Jump to content

PayPal scam


Jamboat

Featured Posts

7 minutes ago, Athy said:

You make it sound so scientific

But it is scientific at the top end. 

Universities do offer courses in data security analysis

20 years plus largely in corporate data security. 

Just did a quick Google check and I suspect that are many other courses that may be nearer to your analysis of the situation, not necessarily fake but not necessarily of much use. However that does not mean that there are not bona fide courses available 

Edited by reg
Link to comment
Share on other sites

47 minutes ago, Sea Dog said:

I got an official looking one from inlandrevenue.co.uk recently.  You can see how this stuff might fool the unwary.

The first one I received had me checking, but one that almost caught me out, I had started to fill it in was Amazon and it claimed to be to cancel Amazon Prime. That one came through 10 minutes after I had done an order with Amazon and having been duped into signing up for Prime in the past I fell for it until I realised that Amazon already knew the information this was asking for.

Link to comment
Share on other sites

1 minute ago, ditchcrawler said:

That one came through 10 minutes after I had done an order with Amazon

That is another but far more sophisticated technique where your basic details are already available to the scammers e.g account name and email. The sophisticated part comes in being able to identify when you have transacted with your account and, preferably, what type of transaction. With these small bits of information they can contact you, the clever part is in contacting you a a point in time where it seems very plausible that there should be contact and your suspicions are lowered. 

It can be very big money being talked  about which brings with it, sometimes, a large investment in infrastructure. 

I myself have been close to being drawn in after changing a bank account password and pin with the help of the banks security team via phone. About 20 mins after doing this I was phoned and asked to confirm the details I had given earlier, fortunately my experience prevented me from giving this info. I checked at a later time (left it for 2 hours as scammers will sometimes hang onto you phone line without you knowing it hoping to get some further  info ) with the banks anti fraud team and it was confirmed that it had not Been from them. 

It can be very sophisticated other times it's not. 

Link to comment
Share on other sites

2 hours ago, Sea Dog said:

I got an official looking one from inlandrevenue.co.uk recently.  You can see how this stuff might fool the unwary.

An off-line (and verifiably true) version from about 30 years ago:

One of the employees in the accounts department where I worked opened a bank account in the name of "Mr I. N. Land-Revenue" and paid the company's annual tax cheque into it. It was several million pounds and he was never caught (strangely he didn't turn up for work the following day)

Link to comment
Share on other sites

I have a yahoo email set up for things such as Paypal, it is also set up under a word and a number, not an actual name. My general email address is under my name and uses my name. So, anything from paypal which is genuine will come to my yahoo account, anything which comes to my general email is simply deleted. I find it works well.

Link to comment
Share on other sites

37 minutes ago, Keeping Up said:

It was several million pounds and he was never caught (strangely he didn't turn up for work the following day)

But what's the point of taking it if you're too scared to spend it?

Come on Allan! It's been long enough now....Go and buy yourself a Hudson.

  • Happy 1
Link to comment
Share on other sites

On 14/03/2018 at 13:59, Athy said:

So they reduce the size of their potential clientele on purpose? My, that's sound business practice. Unlikely, I think

Just to clarify my previous responses and after rereading the thread in order. I agree with this in the context of the OP's  example which is a simple lower quality data spoof and is designed to maximize the quantity of the responses, bung out a million and get a 100 responses would be a result.

My previous replies were given in the context of the other scenario, raised by Dor,  where deliberate errors are sometimes introduced to elicit a quality of response. To of avoided  confusion I should of made this clearer in my previous replies.

The term "context is everything" comes to mind. 

Edited by reg
Link to comment
Share on other sites

One of the most dangerously convincing scams now being carried out by criminals is this one  https://www.thetimes.co.uk/static/connected-families/conveyancing-email-scam-hackers-steal-house-deposit/   it has been successful on an number of occasions on people who would generally be quite savvy on the subject because it is a demand for money that they are expecting to have to pay.

Link to comment
Share on other sites

3 hours ago, Wanderer Vagabond said:

One of the most dangerously convincing scams now being carried out by criminals is this one  https://www.thetimes.co.uk/static/connected-families/conveyancing-email-scam-hackers-steal-house-deposit/   it has been successful on an number of occasions on people who would generally be quite savvy on the subject because it is a demand for money that they are expecting to have to pay.

Cheeky!

She should have paid by cheque - much safer.

Link to comment
Share on other sites

4 hours ago, Wanderer Vagabond said:

One of the most dangerously convincing scams now being carried out by criminals is this one  https://www.thetimes.co.uk/static/connected-families/conveyancing-email-scam-hackers-steal-house-deposit/   it has been successful on an number of occasions on people who would generally be quite savvy on the subject because it is a demand for money that they are expecting to have to pay.

 

Article won't load for me. But I can guess what it says. Solicitor's email hacked and false email told them to use new account deets... 

Link to comment
Share on other sites

3 minutes ago, Mike the Boilerman said:

 

Article won't load for me. But I can guess what it says. Solicitor's email hacked and false email told them to use new account deets... 

Pretty much it, I think it's along the same sort of lines as those of us who have received e-mails purporting for be from a friend stranded without cash in some foreign location, achieved by hacking a genuine friend's e-mail account. In this case the solicitor's e-mail has been hacked but because people are expecting the cash demand they are more likely to pay it than most other scams.

My own approach is that I wont send anything just as a result of an e-mail, I either want a written letter (with a recognisable, checkable address on it) or a phone number that I can check and call. This isn't helped however by some banks, Barclays in particular, who keep sending me an e-mail every month with a link to my monthly credit card statement. When I want to check this sort of thing I'll go into the web address saved in my computer favourites and log in properly, not through some potentially scamming e-mail.

Link to comment
Share on other sites

6 hours ago, Mike the Boilerman said:

 

Is an old scam at least a decade old, well known in property dealer circles. 

Solicitors living in the 19th century are the root problem.

When our daughter bought her last house, she got an email from her solicitor telling her to log in to their website using the URL she already had and collect payment details from there. Then she transferred a small amount to the bank account given and only when that had arrived did she transfer the bulk of the cash using what were now saved details on her bank account. 

Link to comment
Share on other sites

6 hours ago, Mike the Boilerman said:

 

Is an old scam at least a decade old, well known in property dealer circles. 

Solicitors living in the 19th century are the root problem.

I would have thought 2 factor authentication and the use of a password manager would soon stop email accounts being hacked

Link to comment
Share on other sites

If I remember it correct PayPal only send out email with your name on it, and even so if they do, and something have to be changed or read, I go into the account and read it there. never klick on any links in the mail.

Read about one Swed. that pranked someone that sent out a "nigerian" letter, and made an appoinment with them, and had them to buy him lunch.

Link to comment
Share on other sites

1 hour ago, rusty69 said:

I would have thought 2 factor authentication and the use of a password manager would soon stop email accounts being hacked

 

It would, but 2 step authentication was not generally available ten years ago and nor did solicitors (or anyone else!) regard email as needing to be especially secure. A similar scam could still be conducted by forging a solicitor’s letter head and sending out a snail mail letter. 

  • Happy 1
Link to comment
Share on other sites

On ‎14‎/‎03‎/‎2018 at 13:31, Athy said:

That's a peach of a theory, which you have explained plausibly. I suspect, however, that the spelling mistakes occur because these e-mails are sent from abroad, and the senders' first language is not English. I would struggle to compose an accurately-written e-mail, or an accurately-written anything for that matter, in Russian for example.

I think that's true, which reminds me of a time I was staying in a hotel in Kalinigrad for a week and one day the Russian hotel manager asked me if I could help him by calling a customer who had booked 10 rooms online. He was concerned about a scam which he said originated in Nigeria in which the bookings were cancelled and a refund was claimed before the money had actually been paid. I'm not sure how this was possible but I didn't mind helping, so we went into his office. He just needed me to speak to the customer - a Ms Becky White from the UK - to know whether the person who booked the rooms was British as stated in the booking before he proceeded in making the bookings.  It was a UK number but the person who answered the phone was a man with a strong West African accent who told me that Becky White wasn't at home. I'm not sure whether I was actually calling the UK or the call was being redirected somehow.

Anyway, the guy on the other end said he didn't know when Becky White would be back and he wasn't keen to stay on the phone. The hotel manager didn't make the bookings and in his Russian accent laughed and said "Becky White? Haha, I am not black I'm white!" :huh: 

Edited by blackrose
Link to comment
Share on other sites

2 hours ago, blackrose said:

He was concerned about a scam which he said originated in Nigeria in which the bookings were cancelled and a refund was claimed before the money had actually been paid. I'm not sure how this was possible

One way they apparently  do it is to overpay using stolen card details, the payment is made and then they get onto contact apologizing about the overpayment and requesting a refund of the overpayment by wire using a money order. The physcology is that the Hotel won't be out of pocket as they are only refunding the overpayment. Apparently an oldie but goldie.

I like the Russian proverb Доверяй, но проверяй (Trust but verify) 

ETA JustJust found this explanation of a variant of this scam, look at the wire scam part

https://due.com/blog/credit-card-processing-scams/

Edited by reg
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.