PePiPoo Helping the motorist get justice

Welcome Guest ( Log In | Register )

Argos refund!, phishing scam
facade
post Sat, 3 Feb 2018 - 08:48
Post #1


Member


Group: Members
Posts: 787
Joined: 7 Nov 2004
Member No.: 1,847



Had a text from Argos (it stacked under Argos, along with the "your order is ready for collection" texts- which is a bit odd...)

Apparently, I have a refund due of £180!

Obvious scam, as if Argos ever sell anything for £180 biggrin.gif biggrin.gif why didn't they put £179.99 or something* rolleyes.gif

The link takes me to a page that looks exactly like the Argos log-in, (except none of the hot links to store finder etc work) and when I logged in, somehow guessing Ivor.Biggun's password, I am asked to enter card numbers, security code, mothers maiden name, address, DOB .........

Do people seriously fall for this??

I suppose 1 in 1000 would do nicely.


On a serious note, why did it stack up with kosher Argos texts, is there a sender flag that they are spoofing in an SMS message?


* The one from the DVLA last week was much more believable, my refund is £48.73 or something, I wonder how long it will take to come? (They wanted my bank account number, card security number and my mother's maiden name too, seems a bit OTT when they always refund by cheque, in the hope that you will be unable to find a "bank" that is still open........ biggrin.gif )

This post has been edited by facade: Sat, 3 Feb 2018 - 08:50
Go to the top of the page
 
+Quote Post
 
Start new topic
Replies (1 - 9)
Advertisement
post Sat, 3 Feb 2018 - 08:48
Post #


Advertise here!









Go to the top of the page
 
Quote Post
Jlc
post Sat, 3 Feb 2018 - 08:56
Post #2


Member


Group: Members
Posts: 28,616
Joined: 25 Aug 2011
From: With Mickey
Member No.: 49,223



QUOTE (facade @ Sat, 3 Feb 2018 - 08:48) *
...and when I logged in, somehow guessing Ivor.Biggun's password,

I usually leave choice words too but I suspect the humour will be lost on the recipient. (I can picture them frantically trying to logon as Ivor)


--------------------
RK=Registered Keeper, OP=Original Poster (You!), CoFP=Conditional Offer of Fixed Penalty, NtK=Notice to Keeper, NtD=Notice to Driver
PoFA=Protection of Freedoms Act, SAC=Safety Awareness Course, NIP=Notice of Intended Prosecution, ADR=Alternative Dispute Resolution
PPC=Private Parking Company, LBCCC=Letter Before County Court Claim, PII=Personally Identifiable Information

Private Parking - remember, they just want your money and will say almost anything to get it.
Go to the top of the page
 
+Quote Post
Redivi
post Sat, 3 Feb 2018 - 09:05
Post #3


Member


Group: Members
Posts: 1,644
Joined: 31 Jan 2018
Member No.: 96,238



Is it illegal to provide the details of parking company bank accounts along with their directors' details ?
Go to the top of the page
 
+Quote Post
facade
post Sat, 3 Feb 2018 - 09:05
Post #4


Member


Group: Members
Posts: 787
Joined: 7 Nov 2004
Member No.: 1,847



I wouldn't ever have clicked the links on the PC happy.gif (probably Kaspersky would have stopped me, along with passing my every keystroke to Russia...)


But on my ancient iphone 4, I'm never going to do anything secure or plug it into the PC, and I was curious....
Go to the top of the page
 
+Quote Post
Fredd
post Sat, 3 Feb 2018 - 10:07
Post #5


Webmaster
Group Icon

Group: Root Admin
Posts: 7,092
Joined: 30 Mar 2003
From: Wokingham, UK
Member No.: 2



QUOTE (facade @ Sat, 3 Feb 2018 - 08:48) *
On a serious note, why did it stack up with kosher Argos texts, is there a sender flag that they are spoofing in an SMS message?

All they have to do is spoof the Caller ID so that it matches Argos' - it's trivial. There's no authentication built in to SMS messaging; it was designed in more innocent times, and certainly nobody imagined it being used for critical purposes such as 2FA.

QUOTE (Jlc @ Sat, 3 Feb 2018 - 08:56) *
I usually leave choice words too but I suspect the humour will be lost on the recipient. (I can picture them frantically trying to logon as Ivor)

I doubt they care, or even notice as exploitation of the information is doubtless automated. Providing obviously bogus details may even help them; there's a school of thought that phishing emails are deliberately made obvious to screen out the people who won't fall for subsequent steps in the scam, and so concentrate the pool of victims.


--------------------
Regards,
Fredd

__________________________________________________________________________
Pepipoo relies on you
to keep this site running!
Donate to Pepipoo now using your
Visa, Mastercard, debit card or PayPal account
Go to the top of the page
 
+Quote Post
DancingDad
post Sat, 3 Feb 2018 - 10:15
Post #6


Member


Group: Members
Posts: 19,176
Joined: 28 Jun 2010
From: Area 51
Member No.: 38,559



QUOTE (Fredd @ Sat, 3 Feb 2018 - 10:07) *
....... Providing obviously bogus details may even help them; there's a school of thought that phishing emails are deliberately made obvious to screen out the people who won't fall for subsequent steps in the scam, and so concentrate the pool of victims.


It's certainly true the other way, even with begging emails let alone phishing.
Be seen as gullible, earmarked as one of the sheep to be sheared.
Go to the top of the page
 
+Quote Post
typefish
post Sat, 3 Feb 2018 - 10:17
Post #7


Member


Group: Members
Posts: 1,149
Joined: 28 Mar 2014
From: Corby
Member No.: 69,758



QUOTE (facade @ Sat, 3 Feb 2018 - 08:48) *
Do people seriously fall for this??

I suppose 1 in 1000 would do nicely.


A colleague's wife did this, except didn't hit enter.

DOB, NI, credit card, bank account, everything.

There were fears that that logging took place on data entry (as opposed to when you hit enter) but so far nothing has been stolen
Go to the top of the page
 
+Quote Post
cp8759
post Sat, 3 Feb 2018 - 12:27
Post #8


Member


Group: Members
Posts: 4,044
Joined: 3 Dec 2010
Member No.: 42,618



In the past I've found these websites are hosted on hacked legitimate website, and if you notify the owner of the legitimate website they take it down pretty quickly.


--------------------
I am not on the "motorists's side", nor am I on the "police/CPS/council's" side, I am simply in favour of the rule of law.
No, I am not a lawyer.
Go to the top of the page
 
+Quote Post
bama
post Sat, 3 Feb 2018 - 17:32
Post #9


Member


Group: Members
Posts: 28,897
Joined: 29 Nov 2005
Member No.: 4,323



QUOTE (typefish @ Sat, 3 Feb 2018 - 10:17) *
QUOTE (facade @ Sat, 3 Feb 2018 - 08:48) *
Do people seriously fall for this??

I suppose 1 in 1000 would do nicely.


A colleague's wife did this, except didn't hit enter.

DOB, NI, credit card, bank account, everything.

There were fears that that logging took place on data entry (as opposed to when you hit enter) but so far nothing has been stolen

Stay alert on it, it is a valid fear. javascript can send back your tying in a web page on the fly.


--------------------
Which facts in any situation or problem are “essential” and what makes them “essential”? If the “essential” facts are said to depend on the principles involved, then the whole business, all too obviously, goes right around in a circle. In the light of one principle or set of principles, one bunch of facts will be the “essential” ones; in the light of another principle or set of principles, a different bunch of facts will be “essential.” In order to settle on the right facts you first have to pick your principles, although the whole point of finding the facts was to indicate which principles apply.

Note that I am not legally qualified and any and all statements made are "Reserved". Liability for application lies with the reader.
Go to the top of the page
 
+Quote Post
typefish
post Sun, 4 Feb 2018 - 11:33
Post #10


Member


Group: Members
Posts: 1,149
Joined: 28 Mar 2014
From: Corby
Member No.: 69,758



QUOTE (bama @ Sat, 3 Feb 2018 - 17:32) *
QUOTE (typefish @ Sat, 3 Feb 2018 - 10:17) *
QUOTE (facade @ Sat, 3 Feb 2018 - 08:48) *
Do people seriously fall for this??

I suppose 1 in 1000 would do nicely.


A colleague's wife did this, except didn't hit enter.

DOB, NI, credit card, bank account, everything.

There were fears that that logging took place on data entry (as opposed to when you hit enter) but so far nothing has been stolen

Stay alert on it, it is a valid fear. javascript can send back your tying in a web page on the fly.


Indeed, the only reason I know about this was because the worried colleague wanted me to look into the webpage to see what was happening but unfortunately it had been taken down before I had the chance.
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



Advertisement

Advertise here!

RSS Lo-Fi Version Time is now: Sunday, 19th August 2018 - 08:00
Pepipoo uses cookies. You can find details of the cookies we use here along with links to information on how to manage them.
Please click the button to accept our cookies and hide this message. We’ll also assume that you’re happy to accept them if you continue to use the site.