Getting Myself Phished, a Quick Yakking about Hacking

 

Phishing is the email version of pretending to be someone you’re not. The end goal is to talk some dupe into clicking on your link, to either steal their information or otherwise break into their computer. I know a thing or two about what this is and how it works, and yet I clicked on the link last night. Let’s go straight to story mode, shall we?

I see an email in my inbox, from Admin PayPal. Subject line “Your account has been limited. (Code: E8 -s0me-malarky)” I open the email. I’ll screenshot the message for you to see it for yourself.

Email Text: Dear Client, Suspicious Activity on Your Account. Your Account Information has been changed. [ Billing or Shipping Address ] As our security precautions, we need more information from you. Your account will be limited until you provide some additional information. Please login into your Account and review your activity by clicking on the link below. paypal.com/login? Yor action is required to help us protect you PayPal account securely.
Wouldn’t you like to be a sucker too?
I click the link. It takes me to a login page, and I give them my login and my password. The captcha has a set of letters and numbers on a background of the PayPal logo repeated randomly. I screw up the captcha on the first try, it tells me to try again. I log in.

The next page is asking me for my address, and other information. At this point, my brain goes “Wait a minute…”. If this were legit they’d be asking me to confirm information they already had, not asking me to input it again from zero. I look up at the URL. It’s not to PayPal.com. This is a scam, and I fell for it. “Oh, crap.”

Let’s leave me hanging on that cliff for a bit and play a game. This game is not nearly as popular as I’d expect. It’s called “What did Hank do Wrong?” Let me give you a list of minor and major errors, from the top:

  1. ‘Admin PayPal’ is as generic as a name comes. I could have recalled that I get my monthly statements from service@PayPal.com, which should have made me suspicious.
  2. The subject line tells me they’re taking something away. That’s a cheap psychological trick to get you to want it more, as surely as Shamrock Shakes are here for a limited time only.
  3. The body of the email has some suspect grammar in it. A great deal of the time these attacks are authored by people who don’t have English as a first language. Hey, if you’re a Russian hacker, are you going to scam other Russians, or go for the Yanks who have money? Bad grammar isn’t dispositive in this day and age, but I should have noticed and been suspicious.
  4. Another cheap psychological trick, note how the email is worded subtly as “you have a problem, you need to fix it.” This puts you on the defensive and makes you eager to trust the scammer in order to prove that you’re not a bad person. The main thing I dislike about cheap psychological tricks is how well they work.
  5. This is the big one, I didn’t check that the link in the text goes where it says it goes. If I had taken the time to hover over it, a destination tooltip would have shown up in the bottom left of the screen, telling me that this particular link will send me to mysp.ac/4ZhbF. There’s absolutely no reason why PayPal would use that address. You should always look at that tooltip before you follow a link, if only to avoid getting Rickrolled. Like a chump, I didn’t check.
  6. Again, no reason to trust that link. If the email was legit I could have gone to a new browser window, gone to PayPal manually, and logged in like I normally do. The site would have given me whatever alert was necessary there and I wouldn’t be exposed to the risks of an email link.
  7. Finally, I acted too quickly. “Problem with PayPal” translates to a problem with my money, which means I need to act quickly so no one gets access to my money. So to limit the damage I act rashly, giving people the ability to do exactly the sort of damage I’m looking to mitigate. I’ve made better decisions.

Okay, back to the story, what did I do next? I closed out of that window. I opened another window, went to PayPal.com in that window, logged in, and changed my password. There’s still a great deal more risk than I would like in the minute the bad guys had my active password. Still, locking them out helps mitigate damage. If they didn’t act immediately then they won’t get very far with a no-longer-useful password. Next, I reported a security issue to PayPal. They had a chat-bot which confirmed for me that the email didn’t originate with them. It also let me know that, thanks to the ‘rona, they’re understaffed and it’d be several hours before a real live person would be able to talk with me. Guess it’s a propitious time to go a-hackin’.

What happens next? I don’t know. If they managed to do something nefarious to my computer simply by my clicking the link (which is possible), then I’m going to run into more complications as time goes by. Next possibility, they had a program set up to take the credentials immediately and mess with my PayPal account. That would be pretty bad, but having alerted PayPal to an issue I can at least hope they shut down any fraudulent transactions with a vengeance. Financial institutions don’t like getting scammed any more than I do. What I think is most likely to happen is nothing at all. That’s the outcome I’m hoping for. That would mean that the hacker didn’t build a complex and automatic response to my stupidity; they’re just gathering information that will be used at a different time. In which case they’ve got my login, a password that’s no longer useful anywhere, and two attempts at a captcha. That ain’t much.

What can we learn from this sordid episode? One, it happened to me. I know how this stuff works; I flatter myself that I could craft a better phishing email than the dastard who hooked me. But they still got me. Anyone can fall for this stuff, so prepare your defenses in depth. I wrote out my mistakes and what I ought to have done so that you can see and be warned by them. And remember that the Good Lord has the last word on cybersecurity.

Two, don’t be afraid to talk about it. Phishers and con artists rely on marks who haven’t heard their line before. A sucker who knows that you don’t own the Brooklyn Bridge won’t buy it from you, now will he? So I’m admitting to getting stung, in detail, in the hopes that it’ll make this particular nogoodnik’s life of crime less profitable.

And three, a quick note about cybersecurity. The dirty secret of the whole profession is that you don’t have to outrun the bear. You just have to outrun the slowest hiker. In this case I’m pinning my hopes on the probability that this particular phisher has other suckers on the line who didn’t react quite as quickly as I did. If he can filet the other suckers than he can continue on fat and happy without giving me a second thought. If he has to deal with smart targets the hacker is going to get hungry, which means he’ll have to up his game into the more dangerous (but more difficult) automated responses I mentioned up above.

And that, ladies and gentlemen, is as far as I can take this story at the moment. Hopefully you’ll never hear about my bank account being drained, my secrets being published on an .onion site, and how Rick Astley is never gonna give you up. I’ll just have to wait and see.

Published in Science & Technology
Like this post? Want to comment? Join Ricochet’s community of conservatives and be part of the conversation. Get your first month free.

There are 31 comments.

Become a member to join the conversation. Or sign in if you're already a member.
  1. Sandy Member
    Sandy
    @Sandy

    Quick thinking, and good advice. I get lots of messages telling me my Apple and Paypal accounts have been shut down—they seem to be favorites. After reading one or two of these, I assumed they were all rotten. Without further evidence, I’ve decided that any email saying that an account has been shut down is phishing. Am I wrong? In any case, it’s easy enough to check to see where the email is actually coming from or maybe just to open the supposedly shut-down account. If I have time, I like to look at the details of the message to see where they made errors. There are always errors.

    • #1
  2. RightAngles Member
    RightAngles
    @RightAngles

    I got that email the other day, and you will be totally embarrassed when I tell you that this is what I did with it:
    ……………………………………………………

    • #2
  3. Matt Balzer, Imperialist Claw Member
    Matt Balzer, Imperialist Claw
    @MattBalzer

    Hank Rhody, Badgeless Bandito: This game is not nearly as popular as I’d expect. It’s called “What did Hank do Wrong?”

    I bet it’s still more popular than you would like.

    I got one of those too. I was with you up until between steps 3 and 5. I went into the email, read it and remembered to check the link. Apparently the tedious training they made us do paid off. So far at least.

    • #3
  4. DrewInWisconsin is done with t… Coolidge
    DrewInWisconsin is done with t…
    @DrewInWisconsin

    I got one from Wells Fargo yesterday about problematic transactions on my account.

    Which would have got my attention if I actually banked with Wells Fargo.

    • #4
  5. Stad Coolidge
    Stad
    @Stad

    I’ve been getting e-mails supposedly from a couple of my old friends in Raleigh, but they deny sending them. For example, the subject line will be something like Fwd: From Joe Smith. When you open it, a line says something like From: <Joe Smith>, and the text below says, “I’ve been meaning to send you this: [with a link].

    The link usually ends in something weird like “.INFO”. When you go into the e-mail properties, you see the return address is from some person @college name.edu – no doubt a fake person using a real college’s web address (or spoofing it).

    No wonder one of my friends at work thinks identity thieves should get the death penalty . . .

    • #5
  6. Miffed White Male Member
    Miffed White Male
    @MiffedWhiteMale

    DrewInWisconsin is done with t&hellip; (View Comment):

    I got one from Wells Fargo yesterday about problematic transactions on my account.

    Which would have got my attention if I actually banked with Wells Fargo.

    I get those four or five times a week. I don’t use Wells Fargo either.

    My general rule of thumb is to ignore *all* emails from any financial institution. Pretty much the only ones that are legitimate are the ones either trying to sell me something (which I don’t really care about), or telling me that my latest statement is available (which I don’t need an email to know about, since they’re on a schedule).

     

     

     

    • #6
  7. Miffed White Male Member
    Miffed White Male
    @MiffedWhiteMale

    The one piece of advice that @hankrhody missed is to enable two-factor authentication (if available) on any financial accounts. That’ll get you a text message if anybody tries to log into your account from an unauthorized computer.

     

     

    • #7
  8. Stad Coolidge
    Stad
    @Stad

    Miffed White Male (View Comment):

    DrewInWisconsin is done with t&hellip; (View Comment):

    I got one from Wells Fargo yesterday about problematic transactions on my account.

    Which would have got my attention if I actually banked with Wells Fargo.

    I get those four or five times a week. I don’t use Wells Fargo either.

    My general rule of thumb is to ignore *all* emails from any financial institution. Pretty much the only ones that are legitimate are the ones either trying to sell me something (which I don’t really care about), or telling me that my latest statement is available (which I don’t need an email to know about, since they’re on a schedule).

     

     

     

    I love the ones from the “Windows Team” telling me my Windows 10 is corrupted. I want to e-mail back and say, “Of course it’s corrupted – it’s from Microsoft!”

    • #8
  9. Hank Rhody, Badgeless Bandito Contributor
    Hank Rhody, Badgeless Bandito
    @HankRhody

    Sandy (View Comment):
    There are always errors.

    You’re right, and that worries me. Note that paragraph about being the second slowest runner. When the phisher can’t make a living with bad spelling and worse grammar then he’ll have to improve. and these will be harder to spot.

    • #9
  10. Arthur Beare Member
    Arthur Beare
    @ArthurBeare

    My address book contains about 30 entries beginning ”Abuse @ . . . “ & I always report these things. I have even tried to contact college IT groups when the link or origin ends in”.edu”, which is fairly common (3-8%), and more difficult than you might think.

     

     

    • #10
  11. Hank Rhody, Badgeless Bandito Contributor
    Hank Rhody, Badgeless Bandito
    @HankRhody

    Matt Balzer, Imperialist Claw (View Comment):

    Hank Rhody, Badgeless Bandito: This game is not nearly as popular as I’d expect. It’s called “What did Hank do Wrong?”

    I bet it’s still more popular than you would like.

    I can handle that, it’s just difficult when they’re playing the team sport variant.

    I got one of those too. I was with you up until between steps 3 and 5. I went into the email, read it and remembered to check the link. Apparently the tedious training they made us do paid off. So far at least.

    Yeah. I usually spot these too. It’s just that some times you end up winning the Spanish National Lottery.

    • #11
  12. Hank Rhody, Badgeless Bandito Contributor
    Hank Rhody, Badgeless Bandito
    @HankRhody

    Miffed White Male (View Comment):

    The one piece of advice that hankrhody missed is to enable two-factor authentication (if available) on any financial accounts. That’ll get you a text message if anybody tries to log into your account from an unauthorized computer.

    It’s good advice, with the caveat that you don’t want to use your phone as a second factor if you’re also banking over your phone. That leaves you in a pretty sour position if someone gets ahold of your cellphone.

    • #12
  13. Matt Balzer, Imperialist Claw Member
    Matt Balzer, Imperialist Claw
    @MattBalzer

    Hank Rhody, Badgeless Bandito (View Comment):
    It’s just that some times you end up winning the Spanish National Lottery.

    That must be my $400 now!

    • #13
  14. Belt Member
    Belt
    @Belt

    One other suggestion. Make it a habit of never clicking on a link from a ‘notification’ email, even if it’s from a legitimate source. Go to the company’s website directly and use their logon. If the email is legitimate, you can take care of it from there. If not, you’ll figure out that they’re scamming you.

    By changing your password, you’re probably okay. But if you use that, or a similar password for any other service, change it there as well. Once the scammer gets your logon credentials for one service, they’ll try a bunch of other services just to see if they can get in those as well.

    • #14
  15. Hank Rhody, Badgeless Bandito Contributor
    Hank Rhody, Badgeless Bandito
    @HankRhody

    Belt (View Comment):
    By changing your password, you’re probably okay. But if you use that, or a similar password for any other service, change it there as well. Once the scammer gets your logon credentials for one service, they’ll try a bunch of other services just to see if they can get in those as well.

    This was a randomized password saved in a password manager. It’s plenty unique. 

    • #15
  16. Basil Fawlty Member
    Basil Fawlty
    @BasilFawlty

    Hank Rhody, Badgeless Bandito (View Comment):
    It’s plenty unique. 

    They’re the best.

    • #16
  17. Basil Fawlty Member
    Basil Fawlty
    @BasilFawlty

    In this day and age, any good email provider should have caught it in their spam filter.

    • #17
  18. RushBabe49 Thatcher
    RushBabe49
    @RushBabe49

    I also got one from Wells Fargo, and due to all the publicity they are getting lately, they are the last bank I would ever consider doing business with. I have never in all my 71 years had anything to do with Wells Fargo.

    • #18
  19. Basil Fawlty Member
    Basil Fawlty
    @BasilFawlty

    RushBabe49 (View Comment):

    I also got one from Wells Fargo, and due to all the publicity they are getting lately, they are the last bank I would ever consider doing business with. I have never in all my 71 years had anything to do with Wells Fargo.

    I’ve listened to many tales of Wells Fargo.

    • #19
  20. RushBabe49 Thatcher
    RushBabe49
    @RushBabe49

    You would not believe what just hit my inbox at a separate email address I use for my business survey. This is about as funny as it gets! Ooooh, I’m just quaking in my boots!

    YourmpasswordLisYxxxxx,MICneedtyouri100L%OattentionzforlthevtheqnextWTwenty-fourVhrs,BorVIlwillMcertainlyDmakeYsureayoutthatRyouWliveFoutSofIembarrassmentbforNthelrestfofhyourKexistence.
    survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl
    Helloethere,fyouSdoOnotdknowhmelpersonally.sYetKIhknowfnearlyYanythingsconcerningVyou.mAlliofjyournfacebookccontactylist,KphoneicontactsGalongWwithxallstheHvirtualUactivityvinJyourNcomputerYfromLpastn184zdays.z
    survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl
    Including,XyourUmasturbationGvideo,WwhichvbringslmebtoftheamaincreasonTwhyuIjamUwritingSthislmailPtonyou.e
    survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl
    WellrtheTlastWtimeyyouDwentgtolseeethejsexuallyugraphicgwebpages,umyAmalwarejwasNactivatedginsideWyourYcomputerNsystemIwhichDendedEupQrecordingDaebeautifulEfootagenofOyourLmasturbationVplayLbystriggeringcyourowebMcamera.w
    (youZgotaaxincrediblynweirdepreferenceIbyfthefwayulol)B
    survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl
    IPhavejtheufullFrecording.ZIfYyouYthinkQIQamVfoolingJaround,xjustTreplyE‘proof’dandfICwillUbeSforwardingUtheXrecordingjrandomlyztoU11ppeopleRyoudknow.
    survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl
    ItScouldKendDupubeingnyourcfriend,GcoOworkers,iboss,uparentsP(Ifdon’tdknow!dMyzsystembwillWrandomlympickCthewcontacts).
    survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl
    WillTyouDbecablectoblookLintoIanyone’sceyestagaintafterfit?VIequestionMthat…
    survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl
    However,titldoesJnotXneedrtoJbeSthathway.
    survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl
    ItwouldKlikektogmakegyouEaU1htime,Enonjnegotiablejoffer.y
    survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl
    Getp0.3KBTCyandzsendTitutoBtheldownLbelowCadd ress:

    1MiKWwKnDCLo8unzjKMBeRVHXBd8a17**Pji
    [CASE-SENSITIVEsowcopyH&Spasteqit,wandqremovel**Gfrom it]
    survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl
    (IfWyoumdoBnotwunderstandyhow,blookupkhowztoqacquirexBTC.xDoJnotVwasteGmytvaluablentime)
    survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl
    IfayouxsendpthisRparticularX‘donation’V(let’sZcallUthiscthat?).GAftervthat,JITwillfdisappearIandwnevergeverKmakeRcontactHwithzyoupagain.WIUwillkeliminatezeverythingoILhavelinRrelationftooyou.IYouMmayZcontinueNlivinggyourqordinarywdayxtoGdayrliferwithmzeroHconcerns.
    survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl
    You’veG24nhoursAtoBdoDso.UYourHtimeqwillPbeginwasTsoonSyouugoFthroughJthisQmail.GIlhaveganKuniqueyprogramicodevthatmwillbalertSmegonceqyouhseerthisUmailDsogdon’tntryetoEactPsmart.

    • #20
  21. Basil Fawlty Member
    Basil Fawlty
    @BasilFawlty

    RushBabe49 (View Comment):

    You would not believe what just hit my inbox at a separate email address I use for my business survey. This is about as funny as it gets! Ooooh, I’m just quaking in my boots!

    YourmpasswordLisYxxxxx,MICneedtyouri100L%OattentionzforlthevtheqnextWTwenty-fourVhrs,BorVIlwillMcertainlyDmakeYsureayoutthatRyouWliveFoutSofIembarrassmentbforNthelrestfofhyourKexistence.
    survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl
    Helloethere,fyouSdoOnotdknowhmelpersonally.sYetKIhknowfnearlyYanythingsconcerningVyou.mAlliofjyournfacebookccontactylist,KphoneicontactsGalongWwithxallstheHvirtualUactivityvinJyourNcomputerYfromLpastn184zdays.z
    survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl
    Including,XyourUmasturbationGvideo,WwhichvbringslmebtoftheamaincreasonTwhyuIjamUwritingSthislmailPtonyou.e
    survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl
    WellrtheTlastWtimeyyouDwentgtolseeethejsexuallyugraphicgwebpages,umyAmalwarejwasNactivatedginsideWyourYcomputerNsystemIwhichDendedEupQrecordingDaebeautifulEfootagenofOyourLmasturbationVplayLbystriggeringcyourowebMcamera.w
    (youZgotaaxincrediblynweirdepreferenceIbyfthefwayulol)B
    survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl
    IPhavejtheufullFrecording.ZIfYyouYthinkQIQamVfoolingJaround,xjustTreplyE‘proof’dandfICwillUbeSforwardingUtheXrecordingjrandomlyztoU11ppeopleRyoudknow.
    survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl
    ItScouldKendDupubeingnyourcfriend,GcoOworkers,iboss,uparentsP(Ifdon’tdknow!dMyzsystembwillWrandomlympickCthewcontacts).
    survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl
    WillTyouDbecablectoblookLintoIanyone’sceyestagaintafterfit?VIequestionMthat…
    survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl
    However,titldoesJnotXneedrtoJbeSthathway.
    survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl
    ItwouldKlikektogmakegyouEaU1htime,Enonjnegotiablejoffer.y
    survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl
    Getp0.3KBTCyandzsendTitutoBtheldownLbelowCadd ress:

    1MiKWwKnDCLo8unzjKMBeRVHXBd8a17**Pji
    [CASE-SENSITIVEsowcopyH&Spasteqit,wandqremovel**Gfrom it]
    survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl
    (IfWyoumdoBnotwunderstandyhow,blookupkhowztoqacquirexBTC.xDoJnotVwasteGmytvaluablentime)
    survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl
    IfayouxsendpthisRparticularX‘donation’V(let’sZcallUthiscthat?).GAftervthat,JITwillfdisappearIandwnevergeverKmakeRcontactHwithzyoupagain.WIUwillkeliminatezeverythingoILhavelinRrelationftooyou.IYouMmayZcontinueNlivinggyourqordinarywdayxtoGdayrliferwithmzeroHconcerns.
    survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl
    You’veG24nhoursAtoBdoDso.UYourHtimeqwillPbeginwasTsoonSyouugoFthroughJthisQmail.GIlhaveganKuniqueyprogramicodevthatmwillbalertSmegonceqyouhseerthisUmailDsogdon’tntryetoEactPsmart.

    Seems legit.

    • #21
  22. Jack Shepherd Coolidge
    Jack Shepherd
    @dnewlander

    DrewInWisconsin is done with t&hellip; (View Comment):

    I got one from Wells Fargo yesterday about problematic transactions on my account.

    Which would have got my attention if I actually banked with Wells Fargo.

    Hey, I’ve never chosen to bank with Wells Fargo. Yet somehow I still ended up with a checking account there in 1996.

    • #22
  23. Nick H Coolidge
    Nick H
    @NickH

    Another cybersecurity tip: Sign up for alerts at https://haveibeenpwned.com/ to see if your email or account information has shown up in any recent data breaches. Sometimes companies aren’t very forthcoming about when they’ve been hacked (I can’t imagine why) so you might not know that you need to be changing your passwords.

    • #23
  24. RightAngles Member
    RightAngles
    @RightAngles

    RushBabe49 (View Comment):

    You would not believe what just hit my inbox at a separate email address I use for my business survey. This is about as funny as it gets! Ooooh, I’m just quaking in my boots!

    YourmpasswordLisYxxxxx,MICneedtyouri100L%OattentionzforlthevtheqnextWTwenty-fourVhrs,BorVIlwillMcertainlyDmakeYsureayoutthatRyouWliveFoutSofIembarrassmentbforNthelrestfofhyourKexistence.
    survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl
    Helloethere,fyouSdoOnotdknowhmelpersonally.sYetKIhknowfnearlyYanythingsconcerningVyou.mAlliofjyournfacebookccontactylist,KphoneicontactsGalongWwithxallstheHvirtualUactivityvinJyourNcomputerYfromLpastn184zdays.z
    survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl
    Including,XyourUmasturbationGvideo,WwhichvbringslmebtoftheamaincreasonTwhyuIjamUwritingSthislmailPtonyou.e
    survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl
    WellrtheTlastWtimeyyouDwentgtolseeethejsexuallyugraphicgwebpages,umyAmalwarejwasNactivatedginsideWyourYcomputerNsystemIwhichDendedEupQrecordingDaebeautifulEfootagenofOyourLmasturbationVplayLbystriggeringcyourowebMcamera.w
    (youZgotaaxincrediblynweirdepreferenceIbyfthefwayulol)B
    survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl
    IPhavejtheufullFrecording.ZIfYyouYthinkQIQamVfoolingJaround,xjustTreplyE‘proof’dandfICwillUbeSforwardingUtheXrecordingjrandomlyztoU11ppeopleRyoudknow.
    survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl
    ItScouldKendDupubeingnyourcfriend,GcoOworkers,iboss,uparentsP(Ifdon’tdknow!dMyzsystembwillWrandomlympickCthewcontacts).
    survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl
    WillTyouDbecablectoblookLintoIanyone’sceyestagaintafterfit?VIequestionMthat…
    survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl
    However,titldoesJnotXneedrtoJbeSthathway.
    survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl
    ItwouldKlikektogmakegyouEaU1htime,Enonjnegotiablejoffer.y
    survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl
    Getp0.3KBTCyandzsendTitutoBtheldownLbelowCadd ress:

    1MiKWwKnDCLo8unzjKMBeRVHXBd8a17**Pji
    [CASE-SENSITIVEsowcopyH&Spasteqit,wandqremovel**Gfrom it]
    survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl
    (IfWyoumdoBnotwunderstandyhow,blookupkhowztoqacquirexBTC.xDoJnotVwasteGmytvaluablentime)
    survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl
    IfayouxsendpthisRparticularX‘donation’V(let’sZcallUthiscthat?).GAftervthat,JITwillfdisappearIandwnevergeverKmakeRcontactHwithzyoupagain.WIUwillkeliminatezeverythingoILhavelinRrelationftooyou.IYouMmayZcontinueNlivinggyourqordinarywdayxtoGdayrliferwithmzeroHconcerns.
    survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl survey-ismww 2ndFidl
    You’veG24nhoursAtoBdoDso.UYourHtimeqwillPbeginwasTsoonSyouugoFthroughJthisQmail.GIlhaveganKuniqueyprogramicodevthatmwillbalertSmegonceqyouhseerthisUmailDsogdon’tntryetoEactPsmart.

    OMG Hahahaha!

    • #24
  25. RightAngles Member
    RightAngles
    @RightAngles

    I got the most generous email from an actual princess! In Nigeria! She said her husband (the Prince) had to flee the country in haste, and that she will wire his entire $3 million fortune to me tomorrow! All she needs is for me to wire her $3,000 today so that she can flee and join him in hiding so they won’t be killed.

    People are so nice!

    • #25
  26. Stad Coolidge
    Stad
    @Stad

    RightAngles (View Comment):

    I got the most generous email from an actual princess! In Nigeria! She said her husband (the Prince) had to flee the country in haste, and that she will wire his entire $3 million fortune to me tomorrow! All she needs is for me to wire her $3,000 today so that she can flee and join him in hiding so they won’t be killed.

    People are so nice!

    Clearly a phony e-mail scam. If it was real the Princess would say, “Wire me $3000 today so I can flee into hiding so only my husband gets killed.”

    • #26
  27. Full Size Tabby Member
    Full Size Tabby
    @FullSizeTabby

    Related to tip (“error”) #5 in the OP, I have often noticed that in a phishing or scam email, an entire block of text plus the logo is an active link, rather than just the specific blue underlined text as though to get the logo to look legitimate the scammers had to make the logo and the text as a single graphic. Or they do it because even if the reader is trying to avoid the apparent link in the text the reader may still click somewhere else on the page and accomplish the scammer’s objective. 

    • #27
  28. Randy Weivoda Moderator
    Randy Weivoda
    @RandyWeivoda

    Basil Fawlty (View Comment):

    RushBabe49 (View Comment):

    I also got one from Wells Fargo, and due to all the publicity they are getting lately, they are the last bank I would ever consider doing business with. I have never in all my 71 years had anything to do with Wells Fargo.

    I’ve listened to many tales of Wells Fargo.

    I’ve never had an account there, but have dealt with them when one of their customers wrote some bad checks to my parents’ company. Talk about difficult to deal with. I have never hated a bank before, but they taught me to hate Wells Fargo. My parents’ business now has a sign over the front desk saying we won’t accept checks drawn from Wells Fargo. Every customer who has asked about the sign has their own stories about Wells Fargo.

    • #28
  29. Henry Racette Contributor
    Henry Racette
    @HenryRacette

    Great post, Hank. I think you hit all the points, and in particular #5: whenever anything of value is involved, check the website link before clicking on it.

    I also have received the Nigerian Prince email. It’s a scam: the last one I got promised me 20% of 18 million, but by the time it was all said and done I got less than $800,000 deposited to my account. I considered complaining about it to the Better Business Bureau, but I’m a soft touch, and they told me such a sob story that I completely caved: now half the late Prince’s family is sleeping on my sofa.

    • #29
  30. TBA Coolidge
    TBA
    @RobtGilsdorf

    Stad (View Comment):

    RightAngles (View Comment):

    I got the most generous email from an actual princess! In Nigeria! She said her husband (the Prince) had to flee the country in haste, and that she will wire his entire $3 million fortune to me tomorrow! All she needs is for me to wire her $3,000 today so that she can flee and join him in hiding so they won’t be killed.

    People are so nice!

    Clearly a phony e-mail scam. If it was real the Princess would say, “Wire me $3000 today so I can flee into hiding so only my husband gets killed.”

    Also, I have been assured by my grand daughter that real princesses sign off with ‘MWAH!’ 

    • #30