Friggin' Email Scams Designed to steal your login info

[CardsFan]

We've all dealt with these scam emails, but in the last 2 weeks it's increased dramatically for me.

For those who get them, do NOT click the links to log in to your account. They will say something like they have not received your payment, and use logos of those companies and buttons that look similar to those companies ACTUAL web sites. DO NOT click anything in these emails.

You can easily tell by moving your mouse over the links or "Login" buttons in these scam emails. DO NOT CLICK THEM, but just place your mouse over them. Then look at the section of your browser that shows the domain that the link/button/etc. is going to take you to. If it's some obscure domain name in the link/button, chances are good it's some a-hole trying to steal your login info.

I would do this for ANY email you get that has links or buttons, legit looking or not.

 

[CardsFan]

look at the sender's email addy...usually some poor slob who got phished.

Good point Control for Smilers, but I would not even trust the email address/domain of the sender. Someone could have stolen legit email address logins somehow and is using some poor unsuspecting bastage to send mass emails.

Instead, hover over links and buttons in that email, and look at the domain of where the link/button is going to redirect to.

 

[LARGO9]

Iv'e be getting about 6 of those a week

 

[CardsFan]

OK

almost always. only REALLY good I have gotten lately was a venmo phishing email...that looked ****ing legit.

SOOOO...I logged into venmo...nothing doing. like you said...NEVER CLICK ON EMAIL LINKS!!!! manually go to the website and login...

Here're my thing. Google Chrome is pretty good at generating passwords for new site's you log in to. I'm old, and there's no way I'm going to keep track of every login ID and password I ever keep track of on a "per URL instance", because I let it generate a secure password for me. I got over that a long time ago.

If I can log into Windows, and navigate to Chrome and log in, (entering in my password for them, and my individual Windows PC), I can find a password for any site I visit. I let it generate a random, secure password.

It's fairly secure so far. If a tech visits my locations to fix and repair my internet related connections, I temporarily hide it somewhere they will never find my Windows password without me shooting them with a chitload of .45.

So far I have not had an instance where I had to implement that security concern.

It's kind of a pain in the arse, but maybe 10 years from now I will have to rethink that strategy. So far, i have not been hacked by any f'ing M.F.er in the world.

As tech advances, I ain't trusting that this is the ultimate solution though
.

 

[BHPSteel]

 

[CardsFan]

agree. big thing is what you said. don't click on **** in emails. ever.

Yep, bottom line. Unless you have certified them as valid. And that's still a risk to some degree.

 

[CardsFan]

man in the middle...

Yes sir!. To take this even further, save valid URLs' to site the sites you visit in your favorites, then go to those sites.

Excellent point, Control for Smilers. And update them every once and a while if needed.

 

[BHPSteel]

like UPS tracking **** is fine. don't have to login...

Since we're on the subject, I find this more convenient.

Universal Parcel Tracking - Global Package Tracking

Parcel Tracking Worldwide. Track Parcel in USA. Global postal tracking from eBay, AliExpress, ASOS, Shein, Amazon. Tracking packages from China, UK, Germany

parcelsapp.com

Free, and no authentication needed. Works for lots of carriers.

 

[CardsFan]

key logger

I'm no security expert, but a keylogger (or man in the middle) app would prolly mean you f'ed up so much you let a service or app be installed on your computer to relay that info to a hacker.

I 'm no security or HTTP/S security expert, but can keyloggers read keystrokes over an open HTTP/S channel without installing an app on your PC first?

That's a question for Server Ops guys. I was an at the application level. The Server Ops guys would inform developers if there was a hole somewhere.

However, if it requires a keyloger app be installed, I would think Windows would notify you that an app is about to be installed, in which case I reject unless I was specifically installing that app myself, or through an HTTPS site that I had already confirmed a software install is about to be made and I fully Trusted the site.

If there's a way to pull all keyboard entries made before an https request was actually initiated on a per page basis by clicking a button or hitting "Enter", I dunno for sure. That is an interesting question. My understanding that HTTP/HTTPS would only send what was "officially" typed in at the time, for each control (text box, checkbox, etc,) and sent to the server. I could be wrong!

 

[Spikey]

I’ve gotten 6 requests for payment , invoices , on my PayPal account this week . One was for over $1,900 ! I just trash them and move on . REALLY authentic looking also !