SIGforum
"Interesting" email
May 24, 2017, 09:29 AM
clubleaf206"Interesting" email
I received this, via email, from "apsupr87@confirm-activity.com"
Your Apple ID was used to sign in to iCloud website and make a payment via iTunes Store
New Device: iPhone 7 Plus
Date and Time: 23 May 2017, 06:51 GMT
Operating System iOS 10.3.1
Location: Valencia, Carabobo, Venezuela
Please, Download and read the attached You will find message & Invoice In Adobe Reader (PDF) formatNotice the syntax and odd use of commas, etc. Supposedly the account is locked and I am required to fill out a form to regain access to it. Firstly, I don't own a iPhone and secondly, instead of answering security questions, the form would have me type in my name, address, phone number and
social security number!
Well, sorry, you're not fooling 'ol clubleaf quite that easily, go try that crap on someone else.
___________________________________________________________________________
"....imitate the action of the Tiger."
May 24, 2017, 09:32 AM
12131quote:
apsupr87@confirm-activity.com
There's the clue.
Q
May 24, 2017, 09:38 AM
vinnybassI'd have never known what was in it, because I'd have never opened it. Is it possible that's how you get got?
"We're all travelers in this world. From the sweet grass to the packing house. Birth 'til death. We travel between the eternities." May 24, 2017, 09:42 AM
RogueJSKThe thing is, if they send it out to 1 million people, they know that 999,999 will immediately ignore/delete it. But that one guy...
And it only has to work once to make it worthwhile.
Then rinse/repeat with another million people.
May 24, 2017, 09:46 AM
sigmonkeyThat's how you get got.
Anytime you get an email about an account that has been compromized or whatever, contact the agency via a known good method.
For example, you get an email "from your bank", pick up the phone and call, or open your browser and visit the bank's website and sign in that way.
Never, ever click on any links to the "bank" (or whatever agency), and do not open any attachments that purport to be the "remedy" etc.
People tend to become concerned and wish to act quickley if they believe they have been a victim of loss, and out of emotion, will often act before thinking through.
It is reactionary and re-enforced behavior in life, and that is used against you.
"the meaning of life, is to give life meaning" ✡ Ani Yehudi אני יהודי Le'olam lo shuv לעולם לא שוב! May 24, 2017, 09:49 AM
clubleaf206quote:
Originally posted by 12131:
quote:
apsupr87@confirm-activity.com
There's the clue.
Yeah, I'd say that is a rather large red flag.
Now, I do have an Apple product, an iPad Air 2, so it isn't odd that I would receive mail from Apple, however I have never set up a iCloud account, so it isn't as though my CC will get dinged. It is sort of unsettling to think of someone who might actually believe that email and blithely fill out the "form" with all their personal information. I guess that is why the "pidgeon drop" scams still work in this day and age.
___________________________________________________________________________
"....imitate the action of the Tiger."
May 24, 2017, 10:10 AM
ensigmaticA couple other ways to confirm legitimacy:
1. Learn how to read email headers. If, for example, the email claims to be from Apple, and the top-most "Received:" header isn't from a legitimate Apple domain (e.g.: "apple.com"), it's a pretty good bet it's bogus.
Unfortunately, not all email client apps support showing full headers. That's my main complaint about iOS' Mail app :/
2. Use "tagged" (aka: "plussed") email addresses. E.g.: If you're registering with Apple, use jdoe+appl@example.com instead of merely jdoe@example.com as your email address. That way, if you receive an email allegedly from Apple, and it wasn't sent to your Apple-tagged email address, you know there's a good chance it's bogus.
Most modern email systems support tagging. Gmail's does. So does iCloud.com. I don't know about Outlook.com. Best thing you can do is try it. And if you run across a site that prevents tagging because they don't allow "+" in an email address: Complain about it. It's legit, and
very handy.
Another advantage to tagging email addresses: If you all-of-a-sudden start getting spammed on your jdoe+something email address, you know whomever you gave that address either sold it or was compromised.
"America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe
"If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher May 24, 2017, 10:32 AM
sjtillThanks for that tip, ensigmatic. I had never heard of tagging. I will start using it when dealing with online vendors and other contacts.
_________________________
“Remember, remember the fifth of November!"
May 24, 2017, 02:20 PM
Sig Sauer Krautquote:
Originally posted by clubleaf206:
Please, Download and read the attached You will find message & Invoice In Adobe Reader (PDF) format
Notice the syntax and odd use of commas, etc. Supposedly the account is locked and I am required to fill out a form to regain access to it. Firstly, I don't own a iPhone and secondly, instead of answering security questions, the form would have me type in my name, address, phone number and social security number!
Well, sorry, you're not fooling 'ol clubleaf quite that easily, go try that crap on someone else.
Wait... you didn't download the file (PDF) did you?
May 24, 2017, 04:32 PM
sgalczynForward it to the Nigerian lottery lawyer!
"No matter where you go - there you are"