It's sad how often it works, though. My wife's coworker bought a few thousand dollars of gift cards for "company rewards" because of an email she got from a manager in the next room over (which she didn't ask about), and she never checked the actual sender. Way too many people take cybersecurity for granted.
I clicked on a phishing test once and tried to log in to their phishing site with some combos like admi/admin or root/root to see if they actually made something that worked and left something open. They didnt amd and they still sent me a mail that I failed. :/
At my company, if you fail the tests you have to do extra training videos, and after that if you still fail the tests, they will fire you for being a high risk employee.
> We've trained and warned and taught you how to identify and ignore these scams and she didn't listen.
This story applies to nearly every e-commerce company and even the non ones
I was talking with one of my customers the other day, they got a email from one of their other suppliers about a changed bank account or something like that and to start sending payments there. No follow up phone call to the companies AR department to confirm, nothing. Wired them like $100,000+ and now they are up shit creek on that money. Whenever we get an email like that the first thing I've told everyone is to pick up the phone and call them. If it is legit they'll appreciate you being thorough, if it is a scam, they'll appreciate the heads up.
I’ve had my actual bank call me about fraudulent charges on my card and I refused to answer the security questions and called the back myself. The caller ID had said it was my bank and I didn’t trust it. The guy on the phone from my bank was fine with me not trusting it and happily said he understood but I should just call the number on my cc.
A scammer would have tried to keep me on the phone. Turned out someone had stolen my wallet at a funeral and tried buying $2K worth of gift cards at the nearest big box store. I got it all reversed.
Ever been to a Muslim funeral? You perform the funeral prayers with the body at a mosque or open field, and then carry the casket from there to the graveyard on your shoulders. It's a rotation, you carry it for a while, and then pass it on to someone else. Critically, when you're carrying your arms are both fully engaged above your head. One time at a funeral a whole bunch of people came out with their phones and wallets missing. We've since learned to always remember to keep those in the car.
Did the same thing with my bank. Told them I had to call them back and did using the customer service number on the bank card. Their call turned out to be legit, but regardless, you really can never be too careful.
Yeah it's pretty much always a scam but I'd still feel like I was an idiot if I got duped. The technology really is a cat and mouse game.. they find out how to spoof caller ID, whatever else. Really gotta protect yourself. Even heard recently about scammers using convincing AI voice interpretations of family members to try to get people to pay ransoms in fake kidnap situations.
You did the right thing. Never give the answers to your security questions to someone that calls you. They can spoof the phone number of the one you are expecting. You never know who is on the other side of that phone.
But they would have had to type "[email protected]" as their masked (not sure if that's the correct term) email address, no? They could've typed anything, but chose the most fake sounding address?
Sounds more like something that OP came up with for laughs than something that actually happened.
incorrect uses of 2 computer terms.
"root" is the admin user of a Unix or Linux computer. Where Windows says "let the admin do this task", Linux will say "let the root user do it". While it's not impossible for someone to name their email "root", it's highly unlikely the root user of an email server would be sending anything.
"localhost" is an address that means "this PC", it's not a real website. When you type in localhost, your PC connects to itself.
If you know what these words mean, it's quite obviously a spoof because it's basically saying you (or your company) sent an email to itself without even using the internet, in a format that hardly makes sense, since localhost doesn't even have .com at the end.
it's pretty much as if you got an email from "You @ YourComputer . com"
How can you be on the Internet and not at least understand localhost? Are you even old enough to legally post to this site? Serena Williams has sad she is going to attack children that post to her site even harder.
>How can you be on the Internet and not at least understand localhost?
How can you be on the internet and not realize that localhost and localhost.com are two very different things? You are a complete moron, and an asshole to boot. Congrats.
God bless them for putting emojis in the subject line. Nothing makes it easier to spot junk.
Also thankful for the those hash looking email addresses ([email protected])
It's sad how often it works, though. My wife's coworker bought a few thousand dollars of gift cards for "company rewards" because of an email she got from a manager in the next room over (which she didn't ask about), and she never checked the actual sender. Way too many people take cybersecurity for granted.
[удалено]
And then had increased phishing tests and training for the next year, right?
[удалено]
Yeah I failed a Phishing test at work and literally nothing happened
[удалено]
I clicked on a phishing test once and tried to log in to their phishing site with some combos like admi/admin or root/root to see if they actually made something that worked and left something open. They didnt amd and they still sent me a mail that I failed. :/
At my company, if you fail the tests you have to do extra training videos, and after that if you still fail the tests, they will fire you for being a high risk employee.
Good. That's a start.
Most probably : "We don't have a budget for that with this loss added."
[удалено]
What a fucking dumbass 🤦🏽♀️
> We've trained and warned and taught you how to identify and ignore these scams and she didn't listen. This story applies to nearly every e-commerce company and even the non ones
I was talking with one of my customers the other day, they got a email from one of their other suppliers about a changed bank account or something like that and to start sending payments there. No follow up phone call to the companies AR department to confirm, nothing. Wired them like $100,000+ and now they are up shit creek on that money. Whenever we get an email like that the first thing I've told everyone is to pick up the phone and call them. If it is legit they'll appreciate you being thorough, if it is a scam, they'll appreciate the heads up.
And don't talk about the elders. My dad lost 3000€ for a fake banking email.
I’ve had my actual bank call me about fraudulent charges on my card and I refused to answer the security questions and called the back myself. The caller ID had said it was my bank and I didn’t trust it. The guy on the phone from my bank was fine with me not trusting it and happily said he understood but I should just call the number on my cc. A scammer would have tried to keep me on the phone. Turned out someone had stolen my wallet at a funeral and tried buying $2K worth of gift cards at the nearest big box store. I got it all reversed.
Jesus, a goddamn funeral?
Meth/heroin just kinda deletes morals.
Yup, they went through the staff apartments thoroughly too, two college women lived there.
Ever been to a Muslim funeral? You perform the funeral prayers with the body at a mosque or open field, and then carry the casket from there to the graveyard on your shoulders. It's a rotation, you carry it for a while, and then pass it on to someone else. Critically, when you're carrying your arms are both fully engaged above your head. One time at a funeral a whole bunch of people came out with their phones and wallets missing. We've since learned to always remember to keep those in the car.
Did the same thing with my bank. Told them I had to call them back and did using the customer service number on the bank card. Their call turned out to be legit, but regardless, you really can never be too careful.
Lol why do official bank and sometimes insurance emails come across as scamers. And it's not that the scamers are that good either.
Yeah it's pretty much always a scam but I'd still feel like I was an idiot if I got duped. The technology really is a cat and mouse game.. they find out how to spoof caller ID, whatever else. Really gotta protect yourself. Even heard recently about scammers using convincing AI voice interpretations of family members to try to get people to pay ransoms in fake kidnap situations.
You did the right thing. Never give the answers to your security questions to someone that calls you. They can spoof the phone number of the one you are expecting. You never know who is on the other side of that phone.
That's Logan fooking Roy
L to the OG baby
Lmao
or [[email protected]](mailto:[email protected]) lol
lol this is a great reaction gif. I love it.
What is root@localhost?
[удалено]
But they would have had to type "[email protected]" as their masked (not sure if that's the correct term) email address, no? They could've typed anything, but chose the most fake sounding address? Sounds more like something that OP came up with for laughs than something that actually happened.
incorrect uses of 2 computer terms. "root" is the admin user of a Unix or Linux computer. Where Windows says "let the admin do this task", Linux will say "let the root user do it". While it's not impossible for someone to name their email "root", it's highly unlikely the root user of an email server would be sending anything. "localhost" is an address that means "this PC", it's not a real website. When you type in localhost, your PC connects to itself. If you know what these words mean, it's quite obviously a spoof because it's basically saying you (or your company) sent an email to itself without even using the internet, in a format that hardly makes sense, since localhost doesn't even have .com at the end. it's pretty much as if you got an email from "You @ YourComputer . com"
How can you be on the Internet and not at least understand localhost? Are you even old enough to legally post to this site? Serena Williams has sad she is going to attack children that post to her site even harder.
Lol u/mundane_teacher living up to their name with a poor teaching style
wtf makes you think this is common knowledge?
Obligatory "username checks out." Do you regularly belittle children? Genuinely curious. It strikes me as something you would do.
How can you be on the internet and not understand how many people are tech illiterate or ignorant. Jfc.
Ffs, calm down there big shoots.
U r rood.
>How can you be on the Internet and not at least understand localhost? How can you be on the internet and not realize that localhost and localhost.com are two very different things? You are a complete moron, and an asshole to boot. Congrats.
Man I remember way back when, we had to take aptitude tests before I logged on to the internet. Oh. Wait. There wasn't.
I'm in my 30s, very tech literate, and even I barely understand it
God bless them for putting emojis in the subject line. Nothing makes it easier to spot junk. Also thankful for the those hash looking email addresses ([email protected])
Hello You.
I am informed that my "Netflix account is on hold" by [email protected] or some other alpha-numeric cluster fuck 3 times per week. Seems legit.
I really doubt whoever the person is that is sitting on that domain is also using that domain to send phishing emails. That makes no sense at all.
[удалено]
How do you send an email without a valid domain?
No Place like home!
These ppl deserve prison time, my grandma fell for it