1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

possible infection

Discussion in 'General Security Issues and Questions' started by theoldandgrey, Jun 19, 2019.

  1. theoldandgrey

    theoldandgrey Established Techie7 Member

    I opened my email client, rarely used, to find an email from my credit card company asking for verification of a purchase. The email looked very genuine and gave the correct contact details. I was suspicious as I have not made a purhase. My webmail does not show this email neither does Thunderbird nor gmail. Also strangely this email is not showing on my tablet. The credit card company say there has been no suspicious activity. Is it likely that my pc is infected in some way?
     
  2. nukecad

    nukecad Established Techie7 Member

    It's probably just a 'Phishing' email, crooks send thousands of them out hoping that someone careless will give them their card (or bank account, or ...) details.
    Of course if you did then they would take all the available money.

    Delete the email and block the sender.

    It's almost certainly not infected your computer, but if you are still worried then download Malwarebytes and run a scan.
    https://www.malwarebytes.com/mwb-download/
    (You'll also find AdwCleaner if you scroll down that page, that can find slightly different unwanted things than MB3 so its worth running that as well).

    If you want to be extra sure then make a post in the malware removal section here and Broni will check your machine out for you and help remove anything problematic.
    http://www.techie7.com/forums/8/
     
  3. theoldandgrey

    theoldandgrey Established Techie7 Member

    Thank you I have used Malwarebytes and it threw up a couple of PUPs but nothing untoward. I would like to make sure so I have posted as suggested on the other Forum
     
  4. Digerati

    Digerati Super Moderator Techie7 Moderator

    No. I agree with nukecad and it is most likely it is just a phishing scam - a con attempt to get you to verify your account information.

    The best advise I can give is to give them all the attention they deserve - delete the email. You can block the sender but frankly, that is just wasting your time. They are like Robocallers and seem to have an endless supply of addresses to send from. Or more likely, they have "spoofed" a legitimate email address in that email.

    I get these all the time - often from banks I don't have an account or card with like Chase. If you study the body of the email carefully, you will typically see telltale clues that they are fake.

    They commonly will say something like "Dear Customer" or "Dear Member" instead using the account holder's real name. There will also typically grammatical and formatting errors.

    Look at this one I got below (and yes, I have a Wells Fargo account). Note the following clues:

    1. From: Well Fargo Alerts (hung.up.meimber.updiatei23@cox.net) What kind of Wells Fargo account is that?
    2. To: Undisclosed-Recipients If WF is going to send me an email it will be addressed to me, not Undisclosed-Recipients.
    3. Why is Dear Member , indented 1 space and why is there a space before the comma?
    4. "This to notify you..." Should be "This is to notify you..." .
    5. Why does "Banking" have an upper case "B"?
    6. Missing periods after "...verifcation process".
    7. Missing period after "...verification processed".

    [​IMG]

    Here's another I got from U.S. Bank (I don't do any business with them) . See how many clues you can spot (count 11).

    [​IMG]

    One more I got - this from Chase. I count 6.

    [​IMG]
     
  5. nukecad

    nukecad Established Techie7 Member

    Another check that you can do is to go to "Have I been Pwned" to check out your email address, passwords, etc. and see if they have been hacked from somewhere.
    It's probably not an issue here, but it's always good to double check.
    https://haveibeenpwned.com/

    Edit- I see that you've already posted, and Broni is on the case in the removal forum.
    You need to follow the instructions there.