Results 1 to 9 of 9

Thread: Spam & phishing emails why it is important to report them before deleting! #scamaware

  • Share
  • Thread Tools
  • Display
  1. #1
    Tools's Avatar

    Site Admin



    Joined
    May 2007
    Posts
    8,396
    Mentions
    57 Post(s)

    Default Spam & phishing emails why it is important to report them before deleting! #scamaware

    Following the amazing response LegalBEAGLES, Citizens Advice, Trading Standards, Action Fraud and other agencies have had on Facebook, Twitter and other social media platforms and forums, I have decided to make this post to explain the importance of why and how you should report spam and phishing emails.

    Firstly what are the different types of messages sent and where do they come from?

    Botnets - A botnet is a collection of robots and can be used maliciously to gain financial or other personal information.

    Botnets send the majority of spam.

    This can lead to web users giving out personal information that fraudsters can used to commit fraud.

    Spam emails - Spam emails are emails sent out to millions of email addresses to try to gain personal information.

    Once the personal information has been gained, fraudsters can use it to commit fraud, which could include bank fraud, credit card fraud and identity fraud and account take over fraud


    Phishing - Phishing is a method used by fraudsters to access valuable personal details, such as usernames and passwords.

    These can have a monetary value to criminals. Phishing can also involve sending malicious attachments or website links in an effort to infect computers or mobile devices. Criminals send bogus communications: emails, letters, instant messages or text messages. Very often these appear to be authentic communications from legitimate organisations or friends. Embedded links within the message can direct you to a hoax website where your login or personal details may be requested. You may also run the risk of your computer or smartphone being infected by viruses.

    Once your personal details have been accessed, criminals can then record this information and use it to commit fraud crimes such as identity theft and bank fraud.

    Phishing messages generally try to convince the recipient that they are from a trusted source. “Spear-phishing” is a technique whereby criminals use personal information to earn trust and lower the intended victim’s defences increasing the chances they may open attachments or embedded links.

    Criminals have stepped up their activity by targetting business users by claiming that they have specific knowledge of the business. These may be business critical issues: customer feedback, requests for information, staffing or legal notices.

    What to look out for and what you should do if you receive a phishing message
    • Be aware and pro-active: When responding to emails or phone calls, never give your login or personal details. If you receive an email from a company that claims to be legitimate but is requesting these details, or a contact number tell them you will call them back. Use a contact number for the organisation that you have sourced reputably. Speak to them directly to confirm that the message is genuine
    • Use your spam filter: If you detect a phishing email, mark the message as spam or junk, report it, then delete it. This ensures that the message cannot reach your inbox in future.
    • Know your source: Never respond to a message from an unknown source. Take care not to click any embedded links. Phishing emails are sent to a vast number of randomly generated addresses. However, clicking embedded links can provide verification of your active e-mail address. Once this occurs it may facilitate the targeting of further malicious emails. Even “unsubscribe” links can be malicious. Ensure that the e-mail is from a trusted source and you are, in fact, subscribed to the service.


    • Phishing is still a threat. Always remember that banks will never contact customer by email to ask for passwords or any other sensitive information by clicking on a link and visiting a website.
    • The email address that appears in the ‘from’ field of an email is not a guarantee that the email came from the person or organisation that it claims to have originated from.
    • Fraudsters are unlikely to know your real name, so the email may address you in vague terms, for example ‘Dear Valued Customer'.
    • Phishing emails will probably contain odd ‘spe11ings’ or ‘cApitALs in the ‘subject’ box and contain spelling or grammatical errors in the email – this is an attempt to get around spam filters and into your inbox.

    Smishing - Smishing is when fraudsters obtain personal details of a victim by SMS text messages.

    Fraudsters can go on to use this personal information to commit fraud.


    Vishing - Vishing is when fraudsters obtain personal details of a victim by phone.

    Fraudsters can go on to use this personal information to commit fraud.


    If you receive a spam email or phishing email, report it to the internet service provider (ISP) that was used to send you the email.

    If the scam email came from a Yahoo! account, send it to abuse@yahoo.com. Gmail has a 'Report spam' button and Hotmail has a 'Report phishing' button.
    Once you report the scam email, the internet service provider (ISP) can then close the account which sent the email.

    You can also report the matter to the company or body being mimicked such as the bank, government department or other company cited in the email.


    If you’ve lost money or information or your computer has been taken over by a phishing or malware attack, report it to Action Fraud.
    Any opinions I give are my own. Any advice I give is without liability. If you are unsure, please seek qualified legal advice.

    IF WE HAVE HELPED YOU PLEASE CONSIDER UPGRADING TO VIP - click here


  2. #2
    Tools's Avatar

    Site Admin



    Joined
    May 2007
    Posts
    8,396
    Mentions
    57 Post(s)

    Default Re: Spam & phishing emails why it is important to report them before deleting! #scama

    Beware of the latest phishing emails doing the rounds. Here is one such email entitled
    "DUPLICATE PAYMENT RECEIVED" **DO NOT CLICK ON ANY ATTACHMENTS IN THE EMAIL AND REPORT TO YOUR EMAIL PROVIDER AS A PHISHING ATTEMPT**

    Good afternoon,


    I refer to the above invoice for which we received a bacs payment of £691.89 on 10th November 14. Please be advised that we already received payment for this invoice, by bacs on 30th October 2014.

    I will therefore arrange a refund, please confirm preferred method, cheque or bacs transfer. If a cheque please confirm the name the cheque should be made out too or if bank transfer, please advise bank details.

    If you have any queries regarding this matter, please do not hesitate to contact me.

    I look forward to hearing from you .

    Many thanks



    Kelly Mueller
    Accounts Department




    Any opinions I give are my own. Any advice I give is without liability. If you are unsure, please seek qualified legal advice.

    IF WE HAVE HELPED YOU PLEASE CONSIDER UPGRADING TO VIP - click here


  3. #3
    Tools's Avatar

    Site Admin



    Joined
    May 2007
    Posts
    8,396
    Mentions
    57 Post(s)

    Default Re: Spam & phishing emails why it is important to report them before deleting! #scama

    via https://nakedsecurity.sophos.com/201...-google-finds/

    Pfft! Phishing - so old-school. Well, sorry to say, but it's not yet time to feel smug about being able to successfully spot a phishing scam.
    In fact, a new study from Google and the University of California, San Diego, finds that there are some phishing sites that are so convincing, they work on an eye-popping 45% of visitors.
    Granted, those sites are the true masterpieces of phishing. But Google says that, taken together, all fake sites on average convinced people to submit their information 14% of the time.
    Even the most glaringly fake sites still managed to deceive 3% of people, the researchers found.
    3% might not sound like a worrisome number, but it's got more weight than appearances would lead you to believe, given that an attacker who takes over gullible people's accounts can use them to not only bilk the initial victim, but also to shake out contact lists for additional new scamming victims.

    As Google says, even the most obviously fake scammers can send out millions of messages, so small success rates are nothing to sneeze at.
    The researchers found that once phishers managed to get access to login details, they don't waste time getting into the account and milking it for all it's worth. Google says that about 20% of hijacked accounts are accessed within 30 minutes of the information having been handed over.
    Once they're in, hijackers spend more than 20 minutes inside, often changing the password to lock out the true owner, searching for other details such as information about bank accounts or social media accounts, and scamming new victims.
    Posing as the account holder, they send phishing emails to everyone in that person's address book.
    Those emails, sent to family and friends, can be very effective, Google says, given that the email looks like it's coming from the account holder.
    In fact, people in the contact list of hijacked accounts are 36 times more likely to be hijacked themselves, research found.
    Google's found that scammers learn fast, quickly changing their tactics to adapt to new security measures.
    Elie Bursztein, Anti-Abuse Research Lead, said that one example is when Google started asking people to answer questions, such as "which city do you login from most often?" when logging in from a suspicious location or device.
    Account hijackers were on that "almost immediately", Bursztein said, and quickly started phishing for the answers.
    The Google study is just one of many that look at how successful phishing still is, in spite of it being an old-hat scamming technique.
    For example, in the spring, a study came out from a mixed group of computer scientists and psychologists at the University of Alabama at Birmingham, finding that despite a significant increase in brain activity related to problem solving and decision making when spotting fake sites, we're still pretty bad at it, averaging just a 60% accuracy rate.
    Old dogs, new tricks

    One thing that's good to keep in mind is that while many of us think of phishing as old school, scammers are still working at new methods to trip us up. One such, spotted by Sophos Labs last year, involved a PayPal login page that was being spammed as an HTML attachment (nothing new there).
    But as Principal Virus Researcher Fraser Howard explained, in this case the HTML forms within the page all referenced legitimate PayPal servers.
    How was the attacker harvesting phished info? Closer inspection revealed a cunning method of ex-filtrating the user data.
    To keep from falling into the ever-evolving, sticky-as-ever traps set for us, Google recommends these precautions:

    • Stay vigilant: Regardless of how many spam and phishing emails get blocked by the email provider, we should all still be wary of messages asking for login information or other personal data. Resist the urge to reply, and instead report the messages to your email provider. If in doubt, visit websites directly (not through a link in an email) to review or update account information.
    • Get your account back fast: If your account is ever at risk, it's important that your email provider has a way to get in touch with you and confirm your ownership. Google strongly recommends providing a backup phone number or a secondary email address (but make sure that the backup email account uses a strong password and is kept up to date so it's not released due to inactivity, such as was happening when Yahoo decided to give away dormant accounts last year).
    • 2-step verification: Many email providers now provide free 2-step verification service - sometimes known as two-factor authentication - to provide an extra layer of security against all types of account hijacking. In addition to a password, you’ll often be required to use your phone to prove you’re really you. Google also recently added an option to log in with a physical USB device..

    We have guides to setting up two-step verification on Gmail, Yahoo Mail and Outlook.com, as well as a general guide to securing your webmail.
    Paul Ducklin has written several articles on the anatomy of a phish that dissect common phishing scams to help you spot them in their various guises.
    Any opinions I give are my own. Any advice I give is without liability. If you are unsure, please seek qualified legal advice.

    IF WE HAVE HELPED YOU PLEASE CONSIDER UPGRADING TO VIP - click here


  4. #4
    Tools's Avatar

    Site Admin



    Joined
    May 2007
    Posts
    8,396
    Mentions
    57 Post(s)

    Default Re: Spam & phishing emails why it is important to report them before deleting! #scama

    Latest "Paypal" phishing email

    Our Legal Agreements are changing.

    We’re making some changes to our Legal Agreements; the documents that govern our relationship with you, so that we can continue to make PayPal even more secure, quick and easy to use. We’ve put details of the changes on our Policy Update page – you can also find the page at www.paypal.co.uk, by clicking ‘Legal’ at the bottom of the page and then selecting ‘Policy Updates’.

    What do I have to do?

    Take a look at our Policy Update page to check you’re happy with the changes. If you are, you don’t need to do anything as these changes will automatically apply to you. If you don’t want to accept the changes you can follow the steps we’ve set out on our Policy Update page.
    Any opinions I give are my own. Any advice I give is without liability. If you are unsure, please seek qualified legal advice.

    IF WE HAVE HELPED YOU PLEASE CONSIDER UPGRADING TO VIP - click here


  5. #5
    Tools's Avatar

    Site Admin



    Joined
    May 2007
    Posts
    8,396
    Mentions
    57 Post(s)

    Default Re: Spam & phishing emails why it is important to report them before deleting! #scama

    Latest Amazon phishing email




    Dear Amazon.co.uk Customer,

    Your account is subjected to several verification procedures to maintain the highest levels of security, trust, and protection.
    With the instant account verification method, you provide your credentials through Amazon's secure web site, which Amazon Payments uses to verify your identity. Your credentials are never stored or read by Amazon.
    To complete confirmation, follow the on-screen instructions below:
    1. Log in to your Amazon account at htt://amazon.co.uk/sign_in/.
    2. Enter the required information
    3. Click Continue.
    4. Confirm your details and complete the process.

    Once you verify your account, you will be able to continue using your Amazon Account.
    If you have any questions, we are happy to help.
    Just call us anytime at 1-888-811-1933.

    Amazon.co.uk
    © 1997-2014 Amazon Compnay
    Any opinions I give are my own. Any advice I give is without liability. If you are unsure, please seek qualified legal advice.

    IF WE HAVE HELPED YOU PLEASE CONSIDER UPGRADING TO VIP - click here


  6. #6
    Tools's Avatar

    Site Admin



    Joined
    May 2007
    Posts
    8,396
    Mentions
    57 Post(s)

    Default Re: Spam & phishing emails why it is important to report them before deleting! #scama

    Facebook Account Confirmation Phishing Attempt


    Wilfred, confirm your Facebook account

    Actions


    Facebook (notification+zrdpvi1e1ile@facebookmail.com)
    Add to contacts
    08:40


    Social updates

    To: Wilfred Owen














    Hi Wilfred,
    You joined Facebook on Sep 22, 2014, but you still haven't confirmed the email address associated with your account. You won't be able to use Facebook until you let us know this email belongs to you.
    Just follow this link to confirm your account: http://facebook.com/n/?confirmemail.php
    You may be asked to enter this confirmation code: 76316
    Didn't sign up for Facebook? Please let us know.




    Any opinions I give are my own. Any advice I give is without liability. If you are unsure, please seek qualified legal advice.

    IF WE HAVE HELPED YOU PLEASE CONSIDER UPGRADING TO VIP - click here


  7. #7
    Tools's Avatar

    Site Admin



    Joined
    May 2007
    Posts
    8,396
    Mentions
    57 Post(s)

    Default Re: Spam & phishing emails why it is important to report them before deleting! #scama

    Latest Ebay Phishing Attempt

    eBay sent this message to your account.
    Your registered name is included to show this message came from eBay. Learn more about how to tell if an email is really from eBay.


    MC010 Unauthorized use of your account -- Please contact us




    Dear Customer, Your eBay account has been temporarily locked because it looks like someone used it without your permission. Your email address may have also been tampered with, so you might not have received any emails about the unauthorized transactions.

    We canceled those unauthorized transactions and credited any associated fees. You will have to update your account with us. The information is on a secure computer that can't be accessed by anyone who doesn't have permission.

    To get back into your account, please update your account with us at:
    http://account.ebay.com/ocs/eua?domain=12-34&query=1390&from=ATO

    We're sorry for any inconvenience, and we appreciate your understanding.
    Regards,

    eBay Customer Support



    eBay Document ID: 7119630007



    Learn More about how to protect yourself from spoof (fake) emails.

    This administrative email was sent to your account from from eBay. As outlined in our User Agreement, eBay will periodically send you required emails about site changes, site enhancements, and your transactions. Read our Privacy Policy and User Agreement for more details.

    Copyright © 2013 eBay Inc. All Rights Reserved. Designated trademarks and brands are the property of their respective owners. eBay and the eBay logo are trademarks of eBay Inc.







    Any opinions I give are my own. Any advice I give is without liability. If you are unsure, please seek qualified legal advice.

    IF WE HAVE HELPED YOU PLEASE CONSIDER UPGRADING TO VIP - click here


  8. #8
    Tools's Avatar

    Site Admin



    Joined
    May 2007
    Posts
    8,396
    Mentions
    57 Post(s)

    Default Re: Spam & phishing emails why it is important to report them before deleting! #scama



    Phishing Scam Ahoy
    Attached Thumbnails Attached Thumbnails 2015-01-08 14_58_41-Outlook.com - jrsiddle@hotmail.co.uk - Firefox Developer Edition.png  
    Any opinions I give are my own. Any advice I give is without liability. If you are unsure, please seek qualified legal advice.

    IF WE HAVE HELPED YOU PLEASE CONSIDER UPGRADING TO VIP - click here


  9. #9
    fightbackninja's Avatar

    Member



    Joined
    Jan 2017
    Posts
    65
    Mentions
    0 Post(s)

    Default Re: Spam & phishing emails why it is important to report them before deleting! #scama

    As any company or online service gets more into the headlines so the scammers seem to produce more phishing emails aimed at the customers of those businesses.

    Netflix simple phishing email

    Title: Problem with your membership

    We recently failed to validate your payment information, we hold on record for your account, therefore need to ask you to complete a brief validation process in order to verify your billing and payment details.

    Click here to verify your account

    The email continued with text copied from the Netflix website - to make it look more authentic. But the key is the link which does not go to Netflix (surprise surprise) but to harbourcollagennn.com which is obviously a made up name as the website is for phishing purposes and will not stay online for long.

    The scammers did manage to make the sender's email address appear to be netflix.co.uk which is quite clever.

    Don't be caught out.
    You can read my blog on scammers, spammers and time-wasters at https://fightback.ninja

    And you can hear me on Brooklands Radio every Tuesday and Friday morning at 11:30 at http://www.brooklandsradio.co.uk

    The Fightback Ninja

Similar Threads

  1. Spam, Spam and more Spam courtesy of Tesco
    By leclerc in forum Beagles Money Saving Tips & Budgeting
    Replies: 20
    : 5th July 2012, 14:55:PM
  2. Abbey Spam emails
    By Amethyst in forum Scams, Fraud & IT
    Replies: 1
    : 27th January 2009, 14:07:PM
  3. FSA emails to IceSave customers being filtered as spam
    By Legal Beagles in forum Press RSS Feeds
    Replies: 0
    : 6th November 2008, 11:20:AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Contact Us



© Celame (UK) Ltd 2016
Hosted by Lodge Information Services Ltd
LegalBeagles® are DPA Registered No. ZA158014
LegalBeagles® is the trading name of CELAME (UK) LIMITED ( 09220332 )
Registered Address: 25 Moorgate, London, England, EC2R 6AY
VAT registration number 206 9740 02
User Alert System provided by Advanced User Tagging v3.1.3 (Lite) - vBulletin Mods & Addons Copyright © 2017 DragonByte Technologies Ltd.
Feedback Buttons provided by Advanced Post Thanks / Like (Lite) - vBulletin Mods & Addons Copyright © 2017 DragonByte Technologies Ltd. Runs best on HiVelocity Hosting.
Celame (UK) Ltd Powered by vBulletin® Version 4.2.3
Copyright © 2017 vBulletin Solutions, Inc. All rights reserved.

To find out more about managing your money and getting free advice, visit the Money Advice Service,an independent service set up to help people manage their money.

TOP