A new scam to me

Tin Pot · 27 Apr 2017

It's hard to stay out of this debate...

The problem with advising people to check one or two easy things is that they quickly mask false negatives, e.g. If you are checking the sender for obviously bad addresses, and the address does not seem to be bad you start to assume the email is good. This is human nature.

This might work a lot of the time, and as part of automated controls has its place in cutting down the amount of noise, but for individuals it engenders a false sense of security, which in turn creates opportunity for the bad guys.

The best advice is not to tell people to check a few things, but to forget the technicals and ask yourself simple questions; am I expecting this communication? Why could this be being sent to me? Does it contain reasonable communications? If it appears to be important, how can I verify with the apparent sender; phone, website, newspaper etc.?

This is the only approach that will work ongoing until the end of time despite organised crime's best effort to be duplicitous and commit fraud.

It also chucks a load of spam out too, which is good for the soul.

mjr · 27 Apr 2017

[QUOTE 4779206, member: 259"]If you use a decent email provider like Gmail you'll rarely see any spam.

I kind of miss it..[/QUOTE]
They also trap some legitimate email. Decent email provider they are not.

DaveReading · 27 Apr 2017

Tin Pot said:
The best advice is not to tell people to check a few things, but to forget the technicals and ask yourself simple questions; am I expecting this communication? Why could this be being sent to me? Does it contain reasonable communications? If it appears to be important, how can I verify with the apparent sender; phone, website, newspaper etc.?

Using common sense, in other words.

classic33 · 28 Apr 2017

Cp40Carl said:
I have one of these but it was legit as was sent from a Nigerian Prince who needed to release some offshore funds. He wanted to use the guise of a refund so that he couldn't be traced by Lord Lucan and his dancing whippet. Apparently he owed him some money having lost a bet on a race between a Timelord and a bloke on a bike who wore a mankini...

Seriously, look up phone number of the alleged sender independently and call them to check if legit.

So if someone were to get in touch with you, about dating Mim Telecaster, you'd not be be thrown?

Bollo · 28 Apr 2017

Tin Pot said:
The best advice is not to tell people to check a few things, but to forget the technicals and ask yourself simple questions; am I expecting this communication? Why could this be being sent to me? Does it contain reasonable communications? If it appears to be important, how can I verify with the apparent sender; phone, website, newspaper etc.?

This is the only approach that will work ongoing until the end of time despite organised crime's best effort to be duplicitous and commit fraud.

It also chucks a load of spam out too, which is good for the soul.

I go a bit further than this. If it's from someone I don't know and it's arrived by email, then by definition it's not important. Email isn't a guaranteed communication mechanism so, if the person, organisation or whatever absolutely positively had to get in touch about something totally life changing , they'd phone or snail-mail.

Flick of the Elbow · 28 Apr 2017

Tin Pot said:
It's hard to stay out of this debate...

The problem with advising people to check one or two easy things is that they quickly mask false negatives, e.g. If you are checking the sender for obviously bad addresses, and the address does not seem to be bad you start to assume the email is good. This is human nature.

This might work a lot of the time, and as part of automated controls has its place in cutting down the amount of noise, but for individuals it engenders a false sense of security, which in turn creates opportunity for the bad guys.

The best advice is not to tell people to check a few things, but to forget the technicals and ask yourself simple questions; am I expecting this communication? Why could this be being sent to me? Does it contain reasonable communications? If it appears to be important, how can I verify with the apparent sender; phone, website, newspaper etc.?

This is the only approach that will work ongoing until the end of time despite organised crime's best effort to be duplicitous and commit fraud.

It also chucks a load of spam out too, which is good for the soul.

I heard a story the other day about a lady who was in the process of conducting a financial transaction with her solicitors. She had a text thread ongoing with them and was expecting a text about payment. The scammers had intercepted the text stream and mimicked the solicitor's details. They sent her a text, which appeared in the same text thread, containing a link to initiate the payment. It appeared to the victim as part of an ongoing conversation with a legit and trusted source and yes, she was expecting it. With her guard down she clicked on the link. All seemed fine but a few mins later it occurred to her that it was odd that they'd sent her a link. She rang her bank but it was too late, they'd already taken thousands out of her account.

Cp40Carl · 28 Apr 2017

classic33 said:
So if someone were to get in touch with you, about dating Mim Telecaster, you'd not be be thrown?

Lol! Not at all - I have a collection of guitars, including such a model, and have been playing and performing since age 11.

How did you know?

Tin Pot · 28 Apr 2017

Flick of the Elbow said:
I heard a story the other day about a lady who was in the process of conducting a financial transaction with her solicitors. She had a text thread ongoing with them and was expecting a text about payment. The scammers had intercepted the text stream and mimicked the solicitor's details. They sent her a text, which appeared in the same text thread, containing a link to initiate the payment. It appeared to the victim as part of an ongoing conversation with a legit and trusted source and yes, she was expecting it. With her guard down she clicked on the link. All seemed fine but a few mins later it occurred to her that it was odd that they'd sent her a link. She rang her bank but it was too late, they'd already taken thousands out of her account.

Classic man in the middle attack.

Incidentally, the bank(s) involved should be able to reverse things in those timescales.

Tin Pot · 28 Apr 2017

Bollo said:
I go a bit further than this. If it's from someone I don't know and it's arrived by email, then by definition it's not important. Email isn't a guaranteed communication mechanism so, if the person, organisation or whatever absolutely positively had to get in touch about something totally life changing , they'd phone or snail-mail.

Yeah, I used to do this.

oldwheels · 28 Apr 2017

I regularly get email from BT which looks good telling me variously that my direct debit has been refused or that my latest bill is now on line and just click the link to see it or sort the problem. Funny they always come from somebody like joeblogs@bt.com. The grammar and spelling of these scams is improving as is the presentation. Naturally I never click on any link but if in doubt go by a separate route to the proper source. Sometimes get ones allegedly from PayPal warning of " suspicious activity" .

mjr · 28 Apr 2017

[QUOTE 4779490, member: 259"]Their email service is extremely good and I have never experienced legit email being stopped. I get all my emails, even from other providers, diverted via Gmail now.[/QUOTE]
:thumbsdown:

One day you'll realise:

View: https://www.youtube.com/watch?v=DmJmRwDGk60

Edited to add: I mean, if all your email is going via Gmail, how would you know if any legit email was blocked? You still can't get a list of blocked emails from Gmail - there's a word for systems that don't tell you how they're influencing what you see and what they're not showing you...

jefmcg · 28 Apr 2017

mjr said:
One day you'll realise:

View: https://www.youtube.com/watch?v=DmJmRwDGk60

Any argument that quotes that shitty little film as evidence immediately loses.

nickyboy · 28 Apr 2017

Another scam, not email related but worth chucking into the pot of general consciousness...

My Mum isn't desperately sophisticated regarding financial stuff so I always worry about some fraudster scamming her. She subscribes for and pays for the BT Privacy and Caller Display service

She got a call last week from someone claiming to be from BT regarding this service and needing to reconfirm some payment details. The way the scam went was that the person on the other end of the line takes a punt and says "Your payment was by Visa Debit with an expiry of 2018, right?"

Now as it happens it was Visa Debit but thankfully her card expired in 2019 so she smelt a rat. While she was checking her card, the other person then went on to ask for the card number and the security code on the back. Obviously preying on the vulnerable by appearing to have some card information to extract the remaining critical info. Presumably they ring up loads in the hope of catching someone with the right card/expiry date combination

My Mum threatened to call the police and the person on the other end got abusive so she put the phone down.

Most frustrating is that presumably someone in BT is selling this database of subscribers to the fraudsters

classic33 · 28 Apr 2017

nickyboy said:
Another scam, not email related but worth chucking into the pot of general consciousness...

My Mum isn't desperately sophisticated regarding financial stuff so I always worry about some fraudster scamming her. She subscribes for and pays for the BT Privacy and Caller Display service

She got a call last week from someone claiming to be from BT regarding this service and needing to reconfirm some payment details. The way the scam went was that the person on the other end of the line takes a punt and says "Your payment was by Visa Debit with an expiry of 2018, right?"

Now as it happens it was Visa Debit but thankfully her card expired in 2019 so she smelt a rat. While she was checking her card, the other person then went on to ask for the card number and the security code on the back. Obviously preying on the vulnerable by appearing to have some card information to extract the remaining critical info. Presumably they ring up loads in the hope of catching someone with the right card/expiry date combination

My Mum threatened to call the police and the person on the other end got abusive so she put the phone down.

Most frustrating is that presumably someone in BT is selling this database of subscribers to the fraudsters

Phone numbers can be got fairly easily. How often do you change your landline number?

jonny jeez · 28 Apr 2017

biggs682 said:
i wonder how many people fall for these

Even if its 1% it could still represent a few hundred quid for sending an email to 200 people.

Assume 20,000 people and its well.worth it.

A new scam to me

Tin Pot

Guru

mjr

Comfy armchair to one person & a plank to the next

DaveReading

Don't suffer fools gladly (must try harder!)

classic33

Leg End Member

Bollo

Failed Tech Bro

Flick of the Elbow

Guru

Cp40Carl

Über Member

Tin Pot

Guru

Tin Pot

Guru

oldwheels

Legendary Member

mjr

Comfy armchair to one person & a plank to the next

jefmcg

Guru

nickyboy

Norven Mankey

classic33

Leg End Member

jonny jeez

Legendary Member

Similar threads