glasgowcyclist
Charming but somewhat feckless
- Location
- Scotland
I think it's still good value, it's less than the price of a KitKat a day.
Very nearly got ripped of this morning.
- Thread starter davidphilips
- Start date
Page may contain affiliate links. Please see terms for details.
I think it's still good value, it's less than the price of a KitKat a day.
D
Deleted member 26715
Guest
Interesting I don't eat kitkats or use the BBC, luckily I only have to pay for one of them
oldwheels
Legendary Member
- Location
- Isle of Mull
The general advice is never to click on a link. You can check by going to the site separately. I got one today telling me my broadband contract was coming to and end and would have to be renewed. It was obviously fake but I just went into my suppliers web site separately and checked. Sure enough no mention of contracts.
classic33
Leg End Member
Two or Four fingered?
Seevio
Guru
- Location
- South Glos
Lies!
https://www.tesco.com/groceries/en-GB/products/292743872 21 pack at £3.49 = 16.6p per day.
x 365 = £60.66
or if we are talking 4 finger... https://www.tesco.com/groceries/en-GB/products/292573715 4 pack @£1.00 = 25p per day
x 365 = £91.25
No, I don't get out much.
Since I can't sleep, waffle iron on regarding phishing and scam attacks.
SOME RULES
- There are few reasons to click on any links in emails (maybe password reset emails, but only so long as you know that you requested one from the real website), other than that, do not click on any links in emails
- You cannot rely on the status bar in the bottom left corner of your web browser to determine that the address that the link will take you to is correct for a variety of reasons. (in older browsers it is super easy to make these say whatever you want.)
- It is far safer to visit a site by typing its address yourself or using a bookmark, otherwise you can never be truly sure that the site you're visiting is the one you think it is
- Beware URL shorteners like tinyurl or bitly (99.9% of the time these usages will be fine, but NEVER put any information into the sites that they lead you to, even if the address looks legit)
- Don't use sites that don't use https, and if in doubt, check the certificate (by clicking on the padlock next to the address bar) and make sure it matches the company you expect.
REASONS
While there are a bunch of different ways to trick someone with a seemingly legit website and a seemingly legit web address, the easiest one to demonstrate is called a homograph attack.
This are where letters that appear identical are used in place of the ones you'd expect.
The simplest and most obvious one is uppercase i "I" and lowercase L "l": as in "helIo", where both letters look identical in some fonts. Since all domain names are lowercase in the browser, this isn't such an issue, although it may catch out the unwary who just inadvertently went to helio.com
It gets worse: in different alphabets there are letters that look identical
For instance, good luck differentiating between аcoolwebsiteijustmadeup and acoolwebsiteijustmadeup when you're not specifically looking for anything out of plаce.
In this example above I used the Cyrillic lowercase а instead of Latin lowercase a, which looks subtly different in the default cyclechat font
but there are plenty of homoglyphs that are visually identical.
If you hover over or click on exаmple.com it should get translated to xn--exmple-4nf.com and will display as such in the status bar, so this avenue of attack is mostly closed if you keep your browser up to date. If when hovering or clicking on this, it appears as exаmple.com, you need to update or change your browser right now.
HOWEVER: it is possible to reconstruct some latin words entirely in other alphabets.
Behold the power of аррӏе.com (it's a safe website, used purely to demonstrate the principle.)
Every letter in that address is in the Cyrillic alphabet. As this is not a mixed-alphabet domain name, browsers have no way of knowing that this isn't a legitimate domain name rather than a homograph attack on the real apple.com.
--
Also, use a password manager, don't reuse passwords, passwords should absolutely not be memorable except your email account and the master password for your password manager.
SOME RULES
- There are few reasons to click on any links in emails (maybe password reset emails, but only so long as you know that you requested one from the real website), other than that, do not click on any links in emails
- You cannot rely on the status bar in the bottom left corner of your web browser to determine that the address that the link will take you to is correct for a variety of reasons. (in older browsers it is super easy to make these say whatever you want.)
- It is far safer to visit a site by typing its address yourself or using a bookmark, otherwise you can never be truly sure that the site you're visiting is the one you think it is
- Beware URL shorteners like tinyurl or bitly (99.9% of the time these usages will be fine, but NEVER put any information into the sites that they lead you to, even if the address looks legit)
- Don't use sites that don't use https, and if in doubt, check the certificate (by clicking on the padlock next to the address bar) and make sure it matches the company you expect.
REASONS
While there are a bunch of different ways to trick someone with a seemingly legit website and a seemingly legit web address, the easiest one to demonstrate is called a homograph attack.
This are where letters that appear identical are used in place of the ones you'd expect.
The simplest and most obvious one is uppercase i "I" and lowercase L "l": as in "helIo", where both letters look identical in some fonts. Since all domain names are lowercase in the browser, this isn't such an issue, although it may catch out the unwary who just inadvertently went to helio.com
It gets worse: in different alphabets there are letters that look identical
For instance, good luck differentiating between аcoolwebsiteijustmadeup and acoolwebsiteijustmadeup when you're not specifically looking for anything out of plаce.
In this example above I used the Cyrillic lowercase а instead of Latin lowercase a, which looks subtly different in the default cyclechat font
but there are plenty of homoglyphs that are visually identical.
If you hover over or click on exаmple.com it should get translated to xn--exmple-4nf.com and will display as such in the status bar, so this avenue of attack is mostly closed if you keep your browser up to date. If when hovering or clicking on this, it appears as exаmple.com, you need to update or change your browser right now.
HOWEVER: it is possible to reconstruct some latin words entirely in other alphabets.
Behold the power of аррӏе.com (it's a safe website, used purely to demonstrate the principle.)
Every letter in that address is in the Cyrillic alphabet. As this is not a mixed-alphabet domain name, browsers have no way of knowing that this isn't a legitimate domain name rather than a homograph attack on the real apple.com.
--
Also, use a password manager, don't reuse passwords, passwords should absolutely not be memorable except your email account and the master password for your password manager.
glasgowcyclist
Charming but somewhat feckless
- Location
- Scotland
MontyVeda
a short-tempered ill-controlled small-minded troll
- Location
- Lancaster... the little city.
after opening approximately six investigations on my property... TV licencing still address me 'dear customer' or 'the legal occupier'.
glasgowcyclist
Charming but somewhat feckless
- Location
- Scotland
That’s because they don’t know who you are yet.
The scam email is about a missed renewal where the real TVL would know the name of the recipient and would quote it in correspondence.
MontyVeda
a short-tempered ill-controlled small-minded troll
- Location
- Lancaster... the little city.
woosh!
glasgowcyclist
Charming but somewhat feckless
- Location
- Scotland
Sorry, it didn’t read like a joke.
Alien8
Senior Moment
- Location
- (A little bit north of) Cambridge
I feel hard done by ...
Mine arrived today and I'm only worthy of one exclamation mark - the bar-stewards.
"Oops! Something went wrong with your payment."
Mine arrived today and I'm only worthy of one exclamation mark - the bar-stewards.
"Oops! Something went wrong with your payment."
I like Skol
A Minging Manc...
- Location
- Sunny Ashton-under-Lyne
OK, I think I am onto a winner here..... I appear to have been BCC'd into an email that is inviting me to take part in a very lucrative offer. What do you think I should do?
OP
OP
davidphilips
Phil Pip
- Location
- Onabike
Lol Christmas is still more than 6 months away, would not celebrate just yet.
