Can you identify the scam?

Topic

New Reply

ON SECURITY By Susan Bradley This is scam season at my office. Every day, there is an unwanted email that comes though our email-filtering system and
[See the full post at: Can you identify the scam?]

Susan Bradley Patch Lady/Prudent patcher

8 users thanked author for this post.

TechTango, fisher75, cybercrone, DKThompson, schmootoo, SueW, DLivesInTexas, jburk07

Reply | Quote

Replies

The other quick thing to do is examine the email address of the sender.  It is very difficult for spammers to use the company’s legitimate email addresses.

Reply | Quote

In this case they did use the actual email address-but the reply to went elsewhere

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

Something that I’ve found to be very useful is to maintain a separate address that’s used for purchasing, where I don’t use my primary addresses (either business or personal) for that kind of activity.  With the separate address, that allows keeping that clutter out of my main addresses, where I check the purchasing mailbox only when I have reason to do so (especially useful as a defense against the vendors that automatically opt you in to their marketing mailing lists), but it also makes it easier to determine if a message has a legitimate sender.

Thus, if I see a message purporting to be from Netflix that hits my personal or work inboxes, I *know* that’s a fraud, because the address I use for my Netflix account is a different address.

Obviously, that doesn’t help if a scammer gets the purchasing mailbox, but this kind of segregation really helps.

Actually, taking that a step further — I keep another separate address (a throwaway address with a free provider) that I use when somebody asks me for an address, and I really don’t want to give them one of my primary addresses.  As with the purchasing address, I only check it when I have reason to do so, and it helps keep low-priority stuff at bay.  If there gets to be too much clutter there, I can always abandon the that mailbox and start over.

The underlying theme is that the only people who have my primary addresses are people who *need* to know those addresses, and the addresses that get used for wider and more public use are secondary addresses.

Reply | Quote

Coincidentally, we received our second one of these today.  In our case, though, they both came through referral forms.  Today’s came via Yelp — and there’s a decent chance it really is legitimate — and the other one came through the form on our own website.

The first one looked suspicious due to the wording, although the purported prospect was of a different ethnicity and the English errors were as you might expect.  The big problem was that it came from a hotmail address, and the business itself uses a hotmail address (business owners: why can’t you pay a few bucks and get your own domain???).  I replied via their website form and never heard anything back, so I assume that was a scam attempt.

Today’s is a little more difficult.  Again, the wording doesn’t sound quite right, but the facts line up with what research I could do online.  Since it was one of those rare cases when an online search for the individual actually returned an address, my office manager is at the mailbox right now, mailing our response letter.  If it’s a legitimate request, I assume the person will get in touch with us directly (if not, her loss).  If it’s a scam, then I hope I just saved both parties future hassles.

Have to read everything extremely carefully these days!

Reply | Quote

The thing I hate about 2-factor authentication is that I rarely have my phone or usual phone number when it’s needed.
I’m of an age that hasn’t gotten used to carrying a phone around all the time, so most of the time it’s somewhere other than where I am, especially when I’m working on things. It would be a distraction.
And when I’m travelling, due to the extortionate charges for cell service in Canada and which are even seriously worse for roaming, I just get a local SIM card.
Either way, when some site surprises me with the need for authentication I have to rush to retrieve my phone, or else switch out SIM cards and ask them to send again, which can lead to me being cut off from my bank due to an overabundance of caution.
I have not figured out a good way around either of these problems, so, frankly, I wish 2 factor authentication was a choice, rather than a necessity.
Any hints for work-arounds welcome.
TIA,

~cybercrone

 

"She was not quite what you would call refined. She was not quite what you would call unrefined.
She was the kind of person that keeps a parrot."
--Mark Twain

1 user thanked author for this post.

ctRanger

Reply | Quote

See if they offer something that you would have with you – a keyfob or a dongle?  I always have my phone, but I understand the issue.

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

cybercrone

Reply | Quote

Thanks for that!

Who would give that?  The bank or the cell company.

I’m also going to look into those “everywhere SIMS” if I can only remember their right name.

 

"She was not quite what you would call refined. She was not quite what you would call unrefined.
She was the kind of person that keeps a parrot."
--Mark Twain

Reply | Quote

Like you, cybercrone, I don’t carry a cell phone around with me, so I found 2FA awkward.

But I’ve had better luck installing Authenticators apps right on the same computer. (From LastPass, Microsoft, etc., and from third parties like WinOTP.)

The real pain is getting an Authenticator app to link to each of the accounts I have all over the Internet. The link is often initiated by scanning a QR code for that Web site. But good luck finding those QR code pages, or “scanning” a code on a computer without a working camera.

It may be an interruption to launch the Authenticator app, but it’s easier than going to get my phone!

1 user thanked author for this post.

cybercrone

Reply | Quote

snissen wrote:

But good luck finding those QR code pages, or “scanning” a code on a computer without a working camera.

Those QR codes usually provide a “manual key” you enter into your authenticator app to activate it when you can’t scan the image.

Some authenticator apps also include the ability to “read” the QR code directly from your browser screen without a camera.

Personally, I’ve been using WinAuth as the authenticator app on my Windows 10 22H2 PC for the past 7.5 years and have yet to encounter a 2FA QR code that doesn’t work with it.

1 user thanked author for this post.

PL1

Reply | Quote

Recently the only one I have been getting is the “thank you for your payment of $495 (or some large number). Invoice is enclosed.” They know my email and often know my name. Most of these wind up in gmail spam, but some make it through to TBird. They want you to click on the attached file which is supposed to be an image of the invoice. It could be, with a bogus phone number to call to “resolve the problem (and give them all your info)”. or it could be ransomware. No way to tell. don’t click on it!!!

Reply | Quote

Just got this yesterday.
I never had a Ford car.

Reply | Quote

I regularly get similar e-mails and/or robocalls telling me the warranty on my Dodge has expired and they’ll extended it, for a reasonable price of course.

The catch being, my Dodge is a ’98 with 360K miles on so it doesn’t qualify for anyone’s extended warranty!

Reply | Quote

hasn’t gotten used to carrying a phone around all the time

cybercrone,  I have found that having the right case for my phone plays a BIG roll in keeping keeping it with me.  Slim light duty or decorator cases don’t cut it.  Neither does keeping my phone in my pocket.  Year’s ago I switched to the Otterbox Defender series phone cases.  The rugged case and matching full size rugged belt clip is, IMO very secure, and stays put. It’s especially handy when I’m expecting an important text or a call.

 

Desktop Asus TUF X299 Mark 1, CPU: Intel Core i7-7820X Skylake-X 8-Core 3.6 GHz, RAM: 32GB, GPU: Nvidia GTX 1050 Ti 4GB. Display: Four 27" 1080p screens 2 over 2 quad.

Reply | Quote

TechTango wrote:

The rugged case and matching full size rugged belt clip

I always use clip on cases with my iPhones.

Reply | Quote

I wish more women’s clothing had belt loops.  It would be helpful in this case.

"She was not quite what you would call refined. She was not quite what you would call unrefined.
She was the kind of person that keeps a parrot."
--Mark Twain

Reply | Quote