/ Money

Beware this Argos number spoofing scam

A refund of £247 from an ‘overpayment’ to Argos sound too good to be true? That’s because this is a number spoofing scam. Have you received one?

The slow cooker I ordered from Argos back in September certainly didn’t cost £247, so when I got a text from them promising a refund of that much, I instantly questioned it.

But that’s not to say I wasn’t briefly excited about the unexpected windfall. At this time of year especially, that much money would go a long way.

The SMS not only looked legitimate, but also dropped itself into the chain of official texts I’d already received from Argos telling me my slow cooker was ready for collection.

Argos number spoofing scam

Number spoofing is one of the scams featured in our 12 scams of Christmas, where we tell people what they should watch out for at this time of year.

In this type of scam, fraudsters hijack a chain of texts from a legitimate organisation, such as your bank, a shop or government department to trick you into following a link.

Don’t follow the link

In the case of my message from Argos, I didn’t follow the link as I didn’t want to risk it. But often it will either take you to a site where you’ll be prompted to put in your personal and/or banking details, or the site could contain malware which will infect your phone.

These scams can cost victims thousands of pounds.

We told Argos about the scam message and a spokesperson said:

Customers should always be mindful of phishing scams. This message is not from Argos and we are advising customers to delete it

The UK’s largest mobile providers recently pledged to stop fraudsters from being able to spoof banks by fixing a flaw in the system. This should go long way to stop this type of fraud, but why hasn’t this been done sooner? And how long it will take to roll out to other industries?

Read more: how to spot a messaging scam

How to report a scam message

You can report scam and spam texts directly to your mobile phone provider by forwarding it to 7726, which is free of charge.

Never respond to scam texts, because this will just confirm that your number is live. Simply delete the text after you’ve reported it.

If you’re unable to forward the message or you can’t see the number it came from, you should report it to Action Fraud’s phishing tool.

Have you ever received any scam messages which were number spoofed? If so, who did they purport to be from and what did you do?

Comments

This comment was removed at the request of the user

This comment was removed at the request of the user

I note the cunning spoof web address here:

argos.co.uk.customers-gateway-account.com/login

1) it starts with http not https

2) it contains argos.co.uk – Argos’ UK address as a sub-string, but followed a dot instead of a slash

3) it’s a generic address – it doesn’t contain any customer or order related hash, which you might expect in specific correspondence

4) at least as of just now, this spoof url is red-flagged as dodgy here in Chromebook land.

This comment was removed at the request of the user

So many scams these days!
My latest one was a man of Asian persuasion telling me
I have a tax rebate & they need my account details to
transfer the money to my account!
Yeah course I will 😂😂😂
So I say hold on I will get you my details, so I have the
phone on speaker and I hear him getting irate as I sit
back with a cup of coffee laughing my head off!
Good fun if your bored. 😉

merlin says:
23 December 2018

whatever device, if your knowledge begins and ends with the on off switch

This comment was removed at the request of the user

In a related scam, I just received a text telling me that my PayPal account had been frozen and directing me to login to a weblink a bit like “paypal.co.uk.xxxx.yy” to verify my bank details.

This turned out to be exactly the kind of phishing scam that PayPal warn their customers about.

I no longer use PayPal, so I was easily able to assume that the message would be a scam.

Investigating further showed that:

1) the link goes to a fake PayPal login page. If I had logged in with a real PayPal id and password, then the scammers would have got those details.

But, because it was a fake login in page, it let me login with fake details.

The next page then required all my personal data and bank details – for the revalidation my PayPal account. Again this would take data, after which it logged me out and asked me to log in again. Presumably at this point, it might even have pointed me at the real PayPal login page.

[This comment has been edited to remove personal information. Community guidelines: https://conversation.which.co.uk/commenting-guidelines ]