I just received an email from my bank listing a number of changes to
their T&Cs.
In the heading of the email it states:
"By clicking on links in this email, you agree to <name of bank> using cookies to track your interaction, to improve the performance of our communications, understand your interests, and to personalise our future emails to you. If you don’t want us to track, just copy and paste the
url links into your browser without clicking on them.
I copies & pasted one of those links into a text document in order to
read it - and it was stuffed to the gunwales with identity & tracking (un)goodness.
My question is, how could it make any difference whether I click on the
link or copy and paste exactly the same data into my browser?
I just received an email from my bank listing a number of changes to
their T&Cs.
In the heading of the email it states:
"By clicking on links in this email, you agree to <name of bank> using cookies to track your interaction, to improve the performance of our communications, understand your interests, and to personalise our future emails to you. If you don’t want us to track, just copy and paste the
url links into your browser without clicking on them.
I copies & pasted one of those links into a text document in order to
read it - and it was stuffed to the gunwales with identity & tracking (un)goodness.
My question is, how could it make any difference whether I click on the
link or copy and paste exactly the same data into my browser?
I just received an email from my bank listing a number of changes to
their T&Cs.
In the heading of the email it states:
"By clicking on links in this email, you agree to <name of bank> using >cookies to track your interaction, to improve the performance of our >communications, understand your interests, and to personalise our future >emails to you. If you don’t want us to track, just copy and paste the
url links into your browser without clicking on them.
I copies & pasted one of those links into a text document in order to
read it - and it was stuffed to the gunwales with identity & tracking >(un)goodness.
My question is, how could it make any difference whether I click on the
link or copy and paste exactly the same data into my browser?
On Fri, 24 Jan 2025 18:10:30 +0000, Sam Plusnet <not@home.com> wrote:
I just received an email from my bank listing a number of changes to
their T&Cs.
In the heading of the email it states:
"By clicking on links in this email, you agree to <name of bank> using
cookies to track your interaction, to improve the performance of our
communications, understand your interests, and to personalise our future
emails to you. If you don’t want us to track, just copy and paste the
url links into your browser without clicking on them.
I copies & pasted one of those links into a text document in order to
read it - and it was stuffed to the gunwales with identity & tracking
(un)goodness.
My question is, how could it make any difference whether I click on the
link or copy and paste exactly the same data into my browser?
Is it an HTML email? If so, then what you've probably got is this:
<a href="https://trackinglink.bank.example.com">realurl.bank.example.com</a>
So if you click, you go via the tracker, but if you copy and paste, you skip the tracker and go straight to the destination.
This quietly ignores the fact that no-one should ever trust an email,
text or phone call purporting to be from their bank that asks them to
click on a link. The banks are very much at fault for doing this.
Most of the stuff I see of this form is actually a phishing attack but
the rest are from bank sales teams trying to enhance their bonuses.
Neither of these groups have my best interest at heart!
You should only ever trust a connection to a URL if you have initiated
it - there are far too many ways to hide things in HTML emails.
A few years ago my 'phone rang. "This is Lloyds Bank here, I'd like to
ask you some security questions". I laughed down the phone at him, and
said "How stupid do you think I am?".
There was a pause.
Then a puzzled voice said "Why, what do you mean"
Me: "Well, you called me, so you have some idea who I am. I have no idea
at all who you are"
Bank: (after another pause) "You're right you know, but no-one else has
ever said that"
It really was Lloyds (I got him to write to me, on the address they had
on file). And yes, it was marketing. But I wonder how many other people >answered his security questions!
On Tue, 4 Feb 2025 21:24:30 +0000, Vir Campestris <vir.campestris@invalid.invalid> wrote:
A few years ago my 'phone rang. "This is Lloyds Bank here, I'd like to
ask you some security questions". I laughed down the phone at him, and
said "How stupid do you think I am?".
There was a pause.
Then a puzzled voice said "Why, what do you mean"
Me: "Well, you called me, so you have some idea who I am. I have no idea
at all who you are"
Bank: (after another pause) "You're right you know, but no-one else has >>ever said that"
It really was Lloyds (I got him to write to me, on the address they had
on file). And yes, it was marketing. But I wonder how many other people >>answered his security questions!
One easy way to test that, if you do suspect that you're being called by
a scammer, is to give a deliberately wrong answer. A genuine caller will
know it's wrong, and will tell you it's wrong and give you the
opportunity to correct it. A scammer will just thank you for giving the answer, which they then note down in the hope of being able to use that
data to defraud you.
On Tue, 4 Feb 2025 21:24:30 +0000, Vir Campestris <vir.campestris@invalid.invalid> wrote:
A few years ago my 'phone rang. "This is Lloyds Bank here, I'd like to
ask you some security questions". I laughed down the phone at him, and
said "How stupid do you think I am?".
There was a pause.
Then a puzzled voice said "Why, what do you mean"
Me: "Well, you called me, so you have some idea who I am. I have no idea
at all who you are"
Bank: (after another pause) "You're right you know, but no-one else has
ever said that"
It really was Lloyds (I got him to write to me, on the address they had
on file). And yes, it was marketing. But I wonder how many other people
answered his security questions!
One easy way to test that, if you do suspect that you're being called by a scammer, is to give a deliberately wrong answer. A genuine caller will know it's wrong, and will tell you it's wrong and give you the opportunity to correct it. A scammer will just thank you for giving the answer, which they then note down in the hope of being able to use that data to defraud you.
On 26/01/2025 10:26, Martin Brown wrote:
This quietly ignores the fact that no-one should ever trust an email,
text or phone call purporting to be from their bank that asks them to
click on a link. The banks are very much at fault for doing this.
Most of the stuff I see of this form is actually a phishing attack but
the rest are from bank sales teams trying to enhance their bonuses.
Neither of these groups have my best interest at heart!
You should only ever trust a connection to a URL if you have initiated
it - there are far too many ways to hide things in HTML emails.
A few years ago my 'phone rang. "This is Lloyds Bank here, I'd like to
ask you some security questions". I laughed down the phone at him, and
said "How stupid do you think I am?".
On 04/02/2025 21:24, Vir Campestris wrote:
On 26/01/2025 10:26, Martin Brown wrote:
This quietly ignores the fact that no-one should ever trust an email,
text or phone call purporting to be from their bank that asks them to
click on a link. The banks are very much at fault for doing this.
Most of the stuff I see of this form is actually a phishing attack but
the rest are from bank sales teams trying to enhance their bonuses.
Neither of these groups have my best interest at heart!
You should only ever trust a connection to a URL if you have initiated
it - there are far too many ways to hide things in HTML emails.
A few years ago my 'phone rang. "This is Lloyds Bank here, I'd like to
ask you some security questions". I laughed down the phone at him, and
said "How stupid do you think I am?".
Some years ago, I had a rather similar conversation with a chap claiming
to be from Barclaycard. When he asked me his security questions, there
was a moment's silence before I said I was just considering what I
should be asking him, to confirm his identity. He was completely
unphased by this and suggested that, if I was worried, I should phone Barclaycard Security, using the number on the back of my card. I can't remember if he also recommended using a different phone from the one he
had called me on.
When I did this, it was confirmed that he was genuine and they just had
a query about a transaction which had rung alarm bells although that, as
with the caller, was actually legit.
| Sysop: | Keyop |
|---|---|
| Location: | Huddersfield, West Yorkshire, UK |
| Users: | 498 |
| Nodes: | 16 (2 / 14) |
| Uptime: | 17:29:38 |
| Calls: | 9,826 |
| Calls today: | 5 |
| Files: | 13,761 |
| Messages: | 6,191,267 |