“Maybe I should call my son and check…”
this post was submitted on 03 Aug 2023
32 points (100.0% liked)
AusFinance
1112 readers
5 users here now
founded 2 years ago
MODERATORS
My dad is well-trained to call me for anything that looks even slightly off. Some of the scams thrown at him have been very convincing.
My in-laws too, now. They were taken in by a scammer who got full control of their Internet banking account. Thankfully, NAB's anti-fraud protection kicked in and prevented the loss of a lot of money.
These scammers target the elderly. They are without scruples and will laugh while taking someone's life savings. I honestly don't know how they live with themselves.
Advice for spotting scams:
-
Microsoft don't call you. I've worked with Microsoft gold partners for over fifteen years, I have premier support packages and the ability to raise requests with them. My employers/customers pay hundreds of thousands of dollars per year for me to be able to do this. They never initiate contact even with me. They sure don't do that with regular users. If "Microsoft" is calling, it's a scam. Every. Single. Time.
-
If the contact is coming from a company you don't deal with, it's a scam.
-
If the contact is coming from a company you do deal with: they will know your name and account details. If they initiate the call and want to confirm any information with you, ask for a reference number and hang up. Then go to their website, call the contact number and provide the reference number before confirming anything. If they are reluctant to do this, they are a scam.
-
Don't just rely on scammers looking/sounding like scammers. I've seen some really legitimate looking phishing attempts. They'll know your name, employer, address. They'll be super friendly and helpful. If on the phone, they'll be confident and efficient. But so will the real company. If you didn't call them, be very on-guard.
-
Never ever, for any reason, provide either your password or that confirmation code if they initiate the contact.
I am THRILLED to say my parents have learned the same. I would rather them call me about every single Windows Update message than have them call for a single scam
Great points! I'd say never provide your password or confirmation code ever on the phone. They shouldn't have you password stored anyway. Only a salted hash of it.
Grr - jebora failed me on the reply. Sorry for the spam.
Some places will use a password or code they send to you in order to ID you. My ISP will use my password to ID me. The bank will sms me a code for some interactions. That's why the disclaimer on them initiating contact.
Another good one is 'you cant win a competition that you never entered'
The thing that got me with this is that it somehow went from "I've got a $3,000 bill I need to pay" to her transferring $10,000. Is my family weird, or is that something that most people would just do? I mean, even taking out the whole scam bit, do people actually just hand out that type of money without a serious conversation about what exactly is going on? I'd be really worried that there was some sort of gambling or drug problem behind something like that, I'd be dropping everything to make real contact and figure out what's going on.
I saw that recently the UK introduced a law that sending and receiving banks have to each pay for half the scam. We need that here as it forces banks to create good fraud detection. Here's an article on it: https://www.abc.net.au/news/2023-07-11/uk-laws-force-to-banks-reimburse-scam-victims-unless-negligent/102563000
If that was introduced I'd be surprised if most scams weren't stopped after a few years
I just got a new scam (to me) today that nearly got me.
An email about my Spotify account. I'd recently changed my plan, so good timing by the scammers. It said there was a payment problem and would be charged a cancellation fee.
Fortunately, I've trained myself to ONLY GO DIRECT TO THE SITE AND LOGIN THERE. So, I go to spotify, and the account looks all good. Then when I looked at the email more closely, yep, all the links go to a site not spotify. Gave myself a pat on the back.
Once the scam email is marked as spam, it garbles itself, so you can't look at what it had said. Hadn't seen that before. Of course, if you unmark it as spam, you can see it again.
Be careful out there!
That sounds impossible. Have you got the raw source?
I was amazed. Assumed it's a whopping big pile of JavaScript in an html attachment. Yeah, i still have it. Will take a proper look tomorrow if I remember...
Checked it out, and it's simpler than I thought.
Screen caps of email. The first is as it arrived in the Inbox, the second in the Junk folder.
Basically, they have an inline HTML file (and an inline spotify png). The HTML has lots of embedded rubbish text, associated with a specific style. That style is set to display:none, so it is hidden.
Now by default Thunderbird shows me the inline images and css. As it's set none, I don't see the rubbish text and the message looks and reads like a normal message.
But when it's marked as Junk, Thunderbird won't show the image, and won't show any css. So the message then displays all the rubbish text and it looks garbled.
eg: the Bold heading in the body of the email is actually the html here
That's pretty standard with moz - junk mail use hotlinked images and shit so they can see on their traffic side when an email is viewed. It's why mail programs increasingly block external content by default (well that and the viral payloads). When you flag as spam, thunderbird takes it out of the 'allow remote content' list.