A scam phone calls and emails discussion.

[Lucan]

0091... would be India (or faked).

Can't imagine why anyone would fake a number to look as if it came from India

 

[Buzby]

On the occasions I have seen this happen, the caller believes they are forwarding a more suitable number (NatWest, TSB, Lloyds, HSBC etc) but a configuration issue - like too few or too many numbers will cause the real line number to be displayed.

 

[Amos]

Here’s a new one I’ve not had before, an email telling me my Disney+ account has expired (I don’t have one), but I can extend for free for ninety days as part of the loyalty programme. Of course, they need my credit card details to verify my account.

Looked on the Disney website for an address to forward phishing emails to for their attention, but looks like they don’t have one as the help page just says delete the email and don’t click any links.

[email protected]
Though @najaB gave some good advice about sending the original email as an attachment rather then just forwarding it.

 

[jbqfc]

I have just had a missed delivery Email from Evri wanting £1.60 to redeliver looked very good even named the van driver
the thing that pointed out that it was a scam was no name or address on the Email

 

[sor]

Sorry if this has been raised already in this thread but 60 pages are a lot to go through ...

Why do telecom companies allow callers to display false numbers rather than the number they are actually calling from? How difficult would it to be stop this facility?

And why do banks allow money to be paid into accounts obviously run by scammers?

There are technical means to do this (called SHAKEN/STIR) and so far it has been widely implemented in the US. Ofcom is looking into requiring its implementation over here but my understanding is that the telcos are waiting for the legacy PSTN to go away as it these new standards are very heavily linked to VoIP based networks. Until then it remains a free for all.

Essentially, the originating telco (or the customer themselves, in some cases IIRC) will send a message alongside every call to confirm who that telco is, that they are certifying the accuracy of the caller ID information, and there are various levels of accuracy. The receiving telco can check that it really did come from the originating telco and can decide what to do with it - if it's low accuracy then they could replace the number with something else or drop the call. Misbehaving telcos could simply have all their calls treated in that way until they sort themselves out.

Because all phone numbers are ‘virtual’ - or became so after System X and AXE10 Exchanges began rolling out in the mid 70’s. The old numbers were mapped to a line identity at the exchange, which was also used for billing. Fully digital lines of end users with ISDN would be given a ‘block’ of numbers. 30 if it was ISDN 30, 10 if ISDN 2 (or 2e). The customer could decide what number(s) to use, just 1 - for Call centre use, or anything from the allocated range - this allowed DDI (Direct Dialling In) to PABX’s that did away with switchboard. Unscrupulous firms found that they could make their PABX show (‘present’ in the parlance) not just their allocated line numbers, but anything at all - this was to facilitate 0800, 0345 or any other number that could be routed to the firm. Meanwhile, the analogue PSTN was locked down, with no ability for the renter to change the line number shown - only cause it not to be shown to other analogue customers (Firms with ISDN lines got the number anyway with a flag saying ‘do not display’)

There can be many legitimate reasons why a ’false’ number needs to be used - a hospital ward calling out should show its main number for returning calls. The days of ‘withheld’ numbers are universally disliked, as ACR (Anonymous Call Rejection) saw to that. The signalling standard for digital lines allowed for it - across the world - so inbound calls from India or the Philippines whether genuine or fake, can have any number programmed into it - even VOIP ‘soft’ phones let you select what number your call recipients will see. I agree it’s not ideal, but even the bank card scams - where the real number is spoofed is no reason to accept it at face value, and the public needs to realise this.

I seem to remember reading that BT also used to block all caller ID from international calls because they couldn't verify the origin. I suppose the rise of VoIP services and the relative ease of becoming a telco these days has put paid to that - the reputable telcos control what you can present for caller ID, eg they require you to show a bill or other proof of ownership before you can use it, but there's a lot that don't.

I suppose there are degrees of "falseness". A hospital or surgery having all their calls sent out with the main switchboard number is fine - it is at least a number they control, though there's the argument that they prefer to be withheld because in some cases the idea of receiving medical treatment may itself be confidential. Someone sending them as 01234567890 would not be fine. BT themselves typically use 08003289393 for call centre phones and the like. This is a number they own and goes to a recording that says someone from BT tried to contact you.

 

[londonbridge]

Just had an SMS allegedly from DVLA: DVLA: “We require verification of your driver's licence record due to our routine checks. Take appropriate action on this matter on “update dot ukdvlagov dot com”…..I passed my test in my younger days but haven’t driven, owned a vehicle or used my licence for over twenty five years (in fact I still have the old pink paper licence) and have never given the DVLA a mobile number, so an obvious scam and reported to 7726.

On a side note, (mods please split this to a new thread if you deem it necessary), does anyone know when and why the DVLC was changed to become the DVLA?

 

[Mcr Warrior]

On a side note, (mods please split this to a new thread if you deem it necessary), does anyone know when and why the DVLC was changed to become the DVLA?

Change took place in April 1990 when the DVLC (established 1965) became an executive agency of the Department of Transport.

 

[PeterC]

I have just had a missed delivery Email from Evri wanting £1.60 to redeliver looked very good even named the van driver
the thing that pointed out that it was a scam was no name or address on the Email

I had one of those. I was expecting a parcel and spent a whole 2 seconds cursing the shipper for not notifying me of despatch before seeing the redelivery charge. It was a very good fake

 

[Lucan]

New one to me : a recorded call with an English accent that my water supply was to be interrupted. I was supposed to press "1" to confirm I had received the message or "2" to hear it again. They called again 10 minutes later, and this time I let it run out of steam and they hung up. Up the thread there was a discussion on whether pressing a button could start a premium charge against you - surely this must be the point of this scam.

The caller was a 0115 number (Nottinham, but possibly spoofed), can't remember it now, but the Whocalledme website had over a thousand reports on it, and it also used "electricity supply interruptions" and "storm weather warnings" as the pretext. Some calls are reported to come in the small hours - perhaps that is because they came from abroad and get our time wrong, or thay want to make it seem more important, or they want to catch you when you are dozy.

 

[John Webb]

New one to me : a recorded call with an English accent that my water supply was to be interrupted. I was supposed to press "1" to confirm I had received the message or "2" to hear it again. They called again 10 minutes later, and this time I let it run out of steam and they hung up. Up the thread there was a discussion on whether pressing a button could start a premium charge against you - surely this must be the point of this scam.

The caller was a 0115 number (Nottinham, but possibly spoofed), can't remember it now, but the Whocalledme website had over a thousand reports on it, and it also used "electricity supply interruptions" and "storm weather warnings" as the pretext. Some calls are reported to come in the small hours - perhaps that is because they came from abroad and get our time wrong, or thay want to make it seem more important, or they want to catch you when you are dozy.

I recall several pages back that this 'Premium Number' scam was unlikely. I think this sort of call more likely a way of finding out what numbers are active and have people willing to push buttons?

 

[sor]

to repeat - you *cannot* be charged on your phone bill through any action taken on an incoming call (except reverse charge calls, but those can only be performed with the help of an operator or the likes of 0800 reverse, not random scammers)

as has been said - probably a way to check you're listening and it went through to a valid number with a human on it (ie not a lift phone or an automated service)

Some water companies do send out emails about disruption, if they have it on file. I've had them for low pressure & they even helpfully explained what the problem was and what was being done about it

 

[Buzby]

A largely automated system - 2 to ‘repeat’ just playa the message again, but 1 to ‘confirm’ would not instigate a premium rate call, BUT if the call is transferred (their cost, as they called you) then an agent could then reveal how they plan to relieve you of some money (or not)! I usually respond with * or # to try for a system prompt.

My favourite from the ‘old’ days - pre plug-in phones, was to call a random number and say it was the exchange. Was the lead on your handset too short? If the answer was yes, you’d say you had plenty of wire spare at your end so just pull as much as you require for the ideal length……

 

[najaB]

I recall several pages back that this 'Premium Number' scam was unlikely.

I'd go further than 'unlikely' and put it well and truly in the urban legend category. I cannot conceive of any way that a call from A to B can be converted into a call from B to C, unless B hangs up the original call.

 

[Lucan]

a recorded call with an English accent that my water supply was to be interrupted

I recall several pages back that this 'Premium Number' scam was unlikely.

I now believe it was genuine because I have since noticed a text message on my phone saying the same thing, this time from Welsh Water. But the phone call was from 0115 9338000 which is not a number that appears anywhere in Welsh Water's literature and the "Who-called" website rates it as overwhelmingly negative. Google turned up that it for a company called Esendex.

It seems that Wesh Water and some other utilities outsource their messaging to this company. I find this practice, also done by some companies for billing, intensely annoying, because you have no idea if they are genuine, and they look as if they are not. I have had bills from outfits like "Joe Bloggs Solutions" demanding I pay them £100s for my electricity/phone/gas bill, and my having to find out first if they are genuine (if you can even call it that). Moreover, you know that these spivs are taking a significaany cut of your money.

Mrs L's boss (of a small company) wanted to outsource their billing in this way. The one-off incentive was that the outsourcer bought your existing debts and after that there would have been a significant % fee for every payment collected. When she asked the boss why, he said "Because everyone is doing it". Fortunately she dissuaded him.

 

[Buzby]

Mrs L's boss (of a small company) wanted to outsource their billing in this way. The one-off incentive was that the outsourcer bought your existing debts and after that there would have been a significant % fee for every payment collected.

The banks started this over 40 years ago as part of their ‘service package’ to customers. Called credit factoring, any invoice you issued was deemed ‘paid’ (less 10-15%) and meant the money was in your account so your bottom line didn’t depend on when your customer actually paid. Of course, it was royally abused with many companies forming, billing then closing within weeks having been paid for ficticious products by bogus customers. By the time the banks tried to claw it back it was too late.

Around the same time was the popular equipment leasing scams where a broker would arrange give you money for equipment you hadn’t bought but would pay monthly in return for the raw cash that was secured on the non-existant equipment. If you wait long enough, they’ll come round again!

 

[Harvester]

A scam message left in my land line voice mail this morning was from a 0115 (Nottingham) number. It was from ‘security’ (just security) informing me of a suspicious three figure and four figure transaction from my account, and urged me to press ‘1’ or ‘2’ for their urgent attention!

 

[sprunt]

I'd go further than 'unlikely' and put it well and truly in the urban legend category. I cannot conceive of any way that a call from A to B can be converted into a call from B to C, unless B hangs up the original call.

I can't even think of a reason the ability to do this would be built into the telecomms system.

 

[swt_passenger]

A scam message left in my land line voice mail this morning was from a 0115 (Nottingham) number. It was from ‘security’ (just security) informing me of a suspicious three figure and four figure transaction from my account, and urged me to press ‘1’ or ‘2’ for their urgent attention!

They don’t even say ‘bank security’ or ‘visa security’ any more, the idea is that you think you accidentally missed the preamble. Of course if they used a bank name they’d nearly always guess wrong…

 

[bearhugger]

I received the following text message this morning.

Royalmail: Due to a missing address and incorrect postal code, your package cannot be delivered and the cost of redelivery will be bourne by you. Please click the link below to change your address and request a new delivery:

http://*******.com/bvddffda?wwM=QLrWqoOyrB

Please replace it within 12 hours to avoid unnecessary losses.
Have a nice day, Royalmail!

They can't spell Royal Mail correctly and the url isn't the standard royalmail.com.
Needless to say I haven't clicked on url, and reported as spam.

 

[Mcr Warrior]

Needless to say I haven't clicked on url, and reported as spam.

Well done, and don't worry, you've probably not been specifically targeted. Scammers undoubtedly routinely send these texts 'en masse' to thousands upon thousands of random numbers, knowing that a certain percentage of people could well be awaiting a real delivery. They don’t actually have any of your info (or even a package to deliver) and they only get your personal details if you're gullible enough to click through on the link(s) provided.

 

[bearhugger]

Well done, and don't worry, you've probably not been specifically targeted. Scammers undoubtedly routinely send these texts 'en masse' to thousands upon thousands of random numbers, knowing that a certain percentage of people could well be awaiting a real delivery. They don’t actually have any of your info (or even a package to deliver) and they only get your personal details if you're gullible enough to click through on the link(s) provided.

I actually work part time on Collections for Royal Mail, and at the same depot as the person who delivers to my address. I.ve recently had a couple of parcels delivered by them so know how RM usually operate if tracking is turned on / provided. I'm also usually very suspicious of any email / text sent.

 

[dangie]

….knowing that a certain percentage of people could well be awaiting a real delivery.

We had a scam text supposedly from Evri saying missed delivery and to respond to the email. We were at the time expecting a delivery from Evri which according to the actual Evri email as out for delivery. We didn’t reply to it but I could see why many would.

and they only get your personal details if you're gullible enough to click through on the link(s) provided.

Many don’t understand what could be scam. Lots of people are trusting or not computer savvy. Sifting out real from fake is not always easy.

 

[Statto]

Recruitment scam texts now doing the rounds, i had one appear on my whats app the other day, deleted it straight away.

 

[weepingwillowb]

Here's a not very convincing email I recieved a couple of days ago. I noticed the spelling mistakes and rubbish grammar straight away, then the email address it had come from.

​

 

[317 forever]

In the above example, the alias may look genuine but the actual email indicates it is not genuine.

 

[najaB]

In the above example, the alias may look genuine but the actual email indicates it is not genuine.

Right idea, but wrong terms (sorry, computer nerd who trains email for a living!)

What you see in an email client is the From header, rather than alias. The From header normally consists of a display name (in this case "DVLA Electronic Vehicle Licensing") and a sender email address. Note that most email systems do no validation on the From header, which makes sender spoofing trivially easy.

I noticed the spelling mistakes and rubbish grammar straight away, then the email address it had come from.

I've read a few places that this is deliberate. They want people who are either too distracted or not savvy enough to notice the problems since they are also more likely not to notice that they're on a bogus payment page.

 

[AndrewE]

Just got an email purporting to come from a friend

Begin forwarded message:
just sharing my plans for January/February 2024 (link)
“Go to heaven for the climate, hell for the company.” - Mark Twain

I deleted it straight away, but at least it's a change from "I should have shared these pictures with you before..."

 

[317 forever]

Right idea, but wrong terms (sorry, computer nerd who trains email for a living!)

What you see in an email client is the From header, rather than alias. The From header normally consists of a display name (in this case "DVLA Electronic Vehicle Licensing") and a sender email address. Note that most email systems do no validation on the From header, which makes sender spoofing trivially easy.



I've read a few places that this is deliberate. They want people who are either too distracted or not savvy enough to notice the problems since they are also more likely not to notice that they're on a bogus payment page.

I guess I referred to "alias" where you referred to "from header".

 

[najaB]

I guess I referred to "alias" where you referred to "from header".

Indeed. An alias is a additional email address for a given mailbox.

 

[Jon_jpwh]

I received an email today in Portuguese claiming to be from Police Investigation Europol. The message when translated is
"Official Notice: Police Investigation In Progress
We have attached our Official Police Notification letter for Criminal Investigation."
There is a word document and a jpg attached which I haven't opened.
It appears to have been sent from a .bf email address which is Burkina Faso.
I received a similar email last week.