back to article Crooks use WannaCrypt hysteria as hook for BT-branded phishing emails

Scoundrels have latched on to the WannaCrypt outbreak as a theme for scam emails. Coincidentally some consumers are receiving seemingly genuine warnings from their ISPs related to suspected infection during last week's worldwide ransomware outbreak. Action Fraud warned about a dodgy email trying to trick BT customers on …

  1. frank ly


    "Almost all are VPN users, ..."

    If they were using the VPN at the time, how would VM know which website they'd looked at? Is the VPN thing irrelevant?

    1. XVar

      Re: VPN?

      I'm the Ben W mentioned in the article - the quote "Almost all are VPN users, according to Ben W" isn't quite right - that's not according to me, it was merely an observation that almost everyone posting in the thread on the VM forums claimed to be using a VPN. The thinking being that if it's not visiting the sinkhole domain via a non-VPN connection that triggered the warning e-mails from VM, they're potentially generating false positives for people using VPNs for some reason.

  2. Terry 6 Silver badge

    Oh FFS

    It does seem as if big companies, (not just ISPS) seem unable to get the message that sending out legit messages that resemble known phishing emails are just going to make users more vulnerable to the "genuine" scams.

    This includes banks with "click here for our new credit card/cheaper loan" emails, Halifax with it's Thunderbirds themed " win an unexpected lottery prize you didn't buy a ticket for " advert and various retailers emailing "suspicious attempt to log into your account, change your password here [clicky]" type emails.

  3. Spacedinvader

    Yeah, because clicking on a shortened link is a great idea. Christ, why not just link to a pdf and call it ransomware.pdf? Oh, wait...

    1. Anonymous Coward
      Anonymous Coward

      Shortened URL's

      Are a recepie for trouble.

      A couple of years ago, I was with one person who clicked on one in a Cafe and suddenly a Pron side appeared.

      What if that was a Child Pron site? That person could be off to jail for a long time.

      I never ever click on a short link. Anyone who sends me one gets told to send me the proper link. If they don't then it could not have been very important in the first place.

      You'd be amazed at how many Cat videos don't get played because of this

      1. handleoclast
        Thumb Up

        Re: Shortened URL's

        You'd be amazed at how many Cat videos don't get played because of this

        You can never have too many cat videos.

        ob cat video

        Be prepared to reload the page several times to avoid the non-skippable ads youtube have started using. A 4-minute ad for a 40s video is taking the piss. Which is why I now reload repeatedly to skip the ads even if it ultimately costs me more in b/w. I want the advertisers to see this isn't working.

        Damn, we need a cat icon for this sort of post. Because cats.

        1. VinceH

          Re: Shortened URL's

          I wouldn't normally click on a link to a cat video (because not a cat person) but your rant about adverts made me do so out of curiosity.

          I got straight to the video itself, with not an advert to be seen. Luck? Or good settings in NoScript et al?

          1. handleoclast

            Re: Shortened URL's

            It's been a bizarre past couple of days with youtube.

            Unskippable ads at the start of the videos. Long ones. The one that really annoyed me was 4 minutes 25 seconds of Heineken advert before a 43-second video. Never less than 30s, and those very rarely. Usually 1 minute or 1.5 minutes. Occasionally over 4 minutes.

            It's not all videos, but it's a lot of them.

            It seems to be far more likely on videos in my "watch later" list than those not on that list.

            Doesn't seem to correlate strongly with a video's popularity or the number of subscribers to a channel.

            Repeatedly reloading the page may eventually get a different advert or even no advert.

            I do know it's not that long ago that Google announced they were dropping unskippable ads. Now that's the only kind I get.

            Maybe it's because I'm watching on a desktop and those on mobile get spared this.

            Maybe it's because I have Adblock Plus so this is youtube's way of making me see adverts anyway. If so, it's disproportionate.

            1. Anonymous Coward
              Anonymous Coward

              Re: Shortened URL's

              Maybe it's because I have Adblock Plus so this is youtube's way of making me see adverts anyway. If so, it's disproportionate.

              Not to Google. Adblocking damages their business model, and if they can pressurise a proportion of people to abandon adblocking, that's worth what, $15 a year per head? A quick search and first (google) hit on adblocking numbers claimed over 600m devices using it last year. Assuming 2 devices per user, so 300m unique users, only 3% pressured to drop adblocking, and that's $135m pure profit dropping onto Google's bottom line. And more importantly, if Google can inflate the downsides to users of adblocking with those 4 minute videos, they hope it discourages others taking up adblocking, thus protecting far more than the $135m.

              Google and the advertisers should consider that the root cause of all of this is their lax attitude to user privacy, worsened by the egregious long, boring, multi-media crap spewed by advertisers, and change their ways. But why do that, when they really don't care about users? It isn't like we pay Google directly, and I suspect at a big data level, there's probably no real evidence that users "blacklist" brands like Heineken that vomit 4 minute adverts at the public. I would, you would. But we're offset by the schmucks who sit staring at car and beer high-gloss adverts, and then foolishly buy the shit.

              1. Terry 6 Silver badge

                Re: Shortened URL's

                Ledswinger Your post highlights the real mystery ( to me anyway). The tidal wave of annoying adverts, unsolicited emails and general spam ( including 'phone calls) must actually get customers to buy stuff - or the advertisers wouldn't bother with any of that. Who are the idiots who feed this market? Where are the people who think it's sensible to respond to an annoying flashing banner, or buy from a random double glazing email, or who trust a PPI salesman who phones them out of the blue? Why are these people not being looked after?

                1. handleoclast

                  Re: Shortened URL's

                  These people are being looked after. By advertisers.

                  Many years ago some advertiser admitted that their ads were annoying. Deliberately so. Because the target demographic was stupid people. They'd get annoyed by the ad, but the next day in the supermarket they'd remember the name but be too bloody stupid to remember why they remembered the name, so they'd buy it.

                  As some comedian (Carlin?) said: just think how stupid the average person is. Now realize that half the population is stupider than that.

  4. Herby

    Maybe we should bring back plain text email.

    It wouldn't hurt. No HTML stuff just plain text and nothing else. This of course goes double for anyone emitting "security" warnings and the like. Then the link ought to be obvious and in the proper domain, and a short one if possible.

    ASCII does have its virtues.

    1. Terry 6 Silver badge

      Re: Maybe we should bring back plain text email.

      Part of that issue is that for "normal" users links don't exist. Just rectangles to click on. And a click here link could take users to for all the users know.

      1. Commswonk

        Re: Maybe we should bring back plain text email.

        And a click here link could take users to for all the users know.

        Yes but... I cannot be the only person who puts the cursor over any "Click Here" box for the url behind it to be revealed. Likewise I cannot be the only person who notices that the "To" box at the top is either empty or says "Recipients" and that the "From" box is more often than not from a self - evidently non - BT address.

        I might be the only person who dutifully forwards these spoofs / phishing attempts to BT's "Abuse" address, including a copy of the incoming header information. FWIW the majority of potentially troublesome emails here purport to come from BT and only on one occasion did it require detailed scrutiny to suggest that it wasn't what it seemed.

        Mind you being paranoic helps a bit...

        1. Terry 6 Silver badge

          Re: Maybe we should bring back plain text email.

          You're not the only user who reveals the URL, but then you're not a typical user (hint ordinary user != techie user). Ordinary users don't know that there is a URL, certainly don't know there is an IP address and probably think that the click here links work by magic, or at least wizardry

        2. Halcin

          Re: the "From" box is more often than not from a self - evidently non - BT address

          There are far too many companies who use some no-name 3rd party to send out their spam. The very same twats that claim they take customer security seriously.

          1. Terry 6 Silver badge

            Worth remembering

            They only say "We take customer security seriously" after they've been hacked.

  5. anthonyhegedus Silver badge

    That fake BT email doesn't look in the slightest bit convincing to me. It is very poorly worded and seems obviously a scam. One day, these crooks will hire someone with good command of the English language.

    I have read that a lot of the scams deliberately use really poor English as a way of filtering out people who aren't going to fall for the next stage of the phishing attempt.

    1. handleoclast


      They do use poor English as a filter but perhaps not quite in the way you're thinking.

      At least on the 419 scams it's so that the mark feels intellectually superior to the con artist and therefore feels capable of spotting and evading any scam. It appeals especially to racists, because the mail came from a (seemingly) semi-literate dark-skinned person and they believe that dark-skinned people are barely capable of tying their own shoelaces. They can see that this dark-skinned person is obviously trying to do something illegal but, because they feel smarter than him, they can turn the deal to their own advantage and maybe rip him off.

      It's not so much to filter intelligent people out but to suck stupid people in.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like