internet scams.

These here rip your password and details off scams.

Of the type I suspect is in the message from:
<>.

Are they actually illegal and would it be worthwhile passing the email
onto plod?

 

I've had a spate of these recently, all from banks I don't actually deal
with.
Very obviously scams, the grammar is apalling.

--
Dan L (Oldbloke)
My Bike 2000 Honda CB500
M'boy's Bike 1990 Suzuki TS50X (Heavily fortified)

BOTAFOT #140, DIAABTCOD #26

 

Oldbloke wrote

Is it? Oh.

Right then, no fucking mercy.

 

Forward to Barclays, they love leaning on these cunts

--
--
Robbo
1500GL 1988 Goldwing (Rebuild in process)
BMW K100 RS 1984
"Fairly Quick" status. Silver level
BotaFOF #19. E.O.S.M 2001/2002/2003.
B.O.S.M 2003/4.FURSWB#1 KotL..YTC449
PM#7

 

Robbo wrote

In fact they even have advice about it on their web front page and a
convenient email addy to send it to too.

Then of course, they do what they have to do but do it while avoiding
any of that nasty publicity stuff. I don't like that, I like scrotes to
be named and shamed.

I was hoping that it could end up as one of "A zillion other offences to
be taken into account" yerronner.

 

Yep, they're illegal. Despite the warnings, and the MS patches,
"phishing" is still a winner.

Ahem - I do it myself from time to time....

 

The Older Gentleman wrote

^^^^^^^^
Never heard that before.

Essex plod refer you to The Internet Watch Foundation if you want to
report any email based things, like pishing. So that is "**** off
taxpayer" from them then.

Mind you given that their Uberboss is not the type to use or have any
real use for email that is hardly a surprise.

 

Dr Ivan D. Reid wrote

It's not a scam is it, it is as real as you like. Now hurry up and
phone I am waiting to go to bed.

 

I think its a reference to a computer is only as secure as its user.

Patched to buggery is all well and good but if the user /insists/ on
giving away their bank details there's not a lot you can do about it.

 

Indeed. However, MS has a patch so that entering http://www.(IP
address)@(name of genuine bank) won't work. It's the inclusion of the @
in a url that's the problem.

Unfortunately, some of these fake sites are very, very convincing. But
yeah, people will insist on cocking up their security.

The banks are partially to blame, though. I've just had a right fucking
ding-dong with Barclays because they *insist* I have a Connect card as
they've discontinued using credit cards as cheque guarantee cards.

"That facility has now been transferred to Connect cards...." I was
told.

Why are they so keen on Connect? It wouldn't have anything to do with
Connect cards being debit cards, and the protection afforded by the
Consumer Credit Act not applying to them would it? Oh no....

Lose your money by fraud or a useless company or a purchase which
doesn't work - if you pay by CC, you're OK. Pay by DC and you're not.

Anyway, Connect is also used for accessing your account via the web. I
told Barclays I didn't think their system was secure. It's not, but the
problem lies not with their machines, but the ordinary home PC.

"Oh yes it is!" they said. "You have your PIN number......."

SO I asked the droid giving me this spiel to think of her home password
for email. Then I asked her how many characters it has. "Ten," she said.
And a PIN number has.... four. So I pointed out that on a random basis
her home PW was two and a half times more secure than Connect.

She paused. "Yes, but after three attempts at logging in, if you don'w
know the PW, it locks you out...."

"So there's a one in three thousand, three hundred and thirty-three
chance that someone, purely at random, can crack it. Not good enough."

Also, and this is *very* worrying, while they have fraud insurance for
your cards (for which you pay, naturally) it doesn't cover card cloning
which is, of course, the current favourite method of fraud.

I told Barclays that I never have, and never would, use the internet or
a hole in the wall to access my account or withdraw funds. In return, if
they were forcing me to adopt a system that allowed access to my account
via these means, that I wanted a guarantee from them that if any money
was ever removed from my account via a hole in the wall or interent
access, that it would be replaced.

We're still in correspondence....

 

This is absurd.

 

Or possibly even appalling.

 

They have but it took them long enough.
http://news.netcraft.com/archives/2004/02/03/microsoft_issues_critical_update_on_url_spoofing.html
or http://tinyurl.com/3e65o

<snip tail of bankers proving the old adage>

Honestly is it a wonder that so many people rely on the old stuffed
mattress.

--
Bob
Currently borrowing a black and red Yamaha XJ750 with fuel injection
Present: Honda XL125RF (FS)
Past: Honda CG125
bob at homeurl tomato dot co dot uk
remove the red fruit if you’d like to email me.

 

What I wonder is whether TOG has a problem being paid electronically
too. I really couldn't manage if I had to go to the bank for every
little thing, in fact I hardly ever go in to a branch nowadays.

 

Bob123 wrote

Yes but it is kin uncomfortable when you are skint.

 

Hear hear, educate the numpties

Or use a decent browser

And the dinosaurs complained that it was getting cold..

Passcodes for Barclays are 5 characters actually.

You also have to enter two characters from a memorable word(and
to stop key loggers they use drop down lists) which increases your odds
rather so.


They could ask for nine million forms of ID but customers don't want that.
It is all about a balance between security and useability. I am happy
that the odds of someone guessing my passcode and two charactrs from a
random word are good enough(not a statistician so correct me if I'm wrong
but 10^5*26^2 = 1:67600000 chance of you guessing my details)

OK, thats your choice, I hope that bag under the mattress serves you well

Lucky Barclays )

 

Yes but it's even worse when your loaded.

--
Bob
Currently borrowing a black and red Yamaha XJ750 with fuel injection
Present: Honda XL125RF (FS)
Past: Honda CG125
bob at homeurl tomato dot co dot uk
remove the red fruit if you’d like to email me.

 

Indeed. However, MS has a patch so that entering http://www.(IP
address)@(name of genuine bank) won't work. It's the inclusion of the @
in a url that's the problem.[/QUOTE]

Typical MS. Patch a browser so that perfectly valid http doesn't work
because users are clueless.

 

Ben wrote:

That's a bit of stupid post, don't you think?

So you're saying that rather then make an attempt to protect users from
potentially being taken advantage of, you'd prefer it left as it is?

Do you use this feature a lot in your day to day browsing?

 

Yes I'd prefer it to be left as it is. The ability to supply a user
name (plus password) as part of a url is part of the http spec. That
spec should be supported and respected by browsers.

No, but that's not the point. It's part of the http spec and should
be supported.

Users should be educated, not molly-coddled.