modified from wiki commons

Just as I was finishing my post last week on the fake DCU phishing scheme and how to recognize it. I noticed a 2nd such email in my box, it was similar but had one variation that I thought was worth pointing out

Of the 5 clues I mentioned in my first post three are still there. We see the misspelling of “alert” (clue 2) remains which should stop someone paying attention.   We note a time limit on a response (clue 3) which suggest trying to push you into acting rash and we also see the lack of links in the bottom section plus a different country code in the login link (clue 5) this time gq indicating equatorial Guinea not all that far from the central african republic where the last email was based from.

Still there are two variations worth noting here that should be pointed out. take a look at the link again particularly the end of it in bold compared to the front in red: akjdfg.gq/redieresartgdfsdcu

A person not paying attention might notice the DCU at the end of the link and the redir (as in redirect) and mistakenly think this was an actual DCU email, This suggest a slightly smarter Phisherman than the last time however it’s still a dodge.    Remember the domain is always in the front before the hash.  If that section doesn’t say dcu.org or whatever your bank or financial institution has in the front, or has a different country code, you know it’s phony.

There is one other clue in this email that didn’t arise in the last one that I want to point out:

Clue 6:  The bank can’t take my money, can it?

Unlike the last email which suggested a false transaction for you to stop this email comes with a specific threat.  If you don’t click their link and put in your password and account numbers you will lose the money in your account.   This is simply a scare tactic.  Not only does a bank not have the right to seize your funds in such a way but if you leave an account inactive or forget about it there are laws compelling either the banks or various states to hold it for you to claim later.

Again this is a tactic used to fool folks who do not know how these things work.  Make sure you do so you won’t fall for these schemes.

modified from wiki commons

He (Joe Morgan) said once you picked up one thing you’d start looking for the others, and you’d see them too. I used to play cards with a guy like that. He’d read your eyes and know what you had. Drive you crazy

Bill James Historical Baseball Abstract pp349 1985 on Joe Morgan & pitchouts

One of the disadvantages of having a very pubic face and email is I receive phishing scam emails regularly.
As a person who used to be a tech support rep (why do you think I’m called “datechguy”?) I recognize these attempts to scam me pretty quick, but it’s very likely that there are plenty of people who don’t know the obvious clues to tip a person off.  This prompts the old Hiwired tech support rep inside to rise up to shout at my fellow citizens who are the targets of these scams:

DON”T FALL FOR THIS!

So in this spirit I want to show you a Phishing email I recently received and point out the clues that will tell you it’s s scam

Here is the email I received with all the scam clues highlighted,

Phishing email top

All of these clues scream “scam” and if you spot one you will learn to spot the others, let’s go through them all.

Clue 1: A single notification

Before you even get to the email itself, it shows up in your email program.  Below is the line from mine.  This subject line from the email should jump out at you in terms of suspicion: Bill payment sent

While a company like comcast or Unitel might send an email confirmation of a payment a bank in general doesn’t send out notifications on transactions (if they did their servers would be doing nothing else all day). Even if your bank was the exception and offered the option of notification or confirmation emails they would only come if you turned them on.

So even without opening up that email that subject line alone should scream “Not Legit!”

Clue 2: Points off for spelling

A lot of phishing email originate from places where English isn’t the first language, because of this you will often find mistakes like this spelling error.

Now it’s not out of the realm of possibility that a bank might have a spelling error in an email but it IS out of the realm of possibility that the spelling error would be in the name of the email account sending it.

If the subject line didn’t scream “scam” this clue should.

Clue 3: That’s not my email address!
Unless you have your own domain you likely aren’t seeing this issue but I’ve seen it more and more in blast spams from China and elsewhere. The idea is to send blasts to all kinds of email combinations under a particular domain in the hopes of either finding a legit email address or getting someone to answer.

But you can be sure that if you have given your email address to your bank they will have your actual address when they email you unlike this uy.

Clue 4: Bait and switch subject with a time limit

Now we get to the meat of the email itself and there are two big clues to tell you this is wrong.

NOte the difference between the subject line: Payment sent and the email Payment scheduled. In terms of a bank it makes no sense, why declare a payment sent in the subject line if it is only scheduled? Why not “Payment scheduled?” For the spammer the answer is obvious. While “payment scheduled” might be a more clever subject line there is less of a chance a person might open such an email but the Payment sent is meant to make you say: What Payment? While the notification inside is meant to tell you that you still have three days to act before this bogus hacked payment takes place.

That’s not how banks work, if you made a payment they would say: Payment made, if it was scheduled the would say Payment scheduled and there would not be a deadline in big letters for you to stop it.

This is all about making you panic, don’t.

Clue 5: Hmm I didn’t know DCU was based in the Central African Republic.

Of all the various clues in this email this one is the single most decisive but also the easiest to miss. It’s in link on the Login

There are actually several clues here and I will take them in reverse order.

The first is the lack of links in that bottom section.  This suggests the Phishers were sloppy and simply decided to use a screen shot copied and pasted in a program like Paint.  The lack of links there is a big giveaway that something is wrong.  Of course if they left the links in that would have been a problem for them as well as there is always the chance that the user clicks on an authentic link and gets to the real DCU site.

The second is the “forward to a friend” choice.  Even though it is inactive the idea that you would forward a copy of such an email to a friend is so ridiculous that it should raise an alarm bell or two.

But the real giveaway is the actual link in the “Login Now” area.  You will note that the address doesn’t go to a DCU domain.

Of all the various clues we have noted this is the most important.  Even if the Phisher had excellent spelling, and had used the right email address , had said “scheduled” vs sent or even put in the right links on all the choices above, in the end to steal your password or to take you to an auto launch site to install spyware to use to grab all your data they will have to send you to a domain that is different than the one belonging to your bank.

That is the big giveaway.

And even if they were using a similar domain name (say dcuu for example) rather than the gibberish above you will note that the suffix is not .com or .net or .usa but is  .cf which stands for the Central African Republic

Now while I’m sure that white Digital Credit Union takes pride in having a large reach, it’s pretty safe to say that they don’t have a lot of branches in the Central African Republic, let alone host or register their servers there.

And keep this in mind, some people believe they are not rich or not important enough to be worth targeting by a Phisher, but remember the Annual per capita income in the Central African Republic in 2017 was $700

A few suckers taken for a few grand can make someone a pretty big man over there.  Don’t be one of them.


If you’d like to continue to support independent journalism, help defray the $140 a month extra I’ll need for my new hosting site) and think my CPAC 2018 reporting is worthwhile please consider hitting DaTipJar here.



Consider subscribing. 7 more subscribers at $20 a month will pay the monthly price for the new host/server.


Choose a Subscription level


Finally might I suggest my book Hail Mary the Perfect Protestant (and Catholic) Prayer makes an excellent Gift.

4th Doctor: Scringe stone found in a dead man’s pocket? A lost mine? A phony map. Are people still falling for that old guff? I mean, are they?

Doctor Who the Ribos Operation 1978

On occasion I’m asked why I still call myself “DaTechGuy” since I no longer to Tech Support work and this is not a tech blog.  The primary reason is this because it’s the brand I’ve built.

But if there is one tech thing I still do on a regular basis is highlight scam e-mail that are regularly used cheat people.  Here is one I got with the subject heading “Inquiry” from “Sales”:

*****************************************************

Dear Sir,

I have a similar products to the previous ones which I want to check if you will also want have the opportunity to supply to us.

Could please CHECK HERE to see the newly developed items and let me know if you can also get them for us or do you also produce them?

I can payment ASAP if you can send us sample for 1 or 2 items. I have already discussed this items with my colleagues and we all believe you can get these. Please check the link to see the specifications and do let me have your best price and delivery time.

I will appreciate if delivery can be made before 24th of January 2014.

I wait your action.

Regards,

Chan Lan Key

Team Vuan Huangsing

For New Item Developement ( < —- also a link )

***********************************************************

I’ve noticed I’ve been getting more of these type of e-mail scams lately since I’ve opened the business. Here are some of the basic clues that should give you warning.

1. Who it’s from: This is From “Sales” as generic as possible. This is in order to allow a single blast to hit a lot of people. If you see something that generic you should delete it right there.

2. The address: sales@online-mail-service.com Clue #2 again completely generic it just cries “blast e-mail to nail you”

3. Who it’s to: in this case sam@sohu.com Clue #3 The e-mail is address to a person sohu.com is basically a Chinese yahoo that would not be the address a business mail is going to but even if you didn’t know that why would you be included on the email list.

4. The lede: Ah this is the hook. You’re a sales guy and the one thing you need is a lede. Here is a chance to get one thanks to this e-mail you were accidentally included on, if I just click that link maybe I can get in first or undercut this sucker. It sounds too good to be true

5. The Payment offer: This is the big gun:

I can payment ASAP if you can send us sample for 1 or 2 items.

Samples, they need samples? I’ve got samples, if I can just hurry them out we can score that sale!

6. “New product development link” This is the final clue. (no not that they spelt “development” although that is a clue, it’s that it’s “new product development” Nowhere is there any sign of the name of the company. A company e-mail is unlikely to miss something like this.

Like Joe Morgan and the pickoff play if you learn to spot one of these signs you will be able to spot the other and catch yourself before your click.

**********************************************************

It’s interesting to note that while this e-mail made it through my jumk/spam filter, a similar one was caught.

Dear supplier,

We saw a similar product which we believe you may also have the opportunity to supply to us as per our customer’s demand. Could you please confirm to us if your company can make provision of the exact product for us.

Kindly CLICK HERE to visit our new product development page to view these new items and reconfirm to us with your quotation and best price lead for the items so we can release our PO to you.

Your soonest action to this will be highly appreciated.

Rgds.,

Sarah Victoria

Syntech Trading Co. Ltd.

Different e-mail address’ and names but the same old scam.

****************************************************************

Odds are the avg person is not going to fall for this but it cost nothing for these guys to send out millions of these e-mail that your junk or spam filter might miss, but it will cost you dear if you choose to click on them.

Don’t be a sucker.

********************************************************

Olimometer 2.52

Only $157 is left to go to this week’s paycheck that mans just 6 tip jar hits of $25 (actually $26) will get us to a full paycheck for 2014

I would appreciate your help.

Olimometer 2.52

Then I’ll worry about catching up for the slowest month we’ve had in the last 6.

Also if we can get 57 1/4 more subscribers @ at $20 a month the bills the problem will be solved on a more permanent basis.

It won’t cover CPAC but it will do all the base bills and that’s what counts

Can you be one of them?




Today is Thanksgiving Day and for the first in a very long time is also the first day of Hanukkah  a lot of you reading this are likely spending the morning either cooking or preparing to eat a huge meal.

But later tonight a lot of you are going to be online and tomorrow even more are going to be out for Black Friday looking for deals many of you looking for computers and tablets, not only for yourselves but for older relatives.

Many people, particularly older ones are still fairly computer illiterate and many who have been using computers etc for a while know nothing about how the machines actually work.

More importantly as computes have progressed so has computer fraud.  Every year the fraudsters have become smarter and smarter finding new and ingenious ways to separate people from their personal information and ultimately their money.

I’m not in that business anymore but the folks at Bernard PC are.  The Bossman Bernie told me about a new threat that he’s been dealing with lately and was kind enough to write up this warning for DaTechGuy readers (I intermix my own comments within):

An overseas call center posing as Microsoft has been calling people at their homes, claiming to be Microsoft, and claiming to have knowledge of a virus in your computer.

These calls are a hoax.

As a general rule most spammers don’t expose themselves this way.  It’s  a clever move on their part, nobody is going to think the guy on the phone is a spammer. Bernie continues…

The caller makes it sound urgent, and tries to talk the victims into clicking through some screens that give them access to your computer.

As a person who used to do Tech Support this takes time and effort it’s exactly the type of thing a real tech support person might to.  It lulls the mark into a false sense of security.

They then proceed to open event viewers and other system logs to search for even the most minor errors and then try to convince the victim that they have a serious virus that needs to be addressed immediately.

As soon as those folks who have never seen an event viewer or system lag see those red X’s, “!” points and yellow warning triangles they’ll be convinced that they’re in more trouble than a Thanksgiving Cook who realizes at 10 AM his oven doesn’t work.

It’s at this point, Dear Reader, where they ask for those coveted credit card digits. If these folks call you, we suggest saying “not interested” or nothing at all, and hanging up on them. This is a scam that preys on the lack of knowledge and a fear they help to create in order to con you out of about $100.

What’s the best kind of scam, the type of scam when the person involved doesn’t realize their scammed.  As far as the mark is concerned that $100 to $150 charge is just payment for services rendered.

If you really have a virus, there is not a company in the world that is going to call you to tell you unless you have paid them in advance to monitor such an event. And, Microsoft is not in the antivirus business. Even companies like Symantec and McAfee aren’t going to call you to tell you that you have a virus, and antivirus is what they do.

But that’s not the worst of it. Not only do these fraudsters have your credit card info, info that they can sell or access at any time they wish, they get remote access to your system as they install their “fix” which may harvest all kinds of information from your license keys (that can be resold and mess you up when it becomes a duplicate) to contact lists (than can be used to mark new targets) and of course if you have your tax forms etc  or bank info, they’ve hit the motherload!  All of these things are things valuable commodities on the black market of internet crime.

And if they are REALLY smart then in 6 months or nine months or a year they will call you back, mention their previous call and say this is a follow up and lo and behold when they check that system, the virus were back and they’ll be happy to fix it again for you, for another $150 fee of course.

Think about it, even without selling all that other info with only two victims a day five days a week a scammer can make $75,000 a year with two weeks vacation and weekends off and if he or she has a friendly manor they might even get their victims to recommend them to their friends.  That is the Pièce de résistance.

May I be so bold as to suggest that if you find yourself getting such a call or suspect that you might have your system infected you give my friends at Bernard PC a call at 774-322-6045 and they will take care of you.

Bernard PC

But don’t do it on Thanksgiving day or Black Friday.  Bernard PC is closed both days so those days can be enjoyed.

Some might thing this isn’t a proper post for thanksgiving but if being warned against a scam before it robs you isn’t cause to give thanks, what is?

**********************************

Olimometer 2.52

Thanksgiving day is here I still need those 9 tip jar hitters at $25 or twelve at $20 means to make “payroll” & mortgage.

Please consider being one of them.

We are offering sponsorships of both the Magnificent Seven & the Magnificent Panel now is an excellent time to jump on board, contact me here for more details

Checking the e-mail and I got this today:

My Dear,

after reading your profile, i decided to contact you for long term relationship and business partnership.

I Alfred Samzo, 20 years old boy from Republic of Cote D’Ivoire (Ivory Coast ) in west africa. Beside , i am an ophan but inherited all my late father’s wealth. though money is not everything but love, caring and togetherness is important in life.

I intend to establish good relationship with you and also intend to start a lucrative business in your country under your help. though we have not met before but i believe one has to try some certain risk sometimes in order to succed in life.

I inherited Ten Million U.S Dollars, which my late fether deposited in a bank here in Abidjan, (Cote D’Ivoire) before he was assasinated by unknown people. i have decided to invest these money in your country or anywhere safe enough out side my country for security and political reasons. i want you to help me transfer these money from here into your designated bank account in your country for investment purposes .

I will like you to contact me immediately, or call me on my private phone number +225-0914-9076,

Thanks

Alfred Samzo,

I’m amazed to see these scams till having an effect, I guess like the wire in the Sting is it so old that some might have forgotten it.

I have one thing to say to people foolish enough to fall for this. Put $50 in my tip jar instead. If you Hit my tip jar, it will cost you a whole lot less money than that phone call and the scam that will follow it plus you will get a return of commentary and insights that will be of value to you.

Take my advice, put this type of mail in your spam folder and delete asap.

Nope this isn’t a post about my predictions for 2011 this is instead about predictions in the past that have become busts:

It is always entertaining to look at predictions from the past, and see how far off they were. In the 1920s, the assumption was that by the 1950s, we would all be getting around in flying cars. Edward Bellamy’s Looking Backward describes how by the year 2001, capitalism would have completely disappeared (at the instigation of the capitalists, who would see the advantages of socialism), replaced with a democratic socialism where everyone ate in common mess halls, owned everything in common, and there was almost no violence anymore.

Clayton then links to this list of predictions of environmental catastrophes that weren’t and concludes thus:

When scientists make apocalyptic predictions based on claims of science, I expect them to hit their marks, or have a darn good explanation for why not.

The problem being these days that huge amounts of cash ride on these predictions and the right way of looking at things can be the difference between a well-funded grant keeping you in champagne for decades to teaching chemistry at a community college. More importantly with the amounts of money involved any challenge to the orthodoxy becomes not so much a scientific debate as a threat to a person’s standard of living requiring a strong and sometimes devastating counter.

The whole Global Warming bit has become basically a giant 21st century version of The Sting with the taxpayers of the western world as the mark. I predict that when it fails there will be a new version with a new prediction and a new urgency that will drive media coverage and funds for NGO to keep them in caviar for another decade or two.

This is what tells me that the climate change scandal means something.

There was never a time when Lomborg would be considered a proper guest. He was considered an apostate.

Now they gave him only 3 sentences and he barely managed that the subsidies where just tax give aways. Never managed to mention his big argument that in terms of human issues, “global warming” is minor and we are fools to spend money on it while say Africa needs fresh water.

That this is on TV speaks volumes on where the scam has gone.

Not one question on the e-mail stuff. But for MSNBC it’s huge.

and our friends at Zolex PC have an important warning about the latter:

Unfortunately tragedies and catastrophes like Haiti’s current situation can give rise to golden opportunities for scammers and Flim-Flammers alike to make money off of a willing and generous public. There are plenty of Scam Sites already out there trying to do this masking themselves as helping Haiti but really just helping themselves to your generous donations.

The advice is basic but too often ignored. Remember the thieves go where the money is and the money now is online, and available via “text”…

Websites can be put up in a matter of hours and appear completely legitimate so do your research before you donate your money to a scam. Texting scams are very common. With texting you never know what else you could be signing up for. Scams come in all sorts of shapes and sizes. Be it via Text messaging, Email Scams, Websites, Facebook, or any other means. Where there is a way to take advantage and trick people through their own generosity, you can be sure there are plenty of slime and scum who will take advantage of it.

Read the whole thing as they say. Also if you decide to give online do a google or yahoo search to be sure you are getting to a real site, particularly if you are iffy on spelling. This makes it less likely to hit a “spoof” site. DON’T give via e-mail links or IM requests.

Take this advice to heart so that your hard earned money goes to those who need it not to those who are looking for a quick buck. (My advice: give through your local church if you have one).