Latest Comments

Katrin How on earth did they do it?
27. März 2024
Ah, that's good to know! I might have a look around just out of curiosity. I've since learned that w...
Heather Athebyne How on earth did they do it?
25. März 2024
...though not entirely easy. I've been able to get my hands on a few strands over the years for Geor...
Katrin Hieroglyphs.
23. Februar 2024
Yes, that would sort of fit that aspect - but you can also go from bits of woods to sticks if you ar...
Bruce Hieroglyphs.
23. Februar 2024
I think the closest English equivalent would be 'Down the rabbit hole'. It has one entrance (No, not...
Harma Spring is Coming.
20. Februar 2024
I'm definitely jealous! Mine disapeared except for one pathetic little flower. But the first daffodi...

Please beware.

(I had planned a different post for today - but due to something I found in my inbox just this morning, I'll be pushing the post about textile stuff to Monday instead. It will come, though!)

Recently, there's been a new virus called "Locky" that comes in Word files. When opened, they contain a macro that sets the virus free on your computer; it then encrypts your files, and you are supposed to pay money (probably a lot of it) to get the key to decrypt your data again. Ransomware like that has been around for a while, but "Locky" spread quite furiously, since it took a while for antivirus software to be able to detect it.

(So - don't open word files that come from sources you don't know. And make sure your word security settings regarding macros are set to "high". That is the default setting; if you're not sure, here are instructions on how to change macro security settings.)

Everyone, though, should know by now that opening email attachments from unknown sources, especially if they are not a .pdf, is a bad idea. What I personally find really disturbing is not the stable-ish number of sketchy attachments arriving in my inbox, however. It's the quality of the most recent phishing emails that I've been getting.

Just this morning, I got a "payment confirmation" from "Paypal". Which told me that I have successfully transferred money for a one-month membership to a porn site. Helloooo? What?

The mail looks almost exactly like legit payment confirmations from Paypal. It uses the original images from the PP server, and layout and design are very similar.

The differences are very subtle: there's a reference number in the top right corner that looks like a link but is not (it is in the legit version). Same with the item description. In the mail I received, there was also a question mark in front of every number.

The scam is also missing the imprint data that PP includes at the end of the mails. The biggest (and most important) difference, however, is the inclusion of a nice, big, friendly button to cancel the payment.

Here's how the lower part of a legit payment confirmation looks:

[caption id="attachment_2244" align="alignnone" width="650"]This is only the bottom part of a legit payment confirmation, received just this morning (I had to buy postage). There's an invoice number just above the light grey line on the top of the picture, which I'm not showing due to privacy reasons. This is only the bottom part of a legit payment confirmation, received just this morning (I had to buy postage). There's an invoice number just above the light grey line on the top of the picture, which I'm not showing due to privacy reasons.


In comparison, this is how the scam/phishing email looks:

[caption id="attachment_2243" align="alignnone" width="651"]paypal_scam You can see that the invoice number is missing. The "problems?" thing is in red, to make sure you see it... and then that nice, friendly, ohsohelpful button (which, you guessed it, will not lead to Paypal proper, but somewhere else).


In case you get something like that, from Paypal or from any other banking/finances site (I received one about a credit card a while ago, if I remember correctly), take a deep breath, open your browser and go directly to Paypal or to your bank. Log in and check - you will find that nothing has actually happened on your account.

You can then report the scam - there's various ways to report various scams, but it's always a good idea to forward the scammy mail to the actual company that it is spoofing.

These scams have gotten much, much better over the course of the last few months, and they really do look a lot like official stuff. With so much of commerce and invoices going through the 'net these days, I guess that they are a very good strategy to making money by fraud. So please beware, double-check, and be safe. Have a backup or two. Never click links in sketchy emails, open dubious attachments, and don't believe everything a random email tells you.

 
0
Recent Textile Stuff.
So many issues.
 

Comments 2

Harma on Freitag, 26. Februar 2016 13:53

I didn't know the exact way how Word can be hacked, so thanks for that info. I was warned not to open doc.x files, since they can contain Macro's and those can be dangerous.

The so called mails from banks are notorious. For the weaving guild, I sometimes receive the same mail from different banks with exactly the same content. Both are banks we don't have an account with. We also got speeding tickets, but our guild doesn't own a car and bills for the mobile phone the guild also doesn't have. This junk is easy to recognize and it does help me to recognize it when I receive the same on my own mail address.

I didn't know the exact way how Word can be hacked, so thanks for that info. I was warned not to open doc.x files, since they can contain Macro's and those can be dangerous. The so called mails from banks are notorious. For the weaving guild, I sometimes receive the same mail from different banks with exactly the same content. Both are banks we don't have an account with. We also got speeding tickets, but our guild doesn't own a car and bills for the mobile phone the guild also doesn't have. This junk is easy to recognize and it does help me to recognize it when I receive the same on my own mail address.
Heather on Montag, 29. Februar 2016 18:04

... Next to a soon-to-come button saying 'Don't Panic' in big, friendly letters.
I'm sure later versions of this scam will have fully-working links to appropriate looking pages.
Here's a link that I had to show an awareness of as part of my studies. It's 'The Little Book of Big Scams' by the Metropolitan (London's) police. There are some very clever ones in there. Every time I look the book has got bigger. Some are Britain-specific, but there are universal components. http://www.met.police.uk/docs/little_book_scam.pdf
P.36 for example has not only the victim being defrauded after their email was hacked, but their email being used to tell the legitimate company to cease business with them, so no further legitimate emails were sent which would have highlighted the fraud.
Also, not to be ignored is the absolutely frightening 'Jessica Syndrome' where someone is conditioned so that they have lost the ability to question scams and believe whatever they're told. http://www.thinkjessica.com/
There's a checklist scammers use - if you live on your own, so have no one with you to compare notes with immediately, you're a bigger target.
But then given this is a post about scams and I'm posting links that are unknown to you, I can quite understand if no one clicks on them!

... Next to a soon-to-come button saying 'Don't Panic' in big, friendly letters. I'm sure later versions of this scam will have fully-working links to appropriate looking pages. Here's a link that I had to show an awareness of as part of my studies. It's 'The Little Book of Big Scams' by the Metropolitan (London's) police. There are some very clever ones in there. Every time I look the book has got bigger. Some are Britain-specific, but there are universal components. http://www.met.police.uk/docs/little_book_scam.pdf P.36 for example has not only the victim being defrauded after their email was hacked, but their email being used to tell the legitimate company to cease business with them, so no further legitimate emails were sent which would have highlighted the fraud. Also, not to be ignored is the absolutely frightening 'Jessica Syndrome' where someone is conditioned so that they have lost the ability to question scams and believe whatever they're told. http://www.thinkjessica.com/ There's a checklist scammers use - if you live on your own, so have no one with you to compare notes with immediately, you're a bigger target. But then given this is a post about scams and I'm posting links that are unknown to you, I can quite understand if no one clicks on them!
Already Registered? Login Here
Donnerstag, 28. März 2024

Related Posts

Kontakt