You don't need to be an 'investor' to invest in Singletrack: 6 days left: 95% of target - Find out more
I just got this email for something I haven't bought and there is no money missing from Paypal or my debit account. So how do they make money from it? High charges for the customer support number perhaps?
You've sent $175.62 to Payp al Payments LLC. It may take a few moments for this transaction to appear in your account.
Product : Recaceik Dining Table Set, Rectangular Dining Table and Chairs for 4, Modern Wood Bench Dining Room Table Set Kitchen Table Set with Two Benches & Metal Frame for Kitchen, Restaurant (Rustic Brown)
Billing Method: Debit Card
Order Date: Monday ,febrary 27, 2023
Order id: dTX4eG
Total before tax: $149.99
Estimated tax to be collected: $25.63
Total Amount: $175.62
Thank you for choosing us for your shopping needs.
We hope to see you again soon,
Contact our Customer Support at: +1 888 7880228
Warm Regards
Ashley Thomas
It's just phishing for your details...
Wants you to login through their link, giving them access to your account more than likely...
That, or like you say, call them on a premium rate line...
presumably you call their customer support / click on a link or whatever to dispute the transaction and in doing so hand over your login info
EDIT - 888 numbers are free to call so it'll just be phishing for logins
Yeah, flagged as phishing but I was wondering about the 'How'.
I can only think that the Customer Support number is some £20 a minute call line and they keep you talking for as long as possible.
I would be interested to hear any better guesses
I have flagged the message so it has gone but reading it on my computer there was no link on it.
The support number is what we'd call a freephone number so it's not that.
The answer to why "hi, we're scammers, call us" could be many and varied. Asking for your credit card details to issue a refund, perhaps.
They're not giving you any course of action other that to call them. If you genuinely thought it was from PayPal and had to phone them - given its not really configured as a phone banking service - you've only really got two pertinent identifying bits of info to be asked for - the email address the account is for and the password
Paypal when they send you anything address you by name and never 'Dear paypall user'
Absolutely they’re gonna ask for your bank details at some point.
Yep, its a case of if you are gullible enough to phone the number then they've already reduced the potential victim audience down to those that are fairly likely to confirm info like place of birth and mothers maiden name in order to process a 'refund'. (aka break into your email account and therefore a lot of websites via password resets)
The amount of people that must get scammed like this and be too embarrassed to tell anyone is huge I suspect. There are plenty of guys at work that just cannot help clicking a phishing link out of curiosity or 'but what if it is important'. Literally completing a phishing awareness course (thats pretty good) and then clicking a link in a bait email sent by the employer which auto-enrols them back onto the course, and repeat three times over in the space of a few months, as well as everyone having to do it annually anyway. And these guys got dragged into the the modern world over 15 years when laptops and iphones replaced paperwork, compared to many who have never had any sort of awareness training or had anyone take them through a few dodgy emails to point out the clues
Edit: we could really do with a dos attack solution for stuff like this. Log scam phone call/call us number on a website, once number of reports hits a trigger level, website bulk calls the number making it useless for 48hrs.
They'll need your bank acct details to "refund you"
Yep, its a case of if you are gullible enough to phone the number then they’ve already reduced the potential victim audience down
Exactly, the scamming MO. They only need a hit rate of .01% from the high number of mails they can send.
Literally completing a phishing awareness course (thats pretty good) and then clicking a link in a bait email sent by the employer which auto-enrols them back onto the course, and repeat three times over in the space of a few months, as well as everyone having to do it annually anyway
Ahahahahahhahaha
Literally completing a phishing awareness course (thats pretty good) and then clicking a link in a bait email sent by the employer which auto-enrols them back onto the course, and repeat three times over in the space of a few months, as well as everyone having to do it annually anyway
On the other side of this, my bank loves to email me with links to log in, and call me and start asking for security questions. You would think they would learn not to do it also.
which auto-enrols them back onto the course,
In our company its; Fail it once and a course (which is decent). Fail it twice, manager escalation. Fail it three times, removal of computer (and job).
I ignore all banking emails by default. I ignore texts. I never click on links. I always check the "from" in unsolicited emails. I do have to pay a FedEx customs fee, but that arrived as a text, email AND a letter. It's real so I will pay it (replacement Assioma power meter from Italy) 😀
There are plenty of guys at work that just cannot help clicking a phishing link out of curiosity or ‘but what if it is important’. Literally completing a phishing awareness course (thats pretty good) and then clicking a link in a bait email sent by the employer which auto-enrols them back onto the course, and repeat three times over in the space of a few months, as well as everyone having to do it annually anyway.
Sure. I had one a while back, I was helping someone with their PC when a malware-laden email arrived. I took the opportunity for an ad hoc spot of training, explained what it was then deleted it. I hadn't made it to the office door when he called me back, "my PC has gone funny!" He'd retrieved the email from Deleted Items, opened it and run the executable. I was incredulous, why would you do that? "Oh, I wanted to see what it did." ¯\_(ツ)_/¯
But this demonstrates something I'm about to say now that may be contentious. Phishing training is largely worthless, it is the wrong thing to be focusing on. In running phishing exercises we're pushing responsibility onto users and time and again some of them demonstrably just cannot be trusted. I would argue that, in a controlled environment at least, people should not be receiving phishing emails in the first place. To do so is a failure of the company infrastructure to protect its employees. Trusting people not to click on hostile links is a last resort when things have already gone wrong, not a primary defence.
We install handrails on staircases, we don't send people on Not Falling Down The Stairs training courses.
On the other side of this, my bank loves to email me with links to log in, and call me and start asking for security questions. You would think they would learn not to do it also.
Same. I've pointed out to them that this is a bad idea and they're quick to drop it and ask me to call them back but that's not the point, they shouldn't be normalising this behaviour.
Ever wondered why the phishing emails etc always have spelling mistakes? You would have thought that with their ill gotten gains they would be ideally placed to pay someone who speaks the local lingo to correct the grammar. Not so, they are like that on purpose as the people who notice the poor grammar and spelling mistakes are not the intended audience, if everything looks completely legit they will call/click whatever and then spot the fraud and refuse to give any further details, wasting the scammer's time. No, much better to weed out the savvy at source by introducing mistakes for them to spot and then the victims who miss this and click/call are likely to be easier to dupe. Also the lists that contain these email addresses obviously then become more valuable once a verified victim is identified.
We install handrails on staircases, we don’t send people on Not Falling Down The Stairs training courses.
You've changed man!
Not so, they are like that on purpose as the people who notice the poor grammar and spelling mistakes are not the intended audience,
Sort of puts a bit of a duty of care on the rest of us - 'just deleting' obvious scams and phishing isnt really enough. You weren't the intended victim but do your bit to help those that would be by forwarding malicious emails to report@phishing.gov.uk - they act to take down the domains that those emails link to so if you act quickly and they do to maybe by the time some poor soul clicks on a rogue link theres nothing actually there. It can only happen if you do your bit though.
There was another thread this week about a spate of fake accounts on instagram and its interesting that I now get three or four notifications a day from accounts that have been deleted before I even see them and thats only happening because someone else on the same spam list can be bothered to do a couple of clicks to 'report' for the benefit of others rather than one click to 'block' for their own convenience.