SCAM!

[Nigel Graham 2]

On Nigel Graham 2 Said:

If the attackers are clever enough to re-route or “spoof” telephone-numbers one might think the telecommunications companies are clever enough to make that impossible….

One might also think that the owners of the telecommunication infrastructure are knowingly allowing that infrastructure to be used for criminal activities while taking no steps to prevent it – and therefore have a criminal liability themselves.

[Peter Greene]

On Peter Greene Said:

On Nigel Graham 2 Said:

If the attackers are clever enough to re-route or “spoof” telephone-numbers one might think the telecommunications companies are clever enough to make that impossible….

One might also think that the owners of the telecommunication infrastructure are knowingly allowing that infrastructure to be used for criminal activities while taking no steps to prevent it – and therefore have a criminal liability themselves.

Caller-ID is a useful hint, but phone users should know it’s not an authenticated identification system.  It’s a data field that can be altered as it passes through various telephone equipments en-route.  Not difficult or clever.   Caller-ID is equivalent to someone writing a return address on the back of a letter.   Jolly useful except a fake return address added by a bad actor can be used to part the unwary from their money.

In terms of protecting oneself against SPAM:

• Do not believe Caller-ID proves anything, better to assume it’s a lie.  Always find another way of checking, such as ringing them back.
• However, always hang up and wait for several minutes, or ring someone else before calling back.  This is because the telephone system holds the line open for a while after one party has hung up to reduce accidental disconnections.   So conman advises victim to ring their bank to confirm the call is genuine. Victim hangs up, but conman doesn’t, instead he plays a recorded dial tone.   Victim lifts hand-set, hears the fake dial-tone, and dials bank, but is still connected to the conman.   Then conman plays a recorded ring tone, answers, and victim is snared.

Many tricks involve flustering the victim so what’s going on seems to make sense, when slowing down would allow suspicion to crystallise.   To avoid being railroaded it’s a good idea to break the conversation off, calm down, and then have a think.   If anything feels remotely wrong, including a sense of being rushed, it probably is!!!  Note that ‘being rushed’ is often self-inflicted.   Quite often I just want to get pesky payments sorted as quickly as possible so I can go back to snoozing in front of the telly.  A risky choice because spending money should never be rushed!

Dave

[NealebParticipant @nealeb]

Coincidentally, I had a call from my bank this morning concerning a online transaction I made over the weekend. I had been wondering why the payment hadn’t shown up in my online banking app.

The caller authenticated themself (after telling me which bank they were calling from – something most of the scam calls do not do) by sending a message via their own app. I suspect that this would be beyond the resources of the average scammer. They told me details of the transaction, asked some fairly basic questions which would tell them no more than available via other channels, plus asking for two letters from my secret codeword. The only better security question I have ever been asked was for the name of a street close to where I live.

I was fairly happy with the process, it was clearly very different from the usual scam call, and the fact that they picked it up at all is somewhat reassuring. I wonder if the fact that I was paying an invoice from KGB Cleaning Services was a contributory factor. Even if those are the guy’s initials, it is a bit of a red flag!

I wonder if it would be useful for banks and similar to make sample calls available so that users can get an idea of what to expect from a genuine call  – or would that just give the scammers a script to follow?

[Nealeb]

On Nealeb Said:

 

I wonder if it would be useful for banks and similar to make sample calls available so that users can get an idea of what to expect from a genuine call  – or would that just give the scammers a script to follow?

I think you have it with that last bit.

OTOH the bank could request that you call them back – on the bank’s known, published phone number – and give you a code number to enter which will verify you and connect you to the right person/department.

I can’t, offhand, see a scammer’s way around that.

[Chris CrewParticipant @chriscrew66644]

A friend of mine once told Mr. Patel from ‘Microsoft’ that he didn’t own a computer which was true because he uses his wife’s or his daughter’s. Apparently Mr. Patel was totally thrown by this remark and didn’t know what to say next. Might be worth trying.

[Howard LewisParticipant @howardlewis46836]

Have just received a hard copy message fron Eonnext with the E mail address “hi@eonnext.com” YET another medssage pestering me to have a smart meter!

So maybe it is not a scam; just yet another a *****y nuisance message to cause me harassment and distress.

Given the fact that so many seem not to be accurate or functioning correctly, what would be the point of having one?

Howard

[bernard towersParticipant @bernardtowers37738]

Sorry wrong subject

[Nigel Graham 2Participant @nigelgraham2]

Howard –

What would happen if you block that ” hi@eonnext…” address? It appears only to be some sales office, after all.

[Michael GilliganParticipant @michaelgilligan61133]

The rollout scheme is Government-driven, Howard

https://publications.parliament.uk/pa/cm5803/cmselect/cmpubacc/1332/report.html

 

Government recently consulted with suppliers and other industry stakeholders on its proposal for 2024 and 2025, and now has new targets for suppliers to install smart meters in at least 74.5% of homes and nearly 69% of small businesses by the end of 2025. In 2019, the Department estimated the rollout would cost £13.5 billion from 2013 to 2034, and provide £19.5 billion of benefits over the same period (both in 2011 prices).

 

MichaelG.

[Martin of WickParticipant @martinofwick]

Keep a watch for the old delivery fraud scam texts – claiming to be Evri, DPD, Post Office etc. usually starting with info along the the lines of … item damaged, address unreadable, undeliverable for some bogus reason etc. and goes on to request you go to a web address on a PC to enter your details and so on.

Only saying because I have had a three such in the last ten days, so wondering if there is a bit of an epidemic at present. Might catch the unwary if they are ordering a lot on line and are not thinking through the logic failure of the scam approach.

 

[Howard LewisParticipant @howardlewis46836]

Repeatedly, I have told them that I do NOT want a smart meter (Yes, Nichael, I know that smart meters are government driven.  That doesn’t make tham reliable or a guaranteed benefit to the customer, rather to the supplier.)

I’d be more sympathetic if I thought that they were reliable and accurate.

Apparently a high percentage still have to read manually. (Told that by a meter reader!) So what’s the point of them?

Seems like another pie in the sky idea generated by somone who could do with living in the real world.

Howard

[Michael GilliganParticipant @michaelgilligan61133]

Your comments are duly noted, Howard

Mine [already discussed here]  is one of the dysfunctional ones !

I was simply trying to point out WHY they are pestering you

… but as you evidently know that already, I will find something more useful to do with my time.

MichaelG.

.

Edit: __ the WHY includes this:

https://www.ofgem.gov.uk/energy-policy-and-regulation/policy-and-regulatory-programmes/smart-meter-transition-and-data-communications-company-dcc/supplier-smart-metering-installation-targets

[Nigel Graham 2Participant @nigelgraham2]

I’m still puzzled how they are supposed to help you “save” energy, though I know they give instant consumption rates so you can assess what is using what watts. We still need cook meals, uses the lights, wash….

And that’s before using our machine-tools that are, to be frank, our luxuries.

I let myself be talked into having “smart” meters installed when I thought – wrongly as it turned out – that they were going to be compulsory within a year or two (so by now); but stopped using the remote display once the novelty wore off. So within a couple of weeks.

As far as I know they are working properly, but I have no means of knowing otherwise. I do need watch for are attempts by my supplier (British Gas) to persuade me to let it read the thing at very short intervals. I think I opted for quarterly when it was first set, but there was something about it on the last bill.  Though I don’t suppose it makes much difference – I’d still use the same amount of electricity and gas.

[Howard LewisParticipant @howardlewis46836]

Have just had an E mail from Eonnext saying that my comments (FINAL WARNING) have been noted and my name has been removed from the list for such messages.

Having heard that several times, I wait in anticipation!

Howard

[Chris CrewParticipant @chriscrew66644]

A forum member has contacted me and asked me to post this message:-

jackli3388 sent you a new message: “Beware of Scam “PYD allcontent.club”

“Scam online cheater “PYD allcontent.club”.
I lost 2 payments of UK£39.99 debited to my bank account (Debited at the same time and date) after a early debit of a £1 a day earlier.
The scams use a Debit Details as PYD allcontent.club
448081752327 @ at £39.99 of 22/4/24 for collection.
I mistakenly logged in to the Sainsbury’s Nectar account to claim a 500 bonus Nectar points for download the Nectar app.
My bank saying, there will be unable to cancel and refund this transaction, because the earlier £1 debit which you has authorised to future payment.
Kindly post my scam experiences in public to help others.
K. Lee”

I have to say that in my case the credit card company were extremely helpful and exceeded my expectations. After they were notified, as soon as the payment dropped off the ‘pending payments’ list and the £39.99 was paid out they immediately put a stop on any future debit and re-credited this amount to my account, pending an investigation into the circumstances. It was explained to me that if the correct procedures had not been followed by the company charging my account then a ‘charge back’ would be made and I would keep the £39.99 re-credit. If the correct procedure had been followed, because I had voluntarily (and very stupidly) divulged my credit card details and authorised a £1 charge, then I would liable for £39.99 but no future payment would be taken. I accepted this with some relief and subsequently the credit card company confirmed that a ‘charge back’ had been possible and all that I lost was the £1 authorisation fee.

[Nigel Graham 2Participant @nigelgraham2]

I always treat this type (below) as potentially dangerous, so report and block them, but I wonder if some actually are genuine sales attempts, despite the naivety:

Hi,

This is Jim from Xiamen Oready Industry & Trade Co., Ltd.I got your email address from your website.

I browsed your website and found that we may have the bags & pouch you interest. Our company is specializing in bags manufacturing over 12 years. We hope to be your partner! If you are interested,

the e-catalogue will be provided.

I look forward to hearing from you.

Kind regards,

Jim

Xiamen Oready Industry & Trade Co., Ltd

…

So I looked up the name, independently, and yes, it does exist, making various back-packs, school bags and so on. I think such companies are looking for retailers, hence the blanket web-site assumption and terse salutation without name; but how it finds individual e-post addresses is another matter…..

I still reported, blocked and deleted Jim. Oh, and “Co. Ltd.”… Do Chinese businesses really use that classification at home?

[Robert Atkinson 2Participant @robertatkinson2]

Smart meters do not save energy. Note the small print on the adverts “consumer action required”. Theonly direct advantage to a consumer above a simple energy meter with remote display is that you should not get estimated bills.
The big advantage to the providers is the ability to provide time based variable tarrifs. This has already started as a “carrot” with some providers giving low rates “off-peak”. However there is nothing to stop them using the “stick” of increased costs at peak times and that would not be an option.
Also note that smart meters have a remote controlled cut-out relay. This is how they convert customers to pre-payment instantly. They can also be used for rolling black-outs in times of supply shortage.
I won’t have one until forced to.

Robert.

[Nigel Graham 2]

On Nigel Graham 2 Said:

I always treat this type (below) as potentially dangerous, so report and block them, but I wonder if some actually are genuine sales attempts, despite the naivety:

Hi,

This is Jim from Xiamen Oready Industry & Trade Co., Ltd.I got your email address from your website.

…

So I looked up the name, independently, and yes, it does exist, making various back-packs, school bags and so on. I think such companies are looking for retailers, hence the blanket web-site assumption and terse salutation without name; but how it finds individual e-post addresses is another matter…..

I still reported, blocked and deleted Jim. Oh, and “Co. Ltd.”… Do Chinese businesses really use that classification at home?

Well, that message from ‘Jim’ isn’t potentially dangerous, it is dangerous!    Doubly so because Jim has got Nigel nibbling at the hook, trying to think of ways that it might be genuine, going so far as to check if Xiamen are a real company, and even making allowances for the sender’s imagined naivety.  Never underestimate the bad-guys, nothing they say, do, or imply is trustworthy.

Actually Jim’s email is a variant of the SCAM! email that Howard started this thread to warn us about.   Howard said of the email he received:  “Supposedly from Eon Next there is a scam trying to gather data.”   Of course, Eon Next exist, as do all the other legitimate organisations who have their names taken in vain by scams.  The spam format is widely copied world-wide, and is based on the wording of a legitimate approach.

Where ‘Jim’ got Nigel’s email address from is unknown, but there are many possibilities:

• As email addresses tend to be formatted in certain predictable ways, it’s possible to write a program that generates them automatically and sprays the internet to see if anyone replies.   If they get a response, that address is added to a list for future, better targetted, attempts.
• Email addresses are sometimes sold on by legitimate companies, either to advertisers, or by dodgy employees earning a bit on the side.
• Many email addresses are collected from the numerous forms of poor internet hygiene users indulge in, casually leaking private information to anyone who asks nicely whilst they wander the net.  Things like giving their email addresses to questionnaires, or in hope of getting a bargain, or to get vouchers or nectar points, and exposing others by passing dodgy emails on.  A friend blew one of my ‘safe’ email addresses by persistently forwarding me links to off-colour internet joke sites, not realising that everyone his bombshell was forwarded too had their address blind copied back to the bad guys.   Clever chap my friend, but he because he didn’t understand how email works, he refused to believe me, and kept on doing it.  Even after showers of spam descended on him and our entire friendship group, he still didn’t accept the hassle was due to him!

Unexpected emails are often modern forms of ancient honey trap, so advice such as  ‘beware Greeks bearing gifts‘ remains good.     Reject All cookies, don’t use browsers or search engines that track, don’t allow HTML emails, and keep your computer and it’s security up-to-date.  Keep away from ‘interesting’ websites, even if they do cater for your favourite peccadillo! Be extra careful when spending money, and above all, do not believe that ‘they‘ aren’t interested in little ‘you‘ because you’re not stinking rich!

What do the bad-guys get out of an email contact?   Opportunities!   Anything from the most primitive unlikely to work ways of extracting money,  up to building a personal profile complete enough to perpetrate full blown identity fraud.  It’s surprisingly easy to sell someone else’s house, dropping the victim into an Alice in Wonderland world, in which the police might not prosecute anyone, and where it’s always left to the victim to recover his property by civil action.   Nasty!  Identifying soft-targets who might fall for a well-focussed approach is a trend.  The more ‘they’ know about ‘you’, the easier it is to commit fraud, so I try hard to stay anonymous.

Dave

PS

Oh, and “Co. Ltd.”… Do Chinese businesses really use that classification at home?   Yes – at least in translation.   Limited Liability Companies are common everywhere.  It’s still a spam email.

 

 

[Grindstone CowboyParticipant @grindstonecowboy]

Not so much a scam as a smart meter comment. Recently switched the in-laws to Octopus from British Gas, and discovered they are unable to read the electric meter to get the final reading for the switchover – nothing on the display, either on the inside unit (which has never worked and had been put away in a cupboard) or on the meter itself. Turns out BG have been estimating the readings for a few years now. The meters were installed about ten years ago.

All credit to Octopus, they have arranged for a replacement meter to be fitted within a week. Just wondering now how they will work out the real reading or just accept the estimated final read, and why BG have never looked into why they weren’t getting anything from their meter for such a long time.

Rob

[Nigel Graham 2Participant @nigelgraham2]

Don’t worry SOD:

I had copied the text only of the message into ‘Word’, then blocked and deleted the original.

When I looked up the name I did so as an ordinary web-search, typing the name in the search-bar. Though I opened the site I did not follow it, and closed it almost straight away.

So what I did had no links to the original, deleted e-post.

.

It is course possible that the apparent company web-sites are made up, they rather than the e-posts holding the trap if you go beyond the home page or contact them.

.

A more eerie attempt was by ‘phone a couple of days ago. It had recorded a message, which could have been from anyone as it does not tell you the number, but this was no more than a very soft click, a few seconds of faint hiss then another very soft click to close it. I deleted it, but some time later dialled 1471 which revealed a number starting with my local area code. I have not met either that sort of call, nor the use of the local area code, and it is hard to think of any purpose for recording silence.  The number itself was of course fictitious, or a real local number spoofed. I made no attempt to ring back either from the recording (which I had already deleted anyway) or the 1471 service.

[Michael GilliganParticipant @michaelgilligan61133]

I believe that the ‘silent’ call simply means that one of their other targets answered first … These systems are on auto-dial, with all the subtlety of a sawn-off-shotgun !

MichaelG.

[Michael GilliganParticipant @michaelgilligan61133]

Here’s a new one, as reported in Manchester Evening News:

 

HM Revenue and Customs (HMRC) is alerting customers about a fresh scam which puts people at risk of having their personal details stolen.

Reports indicate that this phishing scam exploits a malicious email, inviting recipients to scan a QR code – an action that could lead to their details being accessed by fraudsters and costing them thousands of pounds. HMRC warned …

 

MichaelG.

[Chris CrewParticipant @chriscrew66644]

“Also note that smart meters have a remote controlled cut-out relay. This is how they convert customers to pre-payment instantly. They can also be used for rolling black-outs in times of supply shortage. I won’t have one until forced to.”

I resisted having the old ‘analogue’ electricity and gas meters changed but after several calls from the supplier I relented and let them fit new meters with the proviso that I did not want a smart meter under any circumstances. Whilst it is true that I don’t have a smart meter display and still have to submit meter readings, it seems it is only a remote data ‘tweak’ that would convert these new meters to ‘smart’ because they are exactly the same base units and would now only need the internal software enabling for the conversion to take place.

[Nigel McBurney 1Participant @nigelmcburney1]

Now when I get some of these calls asking if I am Mr McBurney I reply no, I am the butler and the master is not at home, the other end slam down the phone.

[JAParticipant @ja]

If there is an actual person phoning me I have fun or at least try. They do not have control of the call since they work from a script. Talk to him/her and you will break their conversation. Once you have done that……. Nowdays scam centre bosses must be closely monitoring calls because the line goes dead rather too quickly.

I would love to know the actual workings of such businesses. I know that one spacialising in entrapping elderly man using false girl friends was recently busted in the Far East and a lot of slaves freed.

JA (an elderly man)

[Author]

Posts