[On-going Scams - Post them here]

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
User avatar
Tubes
Posts: 1881
Joined: Wed Apr 22, 2020 6:33 am

Re: Scam alert - USPS new feature playing a role

Post by Tubes »

roamingzebra wrote: Sat Mar 04, 2023 12:57 pm
OpenMinded1 wrote: Sat Feb 25, 2023 12:10 pm Regarding phone security, and the theft of phones at bars, I don't go to bars anymore. I'm 64. :D Do a lot of people still do that? I thought that mostly fell by the wayside with the advent of social media including dating sites.
You don't need to go to a bar for this to happen.

I just got done listening to a podcast from a guy who advises VIPs and others on security/privacy. One of his clients was on the phone in a line outside of a restaurant and some guy just swoops by and lifts her phone. Sometimes the timing will allow the thieves to get access to all the data on the phone as the phone is still open. Other times, they may have been observing their mark enter the PIN and so have it on hand.

Aside from having situational awareness at all times and not opening your phone in public when others are close by, a separate PIN can be used for all sensitive apps on the phone. So if the phone itself is compromised via the PIN, that same PIN can't be used to access data from sensitive apps. No need to have a separate PIN for each app but rather one PIN for the phone and another reasonably long PIN for the apps. Lots of other advice but since I use a flip phone, I can't really remember or relate to the other suggestions.
The TV program "Mr. Robot" demonstrates this very well in the first episode or two. The show then goes in different directions, yet those first few episodes were really informative on how hackers work.
Nicolas
Posts: 4923
Joined: Wed Aug 22, 2012 7:41 am

Re: [On-going Scams - Post them here]

Post by Nicolas »

Scammers are now using AI to simulate grandsons’ voices calling for help. All they need is a snippet of speech from Facebook, Tik Tok, or the like. https://wapo.st/41ZmqG3
Last edited by Nicolas on Sun Mar 05, 2023 7:47 am, edited 2 times in total.
3feetpete
Posts: 613
Joined: Sun Dec 14, 2014 6:30 pm

Re: [On-going Scams - Post them here]

Post by 3feetpete »

Fraudulent buyers on Facebook marketplace. They offer to purchase large high dollar item sight unseen and pay with a certified check. The check comes with more money than purchase price ostensibly to cover shipping. Fraudster provides shipping company contact. After you cash the check you pay the fake shipping company to pick up and ship the item. They of course never come. The bank eventually discovers the check was fraudulent and you are required to reimburse. So you are out the fake shipping charge. I placed a kayak up for sale and had three offers like this within an hour so it must be pretty common. I figured it out and didn’t lose anything.
Mudpuppy
Posts: 7409
Joined: Sat Aug 27, 2011 2:26 am
Location: Sunny California

Re: [On-going Scams - Post them here]

Post by Mudpuppy »

littlebird wrote: Sat Mar 04, 2023 10:45 am Thanks. My texts don’t tick any of the boxes in this message, but good to know they *do* use text for contact. I still don’t think I would click on the link if I receive another text from them. If they want my input, I think I would only respond to a snail mail letter or a pair of humans standing outside of my security door.
The Census Bureau does use text messages to initiate surveys, particularly the Household Pulse Survey on COVID-19, but I'm not finding any legit search results that indicate they issue the American Community Survey (ACS) through text message. The ACS FAQ page only mentions how to verify that mailings, phone calls, and household visits are legitimate ACS requests. It does not mention text messages: https://www.census.gov/programs-surveys ... urvey.html
Mudpuppy
Posts: 7409
Joined: Sat Aug 27, 2011 2:26 am
Location: Sunny California

Re: [On-going Scams - Post them here]

Post by Mudpuppy »

Related to the potentially fake Census Bureau text, I've received a few MMS from senders who resemble an internal name for services instead of a number. Some of them even have clear typos in the name, like "auths" instead of "auth". I have had my phones configured to require manual download of MMS since the spate of MMS-delivered Stagefright exploits many years ago. So I don't know what kind of spam or malware these folks were trying to serve, since I'm not clicking to download obvious spam.

However, I thought it would be good to remind people to set their phones to manually download MMS, rather than automatically download them. It will save you from exploits delivered via MMS, and if there's an active spam campaign ongoing, there's likely an exploit they're trying to target. It does mean you have to tap to download pictures people send you or for group chats (for messaging apps that use MMS for group chats), but it's a small measure of inconvenience to save one from an MMS-delivered exploit.
Nicolas
Posts: 4923
Joined: Wed Aug 22, 2012 7:41 am

Re: [On-going Scams - Post them here]

Post by Nicolas »

Mudpuppy wrote: Sun Mar 05, 2023 4:56 pm Related to the potentially fake Census Bureau text, I've received a few MMS from senders who resemble an internal name for services instead of a number. Some of them even have clear typos in the name, like "auths" instead of "auth". I have had my phones configured to require manual download of MMS since the spate of MMS-delivered Stagefright exploits many years ago. So I don't know what kind of spam or malware these folks were trying to serve, since I'm not clicking to download obvious spam.

However, I thought it would be good to remind people to set their phones to manually download MMS, rather than automatically download them. It will save you from exploits delivered via MMS, and if there's an active spam campaign ongoing, there's likely an exploit they're trying to target. It does mean you have to tap to download pictures people send you or for group chats (for messaging apps that use MMS for group chats), but it's a small measure of inconvenience to save one from an MMS-delivered exploit.
Thanks, I changed the settings on our two phones accordingly.
User avatar
nisiprius
Advisory Board
Posts: 52216
Joined: Thu Jul 26, 2007 9:33 am
Location: The terrestrial, globular, planetary hunk of matter, flattened at the poles, is my abode.--O. Henry

Re: [On-going Scams - Post them here]

Post by nisiprius »

Very scary.

Last year, I was personally targeted for a "grandson scam," which I hadn't read about. The call began "This is your grandson." My grandson's voice is changing. It didn't sound like him, but it didn't not sound like him. I said "Hi, how are you?" He said "I've had better days." He went on to say that he'd been in a minor car accident, and his face had hit the windshield and he was bleeding. I was surprisingly slow to process a few facts. 1) He hadn't given his name, my grandson would always say "this is [name]," not "this is your grandson." 2) He didn't call me by the word he uses to address me, let's say "Abuelo." And, of course, 3) My grandson doesn't drive. I barely had the presence of mind to say "Who is this, again?" And again he said "Your grandson." I said, without further explanation, "I'm sorry, but you have the wrong number" and hung up. It wasn't exactly a close call, but it was embarrassing to realize how slow I was on the uptake.

So now I read They thought loved ones were calling for help. It was an AI scam.
Scammers are using artificial intelligence to sound more like family members in distress. People are falling for it and losing thousands of dollars....

As impersonation scams in the United States rise, Card’s ordeal is indicative of a troubling trend. Technology is making it easier and cheaper for bad actors to mimic voices, convincing people, often the elderly, that their loved ones are in distress. In 2022, impostor scams were the second most popular racket in America...

Advancements in artificial intelligence have added a terrifying new layer, allowing bad actors to replicate a voice with just an audio sample of a few sentences. Powered by AI, a slew of cheap online tools can translate an audio file into a replica of a voice, allowing a swindler to make it “speak” whatever they type....

“Two years ago, even a year ago, you needed a lot of audio to clone a person’s voice,” Farid said. “Now … if you have a Facebook page … or if you’ve recorded a TikTok and your voice is in there for 30 seconds, people can clone your voice.”...

Victims report reacting with visceral horror when hearing loved ones in danger.
I can believe it. If the voice had really sounded like my grandson, and if he'd been old enough to drive, I can imagine ignoring all the red flags. Maybe even if he weren't, the "visceral" factor would override everything--I'm only 99% sure of his age and only 99% sure he hasn't gotten a license yet.
Annual income twenty pounds, annual expenditure nineteen nineteen and six, result happiness; Annual income twenty pounds, annual expenditure twenty pounds ought and six, result misery.
User avatar
BigFoot48
Posts: 3115
Joined: Tue Feb 20, 2007 9:47 am
Location: Arizona

Re: [On-going Scams - Post them here]

Post by BigFoot48 »

PayPal Scam

I'm horrified that I fell prey (temporarily) to a scam Monday. I got a very well-written email allegedly from PayPal that my account paid an invoice for a Blockchain purchase of $749. It said if I did not make this purchase to call a phone number, which I did. A person with an India-region accent answered and directed me to click on an enclosed link to provide bank information necessary to send a refund of this charge to. I started keying in Bank of America then said that's wrong and keyed in Charles Scbwab.

I got transferred to a "supervisor" who continued to prompt me to finish the form, and then at about 2 minutes into the call it finally dawned on me this was a scam. I hung up and immediately started running anti-virus programs. I believe the clicked link loaded AnyDesk which is a program that allows two computers to link. Using this they could have downloaded all my data but I believe I stopped it in time.

Apparently PayPal scams are widespread, although PayPal has never emailed me about them. I moved the one annual bill being charged to PayPal to BofA credit card and plan to close the PayPal account I opened in 2005.

I called Schwab security and an employee recommended putting a freeze on all my credit, which I had done many years ago. I did change most of my email and financial sites passwords just in case. My passwords are stored in KeePass on the computer which I think is secure.

It's a jungle out there. Constant vigilance is required.
Retired | Two-time in top-10 in Bogleheads S&P500 contest; 18-time loser
almostretired1965
Posts: 497
Joined: Mon Nov 13, 2017 1:02 pm

New scam or old scam?

Post by almostretired1965 »

[merged into the scam thread - moderator prudent]

Just got a weird email from a hotmail address:
<my full name> Hi it’s Karim with the Financial Assistance Department. We tried reaching you at your home and did not hear back... I'm not sure if you’ve spoken to an assigned agent yet, but I do see that you’re pre-approved for our Hardship Program, so what I’m going to do is keep this in a pending status. And If you have about five minutes today give me a call so we can go over the details. You can reach me at: [spam phone number removed --admin LadyGeek], Thank You, Karim Jun
The bottom of the email contains the following blub:
Advertising Services, PO Box 249 #57223, Albuquerque, NM 87103 ... We are a marketing agency. If you wish to contact the company mentioned, please dial the phone number above to get removed from our marketing list. Please enter the following URL into your browser: [scam website removed --admin LadyGeek] and enter your email in the exact format ......
No doubt they will either try and sell me something and or steal info from me if I actually called. I was just curious whether anyone has seen this before and what they are after, etc.

A
jayjayc
Posts: 641
Joined: Tue Jun 25, 2013 11:38 pm

Re: New scam or old scam?

Post by jayjayc »

I received the same email. Thought I'd play along and give them a phone number to set up my appointment. Too bad the phone number is for the police department's fraud team.
User avatar
ResearchMed
Posts: 16795
Joined: Fri Dec 26, 2008 10:25 pm

Re: New scam or old scam?

Post by ResearchMed »

almostretired1965 wrote: Fri Mar 10, 2023 11:02 am [merged into the scam thread - moderator prudent]

Just got a weird email from a hotmail address:
<my full name> Hi it’s Karim with the Financial Assistance Department. We tried reaching you at your home and did not hear back... I'm not sure if you’ve spoken to an assigned agent yet, but I do see that you’re pre-approved for our Hardship Program, so what I’m going to do is keep this in a pending status. And If you have about five minutes today give me a call so we can go over the details. You can reach me at: [spam phone number removed --admin LadyGeek], Thank You, Karim Jun
The bottom of the email contains the following blub:
Advertising Services, PO Box 249 #57223, Albuquerque, NM 87103 ... We are a marketing agency. If you wish to contact the company mentioned, please dial the phone number above to get removed from our marketing list. Please enter the following URL into your browser: [scam website removed --admin LadyGeek] and enter your email in the exact format ......
No doubt they will either try and sell me something and or steal info from me if I actually called. I was just curious whether anyone has seen this before and what they are after, etc.

A
[emphasis added]


Do *NOT* click on or enter that link that supposedly "removes" you from their "marketing list".

That is Rule #1.

RM
This signature is a placebo. You are in the control group.
Jonathan0210
Posts: 1
Joined: Fri Mar 10, 2023 4:57 pm

Re: New scam or old scam?

Post by Jonathan0210 »

almostretired1965 wrote: Fri Mar 10, 2023 11:02 am [merged into the scam thread - moderator prudent]

Just got a weird email from a hotmail address:
<my full name> Hi it’s Karim with the Financial Assistance Department. We tried reaching you at your home and did not hear back... I'm not sure if you’ve spoken to an assigned agent yet, but I do see that you’re pre-approved for our Hardship Program, so what I’m going to do is keep this in a pending status. And If you have about five minutes today give me a call so we can go over the details. You can reach me at: [spam phone number removed --admin LadyGeek], Thank You, Karim Jun
The bottom of the email contains the following blub:
Advertising Services, PO Box 249 #57223, Albuquerque, NM 87103 ... We are a marketing agency. If you wish to contact the company mentioned, please dial the phone number above to get removed from our marketing list. Please enter the following URL into your browser: [scam website removed --admin LadyGeek] and enter your email in the exact format ......
No doubt they will either try and sell me something and or steal info from me if I actually called. I was just curious whether anyone has seen this before and what they are after, etc.

A
I got this email too, except that it purportedly came from "Nancee Ott" rather than "Karim Jun." (The P.O. Box address was the same on mine, as was the phone number.) I would not recommend following any hyperlink in the email or replying (it proves to them that you exist). The email contained a header: [scam header removed --admin LadyGeek] As far as I can tell, this just means the scammers have their own outlook.com email account. Possibly a complaint to Microsoft might get their email account closed, although doubtless they'll set up new ones. It might also be worth filing a fraud report at: https://reportfraud.ftc.gov/#/
User avatar
LadyGeek
Site Admin
Posts: 95696
Joined: Sat Dec 20, 2008 4:34 pm
Location: Philadelphia
Contact:

Re: [On-going Scams - Post them here]

Post by LadyGeek »

I just got an email from H&R Block which triggered my Thunderbird email client's Scam Detection. The subject was "Would you recommend H&R Block to other customers?".

Why? H&R Block wanted me to rate their software by clicking on a link which went to a marketing company. I went to the company's home page directly without clicking on the link. It looks legit, but I'm more upset that I'm getting spammed by marketing email. No, I didn't click on the links.

I also have Thunderbird configured to never show remote content in messages. You'd be surprised how much content is downloaded when you read your mail. If you don't have the content, it won't be loaded onto your computer. Images will be missing, but I think it's a better way to go. Remote Content in Messages | Thunderbird Help
Wiki To some, the glass is half full. To others, the glass is half empty. To an engineer, it's twice the size it needs to be.
User avatar
AnnetteLouisan
Posts: 7262
Joined: Sat Sep 18, 2021 10:16 pm
Location: New York, NY

Re: [On-going Scams - Post them here]

Post by AnnetteLouisan »

I received a Dropbox scam email. It used the name of a friend who had sent me a link. It asks you for your email and PW to access. I contacted the friend and he hadn’t sent it. In fact another friend of his contacted him about it too.
Nicolas
Posts: 4923
Joined: Wed Aug 22, 2012 7:41 am

Re: [On-going Scams - Post them here]

Post by Nicolas »

There are now phishing attacks that can bypass MFA. Here’s the story:
https://arstechnica.com/information-tec ... ypass-mfa/
Mudpuppy
Posts: 7409
Joined: Sat Aug 27, 2011 2:26 am
Location: Sunny California

Re: [On-going Scams - Post them here]

Post by Mudpuppy »

Nicolas wrote: Tue Mar 14, 2023 8:45 pm There are now phishing attacks that can bypass MFA. Here’s the story:
https://arstechnica.com/information-tec ... ypass-mfa/
It's just another "blank"-in-the-middle attack, so it isn't really bypassing MFA. It's just tricking victims into giving up the MFA token and using a method fast enough to relay the token to the original site before the token expires.
Nicolas
Posts: 4923
Joined: Wed Aug 22, 2012 7:41 am

Re: [On-going Scams - Post them here]

Post by Nicolas »

Mudpuppy wrote: Wed Mar 15, 2023 1:42 pm
Nicolas wrote: Tue Mar 14, 2023 8:45 pm There are now phishing attacks that can bypass MFA. Here’s the story:
https://arstechnica.com/information-tec ... ypass-mfa/
It's just another "blank"-in-the-middle attack, so it isn't really bypassing MFA. It's just tricking victims into giving up the MFA token and using a method fast enough to relay the token to the original site before the token expires.
Yes I know. I worded it poorly. Thanks.
SimonJester
Posts: 2500
Joined: Tue Aug 16, 2011 12:39 pm

Re: [On-going Scams - Post them here]

Post by SimonJester »

Nicolas wrote: Sat Mar 04, 2023 4:37 pm Scammers are now using AI to simulate grandsons’ voices calling for help. All they need is a snippet of speech from Facebook, Tik Tok, or the like. https://wapo.st/41ZmqG3
As a family when the kids were in their teens we established a family passphrase we can say or txt to each other. You can use anything Green Pickle, or Rubber Duckie.... Something simple and funny so it will stick in everyone minds... This can be used in txt or phone calls when you are doubting the identity of the other party...
"They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety." - Benjamin Franklin
User avatar
Artful Dodger
Posts: 1952
Joined: Thu Oct 20, 2016 12:56 pm

Re: [On-going Scams - Post them here]

Post by Artful Dodger »

3feetpete wrote: Sun Mar 05, 2023 7:26 am Fraudulent buyers on Facebook marketplace. They offer to purchase large high dollar item sight unseen and pay with a certified check. The check comes with more money than purchase price ostensibly to cover shipping. Fraudster provides shipping company contact. After you cash the check you pay the fake shipping company to pick up and ship the item. They of course never come. The bank eventually discovers the check was fraudulent and you are required to reimburse. So you are out the fake shipping charge. I placed a kayak up for sale and had three offers like this within an hour so it must be pretty common. I figured it out and didn’t lose anything.
Facebook Marketplace and Craigslist. Exact same thing when I was selling some old speakers a while back as well as a couch previously. If I had only received one such offer, I still would have been suspicious, but getting multiple ones convinced me something was off. I went online and searched and came up with the same explanation you provided.
ShadowCat
Posts: 256
Joined: Thu Nov 05, 2015 4:02 pm

Re: [On-going Scams - Post them here]

Post by ShadowCat »

LadyGeek wrote: Sun Mar 12, 2023 6:44 am I just got an email from H&R Block which triggered my Thunderbird email client's Scam Detection. The subject was "Would you recommend H&R Block to other customers?".

Why? H&R Block wanted me to rate their software by clicking on a link which went to a marketing company. I went to the company's home page directly without clicking on the link. It looks legit, but I'm more upset that I'm getting spammed by marketing email. No, I didn't click on the links.

I also have Thunderbird configured to never show remote content in messages. You'd be surprised how much content is downloaded when you read your mail. If you don't have the content, it won't be loaded onto your computer. Images will be missing, but I think it's a better way to go. Remote Content in Messages | Thunderbird Help
That's disappointing since I was considering H&R block. Is this the first time you've been targeted with spam for using H&R block? Are you still going to use them for taxes in the future based on this?
Nicolas
Posts: 4923
Joined: Wed Aug 22, 2012 7:41 am

Re: [On-going Scams - Post them here]

Post by Nicolas »

Watch out for this one:

My wife listed something on FB Marketplace. Quite soon after that she thought she snagged a buyer. He wanted to buy it and had no questions about the item at all. But first he wanted to verify that my wife was a “real person” or some such and he wanted to send a code to her iPhone to make sure and could she text it back to him? She agreed and when the code arrived it was a Google Voice verification.

The guy wanted a new Google Voice number to use to scam other people. We read about the scam later. Unfortunately in the heat of the moment she gave him the code. Then he said “Oh that one doesn’t work, get another phone I can send a code to”. By then she realized what she’d done and cut him off. No harm done to us other than that she can no longer get a GV number for her phone, you only get one per. But someone else is going to be scammed now — that hurts.
User avatar
enad
Posts: 1581
Joined: Fri Aug 12, 2022 2:50 pm

Hackers are stealing Gmail messages — delete this extension right now

Post by enad »

Hackers are stealing Gmail messages — delete this extension right now https://www.tomsguide.com/news/hackers- ... -right-now

Any chrome/chromium browser including Microsoft Edge can be affected

[Link made visible by moderator Kendall so that readers can decide if it's safe to click.]
What Goes Up Must come down -- David Clayton-Thomas (1968), BST
sport
Posts: 12094
Joined: Tue Feb 27, 2007 2:26 pm
Location: Cleveland, OH

Re: Hackers are stealing Gmail messages — delete this extension right now

Post by sport »

enad wrote: Sun Mar 26, 2023 8:03 am Hackers are stealing Gmail messages — delete this extension right now

Any chrome/chromium browser including Microsoft Edge can be affected
I don't want to click on that link. What is the extension?
User avatar
ResearchMed
Posts: 16795
Joined: Fri Dec 26, 2008 10:25 pm

Re: Hackers are stealing Gmail messages — delete this extension right now

Post by ResearchMed »

sport wrote: Sun Mar 26, 2023 8:10 am
enad wrote: Sun Mar 26, 2023 8:03 am Hackers are stealing Gmail messages — delete this extension right now

Any chrome/chromium browser including Microsoft Edge can be affected
I don't want to click on that link. What is the extension?

Thanks for asking! My reaction was the same, although hovering seemed okay (but it's not always...)

RM
This signature is a placebo. You are in the control group.
User avatar
enad
Posts: 1581
Joined: Fri Aug 12, 2022 2:50 pm

Re: Hackers are stealing Gmail messages — delete this extension right now

Post by enad »

sport wrote: Sun Mar 26, 2023 8:10 am
enad wrote: Sun Mar 26, 2023 8:03 am Hackers are stealing Gmail messages — delete this extension right now

Any chrome/chromium browser including Microsoft Edge can be affected
I don't want to click on that link. What is the extension?
When you replied to me, the link to the article was fully visible, but here it is in the clear:
https://www.tomsguide.com/news/hackers- ... -right-now

You'll have to read the article for the details, or do an internet search
What Goes Up Must come down -- David Clayton-Thomas (1968), BST
Kendall
Moderator
Posts: 1430
Joined: Tue Apr 30, 2019 8:10 pm

Re: [On-going Scams - Post them here]

Post by Kendall »

See the edit to enad's post.

Thanks to enad for pointing out this article and to the member who reported the post. The link is now visible so readers can see it and decide if they want to go to that site.

Members who are logged in can see any posted link in full by either clicking the quote icon at the top of the post or clicking the contact icon underneath the poster's name to the right of the post. Clicking either icon generates a copy of the post in code and reveals the full link. You can then exit the quote/contact page by hitting back on your browser. Now that you know the full link, you can decide to click the link or google the key search words to get the site another way.

It is good practice to make links visible rather than hidden behind vague hypertext.
--moderator Kendall
OpenMinded1
Posts: 1576
Joined: Wed Feb 05, 2020 8:27 am

Re: [On-going Scams - Post them here]

Post by OpenMinded1 »

Recently, I received an email stating that my McAfee service had been upgraded for a fee of $299, and that the credit card on file had been charged. This is despite the fact that I don't use McAfee for anything. I don't remember all the details, but I think there was a link to click on and a phone number to call for additional information.

I checked my credit card transactions to make sure none of my credit cards had actually been used for the transaction. Then I deleted the email without clicking on any links or making a call to the number provided. It was probably a phishing attempt.

It looked more legit that most scam emails I've seen. I guess the scammer thought someone might be more likely to trust an email purportedly from a company involved in computer security.
sport
Posts: 12094
Joined: Tue Feb 27, 2007 2:26 pm
Location: Cleveland, OH

Re: Hackers are stealing Gmail messages — delete this extension right now

Post by sport »

enad wrote: Sun Mar 26, 2023 8:22 am
sport wrote: Sun Mar 26, 2023 8:10 am
enad wrote: Sun Mar 26, 2023 8:03 am Hackers are stealing Gmail messages — delete this extension right now

Any chrome/chromium browser including Microsoft Edge can be affected
I don't want to click on that link. What is the extension?
When you replied to me, the link to the article was fully visible, but here it is in the clear:
https://www.tomsguide.com/news/hackers- ... -right-now

You'll have to read the article for the details, or do an internet search
Can't you tell us the extension involved? As long as you are calling it to our attention, it would be helpful to identify it.
User avatar
LadyGeek
Site Admin
Posts: 95696
Joined: Sat Dec 20, 2008 4:34 pm
Location: Philadelphia
Contact:

Re: [On-going Scams - Post them here]

Post by LadyGeek »

There is some confusion on the link formatting. The full article title is: Hackers are stealing Gmail messages — delete this extension right now | Tom's Guide
The extension is named ‘AF’ and unlike normal extensions, it can’t be found in Chrome’s More tools section under extensions. Instead, you need to manually type “chrome(or edge/brave)://extensions” into your browser’s address bar to find it.
Wiki To some, the glass is half full. To others, the glass is half empty. To an engineer, it's twice the size it needs to be.
User avatar
enad
Posts: 1581
Joined: Fri Aug 12, 2022 2:50 pm

Re: Hackers are stealing Gmail messages — delete this extension right now

Post by enad »

sport wrote: Sun Mar 26, 2023 10:22 am
enad wrote: Sun Mar 26, 2023 8:22 am
sport wrote: Sun Mar 26, 2023 8:10 am
enad wrote: Sun Mar 26, 2023 8:03 am Hackers are stealing Gmail messages — delete this extension right now

Any chrome/chromium browser including Microsoft Edge can be affected
I don't want to click on that link. What is the extension?
When you replied to me, the link to the article was fully visible, but here it is in the clear:
https://www.tomsguide.com/news/hackers- ... -right-now

You'll have to read the article for the details, or do an internet search
Can't you tell us the extension involved? As long as you are calling it to our attention, it would be helpful to identify it.
I can't since I don't use gmail, chrome or Microsoft Edge. I figured I would post the information and those that are interested can read up on it and see if they are affected and how to remove it if they were impacted.

Lesson learned: I won't post anything here that doesn't impact me
What Goes Up Must come down -- David Clayton-Thomas (1968), BST
User avatar
heartwood
Posts: 2700
Joined: Sat Nov 23, 2013 12:40 pm

Re: [On-going Scams - Post them here]

Post by heartwood »

OpenMinded1 wrote: Sun Mar 26, 2023 9:40 am Recently, I received an email stating that my McAfee service had been upgraded for a fee of $299, and that the credit card on file had been charged. This is despite the fact that I don't use McAfee for anything. I don't remember all the details, but I think there was a link to click on and a phone number to call for additional information.

I checked my credit card transactions to make sure none of my credit cards had actually been used for the transaction. Then I deleted the email without clicking on any links or making a call to the number provided. It was probably a phishing attempt.

It looked more legit that most scam emails I've seen. I guess the scammer thought someone might be more likely to trust an email purportedly from a company involved in computer security.
I get a some of these every week. It's been happening for a couple of years. I get emails but also texts. Each from a different address, all sent with variations of a gmail or other account, all with garbage account names when I hover over it. Most with different charge amounts.

They come for "McAfee", but also for Best Buy Geek Squad or other "contracts".
User avatar
ResearchMed
Posts: 16795
Joined: Fri Dec 26, 2008 10:25 pm

Re: [On-going Scams - Post them here]

Post by ResearchMed »

heartwood wrote: Sun Mar 26, 2023 1:11 pm
OpenMinded1 wrote: Sun Mar 26, 2023 9:40 am Recently, I received an email stating that my McAfee service had been upgraded for a fee of $299, and that the credit card on file had been charged. This is despite the fact that I don't use McAfee for anything. I don't remember all the details, but I think there was a link to click on and a phone number to call for additional information.

I checked my credit card transactions to make sure none of my credit cards had actually been used for the transaction. Then I deleted the email without clicking on any links or making a call to the number provided. It was probably a phishing attempt.

It looked more legit that most scam emails I've seen. I guess the scammer thought someone might be more likely to trust an email purportedly from a company involved in computer security.
I get a some of these every week. It's been happening for a couple of years. I get emails but also texts. Each from a different address, all sent with variations of a gmail or other account, all with garbage account names when I hover over it. Most with different charge amounts.

They come for "McAfee", but also for Best Buy Geek Squad or other "contracts".

It's getting even worse, especially for the "unaware".
I've started getting some emails from some "official sounding e-address" plus some name.
The text is something like:

"We have charged your account $399 [for "renewal" or "your subscription", etc.]. If this is not authorized, you must contact us within 10 days. Please see the attached invoice."

And of course, that would mean opening some attachment, and there are no other hints about what it is for.

So far most of those have been caught and sent to my "junk mail" folder. But I still check that regularly because sometimes a valid email lands there.

I have the email set not to display any content unless I click to read or download or unblock or whatever the choices are.

RM
This signature is a placebo. You are in the control group.
scrabbler1
Posts: 2798
Joined: Fri Nov 20, 2009 1:39 pm

Re: [On-going Scams - Post them here]

Post by scrabbler1 »

heartwood wrote: Sun Mar 26, 2023 1:11 pm
OpenMinded1 wrote: Sun Mar 26, 2023 9:40 am Recently, I received an email stating that my McAfee service had been upgraded for a fee of $299, and that the credit card on file had been charged. This is despite the fact that I don't use McAfee for anything. I don't remember all the details, but I think there was a link to click on and a phone number to call for additional information.

I checked my credit card transactions to make sure none of my credit cards had actually been used for the transaction. Then I deleted the email without clicking on any links or making a call to the number provided. It was probably a phishing attempt.

It looked more legit that most scam emails I've seen. I guess the scammer thought someone might be more likely to trust an email purportedly from a company involved in computer security.
I get a some of these every week. It's been happening for a couple of years. I get emails but also texts. Each from a different address, all sent with variations of a gmail or other account, all with garbage account names when I hover over it. Most with different charge amounts.

They come for "McAfee", but also for Best Buy Geek Squad or other "contracts".
Same here, except that I don't get these via texts (thank goodness!). I have a strict spam filter, so all of this junk goes to Junk Mail. I do view the Junk Mail folder at least once a day to make sure nothing legit gets in there. But I always get a laugh from how many of these I get and from the increasing variety of sources.
wbillvan
Posts: 24
Joined: Fri Feb 20, 2009 5:41 pm

Re: [On-going Scams - Post them here]

Post by wbillvan »

I keep getting emails from ATI tracking my physical therapy and thanking for paying with a credit card. I am not on a physical therapy regimen or have the credit card type they use in the email. All these emails keep asking me to create an account. I keep deleting these emails. The emails are very detailed and designed to trigger a response.
User avatar
Stinky
Posts: 14155
Joined: Mon Jun 12, 2017 11:38 am
Location: Sweet Home Alabama

Re: [On-going Scams - Post them here]

Post by Stinky »

wbillvan wrote: Sun Mar 26, 2023 5:54 pm I keep getting emails from ATI tracking my physical therapy and thanking for paying with a credit card. I am not on a physical therapy regimen or have the credit card type they use in the email. All these emails keep asking me to create an account. I keep deleting these emails. The emails are very detailed and designed to trigger a response.
This sounds like less than a scam, and more like an incorrectly typed email address on the ATI system.

I’d suggest that you call the ATI office in question, and tell them that you’re continuing to get unsolicited emails. I suspect that you’re getting somebody else’s valid emails.

Don’t click on any links in the ATI email.

Of course, you can also continue to ignore/delete the emails.
Retired life insurance company financial executive who sincerely believes that ”It’s a GREAT day to be alive!”
User avatar
Stinky
Posts: 14155
Joined: Mon Jun 12, 2017 11:38 am
Location: Sweet Home Alabama

Re: [On-going Scams - Post them here]

Post by Stinky »

We received this email today. Of course, we have not applied for any "Hardship Assistance". The email came from a Hotmail account.

An obvious scam.

Dear (my name),

I am reaching out from the Financial Assistance Department, where I have been assigned to assist with your recent application for hardship assistance. I have reviewed your application and am pleased to inform you that you have been pre-approved for up to $37,000 in financial support.

Our program is designed to provide unique opportunities to those facing financial difficulties, and I would be honored to assist you in enrolling. To that end, I would like to schedule a call to discuss the details of the program and answer any questions you may have. If you are available, please call me back at: (phone number), to schedule a convenient time for our call. I will be available during normal business hours, 9 AM to 6:00 PM Pacific Time, and will make every effort to accommodate your schedule.

I look forward to the opportunity to speak with you soon and help you take advantage of this exciting opportunity.

Thank you for your time and consideration.

Sincerely, Tallia Molaroni - Financial Assistance Department
Retired life insurance company financial executive who sincerely believes that ”It’s a GREAT day to be alive!”
ROIGuy
Posts: 2452
Joined: Sun May 08, 2016 10:10 am

Re: [On-going Scams - Post them here]

Post by ROIGuy »

I find it so sad that a person decides that trying to purposely trying to rip off another person is the way they want to make a living. Of course I'm sure they are the first one's to complain when something doesn't go their way.
One time I got a spam email for money to an old aol email account. I actually wrote them back telling them how pathetic they were for doing this to other people and how embarrassed their parents would be if they knew that they raised a child that does this type of work. I knew I got under there skin when they next day I got flooded with about 150 emails...lol. I enjoyed knowing I pissed them off.
I then just deleted that email account.
Adam11
Posts: 152
Joined: Sat Jun 06, 2015 1:12 pm

Re: [On-going Scams - A.I. voice re-creators

Post by Adam11 »

My grandparents received a couple phone calls over the years from “authorities” that “a grandchild” was in legal trouble and urgently needed their help asap. Since I’m their only grandchild, they were savvy enough to call me directly and we quickly sussed out that someone was attempting to scam them.

This scam that I just saw on the news is a twist on that, but scammers are now using A.I. to spoof a friend’s or loved one’s voice.
https://www.nbcnews.com/news/amp-video ... 7092293563
Scammers are obtaining voice snippets of those who have an extensive online presence (YouTubers, podcasters, influencers, news reporters, etc.) and then processing the audio thru an A.I. voice generator. This enables the scammer to then make that particular voice say whatever they want to whoever they contact. An offshoot to this is that I know many people (including myself) enjoy wasting scammers’/telemarketers’ time by keeping them on the phone for as long as possible, but knowing now that they may be recording my voice to re-create it using this new technology means I’ll probably stop hanging on the line going forward.

One of the most telling red flags in many of these scams is the extreme urgency of the request. If someone is asking you to send money absolutely RIGHT NOW, well, there’s your sign.
User avatar
Tubes
Posts: 1881
Joined: Wed Apr 22, 2020 6:33 am

Re: [On-going Scams - Post them here]

Post by Tubes »

Stinky wrote: Tue Mar 28, 2023 4:19 pm We received this email today. Of course, we have not applied for any "Hardship Assistance". The email came from a Hotmail account.

An obvious scam.

Dear (my name),

I am reaching out from the Financial Assistance Department, where I have been assigned to assist with your recent application for hardship assistance. I have reviewed your application and am pleased to inform you that you have been pre-approved for up to $37,000 in financial support.

Our program is designed to provide unique opportunities to those facing financial difficulties, and I would be honored to assist you in enrolling. To that end, I would like to schedule a call to discuss the details of the program and answer any questions you may have. If you are available, please call me back at: (phone number), to schedule a convenient time for our call. I will be available during normal business hours, 9 AM to 6:00 PM Pacific Time, and will make every effort to accommodate your schedule.

I look forward to the opportunity to speak with you soon and help you take advantage of this exciting opportunity.

Thank you for your time and consideration.

Sincerely, Tallia Molaroni - Financial Assistance Department
That one too. Same $37k. What's funny is it passed the Gmail spam filters which have been really good about such mails.
User avatar
oldcomputerguy
Moderator
Posts: 17934
Joined: Sun Nov 22, 2015 5:50 am
Location: Tennessee

Re: [On-going Scams - Post them here]

Post by oldcomputerguy »

There are a few posts above discussing what appeared to be fraudulent emails from Venmo. Here's a suspicious text I received the other day on my phone:

Code: Select all

Your Venmo Acc‌o‌unt has been locked. We recently received multiple failed login attempts to your acc‌o‌unt.

Re͏͏c͏͏‌o͏͏‌v͏͏e͏͏r͏͏y͏͏ y͏͏‌o͏͏‌u͏͏r͏͏ a͏͏c͏͏c͏͏‌o͏͏u͏͏‌n͏͏t͏͏ i͏͏‌m͏͏m͏͏e͏͏d͏͏‌i͏͏a͏͏‌t͏͏e͏͏l͏͏y͏͏ c͏͏‌l͏͏i͏͏‌c͏͏k͏͏ l͏͏i͏͏‌n͏͏k͏͏ b͏͏‌e͏͏l͏͏‌‌l͏͏o͏͏w͏͏:
http://venmo.com:911@s954837297.[scam URL redacted for here]/ven

P͏l͏e͏‌‌a͏s͏e͏ t͏a͏‌k͏e͏ a͏c͏t͏i͏‌o͏n͏ o͏n͏ y͏o͏‌u͏r͏ a͏c͏‌c͏o͏‌u͏n͏t͏ w͏i͏t͏‌‌h͏‌‌i͏n͏ 4͏‌8͏ h͏‌o͏u͏r͏s͏ t͏‌o͏ a͏v͏‌o͏‌i͏d͏ p͏‌e͏r͏m͏‌a͏n͏‌e͏n͏t͏ s͏u͏‌s͏p͏e͏‌n͏s͏i͏‌o͏n͏.

Regards,
Venmo Ser‌v‌ice

I don't have a Venmo account, so I didn't pay much attention to it. But I did notice something that I felt should be passed on: the URL is especially sneaky and deceptive.

At first glance, it appears to be a legitimate Venmo URL based on the first few characters:

Code: Select all

http://venmo.com
However, this is actually an example of passing user credentials for logging in to a web site in the URL:

Code: Select all

http:// [username] : [password] @ [actual URL]
They're getting sneakier. Be on guard.
There is only one success - to be able to spend your life in your own way. (Christopher Morley)
sport
Posts: 12094
Joined: Tue Feb 27, 2007 2:26 pm
Location: Cleveland, OH

Re: [On-going Scams - Post them here]

Post by sport »

I just received this email:


"Your feedback helps create
better healthcare experiences.

We are contacting you on behalf of your health plan, the clinicians and staff at Signify Health. We want to make sure you have a great experience during your next visit.

We are working with a research agency to collect your input. The topic is about In-home Health Evaluations.

The survey will take 15 minutes. Your feedback is confidential.

Thank you for your feedback!

deleted link"


We have not had any such visits, although they have been offered by our Medicare Advantage Plan. So, this email might be genuine. However, it certainly appears to be a scam. Of course, we did not click on the link that I have not shown.
grok87
Posts: 10512
Joined: Tue Feb 27, 2007 8:00 pm

Re: [On-going Scams - Post them here]

Post by grok87 »

oldcomputerguy wrote: Sat Apr 01, 2023 9:43 am There are a few posts above discussing what appeared to be fraudulent emails from Venmo. Here's a suspicious text I received the other day on my phone:

Code: Select all

Your Venmo Acc‌o‌unt has been locked. We recently received multiple failed login attempts to your acc‌o‌unt.

Re͏͏c͏͏‌o͏͏‌v͏͏e͏͏r͏͏y͏͏ y͏͏‌o͏͏‌u͏͏r͏͏ a͏͏c͏͏c͏͏‌o͏͏u͏͏‌n͏͏t͏͏ i͏͏‌m͏͏m͏͏e͏͏d͏͏‌i͏͏a͏͏‌t͏͏e͏͏l͏͏y͏͏ c͏͏‌l͏͏i͏͏‌c͏͏k͏͏ l͏͏i͏͏‌n͏͏k͏͏ b͏͏‌e͏͏l͏͏‌‌l͏͏o͏͏w͏͏:
http://venmo.com:911@s954837297.[scam URL redacted for here]/ven

P͏l͏e͏‌‌a͏s͏e͏ t͏a͏‌k͏e͏ a͏c͏t͏i͏‌o͏n͏ o͏n͏ y͏o͏‌u͏r͏ a͏c͏‌c͏o͏‌u͏n͏t͏ w͏i͏t͏‌‌h͏‌‌i͏n͏ 4͏‌8͏ h͏‌o͏u͏r͏s͏ t͏‌o͏ a͏v͏‌o͏‌i͏d͏ p͏‌e͏r͏m͏‌a͏n͏‌e͏n͏t͏ s͏u͏‌s͏p͏e͏‌n͏s͏i͏‌o͏n͏.

Regards,
Venmo Ser‌v‌ice

I don't have a Venmo account, so I didn't pay much attention to it. But I did notice something that I felt should be passed on: the URL is especially sneaky and deceptive.

At first glance, it appears to be a legitimate Venmo URL based on the first few characters:

Code: Select all

http://venmo.com
However, this is actually an example of passing user credentials for logging in to a web site in the URL:

Code: Select all

http:// [username] : [password] @ [actual URL]
They're getting sneakier. Be on guard.
thank you!
RIP Mr. Bogle.
User avatar
ResearchMed
Posts: 16795
Joined: Fri Dec 26, 2008 10:25 pm

Re: [On-going Scams - Post them here]

Post by ResearchMed »

sport wrote: Sat Apr 01, 2023 11:49 am I just received this email:


"Your feedback helps create
better healthcare experiences.

We are contacting you on behalf of your health plan, the clinicians and staff at Signify Health. We want to make sure you have a great experience during your next visit.

We are working with a research agency to collect your input. The topic is about In-home Health Evaluations.

The survey will take 15 minutes. Your feedback is confidential.

Thank you for your feedback!

deleted link"


We have not had any such visits, although they have been offered by our Medicare Advantage Plan. So, this email might be genuine. However, it certainly appears to be a scam. Of course, we did not click on the link that I have not shown.

When these types of queries/surveys/etc., are genuine, I wish they would at least *offer* an opportunity to "Or please log in to your account and click on <research/survey/whatever>. Thank you." ("Thank you" is optional!)

And it especially drives me nuts when financial firms, who often advise not to click on links... then send you links to click on to get messages.
:annoyed

RM
This signature is a placebo. You are in the control group.
random_walker_77
Posts: 2212
Joined: Tue May 21, 2013 8:49 pm

Re: [On-going Scams - Post them here]

Post by random_walker_77 »

oldcomputerguy wrote: Sat Apr 01, 2023 9:43 am

Code: Select all

Your Venmo Acc‌o‌unt has been locked. We recently received multiple failed login attempts to your acc‌o‌unt.
Re͏͏c͏͏‌o͏͏‌v͏͏e͏͏r͏͏y͏͏ y͏͏‌o͏͏‌u͏͏r͏͏ a͏͏c͏͏c͏͏‌o͏͏u͏͏‌n͏͏t͏͏ i͏͏‌m͏͏m͏͏e͏͏d͏͏‌i͏͏a͏͏‌t͏͏e͏͏l͏͏y͏͏ c͏͏‌l͏͏i͏͏‌c͏͏k͏͏ l͏͏i͏͏‌n͏͏k͏͏ b͏͏‌e͏͏l͏͏‌‌l͏͏o͏͏w͏͏:
http://venmo.com:911@s954837297.[scam URL redacted for here]/ven
I don't have a Venmo account, so I didn't pay much attention to it. But I did notice something that I felt should be passed on: the URL is especially sneaky and deceptive.

At first glance, it appears to be a legitimate Venmo URL based on the first few characters:

Code: Select all

http://venmo.com
However, this is actually an example of passing user credentials for logging in to a web site in the URL:

Code: Select all

http:// [username] : [password] @ [actual URL]
They're getting sneakier. Be on guard.
Thank you, that's really good to know. I suppose that they could also further obfuscate the scam URL by putting in a resolved ip address instead of the text version of the domain name. That way, there's no .com/.org/etc in the far right portion of the URL

For example, since a dns lookup of google.com resolves to 142.251.45.46, a working url to google would be http:// 142.251.45.46 (purposefully leaving an extra space in there), so you could also use http:// paypal.com:acct_recovery@142.251.45.46

There are also ways to use hex codes in lieu of ascii characters to obfuscate the domain name and make it unintelligible to humans. So the absence of text that looks like a domain name anywhere to the right of the '@' symbol in that URL wouldn't be any indicator of safety
User avatar
bertilak
Posts: 10725
Joined: Tue Aug 02, 2011 5:23 pm
Location: East of the Pecos, West of the Mississippi

Re: [On-going Scams - Post them here]

Post by bertilak »

Lately I've been getting lots of emails telling me some huge payment to me has been held up for some technical reason. It can be fixed by responding to the email with lots of personal info.

Is this activity on the rise in general, or did my name somehow make it to a new list?

One of them was actually rom Nigeria! They just don't give up.
May neither drought nor rain nor blizzard disturb the joy juice in your gizzard. -- Squire Omar Barker (aka S.O.B.), the Cowboy Poet
Mudpuppy
Posts: 7409
Joined: Sat Aug 27, 2011 2:26 am
Location: Sunny California

Re: [On-going Scams - Post them here]

Post by Mudpuppy »

bertilak wrote: Fri Apr 07, 2023 5:12 pm Lately I've been getting lots of emails telling me some huge payment to me has been held up for some technical reason. It can be fixed by responding to the email with lots of personal info.

Is this activity on the rise in general, or did my name somehow make it to a new list?

One of them was actually rom Nigeria! They just don't give up.
Spam is on the rise in general right now. It feels like someone spun up a new spam campaign by the frequency increase.
Fallible
Posts: 8798
Joined: Fri Nov 27, 2009 3:44 pm

Re: [On-going Scams - Post them here]

Post by Fallible »

Stinky wrote: Tue Mar 28, 2023 4:19 pm We received this email today. Of course, we have not applied for any "Hardship Assistance". The email came from a Hotmail account.

An obvious scam.

Dear (my name),

I am reaching out from the Financial Assistance Department, where I have been assigned to assist with your recent application for hardship assistance. I have reviewed your application and am pleased to inform you that you have been pre-approved for up to $37,000 in financial support.

Our program is designed to provide unique opportunities to those facing financial difficulties, and I would be honored to assist you in enrolling. To that end, I would like to schedule a call to discuss the details of the program and answer any questions you may have. If you are available, please call me back at: (phone number), to schedule a convenient time for our call. I will be available during normal business hours, 9 AM to 6:00 PM Pacific Time, and will make every effort to accommodate your schedule.

I look forward to the opportunity to speak with you soon and help you take advantage of this exciting opportunity.

Thank you for your time and consideration.

Sincerely, Tallia Molaroni - Financial Assistance Department
A funny thing about this: it begins saying they've approved an application to an assistance program, then the rest of it becomes a sales pitch for the program, which would be unnecessary if it were already applied to and the application accepted.
"Yes, investing is simple. But it is not easy, for it requires discipline, patience, steadfastness, and that most uncommon of all gifts, common sense." ~Jack Bogle
User avatar
plannerman
Posts: 855
Joined: Wed Feb 21, 2007 9:42 pm
Location: NC Mountains

Re: [On-going Scams - Post them here]

Post by plannerman »

This one, I'm embarrassed to say, almost got me. I received a text message that looked like it was from my bank asking if had made a $907.99 charge on a my credit card with a link to supposedly acknowledge it was not an authorized charge. The link returned my bank's login and password screen. It looked authentic and I almost fell for it.

plannerman
Lastrun
Posts: 1512
Joined: Wed May 03, 2017 6:46 pm

Re: [On-going Scams - Post them here]

Post by Lastrun »

plannerman wrote: Mon Apr 17, 2023 4:24 pm This one, I'm embarrassed to say, almost got me. I received a text message that looked like it was from my bank asking if had made a $907.99 charge on a my credit card with a link to supposedly acknowledge it was not an authorized charge. The link returned my bank's login and password screen. It looked authentic and I almost fell for it.

plannerman
plannerman, quick question: Did it mention your bank of credit card company?
User avatar
plannerman
Posts: 855
Joined: Wed Feb 21, 2007 9:42 pm
Location: NC Mountains

Re: [On-going Scams - Post them here]

Post by plannerman »

Lastrun wrote: Mon Apr 17, 2023 4:52 pm
plannerman wrote: Mon Apr 17, 2023 4:24 pm This one, I'm embarrassed to say, almost got me. I received a text message that looked like it was from my bank asking if had made a $907.99 charge on a my credit card with a link to supposedly acknowledge it was not an authorized charge. The link returned my bank's login and password screen. It looked authentic and I almost fell for it.

plannerman
plannerman, quick question: Did it mention your bank of credit card company?
Yes it came from My_Bank name_supprt@sti-mobile.com

Our bank is a large regional bank, not one of the big national ones. And we have a credit card with that bank.
Post Reply