Monday, September 3, 2012

Infoaxe.net is a Phishing Site


Beware Flip, Flipora or Infoaxe. They are all the same thing.

I received the mail above (I blacked out the prominent email address details). Everything about it looked as though my mother had sent it to me. It looked like her email address. My husband received one at the same time. But look very carefully at the sending address: very different.

It's possible that someone my mother knows received an email like this, apparently from a friend, and "signed up" for this "social network" by clicking innocently on that big red Yes!, up there.

Do not click Yes. Do not click No.

When you click Yes! Infoaxe is immediately given access to your entire email address book. It then sends this phishing email to every person in your address book, without your consent. People who mistakenly click Yes are then counted as bona fide members of their social network. They do not have members, in my opinion - they simply have stolen email addresses.

The company responsible is Flip, Flipora or Infoaxe.

Google's spam filter did not catch it for me.

If this is not phishing I don't know what is. If you receive the same email, click nothing. And forward the email to spam@uce.gov.

If you use Gmail, click on the tab to the right of Reply and in the dropdown menu click Report Phishing.

Here's more good info about the spam/virus mails from Gotham Geeks.

And here is a remarkably uncritical view of the company responsible for this phishing, by Tech Crunch.

26 comments:

  1. I just hate this sort of trash. Why do the greedy have tocause hassle for the rest of us?

    ReplyDelete
  2. If you take it to spam, who go to spam is your friend, not infoaxe.net. It is the worst phishing and spam i never see. And gmail never see what happend, we can not write to gmail...but can acusse the case showing it with Print Screen, Page in a paint for example and sent to Contact Network of Spam Authorities
    (CNSA...they will do something

    ReplyDelete
    Replies
    1. No, the friend did not send the email.It it only looks as if they did.

      Delete
  3. Helpful info on infoaxe.
    Thanks for the warning!

    ReplyDelete
  4. Thanks... too late for me though. I'm an idiot, or at least I'm an idiot in the wee hours of the morning.

    ReplyDelete
  5. Thank you for sharing this, was very helpful!!!!

    ReplyDelete
  6. I belive it is ok if you press YES, i did, just dont give them your gmail password when they ask you for it. NO one will EVER ask you for your password. :D

    ReplyDelete
    Replies
    1. You have just ensured that everyone in your address book will be set spam from them.

      Delete
    2. @Marie, that's not really true. All web browsers are protected with a W3 security layer that won't let anybody stealing your contacts in that way. In case of Gmail, a 3rd party, like this Infoaxe spammer, needs either your Gmail password, or an oAuth token to be able to grab your Gmail contacts. On the other hand, with W3 Same-Origin policy, which is enforced in all web browsers, a website can't grab data from another website which has a different domain, unless the second website enables the first website doing so by enabling padded communication with a technology like JSONP. So in conclusion, these scammers can't steal your contact data in that way.

      Delete
  7. Thank you for this! I just got a second email from this site and wondered where the heck it came from. I didn't even know about the email address you mentioned, I will have to keep it in my contacts for the future

    ReplyDelete
  8. thank you helpful warning...from brazil

    ReplyDelete
  9. This is very helpful! I have also found that you can cancel your 'account' with Flipora by sending an email to cancel@infoaxe.com.

    ReplyDelete
    Replies
    1. Don't send them any emails, doing so will only confirm your email address is real and active and you'll get even more spam.

      Delete
    2. Bullshit you SOB you are with Flipora.

      Delete
  10. It's impossible to give someone access to your address book by just clicking on a link, you have to do additional steps to give them that information, like entering your email address and password. Not defending them at all, just trying to set the record straight.

    ReplyDelete
  11. Anyone know: Does sending it to gmail's spam filter also send your friend's address to spam?

    ReplyDelete
    Replies
    1. No, it will not. The Infoaxe email you receive is not being sent from your friend's address.

      Delete
  12. Thanks for posting this. I received one of the infoaxe phishing emails today. Usually I can spot them a mile away, but I had to give this one a second look and a Google.

    ReplyDelete
  13. As Gotham Geeks point out, this is not technically phising. Even if you think, that the message is masking itself with your friends e-mail address, a sender e-mail address can't be a trusted identifier (e-mail simply doesn't work that way). It is however anoying, although not much more anoying than messages from FB or G+. They should state the identity and purpose of their service in the message clearly.

    ReplyDelete
  14. I all ready accept this mail. What to do now?

    ReplyDelete
    Replies
    1. Send a mass email to all your contacts to warn them that the previous mail was not from you, and not to click Yes. It's probably too late...

      Delete
  15. Ik denk niet dat de link bij 'accept' toegang geeft tot je adresboek. Daar moet je meer voor doen, in elk geval een wachtwoord geven.
    Ik heb op 'accept' geklikt (dom, dom, dom!) en kreeg Flipora_accept_friend_v2.safariextz in mijn downloadsmap. Dit bestand heb ik verwijderd, ik denk dat dat volstaat. Ik zal mijn vriend wel waarschuwen.

    ReplyDelete
  16. Thank You!...for this info. Something wasn't right so I googled the email address...and found on the images a similar picture..whalah!

    ReplyDelete
  17. Hello,

    Could someone confirm whether the address book gets "stolen" by clicking the link, or by logging in on the opened link? And does your laptop/desktop get infected, or is the only danger the spam mails?

    Anonymous

    ReplyDelete
  18. My work email has sent this message to my personal email. I am the ONLY one that works on both of these. I think I must have clicked on YES from my work email and that is why it has sent the message to the personal email. I never gave my password at anytime. What DO I DO?????

    ReplyDelete

Comments on posts older than 48 hours are moderated (for spam control) . Yours will be seen! Unless you are a troll. Serial trollers are banned.