One last night, one a week or two ago. Dangerous information that could lead to infectious payload obscured.
The older one:
From:checkinfowellsrecurringdeposit
XXXXX[Bad username or site: fatalerrornerd @ com]Message text:(Suspicious Activity)
http://bit.ly/2WeXXXXX CustomersWellsBank LimitedActivityAccountLocked82
-----
So we have horrible structure, no actual English language, just run-on words. And I'm supposed to take a text from an email domain of FatalErrorNerd.com seriously?!
Last night's message:
From:investmentwellsauth
XXXXX[Bad username or site: investingnews @ com]Message Text:(WellsFargo) Your account was Limited -
http://bit.ly/2ETXXXXXPlease update your personal information to avoid account locked.
Thank you
-----
Well, at least we have English sentence structure, even if it is a bit stilted, indicating a probable non-native English speaker. Definitely not reviewed by a corporate communications executive.
The first one says CustomerWellsBank, which implies I'm the customer of something called Wells Bank. There is no Wells Bank. The second one at least is explicitly trying to trick me if I'm a Wells Fargo customer, which I would not be a customer of those bastards in a million years. If they gave me a million dollars up front to open an account I'd deposit a penny and leave it there.
So on to email!
This one is a little bit interesting. A couple of weeks ago I had a problem on my iMac: something went REALLY weird in Firefox, and attempting to do ANYTHING in FF totally blew the mind of my video card and made the display dangerously unviewable, as in anyone epileptic in viewing distance would be incapacitated. I made the decision to create a new user account on my computer and copy everything from A to B. I don't run from accounts that are admin-privileged, so I signed on to an admin account, opened two finder windows, pointed them to the respective user data trees, gave the admin account appropriate permission, and it was literally just drag and drop. I left iTunes alone until I did some research, and that was also easy to do: I was overcautious. As it turns out, my FF problems sort of followed me, and I ended up deleting it and reinstalling it. Fortunately I had made a backup of my bookmarks the previous week, so nothing was lost.
The interesting bit was that when I deleted the damaged user account, I recovered an additional 200 GIG of disk space! And this was after running cache-clearing utilities! I don't know what was hidden, but clearly something was.
ANYWAY, on 6/2 I received an email allegedly from Apple Support. Clearly it was not. Now, the story gets interesting right off the bat: I couldn't copy and paste the text of the email! The whole thing apparently is in unicode! It appears to be text, you can select and copy individual letters and words in the text message, but when you do you end up with a big block of hexadecimal code! The second interesting thing appears because I don't let email messages load graphics because of email trackers. An interesting phrase appeared: "Hasil gambar untuk apple". I assumed this probably represented a placeholder or image tag for the Apple logo, and plugged the phrase in to Google Translate. The result was Indonesian Malay!
So the only way I could copy the message would be to retype it from scratch, which is what I'm doing. At least the header was required to be in ASCII-128 and copied properly.
Email Message:
Apple Support <bg45ng-h7skdj37sjdh3nh4fz3.rigayunah42@0477-politikus53.bg45ngg.<b>
XXXXX.inginselamyadiamdigoa.org>
[wow! I didn't know Apple used .org email addresses!] Today at 10:16 AM
To ww
XXXXX[Bad username or site: yahoo @ com] This message contains blocked images.
[from my not allowing images to load]Message body
Hasil gambar untuk apple [the forementioned Malay]
Dear ww
XXXXX[Bad username or site: yahoo @ com]For your protection, your Apple ID is automatically disabled.
We have prevented an unusual sign in attempt on your Apple account. This may have been because you're signing in from a new location or from a different device. Please review the sign in details below:
Your account access has been locked for the following reason(s):
-Juni 2 2019 : We check your account log in with other device.
-Juni 3 2019 : Your account has been locked until this issued has been resolved. We will wait for 1 week or your account has been disabled permanently.
What to do Next:Please Click the login button below to your Apple account and provide the requested information before 1 week. Through the Account Review, if we don't receive the information before this deadline, your account access may be further locked permanently.
Sincerely,
Apple Support
This email was intended for ,.
Copyright (c) 2019 Apple Inc. All rights reserved.
case-id bG45nG
-----
Well! If you do a quick read, the English might pass muster, but it doesn't on a close read. The Juni months instead of June is a dead giveaway. But it's always the email addresses that they fail at. Another curious thing is the centered text at the bottom, associated with the Dear [my email address]. Apple would have my [first name/last name] and could/probably would include it if they actually contacted me. These scammers don't. I'm guessing the comma/period might be a missed mail merge that didn't fill properly.
Anyway, fun stuff to look over.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
