Topic: email scam?

[Red Beret]

Please merge this with another thread if there's one around I don't know of.

Seems to be a new email scam. A very convincing looking email said to be from Microsoft, warning about unusual activity/sign in from a location in Russia. Even though such emails are typically "no reply", when you select the "report" window it opens a reply window.

I've had two now, even though I reported the first one - be aware!

[Barneylfc∗]

I thought this was a new episode of Maria Khumalo

[swoopy]

I thought this was a new episode of Maria Khumalo

Me too

[Red Beret]

Well it alarmed me enough to check my recent Hotmail activity. It's pretty scary to be honest, the number of attempts to access my account from all over the world. 

The actual successful attempts are even scarier - "We think this was you, you've used this network before (location my not be accurate)." It has the logins located in Edinburgh and Newcastle, and I'm pretty sure I was nowhere near either two days ago. 

So either the IPs are scrambled at random during a legit login, or I have people quietly snooping on me. I updated my password so will see what happens.

[Andy @ Allerton!]

If you recieve an email that looks like it's not from the sender (ie something like Official TSB Correspondance from gav@footybaps.com) then you can combat this by sending the information to the Government to investigate (In the UK)

report@phishing.gov.uk

[Red Beret]

If you recieve an email that looks like it's not from the sender (ie something like Official TSB Correspondance from gav@footybaps.com) then you can combat this by sending the information to the Government to investigate (In the UK)

report@phishing.gov.uk

That's what threw me momentarily. Hovering over the message sender usually reveals some kind of bullshit address like "quirky47856**1!@gmail.com" but this said "no-reply@microsoft.com". But when you click the "report user" button, it opened an email reply window - which you shouldn't have for a "do not reply" address.

Having it pop up in my spam folder was the clincher, but it was so good it almost got me.

[Riquende]

Two scams I've had reported in recently which went a little bit above the usual phishing traps:

The first involves someone claiming to make a payment to you via Paypal (or I guess other payment platforms), they'll insist they've paid and urge you to check your spam folders, where you'll find some "rejection_paypal.com@gmail" or similar informing you that receiving payments is refused until you authorise it through their provided link.

The second was a "There has been suspicious activity with your FB account" one, the link on the email was legitimately a Facebook one, but it just went to a user profile made out to look like an official anti-fraud page which of course had links directing you off-site.

Even though such emails are typically "no reply", when you select the "report" window it opens a reply window.

I don't follow this - surely you can always reply to these, even when legitimate. You'll just get a bounceback most likely as the mailbox isn't monitored. My email client (which to be fair is aging) doesn't stop reply windows opening to no-reply messages.

[Andy @ Allerton!]

Two scams I've had reported in recently which went a little bit above the usual phishing traps:

The first involves someone claiming to make a payment to you via Paypal (or I guess other payment platforms), they'll insist they've paid and urge you to check your spam folders, where you'll find some "rejection_paypal.com@gmail" or similar informing you that receiving payments is refused until you authorise it through their provided link.

The second was a "There has been suspicious activity with your FB account" one, the link on the email was legitimately a Facebook one, but it just went to a user profile made out to look like an official anti-fraud page which of course had links directing you off-site.

I don't follow this - surely you can always reply to these, even when legitimate. You'll just get a bounceback most likely as the mailbox isn't monitored. My email client (which to be fair is aging) doesn't stop reply windows opening to no-reply messages.

I've had a few Paypal ones (Usually saying I've paid a couple of grand for Bitcoin) that urge you to contact the people you bought off if this is an 'error'

The important thing is:


NEVER FUCKING CLICK ON ANY FUCKING THING IN THESE FUCKING EMAILS. DON'T REPLY TO THEM. DON'T GIVE ANY INFORMATION OUT. DON'T ENGAGE. JUST SEND THEM TO THE PHISHING SITE.


IF YOU MUST CHECK THAT ALL IS OK THEN OPEN A NEW BROWSER AND CHECK YOUR BANK DETAILS/PAYPAL ETC. SEPARATELY IN THE NORMAL WAY THAT YOU WOULD CHECK YOUR STUFF. DO NOT EVER FUCKING CLICK ANY LINKS EVER. YOU DON'T KNOW WHAT SCRIPTS ARE RUNNING OR WHAT INFORMATION YOU ARE SENDING THEM.


BE AWARE. BE SAFE. DON'T LET YOUR GUARD DOWN. THESE INBRED c*nts ARE VERY, VERY CLEVER AND MASSIVE CONMEN. FUCK THEM.

[Nitramdorf]

I got a weird email from Amazon-offers yesterday. Just said watch out for online scammers then Hello followed by my name and nothing else.

There was also one doing the rounds the other week pretending to be from Freshbooks, which I believe is a legitimate small business accounting firm.
The email said thanks for taking out a subscription if you want to cancel log into your PayPal account.  Also had a missed call at the same time. Fucking bastards.

[Claire.]

The important thing is:


NEVER FUCKING CLICK ON ANY FUCKING THING IN THESE FUCKING EMAILS. DON'T REPLY TO THEM. DON'T GIVE ANY INFORMATION OUT. DON'T ENGAGE. JUST SEND THEM TO THE PHISHING SITE.


IF YOU MUST CHECK THAT ALL IS OK THEN OPEN A NEW BROWSER AND CHECK YOUR BANK DETAILS/PAYPAL ETC. SEPARATELY IN THE NORMAL WAY THAT YOU WOULD CHECK YOUR STUFF. DO NOT EVER FUCKING CLICK ANY LINKS EVER. YOU DON'T KNOW WHAT SCRIPTS ARE RUNNING OR WHAT INFORMATION YOU ARE SENDING THEM.


BE AWARE. BE SAFE. DON'T LET YOUR GUARD DOWN. THESE INBRED c*nts ARE VERY, VERY CLEVER AND MASSIVE CONMEN. FUCK THEM.

This.

We have to do infosec refreshers all the time at work and our in-house security sends us phishing emails to keep us on our toes If you're in any way suspicious, don't click anything or open attachments. Forward to the gov address or if it's saying it's from a particular business (like a bank or something) you can often forward to their own teams.

[Red Beret]

I don't follow this - surely you can always reply to these, even when legitimate. You'll just get a bounceback most likely as the mailbox isn't monitored. My email client (which to be fair is aging) doesn't stop reply windows opening to no-reply messages.

You would think that clicking a "report" button would open a link that would take you to a website, but this just opened a reply window in an email that says "no reply".

[Wabaloolah]

I've had a few Paypal ones (Usually saying I've paid a couple of grand for Bitcoin) that urge you to contact the people you bought off if this is an 'error'

The important thing is:


NEVER FUCKING CLICK ON ANY FUCKING THING IN THESE FUCKING EMAILS. DON'T REPLY TO THEM. DON'T GIVE ANY INFORMATION OUT. DON'T ENGAGE. JUST SEND THEM TO THE PHISHING SITE.


IF YOU MUST CHECK THAT ALL IS OK THEN OPEN A NEW BROWSER AND CHECK YOUR BANK DETAILS/PAYPAL ETC. SEPARATELY IN THE NORMAL WAY THAT YOU WOULD CHECK YOUR STUFF. DO NOT EVER FUCKING CLICK ANY LINKS EVER. YOU DON'T KNOW WHAT SCRIPTS ARE RUNNING OR WHAT INFORMATION YOU ARE SENDING THEM.


BE AWARE. BE SAFE. DON'T LET YOUR GUARD DOWN. THESE INBRED c*nts ARE VERY, VERY CLEVER AND MASSIVE CONMEN. FUCK THEM.

100% this