Forums46
Topics538,030
Posts9,732,129
Members87,055
|
Most Online25,604 Feb 12th, 2024
|
|
|
Re: Almost got taken for a ride (SCAM ALERT)
[Re: KRoyal]
#7731500
01/29/20 12:36 AM
|
Joined: Apr 2009
Posts: 10,115
texasag93
THF Celebrity
|
THF Celebrity
Joined: Apr 2009
Posts: 10,115 |
I run a flying club. I received an email from what appeared to be the president, written very well. It stated that he needed a bill paid and was sending me instructions on a later email.
The name was his, but the unmasked email had nothing to do with him.
This s*** is happening at a very believable level.
|
|
|
Re: Almost got taken for a ride (SCAM ALERT)
[Re: KRoyal]
#7731594
01/29/20 01:36 AM
|
Joined: May 2011
Posts: 28,031
skinnerback
THF Celebrity Chef
|
THF Celebrity Chef
Joined: May 2011
Posts: 28,031 |
Great, now he has your ip address What the hell is he going to do with my IP Address? Come find my location? I'd love for him to come find me. Definitely Asian, trust me.
|
|
|
Re: Almost got taken for a ride (SCAM ALERT)
[Re: Mickey Moose]
#7731616
01/29/20 01:54 AM
|
Joined: Jan 2007
Posts: 26,198
KRoyal
OP
Texoma Legend
|
OP
Texoma Legend
Joined: Jan 2007
Posts: 26,198 |
Great, now he has your ip address Not necessarily. Depends on how the mail was sent - what mail client and what provider. It is becoming more and more common that the clients themselves and even more-so the SMTP services modify or even strip some SMTP headers. The Received headers are the ones of concern and in a small business generally only the last one matters as the others belong to the mail provider. Even if the header is not stripped or even modified it may be a public IP, may be a private IP. Of course exposing a private IP is undesirable but it does no good to somebody who can't get through the perimeter to it. In response to Hancock's comment about Kyle having the scammer's, the same applies - not necessarily. In the case of the scammer it may be less likely for Kyle since scammers generally use web-based mail versus a local client and more web-based systems don't expose the actual client IP than local clients do. Reset your modem and it will pull a new IP address from your service provider. I have a dedicated IP fiber connection from my ISP. The IP address never changes. I'm behind a FIPS Compliant Encrypted Firewall. I'm really not worried that some jackass scammer from China has my external IP address. DHCP doesn't normally work that fast. See DHCP leases and the renewal process. Though Kyle goes on to add that he has a static IP so [un]plugging won't help since DHCP is not in play. The physical medium does not matter here unless that scammer is between your house and your providers switch that you're connected to. "FIPS Compliant Encrypted Firewall" is marketing lingo. FIPS and compiance is a thing though. Separate from that though how is your firewall encrypted? I've never worked on your prosumer device so I don't know if that's actually the case but given that it is a Linux-based device that is FIPS compiant I bet it is. But, like phyiscal medium (fiber vs twister pair copper vs coax vs etc) doesn't matter to a remote attacker, neither does the firewall being "encrypted". Somebody has access to it in the clear somewhere. For a simple example, we'll say you do from the computer that you exchanged emails with the scammer. ...means I do with only a little bit of social engineering like sending you a link in an email and you clicking on it for me by me pretending to be interested in getting a quote. Make no mistake though, that matter concerns configuration of the device. I believe you may have a false sense of security in terms of data in motion - Ethernet Frames > IP Packets > TCP/UDP Packets > Application Layer transitting your local network to the Internet and back. *That data is not necessarily encrypted*. That's important to understand. Back to the topic though, Kyle if you want the possibility of somebody upping the fun factor with this guy hit me in a PM. When I say FIPS compliant, it’s the standard state and fed government agencies are held to. I’m far from a network engineer. Also your correct it was a GMail account and I have the GMail server IP but I don’t have the scammers actual IP. I also go through office 365 web mail that is attached to my hosting account so only IP he’d have from me would either be the Microsoft server IP or my hosting server IP.
|
|
|
Re: Almost got taken for a ride (SCAM ALERT)
[Re: KRoyal]
#7731624
01/29/20 02:03 AM
|
Joined: Jul 2007
Posts: 35,130
Brother in-law
THF Celebrity
|
THF Celebrity
Joined: Jul 2007
Posts: 35,130 |
I drove to cvs and paid with green dot cards and iTunes
|
|
|
Re: Almost got taken for a ride (SCAM ALERT)
[Re: Mickey Moose]
#7731703
01/29/20 03:45 AM
|
Joined: Jan 2014
Posts: 12,765
Paluxy
THF Celebrity
|
THF Celebrity
Joined: Jan 2014
Posts: 12,765 |
Great, now he has your ip address Not necessarily. Depends on how the mail was sent - what mail client and what provider. It is becoming more and more common that the clients themselves and even more-so the SMTP services modify or even strip some SMTP headers. The Received headers are the ones of concern and in a small business generally only the last one matters as the others belong to the mail provider. Even if the header is not stripped or even modified it may be a public IP, may be a private IP. Of course exposing a private IP is undesirable but it does no good to somebody who can't get through the perimeter to it. In response to Hancock's comment about Kyle having the scammer's, the same applies - not necessarily. In the case of the scammer it may be less likely for Kyle since scammers generally use web-based mail versus a local client and more web-based systems don't expose the actual client IP than local clients do. Reset your modem and it will pull a new IP address from your service provider. I have a dedicated IP fiber connection from my ISP. The IP address never changes. I'm behind a FIPS Compliant Encrypted Firewall. I'm really not worried that some jackass scammer from China has my external IP address. DHCP doesn't normally work that fast. See DHCP leases and the renewal process. Though Kyle goes on to add that he has a static IP so [un]plugging won't help since DHCP is not in play. The physical medium does not matter here unless that scammer is between your house and your providers switch that you're connected to. "FIPS Compliant Encrypted Firewall" is marketing lingo. FIPS and compiance is a thing though. Separate from that though how is your firewall encrypted? I've never worked on your prosumer device so I don't know if that's actually the case but given that it is a Linux-based device that is FIPS compiant I bet it is. But, like phyiscal medium (fiber vs twister pair copper vs coax vs etc) doesn't matter to a remote attacker, neither does the firewall being "encrypted". Somebody has access to it in the clear somewhere. For a simple example, we'll say you do from the computer that you exchanged emails with the scammer. ...means I do with only a little bit of social engineering like sending you a link in an email and you clicking on it for me by me pretending to be interested in getting a quote. Make no mistake though, that matter concerns configuration of the device. I believe you may have a false sense of security in terms of data in motion - Ethernet Frames > IP Packets > TCP/UDP Packets > Application Layer transitting your local network to the Internet and back. *That data is not necessarily encrypted*. That's important to understand. Back to the topic though, Kyle if you want the possibility of somebody upping the fun factor with this guy hit me in a PM. Now you've done it. THF is now going to show up on technical searches and it'll just confuse the [censored] out of people.
|
|
|
Re: Almost got taken for a ride (SCAM ALERT)
[Re: KRoyal]
#7731706
01/29/20 03:48 AM
|
Joined: Feb 2012
Posts: 9,731
Mickey Moose
THF Trophy Hunter
|
THF Trophy Hunter
Joined: Feb 2012
Posts: 9,731 |
When I say FIPS compliant, it’s the standard state and fed government agencies are held to. I’m far from a network engineer.
Also your correct it was a GMail account and I have the GMail server IP but I don’t have the scammers actual IP. I also go through office 365 web mail that is attached to my hosting account so only IP he’d have from me would either be the Microsoft server IP or my hosting server IP.
Right, I understand FIPS is a checkbox for auditors. Grab the IPs from your web server log for clients that requested and submitted the contact form (supposing it was used properly, meaning not downloaded/spoofed and used "offline" to submit out-of-band thus avoiding lame Javascript "security" - uh excuse me - form validation, in which case you'll only see the submission). It may be the scammer's actual IP but probably not (in which case it's a Proxy, VPN, Tor Exit Node, tunnel, some random compromised computer, etc). Do some digging. Or send them to me along with the full SMTP headers from one of the emails received. Depending on how much traffic the site gets (and/or how much coincides with the form submission) it should be easy to specifically pick it out if not at least narrow it down.
My botnet is bigger than yours.
|
|
|
Re: Almost got taken for a ride (SCAM ALERT)
[Re: Paluxy]
#7731711
01/29/20 03:52 AM
|
Joined: Feb 2012
Posts: 9,731
Mickey Moose
THF Trophy Hunter
|
THF Trophy Hunter
Joined: Feb 2012
Posts: 9,731 |
Now you've done it. THF is now going to show up on technical searches and it'll just confuse the [censored] out of people. Maybe they'll stay away then. You're welcome.
My botnet is bigger than yours.
|
|
|
Re: Almost got taken for a ride (SCAM ALERT)
[Re: TXHOGSLAYER]
#7731751
01/29/20 04:56 AM
|
Joined: Mar 2018
Posts: 1,158
Scott W
Pro Tracker
|
Pro Tracker
Joined: Mar 2018
Posts: 1,158 |
Have him pay the CC and then tell him you have a 60 day waiting period to make sure it clears? His probably wouldn’t go thru but how can we stop these jerks? My mom has been scammed many times out of a lot of money. All different types of scams. Whenever we report to the police, they file a report then move on to the next one. What does it take to catch someone and press charges or throat punch?
|
|
|
Re: Almost got taken for a ride (SCAM ALERT)
[Re: KRoyal]
#7731754
01/29/20 05:05 AM
|
Joined: Jan 2010
Posts: 23,830
beaversnipe
THF Celebrity
|
THF Celebrity
Joined: Jan 2010
Posts: 23,830 |
I never understood people even opening them emails or answering phone calls. I don't even answer phone calls no more, i let it roll to voicemail, and they almost never leave a message. Its always people wanting your money, so i delete them prior to listening to them. I only answer calls from my contacts. On my landline, my voice message is in Chinese to basically go f themselves, nobody ever leaves a message, ever. On a better note, yall must be grateful the fax machines are gone. Just imagine how many kilos of paper you had to buy on a daily basis due to robo faxes. If you want to know who the inventor of spam mail is: Scott Richter His companies were major senders of Email spam and he was at one time referred to as the 'Spam King' and at one point his company was sending some 100 million emails a day. He and his companies have been sued several times for mass sending unsolicited advertisements. The government sued him for millions, in vain. He is having fun now. Kind of.
Last edited by beaversnipe; 01/29/20 05:20 AM.
|
|
|
Re: Almost got taken for a ride (SCAM ALERT)
[Re: KRoyal]
#7731893
01/29/20 02:28 PM
|
Joined: Nov 2010
Posts: 3,229
Marc K
Veteran Tracker
|
Veteran Tracker
Joined: Nov 2010
Posts: 3,229 |
Nowadays, I deal with this type of contact in my battery business at least twice per week. I get a lot of business from the Middle East, Africa and Central/South America for marine and solar system batteries. All of these sales are based on wire transfer payment prior to shipment. "Real" international customers are used to it, but scammers disappear when faced with this of course.
Having a dedicated account at Wells Fargo just to accept the incoming payments, helps create a buffer. That money is moved to a different account as soon as it clears. I take the same position now with domestic sales that don't smell right - which is becoming FAR more common. My bank advised me that it can easily take 4-6 weeks before I realize that a stolen credit card was used, and the money is taken back from me.
Marc
A Democracy is when two wolves and a lamb vote on the dinner menu. That is why this country was specifically not designed as a Democracy. We are a Constitutional Republic.
|
|
|
Re: Almost got taken for a ride (SCAM ALERT)
[Re: KRoyal]
#7731903
01/29/20 02:33 PM
|
Joined: Dec 2008
Posts: 216
rfamilyhunting
Woodsman
|
Woodsman
Joined: Dec 2008
Posts: 216 |
You need to continue playing the game, tell him the bank messed up your ability to take credit cards. In the meantime, please send some Visa gift cards to cover the bill.
|
|
|
Re: Almost got taken for a ride (SCAM ALERT)
[Re: KRoyal]
#7731920
01/29/20 02:47 PM
|
Joined: Nov 2018
Posts: 786
Ktexas14
Tracker
|
Tracker
Joined: Nov 2018
Posts: 786 |
I am in transportation and the scams that people try are ridiculous and happen literally every day. It is honestly exhausting.
Good catch on this one.
Last edited by Ktexas14; 01/29/20 02:47 PM.
|
|
|
Re: Almost got taken for a ride (SCAM ALERT)
[Re: rfamilyhunting]
#7731961
01/29/20 03:09 PM
|
Joined: Jan 2007
Posts: 26,198
KRoyal
OP
Texoma Legend
|
OP
Texoma Legend
Joined: Jan 2007
Posts: 26,198 |
Nowadays, I deal with this type of contact in my battery business at least twice per week. I get a lot of business from the Middle East, Africa and Central/South America for marine and solar system batteries. All of these sales are based on wire transfer payment prior to shipment. "Real" international customers are used to it, but scammers disappear when faced with this of course.
Having a dedicated account at Wells Fargo just to accept the incoming payments, helps create a buffer. That money is moved to a different account as soon as it clears. I take the same position now with domestic sales that don't smell right - which is becoming FAR more common. My bank advised me that it can easily take 4-6 weeks before I realize that a stolen credit card was used, and the money is taken back from me.
Marc Yes, I have a website customer that had a website built by another builder, but came to work with me after this incident. Not that it was any fault of the previous website builder, it was weak passwords or phishing scam that got the employees of the business. This business does business all over the world and their email got hacked. The hacker sat and monitored the email waiting for an invoice to be sent out. He saw one go out to a large auto parts place in Germany. He emailed them back and told them that the new European bank was a bank in Spain. The German customer sent the money to the Spanish bank somewhere around 40,000 dollars. The customer lost the money and had to take the hit. Simple social engineering like Mickey was talking about previously it can cost you lots of money. You need to continue playing the game, tell him the bank messed up your ability to take credit cards. In the meantime, please send some Visa gift cards to cover the bill. Ha, I don't even have the time to mess with him.
|
|
|
Re: Almost got taken for a ride (SCAM ALERT)
[Re: beaversnipe]
#7732004
01/29/20 03:33 PM
|
Joined: Feb 2012
Posts: 9,731
Mickey Moose
THF Trophy Hunter
|
THF Trophy Hunter
Joined: Feb 2012
Posts: 9,731 |
If you want to know who the inventor of spam mail is: Scott Richter His companies were major senders of Email spam and he was at one time referred to as the 'Spam King' and at one point his company was sending some 100 million emails a day. He and his companies have been sued several times for mass sending unsolicited advertisements.
The government sued him for millions, in vain. Late 70s - Gary Thuerk ("Father of Spam") sent the first spam to ARPANet, I think it was a job post Early 90s - Laurence Canter and Martha Siegel, husband and wife, sent the first commercial spam to Usenet, I believe it was some sort of ad for their law firm Scott Richter came on to the scene in the early 2000s but there's nothing concrete saying he "invented" spam in terms of its existence on the Internet - the incarnation after Usenet - since at that point there were so many people spewing it. Thus the development of RBL and DNS-based RBL, tools to combat spam. PS I thought it was common knowledge that the Nigerians started spam
My botnet is bigger than yours.
|
|
|
Re: Almost got taken for a ride (SCAM ALERT)
[Re: KRoyal]
#7732372
01/29/20 08:33 PM
|
Joined: Dec 2011
Posts: 1,933
gtrich94
Pro Tracker
|
Pro Tracker
Joined: Dec 2011
Posts: 1,933 |
You're in the business, so you probably would have caught it. However, one thing to consider for others is that he could have phished you long before you got to the payment discussion. He sent you a link to a website that he wanted you to model. Just going to his sample website could have been enough to get you phished.
Thanks, Rich
|
|
|
Re: Almost got taken for a ride (SCAM ALERT)
[Re: gtrich94]
#7732388
01/29/20 08:43 PM
|
Joined: Jan 2007
Posts: 26,198
KRoyal
OP
Texoma Legend
|
OP
Texoma Legend
Joined: Jan 2007
Posts: 26,198 |
You're in the business, so you probably would have caught it. However, one thing to consider for others is that he could have phished you long before you got to the payment discussion. He sent you a link to a website that he wanted you to model. Just going to his sample website could have been enough to get you phished.
This is very true, and I've done virus/malware scans on my computer because I clicked on the link. It is very common for my customers not to know exactly what they want and send me links of competitors sites to look at to get an idea of what they're wanting. I didn't think twice about doing it because I'm actually the one that asked him for more information for the quote.
|
|
|
Re: Almost got taken for a ride (SCAM ALERT)
[Re: Scott W]
#7732422
01/29/20 08:59 PM
|
Joined: Aug 2016
Posts: 2,451
Dalroo
Veteran Tracker
|
Veteran Tracker
Joined: Aug 2016
Posts: 2,451 |
My mom has been scammed many times out of a lot of money. All different types of scams. Whenever we report to the police, they file a report then move on to the next one. What does it take to catch someone and press charges or throat punch? This is sad - my mother passed away last February and after she passed, my father shared that she had been scammed a few months earlier by someone claiming to be one of our relatives who was traveling out of the country and needed several thousand dollars wired for an emergency. She was convinced that is was legit and wanted to help, so she sent the money. The scammer was so good that my mother had no suspicion that the person on the phone was not who he professed to be. After receiving the money, the scammer called back with additional needs, but my dad happened to be home and got on the phone. He too was convinced that it was legit, at first, but asked an innocent question and got a wrong answer. He sensed a scam and asked more questions until the caller hung up. Unfortunately, the original money was gone, police were not able to help (offshore number) and my mom was highly embarrassed and scared. Terrible that some people see the elderly as prey.
Dalroo Deep in the Heart of Texas How about that Brandon!
|
|
|
Re: Almost got taken for a ride (SCAM ALERT)
[Re: KRoyal]
#7732424
01/29/20 09:03 PM
|
Joined: Jan 2014
Posts: 12,765
Paluxy
THF Celebrity
|
THF Celebrity
Joined: Jan 2014
Posts: 12,765 |
I hope there is a special place in hell for those that take advantage of senior citizens
|
|
|
Re: Almost got taken for a ride (SCAM ALERT)
[Re: Paluxy]
#7732436
01/29/20 09:12 PM
|
Joined: Jul 2009
Posts: 9,763
Tin Head
THF Trophy Hunter
|
THF Trophy Hunter
Joined: Jul 2009
Posts: 9,763 |
I hope there is a special place in hell for those that take advantage of senior citizens and children. Bad thing is they know there is a special place in hell and like it.
|
|
|
Re: Almost got taken for a ride (SCAM ALERT)
[Re: KRoyal]
#7732503
01/29/20 09:57 PM
|
Joined: Nov 2010
Posts: 3,229
Marc K
Veteran Tracker
|
Veteran Tracker
Joined: Nov 2010
Posts: 3,229 |
Yes, I have a website customer that had a website built by another builder, but came to work with me after this incident. Not that it was any fault of the previous website builder, it was weak passwords or phishing scam that got the employees of the business. This business does business all over the world and their email got hacked. The hacker sat and monitored the email waiting for an invoice to be sent out. He saw one go out to a large auto parts place in Germany. He emailed them back and told them that the new European bank was a bank in Spain. The German customer sent the money to the Spanish bank somewhere around 40,000 dollars. The customer lost the money and had to take the hit. Simple social engineering like Mickey was talking about previously it can cost you lots of money.
That's a new one me! I had one threaten me when I backed out of dealing with him, so I just hung up. He called the next day and said that his brother was on his way over from Houston to change my mind - so I said "nope" and hung up again. Of course, he never showed. Marc
A Democracy is when two wolves and a lamb vote on the dinner menu. That is why this country was specifically not designed as a Democracy. We are a Constitutional Republic.
|
|
|
Re: Almost got taken for a ride (SCAM ALERT)
[Re: Marc K]
#7732516
01/29/20 10:06 PM
|
Joined: Jan 2007
Posts: 26,198
KRoyal
OP
Texoma Legend
|
OP
Texoma Legend
Joined: Jan 2007
Posts: 26,198 |
Yes, I have a website customer that had a website built by another builder, but came to work with me after this incident. Not that it was any fault of the previous website builder, it was weak passwords or phishing scam that got the employees of the business. This business does business all over the world and their email got hacked. The hacker sat and monitored the email waiting for an invoice to be sent out. He saw one go out to a large auto parts place in Germany. He emailed them back and told them that the new European bank was a bank in Spain. The German customer sent the money to the Spanish bank somewhere around 40,000 dollars. The customer lost the money and had to take the hit. Simple social engineering like Mickey was talking about previously it can cost you lots of money.
That's a new one me! I had one threaten me when I backed out of dealing with him, so I just hung up. He called the next day and said that his brother was on his way over from Houston to change my mind - so I said "nope" and hung up again. Of course, he never showed. Marc Ha, that is funny.
|
|
|
Re: Almost got taken for a ride (SCAM ALERT)
[Re: KRoyal]
#7732705
01/30/20 12:31 AM
|
Joined: Apr 2009
Posts: 10,115
texasag93
THF Celebrity
|
THF Celebrity
Joined: Apr 2009
Posts: 10,115 |
Yes, I have a website customer that had a website built by another builder, but came to work with me after this incident. Not that it was any fault of the previous website builder, it was weak passwords or phishing scam that got the employees of the business. This business does business all over the world and their email got hacked. The hacker sat and monitored the email waiting for an invoice to be sent out. He saw one go out to a large auto parts place in Germany. He emailed them back and told them that the new European bank was a bank in Spain. The German customer sent the money to the Spanish bank somewhere around 40,000 dollars. The customer lost the money and had to take the hit. Simple social engineering like Mickey was talking about previously it can cost you lots of money.
That's a new one me! I had one threaten me when I backed out of dealing with him, so I just hung up. He called the next day and said that his brother was on his way over from Houston to change my mind - so I said "nope" and hung up again. Of course, he never showed. Marc Ha, that is funny. I was in telecom as a contractor for SWBell, then SBC, then AT&T. Job never changed, just the emblem on the check. I some International work (last leg stuff). Post 9/11 things were really fun. I had a gentleman with a Middle Eastern accent scream "I am going to kill someone"... (directed at me). I said, do your REALLY want to say that on a conference call? Good times.
|
|
|
Re: Almost got taken for a ride (SCAM ALERT)
[Re: KRoyal]
#7732714
01/30/20 12:44 AM
|
Joined: Jan 2010
Posts: 23,830
beaversnipe
THF Celebrity
|
THF Celebrity
Joined: Jan 2010
Posts: 23,830 |
|
|
|
Re: Almost got taken for a ride (SCAM ALERT)
[Re: KRoyal]
#7732943
01/30/20 06:42 AM
|
Joined: Mar 2008
Posts: 2,143
sweetwood
Veteran Tracker
|
Veteran Tracker
Joined: Mar 2008
Posts: 2,143 |
"Kindly get back to me via email"
I hate to sound jaded but as soon as I read this an accent popped on in my head.
|
|
|
Re: Almost got taken for a ride (SCAM ALERT)
[Re: sweetwood]
#7732953
01/30/20 07:31 AM
|
Joined: May 2011
Posts: 28,031
skinnerback
THF Celebrity Chef
|
THF Celebrity Chef
Joined: May 2011
Posts: 28,031 |
"Kindly get back to me via email"
I hate to sound jaded but as soon as I read this an accent popped on in my head.
It’s an Asian thing. I’m there now and talk, email, text with them daily. I even had to go to a freakin’ cultural awareness and sensitivity training class because apparently I was rude and disrespectful by using the word “no”. Had to learn their way of communicating. Work with tons of red dot Indians over here too, but the whole “kindly” respond with bla bla is an Asian thing, most likely Chinese lol. Hear it every day.
|
|
|
Moderated by bigbob_ftw, CCBIRDDOGMAN, Chickenman, Derek, DeRico, Duck_Hunter, hetman, jeh7mmmag, JustWingem, kmon11, kry226, kwrhuntinglab, Payne, pertnear, rifleman, sig226fan (Rguns.com), Superduty, TreeBass, txcornhusker
|