This will be a quick post. We have received a phishing mail to our [email protected] mail address telling that they are “lemmy.world Security Team”, telling that they will “disconnect” your account from our instance. This is ofc, not us. Do not fall for it! The attached image is how the mail looks like.

~Lemmy World Team.

  • @NOT_RICK
    link
    English
    981 year ago

    Hello, it is I, John Security. Please respond to this message with your name and SSN or the FBI will arrest you for unpaid back taxes. Also, do you have any iTunes or Google play gift cards laying around?

    • @jordanlund
      link
      361 year ago

      Don’t forget! Lemmy automatically detects and blocks sensitive information so it’s totally safe to enter your SSN:

      ###-##-####

      See! It works!

    • @Emerald
      link
      71 year ago

      Arnold Michael Scott 419-06-1111

      I have $5000 in iTunes and $6,000,000 in Google play gift cards, why do you ask?

    • @pdxfed
      link
      11 year ago

      I’d send to Microsoft EEs today, might get a few bites.

  • @TheGoldenGod
    link
    931 year ago

    Jesus. Phishing emails like this have become so commonplace I actually miss the old Viagra spam emails in l33tspeak.

    • @SpaceNoodle
      link
      361 year ago

      My spam folder is still chock full of those.

      • @BeanEater
        link
        161 year ago

        When’s the last time you checked your spam folder, 2003? I legitimately haven’t seen the 1337sp34k spam in 20 years. Lately it’s been Africans leaving me money at the embassy that I have to go pick up

        • Echo Dot
          link
          fedilink
          151 year ago

          For some reason I seem to be getting a lot of spam emails in French. And all of the links are pretending to be French Canadian postal service websites.

          I don’t know why because I’m neither French nor Canadian. Nor have I ever been to Canada.

          • ares35
            link
            fedilink
            21 year ago

            and isn’t everyone a candidate for ‘best business in canada’ these days?

        • @Eheran
          link
          11 year ago

          The subject is sometimes a word with random capitalisation and potentially letters replaced with numbers or symbols.

      • ares35
        link
        fedilink
        61 year ago

        lately i’ve been getting a lot of phishing attempts targeting users and customers of mainstream sites with that, or l___o___t___s of punctuation separation i.n t.h.e t.e.x.t itself.

  • Annoyed_🦀
    link
    fedilink
    661 year ago

    How do you guys know it’s not you guys?

    Joke aside, i wonder why they wanna phish for user account in lemmy? Unlike the exploit like a few months ago that specifically target admin, this one seems like it target anyone, it so random.

  • @[email protected]
    link
    fedilink
    581 year ago

    Isn’t it a waste of time trying these scams on lemmy.

    I could be wrong here but I would argue the vast majority of users are somewhat tech proficient since it’s not reached mass adoption and the user base is well, just us nerds?

    • @[email protected]
      link
      fedilink
      English
      551 year ago

      Tech folks still fall for phishing. It takes a momentary lapse, failure to caffeinate, it happens.

      Lemmy is currently full of newly registered domains with weird suffixes, the kind that traditionally have been a phishing indicator. Lemmy.world is going to be harder to phish than some of the other ones where you have to read closely.

      • Karyoplasma
        link
        fedilink
        31 year ago

        This is the story how my Steam account got hacked:

        I was talking to a friend of mine at a party and I just bought a new game (forgot which one). He told me that he thought about buying the game as well and asked if I could let him try it out one time. I said “sure, just message me and you can log into my account and test it”. 2 days later, he wrote me on steam asking for my login data and I thought nothing of it since we spoke about it in person, so I gave him the info. Turned out, his account got hacked and the intruder basically got a two for one special by just asking lol

        Steam support rectified the situation and didn’t even scold me for sharing my account which is clearly a violation of their ToS.

    • @SgtAStrawberry
      link
      301 year ago

      Well one of the best scam hunters on YouTube lost his account to a scam. So not really a waste of time, trying Lemmy.

        • @SgtAStrawberry
          link
          1
          edit-2
          1 year ago

          It was Jim Browning, as another comment said. I can never remember his name more than Jim, so I settled for job description, as he is easy to find that way.

          But others have been through it also, Linus Tech Tips, The Spiffing Britt and Atomic Shrimp are the other big ones I know of, but there is plenty more. Of those Atomic Shrimp is also a scam hunter like Jim, so it definitely shows that just because you are very familiar with what it looks like you aren’t immune too it.

          I can’t remember if they all fell for the same or similar ones or if it was different ones, but that really doesn’t matter so much.

          And what happend was Jim and LTT got tricked into deleting there channels. LTT by a fake sponsorship and Jim I don’t remember someone else said it was fake YouTube support.

          Spiff had something of a similar thing happen but I don’t remember the means, and Atomic Shrimp I believe was a different typ of scam not related to YouTube.

          But everyone got their channels back in the end.

      • @psud
        link
        31 year ago

        Atomic Shrimp did a video on how he fell for a spear phishing scam

    • @affiliate
      link
      151 year ago

      i click every link that shows up in my email, keeps life interesting

  • Flying Squid
    link
    531 year ago

    I got an almost believable phishing text yesterday from a ‘collection agency’ that wanted me to download a PDF and go to their website. It looked very official and I’m having some debt issues, but it didn’t tell me who it was representing or what I owed or anything like that, so I could tell it was phishing. But a less-savvy person could have totally been fooled by it because it looked very real.

    • @[email protected]
      link
      fedilink
      English
      211 year ago

      I got a spam message that was surprisingly well written until I realized wait a minute, if this is true, why do you need me to tell you who I am?

    • @[email protected]
      link
      fedilink
      161 year ago

      It’s especially bad if you are half asleep and panic click on something, especially with session hijacking

  • @Clbull
    link
    381 year ago

    Why would they target Lemmy users?

    Your typical Lemming (for lack of a better term) is not technologically inept and would generally not fall for a phishing scam. They’d earn a lot more money from targeting Redditors.

    • cally [he/they]
      link
      fedilink
      English
      81 year ago

      Your typical Lemming (for lack of a better term)

      idk i like “lemming”

    • @[email protected]
      link
      fedilink
      5
      edit-2
      1 year ago

      Attention! u/spez demands that you suckle upon his prostate like a thirsty little pig!

      “OMG guys, ^ THIS!”

    • u/unhappy_grapefruit_2
      link
      -1
      edit-2
      1 year ago

      Aren’t people who use lemmy already or had used reddit I mean lemmy was brought out as an alternative to reddit which many people on reddit flocked to when spezy wezy started doing his you-know-wut

      Plus I’m sure there’s alot of people here whom won’t be as informed about phishing emails

      • @Clbull
        link
        2
        edit-2
        1 year ago

        It’s more like there’s a technical barrier for using Lemmy (or any fediverse social media for that matter) and for actually giving a shit about Reddit’s API policy.

        There’s a tendency for more tech-saavy people going to Lemmy.

  • @affiliate
    link
    361 year ago

    how do you know it’s not from the secret second mod team?

  • @zepheriths
    link
    341 year ago

    That’s absolutely hilarious. It’s like people don’t know how Lemmy works

    • @[email protected]
      link
      fedilink
      131 year ago

      That’s exactly how run of the mill phishing scams work. They prey on the people stupid or senile enough to not see anything wrong with this email and avoid wasting time on the people that easily spot the scam

    • Quinten
      link
      English
      131 year ago

      OR ELSE!!

  • @dreadedsemi
    link
    291 year ago

    It’s weird that they target Lemmy, what would they get? Access to account that shitposts? Only important accounts are admin, even communities are small here

    • @[email protected]
      link
      fedilink
      341 year ago

      My guess is they did not. It doesn’t appear to be targeting Lemmy, it’s just a generic spam email.

      Note the email was received at the [email protected] address. The email most likely got the [email protected] email address, took the domain from it, lemmy.world, and put this in their spam generator. The email doesn’t even make sense, because it says they need to install an app for their mail but it’s a custom domain.

      If you imagine most of the emails on their spam list are @gmail.com or @outlook.com, etc, then the email looks like it is coming from the gmail.com security team or the outlook.com security team. The email no longer makes sense when you have a custom domain.

    • Kayn
      link
      fedilink
      231 year ago

      It’s not targeted at Lemmy. This phishing mail simply assumes that lemmy.world is an email provider, and that [email protected] is a registered email account there.

    • Dremor
      link
      41 year ago

      Vote manipulation?

      • Echo Dot
        link
        fedilink
        41 year ago

        I guess we’ve made it mainstream if that’s a consideration

  • Obinice
    link
    211 year ago

    Why are these sorts of things always written by somebody who can clearly barely speak English?

    • @bananabenana
      link
      511 year ago

      I read that this was to weed out savvy people. People who aren’t skeptical of poorly written emails or messages are their target audience. Could be wrong though.

      • @[email protected]
        link
        fedilink
        241 year ago

        I think it’s mostly an unintended benefit. These scams are usually run out of countries with English as a second language, so you get some grammatical errors in translation. It does increase the conversion rate, though, so they don’t bother spending extra money getting a native English speaker to copy edit.

      • Chariotwheel
        link
        fedilink
        171 year ago

        Yes, exactly this. You want people who can’t see behind the simple facade. Because they are more likely to be easily fooled. You don’t want to work someone who is very sceptical or just moderately sceptical. In that time you could work through a bunch of people that can’t see behind this and pull out money from them.

        Scammers want easy marks. Why wouldn’t someone make it easier for themselves by naturally filtering out people that can’t be easily fooled?

      • Echo Dot
        link
        fedilink
        131 year ago

        I’m sure that’s some of it, but also I think a lot of it is this is the kind of crap you do get if you run Chinese through Google translate and just copy paste the output.

        It’s almost fine but then it falls apart and doesn’t really make sense.

    • @[email protected]
      link
      fedilink
      161 year ago

      What is unclear? All you have to do is resolve the Lemmy world app on Android and install the errors on your iPhone mail.

      • Echo Dot
        link
        fedilink
        91 year ago

        Yeah I’m not actually quite sure I understand what the issue they are pretending is.

  • slazer2au
    link
    181 year ago

    Do you have plans to enable DMARC, DKIM, and SPF to make the emais more likely to be flagged as spam by email filters?

  • @[email protected]
    link
    fedilink
    English
    181 year ago

    I’ve gotten an email like this before for lemdro.id. I think it’s a generic phishing email since the community links look like email addresses (and actually often are)

    • Antik 👾
      link
      31 year ago

      Heya Cole, yeah I think it was a pretty generic fishing attempt. But we just wanted to get the word out. Normally Lemmy users are quite tech savvy but you never know. Cheers!

      • @[email protected]
        link
        fedilink
        English
        31 year ago

        Yeah no worries, all I’m saying is it’s a silly phishing attempt since it is only emailing admins!

  • @CrayonRosary
    link
    141 year ago

    Such good English, too. How could you not trust that?

    • @Papanca
      link
      English
      131 year ago

      At least, it doesn’t say ‘kindly’

      • @zeppo
        link
        English
        51 year ago

        That’s basically means it’s not from India.