Getting more and more convincing...

These are the times when people that don't know their passwords...it may actually save them lol.

But yeah it's gonna continue to get more and more real looking that's for sure.
 
Yep, but following the longstanding advice to NEVER use links in messages like this to log in, but going to the website by hand if one really wants to check for legitmacy, neutralizes these phishing expeditions.

No matter how convincing, or not convincing, one of these things may be, avoiding disaster is simple: DON'T Click Links in Email unless you're absolutely sure of what you're clicking on.

Clicking on the YouTube link a friend sent you, and where it's in character for them to have done so, is very different than clicking on the Login to Paypal link/button here. If it has ANYTHING to do with money, whether banking, credit card, etc., ALWAYS navigate to the entity's website by hand, never via click-through on hyperlinks/buttons!
 
Be careful I just had my PayPal account hacked on Saturday. On Saturday I received an email telling me a phone number had been added to my PayPal account. Luckily I wasn't locked out and was able to log into my account, sure enough a phone number was added. Needless to say I changed my password and logged out of all devices.
 
Canadian Tech said:
On Saturday I received an email telling me a phone number had been added to my PayPal account.
Click to expand...

If there's any question regarding authenticity, I presume you did as I mentioned earlier, and logged in direct on PayPal's website. Even for the perfectly legitimate warning, which you got, you will also have that in their messages box when you log in directly.

I'm not proposing that every warning be considered suspect, but that no matter what, you don't use hyperlinks contained in such communications, but log in after having brought up PayPal.com (or whatever) yourself.

I've gotten a legit warning or two over the decades (and I do mean fewer than I can count on one hand). But I always do my checking without ever activating links in same.
 
The person who got this was about to follow the link but stopped and asked me if I thought she should.

After all the warnings, examples, discussions, video's, articles etc I've shown her she was going to click it!!
 
GTP said:
she was going to click it!!
Click to expand...

I consider that she stopped, thought first, and consulted you to be a huge, absolutely huge, win for you. My guess it will simply reinforce what you've already taught her such that she'll trust her "doesn't pass the sniff test" sense going forward.
 
britechguy said:
I consider that she stopped, thought first, and consulted you to be a huge, absolutely huge, win for you. My guess it will simply reinforce what you've already taught her such that she'll trust her "doesn't pass the sniff test" sense going forward.
Click to expand...
Unfortunately, this lady suffered from "Dancing Pig Syndrome."

After I posted this on Technibble, we had a further discussion about the thousands of "traps for the unwary" that popup on our devices screens.
After some reiteration of previous discussions she has agreed to "think first" and if not sure, ask me.
 
GTP said:
The person who got this was about to follow the link but stopped and asked me if I thought she should.

After all the warnings, examples, discussions, video's, articles etc I've shown her she was going to click it!!
Click to expand...
I have one customer whose fallen for the MS scam emails 4 times in 16 months. First three times I tried very hard not to be overly harsh on her. Fourth time I didn't. That been at least 6 months so I think it finally sank in.
 
  • Like
Reactions: GTP
Markverhyden said:
First three times I tried very hard not to be overly harsh on her.
Click to expand...

My general approach:

1. Gentle hand-holding and firm warning on first incidence.
2. Firm "knuckle-rapping" and firmer warning on second instance.
3. No holds barred on third.

If the third time is not the charm, and I believe the client is ignoring advice and will endlessly keep the cycle going, they are dropped from my roster. I just no longer have time to keep dealing with the same, preventable problem over and over again due to willful stupidity. And if thrice burned is not enough to prevent future sticking of hand into the flame, well . . .
 
I have several customers who regularly forward me messages and seek my advice on whether each one is genuine, and they're happy to pay my monthly invoice for 10 minutes per checked message. People are willing to pay money for expert advice. Fine with me.
 
britechguy said:
If there's any question regarding authenticity, I presume you did as I mentioned earlier, and logged in direct on PayPal's website. Even for the perfectly legitimate warning, which you got, you will also have that in their messages box when you log in directly.

I'm not proposing that every warning be considered suspect, but that no matter what, you don't use hyperlinks contained in such communications, but log in after having brought up PayPal.com (or whatever) yourself.

I've gotten a legit warning or two over the decades (and I do mean fewer than I can count on one hand). But I always do my checking without ever activating links in same.
Click to expand...
Yes, I logged into my PayPal account directly and removed the number that was added. Still not sure how they got in or why they didn't imediately lock me out. Needless to say my account is protected now. I will note that 2 factor authentication was turned off and I'm sure I had it on to begin with, it's backk on now
 
Canadian Tech said:
I will note that 2 factor authentication was turned off and I'm sure I had it on to begin with
Click to expand...

In what form? While it's conceivably possible that an SMS 2FA could be intercepted (and for your random person on the street, even that's very unlikely) but if you were using an authenticator app it shouldn't be possible at all. I put 2FA on PayPal a while back with a TOTP served up to me through an authenticator app.
 
britechguy said:
they are dropped from my roster
Click to expand...
As long as they're paying to fix their mess without blaming you, what's your problem?
Everyone is free to waste their money whichever way they choose.
I'm happy to be one of the recipients as long as I've got clear conscience I've honestly done my part 😏
I'm in business to fix problems and get paid for it
 
Rigo said:
As long as they're paying to fix their mess without blaming you, what's your problem?
Click to expand...

That I don't want to do it, over and over and over again. If you do, more power to you.

I drop clients that simply will not listen to reason, period. There have been very few over the years, but there have been. I have better things to do with my time and emotional energy than dealing with SSDD when SS was entirely avoidable based on information I've already shared, and made sure was understood at the time it was shared.
 
britechguy said:
That I don't want to do it, over and over and over again. If you do, more power to you.

I drop clients that simply will not listen to reason, period. There have been very few over the years, but there have been. I have better things to do with my time and emotional energy than dealing with SSDD when SS was entirely avoidable based on information I've already shared, and made sure was understood at the time it was shared.
Click to expand...

I've had a few that have fallen for things multiple times and I'm always willing to help. But most definitely it gets frustrating. I haven't gotten to the point yet where I've cut anyone off...but yeah if they'd somehow blame me for it that'd be it for sure lol. I guess I'd continue to help but I'm sure I'd get more and more harsh after each one. Most people I'll spend a good 30 minutes or more sometimes on the phone even telling them what to look out for etc.
 
lan101 said:
Most people I'll spend a good 30 minutes or more sometimes on the phone even telling them what to look out for etc.
Click to expand...

We're alike in that regard. It's not a 2 second, "Don't do that," but a discussion of what happened (or almost happened), the general pattern it follows, and an encouragement to call me before ever taking action if they feel the need to have a sounding board.

That's why there have been very, very few clients I've had to fire. Most listen to me the first time, and generally call me a few times until they get their sea legs as far as trusting their own "sniff test" instincts. Those who have a second incident generally have it during the development of those "sniff test" skills where they didn't call me when they thought it might be a good idea. I have another discussion then, and at length.

But by the third time, there's little I can do beyond ask, "Why are you doing this after you've been burned already, and I have spent a great deal of time teaching you about NOT doing this, and why?" Then they'll get the, "Let's fix this, but I'm not going to fix it again," speech. You should now have the skills, which are not difficult to master, to avoid this entirely. If you can't or won't think before you act on this sort of thing, you need to find someone else to assist you, because there is nothing else I have to offer and I won't keep doing this for the same mistake, intentionally repeated."

Willful stupidity is incurable, and I don't suffer fools gladly. The old saw, "They couldn't pay me enough to . . .," applies. I actually firmly believe in personal responsibility where that is the one and only thing that will prevent an issue, and "Dancing Pig Syndrome" is only cured by thinking before one acts.
 
  • Like
Reactions: GTP
britechguy said:
In what form? While it's conceivably possible that an SMS 2FA could be intercepted (and for your random person on the street, even that's very unlikely) but if you were using an authenticator app it shouldn't be possible at all. I put 2FA on PayPal a while back with a TOTP served up to me through an authenticator app.
Click to expand...

It's possible in my forgetful old age I never had it on but I was sure I did have it on. I'm checking all of my accounts to make sure I have turned 2FA on.
 
You must log in or register to reply here.

Similar threads

britechguy
New "Microsoft Virus Scare" Scam that looks relatively authentic to the uninitiated
Replies
13
Views
605
ell
E
GTP
Another "Instascam"
Replies
1
Views
554
britechguy
britechguy
thecomputerguy
These chrome notification Virus Alerts are getting out of control!
2
Replies
38
Views
1K
britechguy
britechguy
Appletax
[TIP] Make LibreOffice Look Better and More Like M$ Office
Replies
12
Views
996
Appletax
Appletax
HCHTech
ELI5 Intel's new chip offerings
2 3
Replies
48
Views
1K
Sky-Knight
Sky-Knight
Back
Top