I received an advertisement email from a place I had never been to, and clicked the unsubscribe button without really thinking, I believe it was a real company's email, but it made me wonder if an unsubscribe email that had some kind of malicious link embedded in the Unsubscribe Link could be set off by an automatic unsubscribe extension that clicks all of the unsubscribe buttons in emails.
I know you gotta get sponsorship to survive. But guardio sounds kind of like a scam or misleading product. I don't have proof but their marketing material feels like it's making wild claim..still like your content I understand sponsorships.
i almost fell for the Microsoft one, but this was after setting up a new account because i forgot the password to my last account, anyway i won't be forgetting this one's password any time soon, but yeah it said someone got into your account and it wanted me to verify my login credentials, and i never trust links sent to my email, i instead went to the main website instead of using that link, because sometimes you can't tell it's a hacker or not.
I just got an email telling me that there was an deliverable package from UPS with nothing but an jpg or some other picture which you are supposed to click on to get more info on the package and sender of the 'product'. Clearly a scam with all the earmarks of your topic. Thanks for the great work!
I get hundreds of these a month. How would UPS, USPS, FedEx etc get my email when a label is missing or ripped and they can’t read the address? Most if not all packages or mail don’t have an email on them.
Yes, to all 3 of you. I order stuff on Amazon quite a bit ; few days afterward, some jerkoff email, saying ' could not deliver packagage, as owner wasn't home....''' etc etc. or like bullsh**. Report it as spam.................nothing new here......50 ways to sucker us....o well. Take care, all.
Got the same one by email and text... We don't even have UPS in South Africa... How about the locked bitcoin wallet scams.. And all the dead relatives in UK who left you, the only heir to the estate, millions to claim... The problem is that other people fall for these freebees and by replying they usually have to include 5 - 10 cellphone numbers or email addresses of friends or family who they think would benefit from these fake offerings and then you're suddenly the newest victim on the harassment list..
ebay scam - Here's how it works: Buyer buys item listed on eBay - Seller has little to no feedback history. Item is an expensive item, such as a used camera, etc… Buyer pays for item, scamming seller prints the shipping label so eBay system associates tracking info with sale. Seller does not ship package and instead waits out the clock before finally printing their own label and tracking info and providing that manually to eBay to update tracking info. Except, the tracking info is now for a letter (not a box/parcel as a camera would be shipped in) and the scamming seller picks an address in the same zip code as the buyer. Package shows it was delivered, but only provides city location. Buyer says they didn’t get the package, eBay’s customer service says the seller’s tracking number shows it was delivered, so now the buyer must file an insurance claim with the post office. USPS says there is no insurance claim because the package was delivered properly to the address. eBay leaves eBay buyers out in the cold with no help, abandoned by the very company that assures prospective buyers they are protected, when in fact, they are not.
You can generate QR code using Unicode and bypass that "Ask before displaying external images" filter. It will still appear as ordinary QR code and be readable by camera. It would require a bit of CSS to make it looks OK on all clients/devices, but it is pretty easy.
Haha, I love it, you're already onto the next iteration! You could even write simple HTML that looks benevolent, but when rendered produces a QR code (e.g., a table with black or white cells). It's pretty straightforward to check images for QR codes inside them, but in this case you would have to render the page, capture it as an image, and then scan for QR codes.
@@RokeJulianLockhart.s13ouq well yeah they won't use css in a terminal. They just print block characters. And yeah they would likely have to make assumptions and try to fit within 80x24.
imo the root of all these problems is that the default qr scanner included in phones sucks at transparency and doesn't let the user audit and become aware of the content of the codes before executing by default. it's trash
Na, less effort for more $$ with little risk. That's why they keep doing it. Most of them don't make this stuff on their own. They just buy a packet or something or there's a "manager" who does that and everyone else is basically a drone.
Can we just take a moment to appreciate how this fella just simply cares... yeah, it doesn't matter, he is a clever teck geek and gets sponsored in each video, still does it in his regular basis
For sure he definitely cares and couple that with passion. Reminds me of Linus but this guy is more like life hacks. Linus is about PC in general or server enterprise cool shit.
As a tech support guy I sometimes recommend those video to our customers and also to our security guys. I know, they already should know, but watching those videos during lunch break helps to make sure they know about those tricks and it teaches them how to forward the message to average user.
@@seb_gibbs and there are all kinds of prebuild libraries to do it... just pass resulted text to same email filter.... seems like making it a 30 min task to me.. 5 days later.......
@@mb-3faze That's why emails should check what the QR code does before you scan it with some QR scanner. QR codes are just data, it's up to the QR scanner to do something with the data. Emails scanners could just check what that data is, and if it's malicious, block the email.
I came across both these scams recently in one of my email accounts. Since I have over 20 years of IT experience I had no problem identifying that those messages weren't legitimate. However it annoys me that horrible people are trying to take from others continuously. It's disgusting.
Thanks for these tips. My mum is a constant victim of "Free" scams.. It seems to me that it all comes down to convenience. The more convenient it gets to shop online or have your favorite Pizza delivered to your couch, the easier it gets for scammers to use these type of attacks on people who depends on the convenience of home delivery like older people who don't like to drive much or disabled people who can't get around by themselves. They prey on the weak and desperate and that makes me sick to the deepest core of my soul! Keep up the good work!
I watched this video just yesterday, and not one hour ago my inbox--not my Spam folder--received a scam email that uses the picture tactic. Talk about perfect timing!
Thank you for the QR tip. Never heard of that one. The last two days I have received three phishing emails, all of which I recognized before opening the attachments. One I immediately sent to spam without looking at it because it was such an obvious fake. You are helping a lot of us out here, which I appreciate a lot.
I was really surprised when I got a spam email from an Rated 18 website scam stuff, which included an image. But not an image itself, but a table with CSS styling for every single cell to display a pixel art image. I kind off found it to be really funny 🤣. Was hilarious to see something this clever, but absolutely overengineered
Our email servers especially look for no content and block them, and even non-standard text is blocked and filtered. All of our corporate emails are whitelist only, everything else is blocked.
I never scan a QR code unless I know precisely what it is before I scan it. An unsolicited QR code in an email would get that email sent directly to trash.
(3:40) There are legitimate companies that send me promotional e-mail messages that are entirely just one or more pictures, and it's something I don't feel comfortable with but have to accept. (Edit: those images would usually be linked to pages on the company's website) (4:01) That reminded me of cryptocurrency scammers who, when they hijack RUclips accounts to run live streams, put the link to their scam websites as QR codes, likely in order to bypass some kind of filter that RUclips have in place.
Though when you hover over (in a desktop or desktop web browser email client) an email from a legitimate company they would usually put the whole link in the hyperlink reference for the image. When the scammer does it it's usually a link from a url shortener or it's some fishy site rather than an actual company website.
I seen a lot of those 'Simpler ones' disguised as Amazon, Netflix, and a whole host of others. The funniest part is that they are all from sights/services that I don't even use/have. So obviously I have never fallen for a one. But it does make me laugh when I see a "Your netflix account has been locked" e-mail; Because I always just have to say: "And which one is that? The one that don't exist?"
just got a email from Amazon saying my account was locked for being active to long , with a pdf file. deleted it and then your video popped up . Thanks for the information
Hah! I thought along the same lines, why blur the QR code, just point it to a bright red/black "ALL YOUR FILES HAVE BEEN ENCRYPTED" web page. A half-second of sheer panic can really drive home a point.
I'm "over" the use of tech in eating places. I go to Panera Bread once in about two months with a friend for lunch. They have a kiosk right there by the order counter. Some people stop and use it but most don't. I would much rather talk to a human.
I receive about two of those "URGENT" notifications every day. Most if them look, at first glance, to be legitimate, but closer examination usually reveals errors in spelling and proper sentence structures. It helps to know who you do business with, how much you owe them, and what you purchsed.
That explains why most of the scam/spam emails that gets past Outlook's spam filters for me seem to be images, it's been happening to me for the last couple years. The crap spam/scam emails that says this store wants to give me a giftcard or products. They all use pictures, instead of text.
Hi ThioJoe. There are days where I get anywhere of up to 72 phishing email scams. I learned through tips I watched on your previous videos what to look for. They always end up scams.
I HAVE SEEN A LOT OF DIFFERENT TYPES OF SCAMS, I HAVE CAUGHT SO MUCH OF THE TRICKS THEY USE, I HAVE DONE MY BEST TO AVOID THIS CRAP, I HAVE SEEN A FEW OF THE QR CODE ONES, THAT NEVER MADE SENSE TO ME TO DO THAT
I've run into a pretty prolific version of this scam. No QR code, but it checks off just about all the other boxes and it's gotten through to more than one of the users the company I work for supports
Strange your video about this would just show up on my feed as I had a user report one of these to me about 2 hours ago. The email had a PDF attachment which had a QR code inside the PDF. Scary stuff.
I remember a QR scam, where the hacker mails a letter to the victim, with the QR code on the letter. It leads to a fake site etc:... All that is needed is name/postal address/known account of holder. Fake postal letters are a thing.
Also, ive never had amazon or ebay or paypal or anyone else send an attachment. In my mind, that's biggest flag. Unless im actively engaged in a customer issue and sent the seller an attachment, or requested additional info or pics of merch, i dont think most companies send reciepts or warnings via email attachment
Hey, Thio, got one for your consideration: The past month I've been getting these weird emails comprising of what looks like random passages from books and the usual malware payload PDF 🐂💩. Been showing up in my GMail but I know they're scam crap, just wanted to spread the word out on this as it is something new.
i saw it before and recognized it. it was on my pc and not phone, so i saw the whole addy. plus amazon does not send qr codes! yeesh! thanks for your channel and your hard work exposing and warning of these scams.
I've seen all of those type of emails from my free accounts from Microsoft e.g. my MSN email. Google has a superior but not perfect filtering system, and it's rare for me to see something like any of those examples. They're all very obvious at least to me, but I certainly can imagine it only takes a few and these thieves and hackers.
This is helpful, I'm the company filter for emails... I see this everyday. The pixel link I didnt know about, I should prevent that from loading. Thanks!
There was a time when spammers would put all the text in their messages in an image (those I got were mostly stock spam; "This (often sparsely traded) stock is going to go up like a rocket soon!"). Spam filters soon caught up with this, so later such spam mails would have all the tricks we know from capcha filters; distorted letters, odd colors, various dots and lines and other "noise" in an attempt to throw off OCR software. This is just a new level of this -- looking out for QR codes are just the next thing, spam filters need to do.
I received the first kind email from Amazon with PDF attachement and reported it to, is there a way to report it to Amazon , or is Amazon aware of such things? This QR code thing is really clever
Instead of trying to keep up with every new scam, I simply created filters and folders on my email that sort legitimate financial ones to specific folders based on the actual sender address/domain (rather than what address is trying to look like). Any emails that don't show up in the correct folder, but in the inbox instead, are subjected to extra scrutiny (and most reported as phishing without even needing to risk opening it). Don't have any business with that company/bank? Gone. Not currently waiting on an order from that company but says I am? Gone. Have ordered but official site shows no problem? Gone. But it's always good to know what tricks they're trying!
6:09 oh hey, that would immediately tip me off. I have my browser set to save no login info and to auto log me out/delete cookies/blahblahblah. so any time I see things like this. it immediately stands out to me as a "hey hold on it shouldn't be doing that"
my email opens in google workspace and i dont have a google workspace. I watched my friends who work for the school district open their emails linked to workspace so I know this is happening to me. I shouldnt be linked to a workspace. Some of my videos say that I need to contact my admin to watch
In the grocery store in my town there is a QR code at the register where you can win a price if you scan it. This are the traps where people fall for and get scammed. They just want to collect your personal datas. Like your phonenumber or your date of birth.
A pretty easy way to recognize the fake “thank you for spending $$$” scam email… is that they BOLD the “click here to cancel/refund” message with the malicious link.
I just treat any email as if it's spam/scam mail. All links are disabled by default, all images are disabled, and unless you're in my addressbook you're mail isnt going to arrive in the inbox. After that I only open mails from people I know or I know I am going to receive (like 2fa or confirmation mails)
A common type of scam email is about my iCloud storage is full.i don't have an iphone. Or I get calls asking me if my Google business listing for property on Madison in Chicago is still for sale. I don't own any property. Or I've won $1,000 from Walmart, Walgreens Costco Starbucks Amazon, social security, Medicaid and Medicare. It's all fake emails and calls and texts.
Hi there, I just got an email from Norton who invoiced me, saying that if I don't pay it'll auto renew. I clicked on the PDF as well as responded to their email, saying to cancel the subscription but it basically meant an OK and they said it was paid while not waiting the full 24hs. I want to know if my actions of clicking the PDF to look at the invoice or responding to their email have any effect? Please, if you could respond, it would help ease my anxiety as I've been feeling light headed from panic
I am dying laughing how at the end of the video about how QR codes are being used for scams, you include a QR code for the sponsor app. It would make my day if that linked to some youtube video like "you learned nothing" just as a bit of a meme
Headers only, Only download 6kb of email, Don't download attachments, Block remote resources, Do not display attachments inline, Do not send read receipts. The first few settings I set on any email client!
You know, my samsung updated and reinstated my QR scanner function and I have no idea if the camera just scan QR code, but I was making photos to remember prices and I am worried because when I was using the camera, a random function of finding my phone came up and it worries me (I had forgotten until now), the UI of the samsung menu is so against the user to make speficiations (I can't get rid of HD calling for example), but I think I might of accidentally scanned a QR code, do you know if there's any way to check the history of such scans or do you think it's something that would autodelete once it scanned itself into your phone?
Most cooperate email has images turned off by default. Cell bypassing stuff is not true, if the company uses software that makes stuff go through a virtual pipe. The company I worked for, on the work phone, everything went through a pipe they controled.
5:01 there is an urgent need for QR scanners to show you the link and giving you a chance to look at it, at the very least, before authorising it to be activated. Better would be to have the anti-malice filter in the QR scanner. In the meantime, my advice is that you NEVER scan any QR code anywhere. You really don't know what it will lead you too. They are a gift to scammers.
Web Content Accessibility Guidelines 2.0 Success Criterion 1.4.5 AA, Image of Text. If the text is just an image, that is a big accessibility failure right there! And QR codes in emails is so inconvenient. I will never scan a QR code from an email. Why? Because I am 100% sure one of the email addresses in the BCC or the To field won't match over 250 email aliases that I have in file.
OH WAIT. Instead of quotation marks, it somehow got messed up and put in coding/formatting. It is supposed to say "To" but the quotation marks got turned into """
I've actually had users forward those QR code emails to us at work because they didn't get caught in our spam filtering. Good to see others talking about it. Also, the QR codes I've seen in those emails are fucking HUGE.
One thing that was very sophisticated about the QR code that I noticed, even though the url is bogus, it will bing you to an actual M365 portal. So if you have branding, etc, it will show that too. I don't know how it snoops behind the scenes, but everything works as if you are on the actual M365 portal. I'm guessing it is to grab your password and mfa session cookies.
Thank you for this helpful video! I just got a phishing e-mail with the double e-mail addresses at work. Of course I din't fall for it. The QR code part was great heads up.
1:29 that email is sent by a stupid scammer sitting in my country sorry to say , it is from a fake amazon call center located in india , but i love gaurdio warning it is super cool to avoid mess in emails
I have been getting e mails from companys and when they ask me if I want to unsubscribe they say click here, Then it goes to a page where they want me to type in my e-mail address even though they already have it. It makes me kind of nervous Probably over reacting.
I have had a qr code sent to my work email via my IT department, to register for DUO and setting it up in my phone. But I was on the Zoom with our IT person when setting it up, so I knew it was genuine. Otherwise I am pretty weary about this stuff.
Protect your browsing with Guardio, plus get a 20% discount every month for a year, with a free 7 day free trial ⇨ guard.io/thiojoe (Sponsored)
I received an advertisement email from a place I had never been to, and clicked the unsubscribe button without really thinking, I believe it was a real company's email, but it made me wonder if an unsubscribe email that had some kind of malicious link embedded in the Unsubscribe Link could be set off by an automatic unsubscribe extension that clicks all of the unsubscribe buttons in emails.
Thanks for deleting the scam bot reply.
I know you gotta get sponsorship to survive. But guardio sounds kind of like a scam or misleading product. I don't have proof but their marketing material feels like it's making wild claim..still like your content I understand sponsorships.
Joe, why don't you put your ads at the end of your video so we can leave and not have to ffw through it.
i almost fell for the Microsoft one, but this was after setting up a new account because i forgot the password to my last account, anyway i won't be forgetting this one's password any time soon, but yeah it said someone got into your account and it wanted me to verify my login credentials, and i never trust links sent to my email, i instead went to the main website instead of using that link, because sometimes you can't tell it's a hacker or not.
I just got an email telling me that there was an deliverable package from UPS with nothing but an jpg or some other picture which you are supposed to click on to get more info on the package and sender of the 'product'. Clearly a scam with all the earmarks of your topic. Thanks for the great work!
I always get those while i dont have packages sent from ups so the scammers basically sent the wrong message i always sent them to spam
I get hundreds of these a month. How would UPS, USPS, FedEx etc get my email when a label is missing or ripped and they can’t read the address?
Most if not all packages or mail don’t have an email on them.
Same here
Yes, to all 3 of you. I order stuff on Amazon quite a bit ; few days afterward, some jerkoff email, saying ' could not deliver packagage, as owner wasn't home....''' etc etc. or like bullsh**. Report it as spam.................nothing new here......50 ways to sucker us....o well. Take care, all.
Got the same one by email and text... We don't even have UPS in South Africa... How about the locked bitcoin wallet scams.. And all the dead relatives in UK who left you, the only heir to the estate, millions to claim... The problem is that other people fall for these freebees and by replying they usually have to include 5 - 10 cellphone numbers or email addresses of friends or family who they think would benefit from these fake offerings and then you're suddenly the newest victim on the harassment list..
ebay scam - Here's how it works: Buyer buys item listed on eBay - Seller has little to no feedback history. Item is an expensive item, such as a used camera, etc… Buyer pays for item, scamming seller prints the shipping label so eBay system associates tracking info with sale. Seller does not ship package and instead waits out the clock before finally printing their own label and tracking info and providing that manually to eBay to update tracking info. Except, the tracking info is now for a letter (not a box/parcel as a camera would be shipped in) and the scamming seller picks an address in the same zip code as the buyer.
Package shows it was delivered, but only provides city location. Buyer says they didn’t get the package, eBay’s customer service says the seller’s tracking number shows it was delivered, so now the buyer must file an insurance claim with the post office. USPS says there is no insurance claim because the package was delivered properly to the address. eBay leaves eBay buyers out in the cold with no help, abandoned by the very company that assures prospective buyers they are protected, when in fact, they are not.
You can generate QR code using Unicode and bypass that "Ask before displaying external images" filter. It will still appear as ordinary QR code and be readable by camera. It would require a bit of CSS to make it looks OK on all clients/devices, but it is pretty easy.
Haha, I love it, you're already onto the next iteration! You could even write simple HTML that looks benevolent, but when rendered produces a QR code (e.g., a table with black or white cells). It's pretty straightforward to check images for QR codes inside them, but in this case you would have to render the page, capture it as an image, and then scan for QR codes.
I've seen some terminal applications print QR codes to the terminal like this.
@@AeduoExcept that they don't use CSS, and unless fairly advanced (TUI level) they probably don't auto resize.
@@RokeJulianLockhart.s13ouq well yeah they won't use css in a terminal. They just print block characters. And yeah they would likely have to make assumptions and try to fit within 80x24.
imo the root of all these problems is that the default qr scanner included in phones sucks at transparency and doesn't let the user audit and become aware of the content of the codes before executing by default. it's trash
Man, these scammers are clever. If they actually put all that ingenuity into a legit legal job they could go very far.
Na, less effort for more $$ with little risk. That's why they keep doing it. Most of them don't make this stuff on their own. They just buy a packet or something or there's a "manager" who does that and everyone else is basically a drone.
it happened to one of my discord a year ago it's a scam qr code for fake nitro
Ønly difference if scammers have big nuts,workers don’t lol FOH
@@pyromethious Dang ur smart.
Can we just take a moment to appreciate how this fella just simply cares... yeah, it doesn't matter, he is a clever teck geek and gets sponsored in each video, still does it in his regular basis
For sure he definitely cares and couple that with passion. Reminds me of Linus but this guy is more like life hacks. Linus is about PC in general or server enterprise cool shit.
true! Also, I am the only one who's having this bug? Not a bug but an annoying change@@monsterhunter445
He is cute too
As a tech support guy I sometimes recommend those video to our customers and also to our security guys. I know, they already should know, but watching those videos during lunch break helps to make sure they know about those tricks and it teaches them how to forward the message to average user.
Email scanners should include a QR decoder. It's cheap to decode and literally has blocks at the corners to make it easy to find them.
yep, definitely something virus scanners should be including
@@seb_gibbs and there are all kinds of prebuild libraries to do it... just pass resulted text to same email filter....
seems like making it a 30 min task to me..
5 days later.......
I think you are mad to scan *any* QR code. It really is an open invitation to get hacked.
@@mb-3faze That's why emails should check what the QR code does before you scan it with some QR scanner. QR codes are just data, it's up to the QR scanner to do something with the data. Emails scanners could just check what that data is, and if it's malicious, block the email.
@@mb-3faze On most phones you can see the data stored in the QR Code without actually going to the website. Sometimes its not a website at all
I came across both these scams recently in one of my email accounts.
Since I have over 20 years of IT experience I had no problem identifying that those messages weren't legitimate.
However it annoys me that horrible people are trying to take from others continuously.
It's disgusting.
There, will always be ' parasites ' in any democracy. Especially Russia, Iran, china and such likes......
I dont even check my email tbh
Me neither, I don't ever check or look at my emails.
the only time i check my email is for email verification
@@ktlknss same
I don’t even have an internet
@@false_positive*sent from my Bananaphone
Thanks for these tips. My mum is a constant victim of "Free" scams.. It seems to me that it all comes down to convenience. The more convenient it gets to shop online or have your favorite Pizza delivered to your couch, the easier it gets for scammers to use these type of attacks on people who depends on the convenience of home delivery like older people who don't like to drive much or disabled people who can't get around by themselves. They prey on the weak and desperate and that makes me sick to the deepest core of my soul! Keep up the good work!
I watched this video just yesterday, and not one hour ago my inbox--not my Spam folder--received a scam email that uses the picture tactic. Talk about perfect timing!
Thank you for the QR tip. Never heard of that one. The last two days I have received three phishing emails, all of which I recognized before opening the attachments. One I immediately sent to spam without looking at it because it was such an obvious fake. You are helping a lot of us out here, which I appreciate a lot.
I was really surprised when I got a spam email from an Rated 18 website scam stuff, which included an image.
But not an image itself, but a table with CSS styling for every single cell to display a pixel art image.
I kind off found it to be really funny 🤣.
Was hilarious to see something this clever, but absolutely overengineered
Paying $1000+ for Security certifications while a single guy has more experience.
Thanks
Our email servers especially look for no content and block them, and even non-standard text is blocked and filtered. All of our corporate emails are whitelist only, everything else is blocked.
Pretty informative, thanks Thio!
We seriously need to teach people that QR codes are a scam in and of themselves. Nothing good comes from obfuscating where a link is sending you.
Thank you for the Heads-up Joe!
skip sponsor: 2:58
ThioJoe:: "If you see QR codes in public, don't scan them!"
Also ThioJoe: Shows a QR code at the end of his public video.
It’s AI generated images
@@algodoomarbleracing 8:21 in the bottom right (and listen to what he says)
I never scan a QR code unless I know precisely what it is before I scan it. An unsolicited QR code in an email would get that email sent directly to trash.
(3:40) There are legitimate companies that send me promotional e-mail messages that are entirely just one or more pictures, and it's something I don't feel comfortable with but have to accept. (Edit: those images would usually be linked to pages on the company's website)
(4:01) That reminded me of cryptocurrency scammers who, when they hijack RUclips accounts to run live streams, put the link to their scam websites as QR codes, likely in order to bypass some kind of filter that RUclips have in place.
Though when you hover over (in a desktop or desktop web browser email client) an email from a legitimate company they would usually put the whole link in the hyperlink reference for the image. When the scammer does it it's usually a link from a url shortener or it's some fishy site rather than an actual company website.
@@PinkAgaricus
Oh. I forgot about that.
QR codes are designed to be scanned by an automated tool which is something RUclips could just do.
I seen a lot of those 'Simpler ones' disguised as Amazon, Netflix, and a whole host of others. The funniest part is that they are all from sights/services that I don't even use/have. So obviously I have never fallen for a one. But it does make me laugh when I see a "Your netflix account has been locked" e-mail; Because I always just have to say: "And which one is that? The one that don't exist?"
just got a email from Amazon saying my account was locked for being active to long , with a pdf file. deleted it and then your video popped up . Thanks for the information
The thumbnail QR code say “why did you scan this”. 😂
hey ThioJoe!
I got a small request, next time when there is a qr code, instead of bluring it out, replace it with a rickroll one!
Thanks!
Hah! I thought along the same lines, why blur the QR code, just point it to a bright red/black "ALL YOUR FILES HAVE BEEN ENCRYPTED" web page. A half-second of sheer panic can really drive home a point.
What I hate is how restraunts instead of having a menu, just have a qr code... for you to use your phone to read the menu.
No paper menu, I leave.
I'm "over" the use of tech in eating places. I go to Panera Bread once in about two months with a friend for lunch. They have a kiosk right there by the order counter. Some people stop and use it but most don't. I would much rather talk to a human.
Yep lots of places in Malaysia do that. I'm so tech illiterate I don't really know how to scan it anyways 😞
I receive about two of those "URGENT" notifications every day. Most if them look, at first glance, to be legitimate, but closer examination usually reveals errors in spelling and proper sentence structures. It helps to know who you do business with, how much you owe them, and what you purchsed.
Joe, If you wonder why i scanned the thumbnail QR, it was because I wondered if you put some integration into there
maybe joe should do a easter egg where you get faux-scammed... with a certain music...
Same
@@PrograError ah yes
That explains why most of the scam/spam emails that gets past Outlook's spam filters for me seem to be images, it's been happening to me for the last couple years. The crap spam/scam emails that says this store wants to give me a giftcard or products. They all use pictures, instead of text.
Congrats on 3 million subscribers!
Thanks, ThioJoe!
I get phishing emails, spam emails, spam calls and texts, all say I won lots of money.
I don't take my work email seriously, let alone these geniuses. I'm afraid for my Grandpa though, Thank for doing this Theo.
Puts a QR code at the end of the video, just before he says, "Don't scan any QR codes." lol
Hi ThioJoe.
There are days where I get anywhere of up to 72 phishing email scams. I learned through tips I watched on your previous videos what to look for. They always end up scams.
I HAVE SEEN A LOT OF DIFFERENT TYPES OF SCAMS, I HAVE CAUGHT SO MUCH OF THE TRICKS THEY USE, I HAVE DONE MY BEST TO AVOID THIS CRAP, I HAVE SEEN A FEW OF THE QR CODE ONES, THAT NEVER MADE SENSE TO ME TO DO THAT
I've run into a pretty prolific version of this scam. No QR code, but it checks off just about all the other boxes and it's gotten through to more than one of the users the company I work for supports
Strange your video about this would just show up on my feed as I had a user report one of these to me about 2 hours ago. The email had a PDF attachment which had a QR code inside the PDF. Scary stuff.
I remember a QR scam, where the hacker mails a letter to the victim, with the QR code on the letter. It leads to a fake site etc:... All that is needed is name/postal address/known account of holder. Fake postal letters are a thing.
I got one of those simple email scams today. I marked it as read and then marked it as phishing, went on with my day after.
Also, ive never had amazon or ebay or paypal or anyone else send an attachment. In my mind, that's biggest flag. Unless im actively engaged in a customer issue and sent the seller an attachment, or requested additional info or pics of merch, i dont think most companies send reciepts or warnings via email attachment
Everyone should change the option to "Ask before displaying external images".
Then you can white-list trusted domains.
Hey, Thio, got one for your consideration:
The past month I've been getting these weird emails comprising of what looks like random passages from books and the usual malware payload PDF 🐂💩.
Been showing up in my GMail but I know they're scam crap, just wanted to spread the word out on this as it is something new.
i saw it before and recognized it. it was on my pc and not phone, so i saw the whole addy. plus amazon does not send qr codes! yeesh! thanks for your channel and your hard work exposing and warning of these scams.
I've seen all of those type of emails from my free accounts from Microsoft e.g. my MSN email. Google has a superior but not perfect filtering system, and it's rare for me to see something like any of those examples. They're all very obvious at least to me, but I certainly can imagine it only takes a few and these thieves and hackers.
Suspicious e-mails shouldn’t just be ignored but reported as well.
This is helpful, I'm the company filter for emails... I see this everyday. The pixel link I didnt know about, I should prevent that from loading. Thanks!
There was a time when spammers would put all the text in their messages in an image (those I got were mostly stock spam; "This (often sparsely traded) stock is going to go up like a rocket soon!"). Spam filters soon caught up with this, so later such spam mails would have all the tricks we know from capcha filters; distorted letters, odd colors, various dots and lines and other "noise" in an attempt to throw off OCR software.
This is just a new level of this -- looking out for QR codes are just the next thing, spam filters need to do.
It's 2 am and i gotta sleep, but thioJoe videos are more important :)
I scanned the QR code in the thumbnail just out of curiosity, turned out kinda funny. No spoilers.
I received the first kind email from Amazon with PDF attachement and reported it to, is there a way to report it to Amazon , or is Amazon aware of such things? This QR code thing is really clever
Instead of trying to keep up with every new scam, I simply created filters and folders on my email that sort legitimate financial ones to specific folders based on the actual sender address/domain (rather than what address is trying to look like). Any emails that don't show up in the correct folder, but in the inbox instead, are subjected to extra scrutiny (and most reported as phishing without even needing to risk opening it). Don't have any business with that company/bank? Gone. Not currently waiting on an order from that company but says I am? Gone. Have ordered but official site shows no problem? Gone.
But it's always good to know what tricks they're trying!
This should be REQUIRED viewing.
6:09 oh hey, that would immediately tip me off. I have my browser set to save no login info and to auto log me out/delete cookies/blahblahblah.
so any time I see things like this. it immediately stands out to me as a "hey hold on it shouldn't be doing that"
Thank you for informing us of these new scamming techniques!!!
my email opens in google workspace and i dont have a google workspace. I watched my friends who work for the school district open their emails linked to workspace so I know this is happening to me. I shouldnt be linked to a workspace. Some of my videos say that I need to contact my admin to watch
In the grocery store in my town there is a QR code at the register where you can win a price if you scan it. This are the traps where people fall for and get scammed. They just want to collect your personal datas. Like your phonenumber or your date of birth.
I’ve gotten those emails and typically I erase them and since have labeled them as
Spam and periodically erase that folder 📁 as needed
A pretty easy way to recognize the fake “thank you for spending $$$” scam email… is that they BOLD the “click here to cancel/refund” message with the malicious link.
They are smart, thanks for your advices.
Thanks for the head's up on the scams.
CP3O "Here we go again"
CP3O?
I just treat any email as if it's spam/scam mail. All links are disabled by default, all images are disabled, and unless you're in my addressbook you're mail isnt going to arrive in the inbox.
After that I only open mails from people I know or I know I am going to receive (like 2fa or confirmation mails)
A common type of scam email is about my iCloud storage is full.i don't have an iphone. Or I get calls asking me if my Google business listing for property on Madison in Chicago is still for sale. I don't own any property. Or I've won $1,000 from Walmart, Walgreens Costco Starbucks Amazon, social security, Medicaid and Medicare. It's all fake emails and calls and texts.
Thanks...I've received several emails telling me my account was locked, or that I needed to verify my password 😏 tricky, tricky...
Literally got one of those Amazon emails while watching this video! 😂. Thanks for the heads up.
Ah, another great cup of Joe anti scam:)
Hi there, I just got an email from Norton who invoiced me, saying that if I don't pay it'll auto renew. I clicked on the PDF as well as responded to their email, saying to cancel the subscription but it basically meant an OK and they said it was paid while not waiting the full 24hs.
I want to know if my actions of clicking the PDF to look at the invoice or responding to their email have any effect? Please, if you could respond, it would help ease my anxiety as I've been feeling light headed from panic
Does google lens/google camera protect agasint this type of QR code?
Coorporates phones usually have proxies setup to filter traffic, w/e it’s connected using wifi or cellular
I am dying laughing how at the end of the video about how QR codes are being used for scams, you include a QR code for the sponsor app.
It would make my day if that linked to some youtube video like "you learned nothing" just as a bit of a meme
My favorite part is when you warn against using QR codes and immediately follow it with a QR code.
Yall remember when this dude was a troll? I'm glad he went straight. This is far more useful
Thanks for the video!
Headers only,
Only download 6kb of email,
Don't download attachments,
Block remote resources,
Do not display attachments inline,
Do not send read receipts.
The first few settings I set on any email client!
Thank you!
Thanks for the info!
4:55 though true, this is a little bit myopic. Companies that would be worth scamming this way would most likely use a MDM security solution.
You know, my samsung updated and reinstated my QR scanner function and I have no idea if the camera just scan QR code, but I was making photos to remember prices and I am worried because when I was using the camera, a random function of finding my phone came up and it worries me (I had forgotten until now), the UI of the samsung menu is so against the user to make speficiations (I can't get rid of HD calling for example), but I think I might of accidentally scanned a QR code, do you know if there's any way to check the history of such scans or do you think it's something that would autodelete once it scanned itself into your phone?
Most cooperate email has images turned off by default.
Cell bypassing stuff is not true, if the company uses software that makes stuff go through a virtual pipe. The company I worked for, on the work phone, everything went through a pipe they controled.
Need that tuxedo video when you blow mind at end
Thx
5:01 there is an urgent need for QR scanners to show you the link and giving you a chance to look at it, at the very least, before authorising it to be activated.
Better would be to have the anti-malice filter in the QR scanner.
In the meantime, my advice is that you NEVER scan any QR code anywhere. You really don't know what it will lead you too. They are a gift to scammers.
Web Content Accessibility Guidelines 2.0 Success Criterion 1.4.5 AA, Image of Text. If the text is just an image, that is a big accessibility failure right there! And QR codes in emails is so inconvenient. I will never scan a QR code from an email. Why? Because I am 100% sure one of the email addresses in the BCC or the To field won't match over 250 email aliases that I have in file.
0:26 The subtitles XD. How do you get ""To"" from "TO" why is there so many of """ things??
OH WAIT. Instead of quotation marks, it somehow got messed up and put in coding/formatting. It is supposed to say "To" but the quotation marks got turned into """
Ah it's html. Are you guys also experiencing this?
I've actually had users forward those QR code emails to us at work because they didn't get caught in our spam filtering. Good to see others talking about it. Also, the QR codes I've seen in those emails are fucking HUGE.
One thing that was very sophisticated about the QR code that I noticed, even though the url is bogus, it will bing you to an actual M365 portal. So if you have branding, etc, it will show that too. I don't know how it snoops behind the scenes, but everything works as if you are on the actual M365 portal. I'm guessing it is to grab your password and mfa session cookies.
Thank you for this helpful video! I just got a phishing e-mail with the double e-mail addresses at work. Of course I din't fall for it. The QR code part was great heads up.
1:29 that email is sent by a stupid scammer sitting in my country sorry to say , it is from a fake amazon call center located in india , but i love gaurdio warning it is super cool to avoid mess in emails
I have been getting e mails from companys and when they ask me if I want to unsubscribe they say click here, Then it goes to a page where they want me to type in my e-mail address even though they already have it. It makes me kind of nervous Probably over reacting.
Always great information and tips to keep us safe.
I have had a qr code sent to my work email via my IT department, to register for DUO and setting it up in my phone. But I was on the Zoom with our IT person when setting it up, so I knew it was genuine. Otherwise I am pretty weary about this stuff.
Just me who scanned the qr code in the thumbnail?
Nope "why did you scan this"
We've been getting these Microsoft emails at my company for about two weeks now.
Our company has gotten several emails with the QR codes claiming to be Microsoft Authenticator
a way to combat that scam is to have the email server scan the image and run a decoder to get the text.
Wating for your Sandboxie video Theojoe ♥️
reading these scammers' Engrish ' gave me more stress