I’ve noticed a new style of PHISHing email recently that has become very numerous. Ace Hardware offering a $50 reward, Lowe’s offering a reward, Walmart offering a Dyson vacuum for $1, Costco, UPS, CVS… most of them over and over and over. A few look good enough to fool someone IF they could actually believe in money for nothing. Most are clumsy and inarticulate. I recall reading somewhere that being easy for an intelligent person to skip is actually deliberate on the part of the scammers; if you are stupid/ignorant/gullible enough to disregard the warning signs you are exactly the victim they are looking for.
I tell Yahoo they are spam, but half the time Yahoo comes back and asks me if I really want to mark them as spam when I can just unsubscribe from the (imaginary) mailing list. That mailing list bit is another new angle. I tell Yahoo again that it is spam, but so far not one of these has been put in the spam folder automatically.
Ya know, G-mail has been quite good about spam. On my 3 main (used) emails (2 decades old), I get maybe 1 spam email a month, that gets by the filters. Other than this, my spam folder is never empty and it’s been this way for well over a decade! (knock on wood!) I do check my spam folder for false++ that could end up there. Usually I find nothing.
Sorry that Yahoo is not better in fighting this. Switch? (I know, prob not)
We use an outside email filter, outside DNS and our firewall, three levels of protection from different sources that look for all kinds of threats. When they figure out a new method I’ve noticed it sidesteps them all for a while until one of the services catches on and eliminates it. It’s quite bizarre, as they obviously look like spam and should be detectable. Something else about them is screaming “I’m legit”
Does not work when they spoof their IP.
But, it was also once stated, and I paraphrase… “you will never get rid of all evil”.
Yep, guess we have to LIVE with it… for a short term.
Did you see the QR code commercial, during the superbowl? OMG! …no way in he11 I’m scanning that!
Why not?
I was not at all worried about a QR code that someone paid $5M to put on TV.
They have a big amount of money, so have deep pockets if they did something malicious.
The TV broadcaster isn’t going to risk itself by putting an ad for something that’s malicious (or put together by a fly-by-night operation). They know they’d have legal risk (and they want to be sure they get the $5M for running the ad)
And I figure anyone spending $5M to put that QR code on the screen has good enough people working for them that they’ve made sure the URL it’s pointing to can’t be readily subverted by someone malicious.
And yes - I tried scanning it - it wasn’t recognized by my phone.
Would I scan a QR code on a flyer on the street? Heck no.
But I do scan other codes - like the QR codes in the parking lot for checking in at the orthodontist. (which could be easily replaced overnight by someone that was being nefarious)
Because I can't "UNRING THAT BELL". They gave no indication who the ad was for. Preverbial bait...
I also value my privacy... and have no way to know what info they will gleam from me. No, not going there. My privacy is worth more than they are willing to pay. What, they didn't pay you to get your "personal information"?
[ww.exactlywhatIthought.pl](http://ww.exactlywhatIthought.pl)
And I figure anyone spending $5M to put that QR code on the screen has good enough people working for them that they’ve made sure the URL it’s pointing to can’t be readily subverted by someone malicious.
I don’t think the amount of money spent has anything to do with how secure the site is that you’ll end up on.
They can collect a lot of information from that should you continue to where the QR code sends you.
I don’t think the amount of money spent has anything to do with how secure the site is that you’ll end up on.
Someone spending $5M is going to point to a professional site. They know that what they’re doing is going to be attacked. And they’re going to spend money to ensure that they don’t get bad PR from their ad.
Someone spending $0.05 to print out a QR code on a flyer might point to a professional site, but they have no motivation to make sure that the site they’re using can’t be easily subverted by someone. Maybe they use a commercial site setup by a big company that for their own reputation is making sure it’s secure (ie. they point to a group on facebook/instagram/whatever). But it’s also quite possible they’re pointing to an insecure webserver, or using a URL that can be redirected to a malicious website by taking over the DNS entries.
They can collect a lot of information from that should you continue to where the QR code sends you.
They get the same information however you visit the website.
Whether it’s via a QR code or by typing in the URL.
The QR code is just a computer-readable piece of text. If they can convince you to visit their website (ex. “see jeep.com for more information”) they are gathering the same information - which isn’t that much until they start cross referencing with other data sources. They get things like what web browser you’re using and your IP address. They can cross-check this with other databases to get more information on you. For example, you might have searched for something on a website, when you did that search that search was probably tied to a cookie in your browser, and then an ad might be served to browsers with that cookie and the ad could be targeted to some of the terms in that search.
They can collect a lot of information from that should you continue to where the QR code sends you. They get the same information however you visit the website. Whether it’s via a QR code or by typing in the URL.
Can you unring that (QR) bell? I can't... yet you still think these are good things? *BTW, I can unring coookies. That's easy... I also only use my PC for stuff I WANT to visit. Yea, riff-raff (tries) gets in, but it's usually easily dealt with.*
Sorry peoples... again, my personal information is worth something, as is my peace of mind. They can't pay me enough... YMMV
[ww.securitymeanssomethinghere.pl/NEVERhadmyidentitystolen.kn...](http://ww.securitymeanssomethinghere.pl/NEVERhadmyidentitystolen.knockonoak/)