A new Fishing Scam

buddyhu · #1 03-20-2023, 12:23 PM

Over the last 3 weeks or so, I have received 6 emails with similar characteristics. Most of them have landed in my Junk folder.

The sender is identified as someone I know, in the most recent example, I’ll call the sender “Joe Blow”, but if I click the name to discover the email address, rather than finding Joe Blow’s actual email address I get “[email protected]”. The part after the @ in the email address is associated with a university in another country. The other emails have different phony email addresses.

The subject line says something like “fw: pictures posted by Joe Blow”.

The message reads, “On Monday, March 20, 2023 11:44 AM, Joe Blow wrote:
Should have emailed these pictures a bit sooner. I've just realised that you probably haven't seen them yet. So I decided to send a few. Here they are - 3 pics here: http://www.ckkus.txlextit.com/ “.

I gather someone has obtained access to a contact list, either mine, or one of the sender’s, or that somewhere on the dark web, there is info linking me (and my email) to Joe Blow and the other friends’ names that have been attached to these scamming emails.

Anyone else getting something like this? Anyone have input about what should do ( other than not click on the link)?

srick · #2 03-20-2023, 12:40 PM

I’ve been getting versions of this one for several years.

I found one of the best ways to decrease my spamming and phishing emails was to switch to a gmail account. My former email address, which was an att\yahoo account, is inundated with approximately 20 spammy emails per day. Their spam filtering is very poor and about 40% of that spam comes through.

Sadly, you have to be skeptical of everything.

rmp · #3 03-20-2023, 12:42 PM

haven't seen it but you're being observant.

That's probably one of the best weapons against phishing emails.

you can't stop them, so just delete and move on with your day

frankmcr · #4 03-20-2023, 01:24 PM

Just ignore & delete. I don't even block, thinking that might let them know it's a live email address.

Chipotle · #5 03-20-2023, 03:13 PM

Even better, don't even open the email, if you can suss out that it's spam beforehand (in Gmail, at least, you can mouse over the sender name and see the address without reading the email). Messages can potentially have a "tracking pixel" that can get loaded and inform the sender their email has been opened. That's not the end of the world, but as frankmcr says, if they don't even know it's a live email, all the better.

imwjl · #6 03-20-2023, 04:22 PM

Quote:

Originally Posted by Chipotle

Even better, don't even open the email, if you can suss out that it's spam beforehand (in Gmail, at least, you can mouse over the sender name and see the address without reading the email). Messages can potentially have a "tracking pixel" that can get loaded and inform the sender their email has been opened. That's not the end of the world, but as frankmcr says, if they don't even know it's a live email, all the better.

Yes, and look up who owns the sending domain.

People in a work environment should know they can be sent test messages to learn if they need training.

dnf777 · #7 03-20-2023, 06:37 PM

Ive received variants of that, that were a little more obvious. I could see falling for that, in a lapse of suspicion. Thanks for passing that along.

Chipotle · #8 03-20-2023, 09:17 PM

Quote:

Originally Posted by imwjl

People in a work environment should know they can be sent test messages to learn if they need training.

Ha. This has happened to folks I know. "You fell for our IT phishing test. One demerit! You must now take this class."

Funnier yet, I teach tech at a school. I talk to the kids about online safety, not clicking links, being aware etc. One year I was the one who sent out the phishing messages to see who clicked. One poor kid who got caught said that they were suspicious, and asked their parents--just like I had told them--and then the parents said it was okay to click! I guess the parents needed to be in my class more than the kids.

Be careful out there, folks.

buddyhu · #9 03-21-2023, 04:41 AM

Nice to read that this is an old scam that has been around for a while.

I am still curious as to how someone knows some of the folks that send me emails, and uses their names in an attempt to entice me to click. I guess it is impossible to know…though all the names are folks that I have jammed with at some point, and who have been on the distribution lists for various large jams over the years. I guess it just takes one person’s mistake to allow access to one of the emails, or their email addresses, to enable this.

srick · #10 03-21-2023, 05:00 AM

Quote:

Originally Posted by buddyhu

Nice to read that this is an old scam that has been around for a while.

I am still curious as to how someone knows some of the folks that send me emails, and uses their names in an attempt to entice me to click. I guess it is impossible to know…though all the names are folks that I have jammed with at some point, and who have been on the distribution lists for various large jams over the years. I guess it just takes one person’s mistake to allow access to one of the emails, or their email addresses, to enable this.

I suspect that the other person’s address list (likely from Outlook) has been hijacked and is used by the spammer. I get this type of spam from two old contacts on a regular basis (once or twice a week). They are both folks with whom I never had regular correspondence with, but had some exchanges a few years back. And I suspect that these are email addresses that they don’t use anymore.

Exact same MO as yours, too..

Gitfiddlemann · #11 03-21-2023, 02:02 PM

Quote:

Originally Posted by buddyhu

Nice to read that this is an old scam that has been around for a while.

I am still curious as to how someone knows some of the folks that send me emails, and uses their names in an attempt to entice me to click. I guess it is impossible to know…though all the names are folks that I have jammed with at some point, and who have been on the distribution lists for various large jams over the years. I guess it just takes one person’s mistake to allow access to one of the emails, or their email addresses, to enable this.

I think Srick is correct. At some point, someone in your contact chain made a mistake, and the thief got hold of a data base of contacts, which included yours.
As such, it represents an elevated form of criminal behavior involving both spoofing and phishing.
Usually, you can tell right off, because the criminal doesn't address you more personally by name, as in "Hey Rich....but rather, "Hi there...".
Good on you that you didn't fall for it.
People are always the weak link. I've read about businesses which train their employees specifically to that kind of risk. And then subsequently, they purposely try to trick them in a mock spoof/phishing attempt. Most catch on and recognize it. But not all. And that's right after training.
You just have to be real careful and trust your instincts. It's nasty out there.

fretfile100 · #12 03-21-2023, 02:55 PM

I have gotten these spam emails periodically. I routinely put them in the spam filter.

Bluside · #13 03-21-2023, 07:04 PM

Yes, I just recently got the same emails about pictures. I just delete them.