This will be a quick post. We have received a phishing mail to our info@lemmy.world mail address telling that they are “lemmy.world Security Team”, telling that they will “disconnect” your account from our instance. This is ofc, not us. Do not fall for it! The attached image is how the mail looks like.
~Lemmy World Team.
deleted by creator
Hello I am Tim from Microsoft Apple Your computer has a virus and I need you to do the needful
You forgot “asap”
download the free robux generator
robux.exe
John Appleby
having info@microsoft.com as your personal email would be pretty sick. i would love to put that on my resume
Hello, it is I, John Security. Please respond to this message with your name and SSN or the FBI will arrest you for unpaid back taxes. Also, do you have any iTunes or Google play gift cards laying around?
Don’t forget! Lemmy automatically detects and blocks sensitive information so it’s totally safe to enter your SSN:
###-##-####
See! It works!
Hunter2
Did it work?
Yes, that looks like ####### to me
This will never stop to be funny.
Mr McAfee noooo.
Arnold Michael Scott 419-06-1111
I have $5000 in iTunes and $6,000,000 in Google play gift cards, why do you ask?
I’d send to Microsoft EEs today, might get a few bites.
Jesus. Phishing emails like this have become so commonplace I actually miss the old Viagra spam emails in l33tspeak.
My spam folder is still chock full of those.
When’s the last time you checked your spam folder, 2003? I legitimately haven’t seen the 1337sp34k spam in 20 years. Lately it’s been Africans leaving me money at the embassy that I have to go pick up
For some reason I seem to be getting a lot of spam emails in French. And all of the links are pretending to be French Canadian postal service websites.
I don’t know why because I’m neither French nor Canadian. Nor have I ever been to Canada.
and isn’t everyone a candidate for ‘best business in canada’ these days?
The subject is sometimes a word with random capitalisation and potentially letters replaced with numbers or symbols.
lately i’ve been getting a lot of phishing attempts targeting users and customers of mainstream sites with that, or l___o___t___s of punctuation separation i.n t.h.e t.e.x.t itself.
How do you guys know it’s not you guys?
Joke aside, i wonder why they wanna phish for user account in lemmy? Unlike the exploit like a few months ago that specifically target admin, this one seems like it target anyone, it so random.
To exploit password reuse.
Bingo!
Awesome because of the way it’s written it’s practically guaranteed that admins will know it’s a scam.
I got an almost believable phishing text yesterday from a ‘collection agency’ that wanted me to download a PDF and go to their website. It looked very official and I’m having some debt issues, but it didn’t tell me who it was representing or what I owed or anything like that, so I could tell it was phishing. But a less-savvy person could have totally been fooled by it because it looked very real.
I got a spam message that was surprisingly well written until I realized wait a minute, if this is true, why do you need me to tell you who I am?
It’s especially bad if you are half asleep and panic click on something, especially with session hijacking
Why would they target Lemmy users?
Your typical Lemming (for lack of a better term) is not technologically inept and would generally not fall for a phishing scam. They’d earn a lot more money from targeting Redditors.
software devs and other highly technical IT roles fail phishing tests at my company
[This comment has been deleted by an automated system]
Your typical Lemming (for lack of a better term)
idk i like “lemming”
Probably overreach of an automated system
Removed by mod
Attention! u/spez demands that you suckle upon his prostate like a thirsty little pig!
“OMG guys, ^ THIS!”
Your typical Lemming (for lack of a better term)
That’s the right term
Aren’t people who use lemmy already or had used reddit I mean lemmy was brought out as an alternative to reddit which many people on reddit flocked to when spezy wezy started doing his you-know-wut
Plus I’m sure there’s alot of people here whom won’t be as informed about phishing emails
It’s more like there’s a technical barrier for using Lemmy (or any fediverse social media for that matter) and for actually giving a shit about Reddit’s API policy.
There’s a tendency for more tech-saavy people going to Lemmy.
Eh true
how do you know it’s not from the secret second mod team?
That’s absolutely hilarious. It’s like people don’t know how Lemmy works
That’s exactly how run of the mill phishing scams work. They prey on the people stupid or senile enough to not see anything wrong with this email and avoid wasting time on the people that easily spot the scam
It’s weird that they target Lemmy, what would they get? Access to account that shitposts? Only important accounts are admin, even communities are small here
My guess is they did not. It doesn’t appear to be targeting Lemmy, it’s just a generic spam email.
Note the email was received at the info@lemmy.world address. The email most likely got the info@lemmy.world email address, took the domain from it, lemmy.world, and put this in their spam generator. The email doesn’t even make sense, because it says they need to install an app for their mail but it’s a custom domain.
If you imagine most of the emails on their spam list are @gmail.com or @outlook.com, etc, then the email looks like it is coming from the gmail.com security team or the outlook.com security team. The email no longer makes sense when you have a custom domain.
I see. That makes perfect sense.
It’s not targeted at Lemmy. This phishing mail simply assumes that lemmy.world is an email provider, and that info@lemmy.world is a registered email account there.
Vote manipulation?
Loads of instances don’t require an email to sign up so that doesn’t make any sense.
I guess we’ve made it mainstream if that’s a consideration
RESOLVE ISSUE NOW
OR ELSE!!
Why are these sorts of things always written by somebody who can clearly barely speak English?
I read that this was to weed out savvy people. People who aren’t skeptical of poorly written emails or messages are their target audience. Could be wrong though.
I think it’s mostly an unintended benefit. These scams are usually run out of countries with English as a second language, so you get some grammatical errors in translation. It does increase the conversion rate, though, so they don’t bother spending extra money getting a native English speaker to copy edit.
Yes, exactly this. You want people who can’t see behind the simple facade. Because they are more likely to be easily fooled. You don’t want to work someone who is very sceptical or just moderately sceptical. In that time you could work through a bunch of people that can’t see behind this and pull out money from them.
Scammers want easy marks. Why wouldn’t someone make it easier for themselves by naturally filtering out people that can’t be easily fooled?
I’m sure that’s some of it, but also I think a lot of it is this is the kind of crap you do get if you run Chinese through Google translate and just copy paste the output.
It’s almost fine but then it falls apart and doesn’t really make sense.
What is unclear? All you have to do is resolve the Lemmy world app on Android and install the errors on your iPhone mail.
Yeah I’m not actually quite sure I understand what the issue they are pretending is.
Do you have plans to enable DMARC, DKIM, and SPF to make the emais more likely to be flagged as spam by email filters?
I’ve gotten an email like this before for lemdro.id. I think it’s a generic phishing email since the community links look like email addresses (and actually often are)
Heya Cole, yeah I think it was a pretty generic fishing attempt. But we just wanted to get the word out. Normally Lemmy users are quite tech savvy but you never know. Cheers!
Yeah no worries, all I’m saying is it’s a silly phishing attempt since it is only emailing admins!
Such good English, too. How could you not trust that?
At least, it doesn’t say ‘kindly’
That’s basically means it’s not from India.
Hey, quick question. I’m assuming these emails are automated, so how do they know your account’s email? Is this part of a leak or are they sending email via “send notification to email” option in lemmy?
There are some commonly used emails by most domain owners, like: info, webmaster, security, reports, sales, etc. Some people also set their email with a catch-all address, so if someone sends an email to “cat.in.tights”, they’ll get it too.
Ah. so that “info@lemmy.world” is an email and this is not related to fediverse. Jus checked, there’s no such account here. No point in making an announcement about it here if its not related to fediverse and only gets sent to domain owners, imho. lol
