Wednesday, April 13, 2022

If it looks too good to be true, it probably is

That old advice from your parents is good advice in a world of spam.  Here's an example that came in via text message:


Here are a couple of obvious tells here: there's a giveaway for some sort of valuable thing (a TV in this case), and there's also strange use of language ("pending the outstanding tax has been paid").  Weird language is a sign that something is not right, or that the sender is a non-native English speaker.  Both of these together is almost always a sign that someone is trying to attack you.  The link takes you to a web page that tries to load malware on your phone or computer.

9 comments:

bj32097 said...

Last night's emails contained a variation on the Nigerian scam: a letter from a Ukranian whose millions were locked up in a bank and who needed a sympathetic American to volunteer a bank account etc etc etc

There's lots of scams out there lately...

Tacitus said...

getting lots more spam of late. some of it is actually interesting in the same sense that watching dangerous animals through the bars at the zoo might be. Got one today with a .em suffix. This seems to reference a country that appears only in the Minecraft universe!

Thinking this is probably not legit.

T

ambisinistral said...

Oh, that's funny. I just did a post A flirtatious scammer which is a pretty funny phone conversation between a BBB worker and a scammer.

Rick C said...

I've gotten at least a dozen of those in the last week or so, always with a different domain. Very annoying.

"The link takes you to a web page that tries to load malware on your phone or computer."

Yeah, that's what I figured.

Peteforester said...

If you receive e-mails or texts saying you owe someone money, or that Paypal has approved payment for something you didn't order, DON'T OPEN IT! At very least it's a scam. At worst, it's a virus. I delete these without opening them and keep an eye on my bank accounts for a few days, just to be sure. I actually DID have someone hack my debit card on two different occasions. One of them ran up a couple of thousand dollars worth of purchases, which the bank wrote off. Due diligence, folks... Due diligence...

Rick T said...

The bad/borderline English is intentional. If you are too dumb to catch the errors you are sucker they are looking for.

Add in the appeal to greed for getting a big screen TV for two dollars and they've found their fish.

As WC Fields said "you can't cheat an honest man"

Old NFO said...

Phishing is getting to the point that it's probably 50% of my inbox these days.

Tacitus said...

The stuff about intentionally bad English is amusing and I have heard that before. Perhaps, with apologies to Taj Mahal:

"Singin' many Phish bites if you got bad bait
Here's a little tip that I would like to relate
Many Phish bites if you got bad bait
I'm a goin' Phishin', yes I'm goin' Phishin'
And my baby goin' Phishin' too"

T

bj32097 said...

I got some messages on my T-Mobile management account that I had ordered a new phone and services for my account. After calling T-Mobile and proving I wasn't the person who placed those orders, I had T-Mobile modify my account so I MUST SHOW ID to make ANY purchases and added a "secret word" (not my password or pin) to the account. Without BOTH, a purchase is denied.

A week later, I noted the same activity and called T-Mobile. They didn't make the sale. I received a couple more notifications over the next couple of weeks. Eventually those activity notifications disappeared.

ALL of my credit cards are geographically-limited: any purchases out of my home state must be verified by a phone call to my cell phone, and I have to give them a "secret word" (which is not my mother's maiden name, etc).

I never carry a debit card. I do carry a bank-issued VISA that I can pay with a bank transfer between accounts.

My login credentials for my bank accounts is not stored online (my browser purges cookies whenever I close it). I also use two-factor authentication for credit cards and bank account access - it's a PITA, but it's providing at least some protection.

"Trust" is a thing of the past, unfortunately.