Phishing - the simple scam that will never die

Tony Levene
by Lovemoney Staff Tony Levene on 16 February 2013  |  Comments 11 comments

These phishing scams are as old as the internet, yet people still fall for them every day.

Phishing - the simple scam that will never die

The wonder of the internet is that sending hundreds of thousands, if not millions, of messages – spamming – is so cheap that it provides scam merchants with the biggest bang for the few cents they spend.

The second wonder of the internet is why anyone takes any notice of what they must know by now is obvious nonsense. Why does anyone fall
for tricks which are so old they have been around the block time after time? Especially when they have been the subject of warnings online, on television, in newspapers and magazines, in mailings from financial companies and just about anywhere else you can think of.

And the third wonder is the huge amount a fraudster can make if only one in 100,000 responds.

So I write this with an air of “I know I should not have to write about this for the millionth time but if someone is doing this then it is likely there will be a victim, possibly for big money.”

Phishing - the scam that won't die

The “This” is phishing - attempts by scamsters to get hold of your personal details by pretending to be your bank and claiming a security breech. Of course, they have no idea where you might bank. As a result lots of people are told that someone has their secret passwords with Barclays or Lloyds or whatever and they must contact the bank immediately or their account will be frozen or lost, even though they have never dealt with the banks in question. It's been around for years so surely everyone is aware and no one bothers to phish any more?

Wrong.  This week, I received an email headed “Errors were detected on your account (Fix Now)”. And it came from PayPal. Or at least that
is what it said – the sender was “service@paypal.co.uk but don't try it at home because it has nothing to do with the real PayPal.

It read:

from: service@paypal.co.uk <service@paypal.co.uk>

Subject: Errors Were Detected On Your Account (fix now)
Date: Tue, 12 Feb 2013 05:04:16 -0500
Reply-To:

Dear Valued Customer,

PayPal security team is sending you this notification message because we seem to be having errors in the proper verification of your account. This might be due to one of the following reasons:

*A recent Change in your Account Details
*An Internal error within our servers

CLICK HERE to rectify these Errors.

Regards,
PayPal Online Security Team.

So I clicked on the link to rectify these Errors – although I could do nothing about the errors in the grammar and erroneous use of capitals in the message itself.

But whatever the errors were, all I got was a form to fill in.  And guess what?  They want to know just about everything about me other than my great-grandfather's birthplace (which I don't know anyway).

Had I filled it in, I would have handed over my credit card details - including that three figure code on the back - so they could have spent whatever they could get away with. Credit card companies are much better these days at spotting unusual transactions – so a big purchase of something easy to sell (such as high street store vouchers) or easy to cash in (such as some airline tickets) gets picked up. 

But such protection is never guaranteed – nothing can be 100% secure.

Playing the odds

This is phishing.  PayPal says it would never communicate in this way but at first glance it looks convincing.  Now I don't have an account with PayPal. As far as possible I do not send many payments  through it – I think the last time was about three or four years ago. I find it easier to pay with my credit or debit card directly.

But the phishers are more likely to catch the unwary with PayPal than by using HSBC or NatWest. It's a simple question of odds. More people
online have or have previously had some relationship with PayPal than with HSBC or NatWest or any other high street bank.  In any case, the banks are really fast at removing phishing sites.

There's another organisation that is even more prominent than PayPal and far more in our minds especially at this time of year. So expect
a number of emails claiming to be from HMRC offering a tax rebate (usually around £280) in return for financial details to its “secure” site.

This seasonal activity is based on the recent 31st January deadline for tax returns, the end of the tax year on 5th April, and the interest in tax from next month's Budget.

Phishing folk seem stupid if you spot them – and yes, to forestall comments, I know it is obvious. But they will convince someone, maybe a vulnerable person, and they will get some money from this.  So warn those you know both about the false PayPal and those phoney HMRC
emails that will come.  HMRC has a warning about this on its website – but the problem with all such alerts is that you have to find them
before the scam merchants find you. 

Thousands are still caught each month, their identities stolen and their accounts (plus credit cards) cleaned out.

More on scams:

This vacuum cleaner scam will cost you

Criminals target doorstep charity bag collections

Warning: PayPal child pornography scam email

How to protect your PINs and passwords

Don't be a victim of ID fraud

The five most common types of fraud

The scams that target the elderly

How credit card cloning works

How to spot a fake £1 coin

Sneakiest phone scams

Enjoyed this? Show it some love

Twitter
General

Comments (11)

  • catswin
    Love rating 5
    catswin said

    In recent months I have received several PayPal Statements. This is something I have never received in the past despite the fact that I have had a paypal account for many years. There is also a link to click. Each one of these I have forwarded to spoof@paypal but have had no response.

    Are they now sending statements? and if so why on earth do they have a "link" to follow when we are so often told, never follow link - always log in directly.

    I still don't know if these are spam, but still treat them as such, as I never remember signing up to receive this information and don't remember ever being told about this "service" which I can well do without.

    In the past I have always forwarded dodgy looking emails and always got a response, together with the obligatory advice (which is probably not needed as I sent it in the first place - preaching to the converted eh?). But no response whatsoever to these forwarded paypal ones.

    Report on 23 February 2013  |  Love thisLove  0 loves
  • naterbox
    Love rating 13
    naterbox said

    Any communication from Paypal will always address you by name. I always forward spam emails from paypal to spoof@paypal.com They send an automated reply confirming that it's not from them, and that's the last I hear about it. All organisations say they're concerned about phishing, and ask that all examples be forwarded to them for investigation. I have over 2 pages of email address I use to report phiching, and hope that my efforts have stopped at least some fo these criminals ion their tracks, but I'll never know for sure. Most organisations don't send an automated replt to say the email has been received.

    I'll willingly pass my list on if anyone is as concerned as I am about helping to prevent innocent people being duped.

    Report on 23 February 2013  |  Love thisLove  0 loves

Post a comment

Sign in or register to post a reply.

W3C  Thank you for using One Flew Over the Cuckoo's Nest