Anyone Getting "Realistic" Fake Emails?

  • Thread starter kyphysics
  • Start date
In summary, an e-mail that seems legitimate but has suspicious content (like the receipt number in the title example) can be a sign that your email has been hacked. Always be vigilant to the content of the email itself, and contact your bank or other relevant parties if there are any doubts.
  • #36
kyphysics said:
The IRS scam calls are so annoying. I've gotten...100?? or so over the past 2 years. :smile:

I can't remember if it was the IRS one or another obvious scam call, but one time I picked up the phone and said nothing JUST TO HEAR what they other party would say. Silence. Then the phone hung up (by them).

I never heard from that scam call program again. ...Haven't gotten the IRS one recently, so not sure if it was that one or not.
A few years ago we kept getting calls on the home phone. The machine would pick up and they would hang up. This went on for a number of days, multiple times a day. I finally picked up, and it was the tech-support scam. The one where they tell you that it has been reported to them that your computer has been compromised.
I told them that I knew that this was a scam*,and to stop calling. Even after my informing them of that, the guy on the other end tried to tell me "Sir, this is a very important matter".
I responded, "No, it isn't. Stop calling", and hung up.
The phone rang shortly after, the machine picked up, and they hung up again. The phone never rang after that.
I guess it sunk in that since I let the machine answer right after they had talked to me, I wasn't going to pick up again.
What gets me, is that even though I called them out as being a scam, they still thought they could convince me otherwise. I've seen this same pattern with some of the scam-baiting calls. The scam-baiter will fess up, tell them they knew it was a scam from the beginning and even go over step by step the lies told by the scammer.
Yet, the scammer will still try and insist that he is a certified technician working for a some real tech-support company.

*I think I also added something along the lines of not having been born yesterday.
 
Computer science news on Phys.org
  • #37
kyphysics said:
BE CAREFUL PEOPLE - Happened again today!
It's being going on for years. Its hardly a new phenomena. This is why they should teach basic computer skills in school -- mandatory.
 
  • #38
I think it is time to make spam emails more expensive for the sender.

Imagine what would happen if some organisation with the size and reach of Paypal set up an email system where, to send an email cost the sender a token 5 cents from the sender's account, and passed it to the receiver's account.

The receiver can acknowledge the email was useful, and return the 5 cents to the sender. Not returning the 5 cents would be the equivalent of unsubscribing. A subscription for one email per week would transfer 52 * $0.05 = $2.60 PA.

That is today's equivalent of a postage stamp, but the stamp is never canceled and can be reused or returned.
Spamming and scamming by email would end on that day.
It would also corner the email market.
 
Last edited:
  • #40
Baluncore said:
I think it is time to make spam emails more expensive for the sender.

Imagine what would happen if some organisation with the size and reach of Paypal set up an email system where, to send an email cost the sender a token 5 cents from the sender's account, and passed it to the receiver's account.

The receiver can acknowledge the email was useful, and return the 5 cents to the sender. Not returning the 5 cents would be the equivalent of unsubscribing. A subscription for one email per week would transfer 52 * $0.05 = $2.60 PA.

That is today's equivalent of a postage stamp, but the stamp is never canceled and can be reused or returned.
Spamming and scamming by email would end on that day.
It would also corner the email market.
I doubt 5 cents per e-mail would make much of a dent. For example, let's say that for every 1000 e-mails sent out, they get one bite. That would cost them just $50.00. But a single successful scam can net them 100's or even 1000's of dollars.
 
  • #41
Baluncore said:
I think it is time to make spam emails more expensive for the sender.
As far as I know most of these things comes through botnets (malware infected computers of unsuspecting people).
Hard to catch the real sender.
 
  • #42
kyphysics said:
One email early on said they got my email from the original campaign I donated to and wanted to ask for my help. ...Uhhhhhhhhhhh, I did not consent.

Is there any amount of email that they could send you that would cause you to vote for the other guy? If, as I expect, the answer is "no", they have no incentive to stop.
 
  • #43
You can't charge for sending e-mails, who would you charge? There is no centralised point that all e-mails flow through in order for you to do such a thing, the internet was not designed that way. Data is sent from the sending servers directly to the receiving browser / server by the shortest path in the network.

Setting up an e-mail server / relay is childs play for any tech, these scammers are not sending out e-mail using gmail or Outlook.com. Anyone with their own e-mail server can send e-mail to anyone and make it appear as if it came from anyone.
 
  • #44
MikeeMiracle said:
You can't charge for sending e-mails, who would you charge?
ISP's? Gmail, for businesses?
 
  • #45
An ISP could charge for sending e-mail out using it's own e-mail servers I suppose, but my point was that these scammers are not using their ISP e-mail service and certainly not gmail, they are using their own e-mail servers.

It's all to do with how information flows around the internet at a very low level. Don't forget the internet is a global phenomenon, not like a telephone system where one country/company controls all the access points so anything you plan to do needs to be done globally by everyone who controls access to the internet.

Without analysing every tiny bit of information that flows from any computer in the world onto the main internet by any ISP in the world, this is not something you can stop. Any ISP who do not play ball or can't afford to implement expensive data analytics on every bit of data passing through them will be ripe for the scammers to use. Any encryption of the e-mail traffic will also likely make any protection redundant.

Your talking about a global effort along the lines of China's internet filtering system in every country to even contemplate this and even then there are ways past China's internet blocking.

If it was easy to "control the internet" we would not have criminal activity online :)
 
  • #46
Email services could ask for money to accept emails ("pay or we won't show your email to our customer"), but that would be impractical for legitimate email sources.
It's easy to avoid fake mails. Avoiding them while still getting the real mails is the challenge.
 
  • #47
These are actually kind of "decent" fakes. They make you curious. I was dumb to open the Paypal fake email, but thankfully I've resisted all others thus far.
 
  • #48
CharlieMauro said:
These are actually kind of "decent" fakes. They make you curious. I was dumb to open the Paypal fake email, but thankfully I've resisted all others thus far.
Yeah, one thing I've learned is to call the company in question. That's saved me from opening a few VERY realistic ones.

Something else I wonder about is whether someone ELSE's account that I know is hacked (not mine). I am pretty religious about security (notwithstanding opening these dumb fakes). But, I have older aunts, uncles, etc. who are not tech savvy and just use the internet for the sole purpose of communicating with us young "kids/grandkids." I KNOW they constantly click on ads and pop-ups. I've watched them surf the net and cautioned them on this stuff before. You can tell them to run this security check up or do this or that all you want. Often they forget (or don't want to do it) or don't remember how...so they could be compromised, which is leading to possibly me getting compromised. The thing about that is I can't/won't stop communicating online with my older relatives. You love them and you'll still open their emails of course. Everyone does.

So, yeah, that's kind of an ongoing potential loop-hole into my own accounts. I'd say those over 68-ish tend to be that way. Early 60's people that I know are actually pretty tech knowledgeable on the whole from my personal experience (which is nothing more than that - a small sample size).
 
  • #49
Baluncore said:
I think it is time to make spam emails more expensive for the sender.

Imagine what would happen if some organisation with the size and reach of Paypal set up an email system where, to send an email cost the sender a token 5 cents from the sender's account, and passed it to the receiver's account.

The receiver can acknowledge the email was useful, and return the 5 cents to the sender. Not returning the 5 cents would be the equivalent of unsubscribing. A subscription for one email per week would transfer 52 * $0.05 = $2.60 PA.

That is today's equivalent of a postage stamp, but the stamp is never canceled and can be reused or returned.
Spamming and scamming by email would end on that day.
It would also corner the email market.
And roll back communications for every voluntary organisation 20 years, whilst leaving people looking to make money out of you the only people able to afford mass communication. Unfortunately the cure is worse than the problem.
 
  • #50
kyphysics said:
Yeah, one thing I've learned is to call the company in question. That's saved me from opening a few VERY realistic ones.

Something else I wonder about is whether someone ELSE's account that I know is hacked (not mine). I am pretty religious about security (notwithstanding opening these dumb fakes). But, I have older aunts, uncles, etc. who are not tech savvy and just use the internet for the sole purpose of communicating with us young "kids/grandkids." I KNOW they constantly click on ads and pop-ups. I've watched them surf the net and cautioned them on this stuff before. You can tell them to run this security check up or do this or that all you want. Often they forget (or don't want to do it) or don't remember how...so they could be compromised, which is leading to possibly me getting compromised. The thing about that is I can't/won't stop communicating online with my older relatives. You love them and you'll still open their emails of course. Everyone does.

So, yeah, that's kind of an ongoing potential loop-hole into my own accounts. I'd say those over 68-ish tend to be that way. Early 60's people that I know are actually pretty tech knowledgeable on the whole from my personal experience (which is nothing more than that - a small sample size).
a global effort along the lines of China's internet filtering system in every country to even contemplate this and even then there are ways past China's internet blocking.
 
  • #51
info@finance.comms.yahoo.net

Got an email with the above address. I opened it without looking at the address first as it was a Yahoo! themed email. It was offering for me to join some webinar. Then, I saw the email above. . .

I got to say, the email's contents look VERY legitimate. I have no idea if it's real or fake, but "yahoo.net" looked fishy to me. Any guesses as to authenticity? Stuff like this seems like it'd be hard to distinguish the real ones from fakes. There was even the typical "unsubscribe" link at the bottom. I didn't click in case it was a fake leading me to some malware.
 
  • #52
Go to https://hexillion.com/ and enter YAHOO.NET in the search box.
They are in the state of Virginia and owned by Oath Holdings Inc. in New York. Street addresses and phone numbers are also listed.

From that info you can check things like the BBB, and the corporate listings and court cases on the government sites in the two states.

Have Fun! and let us know what you find.
Tom
 
  • Like
Likes kyphysics
  • #53
It appears that yahoo.com has the same owners. They are likely a holding company to protect the privacy of the owning corporation while at the same time managing the domain to prevent squatters should the domain name lapse.

Physicsforums.com has a separate company called Perfect Privacy LLC and not Greg's address.
 
  • Like
Likes kyphysics
  • #54
You need to appreciate how computers read the domain names to help understand if something is legitimate or not, namely backwards. The last part of the domain is all important.

There are what is called "root" domain name servers, they hold the records for all the "root" domains. For example .com .net .gov . Every computer comes with a record of these "root" servers.

Lets take www.microsoft.com

Your computer will first contact a "root" name server and ask for a query of the .com domain. It will ask who "owns" microsoft.com. The root server will respond with another name server who is resposnsible for the microsoft.com domain.

Your computer will then contact the name server responsible for the microsoft.com domain and ask for who own the "www" part. If that name server owns the www part it will respond with an IP for www.microsoft.com. If there more bits to the address before the "www" part the name server will respond with another name servers who can resolve the next bit.

So taking the example above "finance.comms.yahoo.net" first we resolve ".net" section and then the ".yahoo" section. The query for "comms.yahoo.net" get resolved by the "yahoo.net"name server. Later the "finance.comms.yahoo.net" section is resolved by the name server specified by the "comms.yahoo.net" name server.

The point is that yahoo.net is owned by the legitimate Yahoo company and that's the last part of the address. It's when the name we recognise is at the start of the address that we should look further.

If the address was "yahoo.net.finance.comms" Initially it seems legitimate but from what I have told you this resolutions 2nd step is to the "finance.comms" server. That "finance.comms" name server can create anything it likes past this section to fool you as it controls what happens after that point.

I hope this helps clarify what to look out for in address's. This is true for ALL internet address, e-mail, web pages and anything else with an address.
 
  • Like
Likes kyphysics
  • #55
MikeeMiracle said:
You need to appreciate how computers read the domain names to help understand if something is legitimate or not, namely backwards. The last part of the domain is all important.

There are what is called "root" domain name servers, they hold the records for all the "root" domains. For example .com .net .gov . Every computer comes with a record of these "root" servers.

Lets take www.microsoft.com

Your computer will first contact a "root" name server and ask for a query of the .com domain. It will ask who "owns" microsoft.com. The root server will respond with another name server who is resposnsible for the microsoft.com domain.

Your computer will then contact the name server responsible for the microsoft.com domain and ask for who own the "www" part. If that name server owns the www part it will respond with an IP for www.microsoft.com. If there more bits to the address before the "www" part the name server will respond with another name servers who can resolve the next bit.

So taking the example above "finance.comms.yahoo.net" first we resolve ".net" section and then the ".yahoo" section. The query for "comms.yahoo.net" get resolved by the "yahoo.net"name server. Later the "finance.comms.yahoo.net" section is resolved by the name server specified by the "comms.yahoo.net" name server.

The point is that yahoo.net is owned by the legitimate Yahoo company and that's the last part of the address. It's when the name we recognise is at the start of the address that we should look further.

If the address was "yahoo.net.finance.comms" Initially it seems legitimate but from what I have told you this resolutions 2nd step is to the "finance.comms" server. That "finance.comms" name server can create anything it likes past this section to fool you as it controls what happens after that point.

I hope this helps clarify what to look out for in address's. This is true for ALL internet address, e-mail, web pages and anything else with an address.
This was confusing, yet informative at the same time. :)

Thanks for the in-depth explanation to a clueless person on this topic!

For whatever reason, I always assumed the "end" of an address that's different from the usual was a big sign of fakery.

For example, IRS.com ...I mean, come on! We know the real IRS is IRS.gov. But with non-governmental sites, I wasn't aware it could still be legit.

I'd usually assume Google.net would be a fake, for example. Interesting stuff.
 
  • #56
Big companies will try to get as many of these domains as they can get. It makes it harder for others to create legitimately-looking websites. That goes beyond just using different top level domains. They will often register various misspellings, too.
 
  • Like
Likes kyphysics and anorlunda
  • #57
I got hundreds of emails like this on daily basis. First you should check the sender email id, and check the domain associated with it. Never open any link on the first place, first insure that Email is genuine, and if there is any doubt then you should probably Ignore the email.
 
  • #58
Here are few more things you can consider,

No legitimate organisation will send emails from an address that ends ‘@gmail.com’.
The domain name associated with the email is misspelt
The email is not well written
Email contains suspicious attachments or links
Suspicious links
Big offering in the email
 
  • Like
Likes Astronuc
  • #59
MikeeMiracle said:
...

So taking the example above "finance.comms.yahoo.net" first we resolve ".net" section and then the ".yahoo" section. The query for "comms.yahoo.net" get resolved by the "yahoo.net"name server. Later the "finance.comms.yahoo.net" section is resolved by the name server specified by the "comms.yahoo.net" name server.

The point is that yahoo.net is owned by the legitimate Yahoo company and that's the last part of the address. It's when the name we recognise is at the start of the address that we should look further.

If the address was "yahoo.net.finance.comms" Initially it seems legitimate but from what I have told you this resolutions 2nd step is to the "finance.comms" server. That "finance.comms" name server can create anything it likes past this section to fool you as it controls what happens after that point.

I hope this helps clarify what to look out for in address's. This is true for ALL internet address, e-mail, web pages and anything else with an address.
Here is another email I accidentally clicked on today (I wanted to select the box to try to delete it, but my mouse accidentally clicked on it to open):
yahoo@sports.comms.yahoo.net

Two questions:
1.) Would I be correct to assume it is legitimate, because of the "yahoo.net" ending? For reference, I play fantasy sports, so this was an email advertising some fantasy sports stuff on Yahoo. But even without that background, is the logic that if it's a "yahoo.net" ending, then it's ALWAYS legitimate (no matter what comes before that part of the address)?

2.) My second question is whether someone can send you an email with a "fake legitimate email" as the sender's email? Let's say abcxyz@yahoo.net is legitimate email address from Yahoo! But, suppose a scammer wants to send me some type of malware through email. Can that evil person use abcxyz@yahoo.net as his sending email address (even if he's not really sending it from that address)? Can some, in other words, fake the sending email address (of a legitimate one)?
 
  • #60
kyphysics said:
Here is another email I accidentally clicked on today (I wanted to select the box to try to delete it, but my mouse accidentally clicked on it to open):
yahoo@sports.comms.yahoo.net
Clicking on a link that opens your email application is a completely different thing to clicking a link that opens a web page, however clicking links you don't trust is still not a good thing.

kyphysics said:
1.) Would I be correct to assume it is legitimate, because of the "yahoo.net" ending? For reference, I play fantasy sports, so this was an email advertising some fantasy sports stuff on Yahoo. But even without that background, is the logic that if it's a "yahoo.net" ending, then it's ALWAYS legitimate (no matter what comes before that part of the address)?
Well Yahoo do own the 2nd level domain yahoo.net, although the sports.comms.yahoo.net domain as well as comms.yahoo.net is controlled by a marketing company Lion Re:sources, part of the Publicis Groupe. However because of the point below you cannot rely on the email actually coming from them.

kyphysics said:
2.) My second question is whether someone can send you an email with a "fake legitimate email" as the sender's email? Let's say abcxyz@yahoo.net is legitimate email address from Yahoo! But, suppose a scammer wants to send me some type of malware through email. Can that evil person use abcxyz@yahoo.net as his sending email address (even if he's not really sending it from that address)? Can some, in other words, fake the sending email address (of a legitimate one)?
Yes. Depending on your email client and spam settings and any anti-malware plugins you are using such a faked address may or may not be marked as spam.
 
  • Informative
Likes kyphysics
  • #61
Some suspicious links will display one site but link to a completely different site.

in some cases, you can hover over the link to see the actual URL.

Here’s a suspicious link for yahoo.net that goes to a competitor.

Yahoo.net
 
  • Wow
Likes kyphysics
  • #62
jedishrfu said:
Some suspicious links will display one site but link to a completely different site.

in some cases, you can hover over the link to see the actual URL.

Here’s a suspicious link for yahoo.net that goes to a competitor.

Yahoo.net
That's absolutely nuts!

How did you do that?

Also, to be clear, that is an URL. So, that sucks you can fake that, but could a person fake a "sending email" in the same way? If so, they're wouldn't that mean everyone is susceptible to this?
 
  • #63
kyphysics said:
Also, to be clear, that is an URL. So, that sucks you can fake that, but could a person fake a "sending email" in the same way? If so, they're wouldn't that mean everyone is susceptible to this?

Yes it sucks, but it has been that way since the dawn of the Internet.

Being safe on the Internet, means following safe practices, not examining the appearance of URLs emails or other addresses. You must assume that anything can be faked.

Here are two links to sources explaining some safe practices.

https://arstechnica.com/information-technology/2021/10/securing-your-digital-life-part-2/

https://www.odni.gov/files/NCSC/documents/campaign/DoD_IAPM_Guide_March_2021.pdf
 
  • #64
pbuk said:
Well Yahoo do own the 2nd level domain yahoo.net, although the sports.comms.yahoo.net domain as well as comms.yahoo.net is controlled by a marketing company Lion Re:sources, part of the Publicis Groupe. However because of the point below you cannot rely on the email actually coming from them.

Yes. Depending on your email client and spam settings and any anti-malware plugins you are using such a faked address may or may not be marked as spam.
Thanks for the response, pbuk.

So, here's sort of the same question I asked in the post above. IF an evil sender wanted to fake the sending email address (to be one that I would recognize and think was from a trusted source), then how could any human being every trust anyone sending anything to them by email?

If someone figured out my mom, sister, or brother's emails, for example, and then sent me a realistic looking titled email from them (faking their email address, I mean), then it'd be hard for me to not click on it (short of literally calling them by phone to ask if they sent it...but that seems cumbersome to do every time), right?
The "hover over" method used for fake links in jedishrfu seems like it wouldn't work for faked sending emails, no? If I hover over the sender in my email inbox, I can see the email address an email is coming from. But, if it's faked, is it the case that there is no way to tell? Or, is it that once I open the actual email, then perhaps I can hover (within the email) over the sender's address and it would show a different/fake address then?
 
  • #65
kyphysics said:
how could any human being every trust anyone sending anything to them by email?
Through context. If you know that it's your friend's birthday next week then shouldn't come as a surprise if they send you an invitation to a party with a link to click on. If you get an email apparently from your elderly aunt saying "Wassup matey, check out theese kewl new trainers" then you can bet it is fake.

kyphysics said:
If someone figured out my mom, sister, or brother's emails, for example, and then sent me a realistic looking titled email from them (faking their email address, I mean), then it'd be hard for me to not click on it (short of literally calling them by phone to ask if they sent it...but that seems cumbersome to do every time), right?
Use your common sense: in most cases (but importantly, not all cases) fakes are easy to spot from the context.

kyphysics said:
Or, is it that once I open the actual email, then perhaps I can hover (within the email) over the sender's address and it would show a different/fake address then?
No, you have to inspect the headers of the email and then look up the servers in the chain. If you have a decent email provider they should do this for you and treat the email as spam (which may mean adding a prefix to the title, delivering it to a spam mailbox or just deleting it). If you have an anti-malware plugin in your email client this may provide extra protection.
 
  • Like
Likes kyphysics
  • #66
I’ve seen some stuff where even the hover over a link failed to show the true url link as it as overwritten on the status bar by JavaScript on the webpage or email.
 
  • Like
Likes kyphysics
  • #67
kyphysics said:
Here is another email I accidentally clicked on today (I wanted to select the box to try to delete it, but my mouse accidentally clicked on it to open):
yahoo@sports.comms.yahoo.net

Two questions:
1.) Would I be correct to assume it is legitimate, because of the "yahoo.net" ending? For reference, I play fantasy sports, so this was an email advertising some fantasy sports stuff on Yahoo. But even without that background, is the logic that if it's a "yahoo.net" ending, then it's ALWAYS legitimate (no matter what comes before that part of the address)?

2.) My second question is whether someone can send you an email with a "fake legitimate email" as the sender's email? Let's say abcxyz@yahoo.net is legitimate email address from Yahoo! But, suppose a scammer wants to send me some type of malware through email. Can that evil person use abcxyz@yahoo.net as his sending email address (even if he's not really sending it from that address)? Can some, in other words, fake the sending email address (of a legitimate one)?

The explanation I gave is for web links themselves. An e-mail can be made to appear to come from any address very easily. Also there are normally two parts to links, the part which is displayed and the actual URL you will be redirected to. If you hover your mouse over the web link it should tell you where the link is really pointing to, if it's pointing somewhere different to the one shown then don't click on it as it is likely spam again.
 
  • Like
Likes kyphysics
  • #68
MikeeMiracle said:
If you hover your mouse over the web link it should tell you where the link is really pointing to
Caution: this is only true in your email client* (or other environment where JavaScript is disabled). In a web page displayed in a normal browser, JavaScript can make the link do anything.

To see this in action create the following file on your desktop and open it (you have to include the code in the image below as well):
fooled-you.html:
<a href="https://microsoft.com">https://apple.com/</a>
1636371991529.png

The link says Apple, shows Microsoft when you hover over it and takes you to Ubuntu when you click on it!

Note that this behaviour is typical of malicious web sites so never post this code or anything like it on the internet where it could be displayed by a browser (e.g. CodePen or a GitHub gist) or you risk your account being suspended.

* email clients include reputable web apps such as Gmail, Outlook.com etc.
 
Last edited:
  • Like
  • Informative
Likes kyphysics and MikeeMiracle

Similar threads

Replies
32
Views
5K
Replies
1
Views
1K
Replies
9
Views
2K
Replies
10
Views
1K
Replies
15
Views
1K
Replies
9
Views
2K
Replies
6
Views
2K
Back
Top