Your Online Security: The New and Improved Email (and social media) Scams Edition

| Jerod in Online Privacy, Online Security, Web & Technology Issues

We’re going to continue our Then2Now series next time because something more important has come up.  If you’re interested in my previous Then2Now posts you can find them here:

…and now for something completely different more important…

In my blog post of December 20, 2018 I discussed quite a few important topics in terms of online privacy and security.  I’ve re-read that blog post and everything I said back then is still 100% applicable today.  I’ll be honest, most of it boils down to this one simple message…

Do not click any links in emails!

If you follow any rules at all to keep yourself safe online, it is the “don’t click email links” rule that I hope you choose to follow.  I’ll be honest again, pretty much this whole article is going to discuss the new and ever-more-devious ways the Böse Herren are using to get you to click dangerous links in emails.  We will cover the one tricky email in detail and two more as a reinforcement / overview.  Then at the end I’ll relate a short story about something that actually happened to me & my family in June of this year.  Also, please note that I personally have received an example of each of these within the last six months and two of them within the last two days!

The DCMA Copyright Infringement / Take-down Notice Email

This is the one email we’re going to talk about in detail and, honest-to-goodness, this email was a little bit frightening at first glance.  It supposedly comes from someone named Augie Wallach who represents Ramji Law in Houston, Texas.

(ASIDE:  I apologize to Ramji Law for using their name here.  They are a legitimate law practice and the person to whom I spoke on the phone was very polite and helpful.  I do not mean any disrespect to their practice and I wish them the best in their business.  I only include the name of the firm so that if anyone else receives an email like this and that person Google searches “Augie Wallach Ramji Law,” I hope this article comes up and I can save someone from falling victim to an email phishing attack.)

It’s a really tricky email, it’s written pretty well, it purports to originate from a legitimate law firm, and there were only four very minor mistakes that clued me in to its lack of authenticity.  We’ll get into the detail later but here’s the short version on how this one reads:

Your website abc.com is in violation of US statute number 12345 because you are displaying copyrighted imagery.  My fancy-pants law firm holds the copyrights to these images and we will sue you for $150,000 if you do not take them down.  Here, click this link to download the document that proves your are infringing our copyright.

(You can read the full text by clicking the image of the email to expand it.)

Of course, it’s all written in a very professional and legal-sounding manner (by A.I., I’m sure) so as to create a bit of fear and sense of urgency in the reader.  Lucky for me, I have a strict “never click links in emails” policy so I did not do as they asked, I did not click the link, and therefore I am reasonably assured that my computer / web browser / email system will remain un-compromised by their particular malware for the next 5 minutes at least.  What I did do was open a web browser, search for the law firm by name, actually call the law firm in question, make sure that “Augie Wallach” does not exist and to verify that this email was bogus.  As I mentioned, there were four, mostly very minor and obscure, items that tipped me off.

  1. The email was from “Augie” — I’ve communicated with attorneys in the past and, when they’re in “lawyer mode” they never refer to themselves as “Augie.”  That sounded very unprofessional for an official communication from a law office.  Tip #1.
  2. Colloquial language — The second line of this email reads “Download this document and see for sure:”  In a professional and legally-written document I would never expect to read the words “…and see for sure.”  There are many other much more professional ways to communicate that idea.  Tip #2.
  3. A “What The Hell?” Link — The link that “Augie” wanted me to click came from the domain oldcardboard. com.  Now why would a law firm who supposedly created a document detailing my alleged illegal use of images host that legal document on a website called oldcardboard.com?  I typed that domain into my web browser and it turns out that oldcardboard.com is a vintage baseball card website.  This was Tip #3 and probably the biggest tip off of the email.
  4. A Super-Sweet Closing Line — After he threatened to sue my pants off, Augie closed his email with “Very truly yours.”  How sweet!  Again…lots of experience with professional emails & messages…”very truly yours” just isn’t the way you sign-off a professional communication.

I’ve dissected this email quite thoroughly and, when laid out like this, those four points above sound like “well, of course it’s fake.”  I challenge you, however, to read the original text of the email and pick those items out the first time through.  This email when taken as a whole, seems quite well put together and it would be easy to overlook any one or two of those red-flags.  I’m not sure what happens when you click the link in the email and I don’t want to find out.  The point is, create a rule for yourself.  The rule should be called don’t click links in emails and you most likely won’t fall victim to this particular type of attack.

The Your Password Expires Today Email

This one should scream SPAM at you.  It shows most of my email address and says “your password expires today” with the date prominently displayed.  (They kindly included several *** in my email so that anyone looking over my shoulder wouldn’t see my actual full address.  *eye roll*)  The problem with this particular email is that they chose to send a “your password is expiring” email from a domain that I control.  So it’s kind of like me telling myself that my password is expiring…but I know for sure that it’s not.  That’s confusing.

Imagine if they took Google’s logo or something and pretended that this came from Gmail.  How many people do you think would fall for that?  It wouldn’t be difficult to duplicate a Gmail-looking email.  That’s when it’s really handy to have a personal policy that states…  Never click links in emails!

The Payment on Hold Email

I received an email from my bank a couple of months ago and I deleted the message because I quickly figured out it was a scam.  (The image to the left is a similar image I found online…not my own.)  The email was supposedly from USAA.  I get a lot of email from USAA so I’m very familiar with the layout, typical content, and other components of their messaging.  Believe me when I tell you that this message matched exactly to what USAA normally sends.  It mentioned that I had received a payment but they couldn’t deposit it without verifying some of my account information.  The pieces that clued me off to it being a fake were these:

  • I wasn’t expecting any payments at that time.
  • The email did not display my name (USAA typically puts your name on the email)
  • The email did not display the last four digits of my member number (USAA typically does this as well)
  • The email provided a login link

All of these features are indicators of a fake email.

I suggest that you search for examples of fake emails from your own bank.  I guarantee they’re out there for you to see.  Chase Bank provides a whole page of suspicious emails so that you can see what the scammers are trying to use to get your information.

What do we learn from this?  No clicky no linky in the emails!

BONUS:  The Selling Taylor Swift Tickets Email Scam

As I said in the opening, this is a true story and actually happened to me & my family in June 2024.  If you’ve been living on Planet Earth for the last eighteen months then you’ve heard of this kind of obscure, not-so-famous, up-and-coming musical performer named Taylor Swift.  Apparently, she’s quite the big deal.  I make jokes but I do have quite a lot of respect for Ms. Swift both for her musical talents as well as her business acumen.  Additionally, word on the street is that she’s really a genuinely good person.

I also happen to have a family including two pre-teen daughters who are in love with all things Taylor.  My wife and I have been toying with the idea of trying to get them to go see one of her concerts but original tickets are not available we’re not going to pay the asking prices on the resale market.  Randomly one day one of my wife’s Facebook friends reached out and said that she had four floor tickets to the Era’s Tour and did my wife want them at basically face value?  Of course the answer was a nearly immediate YES!  So my wife starts making arrangements via Facebook to buy these tickets and get them transferred to her account.

This process goes on for some number of hours.  Her friend asks for paying via Venmo but in two separate transactions.  OK, that’s not normal but not a big deal.  Then her friend says that TicketMaster is charging transfer fees and it’s going to be an extra $100+ per ticket to transfer ownership.  This is when my wife gets suspicious.  She looks it up online and, sure enough, right on the TicketMaster website, “Ticketmaster will never charge a fee for a name change or to transfer event tickets.”

So my wife messages her friend and asks “Hey XXX, this is getting strange, can you tell me how we know each other?”

No response.

Try again…  “Hey XXX.  It’s cool, I’ll pay the transfer fee if you can just tell me where & how we met.”

Response…  “I don’t have time for your games.  Do you want the tickets or not?  Pay the fee and I’ll transfer the tickets.”

Now we know something is up.  My wife calls the bank to stop payment but the Venmo had already gone through.  Late into the night she has the bank on the phone and is trying to get more information out of her friend on Facebook.

As it turns out, my wife’s friend’s Facebook account was compromised.  Her real friend was locked out of her account while scammers reached out to every single person on her friend list and pulled this same scam.  I don’t know how many people were taken in by the scam but judging by how quickly & easily my wife fell for it, I would expect quite a few.

For someone who tried to be ultra-diligent about online security this story is embarrassing and humbling.  Both my wife and I are security conscious, almost never click links in emails, and are generally pretty good at spotting nefarious actions online.  This one got us though.

Last Words

Scammers are getting more and more sophisticated in terms of the tricks they’re using to get at your data.  Be vigilant with your online security.  Verify who you’re talking to online.  Make sure the person you’re communicating with is actually the person you think it is.  And, above all…

Do not click any links in emails!

Stay safe out there, friends.

Jerod Karam

Jerod Karam is Vice President of Technical Operations at Netvantage SEO, an online marketing company specializing in SEO, PPC and social media. Jerod consults with internal teams and external clients on all manner of technical projects, manages the flow of information surrounding the company's online objectives, manages relationships with external partners and suppliers, and is a constant bother to everyone in terms of maintaining online security.

Leave a Reply

Your email address will not be published. Required fields are marked *