1. Attachments are working again! Check out this thread for more details and to report any other bugs.

New twist on an old scam

Discussion in 'Fred's House of Pancakes' started by bwilson4web, Apr 23, 2024.

  1. bwilson4web

    bwilson4web BMW i3 and Model 3

    Joined:
    Nov 25, 2005
    27,660
    15,661
    0
    Location:
    Huntsville AL
    Vehicle:
    2018 Tesla Model 3
    Model:
    Prime Plus
    So I got this fake invoice in my e-mail:
    upload_2024-4-23_11-43-40.png

    So I called the number and a nice, Asian accented fellow explained "someone in Dayton OH had made this order.' Then he asked me to open two different URLs in my web browser:
    He said, "You are not understanding what I am saying." He claimed someone was using my IP address.

    I told him that I have no permanent IP address as my service provider always gives me an IP address in the 192.168, non routable range.

    Again, he said, "You are not understanding what I am saying."

    Actually I was, CLICK.

    Usually these come in as a URL in a text message for via e-mail. Never had someone tried to talk me into entering a URL. Of course these URLs just try to download a 'ransomware' program.

    Out of caution, I double checked my credit card accounts and nothing showed up. I'll check again in a few days but suspect there won't be anything.

    Next time, I'll play the Tim Conway/Mel Brooks/Red Skelton, oldest man in the world who can't type and have some revenge fun.

    Bob Wilson
     
    #1 bwilson4web, Apr 23, 2024
    Last edited: Apr 23, 2024
    bisco likes this.
  2. bisco

    bisco cookie crumbler

    Joined:
    May 11, 2005
    110,129
    50,045
    0
    Location:
    boston
    Vehicle:
    2012 Prius Plug-in
    Model:
    Plug-in Base
    those are the ones i mentioned in your text thread. i get about one a day in the junk folder.
    i've never called them though. it's funny (not) one of our banks just reported that our name and acct. # was stolen.
    we get free credit reporting if we sign up, but to sign up, you have to give them your ss number. :rolleyes:
     
    bwilson4web likes this.
  3. Mendel Leisk

    Mendel Leisk EGR Fanatic

    Joined:
    Oct 17, 2010
    56,666
    39,220
    80
    Location:
    Greater Vancouver, British Columbia, Canada
    Vehicle:
    2010 Prius
    Model:
    Touring
    With scam text messages on my iphone, I made a contact called Spam Report, with the number 7726. I open the text, touch-and-hold somewhere other than a link (if there is one), choose "More" from the pop-up, and then forward it to good ol' Spam Report.

    Not sure if it's gonna catch up with them, but it feels good.
     

    Attached Files:

    bisco likes this.
  4. Louis19

    Louis19 Active Member

    Joined:
    Feb 4, 2022
    392
    357
    0
    Location:
    Laval Québec Canada
    Vehicle:
    2022 Prius Prime
    Model:
    Upgrade
    as time goes by , we receive more and more fake invoices, fake alarms on the phone saying that my credit card has been used , fake calls from Amazon ..telling me that prime will cost more....fake ups that cannot be delevered...and so on...finally i just ignore all that crap but do check my credit card bills to make sure. We live in a world where good simple values , honesty ,and respect is vanishing.
    and yes spam is invading text messages
     
    bisco likes this.
  5. ChapmanF

    ChapmanF Senior Member

    Joined:
    Mar 30, 2008
    24,902
    16,209
    0
    Location:
    Indiana, USA
    Vehicle:
    2010 Prius
    Model:
    IV
    While it's non uncommon for a router to NAT you like that, there is also a routable IP your provider is giving you (necessarily so, exactly because your 192.168 is, as you say, non routable). Web sites like whatsmyip can show you what the rest of the world is seeing as your address, while your computer is showing you the non-routable local one.

    The provider could still be giving you a stable external IP, or one that changes. Typically, if you haven't asked them for a stable one or they haven't promised one, it changes.

    Of course your scammer was a scammer and none of this was important to him anyway.

    This whole NAT business has been the mother of some weird inventions like STUN, TURN, and ICE.
     
    bwilson4web likes this.
  6. bwilson4web

    bwilson4web BMW i3 and Model 3

    Joined:
    Nov 25, 2005
    27,660
    15,661
    0
    Location:
    Huntsville AL
    Vehicle:
    2018 Tesla Model 3
    Model:
    Prime Plus
    The known IPV4 addresses of the common carriers are dynamically assigned to your actual IP address which means it would be nearly impossible any fixed IP address maps to me. This was the scammer's grossest mistake . . . which I throughly enjoyed.

    There is also IP packet tunneling and VLANs that lets a mix of IP packets ride inside an IP pipe that can even be IPV6 carried. I engineered such things back in 2014-2016 when I was working. Along with VOIP using ancient 4-wire audio and QOS routing of critical and less critical data streams. Well it was a fun job.

    Although improbable, like winning the Lottery, it is functionally impossible for an Asian accented voice caller to 'have your IP address' and much less, tickling it. Combined with his recommended MS-DOS/Windows techniques, he might as well said, "Thank you for calling. I'm your thief and here to rob you."

    Bob Wilson
     
    #6 bwilson4web, Apr 23, 2024
    Last edited: Apr 23, 2024
  7. fuzzy1

    fuzzy1 Senior Member

    Joined:
    Feb 26, 2009
    17,557
    10,324
    90
    Location:
    Western Washington
    Vehicle:
    Other Hybrid
    Model:
    N/A
    What was the "new twist" part?
     
  8. bwilson4web

    bwilson4web BMW i3 and Model 3

    Joined:
    Nov 25, 2005
    27,660
    15,661
    0
    Location:
    Huntsville AL
    Vehicle:
    2018 Tesla Model 3
    Model:
    Prime Plus
    Using the phone to give their thieving URL. In the past, the URL was in an e-mail or SMS text.

    Bob Wilson
     
  9. fuzzy1

    fuzzy1 Senior Member

    Joined:
    Feb 26, 2009
    17,557
    10,324
    90
    Location:
    Western Washington
    Vehicle:
    Other Hybrid
    Model:
    N/A
    I believe a friend was struck by such an attack quite a few years ago, received by direct phone call. The caller somehow knew exactly what computer she had, and where and when she bought it, which gained her trust, so she went to the requested website to load the remote desktop app that was needed for the 'technician' to perform the purported fixes. But when she handed over control, the screen quickly revealed it reading files it had no business accessing for any purported bug, prompting an immediate yank of the plug. I went to help her rebuild the system.

    That "AnyDesk" link is for a similar remote desktop app, which should be a very legitimate product for internal corporate IT and HelpDesk support. It is just that scammers have no legitimate reason for such access.

    The other link is not familiar, so probably is the malware bit.
     
  10. ETC(SS)

    ETC(SS) The OTHER One Percenter.....

    Joined:
    Oct 28, 2010
    7,855
    6,655
    0
    Location:
    Redneck Riviera (Gulf South)
    Vehicle:
    Other Non-Hybrid
    Model:
    N/A
    I never go through my junk folder, so I couldn't tell you what's in there. I'm thinking that this is WHY we have junk folders in the first place.
    Every now and again I will get instructions indicating that I should 'check my junk folder' if I don't get this activation code or that link.
    I'm thinking that if they fail to reach me using an email address that I JUST GAVE them then I might want to rethink our relationship and offer my patronage to one of their competitors.
     
    bwilson4web likes this.
  11. sylvaing

    sylvaing Senior Member

    Joined:
    Jul 15, 2023
    1,185
    495
    0
    Location:
    Canada
    Vehicle:
    2017 Prius Prime
    Model:
    Plug-in Base
    Had a similar email a few weeks back and called them too. Me, it was someone with an Indian accent. I told them I don't know computers (I've been in IT for 35 years lol) and my son had installed an antivirus but it wasn't that one. Told me he would help me to remove it and to download that anydesk client. He had to help find my Chrome browser on my desktop, blah blah blah. Wasted 15 minutes of his time (I'm retired so I have time to waste lol) before I told him that I knew he was a scammer, then, click. At least, he wasn't scamming someone else is the mean time.
     
    bisco and bwilson4web like this.
  12. bisco

    bisco cookie crumbler

    Joined:
    May 11, 2005
    110,129
    50,045
    0
    Location:
    boston
    Vehicle:
    2012 Prius Plug-in
    Model:
    Plug-in Base
    Every now and then, good emails wind up in the junk folder. I’m not sure why
     
  13. ETC(SS)

    ETC(SS) The OTHER One Percenter.....

    Joined:
    Oct 28, 2010
    7,855
    6,655
    0
    Location:
    Redneck Riviera (Gulf South)
    Vehicle:
    Other Non-Hybrid
    Model:
    N/A
    Every now and then 'good food' winds up in dumpsters too.
    I don't actually care why this happens, nor do I go 'dumpster diving' to see if there's something that I might like to eat.
    If somebody sends me something and I do not get it, that's a 'them' problem, not a 'me' problem.

    Whether or not this makes me a harder target for scammers or just a 'mudge I will leave to the judgement of the folks playing along at home. ;)


    One of the (many) tactics that scammers use is to get you to do something that you would not normally do - like go dumpster diving for that valuable 'x' thing that got put in there by mistake.....like that 'link' you should not be clicking.....
     
  14. ChapmanF

    ChapmanF Senior Member

    Joined:
    Mar 30, 2008
    24,902
    16,209
    0
    Location:
    Indiana, USA
    Vehicle:
    2010 Prius
    Model:
    IV
    Sometimes it's a 'them' problem, sometimes it's a 'your choice of email provider' problem.

    I regularly email people who receive their mail on gmail.

    I had messages I sent yesterday blocked because gmail didn't like the three letters ending the file name of an attachment I had included. The explanation was that attachments ending in those three letters had been used sometimes for malicious content.

    I renamed the file and attached it again with no other change, and it sailed right through. So much for malicious-content protection. ;) (That was different from gmail's suggested fix, which was that I should gratuitously package up the file as a zip file and attach that instead. Which would just have forced my recipients to fuss with running unzip on it, and then, if indeed it had been malicious content, there it would be again. :rolleyes:)

    The moral is that the filter rules these providers use are nothing like a science; they're a constantly growing and changing hodge-podge of sometimes-smarter, sometimes-dumber rules cooked up under fire to try to block the latest stuff the bad guys were sending, and which the bad guys are constantly figuring out how to get around.

    When a legitimate sender sends you an email that happens to get caught up in that nonsense, blaming the sender means assuming they somehow should have known what crazy rules your email provider was enforcing that day. Just not realistic, sadly enough.
     
    fuzzy1 likes this.
  15. fuzzy1

    fuzzy1 Senior Member

    Joined:
    Feb 26, 2009
    17,557
    10,324
    90
    Location:
    Western Washington
    Vehicle:
    Other Hybrid
    Model:
    N/A
    With three different email providers for my household now -- legacies of different eras not being fully cut off (not counting a gmail account held only for certain application specific requirements) -- I find that each has different filtering patterns. Filters get more aggressive over time, so messages that used to come through, start get blocked until the filter is re-tickled to mark a source is good. Some never appear even in the quarantine folder of one provider, but can appear promptly if sent through another provider.

    Inbound delivery times vary sharply, most arriving promptly, but numerous delayed by many minutes or hours or even more than a day. Inspecting headers for delivery chain postmarks reveal that the delays are not at the source or destination servers, but instead at various other company's servers along the way. If their resolution to their server problems had included purging the queue, which I'm sure does happen, I'd never have received those messages at all. That is one of my reasons for refusing paperless billings and statements as much as possible.

    Outbound messages sometimes get blocked by the receiving end because some third-party spam list marks my provider as sourcing too many spams. Usually resolved within a few days, though happening less frequently anymore.

    Thus, message filtering problems are a moving target, and the delivery problems I'm able to identify are not just "them" or "mine", but also many third parties in between.
     
    #15 fuzzy1, Apr 24, 2024
    Last edited: Apr 24, 2024
  16. bisco

    bisco cookie crumbler

    Joined:
    May 11, 2005
    110,129
    50,045
    0
    Location:
    boston
    Vehicle:
    2012 Prius Plug-in
    Model:
    Plug-in Base
    Sometimes there are emails that are beneficial to me.
    Blaming the sender won’t help me, but regularly checking my junk file does.
    And I delete everything that is junk, so it’s easy to look.
    Reminds me of people who won’t drive electric because it takes so much time to plug and unplug :rolleyes:
     
    bwilson4web likes this.
  17. fuzzy1

    fuzzy1 Senior Member

    Joined:
    Feb 26, 2009
    17,557
    10,324
    90
    Location:
    Western Washington
    Vehicle:
    Other Hybrid
    Model:
    N/A
    ... of that phone number you should never call. With or without CallerID blocked.
     
  18. ColoradoCrow

    ColoradoCrow Active Member

    Joined:
    Sep 2, 2019
    980
    398
    1
    Location:
    Leawood, KS
    Vehicle:
    2008 Prius
    Model:
    I
    Yeah its bad. Anybody who asks you to go to anydesk....................................RUN. Total scam.
    ANYDESK is a Buzzword....right up there with mother madian name.
     
  19. ChapmanF

    ChapmanF Senior Member

    Joined:
    Mar 30, 2008
    24,902
    16,209
    0
    Location:
    Indiana, USA
    Vehicle:
    2010 Prius
    Model:
    IV
    better than a buzzword, it's a tool that lets you hand over complete control of your computer and everything on it to the scammer