Yes, or anything you put after the // , I tested at the time with random sites like tesco.com .
Clever
I got this text yesterday.
For the most part they are clearly spam when you look at the link/who it came from but I can see how people click on them.
I’d remove the email address as it could be considered doxxing
It could be some poor sod who had their account hacked and used to send these emails
2 Likes
My mum received the following text a few weeks ago…
She does bank with HSBC, but doesn’t use online banking. Obviously the ‘HSBC UK’ sender name can be easily spoofed, but what puzzled me was that the url looked completely real. I typed it in myself and was taken to an official HSBC help article. My mum called up the bank and they said they had no records of sending any text that day and that it was a scam. The advisor claimed that the link would redirect you away from the official HSBC site and to a phishing webpage once tapped on.
Does anyone know if that’s actually possible? And if so, how? I understand that a link could be hidden/disguised in an email, but surely in a text message what you see is what you get, if you know what I mean?
The “growth & engagement” crowd uses all kinds of bullshit third-party solutions for their spam marketing which use a different domain from their main one and trains users to click on them. Curve has curve.app.link for example (and plenty of companies - including ones I’ve been involved with - have done crap like this) so that “royalmailgb.app” appears fairly legit.
1 Like
It’s possible/probably someone was trying to get into her account and was failing, and HSBC sent that text, and for some reason the advisor can’t see it.
Also the URLs can have look alike characters,
Here’s a good article,
2 Likes
Very interesting article, thank you (that’s scary!).
I was actually more worried that it was real, as you say, as opposed to just a phishing attempt…
They’re really making it difficult for us to spot scam links! Companies should get one domain and stick to it. How the hell are technologically vulnerable customers supposed to figure out that something like ryml.me is genuine but royalmailgb.app is fake (I’d have guessed, if I had to choose, that the second one was legit!).
Edit: Haha I just found this Tweet from Royal Mail warning about a scam that was doing the rounds, with a call to action to view more details at their super sketchy looking short URL
4 Likes
Hadn’t previously thought of that one.
Companies don’t make it easy for customers to identify.
Unless I knew that Monzo for example uses @monzoemail.com (I think) I’d think that that one was also fake but then it isn’t.
I’ve had the Royal Mail scam text myself. Knew straight away it was a scam and ignored it. I also had a scam text about me apparently being in contact with someone who had COVID and to order a PCR test or something. Again I knew this was a scam as I’m sure if I was in contact with someone with COVID, they would tell me. Plus the scam text was sent to me literally a good couple of weeks after having COVID myself.
Was this a text or via the NHS Covid app? You won’t always know someone you have been around who has tested positive, so just check it isn’t a legitimate ping.
It was a text. I had heard that other people were getting the same text and if you clicked the link it was asking for your card details to pay for a PCR test or something….
edit
The text definitely wasn’t an official NHS looking text either.
1 Like
Ah yes that doesn’t sound too legit; particularly payment for a PCR test!
1 Like
Definitely