I got it alright

Just received a text message from an unknown number – area code 416 in this case, the city of Toronto. All the message said was “did you get it?” In the past, I also received a message from a different number saying something like “I sent it, did it come through?” I’m going to take it as a given that this is not something restricted to the Toronto area, but is part of a wider scheme.

Had I responded to these messages saying something like “what are you talking about?” or “No.” I would have given the sender access to all the data on my phone. I had read about this smishing attempt a short while ago so was aware of this. But in any case, since it was from a number not known to me, I’d have taken the same action: delete.

If you’re like me, in addition to your contacts, you have other more sensitive information on your device, be it phone or tablet. In any case it probably contains enough details for someone to ruin your life.

I know we tend to live much of our lives on our devices, but if you get this, or a similar message, DO NOT reply. The only thing they’ve sent is this attempt to get into your device. So as I wrote above, just delete the message unopened.

Cat.

They do keep trying

DATE: Oct 11

TITLE: They do keep trying

I received the following email yesterday in an account I don’t use any longer, but haven’t yet transferred stuff I want to keep.

Schedule new delivery for your shipment_Nº_#5523861834 10 October, 2022 16:56
From: Canada Post
To: ghoward@
Dear customer: Your delivery information is invalid
We invite you to schedule a new delivery as soon as possible:
It look like that your pa has been returned to the post office warehouse
The delivery process failed due to an error in the information (invalid address or phone number).
Reminder:
If you do not confirm your information within three days. Your shipment will be returned to the sender.
Re-Schedule Delivery (this was in a red box I could click on.)
Expected delivery : 2 Days After Confirmation
Status : Waiting Re-delivery Process
Tracking Number : 3535935681768742

There is so much wrong with this I hardly know where to start. Let’s start with the delivery information. This past weekend was the Thanksgiving long weekend in Canada and it is a federal holiday. Therefore Canada Post wouldn’t have been working so couldn’t have attempted to deliver any package (or pa as the message says). Having received packages from Canada Post in the past I know their usual method, at least for the past two COVID years, has been to bring the package to my door. If they can’t deliver it, they leave a notice on or in your mailbox stating they couldn’t deliver it and telling me they’ve returned it to my local postal outlet. The notice also states I can pick it up the next day.

As I said above, I haven’t used that ghoward email for six years or so, ever since I changed my name. And I don’t know of any firm who would show an email address on a shipping label.

I suspect that had I clicked on that “re-schedule delivery” button I’d have been asked for all sorts of information – just to verify my identity of course. Instead the only button I clicked on after copying the message for this blog was “delete”.

Obviously the sender is not in Canada, nor aware of Canadian holidays, or they wouldn’t have chosen Monday October 10 for that was Thanksgiving Day. And no government offices or crown corporations were working that day. Research appears to be an area that they need to improve upon.

I especially like the formal “We invite you to schedule a new delivery as soon as possible:” It contrasts with some of the awkward wording elsewhere.

If you get something like this from the postal service in whatever country you live in, ask yourself two questions: Did I order anything by mail? And, is this the post office’s normal method of notifying me of a failed delivery?

Enjoy your day and remember to hug an artist, we need love too.

Cat.

How many will answer?

DATE: Nov 20

TITLE: How many will answer?

I found the following in the spam folder of one of my email accounts earlier tonight.

From: ING BANK OF TURKEY
Reply To: mrsel@ya

Dear Friend,

I got your e-mail address contact through your country’s Information exchange online while browsing and after that, I decided to contact you to ask for your assistance in this urgent matter that requires trust, confidentiality because you might receive this message in your inbox, Junk/Spam folder.

My name is Mr. Selim the senior Manager of ING Bank Turkey, Acibadem Branch of Istanbul Turkey (IBT) European Banking Corporation Limited Europe. I am a 55 years old man, married with three children. I have a very urgent, confidential, and profitable business for both of us Valued at (Twenty Five Million, Five Hundred Thousand United States Dollars). This fund is an excess of what my branch in which I am the senior manager made as profit last year. I have already submitted an approved End of the Year 2020 report to our Head Office, and they will never know of this Excess. I have since then placed this amount of (Twenty Five Million, Five Hundred Thousand United States Dollars) on a SUSPENSE SECURITY without a beneficiary. As a Senior Manager of the bank, I cannot be directly connected to this money thus I am impelled to request your assistance to receive this money as the beneficiary of the funds.

If we could do this together, we shall share these funds 50/50 between us accordingly and this transaction is 100% risk-free, as no-risk involved during or after this transaction. All I need from you is to stand as the original depositor of this fund, also to keep this deal confidential between us. If you’re interested, kindly write back for more information, while I shall explain more in detail as soon as I receive a response from you.

Thanks for your kind understanding! Awaiting your response,

Mr.Selim

The Senior Manager of ING Bank Turkey,
Acibadem Branch of Istanbul Turkey (IBT)
Bulgurlu Mahallesi Acibadem Caddesi No: 156 34660 skdar / Istanbul

Okay now, let’s tear this apart. The first sign this is not real is that it wasn’t sent to me specifically. In fact, there is no addressee shown at all. Second, although it purports to be from ING Bank in Turkey, the actual email address was a gmail account. I highly doubt the ING Bank in Turkey, a subsidiary of the Dutch multinational ING, would use gmail as their default email. Next, the “reply to” address is “yandex”, which a quick Google search tells me is a Russian search engine among other things.

$25,500,000 is a lot of money in any currency and the proposed 50/50 “split” would mean I’d stand to receive $12,750,000 US,( $16,060,000 CAD at the present exchange rate) if this were in fact legitimate. That itself may entice people to respond.

If I were to respond – I’m crazy, but not stupid, so I won’t – I’d probably be asked to provide various bits of personal information, including my bank account numbers. The result of my gullibility would be to give them access to my account and my huge balance of about $3.84 cents. Of course they would assure me they only wanted the banking information so they could transfer the money to me, but in actuality, they’d just drain my money.

Then there are the legal problems. Most banks are required by law to report any deposit over $10,000 to the government. So, unless I could prove I won the money in a lottery, I’d be answering a lot of questions from federal investigators.

Oh yes, and the personal details “I am a 55 years old man, married with three children.” is a nice but unnecessary touch. I suppose it’s supposed to make me feel all warm and fuzzy and more willing to listen. Well, Selim, I’m a 77 year old grandmother with a healthy streak of cynicism.

If you should receive this email, or any email like this, just delete it. Not every scam artist is a Nigerian Prince, some are Turkish bankers.

Stay safe and remember to give an artist a virtual, socially distanced hug – we need love too.

Cat.

I think not

I got the following email this morning:

Payment Confirmation

Order Invoice <smithfre9642@

09:28 (3 hours ago)

to ewanherbalmagic, bcc: me

Thank You For Your Recent Purchase With iCloud by Apple Inc
This is an auto-generated confirmation email for the purchase that you have done.
You will receive another email with the invoice shortly.
This charge may appear in your account in the next 24 hours of purchase.
If you want to cancel or modify your order, visit iTunes/apple. store or call at xxx-9348
Please find your order information below:
Order Number: FNJ DCC NM2M
Order Date: 23-Sep-2021
Order Name: 12 TB iCloud Space
Amount: USD 1499.99
Paid via iTunes
We hope you shop with us again soon.
Apple Inc.
Helpdesk : xxx-9348

There is so much wrong with this message.

First, it was sent from a gmail address. I somehow doubt Apple is using gmail. Next, notice that it wasn’t sent directly to me, but to someone else with a bcc to me. I suppose the hope is that I won’t notice that and no, I have no idea who “ewanherbalmagic” is.
This was sent to an email address that I set up for a specific purpose and isn’t one I use as a matter of course, so is not attached to my iTunes account.

Now that I’ve disposed of the obvious errors, let’s look at the rest: According to the message I purchased 12 Terrabytes of iCloud storage at a price of $1,499.99 USD. That price is the equivalent today, September 23, 2021, of $1,889.99 CAD but there is no guarantee Apple would process it today, so that Canadian amount could be different from my calculation. And, I have a 1 Tb drive that still has 884 Gb free, so such a purchase would have been completely frivolous as well as far too expensive.

My feeling is that they expect you to have questions/suspicions about this message and you will either call them or use the email provided. I’ll save you the trouble and tell you that the address provided is not the way the real iTunes site shows up in your browser. This is a scam or phishing so, if you get such an email, I suggest you just delete it.

Cat.

They are persistent

I checked an email account for the first time since late last week. In it I found the following two emails:

Geek-Squ Renewal (actual address: adammuche1959@)
May 29,2021

Dear Customer,
Thank you for subscribing Defender Firewall Protection From us .
Today the Service Will Renewed Automatically with $349.89 on the same account provided to us.
Order ID: DFP1476608 Date: 29-05-2021

Description Amount

Geek Protection $349.89

(Inclusive Tax)

Total $ 349.89

Note :- Charges will appear on your statement after 8 hours once debited.
If you want to cancel the charges for $349.89 Auto Renew This time.
Get in touch with us :- +1 (800) (674)

Thanks Regards,
Account Dept.
Defender Firewall Protection
+1 (800) (674) Geek Squad (actual address: felixdolphin060@)
May 31. 2021

We Are Renewing It For You

Dear Customer,
Thank you for choosing Geek Squad Pc Support with us.
Today Subscription Will Be Auto Renewed automatically
with $ 399.99 on the same account provided to us.

Customer Support- +1(800) 274
Order #16589GS-59856
Details are giving below –
Account Type:- Personal Home Subscription
Product :- Geek Squad PC Protection
Quantity :- 1
Tenure :- 3 Years
Payment Mode:- Auto Debit
Renewal Amount – $ 399.99

This Email Confirms That You’ve Renewed Your 1 Year Subscription To Geek Squad For $ 399.99 On May 31 2021

To Cancel The Subscription You Can reach Us at +1(800) 274
Regards
Geek Squad Team
Contact +1(800) 274

To keep myself out of trouble with WordPress (again) I’ve left off part of both the actual email addresses and the phone numbers.
I believe Geek Squad is the tech support team at Best Buy, which presents the scammers with their first problem. The last thing I bought from Best Buy was about 3 years ago, and that was a copy of TurboTax. I paid $20 cash for it, so there is no reason I’d have signed up for tech support. If I can’t put a disk in the drive and follow instructions, I shouldn’t be allowed near a computer. And since I paid cash, there is no record of either a debit or credit card number.

These emails came from different addresses, both gmail and both phone numbers are different. Note also the amounts differ. The first is for $349.89 tax included and the second for 399.99 with no mention of taxes. If the scammers are working together, and I find it hard to believe two separate people came up with the idea of a Geek Squad scam at the same time, you’d think they’d at least stick with the same price. Also notice the awkward sentence structure.

One other possibility just came to mind. Somewhere in western Canada is a woman who seems unable to remember her email address and frequently gives out mine in error. I say “in error” because I’ve received family newsletters and vacation plans from her friends. I’ve also received emails regarding orders from legitimate businesses in western Canada. I know because I’ve phoned a couple of these firms upon receipt of their messages.

If you have bought goods from Best Buy and signed up for support, if you get one of these emails, check with Best Buy then delete the message.

Summer is almost here. Stay safe, wear a mask when and where required and remember to give an artist a socially distant hug – we need love too.

Cat.

How gullible do you think I am?

Don’t answer that. The question is intended for whoever sent me the following text message yesterday morning:
(613) xxx-6064 (I left the exchange out on purpose)

We are Private Lenders. looking for courier or delivery drivers part /full time in the GTA Get paid upfront daily with a certified cheque to make loans delivery in small envelopes to our customer and for each delivery, you make between 150$ to 500$ depending on experience.
Requirements are that you’re 18+ and interested to start right away Text us your name and best time to reach you

Okay, first, area code 613 is eastern Ontario – roughly Ottawa west to Belleville.

An observation: whoever wrote this needs to study up on punctuation.

I have several questions regarding the remuneration, such as it seems to be an unusually high amount for each delivery. Right away that calls the legality of this into question at least to me. I’ve worked as a courier in the past and the thoughts of making the same money for one delivery as I was making in three days seems suspicious. Also, getting paid daily “upfront” by certified cheque would indicate to me that this “Lender” knows in advance what my deliveries would be each day. Looking at the logistics of this, the “Lender” is located in eastern Ontario somewhere so even if they’re in Belleville, it’s still at least a two hour drive to get the cheque and deliveries to me. If they’ve driven that far already, it would only be about another 45 minutes to downtown Toronto, so why wouldn’t they do the deliveries with their own driver? Unless there’s a reason they don’t want their driver identified.

No, I didn’t text them my name and availability. For one thing, I don’t own a vehicle and as I’ve written above, this seems very sketchy.

Stay safe and since you can’t hug an artist right now, think pleasant thoughts about us and our endeavours – we need love too.
Cat.

Someone’s trying again

DATE: Nov 23

TITLE: Someone’s trying again

On December 6, 2019 I published blog called “Sorry Sarge, not happening” about an email I received purporting to be from New South Wales Australia. The sender claimed to be a Sgt Monica L Brown and she had a proposal for me. Oh, what the heck. Here’s the blog. It’s a short one.

DATE: Dec 6

TITLE: Sorry Sarge, not happening

I received the following email this morning. I’ve removed the email address to keep me in WordPress’s good graces.

Griffin, Christine Cgriffin

I am Sgt Monica L Brown I have a proposal for you! Please send me a reply on my personal Email:

slinbrown975

Rather cryptic and designed to instill curiosity in the reader isn’t it? Let’s look at it.

I am Sgt Monica L Brown Good for you. Are you in the army? Air Force, or the local police or some other paramilitary organisation that uses military ranking? Just telling me your rank doesn’t tell me anything useful.

I have a proposal for you! Really!! And what might that be? Do you have several millions in unclaimed funds you want me to help you smuggle out of the country for a cut of said money?

The extension on the sender’s email was “begavalley.nsw.gov.au”, which I translate to mean this was sent by, or on behalf, of the government of the shire of Bega Valley in New South Wales, Australia. A quick Google search shows this area is also known as “the Sapphire Coast” and it appears to be a tourist destination.

I have to ask myself why the government of a tourist area on the west coast of Australia would be contacting a 75 year-old woman in Canada with a proposal? The only thing that comes to mind is that the website has been hacked and this is in fact a scam. Having these suspicions, I have forwarded this to the Bega Valley Council for investigation.

As mysterious and inviting as this may sound, I strongly recommend you do NOT respond to Sargent Monica L Brown.

On the plus side, for a change it is well-written.

Cat.

So why am I talking about an eleven month old blog that had a total of six views over that period of time? (And yes, admitting that count hurts.) Because yesterday, November 22, the view count ballooned to 32. Readers were mainly from Mexico on down through South America. This sudden interest in the blog, plus the locations of the readers leads me to the conclusion that whoever sent that email using the name Sgt Monica L Brown is trying it again, targeting South America this time. As I wrote almost a year ago, if you get this do NOT respond to the Sarge.

In this time of pandemic I urge you all to stay safe and while you can’t hug an artist right now, think positive thoughts about us, we still need love.

Cat.

Of course it’s true

This morning I found the following email in a spam folder for an email account I rarely use. I removed part of the email address to keep me out of WordPress’s bad books again.

Officefile2001

Greeting!
This is Mr. Chad F. Wolf, the current Secretary of Homeland Security.
During my routine checks on our warehouse yesterday we discovered a cargo box, while scanning the box our cash tracking machine has detected that the content of the Box the diplomat was delivering to you is cash worth $ 8.5 million.
The diplomat who arrived with the box made several attempts to reach you. All the efforts he made were abortive so he decided to leave the box and travel back to his country, so if you are interested in receiving this fund back then get back to me now with your full information for the delivery.
Copy this email and reply me now only officefileua
REPLY ON THIS EMAIL ONLY >> officefileua
My regards
Chad F. Wolf

Well, to give this person, whoever they really are, their due, the got the name of the acting Homeland Security Secretary correct. But that’s about all.

If I were in the United States and completely braindead I could probably convince myself that some unnamed diplomat from some unknown country really was sending me eight and a half million dollars. I could really believe this unknown person honestly wanted me to have all this cash, although I don’t recall any conversations of any kind regarding this transaction. But, if Homeland Security says they have all this money for me, who am I to argue? After all they are the government. So, of course it’s true.

Okay, enough sarcasm. Time to take this apart. First, it was sent to the email address I use on that account, which is much better than the usual “undisclosed recipients”. I suppose they (the mysterious “they”) feel it will have more impact if it’s a personal message rather than a shotgun approach. But, unlike email providers such as gmail, which could be anywhere, this is a specifically Canadian provider and most subscribers are in western Canada. So right there, if I’m getting a message from Homeland Security, I’m automatically suspicious since I’m not in the US. And think about this: If Homeland could find my email address to notify me, why couldn’t this unknown diplomat have done the same?

I’m not really sure how this works, but I think that the diplomatic corps of any country isn’t just going to abandon 8.5 million. That kind of money isn’t exactly chump change, no matter what country you’re in. I would also think that once the money is abandoned, it ceases to be covered by any treaties covering diplomatic immunity. That being the case, I know there are Customs requirements that all currency must be declared and failure to do so could result in either confiscation or a hefty fine.

I suspect that if anyone were to fall for this and contact this Chad Wolf they’d be told that if they want this money, they will have to pay this fine, plus processing fees and storage charges. In other words, the only parties to make any money from this transaction would be those running the scam.

If you receive something like this, don’t go buy a Bugatti. Do the sensible thing and just delete the message. While using the name of a known government agency and it’s current head may seem to give it a legitimate feel, it really is just intended to separate you from your hard-earned money.

Enjoy your day and remember to hug an artist – we need love (and social distancing) too.

Cat.

Not falling for it

I found the following email, dated today, in a junk folder:

MICROSOFT
Thank You For Making A Payment Online We Have Received
Your Order For The AUTO-RENEWAL Plan
•SERVICES = MICROSOFT LICENSE
•PAYMENT = 299.99

SUMMARY = Your MICROSOFT License Key Is #9892305
•PAYMENT SOURCE = CARD
•PAYMENT DATE = 04 / 25 /2020
•CONFORMATION NUMBER = #9891305

NOTE = If You Believe That You Have Not Make
= This Purchase or It Has Been Auto-renewed
= Automatically . Then Call The Help Desk To CANCEL .

TOLL-FREE = (607) 325 3365

I have several problems with this email. First, the only Microsoft product I have is Windows. Second, the spelling is atrocious “conformation”? Seriously? The word should be “confirmation”, which has a different meaning. The English is horrid, for example “..that you have not make...” and “…it has been auto-renewed automatically.” I was always under the impression that is something is “auto-renewed” it did happen automatically and there would be no reason to spell it out. And finally, that “toll-free” number isn’t. Area code 607 covers south-central New York State, such as Binghamton and Ithaca.

The final thing wrong with this is that while it purports to come from Microsoft, the actual sender’s email is kenneth@ gailew. (I’ve modified the email address to keep me out of trouble with WordPress)  Not exactly Microsoft.

If you get this email, don’t bother to phone the help desk. Just do as I did and consign the message to trash.

Stay safe, stay indoors as much as possible and, given the current situation, just think about hugging an artist, we need love (and social distancing) too.

Cat.

I won again!

I received the following in my inbox a couple of hours ago:

CNN’s Good Stuff

14:05 (2 hours ago)

Congratulations, You Have Been Selected To Get A $360 Cvs Pharmacy GiftCard,
In Order To Take Your Gift Card All You Have To Do Is Just Answering A
Short Survey About Your Shopping Experiences At Cvs

I’ve removed the email address and links to keep me out of trouble with WordPress (it’s happened before).

The problem with this email is first, I doubt CNN operates that way and perhaps the biggest problem of all is we don’t have CVS in Canada. Also, and not to sound greedy, by $360 sounds like an odd amount.

If you receive this email, be aware the actual sender’s address is a gmail address, not from CNN.

My advice is that if you get this email, just delete it, or do what I did and send a copy to CNN.

Take care and stay healthy,

Cat.