• Due to ongoing issues caused by Search, it has been temporarily disabled
  • Please excuse the mess, we're moving the furniture and restructuring the forum categories
  • You may need to edit your signatures.

    When we moved to Xenfora some of the signature options didn't come over. In the old software signatures were limited by a character limit, on Xenfora there are more options and there is a character number and number of lines limit. I've set maximum number of lines to 4 and unlimited characters.

How I got phished.

Fast Eddie B

Philosopher
Joined
Sep 27, 2010
Messages
8,136
Location
Lenoir City, TN/Mineral Bluff, GA
Part 1

As backstory, last week my Linksys RE6400 repeater had gone offline. It’s happened a couple of times in the past for no apparent reason, but was fairly easy to get set up again. Last Wed afternoon I got around to dealing with it.

I Googled “Linksys RE6400 Setup” and clicked on one of the links provided. it took me to this screen:

53724227540_ee45de5cf9_z.jpg


I clicked on “SET UP AS AN EXTENDER” and I got a page saying it couldn’t be found. I tried unplugging it and plugging it back in to no avail. I pushed the “RESET” button with a paperclip and still nothing.

The page I had been sent to had a chat option. I tried that but it seemed to hang up after one back-and-forth. So I called…

I got a gentleman with an Indian or Pakistani accent. He asked me what I had tried, and what the unit’s light was doing. I told him and he asked how many devices were on our home network, whether I sometimes used public wifi, if guests to our home were ever given our network password, that sort of thing. He suggested he could troubleshoot if I could give him screen access. I said sure, he sent me an app and a session number and got control of my screen. He asked me to unplug my second monitor and closed all the open Safari windows (I was on my Mac) and opened Terminal. He scrolled down lines of code and showed me code that suggested almost 60 users had access to my network, and that was likely overloading the repeater, and that he could fix it. Again, I said OK, and he said he was going to send it over to a network engineer to work on a solution. He then said “Why don’t you have a cup of coffee and relax while we work on this”.

Maybe something in the way he said that almost immediately set off my Spidey Sense, and I just got a sick feeling something wasn’t right. I hung up and shut down my computer and took a few moments to calm down and analyze what might have happened. I wasn’t 100% sure the exchange wasn’t kosher, but I had my doubts.

Part 2 to follow…
 
Part 2


I went through my Safari history and found the bait:

53723790111_2572468823_z.jpg


Note the “q” in Linqsys in the “Sponsored” link. I was never talking to a Linksys rep at all.

I Googled the phone number I had called and it same back to a tech company in Delaware. I called and was about to tear into them about sleazy business practices. The fellow there said they were a legitimate service, but someone had obviously spoofed their phone number and it wasn’t the first time it had happened. He said for sure to change my important passwords. He suggested an anti-virus program of some sort, but said in general Macs were pretty hard to crack and it was probably OK as long as I caught it in time. He said the next step was probably them asking for money.

I deleted the screen sharing app and called my son-in-law who works in IT. He came over and took a look. We launched the Terminal app, but he said the code was just a bit beyond him. We copied/pasted the code and sent it to a co-worker who was more familiar with Macs and the terminal. He called back and said he couldn’t find any suspicious code. So, for now we’ve just changed all our important passwords, including our network password, and checking our accounts for suspicious activity. So far, so good, and lesson learned.

I posted this both as a mea culpa, and as a warning to others.

On the one hand, at 74 I’m part of a target demographic for this sort of thing.

On the other hand, I’ve successfully navigated these shark infested waters since soon after 1985 when my first Mac went online. A few close calls, but I guess I got complacent over time.

As an aside, I got a voicemail from California saying we apparently got cut off, and to call back to continue our session. Yeah, right!
 
Ooh, that's sneaky. I had a similar experience when I fat-fingered a call to my credit card company and got a phone-typo phishing operation. Similar experience of 'confirming' a little bit of info and then pinging that something was fishy. Hung up and called my real CC company, who helped me report the card as stolen and update the security stuff.

My dad gets people on Facebook that spoof inactive friends (oh I have a friend request from Name, I must have unfriended them by mistake!) and then try to hard-sell you straight up 'send us money to get more money' scams over facebook messenger.
 
I have come close a couple times. I used to work computer support and am fairly tech-savvy. But those scammers are getting better and it's much easier to miss a warning flag nowadays.
 
I guess I got to experience first hand the "con" in "confidence game". I had initiated the call to what I thought was Linksys, and was confident we were working together to solve a problem. I'm just glad I caught on when I did.

As a very sad example of how far things like this can go, the NY Times podcast "The Daily" had a recent episode where a family got bilked out of an insane amount of money on a timeshare scam:

https://www.nytimes.com/2024/04/12/podcasts/the-daily/scam-cartel-timeshare.html

It's a hard listen/read, but worth the time I think.
 
Thanks for sharing, it's always good to aware of new exploits.

My mum got caught a couple of times by the 'Microsoft support' scam. It was made easier by the fact that she had ongoing problems with her internet connection and was having to deal with BT online support in India a lot, so the scammers sounded much like the people she was already dealing with. She didn't lose anything significant, thankfully, just a couple of payments for software she didn't need. I and a couple of my nephews helped clean up after them.
 
There's a lot of this sort of thing going around. Apparently if you Google for phone number of BigTechName you'll get results that give you a number that is that of a scammer, not the support service you actually want to call.

The other one (as you note) is a slightly misspelled popular domain (chaisebank not chasebank). When you go there, you connected to a scammer site.

There is a need for better management of domain names by ICANN (the international group that controls registration) and the registars of the domain names to the control the authenticity of spoof-like names.

Google and other search engines should do a better job of identifying and blocking spoofing sites.

It's a jungle out there. :(
 
Part 2


I went through my Safari history and found the bait:

[qimg]https://live.staticflickr.com/65535/53723790111_2572468823_z.jpg[/qimg]

Note the “q” in Linqsys in the “Sponsored” link. I was never talking to a Linksys rep at all.

I Googled the phone number I had called and it same back to a tech company in Delaware. I called and was about to tear into them about sleazy business practices. The fellow there said they were a legitimate service, but someone had obviously spoofed their phone number and it wasn’t the first time it had happened. He said for sure to change my important passwords. He suggested an anti-virus program of some sort, but said in general Macs were pretty hard to crack and it was probably OK as long as I caught it in time. He said the next step was probably them asking for money.

I deleted the screen sharing app and called my son-in-law who works in IT. He came over and took a look. We launched the Terminal app, but he said the code was just a bit beyond him. We copied/pasted the code and sent it to a co-worker who was more familiar with Macs and the terminal. He called back and said he couldn’t find any suspicious code. So, for now we’ve just changed all our important passwords, including our network password, and checking our accounts for suspicious activity. So far, so good, and lesson learned.

I posted this both as a mea culpa, and as a warning to others.

On the one hand, at 74 I’m part of a target demographic for this sort of thing.

On the other hand, I’ve successfully navigated these shark infested waters since soon after 1985 when my first Mac went online. A few close calls, but I guess I got complacent over time.

As an aside, I got a voicemail from California saying we apparently got cut off, and to call back to continue our session. Yeah, right!


thanks for sharing.

the existence of the page/hotline suggests that this si something that happens to many users.
 
There's a lot of this sort of thing going around. Apparently if you Google for phone number of BigTechName you'll get results that give you a number that is that of a scammer, not the support service you actually want to call.

The other one (as you note) is a slightly misspelled popular domain (chaisebank not chasebank). When you go there, you connected to a scammer site.

An even more subtle one is using substitute characters, such as the lower case Greek alpha, 'α', instead of a regular 'a',in URLs.
 
Last edited:
I will say that nowadays hearing an Indian accent is much less of a red flag than it probably should be. Now, a Russian accent, on the other hand...
 
Google benefits by having scammers pay to be “sponsored”, so they’re disincentivized to clamp down on this behavior. Making them complicit. Best to just be highly suspicious of any and all sponsored sites.

I just found it safer to never click on "Sponsored" links, then I found out that an Ad Blocker stops them (Currently using uBlock Origin) so I did that as well.
 
My mom had something similar happen. She noticed she was getting doublecharged for a service so she called. The kid on the phone with her advise dhe called the service doing the cvharging and Googled the number for her. It looks like he made pretty much the same mistake you did because he gave her thew number to one of those scammy call centers.

The person she calls tells her he sees lots of "illegal acticvity coming from her IP address" and that she must have been hacked. He has her call this other place to run a ful lscan and anti virus blah blah blah insert scary computer words here. This other scumbag has her set up a GoToMyPC session so he could remote in. He just opens commmand line and runs repeating commands like ping /t so there's a lot of activity on the screen and has her scan a check to him for like $1500.

During all this, she is freaking out, of course. Fortuenately, my wife and I were living with her at the time while we waited to close on our own house.My wife calls me and says my mom is blaming me for whatever is happening because...I'm family IT guy. Anyway, I ge thome about 5 mintues after she scanned the check, I notice he put some other files on her PC. I look over the spelling error riddled invoice he emailed her and Lost. My. ****. I have her cancel the check (I probably could have asked her more nicely to do that) and killed the remote session and started running my own AV scan and removed anything he had put there. While I am doing that, he calls back.

I'm not a "yell at the customer service person" type, but I was still heated and they were tyring to scam my mom. Anywho, I made this gentleman aware that we were not interested in his service and that he would do well not to attempt any further contact.

Turns out the double charge was simply my dad, who had passed away a few months earlier, and herself had signed up for the the same service without realizing it. Lesson learned for the price of the check canceling fee.

But she still blames me for it.
 
Several months ago, I almost got taken in by a phone scam. Someone with an Indian accent called, and said, "This is your television provider. You need a software update."

I replied, "What company do you work for?" and he replied with the name of my satellite provider. This was enough to throw me off guard, as very often, a scammer will hang up when you when you ask this sort of question that they should have no problem answering if they are legit. But he happened to guess right. He then proceeded walk me through giving him an ID number off the satellite converter (I don't think there's anything nefarious they could actually do with that), and some other nonsense. It wasn't until he told me that the update would cost $300 that I realized it was a scam. Actually my initial reaction was anger at my actual satellite provider, and a determination to switch, but it dawned on me there was no way in hell they would charge me to update their own software. My suspicions were confirmed when I aked if he could just put it on my bill and he said, "No, this is separate." When I told the scammer to go to hell he said, "You will lose all your channels.", but of course I didn't.
 
Last edited:
My mom had something similar happen. She noticed she was getting doublecharged for a service so she called. The kid on the phone with her advise dhe called the service doing the cvharging and Googled the number for her. It looks like he made pretty much the same mistake you did because he gave her thew number to one of those scammy call centers.

The person she calls tells her he sees lots of "illegal acticvity coming from her IP address" and that she must have been hacked. He has her call this other place to run a ful lscan and anti virus blah blah blah insert scary computer words here. This other scumbag has her set up a GoToMyPC session so he could remote in. He just opens commmand line and runs repeating commands like ping /t so there's a lot of activity on the screen and has her scan a check to him for like $1500.

During all this, she is freaking out, of course. Fortuenately, my wife and I were living with her at the time while we waited to close on our own house.My wife calls me and says my mom is blaming me for whatever is happening because...I'm family IT guy. Anyway, I ge thome about 5 mintues after she scanned the check, I notice he put some other files on her PC. I look over the spelling error riddled invoice he emailed her and Lost. My. ****. I have her cancel the check (I probably could have asked her more nicely to do that) and killed the remote session and started running my own AV scan and removed anything he had put there. While I am doing that, he calls back.

I'm not a "yell at the customer service person" type, but I was still heated and they were tyring to scam my mom. Anywho, I made this gentleman aware that we were not interested in his service and that he would do well not to attempt any further contact.

Turns out the double charge was simply my dad, who had passed away a few months earlier, and herself had signed up for the the same service without realizing it. Lesson learned for the price of the check canceling fee.

But she still blames me for it.
I normally try to be polite to customer service people. Even if they are screwing you over, they are probably just doing what their employer requires them to do, and are not personally responsible. Besides, yelling or swearing at them is not likely to help the situation in any case.

But that assumes I am dealing with a legitimate business. Scammers are fair game. I have no reservations about yelling, swearing, or speculating about what they do with their siblings or farm animals.
 
I just found it safer to never click on "Sponsored" links, then I found out that an Ad Blocker stops them (Currently using uBlock Origin) so I did that as well.

I've suggested this a few times, but if anyone is even the least bit savvy with computers they should think about spinning up a pi-hole. It's free (I donate about $100\yr but there is no requirement to) and it blocks ads for anyone on your network. No add-ons for web browsers, no app installation, or anything like that. You can run it on pretty much anything that's always on since it acts as your DNS server. It's saved me untold amounts of money due to having a 5 year old with a tablet and a cell phone that loves to click on everything.

The pi-hole blocks the sponsored links, and there are a bunch of people that maintain ad-block lists that you can just add quick to the system. I have mine running on a virtual machine, but I used to just have it running on a raspberry pi that I mounted next to my modem. There are a bunch of options on it as well (DHCP, whitelisting, etc.). It's a great little option to have.
 
Do you just live without sites that inform you " I see that you are running an add blocker-Blah, Blah , Blah.. You will have to disable it to access the content of our pages, etc." ? I ran into that a lot when tried to use a well reputed add blocker. It was more annoying than the adds.
 
Do you just live without sites that inform you " I see that you are running an add blocker-Blah, Blah , Blah.. You will have to disable it to access the content of our pages, etc." ? I ran into that a lot when tried to use a well reputed add blocker. It was more annoying than the adds.
If they're going to force me to waste my time so they can make money from it, that's not a company I want to do business with.

It's very rare that I've seen that, I can't remember the last time, things have been ok for a long time.
 
Do you just live without sites that inform you " I see that you are running an add blocker-Blah, Blah , Blah.. You will have to disable it to access the content of our pages, etc." ? I ran into that a lot when tried to use a well reputed add blocker. It was more annoying than the adds.
Most blockers will have some sort of select tool, Ublock Origin calls it Element Zapper, that can remove the box and the page overlay that often makes it uninteractable.
If it's a mostly text site, or should be mostly text, try Reader Mode as that'll strip a lot of chaff away
 
Do you just live without sites that inform you " I see that you are running an add blocker-Blah, Blah , Blah.. You will have to disable it to access the content of our pages, etc." ? I ran into that a lot when tried to use a well reputed add blocker. It was more annoying than the adds.
For the Pi-Hole if there's something I want to see that it's blocking I'll just shut off my wi-fi, and then reconnect after (or not, I have unlimited data). If I interact with it enough I'll just whitelist it and not worry about it again. I rarely do that though. I'll usually just find another site and use that.
 
Most blockers will have some sort of select tool, Ublock Origin calls it Element Zapper, that can remove the box and the page overlay that often makes it uninteractable.
If it's a mostly text site, or should be mostly text, try Reader Mode as that'll strip a lot of chaff away
I've tried a number of add blockers in Firefox over the years and Ublock Origin works the best for me. Recommended!
 
Fair enough..

I just found the ad blocker to be more annoying than the ads, which are usually easy to ignore.
Hmmm

When I first installed an ad blocker, I found my browsing experience just speeded up sp much. My internet connection wasn't particularly fast and the ads ate into the bandwidth. Some ad providers are also less than scrupulous about vetting the ads they provide and so you can sometimes get malware delivered through them.

If a web site insists I turn off the ad blocker, I either respect their wish not to let me see their site without paying by allowing ads and go somewhere else, or, if I really really do want to see their content, I'll white list the site.
 
Hmmm

When I first installed an ad blocker, I found my browsing experience just speeded up sp much. My internet connection wasn't particularly fast and the ads ate into the bandwidth. Some ad providers are also less than scrupulous about vetting the ads they provide and so you can sometimes get malware delivered through them.

If a web site insists I turn off the ad blocker, I either respect their wish not to let me see their site without paying by allowing ads and go somewhere else, or, if I really really do want to see their content, I'll white list the site.

That's my practice more or less. I will try white listing the site, and if what ads they have are not too obtrusive, I'll leave it that way. But if I start getting pop up videos and ads that interrupt my reading, back on the block list they go.
 
Back
Top Bottom