If you received a text message or email telling you that “Account might be blocked for your security!” DON’T click on any link or respond to it! The spam message comes from firstname.lastname@example.org, which should be a tip-off, but in case you’re not sure, it’s a scam!
A new malware scam is hitting email inboxes. The email sample that we have comes from an email address at thomaskeller.com (ours is specifically from email@example.com), and claims to have received an invoice from your company. They even include your company name in the email, making it seem more legit. But it isn’t.
Automated vacation messages are often frowned upon for several reasons, including that they can be a spam vector, that if set improperly (such as being triggered with every single email from every single person) they can actually views as spam, and that they can actually cause legitimate email from you to end up in the spam folder. But as if that’s not enough of a reason to not use an automated vacation message, they can also be used with a bit of social engineering to steal your identity. Here’s how that can happen.
Confused by a confirmation of a new Amazon “Prime Acct Gift” order that landed in your inbox today, when you know that you haven’t placed any such order? You’re not alone. The order with the subject ‘New-order #20953735 – confirmed’ (although the order number on yours may be different) from firstname.lastname@example.org (although your ‘from’ address may be different) is 100% a scam.
Members of USAA insurance and banking programs have been receiving email that appears to come from USAA (which stands for United Services Automobile Association), but which are actually phishing scams. The scam email comes from the nonexistent domain usaaservice.com (such as from “USAA.ServiceAccount@usaaservice.com”).
As we have noted a couple of times in the past few weeks, spammers and scammers are using the email mailing list confirmation process to send spam. Here’s how that works: someone signs up for a mailing list, and then replies to the confirmation request with their spam. In this case, Amy Happy at email@example.com, seems to be replying to a confirmation message that she, in fact, never received in the first place.
Add firstname.lastname@example.org as the newest scammer spamming mailing lists. As we mentioned last week, scammers have started signing up for mailing lists in order to spam the list members with their scams. (Our samples come from Aweber mailing lists.) Last week it was supposedly David Norris, leasing his house in Troy, Michigan, with a contact number of (509) 255-3270. This week it’s the supposed Rev. Gary Williams, with a house in Warwick, New York, with a contact number of (502) 536-8106.
You wouldn’t think that it would be worth a scammer or spammer’s time to sign up for a mailing list, only to be able to reply to the confirmation email with their spam, but sure enough, that is what’s happening.
The Internet Patrol has been alerted to a new email scam which appears to be an invoice from Apple. Of course, they don’t expect you to pay it, they expect you to be alarmed at the supposed charge, so that you log in to your Apple account, and they can steal your credentials. Don’t fall for it.
The State Bar of California has issued an alert warning of a fraudulent complaint email being sent in their name. In an emailed statement this morning (June 8, 2016), the California State Bar said that it had received numerous inquiries about the email that supposedly had come from them, going out to members of the California bar.
Here is a twist on the usual 419 advance-fee scams: the scammer signs up for something such as a newsletter, and then replies to the confirmation email with their scam. We know this, because we were hit with just such a scam from “Steve McCoy”, using the email address email@example.com.
If you are on Facebook you can’t avoid them. The “She’s gone” ads, suggesting that celebrities like Sally Fields, Betty White, Meryl Streep, Sandra Bullock, Susan Sarandon, and Kris Jenner, have died (they haven’t), with the weird domain names, are everywhere. Click on them, and each and every one of them leads not to news that they have died (surprise, surprise) but a website selling Beauty and Truth (oh, the irony) brand youth serum.
A brand new SMS text message scam has hit smartphones. Coming from firstname.lastname@example.org, it is an image of text, which reads “CONFIDENTIAL Mrs Thorens has assigned a rewarding charity project worth $2.5 Million USD to you. For full details, please contact her only at her private email address below.” The sample that we saw had an email address of email@example.com, although it’s quite likely that as that email address gets shut down, the scammers will swap in a different email address.