Category: Scams

  • Apple iTunes Hulu Plus Email Scam!

    A customer recently forwarded this to me in a bit of a panic, he uses iTunes and this email really stopped him in his tracks… here is how it looks;

    I am not an Apple user, so to me this looks as legit as I would expect. The “To Cancel Transaction…” bit looks a bit out of place but it wouldn’t really jump out at someone as being a red flag.

    He forwarded it to me anyway, and the first thing I checked was the senders address;

    ty1txtb8my0zs.nyppvfaqn2m6@doraemonmassal.cc

    The sender address is obviously wrong – it should be apple related at least.

    The next thing to check would be any links in the email, DO NOT CLICK THEM but hover and look in the bottom right of your screen to see where they go;

    Hmm, not sure that should be where a “Cancel subscription” link should go, do you? 🙂 Interestingly they’ve used the Myspace URL shortener so have either hacked that, or have hacked the place the short URL sent the user to?

    I clicked it (safe, test environment) and the link forwards to a page that has been taken down. So there is zero risk with this thanks to someone giving the hacked end site a heads up. Great work whoever you are 🙂

    All in all, a very convincing email and I dread to think how many novice iPhone users will have fallen for it before it got taken down 🙁

    If you’re not sure if something is real, then forward it to iamolly@bigfoot.com and I will do my best to decipher it and I may blog about it too.

    As always, stay safe peeps 🙂

  • Email Phishing Scam – uk-c.co – Very sneaky!

    Despite me going back to normal style blogging, I can’t help still being interested in attempted internet scams.

    A customer at work has asked me for help as they spotted a phishing scam that used their domain name, and upon closer inspection I spotted something I had not seen before. Perhaps this scammers undoing!

    I have changed the domain name to safeguard my customer.

    The emails read like this;

    Subject: Settle up this payment
    Date: Mon, 21 May 2018 13:14:53 +0200
    From: Kevin Playwright <kevin@playwright.me.uk>
    Reply-To: Kevin Playwright <kevin@playwright.me.uk-c.co>
    To: accounts@playwright.me.uk

    I need you to process a faster payment for a new beneficiary, payee details attached.

    I will send the documents once i’ll be at my desk.
    Leave a reply once completed or in case you get any problem while setting it up.

    Regards,
    Kevin Playwright.

    Sent from my iPhone

    The email is flawed in a few ways, firstly there is no-one called Kevin in this organisation, and secondly, there is certainly no-one called Kevin who carries the surname which happens to be the same name as the organisation Kevin is supposed to be part of.

    The next point which my customer didnt notice, was the reply-to address. As regular readers of my scam blogs will know, this is one of the first things I check as this often leads straight back to the crook!

    Usually, if the reply-to address isn’t the same as the send address (IE email account fully hacked) then it will be completely different – but in this case it was a hybrid!

    Let’s take a closer look at those email addresses.

    kevin@playwright.me.uk <- Sending address
    kevin@playwright.me.uk-c.co <- Reply-to address

    Notice the bit at the end of the reply to address?

    If we reverse that to make a domain name, the extension is .co and the bit before that, before the next dot is uk-c – which means that this email address is fake, but has been created to fool you into thinking you are replying to the original sender.

    Their domain is: http://uk-c.co

    If you visit it, you spot that its a mail server;

    They can apply this scam to any UK email address;

    test@domain.co.uk-c.co

    It would be so easy to miss.

    Be careful peeps, if something doesn’t feel right STOP and pick up the phone. Call the person who emailed you, call your IT mate, comment on one of my blogs – just dont brush it off as nothing.

    Stay safe peeps.

    PS I’ve reported them to ICANN hopefully they have their domain taken off them.

  • F*ck you, Rob Carona! Hacked PayPal Account and Personal Info Leak SCAMMER!

    This was sent to me earlier in the year, and it angered me if i’m being honest! Ive obfuscated the actual details but they were an actual legit old postal address of mine.

    From: Rob Carona robcarona@hotmail.com
    Date: 28 March 2017 at 12:44
    Subject: Olly
    To: Olly <one-of-my@email-accounts.com>

    Hello, Olly!

    I am bothering you for a very serious cause. Though you don’t know me, but I have a lot of personal info about you. The matter is that, most likely by mistake, the information of your account has been emailed to me.
    For instance, your address is:
    123 My Actual Old Road
    My Actual Town
    My Actual County
    MY 01D ZIP

    I am a lawful citizen, so I decided to caution] you, that your PayPal account may have been hacked. I attached the file – name.dot that examine what info has become accessible for attackers. File password is – 2811

    I look forward to hearing from you,
    Robbi Caronna

    This type of scam is the worst – as this preys on fear, the fear of having your identiy stolen and used for god knows what.

    The email came with an attachment which appeared to be a Word Document but that would have had Macros in it, and those macros would have more than likely been some kind of virus or would have installed some kind of malware to my PC.

    So, Robbi Caronna – fu*k you, you garbage person. If I was elderly, or young and naive I could have easily falled for this and ended up with my PC infected and my world turned upside down. You prey on the inexperienced and vulnerable and no doubt profit from that.

    I hope you get an infection in your bottyhole that is untreatable and leaves you in pain for the rest of your existence.

    I reached out to Robba for a comment, he didnt have one. Asshat.

  • Yоur Вloсkchain Confirmatiоn Сodе – Cryptocurrency Spoof Email Phishing SCAM

    This last year – like many others – I have started getting involved in cryptocurrency. I kick myself for not getting involved in it earlier but never mind. Anyway, as its a reasonably new thing for me I am still learning the terminology, the technology and the processes of how everything works, so when I got this email I had to do a double take and remember my checks before clicking on anything.

    Check number #1 – Is the sender email address, legit?

    Err nope!

    Check number #2 – Is the reply to address the same as the sender address

    In this case it was, but the sender address has already failed to pass the first test so check #2 is kinda not required.

    Check number #3 – Do the links go where they should go?

    Errr – NOPE!

    Conclusion – SCAM SPOOF FAKE EMAIL.

    Now imagine this, you are new to Crypto, you are not an experienced internet user but have heard about Crypto and want to get involved. You  hear the term Blockchain so you Google it – end up on Blockchain.info and you open an account and start investing.

    You then get this email a few days later. You’re just gonna click on it aren’t you!

    This email shows to me that the scams are evolving and the people creating them are paying attention to what is happening in the world and reacting to it by modifying their scams. And with Crypto related stuff, once those coins are gone they are GONE. There is no bank to ring and complain to. Thats it!

    Be extra careful in 2018 peeps! These scammers are EVERYWHERE!