What kind of scam is this (1 Viewer)

[IC FBGCav]

The sent this to myself and coworker plus called me today.

From: "supplychain@say2.us" <supplychain@say2.us>

Subject: cyber security alert - stolen email and password my email@email.com

Date: October 21, 2016 at 2:23:46 PM EDT

To: mycoworkersemail@email.com

I just called your company with a stolen credential notification for: my email@email.com

The user-name and password for that account have been

stolen. One of the computers where this person reads their email - has

password stealing malware.

This means cyber criminals can: perform fraudulent transactions like logging into your computer(s) and accessing sensitive information.

Our website http://Say2.us has useful information about stolen credentials.

We are not selling anything. We are doing research - sponsored by the Department of Homeland Security (DHS) Science and Technology Directorate, Cyber Security Division via contract #D16PC00018. Part of our research is sharing this information with you.

Thank you so much for your time!

Dissect Cyber Inc

http://Say2.us

Contact us: (866) 530-1119

CONFIDENTIALITY NOTE: The information transmitted, including attachments, is

intended only for the person(s) or entity to which it is addressed and may

contain confidential and/or privileged material. Any review, retransmission,

dissemination or other use of, or taking of any action in reliance upon this

information by persons or entities other than the intended recipient is

prohibited. If you received this in error, please contact the sender and

destroy any copies of this information.

 

[IC FBGCav]

They have sent this email to at least 5 of my co workers.

 

[SWC]

it is an internet email scam brohan take that to the bank

 

[Joe Summer]

This is one of the oldest scams around. They just want you to click on their link so you will go to their website and give them your personal information.

 

[Sconch]

It's not a scam.  Follow the directions and do what they say.

 

[RokNRole]

If you meet me at the Panera in Arlington I will explain.

 

[IC FBGCav]

If you meet me at the Panera in Arlington I will explain.

 

[IC FBGCav]

it is an internet email scam brohan take that to the bank

I get that but there is nothing about it on google showing it is a scam.

 

[RokNRole]

I get that but there is nothing about it on google showing it is a scam.

Probably Google that is scamming you.

 

[rodg12]

My guess is that website has some pretty nasty malware if you'd go to it.  Also, once there they will probably do the standard runaround nonsense where they try to get your username/pw and then credit card information.

 

[hagmania]

My guess is keylogger.

 

[IC FBGCav]

I reported the site to google.  

 

[RokNRole]

I reported the site to google.  

Well this thread didn't provide me with any closure at all.

Thanks Jerry

 

[IC FBGCav]

Well this thread didn't provide me with any closure at all.

Thanks Jerry

Better hurry up, the janitor is up for his interview.

 

[SWC]

it is probably a scam to try and get stuff from you like you will say i do not have any money and they will say well what do you have and you say hey man i got this flashlight and then they say send it to us and you do and bam next time the power goes out you hit your head on a low beam and that my friend is how they get you take that to the bank 

 

[Tom Servo]

It's probably a targeted phishing scam, since your co-workers also got it. Whomever it is wants access to your company information.

 

[gianmarco]

Well this thread didn't provide me with any closure at all.

Thanks Jerry

Start a new one so you can get closure.  Or just start a new one about what you ate for lunch.

 

[IC FBGCav]

It's probably a targeted phishing scam, since your co-workers also got it. Whomever it is wants access to your company information.

I keep getting emails that are "from" the company owner asking me to wire money.  The email from the owner is a .co not .com address with our domain name so they have jumped through some hoops trying to scam me.

 

[The Hank]

Hmmmmmm....

 

[Tom Servo]

I keep getting emails that are "from" the company owner asking me to wire money.  The email from the owner is a .co not .com address with our domain name so they have jumped through some hoops trying to scam me.

I took some phishing training at work a month or so ago. A .co address is definitely a tip-off that this is a scam.

 

[captain_amazing]

I keep getting emails that are "from" the company owner asking me to wire money.  The email from the owner is a .co not .com address with our domain name so they have jumped through some hoops trying to scam me.

Your company needs to implement SPF, DKIM, and DMARC email policies with their email service.  That will help prevent the From name spoofing attempts that you're seeing.  Otherwise, someone is going to find themselves with some ransom ware pretty quick on their machine.

Basically, anyone can spoof any domain they want.  It's analogous to sending snail mail - if I knew your physical address, I could send letters to random people with your name and address information on the return line, causing the recipients to think it came from you.  Email works pretty much the same way.