I wonder how this scam works...

[glenwolde]

Yesterday I got an email from Square welcoming me and offering up information on my new account. Only I hadn't opened a Square account.

I went and tried to log in but of course I don't know the password. I used the reset password with the same email and got in. No activity but I did notice that there were two phone numbers for the two factor authentication. Mine and an unfamiliar one with a PA area code (I'm in Texas). I deleted the PA one. Changed the password again using the Google "suggest strong password" feature that issues a long string of gibberish for a password.

Go and change my google password, just in case. I don't think they got into it but you never know. I called my cell provider to be sure nobody had accessed it. I don't get how they created an account with my email and phone number without access to either.

I called Square but they said there was no account under that email. Thanks for nuthin'.

This is the second time I've gotten emails from some company confirming things I hadn't done. The last one was Walmart acknowledging my gift cards being credited to my account. I hadn't done that either. I called them and they were on it. Somebody had registered many hundreds of gift cards all less than a dollar to my account. The support guy requested permission to kill my account. Permission granted. I just opened another.

So if you get any weird emails about stuff you didn't do, check it out. Of course I have a lot of time on my hands.

 

[Truckman]

I get these all the time, and as an example if the sender's address header says "[email protected]" I hover it to get the source to find some string of gibberish with a source in China or elsewhere...I never open them, just mark them as spam and go about my day......Ben

 

[glenwolde]

I get these all the time, and as an example if the sender's address header says "[email protected]" I hover it to get the source to find some string of gibberish with a source in China or elsewhere...I never open them, just mark them as spam and go about my day......Ben

I get those too but this wasn't like that, this was legit from Square. I didn't click on any link in the email. I went to Square manually.

 

[Rustyt1953]

Here's how...

 

[Baxter6551]

I may be stupid and not up on this stuff but …. What is “Square” ?

 

[sjmjax]

Square is a service and device to process credit card sales for small business or individuals.

 

[LVSteve]

Are you sure the original email was from Square, and are you sure that it was Square's actual webpage you visited? Did you click on a link in the email to go to "Square"? You say you called them and they had no record of an account under your email. That tells me that their never was an account and the email was to get you to enter some information on a fake Square webpage useful to the scammer.

There is also the possibility that the scammer has gained access to your computer.

 

[Sistema1927]

The way that the scam works is that they were hoping that you would link your bank account to this phony Square account. They would then have the ability to clean you out.

 

[sophie]

The only way this scam works is if you fall for it. Most reputable secure sites will not contact you for your personal information. These scammers are all the same.
File 13

 

[Shibadog]

Too bad there’s not a scammer specific “bullet” you could send back to destroy Their computer.

 

[bwade]

Never, ever, ever respond directly to any emails that are unsolicited. The second you do, they have verified your IP address as a real person behind the email. Any other information from calling them, your name, and even your voice can be captured and used in scams in the future. Only two or three words of your voice can be used by AI to recreate your entire speech pattern. Also, don't answer calls on your phone that are unrecognized. Screen your calls through your voicemail.

If an email concerns you, contact only the legitimate company that did not send the email. You can find the legitimate company information by searching on any of the search engines.

Remember, this is the scammers day job. You will not be able to outsmart them by talking to them or whatever. If you have been scammed, call you local LE immediately.

 

[Rustyt1953]

Scammers, spammers and phishers have become brazen, emboldened and inured. They have seen and heard it all.

They operate on the premise that if they cast a lure often enough they will eventually snag a lunker.

 

[Tom S.]

The last one was Walmart acknowledging my gift cards being credited to my account. I hadn't done that either. I called them and they were on it. Somebody had registered many hundreds of gift cards all less than a dollar to my account. The support guy requested permission to kill my account. Permission granted. I just opened another.

I hope you called WalMart without using the phone number in the email!!!! The phone number in the email was likely a scammer who got information from you calling and is scamming you as I type this!

Never - ever respond to such an email or PM!!!

 

[GaryS]

These are usually phishing emails that will bring you to a website that looks like the legitimate one, but is actually there just to harvest personal information.

When you read the email, look at the header. Especially look at the "FROM:" information. If it's anything but the name of the company, it's a scam.

If it's something like "[email protected], it's a scam.

The scammers send out a couple of hundred thousand of these at a time and if they get one or two hits, then they have made their money.

They'll just sell that information, such as your user name and password to hackers. They know that some people use the same user name and password for ALL of their sites and never change a password. As a result, the hackers can try a few thousand bank and other financial institutions in the hope of logging in and being able to drain money out.

I get several emails from Geek Squad a week about my account. I don't have one, so I know it's a scam. Or I'll get an email about my non existent Wells Fargo account. I even got one about an account at a bank where I DO haven an account. I ignore them all.

One trick that a late friend who worked in IT security told me was to never read your email in HTML, use text only. If it's legit, you can change the view to HTML to read it. HTML is very easy to hide both bogus links and malicious programs in.

Yesterday I got an email from Square welcoming me and offering up information on my new account. Only I hadn't opened a Square account.

I went and tried to log in but of course I don't know the password. I used the reset password with the same email and got in. No activity but I did notice that there were two phone numbers for the two factor authentication. Mine and an unfamiliar one with a PA area code (I'm in Texas). I deleted the PA one. Changed the password again using the Google "suggest strong password" feature that issues a long string of gibberish for a password.

Go and change my google password, just in case. I don't think they got into it but you never know. I called my cell provider to be sure nobody had accessed it. I don't get how they created an account with my email and phone number without access to either.

I called Square but they said there was no account under that email. Thanks for nuthin'.

This is the second time I've gotten emails from some company confirming things I hadn't done. The last one was Walmart acknowledging my gift cards being credited to my account. I hadn't done that either. I called them and they were on it. Somebody had registered many hundreds of gift cards all less than a dollar to my account. The support guy requested permission to kill my account. Permission granted. I just opened another.

So if you get any weird emails about stuff you didn't do, check it out. Of course I have a lot of time on my hands.

 

[glenwolde]

Are you sure the original email was from Square, and are you sure that it was Square's actual webpage you visited? Did you click on a link in the email to go to "Square"? You say you called them and they had no record of an account under your email. That tells me that their never was an account and the email was to get you to enter some information on a fake Square webpage useful to the scammer.

There is also the possibility that the scammer has gained access to your computer.

Yes. Yes. No. Today they had the account when I talked to them for the second time. They refused to do anything without talking to my wife. The account has my wife's name on it, my email address and a 10 year old physical address. I never entered any of that. This is not a phishing attempt. I don't know how they did it.

Square doesn't care. I don't care at this point. They get scammed, some random citizen gets scammed, not on me. I told them. I did find the "deactivate your account" which "cannot be undone" and hit that. Seems like that might kill it.

It still had a recovery phone number with a PA area code, but I couldn't kill it without access to it.

Not a phishing scam. They never asked for personal information. I entered the URL for Square manually. I went to their support site and the address Square lists as legit is the same as the address the emails came from. I know how to read the details, it wasn't a spoof.

from: Square | Savings <[email protected]>
to: [email protected]
date: Aug 9, 2023, 2:02 AM
subject: Square Savings account . Earn more, starting now.
mailed-by: amazonses.messaging.squareup.com
signed-by: messaging.squareup.com
unsubscribe: Unsubscribe from this sender
security: Standard encryption (TLS) Learn more
: Important according to Google magic.

 

[BC38]

Yeah, this is what is known as a "phishing" email.
Scammers use emails like this to try to get you to give them your login info to legitimate financial websites. When they send an email to YOU and then want to speak to your wife, that is a dead giveaway.
They have gathered enough info on the internet to connect you and your wife, and are trying to exploit that connection to get information to try to defraud you.
In cases like this, the DELETE button in your email program is your best friend.