Message-ID:

"If you can, help others. If you can't, at least don't hurt others." -- the Dalai Lama

aus+uk / uk.telecom.mobile / Re: Possible scam message

Possible scam message

<uhgsio$2clhh$1@dont-email.me>

https://www.novabbs.com/aus+uk/article-flat.php?id=14352&group=uk.telecom.mobile#14352

copy link Newsgroups: uk.telecom.mobile

Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: Jef...@invalid.invalid (Jeff Layman)
Newsgroups: uk.telecom.mobile
Subject: Possible scam message
Date: Fri, 27 Oct 2023 18:38:32 +0100
Organization: A noiseless patient Spider
Lines: 25
Message-ID: <uhgsio$2clhh$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Fri, 27 Oct 2023 17:38:33 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="53431ebd75151e13903b981ae37ce3ed";
logging-data="2512433"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18ZRSumiQ7fsuLutksZsxObWNYL/uUZs+o="
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
Thunderbird/102.15.1
Cancel-Lock: sha1:D7+9/N3huYl8T6ueb1tBcgQnal8=
Content-Language: en-GB

by: Jeff Layman - Fri, 27 Oct 2023 17:38 UTC

Just got a text from 07770 984723 (now reported to Vodafone on 7726 as
suspicious). Apparently someone tried to deliver a parcel today. I had
to click on a link to
https://royalmail.uk-courier(munge-added-by-me-here).com to arrange
another delivery. Unfortunately I clicked on the link as I was expecting
a parcel, and what /looked/ like a Royal Mail site appeared. I didn't
click any further links as I was suspicious.

According to <https://www.ncsc.gov.uk/guidance/avoiding-banking-malware>
I should do a factory reset to be sure of getting rid of any malware
downloaded from the link. However, others say that the malware doesn't
come with the first link, but by clicking on links in it, which I did
not do. I *never* use the phone for banking or other financial matters
(including internet ordering) and only access email and two other
accounts, one of them being Vodafone. The other is a weather network.
Neither are particularly important. A reset would be a small
inconvenience but is it necessary?

The phone runs Android 13 (MIUI 14), and a security scan comes up clean.

Anyone got any experience of these sort of scams?

Jeff

Re: Possible scam message

<kq2c4lF1156U3@mid.individual.net>

copy mid

https://www.novabbs.com/aus+uk/article-flat.php?id=14353&group=uk.telecom.mobile#14353

copy link Newsgroups: uk.telecom.mobile

Path: i2pn2.org!i2pn.org!paganini.bofh.team!2.eu.feeder.erje.net!feeder.erje.net!news.szaf.org!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: use...@andyburns.uk (Andy Burns)
Newsgroups: uk.telecom.mobile
Subject: Re: Possible scam message
Date: Fri, 27 Oct 2023 18:59:49 +0100
Lines: 9
Message-ID: <kq2c4lF1156U3@mid.individual.net>
References: <uhgsio$2clhh$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: individual.net M4pbBFKBdg9QEQwVAogqgAX+fvyEILvyOPpa0+dye++GZNmZDc
Cancel-Lock: sha1:tu8ZQ/kgp1hmysT6GbCQqsL6Ifk= sha256:RnfIm1f6FdeAKQPWjmbQq4GRB41w7E/XtcfFdW2in5U=
User-Agent: Mozilla Thunderbird
Content-Language: en-GB
In-Reply-To: <uhgsio$2clhh$1@dont-email.me>

by: Andy Burns - Fri, 27 Oct 2023 17:59 UTC

Jeff Layman wrote:

> I clicked on the link as I was expecting
> a parcel, and what /looked/ like a Royal Mail site appeared. I didn't
> click any further links as I was suspicious.

I think that type of site is more aimed at getting a few quid
"re-delivery fee" out of you than sending malware.

Re: Possible scam message

<uhh3di$2dlo0$2@dont-email.me>

copy mid

https://www.novabbs.com/aus+uk/article-flat.php?id=14354&group=uk.telecom.mobile#14354

copy link Newsgroups: uk.telecom.mobile

Path: i2pn2.org!rocksolid2!news.neodome.net!news.mixmin.net!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: g4u...@dave.invalid (David Wade)
Newsgroups: uk.telecom.mobile
Subject: Re: Possible scam message
Date: Fri, 27 Oct 2023 20:35:14 +0100
Organization: A noiseless patient Spider
Lines: 32
Message-ID: <uhh3di$2dlo0$2@dont-email.me>
References: <uhgsio$2clhh$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Fri, 27 Oct 2023 19:35:14 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="e0b7413c9bcc5ebec4daefddfeeeaef2";
logging-data="2545408"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19lm/8hymbvu2Y0FTChFL6T"
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:jS4O79VDbzZzadbJkGJsAv0m+YA=
In-Reply-To: <uhgsio$2clhh$1@dont-email.me>
Content-Language: en-GB

by: David Wade - Fri, 27 Oct 2023 19:35 UTC

On 27/10/2023 18:38, Jeff Layman wrote:
> Just got a text from 07770 984723 (now reported to Vodafone on 7726 as
> suspicious). Apparently someone tried to deliver a parcel today. I had
> to click on a link to
> https://royalmail.uk-courier(munge-added-by-me-here).com to arrange
> another delivery. Unfortunately I clicked on the link as I was expecting
> a parcel, and what /looked/ like a Royal Mail site appeared. I didn't
> click any further links as I was suspicious.
>
> According to <https://www.ncsc.gov.uk/guidance/avoiding-banking-malware>
> I should do a factory reset to be sure of getting rid of any malware
> downloaded from the link. However, others say that the malware doesn't
> come with the first link, but by clicking on links in it, which I did
> not do. I *never* use the phone for banking or other financial matters
> (including internet ordering) and only access email and two other
> accounts, one of them being Vodafone. The other is a weather network.
> Neither are particularly important. A reset would be a small
> inconvenience but is it necessary?
>
> The phone runs Android 13 (MIUI 14), and a security scan comes up clean.
>
> Anyone got any experience of these sort of scams?
>
Usually these are designed to steal you banking or credit card
credentials, not install malware. So once you have paid them they clean
out your bank account...

e.g.

https://www.independent.co.uk/life-style/royal-mail-scam-common-signs-b1821820.html

Dave

Re: Possible scam message

<uhich9$2p1vp$1@dont-email.me>

copy mid

https://www.novabbs.com/aus+uk/article-flat.php?id=14355&group=uk.telecom.mobile#14355

copy link Newsgroups: uk.telecom.mobile

Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: Jef...@invalid.invalid (Jeff Layman)
Newsgroups: uk.telecom.mobile
Subject: Re: Possible scam message
Date: Sat, 28 Oct 2023 08:16:57 +0100
Organization: A noiseless patient Spider
Lines: 20
Message-ID: <uhich9$2p1vp$1@dont-email.me>
References: <uhgsio$2clhh$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Sat, 28 Oct 2023 07:16:57 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="9b10ed9c910a2c2280d8fbfbac79ed94";
logging-data="2918393"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+soSf7UMmo15Vg8X0PYW5xevluhXhjT+8="
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
Thunderbird/102.15.1
Cancel-Lock: sha1:UXgusmx9inp7AmCaKHGBVd/YMqg=
In-Reply-To: <uhgsio$2clhh$1@dont-email.me>
Content-Language: en-GB

by: Jeff Layman - Sat, 28 Oct 2023 07:16 UTC

> The phone runs Android 13 (MIUI 14), and a security scan comes up clean.
>
> Anyone got any experience of these sort of scams?

Thanks for the reassuring(?!) replies. I won't to a reset, but will have
to be more careful in future.

Jeff

Re: Possible scam message

<uhqpsr$11c2e$1@dont-email.me>

copy mid

https://www.novabbs.com/aus+uk/article-flat.php?id=14406&group=uk.telecom.mobile#14406

copy link Newsgroups: uk.telecom.mobile

Path: i2pn2.org!rocksolid2!news.neodome.net!news.mixmin.net!eternal-september.org!feeder2.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: mb...@nospam.net (JMB99)
Newsgroups: uk.telecom.mobile
Subject: Re: Possible scam message
Date: Tue, 31 Oct 2023 11:54:02 +0000
Organization: A noiseless patient Spider
Lines: 23
Message-ID: <uhqpsr$11c2e$1@dont-email.me>
References: <uhgsio$2clhh$1@dont-email.me> <uhich9$2p1vp$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Tue, 31 Oct 2023 11:54:03 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="7399f73590f299efab0afebff744cd1f";
logging-data="1093710"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+keo8CFKGaSPQT+7KeaH80"
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:Hh5fL+3A6g6otigxDv3biLwN3Pw=
Content-Language: en-US
In-Reply-To: <uhich9$2p1vp$1@dont-email.me>

by: JMB99 - Tue, 31 Oct 2023 11:54 UTC

On 28/10/2023 08:16, Jeff Layman wrote:
> Thanks for the reassuring(?!) replies. I won't to a reset, but will have
> to be more careful in future.

One of TV police reality programmes about traffic police last night
showed someone speaking to them outside the police station after getting
a message from scammers.

One thing to bear in mind is that many large organisations had their
systems hacked because of poor security. This could include names,
EMail addresses, passwords of users. These are then sold off so you can
get a scam message with your name and (usually an old password of yours)
which makes it look more of a threat.

One nasty trick some do is accuse people of visiting porn sites or even
child porn sites and claim to have screen grabs to prove this but they
never give an example of the images they claim to have got from the
person's camera - I do not have a camera attached to my computer but
have received these threats!

Subject	Author
Possible scam message	Jeff Layman
Possible scam message	Andy Burns
Possible scam message	David Wade
Possible scam message	Jeff Layman
Possible scam message	JMB99