Hacking scam warning : Amazon

Computers, Internet & Broadband, IT issues, Phones & Mobiles and televisions.
Leclairon
Posts: 118
Joined: Tue Jun 26, 2018 5:41 pm
Been thanked: 7 times

Hacking scam warning : Amazon

Post by Leclairon »

Hi
This might be well known - but it wasn't to us.

First email:
Comes from a friend's known 'genuine' address, and says 'can you let me know if you receive this as I would like you to do something for me'.
It is signed off with his usual name.

If you open that one, then the second details a problem he is having trying to send an Amazon E-voucher to a friend whose birthday it is but the bank and Amazon have confused the account. 'Could you send the £100 voucher and I will reimburse you as soon as the bank has sorted it out with Amazon'.
(in 'pounds' was a clue)

Immediately, of course, you delete the second one, but you have already been hacked by opening the first one, or that's how it seems to happen.
It was very convincing as the name, address, language and sign-off, were all completely normal.

Fortunately, most people rang us from all over the world, to find out what he wanted!

User avatar
mysty
Posts: 10653
Joined: Wed Feb 28, 2018 2:38 pm
Location: dep18 and 23
Has thanked: 865 times
Been thanked: 1418 times

Re: Hacking scam warning : Amazon

Post by mysty »

Although I do not use Amazon it's like open season for scams.
All getting more sophisticated.
No more of the 100million waiting to be collected from some poor Nigerian you have never heard of.
mysty1 the new up to date user friendly version for an enhanced user experience

Le Démerdeur
Posts: 8281
Joined: Thu Mar 01, 2018 11:22 pm
Location: Picardie and occasionally Sussex
Has thanked: 1353 times
Been thanked: 1159 times

Re: Hacking scam warning : Amazon

Post by Le Démerdeur »

So to be clear LeClairon, you think that you opened an e-mail purporting to be from a friend and did not click on any links, that was enough for your computer to be hacked and either E-mails sent from it to your contacts or your contacts list stolen, is that correct?

If so that is scary, I regularly get E-mails supposedly from 5 of my contacts including a niece which usually contain nothing but a message to click on a link, which of course I dont, hovering over the senders address reveals it is never them.

The common factor is that they were all hacked probably 10 years ago when they had teenage children using/sharing their computers.

I ignore them now, if my niece ever does get in a situation where she needs help she will be on her own!

A recent development is that dodgy looking e-mails are appearing in my inbox with the header name of well known instutions etc, OK I know anyone can do that but the only message allowed into my inbox are those from my saved trusted contacts which none of these have been, hovering over the senders address it appears to have come from my own E-mail address, I know that it hasn't but it presents itself as being so, I have my own E-mail addresses as saved trusted contacts as sometimes I have to send myself a test message or modify something previously saved.

Le Démerdeur
Posts: 8281
Joined: Thu Mar 01, 2018 11:22 pm
Location: Picardie and occasionally Sussex
Has thanked: 1353 times
Been thanked: 1159 times

Re: Hacking scam warning : Amazon

Post by Le Démerdeur »

Today I got my first reservation scam E-mail since the lockdown, some people will be desperate and fall for them.

User avatar
Flaneur
Posts: 1737
Joined: Sat Mar 03, 2018 2:37 pm
Location: Hope
Has thanked: 1173 times
Been thanked: 553 times

Re: Hacking scam warning : Amazon

Post by Flaneur »

Are you sure you didn't click on a link in the email, LeClairon? That's how most of my friends seem to get caught, including (in one case) an accountant.
Same old nonsense.

Le Démerdeur
Posts: 8281
Joined: Thu Mar 01, 2018 11:22 pm
Location: Picardie and occasionally Sussex
Has thanked: 1353 times
Been thanked: 1159 times

Re: Hacking scam warning : Amazon

Post by Le Démerdeur »

My first ever trojan E-mail coming from the hacked computer of one of my then very few E-mail contacts way back when in the last century was a supposed greeting card from my accountant, he of all people should have known better.

Even in those naive days of innocense I had more sense than to open it which is more than can be said of him.

Le Démerdeur
Posts: 8281
Joined: Thu Mar 01, 2018 11:22 pm
Location: Picardie and occasionally Sussex
Has thanked: 1353 times
Been thanked: 1159 times

Re: Hacking scam warning : Amazon

Post by Le Démerdeur »

Reading the OP again he speaks of "opening the second one" which by the sound of it was a link contained within the E-mail.

I am doing business with the nearby aéroport, the Directeur phoned me initially then I dealt with a staff member, I provided accomodation for 2 service engineers during the lockdown. Then last week another staff member called me with a similar request but for several months, we corresponded by e-mail and I gave her the quote, several hours later an E-mail came from the Directeurs E-mail address and I'm fairly sure it has come from his computer if not him personally, the header in English already started alarm bells ringing:

L******** ****T is inviting you to collaborate on Facture_n°FA

And the content looks like he is sharing a file with me, that message is in English but its a standard Microsoft cloud document sharing thing, as much as I want the business and hope that its a purchase order no way am I opening it and if it is genuine I am not impressed to be doing business with someone who communicates by just copying a file to me without any message, we have met before and know each other.

Leclairon
Posts: 118
Joined: Tue Jun 26, 2018 5:41 pm
Been thanked: 7 times

Re: Hacking scam warning : Amazon

Post by Leclairon »

Hi
There was no 'link' as such. He opened the first one, a normal email, after which the second one automatically arrived.
Although he deleted the second one, I think it was too late because he had already opened it and it was then that it seemed to send the same messages to everyone in his address book.

What was so difficult to understand was the actual email address of his 'friend' who sent it, was correct, as was his 'sign-off' name.
We wondered what would have happened if he had just been sending a normal email to his real friend at that address, which was why he thought he had better change his own email address.
It gets so complicated trying to be on your guard all the time and we thought we were quite alert to odd things.

User avatar
Flaneur
Posts: 1737
Joined: Sat Mar 03, 2018 2:37 pm
Location: Hope
Has thanked: 1173 times
Been thanked: 553 times

Re: Hacking scam warning : Amazon

Post by Flaneur »

I imagine you have your browser set to Display Images (which is the default). What happens is that when you open the first email, your software fetches the image in the email (which may be almost invisible) from somewhere, and this process lets the sender of the dodgy email know that your email address is a valid address and that you have opened the first email. So the second email is sent.

This was kind of clear from the first email - why would your friend want confirmation of receipt from a friend?

What would be unusual is that you didn't click on anything in either email, yet material was sent from your email address. But I notice that you're relying on what someone told you he did, which wasn't apparent in your first post. I imagine the malware was in the second email.

The good news is that your email address hasn't been hacked, but just misused. If you haven't already changed your email password, that would be a good idea.

Also maybe download Malwarebytes. No harm in checking.
Same old nonsense.

Leclairon
Posts: 118
Joined: Tue Jun 26, 2018 5:41 pm
Been thanked: 7 times

Re: Hacking scam warning : Amazon

Post by Leclairon »

Can you believe ... another email has come in this morning, to my email, from 'Amazon' confirming'my order'.
At the moment I have ordered nothing from Amazon so this one was obvious.

I hovered the cursor over the email title and it was clearly not Amazon.

As OH says, people are confined, searching out more ways to occupy themselves and con others.
We are now on full alert!

Post Reply