Forum Menu - Click/Swipe to open
 

Scams!

You have contributed 2.6% of this topic

Thread Tools
Appreciate
Topic Appreciation
abu mohammed, Taalibah, Yasin
Rank Image
Taalibah's avatar
Unspecified
7,126
Sister
801
Taalibah's avatar
#1 [Permalink] Posted on 7th February 2014 11:17
Man travels 1,000 miles to claim bogus prize
7 February 2014 1:00 AM
BBC News, Delhi

Ratan Kumar Malbisoi travelled more than a thousand miles to claim a bogus prize
An Indian villager recently travelled more than a thousand miles to the BBC office in Delhi in an unusual quest - to claim millions of rupees he believed he had won in a "BBC lottery".

Ratan Kumar Malbisoi, a 41-year-old unemployed Indian villager, fell for a message he received on his mobile phone nearly two years ago.

"The message said I had won the BBC's national lottery for 20 or 30 million rupees ($319,000-$478,000; 194,000-292,000). I was asked to send my details so that they could send me the money," he says.

A poor man, with little formal education, he was unable to fathom that this was a phishing message and that he was being "scammed".

Around the same time, I and several of my colleagues also received similar messages. The texts evoked much mirth, but we all deleted them and forgot about them.

But Malbisoi got in touch with the scammers, emailed them his bank details and account statement, and spoke to them several times over the past two years, beseeching them to send him the promised funds.

Last month, he travelled about 1,700km (1,056 miles) from his remote village in the eastern state of Orissa to the BBC office in Delhi with a lot of hope.

He had borrowed money from some friends and arrived in the city while it was in the grip of a cold snap, dressed in just a shirt and a pair of trousers.

His train had arrived the evening before and he says he spent the night on the platform before reaching the BBC office in the morning.

He was referred to me because when he presented himself at the reception desk, he asked to see a Geeta or Smita - he said in one of the calls he had received from the "BBC office", the caller had identified herself by one of the two names.

What he told me was that when he received the first text message in April 2012, he lost no time in responding with his name and address. Within a few hours, the scammers called him back.

"The caller said he was the BBC's chancellor. He spoke really well. He promised me a large sum of money but said I would have to first send 12,000 rupees ($191; 117) so that he can transfer the money into an RBI account." RBI or the Reserve Bank of India is the country's central bank.

"I told them I was a very poor man and that I didn't have any money to give them. He said then they couldn't pay me any money, but over a period of time, we kept negotiating and they finally asked me for 4,000 rupees," he says.

Malbisoi said he was unable to pay even that amount. At one point, he says, he suggested to them to "just deduct 4,000 rupees from my winnings and send me the rest". They told him that would not be possible.

So, he sent them a letter, informing them about his poor family.

"I told them about my wife and our three daughters. I said I lived in a village on the edge of the jungle, and that I had no home and requested them to help me." He also enclosed a family photo.

He says the "BBC chancellor" was always sympathetic, he said he would come to India and visit him. The last time Malbisoi spoke to him was in November last year.

"I told him I had lost my mother and he asked me if I had received the cheque they'd sent for me. When he spoke about the cheque, I decided to come to the BBC office to find out if a cheque had arrived here for me," he says.

Malbisoi is convinced that the call came to him from Britain. On the face of it, it does look like a UK number but experts say it is very difficult to establish that it really is located there.

Cyber law expert Pavan Duggal says these are known as "mask numbers" - they usually don't emanate from a mobile phone but come from a website and one can get a number to make it look like it's originated from London or New York or Paris or, for that matter, Delhi.

Duggal describes it as an "old Nigerian 419 scam" - so called after the section of the Nigerian law which deals with cheating and fraud.

India has 890 million cell phone users
The BBC has offered guidance to people receiving these messages, which Delhi-based technology writer Prasanto K Roy says are "rampant" and "dangerous". The scammers use names like the BBC or Coca Cola because these sound credible and they are names likely to be known to the target, he says.

"And obviously there are enough [people], mostly in small towns or villages, who are not much educated and not internet or tech savvy."

In India, Roy says scammers use more text messages than emails, to target their victims because the reach of the mobile phone is much wider than computers. I receive two or three every day.

India is one of the world's fastest growing mobile phone markets with 890 million cell phone users and according to the Telecoms Regulatory Authority of India, Indians send some 890 million messages every day.

Even though there are no definitive statistics available, experts say millions of these messages are spam. Add to that millions of scamming messages sent from internet-based services and the numbers become mind-boggling.

The mobile number Malbisoi gave me was answered by a man who spoke in an accent that sounded more like African than British.

He introduced himself as Scott Smith, said he was based in the UK, but refused to tell me his job title. Once I told him I was calling from the BBC office, he became increasingly aggressive.

"I am very busy and I cannot speak to you. I will report you to the police and get you investigated. I don't believe you are from the BBC and I would get you arrested if I could see you," he said before hanging up.

Malbisoi made it home safely, although empty-handed, after two days in Delhi. But I'm not sure I was able to convince him that the "BBC chancellor" he had been speaking to was in reality a scammer.

"I never felt he was trying to cheat me. I liked speaking with him, he was always very nice," he said adding that he never complained to the police.

"If they don't want to give me the money, I can't force them. It's their money."

BBC 2014
report post quote code quick quote reply
back to top
Rank Image
Taalibah's avatar
Unspecified
7,126
Sister
801
Taalibah's avatar
#2 [Permalink] Posted on 7th February 2014 22:56
Concerns over 'copycat websites'
Updated 31 minutes ago
By Maryam Moshiri

The advertising watchdog has received hundreds of complaints about "copycat websites" that charge for services that are available free.

A number of websites that offer assistance in updating a driving licence or completing a tax return are found during online searches.

The Advertising Standards Authority said it had received 700 complaints about 25 websites in the past year.

But one website hit back, saying it was upfront about the service and charges.

'Small print'
Part-time nurse Vanessa Andreae thought she was taking the easy option when she decided to file her tax return using what she believed was an official website.

She was charged 400 to file her return by the taxreturngateway.com website. Only later did she realise she could have filed her tax return free through the official HM Revenue & Customs website.

"They do say in quite small print at the bottom of the screen that they are not HMRC, and here's a link to go to the HMRC," she said. "But if you are someone who is in a bit of a flap, trying to get it done with children and life going on around you, you tend not to read the small print.

"It does say you accept terms and conditions, which I completely admit that I did. Nobody held a gun to my head and made me fill out that site. I just did it because I had absolutely no idea that there was a wrong way to do it and a free way."

She hoped that her experience would prove to be a warning to others. She has since got her money back and the website she used has been upgraded.

In a statement to the BBC, taxreturngateway.com said: "We do not accept the suggestion that we are a copycat website. We are a bespoke tax return checking and fulfilment agency.

"We have always made it absolutely clear on the homepage of our website that we are not associated with HMRC, Department for Work and Pensions or any other government body, and that we will levy a charge for the service we provide."

Transparency
These websites are perfectly legal and many do make it quite clear that they are providing a service that the user will have to pay for. Some of the sites look very similar to official ones and some people might not read through the disclaimers or the terms and conditions.

There are ways to avoid websites that charge for these services
Many of these websites are paying for sponsorship on search engines such as Google and therefore appear at the top of an online search.

The Advertising Standards Authority said it had received around 700 complaints in the past 12 months about transparency and pricing.

"Complaints that we are receiving are about people being misled as to the nature of the service being offered, a feeling that they might be official services when actually they are not," said the ASA director of advertising policy and practice, Shahriar Coupal.

"Perhaps a little bit more worrying [are concerns] about the pricing or the transparency of the pricing - people feeling that they are left out of pocket for a service they would not have entered into had they known that it wasn't official."

Official website
Sarah Pennells, editor of Savvywoman.co.uk, said that people should search for services such as passport and driving licence renewal within the official www.gov.uk website.

"If you do just type the search term into the search engine and you're not quite sure where you have ended up, just check what you are being charged for and then do another search and see whether you can get this for free," she said.

The ASA and Google said they were working closely with government digital services to ensure adverts were not misleading.

Google said in a statement: "We have a strict set of policies which govern what types of ads appear on Google. If we learn an advertiser is breaching these policies, we move swiftly to take action."

BBC 2014
report post quote code quick quote reply
back to top
Rank Image
abu mohammed's avatar
London
23,073
Brother
9,574
abu mohammed's avatar
#3 [Permalink] Posted on 10th February 2014 20:31
report post quote code quick quote reply
back to top
Yasin's avatar
UK
6,057
Brother
163
Yasin's avatar
#4 [Permalink] Posted on 10th February 2014 21:03
Please don't forget the most common scam: "EMAILS"

If you receive any official email with a zip attachment: DELETE IT - shipping, bank statements, royal mail missed delivery etc
If you receive any email asking you to click a link and then log in to "update" for "security" reasons: DELETE IT
If you are asked to confirm certain details and the reply address is NOT @the-official-company-domain: DELETE IT otherwise phone the company in question and DO NOT follow any instructions in the email.

Zip files contains file which look like .pdf inside or .doc but if you don't have file extensions turned on in windows settings then you'll find that the file inside the zip is actually ".exe" - executable file named like statement-february.pdf.exe (and without file extensions showing it'll show "statement-february.pdf" but it's not pdf, it's an exe.

Once launched, you can become victim to:

- sending all keystrokes and clicks to the hackers server for them to analyse for example:

this is a message on say google talk and this is an email and then further down the list appear hsbc(down_arrow)(enter)yasin123456(tab_key)abcdefgh(enter_key)followed by more information.....

Their scanners will easily find hsbc then down arrow means you selected in from drop down on browser followed by enter, username and password... Yes nowadays you need a key device to add additional security but these can be manipulated and they have access to your bank account.

- ransom

The executable file might even be ransomware where this tiny little script will encrypt all your files and store the decrypt key on their server. It is IMPOSSIBLE to decrypt without it. They give you 72 hours etc to pay for the decrypt key otherwise you WILL lose all your files.

I recently sent one of these encrypted files to myself and it really was encrypted. Poor guy had to pay about 300 to get his files back.

Some tips:
Always have two/three email accounts.

One which is used to give for official purposes like yourname.yoursurname@whatever.com (don't give this to friends at all, i'll explain later)

Second for online use like forums, social sites and for giving to friends etc - use a different password

Third email (recommended) for registering on web sites that require registration just to do something like download a file. You can almost 100% ignore ALL emails on here

Reason for not giving official email address to friends: They usually email forwards and CC 50 people without using BCC so all 50 people have your email address now. They then forward it further and eventually it'll hit a hijacked mailbox who now has all those active emails (sometimes hundreds). Get ready for spam and scams.

This way it's almost impossible for you receive spam on your main email account and know you can easily ignore it, delete and block.

Just some security measures and tips that I use.
report post quote code quick quote reply
+3 -0Like x 1Agree x 1Winner x 2
back to top
Rank Image
abu mohammed's avatar
London
23,073
Brother
9,574
abu mohammed's avatar
#5 [Permalink] Posted on 10th February 2014 21:23
report post quote code quick quote reply
back to top
Yasin's avatar
UK
6,057
Brother
163
Yasin's avatar
#6 [Permalink] Posted on 10th February 2014 21:30
In my mind I've clicked "dislike" for ^
Muftisays' Scam = The scam of Muftisays
Mufti Says Scam = The mufti says we should scam

No matter how you put it it's bad
report post quote code quick quote reply
+3 -0Winner x 2Creative x 1
back to top
Rank Image
Taalibah's avatar
Unspecified
7,126
Sister
801
Taalibah's avatar
#7 [Permalink] Posted on 10th February 2014 21:35
abu mohammed wrote:
View original post

Very creative, but yep now admins pointed it out....MuftiSays scam sounds like...well a scam!
report post quote code quick quote reply
back to top
Rank Image
abu mohammed's avatar
London
23,073
Brother
9,574
abu mohammed's avatar
#8 [Permalink] Posted on 10th February 2014 21:41
Yasin wrote:
View original post

Agree.

It just teaches a lesson not to click any link without knowing where it would lead to. I couldn't think of a better example.

Also the word is plural indicating that there is more than one scam. Hence this thread. :)
report post quote code quick quote reply
back to top
Yasin's avatar
UK
6,057
Brother
163
Yasin's avatar
#9 [Permalink] Posted on 10th February 2014 21:53
report post quote code quick quote reply
back to top
Rank Image
Taalibah's avatar
Unspecified
7,126
Sister
801
Taalibah's avatar
#10 [Permalink] Posted on 10th February 2014 22:30
Yasin wrote:
View original post

So many online scams
report post quote code quick quote reply
back to top
Rank Image
abu mohammed's avatar
London
23,073
Brother
9,574
abu mohammed's avatar
#11 [Permalink] Posted on 19th February 2014 11:25
Received an email last nite from Barclays Bank with an email address that looked legit too

Your Barclays Bank Account Has Been Blocked(Verification Required)
Barclays Bank PLC


FAKE ADDRESS ibankingservice@barclays.co.uk

Quote:
Dear Valued Customer,


For your security, Barclays Bank has safeguard your account when there is a possibility that someone other than you is attempting to Access your account from an unidentified location. You now need to verify your Identity.

To verify your identity, kindly follow the reference below and instantly re-activate your account.


bank.barclays.co.uk/olb/auth/verification/


Thank you for helping us to protect you.

Security Advisor
Barclays Bank PLC .
Registered in England. Registered no. 1026167. Barclays Insurance Services Company Limited. Registered in England. Registered no. 973765. Registered office for both: 1 Churchill Place, London E14 5HP. 'The Woolwich' and 'Woolwich' are trademarks and trading names of Barclays Bank PLC. Barclays Business is a trading name of Barclays Bank PLC.




The link then takes me to a very legit looking webpage, but you can tell that the web address is fake. Anyway, they ask for name, address, card number AND security number from the back.

Nice try. I've had these before and been advised to forward such emails to the banks.
report post quote code quick quote reply
back to top
Rank Image
Offline
Unspecified
1,241
Brother
1,889
#12 [Permalink] Posted on 19th February 2014 11:38
abu mohammed wrote:
View original post


You shouldn't have even clicked the link... They can run scripts in the background while you visit such links....
report post quote code quick quote reply
+4 -0Like x 4
back to top
Rank Image
abu mohammed's avatar
London
23,073
Brother
9,574
abu mohammed's avatar
#13 [Permalink] Posted on 19th February 2014 11:44
Agree, but I had to prove to someone that it was a fake and why "they" shouldn't open emails from people they don't know, especially PayPal and Banks. Anyways, I opened it from the mobile, I have malwarebytes installed on my mobile. In this cane ONLY, when trying from a PC, it warned first that its not safe.
report post quote code quick quote reply
back to top
Yasin's avatar
UK
6,057
Brother
163
Yasin's avatar
#14 [Permalink] Posted on 19th February 2014 12:20
It also verifies that your email is active and read which will increase spam. Sometimes this type of link to verify an email will be in the form of "click here to unsubscribe" - but in reality you've just subscribed to more attacks and phishing attempts.

The browser can (as mentioned umar123) run exploit scripts. If you internet explorer you're probably doomed at this point.

It's a sad sad world.
report post quote code quick quote reply
back to top
Rank Image
abu mohammed's avatar
London
23,073
Brother
9,574
abu mohammed's avatar
#15 [Permalink] Posted on 19th February 2014 12:24
I'm always cautious, so I'm running Malwarebytes now ;)



Scan.png
Downloads: 266
    [199.16 kB]
report post quote code quick quote reply
back to top