InterfaceFM Ltd Is not a scam – their emails are being spoofed and the scammer registered a similar domain name and set the “Reply-to” address as his.
Ha. Welcome to 2021, where the world is broken and the scams have evolved. My accountant actually sent me this as he was suspicious;
He was confused as we have never dealt with this company.
I checked them out, they are legit. Hmmm
Looked at the details of the email closer, ah ha!
If you look at the spelling of the reply to address, its not INTERFACE its INTREFACE – Sneaky fookin prawns, eh!
So the email appears to come from a legit source, a real company – confusing! But on closer inspection the reply-to address is slightly different meaning you’d reply and think you were requesting info from the legit company but some scamming bastard would be replying instead.
I have informed GoDaddy, I have informed InferfaceFM Ltd
InterfaceFM Ltd Is not a scam – their emails are being spoofed and the scammer registered a similar domain name and set the “Reply-to” address as his.
Well, this was one of the most random scam/spammer experiences of my baiting life/career.
Email address used: supportteam@daramail.com
I got an official email from Amazon Prime (haha it wasnt official) thanking me for my recent payment of £79.99 for my prime membership. Hmm, I do have prime but pay it monthly.. I wasnt really puzzled – I knew it was a scam before I even opened it, let me explain;
Ok, so for starters a company as big as Amazon would not miss a space between Amazon and Prime in the title of an official email.
Also, the grammatical errors are immediate, and inexcusable. Greeting not Greetings. No pound sign, missing dates, its just all wrong. Also £79.99 is the annual payment, then it refers to monthly. I think this was maybe to panic the reader and make them do something. Anyway, the email itself was obviously fake – but it wanted me to call a phone number;
This puzzled me. As literally 99 out of 100 other similar scams want you to click a link and they harvest some kind of credit card info or personal info from you.
So, I called the number.
Ring ring…
Ring ring…
“Hello?”
I played along a bit;
“Hello, is this Amazon Prime?”
He replied
“Yes, this is amazon prime how can i help”
Me: “I got an email, I think I need a refund or something?”
Him: “Yes ok [inaudible]”
Then I dropped the bomb.
Me: “How do you sleep at night knowing you’re scamming people out of their hard earned money?”
I fully expected him to hang up, but he didnt!
I asked him why he did this, and he told me!
He explained that he also worked full time, and that COVID has caused so many issues in his country, he needed to earn money to he turned to this scam. He tried to say he was a nice guy and that he didnt take much money from people he was just trying to survive.
I explained that he wasnt not going to know if he caused issues for people and £79.99 is a lot of money to a lot of people!
I asked him if he had grandparents, he said yes and I asked him how he would feel if someone stole their last £80, he went quiet.
Then, his manner changed. He seems to be less confident and more humbled. I asked him to think long and hard about what he was doing, and he said he would stop doing it.
A scammer with a conscious!
Update – I started writing this on the 3rd of June – its now the 16th and the number now just rings out. I hope this means hes stopped the scam!
Update – He called me back! I didnt answer, but it means hes still at it.
Update – Had a call today from 01324 409 887 and an automated lady said similar to the above “your prime membership is expiring etc” and press 1 to speak to someone, I pressed 1, through to – what sounded like – the same guy.
01324 409 887
DO NOT PAY THIS GUY ANY MONEY! HE IS NOT AMAZON PRIME!
My past is littered with instances where I have been sued, or people have tried to sue me. So when I received this email about a Subpoena I opened it with hesitation in case it was something legitimate.
Once open, it was quite clearly not. haha.
Came from the following address – looks propa legit innit;
The link in the email links to a hosted Google document, and then it wants you to download a file;
The download link takes the user to a really dodgy URL;
This is really concerning as the use of Google docs to host this legitimises the scam, I have reached out to google to get them to remove the page.
These scams are starting to get more intelligent, and it seems some of the larger vendors (Amazon, Google,. etc) are seemingly letting things fall through the cracks which is, I guess, to be expected. Its still alarming and a worrying thing to be discovering especially as technology isn’t slowing down, I hope security and corporate responsibility/accountability can keep up!
Remember, if its too good to be true, its probably a scam.
Wow, this one took me by surprise to be honest. We use Mailgun for many of our customer sites, as it provides great logging and flexibility for delivering emails. It also means the outgoing emails aren’t tied to the same server the website is on, as emails can get people on blacklists and that can cause website access issues for customers.
Anyway, a customer emailed this to me this morning, they asked if it was a support ticket we had raised but straight away I knew something was wrong, as the format of the email/support ticket was all wrong.
This is the fake one;
To the novice user or someone not familiar with their email format would deffo fall for this. You should always hover over or inspect links in emails like this, before clicking on them;
Hovering over the app.mailgun.com link shows that it would actually take me to kapsicum.com which I can only assume is a hacked website. Normally I would click on it and screenshot the website it takes me to, but it’s early on a Monday and I have a bad feeling about this one so dont want to risk the malware infection to be honest! 🙂
Just FYI, this is the format of a support ticket notification from Mailgun;
And this is how newsletters come from Mailgun;
So none of the official emails look like the spam one, but to the untrained eye it would be easy to mistake and click on the link.
Be warned!
If you didnt ask for or request the email in some way, its probably a scam – so forward it to me so I can blog about it!
