Category: Scams

  • Mailgun.com Scam – Fake Support Ticket Phishing Scam Email

    Wow, this one took me by surprise to be honest. We use Mailgun for many of our customer sites, as it provides great logging and flexibility for delivering emails. It also means the outgoing emails aren’t tied to the same server the website is on, as emails can get people on blacklists and that can cause website access issues for customers.

    Anyway, a customer emailed this to me this morning, they asked if it was a support ticket we had raised but straight away I knew something was wrong, as the format of the email/support ticket was all wrong.

    This is the fake one;

    Mailgun spam email support ticket phishing

    To the novice user or someone not familiar with their email format would deffo fall for this. You should always hover over or inspect links in emails like this, before clicking on them;

    Mailgun spam email support ticket phishing

    Hovering over the app.mailgun.com link shows that it would actually take me to kapsicum.com which I can only assume is a hacked website. Normally I would click on it and screenshot the website it takes me to, but it’s early on a Monday and I have a bad feeling about this one so dont want to risk the malware infection to be honest! 🙂

    Just FYI, this is the format of a support ticket notification from Mailgun;

    Mailgun actual support ticket email

    And this is how newsletters come from Mailgun;

    Mailgun Newsletter format

    So none of the official emails look like the spam one, but to the untrained eye it would be easy to mistake and click on the link.

    Be warned!

    If you didnt ask for or request the email in some way, its probably a scam – so forward it to me so I can blog about it!

  • Vehicle Request Enquiry – GOV.UK SCAM EMAIL!

    Don’t get it twisted, this isn’t FROM the .gov this is someone pretending to be them to get ya deets.

    The email looks like this;

    The page looks like this;

    Even the footer is identical to the actual gov website;

    The domain name, however, isnt;

    hXXps://majesvehicle-onthereq.com (t’s replaced with X’s)

    I clicked the link in the email (you shouldnt ever do that) and it was actually a legit Constant Contact URL which forwarded me to the above URL. So Constant Contact are helping these scammers. Well done.

    Someone less savvy would fall for this.

    Tell ya friends, share this article, repost, duplicate, idgaf, I just work here.

  • John Lewis Supplier/Buyer Phishing Scam

    Whilst catching up with emails one morning, I spotted what looked like an enquiry appearing in my inbox. I opened it, and straight away my alarm bells were ringing! It was a John Lewis Scam!

    It was addressed to me (not personally, but in a generic fashion) and claimed to be from Gabriel Jude who worked in the purchasing department at John Lewis. It looked reasonably legit, the email wasnt some crazy @yahoo.co.in or anything like that, in fact they registered the domain;

    www.JohnLewisStores.uk & he had gabrieljude@johnlewisstores.uk.

    Easy to trick someone not in the know, as a lot of internal/company emails dont use the domain the main corporate website is on.

    Amazingly, I had another email almost identical to the first but from Robert Collins, also in the Purchasing Department in John Lewis (apparently) except this email was from robertcollins@johnlewisstores.co.uk, not just .uk.

    I guess it’s the same people but i must be on multiple lists? Either way ive replied, lets see if they get back to me 🙂

    Email 1;

    from: Gabriel Jude <gabrieljude@johnlewisstores.uk>
    reply-to: Gabriel Jude <gabrieljude@johnlewisstores.uk>

    Compliment of the Seasons.

    John Lewis Plc is a UK Wholeseller and retailer shop. We are looking for new products to buy, create new partnership with companies dealing with different products.

    Could you please send us your catalog through e-mail to learn more about your products and wholesale quote.
    We hope to be able to order with you and start a long-term friendly and solid business partnership.Our Payment Terms is within 15 days as we operate with all our suppliers .

    Waiting for your response.

    Gabriel Jude.
    Purchasing Department.

    www.johnlewis.com

    Email 2;

    from: robertcollins@johnlewisstores.co.uk
    reply-to: robertcollins@johnlewisstores.co.uk

    Hi,

    John Lewis Plc is a UK Wholeseller and retailer shop. We are looking for new products to buy, create new partnership with companies dealing with different products.

    Could you please send us your catalog through e-mail to learn more about your products and wholesale quote.
    We hope to be able to order with you and start a long-term friendly and solid business partnership.Our Payment Terms is within 15 days as we operate with all our suppliers .

    Waiting for your response.

    Robert Collins.
    Purchasing Department.

    www.johnlewis.com

    As you can see, practically the same even with the same typos.

    A quick google of some of the key info and it seems its been going on a while with varying domains and varying success;

    • Different domain, same issue: https://www.thebrokersite.com/news.php?a=584
    • Different domain(s) same issue: https://www.thebrokersite.com/news.php?a=635
    • Same scam, different email wording: https://lkml.org/lkml/2018/5/8/960
    • Times article about someone they scammed: https://www.thetimes.co.uk/article/crooks-posing-as-john-lewis-reps-steal-prams-worth-200-000-pwh00kdr5

    Remember, if its too good to be true, its probably a scam.

  • Stuart Paskin – Stuart Retail (on skype) New Photo

    Lots of piccies going up today, earlier I posted the first real photo of Simon Macbeth, and now I am posting an up to date photo of the infamous Stuart Paskin aka Stuart Retail aka Stuart Bianco.

    Deffo the same slimeball from earlier pics we had of him.

    Be warned, this guy is a CROOK!

    Read about it all here: 1, 2, 3, 4

    Stuart Paskin