Comments

They’re still phishing — 22 Comments

1. Just got one from McAfee, which I don’t have.
   Yesterday it was Amazon, which I do have.
   Many years ago I was snookered by the “Microsoft Team”. Have not had one of those for years. I started playing along with the person on the phone. First I ask him if what he wanted to do would delete all my porn sites. Then I ask him if he liked porn, what kind, etc. Eventually they would hang up.

2. Be skeptical of any emails from vendors that you do not expect. Also, look at the email address. You can forward to Geek Squad for their records.

3. I’ve had several alleged “Amazon” calls. Last one yesterday. Last year we had someone who managed to pay a $380 AT&T bill from my wife’s checking account. We picked it up and got it refunded. I had a fraud with Verizon a couple of years ago. Someone charged two iPhones on my Verizon account. I spent hours on the phone with Verizon (I think it was an inside job.) and finally switched carriers. Eventually, I got a cancelled charge but it took months. No more Verizon for me.

4. Larry1984:

   The weird thing about this one is that the email address seemed to be on the up and up and from a real company, Intuit at Quickbooks. But it’s a company I’ve never had dealings with, and when I did a search I discovered that this company had somehow been used for phishing campaigns without the company’s acquiescence. The email doesn’t ask you to reply to that email address, it asks you to call a phone number but it’s the phone number that isn’t from where it says it is.

5. I’m retired and socially awkward. Many of those phishing messages are, in fact, from me or my pet robots. But, just for the record, I don’t like porn. Bye for now; sooner or later, we’ll talk.

6. Nice illustrative LINK. Anyone receiving unsolicited Email and questionable or absent personal identifiers ought to do a search on the company name or claim, plus terms like “fake” or “scam” or “phishing”. Do it before clicking or replying.

   It’s extremely rare for the ordinary person to be personally and specifically targeted. (The famous and infamous get it all the time.) A search in nine will save ur time.

7. If only we had a federal organization that could go after this sort of telecommunication fraud. Alas, they seem too busy creating their own fraud.

8. SHIREHOME, note that on this one the number they give is a 900 number, so they ding you just for calling it.Tricky!

   Usually if you check closely, the email address you see is just an alias. In gmail, you can get a blow up of the message header by clicking on your address in the email.

   I’ve been preaching the right fix for this stuff for years to deaf ears. See:https://www.linkedin.com/pulse/cyber-citizens-users-frank-hood/. One almost thinks the big companies are profiting from keeping users defenseless and telling them it’s their fault.

9. This morning I got an email welcoming me to a company I’d never heard of and certainly did not subscribe to… I don’t think it was a scam but I do think they’re spamming people from a bought email list.

10. I’m so suspicious that I won’t even click on the link when it’s from a company with whom I do business and from whom I’m expecting an invoice. Just got an email about my propane delivery invoice, and I went to the supplier address instead of clicking on the link.

    As to phone calls, my iPhone allows me to silence calls from people not in my directory. I get a lot of truncated voicemails telling me to enter “1” to talk to a rep.

11. Whenever I get a request to call a number, by phone, text or email I always google the number (bounding the number with quotation marks otherwise google will think I am trying to solve an arithmetic problem). Nine times out of ten someone has posted a warning about the number.

12. I’ve been getting a lot more phone and email scams claiming to confirm a purchase I never made or to renew a subscription I never had. I thought maybe they were going after old people on the theory we wouldn’t remember what we had signed up for, but maybe it’s just the scamming technique du jour.

    I miss the Nigerian email scams. Those were at least entertaining to read.

13. Kate has the right attitude.
    NEVER respond to an unsolicited Email, text or phone call.
    Mistrust anything that comes from a financial institution.
    Access only with a URL that you have created and saved (ideally in a password manager). Hot links are not to be trusted. Lock your credit in Experian, etc if not inconvenient (not freeze, LOCK).
    krebsonsecurity.com has a lot of good information. Look through his archives and get on his Email list for notifications.

14. I’ve been getting a lot of spam with the header “The Norton Subscription Has Expired “. Not even correct English.

15. I have fun with this: “How to trick credit card robocall scammers into calling a phone sex line”:

    https://www.reddit.com/user/jumper34017/comments/6wvlx5/how_to_trick_credit_card_robocall_scammers_into/

    You’ll also need one or both of these:

    https://www.bindb.com/bin-database

    https://planetcalc.com/2464/

    I can get 30 scam calls in a day, many of them for that lowering of the interest rate on my credit cards (I never pay interest), others for final-expense insurance, Spectrum TV, more Medicare benefits. Haven’t had any auto-warranty or home-improvement ones for quite awhile.

    There are also the ones purporting to be from some federal agency with news about my pending indictment, suspension of my SS#, etc. Or purportedly from Amazon with news of the pending arrival of something I didn’t order. I’ve strung some of these along for as much as 25 minutes (I’m retired!) before revealing – heh, heh (use your imagination) — that I’ve been onto them all along.

    ALL of these come from callers with annoying foreign accents, primarily Indian or Pakistani.

16. If it’s not phishing it’s spamming – surprised Neo missed this one from “Julia.”
    (I wonder if she’s THAT Julia in Obama’s ad?)

    https://www.thenewneo.com/2022/03/21/the-ordeal-of-brady-knowlton/#comment-2614359
    “Home earning solution for everyone to work online and received payments every week in bank acc. earns every day more than $500 and received payments every week directly in bank acc. My last month’s earning was $16390 and all i do is work for maximum 2 hrs a day on my pc. easy work and regular earning are awesome with ths job. go here for more info”

    The work clearly does not include spelling and grammar lessons.

17. AesopFan

    Verb agreement is tough for native English speakers. Others, worse. That’s been a tell several times.

18. Kate and Edward have it right. krebsonsecurity.com is one of the best sites out there for news and tips for preventing cyber-fraud.

    In the 40ish years I’ve been using computers, I’ve gotten no viruses, no malware, have not fallen for phishing attacks. Most of these schemes rely on a users laziness and unearned trust in technology.

    One thing I’ve always done is add filter rules for trusted emails. If I get say, a response from amazon after the first time ordering, after ensuring it’s the real deal I add a filter rule to put it in a folder called “bill – orders” for instance.

    Everything from that sender then appears in the folder. After that, any “amazon” email that doesn’t appear in that folder is then automatically suspect, because the filter looks at the actual email address, not what is shown in the from field.

19. Be skeptical of anyone with an Indian (or from the Subcontinent) accent. Also hover over the url and if you see spelling mistakes, that will be a tell.

20. Excellent advice from so many commenters – thanks!

21. Watch for suspicious texts also. A very authentic looking one, logos etc from Wells telling me they had to suspend my account until I resolved an issue with them using a link. I almost fell for it! I get countless phishing schemes on my email weekly. And the ubiquitous auto warranty calls. Fortunately my phone carrier flags them for me. My Mercedes wagon is 20 years old!

    A slightly related incident -where last week I was punked on a FaceTime by 19 teenagers. I very mistakenly answered. They kept saying, “hi Grandma” and were laughing. I had to block manually all 19 pranksters. Pretty embarrassing….kinda funny; payback from my youthful phone pranks in the ‘60’s. *PS I routinely report the phishing or spammers.

22. Watch for suspicious texts also. A very authentic looking one, logos etc from Wells telling me they had to suspend my account until I resolved an issue with them using a link.

    Talking in general now, not specifically about anyone.

    If you have an account with the particular party sending the message, go to that site directly, using your bookmark/favorite.

    I have to explain this to people constantly. If a bank sends you email or an important txt message, you will have that same notice when you login to your account online, or in their mobile app. At least that’s what I’ve always experienced.

    My fiancé is constantly sending me messages asking if a message they received was legit. If you have to ask, then your gut is telling you the answer.

    NEVER CLICK A LINK SOMEONE SENDS YOU!!!

    NEVER SEND PERSONAL INFO BACK TO UNEXPECTED EMAILS/MESAGES/TEXTS!!!

    Good habits will keep you safer than all the software in the world.

    Not that I would run a computer without anti-virus, you just can’t trust it to be 100% effective. Especially against phishing, which is based on social behavior, not technical flaws.

HTML tags allowed in your comment: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>