We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Help: Fallen for a scam email!
Options
Comments
-
Why would it matter if they can see passwords in plain text? Its irrelevant from attackers angle, as his goal is to gain access, not learn what password you have had set.
And attacker doesn't need to receive that new password or even reset it. Run an experiment tomorrow and call your mobile phone provider as if you've forgotten your password and say that "you can't see texts when on phone calls on your phone." You will, most likely, get authenticated by asking just some simple questions with those essential details. And that comes from the assumption that they will even attempt to confirm your number in the first place, almost always they will assume that calling from that number is good enough for external-factor authentication.
So while number spoofing cannot intercept texts or calls, at least not that quickly or cheaply but that can also be done, you simply put, don't need it. And if those specific marks call center is immune to that attack, you move to the next person who thought that sharing their personal data was a very good idea.0 -
Why would it matter if they can see passwords in plain text? Its irrelevant from attackers angle, as his goal is to gain access, not learn what password you have had set.
And attacker doesn't need to receive that new password or even reset it. Run an experiment tomorrow and call your mobile phone provider as if you've forgotten your password and say that "you can't see texts when on phone calls on your phone." You will, most likely, get authenticated by asking just some simple questions with those essential details. And that comes from the assumption that they will even attempt to confirm your number in the first place, almost always they will assume that calling from that number is good enough for external-factor authentication.
So while number spoofing cannot intercept texts or calls, at least not that quickly or cheaply but that can also be done, you simply put, don't need it. And if those specific marks call center is immune to that attack, you move to the next person who thought that sharing their personal data was a very good idea.
wow I doubt the scam you think is happening is that involved.
Do you wear gloves in public in case someone clones your fingerprints or steals your DNA profile?
Do you ever buy online or use an ATM?
Have you never told a stranger your name in conversation as they could follow you home and get your address and postcode and use it against you?
If fact, did you sign up to MSE with fake details in case the Russian !!!!! hack the site?0 -
This scam is not something elusive that requires some elaborate tools or training, quite frankly this is what a lot of out-of-businesses call centers in various countries turn into. They already have the staff, VoIP setup, all is left is to change the script and you have yourself an excellent little vishing operation. Place enough calls and sure enough, you will wind up with enough details to get some credit with them or use them in some other scams, for example, to open bank accounts that will be used to funnel money from other online crimes.
And what I've said in my first post still applies, may want to go and re-read it regarding the later, rather misguided, rhetoric, as there is a pretty big difference between paranoia and not giving out information.0 -
this isn't a call center phishing for info tho is it?
All the OP has said is that it was a BA competition.
Its quite normal for a company running a legit competition to ask for these details.
Until the OP comes back your just making a mountain out of a molehill.
In your professional capacity would you say most requests for the information the OP has given are scams?0 -
It has a very simple red alert that hollers scam: it asks for your date of birth. Date of birth is a very crucial and important detail which, at the same time, is completely meaningless from alleged contest organiser. They may, at best, want you to confirm that you are over 18, but that is about as it goes.
Even in the link, you have provided as your proof of this email being legit, if you were to check it, you would see that in registration for contests they do not ask for DOB. This exact lack of attention is what scammers capitalise on to fool people into surrendering vital information. Because sure, you are savvy, you've checked that the contest exists and now feel confident that it is legit. But you didn't do it diligently, as then you would have noticed the discrepancy between what scammers ask for in email and what is on the website.0 -
It has a very simple red alert that hollers scam: it asks for your date of birth. Date of birth is a very crucial and important detail which, at the same time, is completely meaningless from alleged contest organiser. They may, at best, want you to confirm that you are over 18, but that is about as it goes.
Even in the link, you have provided as your proof of this email being legit, if you were to check it, you would see that in registration for contests they do not ask for DOB. This exact lack of attention is what scammers capitalise on to fool people into surrendering vital information. Because sure, you are savvy, you've checked that the contest exists and now feel confident that it is legit. But you didn't do it diligently, as then you would have noticed the discrepancy between what scammers ask for in email and what is on the website.
DOB also proves the person entering a competition is an adult and is a normal thing.0 -
No, no it isn't. That is why the very link you've posted as "proof" of this contest doesn't ask for it.
But you just seem to look to argue, maybe for a hobby and nitpick, or because you can't read sentences in full. Either way, I am moving away and let you fall for those scams on your dime. Just don't spread nonsense that giving out this information si safe, unless you are willing to finally post them here yourself.0 -
No, no it isn't. That is why the very link you've posted as "proof" of this contest doesn't ask for it.
But you just seem to look to argue, maybe for a hobby and nitpick, or because you can't read sentences in full. Either way, I am moving away and let you fall for those scams on your dime. Just don't spread nonsense that giving out this information si safe, unless you are willing to finally post them here yourself.
The OP asked if they had cause to worry.
I said it was unlikely.
You have posted several possible outcomes that are worst case scenario.
Because I do not agree you have come to the conclusion that I argue for a hobby or cannot read a full sentence.
Its not me that needs educating as I am quite capable of deciphering real top level domains from those that pretend to be real or hide behind fake links.
Good luck in your career.0 -
-
Those are not the ones I have been getting.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.8K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.8K Work, Benefits & Business
- 598.7K Mortgages, Homes & Bills
- 176.8K Life & Family
- 257.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards