Good day, welcome to another bulletin from Breaking Scams…
Scam, just in…
The BBC has come under a lot of stick lately. The gender pay gap became the no more free TV licenses for older folk. But what the BBC doesn’t do is send out phishing emails. No, that is left to the cybercriminal.
This week’s scam landed in my inbox and it looks like I’m not the only one to receive it. In a similar TV License scam reported by the BBC News last month, a couple ended up losing almost £10,000 to scammers. The scam involved a phishing email, purporting to come from TV Licensing. The recipient clicked on a link in the email, then entered their personal data into an online form. After this, the email recipient received a call from the scammer, pretending to be from the recipient’s bank. The scam call resulted in the victim being tricked into moving money into the scammers account (which they believed to be a safe place). This might look like something you would never do, but cybercriminals are not stupid.
The above scam was clever. It used an out-of-band, double whammy, to create a disconnect between entering data with one company and receiving a call from another. This mix of email phishing and vishing (voice phishing) is a great way to circumvent any suspicious people who might otherwise put two and two together and not follow through.
With this in mind, let’s look at this week’s scam email which is shown below.
The Phishing Hooks
The email itself has a number of typical phishing triggers and rouses:
- The title contains an urgent message “Your direct debit has been cancelled“ the reaction the scammer is looking for is, “oh no, I better investigate this” – which results in you opening the email. Hurdle one, get the recipient to open the email.
- Correct brand logo. You’ve opened the email and you are instantly confronted with the TV Licensing logo. The scammers hoping you will believe this is a legitimate email. Hurdle two, make sure the recipient thinks it is really from TV Licensing.
- Email content has a threat or reward. The email body content, in this case, states that if you don’t set up your direct debit you may lose your license and the bailiffs will be called in too. Hurdle three, scare tactics that get a knee-jerk reaction, that the scammers love.
- The link to fix all of this hassle. Finally, after they have drawn you in and made you worried, they say, you can easily make this go away by clicking this link. Hurdle four, if the customer clicks the link you are almost guaranteed they will go on to hand over their personal data.
The Clues in the Phish
So, what gave this email away as a phishing email? What was it that made me stop and think, this isn’t a legitimate email informing me that my direct debit has failed?
Here are the clues:
- The sender’s email address was: firstname.lastname@example.org
This is a malformed email address pretending to be from the actual TV licensing organisation.
- The email does not have a salutation. If this was a real email from TV Licensing, it would have referred to me by my name
- The URL in the link takes you to a spoof site which looks like the TV Licensing site but is, in fact, a phishing site. If you enter your data into the form and then click on the button to setup the direct debit, the scammer will receive your data.
Below is the image of this spoof site. Note it looks real, but the actual URL was https://sbo777.com/ (NOT TVLicensing.co.uk)
NOTE: the use of HTTPS in the URL. This used to be an indicator a website was safe as it uses a digital certificate to verify a website. Now, however, over half of all phishing sites use a security certificate to make their website secure.
DO NOT CLICK ON THIS LINK! The site may also be infected with malware which will infect your machine. We click so you don’t have to.
If you find a TV Licensing email in your Inbox, check the above clues and think before you click.
Why not help your colleagues stay safe and send them this little reminder. Feel free to edit, copy/paste the advice below:
TV Licensing Scam Emails
A scam email which pretends to be from TV Licensing is doing the rounds. This email is a spoof and is not from TV Licensing. The email says that your direct debit for your TV license has been cancelled and needs to be updated.
DO NOT CLICK THE LINK IN THE EMAIL!
This is a phishing email and it will try to steal your personal data. If your data is stolen it may result in a further financial theft – this may be in the form of a phone call which pretends to be from your bank. Also, be aware of scams phone calls.