Save money – Have the Kenyan Road Minister pay your TV Licence!

Last month, we looked some of the basic information you need to help unravel whether a website is legitimate or not. I thought this month I’d share a few emails I’ve received, with some tips on how to spot the dodgy ones. Although old-fashioned viruses still exist, the majority of threats to your computer, phone and bank account are unleashed by you clicking on something you shouldn’t.

You might find yourself visiting an infected website (which then infects your computer), visiting a website that impersonates a legitimate website (maybe asking you to ‘update’ your security and credit card details which it then steals) or downloading an infected ‘attachment’ which installs something to send to a hacker on the other side of the world all the logins and passwords you enter. Or you might find you’ve won a lottery you didn’t enter, or been left money by someone you didn’t know, or just been offered a commission for being helpful:

“Dearest One,

I know this mail will come to you as a surprise since we haven’t known or come across each other before considering the fact that I sourced your email contact through the Internet in search of trusted person who can assist me.

I decided to contact you due to the urgency of my situation, My name is Miss Sofia Kipkalya Kones, 26yrs old female and I held from Kenya in East Africa. My father was the former Kenyan road Minister.”

Long story short, following the tragic demise of said Minister, there’s $6,700,000 sitting in a bank, of which 30 per cent will be mine if I can help ‘repatriate’ it. Naturally, my contribution would involve some fees up front, but I’d be more than covered by my ‘commission’.

First rule of internet scams: if it seems to good to be true, it isn’t true.

Mind you, that $2 million dollars would be handy:

“Subject: REMINDER: tvlicensing.co.uk 2020 | Your TV Licence is due for renewal – 4/9/2020 | Reference Number: CD3720427720
Date: Thu, 9 Apr 2020 03:38:17 -0700
From: TV Licensing <no-replays@fedecotopaxi.org.ec>

Hello,

Our records for the TV Licence on email: abc@123.co.uk (actually my private email address) indicates us that is due for renewal.

We do not need to issue you with a new licence until your existing licence is renewed. Your reference number for this change of details is CD4022429890. Please note, your TV Licence number remains the same.

Please visit our website untill April 10, 2020 to view your TV Licence online and update your details – just go to www.tvlicensing.co.uk/yourlicence.”

For space reasons, I’m omitting some of the content of these examples. Like last month, I should say that I’ll be including email addressess and company names where applicable. It could easily be the case that the legitimate owner of these has been scammed and the crooks are using their details without the owner’s knowledge. It could be. Easily.

So, what does CSI Heacham make of the above?

Firstly, it was delivered to an email address I’ve never used for TV Licensing. Ignoring that, try  Googling for tv licensing uk. As discussed last month, ignore anything marked ‘Ad’ – such as www.movemy.co.uk/tv_licence, and you’ll see that the correct website should be https://www.tvlicensing.co.uk/ 

That being so, why has this email arrived from no-replays@fedecotopaxi.org.ec ? Further down, it says ‘Just go to www.tvlicensing.co.uk/yourlicence’ which looks legitimate…

Until you hover your mouse over that link. This is the first line of defence against dodgy emails. When you hover your mouse over the thing a dodgy email wants you to click, you’ll often see – either at the bottom of the screen or as a pop-up – the actual address that clicking will take you to. You can get the same information on a mobile phone or tablet by putting your finger on the link and holding it down. After a second or so, a pop-up will show where you’d be heading if you tapped the link.

In this case, it wanted to go to http://www.ottenandpartners.co.za/aspnet_client/432thsdfhd.html

I’ve deliberately not made these links clickable to protect the unwary, but if you hover your mouse over the legitimate TV Licensing link above you should see this in action.

As we learned last month, ignore the http:// and everything after the first remaining / so we’re left with ottenandpartners.co.za – a company in South Africa. I’m fairly sure that’s not where TV Licencing has been outsourced to, so consider that a scam.

‎I’d email someone about this but:

“Subject: Important changes to your 1&1 lONOS emails:
Date: Wed, 15 Apr 2020 20:42:17 +0100 (BST)
From: 1&1 lONOS <simon@schfiresafety.co.uk>
Reply-To: 1&1 lONOS <simon@schfiresafety.co.uk>

New functions and updates for lONOS email have been published and we will inform you in writing before we apply them to your IONO email.

We may store incoming messages if we have not received your approval on or before April 17, 2020 to apply these new changes to your lONOS email.

We have made the authorization process easy, you may proceed to authorize this changes at   webmail.lonos.co.uk/Mail&Update.”

Now, I use 1&1 IONOS for some of my work, although I’ve never known them send an email from schfiresafety.co.uk before. Hmmm. Let’s see where that click will take me – hovers mouse and looks in left-bottom corner:

https://update.lonos.com.neptuneinternational.co.in/

You know this bit by now. Drop the https:// and anything after the first /, leaving update.lonos.com.neptuneinternational.co.in/

Last month’s article touched on ‘sub-domains’ like news.bbc.co.uk being part of bbc.co.uk. The rule is, find the Top-Level-Domain (the bit that tells you the country, like .co.uk or, here, .co.in) then work your way back from there to the first full stop you come to and then ignore everything before that.

So we can ignore the update.lonos.com, leaving us with neptuneinternational.co.in/

Is that a likely address for ionos.co.uk?

All of these examples want me to enter personal details, passwords, email address and banking details. Follow these rules and you should be able to avoid getting scammed into handing them over. Stay well and stay safe.

This entry was posted in scams and cons, Security. Bookmark the permalink. Both comments and trackbacks are currently closed.