Paypal Watch Receipt Scam

This one almost fooled me.

Will the phishing never stop? This email message, which looked remarkably legitimate to me, thanks me for sending $149.49 to a stranger for the purchase of a watch.

Paypal Watch Purchase Scam

I first received it on my iPad, which does not allow me to see where a link points to without clicking it. On my iMac, however, pointing to the link revealed that it went to a php script on a website that was definitely not PayPal.

Remember — if a suspicious email arrives, resist the urge to click a link in it. Instead, go directly to the site purportedly sending the message by typing its URL in your browser’s address bar. In this case, I simply went to www.paypal.com, logged into my account, and checked to see if a transaction had really been processed. Of course, it had not. The whole thing was a scam.

American Express Transfer Email Message Scam

Yet another email scam — this one supposedly from American Express.

I don’t even think the bits had even finished uploading on yesterday’s scam report when this one popped into my email inbox for the same email address (which I’m probably going to turn off very shortly):

Amex Scam

Once again, it’s easy for me to recognize this as a scam:

  • Bad email address. My Amex account uses another one.
  • I don’t have an American Express Open account at all.
  • I didn’t do any Amex transfers.

The message was from a noreply address at Bebo Services. All the links point to the same page on the kingspssq.org.uk domain. Again, I haven’t tried the links and have no plans to do so.

At this point, if you’re blindly clicking links in any email message you get that looks the least bit suspicious, you probably deserve whatever results.

Be smart. Think before you click.

Verizon Acknowledgement Message Scam

Another email scam, this one purportedly from Verizon Wireless.

Got this message in my email inbox today:

Verizon Scam Message

This is obviously a scam. Several things tipped me off:

  • I did not recently do any new transactions with Verizon Wireless. In other words, there was no real reason to contact me.
  • The message was addressed to an email address Verizon does not have for me.
  • Pointing to any of the links in the message reveals the same destination URL on the domain jsslcctv.com — which has nothing to do with Verizon.
  • I didn’t check the account number, but I’m pretty sure mine is my phone number and it doesn’t end with 8281.
  • Poor grammar/wording indicates the person who wrote this message was not a native English speaker.

I don’t know what clicking these links does and I don’t want to know. I just want to warn others that this is yet another scam that could easily suck you in if you’re not paying attention. Think before you click!

Vimeo Phishing Scam

Wonder Woman contacts me about a non-existent video.

I have a Vimeo account. At least I think I do. I’m not sure. I don’t use the service.

Yet today, I got email messages from six people on Vimeo with basically the same content:

Hi,

Brenda Carter just sent you a message on Vimeo:

” Hi,
I found your video on vimeo.com (video-sharing site),
can we publish link to your video in our newspaper?

Thank you,
Brenda Carter, journalist
The Washington Post (http://www.washingtonpost.com/)

If you want to reply:

http://vimeo.com/messages/user183325474

Brenda Carter’s profile on Vimeo:

http://vimeo.com/user183325474

PhishingPretty amazing when you consider that I never uploaded a video to Vimeo.

Also amazing is how many Washington Post journalists liked my non-existent video: six so far today!

Of course, when you point to the Reply and Profile links, they don’t go to the destinations indicated. I didn’t click them. I don’t want to find out what happens. I just want to warn you that this is a scam. Spread the word.

My big challenge today is to find out if I really do have a Vimeo account and, if I do, to turn off notifications — or, better yet, close the account. I’ll also set up Mail to file future messages from Vimeo as spam.

It never ends.

Folks: don’t click links in email messages from people you don’t know.

UPS Package Invoice Scam

Yet another email scam to be on the lookout for.

UPS ScamToday, I got an email message from UPS Quantum View . On the surface, it looked almost legit. There was the from field, which certainly looked legit and a subject of “UPS Delivery Notification, Tracking Number CDE31400FCA9E1A9.” That didn’t sound right to me — I’ve never had a UPS tracking number that started with the letter “C.”

I first saw it on my iPad, so that’s where I opened the message. When I read the contents, I knew something was wrong. It was a plain text message that said:

You have attached the invoice for your package delivery.

Thank you,
United Parcel Service

*** This is an automatically generated email, please do not reply ***

I’ve never received any communication from UPS that wasn’t in HTML. And I’ve never received one with poor English (note first sentence). And finally, I’ve never received any communication from UPS that included an HTML attachment — this one was named invoiceCDE31400FCA9E1A9.html.

Of course, to verify my suspicion that this is some sort of scam, I had to open the attachment. I wanted to do that on my Mac, but not with a Web browser. Instead, I used a plain text editor, TextWrangler. Inside, I found the usual collection of HTML code that would display UPS-looking text and graphics. But most of the links inside the document were to the domain www7apps-myups.com. A quick Whois lookup revealed that the domain is registered to someone in China.

Not UPS.

Other than a bit of javascript at the end of the message that appears to be some sort of counter, the attachment looked harmless enough. I can only assume that clicking the links within the attachment is what triggers whatever this scam attempts to do.

I can imagine someone more gullible than me getting this email message and wondering what package UPS was telling them about. They open the linked file, see what looks like a legitimate UPS communication, and click the link to learn more about the mystery package. Their computer then becomes infected with some sort of virus or perhaps the page itself attempts to get information that the scammers can use for financial gain. I don’t know. I’m not about to try it. You shouldn’t either — not on a computer that isn’t quarantined for this kind of work.

I’ve said it before and I’ll say it again: Don’t open file attachments you aren’t expecting, especially from people you don’t know. Don’t click links from strangers.

Oh, and if you get one of these, forward it to fraud@ups.com.