Canuck Audio Mart Hifi and Audio ForumCanuck Audio Mart Hifi and Audio Forum
It is currently Thu Oct 18, 2018 4:25 pm

All times are UTC - 8 hours




Post new topic Reply to topic  [ 15 posts ] 
Author Message
 Post subject: E-mail Scams and Fraud
PostPosted: Sun Jul 22, 2018 4:05 am 
Offline
User avatar

Joined: Tue Nov 23, 2010 4:37 pm
Posts: 3267
Location: London, ON, CA
This seems to be an epidemic for online sales especially with EMT.

It is very easy to setup a bogus email address similar to the one you need to send money to.
I set one up last night on a different topic to prove a point.

canuckaudiomart@gmail.com
Topic
https://www.canuckaudiomart.com/forum/viewtopic.php?f=8&t=50611&start=135

When setting up your EMT email address with your bank ensure it is the correct address.
If I were to attach the above email to my bank account and you send money thinking it is the CAM email you will be giving me money not CAM.

My suggestion to online companies is to create emails with their website in them, most if not all internet providers give you email accounts tied to your site.
Example:
onlinesales@2000audiovideo.ca
customerservice@2000audiovideo.ca

As a company if you use @gmail, @hotmail, @yahoo, @Rogers, @bell.net, etc. you are open to an easy fraud attack.
If you see an email inside an email, example onlinesales@2000audiovideo.ca@gmail.com this should be a red flag, go to their site and check the exact email address.

I have deleted the CAM email address, and any others mentioned have been modified for demonstration purposes only.

EMT's are 100% safe, the exact amount of money is sent to where it is directed, ensure your account is set up correctly to avoid scams/fraud.

Regards
Ohms

_________________
“It's easier to fool people than to convince them that they have been fooled.” ----Mark Twain

www.leohl.ca


Top
 Profile  
Reply with quote  
PostPosted: Sun Jul 22, 2018 4:23 am 
Offline
Premium User

Joined: Mon Feb 13, 2017 4:46 pm
Posts: 200
Location: Guelph, ON, CA
Good and helpful advice.


Top
 Profile  
Reply with quote  
PostPosted: Sun Jul 22, 2018 7:29 am 
Offline
User avatar

Joined: Mon Oct 17, 2011 6:55 pm
Posts: 3011
Location: Toronto, ON, CA
AudiOhm wrote:
This seems to be an epidemic for online sales especially with EMT.

It is very easy to setup a bogus email address similar to the one you need to send money to.
I set one up last night on a different topic to prove a point.

canuckaudiomart@gmail.com
Topic
https://www.canuckaudiomart.com/forum/viewtopic.php?f=8&t=50611&start=135

When setting up your EMT email address with your bank ensure it is the correct address.
If I were to attach the above email to my bank account and you send money thinking it is the CAM email you will be giving me money not CAM.

My suggestion to online companies is to create emails with their website in them, most if not all internet providers give you email accounts tied to your site.
Example:
onlinesales@2000audiovideo.ca
customerservice@2000audiovideo.ca

As a company if you use @gmail, @hotmail, @yahoo, @Rogers, @bell.net, etc. you are open to an easy fraud attack.
If you see an email inside an email, example onlinesales@2000audiovideo.ca@gmail.com this should be a red flag, go to their site and check the exact email address.

I have deleted the CAM email address, and any others mentioned have been modified for demonstration purposes only.

EMT's are 100% safe, the exact amount of money is sent to where it is directed, ensure your account is set up correctly to avoid scams/fraud.

Regards
Ohms

Good post AudiOhm.

But just to clarify. A business using an email service such as Gmail does not put them at any more risk than a private service. The objective for spammers/scammers is to gain trust by using key words that is not necessarily linked to a certain domain. Obviously your bank does not use Gmail as a email service, but scammers are able to play on peoples trust with something like royalbank(at)gmail.com as an example. The key word “royalbank” maybe enough to trick the recipient into thinking the email originated from his/her bank. I personally do not think there is anything wrong with a small business using Gmail as a service – it comes with added security which is more likely higher than many web hosting services who fall victim to all kinds of compromises. And with Googles massive amount of resources and redundancy, you can be ensured the service will always be available.

But agree - one should always proceed with caution when receiving an unknown or unexpected email!


Top
 Profile  
Reply with quote  
PostPosted: Sun Jul 22, 2018 8:00 am 
Offline
User avatar

Joined: Tue Nov 23, 2010 4:37 pm
Posts: 3267
Location: London, ON, CA
@gmail, @hotmail, @yahoo, @Rogers, @bell.net, etc. are not any less secure, but no one can create an email under my account except me.
"maldesigns.ca" for example, therefore they are at a higher risk for hackers to mimic their email.

Like I showed, canuckaudiomart@gmail.com is an email that can be easily created by anyone, only I can create canuckaudiomart@maldesigns.ca...

Regards
Ohms

_________________
“It's easier to fool people than to convince them that they have been fooled.” ----Mark Twain

www.leohl.ca


Top
 Profile  
Reply with quote  
PostPosted: Sun Jul 22, 2018 8:05 am 
Offline
User avatar

Joined: Wed Mar 26, 2008 9:54 am
Posts: 190
Location: London, ON, CA
AudioOhm is quite correct ^ but if you fall for a scam, it's at least partly on you.

I have never been the victim of fraud on CAM.

I use EMT all the time.

Just deal with people that have good feedback, have conversations over the phone when you buy/sell things, buy in person when you can etc. It just seems like common sense.

I have read through some forum posts in the last couple of weeks that have been exhausting. It seems like all of the long-standing members here (that have feedback) are honest and are not commonly the victims of fraud unless they knowingly take risks.

Those who claim they have been defrauded seem to provide very vague descriptions, have holes in their claims (ie passwords on EMTs) and then seem to never follow up on the posts. I feel bad for the moderators who have to read through the ridiculousness.


Top
 Profile  
Reply with quote  
PostPosted: Sun Jul 22, 2018 9:49 am 
Offline
User avatar

Joined: Mon Oct 17, 2011 6:55 pm
Posts: 3011
Location: Toronto, ON, CA
AudiOhm wrote:
@gmail, @hotmail, @yahoo, @Rogers, @bell.net, etc. are not any less secure, but no one can create an email under my account except me.
"maldesigns.ca" for example, therefore they are at a higher risk for hackers to mimic their email.

Like I showed, canuckaudiomart@gmail.com is an email that can be easily created by anyone, only I can create canuckaudiomart@maldesigns.ca...

Regards
Ohms


I understand what you are saying and fully agree that an email service such as Gmail can be used to mimic a company. But a company using Gmail, or any of the services you listed is not more susceptible. A scammer may not have control to the domain “maldsigns.com”, but that is irrelevant for they are not looking for a reply to that address – that are trying to gain trust so that the recipient will click the link or open the attachment.

Lazy spammers/scammers may use Gmail or Yahoo for it is readily available and easy to use. But clever ones will go to great measures. It is not difficult to configure an email client so that a different address appears in the “from” section. Depending on what email services maldsigns.com uses, you could very well configure an outbound email to make it look like it came from (at)canuckaudiomart.com. Obviously a trace will reveal the true source of the email, and you will never receive a reply to that address. But that is not your objective – gaining trust with the recipient so they click on the link or open the attachment is.

Who has received a PayPal phishing attempt? Gmail was not used, at least with the below example.


Attachments:
PayPal Phishing example.jpg
PayPal Phishing example.jpg [ 111.02 KiB | Viewed 617 times ]
Top
 Profile  
Reply with quote  
PostPosted: Sun Jul 22, 2018 9:54 am 
Offline
User avatar

Joined: Sat Feb 23, 2013 10:41 am
Posts: 9840
Location: Burlington, ON, CA
^If you click on reply instead of going to the link, you'll reveal a different address than what you see there, it'll still have paypal in it, but clearly not. Same with the link, they're very good with logo's and the fake webpage.

_________________
"There's no place like Space...."


Top
 Profile  
Reply with quote  
PostPosted: Sun Jul 22, 2018 10:12 am 
Offline
User avatar

Joined: Tue Nov 23, 2010 4:37 pm
Posts: 3267
Location: London, ON, CA
There are many ways that scams and fraud can be initiated, but remember, it is so much easier with these free services as I have mentioned than to create your own, that's it plain and simple.

I trying to make people aware of what is out there, and how easily it can be done with little to no effort, and no cost.

You can create www.canuckaudiomart.net, but you will have to register and pay, all this is tracked...

Regards
Ohms

_________________
“It's easier to fool people than to convince them that they have been fooled.” ----Mark Twain

www.leohl.ca


Top
 Profile  
Reply with quote  
PostPosted: Sun Jul 22, 2018 10:22 am 
Offline
User avatar

Joined: Mon Oct 17, 2011 6:55 pm
Posts: 3011
Location: Toronto, ON, CA
AudiOhm wrote:
There are many ways that scams and fraud can be initiated, but remember, it is so much easier with these free services as I have mentioned than to create your own, that's it plain and simple.

I trying to make people aware of what is out there, and how easily it can be done with little to no effort, and no cost.

You can create http://www.canuckaudiomart.net, but you will have to register and pay, all this is tracked...

Regards
Ohms


I am not debating that is easy to mimic a company using Gmail. I am debating your claim that smaller business are more susceptible if they use Gmail as a service over a private host. The domain is irrelevant.

We are not creating a domain – we are spoofing one…there is no cost nor a need to register a spoof.


Top
 Profile  
Reply with quote  
PostPosted: Sun Jul 22, 2018 10:40 am 
Offline
User avatar

Joined: Tue Nov 23, 2010 4:37 pm
Posts: 3267
Location: London, ON, CA
sthomas1049 wrote:
AudiOhm wrote:
There are many ways that scams and fraud can be initiated, but remember, it is so much easier with these free services as I have mentioned than to create your own, that's it plain and simple.

I trying to make people aware of what is out there, and how easily it can be done with little to no effort, and no cost.

You can create http://www.canuckaudiomart.net, but you will have to register and pay, all this is tracked...

Regards
Ohms


I am not debating that is easy to mimic a company using Gmail. I am debating your claim that smaller business are more susceptible if they use Gmail as a service over a private host. The domain is irrelevant.

We are not creating a domain – we are spoofing one…there is no cost nor a need to register a spoof.

I referenced a specific topic, even supplied the link.

I never mentioned smaller business anywhere...why twist things around?

You are more than welcome to start a topic about all the ways to scam/fraud people, I am talking about this one way...

Regards
Ohms

_________________
“It's easier to fool people than to convince them that they have been fooled.” ----Mark Twain

www.leohl.ca


Top
 Profile  
Reply with quote  
PostPosted: Sun Jul 22, 2018 11:51 am 
Offline
User avatar

Joined: Mon Oct 17, 2011 6:55 pm
Posts: 3011
Location: Toronto, ON, CA
AudiOhm wrote:
sthomas1049 wrote:
AudiOhm wrote:
There are many ways that scams and fraud can be initiated, but remember, it is so much easier with these free services as I have mentioned than to create your own, that's it plain and simple.

I trying to make people aware of what is out there, and how easily it can be done with little to no effort, and no cost.

You can create http://www.canuckaudiomart.net, but you will have to register and pay, all this is tracked...

Regards
Ohms


I am not debating that is easy to mimic a company using Gmail. I am debating your claim that smaller business are more susceptible if they use Gmail as a service over a private host. The domain is irrelevant.

We are not creating a domain – we are spoofing one…there is no cost nor a need to register a spoof.

I referenced a specific topic, even supplied the link.

I never mentioned smaller business anywhere...why twist things around?

You are more than welcome to start a topic about all the ways to scam/fraud people, I am talking about this one way...

Regards
Ohms


Fair enough, you did not mention smaller business and twisting the story is not my intent if that is your interpretation. Companies that use Gmail, Yahoo etc as an email service are usually small in nature which is why I stated “small businesses”. But you did state…

Quote:
As a company if you use @gmail, @hotmail, @yahoo, @Rogers, @bell.net, etc. you are open to an easy fraud attack.


This is incorrect. Any company that uses these services are not any more open to a fraud attack than one who uses a private host. You stated this is due to the ease of mimicking a companies name by using Gmail. But any companies name can be mimicked regardless of the email service they use. How does this play a part in stealing a EMT? I see something that I am interested in on Bob’s Audio’s web site. I email the store at bobsaudio(at)gmail.com. How does the scam get carried out from here? Or am I missing something? Perhaps you can go into detail

Now if you are referring to the spam emails from the other thread, just note this does not involve EMT. The business in that case was not targeted because they used Rogers email service. It was either due to malware or having their contact list exposed to someone with malicious intent. Any company could have fallen victim and not just ones who use Gmail etc. None the less, an EMT could never be sent to the address that was used with that particular spam…it is the incorrect format. And if it was a correct format and someone sent money based on a random email, well hopefully it was a lesson learned. The spam was most likely a phishing attempt at trying to gain personal information from the recipients (and a very poor one at that). Much like the PayPal example I posted above.


Top
 Profile  
Reply with quote  
PostPosted: Sun Jul 22, 2018 1:02 pm 
Offline
User avatar

Joined: Sat Feb 23, 2013 10:41 am
Posts: 9840
Location: Burlington, ON, CA
^ You're really surmising here. It is probably that both the dealers responded to a phish for Interac or Paypal or Ebay or email. Once you stick that pW into the link, most users use one password. You open up pandora's box. Phishing relies on greed and/or gullibility. The phisherman may have specifically targeted CAM dealers in one net. Catching two and fleecing them and their customers would be a good night's grafting.

_________________
"There's no place like Space...."


Top
 Profile  
Reply with quote  
PostPosted: Sun Jul 22, 2018 1:41 pm 
Offline
User avatar

Joined: Mon Oct 17, 2011 6:55 pm
Posts: 3011
Location: Toronto, ON, CA
Che Cavolo wrote:
^ You're really surmising here. It is probably that both the dealers responded to a phish for Interac or Paypal or Ebay or email. Once you stick that pW into the link, most users use one password. You open up pandora's box. Phishing relies on greed and/or gullibility. The phisherman may have specifically targeted CAM dealers in one net. Catching two and fleecing them and their customers would be a good night's grafting.


Actually I am not surmising at all. It is very possible for either dealer to have fallen victim to a phishing attempt. But given one of the 2 incidents was resolved with the buyer receiving a refund from his bank tells me at least one of these incidents was a banking error, and not a scam. Banks do not refund money if the recipient of the EMT was preyed upon by a scammer. Or even the sender for that matter. Now if the scam exploited a fault within the bank, then yes, a refund will be issued. But that is extremely unlikely and not what we are discussing here.

Regardless, how does this support the OP’s claim that using an email service such as Gmail leaves one more susceptible to a fraud attack in the way of spoofing an email address?


Top
 Profile  
Reply with quote  
PostPosted: Sun Jul 22, 2018 1:44 pm 
Offline
User avatar

Joined: Tue Nov 23, 2010 4:37 pm
Posts: 3267
Location: London, ON, CA
That's better, not seeing certain posts is an advantage, never thought I would use it...

Regards
Ohms

_________________
“It's easier to fool people than to convince them that they have been fooled.” ----Mark Twain

www.leohl.ca


Top
 Profile  
Reply with quote  
PostPosted: Sun Jul 22, 2018 2:13 pm 
Offline
User avatar

Joined: Mon Oct 17, 2011 6:55 pm
Posts: 3011
Location: Toronto, ON, CA
AudiOhm wrote:
That's better, not seeing certain posts is an advantage, never thought I would use it...

Regards
Ohms


But I saw your post before you edited it.

I am sorry you feel that I’m taking over this thread. Your efforts are much appreciated as displayed with my first post applauding yours. But there is much speculation being thrown around over these 2 incidents which has now involved a completely separate spamming issue. And a lot of this speculation could be and is very damaging to ones business. One user claimed that the spam email he received was proof that one of these business was hacked (you even quoted him in the other thread!). Completely incorrect! Would you do business, regardless of what they were selling, with a company that was hacked? I certainly would not…at least not digitally!

As for my comments here…I have decades of experience from within the IT industry, most of which involves the Canadian financial industry. I have been deeply involved with Cyber Security to which I have worked alongside both local authorities and the RCMP. My efforts here are to try and insert fact and not speculation. I am sorry to say but claiming a business is more susceptible to fraud because they use Gmail is not fact.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 15 posts ] 

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group