Talking about scams

Started by GrumpyOldMan, 03 November 2019, 05:39:23 AM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions

GrumpyOldMan

03 November 2019, 05:39:23 AM
Hello

Just a heads up on an email I received that to a casual glance  looks like it's from Phil Ireson from Pithead. But it's from a German IP address and the link is to somewhere in Spain. I've tried to contact Phil about this but his email is uncontactable. If you get an email like this delete immediately and on no account click the link.

Cheers

GrumpyOldMan

paulr

03 November 2019, 05:49:42 AM #1
Thanks Grumpy
Lord Lensman of Wellington
2018 Painting Competition - Runner-Up!
2022 Painting Competition - Runner-Up!
2023 Painting Competition - Runner-Up!

Norm

03 November 2019, 06:33:30 AM #2
Thank you. Increasingly these days I find myself not clicking on anything!

Techno

03 November 2019, 07:51:27 AM #3
Good heads up, Vic.

I had something similar a good few years ago, purporting to come from the then Wargames South.
There was nothing in the Subject line....Which was immediately 'fishy'.

It appeared that some lowlife had hacked Wargames South and was using his address book to send out poop.
I'd guess that something similar has happened here.

Cheers - Phil

John Cook

03 November 2019, 02:36:09 PM #4
Quote from: GrumpyOldMan on 03 November 2019, 05:39:23 AM
Hello

Just a heads up on an email I received that to a casual glance  looks like it's from Phil Ireson from Pithead. But it's from a German IP address and the link is to somewhere in Spain. I've tried to contact Phil about this but his email is uncontactable. If you get an email like this delete immediately and on no account click the link.

Cheers

GrumpyOldMan

Try Phil at pitheadmodels@gmail.com or Pithead Miniatures Facebook page.  He has closed his web site.

Leon

03 November 2019, 11:13:22 PM #5
Sometimes with these it's not a case of anyone being hacked, it's just the way the emails have been configured to look.  Anyone here can set up a brand new email address tomorrow and set your personal name info as 'Bobs' and 'Miniatures'.  The actual email address makes no difference, it could be dodgyscammer@punchmeintheface.com or any random string of letters/numbers.  When you email people with that new email account (depending on their email provider) the receiver will see an email from Bobs Miniatures and not the actual email address. 

We had it a few years back when Yahoo got breached.  People started receiving emails purporting to be from Pendraken Miniatures, but when you hovered or clicked on the sender to show the actual email address, it would be qwerty123@blahblah.com or some other nonsense, and not from us.  In our case, there was absolutely nothing we could do about it as the fault was with Yahoo and no one had actually hacked into our personal emails or website.
www.pendraken.co.uk - Now home to over 7000 products, including 4500 items for 10mm wargaming, plus MDF bases, Battlescale buildings, I-94 decals, Litko Gaming Aids, Militia Miniatures, Raiden Miniatures 1/285th aircraft, Red Vectors MDF products, Vallejo paints and much, much more!

John Cook

04 November 2019, 01:06:34 AM #6 Last Edit: 04 November 2019, 01:08:37 AM by John Cook
Quote from: Leon on 03 November 2019, 11:13:22 PM
Sometimes with these it's not a case of anyone being hacked, it's just the way the emails have been configured to look.  Anyone here can set up a brand new email address tomorrow and set your personal name info as 'Bobs' and 'Miniatures'.  The actual email address makes no difference, it could be dodgyscammer@punchmeintheface.com or any random string of letters/numbers.  When you email people with that new email account (depending on their email provider) the receiver will see an email from Bobs Miniatures and not the actual email address.  

We had it a few years back when Yahoo got breached.  People started receiving emails purporting to be from Pendraken Miniatures, but when you hovered or clicked on the sender to show the actual email address, it would be qwerty123@blahblah.com or some other nonsense, and not from us.  In our case, there was absolutely nothing we could do about it as the fault was with Yahoo and no one had actually hacked into our personal emails or website.

Leon,

I mentioned this thread to Phil Ireson.  He knows nothing about any alleged scam but says his email is working fine, as I can testify.  

Techno

04 November 2019, 07:47:15 AM #7
If it's not a hack...(and you all know how computer illiterate I am).....How do these wretches know where to send emails that 'might get a bite'.

Cheers - Phil.

(And I'm not clicking on the dodgyscammers 'site'....Just in case it exists.  ;) )

Lord Kermit of Birkenhead

04 November 2019, 09:24:17 AM #8
WEb crawlers Phil.
FOG IN CHANNEL - EUROPE CUT OFF
Lord Kermit of Birkenhead
Muppet of the year 2019, 2020 and 2021

Techno

04 November 2019, 12:39:58 PM #9
Thanks, Ian. :)

I'll have to look Web Crawlers up.

(Never heard of them.....No surprise there, then. :-[)

Cheers - Phil

Leon

04 November 2019, 02:01:45 PM #10
Quote from: Techno on 04 November 2019, 07:47:15 AM
How do these wretches know where to send emails that 'might get a bite'.

As I understand it from ours, when Yahoo was breached all of their data would be assembled into packets or batches of emails, linked by a common theme.  In our case they could look at the d.pengilley email, see it being used as the Pendraken business name, and then connect it to 1000+ other emails that we'd corresponded with (or had in our Contact list maybe?) 

The scammers would then buy that Pendraken 'batch', setup the dodgy email account and start spamming.  If you're not aware of what they're doing, all you'd see is an email from 'Pendraken Miniatures' telling you that I'd lost all my money and passport while on holiday and could you send me some money asap!
www.pendraken.co.uk - Now home to over 7000 products, including 4500 items for 10mm wargaming, plus MDF bases, Battlescale buildings, I-94 decals, Litko Gaming Aids, Militia Miniatures, Raiden Miniatures 1/285th aircraft, Red Vectors MDF products, Vallejo paints and much, much more!

Lord Kermit of Birkenhead

04 November 2019, 04:11:42 PM #11
You get one of those report it to the police.
FOG IN CHANNEL - EUROPE CUT OFF
Lord Kermit of Birkenhead
Muppet of the year 2019, 2020 and 2021

fred.

04 November 2019, 06:44:03 PM #12
Quote from: Techno on 04 November 2019, 07:47:15 AM
If it's not a hack...(and you all know how computer illiterate I am).....How do these wretches know where to send emails that 'might get a bite'.

Cheers - Phil.

(And I'm not clicking on the dodgyscammers 'site'....Just in case it exists.  ;) )

Some of it is shear volume. As sending emails is essentially free, you can just spam out loads of emails, some of them will mean something to some of the recipients.  This works well with banks, as lots of people have accounts at any given bank, and if you don't have an account with that bank you just dismiss it, but if you do have an account you have a worry that it's something that matters.

If they can link to something more, then they will get a higher hit rate. I don't recall the Yahoo one in particular but if they can essentially get an address book, then they know all the recipients have the same one core person in common.

In general the aim is to make it seem personal to you. But this is generally done by bulk sending and relying on the recipient drawing conclusions.

2011 Painting Competition - Winner!
2012 Painting Competition - 2 x Runner-Up
2016 Painting Competition - Runner-Up!
2017 Paint-Off - 3 x Winner!

My wife's creations: Jewellery and decorations with sparkle and shine at http://www.Etsy.com/uk/shop/ISCHIOCrafts

Lord Kermit of Birkenhead

05 November 2019, 07:46:28 AM #13
Fred - there used to be a limit to the number of mails you can could send in bulk posts, roughly 20 ?
FOG IN CHANNEL - EUROPE CUT OFF
Lord Kermit of Birkenhead
Muppet of the year 2019, 2020 and 2021

GrumpyOldMan

08 November 2019, 08:47:58 PM #14
Quote from: John Cook on 04 November 2019, 01:06:34 AM
Leon,

I mentioned this thread to Phil Ireson.  He knows nothing about any alleged scam but says his email is working fine, as I can testify.  

Hello

The email was prettied up to look like it came from his sky.com address. I'd suggest getting it closed down because something fishy is happening there, I got four messages in reply to my email like the one below before it eventually failed,:-

QuoteThis is an automatically generated Delivery Status Notification.

THIS IS A WARNING MESSAGE ONLY.

YOU DO NOT NEED TO RESEND YOUR MESSAGE.

Delivery to the following recipients has been delayed.

              <vanilla55@sky.com>

The reason for the problem:
4.3.2 - Not accepting messages at this time 421-'4.7.0 [TSS04]

If he's not using that email address, trash it or at least change the password.

Cheers

GrumpyOldMan
User actions
Print
Go Up Pages1 2