In400metreskeepright wrote:

I have a User ID, Password and then 3 factor entry. for my LloydsTSB

No, that is one factor - what you know.

Other banks have a hand-held chip & pin device or sms verification which
checks a second factor - what you have. To take money out of these
accounts, you need to know something - the User ID, password and secret
answers, and have something - a chip & pin card, or a mobile phone tied to
a particular phone number.

"Rob Graham" wrote in message
...
Andy Pandy wrote:
"Robin Graham" wrote in message
...
In400metreskeepright wrote:
please confirm your details...

yes right.
I'm surprised you haven't had one before, and also from other pseudo
companies. They seem to be part of the scenery nowadays.

What I find odd is that warnings that are given regarding visiting these
sites do not tell you to look at the URL in the address bar. If it's not
a genuine site the URL will look unusual, suspicious, and probably from
another country. Never will it look like, e.g. LloydsTSB.com.

It's easier just to tell people not to click on links in emails. If you
tell them to examine the URL they need to know exacty what their looking
for - a dodgy URL could easily include lloydstsb.com eg
http://www.lloydstsb.com.xxx.ru/update/



Sure, but then there's the giveaway at the end.

To someone who knows what they're looking for. To someone who doesn't
understand the formats of URLs it could look genuine.

It's easier to advice people not to click on links in emails than to
describe what a genuine URL should look like.

--
Andy

Andy Pandy wrote:

"Rob Graham" wrote in message
...
Andy Pandy wrote:

It's easier just to tell people not to click on links in emails. If you
tell them to examine the URL they need to know exacty what their looking
for - a dodgy URL could easily include lloydstsb.com eg
http://www.lloydstsb.com.xxx.ru/update/

Sure, but then there's the giveaway at the end.

To someone who knows what they're looking for. To someone who doesn't
understand the formats of URLs it could look genuine.

It's easier to advice people not to click on links in emails than to
describe what a genuine URL should look like.

It may be easier, but is it effective? After all, it's easier to tell
kids not to cross the road than to teach them the Green Cross Code.

"Andy Pandy" wrote in message
...

"Rob Graham" wrote in message
...
Andy Pandy wrote:
"Robin Graham" wrote in message
...
In400metreskeepright wrote:
please confirm your details...

yes right.
I'm surprised you haven't had one before, and also from other pseudo
companies. They seem to be part of the scenery nowadays.

What I find odd is that warnings that are given regarding visiting
these sites do not tell you to look at the URL in the address bar. If
it's not a genuine site the URL will look unusual, suspicious, and
probably from another country. Never will it look like, e.g.
LloydsTSB.com.

It's easier just to tell people not to click on links in emails. If you
tell them to examine the URL they need to know exacty what their looking
for - a dodgy URL could easily include lloydstsb.com eg
http://www.lloydstsb.com.xxx.ru/update/



Sure, but then there's the giveaway at the end.

To someone who knows what they're looking for. To someone who doesn't
understand the formats of URLs it could look genuine.

It's easier to advice people not to click on links in emails than to
describe what a genuine URL should look like.

My best advice (which no one else ever gives) is:

Try the site out first with bogus login info and if the page says "thank
you" then you know it's a scam.

(though I accept there are other reasons for not clicking the link)

tim

"tim...." wrote in message
...

"Andy Pandy" wrote in message
...

"Rob Graham" wrote in message
...
Andy Pandy wrote:
"Robin Graham" wrote in message
...
In400metreskeepright wrote:
please confirm your details...

yes right.
I'm surprised you haven't had one before, and also from other pseudo
companies. They seem to be part of the scenery nowadays.

What I find odd is that warnings that are given regarding visiting
these sites do not tell you to look at the URL in the address bar. If
it's not a genuine site the URL will look unusual, suspicious, and
probably from another country. Never will it look like, e.g.
LloydsTSB.com.

It's easier just to tell people not to click on links in emails. If you
tell them to examine the URL they need to know exacty what their
looking for - a dodgy URL could easily include lloydstsb.com eg
http://www.lloydstsb.com.xxx.ru/update/



Sure, but then there's the giveaway at the end.

To someone who knows what they're looking for. To someone who doesn't
understand the formats of URLs it could look genuine.

It's easier to advice people not to click on links in emails than to
describe what a genuine URL should look like.

My best advice (which no one else ever gives) is:

Try the site out first with bogus login info and if the page says "thank
you" then you know it's a scam.

With respect, that is bad advice and the best advice is to not even click on
the email in the first place!

(though I accept there are other reasons for not clicking the link)

Or opening the email at all.

No bank is going to send you such an email. Just dump the stuff. Keep the
preview pane closed at all times.!!!!

Never assume that a communication from a bank or BS is genuine. ASk how you
are to verify who they are. They may ask you to verify by phoning the
number on the reverse of a CC, or other number you can obtain independently.
If they ask you to verify your details, don't tell them anything, but ask
them to
verify their details. Try not to be a mug

GPG

"Alan" wrote in message
...
In message , Robin Graham
wrote

What I find odd is that warnings that are given regarding visiting these
sites do not tell you to look at the URL in the address bar. If it's not a
genuine site the URL will look unusual, suspicious, and probably from
another country. Never will it look like, e.g. LloydsTSB.com.

A lot of credit card "security" pages look like Phishing sites with a URL
containing a sting of random characters.

--
Alan
news2009 {at} admac {dot} myzen {dot} co {dot} uk

"tim...." wrote in message
...

"Andy Pandy" wrote in message
...

"Rob Graham" wrote in message
...
Andy Pandy wrote:
"Robin Graham" wrote in message
...
In400metreskeepright wrote:
please confirm your details...

yes right.
I'm surprised you haven't had one before, and also from other
pseudo companies. They seem to be part of the scenery nowadays.

What I find odd is that warnings that are given regarding
visiting these sites do not tell you to look at the URL in the
address bar. If it's not a genuine site the URL will look
unusual, suspicious, and probably from another country. Never
will it look like, e.g. LloydsTSB.com.

It's easier just to tell people not to click on links in emails.
If you tell them to examine the URL they need to know exacty what
their looking for - a dodgy URL could easily include
lloydstsb.com eg http://www.lloydstsb.com.xxx.ru/update/



Sure, but then there's the giveaway at the end.

To someone who knows what they're looking for. To someone who
doesn't understand the formats of URLs it could look genuine.

It's easier to advice people not to click on links in emails than
to describe what a genuine URL should look like.

My best advice (which no one else ever gives) is:

Try the site out first with bogus login info and if the page says
"thank you" then you know it's a scam.

Apparently some of these are done in real time - ie either someone is
sat waiting for login details to be entered and then immediately
enters it onto the real website or they could use an application to
take the login details and enter them on the bank's real website,
analyse the response, and provide the appropriate response to the
victim. I've written asp.net applications to take input from a user,
enter them on a different website, analyse the reply and send the user
an appropriate response, so I wouldn't rely on that.

--
Andy

"In400metreskeepright" wrote in message
...
please confirm your details...

yes right.

I've just got one pretending to be BT. WTF would anyone want BT
account login details - surely all you'd be able to do is see bills,
change payment method, sign up for new services etc.

--
Andy

In message , Andy Pandy
writes

I've just got one pretending to be BT. WTF would anyone want BT
account login details - surely all you'd be able to do is see bills,
change payment method, sign up for new services etc.

--
Andy

....Get a list of every phone number you call; print off a bill, which
could be used as a contribution to stealing your I/D...
--
Gordon H
Remove "invalid" to reply

"Gordon H" wrote in message
...
In message , Andy Pandy
writes

I've just got one pretending to be BT. WTF would anyone want BT
account login details - surely all you'd be able to do is see bills,
change payment method, sign up for new services etc.


...Get a list of every phone number you call;

Which would be useful for?

print off a bill, which could be used as a contribution to stealing
your I/D...

Possibly, but I thought bills printed off the web weren't usually
acceptable as proof of ID, and as you say it wouldn't be enough on its
own.

--
Andy