I have been receiving emails purporting to be from my internet provider saying my last payment by card was declined and offering a login so I could fix the problem. The disguised link leads to http://www.bearyhouseaxman.tech/ which is not my ISP!
I have munged the link in case but it is probably safe unless you decide to give them your personal details. I will give the correct link if you PM me. This is what you see:
There is a directory for each ISP that they are attempting to scam. Each leads to a login screen copied from the real web site of an ISP but obviously not provided by that ISP. Don’t give them your login or any personal details!
This web page may not last very long as they seem to change them fairly quickly.
So if you get such an email do not click on anything, phone your ISP on a number you know is correct (not a number in the email) and check.
I’ve mostly evaded the onslaught of phishing emails. The attempts to outwit the average consumer come in many disguises. Some more obvious than the other.
Genuine messages from myGov come to me via SMS or email and simply advise there is a new message in the myGov inbox. No links included and clear advice not to reply directly.
I’m still amazed by the number of organisations and businesses from whom we receive correspondence containing imbedded links of one form or another. Hopefully with a little care the warning signs are still relatively easy to spot. I’m beginning to ask myself how much longer it will be before the quality of the phishing improves to a point it is difficult to distinguish.
Two examples of phishing emails both trying a MyGov theme.
Both escaped the email scanner!
Both are not genuine.
The sender detail should be sufficient warning, although I’ve one email viewer that does not immediately show the sending address, only the name attached.
It’s not easy to be sure. Some prior important communications used to include my member or account number in the body of the email. Others included a statement as an attachment which had the physical address, billing address, customer number and account number etc all easily read.
Of course if a customers details have been compromised such details are also accessible to the hacker.
Many businesses now offer apps for Android and Apple. These can include billing and setting payment reminders. Staying safe with the digital transition, there has to be a better way?
Enquiry / feedback details sent to Australian Cyber Security Hotline:
My wife and I are members of Medibank Private. My wife received an email today advising that her details have been compromised in the Medibank cyber attack.
The email had 10 hyperlinks . The email had a reference number which did not mean anything to us.
The email contained the advice Making sure to verify any communications you receive to ensure they are legitimate. This took a phone call of 1 hour and 45 minutes to do.
Would not Medibank Private, given their current experience, be better advised to send a brief email, containing a reference ID, and asking their customer to contact them through their publicly listed telephone number?
Response from Australian Cyber Security Hotline:
Thank you for your enquiry to the Australian Cyber Security Centre (ACSC).
In regards to the Medibank data breach the following three sites will provide you all the information you need to protect yourself going forward.
I have a policy of NEVER responding to email requests of any sort. If I think the topic/message has merit I will go through the formal channels to contact the sender. I also never answer phone calls unless I personally know the caller.
If you use Google Gmail you may see one or two spam/phishing or any other type of fraudulent/scamming e-mails a year. Cannot remember when I last saw a dodgy e-mail come through on GMail. Only use my ISP e-mail account where I know it is not in a public space or accessible to others.
I have set my phone to only ring when the caller is in my contacts list - otherwise they go direct to message service. This is a pain if getting calls back from entities like government departments or vendors where calls originate from undisclosed numbers - if I am expecting these I turn the feature off for a short while.
I assume you mean do some to damage the phone’s hardware or firmware if the call is connected. I am unaware of any such damage occurring. If they ask you to do something such as installing a malicious app or providing access (such as with a PC), they can cause damage but this requires action of the call recipient.
The main damage from answering is being distracted and wasting one’s time.
It is safe to answer calls on the phone. But if it is a cold caller or scammer, they will know they have a number that has a person on the end who is willing to answer the phone. A ‘live’ number that is in use.
You may well be pestered more by the same caller, or others.
Sometimes I answer calls that are not in my address book, but I make sure to answer with a simple ‘hello’ and not my name. And divulge nothing until I am sure I am talking to a genuine caller.
That can be fun.
I get calls from those trying to flog me solar panels with the Gov rebate.
I usually tell them I have moved on from solar and have a Plutonium 238 heat generator thermocouple in the garage that I bought surplus from NASA.
That usually ends the call.
Thanks PHB, Phil and Gregr. In keeping with the latter’s reply, about a year ago I answered a call from a mobile with the same first 7 digits as my mobile number. From memory, no one spoke on the other end. This was followed over the next few months by about 6 more calls with the same first 6 or 7 digits as my mobile. They eventually seemed to give up when I didn’t answer any more calls.
Of interest/annoyance, I received a text message at about 4am recently. A text at that time would seem to be a dead giveaway of a scam, especially about processing credit ASAP with a link from linktdrt. It is a known phishing scam according to Linkt.