Scams You've Encountered

Good tip. Apple/iCloud also let you create temporary anonymous email addresses that map to your real address. I use this feature wherever possible.

This is not a TS email. I got the same one and checked the email address where it came from. I highly doubt that leaving your email at TS was the event that triggered this barrage of spam and scams. I never gave my email to TS, and I am getting these phishing emails. The number is definitely increased! Always happens in an election year.

This is not a scam but I’m not sure where better to post it. A while back, I got an email in my “shopping” gmail account with a cvs receipt for, let’s call her, Jennifer S. Who had shopped in a CVS in a city and state I have never visited. So apparently this person had accidentally entered my email when she checked out. The email showed me the receipt and the last few digits of her cvs account.
When I clicked on the link they gave me, I could see her cvs account and it let me add offers to her card. When they sent me a survey, I said, hey, I’m not “Jennifer S”.

They keep sending me emails, and I keep adding offers and bonus cash to her card. So whenever I get a new email, I add whatever offers are available to her card.

I told my youngest d about this, and she said, cool , that’s chaotic good, or something like that.

No, the email address is an inn in New York. The other tractor supply junk mail is from bravee. Whatever that is. I block them all, don’t worry,

I had a NewsNatioNow popup article headline early today for an online article that referenced AT&T’s newest cybersecurity hack (RockYou2024) that gathered all sorts of metadata from 10B passwords. in the iPhone article there is a link halfway through the article that takes you to a page to check if your passwords were compromised. The link wants you to enter your password to check it? Why would you do that? What am I not getting here? May be perfectly legit but why would I start typing in all my passwords for an application to tell me if it’s been compromised? I realize the password is separate from whatever application it is associated with or who you are, but maybe not - there are all sorts of ways for them to figure this out after the fact that we’ll learn about next year. I’d just assume all were compromised and change them. I have all financial ones set up to change every 2 months anyway. Edit: Maybe it meant to check only your AT&T password, but then they have your password for AT&T? I would just change it and not put it in the “checker” especially if you use versions of that password elsewhere.

Deleted

We’ve been hit recently with credential stuffing attacks and several others.

Our favorite scam was when we’re were dealing with our ISP to resolve one issue, my spouse googled customer service and called them. But it wasn’t them. They talked to her and asked for her account ID then said they were sending a password reset code to her phone which indeed came from the legit ISP. They asked her to tell them the code - that was the problem. On their end they were typing the stuff in. That’s why the reset messages say “don’t tell anyone the code”. We reached out to the ISP (correctly) and they said they would go after the phone number on google.

The bigger issue for us were some old passwords. Given the massive breaches lately, everyone has to up their password game. This is where we are heading:

1. Long pass phrases instead of short weird passwords since anything longer than ~15 characters can’t be cracked in a reasonable amount of time. Phrases make them easier to remember
2. Zero password reuse, so, moving to a password manager
3. multi factor authentication everywhere.
4. In reading up on passkeys and other ways to encrypt.

The MFA is the hard part. Some sites don’t offer it (dropped twitter because 1. It’s gross and 2. they wanted me to pay for it). Other sites only use SMS. I’d like to move to Authenticator apps instead so they can’t spoof my cell. I was encouraged to see Google Gmail has changed its policy recently to allow easier MFA.

Any advice on authenticators and encryption?

Funny note - where I used to work, we had a password to get into a laptop in the main conference room that was automatically changed every 4 to 6 weeks or something like that. I noticed the password was hand written, then crossed out and updated in pen, crossed out and updated, etc. taped to the inside bottom of the laptop by the keyboard. When I asked the IT guy about it - he said written down passwords are the safest passwords you can have as someone will always hack and find your electronically filed passwords at home or wherever they are used. This password only got you into the computer for use in the conference room for visitors and general staff so no access to any other apps, but I thought his response was interesting. He said to make them long, complicated, hard to check, but not necessary to remember them unless you just want to keep up with them for remote access…just have access to them in writing and hide them well. And yes, MFA is a great.

If anyone uses a Canadian bank account, beware of the e-transfer option of paying bills. We have a summer property in Canada, and thus a bank there. When paying a boat repair bill, my e-transfer payment to the business was hacked and directed to another bank (in China). On my account, the payment was shown as going to the correct business. But the business never got the money. So it was actually the business’ email that was hacked. That is how the money transfer works. I will never use e-transfer again, as the money is deducted immediately, with no way to confirm where it went. When I talked to the business, they said they had one customer with a large bill pay using a password. The business confirmed the password; the money still was stolen.

So do you have to pay the boat repair bill now after having your money stolen?

The business is taking it to their insurance company. It’s a very small town and most people know each other, even us summer people. So they don’t want me to pay twice. We’re all on a first name basis.

Oh, I’m glad to hear that. An insurance claim makes sense.

With the recent mid-summer big sales, there is an uptick in shipping activity and so there is an uptick in phish emails and texts pretending to be from UPS, USPS, etc. I’ve been deleting a ton of those lately. So please be vigilant!

Yes, whenever you’re presented with a “problem,” be very leery. I can’t remember the last time I got a legitimate business email or text about an issue that needed immediate attention.

I’m very “old school.” I still mail checks as needed rather than using electronic transfers. Our D has zelle for the few times only an electronic transfer will do, and then we go and deposit funds into her Schwab account to reimburse.

I prefer to mail checks, but have had to pay some late fees because my check, mailed in plenty of time, did not reach its destination on time. Guess I’m paying for the cutbacks and issues with USPS.

As a result, there are a few bills that I pay electronically, while those that have never had a problem being on time, I still send a check.

I pay a bunch of bills via autopay these days or by phone. I still pay by mailing checks two. Whenever I mailed in lots of time but get hit by a late fee, I call and politely ask that the fee be waived and it always has been.

Ironically we DID get such an email from eBay yesterday. H has been selling a lot of things, and got an email that we had to update our bank info. I was sure it was a scam, but the address appeared to be correct. So I went directly to the eBay site and found where it had the same warning.

However, when trying to modify the profile, it kept wanting us to enter our PIN for 2 step verification. We’ve never set up a PIN and there was no way around it. It just kept going around in circles. We thought we had it licked by actually clicking on the email link on H’s phone, but a little later we got another email saying the verification was denied.

Completely aggravated I did a chat and found an option for them to call us. They did, and I wound up having to change my password - which I did know - but that let us into the system to turn off the PIN and turn on 2 step text verification.

EBay can be a complete PITA sometimes. And we recently got a congratulations email thanking us for our 25 years of membership. Some thanks!

Sadly that is becoming dangerous these days too. Thieves steal mail and then do what’s called “check washing” to leave the signature alone but change the amount and payee. In our area mail carriers have had their keys stolen at gunpoint which allows the thieves to empty local drop boxes.

The advice I’ve read is to always mail checks at the Post Office and to buy a gel pen since that ink soaks more into the fibers of the check.

One article about check theft is Avoid mailing your checks, experts warn. Here's what's going on with the USPS. - CBS News