Category: Phishing (Page 1 of 2)

Meta Legal Phishing

Many people are getting a scary type of message right now. It claims to be a legal notice about Walt Disney Studios and copyright infringement. While the email is realistic and scary-looking, I am sure it is a fake. If you receive this Meta Legal Phishing in your inbox, do not cooperate with it!

The Phishing Message

Here is Exhibit A for you to look out for:

Meta Legal Phishing

As phishing scams go, this one is pretty sharp. Only the sender email address is a giveaway, and I realize that some email apps hide that. Many recipients may have little indication, at the start, that this is a fake. The spelling is decent. The logos and signature are accurate. If you hover over the CONTACT US button, the URL preview shows a real Facebook.com address!

Deeper into the Scam

Meta Legal Phishing

The reason that the contact-button shows a real Facebook URL is because it leads to a specific Facebook profile. Scammers have created a new profile page, named it Legal Department, and linked directly to their Messenger Chat function. Anyone who clicks the button will begin a Facebook chat with the scammers. And they are ready to chat with you!

Meta Legal Phishing

Well, “chat” is not the right word. They have various auto-replies set up, and you will get messages that urge you to click other links and “appeal” the scary legal action against you.

I tried chatting with these criminals. Posing as a remorseful and naive Facebook user, I claimed that I regretted my actions and wanted to settle the fine ASAP. Even when I offered to pay whatever it was that I owed, they kept repeating that I was to click their links and buttons to appeal.

If they don’t want money, then what is the goal here? They aim to steal your Facebook account.

Phishing for Your Password

Anyone tricked into clicking the button to Appeal is transported off of Facebook to a dangerous website. At this point, some browsers will pop-up phishing alerts. Others will simply prevent you from loading the page. But if the next page loads, it shows a clever fake that may make you think you are still on a legit site:

After this they ask for your email and other info:

And finally they demand:

Anyone who types info into this window is delivering their Facebook password to cybercrooks. After this happens, they will:

  • Log into the Facebook account, using the provided email and password
  • Change the account password, as well as the primary email and recovery methods
  • Start doing crimes, using the victim’s identity

Facebook offers these steps to follow, if an account has been hacked and stolen. But I must warn: These steps often don’t work, if the criminal inside the account is thorough. Phishing victims often lose their Facebook accounts for good to this sort of scheme.

Dos & Don’ts

Don’t believe in thse emails! Facebook is not going to harass or threaten you with legal action because of Disney IP violations. If anything, they would just remove your post. Facebook/Meta does not have enough staff to police itself or help people recover their lost accounts, so they certainly don’t have the manpower to chase down small infringement matters.

Don’t waste your time contacting the scammers, even to tell them what-for. It’s just not worth it. And remember: Facebook is powered on engagement. That means they may recommend more of the things that you click and comment on. Do you really want Facebook steering you towards other suspicious pages and posts?

Do report this sort of scam, if you are comfortable doing so. You may mark the email as Spam/Junk Mail, if your mail provider allows for that. If a scammer has used FB Messenger to chat you, look to the right side for an option to Report the conversation (this may be hidden under Privacy and Support). If you have visited a scammer’s FB Page, the entire profile can be reported as well, using the 3 dots button under the masthead photo.


Unfortunately, Meta Support is now largely run by AI, so your reports of these scammers may be disregarded. But we should still report these scammers. The hope is that if enough reports come in, Meta will pay better attention and do their job to protect us.

Netflix Phishing

That email you just received about your Netflix account? Look closely, it may be a clever fake. Internet crooks know that almost everyone has a Netflix account by now. So scamming people with the Netflix name and logo probably seems like easy money to them. Here’s what to know and watch out for with Netflix phishing:

Fake Netflix Emails

Most of these fake Netflix messages arrive over email. Some are obvious and laughable fakes, while others are fairly convincing. Here’s an example of one of their better attempts.

netflix phishing

This fake email has a lot going for it: the From-email address looks legit, the grammar and spelling is believable and the overall tone resembles legitimate Netflix communications.

But notice that Gmail has put a question mark next to the sender. If you float over that question mark, Google will pop up and warn you that this message couldn’t be verified and may be from a sketchy sender. Also, the missing Netflix logo graphic is a tiny tip-off. But the clincher is when you hover the cursor over the link to “update your account”. Hovering over that usually allows your browser to tell you where that will take you. In this case, it isn’t going to any URL ending in Netflix.com!

Potential Dangers

You should not click weird link in sus emails. But I did, and I’ll show you what comes next. After clicking to “update my account”, I arrived at a cute captcha:

This is just here to groom its victims. It’s easy and familiar to do, and it preps you for cooperation on the next page:

I’m impressed. The only thing here to clue you in to the fakery is the URL. Many people would miss that it says “realcaptcha.com” instead of “netflix.com”.

Anyone tricked into filling in these fields would give their Netflix credentials to cybercriminals. I filled in some junk info, to see what comes next:

Of course, a payment screen that looks just like the real thing! But I found it telling that this sham would not allow me to put in a made-up credit card number. This site checks numbers in real-time and rejects incorrect entries. That means this is tied to a payment processing company, and I’ll bet that anyone fooled by this page will end up with fraudulent charges on their bank card!

Dos and Don’ts

If you’ve been fooled by this sort of phishing campaign, change your Netflix password ASAP. And then contact your bank and talk to them about how your account may have been compromised. They’ll take steps to secure your financial accounts.

If you receive this message, via email or text, feel free to forward it to phishing@netflix.com because the real Netflix folks are interested in tracking and preventing these things.

Also, feel free to use your email’s Report Spam function on the message. But do not use Block Sender. Since many of these messages use spoofing, the sender’s address may have been falsified to show a real Netflix address. If you block that phishing email, then you might stop receiving emails from the real Netflix!

Lastly, if you receive a Netflix email and can’t figure out its legitimacy, just put it aside. Open a new browser tab and go to www.netflix.com and sign in there. Once you’re inside the real Netflix site, you can look around and try to verify what was emailed to you.

Punchbowl Phishing

Punchbowl is a legitimate website that offers online invitations, much like Evite. And scammers are phishing for victims, by sending out email that looks like Punchbowl invites. Don’t be fooled! Here are the details:

A Good-Looking Fake

Here’s what some folks are receiving right now:

Punchbowl Phishing

This message, should you receive it, may come from an email address known to you. But please don’t trust this. This is all a sham. Anyone tricked into clicking the Open-button will be taken to a website that looks similar to Punchbowl. That impostor site will ask them to sign in with an email and password. That info is then passed on to cybercriminals, who will log on to that email and use it for other nefarious purposes.

Dos and Don’ts

If you receive this message:

  • Don’t reply to this message.
  • Don’t Block the Sender (because it really did come from one of your friends).
  • Don’t click on any links.
  • Don’t type in any passwords or other important info.
  • Call the sender, or contact them outside of email, to let them know about this.
  • Encourage the sender to change their email password or otherwise secure their account. They have likely been compromised, and someone bad is abusing their email address!
  • If problems persist, mention to the sender that they can reach out to BlueScreen for direct help!

The Unpaid Toll Collection Scam

Please keep an eye out for any text messages, alerting you to “unpaid tolls”. While there are legitimate ways to inform you of overdue toll fees, texting is typically not one of them. If you receive the SMS message below, you’re probably looking at an Unpaid Toll Collection Scam.

The Unpaid Toll Collection Scam

The FBI started seeing this scam circulate in March 2024, and it is still making the rounds. This smishing scam is simple: it tries to dupe people into visiting a bogus website and paying for a toll that doesn’t exist.

Have you gotten a copy of the unpaid toll collection scam yet? Here’s my advice:

  • Don’t open any link in the message
  • Consider reporting it to the FBI
  • Delete the text and/or mark it as spam

And if you have any doubt about legitimately owing on a toll, find a legitimate phone number or website for the toll authority and contact them. Don’t rely on anything you receive via text.

The Unpaid Toll Collection Scam

Extra Commentary

This scam changes every week or so. The website URL and name of the Toll Company keeps shifting. This is probably because when the FBI gets reports on this scam, they work quickly to shut down the criminal website. But it is a game of whack-a-mole. Cybercriminals will just create a new website for the next money-grab. Still, this is why reporting the scam to the FBI is helpful!

People ask me often: How do these scammers get our contact info? For this scam, my best guess is a recent data breach exposed a large number of cellphone numbers, and a criminal outfit bought them up to use in scams like this. Data breaches happen everyday in the USA. Consider:

But a useful phone list could come from any of the big companies in our country that collect our personal data. It’s unlikely that we’ll learn who’s to blame and even unlikelier that there will be consequences for them.

More Facebook Phishing

I never think I’ve seen it all. I’m sorry to report, there’s always another scam, just around the corner. Today, I’m seeing a new take on Facebook phishing, and this time, it’s targeting Facebook Business Pages. The scammers are creating fake profiles AND fake websites, and hoping to fool everyday folk like you and I.

The Scam

The scammers are watching and waiting for a legitimate business to post on Facebook. Specifically, they’re looking for giveaway-style posts, where the business is offering something to anyone who comments on or Likes the post. It’s easy for them: They’re just performing a word-search on Facebook posts for “giveaway” or something similar. And when they find what they want, they spring into action.

They quickly create a phishing website that resembles the target company. And they also create a Facebook page, using the name and photos from the real business profile. Then they start commenting to people on their original giveaway post:

more facebook phishing
That comment is not from the real Freeman Foods, it’s an impostor!

Unsuspecting people might see these comments and be fooled into thinking that it is a real comment from the legitimate business. But the comment and link is fraudulent. The URL in the comment leads to a bogus phishing website that asks for your PII. And victims of that fake site will suffer from spam, identity theft or worse.

The Tells

This scam may be obvious to some people, but I should point out how to recognize this as a phishing attempt:

  • The comment links to a strange URL, containing “myfreesites”, “googlesites”, “sitebuilder.com” and not the real URL for the business. These other URLs are using platforms that let anyone create a website, on the fly, for free!
  • The English is a little off, because the scammer is certainly in another country. They could be in Scamdinavia or Carjackistan, but they hide this and pretend to be in the USA.
  • If you click through to the commenter’s page, you can see that it was created very recently and has very few Likes/followers. The legitimate business page would have many Likes and have been created far in the past.
The real Freemans Foods has thousands of followers and created their FB page in 2013.

Reporting the Issue

If you are the real business owner, and the scammer is commenting on your posts, click on the impostor’s name and use the 3-dots button on their profile to report them to Facebook. Then, return to your posts where their comments are, and report those as well. When reporting the comments, look for additional options to Block or Ban them from your Page.

If you are a regular Facebook user, and you see this type of phishing, feel free to report the scammer’s Page and comments to Facebook. The more reports they get, the quicker they may shoot down the impostors.

And if you want to go the extra mile, you can report the phishing website (URL) mentioned in the comments. This can help Google, Microsoft and other big tech in noticing and flagging that website, and it may lead to the site being removed from the internet:

The Bitcoin Purchase Scam

bitcoin purchase scam

The Bitcoin Purchase Scam is rather common right now, and I’d recommend you become familiar with it. It is just another Thank-You-For-Your-Purchase scam, and there is no truth to what’s in the message.

In short, this scam’s email announces a charge for a Bitcoin purchase you didn’t make. That’s because there was no purchase, but the scammers are hoping that you don’t know that. They want their victims to react quickly and reach out. Anyone calling the stated phone number will speak to a cybercriminal who is all too ready to lie lie lie and steal your money.

But here’s a longer, Too Many Words version, from a fresh incident that I just helped a client recover from:

From a Recent Service Call:

Today’s caller asked me to check over his computer, because he’d had some unauthorized transfers on his bank account. His bank couldn’t explain it to him, so they recommended he have his PC checked. I asked him a few questions about possible scams, but nothing rung a bell. So I dug in and eventually picked out the history and whole story of the scam.

About a month ago, he’d received this email, became concerned, and called who he thought was Paypal. It was not Paypal, it was instead some crook in Scamdinavia.

bitcoin purchase scam
Don’t ever call the numbers in these emails. No good can come of it!

The scammer on the phone told my client some convoluted story, in order to convince him to install Anydesk and DWAgent (remote control software) on the machine.

I don’t know the in and outs of the scammer’s claims, but browser history from the PC showed that they’d visited the Paypal website, as well as Western Union. Perhaps they attempted some money transfers, but I don’t think they succeeded. And then things went quiet for a few weeks. But the scammer was playing The Long Game. He retained his remote-access to the computer and bided his time….

And more sketchy activity began a couple of weeks later: New remote control software (Supremo & RealVNC) was added to the system last week. And then someone installed a covert keylogger as a Chrome extension. My client didn’t recall any new phone calls, so I had to conclude that they were accessing the computer without his knowledge. They were adding these programs and attempting more bank transactions using his computer, while he was away or asleep.

For my part, I removed all of these control apps and crimeware. The Supremo was a challenge, as they’d put a password on it, but I persevered. In less than an hour, we had answers and a safe-to-use computer again. But the client still has plenty of work to do. Following up with the bank, changing passwords, chasing after money to see what, if anything, can be clawed back… I wouldn’t wish this stress on anyone.


Please, if you’ve read this far, understand that these crooks will go to great lengths to steal your money. Be suspicious of anything unexpected that arrives on your computer or phone. Try to verify things independently from any call or email that has you worried. And if it gets too complicated or overwhelming, just shut everything down and go talk to a friend. Sunlight is the best disinfectant.

If you’ve received an email you are concerned about, feel free to forward it to me! I will write you back with my professional opinion as to if it is fake or legitimate. And if you’ve been had, you may call me and hire me to clean your computer. But call your bank first, prioritize your financials over your technology!

Evite Phishing

There’s a phishing email going around that looks like an Evite. Here’s what you need to know about it:

Phishing Photos

The bogus message looks like this:

evite phishing

This email, if you receive one, may have one of your friend’s email at the top. But please don’t believe in this thing. This is all a sham.

I clicked through, though, because I accept the risk and have to dig into these things. The “View Invitation” link led me to a different phishing page:

This is not the real Dropbox, but it looks similar enough to fool some people. Please notice that the URL is nowhere close to the real address for Dropbox.

Next (please don’t you do this!), I clicked the Captcha and saw the next screen, which wanted to know which email I used:

And each of those email buttons leads to a different phishing panel, where they were trying to convince me to type in my email address and password. This whole scam, phishing upon more phishing, is all an effort to get people to hand over their email credentials to some cybercriminals.

Dos and Don’ts

If you receive this message:

  • Don’t reply to this message.
  • Don’t Block the Sender (because it really did come from one of your friends).
  • Don’t click on any links.
  • Don’t type in any passwords or other important info.
  • Call the sender, or contact them outside of email, to let them know about this.
  • Encourage the sender to change their email password or otherwise secure their account. They have likely been compromised, and someone bad is abusing their email address!
  • If problems persist, mention to the sender that they can reach out to BlueScreen for direct help!

Facebook Guest Chat

Update as of 2/13/2024:

Readers recently brought to my attention that they couldn’t follow the steps below. After I looked into it, I can see that Meta has changed their Settings Pages, and you may not be able to disable this feature.

But as it turns out, that’s OK. Because they’ve disabled the entire Chat Plug-in feature, for the entire site:

I have to guess that Meta could not fix this problem with the scammers, so they had to abandon this odd feature. If you continue to get other scammy Facebook messages, make sure to report them.

Original Post:

Facebook Guest Chat is a new and problematic feature that affects (so far) only Facebook Business Pages. This feature allows people to message a business over Facebook, without signing in to a Facebook account. Guest chat allows for anonymous messaging, and the chat only lasts for a short time. After a day or so, the messages self-destruct, like in a spy movie.

Problematic

I can’t say why Facebook decided to implement this feature, but it is a problem. Cybercriminals are already looking to use this tool to phish and scam people:

facebook guest chat

If your Facebook Business Page receives this sort of message, please do not believe it! It did not come from Meta, there is no crime or danger afoot for your Page, and you should not do what this says. It is simply a phishing attempt, and the bad guys are trying to trick you into giving them your Facebook logon credentials!

You are welcome to report suspicious Guest messages to Facebook, if you like, but I doubt it will do much good.

Disabling Guest Chat

If you have a Facebook Business Page, you may choose to allow or refuse Guest Chat messages. The steps for doing this, though, are hard to find, and even Facebook can’t tell you accurately how to do this. Here’s what worked for me:

  • Go to your FB Business Page at https://business.facebook.com/
  • On the left, click Inbox
  • To the upper-right, click the cogwheel (Settings) button
  • Under Inbox Settings, click Chat Plugin
  • Click where it says Customize Chat Plugin
  • Next to Guest Chat, click the Toggle to turn it off
  • To the lower-right, click the Publish button.

After you take these steps, you will still get regular FB messages, from people who are properly signed-in to Facebook. But no more Guest messages can get through to your Business Page.

Vishing

I didn’t think we needed a specific term for scam phone calls, but here we are. Following in the footsteps of smishing and quishing, we also have the term vishing. Vishing is another portmanteau, created from voice + phishing. When you see or hear about vishing, they’re referring to any phishing/cybercrime carried out over the phone or through other verbal means.

Vishing Examples

You may know of some of these vishing scenarios already, but they’re worth rehashing. Some of these employ live human voices, while others might use recorded messages or even AI-generated speech.

  • Big Tech Impostor: An important technology company calls to urge you into action. The call may claim to be from Apple, Microsoft, Yahoo, Google, etc., and they may claim your account has been compromised or your data has been stolen. Others calls seem to come from Norton, McAfee and the like, where they state your PC is infected, or you are due some special refund. These calls often become a remote control scam.
  • Big Merchandise Impostor: Most of us place orders with Amazon or Wal*Mart, but that doesn’t mean they’ll call you out of the blue. Calls announcing that your shipment has been lost or damaged, will probably morph into a refund-based scam.
  • Pretending to Be Your Bank: Is that call really coming from your bank, or is it an impostor. Be suspicious if the person on the phone wants your PIN, or a texted code or anything else sensitive from you.
  • Television/Broadcast/Satellite Impostors: Xfinity, Dish, DirecTV and more are commonly impersonated on calls offering discounts and refunds.
  • The Grandparent Scam: Vishers call their victims, trying to pass themselves off as young relatives in trouble. Even worse, this scam is changing to employ AI-generated voices that sound very convincing. Family members report receiving calls that claim someone dear to them has been kidnapped.
  • Police Department/Court Systems/IRS Threats: If you need to pay your taxes, settle a court order or be arrested, a government employee will not call you to take payment over the phone. But these vishing efforts succeed everyday, because people are often afraid of these entities coming to their doors.

Advice & Notes about Vishing

vishing
  • Most vishing calls use Caller ID spoofing, to make them more convincing. Please remember that Caller ID is not always truthful.
  • Do not harass or aggress a caller, if you figure out they are a scammer. In rare instances, the cybercrook will respond by swatting their victim. Just hang up on them.
  • Some vishing calls originate from your trash. A crook may harvest an account number or some other PII after doing a little dumpster diving. I recommend you shred all sensitive paperwork before you dispose of it.
  • If you haven’t put your number on the National Do Not Call Registry, now’s the time. It won’t solve your telemarketing call problems, but it might decrease the unwanted calls coming in.
  • Let all unknown callers roll to voicemail. Do not answer mystery callers.
  • Some vishers look to leave a voicemail message about an urgent situation. They may use tools that send their call directly to your voicemail inbox! The recording will state a phone number to call, but that will typically just connect you to the scammers. Do not call these crooks back!
  • Don’t speak to a robocall or any suspicious caller. Some experts worry that talking on a recorded line may make it easier for a crook to steal your spoken words to create voice-mimickry used in their next vishing calls.
  • Vishing calls are getting better everyday, and you may find yourself on a call that you can’t figure out. If you’re feeling torn, hang up the phone! Call the company back, using a number you can trust, either from a printed invoice in your possession, or from their website.

Quishing

That’s not a typo. The title is not missing an ‘S’. Quishing is a new term, made by combining “QR code” and “phishing”. Like smishing, it’s yet another deceptive practice that scammers are using to take advantage of people. Here’s what you need to know, to be safe out there:

QR Codes

this is not a quish, my QR code is safe to use!

QR (quick response) Codes are those delightful Bladerunner-esque hieroglyphics that you see on windows and doors of businesses. Scan a QR code, and it will quickly take you to a website, an app download, or some other useful internet function. And as society gets more comfortable with using them, they’re coming into play in many more places:

  • Restaurants, for viewing menus
  • Parking meters, for instant/electronic payments
  • Hospitals, for health app downloads
  • Storefronts, for advertising/promotional offers
  • Malls and public space, for connecting to free municipal Wi-Fi
  • Product packaging, for access to nutrition/safety info

I’ve previously blogged about using your camera on QR codes, and also how easy it is to make your own QR code, for free. Well, as QR codes become more commonplace, scammers are looking for their angle. These opportunists are finding it handy to use QR codes as they phish, because a QR code hides the URL or true intent from the human eye.

Where Quishing Occurs

Quishing is when a bad guy creates a QR code of his own, and places it somewhere (often in public), to get unsuspecting people to scan it. Since a QR code can link to anywhere on the internet, a quish could lead your phone to:

  • a phishing (impostor) website
  • a dangerous app download
  • a bogus Wi-Fi hotspot
  • malicious sites or advertisements

There’s not a lot of data yet on how common quishing attacks are, but there are reports of specific incidents out there. Austin, TX had a scam last year, where a quisher put his own QR code stickers on their parking meters. When people scanned those bad codes, they were taken to a fraudulent app that tricked them into paying the quisher. Another BBB article references where a student received a bogus financial aid letter in the mail. The printed QR code linked to a phishing website, bent on stealing his money.

Besides quishing stickers appearing in public, unsafe QR codes are also being used in phishing emails. These messages present as if your account needs attention and that you can scan the included QR code to sign in. But scanning that QR code leads the victim to a convincing fake website that asks for your email and password. Someone tricked in this manner will deliver their login info directly to cybercriminals.

New in 2024: unexpected Amazon packages, sent to your home, contain QR codes that can lead to harmful app downloads and phishing websites!

For more quishing examples, check out this BBB article.

How to Be Safe Against Quishing

Don’t Panic. Quishing, while dangerous, is probably not going to shanghai if you remain mindful as you use QR codes.

  • Think twice about any QR code included on a surprise email, in a mystery parcel or shown in an unexpected message. Definitely avoid scanning anything if you don’t know who sent it to you.
  • Before scanning a QR sticker, judge it for legitimacy. Does it look clean and professional? Is there anything sloppy or suspicious about it? If so, trust your gut and look for a URL to type in or some other way to access the info/website/function. Or ask a legitimate employee about the QR code.
  • After scanning a QR code, confirm that you are where you expected to be. If you’re in a bakery, scanning a QR code for a chance to win a free cheesecake, you should be alarmed if instead you see an ad for dating hot singles in your area. If any weird pop-ups or downloads jump onto your screen, do not cooperate with them. Close those apps, or reboot your phone to get away from them!
  • Notice the URL of any website that comes up from a QR code. Does it match what you expected? Scanning a code at Starbucks should take you to a URL with “starbucks.com” in it, not “starb-buckss.tw”.
  • Do not sign-in to any unexpected password prompts, after using a QR code. Only enter sensitive information if you are 100% certain of the QR code’s trustworthiness. Double-check with anyone in authority where the code is posted, for peace of mind.
« Older posts

© 2024 BlueScreen Computer

Theme by Anders NorenUp ↑