Interesting scam

Shaun @ Tru6 · 02-28-2020, 03:22 PM

Bought something on eBay and paid via paypal.

Confirmed through both sites purchase and payment went through. and got email confirmations as well.

Got this email very soon after purchase. I have not clicked on anything for fear it will do something, who knows what.

I'm guessing the Return to Merchant button will ask me to enter user and password giving them access to my paypal account.

But it knew I bought this thing on eBay.

RWebb · RWebb's Garage

Hmmm....

have you run a virus scan recently?

Shaun @ Tru6 · 02-28-2020, 03:27 PM

I have but I think I need to again. Have Avast on my Mac.

cabmandone · cabmandone's Garage

Wanna talk interesting scam? A friend sold a machine to a person in NY. He sends his wire instructions to the buyer. The buyer receives another email appearing to be from my friend with new wire instructions. Buyer sends money to new wire instructions without calling my friend to confirm. Buyer is now out money. How did they know about the wire instructions my friend sent?

cabmandone · cabmandone's Garage

FWIW Shaun, I don't think you have a virus on your system. I could be wrong but I don't think it's on your system.

masraum · 02-28-2020, 03:39 PM

I'm just thinking outloud here.

I think what you think (phishing scam) is right on. They wouldn't send you an email if they had their hooks in deep. They are trying to get the good info.

So, assuming the payment amount and any other specific details of the email are accurate, I'd assume that they have either 1) seen some of the details of the sale, maybe from the merchant's side or paypal (less likely to me) or 2) they have seen your email with confirmation (which I also think is less likely unless they have your email account user/pass info.

My guess is that they've got a small hook in at the vendor end that allows them to see superficial info about sales.

masraum · 02-28-2020, 03:42 PM

Quote:

Originally Posted by cabmando

Wanna talk interesting scam? A friend sold a machine to a person in NY. He sends his wire instructions to the buyer. The buyer receives another email appearing to be from my friend with new wire instructions. Buyer sends money to new wire instructions without calling my friend to confirm. Buyer is now out money. How did they know about the wire instructions my friend sent?

One of the 2 end points is compromised.

masraum · 02-28-2020, 03:42 PM

Quote:

Originally Posted by cabmando

FWIW Shaun, I don't think you have a virus on your system. I could be wrong but I don't think it's on your system.

I agree

cabmandone · cabmandone's Garage

Quote:

Originally Posted by masraum

One of the 2 end points is compromised.

I know he had his IT person do all sorts of work to make sure it wasn't on his end but the buyer lost the money. I heard today that the lady on Shark Tank had something similar happen. After my friend told me what happened I started calling buyers to let them know they'd only get one set of wire instructions and to call me to confirm prior to sending.

RWebb · RWebb's Garage

Quote:

Originally Posted by Shaun @ Tru6

I have but I think I need to again. Have Avast on my Mac.

an Apple Tech (the level 2 type, not the guys at Starbucks) told me that they use MalwareBytes - it's free (has a pay for more option)

so I got that on both macs that connect to the internet

RWebb · RWebb's Garage

Quote:

Originally Posted by masraum

I'm just thinking outloud here.

I think what you think (phishing scam) is right on. They wouldn't send you an email if they had their hooks in deep. They are trying to get the good info.

So, assuming the payment amount and any other specific details of the email are accurate, I'd assume that they have either 1) seen some of the details of the sale, maybe from the merchant's side or paypal (less likely to me) or 2) they have seen your email with confirmation (which I also think is less likely unless they have your email account user/pass info.

My guess is that they've got a small hook in at the vendor end that allows them to see superficial info about sales.

the vendor end seems most likely but a scan on his unit is the easiest thing to do

How would he address this to the vendor? If he sends an Email it can be seen...

JackDidley · JackDidley's Garage

Seems like they come up with a new scam every week. They keep coming with the old scams too. I got a email today about my multi million dollar inheiritance from someone I never heard of.

cabmandone · cabmandone's Garage

Quote:

Originally Posted by RWebb

an Apple Tech (the level 2 type, not the guys at Starbucks) told me that they use MalwareBytes - it's free (has a pay for more option)

so I got that on both macs that connect to the internet

I detected things with Kaspersky that Malwarebites never picked up.

cabmandone · cabmandone's Garage

Quote:

Originally Posted by RWebb

the vendor end seems most likely but a scan on his unit is the easiest thing to do

How would he address this to the vendor? If he sends an Email it can be seen...

Hey Shaun! You have to scan his unit!

masraum · 02-28-2020, 03:59 PM

Quote:

Originally Posted by cabmando

I know he had his IT person do all sorts of work to make sure it wasn't on his end but the buyer lost the money. I heard today that the lady on Shark Tank had something similar happen. After my friend told me what happened I started calling buyers to let them know they'd only get one set of wire instructions and to call me to confirm prior to sending.

I did a search for "second wire transfer instructions scam" (without the quotes) and the first 3 articles that I looked at said that this is common and means that one of the parties probably has compromised email from phishing.

To me it makes the most sense that the person that received the email with the instructions has a compromised account and when the crook saw that email come in, they then sent another very similar email really quickly with the new data. Of course, it could be the email account at the other end too. Either end would work. What would be smartest would be to have the business end hacked, but if you've got enough consumer ends hacked and just monitor them for certain keywords...

MRM · 02-28-2020, 04:00 PM

Quote:

Originally Posted by cabmando

Wanna talk interesting scam? A friend sold a machine to a person in NY. He sends his wire instructions to the buyer. The buyer receives another email appearing to be from my friend with new wire instructions. Buyer sends money to new wire instructions without calling my friend to confirm. Buyer is now out money. How did they know about the wire instructions my friend sent?

I don't fully understand the details, but this scam is well known in financial and legal circles. Our professional liability carrier has advised all lawyers to not send any payment information by email at all and to only operate by fax (faxes are too low tech for the contents to get compromised) and to follow up with an in-person or phone confirmation.

There is a way for scammers to get access to your Outlook account and plant a program there. Outlook is less secure than the rest of your system and a scan won't reveal anything because virus scans only look at the operating system. I don't recall how it is that they attach the program to your email. Anyway, the program allows them to see and send emails as though they were on your computer. The scammers target people who are likely to exchange money - finance and legal professionals, real estate agents, title companies, etc. When they see a transaction they swoop in and tell the buyer to send the money somewhere else and it looks like the message is from the seller.

Over Christmas I changed my Amazon account to deliver some packages to my mother in law's house because she was there to receive them and the packages would have sat on my door step for a while. Within an hour I received an email from "Amazon" saying I needed to log back in to confirm my change in shipping location and to use the conveniently provided link.

wildthing · 02-28-2020, 04:01 PM

Quote:

Originally Posted by cabmando

Wanna talk interesting scam? A friend sold a machine to a person in NY. He sends his wire instructions to the buyer. The buyer receives another email appearing to be from my friend with new wire instructions. Buyer sends money to new wire instructions without calling my friend to confirm. Buyer is now out money. How did they know about the wire instructions my friend sent?

Reminds me of wire fraud where the victims were local residents here - $780K. I don't know whose system compromised, the buyers' or the lender's... I think they were able to recover the money but not sure if the scammers were caught.

masraum · 02-28-2020, 04:02 PM

Quote:

Originally Posted by RWebb

the vendor end seems most likely but a scan on his unit is the easiest thing to do

How would he address this to the vendor? If he sends an Email it can be seen...

Yes, the vendor end is the most intelligent/lucrative, but if the crook has gotten the user and password for either end or for enough consumer ends, then it's like panning for gold. you go through a lot of silt, but you've only got to find a nugget every once in a while. And if you've got software setup to download emails and scan for keywords...

RWebb · RWebb's Garage

Does "your Outlook account" mean Outlook on the web? or Outlook running as a program on your computer?

Crowbob · 02-28-2020, 04:08 PM

"Over Christmas I changed my Amazon account to deliver some packages to my mother in law's house because she was there to receive them and the packages would have sat on my door step for a while. Within an hour I received an email from "Amazon" saying I needed to log back in to confirm my change in shipping location and to use the conveniently provided link."

That is sneeeeeky.