You don't need to be an 'investor' to invest in Singletrack: 6 days left: 95% of target - Find out more
I’m in the process of selling a flat and I’ve been expecting various documents from the solicitor. This morning I received an email from “DocuSign”, claiming to be a draft of a “final agreement” and including a link to click to commence the signature process. I’ve used a similar process before so I clicked and a browser window opened inviting me to type my Outlook password. As it happens I have set up my account to be passwordless, so I couldn’t. While I was wondering what to do - get an app-specific password or something - it occurred to me that the mail was not addressed to my main account, but to an alias I have not used in years. At that point the penny dropped.
The scary thing is that even though I consider myself street wise about these things, because I was expecting a mail like this my guard was down. If I could have typed in my password I WOULD HAVE DONE IT. Just a wake up call. Stay safe out there!!
I could see myself falling for that. Scary times indeed.
Scams that come just as you're expecting them are so easy to fall for. I was waiting for some overseas parts a while back and got one of those "there's been an issue with your delivery, click here" texts and I very nearly did, just got distracted by something else first and that hesitation was enough to think twice about it.
It’s all too easy, I taxed a vehicle online and half an hour later got a notice of refund. It all looked authentic so I typed in details, as soon as I had clicked send I realised my mistake. Contacted the bank straight away so was safe. I had been on online chat to NPower just before so I presume that the connection was left open and they were logging my keystrokes.
I don’t do online “chat” anymore.
I had been on online chat to NPower just before so I presume that the connection was left open and they were logging my keystrokes.
So you think one of the NPower customer support people had built an exploit into their corporate chat system that they could deploy onto your computer during a chat session and then they monitored everyone's keystrokes to determine who to send spammy emails to?
Far more likely that it was purely coincidence that the spam arrived just after you'd done something that made it seem vaguely relevant to you. The spammers send hundreds of thousands of these and get lucky with the timing on a few.
Well spotted OP - you had a good result. Everyone else should beware.
Key word: coincidence
IF the circumstances are correct or appropriate then there isn't a single person who couldn't be scammed.
Pure luck for the scammer and bad luck for the victim. But if it all happens to align correctly then you will be scammed without even thinking you are being scammed.
I had one about a domain name hosting renewal recently and I nearly fell for it. Usual 'This is due to expire, the world will end' content. I started clicking through then for some reason (still unknown), went back to the email to check senders address. Of course, it was a bit like the hosting Co. but subtly different...
The other one that did get me was the Facebook sales pages that sell stuff you're really interested in but muchly cheap. Ski boots or some such. I placed my order before it dawned on me. The bank sorted it tthankfully.
If it looks too good to be true etc...
Well I got scammed via Google ads and like a slap on the pus I was expecting to have said goodbye to £250 to some wan kin from China as the emails back saying it was shipped was part Chinese
Anyway luckily had taken screenshots of my purchases and sent off emails as my bank instructed them wait another 60 days maybe more but Mastercard within days refunded my debit card in full
Never trust Google ads as you will get no help from Google
@thepurist tax a vehicle once a year and get a “spam” message half an hour afterwards? Coincidence? I don’t think so!
I remembered not closing the chat as it was so frustrating and just moving onto my next task - taxing the car.
I remembered not closing the chat as it was so frustrating and just moving onto my next task
It absolutely was not the online chat with npower. The agents using the chat system simply don't have the level of control or access to your computer required for that.
tax a vehicle once a year and get a “spam” message half an hour afterwards? Coincidence? I don’t think so!
You'd only need to spam 365 vehicle owners to get someone on the same day they taxed their car. Fire off 50,000 spam messages and you'd be very very likely to hit several people half an hour after they'd done it.
Key word: coincidence
Except when it's not. Anything linked to domain registration and any form of insurance (car and home) can quite easily be targeted.
If I get a "blah blah about to expire" email I never click on the link in the email, rather I log onto the relevant account and check for messages there. Also worth checking the address the email came from.
I worked for an online store who had a surprising number of people who didnt want to put their bank details into the website. They rang us up and we noted their name, address, card details and security number then input them ourselves, this resulted in our waste paper bin being and absolut trove of personal data. I dont belive anyone got scammed but if they had, they'd probably have blamed technology and not the human.
It seems like a bit of a stigma to admit to being scammed but it shouldn't be and I suspect a lot of people have fell victim to small or moderate scams but would never openly admit it.
We are a long way from the old school Nigerian prince emails (though as it happens I understand they were deliberately drafted that way) and its only going to get worse. There was something in the news today about families needing a safe-word to defend against the inevitable incoming AI-Video scams we will doubtless all soon get.
Years ago, I opened up Facebook on my laptop, got a message saying that my account has been compromised, I needed to go through some security stuff and pop in my credit card details.
I was half way through doing that when it clicked that FB was free, claims it will always be free etc.
The issue was a virus that had got into my system from a flash drive that my Mum had given me. She had a habit of storing loads of pics on USB memory sticks and taking them to friends, and for a while she was a member of a local amateur photo club so she'd take the stick along there, download the relevant pics... Basically those USB drives had been in and out of dozens of computers, picking up every virus en route.
Took bloody ages to kill off the FB virus thing, required some diagnostics from Head of IT at work. 😳
tax a vehicle once a year and get a “spam” message half an hour afterwards? Coincidence? I don’t think so!
The thing about coincidences is, they happen more often than you might think. People win the Lottery.
One time, I was listening to music in the car. Got home, the same song was playing in the house. So far so normal, we were obviously both listening to the same radio station. Except... it took a minute for it to dawn on me but I wasn't listening to the radio at all, I was playing a CD. Freaky deaky, right? But... how many times in my life have I walked into the house and that hasn't happened?
It's a numbers game. If a scammer sends out (say) 100,000 emails going "about your vehicle licensing..." 99,999 people will go "well that's plainly dodgy" and one will go "oh, I've just been dealing with that stuff" right before having their bank account emptied.
I think there might be a blog post in this. Hmm.
And internal systems don't get hacked?
I can't say which company It was but I got an email about 3 days after entering my expenses claim asking me to upload the image file again as it had failed. I just had to enter my company user name and password.
I spotted it when the web page to enter my details was a poor version of reality hhtp:/myCompnnnny.expenses/clam/314 or similar
I find one of the other challenges for us 'normal' folk, is that even legitimate company emails are sometimes poorly addressed/presented so spotting the genuine fakes can be challenging. 2 immediately spring to mind... Amazon send out legitimate emails that are not personally addressed even though you have an account with them, and a pension provider does likewise. Both of these are intended to be received, but I bin them anyway. If a company I have an account with can't be bothered to help me and include my name I'll ignore it. Fortunately, the pension ones I ignore as, if important, my IFA would tell me there's something needs attention.
I was scammed once just after I opened a new current account. You submit that much stuff to clear KYC checks sometimes it's easy to get distracted. As said above, that's all it takes.
At work our IT security team regularly send out test spam emails to see how many folk click on links they shouldn't. It's disappointing how many people fall for it. Including the senior risk manager who was, at that very time, creating a newsletter all about the risks and the dangers of smishing, vishing and phishing 🤦🏻♂️ we all chuckled though 😂
this resulted in our waste paper bin being and absolut trove of personal data
PCI has a specification for shredders for sensitive card data. If you had been compromised each of those sets of card data would have cost the shop £25 000 in penalty charges from the card company. Don't do the lottery any more as all of your luck has been used up!
And internal systems don't get hacked?
I can't say which company It was but I got an email about 3 days after entering my expenses claim asking me to upload the image file again as it had failed. I just had to enter my company user name and password.
I spotted it when the web page to enter my details was a poor version of reality hhtp:/myCompnnnny.expenses/clam/314 or similar
My last employer used to send stuff like this out as a test. If you clicked, you got the opportunity to do some more training and an interview without coffee with the boss.