SIGforum.com    Main Page  Hop To Forum Categories  The Lounge    I think I just got a phishing email...
Go
New
Find
Notify
Tools
Reply
  
I think I just got a phishing email... Login/Join 
#DrainTheSwamp
Picture of P229 357SIG Man
posted
It was an order confirmation from Apple's App Store. It was an in app credit card purchase for Zombie Castaways...a charge of $51.49

I did not open the email, I saw it in the preview pane. I checked my recent credit card activity and nothing there, yet.

It's got me thinking about a couple of things...

Where do these damn things come from?

Is my email address compromised?

Should I remove my email account from the laptop I use for online banking and credit card transactions?

Any online security tips you may have would be much appreciated. Thanks


P226 9 mm
P229 .357 SIG
Glock 17
AR15 Spikes - Noveske - Daniel Defense Frankenbuild
 
Posts: 944 | Location: Glen Allen, Virginia | Registered: January 05, 2003Reply With QuoteReport This Post
Member
posted Hide Post
I get those all the time. I haven't used anything apple in 10 years.

Try to filter them, or just ignore them. Whatever you do, don't respond/click/accept anything.
 
Posts: 3350 | Location: IN | Registered: January 12, 2007Reply With QuoteReport This Post
Certified All Positions
Picture of arcwelder
posted Hide Post
It's probably fake.

When I get these, I forward them to the organization/company that is the _real_ thing. Most have somewhere to send spam/phishing examples.

Forward it to Apple.


Arc.
______________________________
"Like a bitter weed, I'm a bad seed"- Johnny Cash
"I'm a loner, Dottie. A rebel." - Pee Wee Herman
Rode hard, put away wet. RIP JHM
"You're a junkyard dog." - Lupe Flores. RIP

 
Posts: 27124 | Location: On fire, off the shoulder of Orion | Registered: June 09, 2004Reply With QuoteReport This Post
A Grateful American
Picture of sigmonkey
posted Hide Post
Your email can be obtained in many ways. Someone doing a "email to all", "copy all(cc/courtesy copy)", someone with your email getting compromised and their address book harvested, companies that you deal with having their systems compromised and email addresses harvested, you "opting in" with your email, signing up for access to something and many other ways.

Think of it like the flu, you can take all the precautions you want, but your gonna get it sooner or later.

That said, 99% of these are "mass mailings" and have nothing to do with you. Links typically redirect you to a page to try and get you to "log in" (hoping they have raised someone's attention by sheer luck of tagging someone with and account or dealings with the company they are pretending to be sending from).

The result can be anything from harvesting your information, to obtaining username(s) and password(s), account information, or downloading and executing an exploit/program/code that compromises your device (often as a "form" that you need to download and "open" to fill out).

All that said, forward as Arc suggests, or shift+delete them without giving it a second thought.

On-line security tips.

Look into a password manager.

Get "phone/SMS text messagaing tied to all your accounts to alert you when a charge is made. Most of them are near instant to several seconds, but not more than a minute to notify you of a charge. If a charge pops up that you know is not legit, you can contact the card issuing folks within minutes.

You may be able to use "virtual credit card", where your bank allows you to create a "one time electronic card" for a transaction each time you order something.

And there are more, but not wanting to overwhelm you with info.




"the meaning of life, is to give life meaning" Ani Yehudi אני יהודי Le'olam lo shuv לעולם לא שוב!
 
Posts: 44693 | Location: ...... I am thrice divorced, and I live in a van DOWN BY THE RIVER!!! (in Arkansas) | Registered: December 20, 2008Reply With QuoteReport This Post
Nullus Anxietas
Picture of ensigmatic
posted Hide Post
quote:
Originally posted by P229 357SIG Man:
It's got me thinking about a couple of things...

Where do these damn things come from?

Scammers all over the world.

quote:
Originally posted by P229 357SIG Man:
Is my email address compromised?

That depends upon how one defines "compromised."

If, by "compromised" you mean "Somebody has taken over my email account": Probably not. If in doubt: Log in and change your password. (Obviously means you'll have to update all your client applications.)

What likely has happened is somebody else's email was compromised, their address book was harvested, and your email address has made it onto an email scammer's list. Since these scammers sell their lists to one another you may see increasing amounts of this kind of thing.

quote:
Originally posted by P229 357SIG Man:
Should I remove my email account from the laptop I use for online banking and credit card transactions?

That won't accomplish anything. (But see below.)

You do want to keep your software up-to-date, make sure to do the same with your anti-virus and anti-malware tools, and continue to practice safe computing.

quote:
Originally posted by P229 357SIG Man:
Any online security tips you may have would be much appreciated. Thanks

Well, you may not like this and I'm sure it'll provoke howls of outrage, but, after years in the business I'll say this: If you're using an MS-Windows PC for sensitive use I would never use it for anything else and I would not use an email client application that automatically renders HTML or anything else other than plain text.



"America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe
"If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher
 
Posts: 26031 | Location: S.E. Michigan | Registered: January 06, 2008Reply With QuoteReport This Post
Shit don't
mean shit
posted Hide Post
Ignore it.

Funny, I just checked my spam folder (Gmail) and found the following. I am not planning any trips to the middle east...

Dear valued customer,
Thank you for booking with qatarairways.com.
We have received your booking under reference 2731-46 and are reviewing your payment.

Yours sincerely,
Qatar Airways Support

You can also view the details of this request by following this link: https://qatarairways.com/?clirequests=2731-46
 
Posts: 5835 | Location: 7400 feet in Conifer CO | Registered: November 14, 2006Reply With QuoteReport This Post
member
Picture of henryaz
posted Hide Post
 
I just got an Apple one, too. It said someone in Venezuela had charged a QUBE to my Apple account. The email said it suspected hacking, and to cancel the order, I should "click here". NOPE. I went directly to my Apple account. There was no such order to cancel, nor was there any charge on my credit cards. Just a sleazy attempt to get your Apple ID and password, by "clicking here".



When in doubt, mumble
 
Posts: 10887 | Location: South Congress AZ | Registered: May 27, 2006Reply With QuoteReport This Post
  Powered by Social Strata  
 

SIGforum.com    Main Page  Hop To Forum Categories  The Lounge    I think I just got a phishing email...

© SIGforum 2024