November 29, 2018

Good day, welcome to another bulletin from Breaking Scams…


Scam, just in…


This week, a colleague opened their inbox to find an email that was said to be from UK TV Licensing. The sweetener of the email being the recipient had overpaid several hundred pounds which they could now reclaim; oh, if only this were true.

There were around 2,500 complaints made from UK citizens about a similar TV Licence scam in September and October of this year – our colleague received this spoof email in the last week, so scammers are still focusing on TV licence scams.

The “TV Licence” email received, was a typical phishing email. If you looked at the content carefully, you would notice a number of things alerting you to the spoof nature of the email:


  1. The header was odd. The email title being: INCOME OVER-PAYMENT RETURN – REF. 30581788Z2220917571. Note that there is a call to action in the title – this time for an ‘overpayment’. Other action items might be “security alert” or “upgrade needed”. Action items with urgency are often used to get you to open the email.
  2. The email contained a “Claim your refund now” link. If you held a cursor over the URL the link showed as https://balanceskin.co/pip/. we checked out this URL and found it was hosted in Columbia.
  3. The originating email address was dubious: tv.licensing.mail5748121004812@871938.910157-284719157381.repayments-tvlicence.com
  4. There were typos, e.g. “Licnsing
  5. It was too good to be true


Clicking on the “Claim your refund now” link is the scammer’s goal – the potential reward for doing so, a refund of hundreds of pounds.


We clicked on the link on your behalf to show you what happens:


Once the link was clicked, a spoof of the UK TV Licensing site opened. This showed a web form asking the visitor to enter personal details to request the refund (as promised).



If we had continued to go through the process, entering personal data and requesting the spoof refund, the personal data entered in the form would have then been sent over to the hackers hosting the site. The collected personal data would then be used for further nefarious acts such as selling onto cybercriminals on the Dark Web or perpetrating fraud through identity theft, directly.


Phishing emails like this work because they trick us into doing things like clicking a link to request a refund or fixing a security issue or updating a password. The way to trick the trickster is by knowing what you are dealing with. Using the steps below will help you to prevent yourself, your staff, and your business, from becoming unwitting victims of a cyber-scam:


  1. Use a good security awareness training program with phishing simulations to train staff to spot the signs of a phishing email
  2. Keep browsers and other software patched and up to date
  3. Avoid clicking links in an email; instead go directly to a website by typing the URL into the browser


And remember, if something seems too good to be true, it probably is.


Don’t forget to share this with your colleagues and friends and help them stay safe.

Let’s keeping breaking scams!

Share this: