Pages in topic:   [1 2 3] >
Possible scammer emailing via [email protected], with Proz.com profile @ proz.com/profile/2541908
Thread poster: Michael Beijer
Michael Beijer
Michael Beijer  Identity Verified
United Kingdom
Local time: 07:28
Member (2009)
Dutch to English
+ ...
May 3, 2018

I just received an email from: [email protected] (her Proz.com profile is @ http://proz.com/profile/2541908 )

Holly Ader [email protected] via proz.com
6:37 PM (57 minutes ago)
to ProZ.com

Hello, I need a document to be translated before the 26th May.... See more
I just received an email from: [email protected] (her Proz.com profile is @ http://proz.com/profile/2541908 )

Holly Ader [email protected] via proz.com
6:37 PM (57 minutes ago)
to ProZ.com

Hello, I need a document to be translated before the 26th May.
I can email it to you to view and you confirm your availability


----------------------------------------
This message was sent to you via the ProZ.com directory.
Sender: Holly Ader
Sender's profile: http://proz.com/profile/2541908
Sender's IP address: 213.245.55.181
To adjust your ProZ.com email preferences, visit this page:
http://proz.com/?sp=ef
For technical assistance, please submit a support request:
http://proz.com/support
----------------------------------------

Next email said:

[email protected]
May 3, 2018, 7:24 PM
to me

You have received an incoming docs shared with you via Dropbox. Click here to view attachment.

You may have a limited time to view the documents.

...

"Click here" links … via http://rebrand.ly/609ad … to this page:

https://sbhikehty.info/bilaikm/hyv6x8i4yw0civk6t91debrz.php?8L8CL915253721577a84004c58574b91bf93fa354ca38fde7a84004c58574b91bf93fa354ca38fde7a84004c58574b91bf93fa354ca38fde7a84004c58574b91bf93fa354ca38fde7a84004c58574b91bf93fa354ca38fde&Official=&BilalSaeed

Clicking on the "Google button", e.g., goes here:

https://sbhikehty.info/bilaikm/stepg2.php

scammer-page2

The Outlook button, e.g., takes you to a page with shifty looking stuff in the code. It contains e.g. this:



scammer-page

What the heck is "MaskedPassword.js"?

All the pages also looks handmade, and contains small errors.

Also, all buttons, links etc. on all pages link to various pages on https://sbhikehty.info only, instead of to e.g. official Microsoft, Google, Outlook etc. pages.

;**************************************************

THIS LOOKS LIKE THE WORK OF A SCAMMER TO ME!

I also just sent this message to Proz.com support.

Michael







[Edited at 2018-05-03 18:59 GMT]
Collapse


 
Marie Rollet
Marie Rollet  Identity Verified
United Kingdom
Local time: 07:28
Member (2016)
English to French
Glad I am not overly suspiscous ! thank you! May 3, 2018

Received the exact same email, today, 18:44. Haven't replied as I was trying to find out a little more about this person. Short, very impersonnal messages always ring alarm bells to me...
Thank you for somewhat confirming my suspicions !


 
Nema Alaraby
Nema Alaraby
United Kingdom
English to Arabic
+ ...
Thank you! May 3, 2018

Oh, I thought the email was a bit odd but didn't think of a scammer. Thank you for that!

 
Neeraj Nagarkatti
Neeraj Nagarkatti
United Kingdom
Spanish to English
+ ...
Received same message May 3, 2018

Hello,
I received the same message.
It's probable spam.
Good to know.
Thanks.


 
Cecilia Gowar
Cecilia Gowar
United Kingdom
English to Spanish
+ ...
Thanks! May 3, 2018

I received the same message and replied telling her to send the document to see what it was. I usually get emails from Proz asking me to do jobs at risible prices but gave her the benefit of the doubt.
Then I found this thread while googling the name.
I clicked on one of the links you provided and my system sent a red alarm saying it was not safe.
So I'll just delete and ignore her/his reply.
Regards.


[Edited at 2018-05-03 19:41 GMT]


 
Malika Lakbiach
Malika Lakbiach  Identity Verified
Local time: 07:28
Dutch to Arabic
+ ...
Thanks for flagging this May 3, 2018

I have just received the exact same email and started searching for a bit more of info on this so-called "end customer". Not much on Proz, but the bit from her email address took me to this page of what looks like a posh restaurant: http://legacymgt.net/

I think I will just delete the email and not sepend any more time on it.



[Edited at 2018-05-03 19:36 GMT]


 
IrinaN
IrinaN
United States
Local time: 02:28
English to Russian
+ ...
Why, why, why???...!!! May 3, 2018

Michael, with all due respect... with your experience this is unforgivable.

The profile is 2 days old at best, no contact info, "Hello, I need a document to be translated"... What in the world possessed you to reply? Did you indeed follow all those unknown links? It's called phishing.

If your computer is still not infected, you should consider yourself very lucky. Please run every mal- and anti- ware you can access. Changing all banking/ financial passwords you may hav
... See more
Michael, with all due respect... with your experience this is unforgivable.

The profile is 2 days old at best, no contact info, "Hello, I need a document to be translated"... What in the world possessed you to reply? Did you indeed follow all those unknown links? It's called phishing.

If your computer is still not infected, you should consider yourself very lucky. Please run every mal- and anti- ware you can access. Changing all banking/ financial passwords you may have had saved and remembered in your PC may not be such a bad idea either.

Good luck, and please, don't do that again!

Irina
Collapse


 
Josephine Cassar
Josephine Cassar  Identity Verified
Malta
Local time: 08:28
Member (2012)
English to Maltese
+ ...
I received one too May 3, 2018

From the same person from the same email address but the email was not like yours. I didn't bother with it as the message did not interest me. I also did not bother as the profile seemed to be created and updated today with little or no information. Here is what the very impersonal email said:

Are you available for a virtual assistant job?
Please respond for more details.

Regards.

That's all. Straight to delete.


 
Eithne Livesey
Eithne Livesey  Identity Verified
United Kingdom
Local time: 07:28
Member (2007)
Spanish to English
+ ...
Thank you, too! May 3, 2018

I have also just picked up this email and was doing a bit of research to find out a bit more when your post popped up. The restaurant which Malika mentioned is in Florida and the end client is supposed to be in the Auvergne region of France, while the email header mentions the UK. Very convoluted! Thanks for the alert.

 
Cecilia Gowar
Cecilia Gowar
United Kingdom
English to Spanish
+ ...
I also got the restaurant May 3, 2018

But I don´t know why, since their site is not https://www.legacymgt.net
I also got this:

https://www.legacymgt.com/


 
Michael Beijer
Michael Beijer  Identity Verified
United Kingdom
Local time: 07:28
Member (2009)
Dutch to English
+ ...
TOPIC STARTER
thanks for confirming my suspicions everyone! May 3, 2018

and now back to work

Michael


 
Qtena
Qtena
Serbo-Croat to English
+ ...
Holly Ader scam? May 3, 2018

here is the whole "personal assistant" e-mail, for the record:

Delivered-To: [email protected]
Received: by 10.223.192.1 with SMTP id z1csp2042806wre;
Thu, 3 May 2018 09:02:12 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZou8O6khmT7/ieSgCRDRSIinvTo5JrDeqsvUJ2OxHIlWXDKORiJKzN2VoonqS4LXO9B7I5A
X-Received: by 2002:a0c:996a:: with SMTP id i39-v6mr19645791qvd.236.1525363332654;
Thu, 03 May 2018 09
... See more
here is the whole "personal assistant" e-mail, for the record:

Delivered-To: [email protected]
Received: by 10.223.192.1 with SMTP id z1csp2042806wre;
Thu, 3 May 2018 09:02:12 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZou8O6khmT7/ieSgCRDRSIinvTo5JrDeqsvUJ2OxHIlWXDKORiJKzN2VoonqS4LXO9B7I5A
X-Received: by 2002:a0c:996a:: with SMTP id i39-v6mr19645791qvd.236.1525363332654;
Thu, 03 May 2018 09:02:12 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1525363332; cv=none;
d=google.com; s=arc-20160816;
b=cwAUz/zofm3uP6EHK6PfCAmA6hyUIU1wRamLuHH4OQmHVbHskIOYmon0g39wzTZajT
fK81Gx/RNyhWJ3KsgmulRlL8obXoVNZf0HUd6faQ7GDkfWeChwOfp+yNdBYP2qdN3ECC
QsuNILf4WatR0yxkdJIefGtuuC+1rtwV2Z+08rOFDN692ufqNFv+Aix8csteYJB26k9H
1rXQm8Udm2Oi+Niu+c7p4n1MRago9VBGZ3YeunAMueOCdIqzVKPCNM90BBru4lxUGJ6w
kvlAWBFnCQ+INetJlDitDVqVQrgWRBa2wUtfYqJ8uBvWzR1leDWzolJKGiVHr970KNJN
6rjQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=date:message-id:subject:from:to:dkim-signature
:arc-authentication-results;
bh=JczhLSnYJRfnGmPyhdnCBaBNP9b7BIvTtC2ALHY9Dmo=;
b=rKiAkXMsvdP23GtwmlYDqICLMb8xLgZI2XVd8++v8wiTxkz68o3vA0ryIXEZ4T3VzS
VIvgjC1qSKgCoGBuY9Qo3mvcXwOjadUM9v/Q7fEL3mEmIZOrfZQezEAIdAdMW3rSiH3P
6jVlOrX+yoRvafKPQm5noubiDwNzmQkvcmABWIqjFA3vuYYUcui15FXnKzCvI9td0qNG
164E+biXlSvGebUdn6CCuhRui2RIIdskuzgqvllD1tVH8XXlbyT68nwZaNu1yc7uiI1o
a9Hoto/DZYpoiWgGvFQH7stdwCs9ubqKuEZfd6e76AVRN/tzMuWAEH82cXrOm/HCrixq
9fUQ==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=neutral (body hash did not verify) [email protected] header.s=main header.b=cW8VPEp+;
spf=pass (google.com: domain of [email protected] designates 96.47.67.39 as permitted sender) [email protected]
Return-Path:
Received: from spock.proz.com (spock.proz.com. [96.47.67.39])
by mx.google.com with ESMTPS id v47-v6si1136609qtk.308.2018.05.03.09.02.11
(version=TLS1_2 cipher=AES128-SHA bits=128/128);
Thu, 03 May 2018 09:02:12 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 96.47.67.39 as permitted sender) client-ip=96.47.67.39;
Authentication-Results: mx.google.com;
dkim=neutral (body hash did not verify) [email protected] header.s=main header.b=cW8VPEp+;
spf=pass (google.com: domain of [email protected] designates 96.47.67.39 as permitted sender) [email protected]
Received: from mail by spock.proz.com with local (Exim 4.80 #3 (Debian)) id 1fEGgM-00026j-Uj; Thu, 03 May 2018 16:02:10 +0000
To: "ProZ.com Member"
From: Holly Ader
Subject: Germany
Content-type: text/plain; charset=utf-8; format=flowed
Message-Id:
Date: Thu, 03 May 2018 16:02:10 +0000

Are you available for a virtual assistant job?
Please respond for more details.

Regards.

----------------------------------------
This message was sent to you via the ProZ.com directory.
Sender: Holly Ader
Sender's profile: http://proz.com/profile/2541908
Sender's IP address: 109.130.191.188
To adjust your ProZ.com email preferences, visit this page:
http://proz.com/?sp=ef
For technical assistance, please submit a support request:
http://proz.com/support
----------------------------------------
Collapse


 
Halina Arendt
Halina Arendt  Identity Verified
Local time: 07:28
English to Polish
+ ...
Me too May 3, 2018

Received this @ 19:42. Please note the different IP address, though it also came from [email protected].

Hello, I need a document to be translated before the 26th May.
I can email it to you to view and you confirm your availability

----------------------------------------
This message was sent to you via the ProZ.com directory.
Sender: Holly Ade
... See more
Received this @ 19:42. Please note the different IP address, though it also came from [email protected].

Hello, I need a document to be translated before the 26th May.
I can email it to you to view and you confirm your availability

----------------------------------------
This message was sent to you via the ProZ.com directory.
Sender: Holly Ader
Sender's profile: http://proz.com/profile/2541908
Sender's IP address: 81.255.71.157
To adjust your ProZ.com email preferences, visit this page:
http://proz.com/?sp=ef
For technical assistance, please submit a support request:
http://proz.com/support
Collapse


 
Anna Hjalmarsson
Anna Hjalmarsson  Identity Verified
United Kingdom
Local time: 07:28
Member (2015)
English to Swedish
+ ...
Scam/spam May 3, 2018

Thanks everyone, got the same e-mail, got suspicious as well.

 
Michael Beijer
Michael Beijer  Identity Verified
United Kingdom
Local time: 07:28
Member (2009)
Dutch to English
+ ...
TOPIC STARTER
clever stuff May 3, 2018

This is the real restaurant's website: http://www.legacyrestaurant.com/
And here is our scammer's fake version: http://legacymgt.net/

They needed to do this so their email could look like it was the real email address of an actual company.

If you go to legacymgt.net, you are actually looking at the real website at legacyrestaurant.com, in a frame.

restaurant-website


 
Pages in topic:   [1 2 3] >


To report site rules violations or get help, contact a site moderator:

Moderator(s) of this forum
Lucia Leszinsky[Call to this topic]

You can also contact site staff by submitting a support request »

Possible scammer emailing via [email protected], with Proz.com profile @ proz.com/profile/2541908







Trados Business Manager Lite
Create customer quotes and invoices from within Trados Studio

Trados Business Manager Lite helps to simplify and speed up some of the daily tasks, such as invoicing and reporting, associated with running your freelance translation business.

More info »
Wordfast Pro
Translation Memory Software for Any Platform

Exclusive discount for ProZ.com users! Save over 13% when purchasing Wordfast Pro through ProZ.com. Wordfast is the world's #1 provider of platform-independent Translation Memory software. Consistently ranked the most user-friendly and highest value

Buy now! »