You don't need to be an 'investor' to invest in Singletrack: 6 days left: 95% of target - Find out more
I am waiting for a package to be delivered by the Royal Mail. It should have arrived yesterday but still hasn't. I picked my phone up to call the supplier to see why it was late and spotted a text from the Royal Mail saying there was a £1.99 shortage on post and I needed to click the link to sort it out.
Obvious scam when you pause and think but the timing made me so close to clicking.
Close escape I guess.
Just thought I would share in case yo get a text from +447508867844 asking for £1.99 postage
I've had loads of these and the first one came when I was waiting for something from ebay so I was almost sucked in. I've had them since addressed from everyone like Royal Mail, Hermes, DPD etc.
I just wish I could come up with a scam like this. I bet they're sitting somewhere absolutely raking it in!
Obvious scam when you pause and think but the timing made me so close to clicking.
some people have been getting near daily deliveries for the past 14 months, so yeah, a lot of people could have done the same thing.
I had one from Hermes the other day. I must admit it made me think twice but I didn't click the link
Hermes one's ask for £2.50 normally, or at least the 3-4 I have received previously always did
Royal Mail scams are just £1.99 🙂
Clearly a scam as Royal Mail include a handling charge of about £3.50 on top of the shortage! 🙂
Royal mail will put a card through the door if postage is due
I get the hermes one a lot
got one of those, thought it was legit, but my package was via parcel force, and the text said royal mail.
link takes you to a page, looks legit and asks for details. I stopped filling it in when it was asking for bank details, DOB etc. felt like a doofus for getting that far, but just wasn't thinking.
Nearly fell for it the other day - clicked the link but website felt a bit dodge and sure enough, wasn't the "real" Royal Mail website. Had a few others since but I get loads of text from various couriers saying stuff like "Your package will be delivered by tomorrow between 10 and 11am" so it didn't immediately ring any alarm bells.
Glad you didnt, what a head/heartache that would be, and in the wrong time too, given this pandemic.
I like watching the scam busters on you tube. Hats off to those guys doing what they can to make scammers pay. Though it does make you wonder what goes on in the mind of a scammer, have they no scruples whatsoever 😕
Jim Browning is one of the best at exposing, and dealing with them, but there are a few others make it more a bait, and have the knowledge to hack into the scammers computer while they're trying to hack into the victims.
https://www.youtube.com/c/JimBrowning/videos?view=0&sort=p&flow=grid
My own thought about scammers involves something like a Glock.
I had one from Hermes the other day. I must admit it made me think twice but I didn’t click the link
We had one supposedly from them as well the other day. It was pretty well done, the site was convincing enough and the link was HTTPS and everything.
I fell for one purporting to be from DVLA. I’d been doing online chat trying to sort my electricity bill out then went straight to DVLA to tax two vehicles. Within half an hour I got a very realistic email supposedly from DVLA telling me I was owed a refund, please send us your bank details. I did and then as soon as I hit send realised it was a scam. I managed to contact the bank before any damage done but very close. The call centre must have been still connected and logging my key strokes. Never used online chat again!!
They're everywhere at the moment taking advantage of the increase in online shopping. Please remember to forward them to 7726 so that we can gradually eliminate them and protect the more vulnerable!
My Google Pixel dumps them straight into spam. Received one earlier in the week. visit royalmail.parcel-destination.com kinda gave it away as garbage.
I have had a few now. First one I got i thought "how the hell do RM have my mobile number?". After that second or so of thought it was clearly a scam.
Yeah get them now and then, always read the url backwards. My wife nearly fell for it a couple of weeks ago.
As scams go it is hardly going to ruin your life though unless you really need that £1.99.
Anything that comes in via a text asking for money via a link is ALWAYS going to be a scam though isn't it?
As scams go it is hardly going to ruin your life though unless you really need that £1.99.
It’s nice that you think the scammers would stop at £1.99.
Got this the other day, seemed legit.
Kerley, normally to pay the £1.99 you are providing the scammer with your full bank account details. They don’t just take £1.99.
Got this the other day, seemed legit.
Yep, sexycanvas.com really seems legit doesn't it.
Kerley, normally to pay the £1.99 you are providing the scammer with your full bank account details. They don’t just take £1.99.
Clicking on a dodgy looking link is careless, entering bank account details is another thing.
I’ve been getting weekly ish texts from various ‘banks’ asking me to confirm a new payee on my account. The first time it nearly caught me as I clearly didn’t recognise the payee and natural reaction was to click on the link to find out what was happening. But it all started to look dodgy and I stopped before getting any further than going on to the link page.
I don't know how anyone falls for these.
As the OP said for most people it will be about the timing. The only time I’ve ever come close is when I was distracted and trying to do too many things at once...
I don’t know how anyone falls for these.
Because they haven't been educated or kept up with modern communication methods.
For us it is very easy as any text with a link in is clearly dodgy but someone like my mum for example would not think of looking at the URL name. Same with email.
Where I work they do tests to see who falls for dodgy emails and it is surprising the number of people who fail the test and click the link. All of these people really shouldn't be falling for it.
Where I work they do tests to see who falls for dodgy emails and it is surprising the number of people who fail the test and click the link. All of these people really shouldn’t be falling for it.
+1 and it only takes the right combination of confounding factors to risk tripping up even the most careful.
They seem to come in bursts as far as I can tell. Had several bank texts the last few days on both work and home phones and it's gone quiet again. Give it a few weeks and I expect to see another flurry.
link takes you to a page, looks legit and asks for details.
On my iPad, I always tap on the bold From: bit at the top, which will give you the actual senders email address, which will give you a big clue. I keep getting spam emails at the moment, here’s one that arrived a couple of hours ago, as it happens, I’ve taken a screenshot of the actual source, which shows a bunch of people have had their accounts hacked, and are being used by spammers to send out a shit-tonne of crappy emails supposedly from places like Morrisons, Aldi, etc.
[i]I don’t know how anyone falls for these.[/i]
I didn't but because I was waiting for an notification from the Post Office about a delayed parcel I [b]almost[/b] did. Just a a gentle nudge/reminder to people
Anyway, I feel we know each other airvent, what was your mother maiden name?
Got one of these a few weeks ago and I must admit my first thought was “that’s quite clever”. URL was the giveaway but I’m sure they’ll find ways to make that convincing soon and plenty of legitimate companies will send you a text or email with a link in it. I’m fairly confident that I won’t fall for one of these but I can see why plenty do.
Plenty don't need to. It's a numbers game. It's as cheap to email half the world as it is to send one mail, and you only need one sap to take them for tens of thousands.
By way of context, I have an email / password list which is a text file running to just shy of 11GB.
I always tap on the bold From: bit at the top, which will give you the actual senders email address, which will give you a big clue
No, it gives you the email address the sender wrote in their software as the 'From' address they wanted you to see.
If you want to know whether the email might actually have been sent by the owner of that address, you need to look in the full headers, which take a bit of practice to read but aren't difficult.
My wife nearly fell for it a couple of weeks ago.
Same here – and as others have said, she was waiting for a package to be delivered and assumed it was legitimate. Fortunately she received it whilst we were sat watching the telly and showed me it so I did a quick Google.
along a similar line, for Facebook users.
"The colour of your pants and your first pet's name" is not your "porn star name", its the answer one of your secret questions.
I did initially wonder how it worked as it seems harmless enough, but when you think about it its pretty effecitve wheeze.
The people who are answering these questions are not likely to have their profiles locked down, so if someone gets your bank account login, they probably have your name, and then a quick facebook search and a rummage through your profile doesnt take a few minutes. If youve posted one about your first pets name, youve probably got one about your mother maiden name and the last thing you ate being your super hero name or some inane bobbins
My son fell for a Paypal one that came in on a text. I didn't see it, so don't know how legit it looked, but he went through putting his bank card details in, before calling me and checking. Got his card stopped/pwds changed before any damage was done.
I think I'll warn him about the package delivery ones, cos he does order clothes online.
“The colour of your pants and your first pet’s name” is not your “porn star name”, its the answer one of your secret questions.
I did a presentation at work a little while ago and used this example (first car + mother's maiden name). People's faces when I dropped the punchline were amazing, you could visibly see like half the room go "oh shit!"
I think I’ll warn him about the package delivery ones
The problem with this approach is there's always another scam. You could warn him about the package delivery ones, the Paypal ones, the HMRC ones, then one comes in from 'Amaz0n' and he's screwed because no-one warned him about that one.
We've discussed "how to spot a scam" at length at work and whilst stuff like mouse-overing the URL or looking at the email address may be all well and good, the best way I've come up with so far is simply to ask "was I expecting this?" There are exceptions of course but legitimate unsolicited emails / SMSes are comparatively rare. If you start from a default assumption of "this is probably a scam but could be genuine" instead of "this is probably genuine but could be a scam" then you're in a much, much stronger position. If you genuinely believe that it might be genuinely genuine, go check your accounts on a different device. If you do have a problem with an account or a delivery then there will be evidence elsewhere. Never, ever follow a link sent to you unsolicited.
The simple rule for people not really savvy is just don't click on anything in a text or an email.
I.e. If PayPal need you to do something log directly onto the PayPal site and check from there.
The National Crime Agency have been trying to arrest me for months. They keep calling but just can't seem to find me.
I don’t know how anyone falls for these.
For the scam stuff which is obviously a hoax, the trick is to filter out the people who know it's a scam. Once you've done a first pass at selecting the people who don't know that parce1-tracking.com.kr isn't Royal Mail, you've a much better chance of getting them to enter full bank details and other personal information (create an account! for security, what's your mother's maiden name) too.
The problem with this approach is there’s always another scam. You could warn him about the package delivery ones, the Paypal ones,
Very true - pretty sure I told him, after the Paypal one, not to follow any links in [i]any[/i] texts (except the hilarious ones I send him, natch), but worth reiterating.
[i]I did a presentation at work a little while ago and used this example (first car + mother’s maiden name). People’s faces when I dropped the punchline were amazing, you could visibly see like half the room go “oh shit!”[/i]
I can't remember which company did it but during a cyber security conference they set up a 'free wi fi' hub during the lunch break. In the afternoon session they called out people in the audience who had used it and told them their credit card numbers, email details or what ever they had used the free wi fi for.
This was a conference for cyber security experts!
Get these all the time, alongside the automated phone calls telling me the HMRC have a warrant out for my arrest.
Was listening the Vine on R2 afew weeks ago and they were on about this, Saying if you fill in the online forms they actually get back to you to tell you they're from your Bank, the accounts now compromised and to transfer your funds to their own 'safe' account. Seems obvious but folk must fall for it
For the scam stuff which is obviously a hoax, the trick is to filter out the people who know it’s a scam. Once you’ve done a first pass at selecting the people who don’t know that parce1-tracking.com.kr isn’t Royal Mail, you’ve a much better chance of getting them to enter full bank details and other personal information (create an account! for security, what’s your mother’s maiden name) too.
And if they are not already they will soon have unique tracking numbers in the link so they know that 07123 456 789 has someone on the other end, and who is not tech-savvy enough to spot the dodgy link. Even if they don't submit their details that's probably a good target for future improved scams! I hadn't realised they were harvesting details, I assumed they were just charging £1.99 on a credit card and assuming they could get through enough and disappear with the money before the chargebacks come in...
Now does anyone know why I keep getting voicemail left from a number that says its in Bulgaria but sounds like the message is in Chinese?
@olly and @cougar thanks for the really helpful posts re the Facebook things...
I don't do those Facebook survey underpants/dog name/home town things because I think they are a crock of **** so never really thought about them in that way.
BUT even as someone who gets regular cyber training that's never come up and it hadn't occured to me that stuff could be harvested like that.
However I will now be sharing that as much as I can with people I know who do.
I’m just miffed that the latest spam phone calls all ask you to press one to speak to someone (which will cost you,)so you can’t wind up whoever’s on the other end and waste their time.
I know a few have already said this but I think scammers land two types of victims
Victim 1.
Tech vulnerable person, perhaps not too smart or elderly. Believes people are trying to help them and isn't really capable of questioning things.
Victim 2. People who do not think they will get scammed but combination of fluke of timing combined with dropping guard briefly means they end up getting done.
I was tiptoeing around the edge of Victim 2 territory the other week. Have been having a nightmare getting set up on HBOS commercial online banking for about 6 months. Sent in latest application (fourth attempt) about three or fours days before getting a text from HBOS regarding setting up my online banking access. Nearly clicked on it before thinking again. Then googled it and well known scam.
I don't think it was anything other than sheer coincidence of timing. I was juggling work, expecting to hear from HBOS and the fraudster stars nearly aligned.
Based on my experience, I think it is harsh to question why anyone would fall for this sort of scam, I can see how I nearly did. The scammers are getting smarter and smarter all the time.
link takes you to a page, looks legit and asks for details. I stopped filling it in when it was asking for bank details, DOB etc. felt like a doofus for getting that far, but just wasn’t thinking.
I had one of those for Facebook years ago. Opened up FB on the laptop, page loaded then went blank and said someone had hacked my account and I needed to confirm some personal details. Got as far as the credit card info before I realised.
Actually turned out to be quite a clever little virus, took the IT guy at work days to get rid of it. I can only assume it came off a flash drive belonging to my mother which had a load of photos on (thousands, mostly in no particular order) which she must have shared around countless computers - "oh, look at my photos from...", she was a nightmare for doing that, copying them here there and everywhere, downloading them onto friend's computers, copying their photos. The flash drive must have been riddled with malware.
I don’t do those Facebook survey underpants/dog name/home town things because I think they are a crock of **** so never really thought about them in that way.
I muted a friend on FB who seems to spend her entire life filling out shit like that. There's some relatively harmless stuff in there about food or how often you fart in the bath or other random "funny" crap but that disguises the stuff that is actually useful to scammers or that propagate the scam - pet names, family names, where you were born, contacts lists (all those things about "you have to live here with your third @ for a month, could you do it...?" which immediately tags the @, they comment, copy, share etc and so on.)
franksinatre - That was exactly like my original post. It was only because I was about to chase up the Royal Mail about something and there was a message from the Royal Mail... Not really concentrating
BUT even as someone who gets regular cyber training that’s never come up and it hadn’t occured to me that stuff could be harvested like that.
The context of this, I did a whole piece around "trust" - who we trust implicitly and whether that trust is wise. Do we trust Apple to look after our data and login credentials securely? Google? Microsoft?
Yahoo?
However I will now be sharing that as much as I can with people I know who do.
Please do. It's worth it alone for the reaction it gets.
all ask you to press one to speak to someone (which will cost you,)
I highly doubt that. I don't believe it's possible (in the UK) to charge someone for receiving a call. It's a trick I've not seen before if it is.
I've had a couple of spam calls recently to my work mobile but the odd thing is they come from mobile numbers that are very close to my own number. First one was +61 and second one -276. Coincidence or not?
Mrs S and I both got the same last week, call from numbers that were one digit away from our own
Its called Neighbour Spoofing and is another confidence trick
https://www.ofcom.org.uk/phones-telecoms-and-internet/advice-for-consumers/problems/tackling-nuisance-calls-and-messages/phone-spoof-scam
Again,
CLI (caller ID) spoofing is nominally more difficult than email address spoofing, which is to say "not very". One of the reasons behind CLI is so you can offer a different callback number - say a freephone number or a call centre - from the one you're dialling out of. You need to consider inbound call numbers as largely cosmetic, it's a "reply to:" number rather than a "from:" number.
There is a second actual real CLI embedded in the call metadata which is visible to people such as the emergency services (so you can't prank the police) but not to the general public. Why this is the case I never really understood.
call from numbers that were one digit away from our own
Interesting - do you answer them?
I get calls with numbers I don't recognise, not in my contacts or phone tells me location - Manchester, Edinburgh etc. I don't know anyone in those places. Could be recruitment, but I'm not looking for a job, so I just press volume button and let it ring.
If I get an unknown number that I'm not expecting then (there's a theme here) I ignore it. Googling can often yield results.
I know a few have already said this but I think scammers land two types of victims
At least, yes. You don't catch different fish using the same bait.
On the one hand, phishing emails etc are getting harder to spot. I used to think "how daft do you have to be to fall for this stuff?" but some are really convincing these days. As demonstrated by this very thread, all it takes is a perfect storm of a well-crafted email from a company you're already in the middle of dealing with and boom, you've just sent your credit card details to Nigeria.
On the other, I have a suspicion that some of these things are intentionally bad. Because the sort of person who's gullible enough to fall for an email going "dear costumer, your account is in suspenders" is more likely to be subsequently reeled in. Sending emails is cheap, but landing the big fish requires individual human interaction and that takes time and therefore money. Their worst-case scenario is spending hours on a mark just for their target to go "wait a minute... this is a scam, isn't it?" at the 11th hour. By ensuring that only chumps click the links in the first place, they minimise this risk.
This is what makes this stuff difficult, and why "there's a scam claiming to be from [whoever] doing the rounds" warnings are usually ineffective. There isn't 'a' scam, there are thousands, it is a moving target and attempting to mentally blacklist the latest phish-of-the-day is doomed to fail. Instead, learn how to recognise these things and, as I said earlier, if you aren't expecting something then regard it with suspicion.
If I've written this once on STW now I've written it a hundred times: if you find yourself having to ask "is this a scam" then the overwhelming likelihood is yes, yes it is.
Nearly got suckered by this one the other day. Only my quick wits saved me!
Seems legit.
interesting...
https://www.bbc.co.uk/news/uk-england-57226704
I wonder if this is 'the' recent Royal Mail phishing scam or just 'a' recent Royal Mail phishing scam.
I think we need to get a bit better at playing our part in this. If were too clever to fall for these scams but ignore them instead of contributing to the efforts to defeat them (like reporting them promptly to the NCSC) then we're not as clever as the scammers.
had a close call a while back with this one
I won't do banking and very,very little shopping on my phone just to avoid scams and rash purchases I can't even access my bank account from phone and so don't have the details anyway.Got the DVLA email about my VED payments/ direct debit not going through which coincidentally I had only just set up on my relatively new (to me)car.Waited till the evening checked the email in more detail saw it was a scam but also confirmed it on Google.Thought I just better double check with DVLA online and found that my tax was up to date buy my MOT had run out a month ago.Thank you scammers I would have carried on driving around for another 6 months without an MOT otherwise as I thought it was due the same month as my old car,lockdown confusion and all that.
I won’t do banking ... on my phone just to avoid scams
Are you 86?
No, just sensibly cautious! (no need to be patronizing, not everyone wants to do things because they can).
Are you 86?
Not quite.The clue's in the username .
Use your phone it should have a calculator on it 🙂
Don't use my phone as nothing's that urgent for me. I'm on my laptop every evening so I do banking,household admin.shopping,pointless internet postings etc then.Bigger screen for my old fogey eyes.
Are you 86?
Another phishing scam, dont tell him, Pike
I just followed a link on a scam text! Came from Fedex, supposedly:
link opens to this
Fedex-delivery.co/ ? hmm, now my morning brain starts to function (not that well, but enough), .co? hmm, so I’ve been in all morning, I’ve missed a parcel? and they don’t leave a card. Go to actual fedex website, no help there, the tracking no doesn’t exist and their cust service phone no doesn’t work. Google web address, yeah, scam.
Guess they know my phone no. is real, but what else they would’ve got out of it, even if I’d booked a fake redelivery, not too sure.
If you try to book the redelivery they tell you there is a charge to pay - thats where they make their money
Mrs Pierre had an alarming one a couple of weeks back that we're still not sure is fluke timing or something more sinister.
She'd been waiting for a new bank debit card through the post and when it arrived she went through the usual steps of activating it (use bank app on phone, Face ID log in, activate card) - but then a couple of minutes later got two text messages. The first one looked like it had come from the bank and said something like "This is (bank) fraud prevention. You will shortly get a text from (given number) to authorise or deny potentially fraudulent card transactions."
She then got a text from the number previously provided that said "This is (bank) fraud prevention. Two transactions have been flagged as potentially fraudulent:" and details of £0.00 transactions with names like "UBER 7239-49" and "Delivero038922". Followed by "Please call this number as soon as possible to authorise or deny these transactions."
She did the sensible thing and called the bank on their given number, and they said the messages hadn't come from them and there were no flagged transactions on her account. But she was slightly alarmed how quickly the texts had arrived after she'd activated her new card - I think it's probably just coincidence but am wondering if there's something more suspicious at work.
Theres an investigation into this on bbc1 now. Presenter sounds like he thinks we’re a bit stupid.