Nope. The heading is actually “Reviews”. I looked just now and the spam is still there.
I’ve never seen a parade in Moscow with so many red flags.
Attention Email ID.
This is the Inland Revenue Service (IRS)and International Organization of 185 member countries. It was established to promote international monetary cooperation, exchange stability, and orderly exchange arrangements; to foster economic growth and high levels of employment; to fight against money-laundering and terrorism and to provide temporary financial assistance to countries and help ease balance of payments adjustment. It our pleasure to let you know again today that we have notify to informed you from Federal Government of United States of America that the Bank of Canada Regional Office
Something tells me the real Google isn’t happy about this misuse of gmail.
GOOGLE WINNING NOTIFICATION®2023.
We wish to congratulate you once again on this note, for being part of our lucky winners selected this year. This promotion was set-up to encourage the active use of the Google search engine and the Google ancillary services. Hence we do believe with your winning prize, you will continue to be active and patronage to this company. Google is now the world leading search engine worldwide, and in an effort to sure that it remains the most widely used search engine, an online e-mail balloting was carried out on the 1th January 2023 without your knowledge, it was officially released yesterday being the 1th July 2023
We which to formally announced to you that your email address was attached to a lump sum of 850,000.00{Eight Hundred And Fifty Thousand Great British Pounds Sterling’s}.
We also wish to inform you that you have successfully passed the requirements, statutory obligations, verifications and our satisfactory report test conducted for all our online winners. A winning Cheque will be issued in your name by Google Promotion Award Team, and also a certificate of prize claims will be sent along side your winning Cheque.
These are your award details.
Security Code Number: GUK/4532345G.
Ticket No: GUK/699/33/2022
Winning Number: GUK/877/798/2023
Information’s required from you are part of our precautionary measure to avoid double claiming and unwarranted abuse of this program.
To claim your winning prize, please contact our Foreign Transfer Manager MR. JOHNSON TAYLOR neatly filling the verification and fund release form below…
VERIFICATION AND FUNDS RELEASE FORM.
(1) Your contact address.
(2) Your Tel/Fax numbers.
(3) Your Nationality/Country.
(4) Your Full Name.
(5) Sex.
(6) Occupation
(7) Age.
(8) Ever won an online lottery?
Mode of Prize Remittance.
(1)Courier Delivery Of your Certified Winning Cheque Name and other Winning Documents safely to you.
You are advised to contact your Foreign Transfer Manager MR. JOHNSON TAYLOR with his private email details below to avoid unnecessary delay and complications:
FOREIGN CLAIMS MANAGER
AGENT MR. JOHNSON TAYLOR
GOOGLE SECURITY DEPARTMENT (UK)
E-mail: [redacted]
The Google Promotion Award Team has discovered a huge number of double claims due to winners informing close friends relatives and third parties about their winnings and also sharing their identification numbers. As a result of this, these friends try to claim the lottery on behalf of the real winners. The google promotion award committee has reached a decision from the headquarters at the United Kingdom that any double claim discovered by the Lottery Board will result to the disqualification of the winners lottery.So you are hereby strongly advised once more to keep your winnings strictly confidential until you claim your prize.
Congratulations from the Staffs & Members of the Google interactive Lottery Board Commission.
Yours Sincerely,
MRS. LINDA ALLEN
GOOGLE ZONAL COORDINATOR
LONDON,UNITED KINGDOM
lies in our investigations
Wow, some actual refreshing heartfelt honesty from these people at long last!
I won $7,500,000 from Publishers Clearinghouse this week! All I have to do is tender “a Security Depositing Fee (FDIC) of Eighty-Five Thousand US Dollar ($85,000).” I finally convinced them I have plenty of money but I don’t have a bank account because I am a marijuana farmer and the U.S. Postal service won’t sell me more than two thousand dollars in money orders in one day. They finally agreed to accept cash but I am insisting they file an IRS form 8300 (cash payments over $10,000). I sent them a form with my information but I want to see the completed form for my records because, “I’m always straight up with the IRS”. I told them they could call back tomorrow and I get up before sunrise. They have called back several times this evening but I ignored the calls. I am a farmer after all and I go to bed when the sun goes down.
OK, here’s another new one – to me, at least.
I posted an ad for a low-value ($20) item on FB Marketplace and immediately (red flag #1) got this reply from “Jennifer”:
Hi, I’m working now,please text my husband.He can pickup it today anytime at #(405) 237-5710.Thanks.”
What? She can’t text her husband, but I’m supposed to? I composed a reply saying I didn’t feel comfortable texting someone’s husband out of the blue, but Messenger “couldn’t send” which appears to mean that the person has blocked me. Hmm.
I Googled the phone number but no match. “Jennifer’s” FB profile shows a join date of 2023 and no friends or activity (red flag #2).
So of course it’s a scam but what would have happened if I’d texted her “husband?”
Here’s a much more sophisticated scam than I’m used to seeing.
I work for a very small company. At work 2 days ago, I received an email from CEO, with the COO cc-ed, directing me to wire a payment to a new consultant, with the invoice attached. (This is not at all unusual, but I would never pay without getting a LOT more info.) I received a reply-all from COO 11 minutes later saying “Here’s the approval - [actual first name]” (as he typically does) and attached was the invoice with the COO’s usual digital date stamp and signature. Normally I’d stroll to his office 10 feet away and mention it, but he sent it back first.
There were several tipoffs: a) the CEO’s email address had 2 vowels reversed, b) the invoice had a company street address which I knew wasn’t a real address as I’m from the area it was supposedly from, c) The subject line had the name of the new company with another word tacked on the end which is part of the name of our attorneys’ law firm (which also emails us invoices) - think “Watershed Hamlin” if Hamlin, Hamlin & McGill were our attorneys, d) more than the usual number of misspellings on the invoice. The COO’s email address showing was correct. I wouldn’t have wired payment without confirming a lot of other details with the CEO and COO, but it’s easy to see how this could have slipped past someone else.
In actuality, the COO never received the original email, despite it appearing he’d been cc-ed. And of course, the CEO never sent it.
We all have 2-factor authentication. The date stamp and signature had been lifted off of an approved invoice from some time previous which COO had emailed me.
Our IT company determined that it was the COO’s email which had been hacked. He changed his password and the IT guys did whatever it is they do. This was all 2 days ago.
CEO has been sending out some stockholder updates the last few weeks due to an upcoming round of funding - several had clickable links with relevant documents. Today, a stockholder got an email from fake CEO’s misspelled email address, telling him to click on a link to see a document. Luckily he contacted CEO right away and CEO sent out a letter to all stockholders warning them. IT company has determined that no further hacking has taken place and it didn’t go past our email into company files, but that the hackers had gotten a list of stockholders from COO’s email account. Of course, with an upcoming round of funding, this couldn’t have come at a worse time.
Hopefully this is the end of the saga, but somehow I doubt it.
thats quite beyond the “throw stuff at the wall and see what sticks” phishing …
there is quite some criminal energy and human analysis in this case going on (e.g. identifying names/roles, “reverse-engineering” company structures, etc…)
if you don’t mind … what order of magnitud was the “wire $xxxx to consultant”?
You would get a fake email from Venmo/Zelle/PayPal, etc. confirming a payment to your account was made. Goodbye item.
Or, the husband would text back that he’s sending a courier but you need to send him the courier fees so he can pay the driver.
When selling online, insist on cash only. Folding money on the barrelhead.
If they even answer, they’ll insist that Venmo/Zelle/PayPal, etc. is just as good as cash. For them, yeah.
This is the way. I’ve bought and sold a few pontoon boats. Each transaction has involved cash. I’m fine with meeting up at a bank or police station, but will only accept Benjamins.
I’ve had people explain why their cashiers check or other form of payment was preferred. I suggest they find a seller willing to work with them.
It was for ~$38,000. It was for services that we typically use. The date stamp on the approval was the correct date. The wording in the emails was exactly as the CEO and COO usually use to me.
Oh yeah. I always put “cash only” right in the ad. But what’s new about this one is the request to text a third party. Usually they just make a couple of vague inquiries about the item (“is it in good condition?”) and then ask for Venmo or Zelle. Did they want my cell # for some nefarious (spoofing?) purpose? Possible, I suppose, but a pretty roundabout way to get it.
I was curious whether any of you had encountered this particular con.
A few months ago I received an email at work that purported to be from our IT Department with a new procedure for two-factor authentication. I just had to click on the link and enter my work credentials (username and password). There was a deadline of a few weeks in the future to do this.
I didn’t actually see the email until 10 days or so after it was sent as I was out for shoulder surgery. I assumed they were rolling out some new security procedure that had been announced while I was out of the office. But I was busy when I saw the email and figured I could do it later since the deadline was still a week or so in the future. The upshot is that the email mostly passed my first [mental] scam-detection filter. The grammar and wording of the email seemed fine (i.e. typical workplace).
But being a cautious sort of person I decided I would check with my IT Department before clicking on the link or entering my credentials when I wasn’t 100% sure it was legit.
About a week or so later I remembered the email and decided to look at it a little closer before calling my IT Department. The sender’s name seemed somewhat familiar but only somewhat. Then I realized that the person had actually retired a few years back. Then I realized that the sender’s name and email address were both spoofed and the email had actually been sent from outside of the organization.
Then I called my IT Department and forwarded the scam email to them.
Well, I’m 40 out of 41 on the reporting fake phishing attacks that actually come from Information Security.
I was fooled halfway by one that looked exactly like the actual message we get warning us that our mailbox size is reaching its limit, and we need to either fill out a request to increase our storage limit.
After I clicked the site asked for my credentials and I noticed that it wasn’t our intranet site url. And sure enough there was a double lowercase “L” in the senders email address where there should only be a single one. Like “mailboxservices@sellectaservice.com”
At that point I realized I’d been had, took a screenshot of email and website, closed the webpage, and reported the incident to Information Security. But it still counts as a failure.
Unfortunately the failure rate on many of the “tests” are over 30%. Thousands of my coworkers merrily punch their userid and password into a bogus screen, try to initiate wire transfers to imaginary payees or open attachments that have the executive compensation details. It’s depressing.
Wow, you received a real phishing email message? The only ones I ever see are the monthly test ones from IT, most of which are really obvious.
I told this story to my son, and he says the only phishing emails he gets are also test ones from his IT department.
So now I’m wondering if the email I received was also a test one…
At my company, when I report the test messages, I get a “congratulations” message that makes it obvious.
I might have a scam check (or maybe not).
Got a $1000+ check from something called NCP Healthcare Mgmt Co. No letter, just an attached portion claiming it’s “Pt Overpayment Refund” and a date from last month. The date itself doesn’t correspond to any treatment or doctor visits I’ve had.
Going to the company’s website I find a lot of corporate BS about “Professionals in the Field of Healthcare Planning and Management”, and two phone numbers. One is disconnected, and the other goes to an answering service which claims “They’re out to lunch.”, no matter what time you call. The entire company goes at once I guess. 
I got curious and googled the company’s address (from website), which seems to be in a strip mall somewhere between a Lowes and an urgent care facility.
So my question: How does this scam work? If I deposit the check and it’s no good, how do the scammers benefit? Other than wasting my time, what do they gain?
FTR: Here’s their website: https://www.ncphealthcaremanagement.com/
The usual way this works: you are urged to deposit the check quickly, then something “wrong” is discovered, such as too much money sent to you or you are the wrong payee. In your desire to help out some unfortunate clerk, you send them a refund, which they cash immediately. When you find out their check is no good, they’re gone.
This is one I haven’t seen before.
Dear Sir,
This mail is authorized from the United Nations Office for the Coordination of Humanitarian Affairs to assist Sudanese refugees that have been victims of war, who are willing to relocate out of Sudan for schooling and investment abroad.
The Honorable Secretary General of the United Nations (António Guterres) who took office from Ban Ki-Moon, South Korean diplomat and politician, has begun to use his good office to assist African refugees who would like to study and invest in your country.
I find your profile very interesting and the United Nations Organization has chosen you as Ambassadors/Humanitarian officer to the United Nations High Commissioners of Refugees(UNHCR)to help in the investment program of refugees that will be relocating to your country.
Kindly get back to us if you are interested in this appointment as Ambassador to the United Nations.
Sincerely Yours
Dr. David Mensah
Head of Operation
United Nations Office for the
Coordination of Humanitarian Affairs
And yet I’m not addressed by name. (bolding mine)
BTW, the fool upthread is now at over 2200 emails. He comes in to tell me once again that once I make my payment, I’ll receive my funds, we spar for a bit and he wanders off for a few days.