Phishing and some lessons from our consultant, Michelle..

News and information from the Advent IM team.

Thank you very much to Michelle Horton, an Advent IM Security Consultant for sharing her phishing experiences with us here…

Recently, I was the subject of an attempted phishing attack. I thought, doing what I do for a living, I would be a bit more savvy and notice it a bit quicker. But the realisation struck me that sometimes you have to think about things before they click. The nature of phishing is that it relies on you not thinking. Let me tell you the story…

My fiancé and I are currently looking for a caravan, to attend motorbike race weekends and to the take the dog to the beach. One night at work I get a message from the other half advising me to look at this bargain of a caravan for £4,950, which we thought was probably a typing error and should be £14,950. The details were that a man was selling the caravan for his father who is currently in the Isle of Man and  the instructions were to contact an email address provided for further information. Yes, now, this already seems odd, but then again, I think back to how many times my mom asks me to buy things on the internet… She can reply to an email but that’s about it. So we email, asking to confirm the price or clarify if this is in fact a typing error. A reply comes the next day from a Mr Alan Patterson confirming he is the seller of the caravan and confirmed the price is correct. He also attached a few extra pictures (how nice!). So we say, great! Can we come and have a look next week, and can we have the registration number so we can run a background check on the caravan to ensure it hasn’t been stolen or under finance. This is when things starts to turn iffy…. The reply I receive is that he has already verified with eBay therefore does not have to verify with me and copies in some text from the terms and conditions. He then also advises the caravan is in the Isle of Man so the transaction would be completed by a company called uShip and that we would transfer our funds to them. I checked the listing on eBay again, discovering it had been removed. I googled the uShip company, and whilst is a registered company, had been used as a front for many fraudulent transactions. I took the decision to email back just saying no thanks, no longer interested. Then came the begging emails, that this is too good of a bargain to miss, I should feel special as he has had lots of “inquirers” (spelling mistake from email) and he is offering it to me, with a no obligations refund if I don’t like the caravan on arrival at my home address (which he also needs, along with my full name and phone number). I email back saying thanks but no thanks. The last email was sent back to me with a simple “why?”

The moral of my story is that at first, this could genuinely been innocent, but fraudsters give themselves away, they get too impatient, so be patient and think about it. If Mr Alan Patterson had so much interest, why does he seem to be that upset I have turned him down? Therefore take time to think about what they are saying, the first time you read their email, you are excited and do not notice discrepancies within the text. Mr Patterson, is hoping someone acts in haste on this “really good deal” and doesn’t take a step back to notice that something doesn’t seem quite right.

I have reported the incident to eBay, however it seems the account has been closed.  Sometimes fraudsters wait for you to get in touch with them, and we do it willingly. Even on legitimate sites like eBay. I’m not saying if its too good to be true it probably is,  I’m saying there are sometimes good deals out there, just be cautious. Step back and think before you pay for something or give information out.

Share this Post