Pages in topic:   [1 2 3] >
Possible scammer emailing via holly@legacymgt.net, with Proz.com profile @ proz.com/profile/2541908
Thread poster: Michael Beijer

Michael Beijer  Identity Verified
United Kingdom
Local time: 14:35
Member (2009)
Dutch to English
+ ...
May 3

I just received an email from: holly@legacymgt.net (her Proz.com profile is @ http://proz.com/profile/2541908 )

Holly Ader holly@legacymgt.net via proz.com
6:37 PM (57 minutes ago)
to ProZ.com

Hello, I need a document to be translated before the 26th May.
I can email it to you to view and you confirm your availability


----------------------------------------
This message was sent to you via the ProZ.com directory.
Sender: Holly Ader
Sender's profile: http://proz.com/profile/2541908
Sender's IP address: 213.245.55.181
To adjust your ProZ.com email preferences, visit this page:
http://proz.com/?sp=ef
For technical assistance, please submit a support request:
http://proz.com/support
----------------------------------------

Next email said:

holly@legacymgt.net
May 3, 2018, 7:24 PM
to me

You have received an incoming docs shared with you via Dropbox. Click here to view attachment.

You may have a limited time to view the documents.

...

"Click here" links … via http://rebrand.ly/609ad … to this page:

https://sbhikehty.info/bilaikm/hyv6x8i4yw0civk6t91debrz.php?8L8CL915253721577a84004c58574b91bf93fa354ca38fde7a84004c58574b91bf93fa354ca38fde7a84004c58574b91bf93fa354ca38fde7a84004c58574b91bf93fa354ca38fde7a84004c58574b91bf93fa354ca38fde&Official=&BilalSaeed

Clicking on the "Google button", e.g., goes here:

https://sbhikehty.info/bilaikm/stepg2.php

c7ouljfxiuturly4ppyi.png

The Outlook button, e.g., takes you to a page with shifty looking stuff in the code. It contains e.g. this:



gzsa0tfxo4i9hdplhjwg.png

What the heck is "MaskedPassword.js"?

All the pages also looks handmade, and contains small errors.

Also, all buttons, links etc. on all pages link to various pages on https://sbhikehty.info only, instead of to e.g. official Microsoft, Google, Outlook etc. pages.

;**************************************************

THIS LOOKS LIKE THE WORK OF A SCAMMER TO ME!

I also just sent this message to Proz.com support.

Michael







[Edited at 2018-05-03 18:59 GMT]


 

Marie Rollet  Identity Verified
United Kingdom
Local time: 14:35
Member (2016)
English to French
Glad I am not overly suspiscous ! thank you! May 3

Received the exact same email, today, 18:44. Haven't replied as I was trying to find out a little more about this person. Short, very impersonnal messages always ring alarm bells to me...
Thank you for somewhat confirming my suspicions !


 

Nema Alaraby
United Kingdom
Local time: 14:35
Member (2017)
English to Arabic
+ ...
Thank you! May 3

Oh, I thought the email was a bit odd but didn't think of a scammer. Thank you for that!

 

Neeraj Nagarkatti
United Kingdom
Spanish to English
+ ...
Received same message May 3

Hello,
I received the same message.
It's probable spam.
Good to know.
Thanks.


 

Cecilia Gowar
United Kingdom
English to Spanish
+ ...
Thanks! May 3

I received the same message and replied telling her to send the document to see what it was. I usually get emails from Proz asking me to do jobs at risible prices but gave her the benefit of the doubt.
Then I found this thread while googling the name.
I clicked on one of the links you provided and my system sent a red alarm saying it was not safe.
So I'll just delete and ignore her/his reply.
Regards.


[Edited at 2018-05-03 19:41 GMT]


 

Malika Lakbiach  Identity Verified
Local time: 14:35
Dutch to Arabic
+ ...
Thanks for flagging this May 3

I have just received the exact same email and started searching for a bit more of info on this so-called "end customer". Not much on Proz, but the bit from her email address took me to this page of what looks like a posh restaurant: http://legacymgt.net/

I think I will just delete the email and not sepend any more time on it.



[Edited at 2018-05-03 19:36 GMT]


 

IrinaN
United States
Local time: 08:35
English to Russian
+ ...
Why, why, why???...!!! May 3

Michael, with all due respect... with your experience this is unforgivable.

The profile is 2 days old at best, no contact info, "Hello, I need a document to be translated"... What in the world possessed you to reply? Did you indeed follow all those unknown links? It's called phishing.

If your computer is still not infected, you should consider yourself very lucky. Please run every mal- and anti- ware you can access. Changing all banking/ financial passwords you may have had saved and remembered in your PC may not be such a bad idea either.

Good luck, and please, don't do that again!icon_smile.gif

Irina


 

Josephine Cassar  Identity Verified
Local time: 15:35
Member (2012)
Italian to English
+ ...
I received one too May 3

From the same person from the same email address but the email was not like yours. I didn't bother with it as the message did not interest me. I also did not bother as the profile seemed to be created and updated today with little or no information. Here is what the very impersonal email said:

Are you available for a virtual assistant job?
Please respond for more details.

Regards.

That's all. Straight to delete.


 

Eithne Livesey  Identity Verified
United Kingdom
Local time: 14:35
Member (2007)
Spanish to English
+ ...
Thank you, too! May 3

I have also just picked up this email and was doing a bit of research to find out a bit more when your post popped up. The restaurant which Malika mentioned is in Florida and the end client is supposed to be in the Auvergne region of France, while the email header mentions the UK. Very convoluted! Thanks for the alert.

 

Cecilia Gowar
United Kingdom
English to Spanish
+ ...
I also got the restaurant May 3

But I don´t know why, since their site is not https://www.legacymgt.net
I also got this:

https://www.legacymgt.com/


 

Michael Beijer  Identity Verified
United Kingdom
Local time: 14:35
Member (2009)
Dutch to English
+ ...
TOPIC STARTER
thanks for confirming my suspicions everyone! May 3

and now back to workicon_wink.gif

Michael


 

Qtena
Serbo-Croat to English
+ ...
Holly Ader scam? May 3

here is the whole "personal assistant" e-mail, for the record:

Delivered-To: xxxxxx@gmail.com
Received: by 10.223.192.1 with SMTP id z1csp2042806wre;
Thu, 3 May 2018 09:02:12 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZou8O6khmT7/ieSgCRDRSIinvTo5JrDeqsvUJ2OxHIlWXDKORiJKzN2VoonqS4LXO9B7I5A
X-Received: by 2002:a0c:996a:: with SMTP id i39-v6mr19645791qvd.236.1525363332654;
Thu, 03 May 2018 09:02:12 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1525363332; cv=none;
d=google.com; s=arc-20160816;
b=cwAUz/zofm3uP6EHK6PfCAmA6hyUIU1wRamLuHH4OQmHVbHskIOYmon0g39wzTZajT
fK81Gx/RNyhWJ3KsgmulRlL8obXoVNZf0HUd6faQ7GDkfWeChwOfp+yNdBYP2qdN3ECC
QsuNILf4WatR0yxkdJIefGtuuC+1rtwV2Z+08rOFDN692ufqNFv+Aix8csteYJB26k9H
1rXQm8Udm2Oi+Niu+c7p4n1MRago9VBGZ3YeunAMueOCdIqzVKPCNM90BBru4lxUGJ6w
kvlAWBFnCQ+INetJlDitDVqVQrgWRBa2wUtfYqJ8uBvWzR1leDWzolJKGiVHr970KNJN
6rjQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=date:message-id:subject:from:to:dkim-signature
:arc-authentication-results;
bh=JczhLSnYJRfnGmPyhdnCBaBNP9b7BIvTtC2ALHY9Dmo=;
b=rKiAkXMsvdP23GtwmlYDqICLMb8xLgZI2XVd8++v8wiTxkz68o3vA0ryIXEZ4T3VzS
VIvgjC1qSKgCoGBuY9Qo3mvcXwOjadUM9v/Q7fEL3mEmIZOrfZQezEAIdAdMW3rSiH3P
6jVlOrX+yoRvafKPQm5noubiDwNzmQkvcmABWIqjFA3vuYYUcui15FXnKzCvI9td0qNG
164E+biXlSvGebUdn6CCuhRui2RIIdskuzgqvllD1tVH8XXlbyT68nwZaNu1yc7uiI1o
a9Hoto/DZYpoiWgGvFQH7stdwCs9ubqKuEZfd6e76AVRN/tzMuWAEH82cXrOm/HCrixq
9fUQ==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=neutral (body hash did not verify) header.i=@proz.com header.s=main header.b=cW8VPEp+;
spf=pass (google.com: domain of bounce-handler@proz.com designates 96.47.67.39 as permitted sender) smtp.mailfrom=bounce-handler@proz.com
Return-Path:
Received: from spock.proz.com (spock.proz.com. [96.47.67.39])
by mx.google.com with ESMTPS id v47-v6si1136609qtk.308.2018.05.03.09.02.11
(version=TLS1_2 cipher=AES128-SHA bits=128/128);
Thu, 03 May 2018 09:02:12 -0700 (PDT)
Received-SPF: pass (google.com: domain of bounce-handler@proz.com designates 96.47.67.39 as permitted sender) client-ip=96.47.67.39;
Authentication-Results: mx.google.com;
dkim=neutral (body hash did not verify) header.i=@proz.com header.s=main header.b=cW8VPEp+;
spf=pass (google.com: domain of bounce-handler@proz.com designates 96.47.67.39 as permitted sender) smtp.mailfrom=bounce-handler@proz.com
Received: from mail by spock.proz.com with local (Exim 4.80 #3 (Debian)) id 1fEGgM-00026j-Uj; Thu, 03 May 2018 16:02:10 +0000
To: "ProZ.com Member"
From: Holly Ader
Subject: Germany
Content-type: text/plain; charset=utf-8; format=flowed
Message-Id:
Date: Thu, 03 May 2018 16:02:10 +0000

Are you available for a virtual assistant job?
Please respond for more details.

Regards.

----------------------------------------
This message was sent to you via the ProZ.com directory.
Sender: Holly Ader
Sender's profile: http://proz.com/profile/2541908
Sender's IP address: 109.130.191.188
To adjust your ProZ.com email preferences, visit this page:
http://proz.com/?sp=ef
For technical assistance, please submit a support request:
http://proz.com/support
----------------------------------------


 

Halina Arendt  Identity Verified
Local time: 14:35
English to Polish
+ ...
Me too May 3

Received this @ 19:42. Please note the different IP address, though it also came from holly@legacymgt.net.

Hello, I need a document to be translated before the 26th May.
I can email it to you to view and you confirm your availability

----------------------------------------
This message was sent to you via the ProZ.com directory.
Sender: Holly Ader
Sender's profile: http://proz.com/profile/2541908
Sender's IP address: 81.255.71.157
To adjust your ProZ.com email preferences, visit this page:
http://proz.com/?sp=ef
For technical assistance, please submit a support request:
http://proz.com/support


 

Anna Hjalmarsson  Identity Verified
United Kingdom
Local time: 14:35
Member (2015)
English to Swedish
+ ...
Scam/spam May 3

Thanks everyone, got the same e-mail, got suspicious as well.

 

Michael Beijer  Identity Verified
United Kingdom
Local time: 14:35
Member (2009)
Dutch to English
+ ...
TOPIC STARTER
clever stuff May 3

This is the real restaurant's website: http://www.legacyrestaurant.com/
And here is our scammer's fake version: http://legacymgt.net/

They needed to do this so their email could look like it was the real email address of an actual company.

If you go to legacymgt.net, you are actually looking at the real website at legacyrestaurant.com, in a frame.

lmywfwwmwwmfxd7wsmtq.png


 
Pages in topic:   [1 2 3] >


To report site rules violations or get help, contact a site moderator:

Moderator(s) of this forum
Alejandro Cavalitto[Call to this topic]

You can also contact site staff by submitting a support request »

Possible scammer emailing via holly@legacymgt.net, with Proz.com profile @ proz.com/profile/2541908

Advanced search







CafeTran Espresso
You've never met a CAT tool this clever!

Translate faster & easier, using a sophisticated CAT tool built by a translator / developer. Accept jobs from clients who use SDL Trados, MemoQ, Wordfast & major CAT tools. Download and start using CafeTran Espresso -- for free

More info »
Anycount & Translation Office 3000
Translation Office 3000

Translation Office 3000 is an advanced accounting tool for freelance translators and small agencies. TO3000 easily and seamlessly integrates with the business life of professional freelance translators.

More info »



Forums
  • All of ProZ.com
  • Term search
  • Jobs
  • Forums
  • Multiple search