Category: Scams

  • Department of Justice – Subpoena -SCAM WARNING

    My past is littered with instances where I have been sued, or people have tried to sue me. So when I received this email about a Subpoena I opened it with hesitation in case it was something legitimate.

    Once open, it was quite clearly not. haha.

    Came from the following address – looks propa legit innit;

    The link in the email links to a hosted Google document, and then it wants you to download a file;

    The download link takes the user to a really dodgy URL;

    https://www.google.com/url?q=hXXp://193.0.178.46/m2Dj5W&sa=D&ust=1571397808415000

    (obfuscated URL to avoid you getting e-aids)

    This is really concerning as the use of Google docs to host this legitimises the scam, I have reached out to google to get them to remove the page.

    These scams are starting to get more intelligent, and it seems some of the larger vendors (Amazon, Google,. etc) are seemingly letting things fall through the cracks which is, I guess, to be expected. Its still alarming and a worrying thing to be discovering especially as technology isn’t slowing down, I hope security and corporate responsibility/accountability can keep up!

    Remember, if its too good to be true, its probably a scam.

  • Mailgun.com Scam – Fake Support Ticket Phishing Scam Email

    Wow, this one took me by surprise to be honest. We use Mailgun for many of our customer sites, as it provides great logging and flexibility for delivering emails. It also means the outgoing emails aren’t tied to the same server the website is on, as emails can get people on blacklists and that can cause website access issues for customers.

    Anyway, a customer emailed this to me this morning, they asked if it was a support ticket we had raised but straight away I knew something was wrong, as the format of the email/support ticket was all wrong.

    This is the fake one;

    Mailgun spam email support ticket phishing

    To the novice user or someone not familiar with their email format would deffo fall for this. You should always hover over or inspect links in emails like this, before clicking on them;

    Mailgun spam email support ticket phishing

    Hovering over the app.mailgun.com link shows that it would actually take me to kapsicum.com which I can only assume is a hacked website. Normally I would click on it and screenshot the website it takes me to, but it’s early on a Monday and I have a bad feeling about this one so dont want to risk the malware infection to be honest! 🙂

    Just FYI, this is the format of a support ticket notification from Mailgun;

    Mailgun actual support ticket email

    And this is how newsletters come from Mailgun;

    Mailgun Newsletter format

    So none of the official emails look like the spam one, but to the untrained eye it would be easy to mistake and click on the link.

    Be warned!

    If you didnt ask for or request the email in some way, its probably a scam – so forward it to me so I can blog about it!

  • Vehicle Request Enquiry – GOV.UK SCAM EMAIL!

    Don’t get it twisted, this isn’t FROM the .gov this is someone pretending to be them to get ya deets.

    The email looks like this;

    The page looks like this;

    Even the footer is identical to the actual gov website;

    The domain name, however, isnt;

    hXXps://majesvehicle-onthereq.com (t’s replaced with X’s)

    I clicked the link in the email (you shouldnt ever do that) and it was actually a legit Constant Contact URL which forwarded me to the above URL. So Constant Contact are helping these scammers. Well done.

    Someone less savvy would fall for this.

    Tell ya friends, share this article, repost, duplicate, idgaf, I just work here.

  • John Lewis Supplier/Buyer Phishing Scam

    Whilst catching up with emails one morning, I spotted what looked like an enquiry appearing in my inbox. I opened it, and straight away my alarm bells were ringing! It was a John Lewis Scam!

    It was addressed to me (not personally, but in a generic fashion) and claimed to be from Gabriel Jude who worked in the purchasing department at John Lewis. It looked reasonably legit, the email wasnt some crazy @yahoo.co.in or anything like that, in fact they registered the domain;

    www.JohnLewisStores.uk & he had gabrieljude@johnlewisstores.uk.

    Easy to trick someone not in the know, as a lot of internal/company emails dont use the domain the main corporate website is on.

    Amazingly, I had another email almost identical to the first but from Robert Collins, also in the Purchasing Department in John Lewis (apparently) except this email was from robertcollins@johnlewisstores.co.uk, not just .uk.

    I guess it’s the same people but i must be on multiple lists? Either way ive replied, lets see if they get back to me 🙂

    Email 1;

    from: Gabriel Jude <gabrieljude@johnlewisstores.uk>
    reply-to: Gabriel Jude <gabrieljude@johnlewisstores.uk>

    Compliment of the Seasons.

    John Lewis Plc is a UK Wholeseller and retailer shop. We are looking for new products to buy, create new partnership with companies dealing with different products.

    Could you please send us your catalog through e-mail to learn more about your products and wholesale quote.
    We hope to be able to order with you and start a long-term friendly and solid business partnership.Our Payment Terms is within 15 days as we operate with all our suppliers .

    Waiting for your response.

    Gabriel Jude.
    Purchasing Department.

    www.johnlewis.com

    Email 2;

    from: robertcollins@johnlewisstores.co.uk
    reply-to: robertcollins@johnlewisstores.co.uk

    Hi,

    John Lewis Plc is a UK Wholeseller and retailer shop. We are looking for new products to buy, create new partnership with companies dealing with different products.

    Could you please send us your catalog through e-mail to learn more about your products and wholesale quote.
    We hope to be able to order with you and start a long-term friendly and solid business partnership.Our Payment Terms is within 15 days as we operate with all our suppliers .

    Waiting for your response.

    Robert Collins.
    Purchasing Department.

    www.johnlewis.com

    As you can see, practically the same even with the same typos.

    A quick google of some of the key info and it seems its been going on a while with varying domains and varying success;

    • Different domain, same issue: https://www.thebrokersite.com/news.php?a=584
    • Different domain(s) same issue: https://www.thebrokersite.com/news.php?a=635
    • Same scam, different email wording: https://lkml.org/lkml/2018/5/8/960
    • Times article about someone they scammed: https://www.thetimes.co.uk/article/crooks-posing-as-john-lewis-reps-steal-prams-worth-200-000-pwh00kdr5

    Remember, if its too good to be true, its probably a scam.