• Can you identify the scam?

    Home » Forums » Newsletter and Homepage topics » Can you identify the scam?

    • This topic has 15 replies, 10 voices, and was last updated 3 weeks ago.

    ON SECURITY By Susan Bradley This is scam season at my office. Every day, there is an unwanted email that comes though our email-filtering system and
    [See the full post at: Can you identify the scam?]

    Susan Bradley Patch Lady/Prudent patcher

    8 users thanked author for this post.
    Viewing 8 reply threads
    • #2632326

      The other quick thing to do is examine the email address of the sender.  It is very difficult for spammers to use the company’s legitimate email addresses.

    • #2632368

      Something that I’ve found to be very useful is to maintain a separate address that’s used for purchasing, where I don’t use my primary addresses (either business or personal) for that kind of activity.  With the separate address, that allows keeping that clutter out of my main addresses, where I check the purchasing mailbox only when I have reason to do so (especially useful as a defense against the vendors that automatically opt you in to their marketing mailing lists), but it also makes it easier to determine if a message has a legitimate sender.

      Thus, if I see a message purporting to be from Netflix that hits my personal or work inboxes, I *know* that’s a fraud, because the address I use for my Netflix account is a different address.

      Obviously, that doesn’t help if a scammer gets the purchasing mailbox, but this kind of segregation really helps.

      Actually, taking that a step further — I keep another separate address (a throwaway address with a free provider) that I use when somebody asks me for an address, and I really don’t want to give them one of my primary addresses.  As with the purchasing address, I only check it when I have reason to do so, and it helps keep low-priority stuff at bay.  If there gets to be too much clutter there, I can always abandon the that mailbox and start over.

      The underlying theme is that the only people who have my primary addresses are people who *need* to know those addresses, and the addresses that get used for wider and more public use are secondary addresses.

    • #2632462

      Coincidentally, we received our second one of these today.  In our case, though, they both came through referral forms.  Today’s came via Yelp — and there’s a decent chance it really is legitimate — and the other one came through the form on our own website.

      The first one looked suspicious due to the wording, although the purported prospect was of a different ethnicity and the English errors were as you might expect.  The big problem was that it came from a hotmail address, and the business itself uses a hotmail address (business owners: why can’t you pay a few bucks and get your own domain???).  I replied via their website form and never heard anything back, so I assume that was a scam attempt.

      Today’s is a little more difficult.  Again, the wording doesn’t sound quite right, but the facts line up with what research I could do online.  Since it was one of those rare cases when an online search for the individual actually returned an address, my office manager is at the mailbox right now, mailing our response letter.  If it’s a legitimate request, I assume the person will get in touch with us directly (if not, her loss).  If it’s a scam, then I hope I just saved both parties future hassles.

      Have to read everything extremely carefully these days!

    • #2632569

      The thing I hate about 2-factor authentication is that I rarely have my phone or usual phone number when it’s needed.
      I’m of an age that hasn’t gotten used to carrying a phone around all the time, so most of the time it’s somewhere other than where I am, especially when I’m working on things. It would be a distraction.
      And when I’m travelling, due to the extortionate charges for cell service in Canada and which are even seriously worse for roaming, I just get a local SIM card.
      Either way, when some site surprises me with the need for authentication I have to rush to retrieve my phone, or else switch out SIM cards and ask them to send again, which can lead to me being cut off from my bank due to an overabundance of caution.
      I have not figured out a good way around either of these problems, so, frankly, I wish 2 factor authentication was a choice, rather than a necessity.
      Any hints for work-arounds welcome.



      "She was not quite what you would call refined. She was not quite what you would call unrefined.
      She was the kind of person that keeps a parrot."
      --Mark Twain

      • #2632583

        See if they offer something that you would have with you – a keyfob or a dongle?  I always have my phone, but I understand the issue.

        Susan Bradley Patch Lady/Prudent patcher

        1 user thanked author for this post.
        • #2632589
          Thanks for that!
          Who would give that?  The bank or the cell company.
          I’m also going to look into those “everywhere SIMS” if I can only remember their right name.


          "She was not quite what you would call refined. She was not quite what you would call unrefined.
          She was the kind of person that keeps a parrot."
          --Mark Twain

      • #2632587

        Like you, cybercrone, I don’t carry a cell phone around with me, so I found 2FA awkward.

        But I’ve had better luck installing Authenticators apps right on the same computer. (From LastPass, Microsoft, etc., and from third parties like WinOTP.)

        The real pain is getting an Authenticator app to link to each of the accounts I have all over the Internet. The link is often initiated by scanning a QR code for that Web site. But good luck finding those QR code pages, or “scanning” a code on a computer without a working camera.

        It may be an interruption to launch the Authenticator app, but it’s easier than going to get my phone!

        1 user thanked author for this post.
        • #2632734

          But good luck finding those QR code pages, or “scanning” a code on a computer without a working camera.

          Those QR codes usually provide a “manual key” you enter into your authenticator app to activate it when you can’t scan the image.

          Some authenticator apps also include the ability to “read” the QR code directly from your browser screen without a camera.

          Personally, I’ve been using WinAuth as the authenticator app on my Windows 10 22H2 PC for the past 7.5 years and have yet to encounter a 2FA QR code that doesn’t work with it.

          1 user thanked author for this post.
    • #2632606

      Recently the only one I have been getting is the “thank you for your payment of $495 (or some large number). Invoice is enclosed.” They know my email and often know my name. Most of these wind up in gmail spam, but some make it through to TBird. They want you to click on the attached file which is supposed to be an image of the invoice. It could be, with a bogus phone number to call to “resolve the problem (and give them all your info)”. or it could be ransomware. No way to tell. don’t click on it!!!

      - Thinkpad P15s Gen1 20T4-002KUS, i7-10510U, UEFI/GPT, 16GB, Sammy 500GB M.2. others. Mint 21.2 Xfce w Vbox-win10. Mint 21.2 Cinn Edge w wine. Win 11 Pro 23H2 WU(local, no Copilot, no Edge). HP laserjets M254dw & P1606dn, Epson 2480 scanner. External monitor Dell S3221QS.

    • #2632646

      Just got this yesterday.
      I never had a Ford car.

      • #2632736

        I regularly get similar e-mails and/or robocalls telling me the warranty on my Dodge has expired and they’ll extended it, for a reasonable price of course.

        The catch being, my Dodge is a ’98 with 360K miles on so it doesn’t qualify for anyone’s extended warranty!

    • #2632648

      hasn’t gotten used to carrying a phone around all the time

      cybercrone,  I have found that having the right case for my phone plays a BIG roll in keeping keeping it with me.  Slim light duty or decorator cases don’t cut it.  Neither does keeping my phone in my pocket.  Year’s ago I switched to the Otterbox Defender series phone cases.  The rugged case and matching full size rugged belt clip is, IMO very secure, and stays put. It’s especially handy when I’m expecting an important text or a call.


      Custom desktop Asus TUF X299 Mark 1 16GB RAM i7-7820X
      Four 27" 1080p screens 2 over 2.
      Laptop Clevo/Sager i7-9750H - 17.3" Full HD 1080p 144Hz, 16GB RAM Win 10 Pro 22H2

    • #2632810

      The rugged case and matching full size rugged belt clip

      I always use clip on cases with my iPhones.

    • #2632907

      I wish more women’s clothing had belt loops.  It would be helpful in this case.

      "She was not quite what you would call refined. She was not quite what you would call unrefined.
      She was the kind of person that keeps a parrot."
      --Mark Twain

    Viewing 8 reply threads
    Reply To: Can you identify the scam?

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: