Got a scam email that used the company's real email addr (Norton/Symantec)

[JEDI]

The email is similar to the complaints listed here, including the phone #:

716-406-7963 - Claiming To Be Symantec-Norton in Clarence Center, NY

Got a call from (716) 406-7963? Read 23 comments to find who is calling. Commonly reported as Scammer/Fraudster. Report unwanted phone calls from 7164067963

www.callercenter.com

Renewal of $4xx deducted from my checking account, blah blah blah.

since i never have anything linked to my checking acct, i knew this was a scam.
but the email was listed as from quickbooks@notification.intuit.com .
this was on my yahoo mail acct.


the scam is calling the phone # listed in that email.
Wonder how they spoofed intuit's email addr?

 

[Charmonium]

Anyone you've ever sent a check to has all the info they need to dupe your bank. That's why I tend to be very skeptical about ACH transfers. But under UCC (uniform commercial code) which the vast majority of states have adopted, A bank is 100% liable for a forged depositor's signature. So I'm going to guess and say that any sort of fraudulent transfer via ACH is probably going to be treated similarly.

 

[Captante]

Careful with emails from ANYONE these days .... pick up the telephone.
(after you Google the number yourself DO NOT call the number in the email or click any links!)

Watch the video where Linus (of Linus Tech-Tips or LTT on Youtube) details how he and his wife were nearly scammed out of $90k Canadian in a wire-transfer initiated by scammers who had 100% hijacked an actual company they had previously done business with's ENTIRE email literally for many months.

It's freaking sobering.

 

[lxskllr]

Looking at the full headers would probably reveal the spoofed email. As to exactly how it's done, I don't know.

 

[Torn Mind]

Careful with emails from ANYONE these days .... pick up the telephone.

Watch the video where Linus (of Linus Tech-Tips or LTT on Youtube) details how he and his wife were nearly scammed out of $90k Canadian in a wire-transfer initiated by scammers who had 100% hijacked an actual company they had previously done business with's ENTIRE email literally for many months.

It's freaking sobering.

Actually did happen a few years back. A real estate agent we had contact with sent obvious spam emails to numerous people including mine. She had sent real correspondence in the past and eventually caught wind of the breach, and contacted my mom.

 

[Captante]

Looking at the full headers would probably reveal the spoofed email. As to exactly how it's done, I don't know.

Except the emails in the case I referenced above were NOT spoofed... any examination made them appear to be 100% legit... because technically they were!

Apparently the scammers were monitoring email communications for months as if they worked there themselves and the communications were even done in the "style" they were used to seeing.

And this just happened to some fairly tech-savvy people... be careful!

 

[Captante]

Now that I'm thinking it over makes one wonder about how secure VOIP connections are too .... imagine if said companies entire phone-system was hijacked as well?

Considering recent advancements in real-time voice modification maybe picking up the phone won't be all that helpful either moving forward .... face-to-face IRL with a hand-shake may well soon be the only way to be sure again.

 

[[DHT]Osiris]

Looking at the full headers would probably reveal the spoofed email. As to exactly how it's done, I don't know.

With access to an open relay, and assuming the receiving email doesn't do any modern checks to verify the sender, it's trivial to change the from: on an email in a way that you can't tell when it arrives. Doesn't even have to be a valid domain.

 

[Charmonium]

Now that I'm thinking it over makes one wonder about how secure VOIP connections are as well.... imagine if said companies entire phone-system was hijacked as well?

Considering recent advancements in real-time voice modification maybe picking up the phone won't be all that helpful either moving forward .... face-to-face IRL with a hand-shake may well soon be the only way to be sure again.

Unless I'm doing a major drug deal, I don't really care. Calm down junkies. I may or may not do drugs but even I'm not stupid enough to be a distributor. OK, long side track coming. Let the engineer know which track you want. Hehe. He's deaf so, that might not go well.

I used to work for a law firm that primarily did criminal defense, at least at the time. It's sort of nice because you know the clients have the cash, well the drug dealers do. That means that the only record of the transaction is what you say it is. But it can be feast or famine. So there's still an attraction for the more mundane stuff like contract disputes, personal injury shit, etc. Anyway, I did research almost exclusively - plus writing the briefs of course. And pretty much all of my work was Fourth Amendment search and seizure. Oh, it was a glorious time. There was so much precedent that tended to favor the defendant that if you couldn't find at least a half dozen loopholes for any given 'stop and search,' give back your license. But then came the dark days of NY v. Belton.

OK, back to the main track. I don't really like talking on the phone any more, unless it's something like making an appt where you need realtime responses. On average, I make 1 or maybe 3 calls per week. And that estimate is probably high. I much prefer texting, but only because I can do it from the PC and I long ago learned to touch type. You have no idea how much I pity the hunt and peckers. That said, I have to admit that some of you can probably do at least 30-40 words per minute.

 

[JEDI]

With access to an open relay, and assuming the receiving email doesn't do any modern checks to verify the sender, it's trivial to change the from: on an email in a way that you can't tell when it arrives. Doesn't even have to be a valid domain.

but yahoo mail?!

 

[JEDI]

But then came the dark days of NY v. Belton.

what happened? when?

 

[Captante]

But then came the dark days of NY v. Belton.

what happened? when?

New York v. Belton (wiki)

"New York v. Belton, 453 U.S. 454 (1981), was a United States Supreme Court case in which the Court held that when a police officer has made a lawful custodial arrest of the occupant of an automobile, the officer may, as a contemporaneous incident of that arrest, search the passenger compartment of that automobile."

 

[Charmonium]

what happened? when?

Ah, what indeed. I don't remember exactly what the split in the court was, but there was a decided shift to the conservative side.

The main thing you need to know is that previously, if you were stopped and then your car was searched (but NOT incident to an arrest since this was all pre-arrest), you could argue that the fuzz could only search the area in your immediate control. Why? You hadn't done anything yet, right. OK, nothing that they actually knew about. But the logic was that maybe you had a weapon secreted someplace nearby which you might reach for if it looked like you were going to be busted. Of course all of the outstanding out of state warrants and priors weren't doing you any favors either, but again, those roaches where still under their rocks and hopefully not in your ask tray.

Well . . . that and similar precedents basically made for full lawyer employment. But with Belton the court basically said, GTFO. They decided on what they called the need for a "bright line" rule. So, henceforth, once you were stopped, the cops had the right to search the entire vehicle, just like if they'd arrested you. This was several decades ago so the precise logic escapes me but with that decision and others that followed, it was much harder to rack up the high acquittal rate to which we'd become accustomed.

 

[Charmonium]

New York v. Belton (wiki)

"New York v. Belton, 453 U.S. 454 (1981), was a United States Supreme Court case in which the Court held that when a police officer has made a lawful custodial arrest of the occupant of an automobile, the officer may, as a contemporaneous incident of that arrest, search the passenger compartment of that automobile."

Shit. It's strange how your memory can fade and transform. Sigh. Belton WAS the 'search incident to an arrest' rule. Mea culpa.

 

[[DHT]Osiris]

but yahoo mail?!

I dunno if yahoo verifies sender domain/ip system in any way (SPF, DMARC). It certainly isn't mandatory.

 

[Captante]

Shit. It's strange how your memory can fade and transform. Sigh. Belton WAS the 'search incident to an arrest' rule. Mea culpa.

No worries .... it's not like I knew it off the top of my head!

Really all I did was Google it super-quickly!

 

[Captante]

but yahoo mail?!

Idk how much I trust Yahoo mail to be "secure" considering their track-record along those lines.

Gmail either for that matter.... as an aside I freaking HATE places that use email for password resets and the like.... lazy and dumb.

 

[Charmonium]

Really all I did was Google it super-quickly!

Thank you - which is what I should have realizing how fallible my memory can be. But I'm SUCH a lazy sock sucker. OK, don't really do socks any more but I think you know where that was headed (Bevis and Butthead - hahahaha he said 'headed')

 

[Captante]

Thank you - which is what I should have realizing how fallible my memory can be. But I'm SUCH a lazy sock sucker. OK, don't really do socks any more but I think you know where that was headed (Bevis and Butthead - hahahaha he said 'headed')

In Chrome you can highlight text in most websites, right-click and select "search with Google" in the drop-down menu never have to touch the keyboard (or even sit up!) .... how's that for lazy?

Now you know my secret Google-fu!

*(not actually me... I'm MUCH older!)

 

[Charmonium]

I did already know that and use it frequently, many times per day. It is invaluble.

One good turn deserves another so, let's say you want to search a site that has a shitty search function but it's a public site, so it gets indexed by google. Use the "site:" function.

It doesn't work here since I assume they block google's bots. But if they didn't, you type "site:forums.anandtec.com" plus your search terms.

I bid you adieu and travel well down the google rabbit hole

edit: may as well mention this one too since I'm here, although I have mentioned it once or twice before. Also invaluable but use with caution since this function gives you just one definition (unless you click the line that indicates there's more that's been hidden to save space and attention spans.

define: onomatopoeia

Try it

 

[Torn Mind]

Unless I'm doing a major drug deal, I don't really care. Calm down junkies. I may or may not do drugs but even I'm not stupid enough to be a distributor. OK, long side track coming. Let the engineer know which track you want. Hehe. He's deaf so, that might not go well.

I used to work for a law firm that primarily did criminal defense, at least at the time. It's sort of nice because you know the clients have the cash, well the drug dealers do. That means that the only record of the transaction is what you say it is. But it can be feast or famine. So there's still an attraction for the more mundane stuff like contract disputes, personal injury shit, etc. Anyway, I did research almost exclusively - plus writing the briefs of course. And pretty much all of my work was Fourth Amendment search and seizure. Oh, it was a glorious time. There was so much precedent that tended to favor the defendant that if you couldn't find at least a half dozen loopholes for any given 'stop and search,' give back your license. But then came the dark days of NY v. Belton.

OK, back to the main track. I don't really like talking on the phone any more, unless it's something like making an appt where you need realtime responses. On average, I make 1 or maybe 3 calls per week. And that estimate is probably high. I much prefer texting, but only because I can do it from the PC and I long ago learned to touch type. You have no idea how much I pity the hunt and peckers. That said, I have to admit that some of you can probably do at least 30-40 words per minute.

Being a drug distributor is not unprofitable or that dangerous. A smart kingpin can operate without fail. Lackeys who get busted might only get 6 months probation and some money. A bonus if the people are people of color, as outsiders will treat them as stricken by poverty and racism, and in need of care. And with the heavy for for a government to have clemency on the levels of Canada or Europe, the future is bright for the business. And of course, opioid slavery is used the same way by these dealers the same way China got subjugated back in the day. Plus, it provides a good education in how to murder people and get away with it.

 

[Charmonium]

@Torn Mind I see you haven't been on Earth for very long.

 

[Captante]

define: onomatopoeia

Try it

Mirriam-Webster has got you covered!


onomatopoeia

noun


on·o·mato·poe·ia | \ ˌä-nə-ˌmä-tə-ˈpē-ə , -ˌma- \

Definition of onomatopoeia:

1: the naming of a thing or action by a vocal imitation of the sound associated with it (such as buzz, hiss) also : a word formed by onomatopoeiaIn comic books, when you see someone with a gun, you know it's only going off when you read the onomatopoeias.— Christian Marclay

2: the use of words whose sound suggests the sensea study of the poet's onomatopoeia

 

[nakedfrog]

I did already know that and use it frequently, many times per day. It is invaluble.

One good turn deserves another so, let's say you want to search a site that has a shitty search function but it's a public site, so it gets indexed by google. Use the "site:" function.

It doesn't work here since I assume they block google's bots. But if they didn't, you type "site:forums.anandtec.com" plus your search terms.

I bid you adieu and travel well down the google rabbit hole

It works here, and it's a much easier/more effective way to search AT.

 

[Torn Mind]

@Torn Mind I see you haven't been on Earth for very long.

Tenant triggered a drug bust at house my mom owned. 6 months probation, a guilty plea, and some fees are all he got. His occupation was bus driver for various companies.

The other first met just when he finished his bust, his name is Norman. He knew a dude named "Anthony", who is kingpin who learned to cover his tracks better by hiring willing drivers, usually females in good societal standing. Anthony had little of a history by the time I checked case search, with only getting caught via traffic stop. Anthony didn't need housing for himself, but he did for his hired hands.

A pair of sisters also alleged two dudes, of which Norman was a named individual, and female getaway driver popped Tylandis, their brother. Murder charges were pressed through individual filing, Norman gets arrested and gets on bail. Later, the case is "nolle prosequi" due to lack of evidence. Norman got jailed a few times but since 2009, has been living as a free man.

Then on another is another group of "suppliers" and a customer. The customer, named Elliot, had well-to-parents(mother is a professor at American University), but he had some issues and signs of aggressive, including a lady who accused him of rape(nolle prosequi'd). One of his main male suppliers tried to obtain housing, once while Elliot was living there and another years later, when Elliot was gone and supplier had gotten an HVAC job. A little more extensive history, but getting sentenced to 9 months in jail in the past did not really deter the activities and he's probably learned to cover his tracks. Another supplier has a bare, nonexistent criminal record and works in a nursing-related job.

Businessmen will always be unethical. Just that "legit" ones simply pay the government fees to conduct business while the likes of drug dealers don't.
I get why the war on drugs is really done. No need to lock 'em up when the dealers can do cheap "accidental" population control and provide nalaxone suppliers stimuli. Opium was used to subjugate China and its more powerful synthetic derivative is doing it to the unethical trash who wants to take drugs.