{"id":13426,"date":"2018-09-25T02:10:05","date_gmt":"2018-09-25T10:10:05","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/09\/25\/news-7193\/"},"modified":"2018-09-25T02:10:05","modified_gmt":"2018-09-25T10:10:05","slug":"news-7193","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/09\/25\/news-7193\/","title":{"rendered":"100 channels and nothing on, except TV Licensing phishes"},"content":{"rendered":"

Credit to Author: Christopher Boyd| Date: Tue, 25 Sep 2018 09:00:00 +0000<\/strong><\/p>\n

We\u2019ve seen a lot of people referencing fake TV Licensing emails they\u2019ve received over the last few days. The majority so far appear to be fake refund notices, asking potential victims to log in to a phony TV License website and provide payment details for refunds. It’s definitely keeping customer support busy:<\/p>\n

\"licensing<\/a><\/p>\n

Click to enlarge<\/p>\n

Many of the URLs we\u2019ve looked at are down now, but not all, so we thought we\u2019d take a look.<\/p>\n

The scam pages are what we\u2019d describe as functional; a fairly accurate depiction of what one might expect to see on a genuine refund page hosted on the TV Licensing website<\/a>. In this example, the site claims the visitor is owed a \u00a3147 refund, though there are variable amounts quoted in the scam mails, as we\u2019ll see later.<\/p>\n

Here\u2019s one of the scam sites in question, located at:<\/p>\n

tv(dot)licensing(dot)secured(dot)ref(dot)pbmsim(dot)com\/tv-secure\/<\/p>\n

\"fake<\/a><\/p>\n

Click to enlarge<\/p>\n

Alongside the usual personal information scammers like to obtain, the site wants both card details and bank account information, which could result in extended discussions with the bank afterwards to get everything straightened out. They also ask for mother\u2019s maiden name, presumably for additional social engineering attempts further down the line (or even just a general grab for a password reset answer).<\/p>\n

As with many of these scams, the site claims the victim needs to give \u201ctwo to three days\u201d to allow for the refund to be processed. This is a tactic as old as the hills to give the scammers enough breathing room to do their damage while the victim does nothing, eagerly awaiting a refund that\u2019s never going to arrive.<\/p>\n

General observations<\/h3>\n

A lot of the sites finding their way into people’s inboxes may not be from the same campaign, and as a result, they’re all doing many different things. Below, we’ve tried to pin down some of the common patterns we’ve seen from this spam blast.<\/p>\n

1) Some of the sites currently bouncing around have a copyright notice of 2017, whereas the rest say 2018. While this probably isn\u2019t enough to tip someone off that the site they\u2019re looking at is a fake, it might help tip the balance for some.<\/p>\n

2) We haven’t seen any HTTPs sites (yet), but that doesn’t mean they’re not out there. This is the part where we gently remind everyone that phishing pages can and do make use of HTTPs to make things look more legitimate, and given the amount of free certificate services on offer, it’s not exactly difficult to achieve. Here’s what you see on the non secure site up above from our example:<\/p>\n

\"(Lack<\/a><\/p>\n

Click to enlarge<\/p>\n

3) Refund amounts and deadlines listed in the mails vary widely. We’ve seen a few people complaining about phishing attempts in the region of \u00a3124.50<\/a>, with 30\u00a0September being given as the deadline to process any refund requests. The longest deadline time we\u2019ve seen is \u201c2 to 4 weeks<\/a>,\u201d which is an incredibly long time for a scammer to assume a potential victim will still be waiting around for their money.<\/p>\n

The largest fake refund amount we\u2019ve seen cited so far is a whopping \u00a3492.57<\/a>. Given that a colour TV License costs somewhere in the region of \u00a3150<\/a>, there\u2019s no possible way someone could be owed close to \u00a3500 for a year\u2019s worth of TV Licenses unless something had gone massively wrong.<\/p>\n

4) The sites look similar, but don’t follow a uniform template. Below is one (now offline) example, which looks quite a bit different from the one up above, separating the various requests for information onto separate pages.<\/p>\n

\"another<\/a><\/p>\n

Click to enlarge<\/p>\n

5) There\u2019s also been a few mentions of dubious PDF attachments<\/a>\u00a0on Twitter, but so far no word as to if they\u2019re loaded with malware or simply an additional part of the phish. Some scammers will attempt to make their missives look more legitimate with fancily thrown together PDFs to give everything an extra veneer of “this is definitely the real thing.” Just because an attachment is present, doesn\u2019t necessarily mean it\u2019s an infection file. (Of course, we\u2019d never advise opening one to check.)<\/p>\n

Final thoughts<\/h3>\n

This isn’t an overly complicated scam, but then again, it doesn’t need to be. Asking for a few hundred pounds from people here and there quickly adds up, and fear of not paying your TV License on time is almost something of a panic reflex<\/a> for the British. It makes sense, then, for scammers to take advantage of people’s wariness and thank their lucky stars for a too-good-to-be-true license refund.<\/p>\n

If you’re worried, check out the TV License website’s advice on phishing scams<\/a>, and be wary of any emails claiming to offer up cash, no matter the amount. There’s a good chance the missive in front of you needs to be deposited where it belongs: in the recycle bin.<\/p>\n

The post 100 channels and nothing on, except TV Licensing phishes<\/a> appeared first on Malwarebytes Labs<\/a>.<\/p>\n

https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Christopher Boyd| Date: Tue, 25 Sep 2018 09:00:00 +0000<\/strong><\/p>\n\n\n\n
<\/a><\/td>\n<\/tr>\n
A recent bout of TV Licensing phishing emails promise British users a refund once they log in to a phony TV License website and provide payment details. Read on to see if you’ve been impacted.<\/p>\n

Categories: <\/p>\n