Tag Archives: scam

Smishing, and why it’s not always a loving hug

I haven’t deconstructed a scam in a while. No bandwidth, and nothing new coming along. Until tonight.

I got a text purportedly from Uber, a service I haven’t used in months.

Antennae up!

Since I’m socially distancing like a champ, plus I like my own cooking better than most restaurants’, I have no reason to interact with Uber tonight or in the recent past.

They, whoever “they” are, sent me a code, with instructions to text “Stop” if I didn’t want continued contact. What does that do? Tells whoever’s on the other end “here’s a live number.”

Well, no, I don’t want any further contact with these bozos, because they certainly aren’t who they say they are. Uber might send you a code if you’re setting up a new account, but you’d know you did that. Same for anyone else you’re starting to do business with. But out of the blue? Not hardly.

What is smishing? We’ve met phishing, emails trying to get you to click somewhere and divulge passwords and personal info. Smishing? Smash together SMS, one of the systems text messages work on, and phishing, and you get smishing.

This makes me sad. Smishing for me used to mean warm, squishy hugs given over the internet. No longer: it’s a cyber weapon.

So, best course of action? Delete, block, ignore, mentally consign to the outer depths. Texting “Stop” will do anything but. At best you’ll you deluged with “offers”, and at worst, you’ll have connected to a premium number that charges via your phone bill. A sum small enough that you might overlook it, or not find it worth your time to contest. Multiply a buck or two times many people, and it adds up.

Or it might be the kind of premium number that gets expensive fast.

The only way to win is not to play. The easiest way to win is not to play.

If you want the game to not come to you, be wary of giving out your phone number. Everyone asks, but “No” is a complete sentence. “I don’t give it out” is milder. That’s the sentence that’s probably defended me from encountering this scam until now.

And as for that Uber scammer? I hope they develop an itch in a place they can’t scratch.

Phone scam to beware of

no This one’s new(ish) and insidious, because it can sneak up on even the vigilant.

Let’s say a telemarketing call slips through. (This is happening more and more, in spite of the Do Not Call lists. A rant for another time.) And you have someone all apologetic for “headset trouble” and “Can you hear me now?”

Hang up.

Do not say “Yes” or anything else. Just nope on out of there. Because there is nothing good to come of this.

The caller is trying to elicit a “Yes” to be used out of context in forming what they will claim is a verbal contract. These are enforceable in some states, and that’s why they’re playing all bumbling with their equipment. All they need is that one “Yes” that’s indisputably you to edit in.  You agreed they’re audible, but they’ll claim you agreed to pay for something. Even if you say “No, and fuck off” once they’ve offered cruises and time shares and other iffy deals, you may find yourself with an invoice they’ll fight hard to make you pay.

This can get unwrapped, with time, money, possibly lawyers, but in some states, if it sounds like a verbal contract, it may go against you. Then it’s a pay or suffer (more) situation.

Meet all “Can you hear me?” calls with a dial tone and possibly an upraised middle finger.

If it turns out your long lost Great-Aunt Gertrudis was really having trouble with her phone, she’ll call back.

Oh hell no

noOh, hell to the no.

This scam is so damned stupid I feel the need to fisk.

*************

Good morning!

Your fiscal information for February 2014 in the attached scan. (I’m anxious to see what I get because I know I did business with a company called Australia Construction!)

PASSWORD 1234  (Ooooh, STRONG!)

You should to write in questionnaire before May 22th, 2014. (Whut?)
Your identification number is: 1324932. (Of course it is.)

Yours very sincerely, Chief accountant. (Who isn’t signing his name.)
+1 (913) 955-30-85 (Because I’m in Kansas too. Not.)

To unsubscribe our notice, please send us email with “Unsub” in subject. (The email didn’t actually seem intended for me, since the addy was a couple letters off. And you want me to confirm you got a live address. Riiiiight.)

No threats found in this notice. Checked by NANO Antivirus. Mon, 19 May (Ooh, I believe you!)

And of course they give me an attachment, called, fittingly enough, Attachment.rar.

RAR is a torrent type file, which could be filled with any damned thing, none of which will be allowed into my system. I’m not entirely sure that I could get it open, although Windows 7 opens lots of things now, but this is Pandora’s box.

Exactly how stupid do they think I am?

Wait, don’t answer that. But however stupid I really am, which on a good day is “only a little,” I’m not gullible enough to unleash this scam  into my computer.

I haven’t written about scams in a while, because they’ve all been depressingly the same old, same old. Mr. Farouk Al-Imacrook wants my help in getting millions out of some African country, Mrs. Bebe Willyoufallforthis is dying and has selected me to distribute her great wealth. That hoary old chestnut where an acquaintance gets hacked and that email sends out pleas of “Help! I’m in Djakarta and my wallet was stolen!” made the rounds again. I suppose it’s a function of using what works just often enough.

But this one is a new low in “We couldn’t deliver your package.”

USPS .COM
       
Notification

Our courier couldnt make the delivery of parcel to you at 30th April 2014.
Print label and show it in the nearest post office.

  Print a Shipping Label NOW

USPS | Copyright 2014 USPS. All Rights Reserved.

BBC Latest News:

Girl dies after alleged bullying attack
Authorities are investigating whether it was an extreme case of bullying that led to the death of a 17-year-old student in Argentina, after she was attacked by two women and another girl last week.

*****************************

Fascinating. Like this would get you anything besides a blank look at the counter? It’s called “prior plausibility” and as far as getting me to click on that button? Not happening. The Post Office doesn’t work that way. (The button’s fangs have been pulled: Lord knows what sort of mayhem was waiting at http://
babirutza.biz) Not to mention the weirdness of getting BBC news from this source. The typo is theirs, and the wording betrays unfamiliarity with local conventions.

Besides, we may outsource a lot of customer service in the US, but the Post Office to a place where the return address is donotreplay@ayulistari.nl? Puhlease.

This scam has the novelty of a clickable link for trouble rather than an attachment with an exec file hidden inside, which makes it harder for the filters to catch and quarantine it.

People do receive packages all the time, so not being able to deliver one isn’t out of the question, but we know how it’s done, and it isn’t like this.

Of course! This makes perfect sense

redpen1I haven’t had a scam to dissect in a while: the filter is too efficient or the offerings too mundane. Millions of dollars are still to be moved from Nigeria or Burkina Faso but not with any help from me.

This person at least has a novel twist: I’ve been mistaken for someone who knows something about a highly specialized industry. Not.

The Project is about the exportation of 100,000 barrels of Light Crude Oil daily out from Iraq to Turkey through my client’s company in Iraq at the rate of $92.00 a barrel. This amount to $9,200,000 daily. I ask for your support as a foreigner to handle this business project with my client and you are not expected to invest in Iraq

If yes, let me know and we will discuss this project proper.

kim@exporterkim.nazuka.net

Kim

My name isn’t Exxon or Schlumberger or even Sinclair.  I have no knowledge whatsoever about what to do with oil in its crude state, but then, all I really need is to open my finances to a perfect stranger to put my hands into that money waterfall.

Someone, somewhere, is going to fall for this. That’s scary.