This will be a quick post. We have received a phishing mail to our [email protected] mail address telling that they are “lemmy.world Security Team”, telling that they will “disconnect” your account from our instance. This is ofc, not us. Do not fall for it! The attached image is how the mail looks like.
~Lemmy World Team.
deleted by creator
having [email protected] as your personal email would be pretty sick. i would love to put that on my resume
Hello, it is I, John Security. Please respond to this message with your name and SSN or the FBI will arrest you for unpaid back taxes. Also, do you have any iTunes or Google play gift cards laying around?
Don’t forget! Lemmy automatically detects and blocks sensitive information so it’s totally safe to enter your SSN:
###-##-####
See! It works!
Hunter2
Did it work?
Yes, that looks like ####### to me
Arnold Michael Scott 419-06-1111
I have $5000 in iTunes and $6,000,000 in Google play gift cards, why do you ask?
I’d send to Microsoft EEs today, might get a few bites.
Jesus. Phishing emails like this have become so commonplace I actually miss the old Viagra spam emails in l33tspeak.
My spam folder is still chock full of those.
When’s the last time you checked your spam folder, 2003? I legitimately haven’t seen the 1337sp34k spam in 20 years. Lately it’s been Africans leaving me money at the embassy that I have to go pick up
The subject is sometimes a word with random capitalisation and potentially letters replaced with numbers or symbols.
Isn’t it a waste of time trying these scams on lemmy.
I could be wrong here but I would argue the vast majority of users are somewhat tech proficient since it’s not reached mass adoption and the user base is well, just us nerds?
Well one of the best scam hunters on YouTube lost his account to a scam. So not really a waste of time, trying Lemmy.
That sounds so crazy, who was it? What happened?
It was Jim Browning, as another comment said. I can never remember his name more than Jim, so I settled for job description, as he is easy to find that way.
But others have been through it also, Linus Tech Tips, The Spiffing Britt and Atomic Shrimp are the other big ones I know of, but there is plenty more. Of those Atomic Shrimp is also a scam hunter like Jim, so it definitely shows that just because you are very familiar with what it looks like you aren’t immune too it.
I can’t remember if they all fell for the same or similar ones or if it was different ones, but that really doesn’t matter so much.
And what happend was Jim and LTT got tricked into deleting there channels. LTT by a fake sponsorship and Jim I don’t remember someone else said it was fake YouTube support.
Spiff had something of a similar thing happen but I don’t remember the means, and Atomic Shrimp I believe was a different typ of scam not related to YouTube.
But everyone got their channels back in the end.
Atomic Shrimp did a video on how he fell for a spear phishing scam
i click every link that shows up in my email, keeps life interesting
Living on the edge
I got an almost believable phishing text yesterday from a ‘collection agency’ that wanted me to download a PDF and go to their website. It looked very official and I’m having some debt issues, but it didn’t tell me who it was representing or what I owed or anything like that, so I could tell it was phishing. But a less-savvy person could have totally been fooled by it because it looked very real.
how do you know it’s not from the secret second mod team?
That’s absolutely hilarious. It’s like people don’t know how Lemmy works
Why would they target Lemmy users?
Your typical Lemming (for lack of a better term) is not technologically inept and would generally not fall for a phishing scam. They’d earn a lot more money from targeting Redditors.
I’m guessing it’s sent to anyone with a custom domain, rather than lemmy specifically.
Aren’t people who use lemmy already or had used reddit I mean lemmy was brought out as an alternative to reddit which many people on reddit flocked to when spezy wezy started doing his you-know-wut
Plus I’m sure there’s alot of people here whom won’t be as informed about phishing emails
It’s more like there’s a technical barrier for using Lemmy (or any fediverse social media for that matter) and for actually giving a shit about Reddit’s API policy.
There’s a tendency for more tech-saavy people going to Lemmy.
Eh true
RESOLVE ISSUE NOW
OR ELSE!!
It’s weird that they target Lemmy, what would they get? Access to account that shitposts? Only important accounts are admin, even communities are small here
Vote manipulation?
Loads of instances don’t require an email to sign up so that doesn’t make any sense.
Why are these sorts of things always written by somebody who can clearly barely speak English?
I read that this was to weed out savvy people. People who aren’t skeptical of poorly written emails or messages are their target audience. Could be wrong though.
Do you have plans to enable DMARC, DKIM, and SPF to make the emais more likely to be flagged as spam by email filters?
Such good English, too. How could you not trust that?
At least, it doesn’t say ‘kindly’
That’s basically means it’s not from India.
Hey, quick question. I’m assuming these emails are automated, so how do they know your account’s email? Is this part of a leak or are they sending email via “send notification to email” option in lemmy?
There are some commonly used emails by most domain owners, like: info, webmaster, security, reports, sales, etc. Some people also set their email with a catch-all address, so if someone sends an email to “cat.in.tights”, they’ll get it too.
Ah. so that “[email protected]” is an email and this is not related to fediverse. Jus checked, there’s no such account here. No point in making an announcement about it here if its not related to fediverse and only gets sent to domain owners, imho. lol
I wonder what they thought of when they wrote “Security Team.” I just think of security guards.
