Admins Beware, New Scam

Ben44

Ben44

Active member
I've received my first ever scam email. I clicked on the link which took me to a site asking for £269 GB.
I clicked on the link as I keep a recovery backup so can do a secure erase of my NVME and do a recovery.
The I.P. address comes back as Russia.
I have checked with my registrar and it doesn't expire until July 2024.

I'm putting this here so all those who own URLs will be aware.

_____________________________________________

The following message has been sent from Kimberly Foster
<notification@connectnic.com> (IP: 185.248.102.189) via the contact
form at Plymouthchat.com.

PLYMOUTHCHAT.COM REGISTRATION​

CANCELLATION FINAL ALERT​

Notice: We are not responsible for any economic losses, information
loss, downgrade in search engine rankings, lost clients, undeliverable
email or any other detriments that you may experience after the
termination of plymouthchat.com. For more details please look at
section 512.j.1a of our Terms of Service.
This is your final notice to renew plymouthchat.com:
https://connectnic.com/?d=cmJsY2VVaWhxaHZpLnFlYw==
In the case that plymouthchat.com ceases, we maintain the right to
provide your position to competing businesses in the identical niche
and region after 3 business days on an auction basis.
This is the final communication that we are legally required to send
out regarding the expiration of plymouthchat.com
Secure Online Payment:
https://connectnic.com/?d=cmJsY2VVaWhxaHZpLnFlYw==
All operations will be instantly reinstated on plymouthchat.com if
payment is received in full before expiry. Thank you for your
cooperation.
 
Well at 80 years old, it was pure inquizativeness, I don't have a lot to do these days and don't know much about these
scams except pay no one who asks for money.
 
This is not a new scam, this kind of stuff has been going on for years and even deceptively worded messages trying to trick people to switch registrars similar to the old days and long distance carriers via mail.

You should not be clicking on suspicious links either. Large companies actually randomly audit employees and send out fake messages to see of they will click them and if they do, they get a write up.
 
Thanks Mike. I do read a lot on the net and have never seen it mentioned.
I don't have to worry about an employer, I retired 20 years ago.
 
Scam emails are like junk phone calls, you don't owe these people any time or consideration. Block, delete, hang up. Don't waste your time on them. $.02
 
Ben44 said:
I don't have to worry about an employer, I retired 20 years ago.
Click to expand...
The point was, that clicking on malicious links is so bad, employers are now sending out fake ones to test employees. Never click on a bad link.
 
Last edited:
I fully understand what you are saying Mike and I wouldn't have done it unless I could securely wipe my hard drive and
do a recovery which is what I did immediately after looking, plus a full scan before leaving the site.
 
I get these monthly for domains I own, been getting them for quite a few years now, and the other scam is the phone call / email pretending to be your registrar (which can easily be looked up) and trying to sell you another similar domain that has just become available, all they want is you CC details.....

There are more scams now than real emails/calls...... (at least thats what I am finding)
 
Ben44 said:
I fully understand what you are saying Mike and I wouldn't have done it unless I could securely wipe my hard drive and
do a recovery which is what I did immediately after looking, plus a full scan before leaving the site.
Click to expand...

I do consultancy for a company and we get phishing and scamming tests online monthly

Another friend of mine is the MD of a large company UK based, with locations worldwide, they got hit a month ago with a bitcoin ransomware when an employee in an EU country hit a link months back, which put some ransomeware virus on there PCs which then over a month or so spread across 40% of the groups computers and servers..... Then everything got locked and the got the bitcoin request...... It has cost them heavy in lost software and backups as all were corrupted.......
 
I have all contact form emails going to an account i very seldomly check. My way of thinking is, if someone really wanted to get in touch with me about my website, you'll make an account and send me a PM about whatever it is they need to say.
 
Muddy Boots said:
I do consultancy for a company and we get phishing and scamming tests online monthly

Another friend of mine is the MD of a large company UK based, with locations worldwide, they got hit a month ago with a bitcoin ransomware when an employee in an EU country hit a link months back, which put some ransomeware virus on there PCs which then over a month or so spread across 40% of the groups computers and servers..... Then everything got locked and the got the bitcoin request...... It has cost them heavy in lost software and backups as all were corrupted.......
Click to expand...
Is that employee still employed?
 
wedgar said:
Is that employee still employed?
Click to expand...
Now there's a good question...

@Ben44 if you really must check out the effects of clicking these scam links, never do it on your main OS install, even if you have a backup. Why? Because it will have personal info stored in it like logins and other sensitive data, which could be lifted from it in an instant, especially if that link does a drive by download. If you have another drive connected with just data on it, that's vulnerable, too. Instead, have a separate PC, not just a VM sandbox, with nothing on it but a basic OS install and nothing else, no personal data and try it there.

While you're at it, you might want to have your router configured for a VPN to hide your IP address too and make sure to have the test PC as the only one on the network.

This goes for whether you use Windows or Linux.

The best bet however, is just to do what others on here are saying and simply not click on those links, ever. Let antimalware vendors do that instead for researching how to neutralise the threats.
 
wedgar said:
Is that employee still employed?
Click to expand...
At my workplace, I think it would depend on whether they clicked a real phishing link or one of our test ones. There's a prescribed process for failing the phishing test, basically having to take additional privacy and security training over and above what everyone gets. If it was a real one, though, yeah. HR and their manager would having a discussion with them, esp. if they had a previous record of failing the tests.
 
But to be fair to the employee - the company had little security on passwords, gave no training on phishing or anything like that.......
 
Lee said:
Pretty usual over here. “A variation of “P4ssword” is our standard issued password from IT 🤣
Click to expand...
If you think about it, even a blank password, just requiring Enter to be pressed can offer a little more security than you'd expect, because no one would suspect someone of being that dumb lol. Still wouldn't take them long though, of course.
 
Lee said:
Pretty usual over here. “A variation of “P4ssword” is our standard issued password from IT 🤣
Click to expand...
Even our default passwords tend to be a least minimally complex nowadays. And if not, it is usually because it is a temporary password and they have to set one as soon as they use the new password.
 
Top Bottom