We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

'Spam Spotter Rules: It’s the bit before the .com that counts' blog discussion

Options
24

Comments

  • 1. I've also noticed that scamsters have been quite cunning in their own choice of URL. They'll try to get a domain which is visually similar to the one they're spoofing (mimicking). E.g. I had a spoof email "from" www(dot)abbeynational.com but it was actually www(dot)abbeynationai.com - with an 'i' at the end, did you spot it? Not so easy in the small print you get at the bottom of the browser window when you hover. So not only should you hover over the link (or do right-click, Properties) and look at the bit before the dot com but look really carefully!
    2. They might have registered www(dot)abbeynational.org or anything - always open a search engine in a separate window and find their genuine web address and compare it to that.
    3. To be completely safe, if you get an email from ANY institution related to money - eBay, PayPal, insurance people, banks - anything - send it to their phishing email address. Obviously if there's a link in the email saying "report this as spam" or "unsubscribe" or anything, don't click on it! Find out the email address yourself using your favourite search engine. If it's genuine, they'll tell you, if not they'll keep the email and investigate it; not enough people do this and it would help these institutions if more people did.
    Most banks will never (or hardly ever) email you. Don't trust emails from banks.
  • I've just received an email from [EMAIL="customers@hmrc.gov.uk"]customers@hmrc.gov.uk[/EMAIL] stating I have a tax refund and to complete a form. Its a scam so be careful as they are asking for credit card details
  • tripled
    tripled Posts: 2,883 Forumite
    Part of the Furniture 1,000 Posts Name Dropper Combo Breaker
    1. I've also noticed that scamsters have been quite cunning in their own choice of URL. They'll try to get a domain which is visually similar to the one they're spoofing (mimicking). E.g. I had a spoof email "from" www(dot)abbeynational.com but it was actually www(dot)abbeynationai.com - with an 'i' at the end, did you spot it? Not so easy in the small print you get at the bottom of the browser window when you hover. So not only should you hover over the link (or do right-click, Properties) and look at the bit before the dot com but look really carefully!
    2. They might have registered www(dot)abbeynational.org or anything - always open a search engine in a separate window and find their genuine web address and compare it to that.
    3. To be completely safe, if you get an email from ANY institution related to money - eBay, PayPal, insurance people, banks - anything - send it to their phishing email address. Obviously if there's a link in the email saying "report this as spam" or "unsubscribe" or anything, don't click on it! Find out the email address yourself using your favourite search engine. If it's genuine, they'll tell you, if not they'll keep the email and investigate it; not enough people do this and it would help these institutions if more people did.
    Most banks will never (or hardly ever) email you. Don't trust emails from banks.


    Halifax email me every time I get a statement, letter or message. I'm not sure they would appreciate it if every customer forwarded these all to their spoof box as they would be overwhelmed. The simple advice is use up-to-date virus software, keep your operating system up to date, and don't click on random links to banks, etc., even if you think an email is genuine, always type in the address yourself.
  • Just in the last couple of weeks I've been getting lots of these spoof emails - Halifax; Abbey; Tax Office; etc. I'm also getting loads from "pharmaceutcal suppliers", offering everything from Viagra to antidepressants, which look very dodgy. Should I be worried that I'm apparently, all of a sudden, being targetted? I haven't clicked on the links they send and so far, if my PC Tools anti-virus is correct, I haven't picked up any viruses. But I'm still worried - especially now I've read all this information here. I generally use the same password for everything - online banking; bingo; job sites; you name it. Should I change my password(s)? I can't even remember half the sites I'm signed up to. Jeez, I can feel a panic attack coming on!
    Can anyone give some additional, very basic advice here (keeping in mind I'm relatively new and green to the internet) on what I should do to tighten up my security?
    Many thanks
    M
  • Eco_Miser
    Eco_Miser Posts: 4,853 Forumite
    Part of the Furniture 1,000 Posts Photogenic Name Dropper
    mroakley wrote: »
    Just in the last couple of weeks I've been getting lots of these spoof emails - Halifax; Abbey; Tax Office; etc. I'm also getting loads from "pharmaceutcal suppliers", offering everything from Viagra to antidepressants, which look very dodgy. Should I be worried that I'm apparently, all of a sudden, being targetted?
    Not particularly, your email address has been picked up from somewhere (or is easily generated) and the spammers and phishers are trying their luck. Spammers send out millions of emails in the hope of just a few suckers replying.
    mroakley wrote: »
    I haven't clicked on the links they send and so far, if my PC Tools anti-virus is correct, I haven't picked up any viruses. But I'm still worried - especially now I've read all this information here. I generally use the same password for everything - online banking; bingo; job sites; you name it. Should I change my password(s)?
    YES Your password at each financial institution and utility should be different. That goes for any other site that can collect money from you.
    mroakley wrote: »
    I can't even remember half the sites I'm signed up to. Jeez, I can feel a panic attack coming on!
    Can anyone give some additional, very basic advice here (keeping in mind I'm relatively new and green to the internet) on what I should do to tighten up my security?
    Many thanks
    M
    • Use separate passwords for each site. Free password managers are available (I use Password Safe http://passwordsafe.sourceforge.net/) if you have problems remembering. Such use for a bank password may breach your bank's conditions.
    • Use different email addresses - at the very least, use one for 'fun/social' sites, one for 'financial' sites and one for online purchases.
    • Don't open email from companies you don't know; don't open mail from companies you do know, to addresses you didn't give them.
    • Preferably don't even download spam/phish - zap it from the server with a program like mailWasher.
    • As said already, don't click on links in emails. Be aware of where links on websites are really going. (On a phishing site, nearly all the links usually go to the genuine site, just the important ones go to the phisher.)
    • It's ok to be paranoid - they really are out to get you - , but don't get so paranoid that using the internet isn't fun any more.
    • Oh, Don't Panic :)
    Eco Miser
    Saving money for well over half a century
  • Eco_Miser
    Eco_Miser Posts: 4,853 Forumite
    Part of the Furniture 1,000 Posts Photogenic Name Dropper
    tripled wrote: »
    Halifax email me every time I get a statement, letter or message. I'm not sure they would appreciate it if every customer forwarded these all to their spoof box as they would be overwhelmed.
    Genuine emails from financial institutions will almost invariably be addressed to you personally, will contain other data identifying you eg postcode, and will not have clickable links taking you to a log-in screen, (They may have links to advertising or the institution's security policy. :( ) Also, you should be expecting them to email you, because they have said they will, perhaps for paper-free banking.
    Eco Miser
    Saving money for well over half a century
  • Eco_Miser
    Eco_Miser Posts: 4,853 Forumite
    Part of the Furniture 1,000 Posts Photogenic Name Dropper
    It's the bit before the .com that counts - but make sure you're looking at the right .com.
    Where do you think this url would go to?
    www.bbc.co.uk:moneysavingexpert.com@itv.com.ic.example.com?pi=31419&url="test.com"
    Not to the bbc, nor moneysavingexpert, not ITV, but to a host called itv.com.ic in the example.com domain, passing a username of bbc.co.uk, and a password ofmoneysavingexpert.com and variables pi, with a value 314159 and url, with a value "test.com". These might just be ignored, having served their purpose in obfuscating the real destination, or might serve to identify the respondent.
    To summarise: URLS with the form username:password@domain.com?var="value" are valid, potentially confusing, and useful for phishing.
    Eco Miser
    Saving money for well over half a century
  • Last year my wife bought tickets to the V Festival from a sponsored link that came up on google. The website address was: vfestival.net. It was a very professional looking site with lots links to information except it was bogus. When our credit card bill appeared with a transaction that had taken place in Budapest suspicions were aroused. We didn't get our tickets but we did get our money back because we'd paid by credit card. Internet buyer beware.
  • mroakley
    mroakley Posts: 30 Forumite
    Eco Miser

    Thanks so much for taking the time to answer my plea for help - and for the excellent, clear advice you've given here.
    Much appreciated

    Mroakley
  • flexrider
    flexrider Posts: 745 Forumite
    new one going round if you shop on ebay or amazon

    if you are like me you shop round on ebay there was a email i got today claiming to be from ups parcel service, the email says they tried to deliver your goods and need you to click a link to re-deliver

    do not click the link!!
    it is a worm, a virus like program that sticks to your computer and spread to contacts

    hope that helps
    andy
    "MSE Money saving challenges..8/12/13 3,500 saved so far :j" p.s if i been helpfully please leave me a thank you but seek official advice at all times from a pro
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 351K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.6K Spending & Discounts
  • 244K Work, Benefits & Business
  • 599K Mortgages, Homes & Bills
  • 176.9K Life & Family
  • 257.4K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.