Alex – Page 2 – TempMail.lol Blog

Scams – Fake Hacker and Account Recovery Scams

Scammers try to fake being hackers to get money from victims looking to get their accounts back. Learn about signs of these scammers and how to avoid them.

Scams are everywhere, especially on social media platforms. Bots go around looking for Tweets containing phrases such as “I got locked out of my account” or “My account was suspended”, and claim you should message a ‘hacker’ to get it back. As we will see in this article, all of these hackers are fake, and they will just take your money and run.

Important

If you do have a locked account, do not approach these ‘hackers’, they will ask for money to ‘recover’ your account. In reality, these hackers do not exist, it is a scammer who only wants to take your money.

If you did have one of your accounts locked and a scammer approached you about it, ignore them. The only way to recover your account on any platform is to contact the company you registered the account under. It sucks, but it’s the only way to do it.

Quick overview

In this scam, the scammer will attempt to:

Have you initiate a conversation
Ask you what accounts you want ‘recovered’
Ask for money, then run away with it

The scam

This type of scam happens on social media platforms such as Instagram or Twitter. Though companies such as Twitter have anti-bot measures in place, and they work somewhat well from what I have seen.

The scam starts with one of two things. The first is if you post something such as “I got my account suspended” on Twitter, you will get around 5-10 replies instantly from supposed ‘hackers’ or people recommending these fake hackers.

For privacy reasons, I have to remove the names of the bot accounts. While they might have been created for the sole purpose of replying to people’s tweets, they could be hijacked accounts that once belonged to real people. Ironic, isn’t it?

Sometimes people will write things such as “I got my account locked, can you help me?” replying to one of Discord’s tweets. These scammers have bots which will look for replies to this tweet and attempt to attach themselves to the thread.

While these scammers did raise several red flags, I will not be pointing out the mistakes they made for the sake of not making these scams better.

Introduction

I contacted one of these fake hackers. Note: I am not liable for anything you do. If you are going to do this, do not use your real name. Make sure that any information on the account you use to contact cannot be traced back to you. While it is unlikely that one of these fake hackers will go after you personally, it is safer not to risk it.

The conversation I had with the first scammer on Twitter was long, so I will not be posting the entire conversation.

I will be blurring out details. The username I gave the scammer is fake, but I want to blur it just in case.

Note that any spelling mistakes were intentional on my end. If the image is too small, right click and open in new tab, or just drag the image to the new tab spot.

The scammer starts off asking for my username. In reality, he just sits there for a few minutes pretending to lookup my information.

After two minutes, the scammer got back to me, saying that my account, which does not exist, is recoverable. He then asks if I want to get the account recovered, which I would assume anyone would want, only to reveal that he needs me to pay $60 for “template software” to recover the account.

Of course, there is no such thing as software to recover accounts. In this instance, the scammer attempts to confuse the victim by throwing out words that sound important. Phrases such as “template software” are basically nonsense words.

I wanted to have a little fun, so I asked if $1 was enough, and he settled with $40 instead. Needless to say, I am a master negotiator now.

The conversation goes on for another twenty screenshots worth of pages. He states that I should refer my friends to him for a discount, trying to get even more money out of innocent people through referrals. I think once most people figure out the scam, they will not refer him to their friends.

Reeling in the victim

Of course, no good scam is complete without trying to get money from the victim. This is a lower stakes scam, unlike social security scammers, who try to tack on as many zeroes as they can.

I asked if I could pay with cash, but that was obviously out of the question. He would never do this of course, but I was hopeful. Instead, he suggests that I pay using Bitcoin. I decided to not go for this route, because depending on how he has it setup, there could be no ties to him whatsoever.

I chose to go with a different platform that I could report to the company. While this will not stop the scams, it does slow them down.

He asks if I can go on WhatsApp instead, which probably means that he is afraid his Twitter account will be suspended soon. Moving to a different platform means that even if his Twitter account is suspended, he will be able to continue with the scam.

After realizing that I do not have WhatsApp, he then asks for my phone number, which a scammer could use for many reasons. I wouldn’t put it past these scammers to use any means necessary to get money out of their victims, so I did not provide a phone number. Maybe in the future I will if I get a burner phone.

I asked him to reveal my own phone number. If he was the great hacker he says he is, it would be no problem; however, he said that for technical reasons, he is unable to get my phone number because of software problems. Sound like a fancy way of saying “I’m a fraud”.

He asked me to pay him through a different app, and to put the reason of the transfer as “gift”. This is likely to avoid triggering anti-scam detectors that have been put in place by these apps.

Unfortunately, I forgot to record my messages with the Instagram fake hacker, but it went more or less the same way. From what I can tell, these companies are taking action on these bot accounts, when I checked back this morning, they were suspended.

Conclusion

While scams cannot be stopped, it is important to know about them. Send this article to your family and friends so they know how to avoid scams.

Bookmark our blog, we have more articles exposing scams coming out soon! If you want, you can also join our Discord Server.

If you were contacted by a scammer, or want to report scams for me to investigate, feel free to contact me on the Discord server above, or email me at [email protected]

NFT Scams – Signs and How to Avoid Them

Scams are everywhere. In this article, we’ll be focusing on NFT scams floating around on social media platforms.

Scams are everywhere, and social media platforms are a prime target for them. As part of the TempMail.lol scam articles, we will be focusing on online scams, signs of them, and how to avoid them.

Quick overview

In this scam, the scammer will attempt to:

Try to get your interest as a ‘financial expert’
Attempt to get you interested in buying cryptocurrency or NFTs
Ask you to send money to them, then runaway with the money once paid, or ask for more money

The Scam

This particular scammer was inexperienced, he was quick to send me his details to try to scam me out of money, and made several mistakes about what he was trying to scam me out of. For the purposes of not making these scams better, I will not be pointing out these mistakes.

The scam starts with a user friending you on a platform such as Discord; though, this is just where it happened to me, it is possible for this to happen on any popular social media platform.

Introduction

The scammer starts by adding you as a friend, usually from a mutual server (if you are in public Discord servers). Since my username starts with an “a”, I am high up on the list of members. Afterwards, they usually do not initiate a conversation, they wait for you to start it.

Here is the beginning of the conversation I had with the scammer (note that my first message “yes” was due to his friend request). It is highly likely that the scammer’s name is faked; however, I cannot take such a risk.

Image transcription:
Me: yes?
Scammer: How are you doing, nice to meet you .
Me: good, what’s up?
Scammer: I’m Harrison and I’m from Texas United State, I deal on NFT and Crypto have you had of any before?
Me: i’ve heard of it but haven’t gotten into it
Scammer: Have you heard of NFT craft investment where You can purchase NFT craft from us today at the sum of $7,000 and sell it in one week time with the sum of $60,500.
Me: sounds sketchy
Me: sorry for my late responses, i’m away from my house right now
Scammer: NFTs are only profitable because they are one of a kind, if I were to show you, you could screen shot than be rich

Needless to say, this sounds sketchy from the get-go. I have never been one to invest in NFTs, so even NFTs through legitimate channels seem sketchy to me.

The scammer hopes to get your attention by throwing out big numbers, and promising that if you pay, you will get large rewards in return; however, as we will get into later, the scammer will up and run with your money, and you won’t be left with the JPEG you were promised.

Reeling in the victim

After getting a conversation going with the victim, the scammer will attempt to get the victim to send money to them. They will start with a price around $10,000, expecting the victim to back out, only to ‘concede’ to a lower price. You can see the same tactic used sometimes by salespeople, though legitimate salespeople and scammers are very different people.

In my case, the scammer asks how much I want to invest, basically saying that I have control over the entire transaction. The scammer will do this to attempt to gain trust with the potential victim.

Image transcription:
Scammer: NFTs are only profitable because they are one of a kind, if I were to show you, you could screen shot than be rich
Scammer: And I can’t let that happen unless we have a fare trade
Me: i don’t get it
Scammer: It is very easy to make money., and all you have to do is send as much and reliable way too money of your choice and you will get a custom NFT that you could wait 5-10 days to sell And you could make millions after the investment (shrugging arms emoji)
Me: do i give you the money? sounds kind of strange
Scammer: Are you interested, let me tell you the correct NFT that is in sell at the moment?
Me: sure! sounds interesting
Scammer: Currently on sales now a Gorilla that could go for about $98,683 after about 1 week
Scammer: That would be for $11,081 right now, But I can sell it for you in the sum of $9,500, Can you afford this?
Me: i mean i can but that sounds like way too much
Scammer: Alright how much would you like to start up with ?
Scammer: You say
Me: maybe $500?

The scammer intentionally goes overboard with the price, then lowers it to make it seem more of a deal, even though no matter how much you pay you’ll be scammed out of your money, whether it is $500, $9,500, or $11,081.

Collecting from the victim

After I said that I would pay $500 (which I would never do), the scammer’s eyes lit up like dollar signs in a cartoon, and he eagerly sent me options to pay. Etherium and Bitcoin would be hard to trace, especially if he was using a separate address per victim, so I decided to go with PayPal since I could report it to get his account shut down.

I claimed that I did not own cryptocurrency (it’s the truth!) so I could get his PayPal details, and he copy/pasted a response right to me, asking me to send $500 to that address.

Needless to say, I’m going to blur out the scammers details, even though it is likely a temporary email and a prepaid phone number (by the way, we run a temporary email service! Check it out here). The scammer also states that I must put the reason of payment as “gift”, this is likely to avoid any kind of anti-scam measures PayPal has put in place.

Image transcription:
Scammer: Alright
Scammer: How do you want to make your payment? Bitcoin wallet PayPal ETH…
Me: paypal would probably be the easiest
Me: i do not own cryptocurrency
Scammer: [redacted paypal information]
Me: [trollface emote]
Me: caught in 4k man
Me: hook line and sinker
Scammer: Once you made the payment please take a screenshot and sent it to me immediately
Scammer: Alright

Granted, I could have trolled him a bit more by saying things such as “PayPal blocked my payment” or “How do I know you are who you say you are?”, I decided it was time to end the scam.

Though it was immature of me to send a trollface emote and my other two comments after that, I wanted the scammer to feel like his time was wasted interacting with me, and maybe make him think about making an honest living in society, rather than trying to scam innocent people out of their hard earned money.

Bonus: after looking up the phone number, I discovered that it belongs to an actual carrier in the United States, and not a VoIP service as I initially thought. I will edit this page if I discover more on this.

Edit: after looking some more, the area code listed is in Texas, which leads me to believe this phone could be hijacked with malaware in order to receive verification codes.

Conclusion

Want to stop scams like this? Send this article to your friends and family to warn them about scammers, and what kinds of tactics they use to bring in victims.

If you want, join our Discord Server, and bookmark our blog so you can stay up to date with the kinds of scams flooding the Internet these days.

If you were contacted by a scammer, or want to report scams for me to investigate, feel free to contact me on the Discord server above, or email me at [email protected].

Stay safe out there!

How to Compress and Decompress bz2 Files in Linux

In this article, I will be showing you how you can compress and decompress files using the bz2 format in Linux on the command line.

Compression in computing has been around for decades, and new formats of compression come out every so often that are more efficient than others. In this article, I will be showing you how you can compress and decompress files using the bz2 format in Linux on the command line.

What is the bz2 format?

According to their manual file:

bzip2 compresses files using the Burrows-Wheeler block sorting text compression algorithm, and Huffman coding. Compression is generally considerably better than that achieved by more conventional LZ77/LZ78-based compressors, and approaches the performance of the PPM family of statistical compressors.
https://linux.die.net/man/1/bzip2

Installing bzip2

Depending on your Linux operating system, you may need to install a package to use it.

First, check to see if you have the package:

which bzip2

If you get a response such as /usr/bin/bzip2, /bin/bzip2, etc. then you have it installed already! Otherwise, use one of the following commands to install it:

# on Ubuntu/Debian based operating systems
sudo apt install bzip2

# on CentOS based operating systems
sudo yum install bzip2

# on Arch Linux and Arch based systems
pacman -Sy bzip2

Using bzip2 to compress file(s)

You can use the following command to compress a single file:

# -z tells bzip2 to compress.
bzip2 -z yourfile

WARNING: bzip2 will delete input files (those that you have compressed) once it has finished. To have it keep the files, append -k to the command, like so:

# -z tells bzip2 to compress and -k tells bzip2 to keep the input files after it has finished
bzip2 -kz yourfile

Using bzip2 to compress folders/directories

To use bzip2 on a folder or directory, you will need to make a .tar archive first, then use bzip2 on the folder.

Making a tar archive is easy! Use the following command on the folder you want to make a tar file of:

# -c tells tar to create a new archive, -f tells it to store the archive to the specified file
tar -c -f myarchive.tar ./folder1/ ./folder2/ ./folder3/ ./myfile.txt

You now have a .tar version of your folder(s) and file(s).

Now we can use the bzip2 command to compress the file, as in the above instructions:

# -z tells bzip2 to compress.  (if you want to keep the original .tar file, use -kz instead of just -z)
bzip2 -z myarchive.tar

Now, we have a new file: archive.tar.bz2, which, depending on your use case, will save you a lot of disk space for archiving purposes.

Using bzip2 to decompress files

Once you have a .bz2, .bz, .tbz2, or .tbz file, you can decompress it with the following command:

# -d tells bzip2 to decompress, use -dk instead to keep the original bzip2 file, otherwise it will be deleted.
bzip2 -d mycompressedfile.bz2

Using tar to decompress .tar.bz2 files

# -x tells tar to extract, -j tells tar to use bzip2, -f tells tar which file to decompress
tar -xjf myarchive.tar.bz2

Conclusion

While commands like these are not always easy to remember, you can always use the man command, then press / and type what you want to search for in the man page.

Security – Your VPN Does Not Keep you Secure

VPNs can be misleading, learn exactly what a VPN does and doesn’t do to protect your online security.

VPNs, something we have all seen online, and recently they have made their way into TV commercials, promoting their “one-click security” software; however, this could not be further from the truth.

The basic goal of a VPN is to change your IP address; though, this is easy to detect. If you use an online account, you will still be tracked online, as that account may have your real name, email address, or even more information attached to it.

I’ll go over the main points of what a good VPN does and does not do:
A good VPN will:

Hide which websites you visit
Hide your actual IP address from the website
Change your “location” to make it seem as if you are in a different city, state, or even country.

For this website, TempMail.lol, you are connected securely. Your ISP (Internet Service Provider) can see you are connected to https://tempmail.lol/, but cannot see anything after the slash; all of that information is encrypted before being sent to our servers. You can distinguish encrypted websites from non-encrypted websites by seeing if they start with HTTP (Hyper Text Transfer Protocol) or HTTPS (Hyper Text Transfer Protocol Secure). Note: just because a website has HTTPS, it does not mean that the website is trustworthy. Anyone can get a certificate to encrypt their connection for free. For more information, see the following post: HTTPS – Secure Websites are not Always Trustworthy.

Now, a good VPN WILL NOT do any of the following:

Make you completely anonymous
Hide all of your Internet activity
Make your Internet or computer more secure
Completely protect you from viruses

Additionally, the government of the VPN company may issue a gag order, telling them to start logging information, such as websites users visit, their original IP address, and even website data for unencrypted connections.

How do I have Better Online Security?

There are basic tips to staying secure online, here is a list of some of those.

Do not give out your email address to random websites.
Watch out for websites that may ask you to install extensions. Websites will not require you to enable notifications to use the site; only enable notifications for websites you trust.
If you are signing up for a website which you are not going to use in the future, try using a temporary email provider, such as TempMail.lol, which will generate a temporary email address with no ties to you.

Of course, the most important rule is to make sure that you, the person reading this text, do not interact with things that seem sketchy, or at the very least, be more skeptical of what you download online. As part of our blog, we have articles about scams in the Scam category on different types of scams and how you can avoid them.

HTTPS – Secure Websites are not Always Trustworthy

HTTPS, while secure, does not mean a website is legitimate. See how scammers obtain secure websites to trick potential victims.

We’ve been taught that secure websites (those that start with https rather than http) are more trustworthy than those that do not. While this has some validity to it, this is not always the case.

HTTP vs HTTPS

HTTP (Hyper Text Transfer Protocol) and HTTPS (Hyper Text Transfer Protocol Secure) define how websites are transferred from the server to you, the client. HTTP sends data unencrypted, anyone who has an antenna at the right frequency, a line listening in between the router and the Internet provider, or any of the other steps along the way, can see exactly what you request, and what the website returns to you (this can include personal information), which is why HTTPS is used now.

HTTPS encrypts your data, so information you send to the website (such as your name, credit card details, etc.) cannot be intercepted by hackers listening in on the conversation; however, this does not make the site trustworthy.

For a site to use HTTPS, they must first acquire a certificate from a provider. There are some providers (such as Cloudflare) that are free, which can allow scammers to host a (now secure) phishing website. While services such as Cloudflare do take down phishing scams, often they have already moved on to another scam, making them difficult to stop.

What does this mean for me?

While it encrypts your Internet activity from you to the website, HTTPS does not mean that a website is secure. Scams are everywhere, and scammers are easily able to obtain certificates to secure their website, making it look legitimate to potential victims of the scam.

Online scams usually have several red flags. If you see some of these red flags, you should leave the site instantly. As part of the TempMail.lol blog, we will be releasing several articles on scams on the Scams category with information on how the scam works, signs of the scam, and how to avoid them. Stay tuned!

TempMail API for JavaScript is Ready!

Ever wanted to make a program that interacted with TempMail.lol but didn’t want to figure out the API yourself? Now, you can use our basic JavaScript/TypeScript library to do so!

To get started, install the library on your project:

npm i tempmail.lol

You can also use Yarn if you prefer.

yarn add tempmail.lol

Important – Read Before Using

Inboxes have a hard expiration time of one hour. If you do not use the token to check for emails within 10 minutes of the last check, the inbox will expire.

Usage

Using the API is very simple. To create an inbox, use the following code:

const {createInbox} = require("tempmail.lol");

createInbox((inbox, err) => {
    if(err) {
        return console.error(err);
    }
    
    console.log(`Created new inbox: ${inbox.address}`);
    console.log(`Inbox token: ${inbox.token}`);
});

Or you can use promises if you prefer:

const inbox = await createInboxAsync();
//or you can use .then()

Make sure to save either the Inbox or the token returned, as you will need it to access any received emails.

To access received emails:

const {checkInbox} = require("tempmail.lol");

checkInbox("YOUR_TOKEN", (emails, err) => { //you can also pass in the Inbox object.
    if(err) {
        return console.error(err);
    }
    
    emails.forEach((e) => {
        console.log(JSON.stringify(e, null, 4));
    });
});

Of course, you can also use the async method:

const emails = checkInboxAsync("YOUR_TOKEN"); //you can also pass in the Inbox object.

Note: if the token is invalid, the checkInbox and checkInboxAsync methods will throw an error. Keep this in mind for when you use it in production.

Examples

I learn from examples, and you might as well! Here is an example program that generates an email, checks for new emails every 10 seconds, then displays if any are received.

const {createInbox, checkInboxAsync} = require("tempmail.lol");

createInbox((inbox, err) => {
    if(err) {
        return console.log(err);
    }
    
    console.log(`Inbox created: ${inbox.address}`);
    
    //Check for new emails every 10 seconds
    setInterval(async () => {
        const emails = await checkInboxAsync(inbox);
        
        if(emails.length > 0) {
            console.log(`${emails.length} emails received`);
            
            //print out each email.
            emails.forEach((value, index) => {
                console.log(`${index + 1}: ${value.subject}`);
                console.log(`from: ${value.from}`);
                console.log(`date sent: ${new Date(value.date)}`);
                console.log(`body: ${value.body}`);
                console.log(`html: ${value.html}`); //note: html may be undefined.
            });
        }
    }, 10000);
});

Pretty cool! Let me know what you end up creating, you can reach me at [email protected].

You’re Probably in a Data Breach – Here’s How you Check

Data breaches can be scary, learn how to find out if you’re in one and how to recover from one if you are.

Did you know that a lot of people are in a data breaches who don’t even realize it? Fortunately, there are websites that exist that allow you to check if you are part of a data breach.

HaveIBeenPwned is a website that allows you to enter an email address/phone number/password (we’ll get to how they check passwords securely later).

Checking email addresses

You can enter your email address to check if you are part of a data breach.

For this instance, I’ll be checking [email protected], and at the time of writing, this email has been part of 79 data breaches, ouch!

Too bad for this dummy email, it will be getting a lot of spam in the future!

What if I’m part of a breach?

Chances are, one of your email addresses were part of a data breach. There is no undoing this, but there are things you can do going forward.

If you are signing up for websites you will not use in the future, use a temporary email provider, such as TempMail.l ol, which is actually much safer than using an email dedicated for dubious websites. This will also prevent same email-based tracking.
Change the password you used on the pwned websites, then, if you used that password on any other website, change the passwords for those websites. It can get very tedious, but well worth having the peace of mind!
Use a password manager. Firefox and Google Chrome have built-in password managers, and even have options for allowing users to sync their passwords to mobile devices!

Checking passwords

Putting your passwords into a data breach checker can seem very sketchy, and I was off-put at first until I learned how it worked. You send a portion of your hashed password (which you can obtain by using this website using the sha-1 algorithm), then they return a list of possible passwords, which your browser checks. Your password is not revealed to anyone during the process.

Conclusion

Use a password manager. Google Chrome and Firefox have built-in password managers that sync with devices, and Apple users can use iCloud Keychain to securely sync long passwords between devices. Stay safe!

How to get a Temporary Email Address

Ever wondered how to get a temporary email address? Check out TempMail.lol and generate one for free!

Temporary email address generators are one of the more useful tools you can find on the internet, but not a lot of people know about them. Thankfully, there are tools, such as TempMail.lol, that will allow you to generate a random, secure, and temporary email address that you can use to signup for websites.

How does it work?

TempMail.lol generates a temporary email address, and you can use it to register for accounts online. When we receive the email on our servers and sent to you, it is deleted from our end, so we never know who uses our services.

What can I use it for?

Anything! Well, almost anything! The intent of TempMail.lol is to allow users to sign up for websites they will not use in the future or to test their email to make sure that emails they send are going through correctly.

It is NOT a replacement for your everyday email. As per the name, the emails are temporary. After one hour in time, your email will be erased, and no one else will be able to access it after that time.

How does this help me?

Spam is everywhere! Let’s say you signup for a website that, to view the price for a car, you are required to give your email address. Several days after signup, they may sell your email address to advertisers, flooding your inbox with spam! If a TempMail.lol email is sold, it’ll go to an inbox which will not exist once the spam is received.

This is especially relevant for websites which require you to not only enter an email, but confirm it as well. You can confirm email addresses received to TempMail.lol emails.

Best news of all, the site’s colors are easy on the eyes!