Sunday, January 05, 2020

Chase Fake False Alarm Scam

This is a variation on click on this link email.
This is disguised as an "Is this you?" Monitoring alarm.
It's essentially designed to be a Faked False Alarm with a poison link.

It's the same methodology as the other scams. The window dressing is just different.

It's dressed up as "We're just checking if this login is you. If it is then carry on, no problem." Of course, the login isn't you and you're tempted to click the link to tell them about the "problem." I haven't bothered to click the link, but it's often a nasty php script or other malware. 

Here is what this email looked like:
If you at all care, everything in this email has been falsified. The IP address and the time.

First thing you should notice about the email (besides the odd diction) is the weird Subject line:

"NOTICE AS AT 1/5/2020 6:42:29 PM"

I work with machine monitoring and it Never says: Notice as at ...

Then there's the From line:
The second entry is clearly not Chase Bank. The first one is likely falsified.

And then there's the link:

That "tr" at the end of the URL means Turkey. Again, not at all a Chase Link.

To try to answer the obvious question. No, I don't know who falls for this. What's important is to know that your bank will never do this and beware of links in email. Some of them are legit, but it you're not sure, just visit your bank in the way that you usually do, and don't click on link candy in email.

Thursday, January 02, 2020

Happy New Year - Another Amazon Scam

January 2 and I already have an Amazon Scam in my Inbox.

It's not fair calling it an Amazon Scam, since Amazon is the innocent party, but it's how we've been calling them, since Amazon is what they're pretending to be.

This one is essentially the same as the previous ones. A link to a compromised site that wants you to give them your essential credit card information. It's not a high-end scam but it appears to be working or at least something thinks it's still worth trying.

The language of this one is a little off, but at least the grammar is correct. Scams are getting better though this one shows a weird lack of information. Amazon does not need just the last four digits of your credit card. They would need the whole thing.  Another is "Your card may decline." Credit cards are not living things. The language would be "Your card might be declined." BUT, if your card is declined, they tell you in the browser immediately. There is NO email. Credit card authorizations are nearly instantaneous. There is no delay that would ever necessitate an email. Tell this to everyone.

Here is what they sent:

Another dead giveaway is the From line is completely wrong and has nothing to do with Amazon.

And then there is the link which is pointing to a website that has been broken into and is hosting malware.