 SCAMMER ALERT Probable Hack, Mia@autoatlanta |
|
|
|
Porsche, and the Porsche crest are registered trademarks of Dr. Ing. h.c. F. Porsche AG.
This site is not affiliated with Porsche in any way. Its only purpose is to provide an online forum for car enthusiasts. All other trademarks are property of their respective owners. |
|
|
  |
| 914Sixer |
 Feb 12 2019, 07:26 AM
Post
#1
|
|
914 Guru  Group: Members Posts: 8,903 Joined: 17-January 05 From: San Angelo Texas Member No.: 3,457 Region Association: Southwest Region 
 |
Got a phony invoice claiming to be an invoice from Automobile Atlanta for $825.25. Looks like Mia Dejonckheene has been hacked. Real culprit is <smumoz@darsalud.com.ve>. Claims to be an eInvoice. DO NOT click on it.
|
   |
 
|
| SirAndy |
Feb 12 2019, 12:08 PM
Post
#2
|
|
Resident German Group: Admin Posts: 41,676 Joined: 21-January 03 From: Oakland, Kalifornia Member No.: 179 Region Association: Northern California |
QUOTE(914Sixer @ Feb 12 2019, 05:26 AM)  Got a phony invoice claiming to be an invoice from Automobile Atlanta for $825.25. Looks like Mia Dejonckheene has been hacked. Real culprit is <smumoz@darsalud.com.ve>. Claims to be an eInvoice. DO NOT click on it. There is no member here with either of those email addresses, so if they were hacked, it's on their company/personal email accounts. (IMG:style_emoticons/default/shades.gif) |
|
|
|
| dr914@autoatlanta.com |
Feb 12 2019, 01:19 PM
Post
#3
|
|
914 Guru Group: Members Posts: 7,894 Joined: 3-January 07 From: atlanta georgia Member No.: 7,418 Region Association: None |
This is Jason. I take care of the online operations at Auto Atlanta, George is still in Europe.
We've seen a few reports of people receiving emails showing Mia's name as the sender, but the "from" addresses we've seen are half-hearted attempts at spoofing her real email as mia@autoatlanta.comOtherName@gmail.com or similar. They're clearly not coming from her real email account, but as a precautionary measure we've logged and analyzed all activity on every system she uses and have engaged our email service provider to ensure none of the emails are coming from her account. We'll continue to monitor all of our systems for any suspicious activity, but for now it seems apparent this is an entirely external issue. As with all emails, it's best to be suspicious of any email that asks you to click a link. This is especially true if the email is unexpected, even if it's from a familiar person or company. For example, a late payment notification or an invoice from a company that's on a different day than your usual bill or not in a format you'd expect to see. Here are a few common signs of phishing emails: It's entirely unexpected, such as a bill from a company that does not typically email you a bill. The email has some sense of urgency, such as wildly inflated past due notices or threats of account termination. The FROM email address is incorrect, even if the name is correct, such as "Microsoft <support@macrossaft.com>" There are curious grammar issues, typos, or use of uncommon phrasing in the email, such as "It is high important you to pay before account termination!" If you get an email that looks to be from your bank or other company familiar to you, simply log into your bank yourself through their website or app rather than clicking a link in the email. Any "urgent" account notification in the email would likely be shown to you when you log in manually as well. If for any reason you need to click a link in the email, hover your mouse over the link and make sure what it's showing in the popup toolbar is the site you expect to see. It's very easy to show www.bank.com in the email, but hovering your mouse over the link may reveal that it's taking you to an entirely different site. Even after clicking the link, check the URL shown at the top of the browser to make sure it's the right site. It's free to send email and incredibly easy to spoof everything about them, so there will always be people that will try to get the low hanging fruit. For every 1,000 emails sent they're guaranteed to have at least one person that didn't pay attention, was in too much of a hurry, or simply didn't know how easily even the best looking and most authoritative email could be faked. Be suspicious, take your time, and never click a link in an email unless you absolutely must. |
|
|
|
| rhodyguy |
Feb 12 2019, 01:23 PM
Post
#4
|
|
Chimp Sanctuary NW. Check it out. Group: Members Posts: 22,090 Joined: 2-March 03 From: Orion's Bell. The BELL! Member No.: 378 Region Association: Galt's Gulch |
Any idea about the 've' in the culprit address? Just curious.
|
|
|
|
| dr914@autoatlanta.com |
Feb 12 2019, 01:49 PM
Post
#5
|
|
914 Guru Group: Members Posts: 7,894 Joined: 3-January 07 From: atlanta georgia Member No.: 7,418 Region Association: None |
QUOTE(rhodyguy @ Feb 12 2019, 12:23 PM) Any idea about the 've' in the culprit address? Just curious. .ve means the domain is registered in Venezuela. |
|
|
|
| billh1963 |
Feb 12 2019, 03:10 PM
Post
#6
|
|
Car Hoarder! Group: Members Posts: 3,402 Joined: 28-March 11 From: South Carolina Member No.: 12,871 Region Association: South East States |
QUOTE(dr914@autoatlanta.com @ Feb 12 2019, 02:49 PM) QUOTE(rhodyguy @ Feb 12 2019, 12:23 PM) Any idea about the 've' in the culprit address? Just curious. .ve means the domain is registered in Venezuela. Looks like capitalism is alive and well in that socialist “paradise” (IMG:style_emoticons/default/biggrin.gif) |
|
|
|
| SirAndy |
Feb 12 2019, 04:19 PM
Post
#7
|
|
Resident German Group: Admin Posts: 41,676 Joined: 21-January 03 From: Oakland, Kalifornia Member No.: 179 Region Association: Northern California |
QUOTE(billh1963 @ Feb 12 2019, 01:10 PM) QUOTE(dr914@autoatlanta.com @ Feb 12 2019, 02:49 PM) QUOTE(rhodyguy @ Feb 12 2019, 12:23 PM) Any idea about the 've' in the culprit address? Just curious. .ve means the domain is registered in Venezuela. Looks like capitalism is alive and well in that socialist “paradise” (IMG:style_emoticons/default/biggrin.gif) It's most likely a hijacked account, so your political commentary is very much unneeded ... (IMG:style_emoticons/default/dry.gif) |
|
|
|
| Nogoodwithusernames |
Feb 12 2019, 04:24 PM
Post
#8
|
|
Member Group: Members Posts: 239 Joined: 31-May 16 From: Nor-Cal Member No.: 20,051 Region Association: None |
I agree with Jason above, we even get some internally at my company and we are a pretty small company. A co-worker has gotten emails from "me", but they are all usually poorly phrased requests to pay a late invoice or some such. They just put my email and name at the bottom of it all and it shows up as from me when people get it, but if you look at the actual email address it's usually from some foreign domain.
|
|
|
|
| billh1963 |
Feb 12 2019, 07:19 PM
Post
#9
|
|
Car Hoarder! Group: Members Posts: 3,402 Joined: 28-March 11 From: South Carolina Member No.: 12,871 Region Association: South East States |
QUOTE(SirAndy @ Feb 12 2019, 05:19 PM) QUOTE(billh1963 @ Feb 12 2019, 01:10 PM) QUOTE(dr914@autoatlanta.com @ Feb 12 2019, 02:49 PM) QUOTE(rhodyguy @ Feb 12 2019, 12:23 PM) Any idea about the 've' in the culprit address? Just curious. .ve means the domain is registered in Venezuela. Looks like capitalism is alive and well in that socialist “paradise” (IMG:style_emoticons/default/biggrin.gif) It's most likely a hijacked account, so your political commentary is very much unneeded ... (IMG:style_emoticons/default/dry.gif) Feel free to delete. You own the site.... |
|
|
|
| mepstein |
Feb 12 2019, 07:44 PM
Post
#10
|
|
914-6 GT in waiting Group: Members Posts: 19,313 Joined: 19-September 09 From: Landenberg, PA/Wilmington, DE Member No.: 10,825 Region Association: MidAtlantic Region
|
QUOTE(Nogoodwithusernames @ Feb 12 2019, 05:24 PM) I agree with Jason above, we even get some internally at my company and we are a pretty small company. A co-worker has gotten emails from "me", but they are all usually poorly phrased requests to pay a late invoice or some such. They just put my email and name at the bottom of it all and it shows up as from me when people get it, but if you look at the actual email address it's usually from some foreign domain. We just got some at school. Supposedly from the headmaster so all the faculty and staff would be more likely to open it. I only read the emails what the chef prepares for lunch and dinner so I never get suckered. |
|
|
|
| SirAndy |
Feb 12 2019, 07:46 PM
Post
#11
|
|
Resident German Group: Admin Posts: 41,676 Joined: 21-January 03 From: Oakland, Kalifornia Member No.: 179 Region Association: Northern California |
QUOTE(billh1963 @ Feb 12 2019, 05:19 PM) QUOTE(SirAndy @ Feb 12 2019, 05:19 PM) QUOTE(billh1963 @ Feb 12 2019, 01:10 PM) QUOTE(dr914@autoatlanta.com @ Feb 12 2019, 02:49 PM) QUOTE(rhodyguy @ Feb 12 2019, 12:23 PM) Any idea about the 've' in the culprit address? Just curious. .ve means the domain is registered in Venezuela. Looks like capitalism is alive and well in that socialist “paradise” (IMG:style_emoticons/default/biggrin.gif) It's most likely a hijacked account, so your political commentary is very much unneeded ... (IMG:style_emoticons/default/dry.gif) Feel free to delete. You own the site.... You missed my point entirely ... (IMG:style_emoticons/default/dry.gif) |
|
|
|
| porschetub |
Feb 12 2019, 09:53 PM
Post
#12
|
|
Advanced Member Group: Members Posts: 4,705 Joined: 25-July 15 From: New Zealand Member No.: 18,995 Region Association: None |
Or perhaps a previous unhappy worldwide customer,sorry to say but there has been a few in the past...karma moves on...just saying (IMG:style_emoticons/default/sad.gif) .
|
|
|
|
| Gmanscott55 |
Feb 12 2019, 10:04 PM
Post
#13
|
|
Member Group: Members Posts: 182 Joined: 3-February 16 From: Sunset Beach,Ca Member No.: 19,630 Region Association: Southern California |
Well written Jason... Unfortunately scammers are everywhere. See several of these a week.
|
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
|
Lo-Fi Version | Time is now: 8th June 2024 - 12:46 AM |
Invision Power Board
v9.1.4 © 2024 IPS, Inc.