Malicious email in a legitimate reply chain 스레드 게시자: Philippe Etienne
|
|---|
Hello there,
I received an email from a contact name I knew from an agency I knew:
"Good day! Right here you could find all the essential paperwork on the agreement from 15/03: [Link to a ZIP file]
Could you please review and approve all material."
Incidentally, I had worked with that agency for the first time not long ago. I didn't really understand what they were on about, but I didn't really pay attention because BELOW WAS A SERIES OF EXCHANGES WE HAD A M... See more Hello there,
I received an email from a contact name I knew from an agency I knew:
"Good day! Right here you could find all the essential paperwork on the agreement from 15/03: [Link to a ZIP file]
Could you please review and approve all material."
Incidentally, I had worked with that agency for the first time not long ago. I didn't really understand what they were on about, but I didn't really pay attention because BELOW WAS A SERIES OF EXCHANGES WE HAD A MONTH EARLIER about the project envisioned.
I therefore clicked the link to see what it was about, but Chrome displayed a page with a lot of red. Only then had I a closer look at the email to find out it was spoofed: the contact name was related to a weird email address, the wording was spam-like, and Indonesian and Iranian servers were in the email header, while the sender should have been from another country.
In fact the originating email account was hacked and email content got in the wild.
Up to now I didn't know that an email reply chain could be suspicious, but now I do.
https://www.webroot.com/blog/2019/04/03/hijacked-email-reply-chains/
Stay safe,
Philippe ▲ Collapse
| | | | Mervyn Henderson (X) 
스페인
Local time: 07:06
스페인어에서 영어
+ ...
Scary, Philippe, thanks. I'm so paranoid these days. Sometimes I get phone calls, and nobody says anything, just hangs up. Not a word. I mean, I'd almost prefer the heavy-breathing routine. I used to think it was Tom winding me up, but I'm pretty sure it isn't now. I did a few tests, you see: once I said "Haven't you got nothing better to do all day?", but there was no response to a vile, blatant, in-your-face double negative. On another occasion I said, "Hang on just a minute, will you, I'll be... See more Scary, Philippe, thanks. I'm so paranoid these days. Sometimes I get phone calls, and nobody says anything, just hangs up. Not a word. I mean, I'd almost prefer the heavy-breathing routine. I used to think it was Tom winding me up, but I'm pretty sure it isn't now. I did a few tests, you see: once I said "Haven't you got nothing better to do all day?", but there was no response to a vile, blatant, in-your-face double negative. On another occasion I said, "Hang on just a minute, will you, I'll be with you momentarily," and nary a correction. ▲ Collapse
| | | | | Variation of a common tactic | Mar 19, 2021 |
Philippe Etienne wrote:
Hello there,
I received an email from a contact name I knew from an agency I knew:
"Good day! Right here you could find all the essential paperwork on the agreement from 15/03: [Link to a ZIP file]
Could you please review and approve all material."
Incidentally, I had worked with that agency for the first time not long ago. I didn't really understand what they were on about, but I didn't really pay attention because BELOW WAS A SERIES OF EXCHANGES WE HAD A MONTH EARLIER about the project envisioned.
I therefore clicked the link to see what it was about, but Chrome displayed a page with a lot of red. Only then had I a closer look at the email to find out it was spoofed: the contact name was related to a weird email address, the wording was spam-like, and Indonesian and Iranian servers were in the email header, while the sender should have been from another country.
In fact the originating email account was hacked and email content got in the wild.
Up to now I didn't know that an email reply chain could be suspicious, but now I do.
https://www.webroot.com/blog/2019/04/03/hijacked-email-reply-chains/
Stay safe,
Philippe
This is basically a variation on phishing via coopting a company name and logo.
One such instance of this (which I've received numerous times):
E-mail seemingly from PayPal containing official PayPal logo informing me that my account has been blocked, and instructing me to click on a link within the e-mail in order to update my account information. Superficially, it looks like a legitimate e-mail from PayPal. But when I look at the e-mail address, it is not from the "paypal.com" domain, but rather some long gobbledygook, like [email protected].
The lesson: Be wary of any e-mail informing you of bad news and requiring you to take immediate action.
| | | | Mervyn Henderson (X)
스페인
Local time: 07:06
스페인어에서 영어
+ ...
There seem to be so many scams reported here that I'm beginning to wonder if we're a soft touch. Did all these scammers get together at scammer board meetings and decide to target translators as a strategic objective because we're infinitely more gullible than, say, graphic designers?
| | |
|
|
|
Mervyn Henderson wrote:
I'm so paranoid these days. Sometimes I get phone calls, and nobody says anything, just hangs up. Not a word.
DO NOT ANSWER! NEVER, NEVER ANSWER!
(Think I'm showing an early-onset TiLitis. At this stage, I don't know yet whether it's curable or chronic.)
On a more serious note, I've been receiving calls from unknown numbers on a daily basis for quite a while. I simply ignore them, and suggest you do the same. That'll save you some headache, should they try to trick you out of your money and into their scamming schemes.
Did all these scammers get together at scammer board meetings and decide to target translators as a strategic objective because we're infinitely more gullible than, say, graphic designers?
Grrr...grrraphic designers, you said? Considering that one of them has just moved extremely fast up the ladder from getting 100USD a piece to selling his 'crypto-art' (huh!?) for nearly 70 million USD, I think we're in the wrong trade.
What's hilarious – to a point – about all this crypto-s**te is the vocab that is rapidly growing around it, like the name of the company that bought the 'thing' (I refuse to call that artwork), which is called Metapurse. One of the crypto-business partners' pseudonym is Metakovan, and it is their intention to now build a virtual museum, to make 'that thing' and other similar 'things' available in the Metaverse.
I find this whole thing not only scary, but extremely unsettling.
Brain. Is. Shutting. Down.
Brain. Refuses. To. Process.
| | | | | "Suffering of... | Mar 19, 2021 |
...TiLitis" (quote). Yes, but that doesn't involve receiving unknown phone calls. These are mostly the result of the so-called grandparent scam one may be affected of when receiving a certain age and when you have a quite old fashioned surname* assuming, that you already may have reached an age, where you are prone to give all your savings to relatives who are suffering an emergency (i.e. when they suddenly need a new Porsche and have not enough cash money at the car seller's counter). That's wh... See more ...TiLitis" (quote). Yes, but that doesn't involve receiving unknown phone calls. These are mostly the result of the so-called grandparent scam one may be affected of when receiving a certain age and when you have a quite old fashioned surname* assuming, that you already may have reached an age, where you are prone to give all your savings to relatives who are suffering an emergency (i.e. when they suddenly need a new Porsche and have not enough cash money at the car seller's counter). That's why I don't think it's always Tom, who calls you, *Mervyn. ▲ Collapse
| | | |
Philippe Etienne wrote:
Hello there,
I received an email from a contact name I knew from an agency I knew:
"Good day! Right here you could find all the essential paperwork on the agreement from 15/03: [Link to a ZIP file]
Could you please review and approve all material."
Incidentally, I had worked with that agency for the first time not long ago. I didn't really understand what they were on about, but I didn't really pay attention because BELOW WAS A SERIES OF EXCHANGES WE HAD A MONTH EARLIER about the project envisioned.
I therefore clicked the link to see what it was about, but Chrome displayed a page with a lot of red. Only then had I a closer look at the email to find out it was spoofed: the contact name was related to a weird email address, the wording was spam-like, and Indonesian and Iranian servers were in the email header, while the sender should have been from another country.
In fact the originating email account was hacked and email content got in the wild.
Up to now I didn't know that an email reply chain could be suspicious, but now I do.
https://www.webroot.com/blog/2019/04/03/hijacked-email-reply-chains/
Stay safe,
Philippe
the attached file may contain a virus or a trojan horse. You shouldn't have opened it
| | | |
They might try to hijack any banking info or logins with saved payment information.... or just steal your social media logins to use bots to run up likes for youtube videos, post conspiracy crap, or troll the opposition of some less-than-democratic country.
| | |
|
|
|
| Paranoid enough | Apr 20, 2021 |
Thanks all for your replies.
Three weeks ago, I had the opposite experience and nearly ignored a legitimate request: somebody contacted me through WhatsApp during the weekend, and I replied that I'd be back Monday. Come Monday, I searched and found the profile here (15+ years old), then sent them a message through proz.com. Although the phone number differs, it was actually them! I'd never been approached for work by WhatsApp, and I would have bet both my hands the request was fake.... See more Thanks all for your replies.
Three weeks ago, I had the opposite experience and nearly ignored a legitimate request: somebody contacted me through WhatsApp during the weekend, and I replied that I'd be back Monday. Come Monday, I searched and found the profile here (15+ years old), then sent them a message through proz.com. Although the phone number differs, it was actually them! I'd never been approached for work by WhatsApp, and I would have bet both my hands the request was fake.
Earlier that week, Nancy (IP from Senegal), with a profile created the same day here, asked me to contact her through a gmail address to discuss something. I reported it to proz.com support and found out that the profile was squashed. My profile was then visited by someone from Senegal.
Robert Forstag wrote:
...This is basically a variation on phishing via coopting a company name and logo...
I've also received phishing e-mails mimicking banking layout, but always totally unrelated to a previous exchange. The noticeable difference that caught me off-guard was reading my own blurb below the message, as if the discussion continued. I'd likely have exercised more caution if my eyes hadn't been busy browsing the discussion to refresh my mind.
David GAY wrote:
the attached file may contain a virus or a trojan horse. You shouldn't have opened it
Opening a file may have put me in real trouble, but I didn't get as far as the payload just clicking the link. According to literature, the zip contained Office docs with macros. Anyway, Google Chrome warned me before anything went off that that Iranian site was awfully unsafe and that proceeding was not recommended. From there I looked at the e-mail more closely.
Philippe ▲ Collapse
| | | | To report site rules violations or get help, contact a site moderator: You can also contact site staff by submitting a support request » Malicious email in a legitimate reply chain | Trados Business Manager Lite | Create customer quotes and invoices from within Trados Studio
Trados Business Manager Lite helps to simplify and speed up some of the daily tasks, such as invoicing and reporting, associated with running your freelance translation business.
More info » |
| | CafeTran Espresso | You've never met a CAT tool this clever!
Translate faster & easier, using a sophisticated CAT tool built by a translator / developer.
Accept jobs from clients who use Trados, MemoQ, Wordfast & major CAT tools.
Download and start using CafeTran Espresso -- for free
Buy now! » |
|
| | | | X Sign in to your ProZ.com account... | | | | | |
Login to reply/comment 
Translation news
