Tin Pot
Guru
I will repeat my professional advice: do not trust the header information.
And leave it at that
A new scam to me
- Thread starter numbnuts
- Start date
Page may contain affiliate links. Please see terms for details.
I will repeat my professional advice: do not trust the header information.
And leave it at that
jefmcg
Guru
Don't trust anything in the email is better advice. Don't open attachments or click links is more important than "trusting headers" whatever that means.I will repeat my professional advice: do not trust the header information.
And leave it at that
classic33
Leg End Member
That one, amongst others, sprang to mind.Don't you remember THIS THREAD with an almost identical scenario?
Nope. It was supposed to be from the Inland Revenue!
For some reason the IR had decided to send the message from an undisguised email account like
adodgy12345address76jkl@phishingscammers 6738.somewhere_not_uk, which didn't exactly stand up to scrutiny!
The fact that I haven't paid any tax was a big clue.
And starting the email with 'Hello dear mister' didn't help them much either ....
The council one is doing the rounds at present. Just ending in .co.uk/.com.
First & surname, with the council logo thrown in.
One way to identify spam is checking the header / mail envelope, looking at the route the email took to your mail server, in particular tracking back to the original sending server and its domain and/or IP address. The difficult part is that outside of the IT industry most people don't know how to view the header, let alone decipher the info in it.
An example email I received today on an old CycleChat address I haven't used in seven years or so, came from the originating server - dvb-cracks.org - which isn't a domain or organisation I recognise; the title was spammy in nature; there were a number of recipients; and the reply address was different to the sending address (so that if the email cannot be delivered it bounces off to some poor sod who's address has been grabbed - and the spammer won't see any of it). Spam.
To get at the header in Outlook 2016, double-click the email to open it in its own window and click the Tags link in the ribbon at the top:
Another tactic that catches a lot of people out is look-a-like web links - these have key words or phrases in them that, when quickly scanned by the reader, seem to be genuine and related to the text and context of the email and the request for action (again, this isn't the fault of the recipient - most people don't understand how domains and URLs work).
Here's an example: You get an email from Llloyds bank (a good opening gambit since they're a big outfit with a lot of customers) with a proper Lloyds logo on it and a similar tex / font that matches what you've previously received from Lloyds, telling you the Debit Card Security Team have identified a number of fraudulent internet transactions and that your card details may be among those that are being targeted - inviting you to login and check, using a handy link:
Login to Check Your Card Now
The link points to -- http://lloydsbank.acclogincheck.com/login.php -- which, when you hover over it to look, can appear legit because it has lloydsbank at the start of it, so a quick glance and you're happy it's genuine, and off you go to check ... but let's see ...
Now, if you take away one thing from this with regards to links in emails, it's that domain names work from right to left in terms of heirarchy and importance ... the really key part, the site you'll be taken to when you click, is the one to the immediate left of the .com or .co.uk or .org or .net, etc. part of the link - let's look at the link again and break it up at each dot:
So working from right to left from the .com part of the link we can see we'll be taken to acclogincheck.com and not lloydsbank - but, again, if you don't know that's how the links work you can easily be fooled into clicking it, thinking it is genuine and from your bank, credit card company, etc. and doing whatever you're told on the fake website you land on.
There are quite a few other spamming tactics in use, but these two things cover a lot of it and are worth checking if you're ever unsure.
An example email I received today on an old CycleChat address I haven't used in seven years or so, came from the originating server - dvb-cracks.org - which isn't a domain or organisation I recognise; the title was spammy in nature; there were a number of recipients; and the reply address was different to the sending address (so that if the email cannot be delivered it bounces off to some poor sod who's address has been grabbed - and the spammer won't see any of it). Spam.
To get at the header in Outlook 2016, double-click the email to open it in its own window and click the Tags link in the ribbon at the top:
Another tactic that catches a lot of people out is look-a-like web links - these have key words or phrases in them that, when quickly scanned by the reader, seem to be genuine and related to the text and context of the email and the request for action (again, this isn't the fault of the recipient - most people don't understand how domains and URLs work).
Here's an example: You get an email from Llloyds bank (a good opening gambit since they're a big outfit with a lot of customers) with a proper Lloyds logo on it and a similar tex / font that matches what you've previously received from Lloyds, telling you the Debit Card Security Team have identified a number of fraudulent internet transactions and that your card details may be among those that are being targeted - inviting you to login and check, using a handy link:
Login to Check Your Card Now
The link points to -- http://lloydsbank.acclogincheck.com/login.php -- which, when you hover over it to look, can appear legit because it has lloydsbank at the start of it, so a quick glance and you're happy it's genuine, and off you go to check ... but let's see ...
Now, if you take away one thing from this with regards to links in emails, it's that domain names work from right to left in terms of heirarchy and importance ... the really key part, the site you'll be taken to when you click, is the one to the immediate left of the .com or .co.uk or .org or .net, etc. part of the link - let's look at the link again and break it up at each dot:
Rich (BB code):
lloydsbank. --- acclogincheck. --- com ---- /login.php
<---- <----<----<----<----<----So working from right to left from the .com part of the link we can see we'll be taken to acclogincheck.com and not lloydsbank - but, again, if you don't know that's how the links work you can easily be fooled into clicking it, thinking it is genuine and from your bank, credit card company, etc. and doing whatever you're told on the fake website you land on.
There are quite a few other spamming tactics in use, but these two things cover a lot of it and are worth checking if you're ever unsure.
captain nemo1701
Space cadet. Deck 42 Main Engineering.
- Location
- Bristol
Yep, by staggering co-incidence the inland revenue have also made an similar mistake with my tax and all I have to do is click on the magic link......And I am due a big refund from the tax that I haven't paid!
. Yeah, right.
mjr
Comfy armchair to one person & a plank to the next
- Location
- mostly Norfolk, sometimes Somerset
Received headers are routinely faked and most email providers change servers so often that it can be hard to tell for sure which is your provider's header. The only way to be sure is to crossreference the message Id with the mail server traffic logs and most providers won't do that for you because few people are willing to pay to have enough good postmasters to set it up any more.
Most people are buying email lemons and so the spam continues to proliferate. Pay decent amounts for email service and vote for politicians that will enforce the anti spam laws and that can change.
Most people are buying email lemons and so the spam continues to proliferate. Pay decent amounts for email service and vote for politicians that will enforce the anti spam laws and that can change.
ColinJ
Puzzle game procrastinator!
- Location
- Todmorden - Yorks/Lancs border
You never give anybody your email address!
It only takes one person/company to pass it on and then it is out of your control. A friend of mine insisted on broadcasting my email address to loads of people I don't know by lumping all our addresses together into the CC field on his essential 'have you seen this funny cat video?' messages, rather than BCC. I asked him not to do it but he still does.
You never give anybody your email address!
It only takes one person/company to pass it on and then it is out of your control. A friend of mine insisted on broadcasting my email address to loads of people I don't know by lumping all our addresses together into the CC field on his essential 'have you seen this funny cat video?' messages, rather than BCC. I asked him not to do it but he still does.
Rarely...Nuisance calls were more of a problem but I just let my answer machine answer them and the idiots on the other end got bored...Also another tactic I had when I became aware was turning off the answer machine via the plug remote control frustrated them also.Turned the whole home phone off so it didn't ring.Obviously my home phone number was more of a problem than my email.
classic33
Leg End Member
Stephen Piper
Veteran
- Location
- Romney Marsh, Kent
And another one.
TV Licensing refund of 74.50 GBP - Still Pending
After the last annual calculation we have determined that you are eligible to receive a TV Licensing refund of 74.50 GBP. Due to invalid account details records, we were unable to credit your account.
Please fill in the TV Licensing refund request and allow us 5-10 working days for the amount to be credited to your account.
Click "Refund Me Now" and follow the steps in order to have us process your request.
NOTE: For security reasons, we will record your IP Address, the date and time. Deliberate wrong inputs are criminally pursued.
refund me now
Best regards,
TV Licensing Refunds
TV Licensing refund of 74.50 GBP - Still Pending
After the last annual calculation we have determined that you are eligible to receive a TV Licensing refund of 74.50 GBP. Due to invalid account details records, we were unable to credit your account.
Please fill in the TV Licensing refund request and allow us 5-10 working days for the amount to be credited to your account.
Click "Refund Me Now" and follow the steps in order to have us process your request.
NOTE: For security reasons, we will record your IP Address, the date and time. Deliberate wrong inputs are criminally pursued.
refund me now
Best regards,
TV Licensing Refunds
Last edited:
- Location
- Glasgow
Probably.
Very rarely I get spam in my ntl mail inbox, there's not lots in the spam folder either.
It's so efficient that cycling mail lists I subscribe to often end up automatically in spam, saving me money
DaveReading
Don't suffer fools gladly (must try harder!)
- Location
- Reading, obvs
Cp40Carl
Über Member
- Location
- Wirral, England
I have one of these but it was legit as was sent from a Nigerian Prince who needed to release some offshore funds. He wanted to use the guise of a refund so that he couldn't be traced by Lord Lucan and his dancing whippet. Apparently he owed him some money having lost a bet on a race between a Timelord and a bloke on a bike who wore a mankini...
Seriously, look up phone number of the alleged sender independently and call them to check if legit.
Seriously, look up phone number of the alleged sender independently and call them to check if legit.
