At It Again – But New Twist? (Scammers)

Advert

New Replies

Report Bug

Help/FAQs

At It Again – But New Twist? (Scammers)

This topic has 68 replies, 33 voices, and was last updated 12 July 2023 at 14:51 by Fowlers Fury.

Viewing 19 posts - 51 through 69 (of 69 total)

← 1 2 3

Author

Posts
20 June 2023 at 00:59 #649063
Anonymous
Posted by the artfull-codger on 19/06/2023 22:29:03:

Got a phone call this morning asking if I was Mr *** yes sez I & who are you?

I never do this. If someone calls me I insist on them telling me who's calling before I will enter into any discussion whatever. It's, at best, highly discourteous of them to ask me questions without me knowing who's asking.

At that point, if it sounds iffy (most do) I just hang up.
Advert

20 June 2023 at 08:18 #649082
Nealeb
Participant
@nealeb
Back in my youth – in the days of party lines, for those who remember such things – we would always answer a call with our number. These days, like others, it's just a simple "Hello" to avoid giving out any information. But, not all slightly odd calls are scammers.

Yesterday, I took a call on my landline from a woman asking to speak to Mrs X (names changed to protect…). Never having heard of Mrs X, I suggested that the caller had a wrong number. She asked what my number was. I said that if she told me the number she had dialled, I would say if it were correct. She would not tell me but after a bit of to and fro she said that she was a nurse from a local hospital department. I said that I had been speaking to that department very recently and perhaps there had been a clerical error. Turns out that she was the person I spoke to a couple of weeks ago, and it seems that there must have been an error in records at their end. Maybe I shall be meeting Mrs X when I go to the seminar under discussion in a couple of weeks!

It does raise an interesting question, though, of how you reliably authenticate two people who do not know each other over a phone without revealing any information that could be of use to a scammer. Back in my day job in IT security this was always a significant issue between computer systems – and still is – but in the real world it's one that doesn't seem to have a well-identified solution. I did once have a call where I rang them, and to help them identify me they asked me to name a road close to where I lived. That seems like quite a good one. But when you get a call from, supposedly, your "mobile phone provider" who asks security questions – no way!
20 June 2023 at 10:43 #649094
SillyOldDuffer
Moderator
@sillyoldduffer
Posted by Nealeb on 20/06/2023 08:18:02:

…

It does raise an interesting question, though, of how you reliably authenticate two people who do not know each other over a phone without revealing any information that could be of use to a scammer. Back in my day job in IT security this was always a significant issue between computer systems – and still is – but in the real world it's one that doesn't seem to have a well-identified solution. …

Cryptography is the answer. Both sides share a secret, typically a password, a cypher, which need not be secret and a key, which is. The caller encrypts the password and rings the number. The receiver decrypts the password and only trusts the caller if there's a match. Possibly the receiver is required to respond with another encrypted password before the caller trusts the receiver.

Unfortunately the answer is hard to implement. There's a lot of admin and the key and password have to be changed regularly, which requires a secure channel. Unless the system is very simple, users either fail to comprehend it, or make too many mistakes. Security is perceived as a time-wasting faff, and users don't accept the need to follow the rules meticulously. The perception security is a time-wasting faff is correct until the balloon goes up!

Before computers became ubiquitous, encryption was only applied by organisations with trained staff. The military, diplomatic services, banks, and maybe organised crime. Crypto-systems can be attacked in many ways. How Nazi Germany's sophisticated Enigma system was unpicked during WW2 is well documented, and understanding the various methods used is an eye-opener.

Today, computer encryption is used by almost everybody. A program does most of the work, essentially setting up secure channels by exchanging encrypted tokens as described above. The cypher and key mechanism is strong and computer programs don't take the lazy ignorant shortcuts that humans believe are "common sense". And once connected to a secure service like a bank, the bank implements another layer of security before the connection is trusted. Trouble is, the mechanism is too complicated for humans to copy with paper and pencil. The consequence is that telephones are insecure, and their users have be alert, where both sides have to establish trust by asking the right questions. Not easy, especially when one side is up to no good, and they are armed with your personal information.

Anyone have their pension or payroll managed by Capita? Highly likely because many firms and organisations have outsourced payroll and pensions to specialists like Capita. In the distant past, I lost confidence in Capita, because they couldn't answer some rather basic questions about how they would protect data. This year Capita were comprehensively hacked by a Russian criminal organisation, and a large amount of private customer information is now in the wrong hands. Everything needed for convincing spam calls and much worse: names, addresses, phone numbers, email addresses, account numbers, and financial details galore. British Aerospace outsourced pensions to Capita, and now my aged mother has received a frank warning letter from BAe advising her to take a long list of precautions that she doesn't understand.

Be interesting to see how this develops. A firm of lawyers has already started a class action against Capita, and I'm wondering what Due Diligence BAe undertook before outsourcing pensions.

Capita's "Update on actions taken to resolve the cyber incident" does them no favours to my mind. The firms main concern appears to be reassuring investors, not the enormous problem the leak will cause the many individuals affected! Note they provide contact details for investors and the media, but not victims!

In my opinion the law doesn't punish sloppy security adequately, or pursue those responsible. Over the last 20 years, cyber-crime has become the largest category of crime in the UK and almost nothing has been done to prevent or prosecute it. The police need significant extra resources and either a major reorganisation of force boundaries, or a new national force. Not the sort of local basic policing that Sergeant Dixon dealt with in Dock Green manor, or a job for the Sweeny!

Whilst typing this, I received a phone call from Microsoft, asking for me by name. The caller-id was my sister's mobile phone number. This is the most well-informed phone spam I've received so far: despite my efforts to keep my identity private on the web, they've got hold of two different private facts that can be used to create trust. Having several private facts greatly increases the chance of pulling off of successful con trick. I'm afraid I told the young lady a lot of misleading untruths, but it underlined the rising risk. Let's be careful out there!

Dave
20 June 2023 at 14:58 #649118
DMB
Participant
@dmb
I keep hoping that the scammers hit many of the 'big nobs' really hard so as to ensure that strings get pulled hard and something done abou it. People like senior Judges an Barristers and seniors in Police, Armed Forces, occupants of the House of Lords, royal family members, Privvy Councillors and so on. In other words, all the filthy rich get knee capped by scammers something WILL get done. Want to see all those huge pension pots drained – will serve them right for not getting off their butts and providing proper help and protection for those that they employ on peanuts to keep them in their fancy lifestyles.
20 June 2023 at 15:17 #649119
Michael Gilligan
Participant
@michaelgilligan61133
Oh dear … another thread appears to be heading for [we don’t do Politics here] oblivion.

MichaelG.
20 June 2023 at 19:00 #649134
DMB
Participant
@dmb
Michael G,

I didn't intend to bring Politics into this thread and still don't believe that I have. What I said was that little or nothing will get done until the 'bigheads' get affected and the sooner that happens the better. I fail to understand how that could be political. More a case of us and them.

John
20 June 2023 at 19:35 #649138
Nigel McBurney 1
Participant
@nigelmcburney1
The endless phone calls for insulation,others purporting to be from Amazon,i sometimes reply " this is the butler speaking,madam is not at home today thankyou' that gets rid of them.
20 June 2023 at 20:07 #649140
Michael Gilligan
Participant
@michaelgilligan61133
Posted by DMB on 20/06/2023 19:00:48:

… I didn't intend to bring Politics into this thread and still don't believe that I have. What I said was that little or nothing will get done until the 'bigheads' get affected and the sooner that happens the better. I fail to understand how that could be political. More a case of us and them.

.

Sorry, John … I have only just seen your reply

I meant, and mean, no offence but … if I can’t call your statements ‘political’ then I am lost for any other words.

I will now remain silent on the matter … and apologise for the interruption.

MichaelG.
30 June 2023 at 09:40 #650428
Circlip
Participant
@circlip
Just got another one ( I think) from GOVUK . Seems I've been under paid to the tune of about £350 on energy supplement, Fill in the following details to reclaim. As this was originally refunded direct to my account by the energy supply company, I wonder why GOVUK needs all my location and banking details?

Another entry to the ineffective 'Phishing' and 'Block' buttons on T'internet.

Regards Ian.
30 June 2023 at 11:12 #650436
Nigel Graham 2
Participant
@nigelgraham2
it's a pit we don't know how effective the Governmental and many commercial phishing report schemes are, but it's their policy not to reveal any details.

Understandably because no-one wants them to become an unwitting guide to the criminals; but if the attackers are in some other country that lacks the resources or will to trace and arrest the gangs, these schemes cannot be as effective as they should be.

The gangs obviously know these schemes operate so just keep creating new identities and even domains to bypass the blocks. It needs a concerted effort to trace the sender, and I wonder if the hack's "Reply" buttons cannot be hacked to send his computer a reply he does not want: one that disables it. Yes, he will buy or steal another… and another… until it becomes too much for him.
30 June 2023 at 11:40 #650437
Nealeb
Participant
@nealeb
I wouldn't worry about it. The new Online Safety Bill currently being proposed by the Government will allow them via unaccountable large technology companies to legitimately plant spyware on your phone and, presumably, other Internet-connected devices, in order to send selected snippets back to an anonymous Government department without your knowledge. What could possibly go wrong? After all, I'm sure that there is a law which forbids the bad guys from exploiting any back doors installed on a phone, so that's OK.

But let's look on the bright side. If the scammers can read your phone directly, then you won't need to be bothered with all these scamming calls. That has to be a good thing, doesn't it?
30 June 2023 at 22:02 #650539
Nigel Graham 2
Participant
@nigelgraham2
I've not read that Bill so I don't know what it actually says…

However, it does not matter what the Government does or does not do. We are still at risk of attack from state or criminal hackers.
30 June 2023 at 22:40 #650546
DMB
Participant
@dmb
What I posted on 20/6 was not intended to be political. I dont give a toss whether some senior judge (or any of the others listed) is a Labour or Tory supporter, or of any other party. I just keep hoping that they get taken for a small fortune because they will be more able than ordinary Joe Bloggs to get something done about the current situation.

I dont get scam phone calls on my landline because I no longer have one. My mob is normally switched off to conserve battery power but when I do switch it on, I find the logs show a number of mystery nos appearing as missed calls. Couldn't care less whether they're genuine or not, if I dont recognise the number it simply gets deleted. Occasionally get a dodgy looking email just delete. I always approach a business for what I want, never react to unexpected email which could be a fake. Dont touch social media platforms so cant be found by scammers via that route. Dont 'do' porn or dark web stuff so avoid danger from that direction. Security measures frequently altered and passwords never used twice. Make my own rather than using a password manager where all the keys are in the same box as it were.

Edited By DMB on 30/06/2023 22:43:04
11 July 2023 at 23:06 #651747
Nigel Graham 2
Participant
@nigelgraham2
Made a change to receive this morning, a cold-call not ostensibly fraudulent but just good old-fashioned sales techniques.

After a silence a lady with an English accent (!) spoke. I apologised for not speaking first because, I said, it was around the time most of the scam calls come.

She proceeded to waffle brightly on about her company, called something like "Clean Safe" it sounded like, being "in your area" and can call tomorrow morning, to survey my home's heat losses.

"In the middle of Summer with lots of windows open?" I asked. That apparently made no difference. Or she failed to understand my point.

"Funds have been made available…" she continued, without saying for what.

"Hang on", I interrupted, "What is this company? What does it do?"

She hung up, abruptly.
12 July 2023 at 08:18 #651762
DMB
Participant
@dmb
Nigel,

Yeah, certainly seems very dodgy.

John

Edited By DMB on 12/07/2023 08:30:33
12 July 2023 at 11:15 #651790
Peter G. Shaw
Participant
@peterg-shaw75338
I keep getting asked by various parties for my mobile phone number. My reply is, that I do have one, but I don't give out the number. Most genuine firms accept that. Surprisingly, the ones that have caused most problems, are the GP & the Dentist, the latter being an American (where else?) piece of software.

Remember though, you always have the upper hand – if in doubt, or even if not, you can always hang up on the caller. End of scam call.

Cheers,

Peter G. Shaw
12 July 2023 at 11:55 #651796
Nigel Graham 2
Participant
@nigelgraham2
The call may have been genuine, simply a way to sell me spray-on loft insulation or the like; but I was not going to risk it. As you hint, I felt no genuine company would refuse to explain itself in such a rude manner anyway.

That foam insulation sprayed on between the rafters, should be avoided at all costs anyway!

.

If the portable-phone number request is on a web-site otherwise innocent, but you still do not want to reveal your number allegedly "Needed" for the site to operate, would it work simply to type one random digit 11 times?

Databases do not like unexpectedly empty cells anyway, but these are probably set to fail deliberately until you comply.

I wonder too what will happen if I keep using my 3G rated 'phone after the service has been changed to 5G. It is not linked to the Internet and I understand it will still work as a telephone, albeit at lower quality, but the problem may be text-messages from important, database-driven sources like the GP's surgery.

Edited By Nigel Graham 2 on 12/07/2023 12:04:54
12 July 2023 at 12:31 #651800
Nigel Graham 2
Participant
@nigelgraham2
Half an hour ago I reported a phishing attempt alleging itself as from B T.

A few minutes ago I received a genuine message from BT.

(Note the difference – one of the give-aways apart from the strange sender's and other addresses displayed, via ".nz&quot

The latter, real one was an ad for "smart"-'phones – BT keeps sending them. It was headed,

"Choices, choices, choices…"

Thinking it would be immediately rejected by a "no-reply" sender, I was surprised that did not happen when I replied with,

"Too many choices, all costly".
12 July 2023 at 14:51 #651825
Fowlers Fury
Participant
@fowlersfury
Re: NG2's posting above. To circumvent the requirement to supply your real number try this service (for UK numbers) :-
website

It has good reviews on TrustPilot FWIW and I used it a few times without any issues.
When I can "get away with it" signing up for some new service or site access, I'll fire up my VPN first.

Clearly many so-called bona fide companies pass on (sell?) telephone numbers and email addresses to 3rd parties. There are many free online sites which will provide an e-address which expires after a day or two. That is, long enough for you to have confirmed your email to join !

As for the accursed cookies which pervade the web these days, "Cookie Autodelete" with Firefox Focus is excellent.
Author

Posts