BML

Why could Emsisoft not block a scam.

Recommended Posts

I read on the Internet that Scam email is asking BT customers to log in to what appears to be a communication from BT to view their pending bill. Upon which they find that the password is rejected and they lose the ability to send and receive Emails. This puts people at a considerable inconvenience in having to obtain a new password from BT. This the ultra-incompetent BT will only send by Pony Express so it takes days. The experience has created a situation where I will be telling BT to revert to paper accounts which of course, generous folk that they are they will charge me for and bad tempered person that I am will tell BT to stuff whatever services I currently receive from them even if the alternative is inconvenient because I am so annoyed.

However, I have one question which I’m sure will expose my lack of computer skills which is, “Why is Emsisoft not capable of blocking this scam and if they are not able to then just what can one do?  Obviously, I will have to wait until my new password comes from BT before I will be able to read any answers the forum might send.

Share this post


Link to post
Share on other sites

This sort of thing is referred to as phishing. Emsisoft Anti-Malware does have support for blocking phishing pages, however each phishing page has to be manually added to our database. We supplement with data from other sources to increase the effectiveness of the phishing protection that Emsisoft Anti-Malware provides, however new phishing pages appear almost constantly and it can be difficult to keep up with them.

Our extension for Google Chrome, Firefox, Microsoft Edge, etc. (Emsisoft Browser Security) is able to block more phishing sites as it supplements with extra sources that Emsisoft Anti-Malware's Web Protection doesn't. If you're not already using it, then I recommend installing it. The extension also works in Chromium-based browsers other than Google Chrome and Microsoft Edge (Opera, Brave, and Vivaldi for instance).

Share this post


Link to post
Share on other sites
On 11/9/2020 at 7:18 PM, BML said:

I read on the Internet that Scam email is asking BT customers to log in to what appears to be a communication from BT to view their pending bill. Upon which they find that the password is rejected and they lose the ability to send and receive Emails. This puts people at a considerable inconvenience in having to obtain a new password from BT. This the ultra-incompetent BT will only send by Pony Express so it takes days.

Over and over again people are told not to click on links in emails.  This is why.  If you need to login to BT or a bank or HMRC or whoever, ALWAYS use the links that are printed on their statements, (or for HMRC) any of their official letters.  If you keep notes on how you deal with each utility, make sure those notes include the genuine URL and always use the URL you know is right, not something else.  (Clearly these do change sometimes, when eg two banks merge, but you'd have had official letters about that too.)  If you use a password manager, store the genuine URLs in there.  You never need to go to a special site for something - if it's vital for some organisation's customers to "reset a password" or whatever the email says is the case then there will be links to that vital necessity once you have properly logged-in to whatever normal website BT or the bank or HMRC or whoever normally use.

If by "send by Pony Express" you mean "send out by post" you should be glad, even if it is inconvenient.  BT are spending money sending a letter because it's a lot more secure and goes to your home address rather than to an email address that may well have been compromised by the scam.

If you have fallen for this scam, make sure that - if you were foolish enough to use the same password anywhere else - that you change the value used elsewhere at the same time.

It's also useful, if you can, not to use the same email address for everything.  I've my own domain (ie the bit to the righthandside of the @ in an email address) and I give out different email addresses to every company I deal with, different friends etc.  So if an email comes purporting to be from HMRC and it's not to the email address I only use for HMRC (whose emails I filter to a specific folder based on the address they were sent to) it cannot be genuine.  Even emails that do claim to come from Bank X, and arrive in the right folder are not necessarily genuine.  You need to be careful.  Multiple email addresses and passwords are a nuisance to maintain, but it also means that - as in inevitable when yet another company has a data breach - that addresses and passwords revealed by any one such breach are no use at all to any scammer anywhere else.

Edited by JeremyNicoll
typo, and added last paragraph

Share this post


Link to post
Share on other sites

Also - Which? - the UK consumer affairs champion - have a "scam alerts" thing that people can sign up for.  You'll get a couple of emails a week telling you about specific current scams and linking you to discussions about them.  You don't need to be a member of Which? to get these.  See: https://action.which.co.uk/page/s/which-scam-alerts

Share this post


Link to post
Share on other sites
3 hours ago, JeremyNicoll said:

In my defence I have to say that as I'm in my mid 80s I came to computing in my mid 50s unlike so many young people that I meet nowadays who were bought up from a very early age with a computerised device in their hands.  My primary use of a computer is for word processing and as a result I am sorely lacking in the other computer skills younger people have or the ability to understand computer jargon you use such as:

Over and over again people are told not to click on links in emails.” I’m not even sure what a link is. 

If you need to login to BT or a bank or HMRC or whoever, ALWAYS use the links printed on official letters.” 

I answered what I thought was a BT Email only discovering it was not when a security warning came up.

“If by "send by Pony Express" you mean "send out by post" you should be glad, even if it is inconvenient.”

Yes, the message from BT I waited a week for came today and carried precisely the same account password I had been sent previously. On top of that the system BT were attempting to use to send me a PIN Number to my Smart Phone was not working either.

I admire your level of security but if I’m ever forced into that level I will revert to pen and ink.

In conclusion can anyone answer why Emsisoft is not tooled up to deal with these scams and why BT don’t hunt them down?

I will now tell BT to revert to sending my paper accounts but in the meantime I shall be looking for an alternative service that charge me in excess of £60.00  a month for Email and Broadband.

 

 

Share this post


Link to post
Share on other sites

The Which? thing is free, and useful.

> Not sure what a link is

A link is anything (on a webpage) which would take you to another webpage.   Emails that have text with colours, pictures, different fonts etc are written using the same computing 'language' - HTML - that is used to create webpages, and - depending on what software you use to view those mails - will look quite like webpages.  This is the big problem - scam emails look plausibly like pictures of pages at real sites. 

When using a decent browser to view a webpage, any time you position the mouse pointer over a link there'll usually be somewhere on the browser screen that shows you where clicking that link will take you.  For example if you look at any earlier post on a thread here you'll see at the start of each post a grey text like "Posted 19 minutes ago".  Apart from containing information about how old a post is, it's also a link (which if copied and pasted elsewhere would allow someone to come back to that specific post in this discussion).  I'm using Firefox and when I mouse over that link, I get a display at the foot of the screen which shows me that the link is actually to "https:://support...".    That is, when one clicks on that the browser goes off and finds the page whose address is in the link.

Software for displaying emails might not, especially if it's on a mobile phone, be so helpful.   Good software will be configurable so that, for example, it doesn't retrieve photos etc automatically ... and that might help you because a scammer mimicing a BT website (say) may actually grab parts of the real BT site and include it in their email so that their email looks like the real thing.  If one's email software is configured not to fetch such "external content" you might not be fooled.

A common problem with phishing emails is that the text the user sees displayed says a link is to some plausible-looking website name, but the actual site that clicking on that display text will go to is something else entirely.  That's a side-effect of normal HTML practice of being able to define links (eg as words or phrases in sentences) that go somewhere else.  When a user clicks on eg "Quote" (as you'll see at the bottom of each post here) it's /sensible/ that the word they see is "Quote" but the action is to go somewhere...

In the past many emails were written in "plain text" - that is, no fancy fonts, colours etc... and many emails have both the fancy contents and the simpler contents in them. Unfortunately more and more often emails these days don't have the equivalent text in the simpler form.  Nevertheless some people (me for example) usually only read the simple-format part of an email.  Then it's very much clearer when links don't go where the fancy text implied they were going to go.

 

> I answered what I thought was a BT email ...

You say "answered" ... but answering (or replying to) an email shouldn't involve going to a BT (or other) website.   If you end up on anyone's site when "answering" an email you MUST realise that you're possibly being scammed.   Some scammers are technically naive and when their links claim to take you to (eg) a BT site, the real link's value will be nothing like an official website name.  But some scammers use fake website names that are very similar to real ones.  Rather than trying to decide when you look at a link's actual target whether that's a valid place to go or not it is better, FAR BETTER, if you just don't click any link in those mails.  If a mail wants you to login to (they say) the BT site, look at your notes and see what you normally do to logon to BT, and do that again.

 

 

Share this post


Link to post
Share on other sites

Many thanks for the information which I will take a copy of and keep on my Desktop untill I think I have understood it.

Share this post


Link to post
Share on other sites
13 hours ago, BML said:

I’m not even sure what a link is.

This is a link, and they can contain pretty much anything (including the address of a website). That link just takes you back to this forum topic, however technically it could take you anywhere.

As an example, below is another link, however it doesn't take you were it says it will. It shows the address of our support forums, but instead it takes you to Microsoft's website (assuming the forums will actually allow it, as they don't seem to want me to post a deceptive link like that):
https://support.emsisoft.com/

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.