Jump to content

Warning - scams


newhome

Recommended Posts

I read this on a self build site on Facebook earlier. OP has given me permission to cross post. Scams are getting more and more elaborate these days. Emails can be hacked and invoices produced with rogue bank details, texts can be made to look as if they’ve come directly from your bank. Never ever take anything at face value. Never click on any links, set up any online payments without sending a tiny amount through first and checking that it’s arrived before sending a larger amount. Always check independently with the person you are sending the money to via a brand new text message, phone call or email, not by replying to one that is sent to you. Be vigilant and question everything these days. 

 

OP’s message is below: 

 

WARNING ⚠️ 
Thanks for all advice on previous thread re VAT this morning, but have to share this with you all.
Just had an awful experience. Thought I’d paid a bill yesterday to our newly appointed plumber but he has had his email hacked and I’ve paid the hacker £2200 for an invoice he/she had up dated with their bank details. Barclays were helpful but doubt very much anything will be recovered from the international bank I’ve paid. Angry and very upset with myself for falling for it. Apparently this kind of fraud is increasing. Please be cautious, I need to now figure out how I save that in an already tight budget ?

 

Link to comment
Share on other sites

Some companies don't help themselves though.  Yesterday I had an email telling me they "may have sent the wrong documents" when I renewed the B&B insurance a few weeks ago, and it wanted me to download the correct set from a link they provided.  But the link did not take you to the insurance brokers own website.  So I sent an email directly to the broker to question did they actually send this email, and the answer was yes.  So why are they hosting the documents on some other website.

 

I saw an interesting theory.  This "accept cookies" nonsense we now have on virtually every website has had the unintended consequence of conditioning users to blindly click "yes" to anything that pops up on their screens.

Link to comment
Share on other sites

I had an email from one of our contractors saying they had changed bank accounts and could I pay the outstanding invoice to the new number.  We phoned them before paying and found their details were unchanged and it was an attempted scam. I think banks are trying to clamp down on this fraud by making sure the payee names match, whereas they currently only look at the account and sort numbers.

Link to comment
Share on other sites

When the OP contacted the plumber he said that another customer had received an email like that and he’d just told the guy to delete it and ignore it. He never bothered to warn any of his other customers ?

Link to comment
Share on other sites

All schools in the L.A. That I worked had warnings of this type of scam some years ago - probably before 2010, so it has been going on for some time.

 

it makes you feel sick to your stomach.

Link to comment
Share on other sites

Yes these scams have been going on for a while but they are getting more and more clever making them harder to detect. Never hurts to remind people and make them question everything they do financially. 

 

I even hate transferring money into a brand new savings account these days when it’s a substantial amount. 

  • Like 1
Link to comment
Share on other sites

16 minutes ago, newhome said:

I even hate transferring money into a brand new savings account these days when it’s a substantial amount. 

If doing that, I first transfer a trivial amount, say £10. Only when that has arrived safely will I transfer what I actually want to.

  • Like 1
Link to comment
Share on other sites

13 minutes ago, ProDave said:

If doing that, I first transfer a trivial amount, say £10. Only when that has arrived safely will I transfer what I actually want to.

 

I do that too. Still hate transferring the big amount though lol. 

Link to comment
Share on other sites

12 minutes ago, Ed Davies said:

But we all digitally sign our emails, don't we?

 

Hardly anyone does this I would suggest and you can’t send money using a digitally signed email. 

Link to comment
Share on other sites

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

 

Sorry, I didn't think my comment needed the “/sarcasm” tag.

 

Indeed you can't send money by email but with digital signatures you can verify that an email updating bank details, or whatever, is valid. In less technically-backward countries (e.g, Austria, Estonia, Switzerland and, I think, the Netherlands) use of digital signatures with keys signed by government entities is pretty routine. Here the government just tries to ban secure cryptography.
-----BEGIN PGP SIGNATURE-----

 

iQGzBAEBCgAdFiEEklM8otTd5M2cZSSDAHFYLlN5hIEFAly2U6kACgkQAHFYLlN5
hIF8ogv+Ne9TMHtLrEWAoAj9PLEiTy29wmEbjZpo0zntuQEuI9nU19VennDG/fe8
UQeaTtCh1Q7UWt7RbZSJqXyjN0s/pWhtZ76crQnAn0maFud4EPjGe7B57XqBlFoh
PNkoL0PD8d72YDS0xHiKi2HooY4PKBWCoruuXAPO4RgcEb8e3/0Sc/m88SHwK4yS
vPgDha2DCLHqz3tfyVuAkajPcsEsiboOBwiykB+P+BQu2aGqaxtTqwee595oBxih
0Mkrxo2oyOMVhxzYLN20RYh30q6IeZXB8/ClaCX6Kp55Er2g9OimYslvW/N2ACdB
gaMSYBCrWuXB67lLgMtNGOrxCgrXp37hwBtQx9fQIcU1vMfTX5R4ZU+dg54E/5/x
oXsqqKEbvr3LVA0X0+VfL25HThoP1tlS5N3/OMIMn/wzif9EaRD5nSPEm5rtVpaR
WFrBHZNHb9XFhUOsVxYshxQTCti6RY3iByaqDo3OPnKKb8YJZj4L2XcEpiFmjDcu
GDsysJFO
=hpOA
-----END PGP SIGNATURE-----

 

  • Like 1
Link to comment
Share on other sites

I refuse to click on any emails whether I know they’ve come from the bank or not. I also hate it when the bank calls out of the blue and starts asking security vetting questions to verify identity. The calls go something like this. 

 

Bank - hello, this is X bank we’re ringing from the x department. We need you to answer some questions before we can proceed. 

Me - I wasn’t expecting a call from you so I’m not giving you any personal details. 

Bank - without the validation we can’t proceed with the call. 

Me - that’s fine, I don’t know what you want anyway so am not bothered about having a conversation with you. If you really need to talk to me tell me where I can find the number of your department on your website and I’ll call back. 

 

 

  • Like 1
Link to comment
Share on other sites

58 minutes ago, newhome said:

Me - that’s fine, I don’t know what you want anyway so am not bothered about having a conversation with you. If you really need to talk to me tell me where I can find the number of your department on your website and I’ll call back. 

 

Me - you have my address, so write to me.

Link to comment
Share on other sites

1 hour ago, AnonymousBosch said:

OK Ed, how do I digitally sign an email?

 

Have a read of how PGP (Pretty Good Privacy) works here for starters: https://en.wikipedia.org/wiki/Pretty_Good_Privacy

 

And, for details of how digital email signatures work, see here: https://en.wikipedia.org/wiki/Digital_signature

 

As @Ed Davies writes, though, there is resistance from our government to using encryption, as they view it as being a threat to national security.  In essence encryption stops, or makes very difficult, the ability of the state to read electronic communication (at the moment it's pretty easy to read email traffic).  They argue that encouraging the use of encrypted, secure, messaging allows terrorists to communicate without the state being able to listen in.  This ignores the fact that terrorists are generally pretty switched on when it comes to secure comms (there are several secure messaging apps readily available), so are almost certainly already using encrypted communications anyway.  The reality is that discouraging the widespread use of encryption, so keeping email traffic in plain text, without any effective means of authentication,  allows email scams and phishing attacks to flourish, something that arguably causes as much public harm as terrorism.

  • Like 1
Link to comment
Share on other sites

Most email is opportunistically TLS encrypted anyway which results in emails traffic between servers being encrypted (can be enforced between parties).  This is independent/in addition to the actual underlying message being encrypted or not.

 

Digital signatures aren't of much value tbh and the best approach is to never, ever click on a link received in an email, doesn't matter who it's purporting to be from (and also ensure you don't load external content in the message either).  If you think it is genuine, copy the link and paste it in a browser (or hover over it to verify it is indeed going to the same place as the link appears to be).

 

Going back to the original good advice from @newhome as it's so easy to spoof an email address (yes I am aware of SPF, DKIM, DMARC et al but probably somewhat off-topic), never trust bank details received via email.  Verify that they are correct first with the (purported) sender; if you're viewing an online invoice, that's much harder to spoof.

Link to comment
Share on other sites

My company periodically sends emails round with links in them that have come in externally.  Anyone clicking on them gets reported to their manager and has to take an online security test. If you click on one 3 times you are put on special measures training. 2 of my guys are on 2 strikes! ? TBH when one arrives now emails generally circulate saying ‘don’t click!!’. Sometimes however we get genuine external emails with links and I then get spammed with emails asking if it’s ok to click on them! ?

Link to comment
Share on other sites

30 minutes ago, newhome said:

My company periodically sends emails round with links in them that have come in externally.  Anyone clicking on them gets reported to their manager and has to take an online security test. If you click on one 3 times you are put on special measures training. 2 of my guys are on 2 strikes! ? TBH when one arrives now emails generally circulate saying ‘don’t click!!’. Sometimes however we get genuine external emails with links and I then get spammed with emails asking if it’s ok to click on them! ?

 

Presumably the next step is for the security testers to send an email round saying "don't click" with a link to "why not to click", and see who does so.

Link to comment
Share on other sites

Some people are incredably gullible. On one occasion I was visiting my MIL and she complained her computer was slow, would I have a look,  I ran Malwarebytes on it, and I think it gave up counting when it had found in excess of 2000 "threats" on the computer.  When I asked what has she been doing the reply was "people keep sending me emails saying I have won some money so of course I click on the link"

 

Some people you just can't help.

  • Haha 1
  • Sad 1
Link to comment
Share on other sites

1 hour ago, Ferdinand said:

 

Presumably the next step is for the security testers to send an email round saying "don't click" with a link to "why not to click", and see who does so.

 

We have to undertake several dozen mandatory training courses plus tests on an annual basis one of which is information risk and cyber security. It covers how to spot and report phishing, vishing, smishing etc. Given the nature of the business I work in it’s taken very seriously. 

 

I continually hold my head in my hands when I hear about someone who has sent a large amount of money as an online transfer without sending a couple of quid to check that the online payment is correct. I’ve felt people get irritated when I’ve said ‘I’ll send you a quid first’ but too bad. And then apparently the banks are to blame when they screw up. 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...