PayPal Malware.

Just wait until the new electronic covid girl friend starts hitting you up for maintenance payments...

Screenshot (1511).png
 
These fraudsters are getting surprisingly good at convincing you they are who they claim to be.

Around twelve months ago, I was travelling around the M25 from Reigate back to the vicinity of Heathrow when my phone rang. I checked out the screen and it said companies house. I answered it because my company accounts while not imminently due were going to be so in roughly a months time. I wondered if there was a problem or perhaps I’d made a mistake over the dates they were due or something.

I answered it and some bloke started talking to me and I cut him short explaining that I was whizzing around the M25 and would phone him back in roughly an hours time.

So when I arrived home not long afterwards, I firstly phoned my accountant and asked him why would companies house phone me? He said he didn’t know why. He also said that he hadn’t heard of them phoning anybody before and anyway, my accounts weren’t even due in for another five or six weeks.

I said goodbye to my accountant and went to the number on my phone that said companies house from when the guy had phoned me earlier and press the dial button. Unsurprisingly, I got through to companies house.

I explained who I was and that I was returning their call to me. They found that strange because they hadn’t called me. I explained that they must have called me because their number was on my phone and it even said companies house on my phone screen. They then further explained that they don’t phone anybody to discuss accounts. All communication with companies was only through written correspondence if communication was necessary.

I queried that point because their phone number was on my phone. Somebody had spoken to me earlier and when I returned the called, I had simply pressed redial and here I was talking to the genuine article!

They re-iterated that they do not call anybody. They only write to people if they need to communicate about a problem.

They then said I’d received a call from someone impersonating a companies house employee. If I’d continued the conversation with that individual, they would have informed me of some problem or other and told me that Inneeded to make an immediate payment over the phone to rectify the problem.

By being on the M25 and quickly discontinuing the call, I’d not let them get to that part of the conversation that they intended to have.

I have to say, it wouldn’t have done them any good because all my dealings with the genuine article are usually through my accountant and I would have talked to him first before offering my card details over the phone.

But my point is, they hijacked the phone number of the proper authorities to make that call. It wasn’t a similar number something that you might think was possibly a fake and part of a scam. It was actually the right phone number for companies house!
 
Last edited:
These fraudsters are getting surprisingly good at convincing you they are who they claim to be.

Around twelve months ago, I was travelling around the M25 from Reigate back to the vicinity of Heathrow when my phone rang. I checked out the screen and it said companies house. I answered it because my company accounts while not imminently due were going to be so in roughly a months time. I wondered if there was a problem or perhaps I’d made a mistake over the dates they were due or something.

I answered it and some bloke started talking to me and I cut him short explaining that I was whizzing around the M25 and would phone him back in roughly an hours time.

So when I arrived home not long afterwards, I firstly phoned my accountant and asked him why would companies house phone me? He said he didn’t know why. He also said that he hadn’t heard of them phoning anybody before and anyway, my accounts weren’t even due in for another five or six weeks.

I said goodbye to my account and went to the number on my phone that said companies house from when the guy had phoned me earlier and press the dial button. Unsurprisingly, I got through to companies house.

I explained who I was and that I was returning their call to me. They found that strange because they hadn’t called me. I explained that they must have called me because their number was on my phone and it even said companies house on my phone screen. They then further explained that they don’t phone anybody to discuss accounts. All communication with companies was only through written correspondence if communication was necessary.

I queried that point because their phone number was on my phone. Somebody had spoken to me earlier and when I returned the called, I had simply pressed redial and here I was talking to the genuine article!

They re-iterated that they do not call anybody. They only write to people if they need to communicate about a problem.

They then said I’d received a call from someone impersonating a companies house employee. If I’d continued the conversation with that individual, they would have informed me of some problem or other and told me that Inneeded to make an immediate payment over the phone to rectify the problem.

By being on the M25 and quickly discontinuing the call, I’d not let them get to that part of the conversation that they intended to have.

I have to say, it wouldn’t have done them any good because all my dealings with the genuine article are usually through my accountant and I would have talked to him first before offering my card details over the phone.

But my point is, they hijacked the phone number of the proper authorities to make that call. It wasn’t a similar number something that you might think was possibly a fake and part of a scam. It was actually the right phone number for companies house!
 

Wordsmith

LE
Book Reviewer
The number of cyber incident and breaches is up significantly since the Covid 19 lock down. With more companies working from home - and not doing that securely - it's been a hacker/malware paradise.

Some simple rules of thumb.
  1. Never click on a link in a text message or email - that can take you to an attacker controlled website indistinguishable from the genuine article
  2. Google the company concerned to verify the real URL or phone number and use those to make contact via.
  3. If ringing a phone number, use something other than the phone you used; i.e. if contacted on a landline, use your mobile phone. These is a scam called the 'no hang up scam' where the fraudster does not hang up and when you dial the original phone reconnects to the active line.
  4. No legitimate company will ask you for username and password over the phone. And a fraudster, when armed with those details, has exactly the same rights and privileges as you in that system.
  5. Where possible use multi-factor authentication. You can - for example - on Amazon set up your account to require a six digit code sent to your mobile phone before you can log in. That way, even if your username and password are compromised, the attacker would still require access to your mobile phone to access your account.
  6. Never use the same password for sensitive accounts. For example, if you have two different on line bank accounts, use completely different usernames and passwords for the two accounts. If a hacker compromises one username/password combination, the first thing they will do is try them against any other accounts they think you might have.
  7. Remember it doesn't have to be a mistake by you to have your credentials compromised. They are stored in the back-end systems at the website you are connecting to. If those back end systems are hacked, your username and password will become known to the hacker(s).
Wordsmith
 

Latest Threads

Top