Category: Warning

Warning: Are You on a Sucker List

Scammers trade a list between themselves of people who have fallen for scams and it’s called a “sucker list”.

Sucker lists, which include names, addresses, phone numbers, and other information, are created, bought, and sold by scammers, spammers and some dishonest telemarketers. Scammers know that people who have been tricked once are easier to trick again. As a result, these people are flooded with letters, e-mails and phone calls about inheritances, lottery wins, health cures, investments etc.

In 2015, almost 200,000 people appeared on 13 different “suckers lists” that were seized by fraud investigators.

The average age of people on the list is 75. You can see how scammers target the elderly and vulnerable.

If you’ve ever been scammed, chances are your name could be on one.

How Do You Know if You’re on a Sucker List?

If you have been scammed online and get more scam messages and mail than others then chances are you are on a suckers list and there is no way to get off the list except by not responding to any scam messages for a long time. Evenetually they may lose interest in you.

How to Avoid Getting on a Sucker List:

Ensure you are registered on mail and telemarketing opt-out or do-not-call lists.

The following article explains how to do register with the various preference services.

http://www.fightbackonline.org/index.php/fightback/17-how-to-fight-back/30-how-to-stop-spam-letters

Don’t reply to offers of money, miracle cures, competition wins etc. If you didn’t enter a competition then  you cannot have won one.

If you are truly being bombarded, consider changing your email address and/or phone number, and keep that confidential/unlisted.

In 2017, sucker’s lists held by National Trading Standards contained nearly 300,000 names.

Be careful not to end up on a sucker list.

If you’ve enjoyed this post or found it useful then do share – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

Online Trading Scams

1. Pump and Dump Schemes

Scammers artificially inflate the price of one or more selected stocks, then encourage traders to buy in (this is called  “pump”) to take advantage of rising prices. However, the shares are over valued and once the scammers think they have pushed the price as far as possible (before people realise what’s going),  the scammers sell their stock (i.e. “dump” is), collect their regards and disappear. The traders innocently caught up in the scheme will see their stock plummet in value, perhaps as far as to zero.

2. Investment Scams

These are basically the same as investment scams to the public offering unrealistically high returns on anything from property to gold bullion to pharmaceutical remedies to shares guaranteed to rise in price.

These scams can be targeted at online traders and are marketed through email, social media and even magazines. Fraudsters typically promise high returns and use fake celebrity endorsements and images of luxury items to entice people to invest in their scams. The ads then link to professional-looking websites where consumers are persuaded to invest by trading themselves using the firm’s platform.

Many victims report initially receiving returns from the scam to give the impression that their trading has been a success. They will then be encouraged to invest more money or introduce a friend or family member to invest. However, then the returns stop, the customer’s account is suspended and there’s no further contact with the firm.

3. Fake Traders

British and Australian victims of a sophisticated enterprise were apparently lured by fake ads posted on Facebook and mobile phone games featuring celebrities such as Gordon Ramsay, Hugh Jackman and the moneysaving expert Martin Lewis.

But the investments in bitcoin, commodities and foreign currencies all appear to be fake.

Victims of the scam were persuaded to install software on their computers and phones that gave fraudsters access to their bank details.

How to protect yourself

  • Be wary of adverts online and on social media promising high returns from investing online.
  • Always be wary if you are contacted out of the blue, pressured to invest quickly or promised returns that sound too good to be true.
  • Always do your own further research on the product you are considering and the firm you are considering investing with.
  • Check the FCA register of authorised firms. If you use an unauthorised firm, you won’t have access to the Financial Ombudsman Service(link is external) or Financial Services Compensation Scheme (FSCS)(link is external), so you’re unlikely to get your money back if things go wrong.
  • Check they are not a clone – a common scam is to pretend to be a genuine FCA-authorised firm (called a ‘clone firm’). Always use the contact details on our Register, not the details the firm gives you.
  • Check the FCA Warning List
  • Check with Companies House to see if the firm is registered as a UK company and for directors’ names.
  • To see if others have posted any concerns, search online for the firm’s name, directors’ names and the product you are considering.

As a general rule, you should consider getting independent financial advice or guidance before making any kind of serious investment. You should make sure that any firm you deal with is regulated by us and never take investment advice from the company that contacted you, as this may be part of the scam. The Money Advice Service has information on investing and about how to find a financial adviser.

Ask Traders has created a guide to online scams targeting traders. It is free to download at https://www.asktraders.com/the-cyber-security-guide-for-trading-beginners/

If you have any experiences with phishing scams do let me know, by email.

Fightback Ninja Signature

The Email Delivery Failure Scam

If you address an email to a non-existent address then you will get a genuine email delivery failure message in return.

That will make sense as you had previously sent out the message that failed.

Usually it just means a spelling mistake but can mean the recipient has deleted that email address or simply that their email mailbox is full.

However, you may also get such delivery failure messages about messages that you didn’t send.

These are usually phishing scam messages and there will be an attachment to download (filled with malware) or a link to click to get you to input your login and password.

These failure message usually have large chunks of technical gobbledegook such as

host mta5.am0.yahoodns.net [67.195.228.109]

Delay reason: SMTP error from remote mail server after pipelined MAIL FROM:<you@gmail.com> SIZE=6745:

421 4.7.0 [TSS04] Messages from 216.120.234.35 temporarily deferred due to user complaints – 4.18.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html

The messages sometimes do not say the message has been rejected, but that it has been delayed or is held in a queue. Makes no difference – it’s just a scam.

Do not click anything or download anything from such email messages.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

Google Play Store Hidden Adverts

Researchers from Avast issued a warning about 47 apps they had found on Google Play Store that are disguised as games but contain adware.

Adware is a type of malicious software that inundates you with incessant pop-ups and messages, such as

“CONGRATULATIONS! YOU’VE BEEN SELECTED FOR A FREE SAMSUNG GALAXY S20! CLICK HERE!”.

These APPS are not malicious, but include adware technology that the user does not know about and is used by spammers and scammers to target people. This can result in your smartphone being overloaded with intrusive and sometimes unpleasant adverts.

Besides being annoying, adware can track the websites you visit and access your personal information,.

These apps had already been downloaded more than 15 million times when found by AVAST.

Avast has provided some tips to help you spot malicious apps:

  1. Carefully check the permissions the app requests before installing it. See what the app is asking to access. If it’s asking for data it should not need, consider this a red flag
  2. Read the privacy policy and the terms and conditions. Most people never do, but you can miss key points on what the APP does if you do not read these.
  3. Read the user reviews and if there’s anything worrying or too many bad reviews then consider dumping the APP.
  4. Install strong anti-malware on your device so that adware and other malicious apps are automatically blocked.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

How Hackers Take Email Addresses From Websites

To build up lists of email addresses that can be sold to spammers and scammers, hackers run software that scans websites and looks for email addresses.

This is called email harvesting and is done on a huge scale.

The hackers typically scan websites, mailing lists, internet forums, social media platforms and anywhere else they can find email addresses online.

The characteristic format for an email address is name@domain.com so it is simple for email harvesters to read web pages and look for the @ symbol as it seldom occurs anywhere on web pages except in an email address.

The harvesters can also check for unusual variations on that theme e.g. User[at]domain.com or User[AT]domain[DOT]com

In web pages, an email link is generally of the format ‘mailto:user@domain.com’ so these can easily be spotted and added to their list by the harvesters.

Many web developers try to stop this happening by disguising any email links such as by displaying the email address as a picture that the user must then type in the address to their email system or by encoding some or all of the letters in the email address.

e.g. “&#65;” is letter A, “&#64;” is letter B and so on.

The simplest approach is to use a contact form instead of an email address link. His works for one email address but not so applicable if you have lots of email address links on the same page.

There are many more ways to hide email address links from harvesters, but whatever you try – make sure not to have such addresses showing in clear text.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

The Secure Padlock Myth

When browsing on the Internet, you will be familiar with the padlock symbol that appears just to the left of the internet address. Depending on your browser, the padlock symbol may be green.

That padlock means ‘secure’ and you should never input any confidential information on a website if there isn’t a padlock symbol showing.

However, this does not mean that the website is safe to use – only that a level of encryption is in use between the browser and the Internet address. This encryption is called SSL.

The little padlock does not mean that the website is safe as criminals can easily get SSL for their fake scam websites.

Google has plans to stop using the padlock symbol as the vast majority of websites now do use SSL security, so would have the padlock symbol.

If you want more details on a website’s security, you can click on the padlock symbol and it will tell you the organisation name for the encryption certificate. If it doesn’t match the domain name (i.e. the Internet address) then that is a red warning flag.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature