Is this a phishing attempt?

Topic

New Reply

I received this in my gmail spam folder tonight. I DID NOT change my password.

Did this come from Ask Woody or is this an attempt to find out my password?

Is that your email address in the email Susan?

Don't take yourself so seriously, no one else does
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

Reply | Quote

Replies

The email address of the sender is Susan’s. If you have doubts, just ask her. You can also contact her by sending a message here to “Customer Support” (the link is at the top of this page brown right sidebar).

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Thanks Oscar, I just sent an email to CS and Susan

Don't take yourself so seriously, no one else does
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

Reply | Quote

Directly email me at sb@askwoody.com and forward to me a copy of that email please?

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

How can I identify a Phishing scam?

Reply | Quote

Stephany_Sy: “How can I identify a Phishing scam?”

Having to take every year for more than a decade government-mandated online courses on IT security, each with a final test, and having passed them all (and something that, let me tell you, borrowing one word from your motto, really sucks) all the wisdom on phishing I can offer you garnered from such a prolonged education can be summed up as follows:

If you get an email from someone you’ve never heard of, out of the blue, telling you something that looks too good to be true, then it is not true and you just junk it. To see if the message is of this type, preview such mail in the appropriately named preview panel, usually in the right half of the email application window.

Or, alternatively, the emails might offer something that is utterly inappropriate to your situation. For example, I keep getting offers to get a job as a Lyft driver. A so-called university keeps trying to encourage me to enroll in one of their faculties to get a degree that would be the fool-proof key to getting high-earning jobs. Given that I am old enough to have seen almost four generations from being born to getting jobs and even getting their own babies, that I already have a PhD and a modest but real international reputation in my chosen field of work, and that I am not in any urgent need to earn money, so I continue to work only because I like it, those offers are not exactly spot on for me.

These days many phishing attempts have email subjects that I would generically describe as: “Get free government money” (or offering help to get something else just as good for free) and almost invariably the first word in the text would be, in your case, “Stephanie.” From a total stranger. The email addresses may also be odd and, on occasion, unintentionally humorous. The emails will probably have links where in the text you are asked to click on so as to get whatever good things are offered by the helpful sender. If you hover the cursor over the link it will show a probably interesting real URL that a skeptical reader may translate more or less like this: ” https://www.we.are.real.crooks.com.ru/ ” (not a real link even if it look like one, and without the quotation marks, of course).

If the email is not about something I know already to be real and is not from a source that is familiar to me, I would just trash it and only pay attention if I start to get follow-on emails that are directed at me personally, addressing me as “Dear Mr. ” or, even better, “Dear Dr. “, and seem to be serious enough to deserve attention. In such a case, I would ask around and, or google some short but revealing portion of the text placed between quotation marks and adding the word ‘scam’ as a keyword, then see what I get. Always clicking first on “Tools” at the top right of the search field and choosing “Past year” as the  time window for the search.

I wish you only good and successful adventures in Scamland, where some of its denizens are going to try to get in touch with you through your inbox every day, year-round.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

May I offer one exception/sidelight on paragraphs 2 and 4 of Oscar’s comments:
2 – semi-automatic junk unknown
4 – free government money ?

The recommendations he gives are right on – but … one may want to dig slightly deeper to see if there really IS money.

Do your own internet Search of this: [ unclaimed property your-state ]. Then, go the state-government-site in the hit list. Follow the directions there to do a Property Search on your name. This (Unclaimed Properties) government function appears to be mostly unknown. I have found many thousands of $$’s and notified neighbors, relatives, church acquaintances, and friends.

Yes, I know that this post has all the hallmarks of a spam/scam, so I am not including any direct links. Depending upon the ‘target audience set’ that I am searching on, I’ve generally gotten between 10% and 30% valid hits. I’ve been quite surprised.

Be suspicious, be careful, don’t be careless; be slow on knee-jerk reactions.
Oh yes, the info above applies to the US; do other countries have similar government services?

Edit: I’ve created another topic post here to house any comments on this information – Unclaimed Property. Don’t hijack this thread any deeper please.

Reply | Quote

Stephanie_Sy wrote:

How can I identify a Phishing scam?

I would suggest the first step is to direct your incoming mail thru Gmail.
Gmail has the best spam, phishing,.. filters in the industry.
Second would be never open any mail requesting personal data..Governments, Banks…never request personal data.

Reply | Quote

Also never make a call to any phone number given in the suspect email. Same as not clicking on any links. Either action will result in: (a) the confirmation that someone received the email at your address, so the address remains valid and you may still be around; (b) either way, then is when you are likely to be asked for personal information directly, or indirectly by being asked to answer questions requiring answers that can be used to find more about your personal information.

In fact, even opening a suspect email might send an automatic confirmation back to the crooks that their email was received at your address. So it is best to make up one’s mind to open or trash it by examining the email, as much as possible, in the review panel.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

? says:

interested in what this is. i see the handler is SendGrid and a quick google has a few items of interest going back several years:

https://www.bleepingcomputer.com/news/security/hacked-sendgrid-accounts-used-in-phishing-attacks-to-steal-logins/

and:

https://krebsonsecurity.com/2020/08/sendgrid-under-siege-from-hacked-accounts/

Reply | Quote

Update: This morning my password worked fine so there must be an issue with editing my signature and saving it which triggered the notification that I got from AW.

Don't take yourself so seriously, no one else does
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

Reply | Quote

From the article in Krebs on security with a link in Anonymous  #2405589  comment:

“August 28, 2020

Email service provider Sendgrid is grappling with an unusually large number of customer accounts whose passwords have been cracked, sold to spammers, and abused for sending phishing and email malware attacks. Sendgrid’s parent company Twilio says it is working on a plan to require multi-factor authentication for all of its customers, but that solution may not come fast enough for organizations having trouble dealing with the fallout in the meantime.”

I also remember reading about security problems with Sendgrid elsewhere. Is multi-factor authentication used now at Sendgrid, and is it setup in AskWoody in a way that does not require some action by someone commenting here when copies of a comment are sent to those that subscribe to the thread’s forum?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

But no one here on the site has an account in sendgrid.  I do, but anyone at Askwoody, we all use two factor authentication when accessing the sendgrid console.  For purposes of sending out emails, there’s an hook into the blog, but again, there’s no account or password at sendgrid for anyone who is a forum user at the site.

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

OscarCP

Reply | Quote

OscarCP wrote:

Stephany_Sy: “How can I identify a Phishing scam?”

Having to take every year for more than a decade government-mandated online courses on IT security, each with a final test, and having passed them all (and something that, let me tell you, borrowing one word from your motto, really sucks) all the wisdom on phishing I can offer you garnered from such a prolonged education can be summed up as follows:

If you get an email from someone you’ve never heard of, out of the blue, telling you something that looks too good to be true, then it is not true and you just junk it. To see if the message is of this type, preview such mail in the appropriately named preview panel, usually in the right half of the email application window.

Or, alternatively, the emails might offer something that is utterly inappropriate to your situation. For example, I keep getting offers to get a job as a Lyft driver. A so-called university keeps trying to encourage me to enroll in one of their faculties to get a degree that would be the fool-proof key to getting high-earning jobs. Given that I am old enough to have seen almost four generations from being born to getting jobs and even getting their own babies, that I already have a PhD and a modest but real international reputation in my chosen field of work, and that I am not in any urgent need to earn money, so I continue to work only because I like it, those offers are not exactly spot on for me.

These days many phishing attempts have email subjects that I would generically describe as: “Get free government money” (or offering help to get something else just as good for free) and almost invariably the first word in the text would be, in your case, “Stephanie.” From a total stranger. The email addresses may also be odd and, on occasion, unintentionally humorous. The emails will probably have links where in the text you are asked to click on so as to get whatever good things are offered by the helpful sender. If you hover the cursor over the link it will show a probably interesting real URL that a skeptical reader may translate more or less like this: ” https://www.we.are.real.crooks.com.ru/ ” (not a real link even if it look like one, and without the quotation marks, of course).

If the email is not about something I know already to be real and is not from a source that is familiar to me, I would just trash it and only pay attention if I start to get follow-on emails that are directed at me personally, addressing me as “Dear Mr. ” or, even better, “Dear Dr. “, and seem to be serious enough to deserve attention. In such a case, I would ask around and, or google some short but revealing portion of the text placed between quotation marks and adding the word ‘scam’ as a keyword, then see what I get. Always clicking first on “Tools” at the top right of the search field and choosing “Past year” as the  time window for the search.

I wish you only good and successful adventures in Scamland, where some of its denizens are going to try to get in touch with you through your inbox every day, year-round.

I would like to add to the the validity of offering a preview of an email as being a safe option in lieu of opening it. It would seem to me if there is a maleficent payload in an email a preview would not protect one. How would that be any different than viewing it? Any one have an opinion on this?
FWI I use save as a text and then look at the text to assure myself that it would be a safe email to actually view.

Sorry for the long quote. I thought I was quoting what I highlighted!

Just because you don't know where you are going doesn't mean any road will get you there.

Reply | Quote

Wavy: You told me once that you  admired my writing, or words to that effect, and now you have definitely proven it!

On the safety or otherwise of looking at emails in the preview panel:

At least one helpful thing about looking at an email in the panel instead of opening it, is that when one opens the email it is quite possible that it is one that has been sent with the request for an automatic confirmation that it has been read, letting the crooks sending it know that someone might be taking the bait and be about ready to swallow the hook, so it’s time for a strong and sharp pull to hook this clueless fish and reel it in. Perhaps in the form of a follow-on email laden with all kinds of nastiness hidden underneath the visible part of it.

Others are kindly invited to comment on Wavy’s question, that is a good one.

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

1 user thanked author for this post.

wavy

Reply | Quote

it is quite possible that it is one that has been sent with the request for an automatic confirmation that it has been read,

Is this a reference to a Return Receipt? In Firefox it is customizable.
Tools > Options > General > [section] Reading & Display

Or if not, does this refer to some embedded image(?). How does this work?

Reply | Quote

One can send an email with a request for confirmation (with a return receipt) that it has been read, or at least opened. This request is dealt with automatically by the receiving client application. I have sent emails like that, for example when it was something urgent, or for some other reason I needed to make sure that my message had been received.

Also, as I understand this, and please correct me if I am wrong, because I am no expert on computer-age shenanigans, the email could also have an image in it that contains hidden malware:

https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/malicious-spam-campaign-uses-iso-image-files-to-deliver-lokibot-and-nanocore

https://blog.reversinglabs.com/blog/malware-in-images

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

OscarCP wrote:

the email could also have an image in it that contains hidden malware

A web beacon is probably the easiest way to track email. This Wikipedia article explains more.

Hope this helps…

Reply | Quote

Of the several types of suggestions to avoid being tracked (or perhaps more properly put: “spied”) in the Wikipedia article linked by Rick Corbett, I would recommend this one first, because of its simplicity and, second, for it lack of potentially inconvenient side effects:

“One way to neutralize such email tracking is to disconnect from the Internet after downloading email but before reading the downloaded messages. (Note that this assumes one is using an email reader that resides on one’s own computer and downloads the emails from the email server to one’s own computer.) In that case, messages containing beacons will not be able to trigger requests to the beacons’ host servers, and the tracking will be prevented. But one would then have to delete any messages suspected of containing beacons or risk having the beacons activate again once the computer is reconnected to the Internet. ”

But see the Note, at the end of this comment.

I would add that different email clients (the email software in one’s computer) perform some protective tasks differently when mail is received, such as flagging it as spam, for example, or as junk, and placing these in the corresponding folders, where one can delete them sight unseen, after checking the senders to make sure that no legitimate mail has been put there by mistake (it happens).

Apple Mail does that. Others, Thunderbird, for example, flags some mails as junk, but leaves them flagged in the mail box, where its contents have been stripped of pictures in the preview pane, but one has to click on the “junk” flag twice to move them to the Junk folder. Unwanted of suspicious emails not flagged, in both clients mentioned, have to be deleted by hand ending up is a “Trash” folder, where they can be deleted later with the same precautionary sender checking I already explained for the mails in “Junk” and to do so one cannot avoid them fully showing, however briefly, in the review panel.

So removing first the suspicious, unwanted or, depending on the email client, mail flagged as “junk” and then reading the remaining mails, and doing both things offline, is the simplest, best, less bothersome way to deal with this problem, in my opinion.

Note: But Thunderbird, being as usual the black sheep of email clients, only allows to read emails offline if one has an incoming IMAP server. Those like myself, who want to have all of one’s mails in one’s computers and not in someone else’s “Cloud” server, may have to switch off their connection to the internet at the router or else turn off WiFi, if this is what one uses to connect to the router.

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

I can read my POP email just fine offline. Of course Remote Content can not be viewed when offline. But that is true for IMAP as well.

I have to modify what I just wrote to say this: Some stuff that TB thinks is remote is actually on the client computer and can be displayed. I do not have any idea why thaty would be.

BTW I am still on ver 60.9.1 if that make a difference, I should think it would not.

Just because you don't know where you are going doesn't mean any road will get you there.

Reply | Quote

Wavy, You are quite correct; I just tried to go offline, and it worked fine, although my incoming server for TB is POP 3. The external content that got removed were ads, in the emails I sampled, while pictures within the messages put there by their senders stayed visible. So … Are ads externals and pictures sent to me by someone I might not even know but trust (e.g., those who take care of putting together and delivering the online publications I subscribe to) “external” or not???

What happened earlier was this: I googled “thunderbird offline how” and got lots of hits, as usual, all starting with “You need to have an IMAP server to do this!!!!” When using either the “Any Time” or the “Last Year” search time window.

So I decided that such huge unanimity deserved to be considered credible, and went from there.

In many cases, I have benefited from doing the above to get something explained on the Web, but no in this one.

But this is about the flaky email client known for whatever inscrutable reason as “Thunderbird”, so it is not surprising that the advice online as to how to do something with it should also be flaky and maybe also inscrutable.

And for your information: I am running TB (for Macs) 78.14.0 and it has been nagging me for some time now to install the latest version 91.4.0 . Something that, oddly enough, I am not very eager to do just now. Or tomorrow. Or the day after tomorrow. Or the day after the day after tomorrow. Or …

You get the idea.

 

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote