Unlikely Tour Reservation Scam

How many times have I gotten these? Too many to count.

Got this in my email inbox for Flying M Air yesterday.

Reservation Email
This simple message has plenty of flags to indicate it’s a scam.

Looks good, huh? Three days worth of helicopter tours for four people. Cha-ching!

It’s fake, of course. Want to know how I can tell? Here are the flags:

  • “Vacation in your state.” Which state is that? Believe it or not, I’m still getting requests from people who think I still operate in Arizona. (I left the state in 2013.) The vagueness of this screams “boilerplate” or “template.” It also makes me wonder how many other tour operators got the exact same message yesterday.
  • “Reservation for 2 couples.” My aircraft only holds three passengers. Martin obviously hasn’t done his homework before dangling his credit card.
  • “Confirm availability and total cost.” How could I possibly calculate a “total cost” if I have no idea what he wants?
  • No phone number. The sender hasn’t provided any method other than an email address to contact him. Why not?
  • Sender Gmail account. Yes, I know that real people have Gmail accounts, too. But do they usually spell their last names wrong in the account address?

Yes, this is a scam. I actually played along with one of these years ago to see what he wanted. You can read the details here. How interesting to see that it’s still being played. I guess there are enough suckers out there to make trying it worthwhile.

Don’t get scammed. If something sounds too good to be true, it probably is.

Damaged Evernote Images Email Scam

I’m so tired of writing about these, but I really do feel a need to share and inform.

The other day, I got a very short email message from “Support” that claimed I had damaged images. There was a link apparently to the image. A footnote had an Evernote copyright. Here’s the whole thing:

Email Scam
This is the entire message.

Yes, I do use Evernote. But I don’t put images there. So it was pretty easy for me to expect a scam.

How to Be Sure

Here’s how I knew for sure it was a scam. Pay attention, newbies!

Who is it from?

Address
Evernote Support’s email is debra@tazland.net? I don’t think so.

The first thing I did was click the name in the from field. In Mail on my Mac, that displays a menu that includes the email address of the sender. This is obviously not Evernote support. It’s an idiot scammer.

What is the link really to?

Link
This is not a link to an image. It’s a link to a PHP file that can install malware on your computer.

Just because text is colored and looks like a link doesn’t mean it links to what the text says. In Mail on a Mac, I can point to the link and wait until a popup appears, telling me exactly where the link goes. Never click a link to a PHP file. It could install malware on your computer.

The same thing goes for buttons. Point to see where it goes before clicking. This button goes to the same place as the link text above it.

What Evernote Says

Enough people reported this problem to Evernote that they have a knowledge base article about it. You can find it here.

Be Careful Out There!

I’ve said it before and I’ll say it a million times more: never click a link in an email message unless you know for sure that it was sent by someone you know and trust. Even then there could be issues if that person’s account was hacked.

An Apple ID Hack Attempt

Two unrelated incidents? Maybe.

The other day, after having lunch with a friend, I happened to check my email. There were two messages from Apple’s iCloud service, which I’ve been a user of since its first incarnation more than 10 years ago.

I should mention first that I actively use about six different email addresses and have another six or so more that I seldom check or use. The bulk of my email comes to a throw-away address on one of my domain names. Only good friends, family members, and important folks like my divorce lawyers have my keeper email addresses, including the one on Apple’s servers which I use with the @mac.com domain.

The messages were from Apple and I’m pretty sure they were real. Here’s the first:

Hack Attempt 1
First message I got warning of a hack attempt.

In case you can’t read it, it tells me that I recently initiated a password reset for my Apple ID and gives me a link to reset my password.

I looked at the URL in the link. It looked real. But I didn’t click it. I didn’t need to. I hadn’t initiated a password reset for my account.

Apparently, someone else had.

I have to admit that I first thought of my wasband and the desperate old whore he’s living with these days. Back in January or February, they’d hacked into one of my old investment accounts, probably searching for funds for their never-ending legal battle to steal what I’ve worked hard for my whole life. I’d found out because they’d actually gotten in — I’d been foolish enough to put his name on the account when I thought I could trust him — and changed the security questions for the account. I’d been automatically emailed about the change by the investment company, thus exposing their little trespass into an account my wasband knew was mine. Fortunately, there was nothing in there for them to take. Not long afterward, I discovered that I’d been locked out of another investment account because of too many incorrect login attempts. His name is not on that one so they couldn’t get in.

I couldn’t see any reason why they’d want to hack into my Apple account, though, other than to possibly access privileged communications between me and my lawyer. What would that get them, though? Unless they’re concerned about legal action by me against my wasband for his lies under oath in court?

About 25 minutes later, another message from Apple came through. This one told me that they couldn’t reset the password because too many unsuccessful attempts to answer my security questions.

Hack Attempt 2
This message told me that someone had gone so far as to attempt to answer my security questions.

Whoever was trying to hack my account was apparently rather determined. But why? Could some hacker be trying to access my credit card information on Apple’s account? I don’t store naked selfies — or anything else that should be kept private — on iCloud to leak onto the Internet.

I should mention here that both messages came to my throwaway email account, which is set up on my Apple account as a backup email contact. Obviously, if I didn’t have a backup email account, Apple couldn’t email me instructions for resetting my password on an account I couldn’t access. It seemed to me that security on the Apple servers had protected my account.

Overnight, another message came in. This was definitely not from Apple.

Hack Attempt 3
This message was definitely not from Apple.

How do I know at a glance that it isn’t from Apple? Let me count the ways:

  1. Dear Customer. A legitimate email message from an organization you do business with should always be addressed to your name. Not even to an email address.
  2. Message was from “Service Apple ID.” Who? The address for that account was service@customer.com. Yeah, like I believe that’s Apple.
  3. Link was to a page on chatkajamnika.com. No, I didn’t click the link to see it. If you point to a link in the Mail app, a tip comes up with the full URL inside it. ALWAYS check links before clicking them.
  4. Typos. Apple doesn’t have typographical or grammatical or punctuation errors in its messages.

What seriously creeped me out about this is that it also went to my throwaway account.

Now my throwaway account is “throwaway” for a reason. It’s the email address I use to sign up for things. As such, it’s subject to spam. The idea is that when incoming spam reaches a critical mass, I throw away the account and create a new one for the same purpose.

There is definitely a chance that the person who sent this message sent them out to everyone they could, hoping that some of them would have Apple IDs associated with the account and click the link. But what worries me is that it came on the same day that my actual Apple account was attacked. Coincidence? I don’t know, but I don’t like it. Still, I know my Apple account is secure, so I’m not losing sleep over it.

But I do want to spread the word.

Have you gotten messages like this? At least one of my Facebook friends has. Could this be a coordinated attack against people with Apple IDs? Perhaps a way to get access to their data for use with the Apple Pay system? Or something else?

I might never know. But if you have any insight about this, please do share it — or at least point me to a reliable source of information with real answers.

Apple, as we all know, is pretty much impossible to reach.