Scam bank text about “unusual activity”

[glasgowcyclist]

I received a phishing text about an hour ago.

The text was simple and not overly alarming but something was wrong with the link given which, at first glance, seemed legit.
(I’ve edited the original so as not to lead to the phishing scam.)

“[BANKNAME]: We have noticed unusual activity on your account.
To prevent a block being placed please visit https://[bankname].co.uk​

-authentic-review.support”​

​

Substitute [BANKNAME] with Santander and you can see how convincing the original is. Not banking with Santander, I knew it was a scam but the apparently genuine domain name had me stumped for a second until I realised the formatting after “.co.uk” was wrong. It was using - instead of / as a separator and, crucially, ended with “.support”.

This is clever use of the TLD .support to fool people.

What they’ve done is register the domain name https://uk-authentic-review.support and then create a subdomain of “bankname.co.” to tack on to the front of it that then gives the full, deceptive string as shown in the text I received.

I’ve forwarded it to 7726 and thought I‘d post it here in case members get it or have relatives who may be susceptible to clicking on it unquestioningly. I guess they will have a variety of bank names they’ll pretend to be so don’t assume it’s only affecting Santander customers.

Stay alert!

 

[Smokin Joe]

Golden rule -

If you receive an unsolicited phone call, text or email asking for information from any organisation with a financial interest in you it is almost certainly a scam. If you have reason to think it may be genuine, never make contact in the way they suggest. Call them on a number you know to be genuine in order to check, and if it is in reply to a phone call either return the call from a different number or make a check call to a friend to make sure the scammer has not kept you connected to their number.

 

[Darius_Jedburgh]

We seem to get these regularly and quite often from banks that we have no account with.
We get them from O2 about non existent phone accounts.
We get them from Royal Mail and Hermes about parcels that can't be delivered without payment of £1.99 via the attached link.

We delete them all unread.

My neighbour, who is the ultimate techy geek reckons that the scammers have the equivalent of call centres with dozens of folk running computer programmes to send out and respond to such mails. £millions are made through increasingly complex and believable scams.

 

[Drago]

My long lost Uncle in Nigeria warned me about these.

 

[postman]

Two text scams this week.Message went something like this.An unusual payment was made from this device blah blah blah press link.Sadly the pilots don't know I do not do tinter net banking,and I have no details on my phone.

 

[Drago]

Ive had the old warrant out for your arrest automated call. Obvious L.O.B.

 

[Hacienda71]

I got a genuine one the other day. Someone was trying to use my credit card details in France to spend £18 . They had stopped it cancelled the card and replaced it within 48 hours. I was asked to call an 0800 number via the normal text service my bank uses. Double checked it online before calling to make sure it was a genuine bank number. They also said if unsure call the number on the card. Some of the scams are pretty close to this though. For my Ma and Pa in their 80's it is a minefield.

 

[glasgowcyclist]

That dodgy domain was only registered today.

I have emailed the issuer’s abuse department to report the scammer. We’ll see what happens, if anything.

 

[Scotty55]

I got the warrant for your arrest line too. Younger son panicked,rushed to tell my wife and returned to hear me give some info:

”My first name? Alastair. Spelled A-R-S-E-H-O-L-E, but pronounced Alastair. It’s a Scottish thing.”

They haven’t called back.

 

[carpiste]

Royal mail contacted the wife twice the last week.....
Your parcel has been diverted please contact us on.....
Yeah sure. Like Royal mil has her mobile number! Message deleted!
So many scammers

 

[Dirk]

I had one from 'Norton' the other day.
Seemed quite convincing, until I checked the senders email address.
I have a Norton subscription.
Be careful folks!

They obviously want you to get scared that you've been signed up for something you haven't - and then 'refund' you once they have your bank details.
Scum!

 

[yello]

the formatting after “.co.uk” was wrong. It was using - instead of / as a separator and, crucially, ended with “.support”.
This is clever use of the TLD .support to fool people.

Nice catch. And thank you for the explanation too. I searched for a little more info.

From https://searchapparchitecture.techtarget.com/definition/top-level-domain-TLD

A top-level domain (TLD) is the last segment of the domain name. The TLD is the letters immediately following the final dot in an Internet address.

(My italics)

So that's something for me to remember, I'll know what to look out for should a URL look a bit suspect to me.

 

[byegad]

I had a phone call from Capital One last year. It went.

'Hello, this is Capital One security department, can you just confirm your security details?'

me
'No, I have no idea who you are and you called me, so can you tell me what my last three transactions were?'
Impasse

So.....

I called Cap1 using the number on the back of my card and went automatically through to their security department, who were indeed querying a payment. (It was me what spent the cash.)

They couldn't understand why I was complaining about them ringing me out of the blue, expecting me to give the details, and my refusing to 'go through security'.
An escalation to a 'higher authority' meant they got the reason for my refusal. Apparently they hadn't thought of that.

 

[swee'pea99]

Really don't see why security shouldn't work in both directions.

Never occurred to me, but that's a bloody good question. Why doesn't it?

 

[captain nemo1701]

Annoyingly, my credit card got scammed a few weeks back and my bank (nat west) called me to say some barsteward in central Europe had tried to pay for a holiday costing 26 grands worth in some local currency which translates to £250...phew. They knew I'd paid for a £30 train ticket so I took it as genuine as they never asked for any details or suggested I transfer funds etc, which are the usual means by which you get ripped off. I called the number on the back of my card & it was all genuine. New card arrived in 5 days.

I sometimes get those badly strung together MP3 files where the worst computer voice in history informs you that due to all the illegal activity you've been engaged in on the internet ( cyclechat forum ) will result in you getting cut off...unless you pay some money.