Message about a refund from TalkTalk

Reply
20 REPLIES 20
annRyan
Team Player

We assume this is a scam then?

 

 
Get your refund
                                                           
We're contacting you to tell you that the cost of your service will be changing from 15th May 2019. Even though some of your costs are going down, your package will not alter.
                                          
Your account balance is currently in credit. Follow the button to process your refund request.
Gondola
Community Star

Hi Ann

 

Yes, a scam. Reported on TalkTalk Service Status in the Security Updates section.

 

We're aware that a number of customers have received an email appearing to be from TalkTalk, with details about claiming a refund. This is a phishing email and it's not genuine. Please do not follow any of the links in the email. 

 

We take your security very seriously, so if you've received an email pretending to be from TalkTalk or another business, please report it to us. You can find more information in our guide about recent phishing emails where there's an example of the scam email.

 Gondola - Community contributor

To appreciate my help . . . If I offered a solution Best Answer

Tags (1)
Marvel
Conversation Starter

Yes I have one of those today too. An email address only use for talkalk stuff. Wonder where they got it from 🤔

Gondola
Community Star

Hi @Marvel 

 

Do please report it to us. The more evidence the better to track down the real source.

 

Scammers will obtain email addresses from public sources, data breaches and will use varied 'phishing' scams just to obtain email addresses for subsequent scams. They'll also use bots to guess and try addresses to find valid ones to scam.

 

Do you think the email address could have been guessed?  You've definitely not used the email address for any 'survey / competition / prize draw', or similar, often used by scammers to tease out email addresses?  And you've scanned your devices with anti-virus / anti-malware software to ensure they've not been compromised and not accessed by third parties?

 

If you believe your email address is only known to TalkTalk then your evidence about this new scam is very much needed.

 Gondola - Community contributor

To appreciate my help . . . If I offered a solution Best Answer

Marvel
Conversation Starter

You've definitely not used the email address for any 'survey / competition / prize draw'

No - I am not that stupid

 

Do you think the email address could have been guessed?

Possible - BUT it does not end in @talkatlk so its not even like a clue to the scammers that I am with talktalk. But you could say that is the whole modus operandi of phishing.

 

Do please report it to us. The more evidence the better to track down the real source.

I did look at this but the procedure is to first open the email - which I always thought was rule one about suspicious emails - do not open them.

 

And you've scanned your devices with anti-virus / anti-malware software to ensure they've not been compromised and not accessed by third parties?

I am definitely clean

 

If you believe your email address is only known to TalkTalk then your evidence about this new scam is very much needed.

On double checking I also use that address for 2 other major - well known brands.

I have many email address for different things so that I can mitigate scams - which means that when I receive a phishing scam email I am able to narrow down where the address may of been obtained.

 

Marvel
Conversation Starter

Another thing is this

 

Yes, a scam. Reported on TalkTalk Service Status in the Security Updates section.

 

That is all well and good but I don't routinely go there. My home page is talktalk news and tv guide, like many people I imagine  -- why not have a banner/ tickertape of some description there that gives warnings about latest talktalk targeted scams. 

Marvel
Conversation Starter

Here it is. I have removed my email address as I am ALWAYS very careful how and where it is used. 

To me it was obviously a scam. Warning signs -------------

Offering me money

No Name

No account number

Says service WILL be changing on the 15th - when it is already the 21st.

Text did not even make sense (although in my talk talk experience vague wording that catches people out is not uncommon )   

The only part the scammers got right is that it was addressed to the email address that I use for talktalk.

Most of the time I instantly know a scam because it is sent to an address that I do not use for the service that they are trying to mimic. And it is only a split second of my life that gets wasted on spotting the scam and deleting the email.

tlpture.JPG

Gondola
Community Star

Hi Marvel 

 

As you now say the email address is not unique to TalkTalk stuff it's not so easy to pinpoint how your email address has become known to scammers and linked to TalkTalk.

 

The email is almost identical to others. In the article Report a phishing or spam email there's details of how to look at the hidden email headers.

 

Interested to see what the Return-path: and From: addresses actually are.

 Gondola - Community contributor

To appreciate my help . . . If I offered a solution Best Answer

JohnOH
Team Player

I too have received this phishing email this morning and I've reported it, following the instructions on how to do this. I then got an automated response telling me to send the header information, but that's what I did when I reported it. I'm presuming I don't have to do it again. 

Gondola
Community Star

Hi @JohnOH 

 

My understanding is that you don't need to report again.

 Gondola - Community contributor

To appreciate my help . . . If I offered a solution Best Answer

JohnOH
Team Player

I wasn't going to do it again.  Also this is already a known scam and I'm not the only one to report it. 

 

To me it was an obvious scam.  There was no salutation on the email using my name and also the idea that TalkTalk would reduce their prices is quite unbelievable. 🙂

Even if they did, they would adjust the bill automatically. 

Gondola
Community Star

Hi JohnOH 

 

A perfect analysis.

 

TalkTalk would simply amend the next month billing for any account in credit. No credit refund is ever actioned via an email link.

 Gondola - Community contributor

To appreciate my help . . . If I offered a solution Best Answer

Poops1
Wizz Kid

I too received the email this morning. I knew it was a scam straight away because not only am I no longer a TalkTalk customer but I didn't use that email address for emails from TalkTalk anyway.

I have reported the email as requested but also, when hovering over the "Refund" button, the address it links to is globeautcenter.com/.rti/?em=*****&key=854  (the asterisks are my email address), I don't know if this is of any use.

Pauline
JohnOH
Team Player

The link in mine also had my email address in it but it was for "filmsfarmschool"  

 

I think I can guess what kind of sites these links would take you to. 🙂

Gondola
Community Star

Hi JohnOH 

 

Looks like the scammers have hijacked websites to gather email addresses and bank details. A common factor today seems to be that at least two website owners are in Thailand.  This doesn't mean that the scammers are in Thailand as they could be operating from any country.

 Gondola - Community contributor

To appreciate my help . . . If I offered a solution Best Answer

Poops1
Wizz Kid

@Gondola wrote:

Interested to see what the Return-path: and From: addresses actually are.

 

Don't know if the return path and from addresses are the same on everyone's emails but on mine they are ...

Return-Path: <refund98778@talktalk.net>

From: =?UTF-8?B?VGFsa1RhbGs=?=<refund98778@talktalk.net>


 

Pauline
Gondola
Community Star

Hi Pauline

 

I hope you're well.

 

Thanks for the confirmation of the email addresses. That'll display as TalkTalk and sent, in your example, from the address refund98778@talktalk.net.  The scammers have sent these messages out apparently using unique talktalk.net addresses.  None of which exist now so created just for the sending of the scam email and deleted.

 

Anyone clicking on the link in the scam email will have their embedded email address confirmed to the scammers. I hope nobody has done that, even if just to test.

 Gondola - Community contributor

To appreciate my help . . . If I offered a solution Best Answer

Marvel
Conversation Starter

@Gondola wrote:

Hi Pauline

Anyone clicking on the link in the scam email will have their embedded email address confirmed to the scammers. I hope nobody has done that, even if just to test.


Yes and that is the exact reason my email client is set not to download images but in order to report it I have to open it - so to report it I have to open myself up to further danger.

Gondola
Community Star

Hi @Marvel 

 

Some images will have unique download links so that scammers can confirm an email account is active. However, your image downloads are blocked so selecting the email is not an issue.  You've already selected and opened the email to capture the screenshot.

 

But if you personally feel more secure by doing nothing more then do nothing more as nothing I say will persuade you that it's in your interest to view and copy the email headers so TalkTalk Security have the best chance of stopping the scam.

 

I've not received the scam email but if I had then I'd report as quickly as possible.

 Gondola - Community contributor

To appreciate my help . . . If I offered a solution Best Answer

RoyAP88
First Timer

Hi,

I too have had this scam mail but inadvertently pressed the enter button. This took me into my Account having my password and Account Number inserted. I immediately stopped any further progress and changed the password. However I cannot find a way to change my account number and so am concerned. Any ideas?