Phishing gets more focussed

It’s a story that’s well-known in net-savvy circles, but a couple of recent personal experiences bring home how phishers are changing.

First story – on the phone.  I’ve had a spate of “sell the business” and “reduce my bills” calls.  Among them, one from a caller identifying himself as from my provider, O2.  He’d done his homework, knew my name and my company, and was an English voice, not an obvious Indian call-centre (which might, ironically, have made more sense if it really had been my provider).  Everything to put me at my ease.

He didn’t start with the ritual of security questions: that would of course alienate the mug on the other end of the line, not to mention raise who are you concerns.  Instead, he wanted to talk about whether I might qualify for a new “free” handset, and reducing my bills.  He asked about my existing handset (answer: how is that relevant?) and on the subject of bills said “you’re paying about £x-£y/month now, right?” (wrong, by an order of magnitude).  OK, you’re plausible, but if you were really from O2 you’d have access to your customer’s details and not have to ask!

After that one I tried calling O2 to confirm it really wasn’t them being daft.  The automated introductory message reminded me what security questions I’d need to answer.  Damn, I don’t have that information to hand, can’t even ask them the question!  Never mind, I went through my options in detail less than a year ago when I got connectivity for the pocket-‘puter, and I’m not looking for a change.

The second story came in a ‘phone call from my mother earlier this week, and served to remind me that not everyone finds it as easy to dismiss them as I do.  She had email about her bill from mybebook.com, and wondered about clicking the link.  OK, that’s an old-fashioned phish, but coming “from” a minority site that she has bought from (though not recently) gives it extra credibility over the one “from” amazon or ebay.  Or indeed “from” tesco or waitrose.  I suggested she hover the mouse over the link to see where it really leads.  Turned out to be some .exe on an unknown site.  Just as well she’s not a complete mug ;)  Googling mybebook.com finds a thread about the phish, and the site itself has posted a warning!  Having reassured herself about deleting that email, she then contrasted it with a legitimate email from John Lewis about an actual recent purchase: the invoice was in the mail itself, with nothing to click.

Posted on November 11, 2010, in spam. Bookmark the permalink. 1 Comment.

  1. I’m delighted to hear you’re keeping your sainted grey-haired old mother out of the clutches of the ungodly.

    Did you ever get through to O2? My experience of mobile phone companies is that they are astonishingly inefficient at using the information they have about their customers.

    In my case they know very little (by design, that’s why I have a prepay plan), but even so, they know even less than I would expect. About once a year I get a call from Vodafone telling me I’m eligible for a new free phone if I upgrade my plan. Then I tell them I’m on prepay, and they say “Oh, sorry, this offer’s not available for you then”, and ring off.

    I think it’s them, because if it’s a scam I can’t see how it would work.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: