The phishers are getting cannier

Use this board for general non-cycling-related chat, or to introduce yourself to the forum.
Vorpal
Moderator
Posts: 17729
Joined: 19 Jan 2009, 3:34pm
Location: Not there ;)

Re: The phishers are getting cannier

Postby Vorpal » 20 Dec 2017, 12:25pm

kwackers wrote:
Tangled Metal wrote:Perhaps I'm a distrusting type but giving PayPal my card details to store is a worse option than having to enter the details each time.

How can that be true?
Paypal have a business built on trust. Web stores on the other hand - how do you know they destroy that data? Sure the bigger ones have an incentive to garner your trust but is that true for every one of the millions of stores on the web?

When people have dodgy transactions on their cards it's a given their card was skimmed either by a website or physically in a location. IMO Paypal is very much less of a gamble than pretty much anywhere else.

The last couple of times I've travelled, I've had dodgy transactions turn up on my card afterwards. Both times my bank noticed & called me. I'm sure that someone picked up my card number from an airport or train station. Or maybe worked in one of the shops. I think airports are often targets because people who travel are less likely to notice international transactions.

It's the third time I've been targetted by that type of fraud. On the other hand, I've been using PayPal for years (more than 15), and never had any trouble. I don't like that they charge fees for it, so I generally avoid using them, especially if it will cost me anything to do so, but I'm sure that it is more secure than many other methods.
“In some ways, it is easier to be a dissident, for then one is without responsibility.”
― Nelson Mandela, Long Walk to Freedom

PH
Posts: 8100
Joined: 21 Jan 2007, 12:31am
Location: Derby
Contact:

Re: The phishers are getting cannier

Postby PH » 20 Dec 2017, 12:30pm

661-Pete wrote:Take care, out there! Got these two almost-identical E-mails today - both purporting to come from BT:

I don't understand some of this stuff, what's in it for them to send you a link to a fake bill? You're not being asked to pay anything are you? Will following the link require you to add bank details or some other information?
Nearly all my bills are paperless, I don't usually need to read the emails, I can log onto my accounts to see what I need. For paypal and all other internet spending, I use a pre-paid debit card not linked to any bank. Likewise for travel, I have a euro debit card.

User avatar
Paulatic
Posts: 4456
Joined: 2 Feb 2014, 1:03pm
Location: 24 Hours from Lands End

Re: The phishers are getting cannier

Postby Paulatic » 20 Dec 2017, 12:36pm

Tangled Metal wrote:It's a service and a business, someone is paying for it at one end or another. If not you then the business you're buying from our some other entity.

.


Just the same as a bank is it not? Both borrowers and investors are paying for it there.
Whatever I am, wherever I am, this is me. This is my life

https://stcleve.wordpress.com/category/lejog/

kwackers
Posts: 14020
Joined: 4 Jun 2008, 9:29pm
Location: Warrington

Re: The phishers are getting cannier

Postby kwackers » 20 Dec 2017, 12:36pm

Vorpal wrote:The last couple of times I've travelled, I've had dodgy transactions turn up on my card afterwards. Both times my bank noticed & called me.

I've only ever had it happen once several years ago - and I think that was a website.

I never actually saw the transaction, the first I knew the credit card company called and asked if I recognised the transaction and then they went through all the transactions either side.
Bizarrely even though that was the only transaction and the rest were mine they cancelled all of them!

Vorpal
Moderator
Posts: 17729
Joined: 19 Jan 2009, 3:34pm
Location: Not there ;)

Re: The phishers are getting cannier

Postby Vorpal » 20 Dec 2017, 12:44pm

kwackers wrote:Bizarrely even though that was the only transaction and the rest were mine they cancelled all of them!


They may just be because they caught the first one. I had 3 dodgy charges the last time I travelled. The first two were small amounts in North America. The third was a swish restaurant in the Himalays. I would guess the first two were testers. It was the third one that flagged it for the bank, though.
“In some ways, it is easier to be a dissident, for then one is without responsibility.”
― Nelson Mandela, Long Walk to Freedom

User avatar
661-Pete
Posts: 9453
Joined: 22 Nov 2012, 8:45pm
Location: Sussex

Re: The phishers are getting cannier

Postby 661-Pete » 20 Dec 2017, 1:44pm

PH wrote:I don't understand some of this stuff, what's in it for them to send you a link to a fake bill? You're not being asked to pay anything are you? Will following the link require you to add bank details or some other information?
You're right - no-one who's reasonably vigilant should be trapped. But the ruffians can send out this E-mail 1,000, 10,000 times maybe, at no cost to them. If just one sucker somewhere, is careless or confused, falls for it and clicks one of the links, that person is caught. That's all they need to get to work!
Suppose that this room is a lift. The support breaks and down we go with ever-increasing velocity.
Let us pass the time by performing physical experiments...
--- Arthur Eddington (creator of the Eddington Number).

User avatar
[XAP]Bob
Posts: 17131
Joined: 26 Sep 2008, 4:12pm

Re: The phishers are getting cannier

Postby [XAP]Bob » 20 Dec 2017, 2:12pm

kwackers wrote:As for phishing. Never use the links, if in doubt going to the site manually is the first and most important protection.
They're usually pretty easy to spot - mainly because they have to put links in otherwise there's no point. Check the URL of the link - it's always something daft.


Not always something daft, and not always easy to spot...

forum.cycling
forurn.cycling

They can be pretty easy to misidentify.

as can 1/l/| depending on the typeface your system uses.
A shortcut has to be a challenge, otherwise it would just be the way. No situation is so dire that panic cannot make it worse.
There are two kinds of people in this world: those can extrapolate from incomplete data.

kwackers
Posts: 14020
Joined: 4 Jun 2008, 9:29pm
Location: Warrington

Re: The phishers are getting cannier

Postby kwackers » 20 Dec 2017, 2:20pm

Vorpal wrote:They may just be because they caught the first one. I had 3 dodgy charges the last time I travelled. The first two were small amounts in North America. The third was a swish restaurant in the Himalays. I would guess the first two were testers. It was the third one that flagged it for the bank, though.

Just to be clear they read all the transactions out over the phone and I ok'd all of them bar the dodgy one but then they cancelled all of them anyway.

Stevek76
Posts: 510
Joined: 28 Jul 2015, 11:23am

Re: The phishers are getting cannier

Postby Stevek76 » 20 Dec 2017, 2:21pm

661-Pete wrote:I always check that - and it's then easy to spot the phishers. And I never access a service provider by clicking on a link in an E-mail - unless I have no option than to do that. The latter only really arises when I've just registered a new account on a web site, and it's asking me to confirm my E-mail address. In all other cases I go to one of my bookmarks.


This is the main point, some wouldn't trust a cold caller claiming to be from their bank yet will trust an email.

Obviously some will trust anything and anyone but that's a whole other problem.

thirdcrank
Posts: 28686
Joined: 9 Jan 2007, 2:44pm

Re: The phishers are getting cannier

Postby thirdcrank » 20 Dec 2017, 2:43pm

Stevek76 wrote: ... This is the main point, some wouldn't trust a cold caller claiming to be from their bank yet will trust an email.

Obviously some will trust anything and anyone but that's a whole other problem.


The thread has gone beyond phishing - as I understand the word (fraudulently trying to gain information such as passwords) - to touch on fraud more generally. Re telephone security checks, eg when fraud is suspected on a bank card, has anybody any experience/ views / advice on how to verify such a call which is inevitably out-of-the-blue?

In the days when Leeds was the UK's if not the word's centre for bogus callers in the sense of people knocking at the door and smooth talking, some of the scams were so sophisticated that they included "detectives" visiting a house which had been subject of a possibly undetected theft and asking the victim to check. When they discovered that the money in the sock under the bed had gone, not only were they lulled into a false sense of trusting the bogus investigator, but they'd probably express relief that the money in the teapot / sellotaped behind the top drawer / under the floorboards had been missed. That would eventually be cleaned up by the "Priest" or possibly "social worker" who then called to offer further support. Etc.

mercalia
Posts: 12293
Joined: 22 Sep 2013, 10:03pm
Location: london South

Re: The phishers are getting cannier

Postby mercalia » 20 Dec 2017, 3:06pm

ambodach wrote:I get “ BT” things nearly every week. Just click on the sender and you find it is Joeblogs@bt.com or something similar. PayPal ones are less common but it is easy enough to check if you have a separated link to anybody you deal with regularly.


you really shouldnt click on anything?

mercalia
Posts: 12293
Joined: 22 Sep 2013, 10:03pm
Location: london South

Re: The phishers are getting cannier

Postby mercalia » 20 Dec 2017, 3:13pm

PH wrote:
661-Pete wrote:Take care, out there! Got these two almost-identical E-mails today - both purporting to come from BT:

I don't understand some of this stuff, what's in it for them to send you a link to a fake bill? You're not being asked to pay anything are you? Will following the link require you to add bank details or some other information?
Nearly all my bills are paperless, I don't usually need to read the emails, I can log onto my accounts to see what I need. For paypal and all other internet spending, I use a pre-paid debit card not linked to any bank. Likewise for travel, I have a euro debit card.


could be identity theft - once they have your BT login info the can see your full name and adress and any other personal data stored there.

mercalia
Posts: 12293
Joined: 22 Sep 2013, 10:03pm
Location: london South

Re: The phishers are getting cannier

Postby mercalia » 20 Dec 2017, 3:25pm

thirdcrank wrote:
Stevek76 wrote: ... This is the main point, some wouldn't trust a cold caller claiming to be from their bank yet will trust an email.

Obviously some will trust anything and anyone but that's a whole other problem.


The thread has gone beyond phishing - as I understand the word (fraudulently trying to gain information such as passwords) - to touch on fraud more generally. Re telephone security checks, eg when fraud is suspected on a bank card, has anybody any experience/ views / advice on how to verify such a call which is inevitably out-of-the-blue?

In the days when Leeds was the UK's if not the word's centre for bogus callers in the sense of people knocking at the door and smooth talking, some of the scams were so sophisticated that they included "detectives" visiting a house which had been subject of a possibly undetected theft and asking the victim to check. When they discovered that the money in the sock under the bed had gone, not only were they lulled into a false sense of trusting the bogus investigator, but they'd probably express relief that the money in the teapot / sellotaped behind the top drawer / under the floorboards had been missed. That would eventually be cleaned up by the "Priest" or possibly "social worker" who then called to offer further support. Etc.




credit card details stolen I think when I bought some petrol - I no longer use my credit card in the physical world, only for online transactions. NEVER LET YOUR CREDIT CARD OUT OF YOUR SIGHT FOR A MOMENT FOR ANY REASON. In my case it was used to make 3 i think it was £800 bets so a total of £2400. There was an initial small value use to make sure it worked then the real ones. I had to inform the police ( who did nothing as they said it was the credit card companies job!! but it was recorded anyway) then the credit card company where i had to sign various papers declaring i had never used the betting company etc. They got my name wrong as my credit card only has initials - they had to quess what they were. I have also had some one try and get tax credits I think it was in my name, they even went to the trouble of opening a bank account in my name some distance away, so I had to visit a branch to tell them it was a fraud. I still dont know how they had got my details unless an insider of HM govt dept was feeding them likely names. I only found out about it when the govt dept wrote to me at my real address telling me about the installments to be paid. Thats about it in my case. That was oh 10 years ago now and nothing since

Flite
Posts: 266
Joined: 29 Nov 2008, 10:59pm
Location: Upper Weardale

Re: The phishers are getting cannier

Postby Flite » 20 Dec 2017, 4:50pm

Upthread, Third Crank asked about the situation when your band fraud dept calls to say there has been a suspect transaction on your card.
How do you verify the caller is genuine?
They ask us for security words etc, but never seem keen to give the customer a chance to check them out.
I've never been caught out by this, but I'm very uncomfortable giving information in these circumstances.

kwackers
Posts: 14020
Joined: 4 Jun 2008, 9:29pm
Location: Warrington

Re: The phishers are getting cannier

Postby kwackers » 20 Dec 2017, 6:52pm

Flite wrote:Upthread, Third Crank asked about the situation when your band fraud dept calls to say there has been a suspect transaction on your card.
How do you verify the caller is genuine?
They ask us for security words etc, but never seem keen to give the customer a chance to check them out.
I've never been caught out by this, but I'm very uncomfortable giving information in these circumstances.

Easy, ask for their name and call them back through the 'proper' channels.

Alternatively give them the wrong information - if they don't spot it's wrong... ;)