BT E-mail Scam

thought i would warn members who are with bt, ive been getting a load of e-mails from bt asking me to update my account and asking for bank details, ive just contacted a bt advisor and she said bt havnt sent me any of these e-mails and to ignore them, the police are involved and are busy dealing with it, apparently i have heard that someone in africa is sending these e-mails, so please be aware and warned iff anyone gets them to ignore them.
rosa

 

As a general rule, I would urge people to never, ever, respond in any way to an email asking you to update your account details. Many scams work like this. The worst ones are the supposed bank ones, where they ask you to confirm things like your account number, sort code and security numbers, effectively giving a crook everything they need to empty your bank account, take out loans in your name etc.

 

By phishing, sending out en masse to many different combinations of email addresses and eventually one will make a hit and be correct.

I get quite a few of these in my spam folder on hotmail, telling me to log onto accounts with banks I have never had an account with!

The paypal ones can be quite convincing.

 

There are lots of ways. As SG said is one way. Other common ways include:
* Viruses and other malware catching your details and sending them to a dodgy database
* Bad search engine spiders that hop from one website to another following all the links (much like google does - only google is ok) and picking up email addresses from the websites it finds
* Careless companies that don't look after their data properly
* Corrupt IT people in developing countries (where much of our stuff is now outsourced to) who can make a bit of extra money by selling data - this one has the added problem that as it is outside of the EU our data protection act doesn't apply, so in effect they have little reason to fear being caught. A large high street bank had a big problem with this a few years ago, with credit card details being sold.

 

Oh yes, and you'd be amazed how many people put their full personal details on social network sites such as facebook...then "allow" anyone to view them.

A good tip, never put your correct date of birth anywhere on the internet.

 

The first rule to remember about businesses, is that they, the genuine company, do lose your details and would never dream to ask you to confirm anything by email. Just think of it, would you trust your money with any bank that was careless enough to lose your details? I shouldn't think so. Nigeria is the world's top country for scams, especially of the email type. Much of the information they use comes from old hard drives that they remove from the tons of PCs that are shipped out to them by the western world, us.

If you want to remain safe on line, ignore opening any email that doesn't come from a known source, ie, your family and friends. Most of all, don't touch any attachments with a barge pole, cos opening these is how viruses, trojans and anything else that's malicious is spread. In the meantime, stay safe while you surf.

 

Just to add, most email clients now by default don't open embedded graphics in emails. There is a reason for this. When a spam email is sent, there is no easy way to detect if it was read. If there is an embedded picture in it, the url for that pic is often encoded with a unique identifier that refers to your email address, so simply viewing the embedded picture confirms that your email address is valid and active. Then the address gets sold on to all and sundry.

 

thanks for all your replies everyone, the e-mails were coming through they had bt yahoo looked pretty convincing to me, then i told my hubby and he told me to ignore them as he was in africa off-shore at the time, then i got one yesterday this time it was sent to my spam folder so i decided to contact bt advisor and she said bt hadnt sent any of them to me and wouldnt ask for them details on line, anyway my hubby said these scams are from nigeria, so from now on i delete any i get had quite a few over these past 8 weeks. im on my guard.
i also get e-mails saying im getting a tax refund of £200 from inland revenue i also ignore these also and delete them

 

Hi Rosa, thanks for bringing up this point. I too get a few of them usually asking me to update my details but I would never click on the site even. You just have to be on your guard at all times using the internet - it's a shame but you never know who is trying to trick you into something. They use any way they can it seems nowadays. :(

 

hi peri,jazmine and everyone, im pleased i brought this up and let everyone be aware of these e-mails, i have had paypal mail that is not genuine they go into my spam and i delete them, my mcafee security centre blocks them so i realized then they were not genuine e-mails from paypal

 

I think it goes without saying Rosa, just be suspicious of anything in your email. I suppose some people must be caught out from time to time but anybody can be who they want to be on the internet. :ywn:

It never ceases to amaze me the depths some people will sink to. :(

 

Thanks for telling us about this. I'm surprised with BT/Yahoo - haven't you got a 'phishing report' thing on your e-mail? I have - mind you I reported 2 a few months ago and never did get a reply! I now 'spam' anything I don't recognize, and have another account that I only give out to very few people so don't get much there.

I know alot of stuff gets put automatically into my spam & I don't even bother opening up the file to see what's in. If it's someone that genuinely wants to get in touch with me then they will know how to. Never open an attachment that you are not 100% sure about - even now I have emails that are ok but still their pics etc are not shown cos of my security and I just see if I want to look at what they are on about and then I can see it on their site anyway.

Terrible that this is still happening with all the technology availably, or maybe it's why! Also, a very good point made about recycling our old hard drives. How do we secure what was on there?

cheers

 

There is an ongoing game of cat and mouse between those that develop all the security stuff, and those that find ways to breach security. I genuinely think that sometimes hackers and virus writers are on the payroll of the security companies. After all, what would happen to companies like McAfee if the baddies just stuck to old techniques that have long since been rendered useless by modern security practices?

I do know for fact that some IT security companies hire people to try to breach their security, the idea being that you breach their security, and then write a report about how you did it so that they can plug that hole, but whether or not they actually encourage people to let viruses and the likes out into the 'wild' or not is a matter for speculation.

The way my colleagues and I do it is to take it outside with a hammer and an old screwdriver, and belt a big hole right through it. We make sure the hole goes right through the actual discs inside the assembly, puncturing it and bending all the innards so there is no possibility of it being salvaged for anything other than scrap metal.

 

"Wonder how these people get our details in the first place - it is quite scary how they do"

The most common way is to create a virus that harvests Email addresses from Inbox / Outbox and send them to the Crimbos who then sell the lists.

If you send a message to a bunch of people - lets say that they either slightly know each other (some sort of Group you are in), or don't know each other at all (a joke you are emailing to lots of your chums) then always use the Blind Carbon, rather than the regular CC.

A regular CC shows all the email details of all the recipients; that's handy for a Group because someone may want to respond to all the people in the group.

But for a regular Bulk Email of some smutty joke I don't want to know that you also emailed it to Tom, Dick and Harry, who I've never heard of!, and more importantly if I can see their email addresses so can a virus on [any of the recipients' computers - and then we are all on the scammers list :(

"The paypal ones can be quite convincing."

PayPal and eBay (and probably most others) include you full name at the top (or something else that only you and the Company should know). This is information that is more difficult for spammers to get hold of. Worth checking a genuine email from PayPal, eBay, etc. and seeing how they identify you by name so that you can more easily spot bogus email, because that critical information is missing, even if the email is very well crafted in all other respects.

"The first rule to remember about businesses, is that they, the genuine company, do lose your details and would never dream to ask you to confirm anything by email."

I'd like to think that's the case, but lots of people working in companies are not well versed in the risks of the internet. The IT people may be, but the people in Marketing, Sales, Support, etc. are often not IT people.

Hopefully they won't ask you for you account number, name and password!! but consider this:

We get lots of requests where the conversation goes something like:

Client: "If anyone fills in the "Contact Us" form send me an email with what they typed in"
Me: "OK, so what if you have a serious problem over the weekend and you get 1,000 emails in a day. Will your email system cope with that? Do you really want 1,000 emails on Monday morning all telling you that there is problem X?"

Client: "Could that happen?"

Me: "<sigh>"

Me: "What about if a customer sends a Contact Us saying "Re; The order I've just placed, could you please use my other credit card number 1234 1111 1111 1111, the number on the back of the card is 123. Oh, and by the way, please change my email address to [email protected]"

Now, the sensitivity here is that the customer filled in a Contact Us form on y Client's website. Lets assume the user was diligent and saw that there was a padlock icon on the Contact Us page, and felt comfortable to input their card details. (Yes, in general terms, that's very safe).

However, the Email system is totality unsafe. 1) there is no guaranteed delivery, so if the company is relying on email to tell them what your request was it may never arrive (slightly long odds, but not that long) and 2) email is totally insecure; unscrupulous people can monitor the traffic and "harvest" the credit card details.

But the people who operate the web site, in good faith, won't know that and its commonplace to provide copies of Orders, Credit cards, Contact us requests by email - totally insecurely :(

(Best you don't give any personal / account / credit card details on a Contact Us page, even if protected by padlock / SSL, because you can't know if the company will then transport that data by some insecure means.

"and have another account that I only give out to very few people so don't get much there"

Sooner or later one of those people will put your email address in a CC list to someone else that has an email-harvesting-virus, or get such a virus themselves. "Trusting friends" is not fool proof I'm afraid - even if they have the best of intentions. Worse, having stolen your address for A Best-Mate the innocuous Email wanting to confirm that you are "real" will appear to have come from "A Best-Mate", and the moment you act on it (opening it, if you have Images set to be shown) will be enough to tell the spammers that the email address they have used (the private one you share with your mates) is real :(

I have a domain that I sue for my email. Lets call it Kristen.com - costs about 20 quid a year. Email to [email protected] is diverted to my normal email address - lets call that [email protected]

I use different aliases on all sites. If I register at GardenersCorner.co.uk then I register with the email address

[email protected]

any email gets "forwarded" to my normal email address, but if GardenersCorner gets hacked and my email address is compromised I can just tell my email program that any email to that address is spam.

I used to have [email protected]. That got compromosied, so I changed my Profile on payPal to set my email address to [email protected]. I'm up to about "8" now :( but the good neds is that 1-7 go straight to my Spam folder :thumb: