Automated vacation messages are often frowned upon for several reasons, including that they can be a spam vector, that if set improperly (such as being triggered with every single email from every single person) they can actually views as spam, and that they can actually cause legitimate email from you to end up in the spam folder. But as if that’s not enough of a reason to not use an automated vacation message, they can also be used with a bit of social engineering to steal your identity. Here’s how that can happen.
Confused by a confirmation of a new Amazon “Prime Acct Gift” order that landed in your inbox today, when you know that you haven’t placed any such order? You’re not alone. The order with the subject ‘New-order #20953735 – confirmed’ (although the order number on yours may be different) from firstname.lastname@example.org (although your ‘from’ address may be different) is 100% a scam.
Members of USAA insurance and banking programs have been receiving email that appears to come from USAA (which stands for United Services Automobile Association), but which are actually phishing scams. The scam email comes from the nonexistent domain usaaservice.com (such as from “USAA.ServiceAccount@usaaservice.com”).
As we have noted a couple of times in the past few weeks, spammers and scammers are using the email mailing list confirmation process to send spam. Here’s how that works: someone signs up for a mailing list, and then replies to the confirmation request with their spam. In this case, Amy Happy at email@example.com, seems to be replying to a confirmation message that she, in fact, never received in the first place.
Add firstname.lastname@example.org as the newest scammer spamming mailing lists. As we mentioned last week, scammers have started signing up for mailing lists in order to spam the list members with their scams. (Our samples come from Aweber mailing lists.) Last week it was supposedly David Norris, leasing his house in Troy, Michigan, with a contact number of (509) 255-3270. This week it’s the supposed Rev. Gary Williams, with a house in Warwick, New York, with a contact number of (502) 536-8106.
You wouldn’t think that it would be worth a scammer or spammer’s time to sign up for a mailing list, only to be able to reply to the confirmation email with their spam, but sure enough, that is what’s happening.
The Internet Patrol has been alerted to a new email scam which appears to be an invoice from Apple. Of course, they don’t expect you to pay it, they expect you to be alarmed at the supposed charge, so that you log in to your Apple account, and they can steal your credentials. Don’t fall for it.
The State Bar of California has issued an alert warning of a fraudulent complaint email being sent in their name. In an emailed statement this morning (June 8, 2016), the California State Bar said that it had received numerous inquiries about the email that supposedly had come from them, going out to members of the California bar.
Here is a twist on the usual 419 advance-fee scams: the scammer signs up for something such as a newsletter, and then replies to the confirmation email with their scam. We know this, because we were hit with just such a scam from “Steve McCoy”, using the email address email@example.com.
If you are on Facebook you can’t avoid them. The “She’s gone” ads, suggesting that celebrities like Sally Fields, Betty White, Meryl Streep, Sandra Bullock, Susan Sarandon, and Kris Jenner, have died (they haven’t), with the weird domain names, are everywhere. Click on them, and each and every one of them leads not to news that they have died (surprise, surprise) but a website selling Beauty and Truth (oh, the irony) brand youth serum.
We’ve all seen them – there are all sorts of ads for scams on Facebook, and all sorts of scammy ads and false advertising on Facebook (such as the ones suggesting a famous actress such as Betty White or Judi Dench has died). In fact, for many of us, not a day goes by that we don’t see some ridiculous ad on Facebook and think “How can Facebook let them get away with that ad?” In part it’s because Facebook relies on people reporting scammy ads to Facebook. So here’s how to report ads on Facebook.
The new Paypal.me service is being hailed as a simpler way to request money, and by Paypal as “the link to getting paid,” but it also turns out to be a great way for scammers to get you to send them money.
Bank of America, Wells Fargo, and Key Bank are among bank accounts being phished, SMiShed and vished by scammers who are sending SMS text messages to users, directing them to call hijacked Holiday Inn Express phone numbers which the scammers have disguised to make them sound like automated banking systems. So far this current crop has happened primarily in the Houston area.
It’s the Internet-age old conundrum: How can you tell if something in your Facebook news feed is a hoax or scam? This week Facebook announced that they will start tagging hoaxes for you in your newsfeed. Actually, they will start letting you know when other users have identified and tagged something as a hoax.