ESMB has entered archive mode. All posts and threads that were available to the general public are still readable. The board is still searchable. 

Thank you all for your participation and readership over the last 12 years.

If you want to join in the conversation, please join the new ESMB Redux at www.exscn2.net.



WARNING - scientology may be sending phishing/malware emails re Ron Miscavige's book

Discussion in 'Books and Essays About Scientology' started by Free to shine, Apr 29, 2016.

  1. Free to shine

    Free to shine Shiny & Free

    This was just posted by Jeffrey Augustine on Facebook. It looks like quite a few people have received such emails today.


    So if you receive an email that appears to be about scientology from someone you don't know - beware and don't click on any links!

    :angry:
     
    Last edited: Apr 29, 2016
  2. CommunicatorIC

    CommunicatorIC @IndieScieNews on Twitter

    Re: WARNING - scientology sending phishing/malware emails re Ron Miscavige's book

    https://scientologymoneyproject.com/2016/04/29/warning-possible-osa-phishing-attempt/

    * * * * * BEGIN EXCERPT * * * * *

    Scientology High Strangeness Alert!

    4/28/2016 @ 7:58 PM PST

    On the eve of ABC 20/20’s broadcast about Ron Miscavige Sr.’s book Ruthless, OSA, or its agents, appear to be engaged in a phishing attempt. I just received this e-mail:
    UPDATE: Dozens of people have reported receiving this e-mail in the past hour.

    [​IMG]


    Please tweet, instagram, FB, etc. to warn others! Do not click the link.

    * * * * * END EXCERPT * * * * *
     

    Attached Files:

  3. programmer_guy

    programmer_guy True Ex-Scientologist

    Re: WARNING - scientology sending phishing/malware emails re Ron Miscavige's book


    Is anyone sure that it is from CofS? I would not assume that.
    Cyber criminals try to take advantage of anything.

    I don't even click on links that I get from friends & relatives in email.
     
  4. Free to shine

    Free to shine Shiny & Free

    Re: WARNING - scientology sending phishing/malware emails re Ron Miscavige's book

    Thanks Communicator IC, I'm not good at sharing pics and that one shows the attachment. :)
     
  5. Free to shine

    Free to shine Shiny & Free

    Re: WARNING - scientology sending phishing/malware emails re Ron Miscavige's book

    Certainly possible, however a concerted campaign on the eve of the book's publication kinda walks like a duck etc. :)
     
  6. TheSneakster

    TheSneakster More Skeptical Than You

    Re: WARNING - scientology sending phishing/malware emails re Ron Miscavige's book

    FFS!

    That link is just an active redirect to a Hollywood Reporter article about the book and the legal threat.

    OSA is certainly isn't likely to send anyone to a page effectively advertising Ronnie Miscavige's book about Dear Leader.

    Michael A. Hobson
    Independent Scientologist
    email: warrior_mike2001@yahoo.com
    Facebook: https://www.facebook.com/mhobson2011
     
  7. CommunicatorIC

    CommunicatorIC @IndieScieNews on Twitter

    Re: WARNING - scientology sending phishing/malware emails re Ron Miscavige's book

    They might if:

    (1) the person to whom the link is sent is already aware, or very likely aware, of the Hollywood Reporter article, in which case nothing is lost; and

    (2) the person sending the link wants to record the subject's ip address, and/or install malware.
     
  8. Jump

    Jump Operating teatime

    Re: WARNING - scientology sending phishing/malware emails re Ron Miscavige's book


    * A www.247news .site URL is not a recognizable news site

    * The URL in an email can be spoofed and actually redirect to a different URL entirely.

    * As someone said, a malicious website can do nasty stuff without you knowing

    * Even if it did redirect eventually to ABC-News website, it could have done nasty stuff meanwhile.


    For general safety: Don't click on unknown links.
     
  9. J. Swift

    J. Swift Patron with Honors

    Re: WARNING - scientology sending phishing/malware emails re Ron Miscavige's book

    Michael, if you are publicly stating that it is safe to open e-mails from unknown senders with .php extensions then you are, FFS, giving people very bad advice. Further, you have produced no forensic scan, traceroute, IP, etc. of the e-mail to support your claim.

    The e-mail in question is not safe. Anyone can Google "hacking using php extensions in e-mails" and read the dangers. .php can redirect to an innocent site while embedding malware or spyware. A php extension can also be a spoof, a fake extension.

    If an e-mail wanted to direct people to The Hollywood Reporter article then no .php extension would be needed -- nor would fake names on numerous hotmail accts. The direct link to the Hollywood Reporter would be used: http://www.hollywoodreporter.com/bookmark/scientology-leader-david-miscavige-threatens-887678

    And OSA would obviously use an attractive lure such as an article on Ron Miscavige to embed malware or spyware into the computers and other devices of critics, ex's, Indies, SP's, Marcabs, etc. The use of attractive lures -- the Trojan Horse --is the one of the oldest spy tricks in the world.

    BTW, these e-mails are being sent under many different alias names. This is a real time threat.
     
    Last edited: Apr 29, 2016
  10. Jump

    Jump Operating teatime

    Re: WARNING - scientology sending phishing/malware emails re Ron Miscavige's book

    (Just clarifying for the n0obs :) )

    I didn't want to smear the .php suffix because a lot of reputable sites do use that. You will notice that many sites use a 'no suffix' url format which means the site could be using any suffix they like (often .php)

    Look at the DOMAIN NAME and be sure it looks legit. www.hollywoodreporter.xyz.com for example looks very suspicious because of the xyz before the .com .

    Similarly www.hollywoodreporter.co is also suspect because '.co' is NOT '.com' .

    If you hover over the link, the unspoofed address may be shown in your window somewhere - check there.

    Hover over www.LegitLookingURL.com for the different spoofed address example!

    However for general safety - don't click if not sure!
     
  11. programmer_guy

    programmer_guy True Ex-Scientologist

    Re: WARNING - scientology sending phishing/malware emails re Ron Miscavige's book


    Yeah, it's a bit weird. php is not necessarily evil.
    It's quite common for php scripts (and ECMAScripts, javaScripts) to be embedded in html scripts.
     
  12. HelluvaHoax!

    HelluvaHoax! Platinum Meritorious Sponsor with bells on

    Re: WARNING - scientology sending phishing/malware emails re Ron Miscavige's book


    Thanks for valuable info.

    By the way, as long as you mentioned it. . .


    lololololololololol

    Mr. Swift,

    Is there any reliable methodolgy that you have found to positively identify Marcabs?

    I think many people do not realize how problematic it is to have undetected Marcabians on your lines. Any tech you have on this would be greatly appreciated.



    [​IMG]
    ca 1971
    Captain Bill Robertson regales a standing room
    only crowd on a recent huge win where he
    single-handedly captured several Marcabians and
    imprisoned them inside a force-field cage secured inside
    a French mountain, powered by an eternal battery. ​
     
  13. Free to shine

    Free to shine Shiny & Free

    Re: WARNING - scientology may be sending phishing/malware emails re Ron Miscavige's b

    I changed the thread title to add "may be" (sending).
    A 'campaign' where lots of people receive the same email makes it seem likely to me.
     
  14. arcxcauseblows

    arcxcauseblows Patron Meritorious

    Re: WARNING - scientology may be sending phishing/malware emails re Ron Miscavige's b

    Maybe someone in anonymous can reverse engineer this and find a link to the church...

    Php is in use but fading in popularity to html5, JavaScript or Python

    If I have time tonight I'll dig in

    They're probably trying to get your IP address or something to identify you with

    If they're actually installing spyware then we can trace it to the people they paid to set it up and take legal action or pressure them to whistleblowe

    Save the emails and maybe go to a library and open the link, save it or view the source code, I know they like to obfuscate JavaScript in hexadecimal which is kids stuff
     
  15. AngeloV

    AngeloV Gold Meritorious Patron

    Re: WARNING - scientology may be sending phishing/malware emails re Ron Miscavige's b

    And now, a PSA:

    If you receive an e-mail from an unknown sender and the email says to click the link below....


    DON'T CLICK ON THE LINK.[SUP]*[/SUP]

    Now back to our regularly scheduled thread.


    [SUP]*[/SUP] This is the rule I have 'impinged' on all of my family members, several of whom had to have their PC's wiped clean and re-imaged due to malware because they 'just clicked on an e-mail....'. And guess who had to do the computer work. :coolwink:
     
  16. TheSneakster

    TheSneakster More Skeptical Than You

    Re: WARNING - scientology sending phishing/malware emails re Ron Miscavige's book

    Swift, this bullshit remark (specifically: Straw Man) makes me question your ability to read English, because what I actually wrote contains none of the above. :duh:

    You can make your point about internet safety without falsely putting words in my mouth, capische ?

    Michael A. Hobson
    Independent Scientologist
    email: warrior_mike2001@yahoo.com
    Facebook: https://www.facebook.com/mhobson2011
     
  17. ethercat

    ethercat Cat in flight

    Re: WARNING - scientology may be sending phishing/malware emails re Ron Miscavige's b

    The link in the email I got contains a different number after the domain name (registered with Namecheap on April 27, btw, and under a proxy registration), so there's definitely some kind of visit tracking going on, possibly to verify email addresses which might be added to spammer's lists (as I suspect mine has been previously). It's also from a different sender than the one above, so it's possible that posting the sender may enable the ability to match email addresses with posting names.

    I wouldn't even do that, unless the email address yours got sent to is a burner email address.

    Don't know about malware; I didn't visit, and don't plan to visit, especially when CommunicatorIC does such a fine job of keeping us apprised here of new media stories.
     
  18. TheSneakster

    TheSneakster More Skeptical Than You

    Re: WARNING - scientology may be sending phishing/malware emails re Ron Miscavige's b

    This is my Chrome browser's HTTP request/response exchange with that server:

    Code:
    GET /112/scientologyleaderthreatenslawsuitoverfathersbook.php HTTP/1.1
    Host: 247news.site
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
    Accept-Encoding: gzip, deflate, sdch
    Accept-Language: en-US,en;q=0.8
    DNT: 1
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36
    
    
    HTTP/1.1 302 Moved Temporarily
    Content-Length: 0
    Content-Type: text/html; charset=UTF-8
    Date: Fri, 29 Apr 2016 21:28:54 GMT
    Location: http://www.hollywoodreporter.com/bookmark/scientology-leader-david-miscavige-threatens-887678
    Server: Apache
    X-Powered-By: PHP/5.6.20
    
    It doesn't even set a cookie.

    If the link in the email contains an individualized URL, then the server-side script can marry up that email address with the IP address the web client connected with, of course. Such an IP address is not particularly useful.

    If someone wants to set up a honeypot to check for remote attacks that coincide with browsing that URL, feel free. You do have a quality up-to-date firewall active on your web browsing machine, right ? :coolwink:

    Michael A. Hobson
    Independent Scientologist
    email: warrior_mike2001@yahoo.com
    Facebook: https://www.facebook.com/mhobson2011
     
  19. ThetanExterior

    ThetanExterior Gold Meritorious Patron

    Re: WARNING - scientology may be sending phishing/malware emails re Ron Miscavige's b


    A few years ago I met up with a guy I used to know when I was in scientology. We had both left so we started to meet up occasionally.

    Gradually we drifted apart but I would sometimes receive an email from him which would just say something like "Hi!" and it would contain a link to some website.

    I just ignored these links and deleted the emails. I figured that if he had anything he wanted to communicate to me then he should use words not just a link.

    Anyway, a few weeks ago he rang me for a chat. I mentioned these emails to him and he said he didn't send them!

    So I would agree - don't click on links unless you are sure you know they are safe.
     
  20. Karen#1

    Karen#1 Gold Meritorious Patron

    Re: WARNING - scientology may be sending phishing/malware emails re Ron Miscavige's b


    This is a load of baloney.
    Here is Microsoft's response.


    Subject: RE: SRX1337404769ID - Fwd: Scientology threatens lawsuit over Ruthless
    Date: 4/30/2016 3:21:35 P.M. Pacific Daylight Time
    From: MOSAF.MREA.WW.00.EN.CVG.MNL.AU.T01.SPT.SG.EM@css.one.microsoft.com
    Reply To:
    To: Send IM to: KARENDELACkarendelac@aol.com
    CC:
    BCC:
    Sent on:


    Sent from the Internet (Details)

    Hi ,

    Thank you for letting us know about the questionable email you received. We checked into it and found that it violated the Microsoft Services Agreement (http://www.microsoft.com/en-us/servicesagreement/default.aspx). The email account has been suspended.
    For additional tips on dealing with online abuse, phishing scams, and junk email in the future, please visit this page (http://windows.microsoft.com/en-us/windows/outlook/abuse-phishing-junk-email).

    Thanks,
    Martin
    Microsoft Online Safety


    --------------------------------------------------------------------------------



    --- Original Message ---
    From : "KARENDELAC@aol.com"
    Sent : Friday, April 29, 2016 4:37:30 AM UTC
    To : "Abuse@hotmail.com"
    Subject : Fwd: Scientology threatens lawsuit over Ruthless


    Hotmail platform being used to send phishing.
    Sender is Church of Scientology International, all recipients are ex-Scientologists.

    Karen de la Carriere



    --------------------------------------------------------------------------------
    From: bozifupesyxu@hotmail.com
    To: karendelac@aol.com
    CC: jeffreyaugustine@gmail.com
    Sent: 4/28/2016 6:58:29 P.M. Pacific Daylight Time
    Subj: Scientology threatens lawsuit over Ruthless


    Have you seen the new story about Miscavige's father's book? This is going to be good. http://247news.site/112/scientologyleaderthreatenslawsuitoverfathersbook.php