The Lemon Fool

Chose this forum to hopefully make maximum number of people aware.

My wife received a text today, apparently from EE, saying there had been a problem with the monthly payment, containing a plausible looking link "EE-somethingplausible" for her to click on, and log in. She clicked on the link and entered our password, only to receive a message "password not correct" so mentioned it to me.

I phoned EE who said it was a scam (aiming at ultimately getting bank A/C details) and also - get this - that EE had been aware of some of their customers being sent these emails for at least several days, and EE are currently investigating it. They've had lots of calls like mine, but still haven't made any attempt to warn all their customers.

Hope this info might be useful for at least a few people on here. (Obviously we've changed our password since, and also changed it on other sites, as we use the same passwords for several different sites.)

zico wrote:Hope this info might be useful for at least a few people on here. (Obviously we've changed our password since, and also changed it on other sites, as we use the same passwords for several different sites.)

Lesson there in elementary security. Never trust a link sent to you in email.

More to the point, never, ever re-use passwords on multiple sites if any of those sites are remotely important. That is to say, use a different password for every site that matters. Or, preferably, for every site full stop: even places like lemonfool where your risk is nothing worse than being impersonated, perhaps to post something bad.

zico wrote:get this - that EE had been aware of some of their customers being sent these emails for at least several days, and EE are currently investigating it. They've had lots of calls like mine, but still haven't made any attempt to warn all their customers.

Could it be that EE do not want to let on that they have discovered this scam, to increase the chance that the perps are caught?

Perhaps the police told them to keep it on the down low whilst they investigate?

Of course that assumes that the cops care about this kind of thing.

Lootman wrote:

zico wrote:get this - that EE had been aware of some of their customers being sent these emails for at least several days, and EE are currently investigating it. They've had lots of calls like mine, but still haven't made any attempt to warn all their customers.

Could it be that EE do not want to let on that they have discovered this scam, to increase the chance that the perps are caught?

Perhaps the police told them to keep it on the down low whilst they investigate?

Of course that assumes that the cops care about this kind of thing.

The chances of them being caught are so vanishingly small that it would not be worth anyone taking this sort of suggested action.

DM

Scammers have been very active lately. I've received from 0019028xxxxx; 001914xxxxxx ; 0019026xxxxx ; 001508xxxxx numbers pretending to be from " Visa Security " saying that money was being extracted from my bank account ,please press 1 to speak to … I should coco, matey.

sometimes several times a day I get phone calls informing me that my internet connection is about to be switched off. Strangely? it never seems to happen - in spite of me ignoring the calls.

scotia wrote:sometimes several times a day I get phone calls informing me that my internet connection is about to be switched off. Strangely? it never seems to happen - in spite of me ignoring the calls.

We've been getting these!
And then coincidentally we had a day without internet
- the kids took some convincing that it was unrelated and we ended up on the topic of Skinner boxes
- so every cloud has a silver science discussion hiding within or something like that

- sd

scotia wrote:sometimes several times a day I get phone calls informing me that my internet connection is about to be switched off. Strangely? it never seems to happen - in spite of me ignoring the calls.

Does anyone know what they are after? Is it to install malware on your machine, harvest bank account details, or possibly just to sell worthless software? I suppose it's cheaper to use a recorded message to save on Indian call centre operatives.

Alaric wrote:

scotia wrote:sometimes several times a day I get phone calls informing me that my internet connection is about to be switched off. Strangely? it never seems to happen - in spite of me ignoring the calls.

Does anyone know what they are after? Is it to install malware on your machine, harvest bank account details, or possibly just to sell worthless software? I suppose it's cheaper to use a recorded message to save on Indian call centre operatives.

The belief is that it's a phishing attempt
- https://www.tio.com.au/reports-updates/ ... et-service

And the automated aspect is probably a bit to do with volume of calls they can make and a bit to do with pre-selection

Much like the language used in spam phishing:

By sending an email that repels all but the most gullible the scammer gets the most promising marks to self-select, and tilts the true to false positive ratio in his favor.
- from: https://www.microsoft.com/en-us/researc ... om-nigeria

- sd

servodude wrote:The belief is that it's a phishing attempt

What annoys me is that if you use BT's 1471 service to identify the number they call you on and you then try to dial it back, invariably it comes back with "The number you have dialled cannot be recognised" or similar. So if the number cannot be recognised, why put through the call in the first place?

Alaric wrote:

servodude wrote:The belief is that it's a phishing attempt

What annoys me is that if you use BT's 1471 service to identify the number they call you on and you then try to dial it back, invariably it comes back with "The number you have dialled cannot be recognised" or similar. So if the number cannot be recognised, why put through the call in the first place?

I think that's a consequence of the caller ID having been "spoofed" rather than being hidden
- this is done to circumvent systems that try to prevent spam calling by banning "hidden" caller IDs

Pretty difficult to do absolute end to end validation as there are plenty of interesting configurations possible (virtual numbers, VOIP, switchboarding etc)

- sd

servodude wrote:Pretty difficult to do absolute end to end validation as there are plenty of interesting configurations possible (virtual numbers, VOIP, switchboarding etc)

Why is it difficult/impossible to decline a caller that doesn't supply a valid return call number? Perhaps it's trivial, but BT and others would like to treat it as a profit centre.

Alaric wrote:

servodude wrote:Pretty difficult to do absolute end to end validation as there are plenty of interesting configurations possible (virtual numbers, VOIP, switchboarding etc)

Why is it difficult/impossible to decline a caller that doesn't supply a valid return call number? Perhaps it's trivial, but BT and others would like to treat it as a profit centre.

Not sure if you're after a real answer or not...

- but if you are the wikipedia page on callerID is a good place to start: https://en.wikipedia.org/wiki/Caller_ID

- then consider on top of that the system needs to seamlessly integrate multi-line systems (PBX) e.g. https://en.wikipedia.org/wiki/Business_telephone_system

- and mobile e.g. https://en.wikipedia.org/wiki/GSM

- on top of a global infrastructure that can consist of parts laid many decades ago

So yeah it's trivial and they're just trying to take your money from you
- joking aside it's fascinating stuff and amazing that for the majority of cases it works as well as it does

as for simple declining if you decide the number is invalid: it's totally possible and regularly done and easily exploited/circumvented by injecting a valid or unblocked caller ID
- there is no global database of valid numbers which is why most anti-spam mechanisms either reject ID hidden calls or compare against a local table of things to pass/reject

- sd

I have never listened to one of these prerecorded calls for more than a few seconds, but I imagine that it asks the recipient to press 1, or something similar. After that a human will take over and try to extract information from the person on the line.

Like someone said above, it filters out those who know it to be a scam.

The same thing applies to emails, asking you to click on a link to view your bill, or resolve a payment issue. Never click on the link, go to the genuine website.

TJH

zico wrote:Chose this forum to hopefully make maximum number of people aware.

My wife received a text today, apparently from EE, saying there had been a problem with the monthly payment, containing a plausible looking link "EE-somethingplausible" for her to click on, and log in. She clicked on the link and entered our password, only to receive a message "password not correct" so mentioned it to me.

I phoned EE who said it was a scam (aiming at ultimately getting bank A/C details) and also - get this - that EE had been aware of some of their customers being sent these emails for at least several days, and EE are currently investigating it. They've had lots of calls like mine, but still haven't made any attempt to warn all their customers.

Hope this info might be useful for at least a few people on here. (Obviously we've changed our password since, and also changed it on other sites, as we use the same passwords for several different sites.)

Yup, I've had one of those texts too (and am an EE subscriber for mobile only, use someone else for landline):

SMS from +447762827833 wrote:Thurs 8 Aug 2019: 15:29: SMS from +447762827833: “EE:We were unable to process your latest bill. In order to avoid fees, update your billing information via: https://ee-update.ref***.com/?ee=*".

if one looks at the url given carefully (and I've asterisk'd out some of the data intentially), it's fairly clear that it's not a bona fide EE url.

It would be interesting to know if the recipients of these EE billing scam texts/calls were just EE susbcribers or anyone (i.e. if the scammers knew how to target EE subscribers or if there has maybe been a breach of EE's customer data....)

yorkshirelad1 wrote:would be interesting to know if the recipients of these EE billing scam texts/calls were just EE susbcribers or anyone (i.e. if the scammers knew how to target EE subscribers or if there has maybe been a breach of EE's customer data....)

FWIW I'm an EE subscriber for 4G broadband (and have been for some years). I haven't had any of that crap to the email address EE have for me, which is private and has no spam filtering.

It's more likely to have been sent to my public address (not known to EE) and rejected by the spam filter there.