About a week ago, I got a text notification from chase that my credit card was being used to purchase $950 worth of gift cards from some sports fan website. Chase asked me to verify the charge, and if it wasn?t me to respond ?no? and they would decline the charge, and reissue the card. It wasn?t me, so I responded no and the old card was cancelled, and a new one was shipped. I use my credit card for pretty much everything. The protection and points make it worth it for me so it?s the only thing I really use.

Well tonight I received my card and I begin updating all my auto pay accounts. It then dawned on me that I received an email from Xfinity a few days ago asking me to update my card since the old one was no longer active. I click the link and start typing in all my info. I hit submit and receive an error. I refresh the page and it takes me to go a random GoFund Me page. I then realized, it was a fake. I had just entered all my personal information, including my address, credit card info, mothers maiden name, ssn, etc. I couldn?t f*cking believe it. I just spent the last hour locking all my accounts, changing all my passwords, locking my credit, credit cards, etc. I should have known better, but lack of sleep, not paying attention, letting my guard down etc, they got me. Thankfully it?s really easy to get credit protection (Experian) and lock your info, but none the less, I got had.

It never even occurred to me, but my gf is the that pointed the perfect timing and it was a planned attack. They knew my card got declined, and likely was cancelled and a new was issued. They may or may not have known I had my card on auto pay with Xfinity, but they waited a few days before sending the email. They also assumed/knew that it was due at the end/first of the month so it was all about timing. I really can?t believe I fell for it. My gf even made a comment about it, as she knows I?m a freak about security. This isn?t a pity but a reminder to be careful. These hackers are getting smarter and more clever each day. I?m hoping that with all the new security features available through Chase and Experian, nothing major comes of it. I have a 12 month protection plan in place, and my credit completely locked. If someone runs my credit, it will be declined, and it will notify the company running it it?s locked due to identity theft.

https://i.postimg.cc/pTdzSQ5H/BFE911-DD-81-A9-4-F24-B9-B0-8027-CD1426-D5.jpg (https://postimages.org/)

https://i.postimg.cc/pT1zM9Kn/7-BA2-F8-D2-10-CA-4-BB2-85-A4-E996-E15-DE6-B7.png (https://postimages.org/)

Some suggestions, make sure all your sensitive account logins (bank, email, etc) have two factor identification login setup. Make sure your accounts are backed up with alternative emails/phone numbers that only you have access to. The first thing they will do is go in and change all your passwords to make things inaccessible to you. Contact your bank and have them lock your accounts and info. If you aren?t signed up for experian already, I highly recommend it, as it?s free. The protection plan is $25/mo and they offer a 12 month credit watch for free. What a pain in the ass.

I wish all the scamming asshole criminals like this all over this planet would simultaneously get hit by lightning, or meteors! If you're smart/skilled enough to fuck over people like this, use your smarts/skills for good, honest things! Why be a useless criminal piece of shit preying on your fellow humans? I just don't get it.....

Pro tip. Don?t click links in emails like the Xfinity one above and don?t call any phone numbers provided in those emails to give them personal information.

If you suspect your Xfinity billing information legitimately does need to be updated just log into your account as you normally would or call their known customer service number.

I get literally dozens of emails every day because my account is being frozen or my service is being suspended and I need to update my payment information. Xfinity, Amazon, Verizon, Netflix, credit card companies, you name it. Most of them look very legitimate at a glance but there is almost always a tell tale that gives them away. I used to enjoy spotting the giveaways? the weird email address, the email address that looks legit at a glance until you spot the 1 in place of an I, etc. now I mostly just delete them and move along.

Ray said it.

Don't click any links to make changes or add info.

Always log in to the website. That will be coming soon though- fake sites that look and operate like the real thing.

When you think about it, Xfinity is ripping you off as well, making you pay for channels you don't watch and those that you do are about 40% ads anyway.

Pro tip. Don?t click links in emails like the Xfinity one above and don?t call any phone numbers provided in those emails to give them personal information.

If you suspect your Xfinity billing information legitimately does need to be updated just log into your account as you normally would or call their known customer service number.

I get literally dozens of emails every day because my account is being frozen or my service is being suspended and I need to update my payment information. Xfinity, Amazon, Verizon, Netflix, credit card companies, you name it. Most of them look very legitimate at a glance but there is almost always a tell tale that gives them away. I used to enjoy spotting the giveaways? the weird email address, the email address that looks legit at a glance until you spot the 1 in place of an I, etc. now I mostly just delete them and move along.

Yup, I have no idea what I was doing or thinking. I've been sick, I was lacking sleep and just got caught off guard. Really dumb on my part.


Ray said it.

Don't click any links to make changes or add info.

Always log in to the website. That will be coming soon though- fake sites that look and operate like the real thing.

When you think about it, Xfinity is ripping you off as well, making you pay for channels you don't watch and those that you do are about 40% ads anyway.

Hopefully this serves as a reminder for others. I really cannot believe I fell for it.

scammers are indeed getting very good and sophisticated.

Here at work, several months back, we almost wired a scammer $320,000. The scammer had hacked into one of our contractors Email accounts and had been following along and saw that this payment was coming due. The scammer then started Emailing us asking for this payment ASAP, with the excuse that they needed the money sooner than later due to unforeseen expenses that they needed to cover. The scammer had everyone's Emails CC'ed to my co-worker, EXCEPT no one else was actually CC'ed at all. The scammer was only Emailing my co-worker although it looked like everyone else was also involved in the Email chain. The ONLY reason the scammer wasn't successful was because the original attempt to wire the money failed, due to having one digit wrong on the wire. Just before a second attempt of wiring the money, my co-worker finally had a red light flash in his head that something seemed fishy and he made a call to the contractor, and then learned that they weren't actually asking for payment at all.

Scammers are every where. If something seems odd, it probably is odd. Keep your guard up.

Also, at my office, we consistently receive "fishing" Email from work, as training for us all to learn what to look for.

And I don't even answer my phone if I don't recognize the number, including text messages.

AI is dramatically changing the game too.

This is a good time to make you all aware of something ....

The firearm industry is targeted by pop-up fake storefronts. Many rank higher in search engines than legitimate stores.

For instance, lets pretend you are searching for 50 bmg primers. https://www.google.com/search?q=50+bmg+primer

They have been unavailable for a long time. (Ideal scam target).

See if you can identify the fake stores on page 1... there are a lot of them .

PRO TIP: Unless you have PERSONAL experience with the store, the BEST method to validate them is:

1) These fake stores usually don't accept credit cards. If you get that far, and there's no CC option, IT IS A SCAM. Don't proceed despite your belief in a good deal.
2) Look for a contact address and verify that on google maps. Often it'll be a field or some random house in California.
3) Obviously, the price is too good. If they are the cheapest thing out there for something low-in-supply, you should probably already be suspicious.

Otherwise these stores are AI generated, with valid certificates, fully crammed with various items, and in every way look like a normal, fully featured store.

Here at work, several months back, we almost wired a scammer $320,000. Also, at my office, we consistently receive "fishing" Email from work, as training for us all to learn what to look for.



Same here.

I will admit it kind of pisses me off that we have a group of people who work for the same company that I do and who are tasked with trying to trick the rest of us into clicking their bogus emails.

They also have to look into anything that gets reported as phishing so you can bet that I try and keep them busy every chance I get by reporting almost every email that I receive as phishing.

The funny thing is that the people who get tricked the most are supervisors and other IT type people.

To no one in particular:

1st step - unique passwords (and username if they let you choose your own without forcing into your email). Bitwarden, LastPass, and others work very well for this and sync w/ phone app, windows app, mac app, and cloud.

1a - if forced into email, and you use gmail, you can break up the email address with periods (I haven't tested underscore). Gmail views your email as a singleword@gmail.com example: john.smith1976@gmail.com is the same to Gmail as j.o.h.nsmith19.7.6@gmail.com; but to the place, it's a unique identifier since they cannot account for vendor specific oddities. As such, if you are getting spam or junk or phished because they got hacked or are shady, you would receive at email to "j.o.h.nsmith19.7.6@gmail.com" and that allows you to trace to the source of the leak. For anything particularly important (bank, health, etc.), try to use usernames instead of email, and if email and gmail, mess with them using the periods method.

2 - Using the URL feature of bitwarden, lastpass, etc., NEVER click on any links and instead see "this is from Xfinity" and navigate there directly using the link saved in your password vault. That way if it's some PITA website with a ton of subdomains (career.company.com, customer.company.com, etc.) you aren't screwing around trying to find the right place to log in. This is especially helpful with the giant clusterbungle that DoD and VA websites are.

3 - 2FA/MFA is helpful, but PLEASE choose a method that doesn't absolutely hose your access if you lose it. I had a job that wanted us to use an authenticator app which, if my phone died, would have rendered me unable to VPN. I thought it was stupid since any attack on our network could result in my phone being wiped remotely, etc. It is a good idea to have backup to backup.

4 - For goodness sake please keep the login info for your PW management solution written down somewhere safe in case you are incapacitated and your spouse, kids, etc., need to access to handle your business.

5 - Stop using dang excel sheets labeled "passwords" or whatever lazy version of an unsecured database you are using, if you are.

but lack of sleep, not paying attention, letting my guard down etc, they got me. It has (or will) happen to everyone. Big + for tell your ordeal. This helps others a lot. When people are too embarrassed they bought shitty speakers out of the back of a van and don't tell their friends, their friends may get buy shitty speakers too.

MFA everywhere. Password mangers with unique passwords for everything. Single use email addresses and credit card numbers. Out-of-band communication. Don't use your real info for security questions. Yubikeys for services that support them.

5 - Stop using dang excel sheets labeled "passwords" or whatever lazy version of an unsecured database you are using, if you are.

lol. My passwords and logins are literally written on a sheet of paper.

I could hand that sheet over to you and you would be hard pressed to make sense out of it because I have my own sort of encryption when I write it down and there are gaps in everything that only I know how to fill in.

Good news! My Geek Squad subscription is going to renew for only $400!

96696

I haven't purchased anything at Best Buy in 15 years. I use Apple products so I don't need tech-support. But it's good to know that I have it if I need it. I'm just curious as to why the operator wanted my Social Security number and my mortgage information...

lol. My passwords and logins are literally written on a sheet of paper.

I could hand that sheet over to you and you would be hard pressed to make sense out of it because I have my own sort of encryption when I write it down and there are gaps in everything that only I know how to fill in.

Sigh

It's pathetic that our government won't do anything about this shit, there to occupied with fag feelings and illegals rights. My mother in law is not the brightest person and they got her for 160,000 now she wont be able to retire. She fell for the debt consolidation that she didnt need to do. They probly got her for more but she shut down and went silent with me and my wife when we explained she was scammed.

I get at least a dozen phishing emails every day that my business email account is being suspended by they sysadmin for whatever reason. This is always a surprise, as I am the sysadmin for the email server...

It's pathetic that our government won't do anything about this shit, there to occupied with fag feelings and illegals rights. My mother in law is not the brightest person and they got her for 160,000 now she wont be able to retire. She fell for the debt consolidation that she didnt need to do. They probly got her for more but she shut down and went silent with me and my wife when we explained she was scammed.

Scamming elderly folks is a real thing, and then they're ashamed of it, and it keeps going on. If you have older folks in your life, please tell them never to be ashamed to ask for your help to figure out if something is a scam, or to tell you if they think they've been scammed.

It's pathetic that our government won't do anything about this shit, there to occupied with fag feelings and illegals rights.

Yeah! They should pass a law against stealing. That'll work good!

To no one in particular:

1st step - unique passwords (and username if they let you choose your own without forcing into your email). Bitwarden, LastPass, and others work very well for this and sync w/ phone app, windows app, mac app, and cloud.

1a - if forced into email, and you use gmail, you can break up the email address with periods (I haven't tested underscore). Gmail views your email as a singleword@gmail.com example: john.smith1976@gmail.com is the same to Gmail as j.o.h.nsmith19.7.6@gmail.com; but to the place, it's a unique identifier since they cannot account for vendor specific oddities. As such, if you are getting spam or junk or phished because they got hacked or are shady, you would receive at email to "j.o.h.nsmith19.7.6@gmail.com" and that allows you to trace to the source of the leak. For anything particularly important (bank, health, etc.), try to use usernames instead of email, and if email and gmail, mess with them using the periods method.

2 - Using the URL feature of bitwarden, lastpass, etc., NEVER click on any links and instead see "this is from Xfinity" and navigate there directly using the link saved in your password vault. That way if it's some PITA website with a ton of subdomains (career.company.com, customer.company.com, etc.) you aren't screwing around trying to find the right place to log in. This is especially helpful with the giant clusterbungle that DoD and VA websites are.

3 - 2FA/MFA is helpful, but PLEASE choose a method that doesn't absolutely hose your access if you lose it. I had a job that wanted us to use an authenticator app which, if my phone died, would have rendered me unable to VPN. I thought it was stupid since any attack on our network could result in my phone being wiped remotely, etc. It is a good idea to have backup to backup.

4 - For goodness sake please keep the login info for your PW management solution written down somewhere safe in case you are incapacitated and your spouse, kids, etc., need to access to handle your business.

5 - Stop using dang excel sheets labeled "passwords" or whatever lazy version of an unsecured database you are using, if you are.

Good post.

It is a very scary world out there, and start with a good password manager. I use Keepass, it is free, and open source.

Downloads - KeePass (https://keepass.info/download.html)
Bitwarden Business Sales | Bitwarden (https://BitWarden)
#1 Password Manager & Vault App with Single-Sign On & MFA Solutions - LastPass (https://www.lastpass.com/?utm_source=bing&utm_medium=cpc&utm_campaign=482254878&utm_term=lastpass&utm_content=1241348951361407&msclkid=831ae28f11b011363c1584ec8c462e49)

-John

Yeah! They should pass a law against stealing. That'll work good!

I was thinking some jdams dropped on a few key buldings in India, should send a pretty clear message.

Yes... :)

But in the meantime, service providers need to be trained on how to identify when a client is being exploited.

Family and friends, need to get alerts, if their family member is suddenly spending more.

-John

And you, reading this, need to take the precautions CS1983 outlined above.

-John

Yes... :)

But in the meantime, service providers need to be trained on how to identify when a client is being exploited.

Family and friends, need to get alerts, if their family member is suddenly spending more.

-John

You want AOL reading every email grandma gets?

How will they protect her? Sending you an email saying you need to react?

Obviously, if grandma is spending $10,000 in a week on vibrators, we know that is OK, since we all know your grandma. But what if grandma all of a sudden spends $10,000 a month 80% kits? What should AOL do then?

What if someone on her list is the one trying to fleece her?

Quit saying "someone need to do something ". Only one person can look out for your own best interests.

That's right, it is the people close to grandmom, that need to be looking out for her, not some government agency.

Her caretakers, her friends, her family.

Today we have zombies, of Government irresponsibilty, that could care less, for grandmom.

-John

That's right, it is the people close to grandmom, that need to be looking out for her, not some government agency.

Her caretakers, her friends, her family.

Today we have zombies, of Government irresponsibilty, that could care less, for grandmom.

-John

You said service providers.

I thought you meant Internet Service Providers.

I agree that we- the internet savvy- need to protect the less aware, including your grandma, although I still don't understand why she spends $10k a week on vibrators???

LOl, I was wondering about all the AOL...

Yes, regular service providers, family and friends. What people don't realize is that as the government gets larger, the less of an impact friends and family, care givers, have. Their impact has been stolen by the government, in the form of taxes, regulation, inflation, debt.

-John

I just received a call from Walmart. They pre-authorized my purchase of a PlayStation five special edition with pulse 3-D headset for only $919.

If I did not authorize that purchase, I need to call them back, I am assuming with my credit card information.

So it ain't just email that's trying to get you.

You cannot or should not respond to their calls.

Hang up, and call Walmart yourself, if you have any questions.

It's truly scary out there, and your default should be to hang up, mark the sender as spam, and not follow web links you do not know are 100% safe.

I have a lot of tips and tricks I use to lock down my browser (Microsoft Edge) as well.

The side effect is you will see fewer ads.

The benefit is many of those ads, are malicious.

-John

The side effect is you will see fewer ads.

The benefit is you will see fewer ads.



Fixed it for you.

It's pretty advanced, but for those of you looking to lock down your (or your families) computers,

https://github.com/StevenBlack/hosts

When implemented, it will ensure that requests for bad sites, go nowhere.

It's a huge list of bad sites, and can cause your computer or browser to not work right, and if you have problems with it, let me know.

But the benefits are worth it. Ad sites, blocked. Malicous Content, blocked.

There are other easier things you can and should do, but this one is a biggie, for blocking malicious content (and ads)

-John

Also, when you open a browser window, you should see something like this...

96759

This blocks websites tracking you with cookies, among other things.

Let me know if you need help setting this up.