1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

I think I'm being scammed. Have you?

Discussion in 'General Discussion' started by nickx91, Oct 5, 2017.

  1. nickx91

    Associate

    Joined: Aug 18, 2017

    Posts: 35

    Hi, I have received email with the name Bank of America, I am curious about it because I had been dealing with them once. Now, I am anxious what to do with it. I read this blog on social engineering attacks and I think it's some kind of phishing. I haven't used my email on some suspicious website, not that I remember. How do they get your email?
     
  2. Luke

    Soldato

    Joined: Jul 19, 2005

    Posts: 6,718

    Location: S. Yorkshire

    Are you new to the internet?
     
  3. Avenged7Fold

    Capodecina

    Joined: Sep 12, 2012

    Posts: 10,629

    Location: Surrey

    If the e-mail says it is the bank of america, then it must be them!
     
  4. NoobCannon

    Mobster

    Joined: Jun 13, 2011

    Posts: 2,937

     
  5. thezappa

    Gangster

    Joined: Jul 1, 2012

    Posts: 415

    Delete email and move on.
    Chances are they bought your details and/or you unwittingly didn’t uncheck a box saying ‘yes pass my details on to basically anyone’
     
  6. MatsyLR

    Wise Guy

    Joined: Jan 10, 2012

    Posts: 2,234

    Location: UK

    [​IMG]
     
  7. SC0TTRS

    Wise Guy

    Joined: Jan 14, 2014

    Posts: 1,267

    Location: The Matrix

    Seems legit.
     
  8. Avenged7Fold

    Capodecina

    Joined: Sep 12, 2012

    Posts: 10,629

    Location: Surrey

    Haha

    When you start writing your scam lie and realise it may be unrealistic but instead of rewriting it, you double down and dive deeper.
     
  9. SexyGreyFox

    Man of Honour

    Joined: Mar 29, 2003

    Posts: 46,881

    I love my fellow Nigerians
     
  10. Hades

    Capodecina

    Joined: Oct 19, 2002

    Posts: 19,127

    Location: Surrey and London

    Scammy McScamFace.
     
  11. Angilion

    Man of Honour

    Joined: Dec 5, 2003

    Posts: 13,690

    Location: Just to the left of my PC

    Buying it or stealing it, usually. It wouldn't be extremely surprising if they had the password needed to access your email too, given how often company's computer systems are hacked to obtain whatver personal information can be obtained.

    We live in a world where a sex toy manufacturer bugged their sex toys to record when they were used, where they were used, how long they were used for, what settings were used and the temperature of the body part they were used on and send all that data in a very insecure fashion over the net to the manufacturer (and anyone else who cared to look). And no, I am not making that up. It was one of the multitude of computer security failures, which are so routine that they get hardly any attention even if they are as attention-grabbing as that one. It's just not news.

    It's no longer the case that you have to use your email on a suspicious website (if it ever was) because it's now considered not suspicious for a business (online or offline) to sell personal information and it's not even slightly unusual for a system containing personal information to be hacked and the information copied. If you give any personal information anywhere, online or off, it's very unlikely to be secure. It's more likely that they will sell that information than keep it secure unless they think they can profit more from keeping it to themselves (which they will probably fail to do, sooner or later).

    It's still unusual for information that can directly access money (e.g. card details) to be compromised, so there's still a lot of scope for thieves to use other personal information to steal money. Posing as a bank is one way of doing so. A good rule of thumb is to assume that any email claiming to be from a bank is from a thief trying to steal money from you. Same goes for any emails that offer you an opportunity to make money, get rid of fat, get rid of wrinkles, get laid, get married...anything that anyone might want, really. Start from the assumption that it's a con.

    If you want to check anything that claims to be from any organisation, obtain contact details for that organisation from another source, not the email claiming to be from them, and ask the organisation.

    A quick look online shows that there's currently another spate of "Bank of America" scam emails around. It's a popular target because it's an impressive name and it has a lot of customers. If a thief sends out a huge number of emails (which is very easy to do), they're bound to reach quite a few people who actually have had dealings with Bank of America. Same goes for any major bank, of course, which is why they're often used this way. Even if only 1 in 100,000 people falls for the con, that's 10 successful thefts per million messages and that's well worth it to many thieves. Easy bulk communication and money transfer makes this sort of con far easier and thus far more common, but it even happened in the days of physical letters and cheques and postal orders in the post.

    Nowadays, it's a good idea to start from the assumption that it's a con. Whatever it is. Always assume a con. If they want information, it's a con. If they want money, it's a con. If they want to sell you something, it's a con. If they want to give you something, it's still a con to set you up for taking something. The classic example of that is the 419 con, named because it originated from Nigeria where it's illegal under section 419 of their law. But always assume it's a con. However it's worded, whatever it's promising, assume it's a con. You will very rarely be wrong. If it claims to be important in a way that ignoring it would cause you problems if it was legit, check as described above.
     
    Last edited by a moderator: Oct 6, 2017
  12. Guest2

    Capodecina

    Joined: May 6, 2009

    Posts: 13,117

    :D
     
  13. nickx91

    Associate

    Joined: Aug 18, 2017

    Posts: 35

    Thanks for the detailed advice! I was confused about it so I contacted the bank through their support center. Shouldn't the businesses be held responsible for even selling the information? Are there any regulations for that?
     
  14. nickx91

    Associate

    Joined: Aug 18, 2017

    Posts: 35

    Haha, wtf did I just read.
     
  15. MooMoo444

    Capodecina

    Joined: Jul 4, 2008

    Posts: 23,947

    Location: (''\(';.;')/'')

    That's how the scams work. They use known organizations and they're bound to get a few people thinking it is legit. File it in your bin.
     
  16. wildman

    Soldato

    Joined: Nov 7, 2002

    Posts: 5,280

    Location: Idiotic Britain

    wipe your arse with it first then send it back in a sealed sandwich bag so they can smell what they are................
     
  17. Daaaavvveee

    Hitman

    Joined: Nov 28, 2015

    Posts: 669

    Location: Banbury, UK

    They just buy your details/ trawl the internet for pastebins etc etc
     
  18. Vargas

    Mobster

    Joined: Apr 15, 2012

    Posts: 3,444

    Location: Edinburgh/Rannoch

    This

    And yes it’s a scam.
     
  19. Angilion

    Man of Honour

    Joined: Dec 5, 2003

    Posts: 13,690

    Location: Just to the left of my PC

    If there are, they don't work.

    Information giving direct access to money is tightly controlled, although I don't know if that's regulated or internally enforced by financial institutions because it's good for them. Some personal information is controlled, though less and less as time goes on. Medical details are still mostly secure in the UK, for example, although the NHS does supply them to businesses in some cases. Most patients will have agreed to that without knowing what they're agreeing to. For example, when I recently joined a different medical practice the receptionist gave me false information about what I was agreeing to. I knew the information was false, but that's only because I care a little bit about security and privacy. Most people don't nowadays, so they just tick boxes without reading anything or at most don't check anything they're told. The receptionist told me both data sharing agreements on the form were about sharing data between doctors, which wasn't true. One was for data sharing between doctors and the other was for data sharing with whoever. Both were vague, devoid of any information and implied the data sharing was for the patient's benefit. Maybe deliberately misleading, maybe just incompetently written, maybe written by someone who didn't know what each section was agreeing to and therefore couldn't describe it accurately even if they wanted to and were allowed to.

    Everything else is fair game, apparently. Email addresses, webpages you visit, your physical location when you use any computer for any reason, anything you click on, etc. Some of the biggest businesses in the world exist solely for the purpose of gathering information about you and selling it either directly or indirectly (by selling advertising). Google and Facebook are the biggest (with Microsoft going to great lengths to catch up), but it's commonplace. It's also becoming ever more all-encompassing as the fetish with data-gathering grows and becomes cheaper. So, for example, some TVs now listen to everything said within range and upload it (insecurely, of course) to...somewhere. Some washing machines monitor your use of them and upload that information (insecurely, of course), to...somewhere. Etc, etc. It goes the other way as well, of course, since security is rubbish or non-existent. So a random person within range might be able to gain access to your entire home network through your washing machine/TV/"smart" meter/kettle/alarm/etc. Or they could remote control your sex toys. Or your car. Or your baby monitoring camera. Etc, etc. None of this is conspiracy blather or even just theoretical. I'm only referring to things that have already happened and I've no doubt there are many more I haven't heard about.

    There's nowhere near enough power and will to control it, so it isn't controlled in any meaningful way. A few companies get fined for being particularly careless about data security, which does nothing much.

    EDIT: You'll probably see some reassurances that data traded to another business is anonymised. This is usually not very true in practice. There are a variety of ways of de-anonymising anonymous data. The simplest way around it is to buy more than one set of data and combine them. One set is missing some data, the other set is missing some other data. Correlate the two and you have all the data. If you can gather enough anonymous data and combine it, it's not anonymous any more. Other methods are more complex and less than 100% successful, but they work well enough to be used, often over 90% successful. Here's a very brief introductory summary: https://en.wikipedia.org/wiki/De-anonymization
     
    Last edited: Oct 10, 2017
  20. stopper

    Wise Guy

    Joined: Sep 17, 2010

    Posts: 1,597

    It's a scam, just like the one "You have parked in a Boots car park, you now owe us £100, or £50 if you pay within 14 days. Here is a pic of your car"
    You would be surprised how many people actually fall for it too.
     


Share This Page