Stephen FoskettFirst off, they’re emailing me constantly with phishing attempts (like the image supposedly showing a #Trezor update on Medium) that are decently constructed but not really convincing. Just look at the sender address and the whole scam becomes clear.
They’re also constantly sending me Venmo, Zelle, and Cash App account reset texts. Amazingly these services don’t combat spam and phishing attempts in bulk so I’ll get a half dozen a day. As far as I can tell these are legit reset texts so they must also be trying to clone my SIM.
I locked down my SIM as best as I could with the service provider but this is pretty concerning since there are tons of stories about successful SIM cloning even with the security turned on.
Then there are the constant password request emails. A dozen or more a day. I’m sure they’re aggressively attacking my email provider to get into my account.
And did I mention lots of Trezor-related attacks? I think there was an email address breach at Trezor so they know I have one. This must be why they think I have tons of Bitcoin (I don’t have any!!)
I don’t even use Zelle or Cash App. And the only time I ever used Venmo was to tip the piano player at the Brown Palace in Denver. If you’re ever there, go see John Kite. He’s amazing!
I created account to try to lock it down, and it appears that you can’t do that. Venmo doesn’t even support 2FA!?
Then there’s this gem: The Google “deceased person” scam. They call you saying someone submitted a “legacy request” for your account and to speak to an agent if you’re not dead. Guess what happens next!
I’m actually getting phone calls from my #phishing friends now too. The first was a pretty obvious scammer trying to convince me he was from #Trezor support. This was an American sounding guy from an LA number. My mistake was not saying “what’s a Trezor?” and hanging up. Instead I laughed and said there’s no way they would call. So now they know I knew what Trezor is and that suggests I have one full of bitcoin (I don’t).
This week I got another call from an American sounding guy with a “verified” Los Altos (650) number. He said he was Simon Easton from Google support and wanted to verify the addition of a recovery email to my account.
He volunteered to verify the contact with an email from Google. Interestingly, the resulting email really was from Google! I started my career as an email admin and I know how to verify this. He rushed to pressure me to confirm that I got it. He definitely didn’t want me to read the message body!
Yeah somewhere Google has a support email system that will bounce a message to your chosen address with your chosen subject line. A classic mechanism that makes legit PayPal emails possible. They should really fix this.
Of course I spotted the scam but what about normal people? They would probably fall for this. And I’m sure the next message would have spoofed a login screen to grab my password and 2FA.
I’m just mad that these people are working so hard to phish people instead of doing something positive with their time. And that I constantly have to deal with this crap (multiple times a day).
You might say “block the emails and sms and phone numbers” but I have legit business contacts and friends I don’t want to block. And if I block the real Venmo or Google address I’ll miss legit important messages.
Michael Stanclift
FallsMom 🌻I stopped using Paypal years ago due to the constant spam/scam emails. ..
Not using Paypal or Venmo makes me a sort of outlier in my family/friends groups.....
@FallsMom but you essentially can’t turn these things off. If you don’t have an account, it will just automatically try to create one for you in your email address or phone number. And then it will email you or text you. I hate that.