MacInTouch Amazon link...

scams and phishing

Channels
Security
I recently started getting some odd messages in French, which I can't read, starting with "Pour synchroniser votre email, cliquez sur le lien ci-dessous." Suspicious, I turned to Google Translate, which revealed a phishing scam:
To synchronize your email, click on the link below. You will need to login to validate your email. After that, follow the instructions to verify that you are the account holder by your 10-digit token on the back of your credit card.

This link is valid for 24 hours...
The link led to an apparently compromised web site in Britain.

These messages have been slipping through my hosting company's spam filter, which evidently has not been trained on French spam.
 


I recently started getting some odd messages in French, which I can't read, starting with "Pour synchroniser votre email, cliquez sur le lien ci-dessous." Suspicious, I turned to Google Translate, which revealed a phishing scam:
The link led to an apparently compromised web site in Britain.
These messages have been slipping through my hosting company's spam filter, which evidently has not been trained on French spam.
I recently started getting some odd messages in French, which I can't read, starting with "Pour synchroniser votre email, cliquez sur le lien ci-dessous." Suspicious, I turned to Google Translate, which revealed a phishing scam:
The link led to an apparently compromised web site in Britain.
These messages have been slipping through my hosting company's spam filter, which evidently has not been trained on French spam.
On 16 February I received a threatening email in well-written French to my .FR account (which I only use for English-language emails) ... informing" me that my computer had been hacked, all my email addresses copied, and surreptitious videos made of me "reacting" to porn videos that I had been viewing, demanding hush payment with Bitcoin or the videos would be sent to all my email contacts.

Since I never watch pornography, I immediately knew that this was a scam! But I can imagine some people panicking.
 


Since I never watch pornography, I immediately knew that this was a scam! But I can imagine some people panicking.
I received one of those in English (grammatically correct, although the "author" claimed residency in an unnamed country - the reply-to header claimed it was Turkey). He literally begged me for sympathetic understanding of his need to send me research on bitcoin (what is it; where would I get it; how would I send it to him) to pay his ransom in < 8 hours before his personal circumstances would force him to ruin my life so he could feed his children.

At least it was mildly entertaining. I suspect the varied iterations of this do manage to reap their originators larger rewards than the anonymous UN representatives who tell me they've found my grandmother's unclaimed treasure buried in the dust of desperately poor foreign countries.

By the way, Google Translate did a really good job on the sentence you posted. But Apple's text-to-speech voice is improving as well. He even reads emojis. Try it out on some selected text, then select: Edit Menu > Speech > Start Speaking

He didn't even stumble over "supercalifragilisticexpialidocious"
 


On 16 February I received a threatening email in well-written French to my .FR account (which I only use for English-language emails) ... informing" me that my computer had been hacked, all my email addresses copied, and surreptitious videos made of me "reacting" to porn videos that I had been viewing, demanding hush payment with Bitcoin or the videos would be sent to all my email contacts.
This is something everybody here should be aware of. It's based on a campaign first brought to my attention by Brian Krebs almost a year ago
Sextortion Scam Uses Recipient’s Hacked Passwords
Here’s a clever new twist on an old email scam that could serve to make the con far more believable. The message purports to have been sent from a hacker who’s compromised your computer and used your webcam to record a video of you while you were watching porn. The missive threatens to release the video to all your contacts unless you pay a Bitcoin ransom. The new twist? The email now references a real password previously tied to the recipient’s email address.
Most of these now don't contain real passwords, which were purchased off of black web sites, but use similar wording. I'm guessing the perpetrator can't afford such purchases, but try using the same ruse without them.
 


Ric Ford

MacInTouch
Dan Goodin covers one phone-based scam:
Ars Technica said:
3 men cop to $21 million vishing and smishing scheme
Three Romainian citizens have pleaded guilty to carrying out a scheme that used recorded messages and cellphone texts to trick thousands of people into revealing their social security numbers and bank account information, federal authorities said.

The "vishing" and "smishing" scams are variations of phishing that use voicemails and SMS messages instead of email, federal prosecutors in Atlanta, Ga., said on Friday. From 2011 to 2014, the three Romanians compromised computers located in the US and installed interactive voice response and bulk emailing software on them. The hacked computers initiated thousands of phone calls and text messages that tricked recipients into disclosing personal information including account numbers, PINs, and social security numbers.
 


In regards to extortion attempts that ask for bitcoin (or any other transacton for that matter), one can use tools like
or
and enter a given bitcoin address to see transactions and track them back and forth to other transactions. It is interesting to note how much money some of these people are pulling in - $8000 for one that I have seen. I can understand why people do them when the potential income is so high and the perceived risk of being caught is so low.

Of course, how to turn your gazillions of ill-gained bitcoin into something you can safely use to pay for your new car is a bit of a challenge, not unlike turning large sums of stolen cash into "legit" money, but at least with the cash you can fairly safely go out to dinner without that transaction being tied by a series of transactions directly to the extortion. Not that I feel pity for extortionists mind you.
 



Money laundering is easier than ever, thanks to Bitcoin ATMs... especially if the ATM lets you convert between cryptocurrencies.
Well, maybe for a few thousand, but that seems like a pretty easy place for the cops, IRS, or Interpol to stake out, if I want to turn my hundreds of thousands of ill-gotten gains into the dreaded "fiat" currency. Being able to pin me down to a particular city also makes it harder to hide.
 


Now I'm getting scammy funding offers purporting to be through Docusign. (A quick check of the headers makes me think the mail did come from Docusign, but I could be mistaken.)
You have been pre-qualified for $250,000!

Fundshop is in an excellent position to give you the best rates and terms that are currently available industry wide.

Program Benefits:

-Rates as low as 4.99%
-No collateral required
-Minimal paperwork
-Flexible payment plans
-Same day funding
-All industries accepted

APPLY NOW to see what you qualify for!

Complete the DocuSign application & also attach the last 3 months of your business bank statements. If you have trouble attaching, you can reply back to this email with the statements or fax statements to [...]

If you would like to no longer receive emails from us, simply respond back saying "Unsubscribe".


Our mailing address is 150 Motor Parkway Ste LL70, Hauppauge NY, 11788.
 


Now I'm getting scammy funding offers purporting to be through Docusign. (A quick check of the headers makes me think the mail did come from Docusign, but I could be mistaken.)
The attachments I have received, purportedly from DocuSign, were all infected with Windows-only [malware] macros.
 


Now I'm getting scammy funding offers purporting to be through Docusign. (A quick check of the headers makes me think the mail did come from Docusign, but I could be mistaken.)
I've been getting those for months. They really are very well done.

I still think the “I watched you watching porn” extortion emails are the pinnacle of spam, because any mistakes in the text actually reinforce the idea that they're real... the only downside is (a) they are sent to people without video cameras or with tape over the camera or with G-rated browsing, and (b) they require bitcoin, and I'll bet 98% of the recipients who want to pay have no idea how to pay.
 



Ric Ford

MacInTouch
It's not just Internet scams that you have to beware of:
Bleeping Computer said:
Office Depot Pays $25 Million To Settle Deceptive Tech Support Lawsuit
Office Depot and Support.com, Inc, a tech support software provided from California, agreed to pay $25 million and $10 million respectively for allegedly tricking their customers into paying for millions of US dollars worth of computer repair services using fake malware scans.

... In the complaint [PDF], the FTC said that Support.com in cooperation with Office Depot allegedly sold costly computer repair services to customers using PC Health Check to persuade clients to pay for tech support services "from Office Depot and OfficeMax, Inc., which merged in 2013."
From at least 2009 to November 2016, Office Depot, Inc. (“Office Depot”), its subsidiary OfficeMax, Inc. (“OfficeMax”) (collectively, “Office Depot Companies”), and its tech-support services vendor throughout this time period, Support.com, Inc. (“Support.com”), made misrepresentations to consumers regarding the security of their computers. Support.com provided the Office Depot Companies with the “PC Health Check Program,” a software program designed as a sales tool to convince consumers to purchase diagnostic and repair services.
As reported by BleepingComputer back in 2016, a whistleblower told KIRO 7 reporters that Office Depot employees were forced at the time by internal procedures to use the PC Health Check PC diagnostics software to show, in most cases, a malware infection on the user's PC.
 


Amusing: I received in the United States Mail today one of those bitcoin blackmail letters
Apparently, it has been a thing for a while:
"This account is now hacked! Modify your password this time!
You may not heard about me and you may be most likely wondering for what reason you are getting this e-mail, is it right?"


I have not gotten any of these sent via USPS, but have had many, many of these sent from my primary business domain email address. I had to go into my hosting control panel to change the SPF record to "spf.hosting-name.net -all" which means "Email from mydomain.com domain must come from the hosting-name.net mail servers, reject anything else".

This, of course, won't help you if you are not receiving these spams from your own domain email, but it might help someone else reading this thread. Once I made this 30-second SPF change, all these types of emails stopped immediately. (Fortunately, I have never received anything like this via snail mail.)
 


DFG

I just (almost) fell for a scam email today. It was a forged email from "Apple support" regarding my AppleID.

Here's a screenshot of how it looks in Mail. So I clicked on the link. I was shown a very realistic Apple-ish form requesting my information. Among the items was my social security number. This got me suspicious, so I looked online, and comments on Apple discussions pointed out that this maybe a scam.

So I hovered on the link in the email, and here's the actual link:

Lessons:
1. Be suspicious of emails out of the blue about some of your accounts​
2. Never click on a link in an email unless you initiate the communication. Even then, verify the URL the link is pointing to​
 


I just (almost) fell for a scam email today. It was a forged email from "Apple support" regarding my AppleID. Here's a screenshot of how it looks in Mail. So I clicked on the link. I was shown a very realistic Apple-ish form requesting my information. Among the items was my social security number. This got me suspicious, so I looked online, and comments on Apple discussions pointed out that this maybe a scam.
So I hovered on the link in the email, and here's the actual link:
Lessons:
1. Be suspicious of emails out of the blue about some of your accounts​
2. Never click on a link in an email unless you initiate the communication. Even then, verify the URL the link is pointing to​
Good points. There are also at least 4 things in the message that can tip someone off (all poor grammar or misspellings, capitalizations):
1. "... and if you not"​
2. "24hours"​
3. ", We will"​
4. "... and Billing"​
 


I just (almost) fell for a scam email today. It was a forged email from "Apple support" regarding my AppleID. Here's a screenshot of how it looks in Mail. So I clicked on the link. I was shown a very realistic Apple-ish form requesting my information. Among the items was my social security number. This got me suspicious, so I looked online, and comments on Apple discussions pointed out that this maybe a scam. So I hovered on the link in the email, and here's the actual link:
Lessons:
1. Be suspicious of emails out of the blue about some of your accounts​
2. Never click on a link in an email unless you initiate the communication. Even then, verify the URL the link is pointing to​
The first thing I noticed on looking at the email is that you were not addressed by name, only as "Apple ID Member". If you have had any dealings with any organization or company, they would address you by name. The fact that they may have your Apple ID (email) name is irrelevant.

Second, as has been repeated many times here on MacInTouch, never, ever click on a link, or at least, not before determining the actual destination (as you ultimately did by hovering over the link).

Finally, you can be 99.9% certain that most such emails are scams or phishing and treat them with the scrutiny and distrust they deserve. I'm glad you were able to stop yourself before any damage was done.
 


Lessons:
1. Be suspicious of emails out of the blue about some of your accounts​
2. Never click on a link in an email unless you initiate the communication. Even then, verify the URL the link is pointing to​
Also, double-check the source. Even though the mail claims to be from "Apple Support", the actual e-mail address (not shown in this screen-shot) is almost always from some domain other than apple.com.

Depending on your e-mail client, the procedure for seeing the actual e-mail address will be different. Some clients will just show it to you. Sometimes you can hover the mouse pointer over the name. Sometimes you need to right-click on the name and pick something from a pop-up menu. In Apple's iOS mail app, tap on the name (next to "From:") to see a contact-card screen containing the full address.

Although it is easy to forge the "From:" line of an e-mail address to include anything (including a legitimate "example @ apple.com" address), for some reason, most spammers don't bother. A legitimate mailbox as the message source doesn't mean it is legit, but a non-Apple mailbox as the source of a message claiming to be from Apple is a 100% certain sign that it is bogus.
 


Any email from Apple or other legitimate company with which you do business will address you by name. That one was obviously a scam, based on the characteristics already mentioned: generic salutation, spelling errors, badly written.
 


One scam-or-not clue is whether the email uses your actual name in the email address, or just the address. Mail sent to just your address from a company that should know your name is likely to be fake.

Except... not in Apple Mail, because Mail displays your name in the To: field even if the actual email doesn't have it. So to use this simple technique, you'd have to read the raw email source.
 


One scam-or-not clue is whether the email uses your actual name in the email address, or just the address....
I meant that Mail sent to an address that includes your name (e.g. "Michael Schmitt" <email address>) is more likely to be legitimate, because spammers typically don't have your actual name, especially when they are randomly generating email addresses, such as generating email to jdoennnn@every_ISP.

This isn't a conclusive test. Scammers could have got your name from a breach, and legitimate companies may include your name in the email body but not bother to include it in the email address. But, still, it would be better if Apple Mail did not make it appear as though every spammer knows your full name.
 



Today's stupid APPLE SECURITY UPDATE! phishing attempt from "Apple Support<non-Apple email>" tells me I must "Update Now: Apple Releases macOS Security Patches for Adobe Flash Player."

This is, of course, ridiculous on many levels. The "update" link is to [this].
 


When I got home today there was a message left on my answering machine from "Apple" using an automated voice saying that my iCloud account had been compromised and to "Press 1" to be connected to a representative. I rarely if ever answer the phone these days due to the number of such events.
 


When I got home today there was a message left on my answering machine from "Apple" using an automated voice saying that my iCloud account had been compromised and to "Press 1" to be connected to a representative. I rarely if ever answer the phone these days due to the number of such events.
Yes, I also got several of these. I learned not to pick up and blocked the number on my phone. I did notify Apple Support. That was about a month ago.
 


I don’t know whether this should be called scam or spam. It could be both. At an email address I have through our non-profit animal rescue, I received a solicitation just now for a mobile app for charitable giving.
All you need to do is enable donations. There’s no risk or commitment: your organization profile on the app is free, there’s no monthly charges or ‘premium’ tier, and most users will cover fees themselves.
They actually had my last name, although the email address is just my initials. But there was evidently a wee problem with their mass mailing process, because this was the salutation:
Hi, Default Value Jenkins.
Gave me a chuckle, perhaps I’m too easily entertained.
 


When I got home today there was a message left on my answering machine from "Apple" using an automated voice saying that my iCloud account had been compromised and to "Press 1" to be connected to a representative.
Ah, yes. My favorite part is where they tell me not to "do anything online" because of said compromise. At least one of the calls had a spoofed Apple support number, but most did not.
 


I got three calls to my cell number today purporting to be from Apple and showing the default Apple contact info. I also got a few of these last week. Of course I did not answer any of them, but it is very annoying, because until fairly recently, I have almost never gotten nonsense calls to my cell number. I’m guessing that there is no easy way to determine what the caller’s real number is? Or any way to send a death ray over LTE?
 


I got three calls to my cell number today purporting to be from Apple and showing the default Apple contact info. I also got a few of these last week. Of course I did not answer any of them, but it is very annoying, because until fairly recently, I have almost never gotten nonsense calls to my cell number. I’m guessing that there is no easy way to determine what the caller’s real number is? Or any way to send a death ray over LTE?
You'll be really happy to know that the FCC is working on the issue. Still.
 



My father (83 y.o.) was scammed just a few weeks ago...
This may be the same sort of scam that hit a neighbor of mine, 80-something and starting to get a bit hazy about details. I was called in because she complained that her computer was slow and her files were gone.

The story seems to be (reconstructed by others, since she doesn't remember it very well) that a couple of days ago they popped up on the browser or called her out of the blue, and promised her $10000 (or something) if she got rid of the viruses (or whatever) on her machine. She granted them access and went to the bank to confirm the money; the bank told her it was a scam. Meanwhile, while she was out, it seems the damage had been done.

By the time I saw the situation, she was in a mysteriously empty world; all her files were gone and the desktop had a white background.

But I could see that in fact there was another User; she didn't know what a User was, even, but I guessed that this was probably her old User and that the scammers had created a new User and put her into it. That's why she wasn't seeing any files.

I tried to log her back into the old User but the password wasn't working. However, the new User was an admin user, so I changed the password on the old User so that it worked, and logged into it.

Here I discovered a lot of running processes (no wonder the computer was slow), including various forms of peek-at-your-computer software. I stopped the running processes and deleted all the peek-at-your-computer stuff, including launch daemons and agents (because merely quitting the stuff caused it to start up again otherwise), and deleted the new User. And all seems to be well.

So my guess is that, through social engineering, the scammers had gotten her to install some control-your-Mac software and to tell them her computer password, so that they were able to fiddle with the Users while she was out.

I feel somewhat shaken by this experience, because the purpose of the scam is mysterious to me. They don't seem to have deleted anything, so what were / are they up to? Even weirder, why were they so idiotic as to make the new User an admin User with the same password the old User used to have? Because of that, getting back into the old User was trivial. How could they expect to make money out of such a crude trick? They could have done all kinds of things to make this hard for me, but they didn't. Why not? Is there something else going on here that I don't know, or are these guys just dumb?
 


Ric Ford

MacInTouch
This may be the same sort of scam that hit a neighbor of mine, 80-something and starting to get a bit hazy about details. I was called in because she complained that her computer was slow and her files were gone. The story seems to be (reconstructed by others, since she doesn't remember it very well) that a couple of days ago they popped up on the browser or called her out of the blue, and promised her $10000 (or something) if she got rid of the viruses (or whatever) on her machine. She granted them access and went to the bank to confirm the money; the bank told her it was a scam. Meanwhile, while she was out, it seems the damage had been done.
This story popped up on my security rounds today:
Sophos said:
Two charged with tech-support scamming the elderly for $10m
Two US people have been charged with the alleged tech-support scumbaggery of spooking old people by shoving scary “Your computer has a virus, call us!!!!” pop-ups in their faces and then fleecing them for services they didn’t need and never got. The band of crooks did this to about 7,500 victims, most of them elderly, shaking them down for more than $10 million.
...
Two years ago, when the Federal Trade Commission (FTC) launched a crackdown on tech support scammers, it released a 48-minute scam call featuring an actor portraying one of these scammers’ preferred prey: a tentative, gullible, easily sweet-talked, elderly man.

As part of its Operation Tech Trap – a broad crackdown on tech support scams both in the US and elsewhere – it passed along these tips on what to do if you get an unexpected tech-support call or pop-up:
  • Hang up on callers. They’re not real tech-support staffers. And don’t rely on caller ID to prove who a caller is. Criminals can spoof calls to make it seem like they’re calling from a legitimate company or a local number.
  • If you get a pop-up message that tells you to call tech support, ignore it. While there are legitimate pop-ups from your security software to do things like update your operating system, you shouldn’t call a number that pops up on your screen in a warning about a computer problem.
  • If you’re concerned about your computer, call your security software company directly – but don’t use the phone number in the pop-up or on caller ID. Instead, look for the company’s contact information online, or on a software package or your receipt.
  • Never share passwords or give control of your computer to anyone who contacts you. Doing so leaves your computer open to malware downloads and backdoors.
  • Get rid of malware. Update or download legitimate security software and scan your computer. Delete anything the software says is a problem.
  • Change any passwords that you shared with someone. Change the passwords on every account that uses passwords you shared.
  • If you paid for bogus services with a credit card, call your credit card company and ask to reverse the charges. Check your statements for any charges you didn’t make, and ask to reverse those, too. In the US, report it to ftc.gov/complaint.
Tips like these are great for those of us who can absorb them. But the elderly, all too often, don’t have that capacity.
 


Stuff like this is why I didn't want my dad to get a computer. He was savvy about scams and fraud in the "real" world but knew so little about computers that he could possibly have been taken in by one of those pop up scams. Fortunately, he never got a computer.

A naive, elderly acquaintance of my dad's was scammed through an ad in a local paper: a great "opportunity" that just required a chunk of money upfront. This guy was about 70 and had never even had a credit card. He was persuaded to get a card and make this "payment." He didn't even know, until my dad explained it to him, that he could dispute the charge.

Whether you have a computer or not, there are predators eager to try to steal from you.
 


“Your computer has a virus, call us!!!!”
It happened to my father. He got worried about what it was doing, and called me. It still took me almost yelling at him to get him to pull the ethernet cable (they had been churning his drive for over an hour), so we could at least catch our breath and figure out what to do next. In the end, he didn’t have anything of real importance on the Mac, so I had him get out Apple’s CD and wipe the drive. Nothing lost. His credit card was very understanding of this stuff and simply canceled the payment. He got off lucky.
 


A client of mine almost got scammed out of her brand-new 27" iMac. She bought it online, and I helped her set it up. But she found the screen to big for her tiny desk, so she put it on Craigslist.

Within 1/2 hour she got a reply from Chicago (we're in Seattle). The person spoofed a very accurate email from Venmo, saying that the money would be transferred to her Venmo account as soon as she reported the shipping number. She shipped it via UPS and emailed the scammer the number.

Then tried to enter the shipping number on Venmo, but there was no pending transaction in her account. She called them, and they verified it was a scam.

Luckily, UPS hadn't delivered the iMac yet, so she had it intercepted and returned. The scammer had the audacity to confront her when they saw she canceled the shipment.
 


Today I received two calls spoofed to be from Apple support. The caller ID read APPLE from the number 424-204-4290. It's a known scam saying my account was breached.

It's the time of year when scammers are most active preying on everyone preoccupied with the holidays. A good time to remind all the people you support that no legitimate company will use the telephone to report a computer problem or data breach. Remind people that they should just hang up. If they're concerned, they should contact you, so you can do the research to determine if it was a scam.
 




I got a good one this month, $26 million from a safety deposit box. Banker said they had tried all ethical possibilities to contact an heir and failed. Contact the banker only through her husband, whose information was not included. Not a good money deal though, they offered me only 50% of the money, 40% for the unethical banker, and 10% to any charity I name. It was from a bank in Madrid, but the postmark was Paris, France. Yep, an actual letter in US mail.
 



Amazon disclaimer:
As an Amazon Associate I earn from qualifying purchases.

Latest posts