Phishing Pests - had any lately?

[Bertie Doe]

This morning I got an email "Get Your Free Omicron PCR today to avoid restrictions" It had the authentic blue/white NHS logo. Although, not too difficult to forge IMHO. A couple of 'Red flags' in the letter. Firstly the "Free" Omicron test becomes £1.24 to cover postage. I didn't click on link but assume there was a request for bank info 🙄. In a sub-heading the word Omicron became "Omicorn".

 

Needless to say, I forwarded it on to :-    http://report@phishing.gov.uk

 

I'm reluctant to change my email address as I've had this since day 1. Anyone else had anything from the phishing fleet?

[jocap]

Our local scam page on social media has posted this with a warning. 

I didn't notice if it said O my corn or not!  😮  😄 

[Bertie Doe]

17 hours ago, jocap said:

Our local scam page on social media has posted this with a warning. 

I didn't notice if it said O my corn or not!  😮  😄 

I got a reply from HM Gov phishing site, thanking me for sending them the NHS Omicron email, they also said :-  "As of 31st October 2021 the number of reports received stand at more than 8,100,000 with the removal of more than 67,000 scams across 124,000 URLs."

 

I'm not sure of the maths here, does that indicate that most of the sent emails they were sent - were genuine?

 

I got another bogus NHS covid test kit scam this morning. This suggests their site hasn't been closed or they simply generate a bogus URL at hourly intervals? Anyone Techie know the answer to this?

 

The return email address for the NHS site was

contact@pcr-nhs-test.co.uk 

Is there a way of checking if this is suspect?

 

Edited December 1, 2021 by Bertie Doe
more info

[Harters]

Bertie - you can always check a website domain name on the "who is" website. Here's the listing for these con artists (which you'll see says it's suspended)

 

https://who.is/whois/pcr-nhs-test.co.uk

[Bertie Doe]

1 hour ago, Harters said:

Bertie - you can always check a website domain name on the "who is" website. Here's the listing for these con artists (which you'll see says it's suspended)

 

https://who.is/whois/pcr-nhs-test.co.uk

 

Harters that's brilliant, I'll save your 'who is' website/logo to my desktop for future use. I see they registered the site last Tues 30th Nov, the very day they tried to phish me. Let's hope they haven't caught anyone before they got suspended.

 

Shows you how ruthless these folk are when using an NHS logo to feed on peoples' Covid fears. Thanks again.

Edited December 4, 2021 by Bertie Doe
typos

[Harters]

Bertie - I play on Tripadvisor's Tenerife forum quite a bit. Pre-pandemic, there was a big problem with crooks who set up fake websites, purporting to be genuine agents renting out apartments. They would take your money (asking for it by bank transfer) but there would be no property when you arrived for your holiday. By which time the crooks would have done a complete runner.

 

A few of us have got quite adept at assessing whether companies are likely to be crooks so can offer advice to anyone asking about one. One of the key giveaways is the very recent setting up of a website.

 

John

[Bertie Doe]

4 hours ago, Harters said:

Bertie - I play on Tripadvisor's Tenerife forum quite a bit. Pre-pandemic, there was a big problem with crooks who set up fake websites, purporting to be genuine agents renting out apartments. They would take your money (asking for it by bank transfer) but there would be no property when you arrived for your holiday. By which time the crooks would have done a complete runner.

 

I've been watching  the La Palma live webcam on the active volcano since it started erupting 70 days ago. Less active now but it's still closed the airport and most of the traffic has been diverted to Tenerife.

https://www.youtube.com/watch?v=Fg7zu2NNunc

If you get another duff apartment, please post the link, so that folk can get an idea of what to look out for.

[Harters]

Will do, Bertie. But , in the meantime, here's the main warning flags:

 

1 - website requires payment by bank transfer or some other non-traceable payment method. Why would a legit business not take credit cards

 

2 - as mentioned the website is very new. Big warning flag if that's coupled with claims to have been in business for years.

 

3 - a lack of a street address on the website. Why wouldnt a legit business not say where they were. But, also, check the company name through Google. And look up any given street address on Google Streetview to see if it looks right for a business.

 

4 - the old adage of if it looks too good to be true then......... Does everything "feel" right.

[Bertie Doe]

On 12/7/2021 at 10:00 AM, Harters said:

 

4 - the old adage of if it looks too good to be true then......... Does everything "feel" right.

Yep, my particular 'pest' has sent me three similar emails purporting to me from finance expert Martin Lewis, which plugs 'Bitcoin' investment. I've forwarded them to report@phishing.gov.uk.

 

The from address is emails@e.etsy.com but the 'Neverbounce' site lists this as a domain-wide, accept all (unverifiable) setting. As you say, the extra 'e' in the address doesn't "feel" right but it does get used by phishers a lot, according to the Etsy Community, so beware if anyone gets one :-

https://community.etsy.com/t5/Managing-Your-Shop/questionable-email/td-p/127419106 

 

[jocap]

Cumbria police put out a warning to my local region, which was under spam attack by people who were using your full name and address, supposedly from the "London" police, saying that they'd caught someone using your CC in Argos. 

I received one, but when the "police" wanted to check my CC, I said I'd show it to a local police officer who happened to be in the family- the phone was smashed down.

They were going through some list of local villages, because people were asking about this on local media, especially elderly people.

It seems that they can buy names and addresses from some source... it's certainly a bit alarming when you're addressed by your full name.

[Bloodgem]

10 hours ago, jocap said:

It seems that they can buy names and addresses from some source... it's certainly a bit alarming when you're addressed by your full name.

Your full name and address appears on the open electoral register, which any person, organisation or company can buy. 

You can ask not to have your details on the open register.

https://ico.org.uk/your-data-matters/electoral-register/

[ovccruiser]

Had a couple of emails recently saying I have had close contact with someone who has Covid, a good try but I do not have the NHS app on my phone and to state Omicron not just Covid 19 is rather specific lol

[terrierjohn]

I have had several text messages recently advising that I had missed a parcel delivery, fortunately we dont get many parcels, so I know when one is not expected. Equally the senders ID always seems to be a very weird jumble, so I know to avoid clicking the link and wracking up a big bill.

[terrierjohn]

On 12/1/2021 at 2:29 PM, Bertie Doe said:

I'm not sure of the maths here, does that indicate that most of the sent emails they were sent - were genuine?

 

 

 

 

 

On 12/1/2021 at 2:29 PM, Bertie Doe said:

 

I assume there were would be many multiple reports of the same phishing message.