audreyh1
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Good question
I got phished
- Thread starter Mr._Graybeard
- Start date
scrabbler1
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
- Joined
- Nov 20, 2009
- Messages
- 6,703
+1 To me, this is no different from all the fake invoices I get from Norton, PayPal, Geek Squad every day. They are all spoofed to read like this: <PayPal> admin.gdkfljgdlkfjg@dfigudoifg.com but only "<PayPal> admin." is visible unless I hit "Reply" just so I can view the entire BS email address along with the fake invoice. Then I delete the email.
OK, since @scrabbler1 brought up e-mail, let's review:
Most e-mail messages today are sent in HTML format, instead of the old-school text-only messages. This way the sender can include different colors, backgrounds, fonts and images. If you're the sender, this makes sense. You want your message to be eye-catching.
But as a recipient, there's very little value in all the graphics, and a huge down side. Each image, and sometimes other elements like fonts, can be sent as a link to a file on the sender's (or some tracking company's) server. When you open the e-mail, your e-mail client acts like a web browser. Or, if you're using web-based e-mail, it is your browser.
So the client/browser sends a GET request to the server, asking for those graphics files needed to "pretty up" the message. That request almost certainly contains a tracking number assigned specifically to your address when the message was sent. The GET request also has header information including your IP address, what client you're using and other information.
Again, this is fantastic for the sender. They can tell exactly which of their messages were opened, when, by whom, from where and using what client software. It also confirms that the recipient is an active e-mail account which is being opened and, presumably, is a good target for further spam.
Two things you can do to avoid this:
First and foremost, turn off the "preview pane" in your e-mail client if you have one! This is the one which opens the e-mail in a separate pane the moment you click on it. You want the option to delete the message without opening it!
Second, consider setting your e-mail client to "text only" or "don't download images" or whatever similar setting your client has. You want to be able to check whether or not the e-mail is legitimate before broadcasting to the sender that you've opened it, and sharing more data with them. There should be a button to allow you to download the images and such once you've decided it's legit.
Most e-mail messages today are sent in HTML format, instead of the old-school text-only messages. This way the sender can include different colors, backgrounds, fonts and images. If you're the sender, this makes sense. You want your message to be eye-catching.
But as a recipient, there's very little value in all the graphics, and a huge down side. Each image, and sometimes other elements like fonts, can be sent as a link to a file on the sender's (or some tracking company's) server. When you open the e-mail, your e-mail client acts like a web browser. Or, if you're using web-based e-mail, it is your browser.
So the client/browser sends a GET request to the server, asking for those graphics files needed to "pretty up" the message. That request almost certainly contains a tracking number assigned specifically to your address when the message was sent. The GET request also has header information including your IP address, what client you're using and other information.
Again, this is fantastic for the sender. They can tell exactly which of their messages were opened, when, by whom, from where and using what client software. It also confirms that the recipient is an active e-mail account which is being opened and, presumably, is a good target for further spam.
Two things you can do to avoid this:
First and foremost, turn off the "preview pane" in your e-mail client if you have one! This is the one which opens the e-mail in a separate pane the moment you click on it. You want the option to delete the message without opening it!
Second, consider setting your e-mail client to "text only" or "don't download images" or whatever similar setting your client has. You want to be able to check whether or not the e-mail is legitimate before broadcasting to the sender that you've opened it, and sharing more data with them. There should be a button to allow you to download the images and such once you've decided it's legit.
- Joined
- Oct 13, 2010
- Messages
- 10,763
Yes, good question indeed. Maybe it was a legit call that just was disconnected. We all know "you can't get good help these days"
MdaPetralia
Recycles dryer sheets
- Joined
- Oct 30, 2021
- Messages
- 79
1. Do you think there might be any reason the ssa admin would contact you?
2. Can you share the email header info which might help confirm if this was indeed a scam?
3. Perhaps call back the ssa (outside of busy times) using the phone number on their website to see if they have any call docs/notes that they called you?
This isn't your exact scam, but they're going around. DH will start SS soon.
https://www.mass.gov/news/social-security-telephone-scam
https://www.mass.gov/news/social-security-telephone-scam
target2019
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
We're not in Kansas anymore.
We overestimate our ability to recognize scams. However, criminals and scammers are always evolving new techniques to break down human targets.
We overestimate our ability to recognize scams. However, criminals and scammers are always evolving new techniques to break down human targets.
Nope. You will get a stream of emails from ssa.gov when you become eligible for medicare, new statements are available (they won't mail those any more), changes to your online account, etc. I have 65 of them in my email folder. The first "get ready for medicare" email was sent 1 year prior to the medicare start date.
I used to get yearly reminders from ssa to review my social security, maybe I'm still getting them. I just delete them. I've also gotten occasional emails from ssa.gov about protecting myself over the years. These emails are legitimate. Some of them can be unsubscribed from.
Someone hacked my email account after a Windows 11 update where I was somewhat forced to provide my MS email upon OS installation (I later found out you can bypass the email creds).
They copied the email server by adding hacker alias. Got my main fed credit union one time login link and comprimised that account. Lost my fb and instagram accounts for good (Meta is unresponsive), recovered a roblox and epic game account.
They went after any account that had ways to send some sort of cash value asset. PayPal, USPS, UPS, Ebay, and a few odd ball other ones.
I contacted the CA Atty General, and they said they cannot help me recover my META related accounts (FB and Insta). So I started a new FB.
The reason FB was disabled, again 1 time login link accessed while I was sleeping, and then they updated the password, replaced my linked insta with a hacker insta and then started spamming my networks (FB and isnta).
I will likely lose my business FB page to the account lock. Unless someone cares enough over at FB to unlock me.
Initially I resisted signing back on, but I make a decent revenue off of advertising to fb group for my service I provide, as well as selling on fb marketplace. Which I cant do because I need to re-establish myself and tenure as a fb seller.
So quite a bit of hassle, did cost me some opportunity right now, but all in all they tried to billpay an actor in Chicago which I caught, stop payment and new accounts.
Word of caution, you can never be too secure. 2FA/MFA. Fingerprints, Biometrics, complex passwords, VPN, virus/malware scans etc etc.
They copied the email server by adding hacker alias. Got my main fed credit union one time login link and comprimised that account. Lost my fb and instagram accounts for good (Meta is unresponsive), recovered a roblox and epic game account.
They went after any account that had ways to send some sort of cash value asset. PayPal, USPS, UPS, Ebay, and a few odd ball other ones.
I contacted the CA Atty General, and they said they cannot help me recover my META related accounts (FB and Insta). So I started a new FB.
The reason FB was disabled, again 1 time login link accessed while I was sleeping, and then they updated the password, replaced my linked insta with a hacker insta and then started spamming my networks (FB and isnta).
I will likely lose my business FB page to the account lock. Unless someone cares enough over at FB to unlock me.
Initially I resisted signing back on, but I make a decent revenue off of advertising to fb group for my service I provide, as well as selling on fb marketplace. Which I cant do because I need to re-establish myself and tenure as a fb seller.
So quite a bit of hassle, did cost me some opportunity right now, but all in all they tried to billpay an actor in Chicago which I caught, stop payment and new accounts.
Word of caution, you can never be too secure. 2FA/MFA. Fingerprints, Biometrics, complex passwords, VPN, virus/malware scans etc etc.
- Joined
- Apr 14, 2006
- Messages
- 23,102
It might help to actually find and punish the scammers as well.
Yeah. You better believe I feel as judge jury and executioner that these should be offenses worth holding people accountable for. Fines. Jail. Probably would end up with Porky here but I guess if I think about it scamming has probably been going on since the dark ages.
- Joined
- Oct 13, 2010
- Messages
- 10,763
On the bright side, at least we don't have to carry all our worldly goods down a road and get bonked over the head by "highway men" only to wake up (if we're lucky) to have no possessions. Yeah, there are still "bad guys" in the world, even violent ones, but they're thankfully rare in my neck of the woods
FedRetired50
Recycles dryer sheets
SSA does send out an email around your birthday, telling you that your annual statement is ready. (former SSA employee here)
FedRetired50
Recycles dryer sheets
800-772-1213 is correct. Former SSA employee here.
Side note, 772 = SSA on the phone key pad
Those are the ones I posted the headers from earlier, but I actually get them nearly a full 3 months before my birthday.
Of course, that was discussed already, but he hasn't reported on the email headers, yet, and it could have been scammed easily because he received the call where they took all his personal info, and calling numbers can be spoofed. Details were given on how the scam could have been done.... if it was indeed a scam. The OP @Mr._Graybeard has vanished.
Last edited:
That is simply not true.
This is silly. How did you know that it was actually the SSA calling you back? Because of number that showed on the caller ID? Doesn't everybody know by now that scammers and spammers can fake up whatever caller ID they want?
Read the thread to get the details of the scam. He actually called the official SS number and was told he would receive a call-back. He hasn't confirmed whether it was a scam or just lost connection.
audreyh1
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Yeah, still wondering too.
Couple of tells in the 2nd sentence of the message itself. The common noun "phone" is capitalized and the wording of the sentence is unprofessional sounding.
Similar threads
