Damaged Evernote Images Email Scam

I’m so tired of writing about these, but I really do feel a need to share and inform.

The other day, I got a very short email message from “Support” that claimed I had damaged images. There was a link apparently to the image. A footnote had an Evernote copyright. Here’s the whole thing:

Email Scam
This is the entire message.

Yes, I do use Evernote. But I don’t put images there. So it was pretty easy for me to expect a scam.

How to Be Sure

Here’s how I knew for sure it was a scam. Pay attention, newbies!

Who is it from?

Address
Evernote Support’s email is debra@tazland.net? I don’t think so.

The first thing I did was click the name in the from field. In Mail on my Mac, that displays a menu that includes the email address of the sender. This is obviously not Evernote support. It’s an idiot scammer.

What is the link really to?

Link
This is not a link to an image. It’s a link to a PHP file that can install malware on your computer.

Just because text is colored and looks like a link doesn’t mean it links to what the text says. In Mail on a Mac, I can point to the link and wait until a popup appears, telling me exactly where the link goes. Never click a link to a PHP file. It could install malware on your computer.

The same thing goes for buttons. Point to see where it goes before clicking. This button goes to the same place as the link text above it.

What Evernote Says

Enough people reported this problem to Evernote that they have a knowledge base article about it. You can find it here.

Be Careful Out There!

I’ve said it before and I’ll say it a million times more: never click a link in an email message unless you know for sure that it was sent by someone you know and trust. Even then there could be issues if that person’s account was hacked.

An Apple ID Hack Attempt

Two unrelated incidents? Maybe.

The other day, after having lunch with a friend, I happened to check my email. There were two messages from Apple’s iCloud service, which I’ve been a user of since its first incarnation more than 10 years ago.

I should mention first that I actively use about six different email addresses and have another six or so more that I seldom check or use. The bulk of my email comes to a throw-away address on one of my domain names. Only good friends, family members, and important folks like my divorce lawyers have my keeper email addresses, including the one on Apple’s servers which I use with the @mac.com domain.

The messages were from Apple and I’m pretty sure they were real. Here’s the first:

Hack Attempt 1
First message I got warning of a hack attempt.

In case you can’t read it, it tells me that I recently initiated a password reset for my Apple ID and gives me a link to reset my password.

I looked at the URL in the link. It looked real. But I didn’t click it. I didn’t need to. I hadn’t initiated a password reset for my account.

Apparently, someone else had.

I have to admit that I first thought of my wasband and the desperate old whore he’s living with these days. Back in January or February, they’d hacked into one of my old investment accounts, probably searching for funds for their never-ending legal battle to steal what I’ve worked hard for my whole life. I’d found out because they’d actually gotten in — I’d been foolish enough to put his name on the account when I thought I could trust him — and changed the security questions for the account. I’d been automatically emailed about the change by the investment company, thus exposing their little trespass into an account my wasband knew was mine. Fortunately, there was nothing in there for them to take. Not long afterward, I discovered that I’d been locked out of another investment account because of too many incorrect login attempts. His name is not on that one so they couldn’t get in.

I couldn’t see any reason why they’d want to hack into my Apple account, though, other than to possibly access privileged communications between me and my lawyer. What would that get them, though? Unless they’re concerned about legal action by me against my wasband for his lies under oath in court?

About 25 minutes later, another message from Apple came through. This one told me that they couldn’t reset the password because too many unsuccessful attempts to answer my security questions.

Hack Attempt 2
This message told me that someone had gone so far as to attempt to answer my security questions.

Whoever was trying to hack my account was apparently rather determined. But why? Could some hacker be trying to access my credit card information on Apple’s account? I don’t store naked selfies — or anything else that should be kept private — on iCloud to leak onto the Internet.

I should mention here that both messages came to my throwaway email account, which is set up on my Apple account as a backup email contact. Obviously, if I didn’t have a backup email account, Apple couldn’t email me instructions for resetting my password on an account I couldn’t access. It seemed to me that security on the Apple servers had protected my account.

Overnight, another message came in. This was definitely not from Apple.

Hack Attempt 3
This message was definitely not from Apple.

How do I know at a glance that it isn’t from Apple? Let me count the ways:

  1. Dear Customer. A legitimate email message from an organization you do business with should always be addressed to your name. Not even to an email address.
  2. Message was from “Service Apple ID.” Who? The address for that account was service@customer.com. Yeah, like I believe that’s Apple.
  3. Link was to a page on chatkajamnika.com. No, I didn’t click the link to see it. If you point to a link in the Mail app, a tip comes up with the full URL inside it. ALWAYS check links before clicking them.
  4. Typos. Apple doesn’t have typographical or grammatical or punctuation errors in its messages.

What seriously creeped me out about this is that it also went to my throwaway account.

Now my throwaway account is “throwaway” for a reason. It’s the email address I use to sign up for things. As such, it’s subject to spam. The idea is that when incoming spam reaches a critical mass, I throw away the account and create a new one for the same purpose.

There is definitely a chance that the person who sent this message sent them out to everyone they could, hoping that some of them would have Apple IDs associated with the account and click the link. But what worries me is that it came on the same day that my actual Apple account was attacked. Coincidence? I don’t know, but I don’t like it. Still, I know my Apple account is secure, so I’m not losing sleep over it.

But I do want to spread the word.

Have you gotten messages like this? At least one of my Facebook friends has. Could this be a coordinated attack against people with Apple IDs? Perhaps a way to get access to their data for use with the Apple Pay system? Or something else?

I might never know. But if you have any insight about this, please do share it — or at least point me to a reliable source of information with real answers.

Apple, as we all know, is pretty much impossible to reach.

IRS Tax Payment Rejection Scam

Are people really this stupid?

I got an email message from “TAX@irs.gov” today claiming that:

Your federal Tax payment (ID: HF2IRS598523201), recently sent from your checking account was returned by the your financial institution.

For more information, please download notification below. (Security PDF Adobe file)

http://www.feftechnicalsupport.co.uk/google/[REDACTED].php

Seriously?

Are people really stupid enough to click a link on a site based in the UK for an IRS tax issue? Are people really stupid enough to click a link to a PHP file that’s supposed to be a PDF file?

Here’s a copy of the message. If you got one of these, “raise your hand” by posting a comment below. I’m curious.

And spread the word; you have no idea how much it irks me that scammers are preying upon people dumb enough to believe crap like this.

Tax Scam Email