web analytics

Timeline of a scam

I received this email about eight yesterday morning to my work account. It’s obviously a scam, but it is a legitimate email coming from PayPal. Correct name, all the links check out. Hm.

First thing I did was search that phone number – it’s obviously the heart of the scam. Sure enough, the first person ever to go looking for that number was two hours earlier. He got exactly the same message, but with a different senders’s name.

Here is the lookup page. I’m the seventh commenter down. At that time, the number had been searched around twenty times.

As of now, the number has been looked up 338 and 42 people made remarks. The messages are kind of interesting. A couple of people called the number and played along (dangerous – there are numbers that automatically charge you a bunch of money when you connect to them). Some people called PayPal.

Oh, yes – I checked the work PayPal account and this message was in it, verbatim, with the proposed transaction. I cancelled it, natch.

Here’s what happened. Let’s say I’m your gardener and I do 5 hours of shitty, lazy gardening for you at £10 an hour. If I know your account address, PayPal has a function where I can send you a message that says, “hello, Yourname. Please send me £50 for my crappy product. Love, Stoaty.” Which seems a reasonable sort of function to have.

Unfortunately, the message can also say, “FRAUDULENT TRANSACTION FOUND IN YOUR ACCOUNT OF 890. 00 GBP, TO STOP OR CANCEL THIS AMOUNT CALL US IMMEDIATELY @ +44-800-058-4853 OR THE AMOUNT WILL BE DEBITED WITHIN 12 HOURS’ and there really isn’t a way for PayPal to tell the difference. They’re well aware of it now (they got an earful yesterday) but I’m not sure what they can do but get rid of that feature.

Oh, look – I’ve just received a less interesting phishing email that *almost* passed the smell test, but the “refund here” button links to something called rebrand.ly and stoaty@sweasel.com doesn’t have a PayPal. Nice try, assholes!

BTW, the correct reporting address is phishing@paypal.com.


Comment from OldFert
Time: November 29, 2022, 6:41 pm

Hmm Got a weird one from Amazon on Monday, sent to my real e-mail address:

From: Amazon.com

Password assistance

To authenticate, please use the following One Time Password (OTP):
Don’t share this OTP with anyone. Our customer service team will never ask you for your password, OTP, credit card, or banking info.
We hope to see you again soon.

Nope, didn’t respond to it. Will send it to Amazon and ask them what’s going on (too busy yesterday).

Comment from Jeff Weimer
Time: November 29, 2022, 9:45 pm

I cancelled my PayPal two weeks ago (for all the recent reasons), so I won’t get hit by these types of scams.

Comment from QuasiModo
Time: November 29, 2022, 9:48 pm

I cancelled my PayPal account a couple of months ago when they threatened to fine me $2500.00 per infraction for saying something they don’t approve of:


…they supposedly pulled it but it’s back in their fine print.

Comment from G_d’s Middle Finger
Time: November 29, 2022, 10:49 pm

“Nice try assholes!” lol

Comment from Durnedyankee
Time: November 29, 2022, 11:41 pm

Last week I got offers from 2_Nigerian Princes masquerading as US lottery winners who picked my phone number at random to text and tell me they wanted to send me hundreds of thousands of dollars!

Which is better than their old ploy of trying to get me to help them commit fraud at the Bank of Nigeria from funds that the government was going to confiscate because Mr Sany Abacha, a wealthy industrialist, had died in a plane crash while falling out of a window onto an exploding bomb during a hunting accident, leaving billions of unclaimed monies in an account which they will generously share with only me because they saw my company profile online (neat trick…).

Comment from MrKnowitall
Time: November 30, 2022, 12:30 am

You see what happens when you come out of the VR world? All kinds of shady stuff going on.

Looks like HP has their VR headset on sale. I suspect a lot of folks are going to be retreating to the virtual world.

Comment from BJM
Time: November 30, 2022, 5:41 pm

@Durned The Nigerian is an offshoot of the Spanish Prisoner scam created post-French revolution. Financially naive and opportunistic Brits arrived in Nigeria by ship and were soon propositioned…the telegraph facilitated the scam.

Technology and globalization have changed our world, but some things have not changed at all. The con’s healthy persistence suggests that everything comes back to human nature; because we are inured to resource extraction and wartime being zones of greed, confusion, and graft.

It amazes me that people fall for this shit. All some people need to hear is “free money” or protecting their own, and they believe just about anything…no matter how much they’re warned not to give out info.

Comment from Durnedyankee
Time: December 1, 2022, 1:29 am

@BJM – THe part that always cheesed me was the argument that it was wrong for “the government” of wherever to take unclaimed funds and YOU should happily commit fraud by pretending to be whoever so you and the generous crooks can get their hooks into the money.

But! You can trust these guys, honest (trigger warning) Injun!

Write a comment

(as if I cared)

(yeah. I'm going to write)

(oooo! you have a website?)

Beware: more than one link in a comment is apt to earn you a trip to the spam filter, where you will remain -- cold, frightened and alone -- until I remember to clean the trap. But, hey, without Akismet, we'd be up to our asses in...well, ass porn, mostly.

<< carry me back to ol' virginny