|
lol not yet, but in a few years he will be! I'm second guessing everything he said about it now, like was it all part of some weird script or is he actually that deep in? Supposedly he's a few years from the quit his day job level, but maybe he's just telling himself that, or technically he is but it's more fire than amway. Weird to go from friendly professional relationship to seriously doubting everything about them.
|
#
?
Apr 5, 2022 09:22
|
|
|
|
| # ? Apr 25, 2024 09:50 |
|
|
Brutor Fartknocker posted:My old boss tried to recruit me for Amway. Really confused because he's a software dev manager, I know he makes drat good money, but he's out running this scam. He is a software dev manager. He probably thinks he is very smart because he's a manager. Very smart people are too smart to fall for scams, because if they fell for scams, they wouldn't be very smart. But they are very smart, so thus it cannot be a scam. People are incredibly stupid.
|
|
#
?
Apr 5, 2022 09:28
|
|
|
Brutor Fartknocker posted:lol not yet, but in a few years he will be! I'm second guessing everything he said about it now, like was it all part of some weird script or is he actually that deep in? Supposedly he's a few years from the quit his day job level, but maybe he's just telling himself that, or technically he is but it's more fire than amway. Weird to go from friendly professional relationship to seriously doubting everything about them. He's going to start getting real religious around you real fast, if he's not already.
|
|
#
?
Apr 5, 2022 12:03
|
|
|
I see people all the time talking about don't click links and people who clicked a link say they closed it straight away, but since the death of flash and embedded java aren't we past the click link, get owned stuff now? Especially since all the major browsers are sandboxes anyway? Like the worst that can happen is they know you clicked the link from the unique URL or whatever?
|
|
#
?
Apr 5, 2022 12:28
|
|
|
I got a hong kong prince inheritance message on linked in lol
|
|
#
?
Apr 5, 2022 12:54
|
|
|
DiabloStarCraft posted:I see people all the time talking about don't click links and people who clicked a link say they closed it straight away, but since the death of flash and embedded java aren't we past the click link, get owned stuff now? Especially since all the major browsers are sandboxes anyway? Like the worst that can happen is they know you clicked the link from the unique URL or whatever? merely opening a link isn't liable to get you pwned, but there are plenty of reasons to remind people to not click random poo poo people who aren't power users can and will be fooled by things like fake browser dialogs or "requirements" to install an extension / accept notifications / etc. that last one in particular is pretty common because you get them to accept notifications for [fuckshit.spam], it installs a service worker that sits in the background for a while, and a few hours/days/whatever later it starts to poo poo out constant spam notifications that open up to more scams or malware that said zero days and other vulnerabilities still exist, i imagine they're just not worth burning on normal people over like, whoever the nsa wants to snoop on or whatever
|
|
#
?
Apr 5, 2022 13:10
|
|
|
My father clicked accept on one of those notification requests and then asked me why he kept getting pop up messages about buying bitcoin. Periodic reminder that the first line of defense again garbage on the web is an ad blocker, since a lot of this crap propagates through ad networks and can be caught even on otherwise legitimate sites.
|
|
#
?
Apr 5, 2022 13:55
|
|
|
Weren't there some malware delivery ads right here on SA a few years ago?
|
|
#
?
Apr 5, 2022 13:59
|
|
|
Zamujasa posted:merely opening a link isn't liable to get you pwned, but there are plenty of reasons to remind people to not click random poo poo The other one to keep in mind is JavaScript sending info in text boxes before you hit submit. (This uses the same mechanism as search engine suggestions.) Nightmare scenario here is clicking a bad link, filling out a few of the boxes, then coming to your senses and closing the tab; bad guys have your info and you probably don’t realize they do, so you don’t cancel that credit card or whatever.
|
|
#
?
Apr 5, 2022 19:32
|
|
|
Eric the Mauve posted:Weren't there some malware delivery ads right here on SA a few years ago? Several times over the years.
|
|
#
?
Apr 6, 2022 01:34
|
|
|
DiabloStarCraft posted:I see people all the time talking about don't click links and people who clicked a link say they closed it straight away, but since the death of flash and embedded java aren't we past the click link, get owned stuff now? Especially since all the major browsers are sandboxes anyway? Like the worst that can happen is they know you clicked the link from the unique URL or whatever? Clicking most phishing links won't do anything to you or your device. It is possible for a malicious web page to take advantage of vulnerabilities in an outdated browser, plugins, or services you're running. For example there was a fun WebEx vulnerability that could remotely execute code if you had WebEx and went to a specially crafted URL. Some spam/phishing links will pass along URL parameters that identify you when you load the page. At worst this probably adds you to the usual "idiot that clicked some bullshit" list.
|
|
#
?
Apr 6, 2022 02:57
|
|
|
Mailing lists often embed a clear, tiny image that when loaded inform the server that the email was opened, even if the links aren't clicked. Mail Chimp does this by default to count "read emails" unless you choose to send a plain-text message.
|
|
#
?
Apr 6, 2022 03:04
|
|
|
email programs used to not display remote images for that exact reason, and yet at some point that toggle got flipped and now you have to (in gmail at least) explicitly disable loading remote images in emails it's great 
|
|
#
?
Apr 6, 2022 03:12
|
|
|
I know there was zero-click malware being exploited on Apple devices a while back where just opening the text immediately compromised the device because the malicious code was executed as part of rendering the message itself, but that's on the extreme end of sophistication. Generally speaking just clicking through a link isn't going to drop anything bad on your device, and in an enterprise setting any company with half-way competent InfoSec policy most users wouldn't be running with the privileges to install anything that dropped via clicking a link anyway. My bigger worry would be an email with something idiots would fall for like "oh uh your password totally expired, yeah, please click here to reset it or you'll lose all your emails!!!" and then they click through to a fake O365 login page and hand over their credentials.
|
|
#
?
Apr 6, 2022 03:20
|
|
|
Not even opening the text IIRC, just the phone receiving it.
|
|
#
?
Apr 6, 2022 06:59
|
|
|
Per posted:Not even opening the text IIRC, just the phone receiving it. Yeah, a couple bugs combined with clever misuse of a compression technique basically let bad actors (the Saudi government) execute arbitrary code transmitted in image form. There was an XKCD strip about it to the effect of "when a paper includes the phrase "it turns out this is Turing complete" you're either being attacked by a government agency or about to watch a dishwasher play Doom."
|
|
#
?
Apr 7, 2022 20:31
|
|
|
Blue Footed Booby posted:Yeah, a couple bugs combined with clever misuse of a compression technique basically let bad actors (the Saudi government) execute arbitrary code transmitted in image form. There was an XKCD strip about it to the effect of "when a paper includes the phrase "it turns out this is Turing complete" you're either being attacked by a government agency or about to watch a dishwasher play Doom." Running Doom on a dishwasher is old hat now. I want to see the dishwasher play Doom.
|
|
#
?
Apr 8, 2022 06:52
|
|
|
My wife got brushed, it would seem. Have I Been Pwned? says her newest email was in 4 breaches, never mind her older ones predating our marriage, so it's not at all surprising that we got a package from Joe Doe at JFK Airport in New York, the shipping label for which was covering up the original Chinese shipping label. What's creepy as gently caress is that she loves bunnies and it was a puzzle about bunnies 
|
|
#
?
Apr 8, 2022 14:32
|
|
|
is that something they do with stolen data now? just mail random people weird packages? because i have not heard of this being anything even remotely normal
|
|
#
?
Apr 9, 2022 13:11
|
|
|
Zamujasa posted:is that something they do with stolen data now? just mail random people weird packages? because i have not heard of this being anything even remotely normal It's a thing that some people do to generate legitimately shipped sales in order to inflate seller ratings on places like Amazon or eBay, it costs them next to nothing to send you a packet of seeds or a pillowcase or whatever, and then they can post a 5-star very good service excellent would use again 100% to whatever site The scam part of it is that they then look legitimate when they try and sell a 200 dollar ceramic angel to a very bored grandma and she gets a box of packing peanuts instead
|
|
#
?
Apr 9, 2022 13:24
|
|
|
My wife's friend in another state sent it and didnt tell us. So it was legit but looked like a brush. 
|
|
#
?
Apr 9, 2022 15:06
|
|
|
I'm not sure what kind of scam is involved in this, but I've been getting a lot of texts with some kind of media in them and no text content from unknown numbers. Been just deleting them and blocking the numbers without downloading the payload just in case. Anybody got ideas as to what's in there?
|
|
#
?
Apr 10, 2022 01:09
|
|
|
I take calls at a credit card company for work now and a ridiculous amount of my call volume is related to scams and fraud. The most common one I've seen recently is facebook ads where it looks legit, uses official branding and logos of some big business like home depot or something, all the way to once you've tried to buy the thing, which point it shows up on your card as PAYPAL * (some asian name) and you never receive anything. Old people fall for this constantly
|
|
#
?
Apr 10, 2022 01:41
|
|
|
Zamujasa posted:is that something they do with stolen data now? just mail random people weird packages? because i have not heard of this being anything even remotely normal Its pretty common and called "brushing". Sellers on amazon/aliexpress etc. make sockpuppet accounts, buy stuff and leave good reviews to boost their store's ratings. Amazon/aliexpress check if reviews are real by seeing if the tracking number is valid, so the sellers just ship a cheap item to a random address. The person who gets the item isn't being scammed themselves, they're just incidental to the process. At one time there was a program whipped together that automated fake reviews that was traded amongst aliexpress sellers. A single random American address was just hardcoded in, so some poor lady in Kansas was getting mountains of aliexpress crap delivered every day. Hopefully her address has been blacklisted by now.
|
|
#
?
Apr 10, 2022 17:46
|
|
|
And as Amazon allow you to edit the product details, they can then change their $2 product to a $150 dollar product with 100s of 5* reviews, and then it looks like an expensive product is very good.
|
|
#
?
Apr 10, 2022 18:01
|
|
|
What's the spam email with an order confirmation when I didn't buy anything? edit: Looks like one of these https://logixconsulting.com/2021/07/29/why-you-should-beware-of-order-confirmation-emails/ and it has an attachment I sure as poo poo aint opening
|
|
#
?
Apr 13, 2022 16:37
|
|
|
Two things that come into mind: 1. the attachment has something embedded that could exploit a vulnerability on the system it's opened on (PDFs can include malicious things, these things are usually in that format) 2. the recipient might start a dialog, which means they've bought in to it being a legit email and thus are open to be exploited further ie play on their greed by offering a refund, just give us your bank details etc.
|
|
#
?
Apr 13, 2022 17:06
|
|
|
EL BROMANCE posted:Two things that come into mind: Also bait with a link to a fake site that steals your login creds for fraud on the legit site later. I get bullshit Amazon invoices all the time and the URL is always some bullshit if you bother to look at it. The fake site usually sucks too with a bunch of misspelled words all over it. If you have one eye and half a brain you'll never get taken in so of course they're wildly successful.
|
|
#
?
Apr 14, 2022 03:28
|
|
|
My new experience has been getting text messages that say “Thank you, your bill for March has been paid! Click here for a free gift! ——> [strange link]” only now I’m getting them as a part of a group text, like these people are just selecting 10-15 cell phone numbers at random off a list and firing them off, hoping to get at least a couple of clicks (and I bet they do)
|
|
#
?
Apr 14, 2022 03:46
|
|
|
You should turn it into a group chat with your new friends. Really get to know each other, your hopes, your dreams, your mothers’ maiden names, the name of the street you grew up on. Just normal new friend things.
|
|
#
?
Apr 14, 2022 04:53
|
|
|
MrMojok posted:My new experience has been getting text messages that say “Thank you, your bill for March has been paid! Click here for a free gift! ——> [strange link]” I've gotten a couple of those ones before and they're thee worst because your phone just blows up for 45 minutes with people texting "stop!" and "who is this?"
|
|
#
?
Apr 14, 2022 11:56
|
|
|
My favorite responses to those are the "gently caress you you piece of poo poo!!!" Always a fun message to wake up to
|
|
#
?
Apr 15, 2022 13:26
|
|
|
Tom Smykowski posted:My favorite responses to those are the "gently caress you you piece of poo poo!!!" Always a fun message to wake up to It happened to me when I was driving on a crowded freeway, couldn't really check my phone and I freaked out because I thought my kid had another seizure and was in the ER. gently caress that rear end in a top hat trying to sell used cars. I've noticed a real uptick in a lot of shady spam, calls and texts too whenever I'm job hunting and it's really frustrating. Apparently, my degree in illustration and my graphic design background makes me a perfect candidate to own my business, sell insurance and get into direct marketing. They list graphic design jobs and I can always tell they're bullshit because they're stupid enough to put $80,000/year in the salary line but they're still able to get my phone # and email from Indeed and Linked In or wherever I post my resume/portfolio.
|
|
#
?
Apr 15, 2022 16:57
|
|
|
BiggerBoat posted:It happened to me when I was driving on a crowded freeway, couldn't really check my phone and I freaked out because I thought my kid had another seizure and was in the ER. gently caress that rear end in a top hat trying to sell used cars. One thing I'm like, thisclose to doing is including a 'do not sell my data' disclaimer on my resume directly. https://www.ecocycle.org/junkmail see #6. This was a project, sorta, early during covid: Writing all the spam providers, getting removed from lists. if you don't explicitly ask for your info not to be sold, well, your contact info just turns into cold leads for another marketing firm and its endless whack-a-mole I was thinking maybe a nice 8 point font of 'do not sell, trade, exchange or alter my data' right below the header. But yeah, I've been getting spam texts lately too. big 16-20 people group chats where the initiator is spoofed and theres a handful of real people going wtf is this/gently caress off'. it feels like another spam center spun up (if people are interested in reducing their physical mailbox ads, the dma is apparently legit: https://dmachoice.thedma.org/, https://www.nytimes.com/2018/03/08/smarter-living/how-to-cut-down-on-unwanted-junk-mail.html )
|
|
#
?
Apr 16, 2022 06:35
|
|
|
Tom Smykowski posted:My favorite responses to those are the "gently caress you you piece of poo poo!!!" Always a fun message to wake up to A friend of mine once responded to a porn/fake prostitution scam text that included 15 other people with "Well, boys, are we doing this?" before anyone else had the chance to respond and those 15 other people ended up finding it pretty funny.
|
|
#
?
Apr 19, 2022 16:20
|
|
|
|
|
#
?
Apr 19, 2022 17:40
|
|
|
Crossposting from the SH/SC "A ticket came in..." thread, though it might be relevant.D34THROW posted:Oh, the fake invoice scam D34THROW fucked around with this message at 17:52 on Apr 19, 2022 |
|
#
?
Apr 19, 2022 17:49
|
|
I had a customer at work use it to scam their customer once.
for a while though.
|
Per posted:Not even opening the text IIRC, just the phone receiving it. The technical writeup for that one is interesting
|
|
#
?
Apr 19, 2022 18:09
|
|
|
D34THROW posted:Crossposting from the SH/SC "A ticket came in..." thread, though it might be relevant. Seems like a lot of work to steal just $70.
|
|
#
?
Apr 19, 2022 18:44
|
|
|
|
| # ? Apr 25, 2024 09:50 |
|
|
Yeah why bother with $70 window balances when they’re all that sweet support monkey money out there
|
|
#
?
Apr 19, 2022 19:20
|
|
