I want to start a new thing to help awareness of security and phishing.
See the email attached to this post. Let’s dig in…
How to spot a fame sender
- Paypal has there own domain. Why would they use Gmail?
- Nice email logo, but they are doing a little too much, and it’s low-resolution.
- My email was in the bcc section of the email delivery header. Why is PayPal sending me a BCC when it’s to me. NOTE multiple addresses can be in a BCC, and only the person BCCd can see their email
- down to the actual email
- “Hello!” Facebook is happy to see me!
- They seem to be missing my username or actual name; to me, it’s DAVE! Or Chris or Dear sir or Madam, lol.
- Our organization, hold on a minute, I thought I was talking to PayPal.
- Hmm, maybe this is legit. What did I buy…. oh wait, got it!
- So to the naked eye, in the email, the number looks crazy with spaces, but this is what they did “1ia888di984hj3731” where am I calling Hell?
So the game plan for this type of email is to get the user to call and say I did not make this purchase. Once the victim calls the Product/Service that was purchased, they proceed to offer you a refund. Dang, that’s nice, a refund for something you did not buy. The refund scam will take you on a wild ride of either filling out a google form, then the story goes on, but at that point, the fraud can take many twists and turns.
So, in conclusion, being careful what you open and respond to the email seems like a no-brainer for some, but many people fall for this type of email and lose lots of money.
