ANM775
Badges: 20
Rep:
?
#1
Report Thread starter 4 weeks ago
#1
I wasn't going to make a topic about this, I am taking a break from TSR after all ...but the amount of scamming online and now by phone has just become ridiculous now.

anyways, this a warning about the rise in scamming going on.

I've just been phoned up, and a message played to me saying it's HRMC and they have a fraud investigation raised in my name, and that I must press 1 on the keyboard now to connect to one of their staff or I will be arrested.

I pressed 1, was put on hold. An Indian sounding guy eventually answered. He first asked me why I had called (I found this odd). I then told him about the phone call. He then asked for my name. He then had a look at his computer and gave some reason about fraud being on my tax returns and started asking if i do them myself or have an account. Again I am suspicious as I am not self employed or anything. He then asks me about my employment. I make up a half lie ...to see if he will call me on it. He doesn't.

Shortly after he just hangs up the phone on me.
Before that in the background I could hear talking. He sounded like he was in a call centre. All the voices sounded Indian.

I very much suspect this was a scam.
For starters a Real HRMC person investigating fraud would not just hang up on someone like that.

All the details I gave them was my Name basically, and some false employment details so I doubt they can do much.

I am also constantly getting emails and texts from scammers pretending to be netflix, EE, my bank etc saying they have suspended my account, or they can't verify my details etc, or I need to contact them to avoid charges....

Even 5 years ago, there never used to be this much scamming. There's been a huge increase. and they're definitely getting better at it. I didn't start getting netflix scams until i had created a netflix account. somehow they are knowing what services you sign upto, but obviously lack the passwords.

In the past scams used to be more obvious, eg: dodgy looking urls, broken english, claiming for stuff you're not even signed upto ...but they are getting better at it.

so watch out!
1
reply
username5383500
Badges: 18
Rep:
?
#2
Report 4 weeks ago
#2
(Original post by ANM775)
I've just been phoned up, and a message played to me saying it's HRMC and they have a fraud investigation raised in my name, and that I must press 1 on the keyboard now to connect to one of their staff or I will be arrested.
Surely the penny should have dropped here that this was obviously a scam? HMRC won't call you, play an automated message and then ask you to press a button to connect with them.

(Original post by ANM775)
Even 5 years ago, there never used to be this much scamming. There's been a huge increase. and they're definitely getting better at it. I didn't start getting netflix scams until i had created a netflix account. somehow they are knowing what services you sign upto, but obviously lack the passwords.

In the past scams used to be more obvious, eg: dodgy looking urls, broken english, claiming for stuff you're not even signed upto ...but they are getting better at it.
You're not wrong, that there has been a constant increase in scamming. I wouldn't necessarily say they're getting better at it though. Not to say there aren't sophisticated scams out there, but the really low level stuff is not really any more advanced than it ever has been. There's just a lot more of it, which is partly on account of the fact people keep falling for it.

I would argue most people would have more trouble identifying a dodgy URL that leads to a phishing page, than they would a suspicious phone call. With regards to knowing what services you sign up to, they don't have to know. If you have a mailing list for a million emails, and you fire off some spam asking them to login to Facebook, PayPal, Netflix, etc. odds are a very high proportion of those people are going to have an account on that service. Maybe 1% don't use the service, and of the remaining 99% only 0.1% of them actually fall for it. That's still 990 accounts. Scammers cast a wide net, and then reel in the handful of people that fall for it.

Somewhere along the line, there's been a huge gap of education. A big part of the problem is older people, who didn't grow up with technology and now need to use it without fully understanding the implications. But at the end of the day, you should be treating everything as suspicious. Get a phone call out of the blue? Tell them you'll call the number listed on their website if it's a real problem. Get an email? Don't click any links, don't reply and don't provide any information.

I'll also remind you that recently you made a thread asking about the best antivirus, and we discovered that for whatever reason you had a need to go to dodgy websites, download dodgy files, etc. It should not come as a surprise that you're personally seeing a huge influx of spam on account of this. And you will likely continue to be harassed with spam if your details are out there.
2
reply
Gofre
Badges: 21
Rep:
?
#3
Report 4 weeks ago
#3
If you're certain you're being targeted so specifically (e.g only beginning to impersonate netflix immediately after signing up), I would be highly inclined to do a sweep of your computer for malware and change your key passwords.At the same time, bare in mind that these companies operate by carpet bombing thousands of email addresses at a time, and a timely netflix impersonation could likely give you the impression that's being more specifically targeted.
2
reply
Ramipril
Badges: 18
Rep:
?
#4
Report 4 weeks ago
#4
What better time to start scamming people than in these times of covid when desperation is real.
1
reply
ANM775
Badges: 20
Rep:
?
#5
Report Thread starter 4 weeks ago
#5
(Original post by AcseI)
Surely the penny should have dropped here that this was obviously a scam? HMRC won't call you, play an automated message and then ask you to press a button to connect with them.

Well not everybody has a Cyber Security Degree like you do. I do not work for HRMC, nor have I had any dealings with them over the phone. I do not know how they conduct their enquiries. Also the person on the message sounded like a regular voice (not a freshie), and also the fact that I was threatened with arrest if I did not click through ....made me initially think it was legit. The threat of arrest creates somewhat of an internal panic. I think at least 20-30% of people who received a call like that would click through..

It was after I clicked through, and was waiting for someone to pick up, that logic kicked in ....and i started contemplating is this really legit?


[qutoe]You're not wrong, that there has been a constant increase in scamming. I wouldn't necessarily say they're getting better at it though. Not to say there aren't sophisticated scams out there, but the really low level stuff is not really any more advanced than it ever has been. There's just a lot more of it, which is partly on account of the fact people keep falling for it.[/quote]

They are getting better at it. I received an email earlier this year from someone claiming to have hacked my PC. They then showed me a password that I use. They said they had taken naked pictures of me with my webcam and that I had to pay xxx amount of money or they would spread it. The fact that they had a legitimate password of mine made me think it was legit. After a while logic kicked in and I wondered if it could be a scam so i googled it, and found out it was a scam.

I think a reasonable amount of people would have thought it was legit, as they have passwords. one of my password must have been breached during a major website hack and they were sending off mass emails to everyone who's password they know.



I would argue most people would have more trouble identifying a dodgy URL that leads to a phishing page, than they would a suspicious phone call. With regards to knowing what services you sign up to, they don't have to know. If you have a mailing list for a million emails, and you fire off some spam asking them to login to Facebook, PayPal, Netflix, etc. odds are a very high proportion of those people are going to have an account on that service. Maybe 1% don't use the service, and of the remaining 99% only 0.1% of them actually fall for it. That's still 990 accounts. Scammers cast a wide net, and then reel in the handful of people that fall for it.
That call centre where the man was at sounded BUSY. So either a lot of people are falling for it, or that wide net thing is a very effective strategy. When he realised I didn't do my own tax returns and didn't get anyone else to do them either he didn't really spend much time pleading with me for details or other stuff. He just put the phone down. Business must be boombing if he can afford to cut his losses so quickly. I would have thought I would have to be the one to hang up on a scammer ...but this wasn't the case at all.

Somewhere along the line, there's been a huge gap of education. A big part of the problem is older people, who didn't grow up with technology and now need to use it without fully understanding the implications. But at the end of the day, you should be treating everything as suspicious. Get a phone call out of the blue? Tell them you'll call the number listed on their website if it's a real problem. Get an email? Don't click any links, don't reply and don't provide any information.

I'll also remind you that recently you made a thread asking about the best antivirus, and we discovered that for whatever reason you had a need to go to dodgy websites, download dodgy files, etc. It should not come as a surprise that you're personally seeing a huge influx of spam on account of this. And you will likely continue to be harassed with spam if your details are out there.
Yes, older people seem more vulnerable to this sort of thing unfortunately.

I have only been going to dodgy websites in the last week, and I had noticed a rise in scam attempts well before this so I don't think it is related. the malwarebytes free scan, and AVG have not picked up anything either. If something is there, then it's a pretty good malware....

this is the first time however i've received an actual scam phone call. before that all i had received is texts.
0
reply
ANM775
Badges: 20
Rep:
?
#6
Report Thread starter 4 weeks ago
#6
(Original post by Gofre)
If you're certain you're being targeted so specifically (e.g only beginning to impersonate netflix immediately after signing up), I would be highly inclined to do a sweep of your computer for malware and change your key passwords.At the same time, bare in mind that these companies operate by carpet bombing thousands of email addresses at a time, and a timely netflix impersonation could likely give you the impression that's being more specifically targeted.

My antivirus scanners has found nothing.
I wonder if someone at netflix possible has access to customers names and email addresses and that's how they know?

I think if someone had my email password i would have probably noticed by now as they could use that to reset a lot of passwords...
0
reply
ANM775
Badges: 20
Rep:
?
#7
Report Thread starter 4 weeks ago
#7
(Original post by Ramipril)
What better time to start scamming people than in these times of covid when desperation is real.
I honestly think business is booming for them unfortunately.

I'm getting the idea that this sort of thing can make big money without a huge amount of effort. Kinda makes me tempted to try it out lol, ..but knowing my luck i'd end up jail.
0
reply
Ramipril
Badges: 18
Rep:
?
#8
Report 4 weeks ago
#8
(Original post by ANM775)
I honestly think business is booming for them unfortunately.

I'm getting the idea that this sort of thing can make big money without a huge amount of effort. Kinda makes me tempted to try it out lol, ..but knowing my luck i'd end up jail.
I know right. It's so tempting to find some way to make a profit out of this, be it ethical or not.
0
reply
Gofre
Badges: 21
Rep:
?
#9
Report 4 weeks ago
#9
(Original post by ANM775)
I wonder if someone at netflix possible has access to customers names and email addresses and that's how they know?
If there was anyone at Netflix with the lack of scruples to access and sell user data, they're not going to sell it to people sending sh*tty phishing emails.
1
reply
username5383500
Badges: 18
Rep:
?
#10
Report 4 weeks ago
#10
(Original post by ANM775)
Well not everybody has a Cyber Security Degree like you do. I do not work for HRMC, nor have I had any dealings with them over the phone. I do not know how they conduct their enquiries. Also the person on the message sounded like a regular voice (not a freshie), and also the fact that I was threatened with arrest if I did not click through ....made me initially think it was legit. The threat of arrest creates somewhat of an internal panic. I think at least 20-30% of people who received a call like that would click through..

It was after I clicked through, and was waiting for someone to pick up, that logic kicked in ....and i started contemplating is this really legit?
Nobody should require a CyberSec degree to stay safe online. In much the same way you don't need to be a mechanic in order to get a drivers licence.

You're correct to an extent, a lot of people would click through and it's precisely because many scams create a sense of urgency. You've won something, click now to claim. You're in trouble, click now to deal with it. That sort of thing. The issue is that people weren't taught to think, and take a moment to consider if this is legit or what the consequences are if it isn't.

(Original post by ANM775)
They are getting better at it. I received an email earlier this year from someone claiming to have hacked my PC. They then showed me a password that I use. They said they had taken naked pictures of me with my webcam and that I had to pay xxx amount of money or they would spread it. The fact that they had a legitimate password of mine made me think it was legit. After a while logic kicked in and I wondered if it could be a scam so i googled it, and found out it was a scam.

I think a reasonable amount of people would have thought it was legit, as they have passwords. one of my password must have been breached during a major website hack and they were sending off mass emails to everyone who's password they know.
Trust me, on the whole they're really not. A subset of scams are getting more advanced, but on the surface nothing has massively changed. It's just the scams come from Netflix or HMRC now, rather than a Nigerian prince offering you millions. The root idea described above of creating a sense of urgency or panic has not changed, just the methods used to do it.

If the scams were getting more advanced, then the general rule of applying common sense before acting would not be enough. But it remains true that if someone takes a moment to think, they'd typically be able to spot the scam. Or at least show enough doubt to not just blindly click something straight away. The blanket approach is really the least advanced thing going, and is literally thwarted entirely by just thinking "is this legit" whenever you get an email, text, phone call, etc. that seems a bit out of the blue.

(Original post by ANM775)
That call centre where the man was at sounded BUSY. So either a lot of people are falling for it, or that wide net thing is a very effective strategy. When he realised I didn't do my own tax returns and didn't get anyone else to do them either he didn't really spend much time pleading with me for details or other stuff. He just put the phone down. Business must be boombing if he can afford to cut his losses so quickly. I would have thought I would have to be the one to hang up on a scammer ...but this wasn't the case at all.
It's an entire industry, and like many types of crime it's quite profitable. It wouldn't be happening if it weren't worth it after all. On the whole, it's incredibly low effort and high reward. Compared to a lot of the more technical things, it's no surprise that basic scamming is so common.


(Original post by ANM775)
Yes, older people seem more vulnerable to this sort of thing unfortunately.

I have only been going to dodgy websites in the last week, and I had noticed a rise in scam attempts well before this so I don't think it is related. the malwarebytes free scan, and AVG have not picked up anything either. If something is there, then it's a pretty good malware....

this is the first time however i've received an actual scam phone call. before that all i had received is texts.
What's more likely is that your details were leaked somewhere (check HaveIBeenPwned). Even then, it's not necessary for malware to be on your device to scrape info. Not to mention it's almost trivial to bypass AV in the first place, but going the malware approach adds a lot of overhead.

At this point, it's reasonable to assume your phone number (at a minimum) is being circulated and you'll be receiving more texts and calls in the future. And short of getting a new number there's absolutely nothing you can do about that I'm afraid. With emails it is at least quite easy to compartmentalise and scrap accounts.
1
reply
ANM775
Badges: 20
Rep:
?
#11
Report Thread starter 4 weeks ago
#11
(Original post by AcseI)
What's more likely is that your details were leaked somewhere (check HaveIBeenPwned). Even then, it's not necessary for malware to be on your device to scrape info. Not to mention it's almost trivial to bypass AV in the first place, but going the malware approach adds a lot of overhead.

At this point, it's reasonable to assume your phone number (at a minimum) is being circulated and you'll be receiving more texts and calls in the future. And short of getting a new number there's absolutely nothing you can do about that I'm afraid. With emails it is at least quite easy to compartmentalise and scrap accounts.

Yeah, I checked that site after the webcam thing, and unfortunately that password has been discovered.
Someone tried to log into my facebook too with it a long time ago, but facebook stopped them and alerted me.
0
reply
username5383500
Badges: 18
Rep:
?
#12
Report 4 weeks ago
#12
(Original post by ANM775)
Yeah, I checked that site after the webcam thing, and unfortunately that password has been discovered.
Someone tried to log into my facebook too with it a long time ago, but facebook stopped them and alerted me.
I'll assume you already changed the password, but on the offchance you haven't make sure you're not using that password for anything now. Make sure all your passwords are different, and for extra peace of mind enable 2FA wherever possible
0
reply
ANM775
Badges: 20
Rep:
?
#13
Report Thread starter 4 weeks ago
#13
(Original post by AcseI)
I'll assume you already changed the password, but on the offchance you haven't make sure you're not using that password for anything now. Make sure all your passwords are different, and for extra peace of mind enable 2FA wherever possible
I think i've changed it for everything. although there are so much websites i've signed upto over the years there's always the possibility i've missed one. I do use multiple passwords, but i admit i do use several of the same passwords on different sites. Yes, technically we should have a different password for every site we use, but in reality that's just not practical. You can't remember like 50 different passwords! ,

2FA seems like a good option, but also kinda risky. Like what if I lose my phone ...?

I keep my banking passwords different from forum passwords tho,
although banks typically use other stuff in addition to password so if they got a password i doubt they'd be able to get in anyway....
0
reply
Oxford Mum
Badges: 21
Rep:
?
#14
Report 4 weeks ago
#14
There was an attempted scam on me yesterday, when I was phoned up to say that my mastercard was used in a foreign country and they had spent £60. Well I don't use my mastercard any more, and when I questioned them, they were flummoxed when I was asking them to deviate from the script. They didn't actually understand my English. I just couldn't be bothered to wait for them to ask for my bank details, so I just barked down the phone, "I didn't make the payment, so please cancel it" and put the phone down.

They did not ring me back. Presumably they just rang up the next poor victim and good riddance.
0
reply
username5383500
Badges: 18
Rep:
?
#15
Report 4 weeks ago
#15
(Original post by ANM775)
I think i've changed it for everything. although there are so much websites i've signed upto over the years there's always the possibility i've missed one. I do use multiple passwords, but i admit i do use several of the same passwords on different sites. Yes, technically we should have a different password for every site we use, but in reality that's just not practical. You can't remember like 50 different passwords! ,
Password managers are an answer to that, although I can't personally say I'm a fan of creating a single point of failure. Contrary to popular belief, keeping a physical password book isn't a bad idea either, as hackers aren't going to break into your home. Compartmentalising can also take the form of multiple email accounts, as it's not just a password that is required to login. It's less about it being impractical, and more about someone not wanting to go the effort.

If you do genuinely have dozens of accounts though, maybe consider which ones you no longer need. I could see someone having maybe 10 or 20 core accounts, but it's all those random things someone signs up for that'd be more concerned about leaking data to begin with.

(Original post by ANM775)
2FA seems like a good option, but also kinda risky. Like what if I lose my phone ...?
That's kind of the point of 2FA, if one factor goes away that's not enough to compromise the account. And what are the odds of losing your phone anyway?

But if that was a concern, you'd also have a recovery option. 2FA does not exclusively have to be "your phone" either. It's kind of a more niche option though, since so many services do not support MFA. In many cases the first and last line of defence is the login credentials.

(Original post by ANM775)
I keep my banking passwords different from forum passwords tho,
although banks typically use other stuff in addition to password so if they got a password i doubt they'd be able to get in anyway....
This is good practice. It's not perfect, but it's better than using the same password universally. Would probably be worth exploring which passwords are being reused, and how you'd be impacted by a breach in any one service.

This also does raise another point. It's important to be aware of what "other information" someone might require to get into your account. For example, security questions are dumb because a lot of people put this information out in the public domain (mother's maiden name, first school, etc.). Or people do these daft Facebook quizzes (your superhero name is your favourite colour and the name of your first pet for example) and just volunteer the information away.
0
reply
spotify95
Badges: 18
Rep:
?
#16
Report 4 weeks ago
#16
Scams are nasty things if you ask me. The obvious ones will always be obvious, but the sneaky ones are what you've got to be mindful of.
I've unfortunately recently fallen for a sneaky scam myself; you wouldn't be able to tell from the offset that it was a scam.
It happened on Gumtree and what was going to originally be a smooth transaction turned into a £1500+ loss.
Needless to say, I've blocked the scammer from contacting me again, but whether its worth the hassle and aggrevation of contacting the police vs just writing it off as a bad debt (I'm in employment so can at least earn it back again, even if it takes a while), is another matter.

I won't be divulging details of what happened, on here - if you want more detail, whizz me a PM.
0
reply
X

Quick Reply

Attached files
Write a reply...
Reply
new posts
Back
to top
Latest
My Feed

See more of what you like on
The Student Room

You can personalise what you see on TSR. Tell us a little about yourself to get started.

Personalise

Are you travelling in the Uni student travel window (3-9 Dec) to go home for Christmas?

Yes (55)
28.8%
No - I have already returned home (24)
12.57%
No - I plan on travelling outside these dates (43)
22.51%
No - I'm staying at my term time address over Christmas (18)
9.42%
No - I live at home during term anyway (51)
26.7%

Watched Threads

View All