I recently spent a week teaching several hundred students, teachers and parents in several schools and school districts across North Carolina. The sessions are always great, but since there is never enough time to answer everyone’s safety, security and privacy questions, I encourage listeners to leverage the “Ask Linda” section on my website.
The questions I typically get asked range from “is_____ a strong password”, to questions about situations that need immediate intervention. However, among the many follow up questions from this trip came my first request for assistance in protecting stolen funds. The audacity and irony in the email are just too good not to share, so with identities hidden, here’s the original email – and my response. Enjoy.
On 12/16/2011 “Michael”:
Today, you spoke my school (xxxxx). The talk was the best I have ever heard at a school event because during 2009-2010 I recovered other people’s old RuneScape accounts. I learned many ways to look up people, many of which you mentioned today. I have since stopped recovering because many people have found out this easy way to make money and so there are far fewer unused accounts to steal. I also did a fair bit of phishing on the system pelican (fish.in.rs) which is a mass mailer of runescape phishers, so all I needed was an email address owned by a scaper.
Since then, I have been sitting on a few thousand dollars worth of RuneScape currency. With college coming up, I am hoping to sell this on the RuneScape black market sythe.org . The preferred method of communication of most members is MSN which I saw on your website that you used to work for. One of the questions I had for you is: can another person that is chatting with you on MSN get your ip address? I have heard many hackers claim they can get ips through skype, MSN, and email communications.
On another note, I plan on majoring in mathematics and becoming an investor. However, I am wondering what classes are recommended to become an internet security consultant such as yourself.
Enjoy your stay in North Carolina,
The answer to your question is yes, MSN or windows live uses the Microsoft notification protocol that carries the client IP address in some of its headers. While I’m pleased that you found my internet safety, security and privacy presentation to be useful, I’d say that given your phishing and account theft activities the field of security is not the right one for you, and recommend you stick to investing.