Scam!

[audreyh1]

Remember you don't need to answer these questions "truthfully".

I keep a list of my security questions for various important accounts along with the answers. It looks something like this (obviously not exactly like this):

First National Bank of MyCity:
First car owned? algeria7blush
Mother's maiden name? five888alpha
Name of favorite teacher? professional8turkey

Basically, just other password/passphrase.

And then I keep that list encrypted (with another strong password of course).

That way no one can google me and figure out that information.

It never made any sense to me to have a good strong password, then let someone get in if they can guess my mother's maiden name and eye color...

+1

 

[obgyn65]

Thank you for sharing.

 

[MDJO]

If it looks suspicious, it probably is.

 

[ERD50]

If it looks suspicious, it probably is.

And what if it doesn't look suspicious? That doesn't mean it isn't. Some of these bad guys are finally wising up and making the scams look official.

This re-affirmation is worth a re-affirmation:

As others have stated here, NEVER click on a link in one of those generic emails no matter how legit they appear.

NEVER - that's all you need to know. I like easy. Never is easy. Don't try to figure out if it is legit, just assume it isn't and follow a known link.

-ERD50

 

[audreyh1]

I got this one today supposedly from "PayPal Services":

Dec 5, 2012 06:43:45 CST
Transaction ID: FO3Y7B7FAO5F8PYQU
Hello xxxxx@xxxxx.com,

You made a payment of $874.48 USD to Elias Norwood.

It may take a few moments for this operation to figure in your transactions history.
Merchant
Elias_Nor----@yahoo.com
Instructions to seller
You haven't entered any instructions.
Shipping address - confirmed
---- Avenue
---- AK 96-----9748
United States
Shipping details
The seller hasn't provided any shipping details yet.
Information Qty. Amount
2 Disc
Item# 739540896684 8 $874.48 USD
Shipping and handling $24.99 USD
Insurance - not offered ----
Total $874.48 USD
Payment $874.48 USD

Payment sent to Elias Nor----

Receipt ID: D-WJSJF27PLUHCPXB8W

Problems with this payment?
You have 45 days from the date of the purchase to issue a dispute in the Resolution Center.

Please don't reply to this message. auto informer system unable to accept incoming mail. For immediate answers to your problems, visit our Help Center by clicking "Help" located on any PayPal page.

PayPal Email ID PA129

Of course all the links were fake. But it looked very convincing. Fortunately the Dec 5th transaction date clued me in that something was definitely fishy!

I did check my PayPal account, just to be sure.

 

[bbbamI]

Instead of creating a new thread, I thought I would bump this one as I received an email scam today.

It was from Hubbell Funeral Home. Now I know I'm getting older but...

Turns out it is yet another freakin' scam.

Hubbell Funeral Home targeted in phishing scam using death notification emails - Story | abcactionnews.com | Tampa Bay News, Weather, Sports, Things To Do | WFTS-TV

The date on the 'visitation' in my email was today, March 8th.

 

[tryan]

I had my Homeaway account hacked. The scammers diverted inquiries to rent the lake house to thier account then responded with a lowball offer to rent in the hope of getting paid before I caught on.

But Homeaway sends my phone a txt message when the inquiry is emailed ... so I was one step ahead of the scam. Called the fraud line after having the client send me the lowball offer (he wanted the deal matched! ... no chance of that). Had to change my email within HA ... which was a pain since all prior clients have my old address (now working out of two emails). But no loss otherwise.

They're getting pretty creative!

 

[travelover]

I was reading an article about firms that test web security. The master hacker said that the best way in was through an employee account. He claimed that one in five would fall for a phishing scam email.

 

[veremchuka]

Just received this email. Sounds serious!

Dear Verified Schwab Account Holder,

Due to several failed attempt at accessing your Online Schwab Account, we have put on hold your Online access for your protection.
To release this hold you would be required to log in to Online Schwab Account and perform an identity verification procedure.
CLICK HERE TO CONTINUE THE IDENTIFY VERIFICATION PROCEDURE
Information provided would be verified against data we have on file for this Account.
Once our internet security team ascertains you are a valid account holder your online banking access would be restored.

Regards,

Schwab Internet Security

BBP ID: P1242557947640


I might be concerned, however, I am not a Schwab customer. What do they do, send out a huge email blast, hoping they hit one actual customer.

Stay on your toes people.

Good thing you are alert and knew to be suspicious. This is a pretty well worded letter but as pointed out there are several grammatical mistakes that tip you off something is wrong!

This weekend I got an email from Vanguard saying that my security questions were answered too many times incorrectly. No links to click on, and it did list my Flagship rep as a contact. They said I'd have to change the security questions when I logged in, and to contact them if it wasn't me that answered them wrong. No links in the email.

Sure enough, upon login I had to change the security questions, so it looks like someone really did try to login as me. Perhaps it was just a mistake, that someone thought my login name was theirs and tried to put in their mother's maiden name or whatever I'd been using for security questions until it failed, or maybe someone tried to hack it. In any case, I'm going to call today and report it.

Mothers maiden name isn't a very good question to have, btw, especially as more people get on facebook and many women list both their married and maiden names. Neither are anything with cities. You really need to select the questions that can't be looked up. Passwords can be as solid as a rock but they are worthless if your security questions are weak.

Again as another pointed out security questions are not really very secure if you use the correct answers! You'll need a password vault for these cuz you can't remember this but a security question of mine would be "Mother's maiden name" and my answer is "b7 pizza bulldozer 1985 abc" - no one is going to know that!

 

[meierlde]

Good thing you are alert and knew to be suspicious. This is a pretty well worded letter but as pointed out there are several grammatical mistakes that tip you off something is wrong!



Again as another pointed out security questions are not really very secure if you use the correct answers! You'll need a password vault for these cuz you can't remember this but a security question of mine would be "Mother's maiden name" and my answer is "b7 pizza bulldozer 1985 abc" - no one is going to know that!

Actually with obits being online if your mother has passed on you can find out the maiden name from the obituary, as well as where you live since most obits give that information. You have to go back to grandparents to avoid this and even then a genealogy sleuth could find out fairly easily thru the family history web site. (If your mother was old enough to fall into the 1940 census, then you can find all you need about maiden names thru the web site).

 

[ERD50]

Good thing you are alert and knew to be suspicious. This is a pretty well worded letter but as pointed out there are several grammatical mistakes that tip you off something is wrong! ...

I think it is a big mistake to try use grammatical errors as a 'tip-off'. Almost every article mentions this as a way to tell, but I think it's not smart at all.

Some scammer is going to take the time to get their scam proofread - then what? There is a much simpler, more reliable method:

Never, and I mean never, respond directly to any email like that. Don't click a link, don't enable viewing of 'remote content', and don't contact any number or email in the letter. Never. Simple.

If you suspect there is a chance it is a legit warning, contact the business directly through a web site address, email or phone number that you know is actually legit. Don't waste a second analyzing the grammar or spelling in the letter, it can't be relied on.

edit/add: I guess nothing's changed since my post #29

-ERD50

 

[veremchuka]

I think it is a big mistake to try use grammatical errors as a 'tip-off'. Almost every article mentions this as a way to tell, but I think it's not smart at all.

Some scammer is going to take the time to get their scam proofread - then what? There is a much simpler, more reliable method:

Never, and I mean never, respond directly to any email like that. Don't click a link, don't enable viewing of 'remote content', and don't contact any number or email in the letter. Never. Simple.

If you suspect there is a chance it is a legit warning, contact the business directly through a web site address, email or phone number that you know is actually legit. Don't waste a second analyzing the grammar or spelling in the letter, it can't be relied on.

edit/add: I guess nothing's changed since my post #29

-ERD50

I agree don't rely on seeing grammatical mistakes to know or suspect phishing I was pointing out this was an obvious scam due to the grammatical errors. I also agree never click links, you have them bookmarked (or should) so use your link.