LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices


Reply
  Search this Thread
Old 10-10-2020, 04:22 AM   #1
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: LFS, AntiX, Slackware
Posts: 4,758
Blog Entries: 14

Rep: Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705
Has anyone else had one of these?


I found it in my gmail spam folder. Funnily enough, it purports to come from Google themselves, but the spam filter obviously knew better. It's addressed to my old googlemail address, which is no longer active, and reads:
Quote:
We are upgrading our Email server and this might affect some email accounts, You are advised to verify and re-confirm your email account in other to continue using our email services and to upgrade to our 25G Extra Storage Quota for free.
You have some new messages in your email quarantine.
Needless to say the four emails are the kind of thing I would never have received, but also the kind of thing that would make a lot of people click on them. For example, one purports to come from a well-known bank (not my bank) and all four deal with an unspecified "sale" and a pending FedEX delivery. I bet there are a lot of people who would click on those.

Did you know that when gmail puts something in the spam folder, it removes all active links? I didn't know that but I must say I approve, and I don't usually approve of anything Google does. They are at least attempting to protect their users from other predators.

The scammers do seem to know about this because they go on to say:
Quote:
If this message lands in your spam folder, please move it to your inbox folder for proper interagtion: Click Here
That spelling mistake is genuine btw.

As some people here know, I collect scams. They amuse me.

Last edited by hazel; 10-10-2020 at 04:23 AM.
 
Old 10-10-2020, 04:56 AM   #2
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 15,616
Blog Entries: 9

Rep: Reputation: 4515Reputation: 4515Reputation: 4515Reputation: 4515Reputation: 4515Reputation: 4515Reputation: 4515Reputation: 4515Reputation: 4515Reputation: 4515Reputation: 4515
Quote:
Originally Posted by hazel View Post
For example, one purports to come from a well-known bank (not my bank) and all four deal with an unspecified "sale" and a pending FedEX delivery.
Sounds very familiar.
 
Old 10-10-2020, 04:59 AM   #3
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: LFS, AntiX, Slackware
Posts: 4,758

Original Poster
Blog Entries: 14

Rep: Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705
Quote:
Originally Posted by ondoho View Post
Sounds very familiar.
The content yes. But not the method. Usually these scams purport to come from FedEX itself or from the company that supposedly sold you the goods. I think most people are wise to that now. But I haven't seen the "we are upgrading our server" thing before. It makes it look much more authoritative.

Last edited by hazel; 10-10-2020 at 05:01 AM.
 
Old 10-10-2020, 09:17 AM   #4
fatmac
Senior Member
 
Registered: Sep 2011
Location: Upper Hale, Surrey/Hants Border, UK
Posts: 3,837

Rep: Reputation: Disabled
Anything unexpected......I check the URL, (& those of any 'click me'), if it doesn't tally, it's deleted.
 
Old 10-10-2020, 09:22 AM   #5
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: LFS, AntiX, Slackware
Posts: 4,758

Original Poster
Blog Entries: 14

Rep: Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705
Me too. That "hover" facility is very useful. Doesn't work on gmail spam though because they inactivate the links.
 
Old 10-10-2020, 09:44 AM   #6
colorpurple21859
Senior Member
 
Registered: Jan 2008
Location: florida panhandle
Distribution: slackware64-current, fedora,Xubuntu, others
Posts: 4,830

Rep: Reputation: 853Reputation: 853Reputation: 853Reputation: 853Reputation: 853Reputation: 853Reputation: 853
I received one of these emails and I donít have a gmail account
 
Old 10-10-2020, 09:47 AM   #7
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: LFS, AntiX, Slackware
Posts: 4,758

Original Poster
Blog Entries: 14

Rep: Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705
Quote:
Originally Posted by colorpurple21859 View Post
I received one of these emails and I donít have a gmail account
So they aren't deliberately targeting gmail customers as I thought. They're just sending them out at random on the probability that people who have a different address might have a gmail account too. That makes it much more like normal phishing spam and a lot less clever than I thought it was.
 
Old 10-10-2020, 09:50 AM   #8
boughtonp
Member
 
Registered: Feb 2007
Location: UK
Distribution: Debian
Posts: 711

Rep: Reputation: 446Reputation: 446Reputation: 446Reputation: 446Reputation: 446
Quote:
Originally Posted by hazel View Post
Me too. That "hover" facility is very useful. Doesn't work on gmail spam though because they inactivate the links.
Also doesn't help when the sender uses marketing trackers and/or non-canonical domains - it's not surprising that people get phished when the likes of Paypal uses "www.paypal.com" in some messages and "epl.paypal-communination.com" in others.

Nor that Gmail converts all (non-disabled) links to route through Google's servers, so the advice of "everything before the first single slash is the hostname" suddnely doesn't work so well.

 
Old 10-10-2020, 09:52 AM   #9
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 15,616
Blog Entries: 9

Rep: Reputation: 4515Reputation: 4515Reputation: 4515Reputation: 4515Reputation: 4515Reputation: 4515Reputation: 4515Reputation: 4515Reputation: 4515Reputation: 4515Reputation: 4515
Quote:
Originally Posted by hazel View Post
That "hover" facility is very useful. Doesn't work on gmail spam though because they inactivate the links.
"They" being who?
 
Old 10-10-2020, 09:58 AM   #10
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: LFS, AntiX, Slackware
Posts: 4,758

Original Poster
Blog Entries: 14

Rep: Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705
Quote:
Originally Posted by ondoho View Post
"They" being who?
Google do it themselves. When something goes into the gmail spam folder, all links in it are automatically disabled. Actually I rather like that. It stops recipients from clicking on a link without thinking.
 
Old 10-10-2020, 10:00 AM   #11
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 15,616
Blog Entries: 9

Rep: Reputation: 4515Reputation: 4515Reputation: 4515Reputation: 4515Reputation: 4515Reputation: 4515Reputation: 4515Reputation: 4515Reputation: 4515Reputation: 4515Reputation: 4515
Oh I see.
I thought you could not inspect links in emails in general.
 
Old 10-10-2020, 10:04 AM   #12
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: LFS, AntiX, Slackware
Posts: 4,758

Original Poster
Blog Entries: 14

Rep: Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705
Quote:
Originally Posted by boughtonp View Post
Nor that Gmail converts all (non-disabled) links to route through Google's servers, so the advice of "everything before the first single slash is the hostname" suddnely doesn't work so well.
Not all of them. I've just checked a few links in emails that are definitely kosher and the actual link corresponds to the visible one in all cases. None of them has been given a google address.
 
Old 10-10-2020, 10:18 AM   #13
boughtonp
Member
 
Registered: Feb 2007
Location: UK
Distribution: Debian
Posts: 711

Rep: Reputation: 446Reputation: 446Reputation: 446Reputation: 446Reputation: 446
Quote:
Originally Posted by hazel View Post
Not all of them. I've just checked a few links in emails that are definitely kosher and the actual link corresponds to the visible one in all cases. None of them has been given a google address.
Hrm, maybe a difference between the "standard" and "basic HTML" views? Perhaps the former uses JavaScript to do its spying instead.

 
Old 10-10-2020, 10:43 AM   #14
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: LFS, AntiX, Slackware
Posts: 4,758

Original Poster
Blog Entries: 14

Rep: Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705Reputation: 2705
That makes sense!
 
Old 10-11-2020, 06:20 AM   #15
rtmistler
Moderator
 
Registered: Mar 2011
Location: USA
Distribution: MINT Debian, Angstrom, SUSE, Ubuntu, Debian
Posts: 9,001
Blog Entries: 13

Rep: Reputation: 4117Reputation: 4117Reputation: 4117Reputation: 4117Reputation: 4117Reputation: 4117Reputation: 4117Reputation: 4117Reputation: 4117Reputation: 4117Reputation: 4117
I've been critical of the habit of assigning names to behaviors, but this seems to be pfishing.

They probably put the 'p' there to differentiate from hook, line, and sinker, over water. Real fishing that is.

Link texts looking fine, links bad/sneaky.

The whole intention is to trick you to give up private information.

I don't know the real reason for the misspellings, but a guess is 'plausible deniability', so they can say it was a joke.

This crap comes and goes and changes tactics.

You see it, ignore it, or see if you can figure a way to really stop it all together.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Has anyone else had this grub problem after installing Stretch? hazel Debian 8 07-13-2017 02:06 PM
LXer: 'I'm sorry, your lift has had a problem and had to shut down' LXer Syndicated Linux News 0 09-05-2016 07:20 AM
This looks interesting... Anyone had a play with one of these? Joe of Loath Linux - Mobile 2 06-10-2011 01:58 PM
Hello, has anyone else had this problem with SliTaz 3.0? RJARRRPCGP Linux - Software 3 08-09-2010 11:12 PM
has anyone else had this problem superdoyle Mandriva 6 07-18-2005 01:36 AM

LinuxQuestions.org > Forums > Non-*NIX Forums > General

All times are GMT -5. The time now is 01:49 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration