Possible phishing scam?

I received a suspicious e-mail last night supposedly from VW.

Although it appears to be authentic the links in the e-mail do not show the correct URLs when I mouse over them and there's no new info in the e-mail. I didn't follow the links. Plus I have already submitted all my docs to VW.

Anyone else get something like this? How did this phisher get my e-mail address and know that I have a TDI involved in the buyback? Or was the e-mail just sent out in bulk in the hopes of it being received by someone involved in the buyback? Or is it legit?

Here's the e-mail. I wouldn't follow the links if I were you...

The following information is about settlements with the United States and California (U.S. Environmental Protection Agency, California Air Resources Board, California Attorney General); the U.S. Federal Trade Commission; and 2.0-Liter VW/Audi TDI vehicle owners and lessees.
For more information, visit <REMOVED>.
The Court has approved settlements with Volkswagen regarding diesel emissions from Volkswagen and Audi 2.0-Liter diesel vehicles. If you are eligible, you may submit a claim now: <REMOVED>
Current owners and lessees can choose one of the two following options:

• A buyback of your car or an early lease termination; or
• A modification to your car to improve emissions (if approved by EPA and CARB), plus cash.

Some former owners and lessees are also eligible to receive cash.
HOW IT WORKS:

• 
  <REMOVED>. Enter your VIN to see if your car qualifies and how much compensation you will receive.
• You’ll get information about your options, including the timing. If you are eligible, you can file a claim on the site now.
• You can wait until you receive more information about whether there will be a modification available to improve emissions from your car.

Includes these 2.0-liter diesel cars:

• VW Beetle 2013-2015
• VW Golf 2010-2015
• VW Jetta 2009-2015
• VW Passat 2012-2015
• Audi A3 2010-2013, 2015

For more information, visit <REMOVED> or call 1-844-98-CLAIM
To be removed from future communications please click <REMOVED>

I got one for each of my cars. My Email program marked them as possible scam, but I think that is only due to the return address.

Got it as well--it is a scam. The URL's bring you to a non-VW phish site.

It does look suspicious but searching that domain they do class action notifications for multiple cases. That being said I would always type in the url and not click on the link in the email.

Got it, just moved it to the VW file...will go and delete it now.

Received the same email last night & thought the same thing. I never click on links in emails. I always open a browser & type the web address in manually.

I think they sent a broadcast out to everyone on their list. There was nothing new for most of us, but many probably still are unaware or haven't followed up on any of this.

Don't think it is a scam, but maybe spam.

I got two of the same at 2:01am today.

brian_e said:

Got it as well--it is a scam. The URL's bring you to a non-VW phish site.

Click to expand...

OP: please edit your original post to remove those links. They are not going to where they imply they are going. Some will not understand this despite what you wrote.


Sent from my iPad using Tapatalk

TDIinMA said:

I think they sent a broadcast out to everyone on their list. There was nothing new for most of us, but many probably still are unaware or haven't followed up on any of this.

Don't think it is a scam, but maybe spam.

Click to expand...

These email are definitely phishing emails. They do not come from VW at all. If you look at the full email headers they actually come from sxcfssmmta1-ip5.qgemail.com with a real return address of bounces <at> rustconsulting.qgemail.com. Domain qgemail,com definitely has absolutely nothing to do with VW. It is a classic phishing email although a pretty well crafted one. Don't click on any links or reply and delete these emails.

I clicked on the link. Those links are tracking links. Probably loads a tracking cookie to your web browser then redirects you to https://www.vwcourtsettlement.com/en/. A place we've all been to. Not exactly harmless but may be no big deal unless like me you do not like being followed around the internet. I use FireFox and I've loaded 2 different 'Do Not Track Me' add-ons to it. It works and prevents links such as these from tracking you via that little cookie they deposit into your web browser. It does not allow FireFox to accept that tracking cookie to be deposited on to your computer.

Maybe it's an advertising cookie? Perhaps VW is trying to find out where you're car shopping these days?

These are the two that I use - one is specific to Google - an evil bunch IMO. The other one simply enables the auto no-tracking feature built into FireFox.

https://addons.mozilla.org/en-US/firefox/user/browsernative/?src=api

https://addons.mozilla.org/en-US/firefox/user/backy0175/?src=api

Oh - and I use Linux - the Ubuntu 16.04 (currently) distro and have no need for anti-virus protection and all the other BS that comes with Windows. If you haven't tried it you might be very pleasantly surprised at how well it works. It's fast and secure without having to buy firewalls and anti-virus stuff. Best of all Ubuntu is FREE! They do take donations - I gave them $50 and it was worth three times that - easily! I've been using it for the past year - I'll never go back to Windows for day-to-day computer use. I have to use Windows to program my Harmony remotes so I keep Win 7 in a dual boot configuration. If LogiTech ever comes out with Linux support I'll have zero need for Win 7.

I received this email last week and trashed it when I saw the return address.

To the original poster - Thanks for bringing this to our attention. I've edited your post (and a couple of others) to remove the dangerous links.

GoFaster said:

To the original poster - Thanks for bringing this to our attention. I've edited your post (and a couple of others) to remove the dangerous links.

Click to expand...

Those were just tracking link - actually a single link. I highly doubt they are dangerous. I think it is VW trying to track members of the class action lawsuit to see where they've been shopping for cars online. Clicking on those links is about as dangerous as clicking on a Google link - it's a simple redirect which deposits a simple tracking cookie then takes you to the link as shown. Every time you do a Google search take a look at the real link - its always a redirect link and takes you to where you were going anyway - with one more cookie added to your web browser's cookie 'jar'.

Like I said previously - it takes you to the claims portal.

Yes exactly what it is. Not a big deal. If you google that domain you see them on a bunch of other lawsuits where they are tracking clicks.

Sent from my Nexus 6 using Tapatalk

Still less risky to type the address in on your own rather than go through a third party that is doing something unknown.

GoFaster said:

Still less risky to type the address in on your own rather than go through a third party that is doing something unknown.

Click to expand...

I agree with typing in the website you wish to visit - or use your bookmarks. I've got a ton of them. As far as a redirect? It isn't unknown - you're simply getting a 'cookie'. A little tiny script that records where you go and what you click on. The cookie grows as it absorbs information. Like I said prior - it's probably VW tracking where you go to see which cars you might be interested in. Nothing nefarious in that - but maybe a bit dishonest on their part. And nothing surprising about their dishonesty - is there?

Google does redirects all the time - as do most search engines. They make money from doing that, as do other search engines. It's how they got so fat and happy. They've perfected their tracking skills a lot since those first days. I rarely use Google for anything except one gmail account. Funny how I use that email address so seldom yet there is always 100 or more spam emails in the spam box when I visit every few weeks.

I use duckduckgo.com for my search engine - they specifically let you know they do not track you. I make sure though - I use two no-track plug-ins in my FireFox browser.

Seems like a known consulting company hired quad graphics https://www.qg.com/capabilities/data/response-analysis to track the responses of emails.

Back to the OP ...

I received this broadcast email again early this AM. Not sure what's going on or if they are just trying to make sure everyone gets the message, but it would be nice if they would include a disclaimer saying such or to disregard if you have already received/submitted a claim:


VW Settlement Update <Administrator@qgemail.com> Today at 2:08 AM

To xxxxxxxxxxxxxx@yahoo.com

Message body

Court Approved U.S. Volkswagen / Audi Diesel Emissions Settlement

The following information is about settlements with the United States and California (U.S. Environmental Protection Agency, California Air Resources Board, California Attorney General); the U.S. Federal Trade Commission; and 2.0-Liter VW/Audi TDI vehicle owners and lessees.

For more information, visit VWCourtSettlement.com.

The Court has approved settlements with Volkswagen regarding diesel emissions from Volkswagen and Audi 2.0-Liter diesel vehicles. If you are eligible, you may submit a claim now: https://claims.vwgoa.com/#/

Current owners and lessees can choose one of the two following options:

• A buyback of your car or an early lease termination; or
• A modification to your car to improve emissions (if approved by EPA and CARB), plus cash.

Some former owners and lessees are also eligible to receive cash.

HOW IT WORKS:

Visit VWCourtSettlement.com. Enter your VIN to see if your car qualifies and how much compensation you will receive.

You’ll get information about your options, including the timing. If you are eligible, you can file a claim on the site now.

You can wait until you receive more information about whether there will be a modification available to improve emissions from your car.

Includes these 2.0-liter diesel cars:

• VW Beetle 2013-2015
• VW Golf 2010-2015
• VW Jetta 2009-2015
• VW Passat 2012-2015
• Audi A3 2010-2013, 2015

For more information, visit VWCourtSettlement.com or call 1-844-98-CLAIM
To be removed from future communications please click here

Even if they are only doing a tracking cookie, it's still sleazy...and I'd argue worse than what google does. It still is a phishing attack by someone who has crafted an email designed to fool the reader into clicking on a link.

How many folks on here would respond to an email that indicated:
Hey VW owner. We're a group of people who want to collect information about what you're doing online. Please click on one of these links so we can collect it. I'd guess the number would be zero!

This one pisses me off, since I almost fell for it. I actually clicked on the link, but Firefox gave me one of those "are you sure you really want to do this?" messages...and I decided to investigate further.

Marsupial said:

These email are definitely phishing emails. They do not come from VW at all. If you look at the full email headers they actually come from sxcfssmmta1-ip5.qgemail.com with a real return address of bounces <at> rustconsulting.qgemail.com. Domain qgemail,com definitely has absolutely nothing to do with VW. It is a classic phishing email although a pretty well crafted one. Don't click on any links or reply and delete these emails.

Click to expand...

Ok, gotcha. Well crafted is an understatement. The only link I have clicked in the one to the portal, and it does take you to VW's site.

But why are we getting them? Could someone have hacked the VW email list of affected TDI owners? Or just VW tracking us?