A new (or new to me) scam? Anyone seen this one before?

britechguy · Nov 27, 2025

Over the last 2 days, on 2 separate email addresses, I have received two eerily similar messages from 2 different people I know and who definitely don't know each other. The first is even weirder as his image was in the middle of the "stamp:"

I've never gotten anything like this, let alone 2 in rapid succession.

The first downloads an MSI file (which of course, I did not run) but which is not being flagged as malicious, but even what the pop-up information for the file shows:

with "ScreenConnect Software" as the authors screams scam. Here's what virustotal.com has to say about that MSI file, and none of the major engines flag it: https://www.virustotal.com/gui/file/acad1f9d0a4d58b6ecdf923a6447139feace645fc8d7ff790495ad7d5e50ac9e

Just wondering if anyone's seen this particular thing out there in the wild either before now, or popping up recently?

I doubt there's any point in telling the purported originators about this, as all of this sort of thing tends to come from having culled email addresses from cyberspace and the sender is not who it claims to be from at all. And, of course, neither has my email address in the To: field. One is bcc-ed and the other has nothing that shows as far as directly being addressed to me.

Philippe · Nov 27, 2025

britechguy said:
"ScreenConnect Software"

This one I see all the time, it's a legit remote control software - even if I only see it used by scammers...

britechguy · Nov 27, 2025

Philippe said:
This one I see all the time, it's a legit remote control software - even if I only see it used by scammers...

Well, in this case, it wasn't the name of the software, per se, that screamed "scammer" but the context surrounding the MSI that downloads. There would be no legitimate reason for any e-vite to include such unless it were coming from your own support tech and telling you that they want to set up a session with you using that software (and where you were the one who initiated the entire sequence of communication).

I was just trying to fill in some of the specific "why this is so, so fishy" details in this specific instance. There are plenty more. But this is my first experience with this exact sort of scam. I've let the two individuals whose emails were used as the seeming origin point know about this, not because I think they had anything to do with it, or can do anything to fix it, but so if others who received same start replying to them they won't be thinking, "WTF is this about?!"

HCHTech · Sunday at 3:21 PM

britechguy said:
The first downloads an MSI file (which of course, I did not run)

What? Who doeesn't want a Private Dinner Lunch? I think you're missing out!

Metanis · Sunday at 5:16 PM

It's almost like you can't trust anything on the Internet.

-- Abraham Lincoln, 1864

nlinecomputers · 2025-12-03T02:00:03+0000

The MSI is probably one their custom remote packages which is tied to a particular client. You should forward this to screen connect so they can examine it and deactivate the malicious account.

sapphirescales · 2025-12-03T21:18:12+0000

"EventJoyful.msi" - These scammers aren't helping the stereotype of scammers being foreigners who can't speak proper English and therefore name things the most cheesy thing imaginable.

xrobwx71 · 2025-12-04T12:32:10+0000

I notice a lot of Chinese sellers on Amazon use some variation of Joy in their name. I guess they don't realize we seldom use joy that often to convey happy.

A new (or new to me) scam? Anyone seen this one before?

britechguy

Well-Known Member

Philippe

Well-Known Member

britechguy

Well-Known Member

HCHTech

Well-Known Member

Metanis

Well-Known Member

nlinecomputers

Well-Known Member

sapphirescales

Well-Known Member

xrobwx71

Active Member

Similar threads