The phishers are getting cannier

[661-Pete]

Take care, out there! Got these two almost-identical E-mails today - both purporting to come from BT:

Spot the difference? Yes, the fake is on the left and the genuine one on the right. The genuine one addresses me by name - also it had the correct account number in the corner (before blurring). The account number in the fake was incorrect, so the spammers haven't yet intercepted that bit of data about me - but it can only be a matter of time.

The fact that both these E-mails arrived on the same day is also a bit disturbing. Some clever footwork out there, I reckon.

[mercalia]

simple soln dont opt for paperless billing where possible?

I get lots of paypal ones saying I have bought an apple this or that and if not me to SIGN INTO MY ACCOUNT by clicking the link ( heh I am not that stupid or senile yet ) hehe trying to be helpful in protecting me from (other) thieves.

I dont know if you clicked a link to open say a pdf of the bill then thats also a nono as that could load some thing else

[Redvee]

I've had numerous phishing emails from banks I don't bank with but managed to log into my online account I don't have with fake details, as long as the account number and sort code are in the right format, 6 digits for sort code and 7 for account number anything will work, add a bogus password and pin number and you'll be OK.

[Cunobelin]

Slightly different problem, but I was impressed by the bank

My MiL is 92 partially sighted, hard of hearing and fiercely independent. She was overpaid some of her allowances and they backdated it several years so wanted a couple of thousand back

Easy enough ... go into bank and pay

First thing the bank did was ask to speak to her alone to ensure she wasn't being coerced, as taking elderly people into the bank to make a payment is a con trick

Then they phoned up and checked the payment was correct and the account details

Only then would they make the payment from her account

Inconvenient, and time consuming, but good on the bank for ensuring that she was not being scammed

[ambodach]

I get “ BT” things nearly every week. Just click on the sender and you find it is Joeblogs@bt.com or something similar. PayPal ones are less common but it is easy enough to check if you have a separated link to anybody you deal with regularly.

[Tangled Metal]

PayPal is one I get a lot. First time I actually went into a browser and logged onto the PayPal account I set up once when I needed to pay a friend who lived a long way from me for a trip she organized. I could not remember the password so had to go through the rigmarole of getting a temp one.

I got into my account and double checked I had removed the link to my bank account/debit card. Originally I set up PayPal, put the exact amount into my PayPal account then removed the link to my money or cards. Then paid the friend. Then never used PayPal again.

I did however send a screenshot of the phishing email to PayPal security when reporting the email. Actually I think I forwarded it or copied it to them. Something about them getting the email header etc to try and track the source IIRC. They "take all phishing seriously" apparently. Yeah right.

BTW what benefit is PayPal? You can pay direct from bank account, credit or debit card so why use PayPal? It's a middle man you're paying for right?

[661-Pete]

I've just had a look through my archive of past E-mails, and lo and behold! I now realise that these spams have been coming in for years. Point is, seeing as I'm paying this particular account by direct debit, I don't take any action when the E-mail comes in - just file it away, check my bank balance, then forget about it. And I never noticed that I was getting more E-mails from "BT" than necessary! So there were about half-a-dozen phishing messages lurking in my archive. All flagged and deleted now!

All the advice about checking sender, etc: well if an E-mail is asking me to actually do something, I always check that - and it's then easy to spot the phishers. And I never access a service provider by clicking on a link in an E-mail - unless I have no option than to do that. The latter only really arises when I've just registered a new account on a web site, and it's asking me to confirm my E-mail address. In all other cases I go to one of my bookmarks.

I think I'm reasonably careful, but there's no harm in warning others. And if anyone thinks I should be even more careful, please tell me!

[661-Pete]

BTW what benefit is PayPal? You can pay direct from bank account, credit or debit card so why use PayPal? It's a middle man you're paying for right?

I've sometimes wondered about this. I use PayPal quite a lot - it puts an extra 'barrier' between my bank account and an as-yet-untried vendor - hence another layer of protection just in case the vendor turns out to be rogue, at least they haven't got my card details.

If PayPal themselves get hacked and my card details leak out - well an event of that magnitude would probably hit the news headlines, so hopefully I'd get warning in time. As would millions of others!

[Tangled Metal]

If PayPal are doing anything that your bank isn't doing then I'd agree but the security checks your bank should be doing should be enough surely?

If you're worried about this then set up a shadow account where you put the exact money in for your payment and have no overdraft facility. Then pay from that account. Don't use it other than for online purchases. It's very easy to transfer money to another account before paying for something. You could use your main bank or another. Using a separate bank might give you different security protocols. HSBC is one bank that's got strict security protocols. My partner gets her account shut down a lot by their Internet security team even though she doesn't use it much.

[kwackers]

BTW what benefit is PayPal? You can pay direct from bank account, credit or debit card so why use PayPal? It's a middle man you're paying for right?

I've sometimes wondered about this. I use PayPal quite a lot - it puts an extra 'barrier' between my bank account and an as-yet-untried vendor - hence another layer of protection just in case the vendor turns out to be rogue, at least they haven't got my card details.

If PayPal themselves get hacked and my card details leak out - well an event of that magnitude would probably hit the news headlines, so hopefully I'd get warning in time. As would millions of others!

I use Paypal all the time, why? Mainly because it's so much easier than filling out card details and also because I approve of Musk's enterprises.

As for phishing. Never use the links, if in doubt going to the site manually is the first and most important protection.
They're usually pretty easy to spot - mainly because they have to put links in otherwise there's no point. Check the URL of the link - it's always something daft.

[Paulatic]

.

BTW what benefit is PayPal? You can pay direct from bank account, credit or debit card so why use PayPal? It's a middle man you're paying for right?

Wrong, doesn’t cost me anything to pay through Paypal. I’ve a verified account
Selling on EBay is a different matter of course.

[kwackers]

Wrong, doesn’t cost me anything to pay through Paypal. I’ve a verified account
Selling on EBay is a different matter of course.

Oh yeah, I forgot about selling.

I have a website I sell bits and pieces from. I just added some little paypal gizmos and that was it. Easy peasy, no need to do all the nonsense you need to accept credit cards etc.
(And eBay too of course).

[Tangled Metal]

.

BTW what benefit is PayPal? You can pay direct from bank account, credit or debit card so why use PayPal? It's a middle man you're paying for right?

Wrong, doesn’t cost me anything to pay through Paypal. I’ve a verified account
Selling on EBay is a different matter of course.

It's a service and a business, someone is paying for it at one end or another. If not you then the business you're buying from our some other entity.

As for entering card details each time. You can scan cards in seconds, the few bits you have to enter after that takes seconds to do. I've been buying online a lot recently (birthdays and Xmas makes December a costly month). The biggest delay in the checkout stages I've encountered are the long winded step by step process some online retailers use. There's good online retailers that you can go from clicking on checkout to order confirmation in less than a minute. Others your there for the minutes going through their long winded process. The actual card entry stage on those are a small part of the process in terms of time IME.

Of course it's easier to buy online from a phone or tablet with a camera to scan your cards. Making sure you don't let it record them of course.

Perhaps I'm a distrusting type but giving PayPal my card details to store is a worse option than having to enter the details each time. As far as the security of the actual money transfer process it's probably not that different.

Personal choice I guess and whatever works for you.

[Vorpal]

They're usually pretty easy to spot - mainly because they have to put links in otherwise there's no point. Check the URL of the link - it's always something daft.

It's not always daft. Sometimes it's quite close to the real thing. They leave out a letter, or have a different country extension, or add something onto the end, but it otherwise looks close enough that you'd have to think about it or read it carefully.

I've received bank phishing mails that were like that.

[kwackers]

Perhaps I'm a distrusting type but giving PayPal my card details to store is a worse option than having to enter the details each time.

How can that be true?
Paypal have a business built on trust. Web stores on the other hand - how do you know they destroy that data? Sure the bigger ones have an incentive to garner your trust but is that true for every one of the millions of stores on the web?

When people have dodgy transactions on their cards it's a given their card was skimmed either by a website or physically in a location. IMO Paypal is very much less of a gamble than pretty much anywhere else.