This page covers details of scams and fraud. The vehicle of much of this crime is via email, so examples of SPAM and Phishing is also included.

Remember, this is NOT a definitive list of scams and fraud. This page only provides an example of what is going on.

Note : Some of the information provided is from ActionFraud Alerts, in the past they have been included on the NEWS pages. From September 2015 they will appear on this page.








NOVEMBER 2017


SUMMARY OF FURTHER SCAMS - NOVEMBER 2017

-----------------------
DON'T FALL PREY TO CONVINCING ALDI COUPON SCAM
(First for Women, dated 9th November 2017 author Jaclyn Anglis)

uaware comment : Yes I know this is a US article, but the scam is transportable globally !

Full article [Option 1]:

www.firstforwomen.com/posts/aldi-coupon-scam-146369

Heads up, Aldi shoppers: There's an Aldi coupon scam making the rounds on the internet, and it's important that you don't fall for the convincing fraud. The latest fake coupon, circulating on Facebook, includes a link to an illegitimate website and claims to give away $40 to anyone who completes the survey.

“Hey ALDI fans! Looks like another fake ALDI coupon is making its way around the internet,” Aldi said in a Facebook post earlier this week. “We’re sorry for any confusion, but we don’t offer electronic coupons and they won’t be accepted at our stores. We’re currently working on fixing the situation, but we’d love your help. Feel free to share this post to help us spread the word.”

-----------------------
WARNING OVER SCAM WHATSAPP MESSAGE OFFERING ASDA, TESCO AND MARKS AND SPENCER £250 "FREE" VOUCHER GIVEAWAY
(Birmingham Mail, dated 7th November 2017 author James Rodgers)

Full article [Option 1]:

www.birminghammail.co.uk/news/midlands-news/whatsapp-scam-marks-spencer-giveaway-13864430?service=responsive

The £250 vouchers doing the rounds on the widely-used messaging service are nothing but a scam, experts have warned.

Those regularly using WhatsApp to message friends and family are now being told to be vigilant.

Fraudsters are sending out fake Marks & Spencer, Tesco and Asda vouchers on WhatsApp.

Asda supermarket has issued confirmation, telling customers the vouchers are bogus.
-----------------------
IKEA SHOPPER SCAM TARGETING WHATSAPP USERS
(Country Living, dated 3rd November author Jessica Mattern)

Full article [Option 1]:

www.countryliving.com/life/news/a45505/ikea-scam/

With the holiday season just around the corner, get ready for an influx of scams targeting holiday shoppers online. In fact, there's one circulating right now that's affecting IKEA fans overseas.

The new scheme is tricking WhatsApp users into turning over their personal information in exchange for a fake store coupon, according to the Gulf News Society. On the messaging app, users are seeing a fraudulent message that claims IKEA is celebrating its 75th birthday by giving away $500 vouchers


LONDONERS FALL VICTIM TO 3,500 CYBER FRAUD ATTACKS A MONTH
(London Evening Standard, dated 30th November 2017 author Justin Davenport)

Full article [Option 1]:

www.standard.co.uk/news/crime/revealed-londoners-fall-victim-to-3500-cyber-fraud-attacks-a-month-a3706566.html

Londoners are falling victim to at least 3,500 cyber fraud attacks a month, police revealed today.

Scotland Yard warned that the scale of the problem could be far greater because such offences were “vastly under-reported”.

The Met now says it wants to encourage stronger links with private sector volunteers to combat cyber crime.

Detective Chief Inspector Gary Miles, head of the Falcon cyber fraud unit, said one of the most prolific scams was online advertising fraud offering non-existent properties for sale or rent.

Others include romance frauds — tricking people into meeting their “perfect partner” through dating websites — and identity frauds, where criminals use victims’ details from social media. Individuals and businesses also face phishing emails, ransomware attacks and more complex hacking raids.

Mr Miles said his detectives were investigating about 1,000 “volume fraud” offences and around 130 more complex cases. He added: “We are getting about 3,500 victim reports a month, but we think this is vastly under-reported.”

Last month, a gang investigated by the unit was jailed for using the bank details of hundreds of students to carry out a £2 million mobile phone fraud.

Ringleader Jonathan Boorman, 32, of Bath, and six others, including five from London, set up fraudulent phone contracts with the personal details.

Detective Chief Superintendent Mick Gallagher, head of the Met’s Organised Crime Command, today said the force already has “a lot of expertise that comes in through police volunteers”.

He added: “We have people from the banking sector working alongside my officers to investigate economic crime and we want to replicate that with cyber investigations.”

Mr Gallagher said the Met also wanted to recruit people straight from university to tackle the fraudsters. “Some criminal individuals have a high level of sophistication and are clearly very knowledgeable — our challenge is to raise our knowledge and skills above theirs to deal with them,” he said.

He added: “We do work in a clandestine way within the dark web to make sure that Londoners stay safe.”

Police are also aiming to raise awareness about how to avoid becoming a victim of cyber fraud. Mr Miles said: “We want to get people to think of their online security in the same way they think about their physical security.

“There are simple measures people can take, such as going to the Get Safe Online website and learning about how to improve passwords.”

Online fraud is now the most common crime in the UK, with more than 5.5 million offences each year.

(1st December 2017)


PHONE SCAMMERS ARE CLAIMING PEOPLE MISSED JURY DUTY, DEMANDING PAYMENT
(CBS New York, dated 12th November 2017)

Full article [Option 1]:

https://newyork.cbslocal.com/2017/11/12/jury-duty-phone-scam/

uaware comment : You never know, this may end up being a US fraud import !

Federal officials in New Jersey warned Sunday night that scammers claiming to be from the U.S. Marshals service are telling people they missed jury duty and must pay a fine.

The FBI Philadelphia and Newark divisions and the New Jersey district U.S. Marshals service said the callers pretend to be law enforcement or court officials.

The scammers say they are with the U.S. Marshals service, the local county sheriff’s department, or another law enforcement agency. They accuse the call recipients of failing to appear for federal or local jury duty and warn that an arrest warrant has been issued.

The intended victim is told he or she must pay a fine and report to court. To settle the fine, the scammers instruct the person to buy a prepaid debit card and give them card information.

Recent reports indicate the scammers have been targeting New Jersey residents. Various recipients of the scam have been documented in other states, officials said.

The FBI and the U.S. Marshals Service advised people that they should:

- Always be suspicious of unsolicited calls;

- Never give money or personal information to someone with whom you do not have ties and did not initiate contact;

- Trust your instincts – if a caller pressures you or says things that do not sound right, hang up;

- If concerns remain about the caller’s claims, verify the information with local law enforcement or court officials.

(1st December 2017)


YOUNG ADULTS "PUTTING THEMSELVES AT FRAUD RISK BY SHARING DETAILS ONLINE"
(Birmingham Mail, dated 14th November 2017 author James Rodgers)

Full article [Option 1]:

www.birminghammail.co.uk/news/uk-news/young-adults-putting-themselves-fraud-13901390

Young adults' willingness to share personal information with others online could be putting them at greater risk of fraud, a report warns.

While older people are often seen as less tech-savvy, potentially putting them at greater risk of fraud, NatWest found that less cautious behaviour among those aged 18 to 24 years old in particular could be making them vulnerable.

NatWest, which commissioned think tank Policy Network to look into financial fraud trends, found more than 80% of young adults in this age group are willing to share their email address online with their friends, and as many as 29% are willing to share their mother's maiden name - a commonly used security question.

This contrasts with just 60% of over-55s willing to share their email address, and only 12% willing to share their mother's maiden name.

The report was launched at a fraud summit being held by NatWest.

David Lowe, NatWest's head of fraud prevention, said traditionally the view has been that older people are most at risk from financial fraud.

He said: "Whilst fraud is still prevalent in this age category, we are seeing an increasing trend in younger 'digital natives' falling victim to online fraud."

Matthew Laza, director at Policy Network, said: "We need to ensure that today's school children don't become another 'generation scammed'.

As more and more of life moves online this is a real danger for the future.

"Which is why we believe every UK school child should have completed a fraud and cyber security course by the time they leave school, so we can have a generation digitally ready."

Research for this report involved a review of available data on fraud and scams, analysis of YouGov survey data, and interviews with fraud experts.

(1st December 2017)


VICTIMS LOSE OVER £100m TO BANK TRANSFER SCAMS IN JUST SIX MONTHS
(Which?, dated 7th November 2017 author Stefanie Garber)

Full article [Option 1]:

www.which.co.uk/news/2017/11/victims-lose-over-100m-to-bank-transfer-scams-in-just-six-months/

Thousands of people and businesses have been tricked into transferring just over £100m to scammers in the past six months alone, new data shows. But proposals from the Payment Services Regulator (PSR) may offer more consumers a way to get their money back.

Which? has been campaigning for over a year to protect consumers from bank transfer scams. The PSR has now unveiled new measures to reimburse victims and prevent fraud, as well as data that for the first time reveals the full scope of the problem. This means that victims of bank transfer fraud – which has become the second biggest type of fraud (after card fraud) may soon have the chance to get their money back

£100m lost, just 25% recovered


Bank transfer fraud happens when a person is tricked into transferring money into a scammer’s account – either buying something that don’t exist, or being misled about the recipient’s identity.

The PSR has today released figures that reveal the scale of the problem for the first time. In the past six months alone, over £100m was transferred to scammers by people in the UK, according to data from UK Finance.

Of this, around £25.2 million was recovered – meaning just £1 in every £4 lost to this type of fraud has been paid back to victims.

In the six month period, around 19,370 cases were recorded. On average, individuals lost around £3,027, while businesses lost £21,477.

Bank transfer fraud at a glance (Figures from UK Finance, November 2017)


- Amount transferred to scammers in past 6 months : £101.2 million
- Cases in the UK in the past six months : 19,370
- Average loss per person : £3,027
- Average loss per business : £21,500

Unlike credit or debit card frauds, people who are tricked by a bank transfer scam currently have no legal right to get the money back from their bank. If the money cannot be recovered from the recipient’s account – and often, funds are immediately withdrawn or sent offshore – then you may have little recourse to get your money back.

PSR proposes reimbursement scheme


Which? launched a super-complaint to the PSR on 23 September 2016, calling for the regulator to investigate whether banks were doing enough to protect consumers from bank transfer scams.

The PSR today released its full report, and launched a consultation into a contingent reimbursement scheme.

Under the proposal, victims would be entitled to a refund from their bank in certain circumstances. Stakeholders, including consumer groups and banks, have been invited to respond within the next three months. If the scheme were implemented, the PSR expected it would be in place by September 2018.

Industry makes progress on prevention

The PSR also provided an update on the banking industry’s progress towards better fraud prevention and protection for customers.

UK Finance has published a set of best practice standards, which its members have agreed to fully implement by the end of Q3 2018.

From 2018, banks will improve their information sharing, and financial crime data sharing. The Joint Fraud Taskforce, of which UK Finance is a part, is also developing a framework to allow stolen funds to be tracked across payment systems, frozen and then returned to victims.

The PSR also noted that the industry had made positive steps towards fraud prevention, including towards the development of a ‘confirmation of payee’ tool. This would raise an alert if the name entered as the payee in a transaction didn’t match the account details. The tool is expected to start rolling out during 2018.

###Which? welcomes reimbursement plans

Since filing its super-complaint, Which? has called on the PSR and the banking industry to show progress on tackling transfer fraud.

Which? welcomed the PSR’s latest proposals, but called for the banking industry to move quickly to protect consumers.

Which? CEO Peter Vicary-Smith said: ‘A year on from our super-complaint, it’s good to see the regulator coming down on the side of consumers. If this stops the huge amounts of money lost to bank transfer scams, it’ll be a significant win.

‘To make this a reality, the regulator must now ensure any reimbursement scheme properly compensates victims. Meanwhile, banks must move to quickly put in place better checks and protections to prevent these scams happening in the first place.”

(1st December 2017)


UBER CUSTOMERS : BEWARE THIS SCAM
(INC, dated 29th November 2017 author Joseph Steinberg)

Full article [Option 1]: www.inc.com/joseph-steinberg/uber-customers-beware-this-scam.html

Criminals are exploiting the news that Uber suffered a serious data breach to inflict more harm on Uber customers. As if it the pilfering by hackers of the names, email addresses, and mobile-phone numbers of 57 million customers of the ride service as well as the driver's license numbers of 600,000 Uber drivers was not bad enough, criminals are now crafting sophisticated phishing emails that prey on the same group of people.

There are multiple variants of the scam -- and surely more to come.

Various realistic-looking phishing emails appear to come from Uber and apologize for the breach. Some request that the user reset his/her password so as to ensure that any passwords compromised in the breach cannot be used by criminals. This may appear to be sound advice - and it actually might be if it were not for the fact that the password reset link provided in the email directs clickers to a bogus Uber site run by criminals in order to collect passwords. Of course, the site asks you to enter your "old password" along with your desired new password.

Another variant of the phishing email contains a profound apology for the breach, and offers the customer a $50 credit towards rides on Lyft, Uber's main competitor in many markets. While anyone who spends a moment thinking about the offer should realize that it is likely bogus - why in the world would Uber be both providing its primary competitor with revenue and directing its already upset customers to that primary competitor - people have a tendency to act without thinking when offered "free money" which they think may no longer be available if they do not act quickly.

Other variants of the phishing scam already exist, and more will continue to appear in the upcoming weeks.

So, if you are an Uber customer -- or ever were an Uber customer -- stay vigilant and suspect that any emails that you receive either asking you to take action to protect your Uber account, or promising you compensation for the breach, are likely scams. Of course, it is a good idea to change your Uber password - but do so by using the app on your phone, not by clicking links in an email that was sent to you by someone of whose identity you simply cannot be certain.

(1st December 2017)


TV LICENCE FEE REFUND - THE DANGEROUS SCAM EMAIL SPREADING FAST AND THE REAL REFUNDS YOU MIGHT QUALIFY FOR (Extract)
(Mirror, dated 14th November 2017 author James Andrews)

Full article [Option 1]: www.mirror.co.uk/money/tv-licence-fee-refund-dangerous-11517529

A new warning has been issued about a convincing scam email pretending to be from TV Licensing.

Action Fraud has warned that it's had more than 200 reports of the new scam, adding that TV Licensing would never email to tell you you're due a refund.

Instead, the scammers are simply trying to get you to enter your bank account details.

The worrying thing is that there are actual refunds available for some Britons - with £37 back a real possibility - something scammers are trying to exploit.

t's a lie. There is no refund available and even if there was, TV Licensing simply doesn't email people telling them they are due refunds.

"A small number of our customers have received scam email messages saying they are due a refund. A link directs customers to a fake version of the official TV Licensing website which asks them to enter personal information and bank details," TV Licensing warned .

"If you receive a similar email message, please delete it. If you have already clicked the link, do not enter or submit any information. TV Licensing never sends refund information by email and is investigating the source of this fraud."

But while this email is fake, there are ways to pay less for a TV Licence.

As TV licences apply to addresses, not individuals, as long as someone qualifying for a discount lives at your address and the licence is in their name, the whole house benefits.

So who gets a discount? Well, older Britons don't need a TV licence.

That means when you reach the age of 75, you can apply for a free over 75 TV Licence . They last 3 years and will be sent out provided you give them your national insurance number. In fact, if you're 74, you can even apply for a short-term licence to cover up up until your 75th birthday.

Secondly, while it's not free, but anyone who's blind (severely sight impaired) can get half price TV licences . Again, this means the rest of the house is covered too.

If you're renting, you don't need a separate TV licence for your room if you have a relationship with the homeowner (and live in their main house) or a joint tenancy agreement - but do need one if you have a separate tenancy agreement for just your room.

There are also other times you might be able to get money back on the £145.50 - for example if you're a student you can get a £37 refund .

(1st December 2017)


THE FAKE PANDORA WEBSITES PROMISING 70% DISCOUNTS THIS CHRISTMAS
(Mirror, dated 14th November 2017 author Emma Munbodh)

Full article [Option 1]:

www.mirror.co.uk/money/warning-over-fake-pandora-websites-11514544

Christmas shoppers are being warned to think twice before entering sensitive details online this season following a rise in the number of fraudulent Pandora websites selling counterfeit goods on the internet.

The online pages, which offer up to 70% reductions, are uncannily like the official online jewellery store, however, hand your details over and you could be left hundreds of pounds out of pocket, or at best, with a fake item.

This includes one page called pandorasukonline which has since disappeared online.

On Facebook, a customer reported that they'd ordered several charms at a total price of £235 from the website on 10 October 2017.

On later inspection, the shopper discovered they'd been billed £265 instead, to date, the items have still not arrived.

Facebook page Pandora Scam Sites first warned of the rogue website last month. It shared a list of several more sites to watch , which it alleged were all 'scams'.

Hundreds more have also since been shared on the official Pandora Facebook page (see below) - with customers being warned to check here if they are suspicious .

Head of Group Press. Martin Kjærsgaard Nielsen told Mirror Money: "At Pandora we are full aware that there are dark forces out there who seek to exploit and misuse our strong brand with counterfeit jewellery.

"This is obviously completely unacceptable and we are taking and will continue to take necessary measures to end this practice. We closely monitor the situation as it is important for us to protect our brand.

"Ultimately, it is a matter for authorities to enforce the legislation that protect our legal rights, which in turn will prevent consumers from ending up with fake and counterfeit jewellery."

*******The orginal article provides details of some BOGUS "Pandora" websites ********

Spot the signs - how to tell if a website is genuine

Action Fraud, the government's anti fraud body, has identified a number of preventative steps for customers shopping online this Christmas.

In a statement, detective inspector Chris Felton told Mirror Money: "As with any online shopping, we would urge people to research a seller before paying any money. Search for reviews from people who have previously purchased from the seller and check the item description carefully. If you are unsure, ask the seller questions.

"To protect your money until you've resolved any problems with the seller, always pay suing a recognised service; never pay by money transfers."

- If something seems too good to be true, it probably is. Don't be fooled into thinking you're getting a great deal.

- Get the trader to tell you if they provide an after-sales service, warranty or guarantee. Most rogue traders don't.

- Make sure you understand how the website's feedback function works. Feedback will give you useful information about recent transactions other buyers have made.

- Check the item's description carefully - ask the seller questions if you're not sure of something.

- Be aware of phishing emails that look like they come from the online auction or payment site you're registered with, asking you to update your account details or re-enter them because your account has been suspended.

- Check the URL in the web browser. A tactic often used by fraudsters is to change the address very slightly (if they're spoofing an eBay site, for instance, they may have an address such as '. . . @ebayz.com' whereas the real site is '. . . @ebay.com')

- Read the terms and conditions carefully, including those relating to any dispute resolution procedures the site offers.

- Run the site through a search engine - often if a site is suspicious, there'll be people talking about it online.

As a buyer you should:

- Try to avoid paying by money transfers - they aren't secure.

- Be careful when using direct banking transactions to pay for goods. Make sure transactions are secure.

- Don't send confidential personal or financial information by email.

- Use an online payment option such as PayPal, which helps to protect you.

I've been caught out - what should I do?

- If the seller has misrepresented the goods you've bought or your goods have failed to arrive, report the incident to Action Fraud .

- If you have passed on your personal banking details or any sensitive information relating to money, inform your bank immediately.

- Keep all evidence of the offence, including goods and correspondence.

- If there is a business dispute over the nature of the transaction, contact the website involved. Or, you can alert Consumer Direct by phone on 08454 04 05 06.

What Pandora says

In a statement on the Pandora Facebook page, the firm states the following in relation to counterfeit goods:

"As soon as a brand becomes popular you will see counterfeits multiply. Copies and fake products are unfortunately a challenge for Pandora - just as it is for most other jewellery manufacturers. Jewellery is easy to copy because of its size and character, and that unfortunately also goes for the lettering, e.g. our marker's mark "ALE" or our trademark "Pandora", which otherwise show customers that the product is authentic.

"This means that you can easily find products that have this stamp, but which is most definitely not authentic Pandora. Rest assured that we do not tolerate such counterfeits and take appropriate action.

"PANDORA takes trademark infringement very seriously and we have a department dedicated to brand protection. Unfortunately, it is not always easy to shut down a website, and the process can take some time if the company hosting the website will not cooperate.

"We are also working with Facebook to find a solution to stop fake sites advertising. Many fake websites and Facebook pages are daily being closed down."

The statement adds that customers suspicious of any websites should send the address and Facebook URL to its Brand Protection team: brandprotection@pandora.net.

(1st December 2017)


THIS TYPE OF FRAUD IS RISING FRIGHTENINGLY FAST : HERE IS HOW TO PROTECT YOURSELF
(The Motley Fool, dated 15th November 2017 author Matthew Cochrane)

Full article [Option 1]:

www.fool.com/investing/2017/11/15/this-type-of-fraud-is-rising-frighteningly-fast-he.aspx?source=isafpbcs0000001&utm_campaign=investment+plann&utm_medium=feed&utm_source=flipboard

uaware comment :
okay, I have done it again, I have provided a US article. My defence is that it explains the problem and possible prevention. Take heed !

While there are many advantages to living in a digital world, the connected life also has its drawbacks. One of the biggest disadvantages is that it gives fraudsters numerous opportunities to gain access to our personal identification. Last year alone, 15.4 million consumers were the victims of identity theft, a 17.5% increase from the previous year. With this information, thieves can open new accounts in our names, steal from our existing accounts, and use it as a veil of authenticity during the commission of scams.

Fraud and identity theft have become a fact of life in today's world. This year, when the Global Fraud Index was released, one statistic stood out more than any other: Account takeover fraud skyrocketed by more than 45% year over year in 2017's second quarter and cost merchants a whopping $3.3 billion in that three-month period. While exact figures are extremely difficult to come by, other studies confirm the overall trend. Javelin Strategy's 2017 Identity Fraud Study, released in February, reported account takeover incidents increased by 31% in 2016 with consumer losses reaching $2.3 billion, a 61% increase from the previous year.

As an economic-crimes detective, I see the financial pain and emotional stress this type of crime causes firsthand. And while this type of fraud has always been rampant, my own experience confirms the research results: This type of fraud isn't going away and only seems to be growing more common.

What is account takeover fraud?

Account takeover fraud occurs when criminals gain access to victims' bank or credit card accounts and then make unauthorized transactions on the account. While this encompasses credit card fraud, when someone uses your credit card number to make a purchase, more insidious versions of this crime go deeper. After all, consumers enjoy far-reaching protection against permanent monetary loss when they are victims of simple credit card fraud, but bad cases of account takeover fraud can involve far more.

I've seen cases where suspects gain access to a victim's banking account and promptly change the account holder's phone number, physical and email address, and online password. The legitimate account holders are effectively locked out of their own accounts, ensuring that they will no longer even receive texts or emails alerting them to the suspicious activity.

How account takeovers happen

Consumer information can be stolen in a variety of ways; some of the most common methods of stealing data include malware, phishing, and data breaches. Indeed, it seems hardly a month goes by without another data breach at a major corporation where millions of consumers' payment information was stored. Earlier this fall, the data breach at Equifax was nearly unprecedented in scope and breadth, affecting 143 million Americans.

Phishing and malware attacks are also on the rise. Symantec estimates that 54.3% of all email is spam and that there are nearly 1.6 million blocked Web attacks each day. In June, the company stated that phishing attacks increased to about one out of every 1,975 emails. With massive, high-profile data breaches making the news and phishing and malware attacks rising, the increase in account takeovers doesn't seem poised to slow down anytime soon.

What you can do to protect yourself


There is no silver bullet to stop fraud. With these types of attacks on the rise, it's almost inevitably just a matter of time before we're all victimized. We can, however, take definitive steps that will decrease our exposure to being targeted and mitigate the severity of the incidents when they take place.

1. Develop strong and unique passwords across all of your accounts. When most of us hear of a data breach that might directly affect us, we immediately fear the theft of our personal identification, including our name, address, date of birth, and Social Security number. What many of us fail to consider is whether we've used a password for that account that we used elsewhere.

Unless one is unusually savvy with memorizing odd word combinations or develops a highly sophisticated system, using unique, strong passwords (using letters, numbers, and symbols) across every single site where an account is kept is almost impossible. That's why I strongly suggest using software or websites that are designed to do this very thing. Doing so saves people the headache of performing this Herculean task on their own. Although most of these cost money, some will run their program across one device for free. A few things to look for when researching these services include two-factor authentication, automatic password capture, form-filling capabilities with multiple form-filling identities, and secure sharing.

2. Always pay with a credit card. Frank Abagnale Jr., the former conman turned security consultant made famous by the movie Catch Me If You Can, tells clients he removes 99.9% of all fraud risk by using credit cards. Why? Because consumers are limited to $50 of liability when credit card fraud is reported in a timely manner. That's far more legal protection than any other payment method offers. Likewise, consumers are in a position of strength because they're never without the money in their banking accounts; they're merely arguing over how much money they owe their credit card company.

3. Avoid writing personal checks whenever possible. Think about the most damaging information that could be leaked to potential thieves and fraudsters and then consider what's printed on the front of your personal checks: your name, address, banking institution, routing number, and bank account number. That's a treasure trove of information for anyone wishing to defraud you. For this reason, if at all possible, only write checks to trusted friends or family members. Otherwise, run to the ATM for a quick cash withdrawal if you can't pay with a credit card, or use a digital payment service such as PayPal or Venmo.

4. Monitor your accounts closely. Finally, make sure you keep tabs on all of your accounts -- checking, savings, brokerage, credit card -- and immediately report any suspicious activity. Regularly make sure your account contact information is up to date and correct. Even watch out for small charges that almost seem inconsequential at first. Many times, fraudsters will use the account for small transactions first to ensure the information they have is working.

Account-takeover fraud can be draining affairs -- both financially and emotionally. But people who take these steps stand to be affected much less if they're victimized.

(1st December 2017)


OLD SCAMS, NEW TRICKS AS FRAUDSTERS ADAPT
(BBC News, dated 3rd November 2017)

Full article : www.bbc.co.uk/news/business-41851510

The organisation at the frontline of UK consumer protection says it is seeing a pattern of "old scams, new tricks".

National Trading Standards (NTS) said that while online crime was a growing problem, time-honoured fraud methods would not disappear any time soon.

It said many people were still hounded by cold callers, scam mail and doorstep criminals.

Criminals were also using smart TVs and voice-activated home devices to steal data, its Consumer Harm Report warned.
'Challenging times'

NTS, which was set up by the government in 2012, said 2016-17 had been a record-breaking year, with 104 criminal convictions.

However, it said criminals were using new tactics to avoid detection, such as mail arriving via third-party countries and the use of blank envelopes, so that people had to open them to find out what they contained.

In its annual report, it listed the potential emerging threats to consumers over the coming year, including:

- Continued manipulation of online ticket retail sites by scammers and organised criminals

- The growth of social media as a selling platform, putting consumers at risk of intellectual property crime and product safety issues

- The risk posed by connected devices such as smart TVs and home assistants, which may leave consumers open to data theft

- Increasing sophistication of doorstep criminals who use websites, social media and fake reviews and are increasingly part of larger organised crime groups.

"An evolving criminal landscape does not mean the more traditional scams will disappear," it said.

"Instead, National Trading Standards is seeing a trend of criminals diversifying and adapting their current schemes, evidenced in mass marketing mail scams.

"Additionally, more scams are originating abroad, with criminals concealing the payments they're receiving from their victims through payment processing companies," it said.

But it said its actions had prevented nearly £127m in losses to consumers and businesses during the year.

Lord Toby Harris, who chairs the NTS, said: "Our teams are operating in an ever-evolving criminal environment. Consumer protection bodies are facing changing and challenging times."

He also praised the efforts of the public, who were "pivotal" in reporting crimes and supporting the NTS's work.

"So together, we continue to work to disrupt, investigate, prosecute and keep people safe."

(1st December 2017)


AMAZON SCAM : CONVINCING FAKE EMAILS TRY TO TRICK PEOPLE INTO REVEALING THEIR BANK DETAILS
(Independent, dated 8th November 2017 author Aatif Sulleyman)

Full article [Option 1]:

www.independent.co.uk/life-style/gadgets-and-tech/news/amazon-scam-fake-emails-how-to-protect-yourself-payment-information-report-phishing-a8043646.html

Internet users are being targeted by a fake email claiming to have been sent by Amazon.

The scam message features the company's logo and even social platform icons, and has been carefully formulated to look as official as possible.

However, it's designed to trick you into giving out your personal details and visiting malicious websites.

The fake email, which was first spotted by Better Business Bureau, claims that Amazon can't confirm some of your personal details, such as your identity, payment information or address.

It asks you to update your information by clicking a link, which looks a lot like the gold-coloured buttons that feature on the Amazon website.

Despite its convincing appearance, you should not click it.

Doing so won't take you to Amazon, but to a third-party website that could try to steal your sensitive data by infecting your computer with malware.

Action Fraud has also noticed the scam, and is advising people to log in to the Amazon site directly, rather than risking your safety by engaging with the potentially dangerous emails.

"Amazon will never ask for personal information to be supplied by e-mail," the company says.

"Emails from Amazon will never request you to update payment information via a link. Instead, we would include instructions on how to verify your account information, including payment options, through the Amazon.co.uk website."

Amazon says it would also never ask for your National Insurance number, your bank account information, credit card number, PIN number, or credit card security code, your mother's maiden name or other information to identify you, or your Amazon account password over email.

You can report a scam email to Amazon by following the instructions on the company's help page.

(1st December 2017)


A SCAM ON TOP OF A SCAM ? EQUIFAX LETTERS SPARK CONCERN AMONG VICTIMS
(Which?, dated 4th November 2017 author Faye Lipson)

Full article [Option 1]:

www.which.co.uk/news/2017/11/a-scam-on-top-of-a-scam-equifax-letters-spark-concern-among-victims/

UK victims of May's Equifax data breach have been left confused and panicked by a letter from the firm which says their personal information has been compromised - but doesn't say what Equifax is or why it holds their data.

Which? has heard from dozens of people who received the letter and were confused by it - with some fearing it to be a scam - because they have never heard of or directly dealt with Equifax before.

Equifax has now confirmed that only 27,000 of the nearly 700,000 people it has written to were its direct customers - and the rest may previously have had no inkling they were affected by the breach.

Equifax data breach: 15.2m Brits affected

In May this year, Equifax announced its data had been access by hackers in a cyber-attack. Some 15.2 million UK client records were compromised and more than 690,000 UK consumers are likely to have had sensitive details stolen.

These include email addresses, passwords, driving license numbers, phone numbers and partial credit card details.

Equifax is now writing to those worst-affected UK individuals to offer a choice of free ID-monitoring services.

Why does Equifax hold data for non-customers?

Equifax has confirmed that just 3% of the worst-hit victims were its direct customers.

How is this possible? As a credit reference agency, Equifax receives personal data from banks and financial institutions whenever someone applies for a bank account, mortgage or credit card. Consent for this is usually included in the application terms and conditions.

This means Equifax may hold data on you even if you've never dealt with it directly. Others will have transacted with Equifax by purchasing a credit report or identity monitoring services from it.

Victims express confusion, fear of further scams


Which? has seen evidence the letters are causing widespread confusion among the victims. One person who'd had their name, date of birth and telephone number compromised emailed us:

As far as I am aware I have never used this organisation, they now advise me to use their "free" services to help protect myself. If they are so incompetent in the first place to have been the subject of a cyberattack why should I trust any of the services they recommend.

Is this a scam on top of a scam?


In addition, the Which? Money helpline has fielded more than 25 calls so far this week from people concerned by the letter.

Technical expert and Trading Standards 'Scambassador' Scott McGready took to Twitter to blast the way Equifax has handled informing the public, branding it 'Like herding cats,' and insisting that 'more needs to be done'.

Which? asked Equifax to comment on the apparent confusion its letter had caused, but it declined to do so.

------------- See orginal article to view the Equifax letter --------------

How to verify your letter?

If you receive a letter regarding the Equifax data breach, and you're not sure if it's genuine, look up Equifax's number independently via a search engine or directory enquiries. Then give them a call to confirm the letter is genuinely from them.

Should I accept the free identity monitoring services?

If your data has been breached, you may be at heightened risk of identity fraud. To combat this, Equifax is offering its worst-affected UK customers free services which monitor how your identity is being used online - some of them run by Equifax itself, and one run by anti-fraud body Cifas.

If you are concerned about the security of Equifax's own products, you can opt to be enrolled in Cifas's Protective Registration scheme - however you will still have to give some personal information to Equifax so it can enrol you for free.

It is possible to enrol directly through Cifas, though this will attract a £20 charge (for two years' cover).

Which? tips for surviving a data breach

If you believe you've been a victim of a data breach, take the following steps to protect yourself:
- Contact your mortgage, current account and credit card providers to make them aware of the potential breach.

- Change your passwords on any online accounts holding sensitive information.

- Check your credit card statements and credit reports for unusual or unauthorised activity. Report any discrepancies to the provider immediately.

- Apply for protective registration from CIFAS - the Fraud Prevention Service. This will trigger additional checks any time someone tries to open a financial product in your name.

- Be extra-vigilant against phishing messages.

- Our (Which?) consumer rights guide explains how to spot a scam message.

(1st December 2017)


BANKS PLAN TO STOP FRAUDSTERS VANISHING INTO THE ETHER WITH YOUR CASH
(Daily Mail / This is money, dated 7th November 2017 author Victoria Bischoff)

Full article [Option 1]:

www.thisismoney.co.uk/money/beatthescammers/article-5060237/Banks-plan-stop-fraudsters-vanishing-cash.html

Banks are working on plans to track down stolen money and return it to fraud victims within days.

They are setting up a new system that allows them find out where a payment has ended up - regardless of how many bank accounts the money has been moved through.

It means fraud victims will stand a far greater chance of getting back the cash they've lost.

Yesterday, new industry figures revealed for the first time the scale of bank transfer scams where con artists trick victims into handing over money.

In the first six months of this year 19,000 people were hit by this type of fraud, losing £101million. Just £25million, a quarter of the stolen money, was returned to customers.

Most victims are left permanently out of pocket because banks struggle to trace the stolen funds.

When a fraudster tricks someone into handing over cash, it is typically moved out of the receiving account and into another one within minutes.

From there it will be moved again and again through different accounts - known as mule accounts - with different banks.

It may be mixed with other money, some of which may be completely unrelated to crime, until it is almost impossible to work out where it originally came from.

The criminal will then withdraw the funds in cash, transfer the money overseas or use it to make a purchase.

At that point, your cash is usually gone for good - and banks won't offer a refund - which is why it is vital to track it down before it leaves the banking system.

A new digital tracing tool, which banks are calling the 'funds repatriation initiative', will make this possible.

Brian Dilley, group director of fraud & financial crime prevention at Lloyds Banking Group, says: 'The banking industry has been working together to develop a central system that enables us to trace and track the proceeds of fraud through the banking system.

'Money stolen by fraudsters often exits the banking system and is long gone before people know they've been conned, but an infrastructure allowing banks to identify money quicker as fraudsters try to move it down the line will make it harder for them to get away with stolen cash and help victims get their money back.'

At present, when a victim of fraud contacts their bank for help getting their money back the bank can only see the first account the money was moved into.

If the bank that received this money says it has already been moved out of the account there is little, if anything, they can do.

But under the new system the victim's bank will be able to enter the payment details into a central computer that will show almost instantaneously every account the money has moved through since it was stolen - and crucially, where it ended up.

Once they know what bank has the money they can call and ask for it to be frozen so fraudsters can't touch it again.

If the case is simple and does not involve foreign bank accounts, the money could be transferred back to the victim within days.

In more complicated scenarios the bank may need longer to investigate to ensure the money is going back to the right owner.

Experts say this new system could protect significant numbers of customers and prevent millions falling into fraudsters' hands.

As Money Mail has highlighted over the past two weeks, around £130million has been frozen in accounts opened by criminals.

Often, this money has been abandoned by fraudsters after banks have become suspicious and flagged the account for investigation.

In many cases banks are then unable to return the cash to the victim either because they can't trace where the money came from or are prevented from touching it by onerous rules and laws.

Money Mail is campaigning for a tweak to the law so this cash can be used to pay back fraud victims who've been left out of pocket.

If the original victims can't be found, banks should be allowed to use it as a compensation fund for other victims.

Barclays, HSBC, Santander, Nationwide and TSB have backed our campaign.

And over the past week Money Mail has convinced Lloyds bank to throw its full weight behind our proposals.

Initially, it had suggested the money might go towards general efforts to tackle fraud rather than as compensation.

But now it says: 'Lloyds fully supports Money Mail's campaign to change the law and unlock all the £130million in the frozen funds to compensate victims of fraud.'

If it was easier for banks to trace money through the system this money wouldn't amass in the first place.

Writing for Money Mail today, Stephen Jones, chief executive of banking trade body UK Finance, says: 'We need changes to the law to help stop the criminals in the first place, as well as helping victims get their money back.

'That is why the UK banking industry welcomes Money Mail's campaign.'

Banks have already begun piloting this new technology and are aiming to move into a second phase of testing early next year.

They say that realistically the new system will not be fully up and running for another two years.

There are also questions around who will fund the system, how people's data will be protected and if it will be mandatory for all banks and building societies to sign up.

There are also legal and data protection issues to consider.

For example, banks say that there needs to be protection in place in the event that they take money out of someone's account to return to a victim and the owner of that account turns out to be innocent.

For example, the criminal could have used the money to pay their rent. In this instance the bank can't just take back the money from the landlord, who may be completely unaware they have been paid in criminal money.

There will also need to be a framework in place to deal with disputes when things go wrong.

Despite being a giant leap forward, the new system will not protect all victims, as it cannot stop fraudsters taking money out of the banking system altogether.

Yesterday, the Payment Systems Regulator announced plans to force banks to reimburse people where firms 'have not met the required standards' in protecting customers.

It also wants to make it harder for criminals to set up bank accounts and is asking banks to share data so it's easier to spot scammers.

(1st December 2017)


WE HAD £300,000 TAKEN IN PAYMENT SCAM
(BBC News, dated 7th November 2017)

Full article : www.bbc.co.uk/news/business-41897888

People who have been conned into authorising their bank to pay a fraudster could find it easier to get compensation, under plans being put together by the regulator.

The Payment Systems Regulator is trying to devise a way to reimburse victims of authorised push payment (APP) scams.

In the first half of this year, 19,000 victims lost £100m to APP scams.

One such, Kate Blakeley, described the "sheer horror" of discovering the loss of almost £300,000 through such a scam.

Ms Blakeley, who was in the process of buying a house with her partner, described her experience. She thought she was transferring money to the right account, but it was in fact one controlled by a fraudster.

"Everything had gone very smoothly," she said. "Our conveyancing solicitor provided details by email of the bank accounts to make the money transfers on the day of completion.

"We transferred just under £300,000 on the day and within about three hours, we realised the money had gone missing.

"The moment of realising the money hadn't arrived as intended with the bank account we sent it to, or thought we'd sent it to, was just sheer horror."

Ms Blakeley did get all the money back eventually, but lost thousands in solicitors' fees. The matter is still subject to a legal dispute.

'No silver bullet'

The PSR has been investigating APP scams following a super-complaint by consumer body Which?.

The regulator said "good progress" was being made in a number of areas and it hoped a compensation system would be in place by September 2018.

As well as starting to record and understand the scale of APP scams, the PSR will also introduce new standards for banks to follow when a victim reports such a scam, which should improve victims' experience and banks' response times.

However, PSR managing director Hannah Nixon warned that not every scam could be prevented.

"There is no silver bullet for APP scams, and some people will still, unfortunately, lose out," she said.

"That's why we've continued to look for a solution that could reimburse those who are scammed, and today we begin consulting on an option that we think could work."

She added that account holders also needed to take "an appropriate level of care" in protecting themselves.

How to protect youself against "push" fraud

When you transfer money from your bank account, you are asked to enter three pieces of information: the name of the payee, their account number, and the sort code. However, only the last two are cross-checked by the bank. So putting in the correct name is no guarantee that person will get the money.

Financial Fraud Action UK offers the following advice:

- Never disclose security details, such as your PIN or full banking password
- Don't assume an email, text or phone call is authentic
- Don't be rushed - a genuine organisation won't mind waiting
- Listen to your instincts - you know if something doesn't feel right
- Stay in control - don't panic and make a decision you'll regret

'Significant win'

The Financial Conduct Authority (FCA) has reviewed the way banks handle APP scams.

It found banks' procedures were inconsistent, their existing fraud detection systems could not easily detect APP scams, and they did not collect enough data.

However, the FCA considers the industry initiatives underway will help to tackle these issues.

Peter Vicary-Smith, chief executive of Which?, said: "It's good to see the regulator coming down on the side of consumers. If this stops the huge amounts of money lost to bank transfer scams, it'll be a significant win.

"To make this a reality, the regulator must now ensure any reimbursement scheme properly compensates victims. Meanwhile, banks must move to quickly put in place better checks and protections to prevent these scams happening in the first place."

(1st December 2017)


NATIONWIDE GAVE A CRIMINAL WITH FAKE ID AN ACCOUNT BUT REFUSED TO REFUND ME £8,700
(The Telegraph - Money, dated 4th November 2017 author Amelia Murray)

Full article [Option 1]:

www.telegraph.co.uk/personal-banking/savings/nationwide-gave-criminal-fake-account-refused-refund-8700/

Experts have condemned the banking industry for its inconsistent approach in dealing with victims of "transfer fraud" - which is now one of the fastest-growing forms of financial crime.

The fraud usually involves email interception or some form of trickery, whereby the victim unknowingly sends money to a criminal's account. In many cases - but not all - where the recipient is proved to be a criminal, the bank that operated their account makes good the victim's loss.

Telegraph Money reported how David Burton and Derek Mackenzie were reimbursed by TSB after falling victim to eBay fraud, on the grounds that the bank allowed fraudsters to open accounts with false information (see box below).

Now, in a remarkably similar case, Nationwide has refused to pay back victim Balazs Kelemen the £8,700 he transferred into a fraudster's account operated by the building society. Mr Kelemen believed he was buying a BMW.

A police report later confirmed that a false Romanian ID card and counterfeit British Gas utility bill in the name of Constantin Chescu was used to open the Nationwide FlexAccount on Jan 10.

The criminal was apprehended and in May charged with "fraud in relation to opening accounts, using false identity documents and money-laundering, in relation to receiving victim's monies and subsequently withdrawing the funds". He was sentenced to 12 months in prison in July.

Mr Kelemen, 33, made two payments totalling £8,700 on Jan 23 and 24 to a firm called BC Motors, which turned out to be a fake website. He was one of 32 people who reported the company to the police.

When the car failed to materialise, Mr Kelemen, who lives in Southampton, realised the ruse.

But by the time he called his bank HSBC on Jan 31, the money had already been drained from the Nationwide account. Mr Kelemen also reported the crime to Action Fraud, the UK's cybercrime and fraud reporting service. Despite the conviction, Nationwide refused to accept responsibility for the fraudulent account. It insisted it was not negligent.

However, Richard Emery of fraud consultancy 4Keys International and an expert witness, argued that if the mutual had done its due diligence "properly" it would have spotted the documents were fake and the account would not have existed.

He said: "I don't accept the argument that the documents 'looked all right'. Nationwide has a moral obligation to refund the customer. Essentially its processes failed." A spokesman from UK Finance, representing banks, admitted fraudulent information could be "extremely difficult to detect".

Telegraph Money has long campaigned for the banks operating criminals' accounts to take greater responsibility for other, innocent users of banking services.

The Payment Systems Regulator, which oversees transactions, is issuing a report on Nov 7 on this issue. Last week Barclays became the first British bank to introduce pop-up windows that warn customers they may have been targeted by fraudsters when they make online payments that appear to be "suspicious or out of character".

And on Thursday Lloyds announced a new measure that would see its customers being prompted to answer additional security questions before setting up new online payments.

It was different with TSB: the bank acknowledged its role - and paid up

Earlier this year two fraud victims, David Burton and Derek Mackenzie, were refunded by TSB on the grounds that the accounts they transferred money into were opened with false information.

Mr Burton paid £3,400 to a fraudster on eBay for a non-existent motorhome in 2014. When it failed to turn up he contacted his own bank, Barclays, but the money had already been cleared from the TSB account.

Mr Burton also reported the crime to Action Fraud, which passed it on to the police for investigation.

A report from Bloxwich police revealed that fake details were used to open the account.

Following pressure from Telegraph Money, TSB admitted that the opening of the account did not meet its "strict anti-fraud requirements and ID checks". It refunded the £3,400 along with £250 compensation.

Mr Mackenzie got his money back from TSB on similar grounds after he transferred £7,858 to its criminal customer for a cherry picker he saw on eBay. A data disclosure from Devon and Cornwall Police revealed that the fraudster was able to bypass TSB's systems using a "made up" National Insurance number.

TSB agreed to reimburse Mr Mackenzie the full amount, along with £300 and interest.

(1st December 2017)


RECORD INCREASE IN "MONEY MULE" CASES AMONG UK YOUNG PEOPLE
(The Guardian, dated 27th November 2017 author Vikram Dodd)

Full article [Option 1]:

www.theguardian.com/uk-news/2017/nov/27/rmoney-mule-uk-young-people-bank-accounts

Record numbers of young people are letting their bank accounts be used by criminals engaged in terrorism and other serious offences, it has been claimed.

The past year saw a 105% increase in cases of "money muling" for those aged 21 years or under, to 6,484 cases, where seemingly innocent bank accounts are used to launder criminal proceeds.

Simon Dukes, chief executive of Cifas, the UK's fraud prevention service, said: "The criminals behind money mules often use the cash to fund major crime, like terrorism and people-trafficking. We want to educate young people about how serious this fraud is in the hope that they will think twice before getting involved."

Cifas says there were 8,652 cases of bank accounts belonging to 18- to 24-year-olds being misused in the first nine months of this year, a 75% increase in the last 12 months. That is double the number in 2013 when there were 4,315 cases.

Experts say one fraud asks people to reply to job adverts or social media posts that promise big sums of money way in excess of the work that will be needed.

Katy Worobec, head of fraud and financial crime prevention, at UK finance, which represents banking and financial companies, said: "Money muling is money laundering and criminals are using young people as mules in increasing numbers. We know that students are particularly vulnerable as they are often short of cash.

"When you're caught, your bank account will be closed, making it difficult to access cash and credit. You could even face up to 14 years in jail. We're urging people not to give their bank account details to anyone unless they know and trust them. If an offer of easy money sounds too good to be true, it probably is."

(1st December 2017)


PENSION REGULATOR WARNS FRAUDSTER WEBSITES CARRY ANTI-SCAM MESSAGE
(FT Adviser, dated 4th September 2017 author Maria Espadinha)

Full article [Option 1]:

www.ftadviser.com/pensions/2017/09/04/regulator-warns-fraudster-websites-carry-anti-scam-message/?mc_cid=bdd1075ef4&mc_eid=f46eab0a3f

uaware note : Article forwarded via National Trading Standards alert 44

A number of suspected scam websites have been referred to The Pensions Regulator (TPR) over the suspicion they are being dressed up as legitimate investment vehicles.

The Pensions Regulator is warning rogue pension websites are carrying anti-scam messages to try to trick consumers into thinking they are legitimate entities.

This warning comes after the government announced it was introducing a cold calling ban, which will also include texts and email.

The new legislation will also include tighter rules to prevent the opening of fraudulent pension schemes and restrictions to prevent transfers into scam schemes.

According to experts, some of the new rules might be introduced as soon as this week in the second Finance Bill of the year.

The Pensions Regulator is currently leading the multi-agency Project Bloom taskforce, which was set up to tackle pension scams.

It includes the Department for Work & Pensions, HM Treasury, the Financial Conduct Authority, HM Revenue & Customs, the Serious Fraud Office, City of London Police, the National Fraud Intelligence Bureau, The Pensions Advisory Service and the National Crime Agency.

Some of the rogue websites are even carrying the Bloom campaign's anti-scam material without TPR's consent, the regulator said.

Some even imply they are regulated by carrying warning messages designed to prevent people falling victim to scams, such as making reference to the tax implications over accessing your pension before the age of 55 and the danger of cold-callers.

According to Lesley Titcomb, chief executive at TPR, "these sites are wolves in sheep's clothing, lying in wait for unsuspecting victims by portraying themselves as being beyond reproach".

She said: "The truth is that this next generation of scam sites poses a real threat to people's financial futures and should be avoided."

According to government figures, almost £5m was obtained by pension scammers in the first five months of 2017.

It is estimated that £43m has also been unlawfully obtained by scammers since April 2014, with those targeted having lost an average of nearly £15,000.

The regulator is working closely with government, enforcement agencies and key financial service bodies to bring scammers to justice and, through its Scorpion campaign, to help the public protect themselves from scams, Ms Titcomb added.

Malcolm McLean, senior consultant at Barnett Waddingham, said scammers "are pretty clever people" and savers "need to very wary".

He said: "It is very clear that the original messages [on scams] are applicable here - if someone contacts you out of the blue, without any approach from you in the first place, then you should be extremely suspicious and in most cases, do not deal with them at all."

Even after the ban on cold calling in implemented, saver need to continue to be cautious, Mr McLean said.

"The ban on cold calling is only going so far, the calls will still be coming in, it is just that it will be against the law to do that," he added.

Where the regulator finds such rogue websites, it will demand they immediately cease using material that TPR owns and will investigate with other agencies whether further action, such as legal proceedings, should be launched.

The regulator is also updating its own portal with more information on these rogue websites.

(1st December 2017)


TELEPHONE SCAM TARGETING PEOPLE IN CORNWALL STARTS WITH APPARENT MESSAGE FROM "HM CUSTOMS AND EXCISE"
(Cornwall Live, dated 22nd September 2017 author Graeme Wilkinson)

Full article [Option 1]:

www.cornwalllive.com/news/cornwall-news/telephone-scam-warning-customs-cornwall-518259?mc_cid=e141e2bbf3&mc_eid=f46eab0a3f

uaware note : Article forwarded via National Trading Standards alert 45

People are being urged not to fall for this latest telephone scam, which is ingeniously simple and preys on our respect for authority and curiosity.

Alarm bells should ring as the scam begins with an improbable recorded-message from a man stating to be from HM Customs and Excise.

The call alerts the householder that the Government agency is poised to take legal action and then invites the listener to press a key to speak to the case manager. And there is the trick - if the householder presses a button, the call connects to a premium line from which the scammers make money.

The call alerts the householder that the Government agency is poised to take legal action and then invites the listener to press a key to speak to the case manager. And there is the trick - if the householder presses a button, the call connects to a premium line from which the scammers make money.

"This is a scam, if you also get this call don't press 1. It can cost you a lot of money. Just hang up. If you have call identify, it comes up as International."

Always remember - If any agency is going to take legal action against you, they will do so by post.

(1st December 2017)


"DO YOU DO A BINGO NIGHT ?" THE NEW ZEALAND CHATBOTS DESIGNED TO SCAM THE SCAMMERS
(The Guardian, dated 10th November 2017 author Eleanor Ainge Roy)

Full article [Option 1]:

www.theguardian.com/world/2017/nov/10/new-zealand-chatbots-artificial-intelligence-scam-conversations

Thousands of online scammers around the globe are being fooled by artificial intelligence bots posing as New Zealanders and created by the country's internet watchdog to protect it from "phishing" scams.

Chatbots that use distinct New Zealand slang such as "aye" have been deployed by Netsafe in a bid to engage scammers in protracted email exchanges that waste their time, gather intelligence and lure them away from actual victims.

Cyber crime costs New Zealanders around NZ$250m annually. Computer programmers at Netsafe spent more than a year designing the bots as part of their Re:scam initiative, which went live on Wednesday.

Within 24 hours 6,000 scam emails had been sent to the Re:scam email address and there were 1000 active conversations taking place between scammers and chatbots.

So far, the longest exchange between a scammer and a chatbot pretending to be a New Zealander was 20 emails long.

The bots use humour, grammatical errors and local slang to make their "personas" believable, said Netsafe CEO Martin Cocker. As the programme engages in more fake conversations with scammers overseas, its vocabulary, intelligence and personality traits will grow.

Cocker says if the scammers aren't astute or paying attention, the exchanges could go on for a "very very long time".

"We are really concerned about the growth of predatory email phishing, while victims remain essentially powerless," said Cocker.

"Everyone is susceptible to online phishing schemes and no matter how tech savvy you are, scammers are becoming increasingly sophisticated. Re:scam will adapt as the scammers adapt their techniques, collecting data that will help us to keep up and protect more people across New Zealand."

Cocker said Netsafe had designed a bot that was as convincing and long-winded as possible, asking scammers a seemingly never-ending series of benign questions.

"Dear Illuminati, what a wonderful surprise," wrote a Re:scam chatbot responding to a scammer offering $5m.

"I'd love to join your secret club. Do you do a bingo night?"

"There is not bingo night," replied the scammer.

"Please complete attached form with bank details for your recieve full payments of 5 million."

"Terrific!" replied the Re:scam chatbot.

"But to avoid detection I am going to send my bank details through one number at a time. Ready? 4..."

"That is not nessasary," replied the scammer.

"7" said the bot.

Cocker says the bot works particularly well because New Zealand isn't targeted by any home-grown scammers - only those targeting the country from overseas.

"The bot does a pretty good job of impersonating how many New Zealanders would engage with scammers, it is fairly well-developed in terms of its phrasing and language and approach, so it is quite realistic," said Cocker.

Netsafe website : www.netsafe.org.nz/

-----------------------
EMAIL SCAMMERS TARGETED BY NEW BOT THAT INUNDATES THEM WITH ENDLESS ANNOYING QUESTIONS
(The Independent, dated 9th November 2017 author Aatif Sulleyman)

Full article [Option 1]:

www.independent.co.uk/life-style/gadgets-and-tech/news/re-scam-bot-email-scammers-questions-fraudsters-a8046731.html

An artificially intelligent bot that inundates email scammers with a never-ending stream of questions has been created.

Re:scam is designed to waste the time of the people behind email scams, and annoy them until they give up.

It's been developed by Netsafe, which says it's time regular web users "fought back".

At the time of writing, Re:scam has sent over 16,000 emails to scammers which, according to Netsafe's calculations, have collectively wasted more than 25 days of scammers' time.

"I adopt one of my many personalities to continue the conversations of any would-be victim," the bot, which also describes itself as "super-interested" and "a bit naive", says.

"I waste their time with a never-ending series of questions and anecdotes so that they have less time to pursue real people. Just like you, I mqke typos, and jokes that no one appreciates.

"They won't know when they're scamming, or getting scammed out of their own time. It's bad for business."

According to Netsafe, $12 billion is lost globally each year because of phishing scams.

The organisation is inviting anyone who thinks they've been targeted by a scam email to forward it to Re:scam, which will verify if it is a scam or not.

It will then use its own email address to target any scammers it manages to detect.

"Deleting a scam email protects you, but forwarding to me@rescam.org protects others," says Re:scam. "It's also kinda funny."

The chat bot "service", for bogus mail to : me@rescam.org

-----------------------

(1st December 2017)


WILL "OPEN BANKING" BE AN OPEN DOOR TO FRAUDSTERS ?
(Mail on Sunday / This is Money, dated 12th November 2017 author Laura Shannon)

Full article [Option 1]:

www.thisismoney.co.uk/money/meandmymoney/article-5072953/Fears-freeing-data-help-conmen.html

A new era of banking will be ushered in from January next year - and security experts say it could put people at greater risk of scams and identity theft.

Under new 'open banking' rules, Britain's biggest banks will be forced to share customer data with companies that demand it.

Providers of other 'payment accounts', such as credit cards and some savings accounts, will have to do the same under separate European Union legislation.

This is part of the Second Payment Services Directive, PSD2.

Some banks have already sent letters to customers warning that 'third parties' can access their personal data from January, and that account terms and conditions are being changed to reflect this.

Third parties could include price comparison websites, start-ups specialising in financial technology or rival banks.

Data can only be shared with a customer's explicit consent, which they might give if slick new online companies offer to help them budget and save more effectively.They can be reassured as the data will only be shared with third parties governed by regulator the Financial Conduct Authority.

But as the walls around banking are torn down, customers will need to put their guard up.

Security experts say cyber-criminals will seek fresh opportunities under open banking.

Hackers will turn their attention to smaller firms managing sensitive information and which have less robust security than banks. And new internet scams will surface at a time when data loss, theft and misuse is rife.

Stuart Poole-Robb, chief executive of internet security company KCS Group and a former MI6 intelligence officer, says: 'Because open banking means more data shared, this problem is going to get worse.

'It creates more points of failure. Either the bank is hacked and your data is compromised - or you approve it being passed to a new start-up, which is hacked and your data is compromised.'

Companies will be held accountable if data is lost or misused and banks have to pay refunds if customers dispute a payment. The technology behind open banking - Application Programming Interfaces (APIs) - is considered secure and makes data sharing possible. But no business is immune to hacking or scams.

Poole-Robb says: 'Banks and financial technology firms cannot protect you against something they do not know about.

'It is all very well having firewalls and encryption against known threats, but all organisations are susceptible to social engineering and unwittingly giving attackers footholds.'

If scammers use stolen data to dupe victims into handing over further sensitive information, those people are unlikely to get their money back. Individuals are also responsible for checking a website or app is legitimate. If it is a scam website, they lose protection from regulators. If it is genuine, customers have right to redress.

Customers also retain control over what information is shared, if any. Some might only agree to a third party accessing data as a one-off. Whatever they decide, banks will have to double-check with customers first.

Providers have strong incentives to look after data, beyond protecting their brand reputation, as data protection laws become stricter from May next year.

They could be forced to pay penalties of up to €20 million (£18 million) - or 4 per cent of turnover for any sloppy practices that breach rules.

Online payments will also be subject to more rigorous checks under EU law, but these guidelines will not appear until later next year.

SCAMS TO WATCH OUT FOR

Phishing

Consumers will need to be vigilant about a new wave of 'phishing' fraud. This is where cyber-crooks use confidence tricks to reel in people's account passwords.

For example, they might imitate a high street bank in an email and suggest there are security concerns with a customer's account.

Victims are persuaded to click on a link and verify their identity by entering account log-in details.

Criminals can use those details to access a person's account and drain it of funds.

Banks will not refund customers who are thought to have been careless with passwords.

Nor will they help if a victim has been tricked into authorising a payment to a fraudster believing it to be the account of a genuine person or business.

New figures show this type of scam has cost more than 19,000 people £100 million in the first six months of 2017 alone. Tony Neate, of GetSafeOnline, a website offering advice and support to consumers, says: 'Security has been looked at seriously with regard to open banking but it is always a concern.

'This is something we are going to have to look out for because there are new opportunities for criminals to apply old tricks.

'Never give away your user name and password.'

Identity theft

Hackers stealing data could also sell it to fraudsters, who use it to steal a customer's identity.

Only a few details - such as name, address and date of birth - need to fall into the wrong hands to create a ripple effect of problems.

Fraudsters use the information to take out loans and credit cards in that person's name.

Victims then see unusual transactions on their accounts, receive bills for goods they did not buy and are refused financial deals such as credit cards and loans despite previously having a good credit rating.

Clearing up a trail of problems caused by identity theft is not an easy task and can cause administrative headaches for years.

KNOW THE SIGNS OF FRAUD


A campaign called 'Take Five' encourages the public to be vigilant about scams. It is run by Financial Fraud Action UK - which represents banks and financial companies.

Criminals play on fear and create a sense of urgency in their stories to make victims act without thinking.

Typically, they claim customers' money is at risk and advise quick action is needed to safeguard funds.

The campaign reminds people to always take a step back and think about what is being asked of them. Actions such as clicking on a link, requests to move money to a 'safe account' and demands for personal information should all sound alarm bells.

Find out more at takefive-stopfraud.org.uk. You can also learn more about a wide range of scams at getsafeonline.org and actionfraud.police.uk.

WHAT IS HAPPENING?


Open banking and the Second Payment Services Directive are the twin laws bringing change.

Banks and building societies will have to share data with third parties - if customers give permission.

Consumers might choose to share their current account history if it means saving money or budgeting more effectively. The nine largest current account providers ordered to take part in open banking are: Allied Irish Bank Group, Bank of Ireland, Barclays, Danske, HSBC, Lloyds Banking Group, Nationwide Building Society, RBS and Santander.

Comparison websites like MoneySuperMarket and GoCompare are likely to be the ones asking for access to data, as well as small start-ups specialising in financial technology.

For example Yolt, owned by ING Bank, is a money management app giving customers a view of all their accounts and credit cards in one place. It has just added digital challenger Starling Bank - a mobile-only current account provider - to its list of partners.

HSBC and its subsidiary online bank First Direct are already testing out new apps that give customers a broad view of all accounts - even from rivals.

WHAT WILL IT LOOK LIKE?


Customers can see multiple accounts in one place using just one phone app.

Within that same app customers might be able to compare deals across the whole of the market based on their personal history of income and spending.

Customers could then switch products and transfer money while borrowers should quickly find providers prepared to lend to them.

Imran Gulamhuseinwala, of the Open Banking Implementation Entity, in charge of delivering the initiative, says: 'Open Banking has potential to change retail banking forever. We will for the first time put customers in control of their data, privacy and finances.'

Debit and credit cards could also be made redundant in online shopping as part of law changes which let shoppers pay a retailer directly from their bank account.

Tech savvy customers are likely to be winners from the reforms - while the digitally shy face having to adapt or risk being left behind. Losers might also be those excluded from the best deals if the technology assesses them to be an unprofitable bet.

WHY IS REFORM NECESSARY?


Drastic action is needed to challenge the complacency of banks.

That was the conclusion of a report published last year by regulator the Competition and Markets Authority.

Few current accounts are switched - less than 2 per cent a year. Such apathy means many customers get a poor deal.

Overdraft users could benefit most from easier switching - saving £180 a year each if nudged towards cheaper accounts.

HOW TO SURVIVE CHANGE

- Do nothing if 'open banking' worries you. David Firth, of credit reference agency Callcredit, says: 'No one can be forced to use open banking. You will need to opt in.' Companies will require permission to access your data.

- Consider switching before the reforms take hold. Comparison website GoCompare's 'midata' tool can already find you a better account based on account history.

- Check out challenger banks such as M&S Bank, Metro, Virgin Money, Tesco Bank and Handelsbanken or new online providers Atom, Starling and Monzo.

- Use the free automatic Current Account Switch Service, which safeguards the process.

- Be scam-aware. Never surrender log-in and password details. Find extra guidance from getsafeonline.org or takefive-stopfraud.org.uk.

- Report any concerns about data misuse to watchdog the Information Commissioner's Office at ico.org.uk.

- Make sure companies are regulated by checking the register fca.org.uk

(1st December 2017)


EMPLOYMENT FRAUD ALERT
(Action Fraud, dated 13th November 2017)
www.actionfraud.police.uk

The National Fraud Intelligence Bureau (NFIB) has identified a number of reports where job seekers are being targeted by fraudsters trying to obtain personal and banking details from them, or requesting money to secure accommodation.

Individuals registering with job seeking websites or searching for jobs on The Student Room website are being contacted by bogus recruitment companies/businesses asking them to complete application and interview forms which request personal details and banking details, as well as copies of identity documents.

In some instances the applicant is invited along for interview, either in person or over the phone, to make the process look as legitimate as possible. This is impacting on students and graduates looking for work both in the UK and overseas. Some job seekers, as well as divulging personal details, have paid money to the fraudsters in order to secure a bogus rental property alongside the job offer.

How to protect yourself:

- Check emails and documents from the recruiter for poor spelling and grammar - this is often a sign that fraudsters are at work.

- If visa fees are mentioned, ask the embassy representing the country where you believe you will be working how to obtain a visa and how much it costs. Check that the answers the potential employer or recruiter gave you are the same - if they're not, it may be a sign of fraud.

- Carry out thorough research to confirm that the organisation offering you the job actually exists. If it does exist, contact the organisation directly using contact details obtained through your own research or their website to confirm the job offer is genuine.

What to do if you're a victim:

- If you think your bank details have been compromised or if you believe you have been defrauded contact your bank immediately.

- Stop all communication with the 'agency' but make a note of their details and report it to Action Fraud.

- Warn the operators of the job website you used that their site is being used by fraudsters.

- If you have been affected by this, or any other type of fraud, report it to Action Fraud by visiting www.actionfraud.police.uk or by calling 0300 123 2040.

(1st December 2017)


FRAUDSTERS ARE PRETENDING TO HAVE WON THE LOTTERY IN A SCAM WHICH HAS COST SOME VICTIMS UP TO £5,000
(Mirror, dated 13th November 2017 author Dave Burke)

Full article [Option 1]:

www.mirror.co.uk/news/uk-news/fraudsters-pretending-won-lottery-scam-11514046

Scammers claiming to be illegal immigrants with winning lottery tickets have conned elderly victims out of thousands of pounds in an alarming plot.

Criminals have repeatedly preyed on elderly people by convincing them to hand over cash and jewellery after asking for their help, detectives revealed.

Some have lost up to £5,000 after being targeted, and police have appealed for people to be on the lookout for the heartless scam.

The conmen approach their victims pretending to have won huge sums on the National Lottery, but claim they cannot claim their prize because they are not in the UK legally.

The fraudsters ask victims to claim the prize money on their behalf, in exchange for a share of the spoils.

In some cases, an accomplice pretends to be interested, in order to convince the victim that it is genuine.

Victims are persuaded to hand over valuables as 'insurance' - only to learn that the lottery wins are complete fiction.

Officers from Hertfordshire, where at least five cases have been reported, are investigating.

A force spokeswoman told Mirror Online that victims are approached face-to-face.

She said detectives in neighbouring Bedfordshire have been made aware of the trick, but it is not known if it has been attempted elsewhere in the country.

Detective Constable Kirsty Rusbridge said: "This is the first time we have seen this method being used in Hertfordshire and we want to get the message out to people to help prevent them from falling prey to these callous fraudsters.

"It has been reported that the offender often has an accomplice who poses as a member of the public, keen to take up the offer.

"If you are approached in similar circumstances, please don't hand over any cash or belongings and contact police straight away."

"Please also share this advice with neighbours, friends and relatives so we can spread the word as far as possible."

(1st December 2017)


SCAM VICTIMS WHO "FAIL TO TAKE REASONABLE CARE" WILL NOT GET A PENNY IN COMPENSATION
(The Telegraph, dated 8th November 2017 author Katie Morley)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/11/08/scam-victims-fail-take-reasonable-care-will-not-get-penny-ofcompensation/

Scam victims who fail to take "reasonable care" to protect themselves against criminals will not get their money back under a formal compensation scheme being designed by watchdogs.

From next year, an anti-fraud revolution will see consumers who have been conned into transferring money to fraudsters reimbursed by their bank - but only if they can prove that they did not act recklessly.

Victims who have lost life-changing amounts could be denied a single penny of compensation if they did not conduct "common sense" checks, such as spotting bogus email addresses or account details and names that do not correspond.

The plans are being drawn up by the Payment Systems Regulator (PSR) to curb a growing fraud epidemic in which criminals posing as legitimate organisations are extracting £200million from 40,000 victims every year.

Consumer groups said bank customers who fall for scams should not be blamed and called for banks to take the responsibility.

The fraud usually involves email interception or some form of trickery, whereby the victim unknowingly sends money to a criminal's account, meaning they are often unaware of the scam until it is too late.

Gareth Shaw, the Which? Money Expert, said: "These scams have become so complex and believable that many consumers couldn't be expected to spot them. Banks should consider introducing additional checks - such as delayed payments or third party signatures - with extra focus on protecting vulnerable customers."

James Daley, director at Fairer Finance, a consumer group, said: "The test should be how far did the bank go to stop the scam, not how far did the consumer go.

"It is perfectly possible for banks to install enough checks to fully put an end to this and the test should be how far have they gone - not how far have consumers gone. Losing their life savings is far too high a penalty for customers who have been negligent and this should not happen."

At present, just one in four victims are reimbursed, but this figure is set to rise considerably. The action follows a "super-complaint" by Which? over concerns people were being conned out of huge sums of money with no hope of compensation.

The PSR said it was considering changing the law to allow criminal funds frozen in bank accounts to be used to compensate victims.

The Telegraph has previously called for regulators to act to stop consumers being tricked as we have heard from dozens of consumers swindled by tricksters posing as solicitors, investment professionals, government departments and salesmen.

In one shocking case, a woman lost £130,000 in a sophisticated solicitor scam and reported it to First Direct, her bank, only to be told the fraud team had finished for the night.


Bank transfer fraud - How you can be targeted


Consumers have to be on guard every time they are asked to make a bank transfer as fraudsters grow evermore sophisticated and target their victims in a number of ways.

Conveyancing fraud:

Property buyers and sellers are at risk of losing life-changing sums should they become victims of "conveyancing fraud".

Criminals are able to hack into online systems and intercept emails between clients and solicitors just before completion.

They replace the details of the account where the payment is due with their own so the unsuspecting victims often pay hundreds of thousands of pounds into the fraudster's account. In the numerous cases reported by Telegraph Money this money is never reimbursed.

Rental fraud:

Potential tenants are tricked into transferring an upfront fee by bank transfer to a fake landlord or rental firm ahead of a property viewing. The fraudster then disappears.

Overpayment fraud:

Landlords have also been targeted by fraudsters. One bed and breakfast owner was sent a bank draft by a "customer" which amounted to more than the cost of the room. She transferred the excess £1,400 back to the fraudster. She later discovered the bank draft was fraudulent. Her bank refused to reimburse her.

Online marketplace fraud:

Countless readers have reported paying fake sellers on eBay, Gumtree, Amazon for items that fail to arrive.

Some of the largest losses are related to vehicle purchases where the fraudster asks for an upfront payment by bank transfer and promises to deliver the car on an agreed day. Victims only realise the ruse when the car does not show up and the seller disappears.

Those who buy vehicles on eBay are not eligible for its Money Back Guarantee which applies to most items paid for through the platform using PayPal. Motors should be viewed in person before the money is handed over directly to the seller.

Telegraph Money readers have also reported similar scams on Airbnb, the accommodation booking site. Fraudsters posing as hosts trick users into making bank transfers outside of the site for properties that don't exist.

Airbnb said hosts and guests are protected by making payments through its site.

BANK TRANSFER FRAUD - THE NUMBERS January - June 2017 (Source : UK Finance)

n = Personal (n) = non-personal

Total Cases : 17,064 (2,306)
Total Victims : 16,993 (2,244)
Total Lost : £51.7m (£49.5m)
Total returned to victim : £9.8m (£15.4m)

(1st December 2017)


DON'T FALL FOR THIS WHATSAPP SCAM POSING AS FREE £250 VOUCHERS FOR ASDA AND TESCO
(International Business Times, dated 6th November 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/dont-fall-this-whatsapp-scam-posing-free-250-vouchers-asda-tesco-1646110

Dozens of social media users have spoken out in frustration after receiving scam messages on WhatsApp and Facebook that claim to offer free £250 vouchers for UK supermarkets.

In every instance, a suspicious link will lead victims to an external website asking for the recipient's personal details. If entered, the information would be sent to the digital fraudsters. To date, it has been spotted posing as retailers including Asda, Tesco and Marks & Spencer.

Based on numerous screenshots posted by those who have received the scam messages, there are a number of variations currently in circulation.

Some are text-based and others are disguised as a customer survey. One asks the victim to share the text with 20 friends to claim the non-existent money.

Experts advise that recipients delete the texts.

"Hello, Asda is giving away £250 free voucher to celebrate 68th anniversary, go here to get it. Enjoy and thanks me later!" one version reads, alongside a link to the phishing website.

UK internet watchdog Action Fraud confirmed Asda was not the only retailer to be used as a lure.

"WhatsApp supermarket voucher scams are back! So far we've seen M&S, Tesco & Asda variations! Don't click the link or forward to friends," it tweeted Monday (6 November).

Meanwhile, social media was buzzing with complaints about the messages.

"Getting lots of scam messages about Asda/Tesco vouchers through different contacts on #whatsapp - just a warning! #ScamAlert" tweeted Leah Smith. "The Asda scam on WhatsApp is doing my head in ... please stop," vented another Twitter user called Samantha Cutts.

Responding to one direct complaint on Twitter, the Asda service team wrote: "Unfortunately this was not sent by ourselves and I would advise you to ignore and delete this message."

It's not the first time Action Fraud has spotted such a scam. In October last year a similar scheme was in circulation, posing as WhatsApp links to voucher deals for Sainsbury's and Topshop.

"Once you click on the malicious link fraudsters also collect personal information from your device by installing cookies on your phone that track you, or add browser extensions that can be used to show you advertisements," it wrote in a blog post at the time.

To report a fraud and cybercrime and receive a police crime reference number, call Action Fraud on 0300 123 2040 or use its online fraud reporting tool.

(1st December 2017)


OCTOBER 2017


IF YOU RECEIVE THIS "SPEEDING TICKET" BY EMAIL DO NOT OPEN IT
(Metro, dated 28th October 2017 author Tanveer Mann)

Full article [Option 1]:

http://metro.co.uk/2017/10/28/if-you-receive-this-speeding-ticket-by-email-do-not-open-it-7035368/

If you receive an email that looks like it's a speeding ticket from police, do not open it.

It's a scam and could cause you to lose a lot of money.

The bogus email is circulating to motorists in an attempt to extort money from them by claiming they were caught speeding.

The letter, titled Notice of Intended Prosecution and featuring a gov.uk logo, reads: 'In accordance with Section One of the Road Traffic Offenders Act 1988 we hereby inform you that it is intended to take proceedings against the driver of motor vehicle.

Greater Manchester Police has now warned people to be aware of the speeding scam and urged people not to open the email as it is clearly a fake email.

Police in Bedfordshire, Hertfordshire and Cambridgeshire have also advised motorists to be alert to the scam and how to spot the signs.

A spokesman for Hertfordshire Constabulary said: 'A legitimate Notice of Intended Prosecution would never display the GOV.UK logo.

'The Road Traffic Act 1988 states that the notice must be served 14 days after the alleged offence in the form of a physical letter sent via first class post.

A NIP sent from Bedfordshire Police, Cambridgeshire Constabulary or Hertfordshire Constabulary would always display the CTC unit's logo and contact details.'

(1st November 2017)


THIRD OF CHARITY FRAUD INVOLVED VOLUNTEERSOR STAFF, REPORT CLAIMS
(BBC News, dated 27th October)

Full article [Option 1]:

www.bbc.co.uk/news/uk-41772294

A third of charity fraud cases in England and Wales are suspected to involve staff, trustees or volunteers, the charity watchdog has claimed.

The Charity Commission report said organisations should stay alert to "insider fraud", and make sure that "mutual trust" is not abused.

The commission said crimes committed could be opportunistic or due to a lack of charity oversight.

The organisation also issued an appeal on insider fraud incidents.

The statistics relate to instances of fraud between April 2015 and March 2016.

Director of investigations Michelle Russell said charities were trusting as they were "committed to making a difference in society".

But she added: "Unfortunately, for a range of reasons, that mutual trust can be abused. The reality is insider fraud does happen in charities.

"Ultimately, whether it happens in a small charity with no employees or a multi-million pound household name, fraud diverts money away from those the charity is helping and who need it."

The warning to charitable organisations comes as the boss of a defunct Welsh charity was jailed for five years for embezzling £1.3m to fund his lavish lifestyle.

Robert Davies, 50, who worked for Swansea-based Cyrenians Cymru admitted fraud by abuse of position and was sentenced at Cardiff Crown Court in July.

He spent £100,000 on boats, £26,000 on airfares and £80,000 staying at The Savoy Hotel in London.

The charity, which tackled homelessness in Swansea, south west Wales, collapsed in 2015.

Mr Davies's offences were committed between 2008 and 2014.

The Charity Commission has urged donors to be vigilant and watch out for sudden lifestyle changes in its volunteers and staff.

It added that strange behaviour or unexplained cash withdrawals could be a sign of insider fraud.

Ms Russell added: "Our aim is to help charities increase their own resilience to this kind of abuse and protect donors' valued funds as well as protect public trust and confidence in charities."

(1st November 2017)


NEW GIVING SAFELY GUIDANCE ON DONATING TO UK CHARITIES
(Fraud Advisory Panel notification, dated 26th October 2017)

Charities do vital work. They need our donations. But charities and their supporters are also targets for criminals. Fraudsters eagerly exploit our trust and compassion to steal donations and undermine the important work that charities do.

As part of National Charity Fraud Awareness Week the Fraud Advisory Panel has joined forces with police, regulators and other stakeholders to issue simple fraud prevention advice for anyone wanting to donate on the doorstep, on the street or online, helping donors make sure their money really does reach those who need it.

David Kirk, Chairman of the Fraud Advisory Panel said: "The vast majority of fundraising activities are legitimate but fraudsters are expert at hijacking our kindness and diverting our charitable donations into their pockets. Cruelly, they are especially active during a crisis or tragedy. But making sure our donations really do reach the causes we care about is easier than most people realise. For example:

- Ignore unsolicited emails, texts or social media messages/posts from charities you've never heard of or have no association with.

- Protect your personal information - never reveal passwords or PINs.

- Watch out for tell-tale signs like spelling or grammar mistakes in the literature, photocopied IDs and unsealed collection buckets.

- Don't feel under pressure - take your time to make a considered, informed decision."

The Fraud Advisory Panel, Get Safe Online and GoFundMe have also simultaneously released five tips for donating safely through crowdfunding sites.

Kirk explains that it is vital we don't simply stop giving: "Charities need our support more than ever in these difficult times. But we can all keep donating and make life a lot harder for the charity fraudster by taking the straightforward precautions listed in this new guide."

Fraud advisory panel website : www.fraudadvisorypanel.org

(1st November 2017)


MILLENIAL CYBER CRIME VICTIMS LOSING £612 EACH AS THEY FALL FOR "FAMILY AND FRIENDS" FRAUD
(The Telegraph, dated 23rd October 2017 author Katie Morley)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/10/23/millennial-cyber-crime-victims-losing-612-fall-family-friends/

Young people are losing three times as much money to online scams as their parents' generation because they are more easily tricked by "family and friends" fraud, a study has found.

A survey of fraud victims by Get Safe Online found under 25s typically lose £613 per scam, compared to over 55s who hand over £214 on average.

This is because they are more likely to fall for so-called "phishing" scams where criminals hack into people's social media accounts and purport to be them to persuade their friends and family to transfer them money.

Scammers lure in victims by tricking them into believing that their loved ones are in dire financial trouble, or that they are seriously ill abroad and need money for treatment.

More than one in ten 18-24 year olds have fallen victim to phishing scams, compared to just one in 20 55+ year olds, according to Get Safe Online.

Older victims were more likely to fall for scams in which criminals pretend to be household name companies, it found.

Overall, half of all Brits have been targeted, with eight per cent of the UK population falling victim to the cybercriminals, but Millennials are now more likely than pensioners to be targeted by fraudsters for the first time.

In August analysis of millions of credit files by credit checking firm, Experian, found people in their mid to late 20s had overtaken over 60s as the most likely age group to fall victim to fraud.

It comes after many years of elderly people being the biggest target. Tony Neate, CEO of Get Safe Online; "Younger people have grown up with smart phones and tablets as well as social media which means they are always online in some way or another.

Naturally, that means there are much more opportunities for scammers to target them.

"Secondly, young people are so comfortable with technology and using new devices or platforms. On the one hand this is great, the UK needs a digitally savvy population but on the other hand, it can make younger people more complacent to risk - they just don't believe that they could be caught out by a cyber crime. The assumption is that it's only older people are the only victims of online scams.

"Lastly, there is also an outdated idea that a scam email isn't targeted or sophisticated. For example, the ones that come from rich kings who have been forced into hiding and want to use our bank accounts to hide their millions in, with a handsome fee offered as a thank you. Although these types of emails are still doing the rounds, cyber criminals have become way more sophisticated in their approach."

(1st November 2017)


SIX FAKE HMRC MESSAGES THAT ARE CATCHING PEOPLE OUT
(The Telegraph, dated 18th October 2017 author Sophie Christie)

Full article [Option 1]:

www.telegraph.co.uk/tax/income-tax/pictures-six-fake-hmrc-messages-catching-people/

Note : The orignal article contains photographic examples of scams emails and nine email addresses to avoid.

HM Revenue & Customs has published example images of fake emails and text messages on its website in the hope that it will show people how convincing bogus messages can be.

While various fraud prevention bodies have published a plethora of images of fake messages claiming to be from the taxman, it is thought to the first time HMRC has published its own illustrations.

As well as showing some of the fake tax rebate messages people have reported receiving, HMRC publicised a number of convincing email addresses commonly used to distribute scam emails, including refunds@hmrc.gov.uk and rebate@hmrc.gov.uk.

HMRC said: "We'll never send notifications of a tax rebate or refund by email, or ask you to disclose personal or payment information by email. Don't visit the website within the email or disclose any personal or payment information."


'Phishing' emails

This is an example of an HMRC related "phishing" email scam and associated phishing website designed to trick people into handing over their card details or other financial information.

Phishing refers to emails sent out that contain either links or attachments that take you to a website that looks like your bank's, or installs malware on your computer system. A report by Verizon into data breach investigations has shown that nearly one in four (23pc) people open phishing emails.

HMRC said it has also been alerted to a phishing campaign advising customers they need to "download a PDF attachment" in order to receive a tax refund. This attachment contains a link to a phishing site requesting personal or financial information, and recipients should neither respond to the email or download the attachment.


Text messages

While the taxman may occasionally issue text messages, it will never request personal or financial information.

"If you receive a text message claiming to be from HMRC offering a 'tax refund' in exchange for personal or financial details you should not respond, and don't open any links contained within the message," it said.

Social media scams

Scams are no longer confined to text messages and emails, with social media platforms an increasingly popular way for criminals trying to fool people into handing over valuable information.

On Twitter, for example, crooks have been known to send direct messages to unsuspecting users offering a tax refund, even though HMRC would never offer a tax rebate or request information via a social media channel.

Export clearance process emails


Emails which claim that goods have been withheld by customs and require a payment before release are known as "419 scams".

They typically ask recipients to provide their personal and financial information, or to make an upfront payment, in exchange for fictitious items, including prize money, seized goods or packages, and inheritance payments.

In addition to scam emails, texts and social media messages, HMRC warned of bogus callers that leave recorded messages claiming to be from HMRC.

These callers may encourage victims to provide bank account or personal information in exchange for "tax advice" or a pretend refund, or they may say that HMRC is filing a lawsuit against them and that they must make immediate payment or police will be sent to their home.

Elderly and vulnerable people are most likely to be victims of this specific scam, HMRC said.

(1st November 2017)


FRAUDSTERS CLAIMING TO BE FROM HMRC
(Action Fraud, originally June 2017)

- Fraudsters are contacting the elderly and vulnerable claiming to be from HM Revenue & Customs.

- Victims are being told they have arrest warrants, outstanding debts or unpaid taxes in their name.

- The fraudsters are asking victims to purchase iTunes gift cards as payment.

- There are a variety of methods being used including calls, texts and voicemails.

Action Fraud is warning people once again of scammers contacting victims claiming to be from HM Revenue & Customs (HMRC) that trick people into paying bogus debts and taxes using iTunes gift cards.

Victims are being contacted in a variety of methods by fraudsters claiming to be from HMRC and are being told they owe an outstanding debt. In most cases they ask for payment in iTunes gift card voucher codes.
Fraudsters like iTunes gift cards to collect money from victims because they can be easily redeemed and easily sold on. The scammers don't need the physical card to redeem the value and instead get victims to read out the serial code on the back over the phone.

Methods fraudsters use:


- Spoofed calls: Fraudsters cold call victims using a spoofed number and convince them that they owe unpaid tax to HMRC.

- Voicemails: Fraudsters leave victims automated voicemails saying that they owe HMRC unpaid taxes. When victims call back on the number provided, they are told that there is a warrant out in their name and if they don't pay, the police will arrest them

- Text messages: They may also use text messages that ask victims to urgently call back on the number provided. When victims call back, they are told that there is a case being built against them for an outstanding debt and they must pay immediately.

One 87 year old victim recently told the BBC he was phoned by fraudsters who claimed to be from HMRC stating there was an arrest warrant out in his name. They told him it would be cancelled if he bought £500 in iTunes gift cards at Tesco.

The man bought the cards and gave them the serial numbers. But when they asked for a further £1,300 in vouchers, he became suspicious and hung up.

How to protect yourself:

- HMRC will never use texts to tell you about a tax rebate or penalty or ever ask for payment in this way.

- Telephone numbers and text messages can easily be spoofed. You should never trust the number you see on your telephones display.

- If you receive a suspicious cold call, end it immediately.

(1st November 2017)


WE LOST £120k IN AN EMAIL SCAM BUT THE BANKS WON'T HELP IT BACK
(The Guardian, dated 21st October 2017 author Miles Brignall)

Full article [Option 1]:

www.theguardian.com/money/2017/oct/21/couple-lose-120000-email-hacking-fraud-legal-sector

It is the worst case of email intercept fraud that Money has ever featured. An Essex couple have lost £120,000 after sending the money to what they thought was their solicitor's bank account, but which instead went to an account in Kent that was systematically emptied of £20,000 in cash every day for the next six days.

Peter and Alice Scott (not their real names), who live near Chelmsford, say they are "simply staggered" at the lack of response by the banks and the police after they unwittingly became the latest victims of email hacking fraudsters who have been targeting solicitors across the UK.

The couple's story will serve as a warning to anyone about to send a large sum of money to a solicitor. It also exposes systemic flaws in the banking system that make it easy for fraudsters to operate unchecked and banks' indifference to customers who have lost life-changing sums of money.

The extraordinary story started in late August when Peter telephoned his family's long-used firm of solicitors, Steed & Steed, based in Braintree, Essex. He rang because he was due to pay his grandmother's inheritance tax bill to HM Revenue & Customs and needed the law firm's bank details. Later that morning, an email duly arrived with the firm's account and sort code detailed in a Word file attachment. This was the first contact he had had with anyone at the law firm, he says.

Three days later, Peter went to the Braintree branch of Lloyds bank where he instructed staff to make a Chaps electronic payment for £120,000 to Steed & Steed, handing over the account details he had been sent in the email and his debit card. Eight hours later he received a text message from Lloyds to say the funds had been transferred to the receiving account.

"When I got home I emailed Steed & Steed to confirm I had made the payment and later received a reply from it confirming the funds had been received. A week later my wife asked me why we had not yet received a receipt from the solicitor so I called the firm and, to my shock, I was told it had not received the funds. At first I thought it was an error and went straight to the Lloyds branch," he says.

Within a few hours the true horror of what had happened emerged. The email from Steed & Steed had been hacked and what Peter had been sent was the fraudster's account details, to which he had sent the £120,000.

Through his contacts he was able to establish that the account the money had been sent to was a NatWest business account in the name of Graceak Ltd. He was also able to establish that all of his £120,000 had gone from that account, as £20,000 had been withdrawn over six days. The company has since been dissolved, according to Companies House.

"The Lloyds bank manager called the fraud team and later apologised for what had happened," Peter says. "I felt it was a bit of an 'Oh well, I'm really sorry, but there's nothing we can do'. He advised me to call Action Fraud and the police. I left the branch feeling physically sick."

Since then he says he has been staggered at the lack of interest in the theft of what is a considerable amount of money.

"We feel let down by everyone involved. We have heard nothing from the police or Action Fraud even though we have the name and address of the woman who ran the company account to which my money was paid. Action Fraud told me there was no guarantee that the police would even look at my case, and if they did it may take up to eight weeks to start their investigation. I could not believe my ears."

Peter says Lloyds, which took eight hours to make the payment, did not carry out any checks to ensure the name of the firm to which the payment was to be made matched the account numbers, even though staff would have been aware that fraud in this area is rife. Lloyds did not appear to notice that it was paying Steed & Steed £120,000 in a NatWest account in Kent. He says he has since learned that the Steed & Steed account was held at that very branch in Braintree. The bank has declined all liability and told the couple they must to go to the Financial Ombudsman Service (FOS). They have been forced to borrow the £120,000 to make the original HMRC payment.

When staff at FOS look at this case, which could take months, they are likely to examine Lloyds' liability to the couple. UK Payments, the body that oversees banking payments, pointed us to the regulations that govern this area. These state that a bank has to "have made clear to their customer how a Chaps payment will be processed" and that the bank "will make a payment solely on the basis of a unique identifier and will not execute it on the basis of the intended recipient's name".

Meanwhile, the security or otherwise of Steed & Steed's email system is also likely to be investigated. In December 2016, regulatory body the Solicitors Regulation Authority warned that email hacks of conveyancing transactions had become the most common cybercrime in the legal sector. Firms are duty bound to inform the SRA if a client's money is lost in this way.

Steed & Steed declined to tell Money what steps it had in place to prevent email fraud. It said it would be "inappropriate for us to provide any comment due to reasons of confidentiality and the fact that this matter is under police investigation".

Lloyds similarly said it would not be commenting while the FOS investigation is ongoing.

NatWest said it had tried to help recover the couple's funds but that none had remained when Lloyds advised it of this case.

Richard Emery, an independent bank security expert who has helped previous victims featured in Money, has offered to look at the case. Money will be passing on his details to the Scotts.

Banking flaw that puts consumers at risk

The Scotts' story is a timely reminder to never trust an email containing bank or other payment request details and to always phone the person you want to pay to check the information before you send a significant sum.

In recent years Money has featured many cases of email interception fraud and the sums lost have been eye-watering. In January, Howard Mollett lost £67,000 after hackers gained access to his solicitor's email account. As a result, he sent his house purchase deposit to an account used by fraudsters. Last year, a north London couple lost £25,000 after conmen intercepted emails between them and their builder. They thought they had sent him a deposit allowing him to buy materials. Instead, the money was lost.

In each case the fraudsters exploited a little-known but significant flaw in the banking system - the name on a bank account does not have to match an online or Chaps payment request.

A person can put Mickey Mouse in a transfer mandate and the money will be paid to the account with that sort code and account number, irrespective of whether the name matches or not. Campaigners have described this flaw as a "fraudster's dream". Despite the fact that bank fraud is out of control, the Financial Conduct Authority, which oversees banks, has shown little interest in forcing them to match payment requests to account names. Experts say such a move would halt most of these frauds overnight.

Over a year ago, the consumer body Which? lodged a "supercomplaint" with financial regulators demanding banks do more to protect customers tricked into transferring money. So far no concrete measurers have emerged and consumers' losses grow every week.

(1st November 2017)


MODELLING JOBS ADVANCED FEE FRAUD ALERT
(Action Fraud, dated 21st October 2017)

The National Fraud Intelligence Bureau (NFIB) and Action Fraud have recently noticed that Fraudsters have been setting up fake adverts on social media (including Facebook, Instagram and WhatsApp) and job browsing websites to dupe people into believing they are recruiting for prospective models.
Once victims show interest in the job, the fraudsters contact potential victims on the false promise of a modelling career and subsequently advise the victims to come in for a test shoot.

The fraud can then potentially be carried out in two ways;
Firstly, the fraudsters can pressurise the victims in sending an upfront fee to book a slot for the test shoot. Once they have received the upfront fee, the victim will never hear from the fraudsters again.

The second possible method is that the fraudsters will take the advance fee that the victim sends for a photo shoot and arrange a photo shoot with the victim. After the photo shoot, the fraudsters will contact the victim after a few days and convince them that their shoot was successful and offer them a job as a model. The victim will then be asked to sign a contract and pay another upfront fee, usually to secure the modelling contract.

Fraudsters are also creating fake adverts for supposed modelling opportunities for children which do not exist. Fraudsters will inform parents or guardians that a potential career in modelling awaits their child. This tactic convinces the parent or guardian to sign up their child and send an advance fee.

The suspects will also convince the victim that in order to become a model, they will need to have a portfolio. The fraudsters will recommend a number of packages and stress that if a package is not paid for in advance, the process of becoming a model cannot continue.

Over a two year period (September 2015 - August 2017), an average of 28 reports of advance fee modelling frauds have been received per month by the NFIB. In August 2017, 49 Action Fraud reports of this fraud type were received and may continue to rise. The total loss in August 2017 alone was over £71,000.

Tips for staying safe:

- Carry out your own research prior to paying any type of advance or upfront fee.

- Be wary if you are asked to pay for a portfolio, as many legitimate agencies will cover that cost.

- Don't give your bank account details or sensitive information to anyone without carrying out your own research on the relevant agency.

- If you have been affected by this, or any other type of fraud, report it to Action Fraud by visiting www.actionfraud.police.uk or by calling 0300 123 2040.

(1st November 2017)


HOW TEXT MESSAGE SCAMMERS POSE AS YOUR BANK TO RIP YOU OFF
(Which, dated 21st October 2017 author Faye Lipson)

Full article [Option 1]:

www.which.co.uk/news/2017/10/revealed-how-text-message-scammers-pose-as-your-bank-to-rip-you-off/

Fraudsters are able to send 'spoofed' bank texts with incredible ease, a Which? Money investigation has found - with many landing in previously legitimate message threads due to a quirk of smartphone technology.

Text spoofing scams - where fraudulent messages bear the name of a bank or other genuine business - are increasingly prominent. A spate of high-profile cases in recent years has seen bank customers tricked out of £1,000s.

The texts are particularly effective at duping customers because of the way smartphones group messages which claim to come from the same source.

So if you already have genuine texts from Barclays on your phone, and a fraudster sends a message using the short name 'Barclays,' your phone will include it under the legitimate ones, making it harder to spot the deception.

Victims of such scams are often devastated to learn they won't get their money back, as by providing their online banking information to the impostor, they are said to have authorised the payment. In May this year, Action Fraud warned about the latest round of text message scams duping people with credit cards.

We set out to infiltrate a message thread and prove how easy it is for fraudsters to abuse the technology.

Impersonating banks

Banks and credit card firms sometimes text you to let you know about new products or offers, or to check whether you've carried out a particular transaction.

To make sure these texts come from a company name rather than a number, organisations use text 'gateways', which allow them to send thousands or even millions of messages at a time using a computer, for less than a penny a text.

Most texts sent this way are legitimate, and the providers of those services do attempt to check use is lawful. Unfortunately, fraudsters are making good use of this technology, too.

How we managed to scam by text message

We teamed up with ethical hacker and Trading Standards 'scambassador' Scott McGready. Mr McGready has set up his own spoofing gateway, which he uses to educate the public about the risk of scams.

We wrote a message mimicking a typical fraudulent text: it claimed to be from a major bank, building society or card firm, stated that the recipient's account had been suspended and asked them to click on a link to unlock it.

The link we included was benign and led to a blank webpage - but in a real scam it could contain software that harms your phone, or lead you to a convincing mock-up of your bank's online login page, which tricks you into giving away your details.

The texts were sent in the names of more than a dozen financial firms and all of them arrived on our test phones, with some appearing in existing threads.

Independently of our work with an ethical hacker, we were also able to send a fraudulent text with the short name of a high street bank by using a number-spoofing website, which advertises itself as being a way to prank your friends. This also arrived in a legitimate message thread.

Many of these sites are freely available on the web.

Thousands lost from 'spoofed' bank messages

The true scale of the problem isn't known as none of the bodies involved in preventing this type of crime collect data specifically on text spoofing.

However, the Financial Ombudsman Service (FOS) has heard several complaints related to this in recent months, including the case of 'Mrs P,' who 'received a text message asking whether certain payments from her account were genuine. The text had been 'spoofed' to show it as coming from Santander.

'She called the number [contained within the text] as she did not recognise the payments given.' Mrs P was then duped into telling the fraudsters her passcode, which they used to access her accounts and transfer £18,000 to another bank.

Sadly for Mrs P, the FOS ruled that Santander need not refund her as it hadn't been responsible for the fraud.

The story closely mirrors that of one Which? member, who we have chosen not to name to protect her privacy. Earlier this year, she too received a text purporting to be a security check from her bank.

She rang the number within the message and was tricked into generating and handing over a one-time passcode which allowed fraudsters to ransack her account. In total £20,000 was taken and her request for the bank to refund it is now being considered by the FOS.

Can spoofing be stopped?

In February 2016 a new taskforce was announced to tackle fraud, encompassing the government, the police, and the legal and banking sectors. One of its main aims is tackling 'systematic vulnerabilities' and 'weak links' in processes, which fraudsters can exploit.

Eighteen months on, Which? wants to know what action it will urgently take to safeguard consumers from scams.

As it stands, banks say they can't prevent scammers using technology to impersonate them, as they don't control the gateways through which spoofed texts are sent - while Mobile UK (which represents mobile networks) says it's 'not possible to distinguish spoofed from genuine texts ex ante [before they're delivered].'

However, Scott McGready believes he's devised a possible solution, which verifies banking texts at the receiving end and would 'mark genuine messages as such and, more importantly in my opinion, mark spoof and fake messages as illegitimate - or just not display them at all.'

Whether this solution, or something like it, will eventually be adopted by the financial services industry, remains to be seen.

How to protect yourself from text message scams

- Never assume a text from a company is genuine. Even if it's in a previously legitimate thread, it could still be a scam.

- Don't click on any links or call any numbers contained within a text message - look up the organisation's details independently and contact it to verify the message.

- A genuine bank will never contact you asking for your Pin, full password, or to move money to a safe account.

- Avoid giving out your number on publicly available websites or social media profiles.

- Don't respond to or text 'STOP' to a message if you're not sure it's genuine; if it's a scam, doing so could confirm to the fraudster(s) that your line is 'live'.

- Spam and suspicious texts can be reported to your network by forwarding them to 7726 and to the regulator by filling in a form at ico.org.uk.

If you're conned out of money or tricked into giving away your personal details, contact your bank immediately and report it to Action Fraud at actionfraud.police.uk.

- If you're scammed, you may not get your money back - the rules on this are complex.

Visit which.co.uk/scam for more, and help us to force action on scams at which.co.uk/scamscampaign. You can also share your thoughts on whether the fight against fraud is happening fast enough.

(1st November 2017)


CONMAN POSING AS DEFENCE SECRETARY MICHAEL FALLON TRIED TO DUPE RICHARD BRANSON OUT OF £3.8m IN KIDNAP PLOT
(London Evening Standard, dated 18th October 2017 author Chris Baynes)

Full article [Option 1]:

www.standard.co.uk/news/crime/conman-posing-as-defence-secretary-michael-fallon-tried-to-dupe-richard-branson-out-of-38m-with-fake-a3661701.html

A conman posing as defence secretary Michael Fallon tried to dupe Sir Richard Branson out of $5 million (£3.8m) by faking a kidnapping, the Virgin boss has revealed.

The businessman said he spoke to a man who "sounded exactly like Sir Michael" who claimed a British diplomat was being held hostage by terrorists.

Writing on his blog, Sir Richard said his assistant received a message on what appeared to be official notepaper with a request to call the defence secretary.

The 67-year-old said: "He told me that British laws prevented the Government from paying out ransoms, which he normally completely concurred with. But he said on this occasion there was a particular, very sensitive, reason why they had to get this diplomat back.

"So they were extremely confidentially asking a syndicate of British businesspersons to step in.

"I was asked to contribute 5 million dollars of the ransom money, which he assured me the British Government would find a way of paying back."

Sir Richard said he was "sympathetic" to the request, but wanted to carry out checks.

After he rang Downing Street and asked to be put through to Sir Michael's office, he realised the truth.

He wrote: "His secretary assured me that Sir Michael hadn't spoken to me and that nobody had been kidnapped. It was clearly a scam. I told them what had happened and we passed the matter over to the police."

The tycoon also wrote of a similar incident where a fraudster impersonated him and was able to con $2 million (£1.5m) of money destined to help victims of Hurricane Irma in the British Virgin Islands.

He wrote: "They told me that they had received an email from somebody claiming they were my assistant, to arrange a call with me.

"When the call happened the conman did an extremely accurate impression of me and spun a big lie about urgently needing a loan while I was trying to mobilise aid in the BVI.

"They claimed I couldn't get hold of my bank in the UK because I didn't have any communications going to Europe and I'd only just managed to make a satellite call to the businessman in America. The business person, incredibly graciously, gave 2 million, which promptly disappeared."

He added: "People used to raid banks and trains for smaller amounts - it's frightening to think how easy it is becoming to pull off these crimes for larger amounts."

(1st November 2017)


SCAMMERS ARE CALLING BUSINESSES IN A WELSH TOWN PRETENDING TO BE BAILIFFS
(Wales Online, dated 20th October 2017 author Caitlin O'Sullivan)

Full article [Option 1]:

www.walesonline.co.uk/news/wales-news/scammers-calling-businesses-carmarthen-pretending-13790944

'Frighteningly convincing' scammers have been phoning Carmarthen businesses, pretending to be bailiffs.

Emma Lewis, of Emma Phillips Bridal Studio, was almost scammed for nearly £3,000 when the false bailiffs rang her business threatening court action.

She took to Facebook to try and warn others about the convincing scammers, in a post that has been shared over 320 times.

She posted: "He phoned to say there was a claim against us going back to 2014, and we owed nearly £3k to 'The Business Directory'.

"He said he was in Worcester Court and that if we didn't pay the money, High Court bailiffs would be at the shop within 72 hours.

"However if we paid into this "account" everything would be 'on hold' for a while."

She was in New York at the time with her husband Eurig, and after almost half an hour on the phone she was about to transfer the money when the fraudster began to slip up.

Emma said: "A few things didn't add up. He said we'd been emailed, and we hadn't, and he called me Emma Phillips and my name is Lewis.

"Eurig rang the court direct while I was on the phone; no sign of the claim against us, the reference he gave didn't match anything."

Other Carmarthen businesses have also been phoned by these scammers, including Bethaney's Hair Salon, which commented on the post: "We had a similar call from people a few months ago, just claiming to be HMRC for a fake debt of over £4k!

"They said bailiffs would be at our door within an hour if I didn't pay it.

"Luckily, the Police and HMRC were both phoned while I was talking to the guy on the other phone and it had turned out they'd done it to another salon in Llanelli the week before!"

Emma Phillips appealed for caution: "Please, please be careful. If it wasn't for Eurig checking, I'd have paid the money!"

In reality bailiffs do not operate in this way, as county court judgments can only be enforced by either the county court bailiffs, or a certificated enforcement agent working on behalf of a high court enforcement officer.

Certificated enforcement agents never ring up first. They send out an official notice called a notice of enforcement, usually by first class post. At this point they are allowed to charge £90.

They can only charge further fees by attending, so it is in their interest to attend, or they do not make much money.

A spokeswoman for Dyfed-Powys Police offered some advice: "This is a classic example of Vishing, or Voice Fishing.

"Voice phishing is the criminal practice of using social engineering over the telephone system to gain access to private personal and financial information from the public for the purpose of financial reward.

"Remember - transferring money directly to another person's account is similar to handing money over to someone on the street, banks can offer little protection if you authorise a transaction.

"Always treat calls that come out of the blue as suspicious, especially if the caller's request will involve you making a payment.

"If you are unsure of who you're talking to, take their name, hang up and call them back, but not on the number they provide.

"Call the office they state they have come from on a publicly available number, such as a switchboard, and ask to be put through. That way, you know who you are talking to.

"Never pay money on a card or by bank transfer without first getting paperwork.

"Ask yourself; 'Why are they ringing you when the bailiff is only 20 minutes away?' The attendance is how they make their money.

"If someone does turn up, then check their identification, and call the Police to verify it if necessary."

The scammers may give a warrant number and claim not to have a case number.

The warrant number can only be checked on the court's own system, and is not generally used.

County executive board member for public protection, Councillor Philip Hughes, said: "If people are unaware of any court hearings or pending court actions then any person purporting to represent the court whilst requesting money should be viewed with suspicion.

"The court service and any legitimate bailiff will make several attempts to contact you prior to any hearing or award.

"We would urge people to conduct their own checks. Phone the organisation up, but remember not to use the telephone number supplied by these individuals either verbally or on paper.

"An internet search should reveal their official website and contact details or they can contact the authority.

(1st November 2017)


RING 555 IF YOU ARE A VICTIM OF BANK FRAUD - NEW HOTLINE SUGGESTED TO TACKLE SCAMS
(The Telegraph, dated 19th October 2017 author Telegraph Reporters)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/10/19/ring-555-victim-bank-fraud-new-hotline-suggested-tackle-scams/

A new 555 emergency hotline may be set up for bank fraud victims under plans to tackle the growing number of crimes.

The emergency number specifically for bank fraud has been suggested in order to crack down on rising scams and alert banks to illegal money transfers.

The idea is reportedly being discussed by ministers, police and financial officials. Current advice states that victims should contact Action Fraud rather than 999 as police rarely investigate individual instances of bank fraud.

More than 900,000 cases of fraud were recorded in the first half of 2017 alone, equating to more than 5,000 a day.

The idea for a hotline was put forward at a meeting of the Joint Fraud Taskforce in September attended by Home Secretary Amber Rudd and senior staff from a number of UK banks.

Minutes published by the Home Office reveal that Brian Dilley, of Lloyds Banking Group, told the meeting about an "early stage idea" of having a single number - such as 555 - for the reporting of scams and fraud.

Currently victims of fraud are advised to call Action Fraud on 0300 123 2040. Details about how any hotline would operate are not clear as the suggestion is in its infancy.

The minutes say: "Brian Dilley (BD)... commented on the issue of communicating to customers who have been told not to trust unsolicited contact from their bank.

"BD outlined an early stage idea... for a central reporting telephone number e.g. 555 that victims of fraud/scams could contact.

"At its simplest the number could be a triaging facility directing victims to the appropriate agency and at its most ambitious it could sit in front of enhanced data sharing/analytics which would take in all reporting and provide standardised reporting and a collective intelligence picture across fraud and money laundering."

James Freedman, fraud ambassador for City of London Police, told the Daily Mail: "The problem is that people may liken the number to 999 and expect an emergency response. In reality fraud can take time to investigate.

"However, it is vital to encourage more people to report scams, even in instances where they have got their money back or not fallen for them at all, as this is the only way the body of information available to the police will grow."

A Home Office spokeswoman said: "Through the Joint Task Force we are in discussions with banks and UK Finance over a number of initiatives to enable the public to better protect themselves more effectively from fraud."

Cyber crime - most common UK online offences (Source : Office for National Statistics)

These are the ten most common cyber-crimes in the UK, with number of cases reported in the year to June 2016

1. Bank account fraud - 2,356,000

Criminals trick their way to get account details. For example: "Phishing" emails contain links or attachments that either take you to a website that looks like your bank's, or install malware on your system. A 2015 report by Verizon into data breach investigations has shown that 23pc of people open phishing emails.

2. Non-investment fraud - 1,028,000

AKA Ponzi schemes. Examples include penny stocks, pension liberation, and investment in commodities, such as wine or art, that later prove worthless

3. Computer virus - 1,340,000

Unauthorised software damages or takes control of your machine. For example: "Ransomware" encrypts your files and pictures then demands a payment to restore your access to it

4. Hacking - 681,000

Criminals exploit security weaknesses to illegally access other machines or networks. They steal sensitive data or subvert machines for their own purposes, such as sending spam or launching other cyber attacks

5. Advance fee fraud - 117,000

The victim is promised access to a great deal of money in return for a smaller upfront payment. For example, the classic "Nigerian Prince" email scam

6. Other fraud - 116,000

One example is "solicitor scams", where a solicitor's website is hacked, then clients asked to divert large payments into the criminals' bank accounts.

7. Harassment and stalking - 18,826

Threats, abuse and online bullying - what's commonly been termed "trolling" on social media

8. Obscene publications - 6,292

Pornography that meets the definition of the Obscene Publications Act, thus generally involving some form of physical abuse

9. Child sexual offences - 4,184

Assault, grooming, indecent communication, coercing a child to witness a sex act. These crimes may be being under-reported

10. Blackmail - 2,028

This includes threats to publish intimate photographs online

(1st November 2017)


BOGUS STAMP DUTY DODGE MEANT WE HAD TO PAY £54,000 MORE
(The Telegraph, dated 7th October 2017 author Sam Meadows)

Full article [Option 1]:

www.telegraph.co.uk/tax/news/bogus-stamp-duty-dodge-meant-had-pay-54000/

Property buyers who sought to sidestep stamp duty - in some cases by using apparently legitimate schemes - now face having to pay the original duty and in certain instances fines and costs on top.

The marketing of so-called "avoidance schemes" surged in the wake of successive stamp duty increases, particularly after the 3 percentage point surcharge that has applied to second property purchases from April 2016.

Many schemes sought to establish their legitimacy by quoting opinions of lawyers - but in many cases the processes had not been tested in court. Other schemes were plainly fraudulent and destined to fail.

But the backdrop of stamp duty bills running into tens of thousands of pounds, and widespread confusion around the surcharge rules, meant these schemes were tempting to many.

Telegraph Money first warned in July 2016 of the dubious legal basis regarding these manoeuvres, some of which promised to cut the duty by up to 100pc - for a fee.

Now a number of cases are coming through where HM Revenue & Customs has caught up with property buyers and is demanding payment - and in some instances is adding 100pc to the bill as a penalty.
'We should have paid £37,000 - we'll end up paying £91,000'

One Telegraph Money reader, a hospital doctor, bought a house in Cambridgeshire in 2014. Self-professedly "ignorant" about how stamp duty worked, in the course of researching the transaction she came across a company named CDP Corporate, which was promoting a tantalising avoidance scheme.

The stamp duty bill on the property, costing around £1m, should have been £37,000. The use of the scheme would cut this to just £5,000 and save £32,000, she was promised.

The deal went through using a conveyancer recommended by CDP Corporate. She paid £16,000 in fees for using the scheme. In all, once the purchase went through, the buyer believed she had saved £16,000.

Yet six months after the transaction she received a letter from HMRC saying it was investigating the legality of the scheme. She heard nothing more - until last month.

Out of the blue HMRC sent her a bill for £75,000. This was made up of the original duty plus a raft of penalties. She and her husband attempted to contact CDP Corporate but found it had been dissolved.

But the husband told Telegraph Money: "My wife is a doctor. She doesn't have the time to think about these things, so it has come as a massive shock. Her mistake was not taking a second opinion, but she thought she was dealing with trustworthy professionals, and just did what they asked."

He added: "For people with no financial training or experience this is a serious trap."

When Telegraph Money approached him this week he said he believed the scheme had been designed by a solicitor based on the advice of a QC. But he admitted that the "advice" was later discovered to be a forgery.

He said the solicitor in question had fabricated the opinion of a prominent barrister, and that CDP Corporate - which he presented as merely marketing the scheme for a fee - was forced out of business as a result. He said that he had no knowledge of the forgery while recommending the scheme to people.

Mr Connolly is currently a director of a separate company named CDP Tax & Wealth, trading under the name Fiducia Wealth & Tax. Its website claims to be able to save a buyer of a £1m second home £43,328 in stamp duty. Mr Connolly insisted the strategies deployed by Fiducia Wealth & Tax were entirely legal. He said: "Touch wood, our barristers and accountants are as good as it gets."

Inventive Tax Strategies, Professional Advice Bureau, Sterling Tax Strategies and Bell Strategies had promised to refund customers' fees if their tax-busting strategies failed, but were unable to do so.

Two insurance policies taken out with a company based in Belize also failed to pay out. In a further twist, court papers show the companies made applications to HMRC for VAT refunds in order to pay their creditors - leading the taxman to make payments totalling more than £3m. HMRC later realised its mistake and blocked further requests for a sum of £2.1m.

ITS Action Group now represents a number of the four companies' customers, who have been made creditors by the administrators.

A spokesman for HMRC said: "Most avoidance schemes simply do not work, and the people who get involved can end up paying more than they were trying to avoid in their misguided attempts to save money."

He added that a "scheme reference number" - a reference for HMRC - does not mean it has been cleared by the taxman. Schemes must always be disclosed.

Paul Emery, a partner at PwC, the accountancy firm, said new rules requiring anyone using a scheme to mitigate tax to disclose details to HMRC were curtailing these sorts of cases, noting: "HMRC is also using Land Registry data and matching this up with tax returns."

He added: "It can be difficult to discern legitimate planning from something the courts are likely to find against. If it does sound too good to be true, get a second opinion from a professional."

The Fiducia mentioned here is in no way connected with Colchester-based Fiducia Wealth Management

(1st November 2017)


SCAM ALERT - HURRICANE CHARITY CONS (Extract and adapted)
(Huffington Post, dated 3rd October 2017 author Christopher Elliott)

Full article [Option 1]:

www.huffingtonpost.com/entry/scam-alert-in-a-hyperactive-hurricane-season-the_us_59d3a1a8e4b043b4fb095c80

Harvey. Irma. Maria.

In a hyperactive hurricane season, the mere mention of these storms evokes fear, dread - and regret.
But this year feels a little different, maybe because of the proliferation of rip-offs that followed these disasters, from repair fraud to relief scams. And these swindles continue in Texas, Florida, Puerto Rico - and perhaps even in your own neighborhood.

"There are the normal scams that occur after a hurricane that have become tried and true," says Daniel Stermer, the mayor of Weston, Fla., and a former prosecutor who handled price gouging claims and other fraud-related crimes. "They include debris cleanup, storm shutter removal, tree trimming, home repairs, and other things that homeowners need immediately and do not have a frame of reference on whether the price they are being quoted is reasonable or truly price gouging and a scam."

Since this year's storms have been so intense, the scammers are reaching new victims, particularly when it comes to hurricane-related charities. To get the full picture, you have to look at what happened, consider what might happen, and talk to hurricane scam experts. And it quickly becomes clear that even though the storms are past, the worst is not over.

Bottom line: You can fall for a swindle without being in a state, or even a country, affected by a hurricane. And this year's wave of hurricane scams, like the storms themselves, have been remarkable:

Fake charity scams

"Beware of fake charity websites set up to take advantage of those looking to donate for a recent disaster," warns Michael Lai, CEO of Sitejabber.com, a ratings site. After every major disaster, fake websites spring up that take advantage of people who want to help, he says. "For example, after the Haiti earthquake, there were fake Haiti earthquake relief sites. It was simply astounding."

What to do? Look up your charity on a site :

For the USA :Charity Navigator or GuideStar to ensure it's legit.
For the UK : Charity Commission

Never send charity money through a wire transfer, Western Union or MoneyGram. A reputable nonprofit never requests money by wire transfer, says Lai. "If you can, use a credit card or PayPal which will offer fraud protection." Never give out personal information, such as your social security number, or home address to someone calling to ask for a donation.

(1st November 2017)


TRAVEL AGENT FRAUDSTER WHO PHONED POLICE WITH THREATS IS CAUGHT AT GATWICK
(London Evening Standard, dated 9th October 2017 author Patrick Grafton-Green)

Full article [Option 1]:

www.standard.co.uk/news/crime/travel-agent-fraudster-who-phoned-police-with-threats-is-caught-at-gatwick-airport-trying-to-flee-a3654086.html

A serial fraudster who was caught trying to flee the country after phoning an investigating police officer to threaten him and his family has been jailed.

Jonathan Richman, 52, of no fixed abode, was sentenced to a total of two years in prison at Isleworth Crown Court on Friday after fleecing travel companies and holidaymakers for years.
He pleaded guilty to fraud and money laundering offences totalling more than £80,000.

Between 2011 and 2015, Richman posed as a travel agent under the name Jamie Malcolm dealing in last-minute holidays at low prices.
But without his clients' knowledge, Richman paid for the holidays using fraudulent credit card details, as they paid money into bank accounts he controlled.

Travel companies were left thousands of pounds out of pocket when credit card companies later spotted the fraudulent payments and recovered the money.

And in some cases, where the fraud was spotted quickly, Richman's customers had their holidays cancelled, and were left unable to get their money back from him.

The Met launched an investigation in September 2013 when two people returning from a holiday in Thailand were arrested by officers at Heathrow Airport.

It quickly became apparent they were victims of Richman's fraud, police said.

A breakthrough in finding out Richman's true identity or whereabouts came in October 2014 when Richman called the Heathrow CID office and made threats against one of the investigating officers and his family, telling him to "leave [him] alone".

Detectives traced the mobile phone numbers used to make the calls, and were then able to link the numbers to Richman. He was arrested in February 2015 in Brighton.
In total, officers identified around 16 victims - including companies or people - who had fallen foul of Richman's scams.

He was convicted of fraud and malicious communications offences in March 2015 and sentenced to a total of four years' in prison.

After Richman was released on licence from prison in August 2016, he breached his licence and was on the run from police. He was eventually arrested at Gatwick Airport on August 28, trying to board a flight to Morocco.

He was charged on August 29 with the additional offences, and pleaded guilty at Isleworth Crown Court on September 27 to three counts of fraud, money laundering and the possession of fraudulent documents and articles for use in fraud.

Detective Sergeant Dave Bullamore, from the Met's Aviation Policing Command, said: "Richman was carrying out these frauds effectively as a full time occupation.

"He went to great lengths to try and conceal his true identity, right from renting a flat under a false name to setting up fake bank accounts.

"But his arrogance proved to be his downfall when he called the detectives to threaten and warn them off from investigating him.

"We were finally able to match his face to his true identity and arrest him, and despite his attempts to go on the run and evade justice, he is now facing further time behind bars."

(1st November 2017)


SEPTEMBER 2017


THE WORLD OF SCAMS - SEPTEMBER 2017

If the scam is not in the UK at the moment, it probably will be in the future !

-----------------------
SCAMMERS ARE CONSTRUCTING FAKE PEOPLE TO GET REAL CREDIT CARDS
(Bloomberg Business Week, dated 12th September 2017 author Jennifer Surane)

Full article [Option 1]:

www.bloomberg.com/news/articles/2017-09-12/scammers-are-constructing-fake-people-to-get-real-credit-cards?cmpId=flipboard

On a warm day in May, agents from the FBI and the U.S. Postal Inspection Service descended on a leafy neighborhood in South Carolina and raided the home of a DJ suspected of using fake identities to obtain 558 credit cards from Capital One Financial Corp.

Inside, investigators found a pair of handwritten ledgers listing names alongside purported Social Security numbers, birth dates, and addresses-tracking some of the identities he allegedly had cultivated since the end of 2013. Prosecutors estimate Whitlock tapped at least $340,000 using the credit cards.

Such scenes are part of a newly defined front in the war against credit card fraud. Known as synthetic identity theft, the scam relies on creating identities rather than stealing existing ones.

-----------------------
NIGERIAN STUDENT'S SCAM TRICKS U.S. COMPANIES INTO SENDING HIM MILLIONS
(The Dallas Morning News, dated 8th September 2017 author Kevin Krause)

Full article [Option 1]:

www.dallasnews.com/news/crime/2017/09/08/nigerian-students-scam-tricks-us-companies-sending-millions

When employees get an email from their CEO asking them to do something, chances are they will do it - fairly quickly and with no questions asked.

Amechi Colvis Amuegbunam counted on it. And he was right.

Employees wired company money to where Amuegbunam told them - most often foreign banks. He pulled it off by cleverly creating email accounts that made it appear as if he were a company executive, authorities said.

A federal judge sentenced him last week to 46 months in federal prison for duping more than 10 victims out of about $3.7 million.

-----------------------
HOUSEHOLDERS WARNED ABOUT FAKE IRISH WATER EMAILS
(Irish Examiner, dated 7th September 2017)

Full article [Option 1]:

www.irishexaminer.com/breakingnews/ireland/householders-warned-about-fake-irish-water-emails-804989.html

Householders have been warned to remain vigilant as cybercriminals aim to steal from bank accounts via another wave of fraudulent emails claiming to come from Irish Water, writes Joe Leogue of the Irish Examiner.

Internet security firm ESET Ireland has warned computer users are receiving an email titled "Update your account details" which is doctored to resemble a communication from Irish Water.

The email is a phishing scam designed to steal credit card information and Irish Water login information.

"Clicking on the link leads to a forged log-in page, where the victim first hands over their Irish Water log-in details, and is then asked to enter all the details of their credit or debit card as well and confirm it," ESET warned. "After providing the cybercriminals with all the required info, the user gets bounced back to the actual Irish Water website," it said.

-----------------------
CANADIAN UNIVERSITY FALLS VICTIM TO EMAIL PHISHING SCAM
(Fox News, dated 1st September 2017 author James Rogers)

Full article [Option 1]:

www.foxnews.com/tech/2017/09/01/canadian-university-falls-victim-to-email-phishing-scam-loses-9-5m-to-fraudsters.html

MacEwan University in Edmonton, Alberta has confirmed that it lost 11.8 million Canadian dollars (US $9.5 million) after falling victim to a phishing attack.

In a statement released Thursday, the university said that a series of fraudulent emails convinced staff to change electronic banking information for one of the institution's major vendors. As a result of the fraud, $9.5 million was transferred to an account that staff believed belonged to the vendor.

-----------------------
BEWARE THESE HURRICANE HARVEY PHISHING AND SPAM ATTACKS
(Tech Republic, dated 1st September 2017 author Alison DeNisco)

Full article [Option 1]:

www.techrepublic.com/article/beware-these-hurricane-harvey-phishing-and-spam-attacks/

With every large news event of natural disaster comes a barrage of scam emails and websites, with cybercriminals attempting to take advantage of interest in the situation. Hurricane Harvey, which damaged or destroyed more than 44,000 homes in Houston, TX, has sadly set off a spate of hackers attempting to profit from the disaster.

"Natural disasters are open season for cyber criminals intent on making a buck using time-tested and fraudulent means," said Steve Durbin, managing director of the Information Security Forum. "Email infection, fake websites, and traditional phishing attacks are all to be expected."

-----------------------
(1st October 2017)


CORRUPT BARCLAYS BANKER HELPED GANG LAUNDER £16m FOR EASTERN EUROPEAN CYBERCRIMINALS
(International Business Times, dated 20th September 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/corrupt-barclays-banker-helped-gang-launder-16m-eastern-european-cybercriminals-1640110

A "corrupt banking insider" working for Barclays, along with four other men, have admitted laundering at least £16m ($21m) for a gang of international cybercriminals.

Between 2013 and 2016, the group used roughly 400 bank accounts in a conspiracy that involved receiving stolen money into one account and then dispersing it into smaller sums across multiple other accounts, the National Crime Agency (NCA) said Tuesday (19 September).

The process, investigators found, would be repeated several times - to disguise the source of the money - before being sent back to cybercriminals.

The hackers were reportedly traced back to a location in Eastern Europe, which has not been revealed.

Nilesh Sheth, 53, a personal banking manager at Barclays, opened a large number of so-called "mule accounts" using fake IDs and address documents.

And he was not alone, the NCA quickly concluded.

Iurie Mereacre, a 37-year-old Moldovan national, ran the money laundering service from his home in London, along with three associates, brothers Iurie Bivol (36) and Serghei Bivol (31) along with Ryingota Gincota (28).

"Sheth abused his position of trust at the bank to knowingly open sham accounts for the network, providing a vital service which enabled them to launder £16 million worth of stolen cash," said Mike Hulett, head of operations at the NCA's cybercrime unit.

The "step-by-step" guide

Prior to their arrests, on 3 November 2016, the laundering group was seen meeting with Sheth on numerous occasions at his bank, and in public places including restaurants and car parks.

On the day of the arrests, NCA officers recovered multiple mobile phones, financial ledgers and 70 mule packs from Mereacre's flat.

The mule packs contained ID and banking documents, bank cards and security information that enabled the group to obtain access to the accounts.

In a move that was surely pivotal to the investigation, officers also seized a hand-written "step-by-step guide to money laundering", which contained instructions on how to move money to accounts at various banks and notes on which accounts had been blocked by bank security.

In a search of Sheth's home in Redwoods Close, Buckhurst Hill, officers recovered over £16,000 in cash and nine mobile phones hidden around his house, including under the kitchen sink.

A number of the phones, the NCA discovered, had been used to communicate with Mereacre and contained text messages sent between the pair, organising meetings and payment.

On Thursday 15 June 2017, at the Old Bailey, Mereacre, Sheth and both Bivol brothers pleaded guilty to roles in the conspiracy.

Gincota opted to take the case to trial but later pleaded guilty to fraud offences on 19 September, authorities said.

A Barclays spokesperson said: "This is a rare occasion where an individual deliberately exploited our systems. We have worked with and supported the NCA with this investigation and welcome the outcome of proceedings.

"Barclays will always support law enforcement in identifying criminal activity and bringing prosecutions."

"Abused his position"


Rose-Marie Franton, from the Crown Prosecution Service's (CPS) International Justice and Organised Crime Division, said: "These men deliberately and persistently set about transferring millions of pounds of stolen money out of the UK to Eastern Europe.

"Working closely with NCA investigators, the CPS presented a strong case with the result that today all the defendants have admitted their guilt.

"The evidence we gathered showed how Nilesh Sheth abused his position as a bank employee for personal gain by facilitating the laundering the criminal proceeds of an organised crime group both within the UK and across borders."

The NCA could not elaborate on the identity of the foreign cybercriminal gang.

Back in 2008, the Northampton Chronicle and Echo reported that Mereacre was linked to an "international card cloning and skimming scam" that was using more than 100 bank accounts and pin numbers were used to net approximately £105,000 in illegal profit.

At the time, the regional newspaper reported he was caught by a Tesco security guard.

(1st October 2017)


HERBALIFE SCAM - EMAILS DISGUISED AS INVOICES CONTAIN RANSOMWARE
(International Business Times, dated 20th September 2017 author AJ Dellinger)

Full article [Option 1]:

www.ibtimes.com/herbalife-scam-emails-disguised-invoices-contain-ransomware-2592174

A new, widespread ransomware attack has started spreading through emails with malicious attachments-including some disguised to look like they came from multi-level marketing nutrition company Herbalife-is hitting millions of inboxes around the world.

The campaign was first spotted by cybersecurity firm Barracuda Labs on Tuesday, at which point the attack had been delivered about 20 million times over the course of a 24 hour period. Since then, the campaign has continued at rate of about two million attacks per hour.

The attack has been impressively prolific since it launched earlier this week. Barracuda has identified at least 8,000 different versions of the virus script so far, suggesting the attackers are randomizing parts of the attack in order to avoid detection from anti-virus tools.

While the origins of the attack are still unknown, Barracuda did note that the largest volume of the emails appeared to come from Vietnam, with other significant sources of the attack including India, Columbia, Turkey and Greece.

According to Barracuda, the payload files delivered by the malicious emails and the domains used to host the secondary payloads downloaded onto a victim's computer have also changed multiple times since the start of the attack.

Potential victims may see any number of variants of the attack, though a common version of the malicious email has contained branding from Herbalife, a popular nutritional supplement and personal care product provider.

The email claims to contain an attachment that is an invoice for an order placed through the company. If a person downloads and opens the file, it will launch the ransomware installer hidden in the document.

Other variants of the email that have appeared claim to be a delivery of a "copier" file or contain a paragraph of legalese that make it appear as though the email is some sort of official or legitimate document.

The messages often come from a spoofed domain, making it appear as though it is from a person within the same organization as the target or from another trusted source-an increasingly popular technique for tricking people into clicking on malicious links, though one that could be avoided with the proper protocols like DMARC implemented by organizations.

While the campaign is currently targeting organizations and businesses, it isn't believed to be from a state-sponsored actor and the motivations appear to be primarily financial, as is often the case with widespread ransomware attacks.

While victims may be tempted to pay the ransom when their computer is infected and their files are made inaccessible by the attack, they are advised not to do so. This is generally the best practice but applies to this attack in particular, as Barracuda noted that victims who pay will not have their files unlocked.

"Barracuda researchers have confirmed that this attack is using a Locky variant with a single identifier. The identifier allows the attacker to identify the victim so that when the victim pays the ransom, the attacker can send that victim the decryptor," the researchers explained in a blog post. "In this attack, all victims get the same identifier, which means that victims who pay the ransom will not get a decryptor because it will be impossible for the criminal to identify them."

Barracuda also noted the campaign is checking the language files on a victim's computer, suggesting it may may lead to an international version of the attack in the future.

(1st October 2017)


THE SAFETY WARNING BEING SENT OUT TO FRAUD VICTIMS - AND WHY YOU NEED TO IGNORE IT (Extract)
(Mirror, dated 13th September 2017 author Emma Munbodh)

Full article [Option 1]:

www.mirror.co.uk/money/safety-warning-being-sent-out-11161835

Clever fraudsters are posing as anti-scam officers to trick victims into handing over details for 'refunds', it has emerged.

In a warning on Wednesday, Action Fraud - the government's security arm - said it was aware of a series of letters currently in circulation that are claiming to be from the National Fraud Intelligence Bureau (NFIB).

The letters - which are being sent out to victims of fraud - are offering them the chance to have their money returned.

To receive the refunds, it asks them to send their personal details to a South African bank. However, it uses the NFIB branding and the name of the City of London Police's Commissioner, Ian Dyson, to appear credible.

The NFIB is part of Action Fraud, it sits within the City of London Police which is the national policing lead for fraud.

In a statement it said: "The fraudsters are sending these letters so that they are able to gather bank details and defraud people who have already fallen victim to fraud."

However to protect themselves, customers are being warned to take the following steps:

- Be prepared: If you've been a victim in the past, challenge any letters from people you don't know or companies you've never contacted. Clarify any letters directly with the relevant organisation.

- If you're asked to pay, or give your bank account details, end all contact.

- Ask questions: Ask them how they found out that you had been a victim. Any report of fraud is protected by law and can't be shared with anyone else outside of law enforcement agencies.

City of London Police's Detective Chief Inspector Andy Fyfe said: "This fraudulent letter is clearly not something that the National Fraud Intelligence Bureau would send to the public. It takes advantage of peoples' trust in order to steal money from those who have already fallen victim.

"By using recognised organisations, including the National Fraud Intelligence Bureau's branding and the City of London Police's reputation, the fraudsters are attempting to appear credible.

"If you are unsure about a letter you have received from the National Fraud Intelligence Bureau, please contact Action Fraud directly before giving away any of your personal details."

If you have been affected by this, or any other scam, report it to Action Fraud by calling 0300 123 2040, or visiting Actionfraud.police.uk .

(1st October 2017)


INDIAN CALL CENTRE SCAMMERS ARE TARGETING BT CUSTOMERS
(The Register, dated 6th September 2017 author Kat Hall)

Full article [Option 1]: www.theregister.co.uk/2017/09/06/bt_call_scam/

BT customers in the UK have been targeted by scammers in India - with one person reporting they were defrauded for thousands of pounds this week.

The issue appears to have been going on for more than a year. Some customers said the fraudsters knew their personal details.

One reader got in touch to report that his father-in-law has been having problems with his BT broadband, which he contacted the company about.

This week he got a call from someone asking for him by name, talking about his broadband problems. This individual claimed he had malware on his computer and said he need to access his machine via a third-party client.

"Within the hour he had over £1,000 in two payments from his bank account. Fortunately Lloyds stepped in on the second larger payment and stopped it progressing," said his son-in-law, who asked not to be named.

A BT customer forum thread entitled Possible Scam has hundreds of comments dating back from last year.

One recently wrote they had already been in touch with BT about their broadband prior to receiving a call from an Indian man stating that he was calling from BT.

"He asked me to confirm the postcode and address which he gave to me over the phone and then my date of birth. At that point I said no and he hung up. Clearly a scam call and weirdly, never had to call BT until the last few weeks and all of a sudden a call."

Another said the same thing happened to him, adding that the caller was very plausible until they wanted remote access to his PC hard drive.

"She even knew my address, phone number and both mine and my husbands name... so had access to some of our details."

Fraud appears to be a growing problem across the sector. Last month TalkTalk was hit with a £100,000 fine after the data of the records of 21,000 people were exposed to fraudsters in an Indian call centre.

A BT spokesman said: "BT takes the security of its customers' accounts very seriously. We proactively warn our customers to be on their guard against scams. Fraudsters use various methods to 'glean' your personal or financial details with the ultimate aim of stealing from you. This can include trying to use your BT bill and account number."

He advised customers should never share their BT account number with anyone and always shred bills. "Be wary of calls or emails you're not expecting. Even if someone quotes your BT account number, you shouldn't trust them with your personal information."

He said: "We'll never ask customers for personal information out of the blue and we'll never call from an 'unknown' number. If we're getting in touch about your bill, it will usually be from either 0800 328 9393 or 0800 028 5085."

(1st October 2017)


AUGUST 2017


HOW TO STOP THE CON ARTISTS
(Actuarial Post, dated July 2017)

Full article [Option 1]:

www.actuarialpost.co.uk/article/in-scam-awareness-month-how-to-stop-the-con-artists-12292.htm?mc_cid=534bc8a309&mc_eid=f46eab0a3f

At the start of Citizens Advice's 'Scams Awareness Month', Kate Smith, head of pensions at Aegon, highlights the need for consumers to be on their guard to spot and prevent scams:

"Not only are they master manipulators, scammers are constantly evolving ways to trick victims. The sad fact is that in today's world, people's savings are under threat from potential fraudsters. However, while incredibly serious, this isn't something that should keep people awake at night. Following some simple steps can ensure that people protect themselves.

"Scammers are becoming increasingly sophisticated in the ways they target people's money, including pension savings. Being aware of what to look out for can not only protect your money, but save you a lot of stress as well. While initially tempting, companies promising high returns from unusual unregulated investments, or offering early access to pension savings, more often than not, turn out to be scams. It can be all too easy to be taken in by scammers, but being on your guard is your first, and best, line of defence.

"It's not only individuals who need to guard against the threat of scammers though, we stand a much stronger chance of beating them by being collectively vigilant. No controls are infallible, so pension providers and schemes, along with advisers, need to be alert and update controls as scams evolve.

"Thwarting scammers at every opportunity is key and strengthening regulation can certainly dent scammers' success rates. The promise of high returns by persuading individuals to move pensions overseas, when the individual has no intention of living abroad, was previously one of the scammers' favourite tactics. Today, it has almost disappeared off the radar, thanks to government regulation. The introduction of an immediate 25% tax charge proved a simple and effective way to clamp down on this type of fraudulent activity, resulting in an almost immediate decline in this type of scam.

"In a similar vein, we were relying on a new Pension Bill to address issues highlighted by the pension industry to give savers greater protection. Unfortunately, the Queen's Speech was disturbingly quiet on any legislation to ban pension cold-calling or give schemes and providers greater powers to block suspicious transfers.

"Pension scams won't just go away without some serious action. Limiting the right to a statutory transfer could potentially safeguard millions of pounds from scammers. The government must keep this on its agenda, speak up and take the issue seriously.


Top Tips to avoid scammers

1. Try not to engage in conversation with Cold Callers. The safest thing to do is to hang up.
2. Think about installing call blocker technology on your phone.
3. Never give out personal information, including your bank details.
4. Always check the Financial Conduct Authority (FCA) online register if you doubt a company.
5. Check the FCA ScamSmart warning list for known investment scams.
6. Use the Pension Advisory Online tool to Identify a pension scam if you are worried about information given or action you've taken https://www.pensionsadvisoryservice.org.uk/my-pension/online-tools?moreInfo=4
7. Never feel pressurised into making a quick decision, and read any documents carefully before you sign on the dotted line.
8. Always do the research. As always, if in doubt, use a regulated adviser. You can find one of these using the 'unbiased adviser' website.
9. Report any concerns to your pension provider, adviser, or Action Fraud by calling 0300 123 2040 or online at actionfraud.police.uk.

(28th September 2017)


NINE IN TEN PEOPLE HIT BY EMAIL SCAMS EVERY MONTH
(Which ?, dated 9th August 2017 author Melissa Massey)

Full Article [Option 1]:

www.which.co.uk/news/2017/08/nine-in-ten-people-hit-by-email-scams-every-month/

As many as nine in ten people said they are receiving at least one dodgy email a month that's evaded their spam filters, new Which? research on email scams has found.

Our research also found that more than half of people are getting as many as five scam emails a month in their inbox, with many claiming to be from trusted services and legitimate brands.

The research highlights how common the problem of bogus phishing emails is. And, with many appearing to be from what look like reputable sources, they can all too often trick people into losing money or giving away personal information.

Positively, almost all of respondents were able to spot at least one tell-tale sign in a scam email, but only around two in five look out for any links to dodgy websites included in the email or look to see if the branding is any different than usual.

The research showed that while overall only 3% of people lost money to a scam email, on average women ended up parting with more than double the amount of money as their male counterparts. Women lost £2,186 on average, while men lost £975 on average. If you've lost money to a scam your next steps will depend on how you were parted from your cash.

Impersonating trusted brands

Fake emails impersonating PayPal top the list of the most common phishing scams, with 56% of respondents saying they had received an email claiming to be from the payments company.

Trusted services and brands impersonated by scammers include PayPal, banks, HMRC and Apple (including iTunes). Nearly a third of respondents also reported that they'd received emails from a stranger asking for money.

Where some scam emails received claimed to be from :

PayPal : 56%
A Bank : 49%
HMRC : 40%
Stranger asking : 31%
Apple (+itune) : 26%
eBay : 20%
A Supermarket : 18%
An email provider : 13%
Microsoft : 13%

(Answers from 1,575 respondents)

Bogus phishing emails all too common

And, while most people are likely to delete dodgy emails and some mark them as spam, almost one in four of today's centennials (18-21 year olds) did nothing with the scam email they received - a much higher proportion than the national average of just 4%.

Alex Neill, Managing Director of Home Products and Services at Which? said: 'Bogus phishing emails that look like they are from reputable sources are all too common and can trick people into giving away personal information, and in some cases losing money.

'Our research shows it's often the youngest consumers that are most at risk of opening these emails and that they are also less likely to do something about a scam email. Our top tips guide on how to spot an email scam is available for free on our website to help consumers stay ahead of the scammers' tactics and reduce the risk of them becoming a victim of fraud.'

Stay vigilant and take action to tackle fraud

Which? is warning consumers to be vigilant and take action, to reduce the risk of them becoming a victim of fraud. To help consumers stay safe online, Which? has produced a free online guide full of tips to help people spot an email scam here.

Which? is calling on the Government to set out an ambitious agenda to tackle fraud, publish an update on the progress of the Joint Fraud Taskforce and outline what action it will urgently take to safeguard consumers from scams.

https://campaigns.which.co.uk/scams-fraud-safeguard/

This research was carried out by Populus on behalf of Which?. They contacted 2,114 adults via an online poll in June 2017. The data is weighted to be nationally representative of the UK.

(28th September 2017)


IDENTITY THIEVES STEALING PEOPLE'S MONEY BY SEIZING CONTROL OF THEIR PHONE NUMBERS WITHOUT THEM KNOWING
(The Independent, dated 22nd August 2017 author Aatif Sulleyman)

Full article [Option 1]:

www.independent.co.uk/life-style/gadgets-and-tech/news/identity-thieves-steal-money-phone-numbers-transfer-control-mobile-networks-fraud-a7906271.html

Criminals are stealing people's money by taking control of their phone numbers behind their backs, a new report says.

They're managing to persuade agents at mobile networks to transfer control of targets' phone numbers to their own devices.

The technique isn't brand new, but is growing increasingly popular, according to the New York Times.

It reports that identity thieves often call agents multiple times, to request the transfer of a particular phone number, with "sob stories" about made-up emergencies commonly used.

Even if their request for the number is turned down repeatedly, their hope is that they'll eventually get to speak to an agent that falls for the scam.

Once they succeed, they can break into any accounts that use the number as a security backup, by resetting the passwords.

This can give them access to valuable information, such as bank account details, and also enable them to blackmail their intended target, by threatening to leak personal information.

However, the New York Times says criminals have started targeting investors in digital currencies - such as bitcoin - and venture capitalists, often finding them through social media.

This is largely because digital currency transactions are irreversible, leaving victims completely helpless.

Earlier this year, a security researcher discovered a "gaping hole" in Facebook that lets anyone easily break into an account.

The problem stems from the fact that Facebook allows you to link multiple phone numbers to your account, and doesn't force you to remove old ones once you've stopped using them.

Therefore, anyone who inherits your old number could easily reset your password and lock you out of your own account.

(28th September 2017)


CASES OF INSURANCE ID FRAUD ARE SOARING
(This is Money, dated 25th August 2017 author Rachel Straus)

Full article [Option 1]:

www.thisismoney.co.uk/money/beatthescammers/article-4819762/What-insurance-identity-fraud-does-work.html

Cases of insurance identity fraud have shot up this year, from just 20 between January and June 2016 to 2,070 over the same period this year.

The rise means it's the fastest-growing type of identity theft in the UK, at a time when it is reaching 'epidemic' levels.

Identity theft is when fraudsters get hold of the data of their victims, such as their names, dates of birth and addresses, through a variety of routes including stolen mail, the dark web, hacking or exploiting information on social media.

The fraudsters then use this information to take out products in their victims' names, for example opening bank accounts and applying for credit cards, loans, shopping online - and now, insurance.

nsurance identity fraud is when a criminal uses these methods to take out an insurance product in someone else's name.

Nick Mothershaw, director of identity and fraud solutions at Experian, explains why someone would want to do this.

He says that this type of fraud is often called 'ghost broking', and involves 'taking out a policy using a good address that gets a low premium, doctoring it, and selling on to an unsuspecting buyer looking for a better premium'.

The victim of insurance identity theft might not find out about the crime until they receive some kind of correspondence from an insurance provider with whom they do not have a policy, asking for payment or alerting them to an issue.

Similarly, the victim who unwittingly buys the doctored insurance cover may not find out that they do not have a valid policy until it's too late and they try to make a claim.

Other types of insurance fraud can involve people not telling the truth to get a better premium or people making false or exaggerated claims, says Nick.

To check whether your insurance product is legitimate, the Association of British Insurers says you can check that it is listed on the Motor Insurers' Bureau's Motor Insurance Database, which records policy details of all vehicles in the UK.

It also says to beware of insurance policies sold via social networking websites, pubs clubs and bars, newsagents and motor repair shops.

The Insurance Fraud Bureau ( https://www.insurancefraudbureau.org/ ) runs Cheatline with Crimestoppers to report insurance fraud.

Identity fraud cases overall rose by another five per cent in the last year, with nearly 500 cases a day - with the majority of scams taking place online, according to fraud prevention body Cifas.

Simon Dukes, Cifas chief executive, said: 'We have seen identity fraud attempts increase year-on-year, now reaching epidemic levels.

'These frauds are taking place almost exclusively online. The vast amounts of personal data that is available either online or through data breaches is only making it easier for the fraudster.

'Criminals are relentlessly targeting consumers and businesses and we must all be alert to the threat and do more to protect personal information.

'For smaller and medium-sized businesses in particular, they must focus on educating staff on good cyber security behaviours and raise awareness of the social engineering techniques employed by fraudsters. Relying solely on new fraud prevention technology is not enough.'

(28th September 2017)


DO YOU SELL ITEMS ON PAYPAL
(Hertfordshire Police Neighbourhood Watch, dated 28th August 2017)
www.owl.co.uk

We have received a number of reports recently where Hertfordshire residents have lost items or money after they believed they had sold items online to purchasers using PayPal. The two most common scams were:

Buyer asks for items to be sent to an alternative address

The buyer sends money via PayPal but asks for item to be sent to a different address, such as their "work address" or a "gift address". The victim receives the payment and sends the item to the new address. The buyer then claims they did not receive the item and requests a refund. Because the seller sent the item to a different address, they are not covered by PayPal's seller protection, so the buyer receives their refund and the seller ends up with neither the items nor the money.

Fake PayPal confirmation email

The buyer tells the seller that they will pay using PayPal. The seller then receives an email (that looks to be identical to a normal PayPal email) confirming payment has been received. The seller then sends the item. However, the PayPal confirmation email was fraudulent and the payment was never made.

Protect Your Money

- Don't accept an email as proof of payment, always check your account to ensure monies have been received. Log in to your account via your app or browser, never via an emailed link.

- Please bear in mind when selling items via PayPal, the User Agreement contains the following: "A key eligibility requirement of the Seller Protection Programme is that, for tangible items, the seller must post the item to the address which appears on the transaction details page."

- To view the PayPal User Agreement, visit www.paypal.com/uk and click on "Legal" in the bottom right hand corner of the page.

(28th September 2017)


EASYJET FREE TICKET GIVEAWAY SCAM IS DUPING CUSTOMERS WITH FAKE BOARDING PASSES
(International Business Times, dated 25th August 2017 author James Billington)

Full article [Option 1]:

www.ibtimes.co.uk/easyjet-free-ticket-giveaway-scam-duping-customers-fake-boarding-passes-1636686

When something looks too good to be true, it usually is. That's why easyJet has issued a warning about a free ticket internet scam fooling Facebook users into thinking they've won complimentary trips away.

Hackers are luring users into clicking on potentially harmful malware by posting on what looks like a genuine easyJet Facebook account with a competition celebrating the low-cost airline's 22nd anniversary. The fake advert claimed "easyJet is gifting 2 free tickets to everyone!" along with a picture of a boarding pass and the offer of two tickets per users if they took part in a survey.

Victims who click on the link were redirected to a fake page where it urged users to "hurry up" due to a limited number of tickets left. The survey asks for personal information and to also share the offer on Facebook in order to redeem the prize, thus gaining access to their profile.

This information could then be sold on or used for further phishing attacks.

"These stolen credentials can be resold or traded on underground forums and sites. Also, these scams can be further weaponised to drop ransomware or other more advanced styles of malware if the attackers so choose. The ease of further weaponising a simple campaign like this is concerning in and of itself," said Tim Helming, Director, Product Management at DomainTools.

The scammers were able to make the scheme look as genuine as possible by also including comments from fake customers who said they had won.

"I won the tickets...thank you easyJet," said one, while another claimed "it was busy at the easyJet counter today. It seems that so many people have won these tickets".

The false website was also set up with an address similar to that of the genuine easyJet site but not affiliated at all, further duping victims into thinking it was real.

This practise is known as typo squatting and here, the easyjetlover[.]us web address was used and repeats an identical scam that appeared on Facebook the week before claiming to be offering free RyanAir tickets, as well as an Aldi scam offering shoppers a free £65 coupon.

Helming reveals that on further investigation DomainTools found that the same person behind this campaign is connected to 113 other domains that are disguised as brands including British Airways, Ryanair and Pizza Hut.

EasyJet has acknowledged the scam, confirming it is fake and not a real giveaway and that "genuine competitions of this nature will only be hosted on easyJet's official Facebook page".

It warns customers to stay clear and encourages users to flag any malicious posts of this nature to the company.

The security experts at DomainTools advise users to stay safe by looking out for tell-tale signs such as typos on the website or coupon, as well as domains that have '.com-[text]'. A good way to ensure you're not being redirected somewhere you shouldn't is by hovering your mouse over the URL to see where the link will take you.

(28th September 2017)


JULY 2017


UK UNI WARNS STUDENTS OF PHISHERS TRYING TO NICK THEIR TUITION FEES
(The Register, dated 20th Jul 2017 author Iain Thomson)

Full article [Option 1]: www.theregister.co.uk/2017/07/20/newcastle_uni_website_phishing/

Foreign students looking to experience the stochastic joys of a year at Newcastle University in England are being warned that phishers are after their cash - using an unusually well-crafted attack.

The raiders set up a very realistic-looking fake website proclaiming itself to be Newcastle International University, complete with pages of well-laid-out information. The URL isn't that of the actual university site, but if you're a student unfamiliar with the center of learning, it would be easy to be fooled.

"We have been made aware of an unofficial website which is fraudulently using the Newcastle University brand and accepting credit card payments to apply for courses," the university said. "The website Newcastle International University is in no way affiliated with the University and we are advising anyone who finds the website should not submit any personal details."

It's the ideal time for phishers to pull a stunt like this. The exam results announcements for British students looking to go to university will be released within a month and overseas students are already trying to secure their places, and so could be vulnerable to slapping down the plastic if they think they can secure their place in academia now.

While the university has no comment at this time, it's thought the website was spammed out via email to these foreign students, who are also unlikely to notice that the site uses faked Newcastle University logos and coat of arms. The fake site not only tries to harvest credit card data, but also asks for other personal information, including passport details.

"Make no mistake, this is an effective scam. They've put in the time and effort to create a remarkably realistic website. It is well designed, well executed, and it highlights the very real danger of modern spoofing attacks," said Azeem Aleem, director of advanced cyber defence practice - EMEA at RSA.

"Newcastle University's response has been admirable, quickly identifying and warning prospects about the site. Yet it is often very hard for a company or organisation to know if their site has been spoofed until someone has already become a victim."

(21st September 2017)


CREDIT CARD FRAUD - WHAT YOU NEED TO KNOW
(Via BBC News, dated 12th July 2017 author Bruno Buonaguidi - Universita della Svizzera italiana)

Full article :

www.bbc.com/capital/story/20170711-credit-card-fraud-what-you-need-to-know?ocid=global_capital_rss

If you are the owner of a credit or a debit card, there is a non-negligible chance that you may be subject to fraud, like millions of other people around the world.

Starting in the 1980s, there has been an impressive increase in the use of credit, debit and pre-paid cards internationally. According to an October 2016 Nilson Report, in 2015 more than $31 trillion were generated worldwide by these payment systems, up 7.3% from 2014.

In 2015, seven in eight purchases in Europe were made electronically.

Thanks to new online money-transfer systems, such as Paypal, and the spread of e-commerce around the world - including, increasingly, in the developing world (which was slow to adopt online payments) - these trends are expected to continue.

Worldwide losses from card fraud rose to $21 billion in 2015, up from about $8 billion in 2010. By 2020, that number is expected to reach $31 billion

Thanks to leading companies such as Flipkart, Snapdeal and Amazon India (which together had 80% of the Indian e-commerce market share in 2015) as well as Alibaba and JingDong (which had upwards of 70% of the Chinese market in 2016), electronic payments are reaching massive new consumer populations.

This is a goldmine for cybercriminals. According to the Nilson Report, worldwide losses from card fraud rose to $21 billion in 2015, up from about $8 billion in 2010. By 2020, that number is expected to reach $31 billion.

Such costs include, among other expenses, the refunds that banks and credit card companies make to defrauded clients (many banks in the West cap consumers' liability at $50 as long as the crime is reported within 30 days for credit cards and within two days for debit cards. This incentivises banks to make significant investments in anti-fraud technologies.

Cybercrime costs vendors in other ways too. They are charged with providing customers with a high standard of security. If they are negligent in this duty, credit card companies may charge them the cost of reimbursing a fraud.

###The types of frauds

There are many kinds of credit card fraud, and they change so frequently as new technologies enable novel cybercrimes that it's nearly impossible to list them all.

But there are two main categories:

card-not-present (CNP) frauds:

This, the most common kind of fraud, occurs when the cardholder's information is stolen and used illegally without the physical presence of the card. This kind of fraud usually occurs online, and may be the result of so-called "phishing" emails sent by fraudsters impersonating credible institutions to steal personal or financial information via a contaminated link.

card-present-frauds:

This is less common today, but it's still worth watching out for. It often takes the form of "skimming" - when a dishonest seller swipes a consumer's credit card into a device that stores the information. Once that data is used to make a purchase, the consumer's account is charged.

The mechanism of a credit card transaction


Credit card fraud is facilitated, in part, because credit card transactions are a simple, two-step process: authorisation and settlement.

At the beginning, those involved in the transaction (customer, card issuer, merchant and merchant's bank) send and receive information to authorise or reject a given purchase. If the purchase is authorised, it is settled by an exchange of money, which usually takes place several days after the authorisation.

Once a purchase had been authorised, there is no going back. That means that all fraud detection measures must be done during in the first step of a transaction

Once a purchase had been authorised, there is no going back. That means that all fraud detection measures must be done during in the first step of a transaction.

Here's how it works (in a dramatically simplified fashion).

Once companies such as Visa or Mastercard have licensed their brands to a card issuer - a lender like, say, Barclays Bank - and to the merchant's bank, they fix the terms of the transaction agreement.

Then, the card issuer physically delivers the credit card to the consumer. To make a purchase with it, the cardholder gives his card to the vendor (or, online, manually enters the card information), who forwards data on the consumer and the desired purchase to the merchant's bank.

The bank, in turn, routes the required information to the card issuer for analysis and approval - or rejection. The card issuer's final decision is sent back to both the merchant's bank and the vendor.

Rejection may be issued only in two situations: if the balance on the cardholder's account is insufficient or if, based on the data provided by the merchant's bank, there is suspicion of fraud.

Incorrect suspicions of fraud is inconvenient for the consumer, whose purchase has been denied and whose card may summarily be blocked by the card issuer, and poses a reputational damage to the vendor.

How to counter frauds?

Based on my research, which examines how advanced statistical and probabilistic techniques could better detect fraud, sequential analysis - coupled with new technology - holds the key.

Thanks to the continuous monitoring of cardholder expenditure and information - including the time, amount and geographical coordinates of each purchase - it should be possible to develop a computer model that would calculate the probability that a purchase is fraudulent. If the probability passes a certain threshold, the card issuer would be issued an alarm.

The company could then decide to either block the card directly or undertake further investigation, such as calling the consumer.

The strength of this model, which applies a well-known mathematical theory called optimal stopping theory to fraud detection, is that it aims at either maximising an expected payoff or minimising an expected cost. In other words, all the computations would be aimed at limiting the frequency of false alarms.

My research is still underway. But, in the meantime, to reduce significantly the risk of falling victim to credit card fraud, here are some golden rules.

First, never click on links in emails that ask you to provide personal information, even if the sender appears to be your bank.

Second, before you buy something online from an unknown seller, google the vendor's name to see whether consumer feedback has been mainly positive.

And, finally, when you make online payments, check that the webpage address starts with https://, a communication protocol for secure data transfer, and confirm that the web page does not contain grammatical errors or strange words. That suggests it may be a fake designed solely to steal your financial data.

The Conversation

Bruno Buonaguidi is a researcher at the InterDisciplinary Institute of Data Science at the Università della Svizzera italiana. This article originally appeared on The Conversation.

(21st September 2017)


THEY SENT A MOTORBIKE COURIER AT 11PM : HOW ELDERLY PEOPLE FALL FOR BANK SCAMS
(The Telegraph, dated 4th July 2017 author Sam Meadows)

Full article [Option 1]:

www.telegraph.co.uk/money/consumer-affairs/sent-motorbike-courier-11pm-elderly-people-fall-bank-scams/

When Ian Price handed over his bank cards, pin, and all the cash he had to a motorbike-riding courier in the dead of night he thought that he was acting on instructions from the police.

In fact, he was one of an estimated half a million over-65s who have fallen victim to scammers. More than half of all pensioners have been targeted by fraudsters, according to research by Age UK, the charity, so being aware of scammers is more important than ever.

Mr Price, 89, was phoned by someone purporting to be a police officer. The caller told him that he had been monitoring his bank accounts and had noticed some suspicious activity. The "officer" would send a courier, he said, to collect his bank cards for his own protection. The clincher for Mr Price was the scammer's claim that he could hang up and dial 999 if he was unsure.

He did so, but the fraudster was relying on a little-known quirk of the telephone system that allows a caller to "tie up" your line for a few minutes if they remain on the line after you have put the phone down. This meant that when Mr Price dialled 999 immediately, he was reconnected to the scammer (BT said lines were now tied up for no more than 10 seconds).

Reassured, Mr Price handed his cards and pin to the courier - who arrived at 11pm - thinking that he was doing the right thing. Instead, the scammers ransacked his accounts.

Mr Price's son, Christopher, a charity worker, said the incident had taken an incredible toll on his father. "If you get swindled at a younger age you can kind of rationalise it and deal with it," he said. "At an older age, when your confidence is waning anyway, it can really knock you down.

"It's got to the point where he really has lost his confidence to deal with money or passwords. I deal with his banking, and my sister does all of his online shopping for him. He has an iPad, which he uses to listen to the radio, but anything with an app or a password, he now struggles with. We joke that I'm giving him his pocket money every week."

Mr Price was relatively lucky. His credit card companies refunded him the money and he lost only around £100. But Telegraph Money has reported several times how elderly people who have been scammed have lost tens of thousands of pounds.

Last year, we reported that one reader, Shaun Phillips, had lost £51,000 to fraudsters after he had already been targeted twice and told by his bank, TSB, that he was protected.

Experts have also predicted the Government's database of scam victims - which currently numbers around 300,000 - could reach close to one million by 2019.

Lucy Harmer, a director at Independent Age, a charity that provides information and advice, said the elderly were disproportionately likely to be targeted by scammers. According to the Financial Ombudsman Service, 80pc of phone scam victims are aged over 55, and 65pc of doorstep-scam victims are over 65.

"Older people face multiple risk factors," she said. "They are often home alone, and during the day. They are more likely to pick up the phone and more willing to talk. They may well be more vulnerable the older they get, suffering from dementia and other illnesses."

She added that while statistics existed for the number of people who fell for online scams, many people were too embarrassed to come forward, meaning that the true scale of the issue could be much larger.

Elderly people who fall for one scam often also find themselves put on a "suckers' list". Government estimates suggest that there could be a million people on these lists by 2019. "There are some really sad stories about people who receive more and more contact," Ms Harmer said.

"One of the signs that an older person may be falling victim to scammers is that they receive an unusual amount of post, or they get a lot of phone calls from strangers. If you have been conned once, they pass your details around and you can very easily become a victim again.

"If older people have the information they need," she added, "they can start to spot the things to look out for, and become less likely to fall for the scams."

How can I protect myself from scammers?

Independent Age has launched a Scamwise campaign to help older people stay ahead of the con men. As well as an advice leaflet, the charity has produced an online quiz that allows you to test your knowledge of some of the most common scams.

Ms Harmer said: "For older people who think they may have been scammed, it's important to remember that anyone can be a victim of a crime. It's nothing to be ashamed of. The most important thing is to report it so you can get the support you need, and to help prevent other people being targeted by the same scam.

"It's also good to be aware of the tactics scammers use, and learn how to protect yourself. There are a few simple things you can do, such as hanging up on cold callers, registering with the Mailing Preference Service to reduce the amount of junk mail you get, and never giving out personal information."

(21st September 2017)


HOW THOUSANDS OF BRITONS ARE AT RISK FROM "WORLDS BIGGEST ONLINE SCAM"
(Independent, dated 28th July 2017 author Josie Cox)

Full article [Option 1]:

www.independent.co.uk/news/business/news/online-scam-thousands-pounds-life-savings-trading-binary-options-fraud-pensioners-fca-a7865856.html?amp

Thousands of pensioners are at risk of losing their life savings in a rapidly growing financial scam that British authorities are powerless to clamp down on, The Independent can reveal.

Savers are investing their money in fraudulent online trading sites offering the promise of potentially huge payouts with little risk attached.

The majority of the complaints relate to companies that appear to be based overseas and are attracting increasing numbers of users, particularly pensioners, who say their investments are frozen if they try to withdraw their money.

The companies encourage investors to make apparently simple bets on whether shares or currencies will rise or fall in value. Many such "binary options trading platforms" are legitimate, but an increasing number are fraudulent.

Both types currently fall outside the control of financial regulators in the UK, meaning that people have little recourse to get their money back if they feel they've been scammed.

In the year to May 2016, the most recent for which figures are available, the National Fraud Intelligence Bureau (NFIB), which is part of the City of London Police, reported having received 305 reports of binary options scams, or 27 each month.

But one lawyer representing victims told The Independent that the true number is likely to be significantly higher - running into the thousands each year - as victims are frequently too embarrassed to come forward and admit to being conned. He described it as "possibly the biggest financial scam in the world".

Elizabeth Ablett from Derbyshire said that she signed up to a platform caller Binary Uno in December 2016. The 70-year-old's husband had died the previous year and she didn't have a pension big enough to live on.

Ms Ablett said that she initially invested £200 with the company, but that individuals who described themselves to her as "brokers" convinced her to up her stakes, telling her she was trading on the performance of gold and stocks.

By the end of March, she said, she had invested a total equivalent to almost £40,000, nearly her entire life savings. The following month, she said, her online account balance was shown to have slipped to zero. She said that nobody at BinaryUno answered her calls.

"They basically had assured me that the money I invested could not be lost," she told The Independent. She said that they had convinced her to keep paying in by promising to match some of her investments.

Later she said she was contacted by a representative who told her that she would only be paid out if she had trading revenues of at least £1.5m. "Now I realise just how stupid I was," she said. "I have no money at all. I'm skint."

The Australian Securities and Investments Commission and the British Columbia Securities Commission in Canada have both publicly called for caution when dealing with binary options trading platforms. Both specifically name Binary Uno.

Lawyers and personal finance experts speaking to The Independent said the Government was unable to regulate the market because the platforms - even the legitimate ones - were not controlled by the Financial Conduct Authority (FCA) watchdog.

Some binary options trading platforms are regulated by the UK's Gambling Commission, but only if the firm has gambling equipment located in the country.

Pensioner James Hellis, a former self-employed IT worker, said he invested a total of nearly £60,000 in a binary trading platform called Tradorax. Mr Hellis said he was initially approached online by the firm in February 2016. He said that he felt his pension income might be improved by accepting the investment opportunity he said they were offering him.

Like Ms Ablett, Mr Hellis said he was assigned someone who identified themselves as a "broker" to trade on his behalf and made a series of investments over the course of several months.

In December, he said he filed a request with the platform to withdraw his money, the majority of which had stemmed from his pension fund. He claims that request was denied and - like Ms Ablett - he said his account later appeared to have been blocked.

Because Mr Hellis had paid for some of the investments with credit cards, he said he raised a chargeback dispute with his banks, but they have so far been unable to help him.

He said he also reported the matter to the Action Fraud Police - the national reporting centre for fraud and cyber crime which operates alongside the NFIB within the City of London Police - and the Financial Ombudsman Service (FOS), which was set up by Parliament to resolve problems with financial services. The latter, Mr Hellis said, has told him that it is looking into his case.

"If this situation occurred in the front office of an investment bank the perpetrators would be fired," Mr Hellis claimed. "Why is the regulator doing nothing? Why are the banks doing nothing?"

A spokesperson for the FOS confirmed that Tradorax is not regulated by the FCA, which means investors do not have recourse to the ombudsman "if things go wrong".

The Independent received no replies to emails sent to addresses on both Tradorax and Binary Uno's websites or calls made to numbers listed.

Richard Howlett, a partner at London-based law firm Selachii LLP, has dealt with dozens of cases concerning binary options trading fraud, with victims conned out of anywhere from a few hundred pounds to more than £1m.

He said he had been approached by people who have lost money on dozens of different sites and that new ones appear to be springing up daily.

In many cases, clients' only hope for getting their money back is if banks to which victims have made payments are willing to cooperate by freezing accounts out of fear of being accused of facilitating criminal activity, he said.

"Sometimes that puts enough pressure on the platform to pay out at least some of the money owed," he said. "But most of the time there's nothing to be done except raise awareness to prevent more people from being conned."

He said fraud perpetrated by certain binary options trading platforms was "possibly the biggest financial scam in the world".

Many of the individuals who turn to Mr Howlett for help are pensioners, especially tempted to give trading a shot because of changes to regulation introduced in April 2015, which allow for easier access to funds.

Under the new rules, pensioners are no longer required to buy an annuity and are able to take their entire pension as a lump sum. Suddenly having access to so much cash, and with such low returns offered by other investment options, the prospect of trading binary options can be enticing.

"Pension freedoms have to a certain extent opened a can of worms," says Kate Smith, head of pensions at Aegon. She said that some scammers are specifically targeting pensioners.

"They're playing on people's weaknesses."

David Newman, head of pensions at investment firm Close Brothers Asset Management, said that "greed can send people to do silly things" but also admitted that anyone is at risk of falling for a fraudster.

"People need to be educated as early as possible about this sort of thing," he said. "Just putting a leaflet at the back of a financial statement is not enough."

Figures published this month by the FCA show that 53 per cent of pension pots accessed since the new rules were introduced have been withdrawn fully. And the watchdog has recently raised a number of concerns relating to what people are doing with that money.

A full report into the issues around pension freedom is due to be published next year.

In December the FCA published a consultation paper on the risks associated with binary options trading and, under a piece of financial regulation due to be introduced in January, regulated financial betting platforms will come under the FCA's remit, but the watchdog says that its hands are tied when it comes to any unregulated operations.

(21st September 2017)


HOW TO STAY SAFE WHILST ONLINE SHOPPING
(Mirror, dated 30th June 2017 author Ruki Sayid)

Full article [Option 1]: www.mirror.co.uk/news/uk-news/how-stay-safe-whilst-online-10710012

Britain's love affair with online shopping has sent credit card fraud to a record high of £618 million, figures reveal.

The 9% rise year-on-year puts Britain at the top of the European card crime league with crooks cashing in at a rate eight times higher than Germany.

And an internet shopping boom is at the heart of the cyber crime explosion with Card Not Present (CNP) fraud rocketing 103% between 2011-16, according to the National Audit Office (NAO).

Its Online Fraud report out today (Fri) found there were almost two million cyber fraud incidents in the 12 months to September 30 last year with CNP a game changer.

The watchdog said CNP crime cost the nation almost £309 million last year but estimates that figure will more than double to £680 million by 2021.

A study by analytics firm FICO found crooks went on a £1.44 billion credit card spending spree across 19 European nations with Britain the easiest country to pickpocket.

Only France came any where near the UK's losses with gangs putting £438.4 million on stolen card details and Germany was third with £76.8 million.

By comparison countries like Austria, Portugal, the Czech Republic and Hungary barely registered in the card crime league with losses ranging between £1.6-£5 million.

The NAO admitted there was "much work to be done" in the UK to keep the banking industry, police and consumers a step ahead of the criminals.

NAO boss Sir Amyas Morse said: "For too long, as a low value but high volume crime, online fraud has been overlooked by government, law enforcement and industry.

"It is now the most commonly experienced crime in England and Wales and demands an urgent response."

The NAO was critical of both the police for not making fraud a "priority" and said the Home Office was also not doing enough to crack down on gangs.

But Sir Amyas added that the department was "the only body that can oversee the system and lead change" and said the launch of the Joint Fraud Taskforce last year was "a positive step".

FICO senior consultant Martin Warwick added: "The growth in online spending and CNP fraud brings new challenges for banks and retailers, as criminals thwarted by chip & PIN have moved to a less risky channel.

"Hiding amongst the growth in online purchases is great from a criminal point of view, but finding and stopping fraudulent transactions just gets tougher.

"Spotting the 'needle in a haystack' requires new behavioural analytics and artificial intelligence, combined with enhanced information from outside the traditional data contained within a purchase."

According to the NAO, last year fraud overall cost the nation £10 billion with four in ten Brits losing £250 or more to crooks.

Almost 12 million adults were victims of fraudsters in England and Wales with crimes ranging from phishing attacks that sent out spoof emails to glean personal details and lottery scams to ransomware and fake dating sites.

How to protect yourself

Trading Standards recommend looking for a professional website, with a landline contact number, and details of a head office before entering any details online.

Here are Get Safe, Action Fraud and NordVPN's top tips for shopping online:

- Get protected: Before you start shopping online, secure your device with anti-virus software or a firewall. This will help block out pop-ups and hackers.

- Check the URL: Only use secure websites for purchases, never buy anything from a site that does not have 'https' at the start of the URL and also look for the icon of a locked padlock at the bottom of the screen.

- Is the deal too good to be true? Don't be seduced by "bargains" from companies which you don't know, if something appears too good to be true, it probably is.

-Only shop with companies you know and trust: Watch out for fake websites. You can tell by checking the URL of the website, it may have a different spelling or a different domain name that ends in .net or .org.

-Shop from home: Using public WiFi hotspots such as those offered by coffee shops and libraries could leave you vulnerable. If it won't wait until you get home use your own 3G/4G network.

NOTE - This article provides some comprehensive information on the following :

Financial Scams - How to stay safe

- Tips to avoid pension scams
- Fake holiday websites
- HMRC tax rebate text scam
- Card dangers
- student loan scams
- contactless card dangers
- Scams that steal your savings
- rental scams

Scams to watch out for

- Caught speeding scam
- How Groupon hackers work
- EHIC and DVLA scammers
- 4 dangerous WhatsApp scams
- Fake supermarket coupons
- SIM - splitting scams - how they work
- Fake "Wcouncil tax refund" emails
- NHS scams

(21st September 2017)


SHOCK AS BURY HOSPICE LOSES £235K IN CYBER FRAUD
(Bury Times, dated 27th July 2017 author David Taylor)

Full article [Option 1]:

www.burytimes.co.uk/news/prestwich/15433370.Cyber_criminals_steal___235k_from_Bury_Hospice/?ref=rss

CYBER criminals have stolen £235,000 from Bury Hospice in a sophisticated and "sickening" fraud.

The online crooks plundered hospice bank accounts following an elaborate hoax involving an online virus check.

Bury Hospice chairman Prof Eileen Fairhurst said: "We are shocked and sickened that fraudsters would target hospices and other charities. It is beneath contempt when you think how this money was raised by hard-working volunteers and kind benefactors - and what it is needed for."

The hospice is now carrying out a full investigation and keeping in close contact with its bank.

Prof Fairhurst said: "Our own protection systems are now subject to extensive review. The police and the Charity Commission have been informed. There will be no immediate impact on the running of Bury Hospice and we will continue to provide an excellent service to those in the Bury community who need us."

Prof Fairhurst said all avenues are now being explored to recover the money and the matter is being investigated by the police national fraud investigation team.

Other charities in the Greater Manchester area have also been targeted in a similar way and some have also suffered financial loss.

And hospices in other parts of the UK have also been victims of online theft.

The news is a further blow to the hospice after a turbulent few years during which some people are believed to have lost confidence in the charity and fundraising became difficult.

In March, the former chief executive of the hospice, Jacqui Comber, won a claim of unfair dismissal and could be in line for a payout of up to £72,000.

However, the hospice in Rochdale Old Road recently celebrated the start of a new era after it was given a 'good' rating by the Care Quality Commission following its latest inspection.

But despite the hope of a fresh start, the fraud comes at a time when Bury Hospice can only afford to keep open six of its 12 available beds.

Fundraiser Ann Birch, former chairman of the Ramsbottom support group for the hospice, said: "I am absolutely horrified.

"We have had it bad enough, this on top is just dreadful. We have all been trying to raise as much money as possible for the hospice. I am sure everybody involved with fundraising will be very shocked. It is hard work raising money these days, because there are a lot of different charities and people don't have that much money.
We were really just getting on top of things, so that is really bad news. It costs so much every day to keep that place going, it is devastating. But hopefully now people will all get together and try to reimburse it, but that is a lot of money to replace."

Sgt Simon Ward, from Bury police, works across the borough raising awareness about and tackling cyber crime.

He said: "The fraudsters don't care who they affect or the impact that their actions might have on people.
It can be very lucrative work for them and it is usually well-organised. It is not the old style criminal who will turn their hand to anything. This kind of cybercrime can be used to fund even more serious crimes such as terrorism, so it is a national threat. Once the money has been taken, it is very difficult to get back."

Sgt Ward and his team will be visiting business, banks and charities in the coming weeks to advise on how best prevent online fraud and cybercrime.

Action Fraud is the UK's national reporting centre for fraud and cyber crime where people should report fraud if they believe they have been scammed, defrauded or experienced cyber crime.

For more information, visit: http://www.actionfraud.police.uk

(21st September 2017)


JUNE 2017


HOW TO TELL IF IT IS REAL
(Good Housekeeping, dated June 2017)
www.goodhousekeeping.co.uk [Option 1]

With cons and rip-offs on the rise, you need to keep your wits about you when you're online. Here's what to look out for :

Fake Holiday booking sites


One common scam involves fraudsters hacking into the accounts of owners on well known accommodation sites, such as Aidbnb, and creating convincing fake entries. You may receive emails from so-called "owner" asking you to send money, but this cash goes into a criminal's bank account.

STAY VIGILANT

- Check the web address is legitimate. Make sure it has not been altered, for example, with unexpected numbers or characters.

- Contact the accommodation' owner before and after you book, through the websites messaging feature.

- Never pay money into a personal bank account. Use a secure service - look for the "https" and a closed padlock symbol - or a payment provider, such as PayPal.

- Google the property. Bad reviews - or none at all - are a clue.

Fake Passport renewal sites

When you're applying for a new passport, driving licence or European Health Insurance Card (EHIC), make sure you don't get caught out by a copycat website. These sites may closely resemble the legimate ones, but you will be charged a premium for a public service that's either free, or much cheaper, via the official channel. Misleading sites also crop up when you search to apply for a holiday visa, birth or marriage certificate, book a driving theory test, or file a tax return.

STAY VIGILANT

- Go directly to the gov.uk site - or, for the EHIC card, to nhs.uk.

- If you do fall for a copycat site, you may be able to get your money back using Section 75 of the Consumer Credit Act, if you paid with a credit card.

Fake Social Media promotions

Beware of promotions claiming to offer vouchers if you share a particular message on Facebook or via WhatsApp. These scams can seem very convincing, and its easy to get sucked in if you see people you know sharing the message. But the bogus links can lead to phishing or malware sites. Spam you friends with fake promotions and you could end up sreading a virus.

STAY VIGILANT

- Tread carefully if a promotion asks you to share a page with friends.

- Watch out for tell tale speling and grammar mistakes.

- Think twice if a well known brand offers freebies to celebrate an anniversary.

- Type the promotion into Google and see what comes up.

And finally

- Trust your instincts - if something sounds too good to be true, it probably is.

- Fallen victim ? Contact Action Fraud at actionfraud.police.uk or call 0300 123 2040

(1st September 2017)


PEOPLE ARE NOT PROTECTING THEMSELVES - WHY THOUSANDS OF BRITS ARE STILL AT RISK OF FINANCIAL FRAUD
(Mirror, dated 28th June 2017 author Emma Munbodh)

Full article [Option 1]:

www.mirror.co.uk/money/people-not-protecting-themselves-thousands-10697588

How safe do you consider your personal details to be on the internet? If the answer is 'very', you might want to think again.

That's because new figures released today by the government's security arm, Action Fraud, have revealed that identify theft is at an all time high in the UK - with record numbers of criminals stealing people's data online for financial gain.

And it's costing the UK £5.4 billion a year. In 2016, 172,919 people reported identity theft to fraud protection agency Cifas, with the figures steadily rising since 2008.

Despite these numbers, a YouGov and Equifax report released today, has found that thousands of Brits are still browsing - and entering sensitive data - on the web without precautionary measures in place - even though they're aware of the potential risks.

According to Cifas, 40% of us don't have antivirus software installed on our devices and 27% use the same password across all accounts, a further 55% admit to using password-free wi-fi in public and entering sensitive data whilst on it.

City of London Police spokesman Dave Clark, said: "The recent survey results have highlighted that we need to do more to protect ourselves from fraudsters.

"There is a common misconception that only old people fall victim to fraud but reports show that every age and demographic is affected."

YouGov found that 31% of people think the over 60's are the most at risk to fraud - this is not necessarily the case.

Lisa Hardstaff, fraud expert at Equifax added: "How people manage and store their passwords for their online accounts is the first line of defence to keeping their personal information safe and secure from fraudsters.

"The fact that just under a third use the same password for multiple accounts and slightly more admitted to writing them down, clearly demonstrates people are being complacent and are of the belief that their personal information won't be at risk," Hardstaff added.

"The reality is that ID fraud is an indiscriminate crime that affects all ages in the UK irrespective of where they live or how much they earn. Everyone is vulnerable - so everyone needs to be vigilant."

How to protect yourself from identity fraud

Action Fraud, Cifas and Equifax have revealed the measures people should be taking to protect their identities from unscrupulous criminals - and it takes just five minutes.

- Set your privacy settings across all the social media channels you use, and think twice before you share details - in particular your full date of birth, your address, contacts details - all this information can be useful to fraudsters.

- Password protect your devices. Keep these complex by picking three random words, such as roverducklemon and add or split them with symbols, numbers and capitals: R0v3rDuckLemon!.

- Install anti-virus software on your laptop and any other personal devices and then keep it up to date. Check MoneySavingExpert have a recommended list of the best free anti-virus software here.

- Take care on public wi-fi - fraudsters hack them or mimic them. If you're using one, avoid accessing sensitive apps such as mobile banking.

- Download updates to your software when your device prompts you - they often add enhanced security features.

What to do if you're a victim


Act fast if you think you have been a victim of identity fraud.

If you receive any mail that seems suspicious or implies you have an account with the sender when you don't, do not ignore it.

Get a copy of your credit report as it is one of the first places you can spot if someone is misusing your personal information - before you suffer financial loss.

Review every entry on your credit report and if you see an account or even a credit search from a company that you do not recognise, notify the credit reference agency. They all offer a free service to victims of fraud.

Individuals or businesses who have fallen victim to identity theft should report to Action Fraud.

(1st September 2017)


HOW FRAUDSTERS SCAMMED £18,000 FROM A CRIMINAL PSYCHOLOGIST
(This is money, dated 20th June 2017 author Lily Canter)

Full article [Option 1]:

www.thisismoney.co.uk/money/beatthescammers/article-4566082/Fraudsters-scammed-18-000-criminal-psychologist.html

Fraudsters scammed £18,000 from a high profile criminal psychologist using 'persuasive techniques straight out of a psychology textbook'.

The professor, who has helped police hunt serial rapists, arsonists and murderers, was caught out when conmen phoned his home.

The scammers took him through a series of fake 'security' checks before transferring the money from three separate bank accounts.

Professor David Canter, who is director of the International Research Centre for Investigative Psychology at The University of Huddersfield, is one of Britain's foremost behavioural profilers.

He is best known for developing criminal profiling in the 1990s after he helped police catch Railway Rapist and serial murderer John Duffy.

More recently his research has involved studying fraudulent emails and warning people of the dangers of online scams.

But the 73-year-old was caught out himself when he was embroiled in an elaborate con to empty his bank accounts.

'I was a complete idiot. I am the first to admit it. I should have known better and I should have spotted it,' said Professor Canter.

ronically, the scam began when fraudsters hacked into his BT email account despite the professor using a complex password.

He said: 'A colleague told me a spoof email had been sent from my address saying I was in Turkey and needed money. I immediately changed my password and didn't think anymore of it.'

But a week later the professor realised he wasn't receiving any emails. After lengthy conversations with BT helpdesk he realised his email messages were being automatically forwarded onto another address the fraudsters had set up.

'I stopped the forwarding but then a few days later I got a phone call at home saying my IP address had been compromised.'

Professor Canter received the phone call on his ex-directory number from a 'polite woman with an Indian accent' claiming to be acting on behalf of BT.

'I was immediately very suspicious and asked how they got my number. She said they got it from BT and they had been alerted to a security problem with my computer. In hindsight I think they got the number when they hacked my email in the weeks before.'

The woman took Professor Canter through a series of 'checks' asking him to corroborate unique numbers on his computer, which he wrongly assumed meant the caller was legitimate.

He said: 'She knew all these details about me and my computer and she was very formal. There was a sense of urgency and concern and it makes you feel you have to something about it.'

The woman then passed him onto a man who asked the professor to download some 'protective' software before logging into his bank accounts. The whole operation took several hours and the professor chatted to the fake technician about his BT training and university education in Britain.

'They were very sophisticated in terms of their plausibility,' said Professor Canter. 'We can learn a lot about the techniques of persuasion from these people. They use just the right level of technical terms to make you think you understand when you don't. They probably spent a few weeks building up how they were going to deal with me.'

The convincing back story made the professor believe that they were putting a block on his bank accounts so they could not be accessed. But in reality the scammers were setting up transfers to move thousands of pounds into their own account.

Whilst they were putting this block into the system the screen went completely blank. The man on the phone said 'don't panic', and then he moved onto the next account. I was doing other work at the same time and I think they deliberately targeted me before a bank holiday so it would be difficult for me to contact the banks.'

At the end of the call Professor Canter started to get suspicious and the realisation of what was happening sunk in.

'They said they were at the end of their working day and they would finish in the morning as it was about 5pm. When the call finished I rang an IT expert I use and he told me straight away that it was a scam.'

Professor Canter immediately logged into his online accounts to change the password then contacted Lloyds, Natwest and Santander to alert their fraud departments. This was not as easy as he had expected.

He saw that the hackers had set up transfers of £2,500 from his Lloyds account, £7,500 from his Natwest account and two lots of £3,919 from his Santander account - a total of £17,838.

And he was surprised to find that the banks all had different security systems to deal with fraudulent transfers.

'Lloyds had the best system. If there is an unusual sum of money going to an unusual location they put a temporary block on it. I was able to put a stop to that transfer. The money had transferred out of my Natwest account and although it was difficult to get through to someone they repaid me all of the money the next day.'

Santander eventually repaid Professor Canter £3,919, around six weeks after it was taken by the scammers.

'Their system recognised one of the transfers as fraudulent and automatically stopped it. I don't understand why they did not do that for the other one. Santander said I endorsed the transfer via a message on my phone. I was in such a tizzy I don't know what I did, but I can't find the message on my phone.'

Frustratingly, Professor Canter says he knows the account numbers the money was transferred to and yet he says the banks and police do not appear to be chasing the money.

The police gave the professor a crime number and told him to contact Action Fraud, the national fraud and cyber crime reporting centre.

This was assessed by the National Fraud Intelligence Bureau who contacted the professor to say they would not be able to investigate. They were unable to provide a comment on his case.

'No-one has the resources to follow through on these bank accounts. Santander told me they get a case like mine every three minutes,' said Professor Canter.

The trauma of the crime has left the professor feeling 'violated and vulnerable' and cost him both financially and emotionally.

He said: 'It has made me terribly anxious about having an online account. I have had to change all my bank accounts and buy a new computer as I found that the fraudsters had put about 300 programmes on it. It has made me suspicious of everyone and caused me a lot of stress.'

Action Fraud said that it had received the report in April, which was assessed by the National Fraud Intelligence Bureau at the City of London Police. However it said there were 'insufficient lines of enquiry for an investigation based in the UK'.

It added that with 250,000 crimes reported to Action Fraud every year, not all cases can be passed on for further investigation, but that the disruptions team was able to take down the phone number used by the fraudsters.

(1st September 2017)


BANK WORKER ADMITS PART IN SOPHISTICATED FRAUD
(Echo, dated 16th June 2017 author John Lucas)

Full article [Option 1]:

http://www.echo-news.co.uk/news/15334306.Bank_worker__24__admits_part_in____sophisticated____fraud_in_which_a_group_of_scammers_stole_millions_of_pounds/

A BANK worker took part in a "sophisticated fraud" which saw scammers steal millions of pounds from rich customers using a string of impersonators, a court heard.

Molly Jones, 24, of Bohemia Chase, Leigh, scoured computer systems at Lloyds Bank for rarely-accessed accounts holding large sums of money before passing the details to the criminal gang.

The gang then ordered new bank cards so imposters could pose as the customers and set up transfers of hundreds of thousands of pounds.

The money was laundered through a series of bogus companies before being moved offshore to prevent it being recovered, it is claimed.

One victim lost more than £750,000 after an unknown man used a fake driving licence in his name to set up two transfers over three days.

The Old Bailey heard Jones was involved in the attempted fraud on the account of Thomas Murphy at time when it had a £3million balance.

She set up a payment of £486,000 - supposedly for a house purchase - after an imposter came into her branch of Lloyds TSB.

Investigations of her mobile phone revealed messages relating to the Murphy account and a description of the man impersonating the customer.

She has admitted conspiracy to defraud but other defendants are standing trial at the Old Bailey.

Benjamin Omoregie, of no fixed address, has also admitted involvement.

Courtney Ayinbode, 29, of Magdalen Court, Enmore Road, South Norwood, denies conspiracy to defraud between 9 November 2012 and 8 August 2013.

Kushveer Raulia, 25, of Gledwood Gardens, Hayes, West London, denies two counts of conspiracy to defraud and one count of converting criminal property.

Parvez Hussain, of Cedar Road, Romford,, denies converting criminal property.

Another bank worker accused of involvement- Tajinder Galsinh- is not involved in proceedings.

Prosecutor Paul Cavin told the Old Bailey: "They were all involved in an agreement to defraud Lloyds TSB of millions of pounds.

"Accounts belonging to people with large balances - in some cases several millions of pounds - were targeted.

"To identify those rich accounts, an insider, an employee of the bank was recruited to help the gang.

"The insider would then assist in breaching the security protocols in order to steal the money.

"The money would be transferred to accomplices who would swiftly transfer the money through a number of bogus businesses before eventually the money would disappear offshore.

"Once it is offshore it can come back onshore and nobody can trace it."

The first victim lost £750,975 in the space of three days after his account was accessed by both Ayinbode and Omoregie at the Balham and Streatham branches of Lloyds TSB in July 2013.

A few days later the customer's address was changed and a new card was issued to the new address, it is claimed.

Then on August 5 a man claiming to be the customer went into the Kings Cross branch to ask to set up a transfer.

The Echo told last year how Jones was involved in another major scam. She admitted being part of a money-laundering ring involving a luxury car firm based at London's Canary Wharf. She was given a two-year suspended sentence. The trial continues.

(1st September 2017)


THE FAKE PAYPAL EMAILS THAT ARE TRICKING BRITS OUT OF THOUSANDS - WARNING SIGNS AND HOW TO REPORT IT
(Mirror, dated 12th June 2017 author Emma Munbodh)

Full article [Option 1]:

www.mirror.co.uk/money/fake-paypal-emails-tricking-brits-10611050

A new wave of suspicious emails claiming to be from online payments platform PayPal are back in circulation, the UK's security body has warned, and they can empty out your bank account in just seconds.

Action Fraud UK - the government's cyber crime agency - has warned of a particularly high number of PayPal phishing emails that are landing in people's inboxes, claiming to be from the electronic payments company.

The emails claim 'unusual activity' has been flagged on their accounts - although this is not the case.

Once clicked on, victims are redirected to a fraudulent version of the PayPal website - one that looks remarkably similar - where they are asked for sensitive data to resolve the alleged 'issue'.

A PayPal spokesperson told Mirror Money: "At PayPal we go to great lengths to protect our customers in the UK, but there are still a few, simple precautions we should all take to avoids scams."

"We do contact our customers by email (e.g. for marketing purposes), however if the email is about an account limitation, then the customer should: open their internet browser, visit www.paypal.co.uk and login.

"If we require the customer to take any action, we will communicate that in the secure message centre."

Deputy Head of Action Fraud, Steve Proffitt added: "Fraudsters are increasingly targeting people with very professional looking emails warning that online accounts have been compromised and asking you to click on links to verify your details.

"Action Fraud is now warning people about fake emails that appear to have been sent from PayPal. These emails ask you to log in and review your Paypal account. It is difficult to know if they are fake as they look so professional.

"If you have received one of these fake emails, we are advising people not to follow the links in the email as by logging into your account, you are providing fraudsters with your login details which gives them access to your account.

"Always contact the fraud department of the organisation directly from the contact details you have on your statements or bank card and explain the contents of the email you have received."

What the emails say

This fake PayPal email even made us look twice! Well designed, slick and personalised. The link leads to a fake login page!

In most cases, the emails open with the line: 'We noticed unusual activity in your PayPal account'.

The emails appear incredibly professional - and feature PayPal's trademark font, logo and layout.

In a tweet, Action Fraud said: "This fake PayPal email even made us look twice! Well designed, slick and personalised. The link leads to a fake login page! #Phi shing".

Other customers have reported emails claiming their accounts had been either 'suspended' or 'lifted'. These featured prominent typos which experts warn should not be ignored.

"We've limited your access and the reason is the last login attemp , we've limited your account for security reasons.

"To fix this problem you have to login and update your personal informations by following this link."
(Don't its bogus)

In several more cases, the scammers claimed the victim had "added a new email address to their account". This is a common tactic used by criminals to instill fear or panic, prompting the user to click on the email in haste.

But it doesn't end there.

One email doing the rounds claims you've made a payment - which of course is not the case.

These emails employ similar tricks to those used by banking fraudsters - which alerts users to unidentified transactions.

How to tell if the email is genuine or a hoax

- Check the email address - in most cases fraudulent addresses will contain multiple letters and numbers and will appear unusually long.

- Be aware of any emails and pop-up windows asking you to click on a link or provide personal information directly in response.

- A genuine email will only ever address you by your full name at the beginning - anything that starts 'Dear customer' should immediately raise your suspicions.

- Do not reply or open any attachments that arrive with the email.

- If you suspect something is wrong, get in touch with the firm directly to verify it.


What PayPal say you should do


"Phishing" is an illegal attempt to "fish" for your private and/or sensitive data. In most cases the criminals will claim to be from a well-known company such as PayPal.

If you believe you've received a phishing email, follow these steps:

1. Be aware of any emails or text messages that ask you to provide personal information directly in response.

2. Look out for spelling mistakes, which are a common tell-tale sign of a fraudulent message.

3. A genuine PayPal email will only ever address you by your full name at the beginning - anything that starts 'Dear customer' should immediately raise your suspicions.

4. Scammers often use a false sense of urgency to prompt you to act on a phishing email such as hyperlinks asking you to login to your account. If you want to check that PayPal has tried to reach you, go to PayPal.co.uk and log into your account normally. You will have a secure message waiting if PayPal does need you to take any action.

5. If you have any concerns regarding an email you have received, you should send it to spoof@paypal.com .


Action Fraud tips if you've received a suspicious email

- Do not click on any links in the scam email.

- Do not reply to the email or contact the senders in any way.

- If you have clicked on a link in the email, do not supply any information on the website that may open.

- Do not open any attachments that arrive with the email.

- If you've been a victim of fraud, report it to Action Fraud .

(1st September 2017)


FRAUDSTERS "USE TRICKS OF SPEECH" IN CONS
(BBC News, dated 31st May 2017)

Full article : www.bbc.co.uk/news/business-40104294

Cold-calling fraudsters use an urgent tempo of conversation or apologetic language to convince victims they are genuine, research has suggested.

The con-artists often adopt the persona of someone in authority such as a police officer or a fraud detection manager, transcripts have shown.

The Take Five campaign, which raises awareness of scams, asked a speech pattern analyst to study calls.

Dr Paul Breen said fraudsters use a variety of techniques to garner trust.

"The process used by fraudsters is carefully scripted from beginning to end - knowing the language fraudsters will use to mimic patterns of trust can help people to avoid becoming a victim," he said.

He found that while many people are more likely to trust a stranger over the phone if they sound like a "nice person", a caller acknowledging someone's concerns and sounding apologetic can be the hallmark of a scam.

Analysis suggested that fraudsters use snippets of information about their victims, remain patient and acknowledge concerns about security to gain the trust of the person being called.

Cases of identity fraud have been rising, with young people a growing target, often after people give up personal information to someone pretending to be from their bank, the police or a retailer.
Related Topics

(1st September 2017)


BEWARE THIS PHISHING EMAIL SENT BY SCAMMERS WHO PRETEND TO BE THE DVLA OFFERING YOU A CAR TAX REFUND
(Daily Mail / This is money, dated 13th June 2017 author Rob Hull)

Full article [Option 1]:

http://www.thisismoney.co.uk/money/cars/article-4599872/Scam-email-fraudsters-posing-DVLA.html

Drivers are being warned of a new scam email feigning to be from the Driver & Vehicle Licensing Agency telling them they are due a refund on their car tax.

The email, which 'brazenly' includes an address for reporting scam emails, has a link to a 'secure web form' that's designed to collect personal information from unwitting recipients.

The correspondence targeting motorists says: 'We would like to notify you that you have an outstanding vehicle tax refund of £239.35 from an overpayment, request a refund.'

It goes on to urge recipients to complete the web form and promises that funds will be paid into their account within four to six days.

BBC Watchdog tweeted the phishing email to warn motorists to ignore and delete it immediately.

The email looks legitimate and includes the DVLA's existing logo and fonts - something that could dupe many motorists into sharing their personal data.

And as one final brash move, the scammers have included a link to the email address phishing@dvla.gsi,gov.uk for people to report possible fraudulent emails to the DLVA.

When would I receive a refund from the DVLA?

Criminals behind the email seemingly timed it to take advantage of changes to Vehicle Excise Duty rates from April 1 and ongoing confusion surrounding the switch to online car tax after paper discs were scrapped in 2014.

Under the current system, when an owner sells a vehicle they must cancel the outstanding tax and they are then refunded the remaining full months.

The only other scenarios where you'll receive a tax refund from the DVLA will be if the car has been declared SORN (Statutory Off Road Notification), written off by your insurer, scrapped at a vehicle scrapyard, stolen, exported out of the UK, or registered as exempt from vehicle tax.

If you currently still have your car and none of the above scenarios are true, there is no reason why the DVLA would offer a refund.

In fact, the DVLA said it will never send links to third party sites or ask for confirmation of personal details or payment information - red flags that should stall confused drivers before they they fall for the scam and submit their own data.

It's not the first time scammers have targeted motorists by impersonating the DVLA.

Last year, This is Money revealed an example of an email that was sent to drivers asking them to confirm their direct debit details.

The DVLA warned motorists that it would never contact them about direct debits and said not to open the PDF attached to the scam as it contained malware.

Over the last two years, fraudsters have also pretended to be the DVLA by contacting drivers via text.

Tony Neate, CEO of Get Safe Online, said the switch has made it easier to manage your car tax but has also made it easier for scammers to defraud people by sending them 'sophisticated hoax emails'.

'As phishing emails become ever more sophisticated and elaborate, it is important to be vigilant about sharing any of your personal information online,' he told This is Money.

'Like many official bodies, the DVLA's policy is to never send links to third party sites or ask for confirmation of personal or payment details - so if you do receive emails asking for this sort of information, stay one step ahead and report them immediately.

'If you're ever not sure, be your own detective and contact them by other means - perhaps phoning the number you would use normally.

'In addition, you should never use free public Wi-Fi to fill out online forms, however convenient, as you can't guarantee it will be secure.

'And always look out for 'https' at the beginning of the address as well as the 'padlock symbol' in the browser frame as it shows the website you are using is secure.'

(1st September 2017)


FRAUD HOTSPOTS : DO YOU LIVE IN A DANGER ZONE ?
(Love Money / BT News, dated 16th June 2017)

Full article [Option 1]:

https://home.bt.com/lifestyle/money/money-tips/fraud-hotspots-do-you-live-in-a-danger-zone-11364188604295

New research from Which? has revealed the top danger zones around the country for dating fraud, computer repair scams, investments cons and other types of fraudulent schemes.

The study draws on data from Action Fraud - the main body to report cases of fraud in the UK - on scams reported during 2014, 2015 and 2016, broken down by police area and type.

Which? has used the information to reveal where certain types of fraud appear to be more common in England and Wales and is urging the Government to tackle the growing problem.

Norfolk

Norfolk residents were the most likely to report incidents of dating fraud, where victims are duped into sending money to bogus lovers.

This impacted 1.6 people for every 10,000 people in the country, compared with the national average of 1.1.

The county was also a prime location for reported lottery scams, where victims are tricked into paying to enter a fake lottery, with 2.2 people per 10,000 reporting compared with one nationally.

Dyfed-Powys


Those living in Dyfed-Powys, Wales, commonly reported losing money to computer repair fraud, which involves a cold caller getting in touch to help fix a non-existent computer glitch.

Which? noted that this type of fraud tended to be reported in areas with an older population. In Dyfed-Powys 19.3 people per 10,000 were hit compared to the national average of 10.4.

The area was also a hotspot for fake services fraud, where victims are tricked into paying for a service that doesn't exist or aren't delivered. This impacted 13.4 people per 10,000 in contrast to the national average of 9.5.

London

London was also revealed to be a common are for scammers to target with a myriad of frauds, probably thanks to the large amounts of wealth and people concentrated in the area.

Which? found those living and working in the capital were most at risk of falling victim to a range of scams including: being charged fees for fake loans (4 per 10,000 people), social media or email hacking (3.7per 10,000), scam door-to-door sales (4.3 per 10,000), rental scams (3.4 per 10,000) fraud involving false or stolen goods (8.55 per 10,000), payment redirect fraud (3.9 per 10,000) and ticket fraud (4.7 per 10,000).

Other fraud hotspots

The data revealed that Dorset residents were particularly prone to being targeted by computer virus, malware and spyware fraud, with 3.8 cases per 10,000 people, compared to the national average of 2.3.

Households in affluent Surrey most commonly reported financial investment fraud, with 2.1 people per 10,000 compared to 1.3 nationally.

While those living in Warwickshire typically reported the most cases of retail fraud with 15.67 reports per 10,000 people in contrast to the 3.4 national average.
The scale of the fraud problem

In total Which? Found there were 266,964 frauds reported between 2014 and 2016. Below are the types, what they involve and the scale of the problem.

TYPE OF FRAUD (Source: Which?)

The reported cases were to Action Fraud (2014-2016)

Online shopping and auction fraud - Number reported : 123,298

What it involves : A product advertised online doesn't exist, arrive, or match its original description. It also includes where sellers aren't paid for goods sold online.


Computer fixing fraud - Number reported : 80,264

What it involves: Someone is told that there's a problem with their computer which can be fixed for a fee. No fix actually happens.


Fees for fake services - Number reported : 66,035

What it involves: Victims pay an upfront fee for a service that doesn't exist. For example, cold callers falsely offer to make PPI claim for money, or employers demanding money for employment checks for jobs that don't exist.


Cheque, plastic card and online bank account fraud
- Number reported : 54,696

What it involves: Someone's cheque, card or online bank account is fraudulently used. It doesn't include companies that deal with electronic money transfers.


Fake or stolen products fraud - Number reported : 41,108

What it involves: Victims make a purchase after being shown, or test a product. However, that product is later found to be false or stolen - also known as 'Other consumer non-investment fraud'.

Retail fraud - Number reported : 30,944

What it involves: Fraud committed against retailers, such as when goods are ordered with no intention of paying, or when a fraudster tries to get a refund from stolen goods.

Fake loan fraud - Number reported : 19,531

What it involves: A victim is offered a 'loan' in exchange for a fee. The loan never materialises.


Payment redirect fraud - Number reported : 16,467

What it involves: Fraudsters get a victim to change a direct debit, standing order or bank transfer by pretending to be an organisation that the victim regularly pays. This could be a phone or energy company, for example.

Hacking cases - social media and email - Number reported : 16,249

What it involves: Someone's social media or email account is hacked. This is unlikely to result in money loss directly.

Door-to-door sales and bogus tradesmen - Number reported : 15,907

What it involves: Fraudsters go door-to-door offering goods or services that are never delivered, or are of poor quality.

Computer virus/malware/spyware - Number reported : 15,561

What it involves: Scammers trick you into spreading a virus or allowing malware to be installed on a device. A virus is a computer program that can replicate itself and spread from one computer to another. Malware/spyware collect information or data from infected devices and passes them on to another device.

Fake ticket fraud
- Number reported : 14,949

What it involves: A victim purchases a ticket in advance only to find that it's never received, or isn't valid for the event.

Other financial investment fraud - Number reported : 9,521

What it involves: This covers a range of scams designed to convince people to part with their savings.

Dating scams - Number reported : 8,311

What it involves: The victim is persuaded to send money to a prospective 'lover'.

Lottery scams - Number reported :6,933

What it involves: The victim pays to enter a non-existent 'lottery'.


What about Scotland and Northern Ireland?

The research found that Scotland and Northern Ireland had much lower reports of fraud compared to the rest of the UK over this three-year period.

Which? says this is likely because the Scottish police aren't officially part of Action Fraud reporting network while Northern Ireland joined in June 2015.
Getting tough on fraud

Which? is urging the Government to set out plans to tackle fraud and scams.

It suggests improving how businesses handle customer data, the response to a data breach and to ensure people get the right redress.

The watchdog is also calling for the Payment Systems Regulator (PSR) to implement stronger rules to protect consumers from bank transfer scams.

Gareth Shaw, Which? money expert, said:"As more information is available about us online than ever before, fraudsters are finding it much easier to know who to target and how.

"These criminals are constantly finding new ways to rip us off and those tackling fraud should be upping their game. The Government needs to set out an ambitious agenda to tackle fraud, while law enforcement agencies need to be working harder to identify and protect the people most at risk from fraud."

If you think you may have fallen victim to a scam you should report it to Action Fraud.

uaware Further information

Original Which ? article :

http://www.which.co.uk/news/2017/06/revealed-the-fraud-capitals-near-you/?utm_medium=Email&utm_source=ExactTarget&utm_campaign=Weekly_Scoop_170617

(1st September 2017)


VEHICLE ONLINE SHOPPING FRAUD
(Action Fraud, dated 12th June 2017)
www.actionfraud.police.uk

Fraudsters have been advertising vehicles and machinery for sale on various selling platforms online. The victims, after communicating via email with the fraudster, will receive a bogus email which purports to be from an established escrow provider (a third party who will keep the payment until the buying and selling parties are both happy with the deal).

These emails are designed to persuade victims to pay upfront, via bank transfer, before visiting the seller to collect the goods. The emails also claim that the buyer (victim) has a cooling off period to reclaim the payment if they change their mind. This gives victims the false sense of security that their money is being looked after by this trustworthy third party, when in fact it is not and the money has gone straight to the fraudster.

Protect yourself:


- When making a large purchase such as a new car or machinery, always meet the seller face to face first and ask to see the goods before transferring any money.

- If you receive a suspicious email asking for payment, check for spelling, grammar, or any other errors, and check who sent the email. If in doubt, check feedback online by searching the associated phone numbers or email addresses of the seller.

- Contact the third party the fraudsters are purporting to be using to make the transaction. They should be able to confirm whether the email you have received is legitimate or not.

- False adverts often offer vehicles or machinery for sale well below market value to entice potential victims; always be cautious. If it looks too good to be true then it probably is.

If you have been affected by this, or any other type of fraud, report it to Action Fraud by visiting www.actionfraud.police.uk, or by calling 0300 123 2040.

(1st September 2017)


BOGUS CALLERS
(Essex Community Messaging, dated 1st June 2017)

We have recently had a couple of incidents in different areas of Essex where Bogus Callers have made out they were from the local council and had come to investigate and remove rats nests in the loft. These bogus callers have then proceeded to take a deposit of cash (or in at least one case with a card reader) and said they would return to remove the nest and then disappeared.

If you do get a visitor along these lines, they are likely to be fraudulent. Please ring your local council direct to confirm that any caller is bonafide. Fraudsters can produce fake ID badges.

If an unknown trader knocks on your door at any time , don't open it unless you use a door chain . Preferably, open a small window either upstairs or downstairs and speak through the window.

To verify someone's identity please ring the organisation they claim to be from. Use a number from a bill or telephone directory that you have looked up yourself - never use a telephone number provided by the caller. A bona fide caller will wait outside whilst you verify their validity - a bogus caller is also likely to disappear as soon as they know you are telephoning to check identity.

Please do not let anyone into your home if you are not expecting them. REMEMBER - Your door - Your House - Your choice. Not sure? Don't Open the Door

Display a 'No Cold Calling' sticker on your front door. These are available from Trading Standards free of charge. Call them on 03454 040506.

If you do need work undertaken on your property, Trading Standards operate a 'Buy With Confidence' scheme, which enables residents to identify approved local traders who have readily demonstrated a commitment to high working standards, high levels of customer care and a fair trading policy.

The 'Buy with Confidence' scheme is available via the internet https://www.buywithconfidence.gov.uk/ or by telephone 03454 040506.

REMEMBER: NOT SURE? DON'T OPEN THE DOOR.

(1st September 2017)


WEDDING SERVICES FRAUD
(Action Fraud, dated 6th June)
www.actionfraud.police.uk

With the upcoming "Wedding Season", and for those individuals who are considering making plans for next year and beyond, you should be aware of the potential risks of fraud involved.

According to 'bridesmagazine.co.uk', in 2017 the average wedding cost spend is approximately £30,111. This will be paid out to multiple vendors, including; photographers, caterers, reception venues and travel companies, to name a few. Many of these services will require booking at least several months in advance and you may be obliged to pay a deposit or even the full balance at the time.

Being aware of the potential risks and following the below prevention advice could minimise the likelihood of fraud:

Paying by Credit Card will provide you with protection under Section 75 of the Consumer Credit Act, for purchases above £100 and below £30,000. This means that even if a Company goes into liquidation before your big day, you could claim a refund through your Credit Card Company.

Social Media - Some Companies run their businesses entirely via social media sites, offering low cost services. Whilst many are genuine, some may not be insured or may even be fraudulent. There are a few things you can do to protect yourself;

- Ensure you obtain a physical address and contact details for the vendor and verify this information. Should you experience any problems, you will then be able to make a complaint to Trading Standards or consider pursuing via the Small Claims Court.

- Ensure you obtain a contract before paying money for services. Make certain you fully read and understand what you are signing and note the terms of cancellation.


Consider purchasing Wedding Insurance - Policies vary in cover and can be purchased up to two years in advance. They can protect you from events that would not be covered under the Consumer Credit Act.

Complete research on each vendor, ensuring you are dealing with a bona fide person or company. Explore the internet for reviews and ratings and ask the vendor to provide details of past clients you can speak to. You should do this even if using companies recommended by a trustworthy friend or source.

For services such as wedding photographers, beware of websites using fake images. Look for inconsistencies in style; Meet the photographer in person and ask to view sample albums. If you like an image from a wedding, ask to view the photographs taken of the whole event so you can see the overall quality.

Remember, if something appears too good to be true, it probably is!

(1st September 2017)


SIX TRICKS FRAUDSTERS USE TO GAIN YOUR TRUST
(BT / Love Money, dated 5th June 2017)

Full article [Option 1]:

https://home.bt.com/lifestyle/money/money-tips/six-tricks-fraudsters-use-to-gain-your-trust-11364184899041

New research from Financial Fraud Action (FFA) shows how scammers manipulate our instinctive human willingness to accept someone at their word in order to con us.

Dr Paul Breen. a speech pattern analyst, has found that fraudsters use specific techniques to gain our trust when they call before they try and get us to hand over valuable financial or personal information.

"The process used by fraudsters is carefully scripted from beginning to end - knowing the language fraudsters will use to mimic patterns of trust can help people to avoid becoming a victim," says Dr Breen, senior lecturer at the Westminster Professional Language Centre.

Six common scam call tricks


Dr Breen analysed recordings and transcripts of real-life scam phone calls and discovered six key tricks fraudsters use to gain your trust.

1. Seem to know you - the con artist will use snippets of information about you that they've gathered from different sources to sound like they are familiar with you and know what they are talking about.

2. Use apologetic language - they will attempt to create a false balance of power by apologising for taking up your time so that you feel sympathy for them.

3. Layers of authenticity - they will remain patient as they seemingly build up authenticity until they have convinced you they are legitimate.

4. Impersonate an authority figure - criminals will pretend to be someone in authority such as a police officer or fraud detection manager.

5. Welcome scepticism - if you are dubious they will turn that to their advantage by welcoming it and acknowledging your concerns about being security conscious.

6. Switch tempo - con artists will increase or decrease the pressure by creating a false sense of urgency or using understanding language.

Would you fall for them?

Reading through those tricks you may think you wouldn't fall for them, but a survey by FFA UK's Take Five campaign suggests otherwise.

It looked at the factors that make us more likely to trust a stranger over the phone and asked people to rank trust factors. The top three results were all tricks used by criminals.

The most common factor that makes us trust someone over the phone is 'sounding like a nice person' followed by 'sounding like they know what they're talking about', and almost a third listed 'offering to help with a problem'.

Most of the people surveyed said they were cautious of trusting strangers without meeting them, and a third of people said they never trust anyone on the phone. But fraudsters are prepared for our scepticism.

Dr Breen found that scammers used the 'patterns of trust' outlined above to build up an appearance that they were legitimate and get around our mistrust by mimicking the kinds of people we tend to believe.

"Tackling financial fraud is a priority for every bank and each one continuously invests in advanced security systems to protect their customers," says Katy Worobec, director of FFA UK. "However, as this research confirms, fraudsters use sophisticated methods in an attempt to circumvent these when targeting victims.

"While the payments industry stops six in every £10 of attempted fraud, it cannot solve the problem alone. Criminals try to take advantage of our instinctive willingness to accept someone at their word."

You can protect yourself from financial fraud by taking a moment to step back and think whether a phone call really seems genuine.

"We are asking everyone to take five - to take that moment - to pause and think before they respond to any financial requests and share any personal or financial details."

(1st September 2017)


MAY 2017


SERIOUS FRAUD OFFICE WARNS OF £120m PENSION SCAM
(The Guardian, dated 27th May 2017 author Rupert Jones)

Full article [Option 1]:

www.theguardian.com/money/2017/may/27/pensions-scam-self-storage-serious-fraud-office-warning

Retirees have been persuaded to switch all their cash into schemes involving self-storage facilities and there are fears they may have lost huge sums

Fears are growing that large numbers of people may have lost huge sums of money after investing their retirement pots in - of all things - self-storage units. The Serious Fraud Office this week launched an investigation into storage unit investment schemes, and revealed that more than £120m has been poured into them. But could that just be the tip of the iceberg?

One man was persuaded to transfer almost £370,000 out of his workplace pension and put it all into one such scheme supposedly offering an 8%-12% return. The Pensions Ombudsman, which looked at his case, said the "blameless" man had switched out of the "secure and generous" NHS pension scheme and may have lost all his money as a result. Others were lured in with claims that they could more than double their money in just six years.

Many of us have used a self-storage facility at some point - perhaps to temporarily stash our belongings when moving home. But what most people probably don't realise is that these units (also known as storage pods) have been touted as a wonder investment with double-digit returns. Many people appear to have lost some, or all, of their retirement savings after falling for the spiel of firms flogging dodgy schemes.

The SFO says it is probing several, including Capita Oak Pension and Henley Retirement Benefit, plus some schemes that invested in other products. It adds that more than 1,000 individual investors are thought to be affected by the alleged fraud, though it presumably thinks the number could be higher as it is asking people who have paid into these schemes between 2011 and 2017 to complete a questionnaire available on its website.

One brochure, issued by a property investment company, boasted of a 14% average annual yield

Kate Smith, head of pensions at insurer Aegon, says the SFO probe "is a timely reminder that unregulated unusual investments at home or abroad come with a high risk that people could lose all their hard-earned pension and other savings". She adds that it is possible that thousands more people may find they have lost money, too.

"Pension liberation" scams - where people are persuaded to transfer or cash in their pension pots and put the money into often exotic-sounding investments - have been around for years, but there has been a surge in activity since April 2015 when the government introduced reforms giving over-55s more freedom in terms of what they can do with their retirement cash.

Storage units on UK industrial estates might not have the exotic allure of hotel rooms in the Caribbean and palm oil plantations in Asia, but perhaps that was their selling point. Marketing tended to highlight how this was a profitable and growing industry.

One glossy brochure seen by Guardian Money offered the chance to buy individual units from £3,750-£30,000 said to be located in the north-west of England. The investor would buy the unit on a long-term lease from Store First Limited, and then sublet it to a management company which would subsequently rent it out.

The brochure, issued by a property investment company, boasted of a "14% average annual yield" and claimed that when capital growth and income were combined, the "forecast net return" over six years for someone investing £11,250 would be £12,180, "or over 108%" - equating to a total return of £23,430.

In December 2014, the Pensions Ombudsman published its decision in the case of "Mr X" who was persuaded to transfer his entire future pension - £367,601 - from the NHS Scotland scheme into Capita Oak. The ruling stated that Mr X was told his money would be invested in "Storefirst Limited" (sic), "a large self-storage firm in the north of England". It was offering a 8%-12% return "and therefore it seemed a good investment". He later discovered that he couldn't get his money out.

The ombudsman said Mr X may well have been "duped" out of his entire pension, and it is not known whether he ever recovered any of his money.

In April 2015 the ombudsman published two decisions relating to a man called Joseph Winning, who transferred £52,401 in pension cash from Scottish Widows and Legal & General to Capita Oak. Winning's money had apparently been invested in Store First storage pods, the rulings said.

Things don't look good for Mr X or Winning (and doubtless others) because the two companies that acted as trustees to Capita Oak and Henley Retirement were wound up by the high court in July 2015. This was after an official investigation found that they were involved in a venture where people were cold called and persuaded to transfer their pensions "on the basis of misrepresentations made" concerning returns. The investigation found that the only investments offered to the public were storage pods marketed for sale by Store First, which paid commissions of up to 46% to another company which was part of the overall scheme.

It's all been quite frustrating for the Self Storage Association UK, which describes itself as the main trade body for the industry. Its boss Rennie Schafer says investment companies have been aggressively marketing these unregulated schemes to small investors "who are less informed of their perils," adding: "The idea of breaking it up into little pieces and selling it off is not how self-storage works."

Store First, based near Burnley, told us: "The SFO investigation is not against Store First or its product of storage pods, but against the schemes named … Store First is in no way connected with the running of any pension scheme being investigated by the SFO or, indeed, any scheme. In addition, Store First does not carry out any direct sales activity, and all sales are made by third party intermediaries."

The company added it had "no connection whatsoever" with any financial advice these schemes receive or give, or to their ongoing administration.


SMISHING FRAUD ALERT
(Action Fraud, dated 26th May 2017)
www.actionfraud.police.uk

Smishing - the term used for SMS phishing - is an activity which enables criminals to steal victims' money or identity, or both, as a result of a response to a text message. Smishing uses your mobile phone (either a smartphone or traditional non-internet connected handset) to manipulate innocent people into taking various actions which can lead to being defrauded.

The National Fraud Intelligence Bureau has received information that fraudsters are targeting victims via text message, purporting to be from their credit card provider, stating a transaction has been approved on their credit card.

The text message further states to confirm if the transaction is genuine by replying 'Y' for Yes or 'N' for No.

Through this method the fraudster would receive confirmation of the victim's active telephone number and would be able to engage further by asking for the victim's credit card details, CVV number (the three digits on the back of your bank card) and/or other personal information.

Protect yourself:

- Always check the validity of the text message by contacting your credit card provider through the number provided at the back of the card or on the credit card/bank statement.

- Beware of cold calls purporting to be from banks and/or credit card providers.

- If the phone call from the bank seems suspicious, hang up the phone and wait for 10 minutes before calling the bank back. Again, refer to the number at the back of the card or on the bank statement in order to contact your bank.

If you have been a victim of fraud or cyber crime, please report it to Action Fraud at http://www.actionfraud.police.uk/ or alternatively by calling 0300 123 2040

(1st June 2017)


RANSOMWARE CYBER ATTACK
(Action Fraud, dated 15th May 2017)
www.actionfraud.police.uk

Following the ransomware cyber attack on Friday 12 May which affected the NHS and is believed to have affected other organisations globally, the City of London Police's National Fraud Intelligence Bureau has issued an alert urging both individuals and businesses to follow protection advice immediately and in the coming days.

Ransomware is a form of malicious software (Malware) that enables cyber criminals to remotely lock down files on your computer or mobile device. Criminals will use ransomware to extort money from you (a ransom), before they restore access to your files. There are many ways that ransomware can infect your device, whether it be a link to a malicious website in an unsolicited email, or through a security vulnerability in a piece of software you use.

Key Protect messages for businesses to protect themselves from ransomware:

- Install system and application updates on all devices as soon as they become available.

- Install anti-virus software on all devices and keep it updated.

- Create regular backups of your important files to a device that isn't left connected to your network as any malware infection could spread to that too.


The National Cyber Security Centre's technical guidance includes specific software patches to use that will prevent uninfected computers on your network from becoming infected with the "WannaCry" Ransomware: https://www.ncsc.gov.uk/guidance/ransomware-latest-ncsc-guidance

For additional in-depth technical guidance on how to protect your organisation from ransomware, details can be found here: https://www.ncsc.gov.uk/guidance/protecting-your-organisation-ransomware

Key Protect advice for individuals:

- Install system and application updates on all devices as soon as they become available.

- Install anti-virus software on all devices and keep it updated.

- Create regular backups of your important files to a device (such as an external hard drive or memory stick) that isn't left connected to your computer as any malware infection could spread to that too.

- Only install apps from official app stores, such as Google's Play Store, or Apple's App Store as they offer better levels of protection than some 3rd party stores. Jailbreaking, rooting, or disabling any of the default security features of your device will make it more susceptible to malware infections.


Phishing/smishing

Fraudsters may exploit this high profile incident and use it as part of phishing/smishing campaigns. We urge people to be cautious if they receive any unsolicited communications from the NHS. The protect advice for that is the following:

- An email address can be spoofed. Don't open attachments or click on the links within any unsolicited emails you receive, and never respond to emails that ask for your personal or financial details.

- The sender's name and number in a text message can be spoofed, so even if the message appears to be from an organisation you know of, you should still exercise caution, particularly if the texts are asking you to click on a link or call a number.

Don't disclose your personal or financial details during a cold call, and remember that the police and banks will never ring you and ask you to verify your PIN, withdraw your cash, or transfer your money to another "safe" account.

If you have been a victim of fraud or cyber crime, please report it to Action Fraud at http://www.actionfraud.police.uk

(1st June 2017)


TECH-SUPPORT SCAMMERS USING WANNACRY ATTACK TO LURE VICTIMS
(Action Fraud via Essex Community Messaging, dated 23rd May 2017)
www.actionfraud.police.uk

Action Fraud has received the first reports of Tech-Support scammers claiming to be from Microsoft who are taking advantage of the global Wanna Cry ransomware attack.

One victim fell for the scam after calling a 'help' number advertised on a pop up window. The window which wouldn't close said the victim had been affected by WannaCry Ransomware.

The victim granted the fraudsters remote access to their PC after being convinced there wasn't sufficient anti-virus protection. The fraudsters then installed Windows Malicious Software Removal Tool,which is actually free, and took £320 as payment.

It is important to remember that Microsoft's error and warning messages on your PC will never include a phone number. Additionally Microsoft will never proactively reach out to you to provide unsolicited PC or technical support.

Any communication they have with you must be initiated by you.

PROTECTION / PREVENTION ADVICE

How to protect yourself:

- Don't call numbers from pop-up messages.
- Never allow remote access to your computer.
- Always be wary of unsolicited calls. If you're unsure of a caller's identity, hang up.
- Never divulge passwords or pin numbers.
- Microsoft or someone on their behalf will never call you.

If you believe you have already been a victim

- Get your computer checked for any additional programmes or software that may have been installed.

-Contact your bank to stop any further payments being taken

If you have been a victim of fraud or cyber crime, please report it to Action Fraud at http://www.actionfraud.police.uk

(1st June 2017)


PROPERTY TITLE FRAUD : SCAMMERS TARGETING EMPTY HOMES
(BT News, dated 14th May 2017)

Full article [Option 1]:

https://home.bt.com/lifestyle/money/mortgages-bills/property-title-fraud-scammers-targeting-empty-homes-11364179851756

Criminal gangs are using empty homes to take out loans and mortgages, the National Fraud Intelligence Bureau (NFIB) is warning.

Evidence has been unconvered to suggest criminals are choosing empty homes by scouring obituaries and the Land Registry.

Once an empty property is identified, the scammers organise fake documentation in order to apply for finance linked to the address.

The fraudsters will register on the electoral roll and with utility providers in order to build up the required proof to pass through all the legal hurdles.

This criminal group works until it has met all the criteria needed to get funds released, while the homeowner is none the wiser and left saddled with the debt against the property.

Are you at risk?

The NFIB says the main homeowners at risk include:

- Owners that are absent from their property
- Buy-to-let landlords who may have empty properties
- Owners that are living abroad with an empty property in the UK
- Elderly people that don't live in their properties for reasons such as long term hospital or residential care

How to protect yourself

There are certain things you can do to protect yourself from this sort of devious fraud.

Make sure your property is registered with the Land Registry. Doing this will mean you will be compensated for financial loss if you do fall victim to mortgage fraud.

It's also important to keep your contact information up to date once registered so you can be easily contacted if something suspicious is spotted.

It's also a good idea to sign up for Land Registry's free Property Alert service. If someone tries to take out a mortgage on a home you own you'll receive an alert.

You can then judge whether the activity is suspicious and seek further advice.

You should also check your credit report regularly as this logs credit searches linked to addresses in your name, so you can spot suspicious loans linked to your home.

Registering Property : www.gov.uk/registering-land-or-property-with-land-registry/when-you-must-register

Property Alert : www.gov.uk/guidance/property-alert

Where to get help

If you're concerned that your home is being used to fraudulently leverage finance call the Land Registry on its Property Fraud Line on 0300 006 7030.

The line is open from 8.30am to 5pm Monday to Friday and you can talk to specially trained staff who can provide practical guidance about what to do next.

(1st June 2017)


TOURISTS TARGETED BY FAKE POLICE OFFICERS
(Action Fraud, dated 4th May 2017)
www.actionfraud.police.uk

There has been a series of recent incidents reported to Action Fraud where a lone fraudster has approached victims whom they believe to be unfamiliar with the local area. They make an excuse to talk to the victims such as enquiring about directions or offering a recommendation for a good hotel.

After this interaction, several other fraudsters will intervene purporting to be police officers in plain clothes and will sometimes present false identification as proof. The fake officers will then give a reason to examine the victims' wallet, purse or personal items. They may also examine the first fraudster's items or try to tell victims that the first fraudster is suspicious in order to gain victim trust and appear more realistic in their guise.

After all the fake police 'checks' are finished, victims have then reported being handed back their personal items only to later realise that a quantity of money or valuables were missing.

How to protect yourself:

- If an individual claims to be a police officer ask for their name and rank, force, and examine any identification presented; this is always good practice but especially important if they are not wearing a uniform.

- The Police will never ask for your passwords or PIN details. Do not give this information to anyone.

- The Police will never request that you withdraw/transfer any money to them or to a 'safe' account.

If you have been affected by this, or any other fraud, report it to Action Fraud by visiting www.actionfraud.police.uk

(1st June 2017)


NEW SUPERMARKET ANNIVERSARY VOUCHER SCAM
(BT News, dated 9th May 2017)

Full article [Option 1]:

http://home.bt.com/lifestyle/money/money-tips/new-aldi-65-voucher-scam-how-to-tell-if-a-coupon-is-fake-11364167113171

A new scam using the lure of a £75 anniversary voucher for Sainsbury's or Morrisons is doing the rounds. It's the latest fraud involving supermarket vouchers designed to rip you off.

There are several fake supermarket vouchers scams being operated by fraudsters, purporting to be from the of the UK's biggest chains.

These fake vouchers have been frequently appearing on Facebook, Twitter as well as messenger services like WhatsApp, text and email.

Here's what to watch out for and how to stay safe.

Sainsbury's and Morrisons £75 anniversary voucher scam

Facebook posts have been cropping up claiming to offer a free £75 voucher for either Sainsbury's or Morrisons as part of their anniversary celebrations.

The text used can vary, but the offer is generally along the lines of: "Get a FREE £75 Morrisons Coupon to celebrate 117th Anniversary!". We've seen some with different anniversary years mentioned.

The Sainsbury's versions read much the same.

In order to claim your 'free' voucher, you are redirected to an external site where you are asked to share your details. However, there is no prize and your details will be used to inundate you with spam messages.

Avoid this scam, and definitely don't share it with your friends on Facebook.

Sainsbury's £250 WhatsApp voucher scam

Sainsbury's shoppers are also being targeted with a £250 voucher scam.

Customers are being asked to do a survey through WhatsApp in exchange for £250. They're then asked to send the survey on to 10 other users.

Sainsbury's £100 voucher scam

Be wary of a similar Sainsbury's scam that's being widely shared on Facebook.

Customers have taken to Sainsbury's official Facebook page to ask whether messages they've received claiming to offer a £100 Sainsbury's gift card are genuine.

We asked Sainsbury's about the issue and it confirmed that it is aware of the £100 gift card voucher offer being circulated and confirmed that these were not genuine.

A spokesperson for the supermarket told loveMONEY it's advising anyone that receives a message offering the £100 gift card to delete it and not click on any of the links.

Tesco voucher scam

Scammers targeting Tesco shoppers are using a slightly different approach.

At the moment there is a scam email promising £500 worth of Tesco vouchers after answering a survey on their phone.

However, those that complete the questionnaire are finding they've been signed up to a premium rate text service, which charges them to be entered into a monthly draw.

Aldi fake £65 coupon scam

Scammers are trying to trick Aldi shoppers into handing over their details in return for a "free £65 coupon" that can be redeemed in-store.

The victims are asked to click on a link, which takes them to a website where they're asked to enter personal information before they can print off the voucher.

The offer is of course fake and the fraudsters will then use the information to commit ID fraud.

Victims are also asked to share the voucher on social media, thus keeping the scam going. We've seen a number of the fake vouchers on both Twitter and Facebook.

Aldi has taken to Twitter to say it is aware of the hoax voucher and is investigating the matter.

It also stressed it would never ask you to share your personal details via a website in order to redeem a voucher.

If someone sends you a Facebook message or email suggesting you could get an Aldi voucher, treat it with caution and don't automatically click on the link.

If the offer is too good to be true it probably is. Also, check for spelling mistakes and use your common sense about the details it is asking you to share.

How to get genuine supermarket discounts and vouchers

Not all supermarket promotions are a scam.

You can use cashback websites like Quidco and TopCashback as well as websites like Vouchercloud and VoucherCodes.co.uk, which list genuine voucher codes and discounts.

You should also keep an eye on official Facebook and Twitter feeds for genuine offers from the supermarkets and other retailers.

How to keep safe

The company really doesn't matter. Whatever the name, and whether the too good to be true 'promotion' is on Facebook, WhatsApp or via email, the whole thing is a swindle.

They have nothing to do with the stores and, of course, there are no vouchers.

Ther best thing to do is delete the message and not click on any of the links.

(1st June 2017)


AIRBNB SCAM ALERT
(The Sun, dated 12th May 2017 author Brittany Vonow)

Full article [Option 1]:

www.thesun.co.uk/news/3543284/brit-tourist-scammed-airbnb-amsterdam/

A woman has spoken of her horror after she was scammed out of £915 for a holiday getaway through Airbnb.

Ms Brown said she had never used the online rental marketplace before, but was delighted when she found the perfect spot to celebrate her boyfriend's birthday in Amsterdam in October this year.

After contacting the Airbnb host, the 20-year-old said she was asked to transfer the £915 payment to a bank account for the three-night stay at the four bedroom home.

But after receiving a confirmation email, the young woman called Airbnb to confirm - only to be told the email address was not an official address.

Quickly calling her bank Santander in a desperate attempt to stop the payment from going through, Georgia has now slammed Airbnb for not sharing enough warnings about scammers on the site.

The house was advertised on Airbnb, asking for people to transfer money through to the personal account, rather than through the online platform.

She told The Sun Online: "When I signed up, there were not terms and conditions that told you about the site.

"I was reading through the description of the place and it said to book, please send through a query through this email address - it all seemed really friendly and he said they had availability."

Checking the accommodation with the friends she would be travelling with, Ms Brown got the contact details for the owner, confirmed the dates and paid the money.

She said: "Because I hadn't used it before, I presumed people advertised on there and then you make payments to them directly.

"After I paid them, I thought, I'll just check and I went on the Airbnb website. It took me a good half an hour to find anything about payments and it said that they should all be made through the website.

"I called my bank straight away and explained, and they said they'll do everything we can."

But the young legal secretary said she was disgusted by Airbnb's response, saying: "All I got was a 'Oh no, Ms Brown, you shouldn't have done that'.

"They shouldn't have had the advert on their website in the first place."

She said the advertisement told people looking at the rental that they would need to bank transfer the funds to the agent's account, saying that Airbnb should police the advertisements better.

The young Essex woman is now fighting to get her money back, with the scammer since contacting her and asking for more details - leaving her hopeful that they still have not received the money and she will be able to get it back.

She said: "I want to make more people aware - Air BnB is massively advertised, they want everyone to think their website is the safest.

"In fact, by not having warnings about scammers they are putting a lot of people at risk.

"I'm not stupid, I can spot things like this but it looked so legitimate.

"Air BnB preach about how they do all of these checks on the hosts, then how can something like this happen."

The Sun Online has since tried to contact the host but the number was disconnected.

An Airbnb spokesman said: "Fake or misrepresented listings have no place in our community and our team is working hard to constantly strengthen our defenses and stay ahead of fraudsters.

"We just introduced new security tools to help tackle fake listings and educate our community about staying safe online, including more warnings.

"The most important thing to know is as long as you stay on the airbnb.com platform and only send money through Airbnb, you will always be protected. There have been over 160 million guest arrivals on on Airbnb and bad experiences are extremely rare."

The listing has since been removed from Airbnb.

A Santander bank spokesperson said: "Our customer, Ms Brown found a holiday property on AirBnB and sent an email to somebody she believed was the owner of the property.

"A return email was received purportedly from AirBnB confirming beneficiary account details. Miss Brown then sent a payment of £913 to the bank account provided by the third party.

"She has since discovered this is a scam and funds were not sent to AirBnB.

"Santander were in contact with Ms Brown from the day of the transaction to start the process to try and recover the funds from the recipient bank. However, as the funds were sent overseas it can take up to 90 days to get a response."

(1st June 2017)


MOT FRAUD ADVICE
(Essex Police Community Messaging, dated 9th May 2017)

Note : This advice applies to the whole of the UK, not just Essex !!!

Following DVSA clarification used car buyers are urged to check MOT details online - the paper certificate is too susceptible to forgery.

Following a clarification by the Driver and Vehicle Standards Agency (DVSA), we are urging used car buyers to check MOT details online, rather than relying on the paper certificate.

In response to a Freedom of Information request the DVSA's MOT Scheme Management Team confirmed: "…the view of DVSA is that the test certificate is a receipt style certificate and it is the database holds the authorative record ,DVSA advice is that if a customer has concerns to the validity of the certificate or wishes to, they can confirm the details via the gov.uk website."

"This important clarification should signal a change in consumer best practice. Most car buyers accept the paper MOT at face value, but 25 years of investigating cloned and clocked vehicles has taught us not to be so trusting. The first thing we do with any claim

is check the MOT on the primary source, the government website. It is a great free service and you can see at a glance the recorded mileages going back years and any advisory notes on the condition of the vehicle.

Any discrepancy between this data and the paper certificate should set alarm bells ringing. Vehicle crime has become highly sophisticated but when it comes to paper MOTs a lot of the tactics are rudimentary, commonly simple photocopies with the mileage altered.

In one recent case, someone had downloaded the sample certificate from the government website, filled it in and passed it off as genuine. They should at least put a watermark on that because they've inadvertently provided a handy resource for fraudsters."


MoT history - https://www.gov.uk/check-mot-history
MoT (current) & tax - https://www.gov.uk/check-vehicle-tax

(1st June 2017)


UK BANK LAUNCHES "GREAT BRITISH FRAUD FIGHTBACK" TO HELP TACKLE ONLINE CRIME
(International Business Times, dated 8th May 2017 author Pramod Sharma)

Full article [Option 1]:

www.ibtimes.co.uk/barclays-launches-great-british-fraud-fightback-initiative-help-tackle-online-crime-1620292

Leading UK bank Barclays is launching a £10m nationwide initiative, dubbed the 'Great British Fraud Fightback', aimed at spreading awareness about financial fraud risks. The bank hopes to boost the protection of digital identities of Britons through the dissemination of information, tools and tips.

The digital safety drive launched on Monday (8 May) marks the first attempt by a high street bank to enable their customers to assume full control over how their debit cards would operate. Customers would be able to use the Barclays mobile banking app to instantly enable or disable remote purchases and set their daily ATM withdrawal limits. Branch employees will also have access to a new police hotline to be used in instances when customers are scammed.

The bank will also extend its awareness campaign beyond its customer network. UK residents will be able to assess their own digital safety level online through the Barclays website.

Additionally, the bank will launch a £10m multimedia nationwide campaign to spread awareness about fraud related risks.

"Fraud is often wrongly described as an invisible crime, but the effects are no less damaging to people's lives" said Ashok Vaswani, chief executive of Barclays UK.

"As a society our confidence in using digital technology to shop, pay our bills and connect with others has grown faster than our knowledge of how to do so safely. This has created a 'digital safety gap' which is being exploited by criminals."

"I believe the need to fight fraud has now become a national resilience issue, and we all need to boost our digital safety levels in order to close the gap."

The initiative comes on the heels of the Digital Safety Index survey launched on 8 May. The survey revealed that London, Bristol and Birmingham are the "scam capitals" of the UK with the largest gaps in public resilience. The survey also pointed out that only 17% of people in the UK can correctly identify basic digital threats, such as scams posted on various social media platforms.

London in particular is a city favoured by cybercriminals, as it ranked the lowest on the digital safety scale with a score of 5.89 on a scale of 1 to 10. Moreover, the City also ranks with Bristol as one of the cities with the largest proportion of the population experiencing at least one type of online fraud.

In a surprising revelation, the survey further pointed out that young people between 25 and 34 years of age were twice as likely to be victims of online fraud as older generations. The figure dispels the commonly held notion that older people are the most vulnerable victims of cybercriminals.

Instead, young Londoners possessing a postgraduate degree or above have been identified as the most vulnerable group.

"It's alarming that younger people and those in cities are more at risk", remarked Barclays head of digital safety, Laura Flack.

"We need to super-charge our digital know-how and talk to our friends and relatives to prevent these crimes from happening."

(1st June 2017)


HACKERS USING "CYBERSQUATTING" TACTICS TO SPOOF WEBSITES OF UK's BIGGEST BANKS
(International Business Times, dated 3rd May 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/hackers-using-cybersquatting-tactics-spoof-websites-uks-biggest-banks-1619769

Hundreds of fake website domains are being used by hackers to mimic some of the most popular banking services in the UK in an attempt to trick victims into handing over personal details and sensitive login credentials, a cybersecurity firm said this week (2 May).

DomainTools, a US company that monitors trends on the internet by analysing IP addresses and Whois records, warned that a quick four-day peek into global web traffic showed a number of top high street UK banks were being targeted in the scheme.

From 27-31 March, researchers monitored financial firms and a selection of US-based retailers and uncovered 324 separate websites posing as services including Barclays, HSBC and Lloyds.

DomainTools found 110 fake HSBC websites, 22 for Lloyds, 74 for Barclays and 66 posing as NatWest.

Web addresses included natwesti[.]com, lloydstbs[.]com and barclaysbank-plc[.]co.uk, standardchartered-bank[.]com and hsbcgrp[.]com.

Upon analysis, the domains were "closely connected" to websites already blacklisted for spam, malware and phishing. For most consumers, this means mainstream web browsers will likely block these automatically.

The hackers are using a tactic known as "cybersquatting", DomainTools said in a blog post. This is when website domains are cheaply purchased and then designed to include brand names, trademarked logos and only slight variations of the proper internet URLs.

No banks were legitimately compromised in the attacks.

The technique is traditionally deployed by cybercriminals to help conduct widespread phishing campaigns to scoop up users' login details and passwords.

However, by redirecting a web user to a fraudulent website it can also be used in pay-per-click ad scams or even drive-by ransomware attacks, the firm warned.

In the retail realm, the DomainTools research team uncovered web addresses impersonating a variety of top US-based retailers including Amazon, Apple, Best Buy, Nike and Walmart. Fake domains included auth-apple-id[.]com and amazonhome[.]club.

"Imitation has long been thought to be the sincerest form of flattery, but not when it comes to domains," said Kyle Wilhoit, senior security researcher at DomainTools.

He continued: "While domain squatters of the past were mostly trying to profit from the domain itself, these days they're often sophisticated cybercriminals using the spoofed domain names for more malicious endeavours.

"Many simply add a letter to a brand name while others will add an entire word such as 'login' to either side of a brand name. Users should remember to carefully inspect every domain they are clicking on or entering in their browser. Also, ensure you are watching redirects.

"Brands can and should start monitoring for fraudulent domain name registrations and defensively register their own typo variants. It is better to lock down typo domains than to leave them available to someone else. This is a relatively cheap insurance policy."

This is a technique famously used by US president Donald Trump, who regularly purchases website domains which are either critical of him or may be needed in the future. In the 18 months leading up to his January 2017 inauguration he bought a selection of 500 new website addresses.

These included DonaldTrumpSucks.com, TrumpIsFired.com and TrumpScam.org.

Top tips for consumers to avoid falling victim to spoofed websites:


- Check for extra added letters in the domain, such as Yahooo[.]com

- Check for dashes in the domain name, such as Domain-tools[.]com

- Look out for ''rn'' disguised as an ''m'', such as modem.com versus modern.com

- Check for reversed letters, such as Domiantools[.]com

- A plural or singular form of the domain, such as Domaintool[.]com

(1st June 2017)


NEARLY 7000 NATWEST CUSTOMERS FALL VICTIM TO SCAMS
(The Scotsman, dated 18th April 2017 author Martin Flanagan)

Full article [Option 1]:

www.scotsman.com/business/companies/financial/nearly-7-000-natwest-customers-fall-victim-to-scams-1-4421888

Royal Bank of Scotland-owned NatWest has revealed that nearly 7,000 customers have become the victims of fraudsters since the start of 2016.

The lender, which under RBS chief executive Ross McEwan has been striving to make itself a "safer, simpler bank", says "goods not received" cases - when someone pays for items or services that are never delivered - were the most common scam.

These account for 2,073 cases seen by the bank - or about three in ten scams carried out against NatWest customers.

Les Matheson, NatWest chief executive of personal and business banking, said: "We know scammers can be convincing and they work round the clock to persuade their victims to part with money.

"We have hundreds of people working 24/7 to detect and stop fraud, but it's very important that, as individuals and businesses, we know how to protect ourselves."

The lender said other hoaxes included "advance fee fraud", where conmen ask customers for an advance or upfront payments for goods, services and/or financial gains that do not materialise.

There are also "spoof payment requests", where people receive a bogus official request "purporting to be from someone senior in a company or a client, for payment or draw down of funds".

NatWest said business customers also continued to be defrauded for big sums via invoice fraud, when a firm receives an invoice that appears to be from a trusted trading partner but is actually fake.

(1st June 2017)


ROBOCALL SCAMS ARE COSTING US BILLIONS
(NBC News, dated 20th April 2017 author Nicola Spector)

Full article [Option 1]:

www.nbcnews.com/tech/tech-news/robocall-scams-are-costing-us-billions-millennials-are-prime-target-n748901

Note : Yes, I know, another USA article about a scam.


We may be getting more technologically advanced every day, but we still haven't outgrown (or outsmarted) the age-old nuisance of robocalls. In fact, robocalling is more rampant than ever - and scamming Americans out of billions.

A new study by Truecaller found that in 2016 roughly 22.1 million Americans lost a total of $9.5 billion in robocall scams - far more than in 2015 - with the average loss per person at roughly $430. In 2015, 27 million people reported scams to Truecaller, and though the number of reports was higher than in 2016, the average loss was much lower, at about $274, said Tom Hsieh, VP of growth and partnerships at Truecaller.

Additionally, Hiya, an app that provides caller ID and spam protection services, recorded a 130 percent growth in fraudulent robocalls since 2015.

Millennials Take the Bait

Truecaller determined that millennials are now "the most targeted group," noted Hsieh, adding that of persons aged 18-34, men reported far more scam incidents than women (33 percent of millennial men versus 11 percent of millennial women).

Hsieh and his team were surprised to see millennials falling for robocall scams. Traditionally, it's thought that elderly people - attached to their landlines and less prone to doing research online - were the prime targets.

"Our hypothesis prior to conducting the study was that millennials would be less susceptible, being tech savvy - but the victims run the full gamut," said Hsieh. "Part of that I think is due to the nature of the scam itself. These scams prey on fear that all ages have. They also appeal to the good nature of people. During the Napa Valley earthquake last year, we saw a spike in scam calls pretending to be from local charity organizations."

Alex Quilici, the CEO of YouMail, which provides voicemail and robocall blocking services, said that he knows a few people who fell for the Microsoft robocall scam that started in 2014 and got so bad, Microsoft itself addressed it.

"People thought it was real, that their computer did have a virus because of course, their computer was running slow," said Quilici. "Also, the scam websites looked just like Microsoft's, just with a different URL."

Robocalling Has Evolved to Mobile, Just Like You


Once the pesky province of landlines, robocalls have made the shift to mobile, just like most everyone else.

"Like the attractiveness of a healthy shark to hungry remora, robocalls and fraudulent phone scams were in many respects inevitable follow-ons to a global commerce shift to digital mobile devices," said Jason Flaks, senior director of product and engineering at mobile advertising analytics company, Marchex.

Plenty of millennials have eliminated or never had a landline, meaning they're relying wholly on a mobile number, entering it on countless forms, possibly even on their own website or social media pages.

"If you sell your used bike on Craigslist and you put your phone number on there, you have between 12 and 24 hours before you start to get robocalls," said Jan Volzke, VP, data at Hiya. "Same goes if you put your number in a Facebook or Twitter post."

And if your number is San Francisco-based, chances are your robocaller is also San Francisco-based - or so he tries to trick you into assuming.

"If you're in a 415 area code, they'll use that area code to target you," said Volzke. "The [scam artists] use automated platforms to fire out millions of calls from anywhere, either in the U.S or overseas, and all you will see is a local number."

Not Just Scams, But a Whole Lot of Spam

Volzke told NBC News that Hiya detected 10.2 billion robocalls in the U.S in 2016, and that at least 10 percent (100 million calls per month) were unwanted spam calls. Dear mother of dial tones, why on earth are companies still able to do this to us?

The answer is two-fold: Firstly, it's really, really cheap to do it; and secondly, once in a blue moon it actually works.

"The business strategy of companies using this technique is similar to email spammers," said Bob Bentz, president of Advanced Telecom Services. "Since calls are nearly free over the internet, the businesses are hoping for that one rare response that will earn them a profit. I'm sure it is working or they wouldn't be continuing to do it."

Some Robocalls Serve a Good Purpose


The very word "robocall" may send chills of irritation down your spine, but it's important to remember that not all robocalls are bad. In fact, some are genuinely useful.

"Many robocalls, or calls from an auto-dialer, come from legitimate businesses," said Jim Gustke, robocall expert at Ooma. "A good example is an appointment reminder from your doctor's or dentist's office."

And then there's the perspective of the small business that may depend on robocalling services because they don't have enough people to make all the necessary outbound calls.

"Robocalls make outbound telemarketing and debt collection efforts easier for many small businesses who are short-staffed," said Niquenya Collins, president and CEO of Building Bridges Consulting. "Rather than expending human resources, computerized autodialers do the job of calling potential or existing customers to deliver updates and reminders, gauge interest in new product or service offers, or simply to save time by predetermining if the target party actually picks up the phone before the human representative takes over the call."

Useful as they can be for the business on a budget, Collins does see robocalling being abused or misused by businesses.

"Robocalls only work when there is an existing relationship with the customer and should not be used as a cold-calling strategy," said Collins, adding that companies should check Do No Call lists. "Unfortunately, many small businesses on shoestring budgets and some unscrupulous companies fail to vet their purchased lead lists against these registries."

How to Stay Safe, and What New Scams We Can Expect

If you're receiving robocalls from a company you give business to (like a pharmacy or a hair salon), but don't want to, you should be able to opt out. If you're being targeted by scam or spam artists, you'll need to do more, including flat out not answering numbers from unknown callers.

"If you're really worried about robocalls, do not ever answer an unknown number - let it go to voicemail. You may also want to find tools (such as apps) that prevent robocalls," said YouMail's Quilici. "Over time, the carriers, infrastructure, and regulations will get better, but it will take time."

Unfortunately, you may want to brace yourselves for more fraudulent robocalls. 'Tis the season for robocallers posing as the IRS.

"This time of year we see a spike in IRS type scamming," said Hsieh of Truecaller. "If you really suspect it's the IRS, ask for an official response in the mail - that is how the IRS [reaches people], through physical mail."

Hsieh also expects that given the new administration's crackdown on immigrants, there will be robocalling scams that will "target the immigrant population." So, again, keep in mind that a government agency would first contact you by mail.

(1st June 2017)


FRAUDSTERS NEED JUST THREE DETAILS TO STEAL YOUR IDENTITY - AND MOST OF IT CAN BE FOUND ON FACEBOOK
(The Telegraph, dated 13th April 2017 author Amelia Murray)

Full article [Option 1]:

www.telegraph.co.uk/money/consumer-affairs/fraudsters-need-just-three-details-steal-identity-and-can-found/

Fraudsters need just three key bits of information to steal your identity and access your accounts, take out loans, credit cards, mobile phones in your name.

All it takes is a name, date of birth and address - and most of this can be found on social media profiles, such as Facebook. And if your settings are not private, this is available for anyone to see.

A third of British adults with online profiles include their full name and date of birth, according to a YouGov survey.

Younger people are even more likely to display this information.

The survey revealed that 48pc of 18 to 24-year-olds divulge this information on social media sites compared to 28pc for those between 35 and 44.

Even if your date of birth isn't displayed, fraudsters will be able to tell if your friends post birthday messages with reference to your age.

"It's not hard to work out," said John Marsden, head of ID and fraud at Equifax, the credit reference agency.

"The date of birth is a crucial part of identification as it's the only detail that never changes. And once it's posted online, it's out there", said Mr Marsden.

Getting hold of your address and stealing your identity


Once fraudsters have your name and date of birth, it's not difficult to track down where you live.

Online directories hold huge quantities of information - from addresses, phone numbers and even a list of your past and present housemates. This can all be pieced together to assume your identity.

Some sites offer a limited number of free searches and will then charge a small fee for premium information.

The next step would be to obtain fake identification documents using your details.

These can be easily ordered online - Telegraph Money discovered one site which promised high quality passports that included security features such as watermarks, microprinting and security threads.

The site claims these would be "no different from the original documents".

The price of a replica passport depends on the country it's purported to be issued from.

A fake British passport costs £550. Those who want an additional bogus driving licence can get both for £720.

A replica US passport is priced at £590.

The site also offers money off for repeat customers. Those who order again will receive a 5pc discount - this increases to 10pc for the third and fourth order, and 15pc when five or more orders are made.

There are also a number of websites that sell imitation utility bills for £25 a time which could also be used in a credit or loan application.

Trial, error and interception


Each provider will require specific information when processing online and face to face applications. It doesn't take long to "crack the system", according to Mr Marsden.

And through trial and error, fraudsters can quickly learn what details are needed so they can go back and reapply.

Once the account is opened, the fraudster will try and intercept the documents or credit cards sent from the bank or other provider to your address.

Many addresses are targeted because of shared mail boxes - such as a set of flats with open access to post.

Protect your date of birth on social media


You can adjust the settings on your Facebook profile so that only you can see your date of birth and other personal details.

"People need to be mindful about their credentials displayed on social media - consumers don't seem to realise how key their date of birth is to their identity," Mr Marsden said.

"Cases of fraud are on the rise, with identity theft representing a major slice of fraudulent activity. More adults in the UK are engaging with social media than ever before, especially on their smartphones, and a high number are readily sharing their personal information on these platforms."

(1st June 2017)


BEWARE OF THIS BANK "SMISHING" SCAM THAT TRICKED VICTI OUT OF £71,000 INHERITANCE
(International Business Times, dated 12th April 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/beware-this-bank-smishing-scam-that-tricked-victim-out-71000-inheritance-1616710

A 38-year-old victim of a banking scam which uses fraudulent text messages has spoken out after digital fraudsters were able to drain tens of thousands of pounds from her account. The technique, known as ''smishing'', is currently in operation in the UK, experts warn.

The culprits are spoofing mobile details to make the SMS messages look like they are being sent from a legitimate source. The texts warn your card has been used in a shop and - if you don't recognise the transaction - ask you call an embedded "fraud prevention" helpline.

Of course, this will transfer your call straight through to the fraudsters, who then pose as a friendly banking representative and ask you to "confirm" your credentials.

If you give them enough information to enter your account, money will quickly be siphoned out as they set up new payees. It's not sophisticated, but it works.

This week, one victim spoke out. Surrey-based Claire Pearson, 38, opened up to ITV's This Morning programme about the scam which targeted her father's inheritance fund of more than £71,000. The target's bank has declined to reimburse the lost money.

"I received the text, but this wasn't unusual as I've had messages from them before," explained Pearson, who is heavily pregnant with her first child. "It said there had been suspicious activity on my account, asked 'do you recognise this transaction?, if not call this number.'"

"I clicked the number and it called through, and the call went on for 30 minutes," she continued, adding: "The man I spoke to was lovely, we built up a rapport and he said they would send me a new card in three days." Pearson said that by the time she became suspicious it was too late.

Santander has effectively closed the case on the basis that Pearson willingly handed over access to her passwords to a third party. A spokesperson said: "We are very sympathetic to customers who are victims of scams and welcome the media's involvement in raising awareness of scams. We investigate all instances of fraud fully, as we have done with this case."

The statement concluded: "When there has been no Santander error and customers have divulged personal, security information, we cannot accept any responsibility for the losses on the account."

It was reportedly able to retrieve roughly £2,000 of funds.

Pearson told ITV: "They reversed one transaction as it was in process when I was on the call, and since then Santander have frozen the remaining receiving accounts and returned the money in them to me. But as far as the bank is concerned the case is closed."

Action Fraud, the UK's internet and advice watchdog, said the aim of smishing scams is to "trick you into thinking you're giving up personal information or making payments with someone you can trust, such as your bank, a government agency or a business or brand name."
'The new phishing'

Harry Wallop, a consumer issues journalist told ITV: "This text message scamming is known as smishing and it is the new phishing. They are spoofing a mobile number, with a message coming in to a string of legitimate texts you've already got from your bank.

"Alarm bells shouldn't necessarily have rung when the text come through - but you should always call the number on the back of your bank card, not a number in a text message. The second alarm bell should have rung when they asked for your password."

According to the UK's Financial Ombudsman there has been roughly 6,000 complaints about disputed banking transactions over the past two years. It said claims are typically decided by taking into account if the victim's bank has made an error - which in this instance was not the case.

###Action Fraud has some top tips on how to stay safe from smishing attacks:

- Don't assume anyone who has sent you an email or text message - or has called your phone or left you a voicemail message - is who they say they are.

- If a phone call or voicemail, email or text message asks you to make a payment, log in to an online account or offers you a deal, be cautious.

- Never call numbers or follow links provided in suspicious texts; find the official website or customer support number using a separate browser and search engine.

(1st June 2017)


CON ARTIST POSING AS MET DETECTIVE CHEATED WOMAN OUT OF THOUSANDS IN LIFE SAVINGS
(London Evening Standard, dated 21st April 2017 author Matt Watts)

Full article [Option 1]:

www.standard.co.uk/news/crime/moment-wouldbe-rapist-is-snared-by-police-captured-in-dramatic-bodycam-footage-a3520096.html

A conman posed as a Met police officer to persuade his victim to hand over thousands of pounds in cash from her life savings.

The scam started when the thief rang a 51-year-old woman at her home in Waltham Forest on Thursday, February 9, telling her she had been a victim of fraud and her identification had been stolen.

Pretending to be a Metropolitan Police detective called James Portman, he told her to hang up the phone, dial 999 and quote a crime reference number, and she would be put back through to him.

In reality, he stayed on the line, meaning she did not speak to a genuine 999 operator.

Having gained her trust, the victim was then given a set of instructions by "DC Portman" and told to visit a bank on Leytonstone High Road to withdraw cash, then a bureau de change in Walthamstow to withdraw Euros and American dollars.

The conman called her again at 6pm and convinced her to hand over the cash and her bank cards as evidence, to a courier who came to her house who claimed he would take the cash to Hammersmith Police Station.

The next day she was made to transfer savings into her current account, then go to a jewellery shop on Old Bond Street to buy a high-end watch which she gave to another courier,

On Monday, 13 February, "DC Portman" told her by phone she must withdraw everything or she could lose her life savings. She was then ordered to buy another watch from a jewellers and hand it to a different courier.

The scam was rumbled when the victim's phone ran out of battery while on the phone to the con artist.

She borrowed a member of public's phone to dial 101, quoting DC Portman's name and the crime reference number she was given, which the operator said was false and there was no DC James Portman in the system.

The victim became suspicious and reported the crime to police.

Police investigating the "courier" scam have now released an image of a man they want to speak to.

Detective Constable James Egley, the investigating officer from the Met's Operation Falcon, said: "These conmen went to extreme lengths to gain the victim's trust to deliberately deceive her out of her hard-earned life-savings.

"We would appeal for anyone who recognises the man in the CCTV to contact us or Crimestoppers.

"People should be aware that the police would never send a courier service to collect items and would never ask for your PIN, bank cards, to withdraw money or to buy expensive items."

Anyone who recognises the man or has any information should call Operation Falcon on 020 7230 8203, Crimestoppers anonymously on 0800 555 111 or tweet @MetCC.

For fraud advice visit www.met.police.uk

(1st June 2017)


TRAVELLERS FACE FINES AFTER HEATHROW "PARKING SCAM"
(London Evening Standard, dated 21st April 2017 author Ben Morgan)

Full article [Option 1]:

www.standard.co.uk/news/london/travellers-face-fines-after-heathrow-parking-scam-a3519966.html

Heathrow travellers were today warned to be vigilant after almost 300 fines were issued on cars stored without permission by a private parking firm.

The penalties were given out over four days at two car parks run by Hillingdon council.

The town hall's trading standards team is now investigating whether one firm is using the car parks to store vehicles while the owners are away.

It is alleged that the owners did not park them and cars were not authorised to be left at the two sites, resulting in parking fines. Scores of parking companies near the airport offer "meet and greet" services, where cars are picked up and stored in a secure compound while the owners are away, for as much as £150 a week.

In photographs of the Yiewsley car park posted online by resident Sarah Harvey vehicles including BMWs, Mercedes and 4x4s have as many as five £60 fixed penalty notices attached to windscreens. Ms Harvey said: "I looked inside a few cars and saw some tickets on the seat that clearly say Terminal 2. It looks like people are being ripped off by the airport parking."

The 275 tickets were handed out in Fairfield Road car park, Yiewsley and Brandville Road car park, West Drayton. The total value of the fines is estimated to be £16,500.

A council spokesman said: "We urge members of the public to make adequate checks with any companies they are considering leaving their cars with, and wherever possible ensure that the facilities and services companies offer meet expectations, particularly with regards to the security of vehicles. We are aware of reports that some vehicles were parked in the car parks by a Heathrow parking company and not the vehicle owners.

"This is a matter we're taking very seriously. Our trading standards team has launched an investigation and will be contacting the people who have received the parking tickets.

"Everyone who receives a parking ticket has the right to appeal and we will be dealing with each ticket on a case-by-case basis."

Anyone with information should contact trading standards via the Citizens Advice helpline on 0345 4 040506

(1st June 2017)


PENSION ALERT
(Womens Weekly, 18th April 2017)
www.womansweekly.com

THINK YOU COULDN'T BE FOOLED ?


In a survey by Citizens Advice, three out of four people felt confident they could spot a pension scam, but when researchers showed them three mock adverts, and asked them to pick which they'd respond to if looking for pension advice, almost nine in 10 picked ads which contained clear warning signs of a scam, such as unusually hign returns, offers of pension access at under 55, or paperwork delivered by courier. And you don't have to be dim or naive to fall for the fraudsters tricks. "Many scammers use professional looking websites and leaflets to fool their victims", says Citizens Advice Chief Executive Gillian Guy. "And its difficult for consumers to stay ahead of pension scams as they evolve".


HOW TO KEEP YOUR MONEY SAFE


The Government service Pensionwise says these are the warning signs to look out for :

- Any contact that comes out of the blue, whether by text, phone or email, offering a pension review, advice or investment opportunities.

- Offers to get you access to your pension pot before you're 55, often using words like "pension liberation", "pension loan" or "legal loophole". The only way to do this without losing most of it to tax is if you are terminallly ill, and even then there are strict rules.

- Recommendations to move your money into schemes offering high returns (anything over 8% is potentially suspicious). These will often, though not always, be based abroad, and common buzzwords are "unique", "overseas", environmently friendly", "ethical" or "in you as a "a new industry". Scammers will often flatter you by describing you as a sophisticated investor", suitable for such a scheme.

- Offers of a "free pension review", or help to track down an old pension. You can get a free overview of your pension options through the government service Pensionwise (visit pensionwise.gov.uk, or call 0800 138 3944), and track down old pensions through the Pensions Tracing Service (visit gov.uk, or call 0345 600 2537). Neither of these organisations will cold call, text or email you.

- Companies claiming to be affiliated with or endorsed by Pensionwise or any other government organisation, or calls claiming to be from the government, and asking for details of your pension; these calls won't be genuine.
Look out too, for websites that look very like the official ones - there are a lot of copycat sites. Fraudsters also sometimes use company names that sound like familiar ones.

- Anyone who encourages you to take your whole pension pot out at once, or a large sum, and let them invest it for you.

- Any suggestion of time pressure, such as offers that will close after a limited time period, documents being sent to you by courier, or pushing to make you decide quickly. If you're making any decision on your pension, take your time and consider getting professional advice.

If you think you may have been scammed, contact Action Fraud (visit actionfraud.police.uk, or call 0300 123 2040).

(1st June 2017)


COMPANY THAT DUPED PEOPLE INTO CALLING PREMIUM NUMBER AT £3.60 A MINUTE IS TOLD TO REFUND VICTIMS
(Daily Mirror, dated 10th April 2017 author Andrew Penman)

Full article [Option 1]: www.mirror.co.uk/news/uk-news/company-duped-people-calling-premium-10197392

A company which tricked callers into ringing expensive numbers beginning 09 has been fined £645,000.

Most victims had used their smart phones to search online for the number of well-known organisations such as Sky or HM Revenue & Customs .

But the links they clicked on were for connection service DK Call Limited of Bournemouth, which did not disclose that calls cost £3.60 a minute, plus network access charges.

Some victims unknowingly spent £100 on a single call.

Joe Prowse, chief executive of the watchdog Phone-paid Services Authority said: "Our investigation found that consumers were calling these numbers as a result of the company's failure to provide key and clear information about the service.

"We encourage anyone using a search engine to look for a number to be aware that the first results are not always the organisation you are looking for.

"Be particularly wary of numbers for well-known companies that seem to be operating on 087 and 09 number ranges. There is likely to be a cheaper alternative."

In addition to the fine, the watchdog ordered DK Call to refund ripped-off callers.

The PSA received 69 complaints about the company in three months.

(1st June 2017)


WONGA DATA BREACH
(Action Fraud, dated 13th April 2017)
www.actionfraud.police.uk

Wonga has confirmed a data breach where up to 250,000 accounts have been compromised. The incident is now being investigated by the police and has been reported to the Financial Conduct Authority.

Wonga has updated their website with further information and confirmed that they are contacting all those affected and are taking steps to protect them, but there are also some things you can do to keep your information secure.

Here's what you can do to make yourself safer:

If any of your financial details were compromised, notify your bank or card company as soon as possible. Review your financial statements regularly for any unusual activity.
Criminals can use personal data obtained from a data breach to commit identity fraud. Consider using credit reference agencies, such as Experian or Equifax, to regularly monitor your credit file for unusual activity.
Be suspicious of any unsolicited calls, emails or texts, even if it appears to be from a company you know of. Don't open the attachments or click on links within unsolicited emails, and never disclose any personal or financial details during a cold call.

If you have been a victim of fraud or cyber crime, please report it to us: http://www.actionfraud.police.uk/report_fraud

(1st June 2017)


BT's DODGY CALL BLOCKER IDENTIFIES ACCIDENT CLAIMS AS TOP NUISANCE CALL
(The Register, dated 12th April 2017 author Kat Hall)

Full article [Option 1]:

www.theregister.co.uk/2017/04/12/bt_accident_claims_top_nuisance_call/

BT's free [CALL] spam filter, launched earlier this year to crack down on nuisance calls, has identified accident claims as the worst offender for nuisance calls with 12 million made in the first week of March.

Some two million customers have signed up to the BT Call Protect service, which it says has diverted 65 per cent of calls to the junk voicemail box.

Accident claims made up 41 per cent of nuisance callers; followed by scammers fishing for personal details (18.5 per cent); computer scams (12.6 per cent); debt collection (7.5 per cent) and PPI (6.4 per cent).

It was recently revealed that hundreds of staff were hired by scammers in Indian call centres to defraud TalkTalk customers.

BT said the service harnesses huge computing power to analyse large amounts of live data.

Rogue numbers are identified and added to the BT blacklist, which proactively diverts nuisance calls before they reach customers, unlike reactive blocking where the calls reach the customer and the numbers are changed frequently to avoid detection.

BT said customers are making more than 80,000 calls a week to BT Call Protect's 1572 number to add numbers to their personal blacklist.

BT estimates that if all its customers signed up to BT Call Protect, it could divert 1.6 billion nuisance calls a year. It is thought that PPI and accident claims companies alone are responsible for 800 million of these calls.

(1st June 2017)


DO YOU HAVE AN EXTERNAL MAILBOX
(Hertfordshire Neighbourhood Watch circular, dated 11th April 2017)

Many Hertfordshire residents have had credit cards, mobile phones or other services ordered in their name after their post has been stolen or tampered with. This is a form of Identity Fraud, causing disruption, inconvenience, credit problems and potential financial loss to victims. Cifas, the UK fraud prevention service, recently released figures showing that identity fraud has hit the highest levels ever recorded in the UK.

Residents with external mailboxes appear to be particularly at risk from this type of crime, with fraudsters stealing documents containing personal details, which they then use to order credit cards, open accounts, or order other services in the resident's name.

When the fraudulently ordered credit cards are delivered, the fraudster intercepts them, taking them from the resident's external mailbox. People who have been victims to this type of fraud are particularly unhappy to realise that fraudsters have been monitoring their home, watching their movements, and taking the items from their letterbox as soon as they have been delivered. This may happen over a considerable period of time before the crimes come to light, often when the credit card or other service providers contact the resident to chase payment.

A recent Hertfordshire victim had numerous items stolen from a locked mailbox out of sight of his house over a period of time. It is believed that the fraudters used skeleton keys. He has since added a combination lock and also suggests that a deep mail box with an internal baffle plate (which makes it very hard/impossible to take anything out of the box) is a good security measure.

Please consider the security of your postal deliveries.

Note: Police recommend that residents wishing to purchase items to improve the security of their home should look for items endorsed by "Secured By Design" ( securedbydesign.com )

(1st June 2017)


LAW ABIDING CITIZEN ALERT
(Action Fraud, dated 3rd April 2017)
www.actionfraud.police.uk

Fraudsters are sending out a high volume of phishing emails to personal and business email addresses, pretending to come from various email addresses, which have been compromised.

The subject line contains the recipient's name, and the main body of text is as below:

------------------------------

"Hi, [name]!

I am disturbing you for a very serious reason. Although we are not familiar, but I have significant amount of individual info concerning you. The thing is that, most likely mistakenly, the data of your account has been emailed to me.

For instance, your address is:

[real home address]

I am a law-abiding citizen, so I decided to personal data may have been hacked. I attached the file - [surname].dot that I received, that you could explore what info has become obtainable for scammers. File password is - 2811

Best Wishes,"

The emails include an attachment - a '.dot' file usually titled with the recipient's name.

------------------------------

This attachment is thought to contain the Banking Trojan Ursniff/Gozi, hidden within an image in the document. The Ursniff Banking Trojan attempts to obtain sensitive data from victims, such as banking credentials and passwords. The data is subsequently used by criminals for monetary gain.

Protect Yourself:


Having up-to-date virus protection is essential; however it will not always prevent your device(s) from becoming infected.

Please consider the following actions:

- Don't click on links or open any attachments you receive in unsolicited emails or SMS messages: Remember that fraudsters can 'spoof' an email address to make it look like one used by someone you trust. If you are unsure, check the email header to identify the true source of communication (you can find out how by searching the internet for relevant advice for your email provider).

- Do not enable macros in downloads; enabling macros will allow Trojan/malware to be installed onto your device.

- Always install software updates as soon as they become available. Whether you are updating the operating system or an application, the update will often include fixes for critical security vulnerabilities.

- Create regular backups of your important files to an external hard drive, memory stick or online storage provider. It is important that the device you back up to is not connected to your computer as any malware infection could spread to that as well.

- If you think your bank details have been compromised, you should contact your bank immediately.


If you have been affected by this or any other fraud, report it to Action Fraud by calling 0300 123 2040, or visit www.actionfraud.police.uk.

(4th April 2017)


THIS CON CAN COST YOU MONEY AND SEND YOU TO JAIL (Extract)
(Entity magazine, dated 18th March 2017 author Vanessa McGrady)

Full Article [Option 1]:
http://the-entity.com/e_magazine/magazine/2017/03/18/scam-alert-this-con-can-cost-you-money-and-send-you-to-jail/

Kelli Williams, a market researcher by day, was looking for a little side hustle. The 38-year-old from Oak Park, Ill., cruised Craigslist and found what seemed like a great moonlighting gig. "It seemed like it would be perfect. You could work as many or as few hours as you wanted and it was all done from your computer, remotely," she said.

A guy named "Bill" had a warehouse in California and wanted her to list items on eBay-under Williams' account-and manage the transactions and inquiries. Bill would receive the order and ship the goods to the customers. "It all actually worked at first. I listed the items, the people received them, I got some money," Williams said.

The honeymoon didn't last long. "As I took on more and larger items, complaints started rolling in. People weren't getting their items. They were demanding refunds. I kept pestering Bill and he would say the item was on its way. More emails, more demands for refunds. His next excuse was that they got lost in the mail (and he told me some ridiculous percentage of items get lost in the mail every day)."

But because the items were under Williams' name and account, she was responsible for giving out refunds for increasingly expensive items, such as exercise equipment, electronics and software. "The last time I contacted Bill to essentially beg him to make this right, he became a totally different person (for all I know he could have been) and threatened me. He said he knew where I lived and worked and would send his 'family in Chicago' after me."

All in all, Williams lost about $5,000 in what's known as a "reshipping scam," and she had to start all over again building a new eBay account because all the bad reviews had made her original one unusable. This happened about 13 years ago, and she's since rebuilt her reputation, but unfortunately, she's not alone in falling victim to a scam. According to the FBI, college students, especially now, are prone to this kind of con. "Never accept a job that requires depositing checks into your account or wiring portions to other individuals or accounts," the FBI warns on its website.

"Reshipping scams, like many job scams, are appealing because they offer the opportunity to get a job and get paid quickly. Because they don't have any experiential or educational requirements, most job seekers are qualified for these sorts of scam jobs, which allows scammers to access a bigger pool of potential victims. Most job seekers feel at least some pressure to get a job quickly, especially if they've been out of work or need extra income to meet their debt obligations. Scammers understand this vulnerability and they prey on it," says Brie Reynolds, a senior career specialist at FlexJobs.com, an agency that helps place people in legitimate work-from-home and part-time positions.

And to make matters worse, the damage could go beyond losing money for the victims . "Reshipping job scams aren't just annoying-they can actually involve job seekers in criminal activities. Most of the time, the goods being reshipped are stolen, and once a person receives those stolen goods and then mails them to another location, they've unwittingly become part of that crime," Reynolds says. In fact, to her knowledge, there are basically zero legitimate reshipping jobs.

uaware comment

Yes, I know, another USA article. This is another example of a scam that can be transfered Worldwide. Instead of the crook dipping their hands directly into you pockets they get innocent people (customers) to demand refunds and destroy your reputation in the process.

(2nd April 2017)


MARRIOTT HOTEL CONTINUES TO WARN PEOPLE ABOUT FAKE PHONE SCAM
(Fox News, dated 20th March 2017)

Full Article [Option 1]:

www.foxnews.com/travel/2017/03/20/marriott-hotel-continues-to-warn-people-about-fake-phone-scam.html

Think you've won an all-expenses paid hotel stay at a premium brand? Not so fast. If you receive a phone call offering a free stay at a Marriot hotel, you might just want to hang up immediately.

According to the hotel chain, that call is likely part of a continuing phone scam that utilizes the brand's well recognized name to access personal and financial information from potential guests.

According to Travel Pulse, the trick has been played on victims since at least 2015 and the chain has issued a series of statements warning about the calls since. But the scammers apparently haven't been deterred.

"Marriott International has been made aware of a series of fraudulent telephone calls being made in different parts of the world where the caller offers a complimentary stay at a Marriott hotel to entice the person taking the call to listen to a sales pitch unrelated to Marriott," the hotel said on March 15.

But according to the global hotel company, Marriott has absolutely nothing to do with these phoners.

"Marriott has not provided any information to the parties involved in these fraudulent calls," the hotel said in a statement.

"If you receive a suspicious telephone call, especially for a contest you did not enter, we urge you not to provide any personal information, especially credit card information. Instead, simply end the phone call."

If received, the fishy calls can be reported to the ##############. Phone cons, the commission said on their website, have led to thousands of people losing money ("from a few dollars to their life savings") each year.

According to the Commission, travel scams are a particularly common way for thieves to obtain information and money.

"'Free' or 'low cost' vacations can end up costing a bundle in hidden costs," the commission said. "Some of these vacations never take place, even after you've paid."

uaware comment


If you have been drawn in by this scam (or similar) contact your bank and warn them of an impending "dodgy" transaction. Also report the incident to Action Fraud : 0300 123 2040.

(2nd April 2017)


BEWARE UNSOLICITED PENSION CALLS
(Good Housekeeping, dated March 2017)
www.goodhousekeeping.co.uk [Option 1]

In the Autumn Statement, the Government announced that it wants to make pension cold calls illegal. Why ?

Because these calls are not only a nuisance, but also usually the work of scammers. Almost 11 million pensioners are being targeted annually by cold callers with savers reporting estimated losses of almost £19 million to pension scams between April 2015 and March 2016. If you get a call about your pension from someone you're not expecting, hang up immediately. If you think you've been targeted by a scam, call The Pensions Advisory Service on : 0300 123 1047. You should also report scams to Action Fraud on 0300 123 2040.

(2nd April 2017)


SPEAR-PHISHING SCAMMER DEMANDED SEX SHOW
(BBC News, dated 22nd March 2017 author Zoe Kleinman)

Full article [Option 1]: www.bbc.co.uk/news/technology-39338004

What is spear phishing?


"Phishing uses behavioural psychology to trick victims into trusting the attacker in order to obtain sensitive information," said Paul Bischoff of Comparitech, who also talked to Zed.

"Spear phishing is less prevalent, but far more dangerous. Spear phishing targets an individual or small group of people. The attacker can gather personal information about their target to build a more believable persona."

The incident

Six weeks ago, a young woman called Zed (not her real name) was in a meeting at work when a message popped up on Facebook Messenger from a distant friend.

"Hey babe," it began.

The friend asked Zed to vote for her in an online modelling competition, which she agreed to do.

But then - disaster. Adding her email address to the competition register had caused a tech meltdown, her friend said. She needed to borrow her email log-in to fix it quickly and restore her votes.

Zed was unsure. The friend begged - her career was at stake, she pleaded. Still in the meeting and powerless to make a call, Zed gave in - a momentary leap of faith.

Except it was not her friend that she was talking to - someone else had got into the account and was pretending to be her.

It's a scamming technique known as spear phishing.


Within minutes, Zed watched in horror as she was locked out of one account after another, as well as her Apple iCloud where she stored all her data - including a photo of her passport, bank details, and some explicit pictures. The hacker took control of all her IDs as they were all linked to the email address details she had supplied.

The scammer also activated an extra layer of security, called two-step authentication, meaning that they received all alerts about her accounts and could reset them.

Then a man called. The number had a Pakistan area code.

"He started the call by saying he didn't want any drama, he didn't want me to cry, he wanted me to talk to him like a professional," she said.

He sounded young, perhaps a college student, she thought.

'Immoral'

He accused her of leading an "immoral" life. He had seen her photographs, he knew she had smoked and had boyfriends and was sexually active.

He asked her what her parents would think and was furious when she said they already knew.

"He claimed he had hacked thousands of women," Zed says.

"He said 10 or 12 he had felt bad about because he couldn't find anything about them that was 'wrong'."

Zed was not part of that group.

"He said he was happy when he hacked my account. That I deserved everything."

He told her he would post the explicit pictures on her Facebook page - where she has more than 1,000 friends.

"I offered him money. I asked if I could pay. He said, 'Don't talk about money.' He sounded irritated," she said.

Instead, he wanted her to perform a sex act for him on camera.

Zed refused.

"Either you do it for me or you do it for the whole world," he told her - and uploaded one of the photos to Facebook.

Zed had already warned her boyfriend and parents who assembled an army of friends waiting to report activity on her account. Within 15 minutes it had been disabled by Facebook - but she still received concerned messages from contacts.

"A friend who is like a brother sent me a message - it wasn't him who had seen [the photo] but a friend of his," she said.

"I feel like I mustn't think too much about how many people saw [the photos]."

The last thing the scammer said to her was, "Have a great life."

"It seemed to me the only reason he was doing this was to morally police women and get them to do stuff for him," Zed said.

"He wanted a gallery of explicit photographs of women. That seemed to be his motive."

Zed does not consider herself to be digitally naive. She is a bright, articulate 20-something from India who works in the media industry on the US east coast.

"I have been tech savvy and on the internet almost my entire life - but I've never really seen the power of what people can do until now," she says.

Regaining control of her accounts has been a struggle. It took Zed a month to get her Apple ID back after engineers created a bespoke questionnaire for her containing answers that were not stored in her account.

Gmail and Facebook have also been restored, but she has lost Snapchat and her Hotmail address - her central account which she had used for more than 13 years.

'Chink in the armour'

"I feel for the poor woman - these scams are so easy to fall for," said cybersecurity expert Prof Alan Woodward from Surrey University.

"I think what it shows is that security is a combination of people, process and technology. You can be very 'savvy' in any one or two of these but scammers are superb at finding novel combinations that, frankly, we just wouldn't think of.

"I know it sounds so obvious but, regardless of who they are, you should not share your username and password. Give these scammers a small chink in the armour and they are sadly brilliant at getting in and running amok in your digital life."

Zed still uses iCloud but does not store personal stuff on it anymore - and has activated two-step verification everywhere.

"I still see the value in the storage. But I will never ever give any information away again," she said.

Zed originally decided to share her story on community site Reddit after trying to find others who may have been conned by the same man.

"I was really shocked to discover that I found absolutely nothing," she said.

"I was hoping that speaking up about it would remedy that problem and encourage others to share their stories.

"It also felt like the only way to get back at him."

As far as Zed knows, the scammer has not been caught.

"Cyber-criminals come in all shapes and sizes,' said prof Woodward.

"Their motive is not always monetary gain. As we have sadly seen of late, revenge or just being plain malicious is a growing trend."


How do I protect myself?


Besides never sharing the credentials for your online accounts, a good way to stay safe is to enable "two-step authentication". This means that users must enter another code besides their password, received for example by their mobile phone, to log in.

This can usually be set up in the security settings for your account or during the sign-up process. Two-step authentication is offered by Gmail, Hotmail, Apple, Amazon, Yahoo, Facebook and Twitter among others.

uaware comment

- Don't use the same password for every online service

- Use security software on every device that can go online.

(2nd April 2017)


HOPING FOR A PAYRISE ? THAN WATCH OUT FOR THIS SNEAKY PHISHING SCAM
(ZDNET, dated 23rd February 2017 author Danny Palmer)

Full article [Option 1]:

www.zdnet.com/article/hoping-for-a-payrise-watch-out-for-this-sneaky-phishing-scam/

Cybercriminals are attempting to steal credentials from government workers and university staff by deploying phishing emails claiming that the target is due for a pay rise.

Claiming to be from the human resources department, the email tells staff that they're soon to be offered a pay rise and to click a link in order to enter their credentials for 'authentication purposes'.

This fraudulent link takes the target to a fake website where they are asked to enter personal information including university log in and financial details, data which the cybercriminal perpetrators can use to gain unauthorised access to systems and steal money.

The UK's fraud and cybercrime centre Action Fraud and the City of London police issued a warning on the pay rise phishing scam following more than a hundred reports of victims receiving them.

Action Fraud also warns that universities, police forces and government agencies have been targeted by cyberfraudsters using this scheme, which is being investigated by various regional police forces.

Police advice to those who have been targeted by this phishing scam is to change any passwords associated with any passwords associated with their email accounts and IT accounts.

"Phishing emails continue to be a serious problem. It is essential that those affected take the appropriate action to protect their personal details, says Stephen Proffitt, deputy head of Action Fraud.

The University of Bath computing services department published a warning after users were sent the email.

Phishing emails are an effective attack vector for cybercriminals, who use them for everything from stealing credentials to distributing malware and ransomware. Those behind phishing schemes can send millions of emails in just a day, so even if just a tiny number of targets fall for the scam, they're still making off with a big haul of data.

The university pay rise scam isn't the first phishing campaign which Action Fraud has recently warned against; in January police warned that cybercriminals are attempting to infect people with bank data stealing malware by using emails pretending to come from a charity.

(2nd April 2017)


OLD MAGAZINE SCAM IS ALIVE AND WELL
(Los Angeles Times, dated 26th March 2017)

Full article : www.latimes.com/business/la-fi-montalk-20170327-story.html

I got scammed by a magazine company a year ago. I thought the call was about two magazines I wanted to stop as I was moving. The woman talked fast and took me through the steps with my bank card (which was stupid of me, I now know) as if she was helping and at the end she said, "Oh, those are not our magazines." Two weeks later I was receiving about eight magazines I do not want. I changed my bank card so the withdrawals would stop, but I get so many collection calls. I hang up and block that number, but then I get more. My bank manager said consumers don't have to pay for what they don't want. I have told the collectors that, but they still send bills for $1,200 for three years of magazines.

Answer: Don't expect collectors for scam artists to help you out. Amy Nofziger, regional director for the American Association of Retired Persons (AARP), recommends you contact your state's attorney general to file a complaint.

"Magazine subscriptions like this are still a huge complaint and the AGs need to know about it, so they [can] file enforcement against the company if needed," Nofziger said.

You must follow certain procedures to request that the debt collection agency stop contacting you. The AG's office may be able to help or there may be a separate collection agency board you need to contact. The Federal Trade Commission also has guidance at www.consumer.ftc.gov/articles/0149-debt-collection.

You also can call and speak to a trained volunteer at the AARP Fraud Watch Network who can help you through the steps. Its number is ************** and you can learn more at www.aarp.org/FraudWatchNetwork.

uaware comment
- YES I KNOW, THIS ARTICLE COVERS THE USA !

The point of including this article is an example of scams that can easily be tranported from one country to another. When these con artists victims dry up in their own country they will just dial another countries access code !

If you need to alter or cancel an existing magazine subscription telephone the publishers number on your previous orders documentation. If you can't find your documentation, contact your local library (your librairian will love my suggestion - but they do order magazines !).

If you have fallen foul of this con inform your bank, then call the Citizens Advice line for further help.

(2nd April 2017)


PASTY CRIMPER POSED AS ASIAN PORN STAR TO CON PENSIONER OUT OF £35,000
(Metro, dated 26th March 2017 author Jen Mills)

Full article [Option 1]:

http://metro.co.uk/2017/03/26/cornish-pasty-crimper-posed-as-asian-porn-star-to-con-pensioner-out-of-35000-6534795/

A woman who worked crimping Cornish pasties used her spare time to defraud a pensioner by pretending to be a porn star, a court heard.

Aysha Begum, 27, allegedly told retired divorcee Geoffrey Hoyland that she was a 22-year-old Bangladeshi exotic model and sent explicit videos and photos she claimed were of her.

In reality she was a pasty crimper in a factory in St Austell, Cornwall.

Begum allegedly struck up a 'relationship' after meeting him on Facebook, and asked for money and gifts including £20,000 in cash.

She reportedly told him that was to assure her conservative mother that he was financially secure and their wedding could go ahead.

Mr Hoyland, who lives with his two cats in Banbury, Oxfordshire, also sent gifts including a strapless basque, G-string and stockings, gold necklace, iPhone and white sofa.

Truro Crown Court was told that Begum's husband Jynal Khan has already pleaded guilty to fraud and was being dealt with in a separate court case.

Begum, of St Austell, is accused of committing fraud and spending £35,16.19 knowing that the money came from criminal conduct. She denies both charges.

The alleged offences date between December 26, 2014, and December 9, 2015.

Paul Grumbar, prosecuting, said: 'This case is about the allegation that this lady and her husband worked together and committed what is called a dating scam to extract money from a man, in this case a Mr Hoyland.

'He joined a Facebook page that was introducing ladies who were interested in relationships with older men.

'Mr Hoyland was, you may think, in many ways naive.'

The court heard Begum allegedly used the name Alisa Begum, so that gifts and money could be sent to her under the name 'A. Begum'.

Paul Grumbar, prosecuting, said Begum asked for cash so she could buy a car and drive to Oxfordshire to visit him, as well as money for new tyres, a satnav and to cover cost of converting the vehicle to LPG fuel.

Mr Grumbar said all the money was sent to her personal bank account which was used to pay the couple's mortgage and large sums of cash were also withdrawn.

He added: 'The Crown is saying that it is all very well her husband saying he was the man responsible for the fraud, but she must have known about it and very large sums of money going into her bank account.'

(2nd April 2017)


VOYEURS DUPED INTO PROVIDING THEIR PERSONAL DETAILS
(The Register, dated 20th March 2017 author John Leyden)

Full article [Option 1]: www.theregister.co.uk/2017/03/20/wwe_paige_survey_scam/

WWE star's swiped sex snaps survey spam snares selfie sickos !!!

Scammers are exploiting a new batch of leaked celebrity nudes, using the stolen selfies to lure in gawpers and make a fast buck.

Voyeurs are told to install a smartphone app that promises to reveal comprising photos of British WWE star Paige - whose intimate private photos and videos were leaked online this month without permission. The wrestler is among a clutch of celebs whose nude pics and sex tapes were very recently snatched and spread on the web, an act dubbed The Fappening 2.0 after similar leaks in 2014.

Pervs hoping for an illicit glimpse of Paige are tricked into allowing the app to access their Twitter account, and then led along a warren of URLs that go nowhere and serve no purpose other than to make crooks money from affiliate marketing and advertising link clicks.

Determined gawpers will eventually wind up on an internet survey page that promises to reward you with an Amazon gift card after you hand over details about yourself. "Filling this in hands your personal information to marketers," said Chris Boyd, a malware intelligence analyst at Malwarebytes. A writeup of the scam - complete with screenshots - can be found in a blog post by Boyd, here.

While surfers are looking through all these links, the dodgy phone app spams out tweets from their accounts, complete with yet more pictures and URLs as bait. It's another example - only days after the Twitter Counter app was hacked to send out propaganda branding the Dutch and Germans as Nazis - why netizens should be wary of third-party Twitter apps.

This month's Fappening 2.0 leak has cropped up in other cybercrime scams. For example, message board denizens are warning others of dodgy download links and random zip files claiming to contain stolen nude photos and video clips.

"As freshly leaked pictures and video of celebrities continue to be dropped online, so too will scammers try to make capital out of image-hungry clickers," Boyd warned.

"Apart from the fact that these images have been taken without permission so you really shouldn't be hunting for them, anyone going digging on less-than-reputable sites is pretty much declaring open season on their computers. Do yourself a favor and leave this leak alone. It probably won't be long before the Malware authors and exploit slingers roll into town."

(2nd April 2017)


SANTANDER TEXT MESSAGE SCAM
(BT News, dated 22nd March 2017)

Full article [Option 1]:

http://home.bt.com/lifestyle/money/money-tips/santander-text-message-scam-tips-to-stay-safe-and-protect-your-bank-account-11364166756084

Criminals are targeting Santander customers using a text message trick to steal funds out of current accounts.

All of the victims who have lost money are now struggling to recoup their losses as they all revealed their One-Time Passcode to the scammers. This is a vital piece of information fraudsters need to steal money.

Here's what you need to know to keep your accounts safe.

How the scam works


In the latest spate of incidents criminals are reportedly using a technique called number spoofing to send messages to victims that appear to be from the bank and part of an existing thread.

These warn that there has been unusual activity on the account and that the customer needs to call a number or click a link to verify information.

Scammers then convince the victims to provide account details for their online banking and generate a One-Time Passcode (OTP), which allows them to empty the accounts.

The OTP is an extra layer of security Santander uses to authorise things like setting up a new payee or changing details on the account.

Savings stolen

At least three Santander customers have lost more than £36,000 in total this month thanks to this 'smishing' scam, according to This is Money.

Ruth Quinn from Kent lost £15,000, Ron Williams from Southampton had £12,000 stolen and Rod Owens from Coventry is £9,200 out of pocket.

More and more people are using current accounts as savings accounts as they offer more interest than traditional deals.

This means more cash is likely to be held in a current account, which makes them a prime target for fraudsters.

The Santander 123 Current Account pays 1.5% on savings up to £20,000 and is especially good for large balances.

Growing trend

Of course the scammers can easily imitate any other bank, so it's not just Santander customers who need to be vigilent.

The industry as a whole has seen an alarming rise in the use of 'social engineering techniques', including targeted smishing.

Figures from Financial Fraud Action UK show that the amount lost to financial fraud has increased from £755 million in 2015 to £768.8 million in 2016.

Take a look at our guide to the common tricks scammers use to keep up to date with how criminals are trying to steal your money.

Can victims get their money back?


Sadly, Santander will not refund the victims of this nasty smishing scam because they handed over the essential OTP code, which allowed the fraudsters to siphon the money.

A spokesman for Santander told This is Money: "Each of these customers provided the fraudsters with their OTPs and allowed the fraudsters access to their online banking.

"OTPs are security measures we put in place to protect customers, and we have specific warnings on our online banking log-in screen and when sending OTPs not to divulge these to anyone.

"In two of the cases our fraud detection flagged the transactions and contact was made to the customers' registered telephone where these transactions were confirmed as genuine, authorising them to go ahead.

'Whilst we are very sympathetic to customers who are victims of scams, as there was no Santander error and all three customers divulged personal, security information, we therefore cannot accept any responsibility for the losses on these accounts.

'We assess all fraud claims on a case by case basis, in line with the Payment Service Regulations and the Consumer Credit Association.'

How to stay safe

Your bank will never contact you to ask for your account details, Pin or your OTP code.

You should ignore and report any message, call or email you get asking for this sort of sensitive personal information.

If you think if you have become a victim of a smishing scam, contact your bank as soon as possible using the number on the back of your debit card.

(2nd April 2017)


IDENTITY FRAUD REACHES RECORD LEVELS
(CIFAS, Dated 15th March 2016)

Full article [Option 1]: www.cifas.org.uk/press_centre/identity-fraud-reaches-record-levels

Cifas, the UK's leading fraud prevention service, has released new figures showing that identity fraud has hit the highest levels ever recorded. A record 172,919 identity frauds were recorded in 2016 more than in any other previous year. Identity fraud now represents over half of all fraud recorded by the UK's not-for-profit fraud data sharing organisation (53.3% of all frauds recorded to Cifas), of which 88% was perpetrated online.

The vast majority of identity fraud happens when a fraudster pretends to be an innocent individual to buy a product or take out a loan in their name. Often victims do not even realise that they have been targeted until a bill arrives for something they did not buy or they experience problems with their credit rating. To carry out this kind of fraud successfully, fraudsters need access to their victim's personal information such as name, date of birth, address, their bank and who they hold accounts with. Fraudsters get hold of this in a variety of ways, from stealing mail through to hacking; obtaining data on the 'dark web'; exploiting personal information on social media, or though 'social engineering' where innocent parties are persuaded to give up personal information to someone pretending to be from their bank, the police or a trusted retailer.

We have seen growing numbers of young people falling victim in recent years and this upward trend continued in 2016 with almost 25,000 victims under 30. In particular we saw a 34% increase in under 21s, and therefore Cifas is again calling for better education around fraud and financial crime and urging young people to be vigilant about protecting their personal data.

2016 also saw increases in victims aged over 40, with 1,869 more victims recorded by Cifas members.

Mike Haley, Deputy Chief Executive, Cifas said:


"These new figures show that identity fraud continues to be the number one fraud threat. With nine out of ten identity frauds committed online and with all age groups at risk, we are urging everyone to make it more difficult for fraudsters to abuse their identity. There are three simple steps that anyone can take to protect themselves: use strong passwords, download software updates when prompted on your devices; and avoid using public wi-fi for banking and online shopping.

"We all remember to protect our possessions through locking our house or flat or car but we don't take the same care to protect our most important asset - our identities. We all need to take responsibility to secure our mail boxes, shred our important documents like bank statements and utility bills, and take sensible precautions online - otherwise we are making ourselves a target for the identity fraudster."

Commander Chris Greany, National co-ordinator for economic crime said:


"With close to half of all crime now either fraud or cyber crime we all need to make sure we protect our identity.

"Identity fraud is the key to unlocking your valuables. Things like weak passwords or not updating your software are the same as leaving a window or door unlocked."

Year on year breakdown of UK total fraud figures (Recorded)

2008 : 77,642
2009 : 102,327
2010 : 102,672
2011 : 113,259
2012 : 123,589
2013 : 108,554
2014 : 113,839
2015 : 169,592
2016 : 172,919

uaware comment : National Trading Standards have stated that only 5% of fraud incidents are reported.

Age breakdown of victims impersonation


n = 2015, (n) = 2016

Under 21 : 1343 (1803)
Age 21 - 30 : 22616 (22572)
Age 31 - 40 : 36502 (33883)
Age 41 - 50 : 33702 (34010)
Age 51 - 60 : 28366 (29818)
Age 61 + : 25934 (26043)

What can consumers do to protect themselves?


- Set your privacy settings across all the social media channels you use. And just think twice before you share details - in particular your full date of birth, your address, contacts details - all this information can be useful to fraudsters!

- Password protect your devices. Keep your passwords complex by picking three random words, such as roverducklemon and add or split them with symbols, numbers and capitals:R0v3rDuckLemon!.

- Install anti-virus software on your laptop and any other personal devices and then keep it up to date. MoneySavingExpert have a recommended list of the best free anti-virus software: www.moneysavingexpert.com/shopping/free-anti-virus-software

- Take care on public wi-fi - fraudsters hack them or mimic them. If you're using one, avoid accessing sensitive apps such as mobile banking.

- Download updates to your software when your device prompts you - they often add enhanced security features.

Think about your offline information too:

- Like post. Always redirect your mail when you leave home and try to make sure your mailbox is secure.

What to do if you're a victim:

ACT FAST if you think you have been a victim of identity fraud

- If you receive any mail that seems suspicious or implies you have an account with the sender when you don't, do not ignore it.

- Get a copy of your credit report as it is one of the first places you can spot if someone is misusing your personal information - before you suffer financial loss. Review every entry on your credit report and if you see an account or even a credit search from a company that you do not recognise, notify the credit reference agency.

- If you have information about those committing identity crime please tell independent charity Crimestoppers anonymously on 0800 555 111 or at www.crimestoppers-uk.org

- If you have been a victim of fraud, you can contact Victim Support for free, confidential advice and support. Victim Support is the independent charity for victims and witnesses of crime in England and Wales. Find out more at www.victimsupport.org.uk

- Individuals or businesses who have fallen victim to identity fraud should report to Action Fraud on 0300 123 2040 or online at www.actionfraud.police.uk/


About Cifas


Cifas aims to make the UK a safer place to do business, by enabling organisations in every sector to prevent fraud and protect the public through the sharing of confirmed fraud data.

Cifas is a not-for-profit organisation and has over 360 members spanning the public and private sectors. In 2015 alone, Cifas members prevented over £1.1 billion of avoidable fraud losses by using Cifas databases. Cifas also offers Protective Registration for individuals whose identities are at risk of being used fraudulently, for instance after a burglary.

In 2014, Cifas launched a scheme called Protecting the Vulnerable. This service is offered free of charge to local authorities to protect those under the care of Court Deputies who are unable to access financial products and whose identities may be at risk.

Visit www.cifas.org.uk for more information

(2nd April 2017)


PHONE FRAUDSTERS ARE USING THIS NEW TRICK TO MAKE YOU BELIEVE YOU'RE SPEAKING TO YOUR REAL BANK
(Mirror, dated 7th March 2017 author Andrew Penman)

Full article [Option 1]:

www.mirror.co.uk/news/uk-news/phone-fraudsters-using-new-trick-9984197

Phone scammers posing as bank staff are calling customers then putting them on hold and playing holding music to make the call more convincing.

The fraudsters hope that the ploy will fool people into thinking that the call genuinely must be from their bank.

Victims are then persuaded to give personal financial information such as online banking log in details, warns The City of London Police's National Fraud Intelligence Bureau.

"Fraudsters are constantly developing new ways to make their calls more convincing so members of the public need to remain vigilant," said Stephen Proffitt, Deputy Head of Action Fraud.

"If you receive a cold call purporting to be from your bank, always end the call as soon as possible and call your bank back using the number on the back of your bank card or statement and ask to be put through to the fraud team.

"Tell them exactly what has just occurred.

"If you believe your bank details may have been compromised, you should report this to your bank immediately."

(2nd April 2017)


BANK STAFF TRAINED TO SPOT CASH SCAMS AS THEY TAKE PLACE
(BBC News, dated 4th March 2017 author Tony Bonsignore)

Full article : www.bbc.co.uk/news/business-39166130

All bank staff are to be trained to spot signs that a customer may be withdrawing cash to give to a scammer.

Police hope the scheme will help reduce financial crime by spotting scams before money has been handed over.

The plan is to train every single front-facing employee of banks, building societies and Post Offices.

Cash payments to fraudsters are typically much harder to trace than online payments with the vast majority of cases going unsolved.

Typical frauds of this kind include paying rogue builders, romance scams and elderly abuse.

The new scheme, known as the Banking Protocol, is aimed at ensuring banks and police are more active in protecting customers.

It is being run as a joint venture between the police, Financial Fraud Action - which represents banks - and Trading Standards.

All customer-facing bank staff will be told to look out for specific signs that a client may be the victim of ongoing fraud.

If they have suspicions, they are encouraged to call the police and give a special password.

Sixteen arrests

Police trained under the protocol will also commit to investigating the fraud as a priority - often visiting the bank branch, or the customer's home, immediately.

In some cases, they may be able to catch the criminal waiting outside the bank or the victim's home to collect the cash.

Bank staff taking part in the trial scheme in London made 178 calls to police which resulted in 16 arrests.

Banks say £1.4m has already been stopped from leaving customer accounts.

Police, Financial Fraud Action and Trading Standards have hailed the trial a success.

The scheme is expected to begin in the next few weeks with the first 16 police forces trained by the end of June.

''It just didn't add up'


Staff at one bank which has trialled the scheme helped stop a customer being swindled out of £13,000.

Ray, who is in his 60s, was approached by a builder at his home in London about some work on his house.

He had withdrawn £6,000 from his local branch after explaining to staff what it was going to be used for.

But when he returned a week later to take out another £13,000 he was recognised by staff member Ann-Marie.

She asked him questions about his cash withdrawal which raised suspicions.

Ray handed over the flier he had been given with the builder's contact details and staff gave him a call.

Ann-Marie added: "The person that answered wasn't very professional and the alarm bells started to ring. Plus the amount he [Ray] wanted to cash and the work he needed done just didn't add up."

Staff contacted the police who visited Ray the next day when the builder was at his property.

Officers did a background check on the builder and which uncovered suspicious activity and he was arrested.

Finance Fraud Agency (FFA) : https://www.financialfraudaction.org.uk/

(2nd April 2017)


BEWARE PRINTER HELPLINE SCAM, WARNS NATIONAL TRADING STANDARDS eCRIME TEAM
(Computer Weekly, dated Feb / March 2017 author Warwick Ashford)

Full article [Option 1]:

www.computerweekly.com/news/450413534/Beware-printer-helpline-scam-warns-NTS-eCrime-Team

The National Trading Standards (NTS) eCrime Team has issued a warning about a scam targeting those looking for help with printer problems.

The eCrime Team provides a national resource to support all local authority areas in England and Wales, tackling the increasing threat to businesses and consumers in relation to internet scams.

The "printer helpline scam" differs from most scams as it requires consumers to contact the criminals directly using fake "helpline" numbers in online adverts in search engines results or social media.

According to the eCrime Team, the criminals behind the scam are gaining remote access to people's computers by pretending to help them to resolve their technical problems.

Once victims have allowed access to their systems, the criminals are stealing personal information, including bank account details, and infecting computers with malware.

One particular criminal group, which claims to be affiliated with a wide range of technology brands and printer manufacturers, takes control of victims' computers and demands payment to release them.

Figures from Action Fraud, UK's national reporting centre for fraud and cyber crime, reveal that cases such as computer service fraud, which includes scams such this, have risen by 47% since 2014.

"This printer helpline scam is particularly pernicious because it encourages victims to unknowingly contact the fraudsters of their own accord," said Mike Andrews, lead co-ordinator of the NTS eCrime Team.

"While victims expect they will receive help with their printer problems, they have in fact been lured into a trap and find themselves at risking of losing money, important personal information and also have their computer security compromised."

Toby Harris, chair of NTS, urged people to be particularly vigilant about this scam and to use official printer helpline details or consult the official website of the manufacturer for helpline details.

"If you have fallen victim to a scam or see suspicious activity online then please report it to the Action Fraud and to Citizens Advice on 03454 040506," he said.

National Trading Standards is advising people be suspicious of helplines asking to take remote control of computers to fix printer problems.

The eCrime Team said organisations should ensure that their anti-virus and online security software is kept up-to-date to reduce the risk of unwanted pop-ups on-screen that may advertise fraudulent services.

(2nd April 2017)


SCAMS FROM ACROSS THE "POND"

uaware pre-amble


Yes, I know, these are North American articles. It still shows the type of problems that are circulating about.
Internal Revenue Service (IRS) can be translated into HMRC and fraudsters do do that. The other problem (if you can call it that) is services such as Facebook, Twitter etc are global; making scams easier to transport between countries.

THE LATEST ONLINE SCAMS EVERY BUSINESS OWNER SHOULD KNOW ABOUT
(INC. , dated February 2017 author John Rampton)

Full article [Option 1]:

www.inc.com/john-rampton/the-latest-online-scams-every-business-owner-should-know-about.html

Despite the numerous anti-fraud efforts utilized by businesses and consumers, the threat of a being becoming a victim of a cyber attack or scam is persistent. This isn't just costly, it's been estimated that the median loss caused by fraud was $145,000 in 2014, it's also frustrating, can do serious damage to your brand's reputation, and could months, if not years, for you to completely cover.

That's why it's imperative for you to be proactive when it comes to securing either your business or personal information. Having updated anti-virus software, using unique passwords, and using some common sense are a start. But, since scammers are always changing the rules to the game, you also need to stay up-to-date on the latest scams, like these 10 payments scams.

Top Banking Malware of 2016

According to the Check Point 2016 H2 Global Threat Intelligence Trends report, these were the most common of 2016;

Zeus 33% - This Trojan targets Windows platforms to steal banking information via man-in-the-browser keystroke logging and form grabbing.
Tinba 21% - A banking Trojan that steals victim's credentials whenever using web-injects and is activated when users attempt to login to their bank website.
Ramnit 16% - Another banking Trojan that steals banking credentials, FTP passwords, session cookies, and personal data.

Form W-2 Scam

This phishing scam, which is formally known as a BEC (business email compromise) or BES (business email spoofing) attack, first appeared in 2016. But, it's back with a vengeance in 2017. According to the IRS, this is "an email scam that uses a corporate officer's name to request employee Forms W-2 from company payroll or human resources departments" where cyber criminals pretend to be an "executive" to obtain employee names, SSNs and income information so that they can file a fraudulent tax return.

The latest variation of this scam, however, asks payroll or HR staff to wire money to a certain account.

Vishing and Smishing

These scams aren't exactly new, but with the mobile revolution in full swing, they could cause havoc for unsuspecting victims like this woman from the UK and these individuals in the Czech Republic.

Vishing is where a scammer calls you and pretends to be from your bank or a trusted institution like Microsoft. They trick you into thinking that there's an emergency so that you'll willingly hand over account information or download malicious malware.

Smishing, which is short for SMS phishing, works just like phishing in that you're duped into downloading a Trojan horse or virus. However, instead of downloading like this virus from an email, you download it onto your phone via SMS. The most prevalent mobile malware in 2016 was Hummingbird, Triada, and Ztorg.

PayPal Phishing Scam


If you're a PayPal user, you may receive an email that includes the PayPal logo, a well-written message, and even some fine print that informs you that you most login into your account to resolve some issues. You're then directed to click on a link to sign into your account. But, instead of logging into your PayPal account, you're actually logging into a fake page. Now the scammers have all of your PayPal credentials.

To make matters worse, some of these pages are requesting information like the user's address, phone number, social security number, and date of birth.

Venmo Scams

Venmo has quickly become one of the most popular payment apps available. It makes it painless to pay back friends or family and even split bills. However, it's also a hotbed for payment scams.

As reported in VR-Zone; "A man selling his car on Craigslist was scammed out of $1,800 when the buyer agreed to transfer the money via Venmo. According to the seller's report, he confirmed the payment when he received a deposit into this Venmo account. Things went smoothly until Venmo reversed the payment. The car title was already signed over, and the seller was out $1,800.

In another incident, a man selling iPhones over the holiday was scammed out of over $5,000 in a blink of an eye. He saw the money coming into his account, and then after everything was finalized the money was taken back by Venmo."

"These Venmo scams work so well because the scammers know a few things that you don't," writes Alison Griswold for Slate. "They are taking advantage of your assumption that because transacting on Venmo is simple and quick, it is also always safe."

The easiest way to protect yourself on Venmo is to only transfer funds to and from people that you know.

Sneaky Social Media Scams


It's not uncommon for you to catch ads or unsolicited content while on your favorite social media channel. However, like Venmo, social media has become a hotbed for fraudsters. Here are a couple of the more prevalent social media scams to be cautious of;

- Instagram money-flipping scams where a scammer promises that they can help you turn your pictures into card-hard-cash. After sending the initial payment, you never hear from the scammer again.

-Facebook charity scams where you purchase products at unbelievable prices from a fake website.

- Other Facebook scams, such as of pop culture quizzes, free product contests, salacious fake news stories, photos of baby otters, can contain malware links that of pop culture quizzes, free product contests, salacious fake news stories, photos of baby otters before viewing the content.

- Customer service scams on Twitter where hackers pretend to be from a legit organization in order to obtain personal information, like a login, password, account number or PIN, or they may direct you to phishing sites.

- WhatsApp scams that promise a gift card if you complete a survey. In reality, it's a trick so that scammers can steal personal information.

Amazon Gift Cards


According to the Federal Trade Commission, scammers are asking people to buy big online purchases, like a car or a boat, with an Amazon gift card. "Posing as sellers, scammers say they need to sell a car fast -- maybe they're in the military or about to deploy. They tell you to pay with an Amazon gift card."

"Don't do it. Amazon gift cards aren't a way to pay someone -- you can only use them at Amazon.com. So if someone asks you to pay with an Amazon gift card, it's a scam. If you share the code from an Amazon gift card with someone, you're giving that person control of the money on the card. By the time you realize it's a scam and report it, the money will likely be gone."

Fake Altcoin Sites


Cryptocurrency scams have been around since the launch of bitcoin in 2009. However, with eCash becoming more widely embraced by the mainstream, many newbies who want to start investing in cryptocurrency may fall victim the increasing amount of fake altcoin sites.

Examples of these sites include OneCoin, S-Coin, and Earthcoin. Another site, which appears to have been shutdown, is Hashpoke.

To avoid getting scammed, do your research before handing over money to a new or lesser known altcoin site. Look for reviews, trust your instincts when reviewing their website, and stick with reputable bitcoin alternatives like Litecoin or Dash.

Calling the "Issuing Bank"


If you have a brick-and-mortar location, you may encounter a customer whose credit card is denied. They angrily call their "issuing bank" from their cell phone. Once they're in contact with a "representative," they hand the phone over to you so that you can be informed that the card is good and the transaction can be authorized offline. In good faith, you complete the transaction.

According to Heartland Payment Systems, when your monthly statement arrives, you notice a "Code 72 dispute (i.e., the issuing bank received a transaction that was not authorized). The jewelry store's account is debited and a chargeback reversal is denied."

Conclusion


Scammers are always modifying their techniques and using the latest technology to trick you into submitting financial information. In order to stay ahead of these nefarious individuals, follow basic security protocols like not opening links from unknown senders, never sharing account information or information with anyone over-the-phone, avoiding public WiFi, and using anti-virus software, firewalls, and tools that detect malware.

You also need to educate yourself, and your team if you're a business owner, on the most common security threats and stay updated on the latest scams and trends by frequently visiting sites like the Federal Trade Commission's Scam Alerts page and reviewing the previously mentioned Global Threat Intelligence Trends.

Most importantly, don't be complacent. Just because you have anti-virus software and use common sense doesn't mean that you're 100% safe. For example, digital wallets are fairly secure, but some are known to have bugs and security flaws. And, there's always the instances of human error during the card-setup process. In short, make sure that your accounts are set-up properly and that you constantly review your account activity.

----------------------

EMPLOYMENT SCAM TOPS BBB's LIST OF TOP CON JOBS IN 2016
(CBC News, dated 1st March 2017 author Roshini Nair)

Full article [Option 1]:

www.cbc.ca/news/canada/british-columbia/employment-scam-tops-bbb-s-list-of-top-10-con-jobs-in-2016-1.4003556

Canadians lost a reported $90 million to scams last year, but the total could be much higher, according to the Better Business Bureau.

The BBB's newly released list of the top 10 scams of 2016 includes information from the bureau's scam tracker website, the Canadian Anti-Fraud Centre and concerns from community partners.

Danielle Primrose, president of the Better Business Bureau of Mainland B.C., said the biggest scam last year involved fake employment recruiting.

"Even though it wasn't the largest reported loss, it was reported all across Canada," she said.

As part of the scam, callers "hire" people over the phone or online, and ask them for banking information so they can get paid. Instead, they get robbed.

"The scammers are getting very savvy now," said Primrose. "They're getting people to fill out a lot of paperwork and they make it look very official. They'll send you a signing bonus and then ask you to wire money back or send it to another employee."

Other scams that made the top 10 this year included online dating, investment fraud and the notorious Canada Revenue Agency (CRA) tax hoax.

Unreported losses could be much higher


In addition to getting more savvy, the scammers are also getting more profitable, according to Primrose.

The $90-million loss is much higher than in 2015, when $61 million in losses was reported, and 2014, when scammers took $71 million.

While the higher number could be due to increased reporting, Primrose said the vast majority of scams remain unreported.

"We think [$90 million] is only around five per cent of the total loss," she said. "If you do the math, it could be as high as $1.8 billion."

Primrose said many people are reluctant to report a scam because they are embarrassed or don't know where to report. She recommended contacting a local authority or the Better Business Bureau.

Even if you have already been scammed and lost money, it's still important to report it as the statistics are helpful to track the scam, she added.

Top 10 scams (Canada)


Here are the top 10 scams of 2016 and how much was lost based on the people reporting them:

Employment: $5.3 million.
Online dating: $17 million.
Identity fraud: $11 million.
Advance fee loans: $1.1 million.
Online purchases: $8.6 million.
Wire fraud spear phishing: $13 million.
Binary option scams: $7.5 million.
Fake lottery winnings: $3 million.
Scam involving person claiming to be from CRA: $4.3 million.
Fake online endorsements: Amount unknown.

Better Business Bureau (Scam Tracker - North America) : https://www.bbb.org/scamtracker/canada

---------------------------

(1st March 2017)


MAN POSING AS COURIER CONNED ELDERLY WOMEN OUT OF THOUSANDS OF POUNDS
(London Evening Standard, dated 27th February 2017 author John Dunne)
Full article and photograph [Option 1]:

www.standard.co.uk/news/crime/man-posing-as-courier-conned-elderly-women-out-of-thousands-of-pounds-a3476726.html

Elderly women have been tricked out of thousands of pounds by a man pretending to be a courier.

Detectives say the victims received phone calls telling them they had to hand their bank cards and PIN numbers to a courier for security reasons.

The cards and numbers were then used to take cash out of the women's accounts.

Police have issued this image of a man they wish to identify and speak with in connection with the incidents, which all took place in south London.

The first incident took place on November 14 last year at around 10am, when an elderly Croydon woman in her 80s was targeted.

A man was later seen in a Beckenham branch of Barclays Bank using the cards to take £1,000 out of her account.

The second incident was reported in Thornton Heath at about 3pm on Friday January 6 when a woman in her 70s was defrauded.

The suspect was seen withdrawing £5,600 from a cash point at Barclays in Thornton Heath.

Another elderly woman - aged in her 80s - was called by a man purporting to be from her bank at about 2pm on Monday, January 23.

The suspect kept her on the phone for more than two hours and warned her if she didn't hand over her cards and PIN numbers she would be arrested and sent to prison.

A courier collected her cards and withdrew £500 from her account at a cash point in Norbury.

The suspect is described as a black man, about 5ft 8in to 6ft tall, with dreadlocks or braids tied up at the back.

During one of the incidents he wore glasses and distinctive red tracksuit bottoms with the number 23 in white on the right thigh.

People with information are urged to call Detective Sergeant Natalie Reseigh from Croydon CID on 101 or Crimestoppers on 0800 555 111.

 uaware comment

Just because this criminal has operated in South London doesn't just mean he will operate only in that area.

(1st March 2017)


MAN JAILED FOR FOUR YEARS FOR DATING WEBSITE FRAUD
(BBC News, dated 15th February 2017)

Full article [Option 1]:

www.bbc.co.uk/news/uk-england-hampshire-38980568

A fraudster has been jailed for conning money from women he met through dating websites.

David Coombs also targeted people in hospitals in Hampshire and Dorset, pretending to be a wealthy businessman.

The 52-year-old, of Hunston Road, Chichester, had previously pleaded guilty to nine fraud offences committed in 2015.

He received a four-year sentence at a hearing at Southampton Crown Court.

Police said his victims were aged between 49 and 83 years old.
'Immeasurable effect'

Coombs would strike up relationships with them before asking to borrow money claiming his wallet had been stolen or his card mistakenly blocked by his bank.

He purported to be a wealthy businessman, employed by an interior design company, and claimed to have multiple properties and offshore bank accounts.

Coombs came to the attention of police after one woman he had been in a relationship with contacted them when he began to harass her.

Det Sgt Will Whale said he had been "spinning a web of lies" over 22 months.

"His persistent offending has had an immeasurable effect on the lives of his victims, not just financially but also psychologically."

(1st March 2017)


THE INTERNET SCAMMER WHO LOVED ME.......NOT
(The Guardian, dated 11th February 2017 author Sofija Stefanovic)

Full article [Option 1]:

www.theguardian.com/lifeandstyle/2017/feb/11/internet-scams-dating-romance-money

On 2 February, at the cusp of Valentine's Day, the Los Angeles sheriff's department warned of the "growing criminal epidemic" of romance scams during a community meeting called Love Hurts. Romance scams are a type of online fraud, in which criminals pose as desirable partners on dating sites or email, win the hearts of their victims and end up fleecing them of their money. Lt Antonio Leon said the forum's name was tongue-in-cheek, "but the truth of the matter is that love really does hurt, for some people".

According to the Internet Crime Complaint Center, last year romance scam victims lost $173m in California alone. Ouch. And that's just the reported scams; victims are often too embarrassed to report they've been duped.

So how is it possible people still fall for them? That's the attitude I used to have - until I got involved with a scammer myself, and things got messy.

I met "Cindy" via my spam folder, not long after I moved to New York City from Melbourne. "If you would be interested for a serious friendship hit me back with more details about yourself. I am 26 years old, I live alone in Senegal." Yes, Cindy was obviously a scammer. And knowing this, I got back to her.

Let me back up. I'd become fascinated with scams back when I lived in Australia. Back then I was researching them for a TV show. Scams were a hot-button topic, and I went to a victims' support group to learn more. That's where I met a widower named Bill.

"I just wanted someone to hold me," Bill said, explaining why he joined a dating site in the first place. He met someone, fell in love, and was eventually left bankrupt. Bill and I became friends. He was a smart, worldly man, and I was baffled as to how he could have fallen for a scam.

Just before I left Australia, Bill and I celebrated his 80th birthday. We talked about his scam, and Bill said something that stuck with me. He said that in the back of his mind he knew he was being scammed, but he kept sending money because couldn't bear for his relationship to end. This fascinated me - it seemed his loneliness overrode his common sense. Even as Bill and I spoke about the detrimental effects of scams, I was pretty sure he was still sending money overseas. I suspected that when I left his place, he'd jump online and give himself over to his scam once more.

Not long after, I moved to New York with my boyfriend, Michael. Michael went to work in an office and made new friends, while I stayed home and researched scams. I was haunted by Bill's story, and I wanted to write about lovelorn victims like him, but I also wanted to find out more about perpetrators - those who leech victims of their money.

And that's when Cindy's email arrived. I got a notification that Cindy wanted to talk via Gchat, and voilà, I thought: I had my guinea pig scammer.

In customized curly rainbow font, Cindy asked what the weather was like in Mumbai, which made me realize she had her wires crossed between me and someone else she was scamming. I decided there was no need to correct her, for now, so I Googled the weather in Mumbai.

Cindy sent a photo: a pretty, ponytailed woman about my age, with a full build, leaning against a car. Scammers often steal photographs online, and though I knew that the "Cindy" I was chatting to was probably not the woman in the photo, it was easier to attach a face to the name. So whenever I communicated with Cindy, I pictured the woman leaning on the car.

The soccer World Cup was starting, and in Australia I'd always watched with friends. Cindy said she wasn't into soccer, but that she'd make an effort to watch because I liked it, and that's the sort of thing people in relationships did for each other. According to her, we were dating.

So while my boyfriend was at work, my Senegalese girlfriend and I watched soccer and chatted online. When my boyfriend wasn't at work, I tactfully closed my laptop, because I preferred for him not to think I was chatting to a scammer all day.

Cindy was either the most attentive person I have ever semi-dated (ready with a "hi babe!" the second I came online) or she was a team of people. I knew scammers often worked for syndicates, taking shifts, communicating with dozens of victims at once, referring to dossiers ("she is into World Cup soccer", mine might say). Whether Cindy was a lone wolf or a group, I took comfort knowing I was chatting with someone real - which was better than talking to my dogs - so I'd rattle off my opinions on Brazil's team into a chat box and wait for Cindy's immediate ping of response.

And then, one day, Cindy asked for my photo.

Cindy surprised me by saying she believed women should date men, but that she had fallen in love with me

This was a problem, as she still thought I was a middle-aged Indian man. I decided to come clean. "I am a woman. I hope you won't be angry with me," I said, assuming she would dump me and move on to a more trustworthy victim.

But Cindy surprised me by saying she'd been brought up believing women should be with men, but that she had fallen in love with me, and was willing to take a chance on a same-sex relationship if I was. I found this simultaneously funny, confusing and endearing. She asked for a photo, and, slightly baffled by this turn of events, against all reason, I sent one.

That night she sent an email:

"The feelings I have for you is true and will last for Eternity as long as you accept me in your heart just as I have accepted you.

"I love you. I Love Every little thing about you.

"I love your Cute smile, your magical eyes, and the sound of your words."

And though I was fully aware that Cindy had cut and pasted this from somewhere, and I knew that a scammer's job was to stroke victims' egos, I couldn't help but glance at the photo I sent Cindy to see if my eyes did indeed look magical.

Cindy asked me to call. Suddenly my scammer had a voice, which didn't sound like that of a criminal, but of a tired woman keeping her voice down. A baby started crying and Cindy was quick to say it was someone else's kid. I wondered if she was lying. Does she have a partner, I thought, or is she a single parent?

Then Cindy told me she was being evicted, and she needed $140. And there it was: I'd been expecting her to ask for money all along, except suddenly I wasn't ready for it. Cindy was no longer a random email in my spam folder. She was a person on the other end of the line, asking for help. It was suddenly hard to just say "no".

Instead, I beat around the bush like a coward. I pretended I had a friend whom I'd told about Cindy, and the friend suggested Cindy might be a scammer. Cindy acted outraged at the suggestion, and our conversation petered out, with me saying I couldn't spare the money.

I Googled Senegal and discovered that almost 50% of its population lived in poverty. Who's to say Cindy wasn't being evicted? I thought. Right on cue, an email came from Cindy. "My life is not easy," she said. "I am trying to survive as a responsible girl. I do not go out to sell my body like some other girls do here."

I knew scammers rarely got arrested; it was a relatively safe crime. If one of the other options was sex work, I could see that chatting to amorous westerners on the internet would be more appealing. Could I blame her for what she was doing? I felt like a jerk for stringing her along.

I decided to write an email, from the real me, to the real Cindy. I intended to tell her a bit about me, but I found myself telling her a lot. I told her my family came to Australia when the war in Yugoslavia began, and that my dad died when I was a child. I wrote that when we moved to Australia, my parents never thought we'd be split up again, yet I'd voluntarily moved to New York City, and I felt guilty. I said I felt lonely and friendless.

I wasn't sure why I told Cindy all this, but in hindsight I think it was because I wanted her to like me. And as I wrote, I found myself tearing up. I told her I didn't blame her for being a scammer, and that I wanted her to be honest with me. I said that if she told me about her real life, about scamming, I would find some money to send her.

She wrote back ignoring most of what I said, emphasizing that she was not a scammer - and including her Western Union details. I felt a pang of annoyance and embarrassment for opening up to her. Did she think I was an idiot? Cindy and I went back and forth playing this game: me offering money for the truth, and Cindy feigning ignorance. We were at an impasse.

Finally, Cindy snapped. She called me a wicked, selfish woman. She said she never wanted to hear from me again. And for the first time in a long time, my computer went silent.

After Cindy dumped me, I felt like I understood Bill better. He knew in the back of his mind he was being scammed, but he chose to keep going so he wouldn't end up where I was. Bill had made excuses for his scammer, just like I'd made excuses for Cindy.

It reminded me one of those bad relationships where you're willing to overlook so much because you don't want to be alone.

Romance scams, I decided, weren't about being tricked by someone, they were about tricking yourself - telling yourself lies, to keep loneliness at bay.

(1st March 2017)


SCAM ALERT : ANATOMY OF AN INHERITANCE FRAUD LETTER
(Forbes, dated 19th February 2017 author John Wasik)

Full article [Option 1]:

www.forbes.com/sites/johnwasik/2017/02/19/scam-alert-anatomy-of-an-inheritance-fraud-letter/#384c6b36e685

My wife received a letter from Canada the other day. It was neatly typed, but had no return address.

The first paragraph sounded promising, noting an "inheritance opportunity" with "genuine intentions." Not suprisingly, letters that start this way are anything but genuine.

According to the letter, an unknown relative of my wife died in Canada in 2007: "Unfortunately, this customer died intestate leaving his bank account with an open beneficiary status."

At the end of the second paragraph, the good news emerges: "I would like to present you to our bank as his next of kin to claims the dormant account worth $6.9 million."

Oh boy, this fellow wants to help us claim $7 million from a relative my wife never knew she had -- in Canada, no less. The money sure could come in handy!

Of course, this letter, if we reply to this fellow, is going to request our bank account and other financial information, perhaps even a Social Security number. Then he will either sell this information or just fleece us by opening up fraudulent credit card or other accounts. He'd also ask for a fee to cover transaction costs, which, of course, we'd never see again.

What tipped me off immediately? Here are the danger signals:

-- No return address. Just a personal email is provided.

-- No banking identification. Although "Richard Atkins" claims to be "an account manager with the Royal Bank of Canada," why isn't it on official stationery? Even if bank stationery was faked, if someone was trying to track you down for an inheritance it would be through certified mail and most likely through a law firm.

-- The name used in the letter. Only my wife uses the surname in the letter, so it's not possible she would have another relative with that name.

-- Request for more information. The letter closes with "I will discuss more details...this is an opportunity of a lifetime." Well, this is not about a sweepstakes. Had we followed through to give this guy our personal information, we would've gotten into trouble. The letter might also ask us to send cash "to complete the transaction."

"Similar to the Nigerian Scam and the foreign lottery fraud, the promise of untold wealth is used to distract the overly trusting away from the sorry fact that they are being asked to send money," notes Snopes.com.

"In all three cases, the con works the same way: after being mesmerized by the vision of riches to come, those being taken advantage of are required to open their wallets and whip out their checkbooks to bring about the happy event. There is no dead Uncle Fred, no rich deceased Reese. It's all a lie told to part you from your cash."

Moral of the story: Windfalls happen, but you should be able to verify them and not provide any money or information that can be used to fleece you.

(1st March 2017)


I FELL FOR A CARBON CREDIT SCAM. CAN I GET MY MONEY BACK ?
(The Telegraph, dated 19th February 2017 author Jessica Gorst-Williams)

Full article [Option 1]:

www.telegraph.co.uk/money/jessica-investigates/fell-carbon-credit-scam-can-get-money-back/

Note : This is a question and answer article.

Question


Some years ago I bought an investment in the carbon credit market.

Then three years ago I got caught in a scam via a Spanish company. It wanted £1,500 upfront, which I paid. Fortunately I was able to retrieve this as I had used a credit card.

Having consigned this to the past, I recently received a call from someone else advising that he had a customer for my carbon credits who was willing to pay more than £30,000.

He put me in touch with his "floor manager" who explained that an upfront payment of £8,000 was necessary to put all the legal documentation in place. This fee was to be completely refundable on completion of the deal.

I am totally unprepared to commit such a lot of money with such uncertainty.

I would dearly like to recover this investment but not at such a risk. What do you think?

By the way, the deal "has to be completed by Friday".

DB, Middlesex

Answer / response

Some fraudsters were quite recently jailed for cheating dozens of people out of millions of pounds by deliberately selling carbon credits they knew to be worthless or of only nominal value.

What you describe has the hallmarks of a scam and you are quite right not to be falling for it.

You have been caught out in the past so it is likely that you are on a "suckers' list", with your details circulating among fraudsters.

You do not say who you originally "bought" the carbon credits from but I hope it was for far less than the sum it is being alleged they could be sold for now.

Cold callers touting any investment offers should be treated with extreme caution. You can safely assume that all will be bogus. The adage, "If it seems too good to be true, it probably is" is as relevant today as it ever was.

Be suspicious of any transaction that requires an upfront fee in such circumstances. And always consider why it is not being suggested that the fee should be deducted from the proceeds.

The haste you describe is a common tactic designed to blind victims to sheer common sense.

When I tried the 0203 phone number you had been given and which you thought was bona fide, it seemed to be re-routed halfway around the world and I gave up.

Moreover, the firm that called you this time is now on the FCA's website for providing financial services or products without the regulator's authorisation.

See register.fca.org.uk or call 0800 111 6768 for any queries.

Postings on this website do take time to go up and the fact that a firm isn't featured on the blacklist doesn't necessarily mean it is OK. This site also has a useful page featuring carbon credit trading.

Con men operate through charm, persuasion and flattery, and sometimes by inventing their own hard-luck story. They tend to have an instinctive nose for their victims' weaknesses and prey on loneliness.

Do report all such occurrences to the FCA.

(1st March 2017)


TRAVELLERS WARNED AFTER SURGE IN "FAKE" BOOKING WEBSITES FOR HOLIDAY VILLAS
(London Evening Standard, dated 17th February 2017 author Benedict Moore-Bridger)

Full article [Option 1]:

www.standard.co.uk/news/techandgadgets/travellers-warned-after-surge-in-fake-booking-websites-for-holiday-villas-a3469141.html

Holidaymakers were urged today to be wary of "fake" booking websites that are fleecing customers of significant sums of money.

Several new alleged scams have been detected this month after hundreds of travellers were taken in by similar sites last year, the boss of a leading holiday booking website today warned.

Nick Cooper, founder and co-owner of Villa Plus, said cyber-criminals were again targeting holidaymakers by fraudulently advertising homes and taking cash for bookings.

Villa Plus said it contacted police after discovering its properties were being advertised on websites without the owners' knowledge or consent. Last year, fake sites conned hundreds of people and a police report said holidaymakers lost £11.5 million in 2015 in booking scams.

Mr Cooper said there had been a marked increase in the number of fake sites since August, claiming that it could take months for web hosting companies to shut them down. He said: "Scam websites are promoting villa rentals, where there is seemingly no intention of providing any service other than to steal customers' money, and more must be done by those responsible for hosting the sites to shut them down.

They are operating illegally, and it seems, with impunity. Our solicitors have attempted to get the host of the sites in question to take action but they have unfortunately refused to do so in the absence of a court order."

Mr Cooper said the scams could be very sophisticated, typically involving websites with search results showing plenty of peak season availability and professional photographs of villas copied from genuine websites.

Villa Plus contacted Action Fraud on February 7 to report the apparent deception.

In a letter, Pauline Smith, head of Action Fraud, the national centre for reporting fraud and internet crime, said the case would be sent to City of London Police's National Fraud Intelligence Bureau which would assess whether there was "enough evidence for the police or Trading Standards to investigate your fraud".

A police source said two websites, luxuryrentalsvilla.com and cycladesrentals.com, were being shut down in response to an alleged fraud.

The source said: "We are using the tools available to protect other holidaymakers from falling prey to the same scam websites. Any prosecution of the website owners will be a longer job to prepare."

A City of London police spokesman confirmed it had "requested that two websites be suspended", meaning they will not be able to trade under those domain names.

He said: "Following an allegation made to Action Fraud the City of London Police has requested the suspension of website domains suspected of being involved in fraud.

"The Internet service provider has since taken down the websites."


City of London police commander Chris Greany, national co-ordinator for economic crime, said: "When booking a holiday, it is vitally important you take your time and follow a number of basic checks designed to protect you from falling victim to a fraud.

"These include researching the name of the company online you are considering using and ensuring it is a member of a recognised trade body. It is also key that you make sure the website is legitimate by carefully checking the domain name and pay with a credit card, rather than using a debit card or cash."

Last year City of London Police requested the suspension of 160,000 websites, bank accounts and phone lines used by fraudsters to commit crime, the spokesman added.

Policing fraudulent websites is notoriously difficult because site owners can make subtle changes to the domain names in order to keep operating and websites based outside the UK are much harder to control.

Last year, a report by the NFIB revealed fraudsters stole £11.5 million from holidaymakers and other travellers in 2015, a 425 per cent increase on the previous year.

The most common types of fraud related to accommodation, with scammers conning travellers by setting up fake websites, hacking legitimate accounts and posting fake adverts on websites and social media.

Luxuryrentalsvilla and cycladesrentals did not respond to requests for comment.

(1st March 2017)


COLD CALLER "HOUNDED ELDERLY COUPLE TO THEIR DEATHS" AFTER LEAVING THEM MORE THAN £74K IN DEBT
(The Telegraph, dated 10th February 2017 author Telegraph Reporters)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/02/10/cold-caller-hounded-elderly-couple-deaths-leaving-74000-debt/

A cold caller "hounded an elderly couple to their deaths" by bombarding them with sales calls and leaving them more than £74,000 in debt, a court heard.

Barbara Stone targeted John and Olga Moyle on a daily basis from as early as 7.45am and convinced the pair to place adverts in a lifestyle magazine for the small holiday home they owned in France.

The 62-year-old persuaded Mr Moyle to hand over £8,000 a month for almost a year, falsely promising non-existent sponsors would reimburse the money.

But not a single booking for the property, near Nice, was ever made - and the Moyles were eventually forced to sell the Shropshire home they had lived in for almost 50 years to pay off the debts they built up because of the scam.

Grandmother Mrs Moyle, 84, died just a month after the house was placed on the market in 2011. Mr Moyle, who had pleaded with Stone to stop, passed away four years later at the age of 83. A judge, Trading Standards, and the couple's daughter have all said they believe the "relentless" sales representative's actions played a part in their deaths.

At Nottingham Crown Court on Friday, Stone, of Winston, Leicester, admitted two counts of fraud by false representation between January and November 2010, and was given a 22-month suspended jail term.

Judge Stuart Rafferty told her she had "made people's lives a misery" and "hounded (the Moyles) to death".

The court heard Stone, who worked for a West Midlands-based? magazine, first contacted retired teacher Mr Moyle in 2010, offering to advertise stays in the two-bed holiday home he and his wife owned in the south of France, which required around £5,000 a year in upkeep.

For the next 10 months, she inundated the couple with calls, pressuring them into taking out more adverts in the publication. Mrs Moyle, who had also worked as a teacher, was suffering from cancer at the time.

Mr Moyle ended up spending all the cash he had taken from an equity release scheme on his home on the worthless adverts, as well as exhausting the couple's life savings and using a credit card. They lost a total of £74,139 and were also conned out of thousands more by another company, which Stone had previously worked for.

Left with nothing, the pair were forced to sell the village home they had lived in since 1964. After Mrs Moyle's death, her husband moved into a smaller property in nearby Ludlow with the financial help of his daughter, Franny.

She said: "The story of what happened to my parents is just astonishing and seven years on it still keeps me awake at night. I completely agree with the judge - they were hounded to death by Stone. My mother was ill - but the last year of her life on this earth was an utter agony.

"Stone would ring every day, putting my father under huge pressure - harassing him, when he should have been looking after his poorly wife. Whenever I tried to call I couldn't get through - the line was constantly engaged.

"It is quite clear to me that she targeted my father. She put him under huge duress, managing to secure £8,000 a month in advertising from them as a couple. My father didn't realise that amount of money was going out because he wasn't checking his accounts. He wasn't checking his accounts because my mother was dying."

Ms Moyle, 52, a writer and TV executive producer who lives in Hackney, London, added: "When they realised they had lost everything, and the house they lived in all their lives, it was, I suppose, a moment of great trauma.

"My father was a broken man. My mother was ever so brave and she put the house on the market with him. But within about a month of it going on the market, in February 2011, my mother died.

"Then he died four years later in the midst of misery, feeling he had brought this disaster on the family. Can you imagine his guilt? He cried himself to sleep for the last years of his life. And for what? A quarter page advert? A sales bonus? A pat on the back from a colleague? It's utterly horrendous."

Ms Moyle, who has three children, said her father wrote to the magazine? in June 2010 begging for the calls to stop, and saying he was "alarmed by the amounts which have been extracted from our account, for advertising with your paper".

But she added Stone was "straight back on the phone" and the harassment continued for another five months. The scam finally came to an end in November 2010 after Ms Moyle discovered what had been going on with Stone and her parents, calling in the police and Trading Standards.

She said: "When I found out what had been going on I was in shock, horrified. Stone must be without scruple. She has shown absolutely no remorse whatsoever. And I have contacted [the magazine]? - but they just said they would look into it.

"I believe that the relentless, daily telephone calls deprived my parents of normal life at a time when they most needed calm security and peace and quiet. I feel equally sure that the realisation that they had lost such a vast sum of money hastened my mother's death.

"My poor father, a man who had been so careful with money all his life and was then plunged into so much debt that he was forced to sell the home he and my mother had shared for almost 50 years, never recovered from the events of that year, which cast a shadow over the end of his life, and continue to cast a shadow over mine."

Ms Moyle said she didn't know how Stone had managed to get hold of her father's details, but thought it may have been through previous adverts he had placed about the French property in a cross-channel ferry magazine.

Speaking before he died in 2015, Mr Moyle said: "I do get annoyed with myself that I fell for it, but they're just persistent. The whole time I just wanted to get rid of it all because I had so much else on my mind."

The second fraud count admitted by Stone related to a £14,100 loss experienced by Jutta Patterson, who ran a dog rescue home in Shropshire. Mrs Patterson was led to believe that a sponsor would fund an advertising campaign in a magazine on behalf of the dog charity and the magazine would publish advertising for a year at a cost of £6,000, neither of which materialised.

James Delaney, from Trading Standards, described Stone as "heartless". "She embarked on a callous cold-calling campaign subjecting people to direct pressure, pressurised sales, and she was relentless in taking money from them fraudulently," he said.

"I hope it sends out a message that we will pursue any company that looks to make illegal gains fraudulently by misleading businesses and consumers. We would tell people to report it if they believe they have been a victim of a scam.

"Stone was callous and manipulative. She relentlessly targeted people who begged her to stop. Unfortunately the Moyles are not here today and I'm sure her behaviour had an impact on their final years."

Stone declined to comment as she left court. Her defence team in court said she was "stressed at work, eager to please bosses and did not receive any of the money".

Highest financial losses between January and March 2016


Coventry : 97
Tonbridge : 94
Brighton : 84
Bournemouth : 83
Swansea : 79
Norwich : 77
Redhill : 71
Chester : 64
Gloucester : 63
York : 62
Rochester : 61
Exeter : 61
Llandudno : 53
Hemel Hempstead : 48
Lancaster : 47
Lincoln : 31
Salisbury : 31
Dorchester : 28
Torquay : 27
Telford : 22

(1st March 2017)


ONLINE DATING CONMEN "USING LOVE LETTER TEMPLATES"
(BBC News, dated 12th February 2017 author Zoe Kleinman)

Full article [Option 1]: www.bbc.co.uk/news/technology-38936509

People looking for love online are being urged to do a search of phrases in the messages they receive to help them spot sweet-talking conmen.

A new UK campaign, starting on Sunday, aims to raise awareness about the growing problem of online dating fraud.

The campaign, Date Safe, suggests criminals are using love letter templates and an online search could flag up some of the stock phrases.

Police say the average dating scam victim is aged 49 and loses £10,000.

The new report, published by the City of London Police and the National Fraud Intelligence Bureau, also reveals that on average, money is transferred within 30 days of initial contact with the perpetrator.

Repeat victims

In a dating scam, criminals pose as potential matches and contact people seeking romance on dating platforms - then, after a period of correspondence and sometimes also phone contact, they start asking for money using various excuses.

The police report, which analysed data from the Action Fraud helpline, estimated that in the UK a victim files a report about dating scams every three hours.

Of those who stated their gender, 61% of the victims were female and 66% of the suspects were male, it said.

While most activity occurred on dating websites, the majority of the 15% that did not was carried out via Facebook, the report claimed.

It also said that 213 people admitted they had been a victim of a dating scam more than once.

"The growth in online dating has led to a rise in organised criminals targeting people looking for love," said Commander Chris Greany, of the City of London Police and National Co-ordinator for Economic Crime.

"These crimes destroy lives and the emotional damage often far outweighs the financial loss.

"Never give money to people you meet online, no matter what emotional sob story the person uses."

People are also advised to talk to friends and family about those they are in touch with online.

Dating scam 'packs'


Criminals can purchase scam "packs" containing love letter templates, photos, videos and false identities for as little as a few dollars on the dark web, said Prof Alan Woodward, cybersecurity expert at Surrey University.

"So many people fall for these scams that the price of the packs has dropped as it has become a high volume sale," he said.

"Social engineering is a very active black market.

"As dating scams are becoming more widely known, there is evidence that a follow-up scam has been developed where 'detectives' or 'investigators' offer to try to recover any money you may have been duped out of... for a fee," he added.

"Needless to say it is throwing good money after bad."

The Date Safe campaign is a partnership between Get Safe Online, Victim Support, AgeUK, City of London Police, the Metropolitan Police and the Online Dating Association.

(1st March 2017)


"I PAID £6,000 TO AN eBAY FRAUDSTER. WHY DIDN'THE CRIMINALS BANK HELP ME ?"
(The Telegraph, dated 12th February 2017 author Amelia Murray)

Full article [Option 1]:

www.telegraph.co.uk/personal-banking/savings/paid-6000-ebay-fraudster-didnt-criminals-bank-help/

Victims of fraud struggle to navigate the complicated process of reporting the scam and often feel that the criminals have more rights than they do.

Some victims seek help and information from the bank used by the fraudsters, only to be told that data about the criminals' accounts cannot be disclosed because of data protection rules.

When one reader, Alistair Black, paid £6,000 for a non-existent Harley-Davidson motorcycle on eBay, he thought the recipient bank would be best placed to stop the payment leaving the fraudster's account.

However, when he tried to report the fraud to Nationwide, the criminal's provider, it refused to help.

Banks have a duty only to their own customers - in this case, the fraudster - and could not tell Mr Black anything because of "data protection".

Mr Black also reported the crime to eBay, his local police in Rothesay, on the Isle of Bute, Scotland, and Action Fraud, the national cybercrime reporting service.

Mr Black, 62, a motorcycle enthusiast said he mentioned the fraud in passing to a staff member at his branch of Halifax, but didn't think it could do anything as he had instructed it to make the payment.

Mr Black said he felt that he had been a "bit of a fool".

He had used eBay for the first time and was drawn to the motorbike by its attractive price.

"I would've paid £7,000 for that bike. Or even £8,000," he said.

After extensive correspondence with the fraudster, Mr Black was convinced he was genuine seller who "wrote in perfect English and knew about bikes".

However, he did find it odd that when he asked for a phone number, the request was ignored.

Mr Black made a £6,000 bank transfer in his branch on November 1. When the bike failed to arrive as agreed that week, he contacted the buyer but got no response.

He contacted the organisations he thought would be able to help, but didn't realise that any remaining funds would need to be clawed back by his own bank.

###No word from the banks - and an unexplained delay

In mid-December, police told Mr Black that there was £2,500 frozen in the criminal's account.

Mr Black said this was the first he had heard of remaining funds.

According to Mr Black, police said the criminal had withdrawn £3,000 from a Nationwide branch in the south of England on the day of the transaction and then took out £500 from a cash machine outside.

It was then that Nationwide became suspicious and froze the account, although it would not say what caused the alert.

The building society then contacted Mr Black's bank, Halifax, to make it aware of the scam.

However, under data protection regulation, Nationwide was not permitted to inform Mr Black of the remaining funds.

Mr Black contacted Halifax on December 19 and asked it to get his money back.

However, the bank did not carry out his instruction until eight weeks later on February 6 - and then only with the involvement of Telegraph Money.

Halifax admitted it had been contacted by Nationwide on November 3 regarding Mr Black's transaction.

The bank claimed it "attempted to reach" Mr Black by telephone.

When it could not get through, it sent a letter, which Mr Black said he did not receive.

Halifax did not comment on what caused the delay, but has apologised to Mr Black and offered him £150 as a goodwill gesture. It explained to Mr Black that it would take six to eight weeks to get his £2,500 back.

Protecting the fraudster?

Numerous victims of fraud have told this newspaper that they feel the criminals have more rights than they do.

The recipient bank, which manages the account on behalf of the criminal, cannot communicate information about the fraudster's account, such as whether it was newly opened or if fake identity documents were used, because of data protection and other legislation.

David Clarke, a former detective and director of the Fraud Advisory Panel, a charity, said scam victims should be able to find out if there was any way the bank could have prevented it. And if the answer was yes, the banks should be viewed as "having facilitated the crime".

If police investigate the crime, they are unlikely to reveal details about the fraudster either. But such information could make the difference between getting your money back and not.

For example, David Burton was reimbursed £3,400 by TSB two years after he was tricked into buying a fake motorhome on eBay after police told him that the criminal had used false details to open the account.

The British Bankers' Association said the financial industry was working closely with law enforcement agencies to improve the handling of cases that involved suspicious activity.

A spokesman for Nationwide said: "In order to open an account, customers have to provide valid identity documents to verify their name and address. If there is any suspicion of fraud, an account would not be opened.

"Nationwide takes the protection of customers' money very seriously, and if we notice any suspicious activity, we will take action, as we did in this case."

(1st March 2017)



WARNING TO SHAREHOLDERS
(BT Corporate website, dated February 2017)

Full notice [Option 1]:

www.btplc.com/Sharesandperformance/Shareholders/Shareholderadministration/Unsolictedmail/Warning.htm

Fraudsters use persuasive, high pressure tactics to scam investors. They may offer to sell you shares that turn out to be fake of worthless, or to buy your shares at a high price if you pay an upfront fee. Either way, the promised profits won't materialise and you'll probably lose your money. Here's how to avoid investment scams.

Remember: if it sounds too good to be true, it probably is!



HOW TO AVOID SHARE FRAUD


1. Reject cold calls

If you've been cold called with an offer to buy or sell shares, chances are it's a high risk investment or a scam. You should treat the call with extreme caution. The safest thing to do is to hang up.

2. Check the firm on the FS register at www.fca.org.uk/register

The Financial Services Register is a public record of all the firms and individuals in the financial services industry that are regulated by the FCA.

3. Get impartial advice

Think about getting impartial financial advice before you hand over any money. Seek advice from someone unconnected to the firm that has approached you.

REPORT A SCAM

If you suspect that you have been approached by fraudsters please tell the FCA using the share fraud reporting form at www.fca.org.uk/scamswhere you can find out more about investment scams. You can also call the FCA Consumer Helpline on 0800 111 6768.

If you have lost money to investment fraud, you should report it to Action Fraud on 0300 123 2040 or online at www.actionfraud.police.uk

Find out more at www.fca.org.uk/scamsmart

Further BT advice on scam prevention :

http://btplc.com/Inclusion/ProductsAndServices/Scams/index.htm?s_cid=con_FURL_scams

uaware Disclaimer

The uaware website considers the advice provided within this BT corporate notice as being sensible and concise. The uaware website does not neccessarily agree that these suggestions are the only precautions that should be taken.

(1st March 2017)


"YOUR BILL IS READY" RANSOMWARE ALERT
(Action Fraud, dated 26th January 2017)
www.actionfraud.police.uk

Fraudsters are sending out a high number of phishing emails to personal and business email addresses pretending to come from 'noreply@relishcare.net, with the subject line being 'Your Relish bill is ready'. This is a 'spoofed' email pretending to come from the London based broadband company 'Relish'. The emails contain a link which will redirect victims to a compromised website. Once at the destination website a .zip file containing concealed JavaScript will be downloaded onto the victim's device. This JavaScript is ransomware and will encrypt files on  the victim's devices and demand money (up to £1000) from the victim to recover the files.

Prevention Advice :

Having up-to-date virus protection is essential; however it will not always prevent you from becoming infected. Please consider the following actions:

- Don't click on links or open any attachments you receive in unsolicited emails or SMS messages. Remember that fraudsters can 'spoof' an email address to make it look like one used by someone you trust. If you are unsure, check the email header to identify the true source of communication. Details on finding email headers can be found online.

- Always install software updates as soon as they become available. Whether you are updating the operating system or an application, the update will often include fixes for critical security vulnerabilities.

- Create regular backups of your important files to an external hard drive, memory stick or online storage provider. It's important that the device you back up to isn't left connected to your computer as any malware infection could spread to that as well.

- Don't pay extortion demands as this only feeds into criminals' hands, and there's no guarantee that access to your files will be restored if you do pay.

- If you think your bank details have been compromised, you should immediately contact your bank.

If you have been affected by this, or any other scam, report it to Action Fraud by calling
0300 123 2040, or visiting www.actionfraud.police.uk

(4th February 2017)


AMAZON AND PAYPAL FRAUDSTERS "UP THEIR GAME WITH FAKE MESSAGES"
(The Telegraph, dated 2nd February 2017 author Amelia Murray)

Full article [Option 1]:

www.telegraph.co.uk/money/consumer-affairs/amazon-paypal-fraudsters-game-fake-messages/

Fraudsters are perfecting the art of impersonating large companies such as PayPal and Amazon, Britain's leading anti-fraud agency has warned.

A combination of improved technology and more accurate spelling and grammar is making the fake communication harder than ever to detect.

Tony Neate, of Get Safe Online, described the bogus messages as "highly convincing" which often appear to come from genuine addresses.

In many cases they indicate that some sort of error has been made - as a prompt to recipients to take action.

The fake Amazon email, below, looks just like an order confirmation but contains details and delivery date of a product that the recipient did not order, for example.

One message seen by Telegraph Money suggested the customer had purchased a hard drive for £129.11. Another confirmed the sale of six "Amscan International Baby Little Angel Costumes" for £69.49.

Other customers have reported receiving similar emails for TVs, cameras and iPhones.

The messages appear to come from legitimate email addresses Amazon UK and server-info@amazononline.co.uk.

However, correspondence from the UK arm of Amazon would be sent from an address ending in @amazon.co.uk.

These messages are designed to get customers to query the order by clicking on the link at the bottom of the email.

On one of the emails it says: "If you haven't authorized the transaction, go to the Refund page for full refund."

Other messages require similar action.

Customers who click through are typically led to an authentic-looking website, which asks victims to confirm their name, address, and bank card information, according to Action Fraud, the UK's cyber crime reporting service.

Action Fraud said one victim who entered his details had £750 stolen from his Nationwide account as a consequence. This was repaid by the bank after he reported it.

Those who use PayPal should also be on high alert as another convincing phishing scam does the rounds.

The text message, which using a spoofed phone number appears to come from PayPal, explains the customer account has been suspended due to unauthorized login attempts and offers a link for customers to click on to confirm their details.

These spoofed texts are especially concerning, according to Tony Neate, chief executive officer of Get Safe Online, the government-backed cyber safety initiative.

With spoofed emails, you can usually hover over the address and the real one is revealed.

However with texts, consumers may not know the real providers' phone number.

Mr Neate says spoofing contact details is easy to do. There are a number of websites who offer the service as a way to "prank" your friends.

"I'm not saying this sites are set up for criminals but are they taking into account that fraudsters are making use of the spoofing services as well as those looking for a laugh?" said Mr Neate.

raudsters use well known brands such as Amazon and Paypal to target numerous victims with relevant messages designed to cause panic.

While obvious spelling and grammar is improving in scam messages, Mr Neate suggested there are a number of suspicious signs to look out for.

He said, for example, "the "bit.do" would be a strange link for PayPal to use and the fact that they have also used the American spelling of "unauthorised" is unusual for a UK customer."

Mr Neate suggested those who are concerned about their online accounts should change their password and use different ones for each service.

He also suggested contacting the genuine company the fraudster is attempting to purport - in this case Amazon and PayPal - using the correct details.

A PayPal spokesman said all communication to account holders regarding account limitation would be sent to the secure message centre with their PayPal account.

Any concerns about fraudulent messages should be sent to spoof@paypal.com.

(4th February 2017)


POLICE WARN : "CAN YOU HEAR ME ?" PHONE SCAM COULD COST YOU A LOT
(Good Housekeeping, dated 27th January 2017 author Diana Bruk)

Full article [Option 1]:

www.goodhousekeeping.com/life/news/a42577/can-you-hear-me-phone-scam/

Police are warning cellphone users of a terrifying new scam, multiple news agencies report. The scam is brilliantly simple: all it consists of is a scammer calling from an unfamiliar number (but often one with a familiar area code) and asking, "Can you hear me?" It seems like a simple question, and most people would just answer, "Yes." In this case, however, the hacker records you saying "Yes" and then uses the response to authorize credit card or bill charges.

"You say 'yes,' it gets recorded and they say that you have agreed to something," Susan Grant, director of consumer protection for the Consumer Federation of America, told CBS News. "I know that people think it's impolite to hang up, but it's a good strategy."

While "Can you hear me?" seems to be the most popular question, scammers are using other questions that would prompt a "Yes" response, like "Are you the homeowner?" and "Do you pay the bills."

Fox News provided the following tips to avoid this scam:

- Do not answer the phone from numbers you do not recognize.
- Do not give out personal information.
- Do not confirm your number over the phone.
- Do not answer questions over the phone.

If you do receive a suspicious call, authorities are advising people to hang up right away and call 911. And if you've already received a call like this, make sure to carefully monitor your credit activity!

---------------------
POLICE ARE WARNING AGAINST SCARY NEW PHONE SCAM (Extract)
(Real Simple, dated 27th January 2017 author Brigitt Early)

Full article [Option 1]: www.realsimple.com/work-life/technology/new-phone-scam

lthough criminals need more than a recorded "yes" to make purchases, they may already have access to credit card numbers and sensitive, identifying information that can be used to make charges. They can then use the recorded "yes" response in attempt to prove they gained your permission to make the charge.

Though it may be tempting to answer calls from an unknown number-what if it's someone you know who needs to reach you in a pinch?-the surest way to protect yourself is to let these types of calls go to voicemail. Anyone who needs to reach you will call back or leave a voicemail. If you do decide to answer, always verify the caller and never give out personal information. (Though scammers may claim to be from a credit card company or a government agency, legitimate requests from these organizations will never be made over the phone.)

uaware comment

I know the article is from the USA, but this type of scam is easily transferable into the UK. Think about the number of silent calls you have received over the last month. You answer the telephone, silence, you say "hello", then someone says "can you hear me ?". Then you reply.....YES !

(4th February 2017)


ONE MILLION PENSIONERS WILL BE ON "SUCKERS LISTS" BY 2019
(The Telegraph, dated 29th January 2017 author Katie Morley)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/01/29/one-million-pensioners-will-suckers-lists-2019/

Around one million pensioners will be on "suckers lists" of people vulnerable to scams within two years, a lead researcher for trading standards has warned.

The number of victims is soaring at a rapid rate with the Government's database of 300,000 people expected to more than triple by 2019, according to Prof Keith Brown who conducts scams research on behalf of the Chartered Trading Standards Institute.

It comes just a day after the Government was accused of failing to inform 270,000 people that they were at risk of fraud, despite trading standards having held their names and addresses in a suckers list database for two years.

Suckers lists are made up of repeat victims who may have responded to mail scams, such as fake competitions and lotteries.The majority of victims are elderly and live alone.

Prof Brown said that without urgent action they would soon represent one of the biggest crime waves the UK has ever seen with around £10bn being stolen every year and rising.

He said: "The difficulty with cracking down on this is that it's often very hard to differentiate between criminals and 'legitimate' companies with no morals. This makes it very hard to prosecute. Even if someone gets caught conning an elderly person by charging them £2,000 for some vitamins, for example, it is not easy to get justice."

One solution to the problem would be for trading standards to pass suckers lists onto banks and other financial institutions which could then put a red flag next to victims' names. This would prompt further questioning from staff in the event of a suspicious transfer of money.

However under current laws sharing such personal details without permission is forbidden under the Data Protection Act.

Now experts including former pensions minister Sir Steve Webb are calling for amendments to the Act to give trading standards the powers it needs to distribute suckers lists to approved firms.

Following this newspaper's disclosures, the Department for Business has hinted that it will use a green paper due to be published later this year to announce a tougher, more effective regime to help people who are known to be vulnerable to scam victims.

A spokesman said: "While funding and prioritization for trading standards are decisions for local authorities, the Government is continuing to improve consumer protection.

"We will be publishing a green paper looking at where markets aren't working fairly for consumers and where the protection regime could be strengthened."

"This Government is committed to stamping out these appalling criminal scams that target elderly or vulnerable people. The Consumer Protection Partnership, Home Office and National Crime Agency are working together to educate, inform and protect those most at risk of scams."

(4th February 2017)


PAYPAL SCAM USES ACCOUNT FRAUD SCARE TACTICS TO PHISH PERSONAL DATA
(SC Magazine, dated 27th January 2017 author Bradley Barth)

Full article [Option 1]:

www.scmagazine.com/paypal-scam-uses-account-fraud-scare-tactics-to-phish-personal-data/article/634258/

A phishing email scam that warns PayPal users of possible fraudulent account activity in hopes of scaring personally identifiable information out of them is currently making the rounds.

According to a blog post from ESET, the phishing emails falsely inform recipients that PayPal has detected "unusual activity" on their accounts and has "temporary limited what you can do" until the possible security issue can be resolved. Clicking the log-in button on these emails redirects victims to what appears to be a legitimate log-in screen - it even displays an SSL certificate to sell its supposed authenticity - but is actually a fake PayPal web page hosted on a malicious domain.

After victims "log in," the fake PayPal site displays another message informing victims that they will not be able to withdraw funds for 15 days, unless the issue is addressed further. Those who click a "Continue" button to proceed are then asked to enter even more detailed information, including their Social Security number, address, phone number, birthdate and mother's maiden name.

As phishing scams go, this one is convincing, but there are still some clues that PayPal did not send this alert, ESET reported. For instance, the email contains minor grammatical and syntax errors, and the fake web page's request to enter your home country is unusual, considering it also asks for your Social Security number, which only applies to the U.S.

(4th February 2017)


MAN PAID £1600 TO FAKE LANDLORD IN AIRBNB SCAM
(London Evening Standard, dated 27th January 2017)

Full article [Option 1]:

www.standard.co.uk/news/crime/police-hunt-tenant-who-posed-as-landlord-to-fleece-victim-of-1600-a3451091.html

A man is being sought by police in connection with an Airbnb rental scam in London.

Detectives say the victim was conned out of £1,600 after responding to a listing on the Gumtree website for a property to let in Haringey.

The man was shown around the property in Sanford Road on September 18 last year by someone claiming to be the flat's landlord.

The prospective tenant then transferred an advance rental payment of £1,600 to an account, the details for which were provided by the fraudster.

Soon after the money was transferred contact with the bogus landlord ceased and he stopped replying to messages.

It emerged the man had gained access to the property via a short-term let on Airbnb, according to police, and had no authority to arrange for it to be rented out.

The payment of £1,600 was lost, having been paid to a "mule" account - controlled through details obtained from a stolen bank card - from where it had been withdrawn.

Detectives from Scotland Yard's Operation Falcon fraud and cyber crime unit released images of the man today in an attempt to identify him. [uaware note : see actual London Evening Standard article]

The image was taken while the prospective tenant was being shown around at the initial viewing. Police are trying to establish if the bogus landlord has been involved in other frauds associated with Airbub properties and to establish who gained from the fraud.

Action Fraud, the national fraud and internet crime reporting centre, says the most comon scam involving Airbnb is conmen advertising properties for rent on it without owners knowledge then convincing site users to transfer money into their bank accounts.

Anyone with information about the fraud should call 101 or Crimestoppers anonymously on 0800 555 111.

(4th February 2017)


WARNING ABOUT NATIONWIDE TEXT MESSAGE SCAM
(MONEY, dated 26th January 2017)

Full article [Option 1]:

http://home.bt.com/lifestyle/money/money-tips/warning-about-nationwide-text-message-scam-11364141885403

Scammers are using text messages to try to con Nationwide building society customers into revealing their personal details.

The messages, which claim to be from Nationwide, ask the victim to verify a high-value purchase supposedly made on their card at a well-known retailer.

Victims are then urged to contact the Nationwide fraud prevention team on a phone number included in the text, which is actually controlled by the scammers.

Anyone who calls will be asked security questions aimed at stealing their bank details.

------------------------------------------------------------------------------
In one example shared by Nationwide to raise awareness, the message reads:

"Nationwide has noticed your card was recently used on 29-11-2016 at APPLE ONLINE STORE for 1976.00 GBP. If not you please urgently call fraud prevention on 03303800231 or Intl +443303800231. Do not reply by SMS."

-------------------------------------------------------------------------------

Has anyone lost money?

Nationwide told The Sun that "a handful" of customers had fallen for the text message scam.

However, it added: "We were proactive, shut it down and customers received refunds on the same day. So no-one lost out. "It's important to be alert and take time to think before sharing financial details."

How to stay safe

While it's pretty easy to spot the scam if you aren't a Nationwide customer, it could look convincing if you did bank with the building society as you may well have received texts from them in the past.

It's worth noting that this scam can easily be tweaked to reference a different financial institution, so it's not just Nationwide customers who need to be vigilant.

As always when it comes to suspicious texts and emails, the key is to never respond directly.

If you want to verify the information contained in the message, contact your bank or building society on a number that you have looked up separately.

uaware comment

Emphasise : DO NOT USE ANY CONTACT INFORMATION IN THE BOGUS EMAIL. REFER TO BANK CONTACT DETAILS IN YOUR PERSONAL DOCUMENTATION OR VISIT A BANK BRANCH.

(4th February 2017)


EVERYONE IS FALLING FOR THIS FRIGHTENINGLY EFFECTIVE GMAIL SCAM
(Realsimple.com, dated January 2017 author Robert Hackett)

Full article [Option 1]:

http://www.realsimple.com/work-life/technology/google-gmail-scam-phishing

Security researchers have identified a "highly effective" phishing scam that's been fooling Google Gmail customers into divulging their login credentials. The scheme, which has been gaining popularity in the past few months and has reportedly been hitting other email services, involves a clever trick that can be difficult to detect.

Here's how the swindle works. The attacker, usually disguised as a trusted contact, sends a boobytrapped email to a prospective victim. Affixed to that email, there appears to be a regular attachment, say a PDF document. Nothing seemingly out of the ordinary.

But the attachment is actually an embedded image that has been crafted to look like a PDF. Rather than reveal a preview of the document when clicked, that embedded image links out to a fake Google login page. And this is where the scam gets really devious.

Everything about this sign-in page looks authentic: the Google logo, the username and password entry fields, the tagline ("One account. All of Google."). By all indications, the page is a facsimile of the real thing. Except for one clue: the browser's address bar.

Even there, it can be easy to miss the cue. The text still includes the "https://accounts.google.com," a URL that seems legitimate. There's a problem though; that URL is preceded by the prefix "data:text/html."

Normally the URL for Gmail looks like :

https://accounts.google.com/ServiceLogin?service=mail

The BOGUS / FALSE login looks like :

data:text/html,https://accounts.google.com/ServiceLogin?service=mail

In fact, the text in the address bar is what's known as a "data URI," not a URL. A data URI embeds a file, whereas a URL identifies a page's location on the web. If you were were to zoom out on the address bar, you would find a long string of characters, a script that serves up a file designed to look like a Gmail login page. THIS IS THE TRAP.

As soon as a person enters her username and password into the fields, the attackers capture the information. To make matters worse, once they gain access to a person's inbox, they immediately reconnoiter the compromised account and prepare to launch their next bombardment. They find past emails and attachments, create boobytrapped-image versions, drum up believable subject lines, and then target the person's contacts.

Google Chrome users can protect themselves by checking the address bar and making sure a green lock symbol appears before entering their personal information into a site. Because scammers have been known to create HTTPS-protected phishing sites, which also display a green lock, it's also important to make sure this appears alongside a proper, intended URL-without any funny business preceding it.

(4th February 2017)


PHISHING SCAMS - HOW TO IDENTIFY FRAUDULENT EMAILS
(International Business Times, dated 25th January 2017 author Himanshu Goenka)

Full article [Option 1]:

www.ibtimes.com/phishing-scams-how-identify-fraudulent-emails-want-steal-your-money-identity-2480902

Hacking and fake news have been in the news a lot lately, what with the allegations of Russians using both those tools to influence the outcome of the U.S. presidential election. And both those online risks come together in a seemingly innocuous but potentially dangerous form: phishing.

Put simply, phishing is the attempt to steal your personal information, such as passwords and financial details, using an email or website that looks like it is legitimate but is in fact merely designed to look like that to lull you into a false sense of security.

Diligent Corporation, a New York company that provides secure platforms for boards and leaders of other companies and organizations to share information, put together data from various sources that show phishing attacks have gone up by over 300 percent between 2013 and 2016. About 156 million phishing emails are sent around the world every day, of which some 16 million are not detected by spam filters.

So if you get one of these fishy-looking emails, how do you know if it is actually a scam? Diligent surveyed over 2,000 people, using an experimental setup, and came up with some possible answers.

Some of the warning signs it lists are: spelling and grammar mistakes; generic salutations that don't use your name; seems too good (or bad) to be real; is from an unknown sender; requests money or personal information; asks you to click on a link or download a file, while being vague.

Of the people surveyed, over half had been victims of some phishing scam or another. About 52 percent had an unauthorized charge on their credit card, 33 percent had their email accounts hacked and almost a quarter had their social media accounts compromised.

Some of the most effective phishing scams pretend to be sent from email addresses of people we know, such as friends or colleagues. The maximum number of people in the survey, over 68 percent, were fooled by emails that purported to be from a colleague to schedule a meeting the next day, followed by messages from friends claiming to share photographs on social media (almost 61 percent) or Dropbox (37.6 percent).

WHICH PHISHING EMAILS - FOOLED THE MOST PEOPLE

Co-worker - Schedule for our meeting tomorrow : 68.3%
Social Media - "Did you see the pic of you ? LOL : 60.8%
Dropbox - Click to view file someone has shared : 37.6%
Software Company - Compulsory update to secure your account : 26.7%
Social Media - New login system : 23.9%
Court - Order to apppear; notice attached : 22.1%
Major Bank - Click to restore account access : 16.6%
IRS (Tax) - You are owed tax refund : 14.7%
Online Merchant - Temporary Account suspension : 14.7%
Credit card - Open attachment to confirm account details : 14%
Contest - Voucher for lucky credit card holder : 5.7%
Contest - Big prize from soft drink company : 2.7%

(Source : Survey of over 2,000 people USA) - Diligent

In contrast, the least effective phishing scams were those that promised a tax refund from the IRS, or gifts of cash and vouchers.

Being wary of phishing emails has a flip side - marking genuine emails as spam. The survey found about 40 percent of genuine emails were marked as phishing attempts. Those aged between 35 and 54 were the best at being able to tell real emails from phishing attempts, while the 18-24 and over 65 groups fared the worst. Men and women were fooled almost the same number of times, 23 percent and 23.3 percent, respectively.

If you want to check your own ability to identify scam emails, Diligent has a shorter version of its survey, designed like a quick quiz, on its website that can be accessed here :

http://diligent.com/blog/can-tell-email-real/

(4th February 2017)


UK FRAUD HITS RECORD £1.1bn AS CYBERCRIME SOARS
(The Guardian, dated 24th January 2017 author Jill Treanor)

Full article [Option 1]:

www.theguardian.com/uk-news/2017/jan/24/uk-fraud-record-cybercrime-kpmg

The value of fraud committed in the UK last year topped £1bn for the first time since 2011, prompting a warning about increasing cyber crime and the risk of more large-scale scams as the economy comes under pressure.

The 55% year-on-year rise in the value of fraud to £1.1bn reported in the court system was recorded by accountants KPMG, which found that while the cost of fraud was higher the number of incidents was lower.

Highlighting a dramatic rise in cybercrime, KPMG's statistics included a £113m cold-calling scam for which the ringleader received an 11-year jail sentence in September. Feezan Hameed was caught after targeting 750 Royal Bank of Scotland customers in the biggest cyberfraud the Metropolitan police had seen.

Hitesh Patel, UK forensic partner at KPMG, said: "The figures for 2016 tell us two things. Firstly, that we can expect more of these super frauds as challenging economic circumstances place pressures on businesses and individuals and as technology becomes more sophisticated.

"Secondly, that this is going to put even more strain on law enforcement agencies who don't have the resources to investigate every report of fraud that they receive: getting the large, often cross-border and complex frauds to court is extremely time consuming and resource intensive. This places much more emphasis on businesses and consumers to protect themselves from fraudsters who will take advantage given the opportunity."

KMPG found £900m of fraud from just seven "super cases" - with a value of £50m or over - compared with £250m a year ago.

It pointed to a 51-year-old Leicester man jailed for six years for masterminding a £60m fraud to supply free cable TV using illicit set-top boxes, who promoted the business on internet forums and his own website.

Patel said: "Through the rapid rise of technology and online platforms, more people than ever are being targeted by fraudsters who have unrestricted access to a larger pool of victims. However, we are also seeing the internet being used by consumers who are being tempted to obtain goods and services that they have, or perhaps should have, a fair idea are not legitimate."

-----------------------
UK COURTS EXPERIENCING SURGE IN CYBER-CRIME CASE LOAD
(The Register, dated 24th January 2017 author John Leyden)

Full article [Option 1]: www.theregister.co.uk/2017/01/24/kpmg_fraud_barometer/

The total cost of fraudulent activity in the UK surpassed a billion pounds for the first time in five years, reaching £1.137bn in 2016 compared to £732m the year before.

Fraud against businesses was up sevenfold last year, with inside jobs committed by employees and management the most common method, as measured by alleged fraud cases reaching court.

"The figures include over £900m derived from just seven super cases," according to management consultants KPMG. "The surge in super cases, from £250m last year, may be a reflection of fraud becoming a more lucrative and practical proposition for those with the right skills and technology, or those in senior commercial roles."

A major cause for the overall increase was a surge in cyber-fraud losses of £124m, according the latest edition of KPMG's Fraud Barometer, out Tuesday. One case alone cost an eye-watering £113m via a boiler-room scam that involved crooks cold-calling prospective marks while posing as the security department of banks and tricking victims into handing over banking details.

Crime figures for England and Wales, put together by the UK Office for National Statistics and released earlier this month, featured the inclusion of fraud and computer misuse offences for the first time. A total of 3.6 million cases of fraud and 2 million computer misuse offences were logged. That's a record of crime reports, many of which won't lead to prosecutions, by contrast to the massive cases covering multimillion-pound frauds that are the focus of KPMG's Fraud Barometer.

Criminal structures supporting cyber-fraud exist in many forms and sizes from organisations comparable to Gus Fring's business in Breaking Bad to street-corner operations that security experts fear are drawing youngsters and the technically unskilled into its web.

Ilia Kolochenko, chief exec of web security firm High-Tech Bridge, commented: "What is particularly alarming is the rise of small online fraud committed by teenagers and people with almost no technical skills."

----------------------

(4th February 2017)


PAYMENT DIVERSION ALERT
(Action Fraud, dated 23rd January 2017)
www.actionfraud.police.uk

Fraudsters are emailing members of the public who are expecting to make a payment for property repairs. The fraudsters will purport to be a tradesman who has recently completed work at the property and use a similar email address to that of the genuine tradesman. They will ask for funds to be transferred via bank transfer. Once payment is made the victims of the scam soon realise they have been deceived when the genuine tradesman requests payment for their services.

Protect yourself

- Always check the email address is exactly the same as previous correspondence with the genuine contact.

- For any request of payment via email verify the validity of the request with a phone call to the person who carried out the work.

- Check the email for spelling and grammar as these signs can indicate that the email is not genuine.

- Payments via bank transfer offer no financial protection; consider using alternative methods such as a credit card or PayPal which offer protection and an avenue for recompense.

If you believe that you have been a victim of fraud you can report it :

Online : http://www.actionfraud.police.uk/report_fraud

By telephone : 0300 123 2040

(4th February 2017)


MEN INCREASINGLY TARGETTED BY ROMANCE SCAMMERS ON ONLINE DATING WEBSITES
(The Telegraph, dated 23rd January 2017 author Martin Evans)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/01/23/men-targetted-romance-scammers-likely-hand-large-sums-money/

The number of people falling victim to so-called romance scams has reached a record high in Britain with almost 40 per cent of those affected being men, new figures have revealed.

Criminals, often based overseas, use online dating sites to pose as people looking for love in order to snare their victims.

After striking up a rapport and gaining the trust of the unsuspecting target, the scammer then quickly persuades them to part with money, often claiming it is to help pay for an emergency.

Last year almost 4,000 people came forward to report cases of romance fraud, but not all of those targeted were women.

At least 39 per cent of those who are duped are men, according to Action Fraud, the UK's cyber-crime reporting centre, which is operated by the City of London Police.

The majority of perpetrators are thought to be male organised criminals, who create fictitious online characters to target people of both sexes.

But police believe there are also a number of female romance scammers operating, who specifically target lonely men aged over 50.

In 2016 a total of 3,889 people came forward to report having been scammed, with a record £39 million handed over.

While the figure has risen sharply in recent years, police believe the figure is just the "tip of the iceberg" because many victims are too embarrassed to admit it.

Steve Proffitt, deputy head of Action Fraud, said each victim lost around £10,000 on average, but there have been cases where victims has lost far more.

In 2015 a businesswoman from Hillingdon in North West London was duped into handing over £1.6 million.

The woman thought she was communicating with an oil worker called Christian Anderson but was in fact exchanging emails with a gang of scammers who were originally from Nigeria.

When police eventually tracked the perpetrators down they found they had been using a seduction manual, entitled The Game: Penetrating the Society of Pick Up Artists.

Last year the Royal Bank of Scotland reported that it was seeing an average of nine cases of fraud involving single men aged over 50 who were duped into giving away tens of thousands of pounds to fraudsters.

The average length of time it takes for a scammer to mention money after first striking up a relationship is just 30 days, according to Action Fraud.

But there are no estimates as to how many people are targeted but never come forward to report the crime.

Mr Proffitt said: "A lot of the online dating fraudsters we know are abroad. They're in West Africa, Eastern Europe and it's very difficult for British law enforcement to take action against them in those jurisdictions."

HOW TO AVOID DATING SCAMS

Dating expert, James Preece (jamespreece.com) shares his tips on how to avoid scammers :

1. If you're suspicious about a profile report it to the dating website or app so they can investigate it.

2. Try doing your own detective work - ask them for their full name and look them up on Google and social media.

3. Don't be afraid to question their authenticity - if they are genuine they won't mind you trying to verify them.

4. Remember, they may spend months building a relationship with you and will only ask for money once you're emotionally involved.

5. Ask a friend for advice as they are not as emotionally involved as you, they may be able to see something you can't.

6. Look out for fake or stolen photographs. You can use sites like TinEye.com to check the authenticity of a photo and you can try doing a reverse image search on Google (by clicking on the camera logo in the search bar and uploading an image) to see if they are using a fake picture.

7. Never give out too much personal information, such as your home address, phone number or email.

8. Consider setting up a new email address to use for online dating and perhaps even get a cheap Pay As You Go phone to use for making phone calls.

CYBER CRIME - Most common UK online offences


These are the ten most common cyber-crimes in the UK, with number of cases reported in the year to June 2016

1. Bank account fraud - 2,356,000

Criminals trick their way to get account details. For example: "Phishing" emails contain links or attachments that either take you to a website that looks like your bank's, or install malware on your system. A 2015 report by Verizon into data breach investigations has shown that 23pc of people open phishing emails.

2. Non-investment fraud - 1,028,000

AKA Ponzi schemes. Examples include penny stocks, pension liberation, and investment in commodities, such as wine or art, that later prove worthless

3. Computer virus - 1,340,000

Unauthorised software damages or takes control of your machine. For example: "Ransomware" encrypts your files and pictures then demands a payment to restore your access to it

4. Hacking - 681,000

Criminals exploit security weaknesses to illegally access other machines or networks. They steal sensitive data or subvert machines for their own purposes, such as sending spam or launching other cyber attacks

5. Advance fee fraud - 117,000

The victim is promised access to a great deal of money in return for a smaller upfront payment. For example, the classic "Nigerian Prince" email scam

6. Other fraud - 116,000

One example is "solicitor scams", where a solicitor's website is hacked, then clients asked to divert large payments into the criminals' bank accounts.

7. Harassment and stalking - 18,826

Threats, abuse and online bullying - what's commonly been termed "trolling" on social media

8. Obscene publications - 6,292

Pornography that meets the definition of the Obscene Publications Act, thus generally involving some form of physical abuse

9. Child sexual offences - 4,184

Assault, grooming, indecent communication, coercing a child to witness a sex act. These crimes may be being under-reported

10. Blackmail - 2,028

This includes threats to publish intimate photographs online

(4th February 2017)


HOW DATING WEBSITE FRAUDSTERS CONNED BRITS OUT OF £39m LAST YEAR
(London Evening Standard, dated 23rd January 2017 author Justin Davenport)

Full article [Option 1]:

www.standard.co.uk/news/crime/revealed-how-dating-website-fraudsters-conned-brits-out-of-39m-last-year-a3447341.html

Dating fraudsters conned a record 3,889 victims out of £39 million last year, it emerged today.

Figures show the number of people in the UK who were defrauded via online dating scams reached a record high in 2016.

Action Fraud, the UK's cyber-crime reporting centre, says it gets more than 350 reports of such scams a month. Its deputy head, Steve Proffitt, said each victim on average lost about £10,000.

He told the BBC's Victoria Derbyshire programme: "A lot of the online dating fraudsters we know are abroad.

"They're in west Africa, eastern Europe and it's very difficult for British law enforcement to take action against them in those jurisdictions."

Last week, Office for National Statistics figures showed fraud is the most commonly perpetrated crime, with almost one in 10 adults falling victim to scams.

Today's figures, from the National Fraud Intelligence Bureau, reveal that the number of victims of online dating fraud has risen steadily in recent years.

In 2013 there were 2,824 reports of dating scams, with reported losses of £27,344,814. In 2014, these rose to 3,295 reports and £32,259,381. In 2015, the reports rose to 3,363, although reported losses fell to £25,882,339.

One woman told the Victoria Derbyshire programme how she was left feeling "brutalised" after losing more than £300,000 to a dating fraudster.

Business owner Nancy - not her real name - signed up to dating website Match.com in 2015 after her marriage broke down.

The single mother, 47, from Yorkshire, said she made contact with a man called Marcelo from Manchester, an attractive Italian supposedly working in Turkey, with whom she found she had "a rapport and similar values".

"Marcelo" persuaded her to move their chat off the website on to an instant messaging service and the two began exchanging messages from morning until night.

After about six weeks, he said he had been mugged in Turkey and was unable to pay his workers before returning to the UK, when he and Nancy were due to meet. He also said his son was in hospital and needed surgery.

Nancy said she felt uncomfortable with the situation but ended up "reluctantly" sending 3,650 (£3,160).

She said: "It escalated unbelievably quickly, so straight away it was the medical fees, then it was money for food, money needed to pay rent, money for taxes to get out of Turkey.

"I wasn't comfortable, and then I got so far in I couldn't get myself out, and I didn't want to walk away having lost £50,000 or what-have-you, so you keep going in the hope that you're wrong and this person is genuine."

Nancy said she now faces bankruptcy after losing "over £300,000, maybe even over £350,000". She said: "That's really frightening, and the other aspect is that somebody's got inside your head, and they've just brutalised you emotionally.

"In some ways I'm not sure I'll ever recover from that."

Police advise people never to send money to someone online they have not met and think twice about posting personal information that could be used to manipulate or bribe them.

(4th February 2017)


ANOTHER HOMEBUYER LOSES £67K AS SOLICITORS FAIL TO WARN OF EMAIL FRAUD
(The Telegraph, dated 23rd January 2017 author Amelia Murray)

Full article [Option 1]:

www.telegraph.co.uk/money/consumer-affairs/another-homebuyer-loses-67k-solicitors-fail-warn-email-fraud/

Solicitors are failing to warn clients about the risks of using email during property transactions, despite explicit guidelines from anti-fraud authorities and their own trade body, the Solicitors Regulation Authority.

Howard Mollett, who had was tricked into paying over £74,000 to a fraudster posing as his solicitor over email, said he was never warned about the threat of online criminals by his firm, Sethi Partnership, which is based in west London.

In fact, first-time buyer Mr Mollett, 40, said the firm only put a "cyber crime alert" at the bottom of their emails on the day he discovered he had become a victim of conveyancing fraud.

The alert read: "Please be aware that there is a significant risk posed by cyber fraud, specifically affecting email accounts and bank account details.

#########"PLEASE NOTE that this firm's bank account details WILL NOT change during the course of a transaction and we WILL NOT change our bank account details via email. Please check account details with us in person if in any doubt. We will not accept responsibility if you transfer money into an incorrect bank account."

The Solicitors Regulation Authority has made repeated warnings to firms about the threat of online attacks since February 2014.

Conveyancing fraud occurs when criminals intercept emails exchanged between homebuyers (or homesellers) and their solicitors.

The fraudsters then generate fake emails purporting to be from one of the parties, asking the other to make payments in to a new bank account.

The payments are often very large, representing deposits on properties or in some cases the entire proceeds of a property sale.

Once the money has been paid, the criminals drain the accounts.

The banks involved are frequently unhelpful and slow to act.

In December 2016 the Solicitors Regulation Authority identified conveyancing fraud as the most common cyber crime in the legal sector. It suggested that a quarter of firms had been targeted by online fraudsters. In one in 10 of these cases money had been stolen as a result, it said.

Victim of conveyancing scams lose £101,000 on average.

- Cyber criminals rob £10.9bn from UK residents in a year - and even more goes unreported

- One in three cases of 'solicitor fraud' not even looked at, police admit

www.telegraph.co.uk/money/consumer-affairs/one-in-three-cases-of-solicitor-fraud-not-even-looked-at-police/

There are 10,500 solicitor firms in England and Wales, according to the SRA.

Based on its own numbers 2,625 companies have been targeted by fraudsters, with criminals having been successful in almost 300 cases. But under-reporting of cases and size of the loss means the actual numbers are likely to be far greater.

Mr Mollett, who works at a charity, successfully transferred a downpayment of just over £32,500 to Sethi Partnership's HSBC bank account in August last year.

On Friday September 23, the firm emailed a summary of his outstanding final costs. His outstanding balance was £119,837 for a one-bed flat in Brixton, south London, which cost £310,000. The firm insisted this needed to be in its account before completion on October 5.

He tried to make a same day transfer of £45,000 the following Thursday while working abroad in the US. However, a message appeared on his online banking that said the transfer could take up to three days to clear.

Mr Mollett could not pay off the balance in one go as he had a daily transfer limit of £50,000. However, he was anxious about missing his completion date so emailed Sethi Partnership for advice.

It was then the fraudsters pounced. Posing as Mr Mollett's solicitor, the criminal said the firm was having issues with its HSBC account and requested the remaining funds be paid into an alternative Yorkshire Building Society account.

He transferred £42,000 into the account on Friday 30th and £25,000 the following day.

On Sunday Mr Mollett received another email from the bogus solicitor asking for the last £7,837 to be paid into a NatWest account as it was below £10,000.

He was told the solicitor would be in touch on Tuesday to make completion arrangements for Wednesday.

However, on Tuesday, Mr Mollett received a genuine email from the firm stating it had only received the first £45,000 payment.

It was at that moment Mr Mollett saw the cyber security alert at the bottom of the message and realised something had "gone seriously wrong".

He immediately called his bank, the police and in desperation, Yorkshire Building Society and NatWest.

Over the next few days Mr Mollett, his parents and his sister manage to scrape their savings and replace the missing funds so the property purchased completed.

The last payment to NatWest was recovered but the £67,000 has yet to be returned.

Mr Mollett described the situation as "incredibly stressful".

His father, who is 72 and not in the best of health, was due to retire in December but has been forced to carry on working as he now has no savings.

He said: "The SRA has a name for this kind of fraud, for goodness sake. Why wasn't the firm on top of it? It should have warned me about cyber security and explained it would never offer alternative bank accounts by email?

"What are we paying solicitors for if not to guide us through buying a home, possibly the biggest transaction of our lives?"

Mr Mollett is seeking the advice of a lawyer and cyber security expert. He believes if he can prove Sethi Partnership's systems were compromised he will get his money back.

Sethi Partnership refused to comment on why it did not warn Mr Mollett about cyber crime or what prompted it to add the alert to its emails.

It said it takes the issue seriously and has the required "compliance measures in place". It said it sends bank details in hard copy rather than email.

Mr Mollett's case is currently being investigated by the firm, the police and the banks. Sethi Partnership said that while it "could not comment directly" it had "never had to deal with an incident like this before".

The SRA said it constantly warns firms of the risks.

A spokesman said: "We would ask Mr Mollett to get in touch with the SRA. If the firm has been hacked, it too has been a victim of crime, and this is what insurance is for."

Telegraph Money has reported extensively on the epidemic of conveyancing fraud. Property buyers and sellers are advised not to communicate with solicitors about payments over email and to transfer a small amount, such as £1, before making the full payment.

(4th February 2017)


FRAUD FOR ONLINE HOLIDAY SALES SPIKE BY 31%
(Computer World, dated 18th January 2017 author Matt Hamblen)

Full article [Option 1]:

www.computerworld.com/article/3158862/e-commerce/fraud-for-online-holiday-sales-spikes-by-31.html

uaware note : This may be an article describing fraud in the USA, but this type of problem is global.

Fraud attempts on digital retail sales jumped 31% from Thanksgiving to Dec. 31 over the previous year, according to a survey of purchasing data from ACI Worldwide.

The fraud increase was based on hundreds of millions of online transactions with major merchants globally. Also, the number of e-commerce transactions grew by 16% for the same period, ACI said.

Some of the fraud attempts came from the use of credit card numbers purchased in underground chat channels, ACI said.

"Given the consistent and alarming uptick in fraudulent activity on key dates, merchants must be proactive in their efforts to identify weak spots and define short and long-term strategies for improved security and enhanced customer experience," said Markus Rinderer, senior vice president of platform solutions at ACI.

ACI provides electronic payments technology for more than 5,000 organizations globally. One of its products, ReD Shield, was used to collect the data in the survey. ReD Shield, a fraud detection and prevention software product, was used to process 7% of all Black Friday online spending and 13% of Cyber Monday's spending.

The data showed that the highest fraud attempt rates were on Christmas Eve and on days when shipments were cut off. The key shopping dates by volume (number of transactions) were Cyber Monday, which showed 15% growth, and Black Friday, which showed 19% growth.

The average sales ticket declined by 7% during the 2016 holiday period. The average was $228 in 2016, down from $243 in 2015.

In 2016, one of every 97 transactions was a fraudulent attempt, compared with 1 out of 109 transactions in 2015.

ACI defines a fraud attempt as a transaction confirmed by a merchant as fraudulent; a transaction that matched a record in an ACI database for a credit card number that was sold online in an underground chat channel; or as reported as fraud by a bank or other issuer. ACI also includes as fraud attempts those data patterns that match a recently confirmed fraud behavior.

(22nd January 2017)


TAKE THE FRAUD DEFENCE TEST AND PROTECT YOURSELF
(Action Fraud, dated 18th January 2017)

Full article : www.actionfraud.police.uk/news/take-the-fraud-defence-test-and-protect-yourself-jan17

-------------------------------------------------------
uaware comment

The "Test" asks for your age, post code and gender. Even for a simple test like this, provide some information, but just make it up. If you are 65, say you are 40, and give the post code of your local Sainsburys !

-------------------------------------------------------

With fraud set to become the most prevalent type of crime in England and Wales, we're urging you to act now to protect yourself from falling victim to fraud and cyber crime.

The Crime Survey of England and Wales, published tomorrow, is likely to indicate fraud and cyber crime now account for close to half of all crime, making you much more likely to be a victim of these crimes than any other. In July 2016, the crime survey indicated 3.8 million frauds and 2 million cyber crimes occurred in the 12 months to the end of March 2016.

How to protect yourself

- Sign up to our alert-by-email system to get the latest trending frauds across the country. The alerts are also sent to the 250,000 people who have signed-up to the Neighbourhood Alert System.

Register for Alerts : www.actionfraud.police.uk/alerts

- Take the Fraud Defence Test. The test, developed by City of London Police and built with funding from the Home Office's Police Innovation Fund, takes just a couple of minutes and is designed to help you understand how you could become a victim of fraud in relation to your circumstances and knowledge of fraud.

The Test : https://frauddefencetest.com/

- Take a look at Take Five, a new campaign funded by the banking industry to help you take a moment before acting.

Take Five campaign : https://takefive-stopfraud.org.uk/

Tips include:

- Never disclose security details, such as your PIN or full banking password.
- Don't assume an email, text or phone call is authentic.
- Don't be rushed - a genuine organisation won't mind waiting.
- Listen to your instincts - you know if something doesn't feel right.
- Stay in control - don't panic and make a decision you'll regret.

Commander Chris Greany, the National Police Coordinator for Economic Crime, said: "The Crime Survey of England and Wales shows us that Fraud and Cyber Crime are the largest single crime types today, and the figures only include individuals and not businesses who are also victims.

"Policing is working closely with Government and the private sector to do what we can to arrest offenders, protect victims and provide suitable guidance to help support all people and businesses in preventing fraud.

"There are many ways we can all protect ourselves, websites such as Action Fraud and Take Five provide help and guidance as does our social media streams on :

Twitter : https://twitter.com/actionfrauduk
Facebook : https://www.facebook.com/actionfraud

(22nd January 2017)


POLICE RAID INDIA CALL CENTRE, DETAIN 500 IN FRAUD PROBE
(The Register, dated 6th October 2016 author Kat Hall)

Full article [Option 1]:

www.theregister.co.uk/2016/10/06/police_raid_india_call_centre_detain_500_in_fraud_sting/

More than 500 call centre staff have been detained by police in India, after allegedly threatening US citizens and siphoning off their money.

The raid was carried out by over 200 Indian police personnel across three separate call centres, according to reports.

The operators are alleged to have posed as officials of US Tax Department and demanded financial and bank details, threatening legal action if the victims did not comply.

According to the Mumbai Mirror, the fraudulent activity amounted to the equivalent of £125,752 per day.

Thane police commissioner Param Bir Singh told India's Economic Times: "It could be the tip of the iceberg and the amount could multiply as our probe progresses," adding that there is a possibility that people in the UK and Australia, too, could have been conned.

He said the caller would use the VoIP technology using a proxy server and make hundreds of calls.

"But the amount they stole from the innocent people is mind-boggling. In one case, one of the victims shelled out $60,000 just to escape a so-called raid on his house by taxmen."

(22nd January 2017)


MORE CYBER ATTACKS IN NORTH WALES THAN STREET CRIME
(BBC News, dated 16th January 2017)

Full article : www.bbc.co.uk/news/uk-wales-38634289

North Wales PCC Arfon Jones also warned businesses were "most at risk".

The North Wales Police Cyber Crime Team said ransomware crimes - where hackers encrypt files and demand thousands of pounds to unlock them - were being reported to the force "each week".

Mr Jones said: "The front line is now online."

He went on: "Technology has provided criminals with new tools and different methods to perpetrate crime.

"Traditional crimes such as burglary, shoplifting and theft have seen a reduction over the last decade but the number of offences hasn't reduced - it has moved online.

"The playing field has changed and we need to work more effectively in partnership to prevent the newer crimes, such as cyber-crime, from being committed."

He issued the warning to members of the North Wales Business Club on Monday.

It heard how one firm in Wrexham nearly folded after it had 15 years' of accounts data encrypted.

Det Sgt Peter Jarvis, of the cyber crime team, said businesses that do not have data back-ups were "left with some difficult decisions".

"It's very unlikely you will find the person responsible, they don't leave a footprint, so it's vital to have the right security and to follow the right procedures and to make sure your staff do as well," he added.

ONS figures released in July showed almost six million fraud and cyber crimes were committed in England and Wales in 2015.

(22nd January 2017)


ANOTHER BOGUS EMAIL
(16th January 2017)

The following email has been forwarded to "uaware" by one of it's readers. The recipients name has been changed to "Mr Blobby" and the donation reference changed to "nnnnnnnnnn" to protect their identity. The donation reference was also repeated further in the text and this has been changed to yyyyyyyy; this was a link to a website holding malware or ransomware.

If you receive the same email or something similar, ignore and delete it. Don't click on the link.

--------------------------------------------------------------------------------------------------------------------
From : Migrant Helpline
Sent : January 2017
To : Blobby
Subject : Dear Mr Blobby, Thank you for choosing to donate

Dear Mr Blobby,

Thank you for giving a much-needed donation of £194 to help families affected by the terrifying violence in Syria. With so many people who need our support, your gift is vital and greatly appreciated.

================================================================================================================

Thanks again for donating

We're sending it straight to Migrant Helpline so you'll be making a difference very soon.

Your donation details:
Name: Mr Blobby
Amount: £200
Donation Reference: nnnnnnnnnnnn

If you have any questions about your donation, please follow this link and download Your donation receipt yyyyyyyyyy, with the transaction details.

With your help, ATFU-Donations can continue to work in Syria and neighbouring countries to deliver clean water and life-saving supplies to millions of people.

Thank you again for your support.

Your generosity is bringing much-needed assistance to families who have lost everything as a result of the crisis in Syria.

Warm regards,
ATFU-Donations

----------------------

(22nd January 2017)


VEHICLE LEASING FRAUD ALERT
(National Fraud Intelligence Bureau, dated January 2017)

The NFIB has identified that overseas crime groups are targeting UK based car leasing companies to fraudulently obtain high performance motor vehicles.
The NFIB has ascertained that high end quality motor vehicles are rented from legitimate car leasing companies using fraudulent identification. The criminals have no intention of returning the motor vehicles.

The vehicles are shipped abroad where the index plates are changed and bodywork re-painted. Leasing the vehicle affords the criminal group time to move the motor vehicle out of the UK without raising suspicion.
A proportion of the vehicles are taken out of the UK to places such as Cyprus, Spain and Poland.
According to the fraudster, most of the vehicles end up in the hands of organised crime groups who are involved with boiler rooms and high-end money laundering in the UK.

PROTECTION / PREVENTION ADVICE


- Consider other methods of checking customer authenticity.
- Consider due diligence and know your customer options
- Ensure vehicles are equipped with appropriate tracking devices
- If you have been affected by this, or any other fraud, report it to Action Fraud by :

calling : 0300 123 2040, or
visiting :  www.actionfraud.police.uk

(22nd January 2017)


FRAUDSTERS ARE TARGETING EMPTY HOMES
(Action Fraud, dated 11th January 2017)

Full article : www.actionfraud.police.uk/news/fraudsters-are-targeting-empty-homes-jan17

The National Fraud Intelligence Bureau's (NFIB) Proactive Intelligence Team is warning homeowners about organised criminal groups that target empty properties in the UK to apply for mortgages and loans.

The team have gathered information that shows criminal networks identifying empty properties by using names on the published obituaries and carrying out research on the Land Registry.

Once a suitable property is discovered the criminal group then organise for fake documentation to be produced and register on the electoral role and with utility providers.

The group tirelessly work through the legal hurdles until the funds are released by the organisation, whilst the innocent party has no idea a crime has taken place.

Fraudsters can also take advantage when:

Owners are absent.
There are buy to let landlords.
Owners are living abroad.
Elderly people don't live in their properties for reasons such as long term hospital or residential care.

How to protect against property fraud

Owners who are concerned their property might be subject to a fraudulent sale or mortgage can quickly alert the Land Registry and speak to specially trained staff for practical guidance about what to do next by calling the Property Fraud Line on 0300 006 7030. The line is open from 8.30am to 5pm Monday to Friday.

Additionally:

- Make sure your property is registered with the Land Registry - you will be compensated for financial loss if you do fall victim to fraud.

https://www.gov.uk/registering-land-or-property-with-land-registry/when-you-must-register

- Keep your contact information up to date once registered so you can be easily contacted if a complication arises.

- Sign up for Land Registry's free Property Alert service. If someone tries to take out a mortgage on a home you own you'll receive an alert. You can then judge whether the activity is suspicious and seek further advice.

https://www.gov.uk/guidance/property-alert

(22nd January 2017)


FAKE AMAZON EMAILS CLAIM YOU HAVE PLACED AN ORDER
(Action Fraud, dated 5th January 2017)
www.actionfraud.co.uk

Action Fraud has received several reports from victims who have been sent convincing looking emails claiming to be from Amazon. The spoofed emails from "service@amazon.co.uk" claim recipients have made an order online and mimic an automatic customer email notification.
The scam email claims recipients have ordered an expensive vintage chandelier. Other reported examples include: Bose stereos, iPhone's and luxury watches.

The emails cleverly state that if recipients haven't authorised the transaction they can click on the help centre link to receive a full refund. The link leads to an authentic-looking website, which asks victims to confirm their name, address, and bank card information.

Amazon says that suspicious e-mails will often contain:

- Links to websites that look like Amazon.co.uk, but aren't Amazon.co.uk.
- Attachments or prompts to install software on your computer.
- Typos or grammatical errors.
- Forged (or spoofed) e-mail addresses to make it look like the e-mail is coming from Amazon.co.uk.

Amazon will never ask for personal information to be supplied by e-mail.

You can read more about identifying suspicious emails claiming to be from Amazon by visiting :

https://www.amazon.co.uk/gp/help/customer/display.html?nodeId=201489210

To report a fraud or cyber crime, call us on 0300 123 2040.

(22nd January 2017)


DEPARTMENT OF EDUCATION RANSOMWARE ALERT
(Action Fraud, dated 4th January 2017)

Full article : www.actionfraud.police.uk/news/department-of-education-ransomware-alert-jan17

Fraudsters are posing government officials in order to trick people into installing ransomware which encrypts files on victim's computers.

Fraudsters are initially cold calling education establishments claiming to be from the "Department of Education". They then ask to be given the personal email and/or phone number of the head teacher/financial administrator.

The fraudsters claim that they need to send guidance forms to the head teacher (these so far have varied from exam guidance to mental health assessments).

The scammers on the phone will claim that they need to send these documents directly to the head teacher and not to a generic school inbox, using the argument that they contain sensitive information.

The emails will include an attachment - a .zip file (potentially masked as an Excel or Word document). This attachment will contain ransomware, that once downloaded will encrypt files and demand money (up to £8,000) to recover the files.

It should be noted that similar scam attempts have been made recently by fraudsters claiming to be from the Department for Work and Pensions and telecoms providers (in this case they need to speak to the head teacher about 'internet systems').

How to protect against this type of fraud

Having up-to-date virus protection is essential; however it will not always be able to prevent you from becoming infected.

Please consider the following actions:


- Although the scammers may know personal details about the head teacher and use these to convince you they are a real employee, be mindful of where these have been obtained from, are these listed on your public facing website?

- Please note that the "Department of Education" is not a real government department (the real name is the Department for Education).

- Don't click on links or open any attachments you receive in unsolicited emails or SMS messages. Remember that fraudsters can 'spoof' an email address to make it look like one used by someone you trust. If you are unsure, check the email header to identify the true source of communication.

- Always install software updates as soon as they become available. Whether you are updating the operating system or an application, the update will often include fixes for critical security vulnerabilities.

- Create regular backups of your important files to an external hard drive, memory stick or online storage provider. It's important that the device you back up to aren't left in an insecure location or on the same network that your machines are connected too.

To report a fraud and cyber crime and receive a police crime reference number, call us on 0300 123 2040 or use our online fraud reporting tool : www.actionfraud.police.uk/report_fraud

uaware comment


This scam can easily be adapted to other scenario's. For example, "Dept of Education" could become : the NHS, the Dept for Rural Affairs, the Charities Commission, the National Lottery Heritage Fund, etc. So a whole swathe of professions could become victims.

(22nd January 2017)


DODGY DEALER ON AMAZON LURES MARKS TOWARDS PHISHING SITE
(The Register, dated 6th January 2017 author John Leyden)

Full article [Option 1]: www.theregister.co.uk/2017/01/06/amazon_scam/

Amazon UK customers would do well to be vigilant about the post-holiday deals they find on the retail site following the discovery of a sophisticated scam.

A rogue merchant, called Sc-Elegance, is primarily offering high-end electronics, advertising them as "used - like new" at significantly lower costs than in the shops. However, when the shopper adds the item to their basket and checks out, it redirects them away from Amazon to make the payment at a convincing phishing site.

"This particular seller has been reported a number of times to Amazon in its forums," according to Lee Munson, a researcher for security and privacy advice and comparison website Comparitech.com. "While Amazon has taken some action to remove listings, the merchant keeps popping up again and again under different guises.

"Customers need to be aware that if they pay for goods outside of Amazon, they will not get the item and their money will be gone - and there will be no support from Amazon in getting compensation," he warned.

Amazon removed the Sc-Elegance listings after being contacted by Comparitech.com about the rogue seller. Similar scams along the same lines might easily reappear. Comparitech.com advises consumers to be wary of deals that seem too good to be true. Never buy a product that requires payment outside of the official Amazon website or app,

(22nd January 2017)


MOST COMMON UK ONLINE OFFENCES
(The Telegraph, dated 31st December 2016)

www.telegraph.co.uk [Option 1]

These are the ten most common cyber-crimes in the UK, with number of cases reported in the year to June 2016

1. Bank account fraud - 2,356,000

Criminals trick their way to get account details. For example: "Phishing" emails contain links or attachments that either take you to a website that looks like your bank's, or install malware on your system. A 2015 report by Verizon into data breach investigations has shown that 23pc of people open phishing emails.

2. Non-investment fraud - 1,028,000

AKA Ponzi schemes. Examples include penny stocks, pension liberation, and investment in commodities, such as wine or art, that later prove worthless

3. Computer virus - 1,340,000

Unauthorised software damages or takes control of your machine. For example: "Ransomware" encrypts your files and pictures then demands a payment to restore your access to it

4. Hacking - 681,000

Criminals exploit security weaknesses to illegally access other machines or networks. They steal sensitive data or subvert machines for their own purposes, such as sending spam or launching other cyber attacks

5. Advance fee fraud - 117,000

The victim is promised access to a great deal of money in return for a smaller upfront payment. For example, the classic "Nigerian Prince" email scam

6. Other fraud - 116,000

One example is "solicitor scams", where a solicitor's website is hacked, then clients asked to divert large payments into the criminals' bank accounts.

7. Harassment and stalking - 18,826

Threats, abuse and online bullying - what's commonly been termed "trolling" on social media

8. Obscene publications - 6,292

Pornography that meets the definition of the Obscene Publications Act, thus generally involving some form of physical abuse

9. Child sexual offences - 4,184

Assault, grooming, indecent communication, coercing a child to witness a sex act. These crimes may be being under-reported

10. Blackmail - 2,028

This includes threats to publish intimate photographs online

Source: Office for National Statistics

(1st January 2017)


WHAT IS SPEARPHISHING ? HOW TO STAY SAFE ONLINE
(International Business Times, dated 30th December 2016 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/what-spearphishing-how-stay-safe-online-this-effective-cybercrime-technique-1598738

Hackers, spammers and cybercriminals have a multitude of methods they can use to infiltrate computer systems, steal data, plant malware or compromise your personal information. One of the most long-standing tactics is targeting 'phishing', also known as spearphishing.

It has endured because it works: unwitting web users continue to receive malicious messages and still fall victim to their charms. If you are wondering how dangerous they can be, just ask John Podesta: the US political player who lost tens of thousands of email with a single click.

When a spearphishing email lands in your inbox, it's rarely a mistake. Using your personal information - either hacked from another source or lifted from public social media profile - spammers are able to produce slick, and highly-convincing, messages.

They will appear legitimate, but spearphishing emails usually contain malware, spyware or another form of virus - often hidden in a link. When clicked, the payload will usually download automatically onto your computer and go to work - stealing files, locking records or logging your keystrokes.

Using your own personal information against you, hackers can craft an extremely personalised email message. It will likely be addressed to you by name and will reference a specific event in your life, something that will make you believe the sender is real and trustworthy.

What information could they possibly know?


Using social media, the spammer will likely already know your age, where you work, what school you attended, personal interests, what you eat for dinner, what concerts you have been to recently, where you shop, what films you like, what music you listen to, your sexual preference, and more.

But this is enough. Using the information, a fictitious hacker could easily pose as your friend and ask for further information about you - your phone number, password, even bank details? Not everyone would fall for the scam, but many still do if the recipient believes the identity of the sender.

A hacker using spearphishing may pose as a retailor, online service or bank to fool you into resetting your credentials via a spoofed landing page. The email may ask you to reset your password or re-verify your credit card number because suspicious activity has been monitored on your account.

If the email tempts you to click an embedded link, it could also download a keylogger or Remote Access Trojan (RAT) onto your computer to steal bank details or social media passwords as you type them. Many people re-use passwords across multiple websites, so the danger of hacking is high.

How to stay protected


Stay protected by being aware of the threats and remaining extremely careful about what personal information you put online. Limit what pictures to post to Facebook or Twitter, check where your email is listed and ensure your computer's security is kept up to date.

Ensure the passwords you use are original, lengthy and, most importantly, unique to every online website or service. A strong password will contain a mixture of characters, numbers and symbols. If possible, enable two-step authentication on every account that offers it.

Finally, know the signs and stay vigilant. If you receive an email from a close friend that asks for personal information - think twice before replying and send them a reply asking them to verify their identity. Also, know that any real business or bank is unlikely to request sensitive data via email.

Unfortunately, it only takes one click of a mouse for the hacker to access your system and despite advanced spam filters on current email providers spearphishing emails will continue to slip through the cracks.

(1st January 2017)


FACEBOOK IS ALSO HIT BY SCAMS - EXAMPLE

BUSINESSES SNAGGED BY WEB OF NEW INTERNET SCAMS
(Chicago Tribune, dated 21st December 2016 author Robert Reed)
www.chicagotribune.com

Norb Tatro, a former local TV news producer and friend of mine, was recently cloned. On Facebook, that is.

I know this because his cyber alter ego contacted me one evening with some "happy" news: He'd just won $250,000 from a new U.S. government/Facebook grant program. What's more, my name was also on a list of grant recipients.

The clone suggested we kibitz (speak informally) on the phone to discuss our shared good fortune.

That's when I caught on (yes, it took me a moment) to effectively respond, "Yeah, thanks but no thanks."

Soon after, I reached the real Norb, as did some other Facebook pals, to flag him. He and wife, Elaine Feldman, notified the social network and in a few hours the bogus site was removed, hopefully never to be seen again.

This cloning episode got me thinking about some wider implications: While many individuals fall victim to expensive, disruptive and time-wasting cyberattacks, so do a lot of businesses. In fact, companies are increasingly up against new, more creative types of Internet hacking and are scrambling to defend themselves against online threats.

"Getting hit with some type of cybersecurity event is the new natural disaster for business. It can be catastrophic," says Rob Clyde, board director of Rolling Meadows-based ISACA, a nonprofit industry association for digital information and technology issues, including cybersecurity.

A Facebook cloning or hacking attack could be devastating to a small-business operator, many of whom use the site to promote products, maintain business contacts and do bits of business.

Think about it. There's an estimated 60 million small businesses with Facebook pages, according to Facebook.

Such a huge and growing universe is a natural target for hackers and ne'er-do-wells. Moreover, no matter how it tries, it's nearly impossible for Facebook to proactively monitor every post, piece of content and network activity on its site.

As such, entrepreneurs are often the first line of defense against a nefarious hacker infecting or hijacking their page. If something is wrong, small-business owners should quickly complain to Facebook.

"Claiming to be another person violates our community standards and we remove profiles reported to us that impersonate other people," a Menlo Park, Calif.-based Facebook spokeswoman said.

Oddly enough, targeting Facebook pages may become old-school, at least when it comes to online harassment of business, which is coping with a more emerging danger: Ransomware.

Incidents of ransomware are "just exploding" says ISACA's Clyde.

ISACA link : www.isaca.org/about-isaca/Pages/default.aspx

Usually, a hacker will use malware to infiltrate a poorly protected data site, capture sensitive files and literally hold them hostage in an encrypted form beyond the company's computer reach.

Oftentimes, the ransom is for a nominal amount, a few thousand dollars. The requested payoff can be made with the internationallyused bitcoins, which can signal the data kidnappers are an overseas gang, Clyde adds.

Cyber kidnappers also know something about customer service. Some will open a chat line with a company executive to help facilitate payment.

The FBI strongly urges companies not to pay and to report any ransomware threats to the agency and police. But it is not illegal to pay a ransom.

At risk are mid-sized enterprises, including law firms and health care concerns. Organizations become desperate to get back their data and justify the ransom as another cost of doing business in the Internet age. "It's a nuisance fee and they pay it," Clyde adds. If that seems odd to you, you're not alone.

Paying off data kidnappers shouldn't be such a gray area. Yet it seems to be a grudging admission that our cyber cops are having trouble cracking down on tech-savvy crooks and that real-time business needs can outweigh the moral imperative of not encouraging criminal behavior.

Still, anyone who has been victim of Internet scam artists realizes it pays to be resilient.

(22nd December 2016)


FESTIVE SEASON PHISHING SCAMS
(Computerworld, dated 10th December 2016 author Ryan Francis)

Full article [Option 1]:

www.computerworld.com/article/3145389/security/10-top-holiday-phishing-scams.html

Scams to keep an eye out for

It always happens this time of year -- an influx of holiday related scams circulating the interwebs. Scams don't wait for the holidays, but scammers do take advantage of the increased shopping and distraction when things get busy to take your money and personal information. Jon French, security analyst at AppRiver, warns you of six holiday threats to watch out for.

Look out for fake purchase invoices

With holiday shopping starting to ramp up and the daily deluge of holiday discounts in your inbox, it can be confusing to remember which online stores you actually purchased items from. This creates a vector where attackers can be more successful in attacks with things like fake purchase receipts. An unexpected receipt from Amazon or Wal-Mart during most of the year would hopefully raise some red flags for most users, but during the prime time for shopping for the holidays, users will likely be more susceptible to clicking those types of things. Victims could find themselves installing malware or landing on a phishing page if they aren't cautious.

Shipping status malware messages

Along the same lines as fake email receipt messages, fake shipping notifications usually increase each year around the holidays. With so many online orders being shipped around during peoples shopping sprees, they again might be more likely to click something they wouldn't normally click. If you just placed an order that shipped via UPS, and then you get a zipped virus with the vague wording about your recent order being delayed, you may be more likely to click it.

Be cautious of email deals

Not all email flyers and sales are going to be legitimate this shopping season. Some of the big stores where you have previously shopped or signed up for newsletters will likely be OK and legitimate. But be cautious of unexpected deals or product promotions from stores or sellers you have never dealt with. There will be people trying to take advantage of buyers where the victim could be subject to phishing tactics or just stolen money for an order that will never come in.

Take a little more care at looking at links and URLs


Phishing websites are around all year, but again with the sometimes hectic holiday season, people's guards can be down and they could fall victim to phishing attempts. Hovering over links in webpages and emails as well as taking that second to just look at the address bar and see what site you're really at can save you from falling for a phishing page.

Keep an eye on your bank accounts

Some people may be spending money on whatever catches their eye, and others may be planning every purchase out. Regardless, people should keep an eye on their accounts and make sure the purchases made are ones they are actually making. It would only take one store you shop at being compromised to give criminals the chance to drain your bank account -- whether it be a card scanner at a gas pump, POS malware at a retailer store, or an online store with lax web security.

Fake surveys

Survey emails sent out promising some sort of money or gift card in exchange for completing it can end up being a scam. Often the surveys are very short and generic, but at the end they may ask for some personal information. This can be what the attackers are really after. By gathering this information, they can use it to further a more advanced phishing attack. Some may even directly ask you for bank details or credit card information promising you won't lose money.

(20th December 2016)


DON'T GET CAUGHT BY THIS SPEEDING FINE SCAM EMAIL
(BT News, dated 16th December 2016)

Full article [Option 1]:

http://home.bt.com/lifestyle/money/money-tips/dont-get-caught-by-this-speeding-fine-scam-email-11364121900635

Criminals are on another drive to get hold of our personal information, this time by sending out emails claiming you have been caught speeding.

The fraudulent email says you have been caught speeding and warns that a Notice of Intended Prosecution has been issued by Greater Manchester Police (GMP).

The email is a fake and the police are warning that it could infect people's computers with malware that enables criminals to access your personal information including your financial details.

"Greater Manchester Police are aware of a scam email circulating informing the recipient that they have been caught speeding. This email is fraudulent and may ask you to give your personal or financial information or attempt to infect your computer with malware," says Detective Inspector Martin Hopkinson of GMP's Serious Crime Division.

"Once your computer is infected with malware, cyber criminals may be able to access your personal and financial information which could be used to defraud you.

"GMP would never send out correspondence via email requesting payment of fines now will we ask for your personal and financial information."

If you receive the email you should not respond to it. Instead report it to Action Fraud or 0300 123 2040.

"I would urge people to delete any such emails and ensure they always have the most up-to-date security software," adds Hopkinson.

How to spot a scam email

Fortunately, scammers don't always cover their tracks so well. Look out for these classic scam email warning signs:

- The sender's email address doesn't match with the real organisation's web address.
- You aren't addressed by your proper name, instead there is a generic greeting such as 'Dear customer'.
- There is pressure to act quickly - either you need to claim a prize before a deadline or if you don't act your account will be closed.
- You need to click on a link in order to act.
- You are asked for personal information such as a user name, password or your bank details.
- Mistakes - scam emails often contain spelling and grammatical errors.

uware comment


The advice quoted above is a generalism. Some of these emails are quite convincing and may include the recipients name.

(20th December 2016)


LLOYDS BANK SCAM LETTER
(Hertfordshire Police, dated 9th December 2016 author "Watch Liaison")

Residents are being warned to question written correspondence from their banks following a new scam which has targeted Lloyd's customers. The letter looks genuine, featuring the Lloyds logo, customer service address and is even signed by a customer relations manager. It informs the recipient of 'unusual transactions' on their personal current account and asks the customer to call a telephone number to discuss the transactions.

When customers call the number provided, they are taken through to what seems to be a Lloyds automated service. The caller is asked to enter their card/account number, sort code, date of birth and then instructed to enter the first and last digit of their security code. At this point, the automated voice states they have been unable to match the digits and asks for the third and fifth number of the security code. Customers are then put on hold to speak to an adviser, who asks for more information, and they are also asked if they are happy to give customer feedback.

The phone number on the letter was 08438 495865 - this is not a genuine Lloyds number and has since been blocked.

If you receive an unusual letter or other unexpected contact from your bank, it is a good idea to check if it is genuine by calling the customer services number printed on the back of your bank card, your regular statement or another reputable source.

(20th December 2016)


SCAM ALERTS FROM NATIONAL TRADING STANDARDS - NOVEMBER 2016

This is not a definitive list, but just an example of some of the scams occuring during November 2016.

-----------------------
REPOSSESSION SCAM
(Dated : 14th November 2016)

Sussex residents have been warned that a text message claiming their homes will be repossessed is a scam.

People have reported receiving texts saying their home would be repossessed the following day.

Suzanne Newman, a spokesperson for Worthing Homes, many of whose residents received the text, said the scam had been spotted all over the UK and was not unique to Worthing Homes.

The text claimed the repossession was following 'previous correspondance'.

Action Fraud, the UK's national reporting centre for fraud and cyber crime, list different types of text message based scam:

"You're sent a text from a number you don't recognise, but it'll be worded as if it's from a friend.

-----------------------
AMAZON SHIPPING ORDER EMAIL SCAM

Scammers are sending out emails purportedly from Amazon saying there is a problem processing orders and that they won't be shipped.

It adds that you won't be able to access your Amazon account or place any orders until you confirm certain information.

Naturally, there's a link at the bottom of the page telling you to 'confirm' your account.

It'll take you to a fake website which looks very similar to the real one - when you enter your personal details, they'll go straight to the scammers harvesting them.

Once you click the 'Save & Continue' button, you'll automatically be redirected to the Amazon site so that you're none the wiser.

The fraudsters can use your newly-acquired details to make purchases in your name, and potentially use your information to open financial products in your name.

----------------------
GOLD DIGGING HACKERS TARGET KANYE FANS USING iTUNES PHISHING SCAM
(Dated : 23rd November 2016)

Heartless hackers are targeting fans of rap star Kanye West using a newly-uncovered iTunes phishing scam.

The attack has been branded "especially greedy" by experts for its attempts to steal both personal data and credit card information.

Email security firm Mimecast analysed the attack after it was discovered by the INQUIRER.

-----------------------
MILLIONS PUT THEMSELVES AT RISK OF FRAUD CHASING BARGAINS ONLINE
(Action Fraud, dated 22nd November 2016)

New research released by Financial Fraud Action UK (FFA UK) shows that 31% of online shoppers admit that they are more likely to take a financial risk if an online retailer offers them a bargain.

This means there are potentially 15 million online shoppers who could be putting themselves at risk of financial fraud.

Those aged 16-34 are most at risk, with almost half of that age group (46%) admitting they are more likely to take a chance, compared to just 18% of people aged 55 or over.

The findings come at the start of the festive shopping season; with Black Friday (25th November) and Cyber Monday (28th November) offering online bargains and time limited discounts.

It is also a time when fraudsters try to entice people into giving away their debit and credit card details on fake websites.

----------------------

POLICE ISSUE WARNING OVER COLD CALLERS
(Dated : 26th November 2016)

Gwent Police says it has received reports of men cold calling in the Monmouthshire area.

So far the Monmouth, Osbaston, Usk and Goytre have been affected.

The males state they are from Wolverhampton, Scunthorpe and Middlesborough.

They then proceed to try and sell their services by showing a laminated piece of paper to homeowners to prove their legitimacy.

-----------------------
PENSIONER TARGETED BY CROOK PRETENDING TO BE TREE SURGEON
(Dated : 19th November 2016)

A vulnerable pensioner had nearly £500 stolen by a heartless crook pretending to be a tree surgeon.
The incident happened in Styvechale , at around 11am.

West Midlands Police have categorised the incident as a distraction burglary after it was called in by the elderly woman's neighbour.

According to police, a man came to the door claiming to be a tree surgeon. A spokesman for the force said: "The offender claimed to be a tree surgeon and offered to do some work.

"The woman has gone upstairs to get money. She has then come downstairs and the man has asked for a cup of tea. "He then went upstairs and stole some more money ."

In total around £500 in cash was taken from the property.

-----------------------
ROGUE TRADER WARNING FOR BURY ST EDMUNDS
(Dated : 18th November 2016)

Suffolk Trading Standards has today issued a 'rogue trader' warning to householders in Bury St Edmunds after a man climbed on a roof without permission.

Trading Standards say the man was on the west side of Bury St Edmunds last weekend looking for work.

Its warning adds: "The male went up on the roof of a house without permission and then called at the door, stating that work was required to the flashing on the chimney to prevent leaks.

"He said that this would cost £5,500 in total, but that he had some materials on his van so that the cost would be £1,250.

"When this was refused, the male said he has got to do the work now and asked how much the resident was willing to pay."

No work was undertaken, but the individual might have called at other houses in the area as he was seen the next day.

Flashing is the lead strip that covers the join between brickwork and tiles.

----------------------
(1st December 2016)


METROPOLITAN POLICE SCAM EMAIL OFFERS "ADVICE" YOU DON'T NEED
(BT News, dated 25th November 2016)

Full article [Option 1]:

http://home.bt.com/lifestyle/money/money-tips/metropolitan-police-scam-email-offers-advice-you-dont-need-11364115913115

Scammers are now pretending to be the Metropolitan Police in a new (crime) wave of emails designed to steal our personal details.

The fake emails are being sent from an address called crime@content.met.police.uk, which isn't a valid Metropolitan Police email address.

According to Action Fraud, the UK's national reporting centre for fraud and cyber crime, the emails ask the victim to open an attachment containing "crime prevention advice".

However, anyone who does so will automatically download key logger software onto their computer or device.

"The iSpy key logger gives fraudsters the power to record every keystroke from a victim's device and steal sensitive information," Action Fraud said in a release.

Alert: Fake Met Police emails are being sent from crime@content.met.police.uk that contain iSpy key logger software https://t.co/6nODc33vDy
Action Fraud (@actionfrauduk) November 23, 2016

How a typical scam email look

The subject line of the email is 'Crime Prevention Advice' or some variation thereof, while the attached file is called '11212527.zip'.

An example email reads:

------------------------
To the general public:

See attached document to read more about crime prevention advice.

Regards,

Metropolitan Police Service.
A simple scam


-----------------------------
The fact the email isn't addressed to a specific person is a trademark of a typical scam email.

Likewise, the fact the attachment is a random sequence of numbers shows this to be a fairly unsophisticated scam attempt.

Nonetheless, some people might be tempted to open the email and click on the attachment if they believe it to be from the police.

If you do receive this email, just delete it. As always, make sure your antivurs software is up to date just in case you do get conned!

How to avoid email scams

Of course, there are many more sophisticated scams doing the rounds. To help you stay safe, Action Fraud has provided a few general email safety tips.

- Never click on links within emails you weren't expecting.
- Look up the address of a company and type it into the address bar yourself if you think you need to visit the website.
- Never reply to spam emails.
- If you get an email from your bank or building society asking for personal details do not respond. Look up a telephone number and call to check, but financial institutions won't contact you out of the blue asking you to give out personal information.
- Never download attachments unless you know and trust the sender.
- Keep abreast of the latest cons and scams by visiting Action Fraud.

(1st December 2016)


HACKERS ADVERTISING AND SELLING PHISHING KITS VIA YOUTUBE WITH SECRET BACKDOOR
(International Business Times, dated 25th November 2016 author India Ashok)

Full article [Option 1]:

www.ibtimes.co.uk/hackers-advertising-selling-phishing-kits-via-youtube-secret-backdoor-1593396

Cybercrime, like any other enterprise is a business, albeit an illegal one. Apart from targeting individuals, businesses and governments, cybercriminals also cash in by creating, using and marketing malware to other crooks. It appears however, that the age old adage of "honour among thieves" does not apply to cybercriminals these days.

Security researchers have uncovered cybercrooks advertising and distributing phishing kits, that come with how-to videos and links to additional information, to wannabe hackers via YouTube. The catch however is that the advertised kits come with a secret backdoor that sends all the phished data back to the author.

According to Proofpoint security researchers, hackers using YouTube to advertise and market their malicious wares marks the beginning of a new trend. "A simple search for "paypal scama" returns over 114,000 results," researchers noted, indicating that this new trend already appears to have been propagated fairly successfully.

Researchers said, "Many of the video samples we found on YouTube have been posted for months, suggesting that YouTube does not have an automated mechanism for detection and removal of these types of videos and links. They remain a free, easy-to-use method for the authors of phishing kits and templates to advertise, demonstrate, and distribute their software."

Researchers also added that the YouTube videos came with links to templates and phishing kits. The videos themselves featured the "look and feel of the templates" and provided pointers on how to go about collecting the phished data. One such video was for an Amazon phishing template which cloned the Amazon login page. Researchers noted that this particular video also came with a Facebook link to contact the author.

Proofpoint researchers decoded a sample of a phishing template downloaded from a link provided in a similar video and discovered that the author's Gmail address was "hardcoded to receive the results of the phish every time the kit was used, regardless of who used it."

Researchers warned that the concept of honour among thieves does not apply in this case "since multiple samples revealed authors including backdoors to harvest phished credentials even after new phishing actors purchased the templates for use in their own campaigns.

"The real losers in these transactions, though, are the victims who have their credentials stolen by multiple actors every time the kits are used," researchers added.

It is still unclear as to how many people may have been affected by this latest phishing scam. The identity and location of the individual/individuals behind this campaign also remains unknown. IBTimes UK has reached out to Proofpoint for further clarity on the matter and will update this article in that a response is provided.

(1st December 2016)


VISA CRIES FOUL OVER EURO REGULATORS STRONGER AUTHENTICATION DEMANDS
(The Register, dated 23rd November 2016 author John Leyden)

Full article [Option 1]:

www.theregister.co.uk/2016/11/23/visa_criticises_eu_stronger_authentication_plan/

The EU banking regulator's plans to reduce fraud by obliging the use of passwords, codes or a card reader to authenticate electronic payments above 10 euros have drawn fire from the payments industry.

Visa and others argue that mandated authentication checks put forward by the European Banking Authority risk disrupting online shopping without increasing security.

The concern is that making customers jump through more hoops to complete online transactions will result in increased cart abandonment rates, which will likely impact retailers' bottom line.

The regulation threatens to cramp one-click shopping and automatic app payment technologies for anything other than small payments, the argument goes.

"Changes mean no more express checkouts or quick in-app payments from mobiles, reduced access to non-European online shopping sites, and longer queues at places like toll booths and parking," according to Visa.

The payments technology company took the unusual step of putting out a statement lambasting the EBA's draft plan for strong customer authentication (SCA), the final version of which is due out in January.

Robert Capps, VP of business development at behaviour-based biometrics firm NuData Security, said, "We'd tend to support Visa's stance on this issue in several ways. While it may seem that adding more identity tests to the transaction stream should make the transaction more secure, this isn't necessarily true.

"If the test is vulnerable to impersonation, as we see with physical biometrics, or is as vulnerable as passwords, no number of additional touchpoints will make the transaction more secure," he added.

The proposed changes are part of the European Commission's forthcoming Payment Services Directive 2. If ratified as part of the proposals, strong customer authentication would come into effect across Europe from 2018 onwards.

(1st December 2016)


SCAM WARNING FROM THE SHIRES
(Hertfordshire Police Neighbourhood Watch Liaison, November 2016)

Herts Trading Standards have alerted us to increases in two particular types of telephone scam. Never buy anything over the phone as a result of a cold call. Never give bank or card details to a telephone caller, whatever they say.

Extended Warranty Scam

One scam which is conning residents over the phone, is the sale of extended warranties for electronic devices such as televisions and washing machines. The salesman says that because the resident hasn't made a claim in the last 12 months, the price will be reduced, say from £75 to £40. The salesman says he knows the first 4 digits of your card but needs you to confirm the rest of the number. Payment is taken and a warranty for goods that are too old or different from those owned, and hence useless, is provided.

The Bogus "Telephone Preference Service" Scam


The other scam involves callers claiming to be from the Telephone Preference Service (TPS) or similar sounding company, phoning residents and trying to extract money for registration or for call blocking devices. This cynical scam targets people who are trying to protect themselves or vulnerable relatives. A UK director was recently imprisoned for a similar call blocker scam. Please remember that the genuine TPS never cold calls people and its service is always free. Visit www.tpsonline.org.uk

Always beware unexpected calls. Scammers are convincing, that's how they make their money. Even if a caller seems to know details about you, it doesn't mean they are who they say. If they try to rush you into a decision, then it's likely to be a scam, just try to keep your head and don't give them any information. If in doubt, end the call.

Please look out for elderly and vulnerable residents who may be targeted by these scams.

For advice or to report complaints to Trading Standards, contact Citizen's Advice Consumer Service on 03454 040506 and/ or report to Action Fraud on 0300 123 2040.

(1st December 2016)


IDENTITY FRAUD VICTIM'S £500k HOME PUT ON THE MARKET
(BBC News, datd 23rd November 2016)

Full article [Option 1]: www.bbc.co.uk/news/uk-england-manchester-38080102

An identity fraud victim has described the horror of discovering his £500,000 home up for sale on a property website.

Minh To, of Stockport, Greater Manchester said he was left "scared" and "terrified" after seeing pictures of the five-bedroom home on Rightmove.

Police later discovered two men had stolen his mail and forged his signature in order to falsify the documents needed to auction the house.

Two men have been jailed for their part in the scam at Preston Crown Court.

Mike Haley, deputy chief executive of the fraud prevention organisation CIFAS, said Mr To had been "more vulnerable" to the fraud because he had paid off his mortgage.

Saeed Ghani and Atif Mahmood both admitted conspiracy to defraud.

Ghani, 30, of Polefield Circle, Prestwich, was jailed for seven and a half years.

Mahmood, 42, of Sarnsfield Close, Gorton, was sentenced to two years and nine months.

On Wednesday a third member of the gang, Toma Ramanauskaite, was sentenced for a separate fraud.

'Felt terrible'

Mr To was first alerted to what was going on when he received a phone call from his daughter in November 2012.

He said: "She rang me and said 'where are you going?' I said 'I'm going nowhere'. Then she said 'Why are you selling the house then? I've seen it on Rightmove'.

"I didn't know what to think. I felt terrible. I felt scared."

Mr To logged on to the website to find the advert featured several pictures of his home and was inviting bids starting at £300,000.

The details even included a request that the tenants were "not to be disturbed".

Police later discovered Ghani and Mahmood carried out the fraud after stealing three utility bills from Mr To's mailbox.

Having forged his signature, they then transferred the deeds to his house into Ghani's name.

They put the property up for auction in the hope it would sell quickly, without the need for estate agents to show people around.

Mr To discovered the advert just three days before the auction was due to commence.

The court heard Ghani had carried out a similar fraud targeting a couple in Bolton, using fraudulent passports to transfer the deeds to their £300,000 house into his name.

Working with Ramanauskaite, he also took out driving licences in the names of a couple from Salford, before stealing their savings of £90,000.

Ramanauskaite, 30, of Spring Street, Bury, also admitted conspiracy to defraud and was sentenced to 14 months, suspended for two years, and ordered to carry out 250 hours in unpaid work.

Because Mr To had paid off his mortgage, the men were able to transfer the deeds without needing the extra authority of the lender.

He believes the rules need tightening before more people are targeted.

"It's very simple. The government should make it the law that if you're going to change the land registry deeds you should need two signatures," Mr To said.

Det Sgt Phil Larratt, of Greater Manchester Police, said: "As this case demonstrates, fraudsters can use your identity details to open new bank accounts, request new driving licences and even try and steal your own home.

"We urge the public to secure their mail boxes and employ measures to protect their identities."

uaware comment

Virtually all estate agents advertise their clients properties on marketing websites. These websites have property by postcode search facility, so why not enter your own postcode and see what comes up ! You could carry out this exercise on regular basis, perhaps when you check your bank statements against your actual spend (you do, do this don't you ?). Then if some crook tries to sell your property you can catch them out before things get really bad.

www.rightmove.com

www.zoopla.co.uk

(1st December 2016)


THEY LOOK JUST LIKE A TAX REFUND OFFER - BUT BEWARE !
(Daily Mail, dated 19th November 2016 author Jeff Prestridge)

Full article [Option 1]:

www.dailymail.co.uk/money/bills/article-3952486/They-look-like-tax-refund-offer-one-man-hit-TWICE-online-fraud.html

Taxpayers are being warned to ignore a new blight of emails from fraudsters passing themselves off as HM Revenue & Customs and inviting them to claim refunds for overpaid tax.

The fraudulent 'phishing' emails or texts are designed to trick people into giving key details about their bank accounts which are then used by the criminals to gain access and empty them.

On Friday, a Revenue official, given copies by The Mail on Sunday of the latest phishing emails doing the rounds, described them 'as 100 per cent rank' and 'vile attempts by pond life to steal money from your good readers'.

In the year to this March, the Revenue blocked more than eight million phishing emails and took down nearly 14,000 fraudulent websites. But the fraudsters are nothing if not persistent.

Traditionally, they target two key times of the year: July when people are renewing their entitlement to tax credits and December in the run-up to the end of January deadline for completing self-assessment tax returns and paying any tax owed.

Worryingly, their emails are more authentic than ever before. In the past, some of them were littered with spelling mistakes and compiled so poorly that most recipients knew they were not genuine straightaway.

But not as much the current ones. Reader James Anderson, a 72-year-old retired teacher from Winchester, has received two such scam emails in recent weeks.

Both were from HMRC Tax Refund Services and each promised James a refund - £907.41 first time around and then £1,098.54.

This second email looked as if it could have been official because of its near-perfect rip off of the HM Revenue & Customs logo.

James files a tax return every year and is meticulous about getting his tax affairs in good order, so he was not tempted by either offer. But he says he can see how some people may fall for the bait.

He adds: 'These phishing emails are getting more sophisticated. When someone is told they are due a refund and they are given details of the local "tax credit officer" and their "tax refund ID number" you can understand why some bite.'

James believes the Revenue should come down on these fraudsters 'like a ton of bricks' and close them down. 'I get the impression it is not doing enough and doesn't see this fraudulent activity as its problem. But it is.

'We are being pushed all the time to both pay our taxes and file our tax returns online. So it should do everything possible to keep fraudulent emails out of our inboxes. I see it as a law and order issue. The Revenue must ensure law and order is maintained.'

The Revenue, which received more complaints in the last tax year than any since the 2008 financial crisis, says it never notifies taxpayers by text or email of a tax rebate. It also would never use such communication tools to request personal or financial details.

On Friday, it said it took taxpayers' data security 'extremely seriously'. It also confirmed it was working with law enforcement agencies worldwide 'to bring down the criminals behind these scams'.

Key steps to beat fraudsters


- To report a suspicious email, go to: https://www.gov.uk/report-suspicious-emails-websites-phishing.

- For help on telling the difference between genuine Revenue and phishing emails, visit: https://www.gov.uk/government/publications/genuine-hmrc-contact-and-recognising-phishing-emails.

- If you receive a telephone call from someone claiming to be from the Revenue and requesting either your bank account or personal details because you are owed a tax refund or maybe have a tax debt, it will invariably be bogus.

- Report any incident to Action Fraud at http://www.actionfraud.police.uk/.

(1st December 2016)



JAIL FOR ONLINE SHOPPING FRAUDSTERS WHO SCAMMED £600k FROM AIRBNB, AUTOTRADER AND GUMTREE CUSTOMERS
(London Evening Standard, dated 19th November 2016 author Francesca Gillett)

Full article [Option 1]:

www.standard.co.uk/news/crime/jail-for-online-shopping-fraudsters-who-scammed-600k-from-airbnb-autotrader-and-gumtree-customers-a3399736.html

A gang of north London internet shopping fraudsters who duped hundreds of people out of £600,000 through fake adverts including on Gumtree and Airbnb have been jailed.

The scammers posted bogus ads for cars and property rentals and set up a sham online shopping website pretending to sell washing machines, cookers, computers and phones.

But when victims tried to enter their card details, the swindlers lied and claimed the card had been declineMost of the victims never heard from the fake business again, while others found their stolen card details were being used to make more fraudulent purchases.

Two men and their accomplices, a man and a woman, were sentenced for their part in the scheme.

Horatiu Sbughiu, 32, of East Drive in Barnet, used his Toshiba laptop to carry out over 200 fraudulent transactions and steal more than £387,000.

Cristian Nicolaescu, 28, of Spring Garden, Redbridge, used his laptop to carry out over £300,000 worth of fraud and used counterfeit Romanian ID cards, false proof of address and false employment references to open mule accounts.

The pair pleaded guilty to conspiracy to commit internet shopping fraud and possessing a laptop for use in fraud and were jailed for four years at Harrow Crown Court on Friday.

Money laundering accomplices Nicolae Boieru, 40, and Alexandra Gyor, 28, both of Spring Garden in Redbridge, were also caught and pleaded guilty to laundering the proceeds of the fraud.

Boieru was locked up for eight months' while Gyor received a 12 month community order with unpaid work.

DC Chris Collins of the Met's online fraud team, said: "These individuals duped over 500 people after fraudulent adverts, usually for motor vehicles and property lettings, were placed on classifieds websites such as Autotrader, Gumtree and Airbnb.

"In addition, a series of wholly fake websites were set up mimicking an online shopping store purporting to sell electronic goods such as washing machines, cookers, computers, mobiles and cameras."

(1st December 2016)


HACKERS TARGET ALL MAJOR UK BANKS WITH NEW TWITTER PHISHING CAMPAIGN
(International Business Times, dated 27th October 2016 author India Ashok)

Full article [Option 1]:

www.ibtimes.co.uk/hackers-target-all-major-uk-banks-new-twitter-phishing-campaign-1588498#

A new active Angler phishing social media scam campaign has been identified by security researchers, which is targeting all major UK banks and their customers. The scam campaign involves hackers creating fake Twitter accounts, posing as customer support staff, in efforts to hoodwink customers into divulging credentials.

In this case, ProofPoint researchers noted that the hackers operating the Angler phishing campaign were monitoring bank customers' accounts on Twitter. They hijacked conversations users attempted to have with genuine support staff of banks, and redirected customers to a fake support page.

For instance, when a customer tweeted to the genuine Barclay's bank support account (@BarclaysUKHelp), hackers hijacked the request of support by replying with a fake customer support account (@BarclaysHelpUK).

Proofpoint researchers said: "Angler phishing is named after the anglerfish, which uses a glowing lure to bait and eat smaller fish. In this attack, the 'lure' is a fake customer support account that tricks your customers into giving up credentials and other sensitive information."

Social media phishing campaigns have increasingly become popular among hackers looking to gain access to sensitive user data. Proofpoint had previously stated that the firm had seen a 150% rise in social media phishing in 2016. In addition to banks, such campaigns target major brands, especially those that rely heavily on social media to advertise their products and connect with their consumers.

Such phishing campaigns are fairly simple to execute and difficult to defend, especially given that customers are often redirected to authentic seeming fake websites, designed to grab user data when victims unknowingly provide their usernames and passwords.

The fake accounts are generally successful in duping users, especially given that the language and tone used is similar to that of authentic support accounts. Moreover, the fake website is also designed such that it looks similar to authentic login pages commonly used by banks.

"This method of phishing is highly effective because your customers are already expecting a response from your brand. Unfortunately, angler phishing is part of a broader trend in social media fraud," said Proofpoint researchers.

Proofpoint is yet to comment on which banks have been targeted by the attack so far, IBTimes UK has reached out to the firm and will update the article in the event a response is provided.

(1st November 2016)


ANOTHER HOTEL SCAM !
(Described by a victim, 2016)

You arrive at your hotel and check in at the front desk. Typically when checking in, you give the front desk your credit card details (for any charges to your room) and they don't retain the card.

You go to your room and settle in. All is good.

The hotel receives a call and the caller asks for (as an example) room 620 - which happens to be your room.

The phone rings in your room. You answer and the person on the other end says the following:
'This is the front desk. When checking in, we came across a problem with your credit card information.
Please re-read me your credit card numbers and verify the last 3 digits numbers at the reverse side of your card.'

Not thinking anything wrong, since the call seems to come from the front desk you oblige. But actually, it is a scam by someone calling from outside the hotel. They have asked for a random room number, then ask you for your credit card and address information.

They sound so professional, that you think you are talking to the front desk.

If you ever encounter this scenario on your travels, tell the caller that you will be down to the front desk to clear up any problems.

Then, go to the front desk or call directly and ask if there was a problem. If there was none, inform the manager of the hotel that someone tried to scam you of your credit card information, acting like a front desk employee.

This was sent by someone who has been duped........ and is still cleaning up the mess.

(1st November 2016)


WATCH OUT FOR NEW ALDI ONLINE VOUCHER SCAM
(BT News, dated 23rd October 2016)

Full article [Option 1]:

http://home.bt.com/lifestyle/money/money-tips/watch-out-for-new-aldi-online-voucher-scam-11364107098408

Aldi shoppers are being targeted by the latest fake voucher doing the rounds online.

The supermarket used its Facebook page to alert shoppers about a fake £85 Aldi voucher being circulated.

It indicates that the hoax message is asking people to share their personal details, which will help scammers commit ID fraud.

Aldi warns that it will never ask customers to share sensitive personal details for a promotion.

If someone sends you a Facebook message or email suggesting you could get an Aldi voucher treat it with caution and don't automatically click on the link.

If the the offer is too good to be true it probably is. Check for spelling mistakes and use your common sense about the details it is asking you to share.

This is the latest example of a supermarket voucher scam, which include fake vouchers and fake prize draws.

How a typical voucher scam works

Typically, a voucher scam involves a 'free' voucher, with the store ranging from Asda and Tesco to Marks & Spencer and John Lewis which can be as much as £500. A variant is to promise a free product like an iPad for "consumer testing".

The company really doesn't matter. Whatever the name, and whether the too good to be true 'promotion' is on Facebook or via email, the whole thing is a swindle. They have nothing to do with the stores and, of course, there are no vouchers.

A scam of this nature can start with you receiving a Facebook message from one of your friends. It will say something like: "Happy Christmas. Free £500 ASDA Voucher Now. (173 Left). Claim your Free £500 ASDA Voucher this Christmas. Offer still open!"

If you fall for it, you go to a site which looks as though it belongs to the company in question. The scamsters rip off logos hoping to dupe people into applying for their 'free' shopping opportunity. Here, you will be led through some questions to get your voucher.

You will have to supply your mobile number and your address - ostensibly so your "prize" can be sent out.

In reality, your phone will be hit by premium rate calls because each of the very easy questions costs £5, as shoppers caught by a Tesco prize draw scam are discovering. This may appear in the very small print, but who reads that when they are looking for a big boost to the Christmas spending budget?

At the same time, this "free offer" will also go to your friends.

In other cases, the link you get in the email or over social media may send you to a site which asks you to share more personal details, which puts you at risk of ID theft.

(1st November 2016)


JOCKEYS WARY OF SIGNING AUTOGRAPHS AFTER STRING OF FARUD TARGETING RIDERS
(The Telegraph, dated 5th October 2016 author Sam Dean)

Full article [Option 1]:

www.telegraph.co.uk/news/2016/10/05/jockeys-warned-to-move-money-out-of-high-street-banks-after-stri/

Jockeys have been forced to alter their signatures or avoid signing autographs after being targeted by a series of frauds.

The Professional Jockeys Association has criticised the "ineptitude of the major high street banks" in tackling the scam, which has seen more than £200,000 stolen from around 30 jockeys.

The fraud has been ongoing since 2014 and the body is now urging its members to move their money out of the "unwilling and incapable" banks.

The money has largely been withdrawn over the counter, by fraudsters possibly using fake IDs. One jockey told the Telegraph that the "very clever" criminals can even take money from cash machines without the account holder's bank cards.

The ongoing scam, which was first reported in 2014, has been taking place across the country and involves a number of major banks. It was described as "frightening" by jockeys.

West Sussex-based rider Jim Crowley, who had more than £10,000 taken from his account, said he has had to change the signature he gives to autograph-hunters after he was defrauded twice, despite changing banks after the first fraud.

He added that he even received a phone call from a man purporting to be one of the fraudsters, who warned him the group would continue to target his account.

"It is very frustrating because you have got things like direct debits and mortgages and you can't just shut your bank account down," he said. "These fraudsters know that.

"One of them actually rang me and told me they were doing it. He was giving me the heads-up and told me to leave the high street banks, but by this stage I had already left."

Andrew Tinkler, a jockey from Cheltenham, said: "It was a little bit frightening that someone would do that and it was a disappointing that they were able to.

"Whether there are people out there trying to get an autograph for the wrong reasons, it's a possibility. Personally I would be very wary of it."

In a newsletter to its members, the PJA said banks were "unwilling and incapable" of stopping the fraudsters.

Paul Struthers, the body's chief executive, said it is suspected that the jockey's details had been "leaked".

He said: "The only conclusion we can come to is that somehow, somewhere, whether it's one individual or a group, there is a leakage of information.

"You are fundamentally left with the question of why it is happening. It's not like it happens with one bank and then stops and never happens again. It's ongoing and these are not small sums of money."

A spokesman for Financial Fraud Action UK said: "Banks take fraud extremely seriously and stopped £7 in £10 of all attempted fraud last year.

"Fraudsters may try to use stolen or fake documents in order to commit their crimes, and banks do have systems in place to prevent this.

"The spate of crimes targeting jockeys suggests fraudsters may have gained access to data relating to these victims. It's important that any organisations holding personal data take steps to ensure it is safeguarded."

A new kind of fraud

Action Fraud is warning of a new form of fraud in which the public are sent letters, texts or emails asking them to phone their banks.

There is no request for passwords or other personal information, so many recipients may phone the number provided.

When your call is answered, a recording device is switched on. Your call is then transferred to a legitimate phone line operated by your bank, where you log in as usual by providing key letters of your password and other information. All of this is recorded, allowing the fraudster to build up information which could be used in future to access your accounts.

"The reason why this scam is so successful is because the fraudster's presence is unknown to both the victim and the bank," Action Fraud said.

Customers should only ever use phone numbers displayed on banks' websites or on statements, it said.

If you are responding to a message or letter, you should tell the bank member of staff at the outset of the call, it advised.

(1st November 2016)


I HAVE LOST ALL FAITH IN BANKS AFTER FRAUDSTERS STOLE £120,000, SAYS GLORIA HUNNIFORD
(The Telegraph, dated 10th October 2016 author Camilla Turner)

Full article [Option 1]:

www.telegraph.co.uk/news/2016/10/09/i-have-lost-all-faith-in-banks-after-fraudsters-stole120000-says/

Broadcaster Gloria Hunniford has said she lost all faith in banks after fraudsters stole £120,000 from her account.

The veteran broadcaster had her savings taken by a woman pretending to be her by using a fake driving licence earlier this year.

Ahead of a new episode of the BBC show Rip Off Britain, the 76-year-old Loose Women panelist urged banks to do more to protect their customers' money.

Her bank, Santander, said it is striving to make improvements to stop similar offences taking place.

Hunniford said: "It turned out complete strangers could get their hands on my money easier than I can.

"I have to admit that since this whole thing happened, personally I have lost all faith in banks, and my big question is, are they really doing enough to keep every customer's money safe?

"Now, not in a million years would I expect everybody to know who I am or what I look like, and I totally get it that you don't have to dress up to look like somebody in order to impersonate them.

"But I would expect that the banks would carry out stringent security checks before they literally handed over tens of thousands of pounds to a stranger."

In January, Hunniford had her bank account emptied just days after an imposter posed as the star arrived at a Santander branch with her "daughter" and "grandson".

Personal banker Aysha Davis, 28, said the woman told her she had "a few bob" in there and had come to add the teenager as a signatory because she had been ill.

She then helped them complete the paperwork, including photocopying their driving licences, at the Croydon North End branch.

Davis was initially accused of being part of the plot but was acquitted after less than 30 minutes of jury deliberation after saying the TV star was "not of my time".

Rip Off Britain, which features the stories of several people who have lost thousands of pounds in similar cons, will be broadcast on BBC One at 9.15am on Monday.

A new kind of fraud

Action Fraud is warning of a new form of fraud in which the public are sent letters, texts or emails asking them to phone their banks.

There is no request for passwords or other personal information, so many recipients may phone the number provided.

When your call is answered, a recording device is switched on. Your call is then transferred to a legitimate phone line operated by your bank, where you log in as usual by providing key letters of your password and other information. All of this is recorded, allowing the fraudster to build up information which could be used in future to access your accounts.

"The reason why this scam is so successful is because the fraudster's presence is unknown to both the victim and the bank," Action Fraud said.

Customers should only ever use phone numbers displayed on banks' websites or on statements, it said.

If you are responding to a message or letter, you should tell the bank member of staff at the outset of the call, it advised.

(1st November 2016)


TECH SUPPORT SCAMS TARGET VICTIMS VIA THEIR ISP
(BBC News, dated 22nd June 2016 author Jane Wakefield)

Full article : www.bbc.co.uk/news/technology-36084989

A new scam, in which fraudsters pose as legitimate internet service providers to offer bogus tech support, either via the phone or on the net, is on the rise, the BBC has found.

It is a twist on an old trick which involved cold-calling a victim - often claiming to represent Microsoft - and charging for fake tech support.

The new variants have been spotted in the UK and US.

BT said that it was investigating the issue.

The online version of the scam involves a realistic pop-up that interrupts a victim's normal browsing session with a message that appears to be legitimate and seems to come from the victim's real ISP.

US security firm Malwarebytes has spotted several from US and Canadian ISPs, including ComCast and AT&T. It has also seen webpages created for UK ISPs, including TalkTalk and BT.

The pop-up contains a message saying that the ISP has "detected malware", and urging victims to call a number "for immediate assistance".

Jerome Segura, a consultant at security firm Malwarebytes, has been investigating tech support scams for years but when he came across the latest iteration, he nearly fell for it.

"It caught me by surprise and I almost thought that it was real. It was a page from my ISP telling me my computer was infected. It was only when I looked in closer detail that I saw it was a scam," he told the BBC.

He is not surprised scammers have found new methods to fool people.

"Cold calls are very wasteful and after years of being told, people are starting to realise it is a scam so the scammers have to find new ways to make it personalised and legitimate. It is more cost-effective and efficient than cold-calling," said Mr Segura.

Fraudsters do still use cold-calling but their methods here have also become more sophisticated - instead of a vague description of themselves as a Windows Support agent, many are now claiming to represent legitimate ISPs, with very believable answers when they are challenged.

Take David from the Midlands, who falls into the category of a typical victim, being older and not entirely tech-savvy. He is, coincidentally, related to a Malwarebytes employee.

He recently received a phone call from someone claiming to represent the BT Rescue centre.

The fact that the call had come up as an international number aroused David's suspicions.

"We get inundated periodically with international calls and we know that they are either trying to sell us something or are up to no good," he told the BBC.

The caller tried to persuade David that he had been monitoring his BT broadband service for some time and had become aware of a number of viruses that needed immediate attention.

David was not sure - he had fallen for a similar scam a few years ago and was not ready to do so again. He asked for the caller's telephone number and address and told him he would check with BT and get back to him.

The number the man gave him to call back on looked like a London one (with a 0203 prefix) and the address he gave was the actual address of BT's London headquarters.

After several unsuccessful attempts to get through to BT's genuine helpline number to verify the call, David decided to ring back.

"I got through to what sounded like a call centre and a young lady said 'this is BT Support and I will put you through to a technician'. It all sounded very believable.

"The technician, who I think was a different person to the original caller, said he was from the BT rescue team and had been monitoring the use of my BT broadband and had been getting signals that it had been hacked into," David told the BBC.

He asked David to type Alureon into Google, to show him the virus he was claiming had infected his computer. Alureon is a real virus that buries itself deep inside the Windows operating system.

After scaring him with the possible dangers, he asked David to visit a website and enter a code which gave the technician remote access to his computer.

He showed him a range of programs on his computer that looked as if they could have a problem - one of the issues with the Windows operating system is that it shows a lot of errors that can look suspicious to the untrained eye.

Malwarebytes has recently seen a lot more cases of scammers targeting Mac computers but Microsoft remains the main method because it is fair bet that many older users will have a computer that runs a Windows operating system.

The software giant is well aware of the tech support scam and since May 2014, has received over 200,000 customer complaints regarding them. This year alone, an estimated 3.3 million people in the United States will pay more than $1.5bn to scammers, according to its figures.

David was starting to believe that the call he had received was genuine but when the "technician" asked him to log into his banking site, he felt something was wrong and hung up.

He is angry that he fell for the scam and even more angry with BT.

"When I needed to get through to them, I couldn't," he said.

In a statement BT told the BBC: "BT takes the security of our customers' accounts very seriously. We have recently been proactively warning our customers to be on their guard against scams. Fraudsters use various methods to 'glean' your personal or financial details with the ultimate aim of stealing from you.

"Our advice is that customers should never share their BT account number with anyone and should always shred bills. Be wary of calls or emails you're not expecting. Even if someone quotes your BT account number, you shouldn't trust them with your personal information."

Older, less tech-savvy individuals like David tend to be the main targets of such scammers and, once they fall for it, are called again and again by fraudsters, Courtney Gregoire, a senior lawyer at Microsoft, told the BBC.

"Some lose hundreds of thousands of dollars," she said.

"80% of what we see are cold callers but we are now seeing traffic for the new type of pop-up fraudsters," she added.

As well as seeing examples of fraudsters using bogus ISP pop-ups, the cybercrime unit at Microsoft has also seen pop-ups which lock a computer and demand a fee.

The firm has begun talks with ISPs, including US-based ComCast and the UK's BT on the issue.

In December 2014, in its first big strike against technical support scamming companies, Microsoft's Digital Crimes Unit filed a civil lawsuit in a federal court in the Central District of California against Omnitech Support for unfair and deceptive business practices and trademark infringement.

The case was settled out of court under a confidential agreement.

According to Ms Gregoire, Microsoft has tracked many of the call centres from which the scams are run back to India and is now working with Indian law enforcement to crack down on them.

Raids on such call centres are starting to shed light on the operation behind the scam.

"We will find out whether the employees know that they are engaged in a scam or whether they were just reading from a script," she said.

The pop-up scam seems to be mainly focused in the US at the moment, with Verizon, AT&T and TimeWarner all being impersonated but Malwarebytes also discovered fake pages set up for BT, PlusNet, Sky and TalkTalk.

Security firm Symantec told the BBC it had seen a 200% rise in tech support scams this year - with 100 million malware exploits related to them.

Consultant Sian John said the firm had seen more and more scammers using pop-ups, in a reversal of the traditional cold call.

"The scammers are trying to get people to call them - people are literally paying to be scammed."

There are two main ways that the scammers make money from tech support scams.

Users are either persuaded to download software that will install malware - this could be banking trojans that will offer direct access to all your financial information or malware that joins your computer to a botnet.

In other cases, people are persuaded to sign up for bogus tech support services, giving credit card details that provide the scammers with a one-off payment of around $200.

In November the FBI shut down several tech support scammers going under the name of Click4Support operating in Philadelphia and Connecticut.

It is believed that the scammers had been in operation since 2013 and during those two years had made more than $17m.

How do scammers know your ISP?


In the case of cold calls it may just be a lucky case of guessing a common ISP but in the case of pop-ups, there is an altogether cleverer way for fraudsters to glean information that can help them.

How it works

- Big ad networks allow users to win ad space on websites by bidding at a particular price
- Criminals are taking advantage of this to place adverts which are infected with a single "bad" pixel
- This pixel can redirect users and infect them in the background when they are browsing on a perfectly legitimate site - they do not even need to click on the ad
- The malware in the ad redirects users to a website in the background - invisible to the user - which checks their computer and discovers their IP address
- From the IP address it is easy to find out which ISP owns which IP address
- Victims will be served a pop-up tailored for their specific ISP which warns them their computer is infected and gives them a number to call

(1st November 2016)


PHISHING EMAIL ALERT - BOGUS COMPENSATION
(Action Fraud, datd 12th September 2016)
www.actionfraud.police.uk

There is a phishing email currently in circulation that claims to be from the City of London Police. The departments that it claims to represent include the 'Fraud Intelligence Unit' and the 'National Fraud Intelligence Bureau'. The email is titled 'compensation fund' and has a letter attachment that claims to be offering financial compensation to victims of fraud. The letter uses the City of London Police logo.

The letter states that in order for compensation to be arranged, the receiver of the email should reply disclosing personal information. It states that HSBC and the South African Reserve Bank have been chosen to handle the compensation claims. All of these claims are false.

The email and letter are fraudulent and should not be replied to.

Protect Yourself

- Opening attachments or clicking links contained within emails from unknown sources could result in your device being infected with malware or a virus.

- The City of London Police and the National Fraud Intelligence Bureau will never email you asking for you to disclose personal information.

If you believe you have become a victim of this fraudulent email get your device checked by a professional and make a report to Action Fraud, the UK's national fraud and cyber crime reporting centre: http://www.actionfraud.police.uk

(1st October 2016)


RENTAL FRAUD IN STUDENT ACCOMMODATION
(Action Fraud, dated 1st September 2016)
www.actionfraud.police.uk

Seasonal rental fraud is an emerging trend with students looking for suitable accommodation around August, before the start of the new term. Fraudsters use a variety of websites to advertise available properties to rent, often at attractive rates and convenient locations. Adverts will seem genuine, accompanied by a number of photos and contact information to discuss your interest.
Due to demand, students will often agree to pay upfront fees to secure the property quickly, without viewing the property, only to discover that the fraudster posing as the landlord does not have ownership of the property, or often there are already tenants living there.

Protect Yourself

- Only use reputable letting companies.

- Do some online research such as using Google maps to check the property does exist.

- Make an appointment to view the property in person.

- Always view the property prior to paying any advance fees.

- Look out for warning signs, such as landlords requesting a 'holding deposit' due to the property being in high demand.

- A landlord will usually conduct some due diligence on any successful applicant. Be wary of handing over cash without the landlord requesting employment or character references.

If you, or anyone you know, have been affected by this fraud or any other scam, report it to Action Fraud by calling 0300 123 2040 or visiting www.actionfraud.police.uk.

(10th September 2016)


ANDROID BANKING MALWARE BLOCKS VICTIMS OUTGOING CALLS TO CUSTOMER SERVICE
(Symantec Official Blog, dated 14th July 2016 author Dinesh Venkatesan)

Full article [Option 1]:

www.symantec.com/connect/blogs/android-banking-malware-blocks-victims-outgoing-calls-customer-service?om_em_cid=hho_email_GB_BLST_ACT_08_2016_CLUBNORTON

In March 2016, newer variants of the Android.Fakebank.B family arrived with call-barring functionality. The feature aims to stop customers of Russian and South Korean banks from cancelling payment cards that the malware stole. The latest version of the threat shows how Android banking malware continues to evolve.

Once installed, the new Android.Fakebank.B variants register a BroadcastReceiver component that gets triggered every time the user tries to make an outgoing call. If the dialed number belongs to any of the customer service call centers of the target banks, the malware programmatically cancels the call from being placed.

We have observed the variants targeting financial institutions in Russia and South Korea. The following are some of the customer care numbers that the variants are blocking:

- KB Bank: 15999999
- KEB Hana Bank: 15991111
- NH Bank: 15442100 and 15882100
- Sberbank: 80055550
- SC Bank: 15881599 and 15889999
- Shinhan Bank: 15448000, 15778000, and 15998000

Typically, when a banking customer calls a customer care number through a registered mobile device, their call will be routed to an Interactive Voice Response (IVR) System. By blocking these numbers, the malware creators can stop a victim from asking their bank to cancel payment cards that the variants stole. This also gives the malware more time to steal data from the compromised device. Affected users can still find other channels, such as email or landline calls, to reach customer care.

Mitigation

Symantec recommends users follow these best practices to stay protected from mobile threats:

- Keep your software up to date
- Refrain from downloading apps from unfamiliar sites and only install apps from trusted sources
- Pay close attention to the permissions requested by apps
- Install a suitable mobile security app, such as Norton, to protect your device and data
- Make frequent backups of important data

(10th September 2016)


SAFETY IQ : ARE YOU A SECURITY SUPERSTAR ? OR YOUR OWN WORST ENEMY ?
(Symantec / Norton Website)

Full article [Option 1]: http://uk.norton.com/safety-iq/promo

uaware note : This webpage includes access to other articles on crime and scam prevention. The inclusion of this article does not imply an endorsement of Symantec or its products.

Our computers, smartphones and tablets are an integral part of daily existence. Don't believe me? Just think about the last time you left your phone at home or suffered through an Internet outage. But when you've been online for a long time, it can get easy to be a little too casual about your digital security. So read on to make sure you've covered your bases when it comes to keeping your devices, your wallet, and yourself safe and sound.

1. Back it up
This one should be a no-brainer, but losing data because it wasn't properly backed up is still a sadly common digital disaster. You can lose your data a million different ways-hardware failure, a lost laptop, security breach, elephant stampede-and performing regular backups with reliable methods is the only way to avoid eventual tragedy. Choose a physical means of backup via external hard drive or other device, or choose a solution like Norton Online Backup* that backs up your photos, music, and other files automatically.

2. You only have one reputation…protect it!
Here's an aspect of security that flies under the radar until it's too late, the need to keep your online image intact. Everything you do, comment on, purchase, like or "retweet" eventually adds up to your public digital personality. And this personality is projected to the world, including potential employers, college admissions offices, health insurance companies, and banks vetting you for a mortgage. In fact, a recent Microsoft privacy survey determined that a full 14% of adults have experienced negative consequences due to online activities, including being fired from a job (21%) or losing their health insurance (16%).

So, how do you protect your online reputation? Consider separating your personal and professional profiles by using different addresses and screen names, one for your personal activities and another for your professional endeavors. And be sure to double-check your security settings on your social networking sites, personal blogs, and other places where you maintain personal data.

We also recommend using the "inner-mother" test. Basically, before you post that incriminating picture, make that snarky comment, or toss up that incendiary blog, think of how your mother would feel if she saw it. Now, we know this isn't the most scientific way to protect yourself because every mother is different! but it will at least give you a chance to consider the consequence of your actions. Believe me, the 14% of kids who didn't get into the college they wanted because of their online image, probably wish they had listened to their inner-mother.

3. Take information-gathering scams personally.
We recommend taking the old saying "if it sounds too good to be true, it probably is" to heart whenever you're offered something online. Phishing scams involving sites that lure you in with fraudulent emails or fake messages from your bank abound, all with an aim at gathering your most sensitive information…or at the very least, your credit card number.

And have you heard of Smishing?. Smishing uses text messages to lure people into giving up their sensitive information. Posing as a bank, their bogus texts claiming to be from your bank show up on your smartphone requesting your personal data and passwords in order to rectify a problem with your account. Protect yourself by never, ever responding to a text that requests personal information. If you are concerned about your account, contact your bank directly.

4. Malware is everywhere.
Downloaders of free apps and software, beware! No matter what the device, if it connects to the Internet you are at risk of opening the door to malicious software bearing viruses, worms, spyware, Trojan horses, and all matter of nasty stuff. The best defense is a strong offense basically, only download software from well-known, trusted entities and look for established, highly-rated apps from your device's official App Store.

(10th September 2016)


ELDERLY WINE INVESTORS SCAMMED BY COLD CALLER WHO SOLD OFF ENTIRE COLLECTIONS BEFORE FLEEING
(The Telegraph, dated 23rd August 2016 author Telegraph Reporters)

Full article [Option 1]:

www.telegraph.co.uk/news/2016/08/23/elderly-wine-investors-scammed-by-cold-caller-who-sold-off-entir/

A wine company boss who cheated his clients out of their fine vintages is facing jail.

Jonathan Piper, 30, was the sole director of Embassy Wine UK Ltd, which claimed to act as brokers for investors in fine wine.

The company cold-called prospective investors and persuaded them to hand over control of their collections to Embassy, which then sold them and broke off contact.

These "clients" were also made to pay fees before sales could be transacted. Victims took out bank loans, used credit cards and even cashed in pensions to pay the fees.

At least five people lost up to £300,000 in the scam - one of whom lost £150,000 out of her life savings - which operated between June 2011 and October 2014.

Piper used the cash from the con to fund a lavish lifestyle and spent almost £90,000 on a BMW X6 and Range Rover Sport.

None of the income he generated between 2008 and 2014 - either legitimately or otherwise - was declared to HMRC, which was subsequently swindled out of £51,104 in income tax payments.

Piper appeared at Snaresbrook Crown Court on Tuesday, where he had been due to stand trial accused of fraud by false representation, cheating the Inland Revenue, fraudulent trading and two counts of converting criminal property.

Prosecutor Leo Seelig said: "The prosecution would simply say that this was a sophisticated and an involved fraud which preyed on vulnerable and elderly victims."

The court heard that Piper, now working as a scaffolder, intended to borrow money from friends in order to repay a portion of the money, which he put at closer to £200,000, following his guilty pleas.

"It is his hope that he will be able to reduce the amount that is owed to the victims before sentencing," said Thomas Day, defending.

Judge Louise Kamill said: "I have listened very carefully to Mr Day, but I am afraid I am not going to grant bail.

"It seems to me before reparations are proposed, first of all, they will of course be taken into account by the sentencing court.

"Secondly, these reparations are not going to be personally made by Mr Piper. He never has done and nothing has been done to date.

"If people are intending to make a dent in the losses on his behalf, their efforts of course will be taken into account. But it does not devolve around Mr Piper.

"He is not, himself as a scaffolder, going to get a loan of about £200,000 or however he is proposing to repay those losers."

She added: "These offences, just one of them alone, is likely to attract a custodial sentence and for my part I cannot see any reason why Mr Piper should not begin that sentence as of now.

"It would be unfair, in fact, for him to go out and come back knowing that there is a lengthy sentence that he will face and in those circumstances I refuse bail.

"It is my decision and I appreciate that he has been entrusted with bail in the past but he must begin his sentence now."

Piper, of Wanstead, east London, admitted cheating the Inland Revenue, fraudulent trading and two counts of converting criminal property. He was remanded in custody ahead of sentence on September 16.

(10th September 2016)


DON'T BE A MONEY MULE
(Action Fraud, dated 22nd August 2016)
www.actionfraud.police.uk

Students are being recruited, sometimes unwittingly, as "mules" by criminals to transfer illegally obtained money between different bank accounts.

What is a money mule?

A money mule is someone who is recruited by those needing to launder money obtained illegally. Criminals advertise fake jobs in newspapers and on the internet in a number of ways, usually offering opportunities to make money quickly, in order to lure potential money mule recruits. These include:

- Social media posts
- Copying genuine company's websites to create impression of legitimacy
- Sending mass emails offering employment
- Targeting individuals that have posted their CVs on employment websites

Students are particularly susceptible to adverts of this nature. For someone in full-time education, the opportunity for making money quickly can understandably be an attractive one. The mule will accept money into their bank account, before following further instructions on what to do with the funds. Instructions could include transferring the money into a separate specified account or withdrawing the cash and forwarding it on via money transfer service companies like Western Union or MoneyGram. The mule is generally paid a small percentage of the funds as they pass through their account.

Money Laundering is a criminal offence which can lead to prosecution and a custodial sentence. Furthermore, it can lead to the mule being unable to obtain credit in the UK and prevented from holding a bank account.

Protect Yourself

Be aware that the offence of money laundering carries a maximum prison sentence, in the UK, of 14 years.
Never give the details of your bank account to anyone that you do not trust.
No legitimate company will ever ask you to use your own bank account to transfer their money. Don't accept any job offers that ask you to do this.
Be wary of unsolicited emails or social media posts promising ways of earning easy money. If it seems too good to be true, it probably is.
Don't be afraid to question the legitimacy of any businesses that make you a job offer, especially if the recruitment procedure strays from the conventional.

(10th September 2016)


FRAUDSTERS SELLING NON-EXISTENT DRONES
(Action Fraud, dated 12th August 2016)
www.actionfraud.police.uk

Online shopping websites are being utilised by fraudsters to advertise nonexistent drones of various specifications for competitive prices.

Drones are personal flying devices that often carry cameras and can be navigated remotely by smartphones or hand-held controllers. Fraudsters are capitalising on their recent popularity and advertising non-existent drones at a lower value than their recommended retail price to tempt buyers.

After victims agree to purchase the drone, the fraudsters request payment to be paid via bank transfer saying that it will quicken the delivery process. After transferring the money the buyers never receive the drone and the fraudster blocks the victim to prevent further conversation.

How to protect yourself:

- Check the validity of the post.
- Avoid paying by bank transfer and instead use an online payment option such as PayPal, which helps to protect you.
- Check feedback online by searching the associated phone numbers or email addresses of the seller. Feedback will give you useful information about recent transactions other buyers may have made.
- If the item is below market value consider whether this is an opportunity too good to be true.

If you have been affected by this, or any other scam, report it to Action Fraud by calling 0300 123 2040, or visiting www.actionfraud.police.uk

(10th September 2016)


UK TOPS EUROPEAN CHARTS - FOR CARD FRAUD
(The Register, dated 9th August 2016 author Darren Pauli)

Full article [Option 1]:

www.theregister.co.uk/2016/08/09/uk_dominates_euro_carder_fraud_charts/

The United Kingdom has copped the largest jump in credit card fraud of all European countries with an 18 per cent rise resulting in £88m ($114m, A$150m) of additional losses.

Blighty outpaced fraud growth in Greece and Denmark where fraud increased by five percent according to Euromonitor International data mapped out by big data company FICO.

Much of the additional losses in the UK are thanks to data breaches and fraudulent online transactions, rather than ATM skimming.

Some 75 per cent of the lost cash is due to card-not-present fraud, where CVC numbers on the back of cards are not required, of which more than half was conducted in online transactions.

That form of fraud has bottomed out in Portugal where authorities have it "fully under control".

All told the UK contributed to some 43 per cent of all card fraud losses across the 19 European countries studied.

Fraud increased in 10 of those countries with Greece, Denmark, France and Russia trailing the UK with small rises in card theft.

FICO fraud consultant Martin Warwick says consumer pressures for seamless online payments frustrate security efforts.

"Banks want to avoid intervening unnecessarily when customers are shopping on the internet," Warwick says.

"E-commerce spending in the UK has nearly quadrupled since 2007, so you see why this is such a target for criminals."

Fraudsters have always moved to the easiest pickings. In Europe this has driven fraud away from point of sales terminals thanks to deployment of chip-and-PIN, to online card-not-present transactions.

They flocked to Russia to get a piece of its rapid adoption of online payments between 2010 and 2015 which amounted to a 500 percent increase in "total card payment value", according to Euromonitor.

Fraud went up some 130 per cent over that time.

America's reliance on magnetic stripe data has left it a ripe harvest for fraud. Slow chip-and-PIN deployments will help stem the flow in coming years.

Australia by contrast is one of the world's toughest places to commit fraud thanks to its widespread adoption of the most modern and secure payment methods available such as Android and Apple Pay and contactless card payments.

Base data displaying fraud : www.fico.com/europeanfraud/

(10th September 2016)


ADVANCE FEE FRAUD (COURIER)
(Action Fraud, dated 11th August 2016)
www.actionfraud.police.uk

People selling their items on online platforms are falling victim to a new type of advance fee fraud. This involves a fraudster, posing as a buyer, sending an email to the seller (victim), agreeing to the full asking price of the item. They state that they are unable to collect the item themselves and will arrange for a courier to pick it up instead.

The fraudster then sends a fake payment confirmation email from a different email address, one which falsely purports to be from a payment platform. In the course of the email exchange, the seller/victim is requested to pay the courier fee. Once the payment is made the contact is broken, the item is not picked up and the money paid for the 'courier' is gone.

An example of the most recent emails received by the victim/seller, from the 'Buyer', read:

"I want you to consider this a deal as i am willing to pay your full asking price! i actually want to buy it for a family member who is urgently in need of it, i have checked through your posting and i'm fully satisfied with it. Unfortunately, i would not be able to come personally to view/collect, i work offshore as an instructor on a oil rig so i dont have time at all, but like i said i am 100% OK with the advert"

Protect Yourself:


- Be wary when buyers wish to purchase items at the full asking price without viewing them.

- Check the validity of the payment receipt confirmation

- Avoid paying an advanced fee if you are a seller; should you choose to use a courier, arrange your own.

- Check feedback online by searching the associated phone numbers or email addresses of the seller/buyer. Feedback will give you useful information about recent transactions other buyers/sellers have made.

If you, or anyone you know, have been affected by this fraud or any other scam, report it to Action Fraud by calling 0300 123 2040 or visiting www.actionfraud.police.uk.

(11th August 2016)


UK LEADS EUROPE IN CARD FRAUD
(International Business Times, dated 3rd August 2016 author Karthick Arvinth)

Full article [Option 1]:

www.ibtimes.co.uk/uk-leads-europe-card-fraud-1573954

The amount of money lost due to fraud on credit and debit cards in the UK rose in 2015 by 18% to £492m (€585m; $656m), fuelled by online shopping and data breaches.

The rise was the sharpest recorded in 19 European countries studied by Fico.

The software analytics firm said card fraud was a growing challenge for the financial services industry as more and more consumers conduct transactions or shop online.

The UK contributed 43% of the total card fraud losses across Europe.

Most of the increase in card fraud in Britain came from online transactions and the theft of personal data through cybercrime.

"We cardholders are very demanding, and if we don't get what we want then we let people know in the form of reviews and feedback, not to mention switching cards," said Martin Warwick, Fico's fraud chief in Europe.

"Banks want to avoid intervening unnecessarily when customers are shopping on the internet.

"E-commerce spending in the UK has nearly quadrupled since 2007, so you see why this is such a target for criminals."

Overall, 10 of the 19 countries studied saw increases in card fraud in 2015, with Greece, Denmark, France and Russia posting the highest rises after the UK.

Kendrick Sands, senior analyst at Euromonitor, warned: "The further projected increase in online payments over the forecast period suggests additional security measures will be required throughout Europe.

"If greater security measures are not adopted to combat card not present fraud, the broader advance of card payments over paper alternatives could be negatively impacted."

(3rd August 2016)


NIGERIAN MALWARE KINGPIN,RESPONSIBLE FOR $60m FRAUD SCHEMES
(International Business Times, dated 1st August 2016 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/nigerian-malware-kingpin-mike-responsible-60m-fraud-schemes-netted-by-interpol-1573698

A suspected ringleader of an international criminal network responsible for thousands of online frauds has been arrested in a joint cybercrime operation by Interpol and the Nigerian Economic and Financial Crime Commission (EFCC).

Known only as 'Mike', the 40-year-old Nigerian national is believed to have led a network of roughly 40 individuals who routinely launched cyber-attacks and malware injections against email accounts of businesses located in countries across the world, including Australia, South Africa and the US.

In total, the operation gained over $60m (£45m) in illicit revenue and, according to law enforcement, one fraud case alone resulted in a payment of a massive $15.4m (£11m).

'Mike', who was apprehended in southern Nigeria, also allegedly had "money laundering contacts" in China, Europe and the US who provided bank account details to his criminal gang.

"The main two types of scam run [by 'Mike'] targeted businesses [and] were payment diversion fraud, where a supplier's email would be compromised and fake messages would then be sent to the buyer with instructions for payment to a bank account under the criminal's control, and CEO fraud," explained Interpol in a release.

"In CEO fraud, the email account of a high-level executive is compromised and a request for a wire transfer is sent to another employee who has been identified as responsible for handling these requests. The money is then paid into a designated bank account held by the criminal."

Cybersecurity firm Trend Micro initially reported the activities of the criminal gang to authorities based on research first published in November 2014 that analysed hundreds of Nigerian scams based on 'keylogger' technology and data-exfiltration methods.

Abdul Chukkol, head of the EFCC's cyber-crime division said: "The success of this operation is the result of close cooperation between Interpol and the EFCC, whose understanding of the Nigerian environment made it possible to disrupt the criminal organisation's network traversing many countries, targeting individuals and companies."

"For a long time we have said in order to be effective, the fight against cyber-crime must rely on public-private partnerships and international cooperation," he added.

Both 'Mike' and another suspect, who has not been named, now face charges including hacking, conspiracy and obtaining money under false pretences.

(1st August 2016)


UPGRADE FRAUD
(Action Fraud, dated 15th July 2016)
www.actionfraud.police.uk/

Fraudsters are impersonating telephone service providers and contacting their clients offering a phone upgrade on a low monthly payment contract. The fraudsters will glean all your personal and financial details which will then be used to contact the genuine phone provider and order a new mobile phone handset. The fraudsters will either intercept the delivery before it reaches the victim's address or order the handset to a different address.

Protect yourself

- Never provide your personal information to a third party from an unsolicited communication.

- Obtain the genuine number of the organisation being represented and verify the legitimacy of the communication.

- If the offer is too good to be true it probably is.

- If you have provided personal information and you are concerned that your identity may be compromised consider Cifas Protection Registration.

If you have been a victim of fraud report it to Action Fraud on 0300 123 2040 or http://www.actionfraud.police.uk/

(1st August 2016)


HOLIDAY BOOKING FRAUD
(Action Fraud, dated 11th July 2016)
www.actionfraud.police.uk

With summer holidays fast approaching, individuals are often more exposed to travel booking frauds when looking for last minute package deals / cheap flights. Whether paying upfront for a family holiday or simply booking a flight, payments are transferred only to discover that the holiday / airline ticket does not exist and was sold to you by a bogus travel company. Fraudsters will often lure in potential customers with low prices and 'one time only' offers that are simply too good to pass up, requesting payment by the preferred method of direct bank transfer.

Avoid

- Paying for a holiday / airline tickets / accommodation via direct bank transfer. No reputable company will ever request payment via this method.

- Responding to unsolicited calls, texts or emails offering holidays at incredibly low prices.

Protect Yourself

- Whenever possible, pay for your holiday by credit card as it offers increased protection.

- Always remember to look for the 'https' and locked padlock icon in the address bar before entering your payment details.

- Never feel pressured to make a booking for fear that you will miss out on this 'low price' opportunity. If you have never used the company before, take your time to do some online research to ensure they are reputable.

- Should you make a flight or hotel booking through a travel company, feel free to separately check with the hotel / particular airline that your booking does indeed exist.

If you have been affected by this, or any other scam, report it to Action Fraud by calling 0300 123 2040, or visiting www.actionfraud.police.uk

(1st August 2016)


POLICE RELEASE DETAILS OF 10 WANTED ALLEGED UK CON ARTISTS
(The Guardian, dated 19th July 2016 author Press Association)

Full article [Option 1]:

www.theguardian.com/uk-news/2016/jul/19/police-release-details-of-10-most-wanted-alleged-uk-con-artists

A line-up of 10 wanted alleged con artists has been released in advance of new crime figures that are expected to reveal the huge scale of fraud in the UK.

Details of the alleged criminals, published on Tuesday by City of London Police and the National Crime Agency, include Alex McKenzie, 33, from London, who is accused of targeting victims using the gay social networking app Scruff, gaining their trust by claiming to work for MI6.

It is claimed he conned two former lovers and one of their parents by taking out credit cards, bank accounts and loans worth a total of £300,000 in their names.

Another is Bollywood film producer Sandeep Arora, 42, from Beckton, east London, who allegedly claimed £4.5m in VAT and film tax rebates for movies that either did not exist or with which he had no involvement.

Also on the list is Bayo Lawrence Anoworin, 41, from Lagos, Nigeria, who is wanted by Lincolnshire police over an alleged scam by a gang that stole more than £12m from NHS trusts in the UK and Guernsey between January 2011 and July 2012.

The publication comes before annual crime figures due for release by the Office for National Statistics on Thursday that will include a full year of fraud and cybercrime for the first time.

Preliminary figures released in October 2015 found that there had been 5.1 million incidents of fraud in England and Wales in the previous year, affecting an estimated one in 12 adults and making it the most common form of crime.

Donald Toon, director of the NCA's economic crime command, said: "The annual losses to the UK from fraud are estimated to be more than £190bn. Behind this headline figure lies the actions of criminals like the wanted fraudsters highlighted in this appeal, who have caused distress and loss to people and businesses up and down the country.

"Law enforcement cannot tackle this problem alone. It is only by working together, individuals, law enforcement, government and the private sector that we can protect the UK against fraud.

"It is important that anyone able to provide information on the 10 fraudsters we are highlighting today takes the opportunity to pass that information to law enforcement to help bring them to justice."

(1st August 2016)


RIO 2016 OLYMPIC TICKET FRAUD
(Action Fraud, dated 28th June 2016)
www.actionfraud.police.uk

The Olympic Games in Rio de Janeiro begin on 6th August 2016 and as of late June, you will be able to purchase tickets from the Rio 2016 ticket offices. Purchasing from an unauthorised seller or a ticket tout could leave you out of pocket; not only are the tickets advertised at inflated prices, but there is also a risk that the tickets purchased are counterfeit or do not exist. Any individual with a counterfeit ticket will be refused entry.

To help protect yourself, the list of authorised sellers has been published on the official website and provides a list of trusted resellers; this can be found at www.rio2016.com. Equally, tickets purchased that are no longer needed can be sold through the Rio 2016 website for a 100% reimbursement of the amount paid if the tickets are resold.

Protect yourself
- When purchasing from another company or individual, ask questions; specifically when you will receive the ticket and what type of ticket you are purchasing.

- Pay for tickets by using a credit card or trusted payment service. Payments made by bank transfer may not be recoverable.
- Always check that the payment screen is secure by looking for the padlock symbol or making sure the website/url begins with "https".

If you have been affected by this, or any other scam, report it to Action Fraud by calling 0300 123 2040, or visiting www.actionfraud.police.uk

(1st July 2016)


FAKE LETTER BOXES

(Action Fraud alert, dated 27th June 2016)
www.actionfraud.police.uk

The National Fraud Intelligence Bureau (NFIB) has noticed an increase in reports of fraudsters placing fake letter boxes on residential properties in an attempt to harvest the mail. Residents are sometimes unaware of the fake letterbox as the fraudsters will periodically remove the item, which may leave notable markings. The mail is then used to open various lines of credit with financial providers in the name of the innocent resident.

Protect Yourself
- Be vigilant and check for any suspicious activity, tampering of your post/letterbox or for suspicious glue markings on the wall.
- Check all post received from financial institutions, even if it appears unsolicited.
- Consider reporting theft of mail to your local police force and any cases of identity fraud to Action Fraud.
- If you have been a victim of identity fraud consider Cifas Protection Registration (https://www.cifas.org.uk/protective_registration_form)

If you, or anyone you know, has been affected by this fraud or any other scam, report it to Action Fraud by calling 0300 123 2040 or visiting www.actionfraud.police.uk.

(1st July 2016)


BE AWARE OF SPOOF EMAILS CLAIMING BUYER PROTECTION
(Action Fraud, dated 24th June 2016)
www.actionfraud.police.uk

Online shopping websites are being utilised by fraudsters to advertise vehicles for sale which do not exist. After agreeing to purchase the vehicle via email with the fraudsters, buyers then receive emails purporting to be from Amazon Payments and/or Amazon Flexible Payment Service stating that their money will be held in an 'escrow account' (a bank account held by a third party, used as a temporary holding account during a transaction between two parties- for a 7 day 'cooling off' period). Once happy with the purchase the email indicates the money will be released to the seller, therefore offering 'buyer protection'. In reality these emails are fraudulent and do not come from Amazon. The bank accounts are controlled by fraudsters.

Protect yourself
- Remember that Amazon does not provide an escrow account to purchase items.
- Meet the seller 'face to face' and view the vehicle before parting with any money.

- Be vigilant of emails that purport to be from genuine companies and check the 'domain' name of the email address for any inconsistencies.
- Check feedback online by searching the associated phone numbers or email addresses of the seller.
- If the vehicle is below market value consider whether this is an opportunity too good to be true!

If you, or anyone you know, have been affected by this fraud or any other scam, report it to Action Fraud by calling 0300 123 2040 or visiting www.actionfraud.police.uk.

(1st July 2016)


COUNTERFEIT CHEQUES
(Action Fraud, dated 10th June 2016)

Businesses are being contacted for the sale of goods or services by fraudsters, who request to pay by cheque. The fraudster sends a cheque with a higher value than the amount expected, and then sends the business a request for the difference with instructions on how it should be paid back. This is usually by bank transfer or through a money transfer service, such as Western Union or PaySafe. Once the 'refund' has been provided, it is realised that the cheque provided was fraudulent and no funds are credited to the business's account.

The NFIB has seen an increase of 84% in the number of counterfeit cheque frauds reported to Action Fraud since November 2015. Criminals are targeting a wide range of services including paintings or other artwork, photography and lessons, with various amounts requested to be refunded. The average amount requested to be refunded is £1,818. The highest amount requested was over £80,000.

The suspects have used pressure tactics to persuade victims to refund the amounts immediately prior to the cheques clearing.
 
Crime Prevention Advice
- Be cautious of payments where the amount provided is higher than expected. Refuse to provide the service unless the correct balance is received or wait until the cheque has cleared before refunding the difference.

- Always contact banks on a trusted number found on their website or correspondence that is known to be authentic to confirm whether the cheque has cleared.
- Do not feel pressured to provide a refund before the cheque has cleared.

If you have been affected by this, or any other scam, report it to Action Fraud by calling 0300 123 2040, or visiting www.actionfraud.police.uk

(1st July 2016)


PHISHING CAMPAIGN TARGETING UNIVERSITY STUDENTS
(Action Fraud, dated 13th June 2016)

A new phishing campaign which has hit students of UK universities claims that the student has been awarded an educational grant by the Department for Education. The email purports to have come from the finance department of the student's university and tricks the recipient into clicking on a link contained in the message to provide personal and banking details.

One victim reported that after submitting their sensitive information (including name, address, date of birth, contact details, telephone provider, bank account details, student ID, National Insurance Number, driving licence number and mother's maiden name), they were taken to a spoofed website which appeared like a genuine website of their bank, where they were asked to type in their online banking login credentials.

Protect Yourself:

- Do not click on any links or open attachments contained within unsolicited emails.

- Do not reply to scam emails or contact the senders in any way.

- If an email appears to have come from a person or organisation you know of but the message is unexpected or unusual, contact them directly via another method to confirm that they sent you the email.
- If you receive an email which asks you to login to an online account via a link provided in the email, instead of clicking on the link, open your browser and go directly to the company's website yourself.
- If you have clicked on a link in the email, do not supply any information on the website that may open.

If you think you may have compromised the safety of your bank details and/or have lost money due to fraudulent misuse of your cards, you should immediately contact your bank, and report it to Action Fraud by calling 0300 123 2040, or visiting www.actionfraud.police.uk

(1st July 2016)


US VISA APPLICANTS BECOME LATEST VICTIMS OF TARGETED MALWARE ATTACKS
(International Business Times, dated 8th June 2016 author India Ashok)

Full article [Option 1]:
US visa applicants in Switzerland are falling victim to a hitherto unknown malware called Qarallaz RAT or QRAT, which is being distributed via Skype by an unknown entity posing as a US government official. Upon further investigation, security researchers uncovered that the malware has been active elsewhere as well, targeting US visa applicants in various countries.
F-Secure security researchers claim that hacker/hackers posing as US government officials, claiming to provide guidance on visa application procedures, have been sending people a malicious Java file named "US Travel Docs Information.jar", containing a new strain of RAT (Remote Access Trojan), which enables hackers to gain access to victims' computers. The QRAT malware has the alarming ability to seize mouse clicks, cursor movements, keystrokes and even remotely operate and manipulate webcam operations such as taking snapshots or videos.
F- Secure security researcher Frederic Vila cautions: "If you are going to look for information about travel visas, you need to double check the Skype handle and the document that you have received. Be aware that a lowercase "l" can be confused with a capital "I" or the number one (1); or a capital "O" can be confused with a zero (0). There are many ways people can be victimized, but with some scrutiny it can be prevented."

(1st July 2016)


EURO 2016 TICKETING FRAUD
(Action Fraud, dated 8th June 2016)

The 2016 European Football Championships will begin shortly and those wanting to purchase last minute tickets are likely to be targeted by fraudsters posing as official sellers. Purchasing from an unauthorised seller or a ticket tout could leave you out of pocket; not only are the tickets advertised at inflated prices, there is a risk that the tickets purchased are counterfeit or do not exist. Any individual with a counterfeit ticket will be refused entry.
 
Resale Platform

Consumers wanting to sell their tickets can do so through the resale platform, where tickets will be resold at face value. For further information please visit UEFA's website. Those seeking to purchase tickets are advised to check the site regularly as tickets will be sold on a first come first serve basis and are likely to change regularly as different tickets become available to purchase. •Only purchase tickets from an authorised seller by using the exchange portal.
- When using the portal do not be encouraged to contact the seller privately and complete the transaction outside of the portal.
- Be wary of purchasing tickets from a social media account. There is a risk that the ticket does not exist or is counterfeit. Consider conducting research on the information provided by the seller, for example a mobile phone number or email address used by the seller could alert you to any negative information associated to them online.
- Avoid making payments through bank transfer or money transfer services, as the payment may not be recoverable.

If you have been affected by this, or any other scam, report it to Action Fraud by calling 0300 123 2040, or visiting www.actionfraud.police.uk.

(8th June 2016)



THE NEW SCAMS - HOW TO PROTECT YOURSELF

(Womens Weekly, dated 31st May 2016 author Frances Quinn)

Just when you though you were wise to all the latest scams, fraudsters find other ways to part you from your money.

The Grandchild in distress
In a particular nasty scam that's spead here from the US, you get a phone call or email claiming to be from your Grandchild, saying they're in serious trouble - often while travelling abroad - and need money urgently. The call may come in the middle of the night, when panic makes it easier for the person on the receiving end to get confused, and the conversation is often muffled, which is blamed on a bad line. Before you can be sure whether you are actually speaking to your Grandchild, the phone is passed to an accomplice, usually posing as a police officer / embassy official / angry road accident victim / helpful bystander, who'll instruct yu on how to send money - usually by a wire transfer system such as Western Union, which means it can't be traced or reclaimed. The "Grandchild" will also often ask you to promise not to tell their parents or siblings.
ACTION - If you've got a Grandchild who's going travelling, get them to choose a code word, known only to the family, that the can use in the unlikely event that they ever need to make a call like this. If you get such a call, try to contact the child ourself, and members of the family however convincing the story sounds, don't send money unless you're certain they are who they say they are.

The computer "kidnap"
This happens when you've clicked on an infected website or popup ad, which gives hackers access to your computer. They install "ransomware", which prevents you accessing your files and photos, then demand you pay to get them released. They may also say you've done something illegal with your computer, or install embarrassing pornography that you can't get rid of, in order to prevent you reporting the probem to anyone else.
ACTION - Make sure you have upto-date security software that includes protection against ransomeware. If you do get hacked, don't pay the money - ther is no gaurantee that the fraudsterss will release your compter at that point, and even if they do, there's a ver good chance you'll find yourself hacked again once they know you're willing to pay. If you're good with computers, there are DIY solutions availabe at microsoft.com (search "ransomeware"). If not, a local computer repair service should be abe to help.

The council tax scam
This one involves bogus agents contacting you by phone, or just knocking on the door, claiming that your property is in the wrong council tax band and they can get your bill reduced. Often claiming to be from the council or the Valuation Office Agency (VAO), they say you need to pay for the service and ask for money upfront, which you'll never see again, or request your bank details so they can "claim your refund" for you. There is in fact a process whereby you can challenge your council tax band, but you don't need to pay someone to do it for you, and the VOA doesn't have a list of agents that it uses to help people do it.

ACTION - Don't give your bank details or money to anyone making these claims, don't let theminto your house and if you get a call, just put the phone down. You can check your counci tax band yourself by contacting the VOA at 03000 501 501, or finding the address of your local Valuation Office at gov.uk

The "Good Citizen" award
Action Fraud is warning against a scam where you get a call claiming you've won a "Good Citizen" award or grant from Government - usually several thousand pounds. You're asked to pay a much smaller amount to get access to the money. There is no such thing as the "Good Citizen" aware, and even if there were, you wouldn't be asked to pay money upfront to get it.

ACTION - If you get a cold call promising you a large sum in return for paying a small sum - whether its an award, a grant or a competitionprize - it will be a scam. Don't engage in conversation, as scammers can be very convincing - just put the phone down.

The account switch scam
This is one of the fastest-growing scams, with more than 5,000 people being conned by it last year, and many losing thousands of pounds. Thought to be made possible by scammers hacking into companies' email systems, it happens when you have a significant bill to pay or money to transfer typically after building work, or when buying a new home. You're emailed with an invoice or request for payment, which will look completely convincing and contain all the details you'd expect, but the bank details in it will be the scammers', not the firm you think you're paying. In some cases, the bnkshave refused to refund the oney, saying the transfers were made according to victims' instructions. The accounts had of course been immediately emptied and closed.

ACTION - If you get an email regarding a large payment, even if you're expecting it,call and check the amount and bank details before paying it. It's a hassle - but not as much of a hassle as losing thousands of pounds.
WHY DO THEY WANT YOUR DETAILS
While some scams take your money directly, others are designed to help the fraudsters get hold of personal details, such as date of birth, bank account ad card numbers, and PINs. They're then used in identity theft, where fraudsters can set up loans and credit cards in your name, and potentially run up massive bills, or use your identity to fraudulently obtain benefits or tax rebates. If you can prove you weren't responsible, you should get your money back - but it can be a long and difficult process, and there have been cases of refunds being refused.
For advice, see actionfraud.police.uk

BEAT THE SCAMMERS - THE GOLDEN RULES
Never give out personal details in response to a phone call. If you think the call's genuine, find the organisation's number from a safe source, and call them back from another phone - scammers sometimes stay on the line so when you think you're ringing out, you're still talking to them.

- DON'T be pressurised into making a decision or paying any money immediately - thats often as sign of a scam.

- DON'T click o links in an email to pay money - always go to your bank # credit card company's website.

- DON'T be deceived by the fact that a caller seems to know a lot about you, or your accounts - there are all sorts of ways the more skillfu scammers can obtain information.

(8th June 2016)


 


PURCHASING PETS ONLINE

(Action Fraud, dated 4th May 2016)
www.actionfraud.police.uk

The National Fraud Intelligence Bureau (NFIB) and Action Fraud have noticed a rise in the reporting of pets, and in particular puppies and kittens, being advertised for sale via popular online auction websites. The fraudsters will place an advert of the pet for sale, often claiming that the pet is currently held somewhere less accessible or overseas. Upon agreement of a sale, the suspect will usually request an advance payment by money transfer or bank transfer. However, the pet does not materialise and the fraudster will subsequently ask for further advanced payments for courier charges, shipping fees and additional transportation costs. Even if further payments are made, the pet will still not materialise as it is likely that the pet does not exist.

Protect Yourself:

- Stay within auction guidelines.

- Be cautious if the seller initially requests payment via one method, but later claims that due to 'issues with their account' they will need to take the payment via an alternative method such as a bank transfer.

- Consider conducting research on other information provided by the seller, for example a mobile phone number or email address used by the seller could alert you to any negative information associated with the number/email address online.

- Request details of the courier company being used and consider researching it.

- Agree a suitable time to meet face to face to agree the purchase and to collect the pet. If the seller is reluctant to meet then it could be an indication that the pet does not exist.

- A genuine seller should be keen to ensure that the pet is going to a caring and loving new home. If the seller does not express any interest in you and the pet's new home, be wary.

- If you think the purchase price is too good to be true then it probably is, especially if the pet is advertised as a pure-breed.

- Do not be afraid to request copies of the pet's inoculation history, breed paperwork and certification prior to agreeing a sale. If the seller is reluctant or unable to provide this information it could be an indication that either the pet does not exist or the pet has been illegally bred e.g. it originates from a 'puppy farm'. A 'puppy farm' is a commercial dog breeding enterprise where the sole aim is to maximise profit for the least investment. Commercial dog breeders must be registered with their local authority and undergo regular inspections to ensure that the puppies are bred responsibly and are in turn fit and healthy. Illegally farmed puppies will often be kept in inadequate conditions and are more likely to suffer from ailments and illnesses associated with irresponsible breeding.

- When thinking of buying a pet, consider buying them in person from rescue centres or from reputable breeders

If you have been affected by this, or any other scam, report it to Action Fraud by calling 0300 123 2040, or visiting www.actionfraud.police.uk

(5th May 2016)


SEVEN CHECKS TO AVOID FALLING VICTIM TO A "SOLICITOR SCAM"
(The Telegraph, dated 29th April 2016 author Amelia Murray)

Full article [Option 1]:

A rise in conveyancing and solicitor scams has seen a number of unsuspecting property buyers robbed of hundreds of thousands of pounds with little chance of ever getting it back.
Fraudsters typically hack into solicitors' or clients' emails. They then fake emails from one party or another, instructing the victims to divert large payments to their own accounts during the final stages of a property purchase or sale.
Telegraph Money has spoken to a number of experts in cyber security and online fraud to help prevent more people falling victim.

Check your solicitor's website is secure
The first thing prospective property buyers should do is check the solicitor or conveyancer has a secure website.
The web address should start with HTTPS - the 'S' stands for secure. There should also be a padlock on the left hand side of the browser.
HTTPS pages are often used for online banking and other internet transactions and ensures the information between your browser and the website is protected.
Chris Underhill, head of IT and security at phishing detection company, Cyber Security Partners said an HTTPS page is a basic requirement for solicitors or conveyancers. Such firms hold an incredible amount of valuable data which makes them vulnerable to hackers and investing in a secure platform should be a priority.
An HTTPS page is especially critical when submitting information on the website such as through the solicitor's contact form.

Is the price right?
There is no hard and fast rule to how much you should be paying for a conveyancer. However, John Marsden, identity and fraud expert at credit agency Equifax said be wary of those which seem too cheap.
He said: "Low cost firms may not have invested as much in their security system.
"Consumers need to ask themselves how much they value a secure platform."
Rob Hailstone, ex-residential property conveyancer and founder of advice group Bold Legal, said: "Remember that buying or selling a property is one of the most important and complicated things you will ever do. Do not instruct the cheapest firm to act for you."

Ask what security measures are in place
Emails can be secured for free using three types of software - Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM) and Domain-Based Message Authentication (DMARC).
Mr Underhill explained: "SPF is a simple whitelist of computers allowed to send email on behalf of an organisation." This aims to stop emails coming through from spoof email addresses created on unknown computers.
DKIM is used as a way to preserve the content of emails to ensure they have not been tampered with.
DMARC is a method to stop illegitimate emails from being delivered.
However, it is important to realise that no matter how good the firm's online security is, the customer's system is also at risk of being hacked. You won't know when this happens.
Try not to indicate the contents of your email in the subject line, especially when discussing payments and bank details.

Establish a named contact at the firm
Customers should be able to meet and speak to a member of staff who they can contact directly.
Mr Marsden said customers should use a firm that "adopts security measures from the ground up" and that all members of staff are happy to verify information when asked to.
Mr Hailstone advised: "Visit the firm if possible. Certainly speak to the person who will be handling your transaction and make sure you feel confident in them and their ability."

Be wise with communication
Mr Underhill said the majority of solicitors and conveyancers are likely to communicate with customers over email because it is quick and cheap.
However, many firms have reverted to using fax machines as they cannot be hacked.
Where payments are concerned, experts advise customers to make the transaction over the phone or in the office.
However, if firms insist on sending details by email, customers should check the address is genuine.
"Spoof" addresses can be hard to spot - differences can be as subtle as a missing or additional letter.

Check, check and check again
Experts strongly recommend calling the firm to verify the email is real and the payment details are genuine.
A spokesman from national fraud and cyber crime reporting centre Action Fraud said: "Never accept changes of banking details at face value and to always verify with the relevant parties directly before making any changes.
"Take those few extra minutes to check, double-check and check again, otherwise there is a good chance you will be liable for the loss, and it may affect your insurance premium too.
The spokesman added: "Preferably talk to the solicitor whose voice you recognise to check the change of bank details."

Don't send the full payment straight away
Even if you verify the payment with the firm, Tony Neate, head of government backed online advice site Get Safe Online, said it is a good idea to transfer a small payment first before going through with the final transaction.
He said: "Send £1 to the firm first and check it has arrived in the right bank account before transferring the rest."

(1st May 2016)


HOW TO SPOT FAKE TRAVEL WEBSITES AND HOLIDAY SCAMS
(BT News, dated 29th April 2016)

Full article [Option 1]:

More and more of us are falling for a range of holiday and travel scams.
A new report compiled by the City of London Police's National Fraud Intelligence Bureau showed scammers stole £11.5 million from unsuspecting travellers in 2015 - up a staggering 425% compared to 2014.

Cases spike in the summer months and December, which suggests that fraudsters are homing in on holidaymakers and people making last-minute arrangements for Christmas. The most commonly-targeted age group is 30-49, many of whom will have young families, the report found.
Victims lose nearly £3,000 on average, with almost half of them (44%) saying that the fraud also had a significant impact on their health.

Common holiday scams to watch out for
Be extra careful when booking these as they're prime targets for fraudsters.

Holiday accommodation
Scammers are adept at making up fake websites which look astonishingly like the real thing. They also hack into legitimate accounts and post fake adverts on websites and social media.

Airline tickets
These cases involve customers booking a flight and receiving a fake ticket or paying for a ticket that just doesn't turn up.
Last year, flights to Nigeria, India and Pakistan were heavily targeted, suggesting that those visiting friends and family are more vulnerable.

Sports and religious trips
Tickets with limited availability are a magnet for fraudsters because of the higher prices they can grab. Experts predict that both the European Football Championships in France and the Olympics in Rio de Janeiro will be major draws for scammers.

Timeshares and holiday clubs
Victims lose between £9,000 and £35,000 each to timeshare and holiday club fraud, making up over a quarter (26%) of the total reported amounts lost.

How to avoid becoming a victim of travel fraud

Now that we're coming up to peak holiday season, it's vital that you stay sharp when booking that holiday.
City of London Police Commander Chris Greany, Police National Coordinator for Economic Crime, said:
"We live in a world where we are under pressure to get things done quickly. However, when booking a holiday it is vitally important you take your time and follow a number of basic checks designed to protect you from falling victim to a fraud."
Do some thorough research on companies you don't recognise before you confirm any arrangements. Start by checking the company's credentials - if it's defrauding people, victims will likely have posted their story online or contacted the press.
Look for the ABTA or ATOL logo to confirm that the company is legitimate. You can verify membership on their respective websites.
Even though it's quick and easy, don't pay direct into the owner's bank account. It's much more difficult to trace and retrieve your funds, similar to paying in cash.
Try and pay by credit card if you can - transactions over £100 will likely be covered by your credit card provider under Section 75 of the Consumer Credit Act.
Study receipts, invoices and small print, and be very wary of companies that don't provide any at all. If you're booking through a holiday club or timeshare, ask a solicitor to comb through the documentation before signing up.

As always, if it sounds too good to be true, it probably is. You can find more information about how to stay safe when booking or researching travel online at Get Safe Online and report anything suspicious to Action Fraud.

(1st May 2016)


URGENT : ONLINE EXTORTION DEMAND AFFECTING UK BUSINESSES
(Action Fraud, dated 29th April 2016)
www.actionfraud.police.uk

Within the past 24 hours a number of businesses throughout the UK have received extortion demands from a group calling themselves 'Lizard Squad'.

Method of Attack:

The group have sent emails demanding payment of 5 Bitcoins, to be paid by a certain time and date. The email states that this demand will increase by 5 Bitcoins for each day that it goes unpaid.

If their demand is not met, they have threatened to launch a Denial of Service attack against the businesses' websites and networks, taking them offline until payment is made.
The demand states that once their actions have started, they cannot be undone.
 
What to do if you've received one of these demands:

- Report it to Action Fraud by calling 0300 123 2040 or by using the online reporting tool
- Do not pay the demand
- Retain the original emails (with headers)
- Maintain a timeline of the attack, recording all times, type and content of the contact
 
If you are experiencing a DDoS right now you should:

- Report it to Action Fraud by calling 0300 123 2040 immediately.
- Call your Internet Service Provider (ISP) (or hosting provider if you do not host your own Web server), tell them you are under attack and ask for help.
- Keep a timeline of events and save server logs, web logs, email logs, any packet capture, network graphs, reports etc.
 
Get Safe Online top tips for protecting your business from a DDoS:

- Consider the likelihood and risks to your organisation of a DDoS attack, and put appropriate threat reduction/mitigation measures in place.
- If you consider that protection is necessary, speak to a DDoS prevention specialist.
- Whether you are at risk of a DDoS attack or not, you should have the hosting facilities in place to handle large, unexpected volumes of website hits.

(1st May 2016)


HMRC TAX REBATE SCAM
(Action Fraud, dated 23rd April 2016)
www.actionfraud.police.uk

Fraudsters are texting members of the public offering a tax rebate. The text message contains a link to a website and requests to provide personal information, such as bank account information, to claim the nonexistent rebate.

Protect Yourself
- Don't click on web links contained in unsolicited texts or emails.
- Never provide your personal information to a third party from an unsolicited communication.
- Obtain the genuine number of the organisation being represented and verify the legitimacy of the communication.
- HMRC will never use texts or emails or tell you about a potential rebate or ask for personal information.
- If you have provided personal information and you are concerned that your identity may be compromised consider Cifas Protection Registration.

(1st May 2016)


ONLINE JOB RECRUITMENT (SELLING)
(Action Fraud, dated 26th April 2016)
www.actionfraud.police.uk

The National Fraud Intelligence Bureau (NFIB) and Action Fraud have noticed a rise in the reporting of victims being recruited via Facebook to sell items for suspects on eBay - often stating that it is a quick way of making money.
The items are said to be bankrupt stock, purchased via auctions, and need to be sold on quickly. The majority of the items reported have been Apple Mac Book Pro/Electrical Items.
The victim places the items on eBay and once the items are sold, the victim will get paid and transfer the funds to the suspect/recruiter.
Once the suspect/recruiter gets the funds, the purchasers are claiming that they have received empty cereal boxes or often no goods at all, leaving the victim being reported as the actual suspect, and leaving them out of pocket as their account will be debited.
Protect yourself:
 
- Consider conducting research on other information provided by the seller, for example: a mobile phone number or email address could alert you to negative information associated with the number/email address online.
- Be very cautious of unsolicited emails or approaches over social media promising opportunities to make easy money.
- When accepting offers, verify the company/entity details provided to you and check whether they have been registered in the UK.

- If you think the deal or offer is too good to be true then it probably is!

If you, or anyone you know, have been affected by this fraud or any other scam, report it to Action Fraud by calling 0300 123 2040 or visiting www.actionfraud.police.uk.

(1st May 2016)


WINE INVESTMENT FRAUD
(Action Fraud, dated 22nd April 2016)
www.actionfraud.police.uk

A new investment fraud trend is targeting members of the public who are seeking to sell their wine investment. Fraudsters agree to purchase the victim's wine, but instead transfer the stock into their own account without paying the victim. The fraudulently obtained wine is then believed to be sold on to other, unsuspecting victims.  
 
How does it work?

Fraudsters set up fake companies and websites as well as exploit the names of legitimate, established companies to facilitate this fraud. They cold-call the victims and offer to purchase their wine for significantly more than the actual market value.

Fraudulent documents, such as purchase agreements, are used to facilitate the fraud and are sent to the victims via post and email. Some fraudsters have gone as far as setting up fake escrow services in order to fool the potential sellers that the payments have been transferred.

The fraudsters send the victims instructions to transfer their wine into storage accounts held within legitimate bonded warehouses. The victims are informed that upon doing this they will be paid the agreed amount. The use of storage accounts held within legitimate bonded warehouses adds an air of legitimacy to the process but in actual fact these storage accounts are controlled by the fraudsters.

Once the wine is transferred into the new storage accounts the suspects break off all contact with the victims. The wine is then moved again, normally within days and often abroad, and, needless to say, the victim never receives the money from the agreed sale.

Protect Yourself

- Never respond to unsolicited phone calls - if in doubt, hang up
- Always check that the details of the organisation or company contacting you (such as website, address and phone number) are correct - the fraudsters may be masquerading as a legitimate organisation
- Never sign over your wine (or any other investment) to another party without first checking they are authentic
- Don't be fooled by a professional looking website, as the cost of creating a professional website is easily affordable
- Escrow services are regulated by the FCA under the Payment Services Directive 2009. Only deal with a registered Authorised Payment Institution. You can check the FCA register online at www.fca.org.uk/register
- Consider seeking independent legal and/or financial advice before making a decision
If you have been affected by this, or any other scam, report it to Action Fraud by calling 0300 123 2040, or visiting www.actionfraud.police.uk

(1st May 2016)


SOCIAL MEDIA TICKET FRAUD
(Action Fraud, dated 20th April 2016)
www.actionfraud.police.uk
The National Fraud Intelligence Bureau (NFIB) has recently received an influx of reports that fraudsters are targeting the public, via social media, in relation to football tickets.

Fraudsters are posting pictures or statuses online telling members of the public to contact them via Direct Message for football tickets. This then leads to a mobile messaging conversation. During the conversation, bank details are provided by the suspect so that the tickets can be purchased.

After the victim has paid for the ticket the fraudster blocks them to stop further conversation, leaving victims without the tickets and out of pocket.

Protect yourself:
- Check the security of the website and validity of the post
- Avoid taking the conversation offline to private messages
- When purchasing any products over the internet always try to make the payment via PayPal or a credit card where you have some sort of payment cover

If you, or anyone you know, have been affected by this fraud or any other scam, report it to Action Fraud by calling 0300 123 2040 or visiting www.actionfraud.police.uk.

(1st May 2016)


ACCOUNT SWITCH SCAM NETS 5,000 VICTIMS

(BBC News, dated 21st April 2016 author Jon Douglas)

More than 5,000 people were conned into sending planned payments to fraudsters' bank accounts last year.
Victims were fooled by emails asking them to divert payments into criminals' accounts, leaving the genuine recipient unpaid.
The number of cases of the scam - also known as "mandate" or "invoice" fraud - is up 71% on the previous year.
Losses in the UK totalled £126m, according to police figures compiled for Radio 4's You & Yours.
Police said people need to be suspicious of any persistent emails that suggest a change of bank account details.

Massive shock

Georgia Morandi, from Carmarthenshire, lost £2,514 to this sort of scam after having a wood burning stove installed. She received messages - apparently from her stove fitter's email account - asking for the money she owed him to be paid into a different bank account.
"The timing of it was perfect because, of course, it was a bill that I inevitably had to pay," she said.
But the messages she had received were not really from her stove fitter. It is thought his email account had been compromised and somebody posed as him online.
"It was a massive shock because I could instantly see that it would be an issue trying to get the money back," said Ms Morandi.
"I went into a bit of a panic wondering how it was going to end. I couldn't afford to pay for the stove twice; the stove fitter couldn't afford to be out of pocket. It was very difficult to know who is responsible for that stolen money."
In the end, Ms Morandi's bank refunded the money she had sent to criminals. But they called it a goodwill gesture and not everyone caught out in this way will get their money back.

'Ask questions'

The police recorded 5,480 similar cases in 2015, compared with 3,206 in 2014.
Of those affected, 36% of them said it had a severe or significant impact on them, meaning it affected their health or their ability to make ends meet.
The scam tends to happen in two main ways. The first is where a company's IT system is infected with malware allowing criminals to spy on emails and then contact customers. The second is where a criminal pretends to be someone senior in a company and emails a junior member of staff asking them to make a business payment, known as CEO fraud.
"Junior people in very large organisations need to feel comfortable to ask the question of someone senior whether or not this is a real transaction," said Commander Chris Greany from City of London Police, which monitors and investigates fraud across the UK.
"Sadly email is just not safe and you cannot trust it all the time."
Commander Greany thinks more people need to be suspicious of emails that ask for payment particularly if they are persistent and include new bank account details.
"The best thing for any individual to do is to pick up the phone and speak to the business they are dealing with," he suggested.

(1st May 2016)


WARNING OVER FRAUDULENT CALL CENTRES
(BT News, dated 17th April 2016)

Full article [Option 1]:

We're aware that some customers are being contacted by companies fraudulently claiming to be, or acting on behalf of, Microsoft and other companies - including on occasions BT.

The main purpose for these calls is to try and convince you that they have identified a fault with either your internet or your router, or they have detected a virus or other malware on your computer.
These fraudsters may attempt to take control of your computer via remote access software, claiming that this is the only way to fix these issues, before 'identifying' a problem and offering to resolve the issue for a small fee. If you agree, often the value of the money taken is considerably more than originally quoted.

These companies use a 'spoof' telephone number when making such calls. This means the number displayed on your caller ID, or obtained by dialling 1471, is incorrect and you are unable to reconnect if redialled.

Please be aware that any unsolicited calls you may receive where the caller asks to take remote access of your computer could be related to one of these known scams.
If you're suspicious about a call you receive, here are some steps you can take if you're unsure about the caller:

- Never offer private or personal security information to unsolicited callers (even if they quote what is, or seems to be your account number).

- If a caller claims to be from BT and you are concerned, ask them to leave notes on your account and you can then call BT on 0800 800 150 to confirm the call is genuine. Always check that the phone line has been cleared by the fraudsters and you are able to dial out as normal. For even greater security, use a different phone line.

- Be suspicious of unsolicited calls relating to a security/system problem, even if they claim to represent a respected company. If you have any doubt at all, contact the company yourself to verify the call using their published numbers.

- Never provide personal information, such as credit card or bank details, to an unsolicited caller. BT will never send you an unsolicited email asking for personal / private details or banking information.
You can find out more information about your BT account security at bt.com/help/security, and further details on the latest scams and how to protect yourself at bt.com/scams.

(19th April 2016)



PAYMENT DIVERSION
(Action Fraud, dated 11th April 2016)
www.actionfraud.police.uk

Fraudsters are targeting members of the public who are expecting to make a payment for property repairs. The fraudsters, via email, will purport to be a tradesman who has recently completed work at the property and use a similar email address to that of the genuine tradesman. They will ask for funds to be transferred via bank transfer and once payment is made the victims of the fraud soon realise they have been deceived when the genuine tradesman requests payment for their services.

Protect Yourself:
- Always check the email address is exactly the same as previous correspondence with the genuine contact.
- For any request of payment via email verify the validity of the request with a phone call to the person who carried out the work.
- Check the email for spelling and grammar as these signs can indicate that the email is not genuine.
- Payments via bank transfer offer no financial protection; consider using alternative methods such as a credit card or PayPal which offer some protection and avenue for recompense.

If you believe that you have been a victim of fraud you can report it online at: http://www.actionfraud.police.uk/report_fraud or by telephone on: 0300 123 2040.

(19th April 2016)



BEWARE THIS EMAIL SCAM THAT INCLUDE YOUR HOME ADDRESS

(BT News, dated 10th April 2016)

Full article [[Option 1]:

A new email scam is doing the rounds, and this one looks even more genuine as it includes your home address. In this case, scammers are trying to con you into believing you owe money to genuine companies.
Here's what you need to know and how to stay safe.

###The email

As well as personal details like your full name and home address the email demands a payment of more than £800 to clear a debt with legitimate companies.
These include a waxed cotton manufacturer British Millerain Co Ltd located in Rochdale and a shelving firm called Greenoaks based in Manchester.
The email also has a link to the 'original invoice where presumably you will find the details of where to send the cash, but actually could install malware on your device.
Members of the BBC Radio 4's You and Yours team are among those who have been targeted by this new wave of fraudulent activity.
Vahl said: "The email has good spelling and grammar and my exact home address...when I say exact I mean, not the way my address is written by those autofill sections on web pages, but the way I write my address.
"My tummy did a bit of a somersault when I read that, because I wondered who on earth I could owe £800 to and what was about to land on my doormat."
Worryingly, at least two other members of Vahl's team also reported receiving a similar email.
The You and Yours team contacted the companies named in the emails staff had received, who said they had been inundated with calls from people worried they owed them money.
Hackers
Dr Steven Murdoch, principle research fellow at the department of computer science at University College London, reckons the scam could actually be the result of a hack.
He told You and Yours: "Most likely it was a retailer or other internet site that had been hacked into and the database stolen, it then could have been sold or passed through several different people and then eventually it got to the person who sent out these emails."
Murdoch also said the email had hallmarks of phishing attempts from gangs in Eastern Europe and Russia and warned clicking the link could install malware like Cryptolocker, which is a type of ransomware that locks files on Windows-based computers and demands a fee to release them.

###What to do if you get this email

If you've received a suspicious email don't click the link or take any notice of the demands.
Instead just delete it from your inbox and report it to Action Fraud. You can do this over the phone on 0300 123 2040 or using its online fraud reporting tool.

(19th April 2016)


MARCH 2016 - UPDATE


BEWARE THIS CRAZY SPEEDING TICKET SCAM

(Philadelphia Magazine, dated 25th March 2016 author Victor Fiorillo)
Full article [Option 1] :

We all see plenty of email scams landing in our inbox, whether it's the ex-finance minister of some third-world dictatorship asking us for help moving around vast sums of loot, or some phishing teenage hacker trying his best to look like Apple Customer Service. But this new speeding ticket scam hitting inboxes in the region really takes the cake.

The Tredyffrin Police Department in Chester County announced the speeding ticket scam this week, explaining that three local residents reported receiving emails notifying them of speeding infractions. Tredyffrin doesn't have speed cameras, and the police say that they have nothing to do with these citation notices, but here's the thing: The residents were, in fact, speeding at the locations cited in the citations.

Investigators shared a redacted version of one of the emails with Philadelphia magazine, and we mocked it up to show you what the speeding ticket scam looks like. The sender is the actual sender that appears on the bogus citation email.
Again, police say that the people named in the emails were speeding at the location and time listed in the fake infraction notices.

How is this possible? Well, investigators suspect that a hacker has exploited a security flaw in some GPS-enabled smartphone app. If you know where your target is located and how long it takes them to get from Point A to Point B, then you can do a quick computation to determine how fast they were traveling.

Police say that it doesn't look like this speeding ticket scam is actually an attempt to get you to fork over fines to some bogus entity. Instead, they say it appears that when the recipient clicks on the link at the bottom of the message - the one that mentions the image of the license plate - some form of malware is automatically downloaded to the person's computer. The message does not contain the driver's actual license plate number.
And in case you're wondering, the drivers aren't liable for any fines even though they were speeding, because Tredyffrin police don't cite drivers for speeding unless a real, live cop catches them in the act, which we think is very sporting of them.

(4th April 2016)


MOBILE BANKING IN THE SPOTLIGHT AS FRAUDSTERS PULL £6000 STING
(The Guardian, dated 2nd April 2016 author Miles Brignall)
Full article [Option 1]:

If your bank has your mobile number to help it "manage" your current account, you may want to have a rethink. John Ellard, managing director of a small internet service provider, has had his Nationwide current account emptied of £6,000 after fraudsters apparently took over his O2 mobile account, switched his number to a new Apple handset, and then used it to make a series of fraudulent purchases.

While Ellard was wondering why his mobile wasn't working at his Hertford home last month, fraudsters were calling O2 pretending to be him to report it stolen. Simultaneously, the crooks had managed to obtain his bank account details to gain access to his Nationwide account, and were able to register him for telephone banking and increase his overdraft to £5,000.
In a bold move, they were then able to link his stolen phone number to a newly created Apple Pay account and use it clear out his bank account in a matter of hours by going on a spending spree at various Apple stores.

The case will alarm anyone who has registered their mobile with their bank and relies on it to receive security information.
Ellard, who says he has spent the past few days in financial and emotional turmoil trying to deal with the fallout, appears to be the latest victim of fraudsters targeting vulnerabilities in the mobile phone system.

Guardian Money has already reported on so-called "sim swap frauds", which see fraudsters taking over people's bank accounts via their mobile phone. The fraudsters call the phone provider and, as long as they can answer basic security questions - which can be things as simple as your name, address and date of birth - are able to cancel the old sim and gain a new one. From then on they can intercept or initiate calls and texts as if they were the victim.

The first Ellard knew of this was when he got a letter from Nationwide telling him his overdraft had been increased. Ellard, who regards himself as technically savvy, says he has been astounded that both O2 and Nationwide's anti-fraud systems were so easily evaded. He also says other bank customers should seriously consider whether they want their bank to use the mobile network to check their identity, given the flaws. He won't be doing so in the future, he says.
Ellard believes the theft of his bank details may be linked to the fact he had just moved house and had ordered a carpet. He had paid using his bank card, and store staff had his address, card details and mobile number.
"The fraudsters simply rang O2 and reported my phone stolen. I just thought it was on the blink. In the meantime, armed with my bank card number - plus the three digits on the back, mobile number and date of birth - they were able to clean out my account. I'm a company director, and it would have been very easy to find my date of birth at Companies House."

He says people have no idea how draining it is dealing with something like this. He criticises Nationwide for allowing the access, but says the building society has at least been helpful since the event. It has told him the £6,000 will be repaid, and offered £350 compensation.
O2 told Money that someone posing as Ellard had twice tried to take over his account but failed the security checks. On a third occasion the phone was reported stolen and the account blocked until the real Ellard reported it as not working. O2 maintains that at no point was Ellard's mobile account taken over, and claims no other sim card other than the one Ellard had in his phone has been associated with his account.

Nationwide told Money that Ellard's mobile number had been used to make the Apple Pay purchases linked to his account. When the fraudster tried to make the first Apple store purchase for almost £2,000 it blocked it as unusual - but the fraudster phoned the society and convinced staff that they were Ellard.

A Nationwide spokeswoman says: "Unfortunately, our customer has been the victim of account takeover fraud after his details were compromised. As soon as the society became aware of the fraud it acted swiftly to protect his accounts, and the stolen money was refunded. Additional security has been placed on his account. While we are able to stop most fraud from occurring, it is not possible to stop all. However, when a customer is an innocent victim of fraud we will look to refund their money immediately."

This is not the first case of a fraudster using a victim's mobile to access their bank account. In September last year we featured the case of Emma Franks who had £1,500 taken from her after thieves took over her Vodafone account. Someone - not her - had reported her sim card water-damaged, and requested a replacement.

Last month, meanwhile, NatWest was forced to admit that its security measures weren't good enough after staff on BBC Radio 4's You and Yours programme were able to hack into a colleague's bank account and steal a token sum using her phone.

The programme had been contacted by a number of people who had lost money to sim card fraudsters. One of these victims, Robert from East Anglia, said he had lost £3,000. NatWest had tried to blame him for the theft, even though £500 was spent on an online betting site at the exact time he was sitting in a NatWest branch trying to solve the problem. NatWest has since placed a warning about sim swap fraud on its own website, though the consumer is often powerless to halt this scam.

'Fraudsters are incredibly sophisticated'

Few UK banks have the technology in place to spot sim-swap fraud. One exception is Santander, which uses a system developed by US software firm Fico, which claims to have a 100% success rate in halting fraudulent account takeover attempts following a sim swap.
Fico director Gabriel Hopkins told Guardian Money that his company's technology is able to detect whether a sim card has been swapped since the last transaction by comparing its unique international mobile subscriber identity number.

If the system detects that the sim card has been changed, he says, it triggers a notification which in turn will prompt stronger checks into the person making the cash transfer - in short, to establish whether or not they are the account holder.
"In many cases there will be a legitimate reason for a sim change. The customer might have upgraded their handset or genuinely lost their phone and had their sim replaced. In that instance, the system will pass the case over to a fraud handler who can then call up the customer and verify their identity before approving the money transfer," Hopkins says.

He adds that banks have increasingly used mobiles as a way to verify their customer's transactions because bank customers prefer not to have to carry around card readers or dongles.
"The fraudsters have become incredibly sophisticated, and it's a battle for all the banks and telecoms firms. It's easy for someone with a phone number and card details etc, to go into, say, a Vodafone store, go up to the youngest person working there and explain they have lost their phone. That person, trying to be helpful, will give them a replacement sim and they leave the shop with a working replacement - in effect, the fraud victim's phone."

(4th April 2016)


"SMISHING" BANKING SCAMS ON PHONES

(Computer Active, Issue 471, dated 16th March 2016)

What happened
Security experts warned people about a spate of banking scams in which hackers sned texts to phone in an attempt to steal money. Known as "smishing" - a combination of phishing and SMS - these scams try to trick users with messages that appear to be legitimate alerts from banks.
Worryingly criminals are getting much better at making these messages look genuine. They send you messages in the same conversation "thread" that your bank uses, making it very hard to tell what's real.
A popular tactic of scammers is to send warnings about "suspicious" or "unusual" activity in users accounts" These messages emphasise how important it is that the victim takes action immediately, normally by transferring their money into a new account. Often this threat appears serious enough to persuade people to click links or ring a numbers, where the criminals are waiting to steal their passwords and other personal information.
Unsurprisingly, the hackers are chiefly targeting older people, because they are likely to have a bigger pot of savings to steal.

What should you do ?
It's vital to be highly vigilant when banking via your phone, particularly because banks may not give you back any money that's stolen. You should be very suspicious about clicking any link in a text message from your bank. Banks say they will never ask for your password and other log-in details by phone or email, nor will they ask you to transfer money into a new account. If you're unsure, phone your bank.
uaware note : always use literature from your bank that you have your possession for information (helpdesk numbers etc).  Not those quoted in texts, emails, from people phoning you, newspaper or magazine articles.
(1st April 2016)


FAKE EMAIL ADDRESSES
(Action Fraud, dated 1st April 2016)
www.actionfraud.police.uk

This alert is a reminder to be aware of emails that appear to have been sent from a legitimate organisation. Fraudsters often use fake email addresses designed to encourage recipients to open attachments or links. You are advised that if you are in any doubt as to the origin of an email, do not open it. Consider that emails can be spoofed and used to generate spam to recipients far and wide. If you receive a spam email, you MUST NOT open it. Instead, delete it from your email system to avoid infecting your device. If you have opened an attachment from a spam email, you should get your device checked over by a professional and change the passwords for all your bank, email and online shopping accounts.

Protect yourself:
- Do not click or open unfamiliar links in emails or on websites.
- Make sure you install and use up-to-date anti-virus software.
- Have a pop-up blocker running in the background of your web browser.
- If you have opened an attachment and 'enabled macros' it is very likely that all your personal data will have been breached. You MUST change all your passwords for personal accounts, including your bank accounts.
- Ensure Adobe, Flash and any similar software is up to date on your computer.

If you think you have been a victim of this type of email you should report the email to Action Fraud, the UK's national fraud and cyber crime reporting centre: www.actionfraud.police.uk
If you do make a report please provide as much detail as you can about the email and any effects it has had on your computer. Additionally if your Anti-Virus software detects any issues in relation to this email please provide us with the details.

(1st April 2016)


SCAMWATCH

(Computer Active)
www.computeractive.co.uk

In each edition, the Computer Active magazine publish small snippet warnings of scams experienced by their readers. The initials shown within the brackets are those of the Computer Active reader
The website link shown within these articles have been abbreviated by Computer Active to "snipca" followed by a reference number, around 15 characters. As readers know, some links (URL's) seem to go on forever.
-------------------------
WINDOWS 10 UPGRADE SCAM
(October 2015, AS)
I got a phone call from a foreign sounding person who said he was from Microsoft and that the Windows licenc on my PC had expired. I said "which computer?". He asked "how many hae you got?" "Three", I said - an Apple Mac, a PC I built and a clone of that on my Mac. This baffled him and he repeated that I should upgrade to Windows 10 now. I told him I will upgrade when move of the bugs have been fixed. He then became aggressive and said he would shut down my PC. He then hung up. It's a scam that Microsoft are aware of :
www.snipca.com/18129
-----------------------
YET ANOTHER TALKTALK SCAM
(November 2015, AFS)
I want to alert readers of a phone scam aimed at TalkTalk customers. You are told your router is causing security problems. They ask you to visit a website, from where they can remotely use your PC. They then say you're due a £200 refund, and take you to what appears to be your online bank, where it seems they refunded £5,000 to your account. By way of apologising for this mistake, they promise you a further £100, by asking you to refund them only £4,700. You are told to post the money in cash to an address in China.
-----------------------
NOT FOOLED BY "OCADO" SCAM
November 2015, PC)
My Husband got an email from "Ocado customer services" - the address was "@ocado.com" and the subject line was "Your receipt for today's Ocado delivery". It said the receipt for todays delivery is attached and that goods would be delivered between 10 and 11. We have started ordering groceries online, but didn't open the attachment. The scam was plausible : correct punctuation, no spelling mistakes and believable email address. After a little research, it seems clicking the attachment downloads Dridex, which steals your bank account details.
uaware note : clicking on a link in an unsolicited email is foolhardy. No security software regardless of provenance and star rating is 100% secure.
-----------------------
PAYPAL SCAM LOOKS GENUINE
(December 2015, LH)
I was almost caught out by a PayPal scam which I think is new. I received an email that looked professional and error free. I had no reason to believe it wasn't from PayPal. It told me that there had been unusual activity on my accoun, and suggested I update my profile. With all the high-profile hacks recently, including TalkTalk, I instantly thought "oh no", and clicked the link, which sent me to a "profile update" page. It was only when they asked for credit card details that it dawned on me that it was probably a scam. I found evidence of it online : www.snipca.com/18586
-----------------------
FOOLED BY FAKE iTUNES INVOICE
(December 2015, RC)
I bought my first iPhone a few months ago, which was probably why I was targeted by an Apple related email scam. The email from "iTunes Store" contains an invoice for £42.99 for an app I'd apparently paid for, a sat nav tool called TomTom Western Europe. But I'd never pay that much for an app. It's a clever scam because you urgently feel the need to click the "iTunes Payment Cancellation Form" link at the bottom of the invoice. I did this, and was asked for my bank details. It became obvious at that point that it was a scam.
uaware note : Even clicking on a link could download malicious software to your computer.
------------------------
"VIRGIN MEDIA" BILLING SCAM
(January 2016, DJ)
In early Dececmber, I received a scam email. It was apparently from "Virgin Media", and the subject line was "Your Virgin Media billing details are incomplete". I am a Virgin Media customer, so I thought at first it was genuine. It asked me to click a link to update my billing information, but I moved my mouse over the senders email address, and that revealed the true source (cedbeens.com). I found evidence of the scam on the Virgin''s Community forums : www.snipca.com/19012
Virgin Media customers can report scams at : http://netreport.virginmedia.com

-------------------------
HAS BT SENT ME A SIM CARD ?
(January 2016, EP)
I received two emails purportedly from BT with the subject line "You,ve got a BT delivery soon". They said that BT had sent me a "Standard / Micro SIM" that would arrive in the "Next couple of days". But they got my address wrong - I don't live in Dundee ! And I hadn't ordered a new SIM card. I phoned BT to check that this had not been set against my account. It confirmed that I hadn't ordered a SIM card. Fortunately, I did not click the links in the email. They were very convincing, and even had a warning about phishing scams at the bottom.
-------------------------
WILL BT SUSPEND MY BROADBAND
(February 2016, JD)
In January, I got a call from someone purporting to to be from BT. He quoted my BT account number and said that other people were using my broadband without my knowledge. He said that BT would suspend my broadband for 72 hours, and send a technician to my house. I told him it was a scam and hung up. Worringly the account number he gave me was correct. Bt confirmed to me that the call hadn't come from them, but they didn't seem concerned about this apparent breach of security involving their customer account details.
--------------------------
"SECURITY UPGRADES" BANKING SCAM
(February 2016, MK)
In January, I received a scam that appears to be a new twist on the bank-phishing emails. Rather than saying " Your account has been compromised", it said that my account had had security upgrades applied. It came from "NatWest", though the address was "weekly@sendgrid.net". It said that the updates meant I now had "even better control and greater peace of mind". It urged me to "try these new features" and there was a link at the bottom stating "Get Started", but hovering my mouse over it showed that it did not go to a NatWest site.
--------------------------
AMAZON £10 GIFT "TOO GOOD TO BE TRUE
(March 2016, MO'R)
I recently recieved an email that proved the old saying that if something sounds too good to be true, then it probably is. The email said that it was from Amazon's "member support" and said that I had been specially selected for a chance to win £10 for answering a quick survey. I suspected a scam straight away, and found the evidence online at Malwarebytes' blog : www.snipca.com/19879 . Apparently clicking the link in the email led to a page that asked for your credit card details and bank account number.
--------------------------
DON'T CLAIM COMPENSATION FOR MICROSOFT SCAM
(March 2016, MW)
A couple of years ago I was targeted by those phone scammers who pretend to be from Microsoft. I got an email promising me compensation for the scam. The email originator was
"uk.govdepartment-refund" and an organisation called the "ALL Competition and Consumer Commission". I Googled this and realised it was another scam (more info at www.snipca.com/19592). So scammers are trying to trick people into claiming compensation for distress caused by other scammers! Unbelievable ! We need tougher laws to catch them.
--------------------------
EE CUSTOMERS BEWARE OF CREDIT CARD SCAM
(March 2016, DH)
In February I received a genuine looking email purporting to come from EE. The address was bogus originator was "Account Services" the subject line read "Your EE broadband account - your credit card is about to expire". It told me that because my credit card needed to be renewed, I should click the link provided. My details in the email were correct, but knowing my credit card was not due to expire I checked with EE and they told me it was a scam. There's more information from EE about email scams at www.snipca.com/19661 .
uaware note : I would have been more concerned that the bogus email having "correct" details of mine. This could indicate that the computer had been corrupted by banking malware.
--------------------------
(1st April 2016)


FAMILY CONNED PENSIONERS OUT OF SAVINGS
(The Times, dated 17th March 2016 author Simon de Bruxelles)
www.thetimes.co.uk [Option 1]

A family of fraudsters posing as bank officials conned more tan 40 pensioners out of their life savings and spent the money on expensive cars, watches and holidays, a court has been told.

From its base, a newsagents in Glasgow, the gang telephoned victims claiming that thee was concern about possible fraudulent activity on their bank accounts.
The family raked in £1.3 million from 42 victims. It was spent on Rolex watches, trips to Dubai to buy gold, and Lamborghini, Ferrari and Mercedes cars. They boasted of defrauding "losers" in Whatsapp messages and exchanged photographs of newspaper reports about people they had tricked.
Bristol Crown Court heard that one of their victims had transferred £84,000 to an account controlled by the fraudsters after being tricked into believing that the call was genuine. The gang member had asked the victim to ring their banks fraud team but stayed on the linehad been able to intercept the call.
The scam was believed to be one of the biggest examples of "voice phishing" in the UK.
The gang were caught when one member ignored instructions to use an untraceable mobile and not a landline and made a call from the telephone behind the counter in the family's news agents, Stravanan Off Sales, in Crosshill, Glasgow.
Four cousins admitted conspiracy to commit fraud by false representation at seperate hearings at Bristol Crown Court last year. One of the accused admitted concealing, disguising, transferring or converting criminal property.
The family, called thousands of people using dozens of phones over the course of a year. When police raided the six bedroom family home in Glasgow they found 41 mobile phones and 57 sim cards. The court heard that their victims details had been passed on by a call centre worker who was the girl friend on one of the accused. She admitted encouraging or assisting indictable offences.
The Mother of two of the accused, was charged with possessing criminal property after raid on her home during which £100,000 was found in her bedroom. She denies any knowledge of the fraud.
Rupert Lowe, for the prosecution said: " The declared income of the family was extremely modest but thy had the trappings of very significant wealth. They hired Ferraris and Lamborghinis and purchased a Mercedes in cash, which was sitting in their drive. They bought expensive watches, jewellery and designer bags, indulged in high value gambling and travelling and purchased a house in Dubai.
He added:" The effect on the people they targeted was extremely grave".
One victim, lost £84,00 after receiving a call from a "Christopher McDonald in 2014. Another victim, transferred £15,400 of his savings after receiving a call from a man posing as a fraud investigator. The court heard that the fraudsters raked in £300,000 in November 2014 alone. The trial continues for one of the accused. The other defendants who have already pleaded guilty will be sentenced together at the end of the trial.

How phone scams work

The Independent Banking Advisory Service says phone scamming netted as estimated £23.9 million last year. The con artists pretend to be calling from th police, a bank or computer company. they suggest that the individual has suffered fraud and ask for information, such as card details or a PIN code, to access their account. Some ask victims to transfer money, withdraw cash or hand over a bank card to a courier.
They suggest that the victim phones their banks fraud line but intercept the call by keeping the line open. The IBAS says banks will never ask for personal details or request individuals to withdraw or transfer money.

(1st April 2016)

 


IF NATWEST TEXTS YOU ABOUT ONLINE BANKING FRAUD, DON'T CLICK THE LINK

(The Register, dated 4th March 2016 author John Leyden)

Full article [Option 1]:
British customers of the NatWest bank should be on their guard against a particularly convincing SMS-based phishing scam, Action Fraud warns.
The spoofed texts being sent out by fraudsters "could catch you out if it appears in an existing message thread," the UK's national fraud & cyber reporting centre advised on Wednesday.
The Register reader Nicholas was among those targeted by the link-containing message. He was concerned that fraudsters had managed to get their hands on his mobile phone number in the first place.
"I have received two text alerts from NatWest, coming in from their 'official' SMS number, advising me that there has been 'unusual activity on my on-line banking account' and advising me to log into my account," Nicholas told The Register.
"I am concerned how the fraudsters can spoof the text alerts to a valid NatWest telephone number and also how they have managed to get my own mobile phone number."

(1st April 2016)


FEBRUARY 2016 UPDATE


BUSINESSES ACROSS THE UK BEING EXTORTED
(Action Fraud, dated 2nd March 2016)


Action Fraud has received several reports in the last 24 hours from businesses who have been sent online extortion demands from scammers threatening a cyber attack.

The scammers, who call themselves the "RepKiller Team", have been sending emails to businesses across the UK demanding payment of between £300-£500 in Bitcoins by a certain date and time.

If the demands are not met, the team have threatened to launch a cyber attack against the businesses and their reputation by automating hundreds of negative reviews online.

The emails also claim that once actions have started, they cannot be undone. Although these scammers are currently calling themselves "RepKiller", it is common for fraudsters to continually change and adopt new tactics - email names can be made and changed easily.

What to do if you receive one of these emails?
•Whether the attack is attempted or successful, you should report it to Action Fraud on 0300 123 2040 or by using our online reporting tool
•Do not pay the demand. There is no guarantee the scammers won't launch an attack and could encourage further extortion demands in the future.

•Retain all the original emails. Should law enforcement investigate, the information contained within the email headers can be used as evidence.

•Maintain a timeline of the attack recording all times, type and content of contact.

(3rd March 2016)

 


NEW BREED OF PHONE SCAMS HOOK UK CUSTOMERS
(International Business Times, dated 2nd March 2016 author Graham Lanktree)

Full article [Option 1]:

The death threats Simon Woodhead has been receiving all seem sincere. People want revenge. Woodhead has been the target of a fast-growing number of angry UK phone customers who are victims of voice phishing, or "vishing" - a form of telephone fraud where scammers pose as an insurance company or bank representative to seize financial information and defraud their victims.

"I've had a number of experiences with angry mobs," said Woodhead, CEO of Simwood, a UK telecoms company, "from people threatening to come around and kill me one Christmas, through to people posting my personal details and those of charities I'm involved with online."
It might sound like a classic swindle, but these scammers now cover their tracks with an advanced phone hacking technique called "spoofing" whereby they obscure their identity by hijacking another caller's ID.

The terms are reminiscent of Dr Seuss, but spoofing in combination with vishing is "a growing problem in the UK," a spokesperson for communications regulator Ofcom told IBTimes UK.
Due to the technical sophistication of this new breed of scam, however, it's nearly impossible for authorities to catch the cybercriminals behind it. Through late 2015 and early 2016 thousands of phone customers in the UK have experienced a barrage of spoofed caller ID vishing calls.

The Big Vish

According to Action Fraud, the UK's national fraud reporting centre, UK phone customers were scammed of £23.9 million by vishing ploys from December 2013 to December 2014. That's a big jump from £7m the previous year.

Where all this money is going remains a mystery, although in 2015 proceeds from some of these scams in London were traced to jihadist groups, including Isis.

Woodhead is certainly not benefiting. His company Simwood, a telecoms wholesaler that runs the networks for major retail phone companies on the scale of BT, TalkTalk and Three, is itself a spoofing victim. Angry customers trying to call their scammers back find themselves connected instead with Simwood, and hear a message explaining the number has been spoofed.

"The disguised calls are often routed via the internet and/or a number of different international networks," said Ofcom's spokesperson. This exacerbates the problem, making it nearly impossible to trace the cybercriminals. And even when they can be traced, they are often found in another country, far from the reach of UK law.

Many who receive scam calls take to online forums and social media to warn others. "Just had cold call from 'Action Claims Bureau' asking about accident I haven't had," wrote John Hyde, deputy news editor for the Law Society Gazette, on Twitter last November, noting the message was an obvious attempt at vishing and "totally unacceptable".
"Asked me if I had been involved in a car accident that was not my fault," wrote user Chris on the forum whocalls.me.uk last November, referring to the same 'Action Claims Bureau' vishing scam. "I asked who reported it and she hung up." Other forums that gathered similar complaints about the group include who-called.co.uk, tellows.co.uk, telspy.org and a host of others. They show thousands of searches from customers for the offending numbers.

Action Fraud's online fraud reporting tool is where customers should report vishing. But the tool doesn't provide a searchable database of numbers to avoid, or a forum where users can share their experiences.
 

Deep Sea Vishing

The volume of spoofed vishing calls in the UK is unknown. Ofcom suspects many are coming from overseas. Even the extent of complaints about vishing is difficult to determine.

Action Fraud, for instance, recorded more than 5,000 vishing crime reports between April 2014 and March 2015. But the UK's Information Commissioner's Office (ICO) does not separate out vishing-specific complaints from the 14,343 complaints about nuisance calls it receives on average each month.

Action Fraud has estimated a quarter of people in the UK are at risk of vishing scams. It's simply a question of volume: perpetrators can place millions of calls a day using digital dialing technology.

Woodhead wants more to be done to educate the public about the dangers of vishing. In 2013 Simwood responded to a parliamentary report investigating what could be done about the swell of phone fraud.

Public awareness "that people cannot trust the caller ID that appears on their phone isn't there at the moment," Woodhead said.

In a number of cases, he added, retail phone companies have given victims "our name as the perpetrator, [denying] that the call origin can be spoofed".

One particular victim sticks in his mind. Woodhead recalls a 90-year-old woman on oxygen tanks who was "transferred to my direct line by BT with no introduction." She was in floods of tears, he said, "because she had to keep rushing to the phone to get what was a pointless call, undergoing significant medical disruption to do so."

More than 50% of vishing fraud affects seniors over 65.

A Hard Vish To Catch

According to Woodhead, the current investigative process used by Ofcom and the ICO doesn't focus on the origin of the calls, but rather who owns or operates the spoofed number.

"So you have a scenario where a complete third party is making calls with a falsified caller ID," he said, "and the whole investigation process trundles on in completely the wrong direction."

But regulators are increasingly working to bring nuisance callers to justice. Fines for nuisance calls increased dramatically in 2015. A company called National Advice Clinic was fined £850,000 - the highest financial penalty yet for nuisance calls - in late 2015.

However, developing the ability to trace spoofed numbers remains a challenge. Last year Ofcom placed 30 traces on spoofed calls using a brand-new investigation process. But it was able to identify the source of the calls in just 10 of those cases.

The findings, published in December 2015 in an Ofcom and ICO annual review, also show the ICO made only one successful trace last year.

Last April regulators rallied the likes of BT, TalkTalk, Virgin Media, Sky, Vodafone, Telefonica/O2, and four others to put in place better tracking mechanisms.

Still "call tracing is not always successful, for a number of reasons," said Ofcom's spokesperson. "For example, communications providers outside of the UK may not be responsive to call-tracing requests."

New technical standards on internet traffic that would thwart number spoofing is in the works at the global Internet Engineering Task Force (IETF). But this will require global agreements between standards bodies, equipment vendors and communications providers, and "may take a number of years," according to Ofcom.

So for now, Woodhead says, "this is a real issue that really hurts people," and in which "we are powerless to intervene".

(3rd March 2016)
 

 



GOOD CITIZEN AWARD SCAM
(Action Fraud, dated 22nd February 2016)


Action Fraud has been receiving reports of an advanced fee fraud whereby suspects phone a member of the public and claim to be calling on behalf of the UK (or British) Government Grant Department.

They go on to state that the individual has won a Good Citizen Award - of typically £8,000 - and that the grant can be released for a fee (of around £210).

Fortunately, very few members of the public have lost any money as a result of this scam but have reported to Action Fraud in order to help build a picture of this fraud and protect others from falling victim to it.

Protect yourself:
- There is no genuine 'Good Citizen Award' scheme in the UK that operates by cold calling "winners" and asking for an upfront fee to release a grant.

- If you receive a call that claims to represent such a scheme, it is a scam. End the phone call - do not give out any personal or financial data.

If you, or anyone you know, have been affected by this fraud or any other scam, report it to Action Fraud by calling 0300 123 2040 or visiting www.actionfraud.police.uk.

(1st March 2016)
 

 


PROTECT YOURSELF FROM BOGUS WEBSITES
(Action Fraud, dated 19th February 2016)


This is an update to a previous alert sent from Action Fraud in November 2015.

Fraudsters are setting up high specification websites advertising various electrical goods and domestic appliances. These goods are below market value and do not exist. The website will state you can pay via card; however when the purchaser goes to pay, this option is not available and the payment must be made via bank transfer.

The fraudster entices the purchaser and reassures them it is a legitimate purchase by using the widely recognised Trusted Shop Trustmark. They then use the Trustmark fraudulently and provide a link on the bogus electrical website to another bogus website (which purports to be Trusted Shops). This website shows a fake certificate purporting to be from Trusted Shops and provides thousands of reviews for the bogus electrical website. These reviews are all fraudulent. The website has not been certified by Trusted Shops and therefore the purchaser is not covered by the Trusted Shop money-back guarantee.

Protect yourself:

- Check the authenticity of the website before making any purchases. Conduct a 'Whois' search on the website which will identify when the website has been created- Be wary of newly formed domains. You can conduct this search using the following website - https://who.is/

- Conduct online research in relation to the website, company name and the business address provided to identify any poor feedback or possible irregularities.

- Check the Trusted Shops Facebook page where warnings about websites using their Trustmark are published. If you are in doubt about the legitimacy of a Trustmark then you can contact Trusted Shops on 0203 364 5906 or by email service@trustedshops.co.uk. They will confirm whether they have certified that website.

- Payments made via bank transfer are not protected should you not receive the item. Therefore always try to make the payment via PayPal or a credit card where you have some payment cover should you not receive your product.

- If the item advertised seems too good to be true, then it probably is.

If you, or anyone you know, have been affected by this fraud or any other scam, report it to Action Fraud by calling 0300 123 2040 or visiting www.actionfraud.police.uk.

(1st March 2016)

 


TALKTALK CONFESSES : SCAMMERS HAVE DATA ABOUT OUR ENGINEERS VISITS TO YOUR HOME
(The Register, dated 8th February 2016 author Kat Hall)


Full article [Option 1]:

A number of TalkTalk customers have had their maintenance visits data breached by fraudsters in an attempt to gain remote access of their computers, it has emerged.

One customer, Chris, told The Register that a week after the cyber attack was reported he experienced some issues with his broadband, so TalkTalk sent an engineer round. "The day after this visit my partner received a call from someone claiming to be from TalkTalk, who knew the engineer's name, and exactly what she and the engineer had discussed the previous day."

The caller - purporting to be from TalkTalk - then told the customer to download TeamViewer software, which was used to try to make a number of money transfers using third-parties' credit card information.

After the customer realised what was happening, he shut down his computer and bought new security software.
He said: "When I challenged TalkTalk to explain how the scam caller knew so many details of our account, the manager suggested the engineer may have passed on our details to a third party.

However, TalkTalk refused to agree to contact or otherwise investigate this engineer."
Chris said he left the company at the end of November 2015 following the "dismal" customer service he experienced over the incident.

According to the BBC Radio 4 programme Money Box yesterday, TalkTalk admitted that criminals have had access to information of its third party engineers' visits.

Two customers told the programme they had received calls from scammers who knew details of their recent engineers' visits and account reference numbers. One woman had £300 taken from her PayPal account, which her bank was able to refund.
In a statement TalkTalk admitted to receiving complaints about this happening from a "small number" of customers.

It said the issue has been investigated and reported to the Information Commissioner's Office, and it has not received any more complaints about this since the end of 2015.

Money Box noted that in the last four years, TalkTalk has had to admit to four different breaches of data, two directly from the company itself and two others from partners here and in India. The Register has asked TalkTalk for further comment.

At the end of January, TalkTalk said it was considering cutting ties with its Indian call centre provider after three employees at the site were arrested for allegedly scamming customers.

TalkTalk has reported a loss of £60m related to its major hack in October, attributing the write-off to
IT costs and shedding 101,000 customers during its third quarter, according to its latest financial results.

(1st March 2016)

 

 


DATING SCAMS ON THE RISE
(The Telegraph, dated 10th February 2016 author Tara Evans)


Full article [Option 1]:

Hundreds of thousands of people use dating websites and apps to chat and arrange meetings. For many, the dream is that they will lead to life-changing romances and relationships.

But a growing number of fraudsters are targeting those seeking love online.
Nearly one third of daters have been approached by users for financial help, according to recent research by virus software firm Norton.

Many victims are too embarrassed to report crime. But the number of cases that are reported keep growing.

Last year there were 3,363 reported cases of dating fraud, up 2pc on the previous year. The sums lost totalled £24m, according to police figures.

Fraudsters create realistic profiles made up of stolen photographs and fake details before speaking to a target for a number of weeks.
Once they've gained their victim's trust, they ask for money for a range of often emotive reasons.

This was a pattern of crime that became only too real for Karen Beale (not her real name), a 66-year-old, teacher from Cornwall. She spoke to Telegraph Money about how she was conned into transferring tens of thousands of pounds from her savings account to a man she met on a dating website.

Karen - who doesn't wish to disclose her full name but wants to share her story to help prevent others from falling victim - joined a popular dating website in March 2013, newly single after the breakup of a relationship.

She got chatting with a fellow user who quickly encouraged her to move their conversation offline and to the telephone.

He told Karen that he worked in an oil rig and was away for work a lot. He sent her photos purporting to be of him at work with his colleagues. They spoke regularly on the phone.

Eventually, after several weeks of contact he asked Karen if she thought it was a good idea if he invested in oil, just like his supposed colleagues were doing.
A few days later he asked her if she would like to make a contribution to this investment.

Karen says: "I was suspicious but I wanted to believe him. It was like he put a spell on me. The first time he asked me for money I got quite upset but he somehow talked me round."

Karen, who didn't want to reveal the total amount of money that was transferred, said that she deep down she feared or even "knew" that he was "manipulating" her.

In total, their communication went on for a year. It wasn't until he asked her to take a loan out against her house that Karen realised matters had gone too far.
She confronted him via phone and text message and soon after he disappeared from her life, ending communication entirely.
"I didn't want to give up hope in him. When I realised, I felt sick. I felt lonely and abandoned."
"I reported the case to Action Fraud and after the police investigation I was told that they couldn't do anything because I had voluntarily put the money in his bank.
"More should be done to ensure justice is served and these people are caught."

A spokesman for Action Fraud says: "Action Fraud does not have investigation powers.
The reports taken by Action Fraud are sent to the National Fraud Intelligence Bureau (NFIB) who collate and analyse intelligence on fraud.
"It makes the decision to send crimes to law enforcement agencies for investigation, disruption and prevention purposes."
Tony Neate, from Get Safe Online, an organisation offering free safety advice to consumers, says that fraudsters can be hard to spot where emotions are involved.
"As Karen's story highlights, these sort of criminals will do everything they can to convince you that the relationship is real and that you should trust them.
"Often there are doubts on the part of victim, but a bigger part of us wants to feel like this could be the real thing.
"Unfortunately, these criminals are still out there. We hope with the right precautions and advice in place, we can raise awareness of romance fraud and stop people falling victim in the future."

How to avoid online dating scams

Dating expert James Preece shares his tips on avoiding fraudsters:
1. If you're suspicious about a profile report it to the site or app.

2. Do your own detective work - ask them for their full name and look them up on Google and social media.

3. Don't be afraid to question their authenticity - if they are genuine they won't mind you trying to verify them.

4. They may spend months building up a relationship with you and will only ask for money once you're emotionally involved.

5. Ask a friend for advice as they will be able to give you a different perspective.

6. Look out for fake or stolen photos. Use websites like TinEye.com to check if a picture is real. You can also do a reverse image search on Google (by clicking on the camera logo in the search bar and uploading the image) to see if it's a fake.

7. Never give out too much information, such as your home address, phone number or email.

8. Consider setting up a new email address to use for online dating and perhaps even get a Pay As You Go phone.

Five top tips for staying safe online

Hugh Boyes, a cyber security expert at the Institution of Engineering and Technology (IET) has five top tips for avoiding scams and keeping your personal information safe online.

1. Do not use an account with administrative privileges for normal day-to-day activities and web browsing - accounts with lower privileges warn you if a program tries to install software or modify computer settings thus allowing you to decide whether the proposed action is safe.
2. Ensure that your operating system and application software is up-to-date and install anti-malware software.
3. Take care when downloading and installing software, if it is free or is not from a well-recognised and trustworthy brand there is a risk that the software may include features that spy on you.
4. Treat emails containing attachments or hyperlinks (particularly shortened links) with caution.
5. Use your common sense - if an email offer looks too good to be true, the prices on a website are abnormally low or you receive an unsolicited telephone call offering computer support, it's probably a scam.

(1st March 2016)
 

 



 

JANUARY 2016


ADVICE FOR FLOOD VICTIMS - BOGUS TRADES PEOPLE
(Action Fraud, dated 5th February 2016)


In December 2015 the UK was hit by three severe storms resulting in widespread flooding across the North of England and Scotland.

The NFIB would like to make flood victims aware of the possible threat that Rogue Traders and Bogus Trades People pose to them. Buying on your doorstep can be convenient. However, a salesman who uses clever tactics can pressurise you into buying something you actually don't want or something that's poor value for money.

Protect yourself against bogus trades people fraud
- Always ask for identification before letting anyone you don't know into your house.
- Check credentials, including a permanent business address and landline telephone number. The mobile phone numbers given on business cards are often pay-as-you-go numbers which are virtually impossible to trace.
- Take control by asking the questions. Ask for references from previous customers or to see examples of their work.
- Don't sign on the spot - shop around. Get at least three written quotes to make sure you're not being ripped off.
- If in any doubt, ask the person to leave or call the Citizens Advice consumer helpline on
03454 04 05 06.

If you do decide to buy:
- Always get any agreement you make in writing.
- Beware when filling in forms or when speaking to the salesperson, and ensure you don't reveal confidential details that a fraudster could use to assume your identity or take control of your finances. This may allow a fraudster to steal money from your account or order goods and services in your name.
- Usually, you have a seven-day cooling off period. So if you decide to cancel the contract, act fast.
- Think very carefully about having any work done or goods delivered during the cooling off period. You may have to pay, even if you change your mind.
- Never pay for work before it has been completed, and only then if you are happy with it.

If you believe that you have been a victim of fraud you can report it online http://www.actionfraud.police.uk/report_fraud or by telephone 0300 123 2040.

(5th February 2016)

 


YOUR PACKAGE HAS BEEN SEIZED - ROYAL MAIL SCAM EMAIL
(Action Fraud, dated 1st February 2016)


Fraudsters are sending out virus infected emails that claim a package has been seized by HM Revenue & Customs upon arrival into the United Kingdom. The official looking scam emails claiming to be from Royal Mail contain a link to a document which will install malicious software on your computer designed to steal credentials like account names, email addresses and passwords.

An example email reads:
-----------------------
Title: Your parcel has been seized
Royal Mail is sorry to inform you that a package addressed to you was seized by HM Revenue & Customs upon arrival into the United Kingdom.
A close inspection deemed your items as counterfeit and the manufacturers have been notified. If your items are declared genuine then they will be returned back to you with the appropriate custom charges.
You may have been a victim of counterfeit merchandise and the RM Group UK will notify you on how to get your money back. Please review the attached PDF document for more information.
Document (RM7002137GB).Zip
Please accept our apologies for any inconvenience this may have caused.
-----------------------

To help the spread of the virus, the email also says: "you will need to have access to a computer to download and open the Zip file". If you receive one of these emails, do not click on any links or download any attachments and report it to Action Fraud.

Protect Yourself
- Royal Mail will never send an email asking for credit card numbers or other personal or confidential information.
- Royal Mail will never ask customers to enter information on a page that isn't part of the Royal Mail website.
- Royal Mail will never include attachments unless the email was solicited by a customer e.g. customer has contacted Royal Mail with an enquiry or has signed up for updates from Royal Mail.
- Royal Mail have also stressed that they do not receive a person's email address as part of any home shopping experience.

If you believe that you have been a victim of fraud you can report it online: http://www.actionfraud.police.uk/report_fraud or by telephone: 0300 123 2040

(1st February 2016)

 


TIMESHARE RECOVERY ROOM FRAUD
(Action Fraud, dated 28th January 2016)


The National Fraud Intelligence Bureau (NFIB) is warning people of the dangers of Recovery Room fraudsters targeting former victims of Timeshare fraud.

Recovery Room Fraud refers to a scam whereby fraudsters contact the victims of previous frauds, often by way of cold calling them, and claim to be able to recover previously lost funds. In July 2014 the Financial Services Authority (FSA) estimated that 30% of people who had lost money through Investment fraud would also fall victim to a Recovery Room fraud.

When Recovery Room fraudsters target victims of timeshare frauds they usually claim to be a legal professional or a representative of a government agency (normally within the country where the original timeshare property was based) in order to legitimise the scam. The fraudsters know personal details about the victim and their previous investment which gives them credibility. They claim that the advanced fees requested are for 'local taxes' or 'litigation costs' incurred during the recovery of the funds. It is suspected that the persons behind Recovery Room frauds are often the same people involved in the original scams even though these crimes may have occurred years earlier.

Initially, a small fee, typically in the region of £200-400, is requested by the fraudsters which they often claim is refundable as part of a 'no-win no-fee' basis. The fraudsters rely on the victims seeing this as a nominal fee compared to the amounts lost, which often run into the tens-of-thousands of pounds, and therefore worth paying if it facilitates the return of their money. Once paid, various excuses are made by the fraudsters to explain delays in the recovery of the funds. Subsequently, further larger amounts are then requested by the fraudsters. Needless to say, no refunds ever materialise and no money is ever recovered.  
 
Protect Yourself

- Never respond to unsolicited phone calls - if in doubt, hang up.
- Always check that the details of the organisation or company contacting you (such as website, address and phone number) are correct - the fraudsters may be masquerading as a legitimate organisation.
- Don't be fooled by a professional looking website as nowadays the cost of creating a professional website is easily affordable.
- Be wary of any firms or individuals asking for advanced fees.
- Consider seeking independent legal and/or financial advice before making a decision.

If you believe that you have been a victim of fraud you can report it online:

(1st February 2016)
 

 


 


GANGS NETTING MILLIONS FROM HOUSE PURCHASE EMAIL SCAM
(The Telegraph, dated 9th January 2016 authors Robert Mendick and Nicole Blackmore)


Full article [Option 1]:

Organised crime gangs are suspected to have stolen more than £10 million by hacking into the emails of people buying and selling houses.

New figures show 91 victims have reported falling prey to the conveyancing fraud. The rewards for the gangs are potentially huge, with each successful scam worth on average more than £112,000.

The problem is escalating, with latest figures showing fraudsters carrying out two successful conveyancing frauds a week, earning them in the region of £250,000 a week.
Police have admit they have no idea who is behind the frauds but suspect crime syndicates abroad are involved.

The criminals hack into the email chains between sellers and buyers and their solicitors and estate agents. The fraudsters then send an email - usually on the day of sale completion - informing the parties that bank account details have changed at the last minute and that money should be deposited in a different account.

There is no way to tell from the email header that the instruction is fake. The money is then deposited into the specially set-up account then transferred electronically by the fraudsters to bank accounts around the world where it becomes impossible to trace.

The scam was first highlighted by The Telegraph's Money section last year when a couple described how £340,000 for the sale of their flat was transferred by their solicitor into a criminal's account.

The fraudsters had hacked into the email chain and sent an email to the law firm purporting to be from the vendors explaining that they wanted the money transferred into another account.

The National Fraud Intelligence Bureau, which operates the Action Fraud reporting hotline, recorded 91 conveyancing fraud crimes up to last October, the latest month for which figures are available. In September and October alone, 16 cases were reported to Action Fraud - an average of two a week.
"The hit is massive," said Steve Proffitt, deputy head of Action Fraud, "We are getting more and more instances of this. The outcome for the fraudster is tremendous. They can earn £1m on the sale of a house in the south-east."

Police believe the fraudsters use malware that allows them to gain access to individuals' computers as well as those of estate agents and law firms.

(1st February 2016)

 




DECEMBER 2015




THE TWELVE FRAUDS OF CHRISTMAS
(National Fraud Intelligence Bureau, December 2012)
www.nfib.police.uk
 
Christmas is a time for celebration, a time to be with friends and family.

 

Unfortunately it is also a time when fraudsters cash in, using cons old and new to exploit people's good will and ruin their festive period.

This year the National Fraud Intelligence Bureau (NFIB) will be aiming to keep the criminals at bay through 'The Twelve Frauds of Christmas', highlighting fraudulent activities, increasing business and community awareness and providing fraud prevention advice.

The team, based at the City of London Police and working as the central fraud intelligence hub for the UK, have compiled a list of a dozen frauds that they suspect will be repeatedly put into play throughout December.

On the top of the tree is online shopping fraud. Every year more and more of us are searching and buying our gifts over the internet, and every year fraudsters are finding new ways to move our money into their pockets.

Sitting amongst the presents is postal fraud. During the festive period you may receive additional letters and parcels, but not all of them may be for you!

Fraudsters will purchase goods online and then direct them to an innocent person's address. Once an item has been delivered a person wearing official looking clothing will arrive at the door and attempt to take the parcel by stating it has been delivered incorrectly.

Resting on the mantelpiece can be found electronic 'E' cards. More of these will be sent this Christmas than ever before, but there are a few you do not want to open.

The fraudsters email may contain a virus and once activated the file will embed itself in your compute without your knowledge. This malware works inside your computer collecting personal data, financial information, passwords and usernames, all of which will then be sent back to the fraudster.

The NFIB's "Twelve frauds of Christmas" in full for 2012 are:

1. online shopping fraud
2. postal fraud
3. auction fraud
4. holiday fraud
5. electronic 'E' cards
6. ticketing fraud
7. phishing emails
8. social networking
9. cash point fraud
10. voucher fraud
11. card not present fraud
12. mobile payment

By being aware of these cons and scams, you can avoid opening an advent calendar door to fraud this Christmas.

If you feel you have been a victim of these frauds, or any other, you should report to Action Fraud at www.actionfraud.police.uk or 0300 123 2040.

(16th December 2015)



FAKE NUTRIBULLET EXPLODES IN SAFETY TEST AFTER 4 SECONDS
(BBC News, dated 11th December 2015)

 

Full article : www.bbc.co.uk/programmes/p03bvdt6

Over one million people are buying counterfeit electrical products in the UK every year, according to Electrical Safety First.

Steve Curtler, the charity's product safety manager, told the BBC that the products, many of which could be found online, often did "not work" and could be a "potential fire risk, electric shock risk."

To illustrate the dangers, 5 live Investigates went to the TÜV Rheinland laboratory with the charity to test a genuine Nutribullet blender and a fake.

Whilst simulating what would happen if a piece of ice or stone jammed in the blades, the genuine product passed the safety test. However, the fake product exploded after just 4.28 seconds.

Nutribullet's UK distributor, High Street TV, said Nutribullet was independently tested to ensure that it met all UK and European safety regulations. They recommended only purchasing the product direct from approved stockists.

This clip is originally from 5 live Investigates on Sunday 13 December 2015.

(12th December 2015)

 



PHONE SCAMMERS PREYED ON RETIREES VULNERABILITY
(BBC News, dated 10th December 2015 author June Kelly)

 

Full article : www.bbc.co.uk/news/uk-35065128

Four men have been found guilty at the Old Bailey of taking part in a scam targeting pensioners across the south of England.

This was a fraud which preyed upon people's vulnerability and in some cases their frailty and isolation to net a gang what police believe could be more than £1m.

They called more than 3,700 phone numbers as they trawled for victims focusing on the places where people retire - counties like Dorset, Devon and Cornwall.

The victims were in their 70s, 80s and 90s, and the scam was always the same.

Pretending to be police officers, the fraudsters would phone an elderly person's home and lie to them that their bank account was being defrauded and they should call 999 or their bank's fraud department.

What the victim didn't realise was that the fraudsters stayed on the line after they hung up. The elderly people who thought they were reporting crime were in fact speaking to the criminals.

'Very plausible'

Another five members of the gang had already pleaded guilty in relation to the phone scam before the trial started.

The cases of 18 pensioners who suffered losses of £600,000 were put before the jury. But Scotland Yard says there were at least 140 victims in total.

The pensioners were instructed to go to their banks and withdraw or move thousands of pounds of their savings.

The bogus police officers convinced their victims that they had to take possession of their money to check whether it was counterfeit, saying bank staff were involved in the fraud.

One victim, Patricia Burnham, told BBC: News "They were very plausible, very believable and I wanted to do my bit for England. I have to admit that in a funny sort of way it was actually quite exciting 'working for the police'."

So believing she was helping officers with a fraud investigation, Mrs Burnham withdrew a total of a £135,000 from various accounts.

It was as she attempted to make a final withdrawal of £20,000 that the manager of her branch of RBS began asking a lot of questions.

At the same time Mrs Burnham, 73, read a leaflet warning about the "bogus police" scam. That was when she realised she had been duped.

"I said to my husband, 'Oh my God what have I done. I had better ring fraud line and check'. And then the person who answered said 'It's a scam' and I remember saying 'It can't be'.

"I just felt devastated, stupid embarrassed. How could I have been so taken in?"

Landline change

Patricia Burnham's 85-year-old husband, Anthony, who was already very ill, died shortly after.

"I don't think it contributed to his death," she said. "But I just feel very sad that he had this worry and concern at a time when he was very frail and really couldn't cope with what was going on."

Before Mr Burnham's death, his wife had told the gang she had to have her money back, partly because her husband might have to go into a care home.

The gang remained unmoved and the trial heard about their cruelty to other victims:
?One man, suffering from cancer, was instructed to cancel a doctor's appointment and go to his bank immediately to withdraw thousands of pounds
?A female victim broke down in tears during her police interview after she described the relentless nature of the calls
?Another pensioner was informed a grandchild was caught up in the fraud and that was a reason to co-operate.

In an additional callous twist, the victims were instructed that when they handed over their savings, the courier would use the password "Charlie".

The gang told the pensioners to have a plausible story to tell bank staff why they needed such large amounts of cash.

The High Street banks say while they work hard to protect customers from fraud - particularly the elderly and vulnerable - they cannot stop people withdrawing their own money when they say they need it for something specific.

That is why some of the pensioners in the case may struggle to be reimbursed, and police estimate only £18,000 will be recoverable from the gang.

Meanwhile, in the drive to stop the phone scammers, the regulator Ofcom says changes to networks have reduced to a couple of seconds the time the majority of landline phones can now be kept open.

(15th December 2015)

 



 NOVEMBER 2015


FRAUDSTERS TARGET FARMERS IN SOPHISTICATED SCAMS
(The Telegraph, dated 1st December 2015 author Nicole Blackmore)

Full article [Option 1]:

www.telegraph.co.uk/finance/personalfinance/12025322/Fraudsters-target-farmers-in-sophisticated-scams.html

Farmers are being warned to be "extremely wary" of fraudsters who are likely to try to steal European Union grants that are paid to the agricultural sector each December.

Financial Fraud Action UK said farmers should be wary of any suspicious calls, texts or emails.

The Basic Payment Scheme (BPS) is the biggest of the EU's rural grants. Farmers apply once a year, normally in May, and payments begin in December.

Information about the payments, including the recipients' names and the amount paid, is publicly available, meaning criminals are able to directly target victims and make their approaches appear more convincing.

The scammers will typically claim that fraud has been detected on the farmer's bank account and that urgent action is required to safeguard funds. The victim is then persuaded to divulge personal or financial information, or even to transfer money directly into a so-called "safe account".

Some grants are worth hundreds of thousands of pounds and in past years fraudsters have stolen significant sums.

Tony Blake, senior fraud prevention officer at the Dedicated Card & Payment Crime Unit, said criminals were aware of when these annual payments start to arrive and looked for any opportunity to defraud their victims.

"It is vital that farmers, and other recipients of the payment, are alert to these scams and are very wary of any phone calls, texts or emails out of the blue asking for personal or financial information, or to transfer money to another account," he said.

"If you receive such a call or message, hang up and do not reply directly. Instead, wait five minutes [to allow the line to clear] and ring your bank to alert them to the scam, using a phone number that you trust, such as the one from the official website."

Be wary of:

- Any calls, texts or emails purporting to be from your bank, the police, a government body or other organisation asking for personal or financial details, or for you to transfer money

- Cold callers who suggest you hang up the phone to "call the bank yourself". Fraudsters can keep your phone line open for a few minutes by not putting down the receiver at their end

- Any request to check that the number showing on your telephone display matches an organisation's registered telephone number. The display cannot be trusted, as the number showing can be altered by the caller

Remember:

- You will never be asked for your four-digit Pin or your online banking password, or for you to transfer money to a new account for "fraud reasons"

- If you receive a suspicious call, hang up, wait five minutes to clear the line, or where possible use a different phone line, then call your bank or card issuer on its advertised number to report the fraud

Never disclose your:

- Card Pin to anyone, including the bank or police

- Your password or online banking codes

- Personal details, unless you are certain you know who you are talking to.

(1st December 2015)


 


HILTON CONFIRMS HOTEL CREDIT CARD DETAILS STOLEN (Extract)
(The Register, dated 25th November 2015 author John Leyden)

Full article [Option 1]:

www.theregister.co.uk/2015/11/25/hilton_credit_card_breach_confirmed/

Hilton Worldwide has confirmed that malware found its way onto point-of-sale systems that targeted payment card information.

Targeted data included cardholder names, payment card numbers, security codes and expiry dates. Addresses and PINs were not exposed, Hilton concluded, after an investigation that brought in third-party forensics experts, law enforcement and payment card companies.

Hilton omits to say how many or which hotel locations may have been affected by the breach, but is telling customers to review their payment card statements - particularly if they used their cards at a Hilton Worldwide hotel between specified dates (8 November - 5 December 2014 or 21 April - 27 July 2015). The hotel chain is also keeping quiet about the number of people or credit card records exposed at a result of the breach.

(1st December 2015)

PROTECT YOURSELF FROM BOGUS ELECTRICAL WEBSITES
(Action Fraud Alerts, dated 23rd November 2015)
www.actionfraud.police.uk

Fraudsters have set up a high specification website template advertising various electrical goods and domestic appliances. These goods are below market value and do not exist. The fraudsters will request your card details via the website; however the purchaser will then receive an email stating the payment failed and they must pay via bank transfer.

The fraudsters entice the purchaser and reassure them it is a legitimate purchase by using the widely recognised Trusted Shop Trustmark. The fraudsters are using the Trustmark fraudulently and have not been certified by Trusted Shops and therefore the purchaser is not covered by the Trusted Shop money-back guarantee.

Protect yourself:

- Check the authenticity of the websites before making any purchases. Conduct a 'whois' search on the website which will identify when the website has been created, be wary of newly formed domains. You can conduct this search using the following website - https://who.is/.

- Carry out online research in relation to the website, company name and the business address provided to identify any poor feedback or possible irregularities.

- Check the Trusted Shops Facebook page where warnings about websites using their Trustmark are published. If you are in doubt about the legitimacy of a Trustmark then you can contact Trusted Shops on 0203 364 5906 or by email service@trustedshops.co.uk. They will confirm whether they have certified that website.

- Payments made via bank transfer are not protected should you not received the item. Therefore always try to make the payment via PayPal or a credit card where you have some payment cover should you not receive your product.

- If the item advertised seems too good to be true, then it probably is.

If you believe that you have been a victim of fraud you can report it online http://www.actionfraud.police.uk/report_fraud or by telephone 0300 123 2040.

(1st December 2015)

 


ONLINE RETAILERS BRACED FOR BIGGEST CYBERCRIME CHRISTMAS OF ALL TIME
(The Telegraph, dated 12th November 2015 author Rebecca Burn-Callander)

Full article [Option 1]:

www.telegraph.co.uk/finance/newsbysector/retailandconsumer/11988580/Online-retailers-braced-for-biggest-cybercrime-Christmas-of-all-time.html

British retailers will lose millions of pounds to online fraudsters this Christmas, an anti-cybercrime organisation has warned, as hackers continue to ramp up attacks.

Over the past 90 days, ThreatMetrix, which authenticates transactions on behalf of 4,000 customers across the world, has detected 45m attempted attacks against online retailers, a 25pc increase on the previous quarter.

The company, which analyses 1bn transactions each month, has warned that the festive period will attract more attempted hacks than ever before.

Black Friday, which will take place on November 27, and Cyber Monday, on November 30, will be "a particular target for online criminals", it said.

Last year, ThreatMetrix logged 11.4m fraudulent transaction attempts during the holiday shopping period, which runs from Thursday through to Christmas.

This year it has predicted that the number of attempted hacks will double.

The stark warning lands in the wake of several high-profile cyber-attacks on British companies.

Earlier this month, telecoms giant TalkTalk suffered a security breach, which exposed the personal details of more than 150,000 customers.

In October, Vodafone said that nearly 2,000 customer accounts had been accessed by hackers, potentially providing criminals with customers' names, mobile numbers, bank sort codes and the last four digits of their bank accounts.

Earlier this year, hackers bombarded Carphone Warehouse with online traffic as a smokescreen while they stole the personal and banking details of 2.4m people.

"The third quarter yielded record numbers in attack attempts," said Vanita Pandey, senior director, strategy and product marketing at ThreatMetrix.

"The ultimate victims are the consumers whose digital identities are increasingly compromised with each subsequent breaches.

"Cybercriminals don't sleep when it comes to attacks - the majority of the attempts we saw were in the e-commerce space and retailers must stay on their toes when it comes to protecting digital identities during what is sure to be the largest digital season to date for online and mobile transactions."

This new report, which has dubbed the coming festive season as "Cybercriminal Christmas", warned that hackers were using multiple data points to gain access to websites, including account creations, payment transactions and account logins.

While there were 45m attempted attacks on the retail sector alone, the total number of attempts including other industries such as financial services topped 90m.

"There is an ongoing cat and mouse game between cybercriminals and businesses," said ThreatMetrix chief products officer Alisdair Faulkner.

"We are living in a dystopian post-breach world where our trusted and established paradigms are fast changing."

He said that as more consumers access the internet from their mobile devices to make purchases on the move, they are "leaving digital footprints for cybercriminals to exploit".

Cyber crime is now officially the country's most common offence. The Office for National Statistics (ONS) included it in its data for the first time last month, driving up the overall number of crimes in England and Wales by 107pc.

(1st December 2015)


 


FREECYCLE ALERT
(Action Fraud, dated 6th October 2015)

Fraudsters are targeting online advertising platforms where items are acquired for free. The fraudsters will list items on the website and advise any purchasers that they have recently moved from the area they were originally living in and can arrange a courier to dispatch the items for a fee.

The payment requested for this service is usually via Money Transfer such as MoneyGram or Western Union, or an e-money voucher. The items they were promised are not received and any attempts to contact the individual to gain a refund are unsuccessful.

Protect Yourself:

- Stay within the auction guidelines stipulated on the website.
- Ask to view the item in person.
- Be cautions of making advance payments to a stranger via Money Transfer or e-money products.
- If the item advertised seems too good to be true, it probably is.

If you believe that you have been a victim of fraud you can report it online http://www.actionfraud.police.uk/report_fraud or by telephone 0300 123 2040.

(1st December 2015)


FRAIL PENSIONERS TRICKED OUT OF LIFE SAVING BY FAKE POLICE OFFICERS
(The Telegraph, dated 6th November 2015 by Agency)

Full article [Option 1]:

www.telegraph.co.uk/news/uknews/crime/11978897/Frail-pensioners-tricked-out-of-life-saving-by-fake-police-officers.html

A string of frail pensioners were tricked out of more than £600,000 of their life savings by fake police officers who even played on a victim's love for a grandchild as part of the con, a court heard.

Eighteen elderly people from Cornwall, Devon, Dorset, Bedfordshire, London and Kent were phoned up by men pretending to be investigating a fraud at their bank, the Old Bailey heard.

The victims, aged in their 70s, 80s and 90s, were allegedly advised to transfer money or hand over cash for "safekeeping" - when in reality they were being ripped off.

Five young men from north London have gone on trial accused of taking part in the plot to snare as many people as possible in 2014 and 2015.

Prosecutor Kevin Dent said: "We say that these defendants and some others have acted together to commit fraud against mostly elderly people, doing their best to remove from victims as much as they possibly could of their savings.

"All clubbing together to rip off the vulnerable and frail.

"It is difficult to know for sure exactly how extensive this fraud was but at the very least, over £600,000 was obtained from the 18 identified victims with an average age of 83."

The victims would be phoned at home by someone posing as a police officer investigating a fraud on their bank account and in order to safeguard their money, they were advised to either transfer it into an account or withdraw it.

The fake officer might say they had someone in custody who was caught attempting to used a cloned card in a high street store such as Argos.

Mr Dent told the jury: "Can you imagine your alarm on receiving a phone call like that from somebody purporting to be a police officer, saying there is fraud going on in your bank account?

"If you can imagine the alarm you might have, then think about the amount of alarm and distress to somebody considerably older than yourselves, perhaps less robust."

By 2015, the con had moved on to include informing victims there was an "inside job" involving counterfeit money, the court heard.

Mr Dent said that the variety of "tricks" deployed by the conmen included playing on family ties.

One victim was told a grandchild was caught up in the fraud and co-operating with the police was the only way of sorting out that problem, Mr Dent said.

Time and again, the conmen would advise their victims to call 999 or their bank's fraud department to verify the details straight away, but they would not hang up so the elderly people would simply be reconnected.

The prosecutor told jurors: "It's very clever but something very simple and something that was used again and again. A really good con trick."

One victim, an 89-year-old woman, was allegedly conned into transferring £9,000 into the account of one of the accused, who withdrew the cash and "almost immediately" took it into the Hippodrome Casino.

An elderly man lost £113,000 while another lady was tricked out of £130,000, the court heard.

Mr Dent said the fraudsters believed that once the money had been turned into cash it would then be "anonymous" and police would never be able to trace it back to the victims.

But the primary organiser of the fraud, who has already pleaded guilty, was found with a number of cash bands from the same bank branch as one of the victims, jurors were told.

(1st December 2015)

 


SUN USED AS FRONT TO SCAM THOUSANDS OF POUNDS, SAYS NEWSPAPER
(The Guardian, dated 3rd November 2015 author Kevin Rawlinson)

Full article [Option 1]:

www.theguardian.com/media/2015/nov/03/the-sun-used-as-front-scam-thousands-pounds-news-uk

Fraudsters have scammed thousands of pounds out of victims by pretending to be members of staff at the Sun, the paper has said.

More than a dozen people have come forward to say they were approached by someone claiming to be from the paper who offered them the chance to feature in it for a refundable fee, according to the Sun.

Evidence seen by the Guardian suggested the imposter was mimicking a genuine Sun email address and phone number, as well as using a fake name. The paper said it believed that email and phone number spoofing software was being used to create the illusion of credibility.

One victim told the Guardian they were tricked into handing over £1,250 and the Sun said others had reported handing over similar amounts after being targeted by the scammers.

"What made this so shocking and clever was that they called me from the Sun's number and emailed from the Sun's email address," said the victim, who wished to remain anonymous.

A Sun spokesman said: "We have had about 15 [cases] reported to us and, as soon as that has happened, we have referred them to the police." The paper's ombudsman, Philippa Kennedy, said the first case was reported about a month ago and a spokesman added that the latest was brought to its attention last week.

The anonymous victim said they were called from a mobile number by someone who identified themselves as Andrew Davis, a member of staff at the Sun. No such person exists, the Guardian understands. The victim was told that the paper was short of content and on a tight deadline and was, therefore, looking for interview subjects.

They agreed to be interviewed by a freelancer, but said the scammer told them the journalist would not be paid upfront by the paper. In order to cover the cost, they were told, they would need to transfer money to a bank account under a false name. That money would be refunded once the article was given the green light, they were promised.

The victim said they sought assurances that the offer was genuine by asking the fraudster to call back from an office number and email from a Sun address. When both appeared to check out, they agreed to go ahead with the bank transfer.

"He asked me to email him an image of the bank transfer to the writer. I did. He told me she [the freelance journalist] would call me shortly. I waited. I waited. My heart started beating. I called the Sun and, after a second attempt, they finally said there was a scam going on like that and that they were investigating," the victim said.

The Sun said it referred all of the cases it had heard of to Action Fraud, the UK's national fraud and internet crime centre. The body, which is part of City of London police, declined to discuss individual cases.

(1st December 2015)

 



OCTOBER 2015



TALKTALK CYBER ATTACK
(Action Fraud Alert, dated 24th October 2015)

Cyber Attack

 

TalkTalk, the phone and broadband provider, has been the victim of a cyber attack on their website commonly referred to as DDoS - distributed denial of service attack. This has led to hackers accessing TalkTalk's servers and stealing personal data, which could affect over four million customers. It is currently unknown exactly what data has been stolen but TalkTalk has stated that there is a chance that some of the following data could have been accessed:

- Name and addresses
- Dates of birth
- Email addresses
- Telephone numbers
- TalkTalk account information
- Credit card and banking details 
 
Protect yourself

- Be wary of any emails claiming to be from TalkTalk asking for additional information such as passwords even if they are able to tell you specific account details - this could be a phishing email and sent to gain access to your account.

- If you have opened an email attachment please ensure you change the passwords for all your bank, email and online shopping accounts.

- As well as e-mails be wary of any telephone calls claiming to be from TalkTalk that ask for additional information or want to gain remote access to your computer. Again they may tell you specific details about your account. If you get such a call do not give any details, terminate the call, use a separate telephone line/mobile phone and call TalkTalk back on one of their known numbers to ascertain if the call is genuine.

- Monitor your bank accounts for any unusual activity that you believe may be fraudulent.

(1st November 2015)

 



BANKS REFUSING TO REPAY CARD FRAUD BASED ON "A HUNCH"
(The Telegraph, dated 17th September 2015 authors Katie Morley and Nicole Blackmore)

 

Full article [Option 1]:

www.telegraph.co.uk/finance/personalfinance/bank-accounts/11869596/Banks-refusing-to-repay-card-fraud-victims-based-on-a-hunch.html

Banks are refusing to pay compensation to card fraud victims based on nothing more than a "hunch", while others are forced to wait longer than four weeks to get their money back.

An investigation by Which? showed that banks are "inconsistent" when it comes to handling fraud claims.

Its survey of over 3,300 people showed three in five had experienced card fraud. Almost a third of victims were kept waiting for between one and four weeks before they received their money back and 7pc were forced to wait even longer.

Worryingly, banks appear to be refusing compensation to genuine fraud victims.

The financial ombudsman service (FOS) said it upholds one in four complaints relating to fraud and disputed transactions in the customers' favour.

Barclays were ordered to pay up in 56pc of cases, while Santander had to pay in 47pc of complaints.

The FOS said that while it had seen some improvements, in many cases banks have based their decisions "on a hunch", without conducting a full investigation.

Overall, the number of incidents of card fraud rose by 5 per cent to 1.3m in 2014.

Which? executive director Richard Lloyd said: "Banks have a duty to resolve cases of fraud quickly and can only delay a refund if there is suspicion of wrongdoing."

A Barclays spokesman said the bank works "relentlessly to protect our customers' information and funds".

"We are disappointed with our performance and are confident that we will see the position greatly improved in the future - because we must," he said.

"We have significantly improved and will continually review our processes for the speed and accuracy in which we process fraud claims so that our customers are satisfied with the outcome."

- 'Fraudsters hacked emails to my solicitor and stole £340,000 from my property sale'

Encouragingly a quarter of cardholders who were targeted by fraudsters lost nothing because the transactions were blocked by their bank, and 64pc of card victims were reimbursed within a week.

On average victims lost £624 from credit cards and £677 from debit cards.

Katy Worobec, director of Financial Fraud Action UK, said fraud cases can be extremely complex, so it can take time for a full investigation to take place into the specifics of an incident.

"However, banks always endeavour to make the process as fast as possible," she added.

uaware - further information

Financial Fraud Action UK should not be confused with Action Fraud. The former represents the financial institutions on fraud matters. The later is the portal into the Police in respect to fraud.

www.financialfraudaction.org.uk/

(1st November 2015)

 



NINE ARRESTS OVER £60 MILLION BANKING SCAM TARGETTING UK BUSINESSES
(The Register, dated 23rd October 2015 author John Leyden)

 

Full article [Option 1]:

www.theregister.co.uk/2015/10/23/uk_phishing_scam_arrests/

Nine people have been arrested in the UK over an alleged £60m fraud targeting business banking customers.

The gang targeted business banking customers, tricking prospective marks into handing over confidential information over the phone while posing as bank employees.

The voice-based phishing scam was disguised by using technology to disguise (ie, spoof) the numbers called.

Funds from compromised business accounts were transferred to accounts controlled by low-level members of the gang (phishing mules) who took in the money before withdrawing it from ATMs and bank branches. The majority of funds from this cashing-out exercise would be transferred to the masterminds behind the scam, if past cases are any guide.

Following an investigation, police raided 14 addresses in Ilford, Watford, Slough and Scotland, recovering evidence including dongles, SIM cards, mobile phones, laptops and a significant amount of cash.

The operation was led by Metropolitan Police Service's Cyber Crime and Fraud Team, FALCON, and involved a number of other police forces across the country, including Police Scotland, West Yorkshire Police and Greater Manchester Police.

In a statement, Detective Chief Inspector Andy Gould, head of FALCON's Taskforce, explained the mechanism of the scam as well as why many workers might be taken in by what might seem like a fairly obvious attempted fraud.

"These fraudsters gain the trust of their victims by appearing to call from an official bank phone line," DCI Gould. "They sound professional and ask some subtle questions in order to gain the information they need to access the customer's bank account online."

"Customers can protect themselves by always exercising caution when called by someone purporting to be from their bank, even if the number they are ringing from appears to be genuine. Never give out private information such as passwords, parts of passwords, PINs, memorable information or other personal details. If a bank believes your account is being compromised they will act to prevent this without asking for your assistance," he added.

Detectives arrested the seven men and two women on suspicion of conspiracy to defraud and money laundering. All are currently in police custody. Ten people have already been arrested and charged with conspiracy to commit fraud and money laundering offences in connection with the same ongoing investigation.

(1st November 2015)

 



LANCASHIRE POLICE WARN OF MALWARE EMAIL IMPERSONATION SCAM
(The Register, dated 22nd October 2015 author Kat Hall)

 

Full article [Option 1]:

www.theregister.co.uk/2015/10/22/lancashire_police_email_malware_impersonation/

Lancashire Police are warning ordinary folk not to open phishing email purporting to be from them.

Users have apparently been targeted in a "widespread" scam seeking to obtain personal information through a malware attachment.

"If you have opened an email or attachment from us and are now experiencing problems with your computer please follow the following advice," warned the police.

It advised users to run a virus check and quarantine any suspicious items highlighted by your anti-virus software/

"If you are a business user telephone your own IT department for further advice. We are aware of this issue and are working to resolve it, please do not contact us to report it," the police continued said.

In response to the scam, the force switched off its own email server in the process of investigating the issue.

Lancashire promised to provide users with further updates "as soon as possible."

(1st November 2015)

 



POLICE SPAM EMAIL
(Action Fraud, dated 23rd October 2015)

 

There is email in circulation that appears to have been sent from a legitimate Lancashire Constabulary email address. The email appears to come from 'Lyn Whitehead' and is asking the recipient to pay an invoice that is attached to the email.

The email has not been generated from inside the Constabulary or by the Constabulary. This email has not been sent from Lancashire Constabulary. A third party supplier to the Constabulary has had their data breached, as a result of the breach this Lancashire Constabulary email address has been spoofed and used to generate spam to recipients far and wide.

This type of email is commonly referred to as spam, and if you have received it you MUST NOT open it. Instead delete it from your email system to avoid infecting your device.

Protect Yourself:

- Do not click or open unfamiliar links in emails or on websites
- Make sure you install and use up-to-date anti-virus software
- Have a pop-up blocker running in the background of your web browser
- If you have opened the attachment and 'enabled macros' it is very likely that all your personal data will have been breached. You MUST change all your passwords for personal accounts, including your bank accounts.
 
If you believe you have become a victim of this get your device checked over by a professional.

If you think you have been a victim of this type of email you should report it to Action Fraud, the UK's national fraud and cyber crime reporting centre. www.actionfraud.police.uk
 
If you do make a report please provide as much detail as you can about the email and any effects it has had on your computer. Additionally if your Anti-Virus software detects any issues in relation to this email please provide us with the details.
 
More information can be found on Lancashire Constabulary website
http://www.lancashire.police.uk/news/2015/october/email-virus-alert.aspx
You can get more advice on this by visiting the following websites:

The most common Internet Scams are updated on http://www.cyberstreetwise.com/common-scams

(23rd October 2015)

 



PENSION SCAM ALERT - CAPE VERDE
(Action Fraud, dated 21st October 2015) 

 

The National Fraud Intelligence Bureau (NFIB) has been alerted to a pension scam whereby cold callers continue to target members of the public aged 50 to 60 years old to release and transfer their pension early. Suspected firms who advertise and arrange pensions are offering investments in alternative commodities such as hotel developments or property in Cape Verde, and operate as unregulated collective investment schemes.
 
Often, the cold calling 'pension companies' involved are neither regulated nor qualified to give financial advice and classify themselves as a 'trustee', 'consultant' or an 'independent advisor' and offer exceptionally high return rates for investors. 
 
Some victims have signed documents that authorises a limited company to be set up using their personal details, including utilising a Small Self-Administered Scheme (SSAS). Whilst SSAS accounts and limited companies are essential for legitimate schemes, the fact that victims are unaware that this will happen suggests that the scheme may not have been fully explained to them, increasing the likelihood that there may be an element of fraud involved.

Protect yourself:
 
Further advice can be found at:

http://www.fca.org.uk/your-fca/documents/protect-your-pension-pot
http://www.fca.org.uk/consumers/financial-services-products/pensions/protect
http://www.thepensionsregulator.gov.uk/individuals/dangers-of-pension-scams.aspx
 
Ensure that you request that the risks and growth rates are explained and that you fully understand them before transferring your pension
 
Check whether the pension arrangement company is registered with the FCA. Registered companies can be checked using the FCA register online at: https://register.fca.org.uk/
 
Remember that if the offer seems too good to be true, then it generally is
 
If you believe that you have been a victim of fraud you can report it online http://www.actionfraud.police.uk/report_fraud or by telephone 0300 123 2040.

(1st November 2015)

 



COUNCIL TAX SCAM
(Action Fraud, dated 20th October 2015)

 

Fraudsters have been phoning victims telling them that they have been placed in the wrong council tax bracket for a number of years and are entitled to a rebate. They normally say that this rebate should be worth about £7,000. Once the victim is convinced, the fraudster tells them that in order to receive the rebate they will need to pay an administration fee in advance. The payment they ask for varies between £60-£350. The victim provides the details and makes the payment, but then is no longer able to make contact with the person they spoke to on the phone. When they phone their council about the rebate and the fact that they are in the wrong tax bracket, the council will confirm that they know nothing about it and that they have been contacted by fraudsters.

The fraudsters have mainly been targeting both male and female victims who are aged 60 and over and live in the Sussex area, but it is likely that the fraudsters will also start to target victims in other areas.
 
Protect Yourself:

 - Never respond to unsolicited phone calls.
- Your local council won't ever phone out-of-the-blue to discuss a council tax rebate. If you receive a call of this nature, put the phone down straight away.
- No legitimate organisation will ask you to pay an advanced fee in order to receive money, so never give them your card details.
- If you think you have been a victim of fraud, hang up the phone and wait five minutes to clear the line as fraudsters sometimes keep the line open. Then call your bank or card issuer to report the fraud. Where it is possible use a different phone line to make the phone call.

If you believe that you have been a victim of fraud you can report it online http://www.actionfraud.police.uk/report_fraud or by telephone 0300 123 2040.

(1st November 2015)

 



FRAUDSTERS CLAIMING TO BE YOUR BOSS
(The Telegraph, dated 20th October 2015 author Katie Morley)

 

Full article [Option 1]:

www.telegraph.co.uk/finance/personalfinance/borrowing/creditcards/11940527/Latest-scam-fraudsters-claiming-to-be-your-boss.html

Workers are falling for a new email scam in which fraudsters impersonate a senior member of their company to trick them into transferring money, according to police intelligence.

Financial Fraud Action UK has warned that conmen have started carefully targetting individuals by sending them emails which appear to be from their senior colleagues such as the finance director or chief executive.

The ruse is part of a wave of cyber crime to sweep the UK this year.

According to the latest UK crime figures, overall crime in the UK doubled to 11.6 million last year becuase the first time the number included online crimes which totalled 7.6 million.

The sharp rise in the headline figures is due to the inclusion of an estimated for the first time.

The fraudsters use software which manipulates the characteristics of an email, including the sender address, so that it looks genuine. This means the spoof email appears in the recipient's inbox in just the same way as a regular email from the same contact.

The email requests that an urgent payment is made outside of normal procedures, often giving a pressing reason for needing the money, such as the need to secure an important contract.

But the account to which the payment is made is in fact controlled by the fraudster. Upon receipt of the funds, the money is then quickly withdrawn and the victim is unlikely to ever see their money again.

Action Fraud's intelligence also found fraudsters have also hacked the genuine email accounts of senior staff before sending the fraudulent emails.

Criminals use publically available information - such as Facebook, Twitter and Companies House - to gain knowledge of target companies, such as the names of senior staff.

Katy Worobec, director of Financial Fraud Action UK, said: "Fraudsters will do all they can to make these scam emails look genuine, so it's important for businesses to be alert. While an urgent request from the boss might naturally prompt a swift response, it should in fact be a warning sign of a potential scam. That's why it's vital that finance teams carefully check any unusual demands for payment through an alternative method, such as over the phone or face to face, before making the payment."

How to avoid this scam

- Always check any unusual payment requests directly, ideally in person or by telephone, to confirm the instruction is genuine. Do not use contact details from the email.

- Establish a documented internal process for requesting and authorising all payments and be suspicious of any request to make a payment outside of the company's standard process.

- Be cautious about any unexpected emails which request urgent bank transfers, even if the message appears to have originated from someone from your own organisation.

- Ensure email passwords are robust.

- Consider whether the email contains unusual language or is written in different style to other emails from the sender.

(1st November 2015)

 



HOW SAFE ARE YOUR ONLINE SECURITY QUESTIONS ? (Extract)
(Computer Active, dated 10th June 2015)
www.computeractive.co.uk

 

Where were your born ?
What is your Mothers maiden name ?
Who was your first teacher ?

These are the kinds of questions websites often ask you before letting you access your accounts or recover your passwords. They are meant to provide an extra layer of security, but Google says that answering questions to log into accounts is unreliable and unsafe.

A team of researchers at the company recently analysed the login behaviour of hundreds of millions of people, finding that 40 per cent could not remember their answers.

This may seem hard to believe. After all, how can you forget where you were born ? The problem is that with many people, when initially entering the correct answer to the question, try to be clever or witty, in part to make it harder for hackers to guess. So instead of typing "Nuneaton" as the approved answer, for example, they would type "Nun eating". When the time comes to provide it, they've forgotten their coded answer.

The fear that hackers will guess answers has lead to websites asking more obscure questions. But the answers to these are much harder to remember.

Google found that :

- only 76 per cent of people remembered the answer to "Whats your Father's middle name ?".
- only 55 per cent could recall the answer to "What is was your first phone number?",  - Only 22 per cent of people recalled their library card details.
- only nine per cent their frequent flyer number.

Answers that don't change over time are the easiest to remember. Your place of birth remains set forever, but not so your favourite TV show, holiday destination or type of food - Google found that only 53 % of people could remember their favourite food after three months.

Even if you could remember your favourite food, there's a danger that hackers would have beaten you to it. Google claims that people's answers are so predictable that a hacker has a 19.7 per cent chance of guessing the favourite food of an English speaker ("pizza",  apparently). Many people also give the same answer to different questions, as the use the same password for multiple accounts. Google says that hackers carry out "mass guessing attacks" to force their way into people's accounts. Doing this is a lot easier than you think. In 2009,  researchers at the Institute of Electrical and Electronic Engineers guessed about 10 % of answers by using common responses.

Google's solution is to make sure its users never rely solely on answering questions because "it appears next to impossible to find secret questions that are both secure and memorable. Instead, as it outlined in a recent blog, Google will only ask questions "as a last resort" when it can't prove a persons identity by email or text message.

It also advises people to boost their Google security at :

https://myaccount.google.com

by adding a "recovery" phone number and email address.

Doing so will mean you won't have to remember every last detail of your life.

(1st November 2015)



VIRTUAL PICKPOCKETS STEAL MONEY FROM CONTACTLESS BANK CARDS BY BUMPING INTO VICTIMS
(International Business Times, dated 22nd October 2015 author Alistair Charlton)

Full article [Option 1]:

www.ibtimes.co.uk/virtual-pickpockets-steal-money-contactless-bank-cards-by-bumping-into-victims-claims-londoner-1525211

Thieves are stealing money from the contactless bank cards of commuters on busy trains. One victim, who works for a computer security magazine, alleges that a man standing next to him stole £20 from his card through an unauthorised contactless payment.

Roi Perez, the south London-based community manager of SC Magazine, claims a man bumped into the pocket containing his wallet and took the money, which was later refunded by his bank. Such instances have prompted concerned card users to line their wallets with transaction-blocking tin foil.

Telling his story on the magazine's website, Perez said: "When a man slowly bumped into me and my pocket for a bit too long, it took me a second to realise what had just happened. I called my bank and found out that said individual had managed to steal £20 from my account via a contactless card payment; my bank promptly reimbursed me."

Contactless credit and debit cards are now issued as standard by UK banks. They can be used to make payments of up to £30 and are used by simply tapping them against a card reader; no PIN or signature is required. Although it has been previously reported that a person's details can be stolen from a contactless card and used to make payments online, this appears to be the first case of money being taken directly from the card, as it would be in a shop.

An illegal transaction took place on the train'

Clarifying his story to a commenter, Perez said: "The card was not stolen, but an illegal transaction took place in which £20 was deducted from an account via an unauthorised contactless payment which happened on the train."

Even though it seems instances of money being stolen directly from contactless cards are rare, people have taken measures to physically protect themselves. A commenter posting on the blog of security expert Graham Cluley, who wrote about Perez's incident, said: "I shield my contactless cards with foil-lined paper wallets. I got a Transport for London inspector to check he couldn't read my Oyster card through one. I also bought a lined wallet for my passport."

A large number of wallets which claim to block RFID frequencies from reading your bank cards are available online. So-called 'bouncer cards' can also be bought and slipped into a wallet to prevent your cards from being read.

The incident led Perez to investigate how such a theft could be possible. "It got me wondering about what processes a hacker would have to go through to get hold of a 'merchant' account and start processing genuine payments. The card readers are readily available [online]...for £79."

The next step would be moving the stolen money on before the thief is caught. "Someone could be taking money from the account the stolen money goes into, converting it into bitcoins and the money is never to be seen again," said Perez.

IBTimes UK has contacted both Visa and Mastercard to ask if such a theft is possible and will update this story when we get a reply. Visa's press office says it is requesting a comment.

Personal data theft from contactless cards

It was reported by a Which? investigation back in July 2015 that contactless bank cards can be used to steal some of the owner's personal information - enough, in some cases, to make payments online with their card details. In one instance, a researcher with permission lifted the card holder's details from their card and used them to order a £3,000 television.

"By touching volunteers' cards to our card reader, we got enough details to allow us to go on an internet shopping spree," a Which? spokesman said. "With these card details, the contactless transaction limit is irrelevant, because online transactions aren't contactless."

At the time, the UK Cards Association said: "The method shown by Which? is not a new discovery. Instances of fraud on contactless cards are in fact extremely rare, with losses of less than a penny for every £100 spent on contactless - far lower even than overall card fraud."

In this case, the cardholder's name and CCV code on the back of the card were not stolen, but Which? found a "large online shop" which allowed orders to be placed without asking for either.

(1st November 2015)

 




SEPTEMBER 2015

 


 

 

DON'T BE FOOLED
(Womans Weekly, dated 1st September 2015 author Frances Quinn)
www.womansweekly.com

When the government announced that from April, we'd all be able to make up our own minds what to do with our pension caseh, it looked like a good news for savers. And in many ways it was. Instead of being forced to invest in often poor value annuities, we can now do what suits us best with our money - pay off the mortgage, help the kids, splurge on travel, and /or invest it where we want to. Unfortunately, the reforms have turned out to be even better news for scammers, who have suddenly acquired a huge pool of potential targets: thousands of retired or about to retire people with access to pension pots representing a lifetimes worth of savings.

Less than five months since the changes kicked in, reports of pension related scams have tripled. The problem is already so severe that the government, the Ntional Association of Citizens Advice Bureaux and The Pensions Regulator have all warned pensionerholders to be on their guard.

"The People behind pension scams are sophisticated and well-organised," explains Lesley Titcomb, Chief Executive of the Pensions Regulator. "And while we're committed to investigating scams and bringing the people behind them to justice, the chances of recovering money once its been handed over are slim".

What are the scams ?

The scams fall into two main groups. The first, often known as pension liberation schemes, are where companies try to persuade you to release your pension pot before the age of 55.
These were a problem even before the new reforms, but it's thought they've increased, as scammers take advantage of confusion over what the pension reforms mean. You're contacted by by phone, text, or at the door, by someone claiming their firm can help you get the money in your pension out before you're 55. This can be done - but you'll lose over half the money in tax, and usually around a third in fees to them, so essentially you'll be saying goodbye to most of your savings.
Scammers often say they're using a legal loophole, but there isn't one : the only people who can access pension cash before they're 55 without losing more than half to tax are those who are terminally ill, and even they must meet strict rules.

The second set of scams target people who've already taken cash out of their pension, or are in a position to do so. They offer schemes that promise a fantastic return for little risk - anthing from impressive - sounding "bonds" and other financial products to property abroad or investments in wine or land. In fact, your money could end up in schemes that charge high fees and put your "investment" at risk - or in some cases, that they don't even exist.

why do people fall for them ?

We read so much about scams these days that most of us like to thin we wouldn't fall for these kind of tricks. But you don't have to be stupid to be conned : these fraudters are very good at what they do.

They produce glossy brochurs and websites that make their schemes appear convincing, claim to be part of Government programmes, and even use technology that tricks the caller ID on your phone into showing the number of a reputable firm.

They're experts at exploiting fear, too. Many of us worry that our pension pots aren't big enough, and some scammers take advantage of that by claiming that your money won't be enough to support your unless you invest in their scheme. And they operate high-pressure tactics that are designed to prevent victims stopping and thinking what they're doing, such as sending documents by courier for you to sign there and then.

As a result, plenty of intelligent and educated people have been fooled - assuming you never would be is a real gift to the pension scammers.

Protecting Yourself

They may be clever, but as long as keep your wits about you, and you know what to look out for, you cankeep your money safe from the scammers.

It you're aged under 55, ignore any offer to help you get your money early - unless you're terminally ill, it is not possible to do that without losing 55% of it in tax, and there are no loopholes. These schemes are sometimes described as "pension loans", "early pension release", "Pension selling" or "pension liberation", and any of these terms should be viewed as a warning signal.

Beware anyone calling or emailing out of the blue to offer a "pension review" - however credible they sound, its likely to be a scam. In fact, it's safest not to deal with any company that cold-calls you get about your pension. Don't get involved in conversation - these people can be incredibly persuasive if you let them get started. Just say no thanks and put the phone down.

Avoid companies that offer to trace old pensions or obtain State Pension statements for you. You can do that yourself at the Government website - gove.uk.

Don't be fooled by claims that callers are rining on behalf of a Government scheme, such as Pension Wise or the Money Advice Service - these agencies will never cold-call you.

If you're offered an investment that promises high returns and low risk, beware - as any financial adviser will tell you, those two things don't go together. If it sounds too good to be true, it probably is.

Don't be pressured into signing anything before you have had time to think about it, and ideally talked it over with someone you trust. Ifa company puts pressure on you to commit quickly, that's generally a red flag.

Don't be taken in by a glossy brochures and professional-looking websites - they don't mean a thing.

If you're thinking of signing up to something but you're not certain it's legitimate, call THE PENSIONS ADVISORY SERVICE (0300 123 1047), which offers free,independent advice. Their experts are familiar with all the scams and can tell you if you should be worried or not.

(10th October 2015)


 

 

FRAUD IN 2014 - WHAT YOU NEED TO KNOW (Extract)

Full article :

https://www.cifas.org.uk/secure/contentPORT/uploads/documents/External-A5%20Fraudscape%20insert%20LOW%20RES.pdf

With almost 105,500 recorded victims in 2014, Cifas recorded 276,993 frauds in 2014.
The problem of identity crimes cannot be understated. During the past five years, identity crime has fluctuated year on year, but has consistently remained the biggest fraud threat. 2014 sawincreases in all age groups over 21. The average age of an Identity Fraud victim is 46. However the group that has seen the most consistent year-on year rise is young adults, between 21 and 30 years of age. This suggests that as digitally savvy young people enter their twenties and increase their access to financial products, they are increasingly becoming targets.

Anyone can be a victim

The average age of a male victim of impersonation is 45.9 years.
The average age of a female victim of impersonation is 46.2 years.
Overall, a man is impersonated 1.7 time for every time a woman is impersonated.

1. Nearly 277,000 frauds were recorded in 2014: a 25% increase from 2013

This year's report includes data from 245 organisations. There have been considerable
increases yet it is only part of the picture. The UK does not have a single measure for fraud. Without accurate reporting across the UK, it is impossible to get a true sense of the fraud problem. Collating reports of fraud across all 5.4 million organisations and identifying how many of the 60 million plus people in the UK have suffered fraud will be a challenging task, but it is a vital one.

2. Identity crimes remain the biggest challenge, accounting for almost a half of all frauds.

As taking over existing accounts has become more difficult, fraudsters have focused
on using other people's identities to open new ones. Almost 114,000 instances of
Identity Fraud were recorded: representing a 5% increase from 2013 and constituting
41% of all fraud recorded through Cifas in 2014. The need to protect personal data is
stronger than ever.

3. In the internet age, fraud and technology are intimately linked.

With data driven fraud like identity crimes dominating, it is unsurprising that technology played a major role in 2014. While the internet offers a fantastic opportunity for fraudsters to attempt fraud on an industrial scale, technology is also the reason for several successes in preventing fraud. The introduction of enhanced security procedures has made it far more difficult for fraudsters to take over existing accounts - demonstrated by the reduction in Facility Takeover Fraud. In addition, technological enhancements used by organisations have enabled them to record frauds that previously were not able to be recorded - as seen by the increase in Misuse of Facility Fraud.

4. Education and awareness are key in the fight against fraud.

Fraud prevention relies as much upon an individual's awareness as it does upon
technology or an organisation's security. The need for better societal understanding must become a priority for UK plc.

5. Criminals continue to adapt - and fraud looks increasingly organised

The continuing rise in Identity Fraud is further evidence of the increasingly organised nature of fraud. Identity Fraud is an organised business: criminals are setting up operations, obtaining data and either using or selling it, before moving on to use identities to steal money or goods. These crimes are not committed by individuals working in isolation.

6. Prevention works better together

Cross sector approaches work. An estimated £1 billion of fraud was prevented through the Cifas National Fraud Database in 2014. 63% of fraud detected through Cifas systems was identified by matching data across different sectors. These are significant successes and demonstrate the power of a joined-up approach.

About cifas

Cifas aims to make the UK a safer place to do business, by enabling organisations in every sector to prevent fraud and protect the public through the sharing of confirmed fraud data. Cifas has over 300 Members spanning the public and private sectors.

To talk to Cifas about what we do or about the information in this publication, please visit our website at www.cifas.org.uk

Further cifas research : www.cifas.org.uk/research_and_reports

(10th October 2015)

 


 

 

KNOW THE FACTS. STOP THE FRAUD
(British Banking Association)

 

Full article : www.bba.org.uk/landingpage/know-fraud/

Keeping your money safe is your bank's number one priority. That's why they've set up secure procedures to protect you from fraudsters. But these criminals are often sophisticated and their techniques are constantly changing. One such ploy is to pretend they work for the police or your bank.

Dangerous though this is, there are tell-tale requests a fraudster may make that your bank NEVER will. Knowing what these are can ensure you don't fall victim to such as an attack.

8 Things your Bank will never ask you to do

- Call or email to ask you for your full PIN number or any online banking passwords

- Send someone to your home to collect cash, bank cards or anything else

- Ask you to email or text personal or banking information

- Send an email with a link to a page which asks you to enter your online banking log-in details

- Ask you to authorise the transfer of funds to a new account or hand over cash

- Call to advise you to buy  diamonds or land or other commodities

- Ask you to carry out a test transaction online

- Provide banking services through any mobile apps other than the bank's official apps


If you suspect you've become a victim of fraud

- Stop sending money. Tell your bank immediately using the number on their website or other communications.

- Report the fraud to the police through Action Fraud either via the website www.actionfraud.police.uk or by calling 0300 123 2040 (textphone 0300 123 2050).

- If you are the victim of 'share' investment fraud, you should also report it to the Financial Conduct Authority consumer helpline on 0800 111 6768 (freephone).

- Beware of other scams. You are likely to be targeted again, particularly by firms offering to recover funds you have lost.

Further Information

The webpage contains further information about fraud and scam prevention.

(10th October 2015)


 

SCAMWATCH
(Computer Active, 2015 to date, authors various)
www.computeractive.co.uk [Option 1]

Whilst Action Fraud has sent out just over a dozen fraud alerts the readers of the Computer Active magazine has been sending in examples of scams that they have experienced. The magazine has then published these experiences as warnings to other readers.

So starting with the most recent article.

Council Tax rebate ? If only ! (TB - 30th September 2015)

In August I was phoned by a fraudster who said I was entitled to a Council Tax rebate because I'd been placed in the wrong bracket.
Apparently I was eligible for a £7000 windfall. I feigned interest to keep him talking, thinking he would give himself away in the traditional way. Sure enough, he asked fora £350 "admin fee" to process the rebate. A lot of people may fall for this, but I'm a cynical old goat, so I guessed it was a scam. Ilater phoned my council to check, and they confirmed my suspicions. They also said the scam is on the rise - so beware everyone. TB

Targeted by a courier scam (MB - 16th September 2015)

I've almost been caught out in the past by emails claiming to be from couriers. They ask you to confirm your identity so they can deliver a package. I buy a lot of stuff online, so I'm easy prey. The other day I got an email from a courier saying they were collecting a parcel from me. They were pretending to be from a real courier company. The fake email contained PDF's of shipping labels. I was meant to print these and stick them to my parcels. I deleted it. The real courier company knew about the scam.

Fraud refund ? Nope, a scam (HS - 2nd September 2015)

Recently, I got an email claiming to be from Action Fraud saying I could get a refund because a "suspect" had been caught. I was a victim of fraud a few years back, so the email did appear convincing. But the source address of the email was a gmail account; and didn't look right, so I checked with Action Fraud (www.actionfraud.police.uk), and they said they only ever email people using contact@actionfraud.police.uk
They knew about the email scam and also told me that the perpetrators are phoning people from withheld numbers.

Not fooled by Indian Sky scammer (KJH - 19th August 2015)

Recently, we received scam call from 0203 817 446. The female caller has an Indian accent and claims to be from Sky TV. She told us we reported problems with our digibox and account (untrue). She asked for my wife, saying she is the account holder (actually its in my name), thensked for my account details. I called Sky. They said they would never ask for our account over the phone.
They also pointed out that the scam phone number doesn't have enough numbers in to to be legitimate. Their fraud department is investigating.

uaware comment : I hope that this individuals full name was changed before printing as it was unusual and quoted in first and middle name. He also stated that he was the Sky account holder ! It doesn't take much to identify who someone is, their partner and home address, based on these basic details given.

Scammer said my Mac had "100 faults" (BGA - 5th August 2015)

A caller claiming to be from  firm working with Microsoft said I'd added four email accounts to my Windows account that would apparently be used to spread spam emails nd malware in my name. When I told him I don't use a Windows PC, his supervisor intervened and, assuming I used a Mac, claimed OS X Mavericks has more than 100 faults and that I should connect with TeamViewer so he could "fix" my PC. TeamViewer is legitimate software for sharing access to PC's, but is used by scammers to steal bank details. I hung up immediately.

Police threat scared scammer (KJ - 22nd July 2015)

I got phone call from a lady claiming to be from Microsoft. She said they had sent me an update the previous night and asked me to confirm I'd received it. After I said I hadn't she asked me to turn on my PC so she could go through it with me. I said I'd have to speak to my supervisor as I was in an office of the Greater Manchester Police, and I needed permission to switch the computer on. She then apologised for having troubled me and rang off. I have nothing to do with the police, but t've tried this before with scammers and they always end the call.

£72 driving licence con (TC - 24th June 2015)

I needed to renew my driving licence, so I looked online. Top of the search reults was the website www.uklicence services.co.uk, which looks official. It says it "helps" you apply for a replacement. I answered all their questions, but towards the end I started to get suspicious, especially when it requested a payment of £72 by credit card. I deleted all my information and closed the site. I then went to the DVLA site (www.gov.uk/contact-the-dvla), and was given an 0300 number to ring. I gave my details, which the operator confirmed, then I paid only £20.

Son saved me from iTunes scam (EM - 10th June 2015)

I was given an iPad for Christmas (thanks Son !), and have bought many apps for it since. I wonder if thats why I was targeted by scammers recently. They emailed me a receipt for £10.99 for an app I hadn't bought. The email said if I didn't recognise the purchase I should click a link to request a refund. There was something that didn't ring true, so I asked my son about it, and he told me it was a well known scam where criminals ask you for your credit card.

Call blocking scam (TC - 27th May 2015)

In April, I got a call from an Asian sounding woman who said she was from the Telephone Preference Service (TPS). She confirmed my name and address and said I qualified for a new piece of kit that fits between my wall socket and phone to help block nuisance calls. It would cost £1.99 a month. I told her in all th years I've been registered with the TPS it had never prevented a nuisance call, so I don't intend in paying them for not doing their job. The line went dead. Initially, it sounded plausible until she said the kit blocked all nuisance calls.

Unpaid toll road fee scam (AW - 29th April 2015)

I recently received an email regarding an unpaid "toll-road" fee. It said : "Dear AW, You have not paid for driving on a toll road. Please , do not forget to service your debt. You can review the invoice in the attachment. Sincerely, Henry Walters E-ZPass Manager".
The use of my name was interesting, and the toll-road angle is a new one on me. Apart from a few odd words, the email was quite believable (but still obviously a fake, as a toll-road charge would have included my car details). Be warned, though : it seems scammers English is getting better and better.

Fake Facebook friend request (SH - 15th April 2015)

I got an email, purporting to be from Facebook, saying my friend Paul had indicated that I'm his friend. It asked me to accept his request to be a friend, and there were buttons for "Cancel" and "Accept". Paul is an actual friend, but not a Facebook friend, so I knew it was a scam. Worryingly, the email senders knew my name. I clicked "Cancel" and was directed to a website for login. This triggered a "Website of Trust" warning. I emailed Paul, and he'd had a similar email from a mutual friend. We chose not to go further into the website.

Activate your "BT ID" scam emails (ComputerActive team - 15th April 2015 extract)

We recently received a phishing email purporting to be from BT that was one of the most convincing scams we've seen this year. It came from ebilling@bt.com and bypassed our spam filter using the subject line "Activate your BT ID to see your account online". When it arrived in our inbox it contained BT logos and other professional images.

Headlined "Important" : You need to verify your BT ID, the email tries to trik you into clicking a link to confirm your account. The email says you should do this  so you can "go online to see your bills, products and extras, including the BT SmartTalk and BT Sports App".

We could tell it was a spam simply by hovering our cursor over any of the links in the email. This shows you the web address you'll be sent to if you were to click the link. In our case, that was the dubious sounding "susdungo.lv", the suffix means the website is based in Latvia.

If you receive anything like this, forward it to BT at phishing@bt.com

Want a call-blocker ? No thanks (EG - 1st April 2015)

I had a phone call from a firm suggesting that my phone provider wanted to offer me a call-blocker because of all the unwanted calls I had received lately. They said the device would be free, and I'd only have to pay the £1.75 postage costs. The caller knew my name, but never mentioned my phone provider by name. When she asked for my debit-card details to take the £1.75, I hung up. She rang back later but I declined her kind offer. The caller was English and dialling 1471 gave me a number commencing 0113. A seach for the number on Google didn't produce any indication tha this was a known scam number.

Beware Facebook "money mule" requests (CT - 1st April 2015)

I'd like to report a horrible scam that one of my relatives almost fell for. She saw a post on one of the Facebook groups she belongs to, which was asking for people who would "hold" money in their bank account, so it could be sent abroad at a later date. She said it sounded like an easy way to make a bit of cash, and asked me what I thought. I took a look, and immediately realised it was some kind of money laundering scam, you are in effect becoming a money mule. I looked online for more information, and came across this confirmation from ActionFraud.

www.actionfraud.police.uk/news/criminals-using-social-media-to-recruit-victims-as-money-launderers-mar15

Asked to confirm Apple account (GB - 1st April 2015)

On 5th March I received an email from do_not_reply@apple.com signed by the Apple Care Team. It told me that my "Apple Email ID" had been used to buy Enriue Iglesias's album Desperado from iTunes on an Apple device not "associated" with me. They wanted me to check whether I'd made the purchase and to confirm my account. It sounded dubious, so I contacted Apple and it turned out that nothing had been charged to my iTunes account. The email would appear to be an attempt to obtain my bank details. I forwarded the email to Apple (via reportphishing@apple.com) for them to deal with.

Fake Tesco Survey (KM - 18th March 2015)

On 14th February I received an email claiming to be from Tesco asking me to complete a customer satisfaction survey. It promised me £100 for doing so, payable into my Tesco ClubCard account. The survey had questions about staff attitudes and store layout. Then the last line asked for my Tesco credit card number and PIN. That rang alarm bells, so I emailed the survey to Tesco's customer services, then  deleted it. Tesco replied to confirm it was a phishing scam. See Tesco's advice on how to spot phishing emails at : www.tesco.com/clubcard/email-security/

Well Spoken "Windows Helpdesk" scammer (KH - 18th February 2015)

I just received a phone call from a very well spoken woman, with a strong Asian accent. She said she was called Jennifer and that she was from "Windows Helpdesk". She told me my licence for my PC had been banned and asked if I could go to their website to get it unblocked. I replied, "As if I'm stupid - I'm using Linux!" But she insisted that my PC would be unstable. The firm clearly isn't that bright because they didn't bock their number. So if you get a call from "Windows Helpdesk" on 09898 931 748, ignore it.

Summoned to appear in a Michigan court (4th February 2015)

I received an email with the subject line "Court attendance notification". It read:" Hereby we inform that you are obliged to come as a defendant to Michigan Court of Appeals on February 15th, 2015 at 11.00am for the hearing of your case of illegal software use". The email said that "personal appearance is compulsory", and was signed by the "court clerk" Ryan Ballard. I felt sre it was a scam. I researched online and found that always reliable Hoax-Slayer have highlighted these emails as a hoax :

www.hoax-slayer.com/court-notice-malware-emails.shtml

Indian scammer pretends to be from TalkTalk (Anon - 21st January 2015)

Late last year I was phond by someone with a strong Indian accent. I thought : here we go again, another scammer claiming to be from Microsoft. But no. He said he was from TalkTalk. That got me interested, because I am a TalkTalk customer. He knew my name, address and account number. It was obviously a con, so I hung up, then checked online to see if anyone else had been targeted. Indeed, some people had reported the scam on TalkTalk forum :

www.talktalkmembers.com/t5/My-Account-Billing/Scam-Phone-Call-Scammer-has-my-TalkTalk-Account-Info/m-p/1508617

Not fooled by £150 email reward (JS - 7th January 2015)

In the spam folder of my Gmail account I recently received an email with the subject line "Last reminder about your £150 - Action Required". It was from someone called Marja Hakkarainen (which I thought was a Finnish name - a search on Google confirmed this). I deleted it instantly because I had never heard the name before. If anyone else get this message, my advice would be to do the same. If you are tempted to open the email, I would suggest doing so on a vitual machine, in case it contains a virus.

(10th October 2015)

 


 

RUGBY WORLD CUP 2015 TICKETS ALERT
(Action Fraud, dated 15th September 2015)

Action Fraud, together with the National Fraud Intelligence Bureau and the City of London Police, are working in partnership with Rugby World Cup 2015 organisers to disrupt those entities seeking to sell Rugby World Cup 2015 tickets without permission from the official provider.

We would like rugby fans and the general public to be aware that they should only purchase tickets from official sources and avoid being scammed.

Purchase tickets from an official source and avoid losing your money.

- England Rugby 2015 Limited ("ER2015") is the organising committee of Rugby World Cup 2015, due to take place in England and Cardiff from 18 September 2015 until 31 October 2015. Rugby World Cup Limited ("RWCL") is the Tournament owner of Rugby World Cup 2015. 
 
- RWCL/ER2015 wants to ensure that the public is not misled, by unauthorised ticket sellers, into believing they have purchased genuine Rugby World Cup 2015 tickets.

Where can you buy official match tickets?

- Tickets for the general public may only be purchased from ER2015 via official website at: https://tickets.rugbyworldcup.com

Where can you buy Official ticket-inclusive hospitality packages?

- These can only be purchased through the official hospitality programme, operated by Rugby Travel & Hospitality Ltd ("RTH") at www.rugbyworldcup.com/hospitality.

Where can you buy Official ticket-inclusive Supporter Tours (i.e. travel packages)?

- RTH has appointed a number of Official Travel Agents ("OTAs") from across the globe to provide official Rugby World Cup ticket-inclusive supporter tours and a list of such OTAs is available at:
http://supportertours.rugbyworldcup.com/travel_agents_list.aspx).

How do you ensure that you are buying Rugby World Cup 2015 match tickets, supporter tours or hospitality packages from an official channel?

- To check whether a company or a certain website is an official Rugby World Cup 2015 channel, use the 'Official Checker' tool which is located at www.rugbyworldcup/buyofficial.

Can you buy official Rugby World Cup 2015 tickets, supporter tours or hospitality packages elsewhere, other than as outlined above?

- There is no guarantee that Rugby World Cup 2015 tickets (and/or ticket inclusive packages) purchased from any source other than RWCL, ER2015, RTH  (or those listed above) are genuine tickets (and/or ticket-inclusive packages).
 
- Fans who purchase tickets and/or ticket-inclusive packages from unauthorised sellers run the risk of paying over the odds for a non-existent ticket, ending up disappointed by not getting to see the match they paid to see, and risk having their personal and credit card details stolen for use in other crimes.

Points to note about unauthorised activity:

- It has been shown from the 2012 Olympics and other major events in the UK that ticket touts are often linked with other forms of criminality.

- The unauthorised sale, or offer for sale, of Rugby World Cup 2015 tickets (and/or ticket-inclusive packages) may constitute an infringement of the Consumer Protection from Unfair Trading Regulations 2008 or Fraud.

- All official Rugby World Cup 2015 tickets are subject to ER2015's ticket terms and conditions, located at: http://www.rugbyworldcup.com/ticketing/t-c

- Tickets are STRICTLY NON-TRANSFERABLE and MUST NOT BE SOLD OR OFFERED, EXPOSED OR MADE AVAILABLE FOR SALE, OR TRANSFERRED OR OTHERWISE DISPOSED. ER2015 reserves the right to cancel without refund any tickets which ER2015 reasonably believes have been or are intended to be resold, offered, exposed or made available for sale, or transferred or otherwise disposed in breach of the ticketing terms and conditions.

- Any person attempting to use Rugby World Cup 2015 tickets which have been resold in breach of the ticket terms and conditions risks being refused entry to or ejected from the relevant match venue.

How do I report unauthorised use of Rugby World Cup assets?

- To report the sale of unauthorised general public tickets, please contact ER2015 at legal@england2015.com.

- To report the sale of counterfeit Rugby World Cup 2015 tickets or the unauthorised sale of ticket-inclusive supporter tour/hospitality packages, please contact rwcrightsprotection@img.com

TICKETS PURCHASED OR OBTAINED FROM ANY OTHER SOURCE SHALL BE VOID AND MAY BE SEIZED OR CANCELLED WITHOUT REFUND OR COMPENSATION.

Please visit the following link to Action Fraud website in order to find out how to avoid being scammed when buying Rugby World Cup 2015 tickets:

http://www.actionfraud.police.uk/news/how-to-avoid-being-scammed-when-buying-rugby-world-cup-2015%20tickets-online-apr15

This is the last Action Fraud alert regarding the Rugby World Cup 2015.

(10th October 2015)

 


 

PARCEL MULE ALERT
(Action Fraud, dated 2nd September 2015)

People are being targeted to become "Parcel Mules" as part of a reshipping scam, which results in them handling stolen goods and losing out financially.
 
Victims are predominantly recruited through job advertisements and dating websites. They are persuaded to have items delivered to their addresses, and to pay for postage before sending the items elsewhere. Victims are contacted through Freelancer websites and invited to become a "Freight Forwarder" as an employment opportunity. The work is advertised as processing packages and forwarding them to clients.
 
The items being delivered have been purchased through fraudulent means, including the use of stolen/fraudulently obtained cards. The items being delivered are often pieces of electrical equipment or high value goods such as trainers, perfume and the latest phones.
 
If you act as a "mule" you are not only handling stolen goods, but also losing out financially. You will not get paid the promised salary and you pay for the postage and delivery of the packages personally. Additionally, you will have provided enough of your personal details to allow identity theft to occur.
 
How To Protect Yourself:              

- Do not agree to receive packages at your address for someone that you do not know and trust.
- Be cautious of unsolicited job offers or opportunities to make easy money.
- When accepting a job offer, verify the company details provided to you and check whether they have been registered in the UK.
- Be wary of someone that you have met only online who asks you to send money or to receive items. Protect your privacy and do not give your personal details to someone that you do not know and trust. 

(10th October 2015)

 

 


 

SOLICITORS WARNED TO BE ON THE LOOK OUT FOR "FRIDAY AFTERNOON FRAUD"
(Scottish Legal News, September 2015)

Full article [Option 1]:

www.scottishlegal.com/2015/09/04/solicitors-warned-to-be-on-look-out-for-friday-afternoon-fraud/

Russian gangs are carrying out elaborate fraud operations targeting solicitors handling property purchases that allow them to steal money on the day of completion.

So-called "Friday afternoon fraud" has risen in the past six weeks to an estimated cost of £50 million.

Solicitors are being conned into depositing money into a different account in house purchase transactions.

The gangsters use a combination of cyber techniques and identity fraud.

In particular they make use of "spear phishing" - sending an email ostensibly from a bank or other organisation known to the target.

A fake fraud protection team usually then phones up from the "bank".

Grant Clemence, from QBE business insurance, speaking to The Times, said the tactics were "sophisticated, organised and often indicate a degree of insider knowledge".

He added:"They call on a Friday afternoon because they know that that's when the solicitor is at their busiest.

"They pose as the bank and tell them there has been fraud on the account.

"The solicitor then gives away enough detail for the fraudsters to empty the account. One firm alone was hit for £1.9 million."

The Solicitors Regulation Authority (SRA) warned in March that it was dealing with four reports a month of lawyers being tricked into handing money to gangsters.

Mr Clemence said at the current rate insurers may not be able to cover losses and buyers may be left in limbo without a way to get their money back.

One seller, Gillian Bridge, 64, was scammed out of £400,000 after fraudsters hacked into her email account, stolen from Attwells Solicitors in Surrey, and contacted the lawyers, pretending to be her.

Attwells said: "Our client had her identity stolen by someone who set up a bank account in her name. That person fraudulently directed us to send funds to that account."

As the SRA imposes an obligation on the solicitors' firm to replace the funds stolen from the client, small firms could be destroyed by the practice.

(10th October 2015)

 


 

RUGBY FANS RIPPED OFF BY GANGS IN WORLD CUP TICKET CON
(London Evening Standard, dated 11th September 2015)

Full article [Option 1]:

www.standard.co.uk/news/crime/rugby-fans-ripped-off-by-gangs-in-world-cup-ticket-con-a2945316.html

Crime gangs with links to the illegal gun trade are ripping off "frightening" numbers of rugby fans by offering World Cup tickets that do not exist, an Evening Standard investigation has found.

With a week to go until the tournament kicks off at Twickenham, it has emerged that criminals are using bogus companies to offer seats at exorbitant prices before appearing to go bust and vanishing with the cash. Police and competition organisers have urged fans to be vigilant, warning that "cold-hearted" criminals are preying on their desperation to get seats.

Crooks based overseas are setting up numerous bogus websites promising tickets which typically they never own, before disappearing with the cash. This is then laundered through overseas banks and through shell companies to obscure the money trail. Experts today said the number of victims involved was "significant" and "frightening", as they admitted being in a virtual "arms race" with touts. They are trying to combat a fraud which is thought to be worth millions.

The Standard has learned that UK police are investigating at least six secondary ticketing websites advertising World Cup seats that are in fact believed to be a scam run by an Irish crime gang based in Marbella and suspected of gun-running.

The websites are part of a larger parent company that went bust a few weeks ago, while four of the websites have now vanished, raising fears they have disappeared with fans' cash.

The parent company is understood to have been owned by a multi-millionaire ticket fraudster who sold it to another "scammer" working for the Irish crime syndicate.

The criminals are said to have used a "willing patsy" in the UK to act as company director and then traded under a shell company registered in Cyprus, funnelling cash through a bank in Mauritius.

The National Fraud Intelligence Bureau has linked the cases and passed them to Essex Police for further investigation. They have so far managed to track down 16 victims and are trying to trace more.

One of the UK's leading anti-ticket fraud experts Reg Walker, of consultants Iridium Security, claimed the Government was "throwing England rugby fans under the bus" by not bringing in specific legislation to ban secondary ticket selling, as exists for football. He said: "You never know the exact true numbers of victims because many are foreign nationals who report the crime in their home country, but it is significant and frightening."

Online brand protection experts MarkMonitor have identified nearly 80,000 unofficial World Cup ticket listings available on various online sites, all of which ship to the UK and Europe. World Cup terms and conditions state that only tickets bought from official channels are valid, and any from unauthorised secondary websites are "void and may be seized or cancelled without refund or compensation", meaning even fans with tickets may be barred from grounds. World Cup final tickets were today also being advertised online for more than 27 times their face value. A pair of seats was being sold on a well-known secondary website for £28,320.00, despite the original cost of one ticket being £515.

Police have also warned that fraudsters are emailing fans falsely claiming they have won tickets for the event, using World Cup names and trademarks, asking them to pay administration fees and submit bank details to receive the tickets.

The six-week tournament is predicted to deliver a £2.5 billion boost to the UK economy. Almost 500,000 foreign visitors are expected to spend £869 million across 11 cities.

Today it emerged that David Spanton, Britain's most infamous tout, was given a nine-month suspended prison sentence and 200 hours of unpaid work for five counts of breaching a serious crime prevention order. He was caught offering World Cup tickets and admitted setting up two new ticketing businesses, secretly transferring cash into one of them from a previously undisclosed bank account in Spain.

The case was heard last October but details have only come to light today. Spanton, 46, the highest-profile scalp of Operation Podium - set up to combat ticket fraud at London 2012 - had been jailed for 22 months in October 2012 over a £3.5 million ticket fraud.

(10th October 2015)

 

 


 

PARKING FIRM UKPC ADMITS FAKING TICKETS TO FINE DRIVERS
(
The Telegraph, dated 11th September 2015 author Agency)

Full article [Option 1]:

www.telegraph.co.uk/news/uknews/crime/11858473/Parking-firm-UKPC-admits-faking-tickets-to-fine-drivers.html

A parking firm in charge of NHS car parks has admitted faking time stamps on tickets to catch out legally-parked drivers.

Dozens of drivers received fines in car parks run by UK Parking Control (UKPC) which is responsible for supermarkets, retail centres and NHS car parks around the country - despite having left the site within the allotted time.

UKPC - which is now at the centre of a probe by the City of London's fraud squad - has now admitted that members of staff, who have since left the firm, exploited a 'loophole' in the firm's photograph system.

The company has now offered full refunds to all customers who were given tickets by staff members now under investigation, even those that it believes may be legitimate.

A spokesman said that the customers affected won't have to apply for refunds and the money will automatically appear in their accounts in the next few days.

However the Uxbridge-based firm refused to confirm how many staff had been dismissed and how widespread the problem was, insisting matters were 'still under investigation'.

Neil Horton claims he parked his car in July for just 15 minutes but still received a fine, despite the car park providing 90 minutes' free parking.

The photographic evidence he received stated that he had left his vehicle for almost two hours, however the images, allegedly two hours apart, show the same car behind Mr Horton's with its boot open on both pictures.

"We regret to confirm that a limited number of pictures of vehicles, at a small number of car parks, have had their timestamp altered by a few of our employees to make it appear as though the vehicles had over-stayed when this was not the case," a statement from UKPC read.

"We have taken this issue extremely seriously and decided that even though a number of the relevant parking charges are likely to have been legitimately issued, we will refund all potentially affected parking charges for over-stays issued by these employees, to ensure that there is no room for error.

"The repayments will be refunded automatically to drivers' bank accounts over the next few days. Disciplinary action is in progress in relation to the relevant employees and therefore our solicitors inform us that we are unable to comment further in that regard.

"We have never before had a problem of this nature, which runs contrary to the normally high standards of our business and the rigorous training of all our staff. We have taken steps to ensure that no further incidents of this nature can occur in the future."

UKPC, which is hired by private landowners to manage parking, was set up in 2004 in Uxbridge and is run by managing director Rupert J Williams. Accounts show the company has an £8.5m turnover.

The MailOnline reported in 2011, the company was taken to court by East Riding of Yorkshire Council in a case which cost the body £41,000. It was found guilty of one count of misleading customers, but acquitted of a further seven counts.

The court case followed complaints from East Riding residents who were issued with fines for either parking over the bay lines or for parking in Tesco for more than the permitted two hours.

That decision was later overturned on appeal.

(10th October 2015)

 

 


 

GENERAL

These e mails are bogus and are just phishing for personal information or to load malicious software. If you receive anything like them, delete it immediately and do not open any attachments. If you are suspicious about activity on your bank or utility accounts, contact your bank direct or service provider using a known telephone number, NOT contact details within the bogus e-mails.


Note : For the purposes of description only, the defintion of "Originator" is the "alias" the fraudsters are making themselves out to be.


Originator : FedEx (quoting a managers name) Subject : Shipping Detail  Content :

Tracking ID : ######
Date : ## March 2013

Dear Client,

Your parcel has arrived at February 6.Courier was unable to deliver the parcel to you at # February (time).

To receive your parcel, please, print this receipt and go to the nearest office.

[Print Receipt]

Best Regards, The FedEx Team.

Comment : Sent to a specified recipient, but cc to others. The link to print problably contains malicious software. E-mail was not associated with FedEX. This is a continuation of a series of bogus e-mails that started in February 2013.
E-mail dated : 17th March 2013
Note 1: A second e-mail was received on 18th March with same format, but with different "managers name".


 

Originator : A hotel  Subject : "A hotel name"  Content :

Dear,
 
Further to our telephone conversation, please find attached confirmation of your booking with us.
 
We would like to thank you for making this reservation and we look forward to greeting you at the "A Hotel" on the ##th March 2013.
 
Yours sincerely,
Duty Manager

Comment : Attachment probably contain malicious software.
E-mail dated : 13th March 2013


 

Originator : {female name}  Subject : Wonderful source of income  Content :


Hello  {recipients name}

I've worked in casinos for ## years.
I've seen thousands of people trying to make money on the roulette tables.

If only they knew that the place to make money on roulette was not in casinos, but online!
Online casinos are built on computer programs, and if you understand the workings of the system, you can beat them.
"One weird trick" made me and hundreds of other people wealthy!

Find out how YOU can do the exact same RIGHT NOW!

Click the link below to discover the roulette system that paid for my house, my vacations, and my childrens' educations!
[ LINK ]

Yours,

{ Female name }

P.S. This method is so easy, a kid could do it! I know because my daughter { Childs name } is making money on this HERSELF!


To unsubscribe from our mailing list [ LINK ]

Comment : This e-mail is trying to play on peoples greed, "money for nothing". Links probably direct to malicious website or worse an application form asking you to provide all of your personal and banking details ; DON'T. There is a series of these e-mails all coming from a female with the same first name, but different Surname.
Series of e-mails first received : 12th March 2013


 

Originator : vodaphone.co.uk  Subject : you have a new picture message  Content :

You have a message from ##########

Comment : Attachment probably contains malicious content.
E-mail dated : 7th March 2013



 

Originator : tax.co.uk  Subject : Tax Refund New Message  Content :


TAX RETURN FOR THE YEAR 2013
RECALCULATION OF YOUR TAX REFUND HMRC 2010-2013

Dear Applicant,

The contents of this email and any attachments are confidential and as applicable, copyright in these is reserved to HM Revenue & Customs. Unless expressly authorised by us, any further dissemination or distribution of this email  or its attachments is prohibited.

If you are not the intended recipient of this email, please reply to inform us that you have received this email in error and then delete it without retaining any copy.

I am sending this email to announce: After the last annual calculation ofyour fiscal activity we have determined that you are eligible to receive a tax refund of ###.## GBP

You have attached the tax return form with the TAX REFUND NUMBER ID: ######,complete the tax return form attached to this message.

After completing the form, please submit the form by clicking the SUBMIT button on form and allow us 5-9 business days in order to process it.

Our head office address can be found on our web site at HM Revenue & Customs: [ Link ]

Sincerely,
HMRC Tax Credit Office

© Copyright 2013, HM Revenue & Customs UK All rights reserved

Comment : Suspicious ;the e-mail states that you should not distribute it further, on that premise you cannot forward it on to your accountant ! Text also states "tax refund of ### GBP"; what other currency would HMRC deal in ? "TAX RETURN
FOR THE YEAR 2013" is also an erroroneous statement.It also appears that e-mail originator does not have a "£" on their keyboard. Attachment probably contain malicious software. Provided link probably directs to malicious website.
E-mail received : 6th March 2013


 

Originator : MMSC-T-Mobile   Subject : T-Mobile MMS message has arrived  Content :

From telephone number : ######

If your can't show pictures click here [Link] to visit our on-line a web address - www.t-mobile.co.uk/pmcollect - where you can look at the picture message (enter your telephone number and the password). It'll only be available online for 14 days, so make sure you save the picture to a computer if you want to keep it.

Comment : Compressed file probably contains malicious software. Link probably directs to website containing malicious software.
E-mail dated : 6th March 2013



 

Originator : Fuel Card Services  Subject : BP Fuel Card E-bill ##### for Account ####  Content :


Please note that this message was sent from an unmonitored mailbox which is unable to accept replies. If you reply to this e-mail your request will not be actioned.

Please find your e-bill  attached.

To manage you account online please click www.@@@@@

If you would like to order more fuel cards please click www.@@@@@@@

If you have any queries, please do not hesitate to contact us.

Regards

Cards Admin.
Fuel Card Services Ltd

T #######
F #######

Supplied according to our terms and conditions. (see www.@@@@@@@).

Please also note that if you cannot open this attachment and are using Outlook Express to view your mail you should select Tools / Options / Security Tab and deselect the option marked "Do not allow attachments to be opened that potentially may be a virus". All of our outgoing mail is fully virus scanned but we recommend this facility is

Comment : Attachment probably contains mailicious software. The links probably direct to a bogus website containing malicious software.
No bonafide organisation would advise you to turn off security software to allow a file to be openned.
E-mail received : 5th March 2013



 

Originator : @tax.co.uk  Subject : Tax Refund New Message Alert  Content :


TAX RETURN FOR THE YEAR 2013
RECALCULATION OF YOUR TAX REFUND
HMRC 2010-2011
Dear Applicant,

The contents of this email and any attachments are confidential and as applicable, copyright in these is reserved to HM Revenue &
Customs.

Unless expressly authorised by us, any further dissemination or distribution of this email or its attachments is prohibited.

If you are not the intended recipient of this email, please reply to inform us that you have received this email in error and then delete it without retaining any copy.

I am sending this email to announce: After the last annual calculation of your fiscal activity we have determined that you are eligible to receive a tax refund of ###.## GBP

You have attached the tax return form with the TAX REFUND NUMBER  ID: ######## , complete the tax return form attached to this message.

After completing the form, please submit the form by clicking the SUBMIT button on form and allow us 5-9 business days in order to process it.

Our head office address can be found on our web site at HM Revenue & Customs: http://www.hmrc.gov.uk

Sincerely,

HMRC Tax Credit Office

© Copyright 2013, HM Revenue & Customs UK All rights reserved


Comment : Compressed attachment is probably malicious software. The comment "barring" you from further distribution is suspicious as it is banning you from discussing / forwarding with an accountant etc.
E-mail received : 4th March 2013



 

Originator : Female name Subject : revolutionary source of income  Content :


Hello #####

I've worked in casinos for ## years.
I've seen thousands of people trying to make money on the roulette tables.

If only they knew that the place to make money on roulette was not in casinos, but online!
Online casinos are built on computer programs, and if you understand the workings of the system, you can beat them.
"One weird trick" made me and hundreds of other people wealthy!

Find out how YOU can do the exact same RIGHT NOW!

Click the link below to discover the roulette system that paid for my house, my vacations, and my childrens' educations!
http:##################

Yours,

Female name

P.S. This method is so easy, a kid could do it! I know because my daughter is making money on this HERSELF!


Comment : Not so much phishing, more of a blantant con with a promise of making easy money. The quoted website either holds malicious software or is just a honey trap for the gullible.
Date e-mail received : 4th March 2013


Originator : Visa Service  Subject : Your credit card has been suspended   Content :

Hello guest Visa Card,

Your credit card is suspended, because we have noticed a problem on your card.

We determined that someone may be using your card without permission. For your protection was have suspended your card. To lift the suspension [ Click here link ] and follow the stated procedure to update credit card.

NOTE : if not completed by {date} we will be forced to suspend.

[Link directing to : getwifi.ru]

Comment : e-mail was meant to be from wichita in USA, but links were directing to websites in Romania and Poland. Link websites are either trying to obtain bank account details and passwords or the facilitate the downloading of malicious software. This e-mail managed to get through a firewall of a IT company !
E-mail dated : 1st March 2013


 

Originator : Vodaphone  Subject : You have a new message  Content :

Sender ###########

Comment : The compressed file probably contains malicious software.
E-mail dated : 21st February 2013



Originator : Turkish Airlines Subject : Turkish Airlines Online Ticket  Content :

 


Dear,
 Thank you for booking online. Thank you for choosing Turkish Airlines.
 You can find your Itinerary in the attached file.

The remainder of the e-mail contained airline "Terms and Conditions" and "reservation code".

Comment : Even though named e-mail recipient, there was no recipient name against the salutation with the content.
The compressed file probably contains malicious software.
E-mail dated : 20th February 2013
Note 1: A second identical (apart from reference number) e-mail was received on same date, but around one hour later.


 

Originator : Cavendish Hotel Subject : Peacock Hotel (Baslow) Ltd payslip Content :

The attached file is your payslip, produced by Sage 50 Payroll in PDF (Adobe
Acrobat) format. To view the payslip you will need Acrobat Reader, available
as a free download.

Comment : It is unlikely that a 4 star hotel chain (Cavendish) would be associated small Best Western hotels which this e-mail aludes to.
The e-mail is attempting to tempt someones curiousity on anothers salary. The attached compressed file probably contains malicious software.
E-mail received : 14th February 2013


 

Originator : Emirates Airline Subject : Your eReceipt Details  Content :

Dear Customer,

Thank you for choosing Emirates!

Please find your E-Ticket attached with this email.

We wish you a pleasant journey!


Regards,

Emirates

Please do not reply to this message using the "reply" address. However, your feedback is important to us.Please click on the link
(Customer Satisfaction Survey)if you would like to provide information regarding your customer service experience today.

If you do not receive your eTickets as a PDF attachment, please check your computer settings or alternatively you can re-print your eTickets online by going to www.emirates.com 'Manage my existing booking' section.

Comment : E-mail sent to single recipient seemingly from an Emirates address. Recipient has stated they have never flown with Emirates or booked any tickets with them. The e-ticket is in the format of a compressed file which probably contains malicious software.
E-mail received : 14th February 2013



Originator : FedEx (quoting a managers name) Subject : Shipping Info  Content :

 

Tracking ID : ######
Date : ## Feb 2013

Dear Client,

Your parcel has arrived at February 6.Courier was unable to deliver the parcel to you at # February (time).

To receive your parcel, please, print this receipt and go to the nearest office.

[Print Receipt]

Best Regards, The FedEx Team.

Comment : Sent to a specified recipient, but cc to others. The "print receipt" button problably downloads malicious software. E-mail was not associated with FedEX.
E-mail dated : 7th February 2013
Note 1: A second e-mail was received on 8th February with same format, but with different "managers name".
Note 2: A third e-mail was received on 12th February with same format, but with different "managers name".
Note 1: A forth e-mail was received on 14th February with same format, but with different "managers name".
Note 3: A fifth e-mail was received on 17th February with same format, but with different "managers name".
Note 4: A sixth e-mail was received on 27th February with same format, but with different "managers name".


 

Originator : general@mmsc.t-mobile  Subject : T-Mobile MMS message has arrived   Content :

From telephone number ############
Password #######

If your can't show pictures click here to visit our on-line a web address - www.t-mobile.co.uk/pmcollect - where you can look at the picture message (enter your telephone number and the password).
It'll only be available online for 14 days, so make sure you save the picture to a computer if you want to keep it.
 

Comment : Attachment probably contains malicious software.
Date received : 23rd January 2013

 


 

Originator : billing@t-mobile   Subject : Billing Information    Content :

Bill date: 15 January 2013
Invoice number: #########
DEC 12
Your last bill amount charged £##.##

Payment received ##/##/13 by Direct Debit - Thank you

Full details you can find in the attached report

Comment : Attachment probably contains malicious software. No recipient name quoted.
Date received : 17th January 2013


 

Originator : Europcar e-invoicing  Subject : Europcar Invoice #####   Content :

Please find your Invoice attached.This is an automated message, please do not reply to this email.Should you require further information,

please contact Europcar UK Customer Services by emailing to CustomerServicesUK {bonafide email address}.Best Regards,Europcar UK LtdCar

hire with great rental deals, holiday offers, and discount UK car rentals. Europcar UK make car hire quick and easy. For latest offers and

promotions please visit us at: europcar.co.uk {bonafide website}

Comment : The "invoice" attachment probably contains malicious software.
Date received : 16th January 2013


 

Originator : First Class Mail Service (FedEx) Subject : Tracking Number (x) xxxxx xxx  Content :

Order : ######
Order date : #####

Dear Customer,

Your parcel has arrived at the post office at [Date] .Our courier was unable to deliver the parcel to you.

To receive your parcel, please, go to the nearest office and show this receipt.

[Link - GET A PRINT RECEIPT]


Comment : Link probably takes you to a malicious website. E-mail was sent from a non FedEx e-mail address. An e-mail bcc was also associated with message and that was to a yahoo address.
Date received : 14th January 2013
Nb1. Second e-mail of a similar nature with attachment received on 20th January with different originating address.
Nb2. Third e-mail of a similar nature with attachment received on 23rd January with different originating address than previous two.
Nb3. Forth e-mail of a similar nature with attachment received on 24th January with different originating address than previous three.


 

Originator : Tesco Bank Subject :                          Content :


Dear Valued Customers,

Tesco Bank is giving you a chance to shop for free at any of our tesco outlets or online by giving out free
tesco vouchers. This offer is only for Tesco Credit Card owners and it will be on until  31st January,2013.

To Qualify, follow the link below and input all the details required

Click here to Register [Link]

After validation, if selected your voucher will be sent via text message or posted to your Mailbox.

Yours sincerely

The Tesco Bank credit card team.


Comment : Link probably directs to a website which contains malicious software. No recipient name quoted.
Date received : 6th January 2013

 


 

Originator : Postal Office 472 (FedEx) Subject : Tracking ID ##########  Content :

Order: ++++  
Order Date: +++++ 
Dear Customer,

Your parcel has arrived at the post office at January 6.Our courier was unable to deliver the parcel to you.

To receive your parcel, please, go to the nearest office and show this receipt.

 
GET & PRINT RECEIPT [Link]
 
 
Best Regards, The FedEx Team. 

Your parcel has arrived at the post office at December 20.Our courier was unable to deliver the parcel to you.

To receive a parcel, please, go to the nearest our office and show this receipt.
 
Comment :
Link probably directs to a website which contains malicious software. E-mail was meant to have been sent from a "Kansas.com" address, extremely unliklely FedEx use this address. No recipient name quoted.
Date received : 10th January 2013


 

Originator : Littlewoods Subject : Changes in your shipping and Email Address Content :

Dear Customer

We observe changes in your shipping address and your email address
We therefore implore you to click My Account Verification [Link]
To confirm your information have not be compromised.

We apologize for any inconvenience
 
Regards,

Littlewoods®
 
©Shop Direct Limited. All Rights Reserved. Shop Direct Home Shopping Limited.
Registered number: 4663281. Registered office: 1st Floor, Skyways House, Speke Road, Speke, Liverpool L70 1AB.

Comment : Link probably directs to a website which contains malicious software. No recipient name quoted. Non Anglo spelling used. Recipient never shopped with Littlewoods.
Date received : 8th January 2013


Originator : Shipping Service (FedEx) Subject : Tracking ID (##) ###-### Content :

Order: +++
Order Date: +++

Dear Customer,

Your parcel has arrived at the post office at December 20.Our courier was unable to deliver the parcel to you.

To receive a parcel, please, go to the nearest our office and show this receipt.
 
Comment : Link probably directs to a website which contains malicious software. E-mail was meant to have been sent from a "columbus.com" address, extremely unliklely FedEx use this address. No recipient name quoted.
Date received : 25th December 2012


 

Originator : HM Revenue & Customs Tax Subject : HMRC Tax Refund  Content :

We have determined that you are eligible to receive a tax refund of 965.50 GBP.

Please submit the tax refund request and allow us 2-3 working days in order to process it.

Please DOWNLOAD to Submit Your Tax Refund Request Via Attachment.

Note : A refund can be delayed a variety of reasons, for example submitting invalid records.

Best Regards
HMRC

Comment : Attachment probably contains malicious software. E-mail was meant to have been sent from a "DirectGov" address, HMRC doesn't use this address. No recipient name quoted.
Date received : 18th December 2012


 

Originator : The Smile Bank  Subject : Restore Access to your Account  Content :

To ensure your protection, Access to your accounts has now been blocked

due to a system error { error code : 0c31e8 }.

To re-gain access,  Proceed via secure attachment file below

Comment : No recipient name quoted. Attachment probably contains malicious software.
Date received : 7th December 2012. Another was received twenty minutes after this bogus e-mail, but quoting another false "smile" address.


 

Originator : RapidFax  Subject : Inbound Fax   Content :

A fax has been received.

MCFID = ######
Time Received = ######
Fax Number = #######
ANI = #######
Number of Pages = ###
CSID = ######
Fax Status Code = Successful


Please do not reply to this email.

RapidFAX Customer Service

Comment : Attachment probably contains malicious software.
Date received : 3rd December 2012


 

Originator : UPS Office Subject : Tracking detail : ####### Content :

FedEx  
   
Order: #######   
Order Date: Monday, ## November 2012
Dear Customer,

Your parcel has arrived at the post office at November 29.Our postrider was unable to deliver the parcel to you.

To receive a parcel, please, go to the nearest our office and show this postal receipt.

 
[GET POSTAL RECEIPT]   
 
Best Regards, The FedEx Team.

Comment : So FedEx are using a UPS e-mail address and are based in San Antonio, Ibiza; I think not. Link probably directs to a bogus website with malicious software.
Date received : 2nd December 2012


 Originator : orange.com Subject : Orange your bill  Content :

your bill
  
Account Number: ######
Bill Date ## Nov 2012
Bill Number ########

This is not a VAT invoice
hello...

Please find detailed summary of your account in the attached file
Total amount due now £##.##
Please ensure we receive payment straightaway. You'll find information about how to pay in the attached file.

© 2012 EVERYTHING EVERYWHERE LIMITED

Comment : Service provider not Orange. Attachment probably contains malicious software.
Date received : 22nd November 2012


 

Originator : HostelBookers.com  Subject : New Booking Ref : +++++ - ++++++  Content :


The 10.00% payment has already been made by the customer.

** The balance of EUR ###.## is payable on arrival.
 
Customers can cancel their reservation free of charge up to 2 days before arrival (local time).
 
If cancelled later or in case of no-show, the total price of the reservation will be charged. It is very important to contact us at least 24 hours prior to arrival by phone or email to confirm the check-in time. The hotel reception is located on Via della Vigna Nuova 9. Check-in should occur between 10:00 and 17:00 at the above address.
 
HB Tips:
It is important that you update your availability on a regular basis. All bookings are confirmed.

The 10.00% payment has been taken for our commission - the balance is payable on arrival.
For full guest details including credit card - login to your backoffice.
We recommend that you send your guest a confirmation.
 
 
Comment : This e-mail was somewhat long winded with paragraphs of terms and conditions (these have been removed for this example ). Attachment probably contains malicious software.
Date received 22nd November 2012, a second e-mail of a similar nature was received one hour later.


 


Originator : Three.co.uk  Subject : Notification - You have received a new MMS  Content :

You have received a MMS from mobile number : **************
 To save this picture, please save attached file.

Copyright 1999-2012 Three.co.uk. All rights reserved.

Comment : No senders address quoted, whats to hide ? Attachment probably contains malicious software.
Date received : 21st November 2012, received 2 hours after previous entry.


 

Originator : Not quoted  Subject : Notification - You have received a new MMS  Content :

You have received a MMS from mobile number : **************
 To save this picture, please save attached file.

Copyright 1999-2012 Three.co.uk. All rights reserved.

Comment : No senders address quoted, whats to hide ? Attachment probably contains malicious software.
Date received : 21st November 2012


 

Originator : Western Union Headquarters Subject : Western Union Agent action needed  Content :

Western Union® AgentPortal
Dear Sir/Madam,

Western Union Headquarters notifies all the agents about urgent changes in the compensation policy and working conditions.
In order to keep the job you need to read the documents and accept the contract attached to this letter.

We are sorry to cause inconvenience. Please do not be slow in making the decision and take the necessary actions as soon as you can.

Thank you,
Western Union Agent Coordination Department

Comment : E-mail was sent from address registered in Japan. Attachment probably contains malicious software.
Date received : 20th November 2012


 



 

Originator : First Class Mail Service Subject : Tracking ID : ##########  Content :

Order No.: ************ Order Date: ###########
   
Dear Customer,

Your parcel has arrived at the post office an November 12.
Our postman was unable to deliver the parcel to your address.
To receive a parcel you must go to the nearest office and show your postal receipt.


Thank you for using our services
 
Comment : Poor English. E-mail address @neworleans.com !
Date received : 20th November 2012


 


 

Originator : mms vodaphone Subject : You have received a new message Content :


You have received a picture message from mobile number +44 #########
To save this picture, please save attached file.

Comment : The mobile number quoted in message was unknown to recipient. The attachment probably contains malicious software. Two messages of this nature received within minutes of each other.
Date received : 20th November 2012


 

 

Originator : Northern Rock Subject : Your Virginmoney statement is available Content :

Your statement is available via attached file

Download file attached to access statement


Comment : No recipients name quoted. Attachment probably contains malicious software.
Date : 17th November 2012



Originator : Virgin Money Subject : Account Notification Content :

 

Dear Customer,

This is an automatic message by the system to let you know that your account has been

Restricted from online banking due to third party log in from an unknown ISP .

Note: Download The Attached File To Lift Restriction.

Virgin Money©.2012

Comment : No named recipient. Attachment probably contains malicious software. The originators e-mail address indicated that the sender maybe registered in Norway, but not necessarily domicile there !
Dated : 16th November 2012


 

Originator : Chase Paymentech  Subject : Merchant Statement  Content :

Attached is your Chase Paymentech electronic Merchant Billing Statement.

If you need assistance, please contact your Account Executive or call Merchant Services at the telephone number listed on your statement.

PLEASE DO NOT RESPOND BY USING REPLY. This email is sent from an unmonitored email address, and your response will not be received by Chase Paymentech.

Chase Paymentech will not be responsible for any liabilities that may result from or relate to any failure or delay caused by Chase Paymentech's or the Merchant's email service or otherwise.  Chase Paymentech recommends that Merchants continue to monitor their statement information regularly.

----------
Learn more about Chase Paymentech Solutions, LLC payment processing services at
chasepaymentech.com

Comment : Attachment probably contains malicious software.
Date : 16th November 2012


 

Originator : Halifax Bank  Subject : Halifax Banking Alert  Content :

Valued Halifax Customer,

We are contacting you to Inform you that we have detected unusual activities in your account

To ensure that your account access has not been compromised, access to your account has been limited.

Your account access will remain limited until you confirm your identity

please follow the link below to resolve

[CLICK HERE]

Thank you
Halifax Bank Plc

Comment : No recipient quoted. Provided link directs to a bogus website that probably contains malicious software.
Date : 10th November 2012


 


Originator : Electronic Payments Association Subject : ACH transaction (ID: ######) was rejected Content :

The ACH transaction (ID: ###########), recently sent from your checking account (by you or any other person), was rejected by the Electronic Payments Association.

Comment : The Electronic Payments Association within the USA would not use a e-mail address associated with a website advertising kitchen remodelling.The attachment probably contains some form of malicious software.
Date : 8th November 2012


 

Originator : paybyphone Subject : Pay by Phone Parking Receipt Content :

Westminster Pay by Phone Parking Receipt

Location: nnnn
License: #######

Description: ##### Street

Start Parking: 2012/11/05 1:35pm
Stop Parking: 2012/11/05 2:35pm
Cost: 33.50 including Service Charge

You can access a full list of all your parking transactions in the attached file

Thank you for using Westminster City Council's Pay by Phone parking
service

Comment : This scam was has been quoted in the London press. The attachment probably contains some form of malicious software.
Date : 7th November 2012; two e-mails received on this date.


 

Originator : Better Business Bureau Subject : Complaint  Content :

The Better Business Bureau has been filed the above mentioned complaint from one of your customers in respect of their business relations with you.

The details of the consumer's concern are contained in enclosed document. Please give attention to this issue and inform us about your opinion as soon as possible.

We kindly ask you to open the COMPLAINT REPORT (attached to this email) to reply on this complaint.

Comment : The originating e-mail was not of the "Better Business Bureau" format as per previous bogus communications. The attachment probably contains some form of malicious software.
Dated : 7th November 2012


 

Originator : Vodafone Subject : You have received a new message Content :

You have received a picture message from mobile number : #############
To save this picture, please save attached file.

Comment : The attachment probably contains some form of malicious software.
Dated : 6th November 201; two e-mail of a similar nature received on this date.


 

Orginator : UPS Subject : UPS delivery information - Error #####  Content :

Comment : Message only consisted of an image that was blocked by my ISP. Images often carry malicious software.
Date : 31st October 2012


 

Originator : Yorkshire Account Subject : Important Message About your Yorkshire Account Content :

Dear Customer

We Observe Multiple Error Logins from your Yorkshire account,

Please do verify your account by clicking [link] prove account ownership .

Thank you for helping us protect you

Yorkshire Building Society

Comment : No recipient name quoted. Link directed to a bogus website which may contain malicious software. Originating e-mail implied it was from a Yorkshire Building Society e-mail.
Dated : 30th October 2012


 

Originator : Ameriprise Financial  Subject : A new Account Statement is available Content :

Review your document
   
A new account statement is available for you to review.

To view your document:

Download attached document
Open with Windows Explorer
 
If you have questions about online document delivery, please call customer service at 800.862.7919.

Thank you for choosing Ameriprise Financial. 

Comment : No recipient name quoted. The attached compressed file probably contains some form of malicious software.
Dated : 29th October 2012


 

Originator : Better Business Bureau  Subject :  Notice Content :

RE Case : #######

Hello,

The Better Business Bureau has been filed the above mentioned complaint from one of your customers in respect of their business relations with you. The details of the consumer's concern are contained in enclosed document.

Please give attention to this issue and inform us about your opinion as soon as possible. We kindly ask you to open the COMPLAINT REPORT (attached to this email) to reply on this complaint.

We are looking forward to your prompt response.

Faithfully yours,


Comment : Obviously from someone that knows the building / location of a organisation in Arlington, Virginia ! The attachment probably contains malicious software.
Date : 25th October 2012; a second e-mail of a similar nature was received on 26th October 2012,



Orginator : NACHA Subject : Direct Deposit Transaction Content :

 

Herewith we are notifying you, that your latest Direct Deposit transaction (###########) was rejected, due to your current Direct Deposit software being out of date.

The detailed information about this matter is available in the attachment.
View attached document using your PDF reader.

Please apply to your financial institution to obtain the necessary updates of the Direct Deposit software.

(c) 2012 NACHA - The Electronic Payments Association

Comment : The USA fund transfer organisation is extremely unlikely to use a private company's e-mail address to send its communication. Attachment probably contains malicious software.
Date : 24th October 2012


 

Originator : Electronic Payments Association Subject : Transfer Report Content :

Herewith we are notifying you, that your latest Direct Deposit transaction (Int. No.190336872852) was rejected, due to your current Direct Deposit software being out of date.

The detailed information about this matter is available in the attachment.
View attached document using your PDF reader.

Please apply to your financial institution to obtain the necessary updates of the Direct Deposit software.

(c) 2012 NACHA - The Electronic Payments Association

Comment : As NACHA is a fund transfer agency within the USA it is extremely unlikely to send its communications via a German e-mail address. The attached file probably contains malicious software.
Date :24th October 2012


 

Orginator : UPS Subject : UPS delivery information - Error #####  Content :

Comment : Message only consisted of an image that was blocked by my ISP. Images often carry malicious software.
Date : 18th October 2012


 


Originator : PayPal Subject : Make PayPal safer, simpler and more convenient  Content :

Hello,

We're constantly working to make PayPal safer, simpler and more convenient for you.
This means that from time to time we make changes to the terms of our User Agreement and other legal agreements to reflect the improvements we make to our service.

We have noticed unauthorized transaction/update on your paypal account. due to this we have your account limited.

What do I need to do?

{Click here to review your account} or  {www.paypal.co.uk}
 
 
If you agree to the changes, you don't need to do anything, any updates will automatically apply to you.

Yours sincerely,

PayPal

Comment : No recipients name quoted. The links did not direct to the PayPal website.
Date : 18th October 2012


 

Originator : BA Subject : BA e-ticket receipt Content :

THIS IS AN AUTOMATED EMAIL - PLEASE DO NOT REPLY AS EMAILS RECEIVED AT THIS ADDRESS WILL BE AUTOMATICALLY DELETED.

Virus checking of emails (including attachments) is the responsibility of the recipient.

This message is private and confidential and may also be legally privileged. If you have received this message in error, please advise the sender and immediately, permanently destroy the document. Please do not read, print, retransmit, store or act in reliance on it or any attachments .....[This e-mail went on for several paragraphs, including booking reference numbers etc]

Comment : The links within the text directed to bonafide BA website pages. The attachment was a compressed file which is probably a malicious file.
Date : 17th October 2012


 

Originator : businessdirect Subject : BT Business Direct Order No. ######### - Notice of delivery Content :
                                                            
Notice of delivery
 
Hi,We're pleased to confirm that we have now accepted and despatched your order on , ## Oct 2012.Unless you chose a next day or other premium delivery service option, then in most cases your order will arrive within 1-3 days.

If we despatched your order via Letterpost, it may take a little longer.***Please note that your order may have shipped in separate boxes and this means that separate consignment numbers may be applicable***We've despatched......using the attached shipment details..CourierRefCarriage method
Royal Mail ######## 1-3 Days
Please note that you will only be able to use this tracking reference...... [This message waffled on for several more paragraphs]

Comment : No recipients name quoted. The originator was quoting the BT company URL, but but BT would not use the salutation "Hi". The remainder of the e-mail consisted of corrupted html coding (internet programming language).
A second e-mail was received a few minute after the first with the same message content where the html coding was not corrupted. This e-mail included an attachment which probably contains malicious software.
Date :16th October 2012


 

Originator : ADPClientServices (ADP are a US data processing house) Subject : Debit Draft  Content :

Your Transaction Report(s) have been uploaded to the web site:

@@@@@@@@

Please note that your bank account will be debited within one banking business day for the amount(s) shown on the report(s).

Please do not respond or reply to this automated e-mail. If you have any questions or comments, please Contact your ADP Benefits Specialist.

Thank You,
ADP Benefit Services

Comment : The link provided has been tampered with does not direct to the ADP website, therefore the destination could be to a file of malicious content on a bogus website.
Date : 12th October 2012


 

This strangely is a quiet period which I suspect is due to university students and the like preparing to return to their studies after vacation.


 

Originator : Vodafone Europe Subject : Vodaphone Europe : Your Account Balance Content :

PLEASE CHECK YOUR ACCOUNT BALANCE IN ATTACHED FILE

Comment : This type of scam is known as a "spike"; the recipients name is quoted. The e-mail encourages you to look at account balance within an attachment, which probably contains malicious software.
Date received : 18th September 2012 (Two e-mails received in similar format )



Originator : National Westminster Bank Subject : NatWest Account Security Notice Content :

 

Dear Customer,

Security machinery at National Westminster Bank has been upgraded to provide customers
with a faster, easier and more efficient online experience.

All customers are required to update their account information.

[Click here to Login] to complete the update process.

Note: Failure to update your information will lead to online service suspension.

Yours sincerely,
Online Customer Service
National Westminster Bank plc

Comment : No recipient name quoted. The provided link DOES NOT direct to a NatWest website.
Date recieved : 18th September 2012


 

Originator : KLM Sales and Service Subject KLM e-Ticket ## Sept  Content :

Booking code: #####
E-ticket issue date: Issued by: KLM SALES & SERVICE CENTER  BACKOFFICE                     

Thank you for choosing KLM E-ticket. This is the itinerary and receipt. If unable to use the e-ticket, if travel

plans change or if you received this document in error, please review full information in the attached file

E-ticket number : #####
Number loyal program : #####
Itinerary Information : see attachment

Receipt

Payment for : 2 passengers
Fare amount : ###
Tax and Carrier Fees : ###
Method of payment : card details provided
(Not recipients)

Comment : This type of scam is known as a "spike"; the recipients name is quoted. The e-mail encourages you to look at the flight details within an attachment, which probably contains malicious software.
Date received : 17th September 2012 (Two e-mails received in similar format, but with different monetary amounts and reference numbers quoted)


 

Originator : NatWest Bank Subject : NatWest Bank Alert : Unauthorized Access on your account Content :

Security Alert?
National Westminster Bank has been receiving complaints from our customers for unauthorised use of the Natwest Online accounts. As a result we periodically review Natwest Online Accounts and temporarily restrict access of those accounts which we think are vunerable to the unauthorised use.

This message has been sent to you from National Westminster Bank because we have noticed invalid login attempts into your account, due to this we are temporarily limiting and restricting your account access until we confirm your identity.

To confirm your identity and remove your account limitation please following the Log in below.
[Link]


Comment : No recipient name quoted. Provided link not NatWest banks, but a website registered in South Africa (.co.za).
Date received : 15th Septembe 2012



 

Originator : NatWest  Subject : Update Alert Content :

Online banking
Please note that Your NatWest online banking account has been flagged, due to recent
changes we have made to our online banking system.

Therefore your access to use our NatWest online banking services has been limited until
you update your account information, [update your account here]
Security advice
Note: This verification will allow us to activate new features to your account on our system.

Comment : No recipient name quoted. Update link does not go to a NatWest website, instead in links to a file on a betting website.
Date received : 12th September 2012


 

Originator : Co-operative Bank Subject : New Co-operative Bank Account Review Content :

Dear Customer,

YOUR ACCOUNT HAS BEEN FLAGGED AS ONE OF THE NUMEROUS ACCOUNTS THAT NEEDS TO BE REVIEWED.
The main reason for this action are:

* Billing / Payment Issues.
* Invalid log on attempts by a suspected third party user.

(Proceed Securely Via Attachment To Resolve This Issue)

Programs and data held on The Co-operative Bank p.l.c. and smile systems are PRIVATE PROPERTY. Unauthorised

access is prohibited and is contrary to the Computer Misuse Act 1990, which may result in criminal offences and a

claim for damages. Customers are reminded to keep their Customer Security Codes confidential and to contact The Co-operative Bank.

Comment : No recipient name quoted. Attachment probably hold malicious content.
E-mail dated : 8th September 2012


 

Originator : Santander UK plc Subject : Existing Santander Customer Notification Content :

Dear Santander Customer,

At Santander, to ensure that your accounts has not been accessed from fraudulent locations,
access to your account has been blocked. Your online account was blocked due to possible errors detected
with your online banking accounts. Restricted accounts will not be able to receive payments,
send payments or withdraw funds.

To update your Santander records proceed securely via attachment below:

Yours sincerely

Santander UK plc

Comments : No recipient name quoted. Attachment probably has malicious content.
Quoted originating e-mail address : online@santander.co.uk
Date received : 1st September 2012


 

Originator : Santander UK plc Subject : Irregular Activity on Your Santander  Content :

Dear Santander Customer, This is a security alert from Santander Online Fraud Prevention about your Card. We identified activity on your account that may be fraudulent and ask you verify the activity immediately. Signing In Thank you for using Santander Online Banking

-------------------------------------------------

Please do not reply to this email. This mailbox is not monitored and you will not receive a response. Thank you for banking with us. Santander UK Plc 2012 All Rights

Comments : No recipient name quoted. No Attachment and no links, but could be deemed as a "warm up" to the email received on 1st September 2012.
Quoted originating e-mail address : do_not_reply@santander.co.uk
Date received : 29th August 2012


 

Originator : Royal Mail Subject : Royal Mail Shipping Advisory  Content :

Royal Mail Group Shipment Advisory

The following 1 piece(s) have been sent via Royal Mail on Mon, 20 Aug 2012 12:49:21 +0200, REF# 7621428157

SHIPMENT CONTENTS: Documents

SHIPPER REFERENCE: PLEASE REFER TO ATTACHED FILE

ADDITIONAL MESSAGE FROM SHIPPER: PLEASE REFER TO ATTACHED FILE


Royal Mail Group Ltd 2012. All rights reserved

Comments : No recipient name quoted. Attachment probably has malicious content.
Quoted originating e-mail address : noreply@royalmail.com
Date received : 20th August 2012
Date received : 21st August 2012



Originator : UPS Quantum View Subject : Delivery Notification UPS (quoting date) Content :

 


This message was sent to you at the request of Kuala Lumpur Kepong Bhd to notify you that the electronic shipment information below has been transmitted to UPS. The physical package(s) may or may not have actually been tendered to UPS for shipment.

Important Delivery Information


---------------------------------------------------
Scheduled Delivery: 15-August-2012


Number of Packages: 1
UPS Service: EXPEDITED
Weight: 92,9 LBS
Tracking Number: 4H44380E2189972648
Invoice Number: ORDER#3227
Purchase Order Number: SUPPLIES


Please refer to attached file


Comments : No recipient name quoted. Attachment probably has malicious content.
Quoted originating e-mail address :
auto-notify@ups.com
Date received : 13th August 2012


 

Originator : DHL Express  Subject : Express Tracking Notification ID ########  Content :


DHL Express
Tracking Notification: Thu, 9 Aug 2012 16:04:37 +0700


----------------------------------------------------------
Custom Reference: #########
Tracking Number: ********
Pickup Date: Thu, 9 Aug 2012
Service: AIR/GROUND
Pieces: 1
--------------------------------------------------------------------------------
 
Thu, 9 Aug 2012 16:04:37 +0700 - Processing complete successfully
PLEASE REFER TO ATTACHED FILE FOR DETAILED INFORMATION.

--------------------------------------------------------------------------------


Shipment status may also be obtained from our Internet site in USA under http://track.dhl-usa.com or Globally under http://www.dhl.com/track
Please do not reply to this email. This is an automated application used only for sending proactive notifications

Thanks in advance,
DHL Express International Inc
.


Comments : No recipient name quoted. Attachment probably has malicious content.
Quoted originating e-mail address : noreply@dhl.com
Date received : 9th August 2012



Originator : www.nationwide.co.uk Subject : Security information - Nationwide  Content :

 

Dear Customer,

To safeguard the security of your accounts you are temporarily unable to access your accounts online.
To continue using our Internet Banking service and for more information on our extra security measures, please proceed below via attached file.

Thank you.
Nationwide Online Security Team.

Nationwide Building Society is authorised and regulated by the Financial Services Authority under registration number 106078. Credit facilities other than regulated mortgages are not regulated by the Financial Services Authority. You can confirm our registration on the FSA's website, www.fsa.gov.uk or by contacting the FSA on 0845 606 1234.


Comments : No recipient name quoted. Attachment probably has malicious content.
Quoted originating e-mail address : updates@nationwide.co.uk
Date received : 8th August 2012


 

Originator : UPS Quantum View Subject : Delivery Notification UPS Content :

This message was sent to you at the request of Farma Koka Nosilja AD Milici to notify you that the electronic shipment information below has been transmitted to UPS. The physical package(s) may or may not have actually been tendered to UPS for shipment.

Important Delivery Information
--------------------------------------------------------------------------------

Scheduled Delivery: 10-August-2012


Number of Packages: 1
UPS Service: EXPEDITED
Weight: 62,0 LBS

 
Tracking Number: #######
Invoice Number: ORDER#*****
Purchase Order Number: SUPPLIES


Please refer to attached file.

Comments : No recipient name quoted. Attachment probably has malicious content.
Quoted originating e-mail address : auto-notify@ups.com
Date received : 8th August 2012



Originator : Booking.com Subject :Reservation [#####] #th August 2012  Content :

 

Hotel Confirmation:
[Londolozi Private Game Reserve] ##### 
Date:  Wed, 8 Aug 2012

--------------------------------------------------------------------------------

Herewith you receive the electronic reservation for your hotel. Please refer to attached file for full details.
--------------------------------------------------------------------------------
Arrival: Friday, August ##, 2012
Departure: Monday, August ##, 2012
Number of rooms: 1 

--------------------------------------------------------------------------------

Sincerely, Customer Service Team
Booking.com
http://www.booking.com

Your Reference ID is: ####

The Booking.com reservation service is free of charge. We do not charge you any booking fees or administration fees, and in many cases rooms offer free cancellation.-Booking.com guarantees the best hotel rates in both cities and regional destinations - ranging from small family hotels to luxury hotels.

----------------------------------------------

Comments : No recipient name quoted. Attachment probably has malicious content.
Quoted originating e-mail address : customer.service@my.booking.com
Date received : 8th August 2012


 

Originator : Booking.com Subject : Reservation (#######) Day, # August 2012 Content :


Hotel Confirmation: [Ritz-Carlton] 3041970 
Date:  Wed, 8 Aug 2012

--------------------------------------------------------------------------------

Herewith you receive the electronic reservation for your hotel. Please refer to attached file for full details.

--------------------------------------------------------------------------------
Arrival: Friday, August ##, 2012
Departure: Monday, August ##, 2012
Number of rooms: 1 

--------------------------------------------------------------------------------

Sincerely, Customer Service Team
Booking.com
http://www.booking.com

Your Reference ID is: #######

The Booking.com reservation service is free of charge. We do not charge you any booking fees or administration fees, and in many cases rooms offer free cancellation.-Booking.com guarantees the best hotel rates in both cities and regional destinations - ranging from small family hotels to luxury hotels.

Comments : No recipient name quoted. Attachment probably has malicious content.
Quoted originating e-mail address : customer.service@my.booking.com
Date received : 8th August 2012


 

Originator : Booking.com Subject : Reservation Confirmation (######)   Date and time quoted Content :

Hotel Confirmation: ********
 
Herewith you receive the electronic reservation for your hotel. Please refer to attached file for full details.


Arrival: August 0~, 2012
Departure: August 0#, 2012
Number of rooms: 1 

--------------------------------------------------------------------------------

Sincerely, Customer Service Team
Booking.com
http://www.booking.com

Your Reference ID is: @@@@@@@

The Booking.com reservation service is free of charge. We do not charge you any booking fees or administration fees, and in many cases rooms offer free cancellation.-Booking.com guarantees the best hotel rates in both cities and regional destinations - ranging from small family hotels to luxury hotels.

Comment : No recipient / customers name quoted anywhere within e-mail. Attached documented itinerary probably holds some form of malicious software.Quoted originating e-mail address : customer.service@my.booking.com
E-mail dated : 3rd August 2012


 

Originator : Ms. Carman L Lapointe Subject : UNITED NATIONS OFFICE OF INTERNATIONAL OVERSIGHT SERVICES Content :

UNITED NATIONS OFFICE OF INTERNATIONAL OVERSIGHT SERVICES
Internal Audit, Monitoring, Consulting And Investigations Division
 
From: Ms.Carman L.Lapointe
 
Dear:
 
This is to inform you that I came to Nigeria yesterday from Canada, after series of complains from the FBI and other Security agencies from Asia, Europe, Oceania, Antarctica, South America and the United States of America respectively, against the Federal Government of Nigeria and the British Government for the rate of scam/fraud activities going on in these two nations.
 
I have met with President Dr.Good Luck Jonathan,President Federal Republic of Nigeria By The Law Makers. Who claimed that he has been trying his best to make sure you receive your fund in your account. Right now, as directed by our secretary general Mr. Ban Ki-Moon, We are working in collaborations with the Nigerian Economic and Financial Crime Commission (EFCC) and have decided to Ensure That Your Approved Fund Legal Papers Is Secured and authorize the Government of Nigeria to effect the payment of your compensation Approved Fund Valid $10. M direct to your Account or We load it into ATM Card and deliver it to you.Approved by both the British government and the UN into your account without any delay.
 
All you need to do is to furnish us a scan copy of your Identification (ID) and your direct cell phone to enable us cross check your information we have in our file here with us at the same time advice you on what to do to receive your fund.
Sincerely, you are a lucky a person. This is because I have just discovered that some top Nigerian and British Government Officials are interested in your fund and they are working in collaboration with One Mr. Richard Graves from USA and Mrs.Inga-Britt Ahlenius the formal.United Nations Under-Secretary-General for Internal Oversight.to frustrate you and thereafter divert your fund into their personal account.
 
I have a very limited time to stay here in Nigeria therefore; I would like you to urgently respond to this message so that I can advise you on how best to confirm your fund in your account within the next 72 hours. For oral discussion, call me on this number which I just acquired in Nigeria today:+234-818-144-0453  or you call my personal assistant herein Nnigeria with his direct line +234-803-487-4282   his name is Mr.Wilson Peter.
 
Sincerely yours.
 
Ms.Carman L. Lapointe.
United Nations Under-Secretary-
General for Internal Oversight.
Email: (
mlapointe736@ymail.com)

Comment : No named recipient. It is extremely unlikely that a such an "esteemed" person would communicate via a ymail e-mail account. Neither would a UN personal assistant communicate via a local land line. Lastly and sadly Nigeria has a reputation for phishing. This actual text has been doing the rounds since December 2011.
Quoted originating e-mail address : mscarman@fine.ocn.ne.jp
E-mail dated : 28th July 2012



 

Originator : Jack Hicks Subject : New Payment through the Intuit network Content :

Payment received: You received $***.00 from Parks Heritage FCU for invoice #####


You can access the payment details here.


Funds will be deposited in your bank account.


You now have the option to get paid by Credit Card on your invoices. To find put more please sign in to your IPN account and click on the 'Profile' tab on the left.

Comment : E-mail sent to multiple recipients, but same invoice number. Links to malicious files on un-associated wesbite.
Quoted originating e-mail address : support@intuit.com
E-mail dated : 16th July 2012


 

Orginator : Dwight Khan (UPS) Subject : Please download and pay your UPS delivery charges Content :

This is an automatically generated email Please do not reply to this email address.

Valued UPS Customer,


New invoice(invoices) are available for viewing in UPS billing center. Do not forget that your UPS invoices

should be paid within 14 days so as not to incur any additional charges.


Please surf to the UPS Billing Center [Link] to view and pay your invoice.

Comment : E-mail sent to multiple recipients. The link directed to a executable file (probably malicious) on a Romanian website not linked to UPS.
Quoted originating e-mail address : USPS_Shipping_Services@usps.com
E-mail dated : 10th July 2012



 

Originator : The Electronic Payments Association Subject : ACH payment canceled Content :

The ACH transfer (ID: 632290239611), recently initiated from your checking account (by you or any other person),

was rejected by the Electronic Payments Association.

Rejected transfer
Transaction ID : ##########
Rejection Reason : See details in the report below
Transaction Report : report.doc (Mircosoft Word Document)

**** Sunrise Valley Drive, Suite ***
Herndon, VA 20***
**** NACHA

Comment : What was declared as a Microsoft Word document was actually a link to a website which may hold malicious content. The subject title was mispelt. An "exclusive" Transaction ID was sent to multiple named recipients. NACH is the bank clearing system within the USA, but the e-mail was sent to UK recipients.
Quoted originating e-mail address : ach@nacha.org
E-mail dated : 5th July 2012

 


 

Originator : Booking.com Subject : Hotel Reservation Details Booking Content :

Booking Confirmation : #########
Dated : 3rd July 2012

Dear,

We have received a reservation for your hotel,
Please refer to attached file now to acknowledge the reservation and see the reservation detail :

[Room reservation details Booking*****.zip]

Comment : The attached compressed (zipped) file was openned in a safe environment and it did have malicious content. No recipients name quoted.
Quoted originating e-mail address : customer.service@booking.com
E-mail dated : 3rd July 2012


 

Originator : Santander UK plc Subject : Existing Santander Customer Notification  Content :

Dear Santander Customer,

At Santander, to ensure that your accounts has not been accessed from fraudulent locations,
access to your account has been blocked. Your online account was blocked due to possible errors detected
with your online banking accounts. Restricted accounts will not be able to receive payments,
send payments or withdraw funds.

To update your Santander records proceed securely via attachment below:

Yours sincerely

Santander UK plc

Comment : The attached compressed file is probably some form of malware. No recipient name was quoted.
Quoted Originating e-mail : support@santander.co.uk
E-mail dated : 26th June 2012


 

Originator : Delta Air Lines Subject : Ticket # 9**** is ready Content :

Dear Customer,

E-TICKET NUMBER / 2 381 344576932 7
SEAT / 28A/ZONE 2
DATE / TIME 16 JULY, 2012, 11:37 AM
ARRIVING / Orville
FORM OF PAYMENT / CC
TOTAL PRICE / 173.59 USD
REF / OB5703 FG / CZ
BAG / 2Piece

Your bought ticket is attached.
You can print your ticket.

Thank you for using our airline company services.
Delta Air Lines.

Comment : The bogus e-ticket is an attached compressed file is probably some form of malware. A recipient name was quoted.
Quoted Originating e-mail : support.5@delta.com
E-mail dated : 25th June 2012


 

Originator : Lloyds TSB Subject : Pending Security Notifications Content :

Dear Customer,

Lloyds TSB  has been receiving complaints from our customers for unauthorised use of the Lloyds TSB Online accounts.
As a result we are making an extra security check on all of our Customers account in order to protect their information from theft and fraud.

Due to this, you are requested to follow the provided attachment below and confirm your Online Banking details for the safety of your Accounts.
However, Failure to do so may result in temporary account suspension. Please understand that this is a security measure
intended to help protect you and your account. Your satisfaction is what weÃÓe all about.

Thanks for your co-operation.

Fraud Prevention Unit
Legal Advisor
Lloyds TSB Team.

Comment : The attached compressed file is probably some form of malware. No recipient name quoted.
Quoted Originating e-mail : enquiry@lloydstsb.com
E-mail dated : 22nd June 2012




Originator : UPS Quantum Vew Subject : Your UPS delivery tracking number Content :

 

This message was sent to you at the request of ICRealtime Security Solutions LLC to notify you that the electronic shipment information below has been transmitted to UPS. The physical package(s) may or may not have actually been tendered to UPS for shipment. To verify the actual transit status of your shipment, click on the tracking link below or contact ICRealtime Security Solutions LLC directly.

Important Delivery Information


--------------------------------------------------------------------------------

Scheduled Delivery: 09-May-2012

Shipment Detail


--------------------------------------------------------------------------------
Ship To:
##########################
CSI SECURITY
2269 JEFFERIES HWY.
WALTERBORO
SC
29488
US
Number of Packages: 1
UPS Service: GROUND
Weight: 9.0 LBS

 
Tracking Number: +++++++++++
Reference Number 1: *****
Reference Number 2: @@@@@@


Click here to track if UPS has received your shipment or visit
http://www.ups.com/WebTracking/+++++

Comment : The tracking number link was to a file on a discount handbag website. That file was probably to some form of malicious software. The e-mail was "decorated" and looked more professional than most previously received.
Quoted Originating e-mail : auto-notify@ups.com
Date Received : 15th June 2012


 

Originator : The Co-operative Bank Subject : Private document from The Co-operative Bank p.l.c
Content :

Fraud prevention and online security

Here at The Co-operative Bank, keeping your personal information secure and confidential is crucial to us.
To protect all our customers we use a range of strict security measures including the latest encryption technology, and cookies. 

As Internet scams are becoming more common, we are taking steps to keep you and us ahead of the game.
*Proceed securely via attachment file to automatically update your account records*

[Co-operative Bank Logo]

Comment : The attached compressed file is probably some form of malware. No recipient name quoted.
Quoted Originating e-mail : phshing@co-operativebank.co.uk
E-mail dated : 15th June 2012


 


Originator : Cahoo Account Subject : Multiple Error Logins from your account Content :

Dear Customer,
We have been unable to verify your account with us.  

Our Technical Security Observe Multiple Error Logins from your account, Please do verify your account

by clicking the link below to prove account ownership .

[ACCOUNT VERIFICATION]   

Thank you for helping us protect you

Cahoot

Comment : The "[Account Verification]" in this e-mail linked to a website which was obviously not associated with Cahoot. E-mail was not addressed to a recipient. The associated website appears to be an online radio station, base country unknown.
E-mail address quoted : technicalservice@cahoot.co.uk
Date received : 8th June 2012


 

Originator : Cahoot Alert Subject : Important Message to Cahoot customers Content :

Dear Cahoot Customer,

It has come to our notice, that our customer are receiving spam email pretending to come from us.

We therefore implore you to click on [account update].

In other to be protected from unauthorized access to your account information

Regards

Cahoot

Copyright© 2012 Cahoot. All Rights Reserved

Comment : The "[account update]" in this e-mail linked to a website which was obviously not associated with Cahoot. E-mail was not addressed to a recipient. Note spelling mistakes and North American spelling. The associated website was built to just download a file and the Homepage only had a single sentence in French.
E-mail address quoted : spoof@cahoot.co.uk
E-mail blocked by ISP : Yes
E-mail blocked by computer : N/a
Date received : 4th June 2012


 

Originator : Santander : Subject : Santander Account Reinstatement Content :

Santander Account Holder,

Starting from 28 May 2012, we are introducing a new online banking
authentication procedure in order to better protect the private information
of all online banking users.

You are required to confirm your online banking details with us, as you will not be able to
have access to your accounts until this has been done. Once you've completed this you'll be
able to manage your money whenever you want, giving you more control of your finances.

*Proceed Securely Via Attachment*

Comment : The attached compressed file (zipped) probably contains some form of malicious software. E-mail was not addressed to a recipient.
Associated e-mail address : online@santander.co.uk
E-mail blocked by ISP : No
E-mail blocked by computer : Yes
Date received : 27th May 2012


 

Originator : Santander Online Alert
Subject : Santander Important security message
Content :

Dear Customer,

This e-mail has been sent to you by Santander UK to inform you that your account will be deactivated within the next 24 hours due to several unsuccessful login attempts on it.

To prevent this to happen please login securely to our activation link below:

Click here account security

If you have already confirmed your information then please disregard this message.

Regards,

Santander Online Service.

Comment : The "click here" in this e-mail linked to a website which was obviously not associated with Santander. The website was not operational and had a Swedish top-level domain (ie. aname.se). E-mail was not addressed to a recipient.
E-mail address quoted : customer.service@santander.co.uk
E-mail blocked by ISP : Yes
E-mail blocked by computer : n/a
Date received : 25th May 2012


 

Originator : USPS Subject : Print the postal label Content :

Postal notification,

Courier service couldn't make the delivery of your parcel.

Reason deny: It's not right specified size and the weight of parcel.
LOCATION OF YOUR PARCEL:Mesa
DELIVERY STATUS: sort order
SERVICE: Local Pickup
NUMBER OF YOUR ITEM:########## ##
FEATURES: Yes

The label of your parcel is enclosed to the letter.
You should print the label and show it in the nearest post office to get a parcel.

Information in brief:
If the parcel isn't received within 30 working days our company will have the right to claim compensation from you for it's keeping in the amount of $14.89 for each day of keeping of it.

You can find the information about the procedure and conditions of parcels keeping in the nearest office.

Thank you for attention.
USPS Services.

Comment : The attached compressed file (zipped) probably contains some form of malicious software.
Associated e-mail address : support@neworleans.com (neworleans.com is associated with a travel company for that city).
Date received : 8th May 2012




Originator :
Littlewoods Subject : Account Security Notification Content :

 

Dear Littlewoods Customer,

Please find below 'Changes to your Terms and Conditions' which details changes that we have made to the terms and conditions and fees and charges that apply to your account.

Please click here to read through this contents carefully and keep it in a safe place for your future reference. As an added precaution, we will need you to provide some details which identifies you to littlewoods.
 
If you have any questions or need any further information please contact your local branch.


Regards.
Littlewoods Managing Director/Chief Executive

Comment : The "click here" in this e-mail linked to the website :4thdimensiongambia.com obviously not Littlewoods. E-mail was not addressed to a recipient.
E-mail address quoted : account-alert@little.co.uk
Date received : 7th May 2012


 

Originator : Intelligent Finance Subject : Account Security Notification Content :

DEAR CUSTOMER,

Your Intelligent Finance Account security validation has expired,
this maybe as a result of wrong or incomplete data entered
during the last update.

It's strongly required that you should validate your Account
Ownership Security on the link below.

CLICK HERE to validate your account.

Thank you for helping us serve you better.

Customer Service
Intelligent Finance

Comment : The "click here" link in this e-mail was not working, but I again suspect it would direct to a bogus website. E-mail was not addressed to recipient.
E-mail address quoted : account-service@if.com
Date received : 7th May 2012




Originator : Fredric Oconnell Subject : Your USPS postage charge Content :

 

Acct #: 1459091Dear client:This is an email confirmation for your order of 3 online shipping label(s) with postage. Your credit card will be charged the following amount:Transaction ID: #7384973Print Date/Time: 03/11/2012 02:30 AM CSTPostage Amount: $38.87Credit Card Number: XXXX XXXX XXXX XXXX Priority Mail Regional Rate Box B # 1751  8538  3547  5330  2610  (Sequence Number 1 of 1)
 
 
If you need further information, please log on to usps.com/clicknship and go to your Shipping History* or visit our Frequently Asked Questions * .Refunds for unused postage-paid labels can be requested online up to 10 days after the print date by logging on to your Click-N-Ship Account*.Thank you for choosing the United States Postal ServiceClick-N-Ship: The Online Shipping SolutionClick-N-Ship has just made on line shipping with the USPS even better.New Enhanced International Label and Customs Form: Updated Look and Easy to Use!

This is an automatically generated message. Please do not respond

Comment : There were four website links* within this e-mail, each implied that they were associated with the USPS. The underlying software code did not link to USPS, but would direct to a website providing advice on mobile phones. The name of the re-directed page on that website implied that it was a mock-up of the USPS Homepage.
E-mail dated : 3rd May 2012


 

Comment : From researching the previous two phishing e-mails I came across the following warning on the usa.com website :

Recently we have seen a fraudulent scam using an email address @USA.com where a party acts as the US Immigration Service and requests funds via Western Union. We have requested that Mail.com terminate several such email addresses at USA.com and we have reported the scam to the authorities.

If you see such a scam please notify us and or Mail.com and also we suggest that you reach out to the Internet Crime Complaint Center (IC3), which is a partnership between the FBI and the National White Collar Crime Center to further report this fraudulent activity.

As this is an immigration scam it probably has a Sister scam dealing with US Visas and ESTA registration. Always use official US websites when dealing with Visas and ESTA. The US only charge a nominal fee for for these services and no agent is required.



Originator : Citibank International Subject : Good News from Citibank of New York Content : Identical to the content shown in previous phishing example.

 


Comment : The same as the previous phishing example, apart from "the CEO" for major US bank is now using an "one.co.il" (Isreal) e-mail address !


Originator : Citibank International Subject : INSTANT COMPENSATION ANNOUNCEMENT VALUED AT USD 14.3 MILLION Content :


CITIBANK INTERNATIONAL PLC NEW YORK
DIRECTOR, FOREIGN OPERATIONS DEPARTMENT
ADDRESS: HEADQUARTERS, 399 PARK AVE.NEW YORK UNITED STATE OF AMERICA
OUR REF: CUS/SNT/STB
 
MR. JEFF PETERSON
E-MAIL: jeff_peterson@aol.com
 
 
INSTANT COMPENSATION ANNOUNCEMENT VALUED AT USD 14.3 MILLION
IT IS MY MODEST OBLIGATION TO WRITE YOU THIS LETTER AS REGARDS THE AUTHORIZATION OF YOUR OWED PAYMENT THROUGH OUR MOST RESPECTED FINANCIAL INSTITUTION(CITIBANK PLC). I AM MR. JEFF PETERSON, THE CHIEF EXECUTIVE OFFICER, FOREIGN OPERATIONS DEPARTMENT CITIBANK OF NEW YORK, THE BRITISH GOVERNMENT IN CONJUNCTION WITH US GOVERNMENT, WORLD BANK, UNITED NATIONS ORGANIZATION ON FOREIGN PAYMENT MATTERS HAS EMPOWERED MY BANK AFTER MUCH CONSULTATION AND CONSIDERATION TO HANDLE ALL FOREIGN

PAYMENTS AND RELEASE THEM TO THEIR APPROPRIATE BENEFICIARIES WITH THE HELP OF A REPRESENTATIVE FROM FEDERAL RESERVE BANK OF NEW YORK.
 
AS THE NEWLY APPOINTED/ACCREDITED INTERNATIONAL PAYING BANK, WE HAVE BEEN INSTRUCTED BY THE WORLD GOVERNING BODY TOGETHER WITH THE COMMITTEE ON INTERNATIONAL DEBT RECONCILIATION DEPARTMENT TO RELEASE YOUR OVERDUE FUNDS WITH IMMEDIATE EFFECT; WITH THIS EXCLUSIVE VIDE TRANSACTION NO.: WHA/EUR/202, TRANSFER ALLOCATION NO.: 

CITIBANK/X44/701LN/WGB/GB, PASSWORD: xxxxxx, PIN CODE: yyyyy, IMMEDIATE CITIBANK SECRET CODE: zzzzzzz.HAVING

RECEIVED THESE VITAL PAYMENT NUMBERS, YOU ARE INSTANTLY QUALIFIED TO RECEIVE AND CONFIRM YOUR PAYMENT WITH US WITHIN THE NEXT 96HRS.
 
BE INFORMED THAT WE HAVE VERIFIED YOUR PAYMENT FILE AS DIRECTED TO US AND YOUR NAME IS NEXT ON THE LIST OF OUR

OUTSTANDING FUND BENEFICIARIES TO RECEIVETHEIR PAYMENT BEFORE THE END OF THIS SECOND TERM OF THE YEAR 2012. BE ADVISED THAT BECAUSE OF TOO MANY FUNDS BENEFICIARIES DUE FOR PAYMENT AT THIS SECOND QUARTER OF THE YEAR, YOU ARE ENTITLED TO RECEIVE THE SUM OF FOURTEEN MILLION THREE HUNDRED THOUSAND US DOLLARS  (14,300,000.00 US DOLLARS) ONLY, AS PART PAYMENT SO AS TO ENABLE US PAY OTHER ELIGIBLE BENEFICIARIES.
 
TO FACILITATE WITH THE PROCESS OF THIS TRANSACTION, PLEASE KINDLY RE-CONFIRM THE FOLLOWING INFORMATION BELOW:
 
 
1) YOUR FULL NAME: -----
2) YOUR FULL ADDRESS: ------
3) YOUR CONTACT TELEPHONE AND FAX NO: -----
3) YOUR PROFESSION, AGE AND MARITAL STATUS: -----
4) ANY VALID FORM OF YOUR IDENTIFICATION/DRIVEN LICENSE: -----
5) BANK NAME: ------
6) BANK ADDRESS: ------
7) ACCOUNT NAME: -----
8) ACCOUNT NUMBER: -----
9) SWIFT CODE: ------
10) ROUTING NUMBER: -----
 
 
 
AS SOON AS WE RECEIVE THE ABOVE MENTIONED INFORMATION, YOUR PAYMENT WILL BE PROCESSED AND RELEASED TO YOU WITHOUT ANY FURTHER DELAY. BE ALSO INFORMED THAT YOU ARE NOT ALLOWED TO COMMUNICATE WITH ANY OTHER PERSON(S) OR OFFICE ANY LONGER SO AS TO AVOID CONFLICT OF INFORMATION, YOU ARE REQUIRED TO PROVIDE THE ABOVE INFORMATION FOR YOUR TRANSFER TO TAKE PLACE THROUGH BANK TO BANK TRANSFER DIRECTLY FROM CITIBANK.
 
WE LOOK FORWARD TO SERVING YOU BETTER.
MR. JEFF PETERSON,
(CEO)CHIEF EXECUTIVE OFFICER

Comment : Suspicious: the originator who states they are the CEO for major bank is using an "aol" e-mail address to carry out business; a major bank wants to "give away" $14m, I think not ! US companies operating within the USA do not use "plc" in their title.

As always, do not provide any personal information to someone you do not know or has no reason to have your personal details.

The e-mail quoted in the text : citibank@usa.com has nothing to do with Citibank. "USA.com" appears is a bonafide travel / information organisation within the USA, but it does not manage e-mail addresses ending with "usa.com". It appears that "usa.com" e-mail addresses are freely available to anyone to appy for.
E-mail dated : 3rd May 2012


 

Originator : Delgado Head Subject : Your parcel is given for the safekeeping Content :

Notification, Your parcel can't be delivered by courier service.

Reason deny: Postal code isn't valid.
LOCATION:Riverside
PARCEL STATUS: sorting
SERVICE: Expedited Shipping
ITEM NUMBER:U############ NU
INSURANCE: No

Postal label is enclosed to the letter.
Print your label and show it in the nearest post office of USPS

Attention!
If the parcel isn't received within 30 working days our company will have the right to claim compensation from you for it's keeping in the amount of $13.87 for each day of keeping of it.

You can find the information about the procedure and conditions of parcels keeping in the nearest office.

Thank you for attention.
USPS Global Services.


Comment : The "label" was in a zipped attachment, which probably contained some form of malicious software. Even though this e-mail was meant to be from a "Delgado Head" the reply e-mail name was completely different; also note the odd grammar and punctuation used.
Website associated with originating e-mail : buildingpost.com (this website has not been allocated to anyone).
E-mail dated : 30th April 2012


 

Originator : Casey Chandler Subject : It.s denied at the parcel delivery Content : Delivery information,

We couldn't deliver your parcel.

Reason The size of parcel is exceeded.
LOCATION:Providence
STATUS OF YOUR PARCEL: sorting
SERVICE: Expedited Shipping
NUMBER OF YOUR ITEM:U*********** NU
INSURANCE: No

The label of your parcel is enclosed to the letter.
Print your label and show it at the post office.

Information in brief:
If the parcel isn't received within 30 working days our company will have the right to claim compensation from you for it's keeping in the amount of $6.99 for each day of keeping.

You can find the information about the procedure and conditions of parcels keeping in the nearest office.

Thank you.
USPS Customer.

Comment : The "label" was in a zipped attachment, which probably contained some form of malicious software. Even though this e-mail was meant to be from a "Casey Chandler" the reply e-mail name was completely different; also note the odd grammar and punctuation used.
Website associated with originating e-mail : packagepost.com (this website has not been allocated to anyone)
E-mail dated : 30th April 2012


 

Originator : online@co-operative.co.uk Subject : System requires further account verification Content :

Dear Customer,

We regularly screen activities in the Co-operative online banking system,
During this process we encountered difficulties in your account verification,
As a result of this our system requires further account verification.

*Proceed securely via attachment file to automatically update your online account records*

Comment : No recipient name quoted in heading or salutation.
Attached zipped (compressed) file probably contains some form of malicious software.
Website associated with originating e-mail : Co-operative Bank
E-mail dated : 27th April 2012 ( Received twice )


 

Originator : co-opretivebank.co.uk Subject : New Account Review Document Subject :

Dear Co-operative Bank Customer,

We were unable to verify your account information during our regular database verification process.
However, failure to update your records might result in your account being suspended.
Please note that your updating of information, will not interrupt your services.

*Proceed securely via attachment file to automatically update your online account records*

Comment : the originators name spelling mistake. No recipient name quoted in heading or salutation.
Attached zipped (compressed) file probably contains some form of malicious software.
Website associated with originating e-mail : Co-operative Bank
E-mail dated : 24th April 2012


 

Originator : Santander e-banking Subject. : New Santander Bank Account Review. Content :

Dear Customer, We regularly screen activities in the Santander online banking system,
During this process we encountered difficulties in your account verification,
As a result of this our system requires further account verification.

*Proceed securely via attachment file to automatically update your online account records*

Comment : Attached zipped (compressed) file probably contains some form of malicious software.
Website associated with originating e-mail : santander.co.uk
E-mail dated : 15th April 2012


 

Originator : es-tatement@santander.co.uk Subject : New Santander Bank Account Review. Content :

Dear Santander Bank Customer,

YOUR ACCOUNT HAS BEEN FLAGGED AS ONE OF THE NUMEROUS ACCOUNTS THAT NEEDS TO BE REVIEWED.
The main reason for this action are:

* Billing / Payment Issues.
* Invalid log on attempts by a suspected third party user.

Proceed Securely via attachment to resolve this issue


Comment : Attached zipped (compressed) file probably contains some form of malicious software.
Website associated with originating e-mail : santander.co.uk
E-mail dated : 12th April 2012


Originator : US Airways. Subject : Reservations. Content : You have to check in from 24 hours and up to 60 minutes before your flight (2 hours if you're flying internationally). After that, all you need to do is print your boarding pass and head to the gate.

Confirmation Code : ######
Check-in online : Click link

Flight : ####
City of Departure and time : City name ##:##pm
Departure date : ##/##/2012

Comment : The "Click link" would take you to a website based in Romania. Landing on that website would identify to the originator your IP address (###.###.###.###) and may even lead to malicious software being downloaded to your PC / laptop.

Website associated with originating e-mail : myusairways.com (does not appear to exist)
E-mail dated : 9th April 2012


 

Originator : Walter Smith. Subject : Earn £40 working during your free time. Content : Here is an opportunity for you to work from home, work place or school and earn ?40 weekly... the job will  only take maximum of 1hr of your time daily and it's between Monday and  Friday... kindly get back to us  ASAP if you care to know more about the job offer.

Walter Smith
& Development Manpower
rich.investments.incorporation

Comment : This e-mail can probably be defined as spam and phishing. If "taken in" and replied you would probably be asked to puchase a start up kit. You would then be asked for your credit or debit card details. The fraudsters would then start to draw on your account. Alternatively, they could ask for your bank details so they can "pay your salary", then they would draw on your account.

Website associated with originating e-mail : none (e-mail sent from a gmail account)
E-mail dated : 8th April 2012


 

Originator : co-operativebank.co.uk Subject : New Co-operative Bank Account Review. Content :

Dear Customer,

YOUR ACCOUNT HAS BEEN FLAGGED AS ONE OF THE NUMEROUS ACCOUNTS THAT NEEDS TO BE REVIEWED.
The main reason for this action are:

* Billing / Payment Issues.
* Invalid log on attempts by a suspected third party user.

(*Download the attachment Zip within this mail,fill the form to update your online account records*)

Comment : Attached zipped (compressed) file probably contains some form of malicious software.
Website associated with originating e-mail : co-operativebank.co.uk
E-mail dated : 7th April 2012


 

Originator : Antoine Caldwell. Subject : USPS postage invoive. Content :

Acct #: *******

Dear client:

This is an email confirmation for your order of 1 online shipping label(s) with postage. Your credit card will be charged the following amount:

Transaction Number: #*******
Print Date/Time: 03/**/2012 **:** AM CST
Postage Amount: $35.68
Credit Card Number: XXXX XXXX XXXX XXXX

Priority Mail Regional Rate Box B # 9***  ****  1841  ****  9***  (Sequence Number 1 of 1)

If you need further assistance, please log on to usps.com/clicknship {even though the name states usps the underlying program is to a bogus website } and go to your Shipping History {link to same bogus website} or visit our Frequently Asked Questions {link to same bogus website}.

You can refund your unused postage labels up to 14 days after the print date by logging on to your Click-N-Ship Account.

Thank you for choosing the United States Postal Service

Click-N-Ship: The Online Shipping Solution

Click-N-Ship has just made on line shipping with the USPS even better.

New Enhanced International Label and Customs Form: Updated Look and Easy to Use!

Comment : The bogus website links are automatic file download ones. This means that as soon as you click on it, it will immediately attempt to download software to your computer. This will probably be malicious. My ISP's spam filter did not filter this e-mail out, probably because it was seen as coming from and individual and not a organisation (bank etc). The filering of this email was left to my own security software on my computer.
Website associated with originating e-mail : usps.com
E-mail dated : 27th March 2012


 

Originator : co-operativebank.co.uk Subject : Payment Accepted - Confirmation Pending. Content : Dear Co-operative Bank Customer, There is a pending transfer into your Bank Account. For security reasons, we will like you to confirm your account status to us before the transfer can be completed. To confirm your account status to us for safety and security update, please click on the Confirm Transfer link below to start the confirmation process. We appreciate your support and co-operation for your prompt attention to this matter. The Co-operative Bank p.l.c. Security Support.

Comment : Push button provided to "complete transfer" hides the bogus link, this looks like it goes to a spoof Co-op bank homepage to obtain password details and/or malicious software. The root of the link is a college essay advice website.
Website associated with originating e-mail : co-operativebank.co.uk
E-mail dated : 25th March 2012


 

No phishing e-mails for 10 days !


 

Originator : online.lloydstsb. Subject : Newly implemented security upgrade. Content : Dear LloydsTSB Customer, Due to on-going maintenance upgrade at LloydsTSB Bank plc, all customers are required to update their information to the new security system. Restricted account(s) will not be able to receive payments, send payments or withdraw funds. (Proceed carefully below Via Attachment).

Comment : Attachment probably contains malicious software.
Website associated with originating e-mail : lloydstsb.com
E-mail dated : 15th March 2012


Originator : IRS (US Tax service ). Subject : Your Tax appeal motion is rejected. Content : Dear business tax payer, Hereby you are notified that your Income Tax Return Appeal id#2144984 has been DECLINED.  If you consider that the IRS did not properly investigate your case due to a misunderstanding of the situation, be prepared to re-submit your appeal. You can access the rejection file and re-submit your appeal using the following link
Click on link for details.

Comment : E-mail was sent to multiple recipients, all with the same tax reference ? Linked website (which wasn't IRS) probably contains malicious software.
Website associated with originating e-mail : irs.gov
E-mail dated : 14th March 2012



Originator
: FedEx Support. Subject : FEDEX Shipment Status NR-2181. Content : Dear Customer, The delivery service couldn't deliver your package. The package weight exceeds the allowable free-delivery limit.  You have to receive your packagen personally. Print out the "Invoice Copy" attached and collect the package at our office. Please read carefully the attached information before receiving your package. Click on attachment for details.

Comment : Attachment probably contains malicious software.
Website associated with originating e-mail : fedex.com
E-mail dated : 10th March 2012


Originator : FedEx. Subject : Your package is available for pickup. Content : This is a post notification, The delivery service couldn't deliver your package.The package weight exceeds the allowable free-delivery limit. You have to receive your packagen personally. Print out the "Invoice Copy" attached and collect the package at our office. Click on attachment for details.

Comment : Attachment probably contains malicious software. Website associated with originating e-mail : fedex.com
E-mail dated : 8th March 2012


 


Originator : Better Business Bureau. Subject : BBB case ID #######. Content : The Better Business Bureau has received a complaint from one of your customers, etc, etc. Click on attachment for details.

Comment : Attachment probably contains malicious software. The e-mail also had a link to the website "bercoexpressdelivery.com"; this website exists, but doesn't have any content. There is a company called Berco delivery,based in South Africa. The business address quoted within the e-mail was "Arlington, Virginia, USA. The e-mail had multiple recipients.
E-mail dated : 7th March 2012


Originator : Intuit Inc. Subject : Please confirm your Intuit.com Invoice. Content : Thank you for buying your accounting software from Intuit Market. We are working on and will message you when your order ships. If you ordered multiple items, we may deliver them in more than one delivery (at no extra cost to you) to provide faster processing time. If you have questions about your order, please call 1-800-955-####. Press on link to complete order.

Comment : The link maybe associated with malicious software. Website associated with originating e-mail : sice.nl (Netherlands); this website deals with environment entertainment ?
E-mail dated : 6th March 2012


 


Originator : Gala Bingo. Subject : Your £40 welcome bonus from Gala - Enjoy the best in Gaming. Content : Promises of £40 free gambling cash for each £10 spent by "punter".

Comment : The e-mail quotes the gala bingo website link, but the actual software instruction is directed to another website "e.loKat.com". This other website is not associated with Gala Bingo.
Website associated with originating e-mail : e.lokat.com. This website shows links to many sources of information, but their long names names imply that they could go to malicious sites or software.
E-mail dated : 3rd March 2012



Originator : Super Free Bingo. Subject : Over £100 Free Bingo. Dated : 1st March 2012
Content : The e mail promises £100 of free bingo money and other offers. The link takes you to a website called "superfreebingo.com" this website advertises 10 different bingo website that offer free trials.

Comment : All of the associated links are to other pages on the same website which includes other links. Clicking on these links starts a download process.
Probably source of malicious software.
Website associated with originating e-mail : wrm6.com . This appears to be a contact website.



Originator : Gamebook. Subject : Online gambling does not come better than this. Promise of $777 credit for gambling on their website. Click on potentially malicious link.
Quoted website for e-mail: abctpa.com does not exist

Originator : Gamebook. Subject : Online gambling does not come better than this. Promise of $777 credit for gambling on their website. Click on potentially malicious link.
Quoted website for e-mail: abcoleman.org exists, but security certificates invalid.

Originator : Gamebook. Subject : Online gambling does not come better than this. Promise of $777 credit for gambling on their website. Click on potentially malicious link.
Quoted website for e-mail: kxl.com exists and is a radio station in Portland, Oregon ! Looks like someone has highjacked their e-mail.

Originator : Gamebook. Subject : Online gambling does not come better than this. Promise of $777 credit for gambling on their website. Click on potentially malicious link.
Quoted website for e-mail: allbanie.com exists, but not related to gambling.

Originator : Gamebook. Subject : Online gambling does not come better than this. Promise of $777 credit for gambling on their website. Click on potentially malicious link.
Quoted website for e-mail: branto.in does not exist.

Originator : Lucky Cash. Subject : Hard to resist bonus offers at Lucky Cash Club. Promise of a $4,000 welcome bonus for gambling on their website. Click on potentially malicious link.
Quoted website for e mail : agiweb.org ( American Geosciences Institute). Looks like someone has hijacked their e-mail.

Originator : Lucky Cash. Subject : Hard to resist bonus offers at Lucky Cash Club. Promise of a $4,000 welcome bonus for gambling on their website. Click on potentially malicious link.
Quoted website for e mail : abc15.com (ABC News channel - Phoenix, Arizona). Looks like someone has hijacked their e-mail.

Originator : Lucky Cash. Subject : Hard to resist bonus offers at Lucky Cash Club. Promise of a $4,000 welcome bonus for gambling on their website. Click on potentially malicious link.
Quoted website for e mail : cv.ua exists, but not related to gambling.




Originator : Better Business Bureau. Subject : Important : BBB complaint activity report. Content  : "Good afternoon, Here with the Better Business Bureau would like to notify you that we have been filed a complaint (ID #######) from one of your customers in regard to their dealership with you. Please open the COMPLAINT REPORT below to obtain more information on this problem and let us know of your position as soon as possible."

Comment : Click on potential malicious attachment.