Reminders that scammers and hackers are clever

  • Thread starter berkeman
  • Start date
  • Tags
    hackers
In summary, this scam involved a bogus website that looked almost identical to the real Patagonia site, with good deals on products. A PayPal guest account was not enough to stop the purchase and the CC company was contacted. Unfortunately, many people fall for this type of scam.
  • #1
berkeman
Mentor
68,371
22,202
I managed to avoid a scam/hack over the last couple of days, but it was close. It might be good if we post similar hacks that we've avoided, in order to remind others of things to watch out for.

I received a text a couple days ago from Xfinity (who we use at home for Internet and TV) saying that if we wanted to keep using Xfinity On Demand, we needed to upgrade our cable modem, and the new equipment would be provided free of charge (not that strange, since my wife does use that service and we are long-time users of Xfinity). The text had a link to click for more information.

Of course I didn't click the link yet, even though the text looked totally valid. I mentioned it to my wife, and mentioned that I'd check our online Xfinity account to see if it also mentioned this issue in our messages.

A day later before I could check our online account, I got another text from Xfinity saying that the equipment had shipped (WITW), and would be delivered the next day. The next day I got another text saying that the equipment had been delivered, and "Let's get started!"

I checked all the normal delivery places (porch, mailbox, etc.), and no joy, so that increased my suspicion even more. I had an issue with the real Xfinity website over the past couple of days trying to pay our bill using 2-factor authentication, but their texts with the authentication numbers weren't coming through...

So in the final analysis, it looks like this scammer using the Xfinity source domain (spoofed) had caused my cell phone company to block all texts from Xfinity, including valid ones. It took several hours online with my cell phone provider to straighten this out, and give me access to the Xfinity texts again (at which point I got like 20 queued up texts from them).

So the familiar lesson from this is don't click on a link in an e-mail or text, even if it looks like a valid source. Go to their trusted website independently to look for the same information. Lordy.
 
Last edited:
  • Like
  • Informative
  • Wow
Likes dlgoff, jtbell, Wrichik Basu and 6 others
Computer science news on Phys.org
  • #2
berkeman said:
So the familar lesson from this is don't click on a link in an e-mail or text, even if it looks like a valid source. Go to their trusted website independently to look for the same information.
That is a good takeaway from your experience.
Good job in avoiding the scam! I am very cautious and maybe even paranoid, but I still am afraid that I will fall for something when I get too old to catch on.

I'm not sure why your two-factor authentication did not protect your Xfinity account. It sounds like the scammers pretended to be Xfinity to your cell phone service and had them block all the Xfinity two-factor verification code messages. Did the phone service fall for that? Weren't they suspicious that Xfinity seemed to be wanting to block their own messages?
 
  • Like
Likes Lnewqban
  • #4
The scam we ran into a couple of years ago was a bogus Patagonia website. My wife was looking for bargains and this site popped up with some really good deals. She ordered some items and upon placing the order using PayPal realized that something was amiss as it said payment went to some dude in China.

We called PayPal to stop payment but because she used a guest account we couldn’t stop it. PayPal customer service failed to resolve it passing it from agent to agent each asking for the same info several times and then said it’s too late now, work with your CC company. We went to the backing charge card company and stopped payment and filed a report.

The CC company contacted the seller who claimed the product was shipped and that they had proof. We received nothing and we’re stunned by what transpired.

The seller in China had setup up a clone of the Patagonia website. There were some telltale things like misspellings and grammar in spots. One thing stood out for me though they had a statement saying literally “we are anti-racist company” on the bottom of their about the company page.

The seller would drop ship a CrackerJack toy coin from a NJ warehouse to get the needed “proof” of sending the item. The billing invoice we got after purchase didn’t have the items listed explicitly. The credit card company took all this as proof that we bought something and received it. The seller was careful to keep the purchase under $100 to avoid USPS wire fraud charges.

However, I had captured the website and related items showing it to be fake. The website disappeared shortly thereafter and I found other users scammed the same way on PayPal’s community forums. The credit card company finally agreed and reversed the charges although I suspect they took a hit instead.
 
  • #6
FactChecker said:
I'm not sure why your two-factor authentication did not protect your Xfinity account. It sounds like the scammers pretended to be Xfinity to your cell phone service and had them block all the Xfinity two-factor verification code messages. Did the phone service fall for that? Weren't they suspicious that Xfinity seemed to be wanting to block their own messages?
I'm not exactly sure what happened, but I think because the scammer sent the initial text to my phone, Verizon must have detected that it was spam/scam and blocked the Xfinity domain from sending me any more texts. That had the effect of me not getting my 2-factor authentication number when I tried to pay my monthly bill, and also had side effects blocking some other sources of texts. This was a big problem, especially since I have a medical shift coming up this weekend, and can't afford to miss potential related text messages.

Through a lot of my own debug and finally with help from Verizon, I was able to receive texts from other users/companies, but still not Xfinity. In one of my last messages in my conversation with Verizon, they said that their side of things was fine, so the remaining problem had to be with Xfinity.

It seemed to resolve itself the next day, as all of my overdue Xfinity 2-factor ID texts came through all at once, and things seem normal for now.
 
  • Like
Likes FactChecker
  • #7
berkeman said:
So the familiar lesson from this is don't click on a link in an e-mail or text, even if it looks like a valid source. Go to their trusted website independently to look for the same information. Lordy.
So endeth the net...with a whimper, not a bang.
 
  • Like
  • Wow
Likes russ_watters and FactChecker

FAQ: Reminders that scammers and hackers are clever

How do scammers and hackers use clever tactics to deceive people?

Scammers and hackers often use social engineering tactics to manipulate individuals into giving away sensitive information or access to their devices. They may impersonate trusted entities, create urgency or fear, or use phishing emails with convincing links or attachments.

What are some common signs that indicate a scam or hacking attempt?

Some common signs include unsolicited emails or messages asking for personal information, requests for payment or wire transfers, poor grammar or spelling in communications, and suspicious links or attachments. Additionally, legitimate organizations will never ask for sensitive information via email.

How can individuals protect themselves from falling victim to scams or hacking?

Individuals can protect themselves by being cautious of unsolicited communications, verifying the identity of the sender before sharing any information, using strong and unique passwords, enabling two-factor authentication, keeping software and antivirus programs up to date, and regularly monitoring financial accounts for any unusual activity.

What should someone do if they suspect they have been targeted by a scam or hacking attempt?

If someone suspects they have been targeted, they should refrain from clicking on any links or providing any information, report the incident to the appropriate authorities or organization being impersonated, change passwords immediately, run a virus scan on their devices, and monitor their accounts for any unauthorized activity.

Are there any resources available to help individuals learn more about protecting themselves from scams and hacking?

Yes, there are numerous resources available online, including government websites, cybersecurity blogs, and educational platforms that provide tips and guidance on how to stay safe online. Additionally, individuals can attend workshops or webinars on cybersecurity awareness to enhance their knowledge and skills in recognizing and avoiding scams and hacking attempts.

Similar threads

MODEM Question -- Can a factory reset & re-register clear up intermittent drops?
Replies
8
Views
2K
Need help with a bizarre texting problem
Replies
2
Views
1K
Android: Delivered & Read Messages
Replies
1
Views
2K
Some insight into telephone/internet scammers: Have you been called?
Replies
10
Views
1K
AT&T 5G cellular home internet - first impressions
Replies
5
Views
652
My broadband pauses for no apparent reason...
Replies
25
Views
2K
IPhone 7 and AM push button radios....how did we get here?
Replies
16
Views
2K
Current and Future AI Threats to Humanity and the Human Response
Replies
10
Views
3K
Anyone sick and tired of all the fancy techy stuffs?
Replies
22
Views
1K
COVID Understanding COVID Quarantine Guidance
Replies
2
Views
1K

Hot Threads

Recent Insights

Back
Top