We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

I suspect this is a scam, can anyone confirm?

Options
kingfisherblue
kingfisherblue Posts: 9,203 Forumite
Part of the Furniture 1,000 Posts Name Dropper Xmas Saver!
edited 25 February 2013 at 11:21PM in Techie Stuff
Hi, I've had a couple of emails from someone called Jo Thomas, both with referral numbers on. There is nothing to say what the referral is for. Today, another email from Jo Thomas, with the following (copied and pasted):

DELETED AS ADVISED

All three emails are to undisclosed recipients.

Googling has found that irontom are a band. I've never heard of them before. Needless to say, I don't know a Jo Thomas either.

My email address is a mixture of letters and numbers, not my name or anything close to my name. I haven't clicked on the link in case it introduces a virus, trojan, etc to my computer. My security settings are up-to-date.

So, presumably this is a scam? I can't think of what else it could be. Does anyone have any ideas please? And how safe is it to delete the emails?

Thanks for any help.

Comments

  • neilwoods
    neilwoods Posts: 2,304 Forumite
    Scam for what.

    If you don't want to keep the emails, then just delete them
    Mansion TV. Avoid at all cost's :j
  • If you think it is a scam can you remove the link from your post that was in the email, to prevent the unwary from clicking on it please, thanks.
  • agrinnall
    agrinnall Posts: 23,344 Forumite
    10,000 Posts Combo Breaker
    Definitely remove the link, the page has a Trojan on it according to Avast.
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    Delete the email & edit out the link in your post - it links to a php script that redirects elsewhere.
  • Thanks for your help. Apologies for including the link - now deleted as advised.

    Neilwoods, I was concerned that it was a scam to introduce a virus or trojan into my computer. Agrinnall has confirmed that it is a trojan - thanks Agrinnall, your help is much appreciated.
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    The php script could send you anywhere. It redirected me to a fake/scam pharma site pushing diet pills. The site originally linked to (irontom.de) is running an outdated version of Joomla - ideal for hackers to gain access and plant the script.


    @ agrinnall, if avast detected a trojan then it's possible you were subjected to an exploit.

    Download SecurityCheck and save it to your Desktop.

    Link
    • Double click SecurityCheck to run it (XP), or right click & choose "Run as Administrator" (Vista, Win7)
    • Follow the on-screen instructions.
    • When finished, a Notepad document should open called checkup.txt
    • Post the contents of that here.
  • agrinnall
    agrinnall Posts: 23,344 Forumite
    10,000 Posts Combo Breaker
    Thanks for the advice waddler_8, here are the results of the check. There doesn't seem to be anything suspect there but if you can take a look and confirm it that would be good.

    Results of screen317's Security Check version 0.99.59
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.0.1400
    Adobe Flash Player 11.6.602.168
    Adobe Reader 10.1.6 Adobe Reader out of Date!
    Mozilla Firefox (19.0)
    Mozilla Thunderbird (17.0.3)
    ````````Process Check: objlist.exe by Laurent````````
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    There's been an update to Adobe Flash in the last few hours to patch a vulnerability that was found being exploited in the wild & targeted against Firefox users.

    https://www.adobe.com/support/security/bulletins/apsb13-08.html

    Update to Adobe Flash Player 11.6.602.171
    Get the update here: http://get.adobe.com/flashplayer (uncheck the Mcafee scan - you dont need it).


    Otherwise,

    You are up to date for the 10x branch of Adobe Reader, but i would consider updating to version 11 (XI). Each new release brings hardened security.

    http://get.adobe.com/reader/ (uncheck the Mcafee scan).

    Malwarebytes' Anti-Malware is outdated. Update to version 1.70

    http://www.malwarebytes.org/products/malwarebytes_free/
    http://helpdesk.malwarebytes.org/entries/20839693-Where-can-I-download-the-latest-version-of-Malwarebytes-Anti-Malware-

    SecurityCheck checks the most commonly exploited programs. Ensure you update any other internet facing apps (those with browser add-ons) that you have installed - EG: Media players (Apples Quicktime, VLC media player...), etc.
  • agrinnall
    agrinnall Posts: 23,344 Forumite
    10,000 Posts Combo Breaker
    Thanks for the response and for the tip on Flash, I've done some updating today as I'm on a fast connection (at least compared to the snails pace I get at home
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350.8K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.5K Spending & Discounts
  • 243.8K Work, Benefits & Business
  • 598.7K Mortgages, Homes & Bills
  • 176.8K Life & Family
  • 257.1K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.