This one made me click!

Post scam emails to warn other rental owners, or if you are not sure if an enquiry is genuine, put it up here and see what others think.
User avatar
Ben McNevis
Posts: 846
Joined: Mon May 15, 2006 10:07 am
Location: Scotland (for) The Brave
Contact:

This one made me click!

Post by Ben McNevis »

I normally spot the scams a mile off but I clicked on a link in an email! It is a gmail phishing scam. The reply to my "not available" email was:
Hello again!

Thank you for your prompt replay. I love the property and I want to proceed with the booking asap!!!
We are truly interested in renting this property just that we have a small problem ( issue ).
My wife found the same property on different rental websites at a cheaper rate and other owners deatils.
I need to be sure that you are the owner at the link below
Here is the web address with the website that shows the cheaper rates of your property.
http://www.homeaway.com/p623462436?utm_ ... 5724574578


but the link wasn't as it appeared.
I know it makes no sense after I'd told them that it's not available, but... I looked at the email before I looked at the previous conversation and was intrigued. It's a clever hook.

The names and email addresses involved were:
eleonor quastan <qastanelor@outlook.com>
mark brierley <qastanelor@outlook.com>
Cheers, Ben
www . scotland-cottage.com www . scottish-cottage.com


Visiting Glenrothes? It's one of your Fife-a-day
tavi
Posts: 2578
Joined: Wed Sep 14, 2011 9:07 pm
Location: Algarve

Post by tavi »

Thanks Ben,


I'd have probably done the same!

Another reminder to keep on our toes :)
User avatar
kevsboredagain
Posts: 3207
Joined: Sat Jan 20, 2007 9:32 am
Location: France
Contact:

Post by kevsboredagain »

Always hover your mouse over a link and see what it really is. The visible text is simply text and can be anything.

I assume you've just posted the visible text here but it would be useful to show people what the real link was so they know how to spot it. You can remove some parts to make it invalid and safe.
User avatar
Ben McNevis
Posts: 846
Joined: Mon May 15, 2006 10:07 am
Location: Scotland (for) The Brave
Contact:

Post by Ben McNevis »

kevsboredagain wrote:Always hover your mouse over a link and see what it really is. The visible text is simply text and can be anything.
Yes, I usually do!
kevsboredagain wrote: I assume you've just posted the visible text here but it would be useful to show people what the real link was so they know how to spot it. You can remove some parts to make it invalid and safe.
Yes I should have saved the link, but in Gmail I reported it as phishing and that makes the whole conversation no longer accessible.
Cheers, Ben
www . scotland-cottage.com www . scottish-cottage.com


Visiting Glenrothes? It's one of your Fife-a-day
User avatar
Robin S
Posts: 190
Joined: Tue Jan 20, 2015 9:24 pm
Location: The Cotswolds
Contact:

Post by Robin S »

If you're ever in doubt on a URL worth checking by putting it in a tool like http://scanurl.net/ or equivalent.

R
Annew
Posts: 925
Joined: Wed Nov 04, 2009 10:02 am
Location: Devon

Post by Annew »

This is exactly what happened to me on Thursday and, like a fool, I clicked!

HA have been very swift to deal with it, but I have had to alter emails and passwords etc - very frsutrating.

The initial enquiry I had came from a ???.outlook.com address. I've had two more in the past 24 hours!
If you want to find me, Google The Barton Poughill!
User avatar
kevsboredagain
Posts: 3207
Joined: Sat Jan 20, 2007 9:32 am
Location: France
Contact:

Post by kevsboredagain »

Ben McNevis wrote: Yes I should have saved the link, but in Gmail I reported it as phishing and that makes the whole conversation no longer accessible.
If you clicked on it then it would still be in your browser history, unless you've deleted that recently.
User avatar
Ben McNevis
Posts: 846
Joined: Mon May 15, 2006 10:07 am
Location: Scotland (for) The Brave
Contact:

Post by Ben McNevis »

Good thinking, Bored Kev. Here it is:

gdrive.mailsignout.relogin.timeout.adminocid.woi1.oauth.client.login.online.storage.reconnect.mailsignout.reloginerr.bureaumix.com dot br

But I see that bureaumix.com.br has already been "account suspended".
Cheers, Ben
www . scotland-cottage.com www . scottish-cottage.com


Visiting Glenrothes? It's one of your Fife-a-day
User avatar
kevsboredagain
Posts: 3207
Joined: Sat Jan 20, 2007 9:32 am
Location: France
Contact:

Post by kevsboredagain »

Ben McNevis wrote:Good thinking, Bored Kev. Here it is:

gdrive.mailsignout.relogin.timeout.adminocid.woi1.oauth.client.login.online.storage.reconnect.mailsignout.reloginerr.bureaumix.com dot br

But I see that bureaumix.com.br has already been "account suspended".
Wow, that's a mouthful but rings alarm bells immediately as it clearly has nothing to do with HA.

The actual domain is the last part ending in .com.br
The good news, as you say, is that the domain has been suspended.

The first part of that link appears a lot on Google connected with various phishing attempts.
AndrewH
Posts: 1499
Joined: Thu Sep 12, 2013 1:17 pm
Location: Kefalonia, Greece
Contact:

Post by AndrewH »

I really appreciate the posts here. It was such an intelligent scam (unlike so many) and so easy to fall for. Thanks, Kevin, for the reminder to get into the habit of simply hovering your mouse over a link.

It just shows how smart some of these criminals have become at getting into the minds and thoughts of their intended victims.
User avatar
villagg
Posts: 30
Joined: Wed Nov 17, 2010 1:34 pm
Location: Split / Croatia
Contact:

Scammers are getting back in the game thx to smartphones

Post by villagg »

Everybody be aware when opening suspicious inquiries with your smartphones, no hover possibilities there and you are often distracted. The conclusion is, if you're unsure don't do anything with the phone and wait until you can take a better and not distracted look from your computer.
Even a kick in the butt is a step forward
Villa GG - Exclusive holiday accommodation in Split Croatia
User avatar
kevsboredagain
Posts: 3207
Joined: Sat Jan 20, 2007 9:32 am
Location: France
Contact:

Re: Scammers are getting back in the game thx to smartphones

Post by kevsboredagain »

villagg wrote:Everybody be aware when opening suspicious inquiries with your smartphones, no hover possibilities there and you are often distracted. The conclusion is, if you're unsure don't do anything with the phone and wait until you can take a better and not distracted look from your computer.
Good advice
zebedee
Posts: 1270
Joined: Fri Sep 12, 2014 2:57 pm
Location: yorkshire dales

Post by zebedee »

Hello Kev, I tend to read most emails on my IPad, and the hovering mouse does not work (ie if I try and hold my finger over the link). Do you haves any suggestions as to how to identify fake links from a tablet / IPad?
Thanks.
Post Reply