cancel
Showing results for 
Search instead for 
Did you mean: 

Overpayment Refund Scam Email Warning

mervyncp
Newbie
Posts: 1
Registered: ‎22-06-2007

Re: Overpayment Refund

Had this email today.  It's an obvious scam to get your banking details, but it is very well designed to fool people that it is genuine.

shutter
Community Veteran
Posts: 22,301
Thanks: 3,815
Fixes: 66
Registered: ‎06-11-2007

Re: Overpayment Refund

@willcutforth  I did try to send the whole thing ( view source ) to abuse@plus.net... BUT GMAIL BLOCKED IT.. said it was spam/scam    HUH !.

So... I then cut off the bottom half... the bit with the link in , and sent you ( abuse@plus.net ) the header and the main part of the text.

For all other information see my screenshot at the top of this thread.

Thank you.

Ex PN customer.

 

GDD1000
Dabbler
Posts: 13
Thanks: 5
Registered: ‎23-12-2016

Re: Overpayment Refund

I've had this too.  I noted the reply address was incorrect and surmised it was a scam.  I think it might be a good idea if Plusnet issued a general warning.

Townman
Superuser
Superuser
Posts: 24,096
Thanks: 10,246
Fixes: 176
Registered: ‎22-08-2007

Re: Overpayment Refund

Question to those who have received the email.

Was the mail address and the account name yours?

It begs the question where were all of these mail@youraccount.plus.com email addresses harvested from?

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

GDD1000
Dabbler
Posts: 13
Thanks: 5
Registered: ‎23-12-2016

Re: Overpayment Refund

Yes, it was my Plusnet e-mail address. 

dplusr
Dabbler
Posts: 14
Thanks: 8
Registered: ‎10-10-2016

Re: Overpayment Refund

I've had it too. No, there isn't necessarily a Plusnet security issue. It's addressed to myname@surname.plus.com i.e. my email address, not my name, although my name could be guessed from the address. So they only need to have got hold of my email address and, whilst I don't publish that, it's probably in a fair few places. Also any compromised email account that had received emails including my address could be a source - no need for that to be a Plusnet account of course.

Dan_the_Van
Hero
Posts: 3,148
Thanks: 1,568
Fixes: 90
Registered: ‎25-06-2007

Re: Overpayment Refund

Has anyone checked https://haveibeenpwned.com/ to see where the security breach might have occurred and when?

This was no doubt an attempt to harvest your bank account details.

 

JonoH
Hero
Posts: 4,346
Thanks: 1,563
Fixes: 157
Registered: ‎29-09-2011

Re: Overpayment Refund


@dplusr wrote:

I've had it too. No, there isn't necessarily a Plusnet security issue. It's addressed to myname@surname.plus.com i.e. my email address, not my name, although my name could be guessed from the address.


That email address was compromised by a hack into Dropbox in 2012 along with 10's of millions of people who also had their emails and passwords harvested.

 

@shutter your email and password have been found in a spam list sent by a massive spambot called Onliner Spambot with a Netherlands IP address (711m unique email addresses) 

 

Sadly, one of the downsides of ISP email addresses is that it makes it much easier to target our customers, of those 711m unique email addresses for example there will be a good number of plusnet email addresses. If there's enough it's worth creating a good piece of tailored phishing.  I'm really glad that nobody has fallen for this yet.

 Jono H
 Plusnet Community Manager
irritablegit
Rising Star
Posts: 117
Thanks: 10
Fixes: 1
Registered: ‎28-03-2009

Re: Overpayment Refund

Pardon me for being slightly sceptical of that explanation ... but I've never used Dropbox in my life, so I would suspect another source.

 

And why from 2012  ....  that's a long time ago ...

 

I wonder how many of the recipient email addresses did not even exist in 2012 ...

 

 

jab1
Legend
Posts: 19,267
Thanks: 6,325
Fixes: 290
Registered: ‎24-02-2012

Re: Overpayment Refund

@irritablegit Because these spam-artists keep 'going back' to these lists - especially the really big ones.

Good final point though, although that information will not be released, for obvious security reasons.

Seems to have gone quiet on this subject, so maybe the offending sender/server has been shut down?

John
JonoH
Hero
Posts: 4,346
Thanks: 1,563
Fixes: 157
Registered: ‎29-09-2011

Re: Overpayment Refund


@irritablegit wrote:

Pardon me for being slightly sceptical of that explanation ... but I've never used Dropbox in my life, so I would suspect another source.

 

all I did was pop your email address in here this is a central hub for all known hacks and distribution lists that have been found in the wild.

@jab1 it doesn't matter that this specific one was harvested in 2012 or indeed how many email addresses that received this weren't created then. As I'm sure you're aware lists get created from a number of different hacks from different periods of time and then sold on to groups looking to create scams. 

 Jono H
 Plusnet Community Manager
irritablegit
Rising Star
Posts: 117
Thanks: 10
Fixes: 1
Registered: ‎28-03-2009

Re: Overpayment Refund

It wasn't MY email address ...

jab1
Legend
Posts: 19,267
Thanks: 6,325
Fixes: 290
Registered: ‎24-02-2012

Re: Overpayment Refund

@JonoH Yup, sorry, my reply was possibly not well-presented.  As I'm sure you're aware, I've been around the WWW for almost as long as it has existed, and nearly been caught in the early days, but common sense - and good advice received back in those days, means I've never actually fallen for an email scam in all that time,

John
JonoH
Hero
Posts: 4,346
Thanks: 1,563
Fixes: 157
Registered: ‎29-09-2011

Re: Overpayment Refund


@irritablegit wrote:

It wasn't MY email address ...


My apologies, I simply entered the email address that you use here on the forum. That email address has been compromised.

Check out the link it's really eye-opening to see just how many lists exists and how many places have been hacked.

 Jono H
 Plusnet Community Manager
shutter
Community Veteran
Posts: 22,301
Thanks: 3,815
Fixes: 66
Registered: ‎06-11-2007

Re: Overpayment Refund

@JonoH Not sure about the password... but yes, I do know that my pn email address has been passed around... I`m not that worried.... as you can see, I am reasonably well awere of these scams.  This particular one did not mention me by name, it only used the email address in the three blacked out areas.  so I suspect it was, as you say, just passed around for the spammers to take advantage of.

Just thought I would pass the message on to PN via the forum, and for the benefit of others, who may well have been "taken in" by it.