Watch out for scams, folks

  • No1
    link
    fedilink
    arrow-up
    4
    ·
    edit-2
    1 year ago

    I just got a new scam (to me) today that nearly got me.

    An email about my Spotify account. I’d recently changed my plan, so good timing by the scammers. It said there was a payment problem and would be charged a cancellation fee.

    Fortunately, I’ve trained myself to ONLY GO DIRECT TO THE SITE AND LOGIN THERE. So, I go to spotify, and the account looks all good. Then when I looked at the email more closely, yep, all the links go to a site not spotify. Gave myself a pat on the back.

    Once the scam email is marked as spam, it garbles itself, so you can’t look at what it had said. Hadn’t seen that before. Of course, if you unmark it as spam, you can see it again.

    Be careful out there!

    • beatle
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      That sounds impossible. Have you got the raw source?

      • No1
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        1 year ago

        I was amazed. Assumed it’s a whopping big pile of JavaScript in an html attachment. Yeah, i still have it. Will take a proper look tomorrow if I remember…

      • No1
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        1 year ago

        Checked it out, and it’s simpler than I thought.

        Screen caps of email. The first is as it arrived in the Inbox, the second in the Junk folder.

        Basically, they have an inline HTML file (and an inline spotify png). The HTML has lots of embedded rubbish text, associated with a specific style. That style is set to display:none, so it is hidden.

        Now by default Thunderbird shows me the inline images and css. As it’s set none, I don’t see the rubbish text and the message looks and reads like a normal message.

        But when it’s marked as Junk, Thunderbird won’t show the image, and won’t show any css. So the message then displays all the rubbish text and it looks garbled.

        eg: the Bold heading in the body of the email is actually the html here

        • Taleya
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          That’s pretty standard with moz - junk mail use hotlinked images and shit so they can see on their traffic side when an email is viewed. It’s why mail programs increasingly block external content by default (well that and the viral payloads). When you flag as spam, thunderbird takes it out of the ‘allow remote content’ list.