishing/malware emails re Ron Miscavige's b

I changed the thread title to add "may be" (sending).
A 'campaign' where lots of people receive the same email makes it seem likely to me.
 

arcxcauseblows

Patron Meritorious
Re: WARNING - scientology may be sending phishing/malware emails re Ron Miscavige's b

Maybe someone in anonymous can reverse engineer this and find a link to the church...

Php is in use but fading in popularity to html5, JavaScript or Python

If I have time tonight I'll dig in

They're probably trying to get your IP address or something to identify you with

If they're actually installing spyware then we can trace it to the people they paid to set it up and take legal action or pressure them to whistleblowe

Save the emails and maybe go to a library and open the link, save it or view the source code, I know they like to obfuscate JavaScript in hexadecimal which is kids stuff
 

AngeloV

Gold Meritorious Patron
Re: WARNING - scientology may be sending phishing/malware emails re Ron Miscavige's b

And now, a PSA:

If you receive an e-mail from an unknown sender and the email says to click the link below....


DON'T CLICK ON THE LINK.[SUP]*[/SUP]

Now back to our regularly scheduled thread.


[SUP]*[/SUP] This is the rule I have 'impinged' on all of my family members, several of whom had to have their PC's wiped clean and re-imaged due to malware because they 'just clicked on an e-mail....'. And guess who had to do the computer work. :coolwink:
 

TheSneakster

More Skeptical Than You
Re: WARNING - scientology sending phishing/malware emails re Ron Miscavige's book

Michael, if you are publicly stating that it is safe to open e-mails from unknown senders with .php extensions then you are, FFS, giving people very bad advice. Further, you have produced no forensic scan, traceroute, IP, etc. of the e-mail to support your claim.

Swift, this bullshit remark (specifically: Straw Man) makes me question your ability to read English, because what I actually wrote contains none of the above. :duh:

You can make your point about internet safety without falsely putting words in my mouth, capische ?

Michael A. Hobson
Independent Scientologist
email: [email protected]
Facebook: https://www.facebook.com/mhobson2011
 

ethercat

Cat in flight
Re: WARNING - scientology may be sending phishing/malware emails re Ron Miscavige's b

They're probably trying to get your IP address or something to identify you with

The link in the email I got contains a different number after the domain name (registered with Namecheap on April 27, btw, and under a proxy registration), so there's definitely some kind of visit tracking going on, possibly to verify email addresses which might be added to spammer's lists (as I suspect mine has been previously). It's also from a different sender than the one above, so it's possible that posting the sender may enable the ability to match email addresses with posting names.

Save the emails and maybe go to a library and open the link, save it or view the source code, I know they like to obfuscate JavaScript in hexadecimal which is kids stuff

I wouldn't even do that, unless the email address yours got sent to is a burner email address.

Don't know about malware; I didn't visit, and don't plan to visit, especially when CommunicatorIC does such a fine job of keeping us apprised here of new media stories.
 

TheSneakster

More Skeptical Than You
Re: WARNING - scientology may be sending phishing/malware emails re Ron Miscavige's b

This is my Chrome browser's HTTP request/response exchange with that server:

Code:
GET /112/scientologyleaderthreatenslawsuitoverfathersbook.php HTTP/1.1
Host: 247news.site
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
DNT: 1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36


HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Fri, 29 Apr 2016 21:28:54 GMT
Location: http://www.hollywoodreporter.com/bookmark/scientology-leader-david-miscavige-threatens-887678
Server: Apache
X-Powered-By: PHP/5.6.20

It doesn't even set a cookie.

If the link in the email contains an individualized URL, then the server-side script can marry up that email address with the IP address the web client connected with, of course. Such an IP address is not particularly useful.

If someone wants to set up a honeypot to check for remote attacks that coincide with browsing that URL, feel free. You do have a quality up-to-date firewall active on your web browsing machine, right ? :coolwink:

Michael A. Hobson
Independent Scientologist
email: [email protected]
Facebook: https://www.facebook.com/mhobson2011
 

ThetanExterior

Gold Meritorious Patron
Re: WARNING - scientology may be sending phishing/malware emails re Ron Miscavige's b

And now, a PSA:

If you receive an e-mail from an unknown sender and the email says to click the link below....


DON'T CLICK ON THE LINK.[SUP]*[/SUP]

Now back to our regularly scheduled thread.


[SUP]*[/SUP] This is the rule I have 'impinged' on all of my family members, several of whom had to have their PC's wiped clean and re-imaged due to malware because they 'just clicked on an e-mail....'. And guess who had to do the computer work. :coolwink:


A few years ago I met up with a guy I used to know when I was in scientology. We had both left so we started to meet up occasionally.

Gradually we drifted apart but I would sometimes receive an email from him which would just say something like "Hi!" and it would contain a link to some website.

I just ignored these links and deleted the emails. I figured that if he had anything he wanted to communicate to me then he should use words not just a link.

Anyway, a few weeks ago he rang me for a chat. I mentioned these emails to him and he said he didn't send them!

So I would agree - don't click on links unless you are sure you know they are safe.
 

Karen#1

Gold Meritorious Patron
Re: WARNING - scientology may be sending phishing/malware emails re Ron Miscavige's b

This is my Chrome browser's HTTP request/response exchange with that server:

Code:
GET /112/scientologyleaderthreatenslawsuitoverfathersbook.php HTTP/1.1
Host: 247news.site
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
DNT: 1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36


HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Fri, 29 Apr 2016 21:28:54 GMT
Location: http://www.hollywoodreporter.com/bookmark/scientology-leader-david-miscavige-threatens-887678
Server: Apache
X-Powered-By: PHP/5.6.20

It doesn't even set a cookie.

If the link in the email contains an individualized URL, then the server-side script can marry up that email address with the IP address the web client connected with, of course. Such an IP address is not particularly useful.

If someone wants to set up a honeypot to check for remote attacks that coincide with browsing that URL, feel free. You do have a quality up-to-date firewall active on your web browsing machine, right ? :coolwink:

Michael A. Hobson
Independent Scientologist
email: [email protected]
Facebook: https://www.facebook.com/mhobson2011

This is a load of baloney.
Here is Microsoft's response.


Subject: RE: SRX1337404769ID - Fwd: Scientology threatens lawsuit over Ruthless
Date: 4/30/2016 3:21:35 P.M. Pacific Daylight Time
From: MOSAF.MREA.WW.00.EN.CVG.MNL.AU.T01.SPT.SG.EM@css.one.microsoft.com
Reply To:
To: Send IM to: [email protected]
CC:
BCC:
Sent on:


Sent from the Internet (Details)

Hi ,

Thank you for letting us know about the questionable email you received. We checked into it and found that it violated the Microsoft Services Agreement (http://www.microsoft.com/en-us/servicesagreement/default.aspx). The email account has been suspended.
For additional tips on dealing with online abuse, phishing scams, and junk email in the future, please visit this page (http://windows.microsoft.com/en-us/windows/outlook/abuse-phishing-junk-email).

Thanks,
Martin
Microsoft Online Safety


--------------------------------------------------------------------------------



--- Original Message ---
From : "[email protected]"
Sent : Friday, April 29, 2016 4:37:30 AM UTC
To : "[email protected]"
Subject : Fwd: Scientology threatens lawsuit over Ruthless


Hotmail platform being used to send phishing.
Sender is Church of Scientology International, all recipients are ex-Scientologists.

Karen de la Carriere



--------------------------------------------------------------------------------
From: [email protected]
To: [email protected]
CC: [email protected]
Sent: 4/28/2016 6:58:29 P.M. Pacific Daylight Time
Subj: Scientology threatens lawsuit over Ruthless


Have you seen the new story about Miscavige's father's book? This is going to be good. http://247news.site/112/scientologyleaderthreatenslawsuitoverfathersbook.php
 
Top