spam email warning

How to spot an email scam at a glance

Email scams keep on coming

Scammers, like all con artists, are sociopathic parasites, leaching from the unwary, stealing, conning, whatever it takes to make coin. They don’t care who they hurt, financially or mentally. It’s all about them, what they can get, and – they believe – if you fall for their scam, it’s your own stupid fault. Hah hah hah.

To make it worse, when they use landlines for the scam (as in the example today), they often get it from an incumbent telephone company. The telco could and should close them down immediately after they are reported, but they are making money themselves, so they will hold on as long as they can, milking off the back of the scammer. “We have to make sure”, they’ll claim. Cobblers, it’s all about the money.

This happens rather a lot. Just from UnknownPhone, they:
"have registered 91,638 active spam phone numbers"
and have
"detected 8,468,712 spam calls from this same type of landline as 02033985950 (area code 020)"

It’s all about the numbers! If only 1%, heck if only 0.01% out of millions fall victim, they are ahead. It’s worth it to them.

Anyway, today’s offering pings to Charing Cross, London. Here’s what UnknownPhone had to say about this particular maggot:

According to the reports sent by our users on our website and app, the phone number 02033985950 seems to be related to an ebay scam call. We have not been able to verify if this phone number is a legit Apple number.

This phone number has other formats: 020 3398 5950, +442033985950, 02033985950, +44 20 3398 5950.

How much does it cost to call 020 3398 5950? (A landline)

Calling 02033985950 from your landline can cost up to 16p per minute. There is a ‘set-up’ fee that is around 23p; calling from your mobile can cost you from 3p to 65p per minute depending on your phone company. These types of calls are often included in call packages, depending on your provider, calling to this phone number could be free of charge.


Naturally, I reported them too.

For the benefit of those searching, here is the text of my message. Others reported similar; it appears the scammer likes to use products in the region of £460 and sends fresh batches of scams out for harvested email addresses. This was received and written today (21st Nov); note the dates on the scam.

“Thank you for shopping on eBay! Your order is now confirmed. Please note the PayID as a reference for your records. If you did not place this order please call us on +44-20-3398-5950 to report this to our fraud protection team.”

Order details
You completed checkout on 20-Nov-2022

Ship to: [adddress in Hazlewood, North Yorkshire]

Auto Debit £456.95

Acer Ultra Slim i7-12700H/8GB/512GB/RTX 3050 – UK

Delivery: 21 Nov – 22 Nov

Subtotal £456.95
Total £456.95

Email scam, trying to get you to phone a premium rate number (top)
{ (Top half of) email scam, trying to get you to phone a premium rate number }
Email scam, trying to get you to phone a premium rate number (bottom)
{ (Bottom half of) email scam, trying to get you to phone a premium rate number }

It’s Obvious when you look closer

I’ve highlighted the most obvious clues that this is spam and that you should report it and move on.

As if companies like eBay are going to send official receipts from some random, throwaway Gmail account. Smiley says Whatever and rolls his eyes

This is a form of psychological manipulation to focus your attention only where they want it. They highlight (in bold text) that they want you to call their (fake) fraud protection number.

At up to 65p a minute (£39 an hour), you can bet the scammers have some form of switchboard*, and the person answering will try to keep you talking as long as possible and get you to call back as many times as they can.

*They will probably use a virtual switchboard or hosted PBX, which uses VoIP technology. This would allow the scammers to work from home and
still have access to the network using IP phones, mobile phones and even just normal phones. Such a system can have call forwarding, auto attendants, voice interaction and more, all focused on keeping you talking for as long as possible.

The third point is less obvious
The supposed purchase is being sent to Yorkshire; I don’t live in or know anyone in Yorkshire and thought ‘Hazlewood’ was a typo (it’s not). As a new address, it would have to be verified. That is, eBay (Amazon etc.) would – in advance – be required to contact me and say, “Hey, this is not your address. Did you order this? Please confirm this purchase.”

The fourth point is none of the links work (at least for me).
If it were genuine, do would work as intended. Usually, in scams, they do go somewhere but use will use obfuscation and misdirection to hide the fact they are going to the scammer’s

The last ‘at a glance’ clue is the messed up “don’t” at the bottom.
More sloppy work.

Digging deeper

OK, yes, I’m putting off some real work and wanted to give this post me meat anyway, so I looked under the hood at the raw message.

This immediately jumped out: ecp yusercontent. I’ve given you one link to read further if you are interested, but it’s a browser hijacker based on Yahoo. It works by redirecting you and then double scamming you by trying to sell you a fake app to fix the issue caused by the hijacker. However, it also leaves an opening for other even more malicious software. Lovely people, eh!

You get the idea. If it makes you go “Huh!?” assume it’s a scam!

If there is something genuinely wrong, your bank is likely to notice before you do. I recently ordered something from Amazon for 90p (so under a quid), and there was a technical glitch (they wanted 2FA, and I hate mobile phones), so the bank froze my account. It is in their best interest to do so.

Contact form and other types of spam

This is another contention of mine, especially as WordPress is next to useless in doing anything about it. Their default (drag and drop) forms, while visually OK, manage to be horrendously open to bots, notoriously unreliable and plagued by issues relating to failing to send completed forms to their intended recipient. Dudes, you have had TWENTY YEARS, and you are still garbage. Do better!

The free version of WPForms it better than nothing, barely (‘cos you still have the issue with sending the damned forms), which means layers of SMTP to sort it. (Damn it, Automattic, get your shit together!)

I’m not a fan of plugging paid plug-ins, but the commercial version of WPForms has arguably essential features that make me glance towards WordPress and say bad words.

I wouldn’t mind if WordPress (perhaps via Jetpack options) said, “Yes, we know, but we have a solution; for a few quid a month, you can have this secure SMTP option, so your forms are spam filtered and delivered. But they don’t even do that. Smiley ranting

ANYWAY, this – and this alone – is enough for me to recommend the paid versions of WPForms. The spam protection options are available in ‘basic’ upwards.
(Feel free to note the lack of any affiliate component in the link!)

WPForms spam protection
{ WPForms spam protection }

Some of the features also rely on Akismet (from Automattic), which is free for home use, a few quid a month upwards for businesses.

You have:

: an antispam honeypot to catch junk.
: antispam protection
: your choice of bot detection (ReCaptcha, HCaptcha etc.)
: filtering only to allow specific countries (e.g. only contact from the UK)
: or filtering to block specific countries (hint: start with Russia and China)
: more filters to keep the undesirables out.

See also Contact form spam

email harvesting and identify theft

Too big to cover here, but I’ll add a few paragraphs. This was again advice I had sent to someone.


In the original, you put, “Any further information can be obtained by emailing [her] at the following address [some address]”

The problem with that is two-fold. Firstly anyone can then email her. Anyone!

The second is less obvious but inevitably ends in people abandoning their email – bots continually scan the internet for people’s email addresses for harvesting for resale, bulk emailing, hacking, and spam. ( e.g. Wikipedia: email harvesting ).

Am I paranoid? Yes. But even something as simple as her email address is enough for a hacker to start unravelling her life, so putting it up for them to collect automatically is not a good idea.

The number of times I’ve seen relatives joyfully announce their latest phone – and share the number online, or how they have finally been accepted for a credit card. I am like, “Have you not listened to anything I’ve said for the last 20-odd years?

For instance, via Have I been PWNed?, I can see she has been breached on at least one of her online accounts, as have you.

Might be something, probably nothing, so best not to worry about it, but you get the idea.

My email address has been found on 10 breached sites. Yahoo, for instance, has been hacked several times. Google has been hacked. Most, if not all, banks have been hacked to some degree. Most, if not all, big companies and government agencies have been hacked. Anyone that says they have never been hacked can quietly, and possibly with a prayer, add, “that we know of.”

What is a “breach”, and where has the data come from?
A “breach” is an incident where data is inadvertently exposed in a vulnerable system, usually due to insufficient access controls or security weaknesses in the software.

From there, I can – no, I could (damn it!) – pop over to ghostproject* and see if they have her/your login password as well – no, they don’t. They do, however, have two of my old passwords for my current main mail address and two passwords for another old address. That was enough details for someone to apply for a credit card in my name a few years back. Stopped, of course. These aren’t secret hacking hubs on the dark web, known only to shadowy individuals. These are in-your-face, have-a-look type!

*Bloody site looks to have been taken over by some US business. Used to be free, but now they want $30 (a month) for you to take a peek at the harvested data they hold on you! Shady as heck, in my opinion. After all, it is in their best interest to (cough* IL *cough*)legally scrape, harvest, buy or otherwise acquire all the private and personal data, passwords etc., they can on your from sources like the dark web and say, “Hey, we have this on you, you need to fix these.”

I hate corporates so much!

I am sure they will argue they provide a valuable service, but I still find it offensive.

Also of possible interest

The irony of cold callers – that call you to ask for money not to be called by them yet claim they are offering a valuable service and going you a favour! (from 2014)

My top ten rules for email (from 2007)

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top
%d bloggers like this: