That’s what I was wondering; I assume @running_coach was smart enough not to have put out any real money, but what about the scammer on the other side? Did they actually front money in this case?
I always use fake transaction receipts, no real money involved. What’s amazing is that even though it’s well beyond when such payments should have cleared, they seem convinced the money is coming.
Couple of examples.
Nasty “Computer Locked Up” Scam: I’m a little old lady with a pretty pedestrian browsing routine. A craft company with which I’ve done business before sent me an email with a sale offer, so I clicked on it. Oops Got a robotic voice, a scary chyron scrolling along the bottom of the screen and the screen shown below. The email sender address was legit so the message must have been hacked at their end, but I’m so annoyed with them that I’ve blocked further emails.
Anyhow, no, of course I didn’t call the number, but had to bring up task manager to get my browser back & then run an antivirus scan (no malware found). What a nuisance – and could be very dangerous to naive users. So consider this a public service announcement.
Good job not panicking.
I might not have thought to go to the task manager. I have levelled up.
Yes, glad to see you kept it cool. You may also want to clear cache and cookies just in case, but that’s up to you.
Oh, and while blocking the sender makes sense, you can be the better person and let them know that their email has been compromised, so that no one else get’s hit. Of course, depends on the scale of the craft business they’re in. But if it saves another customer from going through what you did…
Again, you don’t have to be that good a person, but if it’s easy, why not?
I don’t know what that means?
@ParallelLines, I left them a message on their web page with the image attached & said they should tighten up their security to protect their customers. This is a very large crafting site that targets the little-old-lady demographic, and I can easily imagine many (most?) of the poor old dears freaking right out and turning over their computers to these slimeballs. We’ll see if I get a reply.
That sounds like a more than fair effort, kudos to you.
It’s very likely that the email didn’t come from their servers, and that they weren’t compromised in any way. It’s far more likely somebody is just using their name to send out bulk spam and there’s nothing they can do about it.
This.
It’s stupid easy to spoof the sender’s identity in old-fashioned (i.e., normal) email. If you wanted to analyze the email headers, you can look at the servers that originated and handled the message en route to guess whether the stated origin is true, but most mail clients make you dig for that. And then you have to understand the mail header format, and most people aren’t ready for RFC 822.
https://www.rfc-editor.org/rfc/rfc822
It’s good you let them know their email address is being used for nefarious purposes, even if their systems aren’t actually being used to send the malware mail. At a minimum they need to know that their customers are being targeted and that they are being slandered online.
Thanks folks!
If that’s what happened, it was very cleverly done. The ad appears to be genuine (i.e., the “sale” mentioned matches what is shown on their website and there are none of the usual typos and grammatical errors). Can a scammer cut and paste a genuine ad and then insert a link that redirects to a lock screen if the user clicks on it?
I’m certainly not tech savvy enough to analyze headers in any depth, but the address doesn’t appear to be spoofed if I “show original” in Gmail.
If they can copy the html from the page, and it isn’t too complicated, ConstantContact the email app (and I’m sure others) lets you create a mail from it. It is trivial to change links in this mail. It’s also very simple to copy and paste the images and reproduce the text.
I got an e-mail this morning from Norton Antivirus announcing that my antivirus subscription was about to renew to the tune of $254.31 and helpfully supplying a toll-free number to call with any questions.
I was pretty sure I don’t have any connection with Norton, apart from a possible free surveillance plan funded by one of the dog-ass companies I did business with which got data-hacked. Then I noticed the e-mail was sent by norahjones****.com, which I suspected is not an official Norton e-mail address. Could Norah Jones be so far down on her luck that she is scamming people’s e-mails?
A search of the listed toll-free number reveals that it is associated with one Teweldebrhan Bassirzadeh, who sounds like a totally trustworthy person to whom I should give my credit card and banking information, although not quite as solid-sounding as Udaldo Schpuntow and Eztli Bentler, who are connected to closely related 1-888 numbers.
All in all, it’s been a nerve-wracking day, and I am about ready to go and lie down.
This letter appeared in my email inbox this morning. The accompanying photos were quite nice. He looks like a sensitive fellow, and age-appropriate for me.
Good day…
I have been on your LinkedIn profile for some days now admiring your beautiful face, I must say you caught my eyes. I am interested in communicating more and sharing more about me with you and hope to learn more about you too, that is if you are single and interested in communicating further. I understand we don’t technically know each other but You look so radiant in that wonderful smile of yours.
This is all new for me, it is the first time I would ever go against the protocol of doing business only on the Linked-in website. I do believe everything is possible if we put our mind and heart together just like I believe that good things can be found in the least places and when we least expect. I do not just give out my personal details like email or phone numbers to people on linkedin or off it, but i am willing to make a compromise to communicate with you so here am i emailing you off the site because i really wanted to touch base with you.
However, you may wish to know that there is therefore someone who truly admires you and that someone is Me. I hope no offense is taken, I understand the medium is a business networking medium and not a dating or social networking website and I don’t intend to use it for one. I will wait for your response soon hopefully. I am sending you a couple of recent pictures too just so you know what I look like.
Best Regards
Thanks…
H. Gibson.
Sounds like a true business professional to me.
Do a reverse image search just to find where he got them. Unless he left the watermarks.
Well, Henry Gibson was quite the ladies’ man.
He’d love to touch base with you after he gets out of prison. (my guess)
No matches. Maybe he’s a decent-looking scammer?
I’ve seen pictures of real scammers. Not likely. 
My wife is having an issue with an Ebay seller. He sent the wrong item, then contacted her to say, “I must have sent you the wrong item, because I have yours right here in my hand. I think I sent you one intended for somebody else. If I send a shipping label along with it will you use it to send the wrong item back?”
Reasonable enough, but the correct item came without a shipping label included. It was also badly damaged (many missing pages). She requested and received a refund. But he still wants the wrong item back.
Today he sent her a message, “It seems I can’t issue a return order since I already issued the refund. Is it ok if I send you the money to buy a shipping label?”
The answer is, “No. Send me a shipping label and I’ll drop the package in my mailbox, but I’m not putting in more effort than that.”
It’s vaguely possible this is a scam from the beginning, and if she said ok he would send her an extra $1000 and ask for the money back. It seems like a lot of trouble to go to for an overpayment scam, but it is possible.