I'm not used to this at all, having always used Macs. But my "current" Mac is Mojave - notoriously "unsupported" for some time.

Yesterday I got an email from an old friend .... except that his expressions - very brief - didn't sound quite like him. The email address looked correct but I thought maybe it was spoofed (I checked all headers, but I could never understand those well at all.)

So I didn't Reply, as such, but instead looked out an old email which I knew contained his proper address, and sent him a warning message (email) using
that address.
He replied almost immediately ... asking me to purchase an Amazon voucher for
a little girl who will die of a liver complaint unless she gets financial
help. Note: he now used the term "Apple" in the second message, indicating he knew more about my system.

This chilled me! How worried should I be? Reason (what little I have) tells me that he's still fishing; but things have come on a l-o-n-g way since those crude, crummy early days of mysterious messages from Nigeria (or wherever).
So I thought I'd ask opinions from this group!

You may know [from here] that I've just acquired a 2019 iMac which has
Sequoia. I _was_ going to ease myself slowly into switching systems (having finally Migrated the Mojave to the Sequoia just last week).
As a result of the visit from the phisher, I'm conducting the switch as of today, Mail and Firefox being the main two apps that I'll be using on Sequoia. Not yet Usenapp, though this may follow soon, if I can find the time.

Cheers
[Another] John

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

In article <dQmRP.30411$[email protected]>,
Another John <[email protected]> wrote:

So I didn't Reply, as such, but instead looked out an old email which I knew >contained his proper address, and sent him a warning message (email) using >that address.
He replied almost immediately ... asking me to purchase an Amazon voucher for >a little girl who will die of a liver complaint unless she gets financial >help.

So presumably someone else has control of his email account. Can you
contact him by some other means?

Note: he now used the term "Apple" in the second message, indicating he
knew more about my system.

That's nothing to worry about. Mail messages generally identify the
mail program that was used to send them. Mail sent using the Apple
mail program with have a header

X-Mailer: Apple Mail (XXX.XXX.XXX.XXX)

where the Xs are the version number.

-- Richard

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 3 May 2025 at 12:10:01 BST, "Another John" <[email protected]> wrote:

I'm not used to this at all, having always used Macs. But my "current" Mac is Mojave - notoriously "unsupported" for some time.

Yesterday I got an email from an old friend .... except that his expressions -
very brief - didn't sound quite like him. The email address looked correct but
I thought maybe it was spoofed (I checked all headers, but I could never understand those well at all.)

So I didn't Reply, as such, but instead looked out an old email which I knew contained his proper address, and sent him a warning message (email) using that address.
He replied almost immediately ... asking me to purchase an Amazon voucher for a little girl who will die of a liver complaint unless she gets financial help. Note: he now used the term "Apple" in the second message, indicating he knew more about my system.

This chilled me! How worried should I be? Reason (what little I have) tells
me that he's still fishing; but things have come on a l-o-n-g way since those crude, crummy early days of mysterious messages from Nigeria (or wherever). So I thought I'd ask opinions from this group!

You may know [from here] that I've just acquired a 2019 iMac which has Sequoia. I _was_ going to ease myself slowly into switching systems (having finally Migrated the Mojave to the Sequoia just last week).
As a result of the visit from the phisher, I'm conducting the switch as of today, Mail and Firefox being the main two apps that I'll be using on Sequoia.
Not yet Usenapp, though this may follow soon, if I can find the time.

Maybe your friend's email details have been hacked? Do you have any other
means of contacting him to discuss that possibility. The scammer could
probably work out you were using an Apple device from the headers in your e-mail reply. No-one is totally immune from hackers. I had my Usenet password for e-s hacked recently but I spotted it almost immediately and was able to change the FQDN and password. FWIW you can forward scam emails to [email protected] but whether that's effective is debatable.

--
Cheers, Alan

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 03/05/2025 12:10, Another John wrote:

I'm not used to this at all, having always used Macs. But my "current" Mac is Mojave - notoriously "unsupported" for some time.

Yesterday I got an email from an old friend .... except that his expressions -
very brief - didn't sound quite like him. The email address looked correct but
I thought maybe it was spoofed (I checked all headers, but I could never understand those well at all.)

So I didn't Reply, as such, but instead looked out an old email which I knew contained his proper address, and sent him a warning message (email) using that address.
He replied almost immediately ... asking me to purchase an Amazon voucher for a little girl who will die of a liver complaint unless she gets financial help. Note: he now used the term "Apple" in the second message, indicating he knew more about my system.

This chilled me! How worried should I be? Reason (what little I have) tells
me that he's still fishing; but things have come on a l-o-n-g way since those crude, crummy early days of mysterious messages from Nigeria (or wherever). So I thought I'd ask opinions from this group!

You may know [from here] that I've just acquired a 2019 iMac which has Sequoia. I _was_ going to ease myself slowly into switching systems (having finally Migrated the Mojave to the Sequoia just last week).
As a result of the visit from the phisher, I'm conducting the switch as of today, Mail and Firefox being the main two apps that I'll be using on Sequoia.
Not yet Usenapp, though this may follow soon, if I can find the time.

Cheers
[Another] John

Hello again John.

I'd like to suggest that you download and run Malwarebytes.

No need to pay. Just use the free version. https://www.malwarebytes.com

The scan is VERY quick, but it should identify anything amiss.

No need to worry. Just don't send any money to anyone!

(Please forgive my email address change!)

This is still 'me'!

--
David Brooks
Devon

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 03/05/2025 12:10, Another John wrote:

I'm not used to this at all, having always used Macs. But my "current" Mac is Mojave - notoriously "unsupported" for some time.

Yesterday I got an email from an old friend .... except that his expressions -
very brief - didn't sound quite like him. The email address looked correct but
I thought maybe it was spoofed (I checked all headers, but I could never understand those well at all.)

So I didn't Reply, as such, but instead looked out an old email which I knew contained his proper address, and sent him a warning message (email) using that address.
He replied almost immediately ... asking me to purchase an Amazon voucher for a little girl who will die of a liver complaint unless she gets financial help. Note: he now used the term "Apple" in the second message, indicating he knew more about my system.

This chilled me! How worried should I be? Reason (what little I have) tells
me that he's still fishing; but things have come on a l-o-n-g way since those crude, crummy early days of mysterious messages from Nigeria (or wherever). So I thought I'd ask opinions from this group!

You may know [from here] that I've just acquired a 2019 iMac which has Sequoia. I _was_ going to ease myself slowly into switching systems (having finally Migrated the Mojave to the Sequoia just last week).
As a result of the visit from the phisher, I'm conducting the switch as of today, Mail and Firefox being the main two apps that I'll be using on Sequoia.
Not yet Usenapp, though this may follow soon, if I can find the time.

Cheers
[Another] John

Just think for a moment, how many private hospitals take Amazon (or any
other) vouchers? Of course it is a scam.
--
Graeme Wall
This account not read.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 03.05.25 13:25, David wrote:

Hello again John.

I'd like to suggest that you download and run Malwarebytes.

Nobody downloads and runs voluntarily "malware". Especially not on a Mac.

No need to pay. Just use the free version. https://www.malwarebytes.com

The scan is VERY quick, but it should identify anything amiss.

It doesn't. It pretends to do that.

No need to worry. Just don't send any money to anyone!

Selfexplaining.

(Please forgive my email address change!)

This is still 'me'!

No doubt about that. #20 in my nymshifter-killfile for your person.


--
"Roma locuta, causa finita." (Augustinus)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Thanks, all, for the reassurances so far: they confirm my ingrained instincts but I'm not technical enough to know for sure about these things. As I've
said, I've moved my mail and my main browsing activities to Sequoia now, so I feel safer than before (I was becomg slightly nervous about continuing to use Mojave: "Unsupported by Apple".)

Any more advice will be very welcome.

===== Not totally irrelevant ======

<rant> ("Reasons to be paranoid")

Along with the rest of the world I'm getting paranoid! Not just the M&S affair and Harrods, but I was cold-called yesterday by Lloyds Private Banking (with whom I did business years ago): the nice young lady (who unfortunately had a Chinese accent) was very keen to discuss our financial affairs, "to see if there are some ways we can help you". She rang me on my mobile -- I was busy so, not recognising the 0345 number, I ignored it. She then rang me on the landline. So she knew both my telephone numbers, and she also knew where we
(on Lloyds recommendation) had moved our savings some years ago.

Despite her being very persistent, I gave her the brush-off.

I then went down to our local Lloyds branch (yes! we have one! Until November :-( ) The person i spoke to there was very concerned. It turned out that the number to ring that I'd been given was the genuine article.
YES! I know I could have found that for myself, but my main point to the staff member at the branch (and she strongly agreed with me) is that this is not the way that Lloyds Bank should be doing business. They (i.e. all the banks) are moving the most trusted business in any town on to the internet -- which is
the most *mistrusted* marketplace, ever. No wonder they themselves are
paranoid about Fraud.

</rant>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 03/05/2025 14:40, Chris wrote:

David <[email protected]> wrote:

Hello again John.

I'd like to suggest that you download and run Malwarebytes.

No need to pay. Just use the free version. https://www.malwarebytes.com

The scan is VERY quick, but it should identify anything amiss.

No need to worry. Just don't send any money to anyone!

(Please forgive my email address change!)

This is still 'me'!

DO NOT FOLLOW THIS ADVICE.

You speak with a forked tongue, lad!

Never click links nor run software from someone you don't know supposedly trying to help.

Ah! You mean *EtreCheck*?!!! Best to steer clear?

*Malwarebytes* of course *IS* recommended by Apple Support Staff!

Also, Malwarebytes Browser Guard is available from the Apple App Store.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 03/05/2025 12:10, Another John wrote:

He replied almost immediately ... asking me to purchase an Amazon voucher for a little girl who will die of a liver complaint unless she gets financial help. Note: he now used the term "Apple" in the second message, indicating he knew more about my system.

As others have said: it is most likely that your friend's email has been compromised and hackers have gained control of his account.

The "immediate" reply suggests they have setup an "out of office" style
auto reply and anyone sending to your friend gets the same response.

Your friend may still be using his email and not even realise that there
is an auto response set.

Best option is to contact him by some means other than email and see
what's happening.

But using Mojave or Sequoia yourself won't make much difference.

Regards,
--
Bruce Horrocks
Hampshire, England

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2025-05-03, Another John <[email protected]> wrote:

Thanks, all, for the reassurances so far: they confirm my ingrained instincts but I'm not technical enough to know for sure about these things. As I've said, I've moved my mail and my main browsing activities to Sequoia now, so I feel safer than before (I was becomg slightly nervous about continuing to use Mojave: "Unsupported by Apple".)

Any more advice will be very welcome.

If you haven't already I'd change your email password to something long and complicated as the hackers may well be aware of your email address now. Needless
to say your friend should now change his password too if he can as the hackers may have changed it. If they have done so then he will need to contact his email
provider(s).

--
Cheers, Alan

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2025-05-04, Jörg Lorenz <[email protected]> wrote:

Another John should use the password manager "Passwords" of macOS for
this purpose.

Yes that's what I use now. I'm currently using it to check the safety of
all my passwords and changing them when advised to do so.

--
Cheers, Alan

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 04.05.25 10:03, Alan B wrote:

On 2025-05-03, Another John <[email protected]> wrote:

Thanks, all, for the reassurances so far: they confirm my ingrained instincts
but I'm not technical enough to know for sure about these things. As I've
said, I've moved my mail and my main browsing activities to Sequoia now, so I
feel safer than before (I was becomg slightly nervous about continuing to use
Mojave: "Unsupported by Apple".)

Any more advice will be very welcome.

If you haven't already I'd change your email password to something long and complicated as the hackers may well be aware of your email address now. Needless
to say your friend should now change his password too if he can as the hackers
may have changed it. If they have done so then he will need to contact his email
provider(s).

Another John should use the password manager "Passwords" of macOS for
this purpose.

--
"Roma locuta, causa finita." (Augustinus)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 04.05.25 11:09, Alan B wrote:

On 2025-05-04, Jörg Lorenz <[email protected]> wrote:

Another John should use the password manager "Passwords" of macOS for
this purpose.

Yes that's what I use now. I'm currently using it to check the safety of
all my passwords and changing them when advised to do so.

I started this lengthy process also when Apple introduced "Passwords"
with Sequoia macOS 15 last fall. I'm absolutely happy so far!

Before that I stored the passwords locally in a passwordprotected .ods
file. The real risk being the use of the same secure password more than
once.



--
"Roma locuta, causa finita." (Augustinus)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 3 May 2025 at 18:11:27 BST, "Another John" <[email protected]>
wrote:

I then went down to our local Lloyds branch (yes! we have one! Until November :-( ) The person i spoke to there was very concerned.

Better than I ever got. The three or four times I've had turned-out-to-be-genuine communication from the banks that was patterned exactly the same way as fraud/phishing, I've had zero acknowledgement
that it was any sort problem at all from the bank.

Ranging from cold-call where they first ask *me* to prove who *I* am, to official emails from scam-lookalike domains, or with suspect links to
follow in them.

Cheers - Jaimie
--
"Persons attempting to find a motive in this narrative will be prosecuted;
persons attempting to find a moral in it will be banished;
persons attempting to find a plot in it will be shot.
By Order of the Author." -- Mark Twain

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 4 May 2025 at 13:29:52 BST, "Jaimie Vandenbergh" <[email protected]> wrote:

On 3 May 2025 at 18:11:27 BST, "Another John" <[email protected]>
wrote:

I then went down to our local Lloyds branch (yes! we have one! Until November
:-( ) The person i spoke to there was very concerned.

Better than I ever got. The three or four times I've had turned-out-to-be-genuine communication from the banks that was patterned exactly the same way as fraud/phishing, I've had zero acknowledgement
that it was any sort problem at all from the bank.

I fear that when the person I spoke to at the bank passed my remarks on up the line, she will have received the same casual brush-off.

Ranging from cold-call where they first ask *me* to prove who *I* am, to official emails from scam-lookalike domains, or with suspect links to
follow in them.

Yes! How come it is (only) that way round? *How* are they going to overcome this problem?
And the more a fraudsater learns about you, the more you become prepared to give them yet more: and the day is coming when one will _have_ to trust
someone who claims to be Lloyds Bank -- there'll be no human (i.e. wetware) contact whatever. <sigh>

John

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 5 May 2025 at 10:26:04 BST, "Another John" <[email protected]>
wrote:

On 4 May 2025 at 13:29:52 BST, "Jaimie Vandenbergh" <[email protected]> wrote:

On 3 May 2025 at 18:11:27 BST, "Another John" <[email protected]>
wrote:

I then went down to our local Lloyds branch (yes! we have one! Until November
:-( ) The person i spoke to there was very concerned.

Better than I ever got. The three or four times I've had
turned-out-to-be-genuine communication from the banks that was patterned
exactly the same way as fraud/phishing, I've had zero acknowledgement
that it was any sort problem at all from the bank.

I fear that when the person I spoke to at the bank passed my remarks on up the
line, she will have received the same casual brush-off.

Almost certainly.

Ranging from cold-call where they first ask *me* to prove who *I* am, to
official emails from scam-lookalike domains, or with suspect links to
follow in them.

Yes! How come it is (only) that way round? *How* are they going to overcome this problem?

I remember one got quite stroppy when I wouldn't authenticate myself to
their cold call, and they wouldn't even give me a mechanism to get back
to them via the main number. "I'll note you down as refusing to
validate" or some such. Fuck off.

When I did ring back the main number, I got them to take that note off
my account (which did double duty as proving it was a real call). No
info on it to get back to the person again though, or even their dept.
Weird.

Cheers - Jaimie
--
If you mean 'am I serious about what I do', the answer is yes.
If you mean 'am I serious about how I do it', the answer is no.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2025-05-05, Mark <[email protected]> wrote:

On 5 May 2025 at 7:20:33 pm BST, "Jaimie Vandenbergh"
<[email protected]> wrote:

On 5 May 2025 at 10:26:04 BST, "Another John" <[email protected]>
wrote:

On 4 May 2025 at 13:29:52 BST, "Jaimie Vandenbergh"
<[email protected]> wrote:

On 3 May 2025 at 18:11:27 BST, "Another John" <[email protected]>
wrote:

I then went down to our local Lloyds branch (yes! we have one! Until November
:-( ) The person i spoke to there was very concerned.

Better than I ever got. The three or four times I've had
turned-out-to-be-genuine communication from the banks that was patterned >>>> exactly the same way as fraud/phishing, I've had zero acknowledgement
that it was any sort problem at all from the bank.

I fear that when the person I spoke to at the bank passed my remarks on up the
line, she will have received the same casual brush-off.

Almost certainly.

Ranging from cold-call where they first ask *me* to prove who *I* am, to >>>> official emails from scam-lookalike domains, or with suspect links to
follow in them.

Yes! How come it is (only) that way round? *How* are they going to overcome >>> this problem?

I remember one got quite stroppy when I wouldn't authenticate myself to
their cold call, and they wouldn't even give me a mechanism to get back
to them via the main number. "I'll note you down as refusing to
validate" or some such. Fuck off.

When I did ring back the main number, I got them to take that note off
my account (which did double duty as proving it was a real call). No
info on it to get back to the person again though, or even their dept.
Weird.

Cheers - Jaimie

I never knew buy apparently the '159' shortcode telephone number is a central switchboard for all banks. You can call it and be put through to your own bank
(rather than having to remember their actual number). Been around a few years,
it seems. Promoted by Martin Lewis et al).

Yes Mrs B says she seems to remember his mentioning it.

<https://stopscamsuk.org.uk/our-work/159-phone-number/>

--
Cheers, Alan

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 5. May 2025 at 11:26:04 CEST, "Another John" <[email protected]>
wrote:

the day is coming when one will _have_ to trust
someone who claims to be Lloyds Bank

Nope, you can ditch them and find a better bank.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 06/05/2025 07:36, Bernd Froehlich wrote:

On 5. May 2025 at 11:26:04 CEST, "Another John" <[email protected]>
wrote:

the day is coming when one will _have_ to trust
someone who claims to be Lloyds Bank

Nope, you can ditch them and find a better bank.

You misspelled "different" as "better".

I'm pretty certain all retail banks are about as incompetent and
hopeless as each other. You *certainly* don't want to take any security
advice or software from them. These are international banks, don't
imagine that UK ones are any different from European ones from Asian ones.

Stories of wild west data centres where anything could talk to anything
else, plenty of "pet" servers that nobody knew anything about but didn't
dare switch off, well known professional services companies running the shitshow that charge for *every* micro change...

Amazing they work at all, considering.

--
Chris

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)