A few minutes ago, I got a scam email that didn’t get filtered out by the junk mail filter on my email server. I’ll get to that in a minute, but first here’s the email:
Now this looks very convincing. There are some giveaways that this is a scam. If you look at the top of the email you will see this text: “Hello, noreply5@ToddHolmesCo. onmicrosoft. com”. That suggests that it is being mass emailed. On top of that, it appears that it was sent by PayPal Mexico as evidenced by this.
What further confirms this is looking at the headers, this was actually sent by PayPal Mexico. But there’s more. There’s a link that says “Pay now” which to my surprise actually goes to PayPal:
So what this looks like to me is that the threat actors behind this scam are trying to get you in one of two ways. If you aren’t paying attention and you actually pay this, the threat actors win. But if you call them to dispute this, you fall into the “refund scam” trap where the threat actors will weave a story that will prompt you to give access to your computer to the scammers so that they can steal your money. Thus again they win. I have to admit that this is crafty.
To confirm this, I have forwarded the email along with the headers to PayPal for investigation. If they confirm that my observations are accurate, then this is a pretty scary development as it illustrates that scammers are evolving. The other thing that I have done is posted this on a number of scambait forums so that the scambait community can go after these people and disrupt their activities.
This entry was posted on October 21, 2024 at 1:39 pm and is filed under Commentary with tags Scam. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Here’s A Refund Scam With An Interesting Twist
A few minutes ago, I got a scam email that didn’t get filtered out by the junk mail filter on my email server. I’ll get to that in a minute, but first here’s the email:
Now this looks very convincing. There are some giveaways that this is a scam. If you look at the top of the email you will see this text: “Hello, noreply5@ToddHolmesCo. onmicrosoft. com”. That suggests that it is being mass emailed. On top of that, it appears that it was sent by PayPal Mexico as evidenced by this.
What further confirms this is looking at the headers, this was actually sent by PayPal Mexico. But there’s more. There’s a link that says “Pay now” which to my surprise actually goes to PayPal:
So what this looks like to me is that the threat actors behind this scam are trying to get you in one of two ways. If you aren’t paying attention and you actually pay this, the threat actors win. But if you call them to dispute this, you fall into the “refund scam” trap where the threat actors will weave a story that will prompt you to give access to your computer to the scammers so that they can steal your money. Thus again they win. I have to admit that this is crafty.
To confirm this, I have forwarded the email along with the headers to PayPal for investigation. If they confirm that my observations are accurate, then this is a pretty scary development as it illustrates that scammers are evolving. The other thing that I have done is posted this on a number of scambait forums so that the scambait community can go after these people and disrupt their activities.
More info as it comes.
Share this:
Like this:
Related
This entry was posted on October 21, 2024 at 1:39 pm and is filed under Commentary with tags Scam. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.