My normally sensible OH has partly fallen for a text scam (nhs "passport"). She got as far as entering her personal info (name, dob, address etc) but then was asked for bank details and she smelt a rat. So, assuming they have collected her personal info, what to expect next? I've suggested she changes her passwords, anything else to be doing?
Were ‘security questions’ / answers supplied? Deffo change passwords where possible and enable MFA (assume you know what that is) where possible
what to expect next?
Probably a spam shitstorm!
Define "etc". Without knowing exactly what she's given away it's impossible to answer.
My sister has just fallen for this too this evening. Entered name, address and NI number but nothing more. What's the worst that can happen with that info (plus presumably mobile number and email address)?
but nothing more.
...
(plus presumably mobile number and email address)?
Which is it? See my post directly above yours.
It nearly got me. I too got as far as entering my name and address ( I think) but nothing more fortunately Nothing has come of it.
She entered her name, dob, email address, address and phone number. I am also expecting a shit storm of spam, hopefully that's it though. Daft thing is, she's an NHS physio so I would have expected her to recognise that it wasn't genuine.
NI is a tricky one. I'll have to think about that.
Out of the gate, they have enough information for a convincing follow-up phishing email. We're told, for instance, that Paypal will always address you by name and any saying "dear customer" are fake. They can now spoof an email starting with her real name to try and legitimise it. I would suggest being hyper-aware that she cannot trust the usually-recommended tells. (I'd suggest you never can, but here we are.)
One risk here may be identity fraud - someone pretending to be her to, say, apply for a credit card. Signing up to Credit Karma to watch for weirdness might be prudent. I'm not immediately seeing as there's much else she can do proactively?
Daft thing is, she’s an NHS physio so I would have expected her to recognise that it wasn’t genuine.
In all honesty I wouldn't blame her for that regardless of who she is. It's easily done.
Solution is never sign into anything via your email.
Got to the actual website and log in there. Thankfully in ebay at least, you can access a direct link to payal from your ebay account.
