back to article What kind of mugs do you take us for? Malicious sites in spam scams target UK

Spam destined for recipients in the UK is almost three times more likely to contain a malicious URL than unsolicited email sent to the United States. Unsolicited email in Germany and France is significantly less likely than mail sent to the US to contain malicious URLs. This means that, on average, an unsolicited email sitting …

  1. edge_e
    Boffin

    Rip off Britain

    I'll let someone else try and prove that the reason we get ripped off for everything here is because we're a bunch of chumps who are easy to rip off.

  2. msknight Silver badge

    Cash...

    Overall, the Germans are more likely to deal with cash than cards when compared to us Brits. I'll be over there in October and I've had to change a chunk of money to Euros rather than rely on my plastic. That could be one reason why Germany escapes heavy targeting.

    That's what I found when living there for a couple of years and also is the advice given by the people I'll be staying with.

    That, and, of course, we get ripped off for cross-border transaction charges of about 3% by Visa on top of the conversion charge; for the ENTIRE transaction, no upper limit. I've had a heck of a barny with HSBC about this; Mastercard will provide a pre-load card in various target currencies and you just pay the currency conversion at the time you load it ... so I'll likely be changing banks soon.

    1. Isendel Steel

      Re: Cash...

      Took a prepaid card to Malta - but it didn't work in some ATMs - probably because it was a Mastercard (worked in BOV and HSBC), it would also depend - as you say - on the retailers accepting cards, and accepting Mastercard as well as VISA

    2. big_D Silver badge

      Re: Cash...

      Yep, most shops still don't accept credit cards over here. They take debit cards or cash.

      Hotels, restaurants and fuel stations are the most likely to accept credit cards. But you can forget about paying with a credit card in supermarkets, and most electronics stores etc.

  3. Ted Treen
    Unhappy

    Really?

    "... the UK is bearing the brunt of attacks because its defences are weaker..."

    Couldn't possibly be because it's DFUs are genuinely dumber (or more prevalent), could it?

  4. Cheesenough

    Language Timothy

    More likely is that the phishers' grasp of English is better than their French or German. I wonder if the Australians and Kiwis get the same amount of attention?

  5. Billa Bong

    We may or may not be dumber - not enough data to support the theory

    There are other aspects to this

    - how good we are at keeping on top of updates, anti-virus, etc.

    - how good UK companies are at securing their sites with two-factor (or better) security compared with DE/FR/US,

    - or how good they are at catching and preventing fraudulent activity.

    We may be targets because it's easier to break into the PC's or sites we visit, not necessarily have an increase in click-yield from these emails.

  6. Amorous Cowherder

    Have you seen any of these? "You have a a UPS/Fedex parcel for pickup! Click here!", "You are summoned to appear in court in Bumblefuck, USA. Click here for the PDF.". "You have air tickets from American Airlines, click here."

    Honestly, they're hardly believable are they?!

    #1 Have you ordered anything? Check with supplier's website directly.

    #2 Have you ever set foot in the USA, let alone made it to Bumblefuck?

    #3 Have you ordered tickets for anything remotely transport like?

    1. Yugguy

      I've just had one from Bomb Cosmetics which tbh I actually think is legit. Asking me to click on a link to verify I still want to be on their email list as they have moved it.

      But even if it is legit I am never, ever going to click on a link in an unsolicited email.

      I'll go on the website I know and add myself in again if I need to.

    2. big_D Silver badge

      We get those to our German (.de) mail addresses as well!

      Being the only native English speaker in the company, I usually have to tell the staff, that they can safely ignore it.

      I haven't seen an attempt like that in German yet.

      The new one here, since the company decided to put me on the German web page as a contact for some products, is that I get "personal finance advisers", who specialise in Expats calling up and asking if I want to invest money with them!

  7. Doctor Syntax Silver badge

    It doesn't help that UK financial institutions have a habit of sending email indistinguishable from phishing attempts. "Fill in this survey." "Download our mobile phone app." And all sent by contractors using the contractors' own domains for both the email and the response URLs. These idiots seem either oblivious of the fact that they're training their customers to fall for phishing emails or they just don't care.

    1. Anonymous Coward
      Anonymous Coward

      The funny thing is that back at the beginning of online banking, banks (or mine at least) make a big deal of not using email for communication at all due to the supposed threat, and in my case only started sending anything at all beyond 'your statement is ready' once the use of their name had hit truly epidemic proportions. As a result I've had one or two scam mails that have skated very close to looking legit, purely because of the unwanted semi-marketing drivel the bank now send out. Of course my bloody statements online - it does that every month at the same time!

      The use of contractors domains - not just for the banks - should be stopped, but I really doubt we even have a regulator to timidly suggest it any more. For those of us not prone to clicking on anything (perhaps a minority in the UK), they're shooting themselves in the foot in any case since the contractors choices of names often have a slighty sleazy feel to them - no clicky thanks very much.

      1. Anonymous Coward
        Anonymous Coward

        "I really doubt we even have a regulator to timidly suggest it any more"

        Actually they are too timid to enforce good practice, but every bit as important is that we don't have a proper single point regulatory and enforcement structure for both e-crime and good practice. Police can't be bothered with ecrime in the vast majority of cases. Banks deliberately don't report phishing and e-crime, and as you say engage in poor practice (and that's both a corporate and an FCA problem). The ICO buck pass on anything that isn't about everyday data administration. OFCOM are clueless. MPS deal only with UK originated marketing telephone calls because idiot civil servants drew up such tightly restrictive rules. There's not even a single government department with a clear mandate for these matters. Politicians are too busy deciding important stuff like their next pay rise, or how many watts your hoover is allowed to use, added to which the fraudsters of Westminster wouldn't know how to turn a computer on.

        More concerted effort goes into parking enforcement in the UK than goes into addressing ecrime.

        1. Anonymous Coward
          Anonymous Coward

          @Ledswinger

          "...wouldn't know how to turn a computer on"

          Apart from the regulatory issues you list, this one for me is the root of almost all of the problems. A funny thing happens with 'computers'/technology that applies to virtually nothing else in our society in that a very large number of people, particularly those in power, assume that their understanding of the issues is not so very far behind pretty much everyone else's, because they use a computer, think they're pretty good at it, and - surely - a computers a computer isn't it? At the 'top end', ministers, civil servants etc, the imperative is to appear to be in command of the facts even if your grasp is marginal, and in this case, they simply do not appreciate how marginal it actually is and lack the knowledge to fully understand what advisers are telling them, unlike with say parking enforcement or the need for a third runway or any number of other issues that most people can intuitively grasp the basics of. In this respect computer/information related technology is somewhat unique, although I can imagine there was a similar disjoint with cars, electricity and industrial production in the past. My own knowledge is extremely limited in most areas, but crucially I know enough to understand my own limitations.

          A great many MPs and ministers are former lawyers, and senior civil servants are at the core administrators whose functions are still rather rooted in the past, as is the mindset of the banks, the police and a great many other bodies. Until parliament (this applies to all elected bodies really) is better populated by those with a genuine grasp of technology and its implications (and crucially the limitations of their own knowledge with respect to it), there will remain a huge deficit with what is needed.

          1. Nuke
            Meh

            @AC - @Ledswinger

            Upvote from me, but you wrote :-

            "I can imagine there was a similar disjoint with cars, electricity and industrial production in the past

            That is not the past, it is the present.

            Until parliament ... is better populated by those with a genuine grasp of technology

            The only PM I am aware of with a technical background was Mrs T who had a chemistry degree. I remember "New Scientist" magazine celebrating that fact when she came to power.

            However it backfired. Having changed careers, science to politics, she seemed to look back with hate at the time she was the lab junior (having to fetch, carry, and make the tea like we all did once?) and had it in for technology. In the event she presided over the destruction of Britain as a leading technical nation, steering it to "Service" industries.

  8. Keven E.

    Some of the worst are ACH users.

  9. Nuke
    WTF?

    Thatcherite Culture ?

    Perhaps the Germans and French do not share British companies' love affair with sub-contracting and constant changes of ownership that Mrs T's government kicked off. For example, I had BP supplying me with LPG (I live in the sticks). Then one day I got an email from an outfit called MacGas saying "We have taken over BP's business. Your quarterly tank rental is due. Pay us £n now." (A year later the ownership changed again).

    Without reading the Financial Times every day, how TF are we to know if this is genuine? Phone a help line and be told by someone with an Indian accent "Yes, pay us!" ? Very re-assuring, not. I would have thought that if a company changes hands, then all its contract customers should be sent some form of communication from Companies House (at the new owner's expense) as confirmation.

    As someone above said, the public are trained to accept scams.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019