Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

zipplewrath

(16,692 posts)
Sat Apr 17, 2021, 04:24 PM Apr 2021

I think I've seen a new scam

Not sure what it is but both me and the spouse received vague "delivery notifications" needing additional information and asking us to click on a URL. I checked out one of the URL's and near as I can tell, it didn't even exist. What I can't figure out is what they hoped to accomplish? Was this some attempt to collect data from the cell phone?

15 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies

TheBlackAdder

(28,969 posts)
1. Spearphishing. Any unsolicited url links, especially if the sender info does not match documement.
Sat Apr 17, 2021, 04:30 PM
Apr 2021

.

If you open up the email payload and view the IP address of the source, open a DOS window and type in the nslookup xxx.xxx.xxx.xxx command, substitution the x's with the IP address. You'll find that around 70% of them are sourced from free or $1/mo Amazon AWS accounts.

Amazon is the #1 proliferator of spam emails.

The AWS apps that run, are started on virtual servers and will link to non-AWS URLs in the emails. If you do a whois on the domain names, most won't have their mandatory ICANN registry information filled out. You can report them to ICANN and if they don't add it in a month, that hostname will get taken down. AWS will also take them down, if reported. That requires you to sign up for an AWS account to report fraud. But if campaigns are taken down, they will pop up a few days later as another campaign.

Most of those addresses will be at one of those strip mall P.O. Box places. Get a bunch of them and report them to the PO Box company and they will pull their P.O. Box.

Hosting provider 1and1 is also the primary host for these domains too. While domain hosts say they can't control what their domain holders do, send a few of those emails to them and they will yank that client. Funny thing is... no one wants to be associated with scammers.


Save off all your scam emails, log the source IP, the hostname of it, the target URL and see if there is a commonality. Once you compile a bunch, go to AWS, go to the domain host, report them to ICANN and contact their post office provider. I've taken quite a few offline for long periods by hitting them on all fronts.

.

MerryHolidays

(7,715 posts)
5. Do you have an advice on how to avoid being phished?
Sat Apr 17, 2021, 04:39 PM
Apr 2021

I am usually totally averse to clicking on any link UNLESS I know or am aware of the email author AND the link or the request being made by author makes sense. Otherwise, I send the questionable email to our IT department for a final ruling.

I had also heard that even PREVIEWING an email, depending on your email client, can be dangerous without even clicking on links. Is that true? If that's the case, that's completely debilitating, since I get 100s of emails a day at the office, and easily in the high double digits personally each day. There is no way I could process things unless I used the preview function to make a threshold determination of whether the email was relevant or not.

Any advice on this would be great!

TheBlackAdder

(28,969 posts)
6. Nope. Once your name is out there, even if you block/don't reply to them, they are traded online.
Sat Apr 17, 2021, 04:50 PM
Apr 2021

.

Just like telemarketers.

I now answer telemarketing calls and waste their time. Certain ones from India have similar messages or hold scripts and I'll press 0 or 1 to get a live operator and then play Hindi music. Even if I waste 15 seconds of their time, that cuts into their human call resources and by doing that, after a few months the rate of spam calls dropped by about 80%.

Instead of being pissed, I make it into a sport to see if I can piss them off.

I'll sometimes bait the Hilton or cruise line spam calls and keep them talking for 10 minutes asking about their program, just to say that I loved wasting their time, ans will continue to do so each time they call -- poof, no more calls from them..

.

MerryHolidays

(7,715 posts)
8. TBA, your earlier advice is great! I will start doing this
Sat Apr 17, 2021, 04:52 PM
Apr 2021

However, I still have a question: can merely previewing an email without clicking any links result in a phish?

TheBlackAdder

(28,969 posts)
12. No, your email viewer has an option that allows you to view the email source.
Sat Apr 17, 2021, 05:16 PM
Apr 2021

Last edited Sat Apr 17, 2021, 08:05 PM - Edit history (1)

.

That is strictly a text viewer. It will have a pile of stuff in it, but once you figure out the pattern, you'll be able to grab them in a few seconds.


Embedded in there will be something like this:
Authentication-Results: spf=softfail (sender IP is 212.64.220.150)
smtp.mailfrom=inbox.foxnews.com; hotmail.com; dkim=none (message not signed)
header.d=none;hotmail.com; dmarc=none action=none
header.from=ballaratfitness.com;compauth=fail reason=001
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning
inbox.foxnews.com discourages use of 212.64.220.150 as permitted sender)


DOS Window:
PS C:WINDOWSsystem32> nslookup 212.64.220.150
Server: 83a680f2afb6
Address: 10.0.0.243

Name: roles.reposefully.com
Address: 212.64.220.150





PS C:WINDOWSsystem32> nslookup reposefully.com
Server: 83a680f2afb6
Address: 10.0.0.243

Non-authoritative answer:
Name: reposefully.com
Address: 212.64.220.146




WHOIS Lookup: https://www.whois.com/whois
https://www.whois.com/whois/reposefully.com

Now this one has the typical GMAIL email account and is using NameCheap as a Registrar. There is a reporting ability at all Registrars. But it is best to wait and compile a bunch of them that are from the same person and then they will nuke the guy's account.

The address looks to be a web developer's address: 5660 Strand Court,,# A8,Naples,FL,34110


If they are missing Registration contact information: https://www.icann.org/compliance/complaint
Rat out each domain name that isn't properly filled out.

.

MerryHolidays

(7,715 posts)
11. I truly despise it when someone says "Google is your friend"
Sat Apr 17, 2021, 04:58 PM
Apr 2021

implying that I am too lazy to look it up for myself. My problem with the "Google is your friend" is the basic problem with the internet: there is so much useful information readily available, but there is equally a lot of shite available too.

Anyways, Google was my friend right now, and this seems to be a pretty good answer to my question: https://www.howtogeek.com/413435/is-it-safe-to-preview-your-email/

sheshe2

(87,879 posts)
2. I got one as well.
Sat Apr 17, 2021, 04:31 PM
Apr 2021

I seldom order anything on my own as my sister has prime.

I did not click the link and instead I looked up USPS. Then entered the "supposed" tracking number. Usps said it didn't exist.

Yep, some sort of scam.

TwilightZone

(28,834 posts)
3. They're not new.
Sat Apr 17, 2021, 04:34 PM
Apr 2021

They've been around for years and they're trying to obtain personal information, logins, and so on.

Here's a good summary with links to examples, etc.

https://www.fcc.gov/how-identify-and-avoid-package-delivery-scams

PoindexterOglethorpe

(26,773 posts)
7. I don't do a lot of on line ordering, and as it happens I've never gotten
Sat Apr 17, 2021, 04:51 PM
Apr 2021

one of these emails. I'm always going to be aware of what I've ordered.

I do keep on getting the stupid phone call about some kind of high amount something I've ordered with Amazon. As soon as I realize that's what it is, I just hang up.

doc03

(36,818 posts)
9. I got an email a couple weeks ago saying my
Sat Apr 17, 2021, 04:53 PM
Apr 2021

Amazon account was hacked and I was locked out. They had a link to reset my account. Instead I signed in to my Amazon account with no problem. I keep getting emails saying my Norton anti virus has expired, don't have Norton.

padfun

(1,857 posts)
10. That link probably installed a virus.
Sat Apr 17, 2021, 04:53 PM
Apr 2021

You should do a thourogh cleaning.

Never click an unknown link.

zipplewrath

(16,692 posts)
13. It was a text
Sat Apr 17, 2021, 05:22 PM
Apr 2021

I wasn't clear about that. Neither of us clicked on anything. I looked up on a laptop to try and trace either the phone # or the URL. It just seems odd with all of the different operating systems in cell phones.

Delmette2.0

(4,264 posts)
15. I have received two of those text messages.
Sat Apr 17, 2021, 06:09 PM
Apr 2021

The first one read "Dear (first name; last name). Yada, yada yada. I deleted it without opening it.

The second one said it was from USPS. Is there a place to report this within the postal service? Is it a crime to say you are the USPS when you are not?

Latest Discussions»Help & Search»Computer Help and Support»I think I've seen a new s...