The phishers are getting cannier

Use this board for general non-cycling-related chat, or to introduce yourself to the forum.
User avatar
661-Pete
Posts: 9425
Joined: 22 Nov 2012, 8:45pm
Location: Sussex

The phishers are getting cannier

Postby 661-Pete » 19 Dec 2017, 11:37pm

Take care, out there! Got these two almost-identical E-mails today - both purporting to come from BT:
fake and genuine BT E-mails.jpg

Spot the difference? Yes, the fake is on the left and the genuine one on the right. The genuine one addresses me by name - also it had the correct account number in the corner (before blurring). The account number in the fake was incorrect, so the spammers haven't yet intercepted that bit of data about me - but it can only be a matter of time.

The fact that both these E-mails arrived on the same day is also a bit disturbing. Some clever footwork out there, I reckon.
Suppose that this room is a lift. The support breaks and down we go with ever-increasing velocity.
Let us pass the time by performing physical experiments...
--- Arthur Eddington (creator of the Eddington Number).

mercalia
Posts: 12258
Joined: 22 Sep 2013, 10:03pm
Location: london South

Re: The phishers are getting cannier

Postby mercalia » 20 Dec 2017, 1:22am

simple soln dont opt for paperless billing where possible?

I get lots of paypal ones saying I have bought an apple this or that and if not me to SIGN INTO MY ACCOUNT by clicking the link ( heh I am not that stupid or senile yet ) hehe trying to be helpful in protecting me from (other) thieves.

I dont know if you clicked a link to open say a pdf of the bill then thats also a nono as that could load some thing else

User avatar
Redvee
Posts: 2190
Joined: 8 Mar 2010, 8:58pm

Re: The phishers are getting cannier

Postby Redvee » 20 Dec 2017, 2:26am

I've had numerous phishing emails from banks I don't bank with but managed to log into my online account I don't have with fake details, as long as the account number and sort code are in the right format, 6 digits for sort code and 7 for account number anything will work, add a bogus password and pin number and you'll be OK.

User avatar
Cunobelin
Posts: 9933
Joined: 6 Feb 2007, 7:22pm

Re: The phishers are getting cannier

Postby Cunobelin » 20 Dec 2017, 6:08am

Slightly different problem, but I was impressed by the bank

My MiL is 92 partially sighted, hard of hearing and fiercely independent. She was overpaid some of her allowances and they backdated it several years so wanted a couple of thousand back

Easy enough ... go into bank and pay

First thing the bank did was ask to speak to her alone to ensure she wasn't being coerced, as taking elderly people into the bank to make a payment is a con trick

Then they phoned up and checked the payment was correct and the account details

Only then would they make the payment from her account

Inconvenient, and time consuming, but good on the bank for ensuring that she was not being scammed

ambodach
Posts: 895
Joined: 15 Mar 2011, 6:45pm

Re: The phishers are getting cannier

Postby ambodach » 20 Dec 2017, 8:26am

I get “ BT” things nearly every week. Just click on the sender and you find it is Joeblogs@bt.com or something similar. PayPal ones are less common but it is easy enough to check if you have a separated link to anybody you deal with regularly.

Tangled Metal
Posts: 6280
Joined: 13 Feb 2015, 8:32pm

Re: The phishers are getting cannier

Postby Tangled Metal » 20 Dec 2017, 8:43am

PayPal is one I get a lot. First time I actually went into a browser and logged onto the PayPal account I set up once when I needed to pay a friend who lived a long way from me for a trip she organized. I could not remember the password so had to go through the rigmarole of getting a temp one.

I got into my account and double checked I had removed the link to my bank account/debit card. Originally I set up PayPal, put the exact amount into my PayPal account then removed the link to my money or cards. Then paid the friend. Then never used PayPal again.

I did however send a screenshot of the phishing email to PayPal security when reporting the email. Actually I think I forwarded it or copied it to them. Something about them getting the email header etc to try and track the source IIRC. They "take all phishing seriously" apparently. Yeah right.

BTW what benefit is PayPal? You can pay direct from bank account, credit or debit card so why use PayPal? It's a middle man you're paying for right?

User avatar
661-Pete
Posts: 9425
Joined: 22 Nov 2012, 8:45pm
Location: Sussex

Re: The phishers are getting cannier

Postby 661-Pete » 20 Dec 2017, 8:51am

I've just had a look through my archive of past E-mails, and lo and behold! I now realise that these spams have been coming in for years. Point is, seeing as I'm paying this particular account by direct debit, I don't take any action when the E-mail comes in - just file it away, check my bank balance, then forget about it. And I never noticed that I was getting more E-mails from "BT" than necessary! So there were about half-a-dozen phishing messages lurking in my archive. All flagged and deleted now!

All the advice about checking sender, etc: well if an E-mail is asking me to actually do something, I always check that - and it's then easy to spot the phishers. And I never access a service provider by clicking on a link in an E-mail - unless I have no option than to do that. The latter only really arises when I've just registered a new account on a web site, and it's asking me to confirm my E-mail address. In all other cases I go to one of my bookmarks.

I think I'm reasonably careful, but there's no harm in warning others. And if anyone thinks I should be even more careful, please tell me!
Suppose that this room is a lift. The support breaks and down we go with ever-increasing velocity.
Let us pass the time by performing physical experiments...
--- Arthur Eddington (creator of the Eddington Number).

User avatar
661-Pete
Posts: 9425
Joined: 22 Nov 2012, 8:45pm
Location: Sussex

Re: The phishers are getting cannier

Postby 661-Pete » 20 Dec 2017, 8:58am

Tangled Metal wrote:BTW what benefit is PayPal? You can pay direct from bank account, credit or debit card so why use PayPal? It's a middle man you're paying for right?
I've sometimes wondered about this. I use PayPal quite a lot - it puts an extra 'barrier' between my bank account and an as-yet-untried vendor - hence another layer of protection just in case the vendor turns out to be rogue, at least they haven't got my card details.

If PayPal themselves get hacked and my card details leak out - well an event of that magnitude would probably hit the news headlines, so hopefully I'd get warning in time. As would millions of others!
Suppose that this room is a lift. The support breaks and down we go with ever-increasing velocity.
Let us pass the time by performing physical experiments...
--- Arthur Eddington (creator of the Eddington Number).

Tangled Metal
Posts: 6280
Joined: 13 Feb 2015, 8:32pm

Re: The phishers are getting cannier

Postby Tangled Metal » 20 Dec 2017, 9:06am

If PayPal are doing anything that your bank isn't doing then I'd agree but the security checks your bank should be doing should be enough surely?

If you're worried about this then set up a shadow account where you put the exact money in for your payment and have no overdraft facility. Then pay from that account. Don't use it other than for online purchases. It's very easy to transfer money to another account before paying for something. You could use your main bank or another. Using a separate bank might give you different security protocols. HSBC is one bank that's got strict security protocols. My partner gets her account shut down a lot by their Internet security team even though she doesn't use it much.

kwackers
Posts: 14009
Joined: 4 Jun 2008, 9:29pm
Location: Warrington

Re: The phishers are getting cannier

Postby kwackers » 20 Dec 2017, 9:15am

661-Pete wrote:
Tangled Metal wrote:BTW what benefit is PayPal? You can pay direct from bank account, credit or debit card so why use PayPal? It's a middle man you're paying for right?
I've sometimes wondered about this. I use PayPal quite a lot - it puts an extra 'barrier' between my bank account and an as-yet-untried vendor - hence another layer of protection just in case the vendor turns out to be rogue, at least they haven't got my card details.

If PayPal themselves get hacked and my card details leak out - well an event of that magnitude would probably hit the news headlines, so hopefully I'd get warning in time. As would millions of others!

I use Paypal all the time, why? Mainly because it's so much easier than filling out card details and also because I approve of Musk's enterprises.

As for phishing. Never use the links, if in doubt going to the site manually is the first and most important protection.
They're usually pretty easy to spot - mainly because they have to put links in otherwise there's no point. Check the URL of the link - it's always something daft.

User avatar
Paulatic
Posts: 4445
Joined: 2 Feb 2014, 1:03pm
Location: 24 Hours from Lands End

Re: The phishers are getting cannier

Postby Paulatic » 20 Dec 2017, 9:24am

Tangled Metal wrote:.

BTW what benefit is PayPal? You can pay direct from bank account, credit or debit card so why use PayPal? It's a middle man you're paying for right?


Wrong, doesn’t cost me anything to pay through Paypal. I’ve a verified account
Selling on EBay is a different matter of course.
Whatever I am, wherever I am, this is me. This is my life

https://stcleve.wordpress.com/category/lejog/

kwackers
Posts: 14009
Joined: 4 Jun 2008, 9:29pm
Location: Warrington

Re: The phishers are getting cannier

Postby kwackers » 20 Dec 2017, 9:30am

Paulatic wrote:Wrong, doesn’t cost me anything to pay through Paypal. I’ve a verified account
Selling on EBay is a different matter of course.

Oh yeah, I forgot about selling.

I have a website I sell bits and pieces from. I just added some little paypal gizmos and that was it. Easy peasy, no need to do all the nonsense you need to accept credit cards etc.
(And eBay too of course).

Tangled Metal
Posts: 6280
Joined: 13 Feb 2015, 8:32pm

Re: The phishers are getting cannier

Postby Tangled Metal » 20 Dec 2017, 10:55am

Paulatic wrote:
Tangled Metal wrote:.

BTW what benefit is PayPal? You can pay direct from bank account, credit or debit card so why use PayPal? It's a middle man you're paying for right?


Wrong, doesn’t cost me anything to pay through Paypal. I’ve a verified account
Selling on EBay is a different matter of course.

It's a service and a business, someone is paying for it at one end or another. If not you then the business you're buying from our some other entity.

As for entering card details each time. You can scan cards in seconds, the few bits you have to enter after that takes seconds to do. I've been buying online a lot recently (birthdays and Xmas makes December a costly month). The biggest delay in the checkout stages I've encountered are the long winded step by step process some online retailers use. There's good online retailers that you can go from clicking on checkout to order confirmation in less than a minute. Others your there for the minutes going through their long winded process. The actual card entry stage on those are a small part of the process in terms of time IME.

Of course it's easier to buy online from a phone or tablet with a camera to scan your cards. Making sure you don't let it record them of course.

Perhaps I'm a distrusting type but giving PayPal my card details to store is a worse option than having to enter the details each time. As far as the security of the actual money transfer process it's probably not that different.

Personal choice I guess and whatever works for you.

Vorpal
Moderator
Posts: 17700
Joined: 19 Jan 2009, 3:34pm
Location: Not there ;)

Re: The phishers are getting cannier

Postby Vorpal » 20 Dec 2017, 10:56am

kwackers wrote:They're usually pretty easy to spot - mainly because they have to put links in otherwise there's no point. Check the URL of the link - it's always something daft.

It's not always daft. Sometimes it's quite close to the real thing. They leave out a letter, or have a different country extension, or add something onto the end, but it otherwise looks close enough that you'd have to think about it or read it carefully.

I've received bank phishing mails that were like that.
“In some ways, it is easier to be a dissident, for then one is without responsibility.”
― Nelson Mandela, Long Walk to Freedom

kwackers
Posts: 14009
Joined: 4 Jun 2008, 9:29pm
Location: Warrington

Re: The phishers are getting cannier

Postby kwackers » 20 Dec 2017, 11:27am

Tangled Metal wrote:Perhaps I'm a distrusting type but giving PayPal my card details to store is a worse option than having to enter the details each time.

How can that be true?
Paypal have a business built on trust. Web stores on the other hand - how do you know they destroy that data? Sure the bigger ones have an incentive to garner your trust but is that true for every one of the millions of stores on the web?

When people have dodgy transactions on their cards it's a given their card was skimmed either by a website or physically in a location. IMO Paypal is very much less of a gamble than pretty much anywhere else.