Targeted Phishing Attempt using Newark

RE: Targeted Phishing Attempt using Newark

Christopher678 — Fri, 21 Jul 2023 16:56:48 GMT

I wanna hear bout this to 👍🏾👍🏾👍🏾

RE: Targeted Phishing Attempt using Newark

cstanton — Fri, 21 Jul 2023 16:10:51 GMT

Thanks, I've passed this on.

RE: Targeted Phishing Attempt using Newark

colporteur — Fri, 21 Jul 2023 15:30:57 GMT

Done. I did a forward, Let me know if that is sufficient. I can also copy the header if that works.

RE: Targeted Phishing Attempt using Newark

ggabe — Fri, 21 Jul 2023 08:19:51 GMT

Maybe Newark should know about it. The fact that your email was out, and it’s not readily discoverable and shopping at Newark is not as obvious as on Amazon I can’t stop thinking about a data leak. Newark can also initiate a takedown of the site.

RE: Targeted Phishing Attempt using Newark

cstanton — Fri, 21 Jul 2023 08:14:38 GMT

Hi colporteur ,

Would you be able to save and forward me a copy of this email as it is, in tact with its details? (not simply copy its contents) That way I can forward it on internally for investigation and hopefully warn other customers.

RE: Targeted Phishing Attempt using Newark

colporteur — Thu, 20 Jul 2023 21:37:48 GMT

If I get an email that contains an attached invoice. I never open the files or click the links. I used the invoice number to check. If the number is from UPS, I search and find UPS site without assistance. If the post office I do the same. I then use the number to confirm if the item exists.

In this case I had been putting together a cart at Newark a few days before and thought maybe I might have hit purchase. Using my own known good links for Newark I went to the site and checked. Nothing!

What surprised me was the focus of the email. The details could get you to drop your guard. I was considering calling the phone number of sending an email but that might just be a ploy to legitimise a collection of emails they have. Hey this is a real email, someone called. I do enjoy screwing with the bast***s just the same.

RE: Targeted Phishing Attempt using Newark

baldengineer — Thu, 20 Jul 2023 19:06:01 GMT

Oh yeah! That actually makes sense.

Now, I could see how something like a (relatively) low invoice to a test equipment company could fly under the radar.

I completely forgot about toner scams. Fortunately, printer manufacturers have finally cut out the middle-man when it comes to those.

RE: Targeted Phishing Attempt using Newark

anniel747 — Thu, 20 Jul 2023 18:59:09 GMT

[deleted]

RE: Targeted Phishing Attempt using Newark

baldengineer — Thu, 20 Jul 2023 18:49:48 GMT

Interesting to hear about that! (And glad you caught it!)

I follow a couple of "scam baiters." They are people who call/email obvious scams to draw-out information about them.

An exceptionally popular scam right now is known as the "Refund Scam." A spam email goes out saying you have placed an order on Amazon or are due for a (anti-virus/tech support) service renewal. Both are fake, obviously. The scammer walks the victim through a remote desktop connection, has the victim log into their bank, hides the screen, and the scammer edits the HTML to appear too much money was transferred to the victim's account. (Then they either want the victim to get cash to take to a Bitcoin ATM or send them gift cards.)

A newer and more dangerous variation is the "Paypal Invoice" scam. Now scammers use PayPal (and Stripe) to generate "legitimate" invoices from compromised accounts. These invoices come FROM Paypal (or Stripe). BUT. The subject line and body of the invoice say to call a number if this was a mistake. (They're using Unicode characters to skirt around automated checks.)

So if any interaction starts to sound or look like that, hang up immediately.

I am surprised to see services like Newark (or TEquipment) being used similarly. They seem so niche compared to the more common Amazon, Microsoft, Geek Squad, and Paypal vectors scammers typically use.

But as colporteur says, you have to stay vigilant. Always, always, check the headers!