31 {{ upvoteCount | shortNum }}
31 {{ upvoteCount | shortNum }}

WARNING: Very Sneaky New Phishing Scam

by Steven Wagenheim
24 replies
This is a new one folks and it's very sneaky. At first glance, because of the
URL in the email (your domain) it looks legit.

The phishing scam is as such.

The email says that the security settings in your email have been changed
and in order to have the changes take effect, you need to click on the link.

Upon looking at the link in the email, it appears to be YOUR domain.

However, if you hover your mouse over it, you will see that it is very
cleverly cloaked. I don't know how it's done. The actual domain I got
this from was somewhere in the UK.

I contacted my web host and they informed me that it is a phishing scam.

Please be very careful if you get one of these.

One way to check is to check the headers of where the email came. My
email came from Brazil.

Just a heads up.
#phishing #scam #sneaky #warning
  • Profile picture of the author Kevin Williams
    Assuming you get html email it would just be <a href="reallink">fakelink</a> - but I get so many phish attempts every day I couldn't imagine actually falling for one.
    Signature
    High Quality Content - Articles, eBooks, and Salesletters, Oh My!
    {{ DiscussionBoard.errors[1278472].message }}
    • Profile picture of the author Steven Wagenheim
      Originally Posted by spire8989 View Post

      Assuming you get html email it would just be <a href="reallink">fakelink</a> - but I get so many phish attempts every day I couldn't imagine actually falling for one.
      Except this was a text email, which is why it had me fooled. Or, it was an
      HTML email made to look like text. In other words, it was totally plain.

      Like I said, sneaky.
      Signature
      {{ DiscussionBoard.errors[1278485].message }}
      • Profile picture of the author Floyd Fisher
        Originally Posted by Steven Wagenheim View Post

        Except this was a text email, which is why it had me fooled. Or, it was an
        HTML email made to look like text. In other words, it was totally plain.

        Like I said, sneaky.
        It's html, made to look like text.

        Yeah, it's very sneaky, make sure you view the code so you know.

        Also, you just might have been trojaned due to clicking on the link. Get yourself over to Symantec and do their online scanner asap. It's free, and it detects stuff.
        {{ DiscussionBoard.errors[1278507].message }}
      • Profile picture of the author MarkAndrews IMCopywriting
        [DELETED]
        {{ DiscussionBoard.errors[1278520].message }}
        • Profile picture of the author SMS
          Thanks Steve.

          I guess this is another good reason to use the privacy option when registering domains.
          {{ DiscussionBoard.errors[1278540].message }}
          • Profile picture of the author Dan C. Rinnert
            Looks like they're recycling golden oldies here. I saw similar attempts years ago. They'd try to pose as the Admin of a service and make it look like eMails were coming from the service itself.

            I've seen two variations on this current round.

            One sends a message with a ZIP attachment that purportedly contains the new settings file you need to install.

            The second provides a fake URL, as Steve described.

            Even though it may look like it's coming from your host (which is easy to know if you ARE the host...), there are two signs that it is not.

            The first is that both variations of this message address you as "Dear user of...." This is the first clue. Most services will know your name. And, few still use a bulk message that is not personalized.

            Even if your host were to use unpersonalized bulk messages, the second clue is in the "name" of the mailing service, which is identified as "yourdomain.dom mailing service". Most sites have a name, and don't just use the domain name. They might have yourdomain.dom, but they go by Your Domain, Inc. or something. Or, maybe YourDomain.dom Mail. Few will have no name and all lower case like that.

            Additionally, most hosts would probably notify you ahead of time of any server upgrades.

            On top of all of that, most hosts would never require you to reset or install new "settings" for your eMail. You might need to change IPs or POP/SMTP settings, but those are generally not provided in a settings file. And, even if they were, the first two clues should throw up enough of a red flag that it's not really coming from your host.

            Furthermore, if these settings were changed and require you to reset or install new settings, then how did you even receive the eMail telling you about that change? That should be a clue too.

            I disagree that these phishers and scammers are getting more clever. This message really shouldn't fool anybody. It's not even all that sneaky. Now, if they had combined a few techniques used by assorted spammers, they could have produced a more convincing message. But, as it is, it's rather sloppy.
            Signature

            Dan's content is irregularly read by handfuls of people. Join the elite few by reading his blog: dcrBlogs.com, following him on Twitter: dcrTweets.com or reading his fiction: dcrWrites.com but NOT by Clicking Here!

            Dan also writes content for hire, but you can't afford him anyway.
            {{ DiscussionBoard.errors[1278598].message }}
      • Profile picture of the author lanta99
        Originally Posted by Steven Wagenheim View Post

        Except this was a text email, which is why it had me fooled. Or, it was an
        HTML email made to look like text. In other words, it was totally plain.

        Like I said, sneaky.
        hm.. do you mean like this?

        <a href="www(dot)pishingwebsitelink(dot)com">http://www dot yourwebsiteslink dot com</a>?

        If yes, then I think I got that one a little while ago.

        ~George
        Signature
        --Live SEO Challenge--
        {{ DiscussionBoard.errors[1278529].message }}
    • Profile picture of the author lemaxflo
      thanks 4 the info
      {{ DiscussionBoard.errors[1278569].message }}
  • Profile picture of the author Kevin Williams
    Ah, gotcha - if it was made to look like a text email then it might trick me a little too heh
    Signature
    High Quality Content - Articles, eBooks, and Salesletters, Oh My!
    {{ DiscussionBoard.errors[1278506].message }}
  • Profile picture of the author Kim Standerline
    I got one earlier which was a tad disturbing

    Dear user of the .com mailing service!

    We are informing you that because of the security upgrade of the mailing service your mailbox info@site.com settings were changed. In order to apply the new set of settings open zip attached file.

    Best regards, site Technical Support.

    As I own the domain and host it myself on my own server I knew it was false. But I can't even imagine how many people would open the attached file without thinking

    These people are getting really clever

    Kim
    Signature
    {{ DiscussionBoard.errors[1278514].message }}
  • Profile picture of the author dsmpublishing
    Originally Posted by Steven Wagenheim View Post

    However, if you hover your mouse over it, you will see that it is very
    cleverly cloaked. I don't know how it's done. The actual domain I got
    this from was somewhere in the UK.
    Thanks for the tip steven

    ive come across some really clever ones lately.

    The ones that i have nearly fallen for norton has lucky brought up.

    kind regards


    sam
    X
    {{ DiscussionBoard.errors[1278518].message }}
  • Profile picture of the author JamesPenn
    I got this today.

    I clicked on the link before realising it was a fake. I didn't enter any details and closed it straight away.

    No harm done, right?
    {{ DiscussionBoard.errors[1278533].message }}
    • Profile picture of the author Eric Lorence
      Originally Posted by JamesPenn View Post

      I got this today.

      I clicked on the link before realising it was a fake. I didn't enter any details and closed it straight away.

      No harm done, right?
      I'd do a spyware scan of your computer to be safe...

      It's oftentimes a "one-two" punch that even if your don't bite the scam, they'll try to shoot a trojan from an infected page.
      {{ DiscussionBoard.errors[1278931].message }}
      • Profile picture of the author JohnMcCabe
        Originally Posted by JamesPenn View Post

        I got this today.

        I clicked on the link before realising it was a fake. I didn't enter any details and closed it straight away.

        No harm done, right?
        No telling what nasties you might have let in the back door. As Eric said, scan your computer ASAFP.

        I've been getting these for several domains over the last couple of days. They claim to be from the admin, but I don't remember sending them...:rolleyes:

        My wife spends hours every night surfing the net, and she's about as non-techie as you get and still go online. Fortunately, I've instilled a healthy paranoia about emails that ask her to do this kind of thing.

        Yes, the goons are getting sneakier all the time. Even 'legitimate' sites are beating the pop-up blockers by tying the pop to some event, like a click on a link or submit button.

        One night, she complained that her laptop was running really slow all of a sudden. When I took a look, she had 27 browsers running at the same time. 24 of them were ads for Netflix.
        {{ DiscussionBoard.errors[1279004].message }}
        • Profile picture of the author TedMarlett
          Thanks for the post Steven.

          I got really used to getting these when I was selling on eBay. I saw many different varieties of these and learned not to open them.

          I do know that anyone you are doing a legitimate business with will use your name in the email.

          I just don't make it a practice of opening any email I don't recognize, especially from myself as I don't email myself.
          Signature

          Get information on growing older and healthier.


          {{ DiscussionBoard.errors[1279171].message }}
          • Profile picture of the author Vaan
            Once again, You give us valuable information Steven..

            I'm always registering domain protection to all my domain, hope I don't get this phising follks on my email, despite there is a lot of spam email that i don't check and delete it every day

            Vaan
            Signature
            {{ DiscussionBoard.errors[1279246].message }}
  • Profile picture of the author Sell
    There are so many things that can trick you.

    These two tools can fake things too!

    Log into your ClickBank account and place this code

    javascript:document.body.contentEditable='true'; document.designMode='on'; void 0

    in your browsers url, then type in your amounts in your account, you may have to try it a few times before it will work.

    and this..

    Make Money With Google AdSense
    {{ DiscussionBoard.errors[1278551].message }}
  • Profile picture of the author Sell
    I thought i would post it twice, since it was on topic, it's slightly different, won't do that again.
    {{ DiscussionBoard.errors[1278593].message }}
  • Profile picture of the author Charann Miller
    Anything that asks me for something out of the ordinary like my password or to access my account via a link because my account has been compromised I avoid like the plague.

    I've had at least 6 emails that claim to be from PayPal that encourage me to check my account via their link. I immediately report them to PayPal.

    Good thing you contacted your host directly, imagine how many people may not be so lucky.
    Signature
    Hot Weight Loss PLR
    Ex Back Niche PLR
    Short Reports PLR
    Self Esteem Niche PLR
    Aromatherapy PLR
    {{ DiscussionBoard.errors[1278646].message }}
  • Profile picture of the author dragonetinvestments
    Thanks for the head's up, i have been caught out before by a phising scam, so i try and be as secure as possible nowadays. too many scams
    {{ DiscussionBoard.errors[1278759].message }}
  • Profile picture of the author Shana_Adam
    I use the spybot immunize function. I believe it will stop malicious attacks inside your browser. Stopping adware attaching to your browser.

    Plus ccleaner, windows washer,....the list goes on of programs protecting me jesus I cant keep up!
    Signature

    {{ DiscussionBoard.errors[1278985].message }}
  • Profile picture of the author JayXtreme
    I'm doing a little fishing next week..

    Conditions are perfect for a few evenings down the lake, the carp have been really active lately



    Peace

    Jay
    Signature

    Bare Murkage.........

    {{ DiscussionBoard.errors[1278991].message }}
  • Profile picture of the author Ricardo-Acosta
    Yup, they do that to facebook users as well.
    {{ DiscussionBoard.errors[1279599].message }}

Trending Topics