This page covers details of scams and fraud. The vehicle of much of this crime is via email, so examples of SPAM and Phishing is also included.

Remember, this is NOT a definitive list of scams and fraud. This page only provides an example of what is going on.

Note : Some of the information provided is from ActionFraud Alerts, in the past they have been included on the NEWS pages. From September 2015 they will appear on this page.

APRIL 2018

(Action Fraud, dated 30th April 2018)

The National Fraud Intelligence Bureau (NFIB) have noticed an increase in Action Fraud reports where fraudsters are offering a discount on Television service provider subscriptions. Fraudsters are cold-calling victims, purporting to be from a Television (TV) provider offering a discount on their monthly subscription. Victims have been told the following: their subscription needs to be renewed; that part or all, of the TV equipment has expired and they are due an upgrade on the equipment/subscription. In order to falsely process the discount, the fraudster asks victims to confirm or provide their bank account details. The scammers may also request the victim’s identification documents, such as scanned copies of passports.

The fraudsters are using the following telephone numbers: “08447111444”, “02035190197” and “08001514141”. The fraudster’s voices are reported to sound feminine and have an Asian accent.

Later victims make enquiries and then discover that their TV service provider did not call them and that the fraudster has made transactions using the victim’s bank account details.

This type of fraud is nationwide. Since the beginning of this year (2018), there have been 300 Action Fraud Reports relating to this fraud. From the reports received, victims aged over 66 seem to be the most targeted.

What you need to do

- Don’t assume a phone call or email is authentic: Just because someone knows your basic details (such as your name and address or even your mother’s maiden name), it doesn’t mean they are genuine. Criminals can exploit the names of well-known companies in order to make their scams appear genuine.

- Don’t be rushed or pressured into making a decision: a genuine company won’t force you to make a financial decisions on the spot. Always be wary if you’re pressured to purchase a product or service quickly, and don’t hesitate to question uninvited approaches in case it’s a scam.

- Stay in control: Have the confidence to refuse unusual requests for personal or financial information. Always contact the company yourself using a known email or phone number, such as the one written on a bank statement or bill.

Visit Take Five ( and Cyber Aware ( for more information about how to protect yourself online.

(1st May 2018)

(London Evening Standard, dated 25th April 2018 authors Nicholas Cecil and Joe Murphy)

Full article [Option 1]:

Scotland Yard is probing allegations of postal vote malpractices in a key borough for the May 3rd local elections, the Standard reveals today.

Eleven cases in Hammersmith and Fulham have been reported to police including some where residents say they have been issued with postal votes they did not request. Officers are understood to have spoken to some individuals who believe they were tricked into applying for a postal vote.

One woman thought that she was signing a petition about Charing Cross Hospital, it is claimed.

The allegations come amid a surge in people applying for postal votes in some marginal wards in the Labour-run borough. The Conservatives claim there have been huge increases in postal vote registration on several estates where Labour is strong.

Figures compiled by the Tories show postal vote registrations in Town ward, which has three Conservative councillors, rose from 1,268 before last year’s general election to 2,005 this month. More specifically, in the Town ward “C” polling district which runs from Fulham Road towards Putney Bridge, the number jumped from 307 in March 2017 to 758 this month.

Conservatives say that on four estates in this district there have been big rises in postal vote registrations to 50 per cent of the electorate in Pulton Place, 42 per cent in Fulham Court, and 35 per cent on Barclay Close and Lancaster Court.

Greg Hands, Tory MP for Chelsea and Fulham, said: “Some people were signed up by the Labour Party and are telling us that they had not knowingly requested one [a postal vote] and do not want one.” The Conservatives referred their concerns to the police.

The London Labour Party rejected accusations of wrongdoing against its campaign teams. A spokesman said: “This is a completely baseless allegation and a desperate, politically-motivated attempt by a Tory MP to use the police to grab a headline during a closely-fought election campaign.”

A council spokesman said: “There are currently no concerns about the validity of any votes in Hammersmith and Fulham.” Scotland Yard has been contacted for comment.

(1st May 2018)

(Action Fraud, dated 24th April 2018)

The 2018 FIFA World Cup will take place from 14th June – 15th July 2018. The worldwide demand for match tickets, flight tickets, and somewhere to stay throughout the competition is expected to be significant. Those planning to travel should exercise caution when considering the purchase of tickets or accommodation because the event is highly likely to be targeted by fraudsters looking to take advantage of unsuspecting fans.

Fraudsters will likely be posing as;

- Official World Cup ticket vendors or private individuals attempting to sell on a match ticket via online marketplace.

- A fraudulent website or operator offering non-existent flights or other transport to host cities.

- An accommodation booking service, hotel or operator, offering seemingly convenient accommodation in one of the host cities for the duration of the game.

- Lottery or competition organisers claiming that you’ve won a prize or cash related to the tournament.

Action Fraud received over six hundred reports and intelligence submissions in relation to the previous World Cup so it’s vital that football fans exercise caution when considering a purchase or making a transaction.

Protect yourself:

- Listen to your instincts: If something feels wrong then it is usually right to question it. Fraudsters will use the promise of steep discounts to lure you into handing over your money or revealing personal/financial details.

- Clicking on links/files: Don’t be tricked into giving a fraudster access to your personal or financial details, and never automatically click on a link in an unexpected email or text.

- Visit the Action Fraud website and take a look at their Ticket Fraud, Holiday Fraud and Lottery Fraud advice pages before making any decisions or bookings.

- For useful advice and information on the World Cup please visit the Government Guidance Pages:

Visit Take Five ( and Cyber Aware ( for more information about how to protect yourself online.

(1st May 2018)

(The Telegraph, dated 23rd April 2018 author Olivia Rudgard)

Full article [Option 1]:

MoneySavingExpert founder Martin Lewis is to sue Facebook over scam adverts using his image.

The commentator and financial journalist is claiming defamation over allegations that the site is publishing scam adverts using his image causing vulnerable people to hand over thousands of pounds to criminals.

He said the company had hosted more than 50 of the scam ads and that it had failed to act because it was motivated by "greed".

Mr Lewis said the legal action, due to be launched on Monday, was the result of months of frustration with scammers who were piggybacking on his reputation and preying on Facebook users with outlandish get-rich-quick scams.

Supporters have handed over thousands of pounds in good faith, only to find the advert has nothing to do with Mr Lewis or his company.

"Vulnerable people are the ones being scammed and the ones being hurt," he told the Daily Telegraph. "It has to take some responsibility."

"It is not worth Facebook's while improving its systems. The company who is the leader in facial recognition, when it's been put on notice by someone that there is a scam and that that person never does adverts, it is not beyond its wit and wisdom to notify me of these adverts, and ask if they are legitimate.

"But its processes don't work like that - it wants to make it flexible and easy for anyone to be able to advertise - and it has done, including criminal scammers.

"Facebook has become this big agglomerated organisation where no-one seems to take care and responsibility."

Any damages won through the lawsuit will be donated to charity, by Mr Lewis said the legal action was not designed to win the case itself, but to force the company to change its policy on advertising, for example by having inbuilt settings notifying well-known people every time their image was used in an advert, requiring their approval.

He said he has repeatedly reported the adverts, only for new, almost identical ones to appear days later.

"I don't do ads, so an ad with me in it, does not have my permission. These are companies warned about by the FCA, warned about by Action Fraud - this is about as clear cut as it gets," he said.

"Why do I have to go through the time, cost and stress of doing the work? I have people spending half their week doing this. I'm not being paid by Facebook. It's making the money - if I'm going to have to do that can it pay me a fee to police it?

"It sees each advert as discrete, and the next day there's another one. They're not identical but it's the same thing. They say 'it's a new advert, you've got to report it'.

"It's distressing, and genuinely makes me feel physically sick when I hear someone has lost money because of this, and because they trusted me, and now they blame me. It is very upsetting, personally - not as upsetting as it is for the people who have lost money."

He said "fake ads" needed to be taken seriously alongside "fake news" as a threat to civil society.

"Our democracy is failing to protect vulnerable from scammers by appeasing one of the world's biggest and richest companies. That is a bit of a threat as well. There isn't enough focus on fake ads."

Solicitor Mark Lewis of Seddons, leading the lawsuit, said: "Facebook is not above the law - it cannot hide outside the UK and think that it is untouchable.

"Exemplary damages are being sought. This means we will ask the court to ensure they are substantial enough that Facebook can't simply see paying out damages as just the 'cost of business' and carry on regardless.

"It needs to be shown that the price of causing misery is very high."

A Facebook spokesperson said: “We do not allow adverts which are misleading or false on Facebook and have explained to Martin Lewis that he should report any adverts that infringe his rights and they will be removed.

"We are in direct contact with his team, offering to help and promptly investigating their requests, and only last week confirmed that several adverts and accounts that violated our Advertising Policies had been taken down.”

What happens to victims of fraud

Victims are told to first report the scam or fraud to Action Fraud, the national reporting centre for cyber crime and fraud.

Action Fraud passes the report to the National Fraud Intelligence Bureau. The NFBI then analyses the case to find out if there are any viable lines of enquiry. If there are, the report is sent to the police for investigation.

The police unit may not have the resources to dedicate to investigating the fraud even if it receives the report.

According to independent charity, the Fraud Advisory Panel, victims outside of London have even less chance of their fraud cases being investigated.

If there are insufficient viable lines of enquiry for an investigation, the NFBI holds the report in case new leads emerge.

(1st May 2018)

(The Telegraph, dated 20th April 2018 author Adam Williams)

Full article [Option 1]:

A growing number of young people are being lured into illegal work as “money mules”.

Anti-fraud prevention service Cifas said there was a 27pc increase in the number of 14-24 year olds being used as money mules during 2017.

A money mule is a person who is used by criminals to move illegal funds between accounts, whether in person or electronically, in order to launder the money and evade authorities.

Young people are often used to transfer money. The National Fraud Database warned earlier this year that fraudsters were using popular messaging app WhatsApp to lure in unsuspecting youngsters.

Cifas said cash-strapped students were a particular target for the scam as criminals often promised large rewards for small amounts of work.

More than 32,000 bank accounts were highlighted as being subject to money laundering by money mules last year, an 11pc rise on 2016.

Dean Curtis, of financial crime firm LexisNexis Risk Solutions, said young people were engaging in illegal activity without considering the potential repercussions.

“To avoid banks’ stringent identity fraud checks, criminals are increasingly turning to laundering their illicit funds through other people's bank accounts, and probably giving them great compensation for doing so,” he said.

“This trend has already increased 11pc since 2016 and could easily continue to rise. More young people are being recruited in this manner, particularly among the student population, who are handing over their identities and banking credentials without understanding the implications.”

Other data published by Cifas showed identity fraud reached an all-time high during 2017, with 174,523 cases recorded. It said 95pc of these cases involved the impersonation of an innocent victim.

Mike Haley, of Cifas, described the levels of fraud in the UK as “frighteningly high” and said criminals were using increasingly sophisticated techniques to find victims.

“As some targets become harder to crack, criminals turn to what they consider are softer targets. However, as fraudsters see their attempts become more difficult, the question will arise about where they will target next.”

(1st May 2018)

(Action Fraud, dated 20th April 2018)

The 2018 FIFA World Cup will take place from 14th June – 15th July 2018. The worldwide demand for match tickets is expected to be significant. Action Fraud have been alerted to several websites which are offering World Cup Tickets for sale, some at highly inflated prices. A FIFA spokesperson said:

“FIFA regards the illicit sale and distribution of tickets as a very serious issue and it has been reminding all football fans that is the only official and legitimate website on which to buy 2018 FIFA World Cup tickets.”

“FIFA has received various complaints and enquiries by customers of non-authorised ticket sales platforms, and has consistently confirmed that these companies cannot guarantee access to the stadiums as the respective tickets may be cancelled. Insofar customers are at risk of investing a high amount of money (also for travelling and accommodation) without having the certainty to actually be able to attend the matches.”

FIFA have also warned that “any tickets obtained from any other source, such as ticket brokers, internet auctions or unofficial ticket exchange platforms, will be automatically rendered void and invalid”.

Action Fraud received over six hundred reports and intelligence submissions in relation to the previous World Cup so it’s vital that football fans exercise caution when considering a purchase or making a transaction.

Protect yourself:

- Don’t take the risk. Tickets for the World Cup 2018 can only be purchased directly from FIFA. For more information, please visit

- A FAN ID is required for fans to be able to enter the 2018 FIFA World Cup stadiums. Exercise caution if using a third party to obtain your FAN ID for you. You may be charged inflated costs for the service and your personal details may be compromised. For more information, please visit

- Visit the Take Five website for the latest guidance on how to avoid becoming a victim of fraud.

- For useful advice and information on the World Cup please visit the Government Guidance Pages;

(1st May 2018)

(BBC News, dated 9th April 2018)

Full article :

Dozens of travellers returning to Bristol Airport were left stranded after a meet-and-greet parking company failed to return their cars.

Police said a "significant number of motorists had been unable to retrieve vehicles" after returning to the terminal between Friday and Sunday.

Bristol Airport said the firm involved - Absolutely Secure Airport Parking - was not connected with the airport.

The company is yet to respond to requests for a comment.

The Bristol Post reported that some customers found their "filthy" vehicles in lay-bys and fields.

Russell and Amanda Lewington, from Box in Wiltshire, called police on Friday morning after their calls to the company went unanswered.

They said dozens of other travellers who were in a similar situation had apparently booked the same service through different intermediaries.

Mrs Lewington said, when the company's owner eventually left with police to fetch the keys, he was taken ill.

She said: "People were getting more fractious but trying to stay calm because there were children waiting with us.

"Some people were returned their keys but had no idea where their cars were parked. Some found their cars in lay-bys near the airport."

After getting a taxi home, the Lewingtons eventually located their car through a WhatsApp social media group set up by another stranded passenger and collected it from a farmers' field about 15 miles from the airport on Saturday afternoon.

Lee Drinkwater, a Royal Marine from Exmouth in Devon, found his Mercedes nine hours after returning to the airport on Friday.

He said he was charged £35 by the company for 24 hours of secure parking.

"The vehicles were stored in lay-bys, farmers' fields, down dirt tracks. They were not in secure locations as advertised."

Mr Drinkwater said that up to 30 families were among those waiting for their cars on Friday.

"They were cold, tired and hungry," he added.

Other passengers took to social media to express their anger at the situation.

Writing on Facebook, Kim Price-Harris said: "Cars left in lay-bys or on farms covered in mud. They don't even know where people's cars are or their keys.

"Lots of people left stranded at the airport."

A spokesperson for Bristol Airport said: "While we have no control nor influence over the services provided by Absolutely Secure Airport Parking Bristol, our ground transportation team and on-site police unit provided assistance to passengers affected to help locate their vehicles."

Avon and Somerset Police said it was investigating but "keeping an open mind as to whether any criminal offences have been committed".

uaware comment

This may not be deemed as fraud, but it definitely is deception.

(1st May 2018)

(BBC News, dated 7th April 2018)

Full article :

Holidaymakers are being warned about fraudsters who place false adverts on accommodation websites, conning them out of hundreds of pounds.

Last year, some 4,700 travellers fell victim to such scams, which included fake airline tickets.

On average those affected lost £1,500 each in 2017, according to the police, a 25% rise on the year before.

In many cases the fraudsters hack into accommodation websites and ask to be paid directly.

But as soon as payment is made, they disappear.

The Association of British Travel Agents (Abta) is also warning about fake airline tickets that never arrive. Last year, most of the flights concerned were to Africa or Asia.

"I was petrified"

Last May, legal secretary Georgia Brown tried to book a holiday in Amsterdam for herself, her partner Jamie, and some friends.

She spotted an advert on an accommodation website, where the owner of the apartment was asking for a deposit of £915.

She corresponded with the man by email, and then sent the money off by bank transfer.

But she never heard from him again.

"At the time I was petrified. I thought someone had hacked into my bank account. It was really scary," she said.

She was also critical of the booking site involved.

"I just don't understand how this person was allowed to advertise on the website."

Georgia Brown eventually got her money back through her bank.

'Emotional impact'

In order to avoid being conned, Abta advises holidaymakers to:

- Do research. Check the holiday company's credentials, and look at several reviews of the property involved

- Check the web address is legitimate, and has not been altered. For example from to .org

- Be cautious about paying directly into an individual's bank account. Bank transfers are like paying by cash, so are difficult to trace. It is safer to use a debit or credit card

More than half of the victims of travel scams told Action Fraud that the experience had affected their mental health or financial well-being.

In some cases the impact was even more serious.

"The startling emotional impact of falling victim to holiday fraud is highlighted in the latest figures, as 575 people reported that the harm to them was so severe, they had to receive medical treatment or were at risk of bankruptcy," said Pauline Smith, head of Action Fraud.

It follows earlier warnings this year about so-called "chalet fraud" for people booking ski-ing holidays.

On average those who were tricked into sending off money to reserve a chalet lost more than £2,000 each.

(1st May 2018)

(Action Fraud, dated 5th April 2018)

Action Fraud has received several reports indicating that sellers of items on online marketplace websites are falling victim to fraud by bogus buyers. Typically, the bogus buyers contact the seller wanting to purchase the item for sale and advise they will be sending the requested amount via PayPal or other electronic payment method. The seller then receives a fake, but official looking email stating they have been paid more than the asking price and to send the difference back to the buyer’s bank account. In reality, no money has ever been sent to the seller; the bogus buyer has spoofed an email and purported to be an online payment company. All contact is then severed with the seller.

It is important to remember that selling anything could make you a target to these fraudsters however the NFIB has identified that those offering sofas, large furniture and homeware are particularly vulnerable.

Protection Advice

- Don’t assume an email or phone call is authentic. Remember criminals can imitate any email address. Stay in control. Always use a trusted payment method online, such as Paypal, and have the confidence to refuse unusual requests for payment like bank transfers.

- Don’t be rushed or pressured into making a decision. Always verify that you have received payment from the buyer before completing a sale.

- Listen to your instincts. Criminals will try and make unusual behaviour, like overpaying, seem like a genuine mistake.

Visit Take Five ( and Cyber Aware ( for more information about how to protect yourself online.

If you have been affected by this, or any other type of fraud, report it to Action Fraud by visiting or by calling 0300 123 2040.

(1st May 2018)

(Action Fruad, dated 5th April 2018)

Victims receive a telephone call from someone purporting to be a bailiff enforcing a court judgement, attempting to recover funds for a non-existent debt. The fraudsters state the debt originates from the victim not paying a magazine advertisement subscription.

A variety of magazine names and publishers are being used by the fraudsters, who also commonly use the names of certified Bailiff Enforcement Agents such “Scott Davis”, “Stephen King” and “Mark Taylor”. These are names of certified Bailiff Enforcement Agents employed by debt enforcement companies.

The fraudsters request that the debt be repaid by bank transfer. If the victim refuses, they threaten to visit the victim’s home or place of work to recover the debt that is owed.

Once the money has been transferred, victims are not provided with receipt details of the payment or contact details. Later when victims make enquiries, they’ll discover that the debt did not exist, and often that no advertisement was placed.

This type of fraud is nationwide. Since 2017, there have been 52 Action Fraud Reports relating to this fraud. From the reports received, there are a range of different businesses and individuals being targeted.

Protection Advice:

1. Listen to your instinct: just because someone knows your basic details, such as your name and address, it doesn’t mean they are genuine.

2. Stay in control: always question cold callers: always contact the companies directly using a known email or phone number.

3. Don’t be rushed or pressured into making a decision: a legitimate company will be prepared to wait whilst you verify information.

If you have been affected by this, or any other type of fraud, report it to Action Fraud by visiting or by calling 0300 123 2040.

Visit Take Five ( and Cyber Aware ( for more information about how to protect yourself online.

(1st May 2018)

MARCH 2018

(Telegraph, dated 27th March 2018 author Telegraph Reporters)

Full article [Option 1]:

The chief locksmith at a major hospital trust defrauded it out of nearly £600,000 by hiring his own supply firm and charging a 1,200 per cent mark-up on goods, a court heard.

Andrew Taylor, who was the main locksmith for Guy's and St Thomas' NHS Foundation Trust in London, was found guilty of fraud by abuse of position at Inner London Crown Court and jailed for six years.

The 55-year-old, of London, was responsible for obtaining a best value quotes for locksmith supplies, but purchased locksmith materials from a company that he owned himself.

According to the NHS Counter Fraud Authority (NHSCFA), which investigated the case, he failed to declare a conflict of interest and charged "extortionate" mark-up prices, some up to 1,200%.

Taylor started to work at the hospital trust as a carpenter in 1998 and was appointed permanent locksmith in 2006. Between 2007 and 2013, a company called Surety Security supplied Guy's and St Thomas' with locksmith materials.

Investigators found that apart from two very low value jobs, Surety Security had no customer other than Guy's and St Thomas'. It was later discovered that the company was owned and controlled by Taylor.

When the deception was discovered Taylor was suspended, and resigned before disciplinary procedures were completed.

The NHSCFA said Taylor abused his position of trust to defraud his employer of £598,524.27.

It is the first conviction secured by the NHSCFA since its establishment as a special health authority in November 2017.

"This is a significant and rewarding outcome for the NHSCFA, and sends a clear message that we will intervene and take action against those who commit fraud against the NHS and who take money originally intended for patient care for their own personal gain," said Sue Frith, interim chief executive of the NHSCFA.

"Andrew Taylor exploited his position at Guy's and St Thomas' to satisfy his own greed and personal lifestyle.

"The sentence imposed today should act as a clear deterrent to anyone else who thinks that NHS funds are there for their own gain, instead of being there to meet the healthcare needs of everyone.

"The NHSCFA's action now continues to pursue the money taken by Taylor in order to return it to the NHS."

(1st April 2018)

(Action Fraud, dated 16th March 2018)

Fraudsters are cold-calling victims, falsely stating that they are calling from one of the well-known UK telecommunication service providers. They call victims claiming to provide a 'Telephone Preference Service' - an enhanced call-barring service, which includes barring international call centres.

The fraudsters ask victims to confirm/provide their bank account details, informing them that there is a one-off charge for the service. Victims instead see monthly debits deducted from their accounts, which they have not authorised. The fraudsters often target elderly victims.

In all instances, direct debits are set up without following proper procedure. The victim is not sent written confirmation of the direct debit instruction, which is supposed to be sent within three days.

On occasions when victims attempted to call back, the telephone number provided by the fraudster was either unable to be reached or the victim's direct debit cancellation request was refused.

During 2017, there were 493 Action Fraud Reports relating to this fraud.

Protect yourself:

- There is only one Telephone Preference Service (TPS). The TPS is the only official UK 'do-not-call' register for opting out of live telesales calls. It is FREE to sign-up to the register. TPS never charge for registration. You can register for this service at

- You will receive postal confirmation of genuine direct debits. If you notice unauthorised payments leaving your account, you should contact your bank promptly.

- Always be wary of providing personal information, or confirming that personal information the caller already claims to hold is correct. Always be certain that you know who you talking to. If in doubt hang up immediately.

If you have been affected by this, or any other type of fraud, report it to Action Fraud by visiting or by calling 0300 123 2040.

(1st April 2018)

(Liverpool Echo, dated 12th March 2018 author Caroline Jones)

Full article [Option 1]:

Sorting out your car insurance can be enough of a nightmare without falling foul of a scam in the process.

But there's a scheme you'll want to be aware of when deciding where to get your policy from - and it's been doing the rounds for a little while now.

Not everyone, however, has heard of ghost-broking, which makes it very difficult for motorists to remain vigilant about what has been described as an "extremely complex" scam.

Here, we explain what it is and how you can avoid being fooled by it:

So, just what is ghost-broking?

Ghost brokers are fraudsters who sell drivers apparently cheap motor insurance deals but issue policies that aren't worth the paper they're written on, says the Insurance Fraud Bureau.

They may use some of the drivers' correct details but often falsify information, such as the address or age, to benefit from lower premiums.

Typically the scam works in one of two ways:

- Policies are bought from legitimate insurance companies using false information and then doctored before being sold on to customers;

- Fake policy documents designed to look like they have been issued by legitimate insurance companies are created and sold on to customers.

The consequences of buying a fake insurance policy can be the same as having no policy at all:

- Your car may be seized by police;
- You'll pay a fixed penalty notice of £300;
- You'll have to buy valid insurance and pay at least £150 to get your car back from the pound;
- You could be liable for any damage you cause while driving without insurance, which could include compensation if you injure someone.

So, how can I beat the fraudsters?

Advice from the Insurance Fraud Bureau says:

Find a legitimate broker via the BIBA website and check that your insurance adviser is on the Financial Services Register -

Beware of buying insurance policies from unusual sources such as social networks, newsagents or bars and pubs;

Check your insurer is a Motor Insurers' Bureau (MIB) member -

It's also worth bearing in mind that some of the bogus websites set up by scammers appear genuine, while others are clearly fake and are usually advertised through social media.

People should ensure websites are regulated by the Financial Conduct Authority (FCA) before handing over details or money. Report any suspicious activity to the fraud bureau on 0800 422 0421.

(1st April 2018)

(Liverpool Echo, dated 9th March 2018 author Caroline Jones)

Full article [Option 1]:

It's fair to say that keeping an eye out for scams is becoming an important part of our daily routine.

Once upon a time, many of us would recognise a scam from miles away - and we would be on the alert for the promise of too-good-to-be-true lottery wins or appeals for money which just didn't make sense.

But, now, more and more of us are on the lookout for seemingly routine e-mails, text messages and communications via social media which could have a hidden agenda lurking behind them.

And, today, Action Fraud has tweeted about yet another nasty scam which is trying to trick us - this time while we're at work. It's called spear phishing and it's important not to be fooled by it.

So, what exactly is spear phishing?

Basically, this involves fraudsters sending e-mails - which appear to be from a known or trusted sender - in order to induce targeted individuals to reveal confidential information.

In the most recent case revealed by Action Fraud, an e-mail was sent to a worker which appeared to be from a senior member of staff within the same organisation.

It said in its tweet: "Spear phishing campaign targets businesses with fake payment requests. (In this case), the spoofed e-mail purports to be from a senior staff member within the recipient's organisation and requests that a new 'faster payment' be set up.

"The attachment doesn't contain malware and the bank details are fake. It works when victims email back the criminals after unsuccessfully trying to pay. Fraudsters then get in contact and send over real bank details.

"Remember, criminals can spoof e-mail address to make it appear as though an e-mail was sent by a person or company you know.

"Ensure that your organisation has established procedures in place to verify and corroborate all payment requests."

How can I protect myself from scams like this?

Phishing, vishing and smishing scams come in the form of any website, online service, phone call or text message that poses as a company or brand you recognise.

Any contact like this is designed to convince you to hand over valuable personal details or your money, or download something that infects your computer.

This is advice from Action Fraud about how to protect yourself:

- Don't assume anyone who's sent you an email or text message - or has called your phone or left you a voicemail message - is who they say they are.

- If a phone call or voicemail, email or text message asks you to make a payment, log in to an online account or offers you a deal, be cautious. Real banks never email you for passwords or any other sensitive information by clicking on a link and visiting a website. If you get a call from someone who claims to be from your bank, don't give away any personal details.

- Make sure your spam filter is on your emails. If you find a suspicious email, mark it as spam and delete it to keep out similar emails in future.

- If in doubt, check it's genuine by asking the company itself. Never call numbers or follow links provided in suspicious e-mails; find the official website or customer support number using a separate browser and search engine.

If you think you have been a victim of fraud, you should report it to Action Fraud by calling 0300 123 20 40 or by visiting

(1st April 2018)

(Telegraph, dated 7th March 2018 author Sara Spary)

Full article [Option 1]:

WhatsApp fraudsters are targeting 'naive' young people and turning them into money mules.

New data, compiled from the National Fraud Database by not-for-profit fraud prevention body, Cifas, suggests in the past year there has there has been a "sharp rise" the number of 18 to 24 year olds being tricked into using their bank accounts to transfer the proceeds of crime.

According to the figures, there were 8,652 cases of 'misuse of facility' between January and the end of September this year, a 75 per cent rise.

Speaking to The Telegraph, Sandra Peaston, Assistant Director at Cifas, said social media was being increasingly tool used by fraudsters to convert young people into accidental money launderers - by offering them fake money making schemes or even fake job offers, and then convincing people "who don't ask many questions" to transfer money as a favour.

"The use of social media is one of the things we know is happening... be that by instant messages, or via adverts on YouTube.

Ms Peaston said they were known to be using messaging apps such as WhatsApp to communicate with would-be victims.

Cifas is launching a 'Don't Be Fooled' campaign alongside UK Finance that aims to deter young people - in particular, students - from becoming money mules.

UK Finance added: "If an offer of easy money sounds too good to be true, it probably is."

(1st April 2018)

(The Guardian, dated 6th March 2018 author Rebecca Smithers)

Full article [Option 1]:

Six people have been given jail sentences after defrauding the public out of more than £37m in one of the largest UK online crime cases brought to court.

The group set up and operated a number of "copycat websites", which impersonated official government services to sell passports, driving licences and other key documents for hugely inflated prices. The convictions and sentences followed one of the biggest investigations undertaken by the National Trading Standards eCrime Team.

The convictions and sentences were handed down following two trials - one in July 2017 and another that ended this week. The convictions and sentences relating to the July 2017 trial can only now be reported.

The individuals - who received sentences of varying lengths - are Peter Hall, Claire Hall, Syed Bilal Zaidi, Collette Ferrow, Liam Hincks and Kerry Mill, all of various addresses across the UK.

The July 2017 trial heard how the defendants set up copycat websites through the company Tadservices Limited between January 2011 and November 2014. These mimicked official websites run by 11 government agencies and departments and manipulated search engine results to appear more genuine.

Hundreds of thousands of purchasers were duped into paying more than they needed for new or replacement passports, visas, birth and death certificates, driving licences, driving tests, car tax discs and the London congestion charge.

The criminals also set up websites that mimicked the American, Cambodian, Sri Lankan, Turkish and Vietnamese official visa sites where travellers could apply and pay for electronic visas. It is believed that in addition to UK consumers, Indian, Turkish and US citizens were also defrauded.

The illegal profits funded a glamorous lifestyle for the defendants, with extravagant spending on expensive cars and luxury holidays. At one stage Claire Hall was preparing to buy a house for £1.4m in cash when the authorities intervened.

"These convictions represent an important milestone in the fight against online fraud," said Lord Harris, the chair of National Trading Standards. "This was a huge fraud and a very large number of people lost money as a result of the malicious actions of these criminals."

Handing down sentence on Tuesday, Judge Sean Morris said: "The internet is now the most frequently used marketplace. It is full of busy people in a rush who don't have time. There is a lot of money to be made by dishonest people out of the honest people who don't have time to check that a site is an official government service."

(1st April 2018)

(Penarth Times, dated 6th March 2018 author anon)

Full article [Option 1]:

People are continuing to be scammed in the Vale of Glamorgan by someone claiming to be a police detective, prompting police to reiterate their warning not to hand money over to the fraudster.

The individual masquerading as a police officer has been targeting individuals with an elaborate story, before attempting to get victims to hand over significant amounts of money.

In the past fortnight, South Wales Police has seen a marked increase in the number of people reporting calls of this nature. In Cardiff, at least eight reports were received in two days, while in the Vale of Glamorgan reports have been made on an almost daily basis. Force-wide, the number of similar reports has also increased.

In some of the instances, the victims were told their cards had been cloned or they had been victim of fraud, and they were asked to provide their bank details. During other calls, the victims were told a family member had been arrested, while others were told to visit cashpoints and draw out thousands of pounds or purchase expensive items to hand over to a 'courier' who would collect the money from their home.

In all of the cases, the person calling claimed to be a detective and was so convincing that some of those contacted handed over the money or bank details requested.

Detective Inspector Paul Raikes, said: "These scammers are extremely persuasive and convincing and are often very successful in duping people in to handing over substantial amounts of money.

"Many of this week's victims have been elderly, but the truth is anyone can be targeted by these scammers and I'd urge everyone to be on their guard and to talk to their friends and loved ones about the scams. The more awareness there is of them, the less successful these fraudsters will be. Anything suspicious should be reported to us immediately."

Detective Inspector Paul Giess, from the Economic Crime Unit, added: "While many of the victims in these cases have been elderly or vulnerable, I cannot stress enough how sophisticated and well-rehearsed these scammers are, and any one of us could fall victim to their con if we are not vigilant.

"My message to the public is simple - the police, or any other legitimate organisation for that matter - will never contact you in this manner. All calls of this nature are a scam, and the person receiving the call should hang up as soon as possible."

To minimise the risk of falling victims to fraudsters, the public are encouraged to remember these simple tips:


- Obtain details of caller including name, rank, collar number and station
- Ascertain what Police force they identify themselves as working for
- Note any contact details from caller display or via 1471 after the call has concluded
- Obtain the main force control room number from the phonebook, internet or directory enquiries service
- Terminate the call advising you will contact the force control room directly to confirm their identity and be put through to them internally. (Ring a family member first to ensure the line has disconnected from the initial caller)
- If anyone calls at your address following on from this communication please call 999


- Provide any details of bank cards, account numbers, financial circumstances or personal details
- Agree to make purchases or obtain funds from accounts to hand over to couriers
- Hand over your bank cards or account paperwork

Anyone who thinks they may have fallen victim to a scammer should report it via 101, or Action Fraud on 0300 123 2040.

(1st April 2018)

(Kent online, dated 6th March 2018 author Kentonline Reporter)

Full article [Option 1]:

A fraudster who tried to con an elderly man out of thousands of pounds was thwarted by suspicious bank staff who stopped the victim withdrawing cash.

Aaron Wiltshire, 31, of Page Crescent, Slade Green, attempted to convince the victim - aged in his 90s - that he needed to hand over money for work to his home.

Maidstone Crown Court heard a man knocked on the victim's front door in Old Perry Street, Northfleet on January 17 last year claiming to live nearby.

He said there was a problem causing his water to turn brown, and he thought it may also be affecting him.
Two days later, a different man knocked on the victim's door and claimed there was a problem with the victim's water which would require a lot of specialist equipment.

This man, later identified as Aaron Wiltshire, said it would cost around £9,000 to repair.

The victim gave the man his mobile phone number and later that day he received a call from a man discussing the repairs.

The man told the victim he would need a £3,000 deposit, and believing the man, the victim went to the NatWest bank in Gravesend to withdraw the money. But staff would not release the funds as they felt it was suspicious.

The following day, Wiltshire visited the victim's home and took him via a number of taxis to banks in Dartford to withdraw funds up to £1,700. Returning to his address, Wiltshire then told the man that he wanted more cash.

The victim told Wiltshire he had no further money and wrote out a cheque for £19,800, which Wiltshire took before leaving.

Later that night the victim was contacted by an officer at Kent Police. The victim then cancelled the cheque and his cards.

The next day Wiltshire went back to the victim's address asking why he cancelled the cheque.

The victim told him that he did not wish to go ahead with the work. The man was also told that solicitors would be contacted over the breach of contract. Wiltshire then ripped up the cheque before leaving.

Following an investigation by Kent Police, Wiltshire was identified through CCTV and was arrested and later charged with fraud.

He has now been jailed for four years after being found guilty by a jury of two counts of fraud by false representation, with an additional four weeks for breaching a suspended sentence.

The judge praised the bank staff for their actions.

Investigating officer PC Colin Bassett said: "Wiltshire preyed on a vulnerable man on numerous occasions pressurising him to hand over thousands of pounds of cash without any care for the victim.

"I'd like to echo the judge's sentiments and commend the staff at the bank for stopping the first large transaction and passing on their concerns. Had it not been for those staff then this case would have had a very different outcome and who knows where it would have stopped.

"If anyone thinks they have been a victim of fraud or believes someone they know may be being targeted then please do get in touch with Kent Police so officers can investigate fully."

(1st April 2018)

(BBC News, dated 5th March 2018 author Kevin Peachey)

Full article :

Hoards of scam letters are being seized before reaching the letterboxes of vulnerable potential victims, according to Royal Mail.

The delivery service received stinging criticism from government and campaigners after the Royal Mail logo was found on scam letters.

It prompted a series of changes which the service said had halted three million letters in just over a year.

Fake lotteries and bogus clairvoyants have used mass mail drops in the past.

The BBC has reported cases in which people have lost tens of thousands of pounds to these postal scammers.

Impounding letters

An investigation by the Daily Mail in 2016 alleged that scammers paid companies to print their scam letters in bulk.

If printed abroad, the letters were then taken to the UK where firms sorted and mass transported them to Royal Mail, which made the final delivery to people's homes. The Royal Mail logo was printed on the envelopes.

The issue led Royal Mail to be hauled before a government minister.

The service said it faced difficulties owing to the law which made it an offence to open postal items to look at the contents. Once envelopes were sealed, neither Royal Mail nor the intermediary companies delivering the mail to Royal Mail for final delivery were permitted to open them and assess the content, it said.

However, staff were trained to spot potential scam letters, and a series of new initiatives - including an industry-wide code of practice - have been launched since 2016.

Changes to terms and conditions governing bulk mail contracts in March 2017 meant Royal Mail could follow up on solid intelligence by refusing to carry mail suspected to be fraudulent.

The next month it started to contact, by Special Delivery, households receiving high volumes of scam mail, and impounded scam letters at its distribution centres before it reached the customers' letterboxes.

"We are committed to doing everything we can to stop this fraudulent material from reaching UK households," said Stephen Agar, managing director of letters at Royal Mail.

"We continue to deploy a range of different initiatives to keep one step ahead of the scammers."

The initiative does not cover electronic mail, and many con-artists have turned to email and social media to blitz potential victims with similar scams.

(1st April 2018)

(The Leader, dated 12th March 2018 author Rory Sheeham)

Full article [Option 1]:

A MAN from Wrexham has admitted his role in a £37 million copycat website fraud scam.

Six people have been sentenced to a total of more than 35 years in prison after being convicted of defrauding UK consumers out of more than £37m in one of the largest UK online crime cases.

They operated a number of 'copycat websites', impersonating official government services to sell passports, driving licences and other key documents for vastly inflated prices.

The convictions and sentences follow one of the biggest investigations undertaken by the National Trading Standards eCrime Team.

These sentences were handed down following two trials - one in July 2017 and the other in March 2018.

The convictions and sentences relating to the July 2017 trial can only be reported now due reporting restrictions which were in place.

Liam Hincks, 28, of St Albans Heights, Tanyfron, pleaded guilty before the July 2017 trial began and was sentenced to three years for his part in the multi-million pound fraud.

Hincks also pleaded guilty before the March 2018 trial and will be sentenced at a later date.

The July 2017 trial heard how the defendants set up copycat websites through the company Tadservices Limited between January 2011 and November 2014.

These sites mimicked official websites run by eleven government agencies and departments and manipulated search engine results to appear more genuine. They knowingly misled hundreds of thousands of consumers into paying more than they needed for a number of government services including new or replacement passports, visas, birth and death certificates, driving licences, driving tests, car tax discs and the London Congestion Charge.

The criminals also set up websites that mimicked the American, Turkish, Cambodian, Vietnamese and Sri Lankan official visa sites where travellers could apply and pay for electronic visas to visit those countries. In all cases the sites offered little or no additional value to consumers using them. It is believed that in addition to UK consumers Indian, Turkish and US citizens were also defrauded.

The second trial in March 2018 heard how five defendants established a series of copycat websites through the companies Online Forms Limited and AE Online Services Limited in 2014 and 2015.

These copycat websites mimicked a range of the visa application websites in countries including the United States, India, Turkey, Bahrain and Sri Lanka.

Lord Toby Harris, who chairs National Trading Standards, said: "These convictions represent an important milestone in the fight against online fraud.

"This was a huge fraud and a very large number of people lost money as a result of the malicious actions of these criminals.

"Our eCrime team, operating with finite resources, has worked tirelessly to bring these criminals to justice and I'm delighted their efforts have led to these historic convictions.

"I urge members of the public to report any copycat websites they spot to the Citizens Advice consumer service by calling 03454 04 05 06."

Mike Andrews from the National Trading Standards eCrime Team said: "This was a crime motivated by greed. This group defrauded people so they could enjoy a luxury lifestyle.

"They showed no regard for the unnecessary costs they imposed on their victims. I would say they treated them with contempt.

"I urge people to always use the GOV.UK website when looking to apply for any kind of government service such as a passport, driving licence or EHIC card.

"Search engines may seem the easiest route but searching using the GOV.UK website is the safest way of ensuring you do not fall victim to a copycat website."

(1st April 2018)

(Telegraph, dated 2nd March 2018 author Sophie Christie)

Full article [Option 1]:

As well as spelling mistakes and poor grammar, there are a number of things you can look out for to help you recognise a 'phishing' or bogus email, says HM Revenue & Customs (HMRC) in its latest guide on scams.

Thousands of taxpayers are targeted by criminals every year with bogus emails, texts, and even social media messages that can seem genuine, but on closer inspection provide clues to their falsity.

Here are the five things you should look out for if you receive correspondence purporting to be from the taxman.

1. Fake email addresses

Fraudsters typically own email addresses with names associated with HMRC, like Revenue, HMRC or gov. Here's an example of a fake email address:

Be aware that fraudsters can spoof the "from" address to look legitimate. For example: it may look like it is from '', but if you hover over the link and look at the bottom left-hand corner of your browser page, you will see the actual link that that text leads to, and that will not end with at all. If you're unsure whether the message is real, don't open it. Instead, forward suspicious emails to HMRC 's phishing team at, and wait for their guidance.

2. Offering a tax rebate or payment

Emails from HMRC will never offer you a repayment, notify you of a tax rebate, ask you to disclose personal information such as an address or bank details, or provide a non-HMRC personal email address to send a response to.

But because the taxman does offer tax rebates to customers, which can be significant sums of money, people are often lured into engaging with crooks who are promising to transfer large amounts of cash.

3. Demanding urgent action

Con artists often ask for immediate action in their emails. Be wary of messages containing phrases like "you only have three days to reply" or "urgent action required".

4. Bogus links to websites and dodgy attachments

If the email includes a link to a webpage or an attachment, be on your guard. Fraudsters often include web links that lead to pages that look like the homepage of the Revenue's website. This is to trick recipients into disclosing personal or confidential information.

Sometimes they'll even include links to actual HMRC webpages in their emails, to try and make them appear genuine.

Attachments could contain viruses designed to steal your personal information.

5. Common greeting

If an email claiming to be from the taxman begins with a general greeting, such as "Dear Sir/Madam", "Dear customer" or "Hello", rather than your name, it's highly likely to be fake.

Emails from HMRC will usually start with the recipients name and will include information on how to report phishing scams further down the page.

In 2014 almost 50 per cent of HMRC consumers reported being targeted in a phishing scam. And in 2013 customers reported more than 91,000 phishing emails to the tax agency.



This group of group of scams was compiled by the National Trading Standards team.

(The Herald / Sunday Herald, dated 3rd February 2018 author Iona Bain)

Full article [Option 1]:

Facebook has banned advertising for Bitcoin following a wave of complaints about the number of crypto-currency scams being promoted through the site.

The world's most popular social networking site said its ban will cover all adverts for "financial products and services that are frequently associated with misleading or deceptive promotional practices", with crypto-currencies and binary options cited as the main offenders.


(Llanelli Herald, dated 5th February 2018 author Jason Cooper)

Full article [Option 1]:

Love might be in the air around Valentine's Day, but Dyfed-Powys Police is urging people to be wary of who they meet on dating websites after saving potential victims from sending £52,000 to fraudsters.

The force's Financial Crime Team has offered advice to people dating online to help stop their heart - and their finances - take a bruising.

Romance fraud is where fraudsters set up fake profiles to form relationships with unsuspecting people looking for a genuine partner on dating websites. They use the site to gain your trust and ask you for money or enough personal information to steal your identity.

(Birminghamlive, 5th February 2018 author James Rodger)

Full article [Option 1]:

WhatsApp users are being warned over yet another scam doing the rounds. This is because free pairs of Adidas trainers are being used as bait by cruel scammers.
Fraudsters offering the recipient one of 3,000 pairs of free trainers in exchange for the completion of a survey.

"We are aware of the WhatsApp message that is currently circulating claiming that Adidas is giving away free footwear and would like to caution the public about believing this, as it is definitely a hoax", said Lauren Haakman, Brand Communications & PR Manager of Adidas South Africa.


(North Yorkshire Police, dated 6th February 2018)

Full article :

Police in York have urged residents to be on their guard following the arrest of three suspected rogue traders.

Neighbourhood Policing Team were alerted to the Dunnington area at 8.17am on Monday (5 February 2018) after an elderly and vulnerable resident reported she had been pressured into purchasing a new front door by men claiming to be from a reputable home improvement company.

(Kentlive, 9th February 2018 author Mary Harris)

Full article [Option 1]:

Residents have been warned about a "rude and intimidating" doorstep seller knocking on the doors of residents in Tunbridge Wells.

People who live in the town have reported a man with an "aggressive manner" who was "banging on doors" trying to sell over-priced cleaning goods, with two saying they had been sworn at when they refused to buy anything.

One householder nicknamed the sellers "Nottingham Knockers".
Trading Standards has today (February 9) issued an alert about a man selling household cleaning products door-to-door.


(Action Fraud, 1st February 2018)

Full article :

Action Fraud are warning people to watch out for fraudsters claiming to be from the Financial Ombudsman Service.

Fraudsters claiming to be from the Ombudsman are cold-calling victims and telling them they have a cheque for a large amount of money from a compensation claim. The victim is then told to buy an iTunes (or similar voucher) roughly to the value of £300 to 'release' the compensation. They then claim that a courier will collect it from their home address and that a cheque will be sent to them in the post.

The service, which deals with complaints from consumers about the financial services industry, is a free service for the public and it would never cold call households to ask for a fee in order to claim reimbursement.

(Somersetlive, dated 6th February 2018 author Liam Trim)

Full article [Option 1]:

A criminal pretending to be a Metropolitan Police Inspector almost defrauded an elderly woman out of her life savings, according to a police Twitter account.

Only the intervention of staff at a Somerset bank branch stopped a devastating fraud taking place.

(Birmingham Live, dated 7th February 2018 author Ross McCarthy)

Full article[Option 1]:

A greedy fraudster who fleeced a frail widow out of her £20,000 life savings - and used it to buy five drum kits - has been jailed.
Heartless Simon Roe also splashed out on fast food binges and video game consoles, using his housebound neighbour's cash as his "own little lottery fund".

He left the 80-year-old with just £13.33 in her account after she trusted him with her bank card to do her shopping.

(Action Fraud, dated 12th February 2018)

Full article :

Fraudsters are purporting to be from the Home Office and cold-calling victims to claim that there is a problem with their immigration status.

Fraudsters are calling victims from what appears to a genuine Home Office telephone number 0207 354 848 - which has in fact been 'spoofed'. To spoof numbers, fraudsters use software that allows them to display any number they wish on a victim's phone.

Fraudsters tell victims there is a problem with their immigration status and in order to rectify this issue, they must pay an up-front fee. They are asked to confirm personal details, such as their passport number and date of arrival in the United Kingdom. If a victim starts to question the call, the fraudsters point out the 'spoofed' number to make the request seem legitimate.


(1st March 2018)

(Daily Mail, dated 24th February 2018 author Katherine Faulkner)

Full article [Option 1]:

Conmen who targeted British pensioners with millions of letter frauds are facing court action after a Daily Mail investigation.

More than 200 scammers have been charged or served with court orders in a joint action by US and Canadian police using evidence uncovered by this newspaper's investigations unit.

One of those facing legal action, Andrew John Thomas, was caught on camera by an undercover Mail reporter boasting that he was a 'proud w****' who used his 'beautiful talent to sell this s**t to people who don't need it'. Another is his associate Patrick Fraser.

The evidence gathered by the Mail is described in court papers as proof of the pair's 'intent to defraud'. Police believe they may have run hundreds of millions of pounds worth of frauds, sending four million letters a year.

They are understood to have told their printing providers they valued having Royal Mail branding on their letters to dupe British victims into thinking they were genuine.

The developments will pile pressure on postage firms in the UK and on Royal Mail, which has launched a drive to stamp out scam letters in response to the Daily Mail's investigation in October 2016.

We revealed how conmen were using Royal Mail's bulk mail contracts with postal partners to target the elderly. In some cases they paid to use the Royal Mail logo.

Some of their letters conned vulnerable people, including dementia patients, into thinking they had won a prize they could claim by sending money. Officials believe up to £10billion is lost to such scams each year.

Court papers filed in New York by the US Department of Justice on Thursday cite evidence gathered by the Daily Mail that Thomas and Fraser were directors of a mail fraud scheme to defraud the elderly.

They used eight shell companies, rented mailboxes and cross-border couriers to hide their activities, the US Department of Justice alleges.

The pair have now been banned from sending further mass mailings pending an investigation by the department. Criminal charges have not yet been brought against them, but sources said they could later be charged with mail fraud.

The hundreds of scammers targeted by the action are accused of defrauding more than a million elderly people globally out of more than £600million. More than 200 have been charged and civil actions brought against dozens more.

The Daily Mail's exposé came after reporters infiltrated a conference at a ski resort in Canada where scammers met to trade 'suckers lists' with names and addresses of those considered susceptible to fraud.

They boasted of 'ripping off suggestible' victims and of using Royal Mail's discounted bulk postage rates to send letters to the UK. This also allowed them to have Royal Mail branding on envelopes.

Royal Mail said last night it was 'working with industry partners and law enforcement agencies to tackle this issue even more vigorously'.

Since its crackdown in 2016, more than three million fraud letters have been stopped before delivery.

(1st March 2018)

(Daily Express, dated 20th February 2018 author Tom Gillespie)

Full article [Option 1]:

CONVINCING copy-cat websites which mimic those of big legitimate pensions and savings firms are leaving Brits just one click away from losing their entire lifesavings to fraudsters.

Criminals have been impersonating legitimate companies such as Halifax and Vanguard Asset Management to target people with savings to invest or with access to their pension - and they are raking in £500,000-a-day from victims.

So-called clone fraud investigations have almost doubled in the past year, and pensioners are especially at risk, the Financial Conduct Authority (FCA) said.

The body, the City's chief watchdog, has said some victims have lost out on hundreds of thousands of pounds. Official figures sourced by The Times show that nearly £200million has been stolen by "investment fraudsters" in the last year.

The paper reports that the figure is thought to grossly underestimate the seriousness of the problem, citing the fact many victims will be too embarrassed to report the crime.

Some victims have been tricked out of more than £250,000.

The FCA has looked into 157 attempts of fraudsters imitating companies over the past year - a huge rise from the 90 attempts recorded in 2015.

Each cloned company is thought to have been likely to have targeted thousands of savers.

The gangs typically cold-call investors to promote property, shares or other non-existent opportunities.

The scale of the problem is likely to fuel further calls for a ban on pensioner cold-calling.

Con artists have been targeting elderly savers ever since pensions freedoms introduced in 2015 allowed anyone over 55 to gain early access to their retirement pots.

The oldest reported victim of investment fraud is 98, while the average age is 61, according to City of London police.

Ministers vowed last week to ban pension cold-calling so that if an old person is called they know it is a fraudster.

It has not been made clear how the law would be rolled out.

The FCA says that clone fraudsters use the name, address and registration number of established businesses.

They then give their own phone number, address and website details to victims.

The website details will often link to a copy of the actual company's page.

Subtle changes will have been made, such as an altered phone number.

The cruel fraudsters have even faked the watchdog's website to include their own contact details rather those of a genuine company.

Last year a con-artist pretended to be a top fund manager at JO Hambro Capital Management, and went on to persuade a victim to invest £100,000.

The unnamed victim, told they were investing in Barclays bonds, never saw his cash again.

The FCA is said to issuing a warning on its website every other day about a cloned firm.

The watchdog said clone fraudsters are tough to tackle because they operate from outside the UK.

Their British addresses are said to be fake and the bank accounts they use are usually based abroad.

The FCA has also warned about a pension review scam.

Investors are phoned out of the blue and are offered a free pension review designed to encourage them to move money into high-risk or fake investment schemes.

FCA spokesman Tim Matthews said: "Fraudsters use sophisticated methods to get hold of your cash - this can include cloning a legitimate firm. If you're buying a financial product such as a loan, insurance, investment or pension, only deal with an FCA-authorised firm."

###How can you protect yourself?

If you are uncertain about a firm that has contacted you, be sure to check the FCA's online registers.

The authority says the investor should sued the details on the register to contact the firm, rather than information provide by the person who has phoned you.

The FCA added that you should only access their register from its website, and not through links provided by anyone else.

(The Times, dated 19th February 2018 author Andrew Ellson)

Full article [Option 1]:

Savers are being tricked out of half a million pounds every day after a surge in criminals targeting British pension riches, The Times can reveal.

People with nest eggs to invest, including those with new freedoms to access their pensions, are falling for well-resourced foreign fraudsters impersonating the identities of legitimate companies.

Investigations into "clone fraud" have almost doubled over the past year, according to the Financial Conduct Authority (FCA), the City's chief watchdog, with some victims losing hundreds of thousands of pounds.

The finding comes as official figures obtained by The Times show that almost £200 million has been stolen by investment fraudsters over the past year, although this is thought to grossly underestimate the true scale of the problem.

(1st March 2018)

(Telegraph, dated 24th February 2018 author Martin Evans)

Full article [Option 1]:

Organised criminals and fraudsters are stealing the identities of dead people in order to get cheaper car insurance, it has emerged.

Unscrupulous motorists with poor driving records are increasingly targeting the deceased, in order to take advantage of more attractive premiums.

Police technology also means it is now very difficult to drive around in an uninsured vehicle without being detected, so having some sort of cover is usually vital to avoid unwanted attention.

Driving a vehicle that is insured in a dead person's name also means there no chance of the scam being discovered by the victim.

It is feared organised criminals and even terrorists, could take advantage of the scam, in order to move around on the roads undetected.

The widow of former Tory Minister, Ian Sproat, has described how she realised his identity had been stolen when she received a letter saying he was being prosecuted for speeding, six years after his death.

Judith Sproat, 80, said: "The first I knew of this was in August last year when I received a letter from an insurance company asking for bank details to renew Ian's insurance. He had died in 2011 and so of course I knew it was a mistake.

"Then in January this year I received a letter from South Yorkshire Police, again addressed to my husband, containing a Notice of Impending Prosecution for a speeding offence committed on 1 September 2017.

"The police explained they had obtained my late husband's name and address from the car number plates of the speeding vehicle."

Mrs Sproat contacted both the insurer and the police to inform them of the situation but was simply told to report it to the National Fraud Intelligence Bureau. And while she cannot be held liable for any financial penalty incurred in the scam, she is angry that her law abiding husband's name, has been used as part of a criminal enterprise.

She said: "There could be many motives for this identity theft, from the fairly simple one of wanting to gain benefit of a no claims bonus, the more sinister ones of a fraudster being banned from driving, or a career criminal wishing to avoid detection, or even to a terrorist with the same idea."

Mrs Sproat added: "Of course I have no means of knowing if my late husband's identity theft relates only to car use. If it has been used in other ways I daresay I will find out in time."

Last month the Sunday Telegraph reported on the growth of a worrying phenomenon known as Ghost Broking, where fraudsters sell fake insurance policies to drivers desperate to find a good deal.

But experts at the Insurance Fraud Enforcement Department (IFED) at the City of London Police admitted they have no idea of the scale of identity theft involving car insurance, because so few cases have been reported.

This could be because it is still not widespread, but it could also be because the families of those dead people being targeted are simply unaware.

A spokesman for the City of London Police said: "False addresses are used to get cheap insurance as they are often taken out using low risk postcodes.

"We have often seen that this type of fraud can facilitate organised crime gangs with insuring their vehicles so they don't come to the notice of police and also obtain cheaper policies."

Colin Jemide, and adviser with IFED said: "There is so much information available online these days that identity fraud is obviously a danger. There could be all sorts of reasons why someone would seek to use somebody else's details when getting car insurance.

"In order to prevent this sort of thing happening it is important to carefully check all letters you receive in the post from insurance companies and not assume they are junk mail.

"If you receive documents for someone with no connection with your address contact the company's fraud department immediately and report it."

(1st March 2018)

(London Evening Standard, dated 23rd February 2018 authors Jonathan Prynn and Barney Davis)

Full article [Option 1]:

A string of City bosses have fallen victim to a "slick" £1 million rugby tickets scam after paying for fake Six Nations corporate boxes at Twickenham.

Dozens of senior executives said they were left feeling "like mugs" when they learned that the corporate hospitality packages they had paid up to £12,000 each for did not exist.

A company calling itself Elite Sports Hospitality targeted senior business figures with offers of "half-price" boxes at sell-out rugby fixtures including last week's clash between England and Wales and likely decider England v Ireland on March 17, St Patrick's Day.

The Oxford-based firm sent emails detailing packages for up to 20 people in a "glass-fronted private box" in the ground's East Stand costing between £8,700 and £12,240 including VAT.

The deals promised a champagne reception, four-course lunch with "fine wines", a complimentary bar and "post-match savoury selection".

However, rugby fans who transferred money to the company's HSBC account received emails at the start of February signed by a "Delroy Forgah" telling them that their "booking will no longer be going ahead" after a "mix-up".

The email went on to ask for bank details as "a full refund will be offered on the package purchased". But when victims tried to contact Elite Sports Hospitality, emails bounced back and phone lines were dead.

As many as 80 executives are believed to have fallen victim, handing over hundreds of thousands of pounds and possibly as much as £1 million.

One target, Patrick Goodwin, head of a City financial recruitment firm, who booked a box at the Irish game, said: "I received the first email approach in September last year. It all seemed above board, they had a slick website, they checked out on Companies House.

"I must have spoken to them six to eight times about details such as dietary requirements, parking and the itinerary - they were genuinely nice people, it was incredibly well done.

"I've been in business over 20 years and I've never been scammed before. I like to think I'm pretty streetwise. If I can get ripped off then anyone can get ripped off."

He said when he contacted Elite Sports Hospitality's address he was told the company had moved out without paying its bill.

Another victim Glyn Heatley, of Clerkenwell-based data services group Cervello, who also paid for a box at the Ireland game, said: "It's not just the financial aspect of it, I feel like a mug.

"We had to go back and tell clients it's a scam, it was a bit embarrassing and we've been the butt of many jokes."

A third, Mark Cardy of financial adviser Skerritt, said: "I thought £500 a head for a slap-up lunch at Twickenham on St Patrick's Day was pretty good value. I was super-excited. Now I've had to confess I've been a bit of a numpty. I feel pretty gutted, annoyed, frustrated and stupid really."

The website for Elite Sports Hospitality lists its parent company as Elite Direct Advertising and Marketing Ltd. Documents at Companies House lists that company's sole director and shareholder as Dunstable-based businessman Jermaine Daley.

Mr Daley told the Standard he sold the company to Mr Forgah for £1 in December last year and knew nothing about the scam.

The Standard was unable to contact Mr Forgah. The scam is being investigated by Bedfordshire Police.

A spokeswoman for Bedfordshire Police said: "We have received reports that more than 80 victims have been defrauded out of hundreds of thousands of pounds in total after hospitality packages were offered to businesses for various high profile rugby events. Payment was requested by bank transfer, but the victims never received the tickets.

"We are investigating the web company which offered the packages. Our advice to stay safe online is always be suspicious if a website asks you to make a bank transfer instead of paying by card. "

Dan Hyde, a partner at law firm Pennington Manches, which is advising several of the victims said: "This type of fraud is pernicious and highly effective.

"The perfected fraudulent email can be copied and pasted or forwarded repeatedly.

"Company details and sales language give a veneer of authenticity and reassurance to the unsuspecting victim. Like many such scams it urges speed to avoid missing the cut price bargain by making early payment.

"We would ask anyone who has been a victim to get in touch urgently"

(1st March 2018)

(Action Fraud, dated 20th February 2018)

The National Fraud Intelligence Bureau (NFIB) has seen an increase in recent weeks in the volume of CEO Fraud reports whereby schools are the targeted victim. This has resulted in substantial financial losses for several schools that have fallen victim to this type of fraud.

A school is targeted by a fraudster who purports to be the Head Teacher / Principal. The fraudster contacts a member of staff with responsibility for authorising financial transfers and requests for a one off, often urgent, bank transfer to be made. The amounts requested have been between £8,000 and £10,000.

Contact is made by email and from a spoofed / similar email address to the one the Head Teacher / Principal would use.


- Ensure that you have robust processes in place to verify and corroborate all requests to change any supplier or payment details. Get in touch with the supplier (or internal colleague) directly, using contact details you know to be correct, to confirm that a request you have received is legitimate.

- All employees should be aware of these procedures and encouraged to challenge requests they think may be suspicious, particularly urgent sounding requests from senior employees.

- Sensitive information you post publicly, or dispose of incorrectly, can be used by fraudsters to perpetrate fraud against you. The more information they have about you, the more convincingly they can purport to be one of your legitimate suppliers or employees. Always shred confidential documents before throwing them away.

- Email addresses can be spoofed to appear as though an email is from someone you know. If an email is unexpected or unusual, then don't click on the links or open the attachments. Staff should not be allowed to check emails or use the internet with administrator accounts.

If you have been affected by this, or any other type of fraud, report it to Action Fraud by calling 0300 123 2040, or visiting

(1st March 2018)

(The Telegraph, dated 9th February 2018 author Telegraph Reporters)

Full article [Option 1]:

A wedding boutique was caught selling fake "hand-made" dresses when brides spotted the "made in China" labels, a court heard.

Melanie Bishop, 36, and her 60-year-old mother Patricia tricked 13 brides into thinking they were buying bespoke gowns.

A court heard the pair advertised hand-made bridal dresses costing up to £1,000 from a workshop in Wales.

Brides first found out they had been duped when they spotted "made in China" labels on their dresses and launched a campaign to get their cash back.

But Bishop quickly shut up shop, leaving more than 100 other brides worried they would be left without their dresses.

Both women now face possible jail sentences after pleading guilty to 18 counts of "engaging in unfair commercial practice" after brides complained to consumer watchdogs.

Before she was charged with fraud, Bishop spoke about the "hellish nightmare" that led to close her bridal boutique Anna Sara Bridal in Newport, South Wales.

One bride Nichola Pakau, 34, said: "It has been an awful experience. It has affected my home life and work life."

Another bride's mother, 55-year-old Kim Burroughs, said: "You expect everything to be perfect for your daughter's wedding. I didn't expect this."

The Bishop mother and daughter pleaded guilty at Cardiff Crown Court to 18 counts of engaging in unfair commercial practice between March 2015 and April 2016.

Melanie Bishop claimed her customers should have known their dresses from £700 to £1,000 were manufactured in China and said she was the victim of a campaign of "abuse and lies".

Speaking at the time the boutique was closed, she said: "It's not that we set out to deliberately mislead people, that's not it. When I said our dresses were all our own designs that was true.

"The only thing I could have done differently was be explicitly clear about the origins of the dresses, but so many shops outsource their materials and labour from China. It's not uncommon and I never hid it. I left the made in China labels in."

But an investigation by Newport Trading Standards ended with Bishop and her mother being charged with fraud. The court heard they accepted claiming they had designed and made the dresses themselves.

The pair pleaded guilty to failing to inform customers the wedding dresses were actually made in China, falsely stating they would be made in their local workshop.

Melanie and Patricia Bishop admitted their behaviour was likely to distort the behaviour of the average consumer.

Judge Patrick Curran QC told them he will not be the sentencing judge and warned them: "All appropriate sentencing options are open."

Both women, of Oakdale, near Blackwood, South Wales, were granted bail ahead of their sentencing in March.

(1st March 2018)

(Action Fraud, dated 5th February 2018)

Full article [Option 1]:

- City of London Police's Insurance Fraud Enforcement Department launches campaign to raise awareness of fraudsters selling fake car insurance and warn motorists to 'Steer Clear of Fraud'

- Over 850 reports of ghost broking have been reported to Action Fraud in last three years, with reported losses from individuals and organisations totalling £631,000

- Individual victims of ghost brokers lose on average £769

- Ghost brokers typically target men in their 20s, using social media

The City of London Police's Insurance Fraud Enforcement Department (IFED) has launched a national awareness campaign today (Monday 5 February 2018) to warn motorists about the dangers of buying fake car insurance from fraudsters, also known as 'ghost brokers', who are potentially leaving thousands of unsuspecting victims driving without insurance.

Extent of the problem

From November 2014 to October 2017, Action Fraud received more than 850 reports linked to ghost broking, with reported losses for both individuals and organisations totalling £631,000. On average, each individual victim lost £769 from this type of fraud.

Of these reports, 417 resulted in action being taken against the offenders by IFED following their investigations into ghost broking over the past three years, which included a man who set up 133 fake policies, a teenage ghost broker who was sentenced to jail and a man who made £59,000 from ghost broking.

However, it is thought that the true number of ghost broking victims may be much higher than this figure, as some motorists may be driving on the roads right now unaware that their policy is fraudulent. It is only when they are stopped by police or attempt to make a claim will they find out that they don't have genuine cover.

This leads police to believe that ghost broking is actually being under reported each year due to the way ghost brokers deceive motorists into thinking they have legitimate insurance, when in fact it's worthless.

What is ghost broking?

Ghost broking is the name given to a tactic used by fraudsters who sell fraudulent car insurance by a number of different methods. They typically carry out the fraud by one of three ways: they will either forge insurance documents, falsify the driver's details to bring the price down or take out a genuine policy, before cancelling it soon after and claiming the refund plus the victim's money.

It is a legal obligation to have valid car insurance and without it victims will experience the severe harm caused by ghost broking, including:

- Points on their driving licence
- Vehicle seizure and possible destruction of it
- A fixed penalty notice
- Costs to retrieve impounded vehicle
- Liable for claims costs if involved in an accident

This is on top of the money motorists will have lost buying the invalid car insurance and the money they will have to spend to then buy a legitimate insurance policy.

IFED analysis into the ghost broking reports reveals that men aged 20-29 are most likely to get targeted and that the most common method ghost brokers will use to make initial contact with people is through social media, particularly Facebook and Instagram. Other contact methods include adverts in newspapers and magazines, cold calls and being introduced, either directly or by friends, family members or work colleagues.

Stay safe when buying car insurance

In light of these worrying figures, IFED is encouraging drivers to be wary of heavily discounted prices on the internet or cheap prices they're offered directly for car insurance, as they may well be ghost brokers.

IFED is issuing the following advice and tips to help drivers avoid falling victim to ghost brokers:

• Trust your instincts - if an offer looks too good to be true, then it probably is.

• Ghost brokers often advertise on student websites or money-saving forums, university notice boards and marketplace websites. They may also try to sell insurance policies in pubs, clubs or bars, newsagents and car repair shops.

• Be wary of ghost brokers using only mobile phone or email as a way of contact. Ghost brokers have even been reported using messaging apps, including WhatsApp, Snapchat and Facebook. Fraudsters don't want to be traced after they've taken your money.

• If you are not sure about the broker, check on the Financial Conduct Authority or the British Insurance Brokers' Association website for a full list of all authorised insurance brokers.

• You can also contact the insurance company directly to verify the broker's details.

• You can check to see if your car is legitimately insured on the Motor Insurance Database website.

Detective Chief Inspector Andy Fyfe, Head of the City of London Police's Insurance Fraud Enforcement Department, said:

"Ghost brokers trick unsuspecting victims with offers of heavily discounted car insurance, leaving them with a policy that isn't worth the paper it's written on and open to the severe harm that comes with driving without valid insurance. Being able to drive is vital for a lot people, whether it be to get to work or pick up their children from school or nursery, so if they fall victim to a ghost broker it could not only impact on them financially but also seriously affect their day to day life and make things very difficult.

"As well as the personal harm experienced by victims, ghost brokers also cause financial harm to the insurance industry, driving up the cost of insurance premiums for all motorists.

"While an offer of cheap car insurance may seem tempting, falling victim to ghost broking will end up costing you far more in the long run - both in terms of money and your licence."

(1st March 2018)

(Mailonline / This is money, dated 1st February 2018 author Lee Boyce)

Full article [Option 1]:

Drivers should beware a text message scam which attempts to scare people into revealing personal information.

The message, which even appears to have the logo, reads: 'FINAL REQUEST: 'DVLA Swansea have been trying to contact you, Click below for more information.'

A This is Money reader contacted us to warn about a text message scam and the link in the message may trick people as it has as part of the URL, which in a snap moment may convince them to click on it.

Additionally, many will be worried that they may be in trouble with the organisation, which is indeed based in the Welsh city of Swansea.

However, the DVLA has previously warned that it doesn't send text messages with links to websites asking to confirm personal details or payment information.

The phony website may also include a range of nasties, including malware, a type of virus that lurks in your device to steal information, such as bank log-in details.

The reader, named April, says she would usually discard contact like this, but was almost tricked as she knew her car tax was due for renewal this week - and she has also signed up on the for its reminder service.

It is not clear whether this is a targeted attempt to dupe her with the knowledge that her car tax is due - or whether scammers are just using a scattergun approach.

Also in the URL is the words tax disc. Although abolished in 2014, many still associate vehicle excise duty, widely known as car tax, with the old paper disc.

The DVLA says that some members of the public have received e-mails, texts and telephone calls claiming to be from the agency.

Links to a website mocked up to look like a DVLA online service are sometimes included in the message, as highlighted in this case.

It adds: 'The Government, led by Cabinet Office's Government Digital Service, will continue to investigate reports of organisations which may be actively misleading users about their services or acting illegally, taking swift action when necessary.

'By using the online driving licence or vehicle tax transactions on GOV.UK you can be sure that you are dealing directly with DVLA.'

On social media website Twitter, This is Money found plenty more examples of the scam - with one claiming the domain is registered in Panama, while the DVLA says it is currently investigating:

Last summer, the DVLA revealed e-mails that been sent to people, which had a link to a 'secure web form' that's designed to collect personal information from unwitting recipients.

The correspondence targeting motorists says: 'We would like to notify you that you have an outstanding vehicle tax refund of £239.35 from an overpayment, request a refund.'

The email looks legitimate and includes the DVLA's existing logo and fonts - something that could dupe many motorists into sharing their personal data.

(1st March 2018)

(Action Fraud, dated 7th February 2018)

Fraudsters are attempting to entice victims who are looking for cheap flights abroad.

Victims have reported booking tickets via websites or a "popular" ticket broker, only to discover that after payment via bank transfer or electronic wire transfer, the tickets/booking references received are counterfeit. In some cases, all communications between the company or broker and the victim have been severed.

Fraudsters are targeting individuals who are seeking to travel to African nations and the Middle East, particularly those wishing to travel in time for popular public and religious holidays.

Prevention Advice:

- Pay safe: Be cautious if you're asked to pay directly into a private individual's bank account. Paying by direct bank transfer is like paying by cash - the money is very difficult to trace and is not refundable. Wherever possible, pay by credit card or a debit card.

- Conduct research on any company you're considering purchasing tickets from; for example, are there any negative reviews or forum posts by previous customers online? Don't just rely on one review - do a thorough online search to check the company's credentials.

- Check any company website thoroughly; does it look professional? Are there any spelling mistakes or irregularities? There should be a valid landline phone number and a full postal address so that the company can be contacted. Avoid using the site if there is only a PO Box address and mobile phone number, as it could be difficult to get in touch after you buy tickets. PO Box addresses and mobile phone numbers are easy to change and difficult to trace.

- Be aware that purchasing tickets from a third party, particularly when initial contact has been made via a social media platform can be incredibly risky.
If tickets to your intended destination appear cheaper than any other vendor, always consider this; if it looks too good to be true, it probably is!

- Look for the logo: Check whether the company is a member of a recognised trade body such as ABTA or ATOL. You can verify membership of ABTA online, at

If you have been affected by this, or any other type of fraud, report it to Action Fraud by calling
0300 123 2040, or visiting

(1st March 2018)



Some scams only appear to be reported in certain geographic areas, but that doesn't mean the scammers can't move onto another area. Or, crooks in your locality have their own " dodgy brainwave" !

(Global News, dated 24th January 2018 author Greg Davis)

Full article [Option 1]:

uaware comment : Yes, there is a Peterborough in California, USA !

The Peterborough Police Service is warning residents about the so-called "death threat" email scam now circulating in the Peterborough area.

The scam involves an email stating that sender has been hired by someone the email recipient knows to "remove you" and that the only way to save your life is to pay thousands of dollars in Bitcoin.

Police say the email sender may also indicate they've done research on the recipient and will make a "final offer" before retiring after being a hit man.

"He then states he will give the victim the name of the individual who paid for the hit if the victim sends him $2,000 in Bitcoin currency," said police spokesperson Lauren Gilchrist. "The sender will then give the victim all other evidence needed for police to prosecute the individual who paid for the hit. The sender tells the victim that they have three days to send the money."

Police say they've received complaints about the email.

"We urge residents to ignore and delete these emails," said Gilchrist.

They also advise to not respond to any unsolicited emails and to not send money, virtual currency or otherwise to someone you don't know or have never met. They also advise to never provide personal information for another person to use.

Police warn that the way in which money is sent via Bitcoin is completely anonymous and not traceable.

"If the victim does send the money, the police are not able to investigate beyond taking a report," stated Gilchrist.

(Andover Leader, dated 18th January 2018 author Grant Merrill)

Full article [Option 1]:

###uaware comment : Yes, there is an Andover in the Kansas, USA.

ANDOVER- A number of area banks have reported that their customers are being targeted by phishing scams. At least two financial institutions sent messages this week over social media that indicated that there were problems with unscrupulous people trying to gain money in an illegal manner.

Meritrust Credit Union reported that some of their customers were among those who were victims:

"Attention members: if you receive a suspicious text message appearing to be from Meritrust that asks for you to call with your debit card number, please be advised this may be a phishing attempt. Meritrust will never contact you in attempt to obtain sensitive information. We advise that you do not respond or provide any information, but instead contact us at 800.342.9278 immediately to confirm its validity."

Capitol Federal also said they had problems reported to them as well:

"Please be aware, there is a new text message phishing scam in the area. This specific phishing attempt sends a text message to mobile phone users indicating that unusual activity has occurred on their account. The phone number could appear to come from a local area code. Please do NOT call this number or provide any personal information. This is not a message from CapFed®. For more information on this scam and other phishing help, please visit:"

(Evening Telegraph, dated 19th January 2018 author Reporter)

Full article [Option 1]:

Police have issued a warning to the public following a vishing - voice phishing - scam that resulted in a man losing £29,000.

The incident involved scammers cold-calling a 50-year-old man from the Cupar area last Thursday.

They pretended to be from his bank using software that made it appear as if they were calling from an official number and claimed his account had been compromised.

The man was then convinced to transfer his money into another account for safekeeping, which resulted in the loss.

Officers have issued a warning to the public about the vishing scam and are investigating it through Operation Principle, Fife Division's response to acquisitive crime.

Detective Chief Inspector Scott Cunningham, the lead for Operation Principle, said: "These scammers claim to be from legitimate organisations and try to frighten or pressure people into revealing personal details or banking information.

"Never give such information or transfer money to an unexpected caller and, although anyone can fall victim to this, please warn elderly or vulnerable friends or relatives in particular to be wary this type of scam.

"If you receive such a call, advise the caller that you will contact the company on your own terms and hang up immediately.

"Find the organisation's phone number from its official website or a previous correspondence and call them back yourself, always on a different phone, to verify it."

(Birmingham Live, dated 5th January 2018 author Alex Keller)

Full article [Option 1]:

Staffordshire Police are warning people across the county to be on their guard against fraudsters intent on scamming residents out of their hard-earned cash.

Bogus cold callers pretending to be police officers have been targeting potential victims with the intention of obtaining personal or financial information - and money.

A spokesman for Staffordshire Police said: "Victims have received a phone call from a fraudster who tells them they are speaking to a police officer from Greater Manchester Police and that they need them to assist in an undercover investigation.

"Victims are requested to withdraw cash from their bank accounts which is then collected by a courier later that day."

Detectives have issued this advice:

- The police or your bank would never ask someone to aid an investigation by withdrawing or transferring money.

- Never give out or confirm personal and/or financial information to anyone over the phone.

- If you receive one of these calls, hang up immediately and - especially if the caller has stated they are coming to collect the money - call police on 101.

- You can also call Action Fraud on 0300 123 2040 or Crimestoppers on 0800 555111.

(Liverpool Echo, dated 4th January 2018 author Kate McMullin)

Full article [Option 1]:

Vulnerable people who are living alone are being targeted by fraudsters claiming to be from BT.

The police have received reports of two men knocking on doors of houses in the Merseyside area in an attempt to gain entry.

The men claim to be from BT and then tell the occupier that they need access to their property immediately to fix a phone line problem.

However police have warned that these two men do not represent BT and have no ID cards on them and appear to be targeting vulnerable people who are living alone.

Police have also said that the men are pushing cards through the doors of houses, stating the time that they will return.

A spokesman for said: "Please make your loved ones aware and remind them that they do not need to let strangers in to their house.

"People may claim to be from any number of utility companies or other organisations but the advice is always the same - ask for ID, and if in doubt, call the company which they claim to represent.

"Don't call any phone numbers they give you themselves.

"If you are unsure never let them in and always use a door chain if you have one.

"If you have someone trying to gain entry to your property, you can call us on 999, or report any other suspicious sightings on 101."

On its website BT has a list of tips for customers on 'common doorstep scams and how to deal with them'.

###The list reads:

-Always check a charity is genuine before making a donation. The same goes for the person claiming to be from the charity.

-Think about whether you want or need anything the visitor is offering.

-Make sure the visitor properly identities him/herself and the company they represent. Keep a note of these details to check out.

-Don't feel pressurised to sign up for a service or pay for goods straight away. Get more quotes for jobs that need doing and compare prices for goods that a salesperson claims to be a bargain.

-Do your homework before going ahead with improvements or repairs.

-Always get a quote made in writing, with a full breakdown of the costs including VAT before allowing any work to start.

-Be wary of people offering a one-time only price for agreeing to transactions on the spot.

-If you can pay for goods and services over £100 on a credit card, you'll get protection under Section 75 of the Consumer Credit Act, which makes the credit card provider equally liable with the salesman or tradesman.

-Resist paying for work upfront before it has been completed. Only pay once you are happy with a job or set a strict timetable of payments for longer jobs.

-You should install a peep hole to check who's at your door before opening it, plus a safety chain is also a good idea to ensure no one can force their way into your home.

(East Lothian Courier, dated 20th December 2017)

Full article [Option 1]:

EAST Lothian residents are being warned of a phone scam involving iTunes gift cards.

HM Revenue and Customs (HMRC) has issued a warning about a high-profile phone scam that is conning vulnerable and elderly people out of thousands of pounds.

The scammers are preying on victims by cold calling them and impersonating an HMRC member of staff.

They tell them that they owe large amounts of tax which they can only pay off through digital vouchers and gift cards, including those used for Apple's iTunes Store.

Victims are told to go to a local shop, buy these vouchers and then read out the redemption code to the scammer, who has kept them on the phone the whole time.

The conmen then sell on the codes or purchase high-value products, all at the victim's expense.

The scammers frequently use intimidation to get what they want, threatening to seize the victim's property or involve the police.

The use of vouchers is an attractive scam as they are easy to sell on and hard to trace once used.

HMRC said they would never request the settling of debt through such a method.

The scam continues to hit a large number of people. Figures from Action Fraud, the UK's national fraud reporting centre, show that between the beginning of 2016 and August this year there have been more than 1,500 reports of this scam, with the numbers increasing in recent months.

The vast majority of the victims are aged over 65 and suffered an average financial loss of £1,150 each.

HMRC says it is working closely with law enforcement agencies, Apple and campaign groups to make sure the public know how to spot the scam and who to report it to.

Angela MacDonald, HMRC's director general of customer services, said: "These scammers are very confident, convincing and utterly ruthless.

"We don't want to see anyone fall victim to this scam just before Christmas. That's why we're working closely with crime fighters to ensure taxpayers know how to avoid it.

"These scams often prey on vulnerable people. We urge people with elderly relatives to warn them about this scam and remind them that they should never trust anyone who phones them out of the blue and asks them to pay a tax bill.

"If you think you've been a victim you should contact Action Fraud immediately."

Gary Millner, chief executive of Tax Help for Older People, said: "Tax Help for Older People fully support HMRC in tackling this particularly wicked scam.

"We have taken too many calls from people who have fallen foul of it.

"The amounts of money lost are significant for some and the feelings of helplessness, violation and embarrassment are immense."


(27th February 2018)

(Action Fraud, dated 31st January 2018)

Action Fraud has recently experienced an increase in the number of calls to members of the public by fraudsters requesting payments for a "phantom" debt. The fraud involves being cold-called by someone purporting to be a debt collector, bailiff or other type of enforcement agent. The fraudster may claim to be working under instruction of a court, business or other body and suggest they are recovering funds for a non-existent debt.

The fraudsters are requesting payment, sometimes by bank transfer and if refused, they threaten to visit homes or workplaces in order to recover the supposed debt that is owed. In some cases, the victim is also threatened with arrest. From the reports Action Fraud has received, this type of fraud is presently occurring throughout the UK.

It is important to recognise that there are key differences between the various entities who seek to settle debts or outstanding fees in England and Wales. These differences range from the type of debt they will enforce to the legal powers they possess. To learn more, please take a look at some of the helpful information and links on the Step Change Debt Charity website :

Protect Yourself

- Make vigorous checks if you ever get a cold call. Bailiffs for example, should always be able to provide you with a case number and warrant number, along with their name and the court they are calling from; make a note of all details provided to you.

- If you receive a visit from a bailiff, they must always identify themselves as a Court Bailiff at the earliest possible opportunity. Ask to see their identity card which they must carry to prove who they are, this card shows their photograph and identity number. They will also carry the physical warrant showing the debt and endorsed with a court seal.

- If you work for a business and receive a call or visit, be sure to speak with your manager or business owner first. Never pay the debts yourself on behalf of the business you work for; some fraudsters have suggested employees make payment suggesting they can then be reimbursed by their employer when in reality the debt is non-existent.

- Exercise caution believing someone is genuine because you've found something on the internet; fraudsters could easily create fake online profiles to make you believe them.

- Double check with the court, company or public body they claim to work for to confirm whether the call is legitimate; if you use a landline make sure you hear the dialling tone prior to dialling as the caller could still be on the line and you could potentially speak to the fraudster(s) to confirm the non-existent debt. Also be sure to independently search for a telephone number to call; never use a number provided by the caller without carrying out your own research.

- Do not feel rushed or intimidated to make a decision based on a phone call. Take five and listen to your instincts.

- If you know you have a debt, keep in regular contact with your creditor and be sure to establish the debt type at the earliest opportunity if you are not aware. This will help you to understand who might be in contact with you regarding any repayments or arrears.

You can report suspicious calls like these to Action Fraud by visiting or by calling 0300 123 2040.

(27th February 2018)

(International Business Times, dated 26th January 2018 author Jason Murdock)

Full article [Option 1]:

HM Revenue and Customs (HMRC) says it has stopped thousands of taxpayers from receiving scam text messages in the past year, but security experts warn the public is still at risk.

The agency is working to raise awareness of potential fraud ahead of the self-assessment deadline of 31 January, a period when scammers will be out in force. Officials stressed that they will never contact customers who are due a tax refund by text message or by email.

Digital fraudsters posing as HMRC send text messages to unsuspecting members of the public and make false claims, such as suggesting they are due a tax rebate.

Messages will usually include links to websites which harvest personal information or spread malware.

Ultimately, this can lead to identity fraud and the theft of people's personal savings via further cyberattack.

Reports of this type of fraud have quickly increased in volume over the last few years, HMRC said. It noted that text message based scams are highly effective because they can appear to be legitimate. For example, texts can display 'HMRC' as the sender rather than a phone number.

HMRC began a pilot in April 2017 to combat these messages, using new technology to identify fraud texts with 'tags' that suggest it's from HMRC and stops them from being delivered.

Since the pilot began, there has been a 90% reduction in customer reports around the spoofing.

The initiative helped reduce reports of these scams from over 5,000 in March 2017, before the new programme was introduced, to less than 1,000 in December 2017. In the last 12 months, HMRC said that it successfully removed 16,000 malicious websites linked to phishing attacks.

"As email and website scams become less effective, fraudsters are increasingly turning to text messages to con taxpayers," said HMRC customer services director Angela MacDonald. "But as these numbers show, we won't rest until these criminals are out of avenues to exploit."

Working overtime

The department is working alongside the UK's National Cyber Security Centre (NCSC). Experts told IBTimes UK fraudsters will likely be working overtime as the tax deadline approaches.

"Scams and fraud always spike around large events such as holidays and tax season," said Lane Thames, senior security researcher at Tripwire. He added: "It's nice to see organisations such as HMRC implementing technologies to reduce the spread of scam-based messages.

"However, technology can never stop all malicious activities and messages. As such, individuals must, unfortunately, stay mindful and vigilant when using digital services.

"When in doubt, simply look up the organisation online or make a call to verify the claim (do not use the contact information that was delivered to you).

"A little bit of precaution can go a long way in preventing phone, email and text scams."

Mark James, specialist at security firm ESET, commented: "When it comes to tax returns or indeed any type of interaction with HMRC, the scammers have every ingredient they need to deliver an effective attack method with a higher-than-normal chance of success.

"The end user is presented with something they are expecting from an organisation that they need to respond too, along with the perceived scare factor of not answering or cooperating."

(27th February 2018)

(Which ?, dated 23rd January 2018 author Faye Lipson)

Full article [Option 1]:

A further 167,000 victims of the Equifax data breach will receive a warning from the firm, indicating the May 2017 hack may have left them at greater risk of fraud.

The latest wave comes after the firm previously wrote to 693,000 UK individuals thought to be most at risk - taking the total number of UK warning letters to over 860,000.

The credit reference agency says it has decided to write to thousands more victims whose landline telephone numbers were already published in public telephone directories but were accessed as part of last year's cyber-attack.

Which? has already highlighted confusion and alarm caused by the letters, which fail to explain who Equifax is or why it holds victims' data.

Equifax data breach: 15.2m Brits affected

In May this year, Equifax announced its data had been access by hackers in a cyber-attack. Some 15.2 million UK client records were compromised, and Equifax initially wrote to 690,000 UK consumers who are likely to have had sensitive details stolen.

These include email addresses, passwords, driving license numbers, phone numbers and partial credit card details.

This latest announcement reveals that a further 167,000 had their telephone numbers stolen in the attack.

The warning letters offer free identity-monitoring services aimed at spotting impostor applications for credit cards and bank accounts.

Why Equifax has victims' data

Equifax has confirmed that just 3% of the 693,000 worst-hit victims were its direct customers. Many of the victims may have never dealt with - or even heard of - the firm before.

How is this possible? As a credit reference agency, Equifax receives personal data from banks and financial institutions whenever someone applies for a bank account, mortgage or credit card.

Consent for this is usually included in the application terms and conditions, meaning Equifax may hold data on you even if you've never dealt with it directly.

It uses this data to generate your credit reports and score. Lenders then use these to decide how much of a risk you are before they approve your application.

As a result, Equifax's only direct customers are the tiny minority who have transacted with it by purchasing a credit report or identity-monitoring services.

How to verify your letter

If you receive a letter regarding the Equifax data breach, and you're not sure if it's genuine, call Equifax on 0800 587 1584 to confirm the letter is genuinely from them.

If the letter is telling you to call a number other than the one above, it may be a scam.

Should you accept the free identity monitoring services?

If your data has been breached, you may be at heightened risk of identity fraud. To combat this, Equifax is offering its worst-affected UK customers free services which monitor whether your identity has been compromised online.

It's also offering Cifas Protective Registration - a third-party service which prompts banks to conduct extra identity checks when they receive an application in your name.

If you are concerned about the security of Equifax's own products, you can opt to be enrolled in Cifas's service instead - however you will still have to give some personal information to Equifax so it can enrol you for free.

It is possible to enrol directly through Cifas, though this will attract a £20 charge (for two years' cover).

uaware comment

Things are so dodgy now with links, don't even trust the link I provide. Go direct to the "Which ?" website and look for this article. Check the contact details mentioned above, yourself !

(27th February 2018)

(Mirror, dated 24th January 2018 author Tricia Phillips)

Full article [Option 1]:

Jack Taylor was tricked by crooks into giving them access to his bank account and almost lost £5,000 from a clever - and very believable - scam.

Last year he had an issue with his wi-fi router and found a contact number for customer services on the Talk Talk website.

Their team rebooted his router from their end and the problem was solved.

All seemed good until a few weeks later when he received a phone call from someone he believed to be from the Talk Talk team he had spoken to previously.

The caller said his router was reportedly having problems and was running corrupt software.

Jack, 71, was assured they would be able to sort this out and prevent the corrupt software from causing any further damage, but they would need to gain access to his computer using TeamViewer - software that allows remote access to a user's computer.

Jack was quickly transferred from 'customer services' to a member of the fraud team before he'd had the chance to really think about what they were asking him to do.

He was then rushed into entering passcodes into his computer so the person on the phone could access and stop the corrupt software.

ack was told he would receive £200 compensation and was put through to the finance team to sort out the credit.

After giving the caller access to his bank account, the caller claimed they had sent the wrong amount of compensation as the account read £5,200 and they'd need to credit back the £5,000.

That's when alarm bells rang, and Jack had an opportunity to take a breath. He thought to himself, this doesn't sound quite right.

Luckily, each of the attempts by the criminals to withdraw the £5,000 were blocked by Jack's bank. But this didn't deter the fraudsters.

They kept calling and urging Jack to call his bank and let them know this was genuine. He realised this wasn't the real Talk Talk and called his bank to let them know what had happened.

Jack from Herefordshire says: "I just wanted to solve the issue as quickly as possible. The scam call was so quick and seemed legitimate given the recent problems with my router that I didn't have any time to think something was wrong.

"I had a lucky escape as the bank's security system was efficient and raised alarm bells which were going off quietly in my head.

"Many others aren't as lucky as I was."

Financial thieves are out in force with ever-changing scams and dodgy deals which can be difficult to spot.

In the first six months of 2017, a shocking £366.4million was lost to fraudsters and a further £101.2million was stolen through bank transfer scams.

3 Things to remember

1. A genuine bank or other financial organisation will NEVER contact you out of the blue to ask for your PIN or full password - and won't ask you to tap these into your phone keypad. They would never ask you to move money to another account for fraud reasons or send someone to your home to collect cash, PIN, cards or cheque books if you are a victim of fraud.

2. Don't be tricked into giving a crook access to your personal or financial details. NEVER automatically click on a link in an unexpected email or text.

3. Always question uninvited approaches in case it's a scam. Put the phone down. Contact a company direct, using their official telephone number or email.

(27th February 2018)

(Independent, dated 19th January 2018 autho Felicity Hannah)

Full article [Option 1]:

The question of who should bear the loss when a banking customer falls victim to a scam is a thorny one. After all, if a customer has been defrauded by a criminal then it seems unfair that they alone should suffer the entire loss. Yet it's also understandable that few banks want to be responsible for every victim's money. They can argue that those victims failed to take sufficient steps to protect themselves.

Yet this difficult issue appears to be being answered by banks in different ways and the result is that customers are left confused about whether their bank will have their back if they fall victim to fraud. A lack of clarity on the rules leaves them unsure about whether they can appeal if their bank simply says it will not reimburse them.

It can sometimes feel rather like a lottery, with money being returned or not depending on which bank a customer is with when they are targeted by scammers. That's a situation perfectly illustrated by pensioner Susan Moon.

When she fell victim to a sophisticated scam two of her accounts were emptied. One bank immediately reimbursed her. The other did not.

Perfect timing

The scammers struck at the perfect time. Susan and her husband had newly moved into their new home and had builders in when the thieves called. They had been travelling until the early hours the night before and had just a few hours' sleep and Susan was worried about her mother who was unwell.

In the midst of all that came a call from a genuine-sounding man who claimed to be from a BT call centre. Their internet had been compromised, he explained, and he needed to help them protect their accounts. Following his instructions, she and her husband installed software on their computer, entered their bank details and entered information that, without their knowledge, authorised the transfer of money from their accounts.

The scammers were relentlessly plausible, providing a number the couple could call to confirm they were legitimate, offering a code that would be quoted when a "genuine" BT employee called back and reassuring them at every stage that their accounts would soon be safe.

By the time Susan and her husband realised these helpful men were most likely fraudsters it was too late and her money was transferred away into a Metro Bank account.

She explained: "I share an account with my mother so I can help her manage her bills and so on. £3,200 was gone out of that Nationwide account. I just started to sob. Then I went back onto my computer and £3,600 was gone from my HSBC account.

"I just kept crying, we were both so traumatised."

Distressing dealings

Susan's experience shows how distressing fraud can be. However, she says her distress was compounded by the different way one of her banks then treated her.

"Every time I spoke to Nationwide it was like they were wrapping me up in a blanket and reassuring me. HSBC were just demanding 'What did you do?'"

"We had to pick my mum up and she had been ill and I just couldn't tell her. We felt so stupid! You think you're savvy but it was just so believable at the time."

After reporting the fraud on a Friday, Susan had a sleepless weekend. Then on Sunday, she decided to go for a walk to help clear her head.

"On the way back [Nationwide] called. He said, 'I'm not sure about HSBC but we are going to refund your money.' I could have kissed his feet because that was Mum's money. He said it's fine, he told me to stop blaming myself. He was wonderful and the money was there within two hours.

"The phone went an hour later and it was HSBC. She said, 'Because you pressed the button on your keypad, you are responsible for that money. We cannot give you the money back.'"

Susan told the HSBC employee that Nationwide had immediately refunded her but says she was told: "All banks do things differently."

Nationwide told us: "We assess liability on a case-by-case basis but, as a general guide, if a fraudster manages to transact on an account, and the customer did not knowingly authorise and consent to the transaction, we will give a refund."

An HSBC spokesperson said: "The circumstances of each scam dispute are reviewed on a case-by-case basis. As soon as we were made aware of the payment we contacted Metro Bank to make them aware, but it seems their customer had already withdrawn the money.

"We would encourage people to look at the finance industry's 'Take 5' campaign, which we fully support, which provides information on the techniques used by scammers, as well as giving important advice to customers on what they should do when receiving uninvited approaches and requests to share financial information."

Fortunately, for Susan at least, there was a happy ending. After calls from this publication, HSBC said it would credit her account with the full £3,600 "as a gesture of goodwill". Yet she remains shaken by fraud that left her sleepless and tearful, and says that some of that distress was caused by her experiences in dealing with bank employees.

Not clear-cut

It's easy to sympathise with Susan, who was targeted by thieves carrying out such a sophisticated scam, and to agree that both banks should have immediately paid up to spare her any additional distress. However, it's also easy to see that if banks have to accept total liability for fraud losses then we will all pay the price.

Nikki Worden is a partner at Osborne Clarke's financial institutions group, specialising in the regulation of financial services offered to consumers. She says there's a real danger that making banks liable for losses would drive up the cost of consumer banking, potentially ending fee-free banking or increasing other charges.

"I have sympathy for both sides," she says. "I think it's very easy to say 'this should be done' but it's a really complex problem. The more banks pay out then the higher the cost of banking.

"There are also potentially unintended consequences of making banks liable. Just look at the car insurance sector: people made claims for whiplash and it pushed up premiums for everyone."

Worden also worries that making banks liable would encourage criminals to see bank fraud as a "victimless crime", when in fact we would all shoulder the burden.

Pépin Aslett, deputy head of the commercial and chancery group at St John's Buildings, explains that the rules were recently tightened to protect customers from some losses. He says: "From 13 January 2018, the Payment Services Regulations 2017 (implementing the second EU Payment Services Directive) will require banks to refund unauthorised payments no later than the end of the next working day following notification to them. Customers should notify as soon as possible, but do have up to 13 months. The new regulations are a development of existing law."

Unfortunately for those who fall victim to fraud and authorise payments mistakenly or accidentally, there's less protection. Aslett adds: "Although there is a presumption that the customer is right, the new regulations dictate that the bank can refuse to refund the money, or can ask for it back, if they can show that the customer authorised the payment by their consent, the customer acted fraudulently, or it is shown they were grossly negligent in protecting their information."

(27th February 2018)

(Wales Online, dated 16th January 2018 author Will Hayward)

Full article [Option 1]:

Fraudsters are using fake texts from banks to "harvest" unsuspecting victims' personal banking details.

Anti-fraud organisation Action Fraud have received reports about con artists sending out a range of messages purporting to be from the bank NatWest.

The fraudsters are using specialist software which alters the sender ID on the message so that it appears as if it's come from NatWest, adding it to any existing message threads on the recipient's phone.

If you already bank with NatWest and had a legitimate message from them in the past this could easily catch you out. It seems to be targeting individuals regardless of whether they are customers of NatWest or not.

Victims who click on the link are taken to an exact replica of the NatWest website that asks for sensitive personal information including their full name, address, contact details, and pin and debit card numbers.

The con, known as smishing, is when criminals pretend a message is from your bank or another organisation you trust. They will usually tell you there has been fraud on your account and will ask you to deal with it by calling a number or visiting a fake website to update your personal details.

Some victims have also received calls purporting to be from NatWest after receiving these scam text messages. One woman reported receiving a fake text message like the ones above that urged her to "avoid account suspension", which she ignored.

Later on that day she received a call from a withheld number on her mobile phone from a fraudster posing as a member of the NatWest security team. The fraudster said she would be sent a text message with a six-digit security code and once she received it to immediately tell him what that code was.

The text came through instantly while she was still on the phone and she gave the fraudster the code. This was in fact a genuine NatWest message which contained a warning not to disclose the code.

The victim then got a further real text from NatWest to say a different mobile number to her own had been registered to her NatWest mobile banking app. After the victim immediately checked her app she found £130 had been removed via the "Get Cash" function.

NatWest are investigating the fraud.

According to an Action Fraud spokesman: "A genuine bank or organisation will never contact you in this way. Only give out your personal or financial details to use a service that you have given your consent to, that you trust, and that you are expecting to be contacted by.

(27th Febraury 2018)

(Cornwall Live, dated 5th January 2018 author Shannon Hards)

Full article [Option 1]:

Parents of privately educated pupils have been warned of fraudsters posing as school staff and intercepting payments.

According to Devon and Cornwall Police, fraudsters are placing themselves in the middle of transactions between parents and private schools.

The fraudster contacts the parents outlining details and payment instructions for the latest school fees.

Initial contact appears to primarily be made via email and often from the school's own compromised email system.

However the National Fraud Intelligence Bureau (NFIB) says it has also seen instances where the email address used is similar to that of the school (i.e. nn instead of an m).

The victim then makes the required payment into the bank account which is in the control of the fraudster. By the time the fraud has been identified, the funds have already been dissipated.

In several instances there has been a strong social engineering element at play within the email, with the fraudster suggesting a discount on the fees can be obtained if the parents pay early.


- Ensure all administration staff are aware of this fraud.

- Ensure staff are aware of protocols regarding not opening links or attachments from unexpected or suspicious emails in the event the email system may get compromised.

- Review password protocols and ensure those that are used are strong, as long as possible and contain a combination of letters as well as numbers and symbols.

- Review internal procedures regarding how the fee payments are requested and ensure these are relayed to the parents so they can easily identify suspicious requests.

- Ensure computer systems are secure and that antivirus software is up to date.

- To help combat "typo squatting" the school could consider registering similar domain names.

- Ensure required security updates to computer systems are completed.

- Consider using a payment gateway for any monies required to be received from parents.


- Always verify email payment changes in respect of payment fees with the school directly using established contact details you have on file, especially for ones which are not expected or for a different amount than expected.

- Always review requests to changes for payment requests. Check for inconsistencies or grammatical errors, such as a misspelled school name or a slightly different email address.

- Don't be afraid to verify details when being asked to make fee payments into a new bank account.

(27th February 2018)

(Penarth Times, dated 6th January 2018)

Full article [Option 1]:

A WARNING has gone out telling people to be on the lookout for the "most convincing phishing email" it has ever seen.

Scammers have made an exact replica of a real e-receipt from Debenhams and are sending it out in a scam where they ask for personal details in order to get money from people.

A spokesperson for Action Fraud, the UK's national fraud and cyber crime reporting centre said: "This Debenhams e-receipt is the most convincing phishing email we've seen and could be lurking in your inbox.

"More than 55 information reports have been sent to our National Fraud Intelligence Bureau (NFIB).

"We would advise people to not click on any links, delete it and report it to us "Debenhams are aware it's a fake and have had customers contact them directly about it.

"Their e-receipts are issued to people when they make a purchase in store and this is a carbon copy. So these are not only unusual, but could catch some people off guard.

"The giveaway is the fact they were sent from personal email addresses."

A Debenhams spokesperson added: "We are aware of this and we continually take steps to protect customers and support the work that organisations such as Action Fraud and Cyber Aware conduct to encourage customers to be vigilant and aware of the steps they can take to stay cyber secure."

This Debenhams e-receipt is the most convincing #phishing email we've seen and could be lurking in your inbox. Fraudsters have created an exact replica of a real e-receipt, but you'll notice they're sent from personal email addresses and not Debenhams. We've had 55+ reports!

If you received one of these emails, delete it straight away. Do not open any links. Report it to Action Fraud at

(27th February 2018)

(International Business Times, dated 10th January 2018 author Jason Murdock)

Full article [Option 1]:

Netflix users are being warned to avoid clicking on any suspicious email links after a phishing scam was uncovered, which security experts say is designed to steal credit card details.

Found by Australian cybersecurity firm MailGuard, and shared on Twitter by the New South Wales police, the fake emails use convincing social engineering tactics - including the official Netflix website layout - in an attempt to dupe recipients into entering financial details.

The email reads: "We attempted to authorise the Amex card you have no file but were unable to do so. We will automatically attempt to charge your card again within 24-48 hours. Update the expiry date and CVV as soon as possible so you can continue using it with your account."

An 'update payment' button in the email, if clicked, will lead to a phishing site with bogus Netflix branding. Any card details entered will be sent directly to the hackers.

After details are hijacked, the fake website even sends the victim to a real Netflix page to reduce suspicions.

"Netflix has become a favourite vehicle for email fraudsters," MailGuard's Emmanuel Marshall wrote in a blog post Wednesday (10 January).

"Its large customer base makes them a valuable target for brandjacking; cybercrime that exploits the trademarks of well-known companies to deceive victims.

"Phishing can be enormously costly and destructive, and new scams are appearing every day."

A Netflix spokesperson told in a statement: "We take the security of our members' accounts seriously and Netflix employs numerous proactive measures to detect fraudulent activity to keep the Netflix service and our members' accounts secure.

"Unfortunately, these scams are common on the internet and target popular brands such as Netflix and other companies with large customer bases to lure users into giving out personal information."

It remains unknown how many people have been targeted in the scam so far.

Luckily, there are ways to stay protected from such schemes, the official Netflix notes on a help page. Crucially, it tells users to never click suspicious messages claiming to be from the firm.

It states: "Never enter your login or financial details after following a link in an email or text message. If you're unsure if you're visiting our legitimate Netflix website, type directly into your web browser."

And if you clicked a suspicious link or provided any personal information to website posing as Netflix, the company suggests you do the following:

- Change your Netflix password to a new, unique one.
- Update your password on any other websites where you used the same email and password.
- Contact your bank if any payment information was entered, it may have been compromised.
- Forward the message to with the steps above.

(27th February 2018)

(Mirror, dated 17th January 2018 author James Andrews)

Full article [Option 1]:

Note : The actual article has screen shots of the fake emails and texts.

Fraudsters are sending out fake Argos text messages saying you have a package waiting - don't click on them.

The messages look like they've been sent from Argos, but are designed to trick you into clicking on the URL to find out what's waiting.

Members of the Mirror Money team have been sent the message, reading: "Dear shopper, There is (1) package waiting for you! Check here >>," followed by the URL to their scam site.

But there isn't a package waiting, you are directed to a site where they attempt to grab your details by pretending they're offering cheap iPhones.

It's especially dangerous, because if you have ordered anything from Argos, it will appear in a message thread along with genuine messages - perhaps from Christmas presents you bought from the shop.

Worse, once you click fraudsters might be able to collect personal information from your device by installing cookies on your phone that track you, or add browser extensions that can be used to show you advertisements.

How to protect yourself

Sadly, this isn't the only scam message doing the rounds.

"We are aware of fraudulent text messages claiming to be from high street retailers that can lead to fraudsters harvesting your personal banking information," a spokesperson from Action Fraud told Mirror Money.

"Fraudsters will send you a text message that asks you to reply with your personal or banking details, or to call or text a premium-rate number they have created to run up a large bill. This is called smishing. Contact like this is designed to convince you to hand over valuable personal details or your money.

"Don't assume anyone who's sent you a text message is who they say they are. If a text message asks you to make a payment, log in to an online account or offers you a deal, be cautious and report it to Action Fraud online or call 0300 123 2040."

Action Fraud has the following tips for staying safe from phone scams:

Protect yourself

- Don't assume anyone who's sent you an email or text message - or has called your phone or left you a voicemail message - is who they say they are.

- If a phone call or voicemail, email or text message asks you to make a payment, log in to an online account or offers you a deal, be cautious. Real banks never email you for passwords or any other sensitive information by clicking on a link and visiting a website. If you get a call from someone who claims to be from your bank, don't give away any personal details.

- Make sure your spam filter is on your emails. If you find a suspicious email, mark it as spam and delete it to keep out similar emails in future.

- If in doubt, check it's genuine by asking the company itself. Never call numbers or follow links provided in suspicious emails; find the official website or customer support number using a separate browser and search engine.

Spot the signs

- Their spelling, grammar, graphic design or image quality is poor quality. They may use odd 'spe11lings' or 'cApiTals' in the email subject to fool your spam filter.

- If they know your email address but not your name, it'll begin with something like 'To our valued customer', or 'Dear...' followed by your email address.

- The website or email address doesn't look right; authentic website addresses are usually short and don't use irrelevant words or phrases. Businesses and organisations don't use web-based addresses such as Gmail or Yahoo.

- Money's been taken from your account, or there are withdrawals or purchases on your bank statement that you don't remember making.

To report a fraud and cyber crime and receive a police crime reference number, call Action Fraud on 0300 123 2040 or use the website :

(27th Febraury 2018)


(BBC Trending, 22nd December 2017 author Jonathan Griffin)

Full article [Option 1]:

Instagram imposters are trying to trick users into following fake celebrity accounts and sharing confidential details, with promises of thousands of dollars worth of Christmas cash giveaways.

It seems too good to be true - and it is. Instagram accounts purporting to be from celebrities such as Oprah Winfrey, director Tyler Perry and boxer Floyd Mayweather are advertising Christmas cash giveaways.

The accounts urge users to "follow page" and "share with friends" in order to receive handouts as large as $5,000 (£3,700). But they are fake, and anyone counting on a big payout simply for following an account will be disappointed.

After following the fake accounts, users are encouraged to privately send personal information, including email addresses and financial details, to the account owners.

"Money distribution has been slower than expected," claimed one post from a recently-deactivated fake Oprah Winfrey account. "For a quicker distribution please send your CASH APP usernames to @OwnChistmas__ direct messages."

"Cash App" refers to a a money transfer application.

Some of the accounts even claim they have users' security in mind when they encourage the switch to private communication.

"DO NOT share your email address in the comments section due to possible identity theft. We will contact you via direct message," added another post from the now deactivated @OprahOwnsChristmasRealPage.

Thousands of Instagram users appear to be following the accounts, oblivious to the potential danger posed by the hoaxers.

"I really hope this works," wrote one Instagram user using the hashtag #OprahOwnChristmas.
"As a mother facing homelessness if there's even the smallest chance something good like this will happen, I'm taking it," she added, after being informed that the accounts were a hoax. "I don't care if it's fake. If it is oh well but if even for the smallest chance of it being real, I'm taking that chance."

"So my idol is giving out $5,000" wrote another user. "Ma'am $5000 will go a long way in building my business and securing my tomorrow. I pray I get it!"

The celebrities whose images are being used have made it clear that they have nothing to do with the scams.

"These are false social accounts," a spokesperson for Oprah Winfrey told BBC Trending. "We have notified the social media platforms who are working diligently to deactivate these accounts."

BBC Trending approached boxer Floyd Mayweather's team to ask if he had any connection in a similar scheme called the "MoneyMayweatherChristmasGiveaway".

"None whatsoever," responded a publicist for the former five-weight world champion.

While a number of the accounts have been removed, others using similar names now operate in their place using the same hashtags and claiming "we are back" and "it was hacked".

"We work aggressively to fight spam on Instagram," said a spokesperson for Instagram. "If people see these types of accounts, we advise them to report them using our in-app tools, so that we can immediately remove them."

(23rd December 2017)

(Market Watch, dated 18th December 2017)

Full article [Option 1]:

uaware comment : This is a US article, but now slightly Anglacised.

Scammers make a killing during the holiday season. While you spend your time thinking of ways to bring holiday joy to others, they spend their time thinking up ways to steal from you. The saddest part about this is that the ghosts of Christmases past keep visiting Christmas present.

With that, I give you this year's 12 scams of Christmas.

1. The gift card scam

While definitely a ghost of Christmas past, this still works so scammers still do it. It's pretty simple. The thief records the numbers displayed on a gift card, and then calls the company that issued it to find out if it has been activated, which occurs when the card is purchased. The problem here is one of timing. If you buy a gift card early in the shopping season, it's more exposed to fraud. That said, recipients of gift cards often take a while to use them.

Tip: If you are going to purchase a gift card, do it as close to Christmas Day as possible, and encourage the recipient to use it as soon as possible.

2. Sneak attacks on your credit

With the nonstop news of data breaches involving credit card numbers, many of us are walking around with compromised payment cards that can be used by a scammer, and there is no more perfect time of the year for them to try than Christmas. The usual warning signs of an account takeover, or a fraudulent charge, may be harder for financial institutions to spot, since Christmas gifts often don't conform to a cardholder's buying patterns.

Tip: Sign up for transaction alerts from your bank or credit card issuer that notify you any time there is activity on your accounts.

3. Fake charities

While it's not exactly the way it plays out in our nation's malls and shopping districts, Christmas is traditionally a time for contemplation and charitable giving-something captured very well in Charles Dickens's classic, "A Christmas Carol." So if you want to give during the holiday season, it's crucial to make sure the appeal is real.

Tip: Before responding to an online appeal, visit the website by typing in the organization's URL manually, or by using search to find the link. If you are still unsure, call. If you are still uncomfortable, go to the UK Charity Commission website.

4. Temporary holiday jobs

Holiday jobs are a good way to make some extra money, and there are a lot of them, but bear in mind there are myriad scammers out there who may offer fake jobs to harvest your very real personally identifiable information-the most valuable of which being your Social Security number.

Tip: Don't give your Social Security number to anyone unless you absolutely have to, and don't provide it before you confirm you're dealing with a representative of a real organization that has offered a job to you. Never send your information digitally unless you know the recipient uses proper security protocols. (You may not be using secure tech either, so try to be conservative about what you send digitally.)

5. Phishing, vishing and smishing

You might receive a phone call, a text or an email. It doesn't matter what the delivery system is, it's a fraud but it won't necessarily look like one. It could look like a sales promotion from a brand you like, or an offer on a deal that seems too good to be true, or even just "pretty good." Scam artists can be very nuanced. Be on the alert before you act on any offer.

Tips: Check to see the URL matches exactly, and that you never provide any personal information on any webpage unless the URL is secure and starts with "https." Email links should always be considered suspect.

6. True love

The holidays can be lonely, and catphishers know that. Love scams are the worst, as they prey on the emotions in the most exploitative ways disarming the heartstrings with an eye to loosening purse strings. The money lost can be considerable, and the upset unfathomable.

Tip: As corny as it seems, be careful with your heart and don't give it away to just anyone. If you feel like you're falling for someone and they somehow can never make an in-person appearance, don't send them money to do so. You can do better.

7. Hotel scams

You might fall victim to the restaurant flyer scam, the menu for a nonexistent eatery shoved under the door resulting in an order that gets you robbed, or it could be the front desk scam where you get a call after check-in asking for another credit card number because "the one you provided was rejected."

Tip: Assume the worst when in unfamiliar territory, and be on guard when traveling. Always distrust. Always verify.

8. Fake online shops

This is a tough one, but here's the deal…Bargain? Amazing prices on things that should cost a lot more than they are asking on a fake online shop is alluring, which is why people fall for them all the time. Pop up shops are cool, but they may not always be legit.

Tip: Look at the About Us page and call the designated contact number. If there is no number, think twice before making a purchase. Also pay attention to detail. Are there spelling errors in the copy? Bad-looking stock photos? Look for trouble.

9. E-cards

We all appreciate the sentiment behind an e-card, but that should not outweigh the risk of malware that can take a computer hostage or record every keystroke so that your most sensitive credentials for financial accounts can be stolen. E-cards are a popular form of fraud among scam artists, and you should be very cautious when you receive one.

Tip: Email, call or text the sender and ask if they sent an e-card. In this environment of constant attack, they will understand

10. E-voucher scams

This scam is built for people old enough to remember a physical, printed voucher, which, presented in person at a brick and mortar store, would get you a discount. They were basically a coupon. E-vouchers are fine if they come in the form of a number sequence, discount code or keyword, but anything else should be considered suspect.

Tip: Be on the lookout for grammar or spelling errors. Always type in the URL of the site for which you have an e-voucher, and enter the code or number there. If it comes by way of text or email and it involves a link, don't click through.

11. Fake shipping notifications

What could be worse than a message from your favorite e-tailer letting you know that the must-have item you ordered is out of stock or was sent to the wrong address. Another oldie but goodie among thieves is a notice informing you that the "Item has been delivered" when it hasn't been.

Tip: Never click any link associated with this type of communication. Always log onto the e-tailer site for more information, or pick up your phone and call.

12. Wish list scams

Online wish lists are a bad practice that should be discouraged. In theory, the online wish list creates a place where friends and relatives can find out what you want for Christmas, which many find preferable to guesswork. Beyond being horribly transactional, the practice opens the list-maker to phishing attacks, since scam artists will automatically know what interests you.

Tip: If you must post a wish list online, custom set the privacy on the post so that only particular people can see it, and don't include any personally identifiable information.

At Christmas it's always better to give the gift, than be the gift that keeps on giving to identity thieves.

If your personal information does fall into the hands of a scammer, be sure to monitor your credit for signs of identity theft.

(23rd December 2017)

(The Telegraph, dated 16th December 2017 author Amelia Murray)

Full article [Option 1]:

ank transfer fraud has been one of the most talked about financial issues this year.

Yet victims, such as reader Cally Ellison continue to lose life-changing sums because of weaknesses in the banking system.

Ms Ellison, 61, was developing a property in east London, with her business partner Julia Lee, when she received what looked like a genuine email from her building firm.

It requested a payment into an alternative Nationwide account because it claimed its bank was in the process of completing its "end-of-year account reconciliation".

Ms Ellison, who lives in London, made two separate transactions, one for £50,000 on Sept 14 last year, and another for £25,478 the next day. Days later the building company contacted Ms Ellison to say it had not been paid.

She immediately called her bank Barclays to report the scam. Just over £9,000 was recovered but more than £66,000 had already been transferred out of the Nationwide account.

Ms Ellison contacted Nationwide, the Metropolitan Police and the Mayor's Office for Policing and Crime headed by Sadiq Khan.

Three months later she received a call from Edmonton police force. Ms Ellison said an officer explained that the details of her case had "filtered down" from the Mayor's office and would be passed to police in Scotland because one of the fraudster's transactions had taken place in Aberdeen.

It was during this investigation that Ms Ellison said she was told by the police that Nationwide's "know your customer" checks - supposed to be conducted when an account is opened - were "substandard".

She said the police "weren't happy" and reported Nationwide to the regulator, the Financial Conduct Authority. Despite the allegation Nationwide refused to reimburse Ms Ellison the stolen funds.

The building society also refused to refund £8,700 to another scam victim, Balazs Kelemen, last month, despite damning police evidence that revealed that it had allowed a fraudster to open an account with a false Romanian ID card and a counterfeit British Gas utility bill.

The mutual insisted it made "required and reasonable" checks and was satisfied the paperwork appeared to be genuine. It denied negligence.

Arun Chauhan, director of Tenet Compliance & Litigation, a law firm providing advice on financial crime compliance, suggested that staff were not being trained well enough to identify ID documents and there was a lack of consistency across the industry when it came to account opening procedures.

Mr Chauhan said banks needed to tighten up their checks by asking for a greater number of documents or more time to gain "independent verification" before approving an application for an account.

He said that if the banks' checks failed, there should be a compensation scheme operated by the FCA which would be contributed to by all banks.

Nationwide said it "sympathised" with Ms Ellison, but denied an error had been made.

It said that the account was opened in accordance with the "legal and regulatory standards in place at the time".

Police Scotland said enquiries had concluded and the victim had been offered "appropriate advice".

Telegraph Money has waged a campaign to force those banks that provide services to criminals - the recipient banks, in cases of transfer scams - to take greater responsibility for their role in these crimes. And while there is much further to go, we have celebrated a number of successes with readers' losses being recouped.

Patterns have emerged in the cases we have brought to light that suggest consistent weaknesses in some banks' processes. Banks are required to carry out "customer due diligence" measures, for example, as part of their anti-money laundering procedures.

But in numerous cases reported by Telegraph Money, banks are still accepting fake IDs and other false documents as sufficient proof to open and operate accounts. Nor do banks operate consistent screens to detect questionable payments.

Transfer fraud data was collated and published for the first time in November this year by UK Finance, the industry body, which revealed that these scams are now the second biggest type of payment fraud after card fraud.

More than £100m was lost to these types of scam in the first half of this year in nearly 20,000 cases. Just £25m was recovered. Consumers lost an average of £3,000 and businesses £21,500.

The Payments Systems Regulator is considering a "reimbursement model", among a number of other remedies, which if introduced would apply from September 2018.

How can non-customers report fraudulent accounts?

Readers have asked how they might report a suspicious account to a bank when they are not a customer.

- Suspect Halifax accounts can be reported on 03457 22 55 25. Lloyds' number is 0800 917 7017.

- Barclays takes calls from customers and non-customers on 0345 050 4585.

- Santander's 24-hour hotline is 0800 9 123 123.

- TSB Reports can be made on 03459 758 758.

- HSBC said people should contact their own bank if they have concerns about HSBC accounts.

- RBS and NatWest do not have a way for non-customers to report accounts.

******** Also report scams to Action Fraud.

(23rd December 2017)

(Daily Record, dated 13th December 2017 author Graeme Murray)

Full article [Option 1]:

Police have warned the public to remain vigilant against telephone fraudsters after a 74-year-old woman was scammed out of £140,000.

Residents in Tayside, Angus and Perthshire have been targeted by callers pretending to be from their bank or from other business companies.

The "phishing" fraud ends with victims being encouraged to either transfer their money to another account or provide personal details to the fraudster allowing them to transfer the money.

A 74-year-old woman from Dundee, Tayside, lost £140,000 after being scammed by criminals claiming to be from the fraud department of her bank.

Police say attempts by the bank are under way to retrieve the money.

In another scam, a 75-year-old man from Montrose, Angus, was duped into transferring £74,000 into other accounts. On this occasion the bank managed to retrieve the funds.

And an elderly woman from Kinross, Perthshire, was called by someone claiming to be from BT. She was told her computer had been hacked and her bank details were required which she gave to the caller and lost £5,000.

A spokesman for Police Scotland said: "Police would advise residents to be alert to any phone call they receive from a person claiming to be from a bank, financial institution, business company either asking for money to be transferred or asking for a phone call to be made to the bank. Do not provide any of your details.

"If you do decide to call the bank, where possible call from a different phone line or mobile number. If in doubt, ask the caller to put a stop on your account and attend your branch in person."

(Wales Online, dated 13th December 2017 author Will Hayward)

Full article [Option 1]:

A new scam has seen a Welsh pensioner conned out of almost £15,000 by fraudsters posing as police officers.

Members of the public are being contacted, usually by phone, by fraudsters pretending to be from the police or in some cases the fraud team within their bank.

The criminals claim they are investigating a fraud at a local bank branch where staff are suspected of being complicit, including issuing fake bank notes.

They then ask their target to help with their operation.

As part of the scam the individual is asked to visit the branch and withdraw a substantial sum, often thousands of pounds, of the supposedly counterfeit cash to hand over to the fake police for "analysis".

he victim is assured that the money will be deposited back into their account after the operation is complete.

However, once the money is passed over the fraudster disappears with the cash.

The criminals instruct their victims not to discuss the case with anyone in the branch, giving them plausible explanations as to why they are withdrawing the money.

As a result, despite being questioned by the bank staff, the victims takes out the cash, convinced staff are part of a fraud.

One of the victims was a pensioner from Crickhowell who was unable to get all her money back.

Paul Callard, Financial Crime Team Manager for Dyfed-Powys Police, said: "This scam has targeted individuals in our force area and we've actually received a report from a female victim in her 70s from Crickhowell, who was conned out of almost £15,000.

"The victim was able to get the initial £5,000 back from the victims bank however has not been able to get the other £9,638.16 back. Scams like these have such a negative impact on victims.

"I would urge people to please act with caution if approached by these types of scamsters. If in doubt, hang up and ring police on 101."

Katy Worobec, Head of Fraud and Financial Crime Prevention, Cyber and Data Sharing at UK Finance said: "This is a particularly nasty scam as it plays on people's public-spirited nature to assist the police.

"We are receiving a growing number of reports of it occurring, with people often losing large amounts of money, so it's vital that everyone is aware.

"Remember, the police will never ask you to withdraw money and hand it over to them for safe-keeping."

How to avoid this scam:

-The police will never ask you to become part of an undercover investigation or for you to withdraw cash and hand it to them for safe-keeping.

-Be wary of any calls, texts or emails purporting to be from the police asking for your personal or financial details, or for you to transfer money.

-If you are approached, or feel something is suspicious, hang up the phone and don't reply. Then report it to Action Fraud and your bank on their advertised number.

Visit the Take Five to Stop Fraud website for more advice on how to stay safe from scams.


(23rd December 2017)

(Mirror, dated 13th December 2017 author Vicky Shaw)

Full article [Option 1]:

More than £9 million of potential fraud has been stopped in the first year of a scheme which protects victims when they visit a bank or building society branch, a finance industry body has said.

In the 12 months since a pilot launch, the banking protocol has prevented £9.1 million of fraud - with individual customers protected from losing sums ranging from £99 up to £212,000, according to trade association UK Finance.

The "rapid response" scheme enables bank staff to contact police if they suspect a customer is in the process of being scammed, with an immediate priority response to the branch.

As well as preventing fraud, the initiative ensures a consistent response to potential victims.

UK Finance said the scheme has led to 101 arrests being made nationally, with police having responded to 1,262 banking protocol calls.

The banking protocol was first launched in October last year with a pilot in London, before a national roll-out started in May.

It was developed as a partnership between the finance industry, police and Trading Standards. The Post Office is also part of the protocol.

The scheme is now in place in 43 police forces across the country, with all remaining forces across the UK committed to introducing it, UK Finance said.

Katy Worobec, managing director of economic crime at UK Finance, said: "Fraud can have a devastating effect on some of the most susceptible people in society and it's by working together with law enforcement, and others, that we can make a real difference when it matters most.

"The finance industry is determined to crack down on fraud and is taking action on all fronts - the protocol is an important weapon in our armoury."

Lord Harris, chairman of National Trading Standards, said: "The National Trading Standards' scams team has been integral to the implementation of the banking protocol and I am pleased to see that it is already having a real impact.

"This example of partnership working is key to tackling criminal activity in a world where criminals are constantly innovating and finding new ways to convince consumers of their legitimacy."

Commander David Clark, City of London Police, said: "I applaud the initial success of the scheme and support it going forwards."

(BBC News, dated 13th December 2017 authors Simon Gompertz and Kevin Peachey)

Full article [Option 1]:

Seventy-two-year-old Barry Fox is one of hundreds of people saved from scams after bank staff stopped him spending £10,000 on a fictitious Rolls-Royce.

The retired lorry driver went into his Barclays branch intending to withdraw the cash to pay for the luxury car he saw on an internet auction site.

Staff were concerned and used a new system to alert police to the case and, within 30 minutes, officers were there.

They made checks and alerted Mr Fox to the fact he was about to be scammed.

This was one of 1,262 calls made by bank staff to police or trading standards under the Banking Protocol system that should see an officer arrive to offer help within an hour.

UK Finance, which represents the major banks, said this had saved potential victims a combined total of £9.1m in its first year of operation. Individuals had been saved between £99 and £212,000 each.

Mr Fox had received some inheritance and decided to spend it on his dream car.

The seller told him that they would pick him up from a railway station and then travel to a countryside location to pick up the car. He would pay £10,000 in cash. Bank staff said it "didn't seem right".

The police officers alerted him to the fact that the car was registered hundreds of miles away. The details of the seller on eBay did not match the business which had the car, so there was no realistic possibility of buying it.

"I might have gone there with £10,000 in my pocket and been knocked over the head with a stick or something," said Mr Fox.

Mr Fox was simply advised not to take out the money in this case. Eventually he bought another Rolls-Royce being sold legitimately.

In other cases in the last 12 months, 101 arrests have been made after calls were made by concerned bank staff.

The system has been introduced gradually across the country since May and nearly all UK police forces are now signed up.

Katy Worobec, from UK Finance, said: "The finance industry is determined to crack down on fraud and is taking action on all fronts. The protocol is an important weapon in our armoury."

(23rd December 2017)

(Chicago Tribune, dated 11th December 2017 author Robert Channick)

Full article [Option 1]:

uaware comment :
This US article just shows the variance of this common scam

For consumers who turn over control of their computers to remote technicians online, the fix may already be in.

A growing number of remote tech support scams are popping up, in which users facing "crashed" computers give online access for repairs that do nothing more than drain their wallets, according to a study released Monday by the Better Business Bureau.

"We're getting a lot more calls on these types of scams," said Steve Bernas, president and CEO of the Better Business Bureau of Chicago and Northern Illinois. "But what's really alarming is most consumers don't realize they've been scammed."

For many users, the scams begin with pop-up warnings saying their computers have been infected by viruses or malware. The computers may lock up, issue piercing alarms or even mimic the dreaded "blue screen of death" that appears when a computer has crashed completely.

The pop-up messages, which often appear to come from reputable tech companies such as Microsoft, HP, Apple or Dell, offer help fixing the problem with a toll-free tech support number. In actuality, that's when the problem begins.

Consumers who call the number will be hooked up with technicians who offer to take remote control of the computers, scan for issues and repair them. The fee is generally around $500.

In most cases, the technician will repair nothing but may spend as much as an hour nosing around the computer, looking for sensitive information and inserting malware to continue to monitor the user's activity.

"If you did pay somebody recently $500 or so to dial in and fix your computer, it may have malware in it, so be very careful," Bernas said.

Illinois Attorney General Lisa Madigan also warned computer users to be wary.

"Do not respond to any communications claiming your computer has a problem - do not click on pop-up ads or email attachments and hang up immediately on calls; these are scams," Madigan said in a news release. "Please contact my office if you want to determine whether a call or message is a scam."

The Federal Trade Commission and the FBI received more than 41,000 remote tech scam complaints through the first nine months of 2017, resulting in more than $21 million in losses, according to the Better Business Bureau report.

That may represent just a fraction of the actual scams taking place, with less than 10 percent of victims reporting it, according to the FTC.

Victims run the demographic gamut, with millennials more likely to continue with a fraudulent tech scam offer than any other age group.

In addition to online recruitment, victims are lured into the scams through cold calls from technicians claiming to be from Comcast, Norton, Dell and other major companies. Scammers have also begun to use robocalls with fake caller IDs to sell the fraudulent remote computer repairs.

Beyond the initial fee, the tech support scammers may take advantage of remote computer access to view online bank accounts and other sensitive financial information to directly take money from the victims.

The tech scams are becoming more common, with two out of three internet users affected in the previous 12 months, according to a 2016 Microsoft survey.

A report by Stony Brook University found that more than 85 percent of the tech scammers were based in India, where many U.S. companies outsource for legitimate information technology support. Less than 10 percent of the scammers are based in the U.S.

Consumers who believe they have been scammed should report the incident to the Better Business Bureau and the FTC, change their passwords, and take their computers to legitimate bricks-and-mortar repair shops, if necessary, the report advises.

The report recommends keeping anti-virus software up to date and thoroughly researching tech support companies before giving them online access. And for those suddenly confronted with blaring and potentially fraudulent pop-up messages warning of a computer virus, there may be a very simple fix.

In most cases, the Better Business Bureau advises, the best way to clear the warnings is simply to close the browser or reboot the computer.

(23rd December 2017)

(Telegraph, dated 9th December 2017 author Amelia Murray)

Full article [Option 1]:

A high street bank used by an eBay fraudster to steal thousands of pounds has agreed to refund a scam victim the full amount as a "goodwill gesture".

HSBC refused to explain why it would be refunding £4,000 to Halim Soltani and his wife after they realised they had been defrauded but experts suggested it might have been because the bank realised the criminal's account should "never have existed".

Other banks used by fraudsters have refused refunds in similar circumstances, highlighting the inconsistent approach to fraud in the banking sector.

Last week Telegraph Money reported how two scam victims had been refused refunds from the criminals' banks, despite police reports showing that the accounts had been opened using false details.

Mr Soltani found a shepherds hut on eBay listed for £5,000. The seller agreed to reduce the price to £4,000 for a "quick sale" and a few days later Mr Soltani received an invoice sent in a spoofed email which looked as if it came from eBay and paid £4,000 by bank transfer.

The hut failed to show up and the seller stopped responding to messages. Mr Soltani said he realised that he had been duped when he saw the hut relisted on eBay under a different user name.

Ebay refused to refund him as he hadn't paid through the platform using PayPal.

Mr Soltani said: "It's ridiculous how we're protected through PayPal and when we use credit cards but not when we pay by bank transfer. This was still a crime - why aren't we protected?

Mr Soltani first contacted eBay, his bank, Santander, his local police and Action Fraud, the national cybercrime reporting service. When none of these organisations was able to help he wrote to this newspaper for advice before emailing the chief executive of HSBC.

He gave us the details of the fraudster's HSBC account - the account number, sort code and account holder's name - and we offered to cross-check them with a source who collates data on fraudulent accounts.

Our source had no record of the account but said the surname of the account holder, Andy Rybbar, had been associated with a number of accounts set up in September this year for the purpose of fraud and that he had alerted the Financial Conduct Authority (FCA), the City regulator.

Mr Soltani included this information in the email he sent to HSBC's boss on November 3. He referred to the notification to the FCA and asked why HSBC allowed the account to be set up and what checks and controls were used.

Less than a week later the bank agreed to reimburse the money although it refused to share any information about the fraudulent account because of its "data protection responsibilities". The money was refunded on November 8.

HSBC refused to explain to Telegraph Money why it had offered a refund in circumstances where other banks had not.

It said "each case is looked at individually" and in this case it had "considered all the facts and decided to refund as a goodwill gesture".

Richard Emery of fraud consultancy 4Keys International, who has appeared as an expert witness in fraud cases, said he believed that HSBC had decided to pay up because it might have discovered that it had made a mistake with the account involved.

He said: "I believe the bank made a gesture of goodwill because it recognised that the receiving account should not have existed. This is different from admitting that there are flaws with its general anti-money laundering processes."

Experts have advised victims to hold the "recipient bank" - the one used by the fraudster - to account.

Earlier this year David Clarke, a former detective chief superintendent and board member of the Fraud Advisory Panel, the leading anti-fraud charity, said in every case of bank transfer fraud "we need to ask if the bank could have prevented it".

"If the answer is yes, the banks should be viewed as having facilitated the crime," he said.

Boost for victms : MP backs Telegraph campaign

Telegraph Money was the first to highlight the significance of the "recipient bank" in cases of bank transfer fraud. This is the bank that runs the criminal's account, the one to which the victim is deceived into sending his or her money, as opposed to the victim's own bank.

TSB was the recipient bank in a case we reported in January.

This newspaper forced TSB to admit that it had allowed a criminal to open an account with fake credentials, enabling the theft of £3,400 from a reader, David Burton.

The bank refunded him the full amount plus interest and compensation three years after the scam took place.

However, victims are often turned away by the recipient bank when they try to report the crime or ask for information about the fraudster's account on the grounds that the bank has no duty of care to non-customers.

"Data protection" is often cited. As a result, success stories are rare, even when there is glaring evidence that banks' systems have failed.

But our campaign received a boost this week when MPs attacked banks for failing to tackle online fraud or to compensate victims when their processes for vetting new customers were found to be lax.

Maria Miller, MP for Basingstoke, secured a Westminster Hall debate on Tuesday on "fraudulent accounts in the banking sector", during which she demanded to know which organisations were holding banks to account when their systems failed, and acknowledged this newspaper's attempts to force recipient banks to take responsibility.

She also highlighted how the City regulator had the power to fine firms but would not look at "individual cases".

The Financial Ombudsman Service can usually look at problems only with a customer's own bank or with matters that directly concern the payment in question - not account opening processes.

Ms Miller called for a review of "banking responsibility" and an extension of consumer protection for those tricked by bank transfer fraud.

The public accounts committee, which looks at government spending, also criticised the banks' response to online fraud, which it said had "not been proportionate to the scale of the problem".

It said it was "not convinced" that fraud awareness campaigns, such as "Take Five", led by Financial Fraud Action UK, the industry body, were effective.

What the banks should do to fight fraud

Telegraph Money has consistently highlighted banks' failure to help fraud victims. These are five measures that we have called on banks to adopt:

- The victim's bank should contact the recipient bank within 30 minutes of the fraudulent bank transfer being reported

- Banks should question and halt unusual transactions

- They should check account holders' names in addition to account numbers when processing payments

- Banks that provide accounts to fraudsters should be required to demonstrate that proper checks were carried out

- All banks should offer easy-to-find ways for non-customers to report fraud 24 hours a day

(23rd December 2017)

(The Guardian, dated 9th December 2017 author Miles Brignall)

Full article [Option 1]:

When Alison Dean received a text from her bank, the Co-operative, asking whether she had just made a £999 purchase - asking her to call the bank if she hadn't - she did what many of us would have done, and dialled the number in the message.

After all, the text had clearly come from the bank - it was listed on her handset amid previously sent texts that the PhD student knew had come from the Co-op - and she was well used to getting such messages from the bank.

But the text message wasn't from the Co-op. Somehow, fraudsters had managed to insert the message into the run of authentic texts from the bank. When Dean rang the number, she was duped into handing over her personal details - and the crucial card-reader-generated code. That allowed the crooks to remove £5,400 from her account - and the Co-op says it will not be refunding her.

If that sounds bad, how about the case of Ben Bowman, who thought he might have to give up his university place after less than three weeks at Bristol, after being similarly conned? In his case he was rung up by fraudsters who knew all his details and previous transactions - to the extent he was convinced he was talking to his bank, Natwest.

Once they had duped the budding rapper into handing over his personal details, the crooks managed to take his first student loan payment of £1,713 and, incredibly, to successfully apply for a £20,000 loan in his name. Both duped students say they have no idea how the fraudsters got their mobile number, or how they knew that they were customers of those particular banks (see below).

Dean's case is particularly worrying as it exposes how easy it is for fraudsters to text customers "as the bank" by disguising the number the text is sent from.

It is also a reminder that consumers should not trust any information apparently to them sent by their bank via email or text. Account holders should only call their bank using the phone number on the back of their card, not the number on a text or email. Students seem particularly prone to this scam as they are often financially inexperienced.

Dean, who is studying biology, says: "As soon as I got the text I called the number and they answered as the Co-op's fraud department. I was on the phone to them for 24 minutes. Throughout the call I had no reason to believe I wasn't talking to Co-op staff. I gave them my card details and used my card reader over the phone. Looking back it seems rather stupid but it was all done so expertly. I genuinely thought I was talking to bank staff who were helping me deal with a fraud."

She says as soon as she realised that something was wrong she called the Co-op to report what had happened. By that time five transactions had been made from her online banking account. The Co-op cancelled two of them, but three had already gone through. It has since refused to refund her the £5,400 taken and has, she says, just washed its hands of the matter.

Ben Bowman's case is similar except that he was physically called on his mobile by someone claiming to be from Natwest's fraud department. The caller proceeded to list his previous transactions, and asked him to confirm the genuine ones. He was then asked if had bought a £140 handbag in Edinburgh.

"The caller knew I had bought a Domino's pizza two days ago and all my other purchases. I had never been called up by a fraud department but he sounded exactly as I would have expected. All the account details he quoted were right. I was 1000% convinced that the guy worked for Natwest and was genuine. He said he would send me a text which I should read back to him. I kept thanking him for helping me," says the politics and international studies student.

At the end of the call he says he was told that Natwest would shut down his online banking facility and that he should delete the mobile app. He just happened to go home for the weekend, where he received a letter from Natwest approving the £20,000 loan the bank had given the "penniless" student. A visit to his local branch exposed the scam - £500 had been taken each day for five days. Staff, he says, spent three minutes analysing the case and then declared he was responsible and would get no refund.

"They were quite happy to send me out of the branch knowing that I had absolutely no money in the world," he says.

Following the Guardian's intervention, Natwest has had a change of heart and has refunded Bowman the £2,500 he lost as a "one-off" gesture of goodwill.

"We know how distressing being a victim of fraud can be and would encourage customers to remain vigilant in response to unexpected phone calls from individuals acting as their bank and if requested to provide security details, hang up immediately and phone the bank on a trusted number," says a Natwest spokesman.

However, the ethical bank, the Co-op, has refused to refund its customer despite Money's intervention.

A Co-op spokesman said: "She responded to the fraudulent message and disclosed her full security details, which is something we explicitly advise customers not to do. As with all banks, we would never ask customers to disclose full security details, or use our two-factor authentication card reader to perform transactions over the phone. As she was in breach of our terms and conditions and means we are unable to refund her for the losses she incurred."

Meanwhile, Bowman says his online banking days are probably over. "It will be a pain but this episode says to me that it's just not worth the risk," he says. "The way the bank wanted to put it all on me, was just ridiculous and breaks all the safety promises they make when you start banking online."

Some names have been changed

How did the fraudsters get their details?

Could the two featured victims both have been caught up in hacking incidents that could have put their personal details in the hands of fraudsters?

Both victims had registered their debit cards with Uber. The company has admitted its customers' mobile phone, email and other personal details were hacked last year, but claimed no card details were compromised. Many shopping sites have poor online security, and there are probably other hacking incidents of which consumers are not even aware. Any one of these might have led to fraudsters obtaining crucial details about the students.

Fraudsters who know the first few digits of a debit card can usually work out which bank provided the card. If they also have the mobile phone number and customer's name they are in business, and can immediately target the customers in the ways seen above. These are not mass texts and emailing exercises; individuals are targeted so that the fraudster has someone ready to pick up the call to the "bank".

The real banks all use clients' mobile numbers as a way to contact them, but the systems are arguably insecure. It is easy for a fraudster to send texts as if they were the bank. In the past Money has highlighted how easy it is for fraudsters to take over a victim's mobile phone account entirely. If your phone suddenly stops working and your bank uses your mobile to contact you, be on guard for a possible fraud.

(23rd December 2017)

(Mirror, dated 8th December 2017 author Tricia Phillips)

Full article [Option 1]:

Two-thirds of online Christmas shoppers are putting themselves at risk of fraud over the festive season.

Research from National Trading Standards found people are being careless with at least one simple safety check, such as not looking for signs a website is secure and not doing their research on products or sellers before pressing the purchase button.

Shoppers said the reason for not doing vital checks is because they were in a rush and didn't have the time. Or they got carried away trying to bag the cheapest price.

But, one in five people hadn't a clue what they should look out for when shopping online.

Almost a third of people admitted to buying from social media sites or websites promoted by them.

Trading Standards says this is notoriously risky as crooks target their victims via social media. It said there is a mass of counterfeit and unsafe products, subscription traps and other scams lurking out there.

Lord Toby Harris, chair, National Trading Standards, said: As Christmas delivery deadlines draw closer it can be tempting to rush your online purchases, but I would urge people to take their time and do simple safety checks before pressing 'purchase'.

"These checks aren't infallible, but by taking the precautions that are available to us we can make it less likely that we will end up with something unsatisfactory - or dangerous - under the Christmas tree."

Check before your buy

- Search for reviews of products and sellers to try and find out if they seem genuine.

- Spelling or grammar mistakes on websites could mean it's not a professionally run business.

- Look for the 's' at the end of the http part of the web address, and for the padlock symbol in the task bar - this means the site is using an encrypted system that keeps your details more secure.

- Be wary of links to offers and promotions on social media they can take you to fake websites.

- Does the site have a landline you can call if there are any problems? Be wary of mobile phone only contact details.

- See if you can find out where the company's head office is based - and whether that fits with how the website presents itself.

- Don't be tempted by a bargain price that seems to good to be true - it probably is, especially if some of your other checks put doubts in you mind.

- Criminals will try and cash in on those sold out must-have Christmas toys. Either with poor quality imitations that could be dangerous to children or with scam links that take your cash and you won't get the goods.

- If you believe that any online, or face-to-face, seller is selling potentially dangerous goods, or something you've bought has made you suspicious, report it to Citizens Advice Consumer Helpline on 03454 040506.

(23rd December 2017)

(Time, dated 7th December 2017 author Megan Leonhardt)

Full article [Option 1]:

There are about eight hotel reservations made in the U.S. every second. But a growing number of people are being scammed when they go to book a room.

In fact, almost one in four American travelers reported booking on what they thought was a hotel website, only to find later it was another site, according to AHLA research released in April. That's up dramatically from the just 6% of travelers who reported being duped by a lookalike in 2015.

"Hotel booking scams are a major problem in the hospitality space today," says Mike Tanenbaum, who works on cybersecurity issues for insurance company Chubb.

Part of the issue is the wide range of booking options travelers now have for hotels-from booking directly to using a travel agent to making a reservation through an aggregation site. And even within the aggregation sites, there is a wide range, from the big names like Expedia,, and Priceline to lesser known sites like Reservation Counter and AMOMA.

So it pays to watch closely who you're booking with. "There are scam websites out there-small, fly-by-night affiliates looking to make a quick buck," says a spokesman for Reservation Counter.

Even legitimate sites can run into trouble if consumers are confused. Reservation Counter, for instance, says it made some cosmetic changes in recent months on the advice of a Google team, increasing the size of its logo and changing some of its ad links to make its own branding clearer. "It doesn't do any good to mislead or deceive consumers," the spokesman said. "You can't brand if you're confusing customers."

Even if you don't lose money on these scams, you may lose out on hotel loyalty points or other perks-and special requests for bed configurations or disability access may not find their way to the hotel, AHLA warns.

If you do think you've been scammed, contact your bank and credit card company immediately, Tanenbaum says. And the next time you're booking a hotel room, take these precautions to protect yourself.

Check the Booking Site's URL

When booking a hotel, check the website's URL carefully. Legitimate hotel sites generally will begin with the characters "https://"-with the "s" denoting a secure site-rather than just "http://," according to the AHLA. Tanenbaum also recommends that consumers look for the lock symbol in the upper left hand side of the search bar, a sign that denotes the site is secure.

If there's a website that does not have the locked symbol or an "https" in the web address, do not do business there, Tanenbaum warns: "I'd never put secure credentials [credit card information, a password, or any form of identification] into it."

Also avoid booking with websites whose URLs contain vague names that you don't recognize, such as "national reservation center," after the hotel's name, according to the AHLA. These sites are likely using the hotel name in the URL to make it seem that they are the official hotel website.

Know When You're Making a Nonrefundable Payment

Be wary of sites that charge for rooms in full, in advance-and be especially careful with sites that do all of this without your express authorization, the AHLA says. Most legitimate hotels will take your payment information and charge you when you arrive, or perhaps charge a deposit to hold the room. Some may also offer price breaks for payment in advance. But either way, at the time you are booking, the sites should clearly and transparently communicate when the payment is due.

No matter when you're making a payment, always use a credit card for a hotel booking. Credit cards generally offer more fraud protection than debit cards; you can usually work with the credit card company to recoup your money if there is a scam afoot.

"It's still better to use your credit card than your debit card," Tanenbaum says.

Ask Questions

If you have any doubts about the site you're using, call it directly, using any customer service number it provides, and ask to speak to the local staff. Ask questions that only legitimate front desk staff would be able to answer, the AHLA suggests-like recommendations for local restaurants and attractions. "The actual hotel should be able to provide this information, a third-party call center won't," the AHLA says.

Even if you don't reach out to the hotel while you're booking, it's worth contacting the property before you arrive. You can call or send a short email to the hotel confirming your reservation. This will help you avoid showing up to a completely booked hotel with no reservation on file.

(23rd December 2017)

(Action Fraud, dated 13th December 2017)

Individuals and businesses are being warned to watch out for cold calls and online contact from fraudsters who are offering victims the opportunity to apply for Government grants for an advance fee.

To make the grants look legitimate fraudsters have set up bogus companies and convincing looking websites that claim to be operating on behalf of the UK Government.

Fraudsters cold call businesses and individuals offering the grant and if they're interested direct them to fill out an online application form with their personal information.
Once the fraudsters have that information they'll contact back victims and congratulate them on being accepted onto the grant programme.

Pre-paid credit cards

Applicants are then asked to provide identification and are instructed to get a pre-paid credit card to deposit their own contribution to the fake Government grant scheme. Fraudsters will then contact victims on the phone or are emailed and asked for the details of their pre-paid credit card and copies of statements to in order for them to add the grant funds.

Of course the grant funds are never given by the fraudsters and the money that's been loaded by the victim onto the card is stolen.

If you receive one of these calls, hang up immediately and report it to us. We've already taken down one website fraudsters have been using to commit this fraud and are working with Companies House to combat this issue.

How to protect yourself:

Be wary of unsolicited callers implying that you can apply for grants. You should never have to pay to receive a government grant, and they definitely won't instruct you to obtain a pre-paid credit card. The government should have all the information they need if a genuine grant application was submitted, therefore any requests for personal or banking information either over the phone or online should be refused.

What to do if you're a victim:

- If you think your bank or personal details have been compromised or if you believe you have been defrauded contact your bank immediately.

- Stop all communication with the 'agency' but make a note of their details and report it to Action Fraud.

- If you have been affected by this, or any other type of fraud, report it to Action Fraud by visiting or by calling 0300 123 2040.

The information contained within this alert is based on information from gathered by the National Fraud Intelligence Bureau (NFIB). The purpose of this alert is to increase awareness of this type of fraud. The alert is aimed at members of the public, local police forces, businesses and governmental agencies.

(23rd December 2017)



(First for Women, dated 9th November 2017 author Jaclyn Anglis)

uaware comment : Yes I know this is a US article, but the scam is transportable globally !

Full article [Option 1]:

Heads up, Aldi shoppers: There's an Aldi coupon scam making the rounds on the internet, and it's important that you don't fall for the convincing fraud. The latest fake coupon, circulating on Facebook, includes a link to an illegitimate website and claims to give away $40 to anyone who completes the survey.

"Hey ALDI fans! Looks like another fake ALDI coupon is making its way around the internet," Aldi said in a Facebook post earlier this week. "We're sorry for any confusion, but we don't offer electronic coupons and they won't be accepted at our stores. We're currently working on fixing the situation, but we'd love your help. Feel free to share this post to help us spread the word."

(Birmingham Mail, dated 7th November 2017 author James Rodgers)

Full article [Option 1]:

The £250 vouchers doing the rounds on the widely-used messaging service are nothing but a scam, experts have warned.

Those regularly using WhatsApp to message friends and family are now being told to be vigilant.

Fraudsters are sending out fake Marks & Spencer, Tesco and Asda vouchers on WhatsApp.

Asda supermarket has issued confirmation, telling customers the vouchers are bogus.
(Country Living, dated 3rd November author Jessica Mattern)

Full article [Option 1]:

With the holiday season just around the corner, get ready for an influx of scams targeting holiday shoppers online. In fact, there's one circulating right now that's affecting IKEA fans overseas.

The new scheme is tricking WhatsApp users into turning over their personal information in exchange for a fake store coupon, according to the Gulf News Society. On the messaging app, users are seeing a fraudulent message that claims IKEA is celebrating its 75th birthday by giving away $500 vouchers

(London Evening Standard, dated 30th November 2017 author Justin Davenport)

Full article [Option 1]:

Londoners are falling victim to at least 3,500 cyber fraud attacks a month, police revealed today.

Scotland Yard warned that the scale of the problem could be far greater because such offences were "vastly under-reported".

The Met now says it wants to encourage stronger links with private sector volunteers to combat cyber crime.

Detective Chief Inspector Gary Miles, head of the Falcon cyber fraud unit, said one of the most prolific scams was online advertising fraud offering non-existent properties for sale or rent.

Others include romance frauds - tricking people into meeting their "perfect partner" through dating websites - and identity frauds, where criminals use victims' details from social media. Individuals and businesses also face phishing emails, ransomware attacks and more complex hacking raids.

Mr Miles said his detectives were investigating about 1,000 "volume fraud" offences and around 130 more complex cases. He added: "We are getting about 3,500 victim reports a month, but we think this is vastly under-reported."

Last month, a gang investigated by the unit was jailed for using the bank details of hundreds of students to carry out a £2 million mobile phone fraud.

Ringleader Jonathan Boorman, 32, of Bath, and six others, including five from London, set up fraudulent phone contracts with the personal details.

Detective Chief Superintendent Mick Gallagher, head of the Met's Organised Crime Command, today said the force already has "a lot of expertise that comes in through police volunteers".

He added: "We have people from the banking sector working alongside my officers to investigate economic crime and we want to replicate that with cyber investigations."

Mr Gallagher said the Met also wanted to recruit people straight from university to tackle the fraudsters. "Some criminal individuals have a high level of sophistication and are clearly very knowledgeable - our challenge is to raise our knowledge and skills above theirs to deal with them," he said.

He added: "We do work in a clandestine way within the dark web to make sure that Londoners stay safe."

Police are also aiming to raise awareness about how to avoid becoming a victim of cyber fraud. Mr Miles said: "We want to get people to think of their online security in the same way they think about their physical security.

"There are simple measures people can take, such as going to the Get Safe Online website and learning about how to improve passwords."

Online fraud is now the most common crime in the UK, with more than 5.5 million offences each year.

(1st December 2017)

(CBS New York, dated 12th November 2017)

Full article [Option 1]:

uaware comment : You never know, this may end up being a US fraud import !

Federal officials in New Jersey warned Sunday night that scammers claiming to be from the U.S. Marshals service are telling people they missed jury duty and must pay a fine.

The FBI Philadelphia and Newark divisions and the New Jersey district U.S. Marshals service said the callers pretend to be law enforcement or court officials.

The scammers say they are with the U.S. Marshals service, the local county sheriff's department, or another law enforcement agency. They accuse the call recipients of failing to appear for federal or local jury duty and warn that an arrest warrant has been issued.

The intended victim is told he or she must pay a fine and report to court. To settle the fine, the scammers instruct the person to buy a prepaid debit card and give them card information.

Recent reports indicate the scammers have been targeting New Jersey residents. Various recipients of the scam have been documented in other states, officials said.

The FBI and the U.S. Marshals Service advised people that they should:

- Always be suspicious of unsolicited calls;

- Never give money or personal information to someone with whom you do not have ties and did not initiate contact;

- Trust your instincts - if a caller pressures you or says things that do not sound right, hang up;

- If concerns remain about the caller's claims, verify the information with local law enforcement or court officials.

(1st December 2017)

(Birmingham Mail, dated 14th November 2017 author James Rodgers)

Full article [Option 1]:

Young adults' willingness to share personal information with others online could be putting them at greater risk of fraud, a report warns.

While older people are often seen as less tech-savvy, potentially putting them at greater risk of fraud, NatWest found that less cautious behaviour among those aged 18 to 24 years old in particular could be making them vulnerable.

NatWest, which commissioned think tank Policy Network to look into financial fraud trends, found more than 80% of young adults in this age group are willing to share their email address online with their friends, and as many as 29% are willing to share their mother's maiden name - a commonly used security question.

This contrasts with just 60% of over-55s willing to share their email address, and only 12% willing to share their mother's maiden name.

The report was launched at a fraud summit being held by NatWest.

David Lowe, NatWest's head of fraud prevention, said traditionally the view has been that older people are most at risk from financial fraud.

He said: "Whilst fraud is still prevalent in this age category, we are seeing an increasing trend in younger 'digital natives' falling victim to online fraud."

Matthew Laza, director at Policy Network, said: "We need to ensure that today's school children don't become another 'generation scammed'.

As more and more of life moves online this is a real danger for the future.

"Which is why we believe every UK school child should have completed a fraud and cyber security course by the time they leave school, so we can have a generation digitally ready."

Research for this report involved a review of available data on fraud and scams, analysis of YouGov survey data, and interviews with fraud experts.

(1st December 2017)

(Which?, dated 7th November 2017 author Stefanie Garber)

Full article [Option 1]:

Thousands of people and businesses have been tricked into transferring just over £100m to scammers in the past six months alone, new data shows. But proposals from the Payment Services Regulator (PSR) may offer more consumers a way to get their money back.

Which? has been campaigning for over a year to protect consumers from bank transfer scams. The PSR has now unveiled new measures to reimburse victims and prevent fraud, as well as data that for the first time reveals the full scope of the problem. This means that victims of bank transfer fraud - which has become the second biggest type of fraud (after card fraud) may soon have the chance to get their money back

£100m lost, just 25% recovered

Bank transfer fraud happens when a person is tricked into transferring money into a scammer's account - either buying something that don't exist, or being misled about the recipient's identity.

The PSR has today released figures that reveal the scale of the problem for the first time. In the past six months alone, over £100m was transferred to scammers by people in the UK, according to data from UK Finance.

Of this, around £25.2 million was recovered - meaning just £1 in every £4 lost to this type of fraud has been paid back to victims.

In the six month period, around 19,370 cases were recorded. On average, individuals lost around £3,027, while businesses lost £21,477.

Bank transfer fraud at a glance (Figures from UK Finance, November 2017)

- Amount transferred to scammers in past 6 months : £101.2 million
- Cases in the UK in the past six months : 19,370
- Average loss per person : £3,027
- Average loss per business : £21,500

Unlike credit or debit card frauds, people who are tricked by a bank transfer scam currently have no legal right to get the money back from their bank. If the money cannot be recovered from the recipient's account - and often, funds are immediately withdrawn or sent offshore - then you may have little recourse to get your money back.

PSR proposes reimbursement scheme

Which? launched a super-complaint to the PSR on 23 September 2016, calling for the regulator to investigate whether banks were doing enough to protect consumers from bank transfer scams.

The PSR today released its full report, and launched a consultation into a contingent reimbursement scheme.

Under the proposal, victims would be entitled to a refund from their bank in certain circumstances. Stakeholders, including consumer groups and banks, have been invited to respond within the next three months. If the scheme were implemented, the PSR expected it would be in place by September 2018.

Industry makes progress on prevention

The PSR also provided an update on the banking industry's progress towards better fraud prevention and protection for customers.

UK Finance has published a set of best practice standards, which its members have agreed to fully implement by the end of Q3 2018.

From 2018, banks will improve their information sharing, and financial crime data sharing. The Joint Fraud Taskforce, of which UK Finance is a part, is also developing a framework to allow stolen funds to be tracked across payment systems, frozen and then returned to victims.

The PSR also noted that the industry had made positive steps towards fraud prevention, including towards the development of a 'confirmation of payee' tool. This would raise an alert if the name entered as the payee in a transaction didn't match the account details. The tool is expected to start rolling out during 2018.

###Which? welcomes reimbursement plans

Since filing its super-complaint, Which? has called on the PSR and the banking industry to show progress on tackling transfer fraud.

Which? welcomed the PSR's latest proposals, but called for the banking industry to move quickly to protect consumers.

Which? CEO Peter Vicary-Smith said: 'A year on from our super-complaint, it's good to see the regulator coming down on the side of consumers. If this stops the huge amounts of money lost to bank transfer scams, it'll be a significant win.

'To make this a reality, the regulator must now ensure any reimbursement scheme properly compensates victims. Meanwhile, banks must move to quickly put in place better checks and protections to prevent these scams happening in the first place."

(1st December 2017)

(INC, dated 29th November 2017 author Joseph Steinberg)

Full article [Option 1]:

Criminals are exploiting the news that Uber suffered a serious data breach to inflict more harm on Uber customers. As if it the pilfering by hackers of the names, email addresses, and mobile-phone numbers of 57 million customers of the ride service as well as the driver's license numbers of 600,000 Uber drivers was not bad enough, criminals are now crafting sophisticated phishing emails that prey on the same group of people.

There are multiple variants of the scam -- and surely more to come.

Various realistic-looking phishing emails appear to come from Uber and apologize for the breach. Some request that the user reset his/her password so as to ensure that any passwords compromised in the breach cannot be used by criminals. This may appear to be sound advice - and it actually might be if it were not for the fact that the password reset link provided in the email directs clickers to a bogus Uber site run by criminals in order to collect passwords. Of course, the site asks you to enter your "old password" along with your desired new password.

Another variant of the phishing email contains a profound apology for the breach, and offers the customer a $50 credit towards rides on Lyft, Uber's main competitor in many markets. While anyone who spends a moment thinking about the offer should realize that it is likely bogus - why in the world would Uber be both providing its primary competitor with revenue and directing its already upset customers to that primary competitor - people have a tendency to act without thinking when offered "free money" which they think may no longer be available if they do not act quickly.

Other variants of the phishing scam already exist, and more will continue to appear in the upcoming weeks.

So, if you are an Uber customer -- or ever were an Uber customer -- stay vigilant and suspect that any emails that you receive either asking you to take action to protect your Uber account, or promising you compensation for the breach, are likely scams. Of course, it is a good idea to change your Uber password - but do so by using the app on your phone, not by clicking links in an email that was sent to you by someone of whose identity you simply cannot be certain.

(1st December 2017)

(Mirror, dated 14th November 2017 author James Andrews)

Full article [Option 1]:

A new warning has been issued about a convincing scam email pretending to be from TV Licensing.

Action Fraud has warned that it's had more than 200 reports of the new scam, adding that TV Licensing would never email to tell you you're due a refund.

Instead, the scammers are simply trying to get you to enter your bank account details.

The worrying thing is that there are actual refunds available for some Britons - with £37 back a real possibility - something scammers are trying to exploit.

t's a lie. There is no refund available and even if there was, TV Licensing simply doesn't email people telling them they are due refunds.

"A small number of our customers have received scam email messages saying they are due a refund. A link directs customers to a fake version of the official TV Licensing website which asks them to enter personal information and bank details," TV Licensing warned .

"If you receive a similar email message, please delete it. If you have already clicked the link, do not enter or submit any information. TV Licensing never sends refund information by email and is investigating the source of this fraud."

But while this email is fake, there are ways to pay less for a TV Licence.

As TV licences apply to addresses, not individuals, as long as someone qualifying for a discount lives at your address and the licence is in their name, the whole house benefits.

So who gets a discount? Well, older Britons don't need a TV licence.

That means when you reach the age of 75, you can apply for a free over 75 TV Licence . They last 3 years and will be sent out provided you give them your national insurance number. In fact, if you're 74, you can even apply for a short-term licence to cover up up until your 75th birthday.

Secondly, while it's not free, but anyone who's blind (severely sight impaired) can get half price TV licences . Again, this means the rest of the house is covered too.

If you're renting, you don't need a separate TV licence for your room if you have a relationship with the homeowner (and live in their main house) or a joint tenancy agreement - but do need one if you have a separate tenancy agreement for just your room.

There are also other times you might be able to get money back on the £145.50 - for example if you're a student you can get a £37 refund .

(1st December 2017)

(Mirror, dated 14th November 2017 author Emma Munbodh)

Full article [Option 1]:

Christmas shoppers are being warned to think twice before entering sensitive details online this season following a rise in the number of fraudulent Pandora websites selling counterfeit goods on the internet.

The online pages, which offer up to 70% reductions, are uncannily like the official online jewellery store, however, hand your details over and you could be left hundreds of pounds out of pocket, or at best, with a fake item.

This includes one page called pandorasukonline which has since disappeared online.

On Facebook, a customer reported that they'd ordered several charms at a total price of £235 from the website on 10 October 2017.

On later inspection, the shopper discovered they'd been billed £265 instead, to date, the items have still not arrived.

Facebook page Pandora Scam Sites first warned of the rogue website last month. It shared a list of several more sites to watch , which it alleged were all 'scams'.

Hundreds more have also since been shared on the official Pandora Facebook page (see below) - with customers being warned to check here if they are suspicious .

Head of Group Press. Martin Kjærsgaard Nielsen told Mirror Money: "At Pandora we are full aware that there are dark forces out there who seek to exploit and misuse our strong brand with counterfeit jewellery.

"This is obviously completely unacceptable and we are taking and will continue to take necessary measures to end this practice. We closely monitor the situation as it is important for us to protect our brand.

"Ultimately, it is a matter for authorities to enforce the legislation that protect our legal rights, which in turn will prevent consumers from ending up with fake and counterfeit jewellery."

*******The orginal article provides details of some BOGUS "Pandora" websites ********

Spot the signs - how to tell if a website is genuine

Action Fraud, the government's anti fraud body, has identified a number of preventative steps for customers shopping online this Christmas.

In a statement, detective inspector Chris Felton told Mirror Money: "As with any online shopping, we would urge people to research a seller before paying any money. Search for reviews from people who have previously purchased from the seller and check the item description carefully. If you are unsure, ask the seller questions.

"To protect your money until you've resolved any problems with the seller, always pay suing a recognised service; never pay by money transfers."

- If something seems too good to be true, it probably is. Don't be fooled into thinking you're getting a great deal.

- Get the trader to tell you if they provide an after-sales service, warranty or guarantee. Most rogue traders don't.

- Make sure you understand how the website's feedback function works. Feedback will give you useful information about recent transactions other buyers have made.

- Check the item's description carefully - ask the seller questions if you're not sure of something.

- Be aware of phishing emails that look like they come from the online auction or payment site you're registered with, asking you to update your account details or re-enter them because your account has been suspended.

- Check the URL in the web browser. A tactic often used by fraudsters is to change the address very slightly (if they're spoofing an eBay site, for instance, they may have an address such as '. . .' whereas the real site is '. . .')

- Read the terms and conditions carefully, including those relating to any dispute resolution procedures the site offers.

- Run the site through a search engine - often if a site is suspicious, there'll be people talking about it online.

As a buyer you should:

- Try to avoid paying by money transfers - they aren't secure.

- Be careful when using direct banking transactions to pay for goods. Make sure transactions are secure.

- Don't send confidential personal or financial information by email.

- Use an online payment option such as PayPal, which helps to protect you.

I've been caught out - what should I do?

- If the seller has misrepresented the goods you've bought or your goods have failed to arrive, report the incident to Action Fraud .

- If you have passed on your personal banking details or any sensitive information relating to money, inform your bank immediately.

- Keep all evidence of the offence, including goods and correspondence.

- If there is a business dispute over the nature of the transaction, contact the website involved. Or, you can alert Consumer Direct by phone on 08454 04 05 06.

What Pandora says

In a statement on the Pandora Facebook page, the firm states the following in relation to counterfeit goods:

"As soon as a brand becomes popular you will see counterfeits multiply. Copies and fake products are unfortunately a challenge for Pandora - just as it is for most other jewellery manufacturers. Jewellery is easy to copy because of its size and character, and that unfortunately also goes for the lettering, e.g. our marker's mark "ALE" or our trademark "Pandora", which otherwise show customers that the product is authentic.

"This means that you can easily find products that have this stamp, but which is most definitely not authentic Pandora. Rest assured that we do not tolerate such counterfeits and take appropriate action.

"PANDORA takes trademark infringement very seriously and we have a department dedicated to brand protection. Unfortunately, it is not always easy to shut down a website, and the process can take some time if the company hosting the website will not cooperate.

"We are also working with Facebook to find a solution to stop fake sites advertising. Many fake websites and Facebook pages are daily being closed down."

The statement adds that customers suspicious of any websites should send the address and Facebook URL to its Brand Protection team:

(1st December 2017)

(The Motley Fool, dated 15th November 2017 author Matthew Cochrane)

Full article [Option 1]:

uaware comment :
okay, I have done it again, I have provided a US article. My defence is that it explains the problem and possible prevention. Take heed !

While there are many advantages to living in a digital world, the connected life also has its drawbacks. One of the biggest disadvantages is that it gives fraudsters numerous opportunities to gain access to our personal identification. Last year alone, 15.4 million consumers were the victims of identity theft, a 17.5% increase from the previous year. With this information, thieves can open new accounts in our names, steal from our existing accounts, and use it as a veil of authenticity during the commission of scams.

Fraud and identity theft have become a fact of life in today's world. This year, when the Global Fraud Index was released, one statistic stood out more than any other: Account takeover fraud skyrocketed by more than 45% year over year in 2017's second quarter and cost merchants a whopping $3.3 billion in that three-month period. While exact figures are extremely difficult to come by, other studies confirm the overall trend. Javelin Strategy's 2017 Identity Fraud Study, released in February, reported account takeover incidents increased by 31% in 2016 with consumer losses reaching $2.3 billion, a 61% increase from the previous year.

As an economic-crimes detective, I see the financial pain and emotional stress this type of crime causes firsthand. And while this type of fraud has always been rampant, my own experience confirms the research results: This type of fraud isn't going away and only seems to be growing more common.

What is account takeover fraud?

Account takeover fraud occurs when criminals gain access to victims' bank or credit card accounts and then make unauthorized transactions on the account. While this encompasses credit card fraud, when someone uses your credit card number to make a purchase, more insidious versions of this crime go deeper. After all, consumers enjoy far-reaching protection against permanent monetary loss when they are victims of simple credit card fraud, but bad cases of account takeover fraud can involve far more.

I've seen cases where suspects gain access to a victim's banking account and promptly change the account holder's phone number, physical and email address, and online password. The legitimate account holders are effectively locked out of their own accounts, ensuring that they will no longer even receive texts or emails alerting them to the suspicious activity.

How account takeovers happen

Consumer information can be stolen in a variety of ways; some of the most common methods of stealing data include malware, phishing, and data breaches. Indeed, it seems hardly a month goes by without another data breach at a major corporation where millions of consumers' payment information was stored. Earlier this fall, the data breach at Equifax was nearly unprecedented in scope and breadth, affecting 143 million Americans.

Phishing and malware attacks are also on the rise. Symantec estimates that 54.3% of all email is spam and that there are nearly 1.6 million blocked Web attacks each day. In June, the company stated that phishing attacks increased to about one out of every 1,975 emails. With massive, high-profile data breaches making the news and phishing and malware attacks rising, the increase in account takeovers doesn't seem poised to slow down anytime soon.

What you can do to protect yourself

There is no silver bullet to stop fraud. With these types of attacks on the rise, it's almost inevitably just a matter of time before we're all victimized. We can, however, take definitive steps that will decrease our exposure to being targeted and mitigate the severity of the incidents when they take place.

1. Develop strong and unique passwords across all of your accounts. When most of us hear of a data breach that might directly affect us, we immediately fear the theft of our personal identification, including our name, address, date of birth, and Social Security number. What many of us fail to consider is whether we've used a password for that account that we used elsewhere.

Unless one is unusually savvy with memorizing odd word combinations or develops a highly sophisticated system, using unique, strong passwords (using letters, numbers, and symbols) across every single site where an account is kept is almost impossible. That's why I strongly suggest using software or websites that are designed to do this very thing. Doing so saves people the headache of performing this Herculean task on their own. Although most of these cost money, some will run their program across one device for free. A few things to look for when researching these services include two-factor authentication, automatic password capture, form-filling capabilities with multiple form-filling identities, and secure sharing.

2. Always pay with a credit card. Frank Abagnale Jr., the former conman turned security consultant made famous by the movie Catch Me If You Can, tells clients he removes 99.9% of all fraud risk by using credit cards. Why? Because consumers are limited to $50 of liability when credit card fraud is reported in a timely manner. That's far more legal protection than any other payment method offers. Likewise, consumers are in a position of strength because they're never without the money in their banking accounts; they're merely arguing over how much money they owe their credit card company.

3. Avoid writing personal checks whenever possible. Think about the most damaging information that could be leaked to potential thieves and fraudsters and then consider what's printed on the front of your personal checks: your name, address, banking institution, routing number, and bank account number. That's a treasure trove of information for anyone wishing to defraud you. For this reason, if at all possible, only write checks to trusted friends or family members. Otherwise, run to the ATM for a quick cash withdrawal if you can't pay with a credit card, or use a digital payment service such as PayPal or Venmo.

4. Monitor your accounts closely. Finally, make sure you keep tabs on all of your accounts -- checking, savings, brokerage, credit card -- and immediately report any suspicious activity. Regularly make sure your account contact information is up to date and correct. Even watch out for small charges that almost seem inconsequential at first. Many times, fraudsters will use the account for small transactions first to ensure the information they have is working.

Account-takeover fraud can be draining affairs -- both financially and emotionally. But people who take these steps stand to be affected much less if they're victimized.

(1st December 2017)

(BBC News, dated 3rd November 2017)

Full article :

The organisation at the frontline of UK consumer protection says it is seeing a pattern of "old scams, new tricks".

National Trading Standards (NTS) said that while online crime was a growing problem, time-honoured fraud methods would not disappear any time soon.

It said many people were still hounded by cold callers, scam mail and doorstep criminals.

Criminals were also using smart TVs and voice-activated home devices to steal data, its Consumer Harm Report warned.
'Challenging times'

NTS, which was set up by the government in 2012, said 2016-17 had been a record-breaking year, with 104 criminal convictions.

However, it said criminals were using new tactics to avoid detection, such as mail arriving via third-party countries and the use of blank envelopes, so that people had to open them to find out what they contained.

In its annual report, it listed the potential emerging threats to consumers over the coming year, including:

- Continued manipulation of online ticket retail sites by scammers and organised criminals

- The growth of social media as a selling platform, putting consumers at risk of intellectual property crime and product safety issues

- The risk posed by connected devices such as smart TVs and home assistants, which may leave consumers open to data theft

- Increasing sophistication of doorstep criminals who use websites, social media and fake reviews and are increasingly part of larger organised crime groups.

"An evolving criminal landscape does not mean the more traditional scams will disappear," it said.

"Instead, National Trading Standards is seeing a trend of criminals diversifying and adapting their current schemes, evidenced in mass marketing mail scams.

"Additionally, more scams are originating abroad, with criminals concealing the payments they're receiving from their victims through payment processing companies," it said.

But it said its actions had prevented nearly £127m in losses to consumers and businesses during the year.

Lord Toby Harris, who chairs the NTS, said: "Our teams are operating in an ever-evolving criminal environment. Consumer protection bodies are facing changing and challenging times."

He also praised the efforts of the public, who were "pivotal" in reporting crimes and supporting the NTS's work.

"So together, we continue to work to disrupt, investigate, prosecute and keep people safe."

(1st December 2017)

(Independent, dated 8th November 2017 author Aatif Sulleyman)

Full article [Option 1]:

Internet users are being targeted by a fake email claiming to have been sent by Amazon.

The scam message features the company's logo and even social platform icons, and has been carefully formulated to look as official as possible.

However, it's designed to trick you into giving out your personal details and visiting malicious websites.

The fake email, which was first spotted by Better Business Bureau, claims that Amazon can't confirm some of your personal details, such as your identity, payment information or address.

It asks you to update your information by clicking a link, which looks a lot like the gold-coloured buttons that feature on the Amazon website.

Despite its convincing appearance, you should not click it.

Doing so won't take you to Amazon, but to a third-party website that could try to steal your sensitive data by infecting your computer with malware.

Action Fraud has also noticed the scam, and is advising people to log in to the Amazon site directly, rather than risking your safety by engaging with the potentially dangerous emails.

"Amazon will never ask for personal information to be supplied by e-mail," the company says.

"Emails from Amazon will never request you to update payment information via a link. Instead, we would include instructions on how to verify your account information, including payment options, through the website."

Amazon says it would also never ask for your National Insurance number, your bank account information, credit card number, PIN number, or credit card security code, your mother's maiden name or other information to identify you, or your Amazon account password over email.

You can report a scam email to Amazon by following the instructions on the company's help page.

(1st December 2017)

(Which?, dated 4th November 2017 author Faye Lipson)

Full article [Option 1]:

UK victims of May's Equifax data breach have been left confused and panicked by a letter from the firm which says their personal information has been compromised - but doesn't say what Equifax is or why it holds their data.

Which? has heard from dozens of people who received the letter and were confused by it - with some fearing it to be a scam - because they have never heard of or directly dealt with Equifax before.

Equifax has now confirmed that only 27,000 of the nearly 700,000 people it has written to were its direct customers - and the rest may previously have had no inkling they were affected by the breach.

Equifax data breach: 15.2m Brits affected

In May this year, Equifax announced its data had been access by hackers in a cyber-attack. Some 15.2 million UK client records were compromised and more than 690,000 UK consumers are likely to have had sensitive details stolen.

These include email addresses, passwords, driving license numbers, phone numbers and partial credit card details.

Equifax is now writing to those worst-affected UK individuals to offer a choice of free ID-monitoring services.

Why does Equifax hold data for non-customers?

Equifax has confirmed that just 3% of the worst-hit victims were its direct customers.

How is this possible? As a credit reference agency, Equifax receives personal data from banks and financial institutions whenever someone applies for a bank account, mortgage or credit card. Consent for this is usually included in the application terms and conditions.

This means Equifax may hold data on you even if you've never dealt with it directly. Others will have transacted with Equifax by purchasing a credit report or identity monitoring services from it.

Victims express confusion, fear of further scams

Which? has seen evidence the letters are causing widespread confusion among the victims. One person who'd had their name, date of birth and telephone number compromised emailed us:

As far as I am aware I have never used this organisation, they now advise me to use their "free" services to help protect myself. If they are so incompetent in the first place to have been the subject of a cyberattack why should I trust any of the services they recommend.

Is this a scam on top of a scam?

In addition, the Which? Money helpline has fielded more than 25 calls so far this week from people concerned by the letter.

Technical expert and Trading Standards 'Scambassador' Scott McGready took to Twitter to blast the way Equifax has handled informing the public, branding it 'Like herding cats,' and insisting that 'more needs to be done'.

Which? asked Equifax to comment on the apparent confusion its letter had caused, but it declined to do so.

------------- See orginal article to view the Equifax letter --------------

How to verify your letter?

If you receive a letter regarding the Equifax data breach, and you're not sure if it's genuine, look up Equifax's number independently via a search engine or directory enquiries. Then give them a call to confirm the letter is genuinely from them.

Should I accept the free identity monitoring services?

If your data has been breached, you may be at heightened risk of identity fraud. To combat this, Equifax is offering its worst-affected UK customers free services which monitor how your identity is being used online - some of them run by Equifax itself, and one run by anti-fraud body Cifas.

If you are concerned about the security of Equifax's own products, you can opt to be enrolled in Cifas's Protective Registration scheme - however you will still have to give some personal information to Equifax so it can enrol you for free.

It is possible to enrol directly through Cifas, though this will attract a £20 charge (for two years' cover).

Which? tips for surviving a data breach

If you believe you've been a victim of a data breach, take the following steps to protect yourself:
- Contact your mortgage, current account and credit card providers to make them aware of the potential breach.

- Change your passwords on any online accounts holding sensitive information.

- Check your credit card statements and credit reports for unusual or unauthorised activity. Report any discrepancies to the provider immediately.

- Apply for protective registration from CIFAS - the Fraud Prevention Service. This will trigger additional checks any time someone tries to open a financial product in your name.

- Be extra-vigilant against phishing messages.

- Our (Which?) consumer rights guide explains how to spot a scam message.

(1st December 2017)

(Daily Mail / This is money, dated 7th November 2017 author Victoria Bischoff)

Full article [Option 1]:

Banks are working on plans to track down stolen money and return it to fraud victims within days.

They are setting up a new system that allows them find out where a payment has ended up - regardless of how many bank accounts the money has been moved through.

It means fraud victims will stand a far greater chance of getting back the cash they've lost.

Yesterday, new industry figures revealed for the first time the scale of bank transfer scams where con artists trick victims into handing over money.

In the first six months of this year 19,000 people were hit by this type of fraud, losing £101million. Just £25million, a quarter of the stolen money, was returned to customers.

Most victims are left permanently out of pocket because banks struggle to trace the stolen funds.

When a fraudster tricks someone into handing over cash, it is typically moved out of the receiving account and into another one within minutes.

From there it will be moved again and again through different accounts - known as mule accounts - with different banks.

It may be mixed with other money, some of which may be completely unrelated to crime, until it is almost impossible to work out where it originally came from.

The criminal will then withdraw the funds in cash, transfer the money overseas or use it to make a purchase.

At that point, your cash is usually gone for good - and banks won't offer a refund - which is why it is vital to track it down before it leaves the banking system.

A new digital tracing tool, which banks are calling the 'funds repatriation initiative', will make this possible.

Brian Dilley, group director of fraud & financial crime prevention at Lloyds Banking Group, says: 'The banking industry has been working together to develop a central system that enables us to trace and track the proceeds of fraud through the banking system.

'Money stolen by fraudsters often exits the banking system and is long gone before people know they've been conned, but an infrastructure allowing banks to identify money quicker as fraudsters try to move it down the line will make it harder for them to get away with stolen cash and help victims get their money back.'

At present, when a victim of fraud contacts their bank for help getting their money back the bank can only see the first account the money was moved into.

If the bank that received this money says it has already been moved out of the account there is little, if anything, they can do.

But under the new system the victim's bank will be able to enter the payment details into a central computer that will show almost instantaneously every account the money has moved through since it was stolen - and crucially, where it ended up.

Once they know what bank has the money they can call and ask for it to be frozen so fraudsters can't touch it again.

If the case is simple and does not involve foreign bank accounts, the money could be transferred back to the victim within days.

In more complicated scenarios the bank may need longer to investigate to ensure the money is going back to the right owner.

Experts say this new system could protect significant numbers of customers and prevent millions falling into fraudsters' hands.

As Money Mail has highlighted over the past two weeks, around £130million has been frozen in accounts opened by criminals.

Often, this money has been abandoned by fraudsters after banks have become suspicious and flagged the account for investigation.

In many cases banks are then unable to return the cash to the victim either because they can't trace where the money came from or are prevented from touching it by onerous rules and laws.

Money Mail is campaigning for a tweak to the law so this cash can be used to pay back fraud victims who've been left out of pocket.

If the original victims can't be found, banks should be allowed to use it as a compensation fund for other victims.

Barclays, HSBC, Santander, Nationwide and TSB have backed our campaign.

And over the past week Money Mail has convinced Lloyds bank to throw its full weight behind our proposals.

Initially, it had suggested the money might go towards general efforts to tackle fraud rather than as compensation.

But now it says: 'Lloyds fully supports Money Mail's campaign to change the law and unlock all the £130million in the frozen funds to compensate victims of fraud.'

If it was easier for banks to trace money through the system this money wouldn't amass in the first place.

Writing for Money Mail today, Stephen Jones, chief executive of banking trade body UK Finance, says: 'We need changes to the law to help stop the criminals in the first place, as well as helping victims get their money back.

'That is why the UK banking industry welcomes Money Mail's campaign.'

Banks have already begun piloting this new technology and are aiming to move into a second phase of testing early next year.

They say that realistically the new system will not be fully up and running for another two years.

There are also questions around who will fund the system, how people's data will be protected and if it will be mandatory for all banks and building societies to sign up.

There are also legal and data protection issues to consider.

For example, banks say that there needs to be protection in place in the event that they take money out of someone's account to return to a victim and the owner of that account turns out to be innocent.

For example, the criminal could have used the money to pay their rent. In this instance the bank can't just take back the money from the landlord, who may be completely unaware they have been paid in criminal money.

There will also need to be a framework in place to deal with disputes when things go wrong.

Despite being a giant leap forward, the new system will not protect all victims, as it cannot stop fraudsters taking money out of the banking system altogether.

Yesterday, the Payment Systems Regulator announced plans to force banks to reimburse people where firms 'have not met the required standards' in protecting customers.

It also wants to make it harder for criminals to set up bank accounts and is asking banks to share data so it's easier to spot scammers.

(1st December 2017)

(BBC News, dated 7th November 2017)

Full article :

People who have been conned into authorising their bank to pay a fraudster could find it easier to get compensation, under plans being put together by the regulator.

The Payment Systems Regulator is trying to devise a way to reimburse victims of authorised push payment (APP) scams.

In the first half of this year, 19,000 victims lost £100m to APP scams.

One such, Kate Blakeley, described the "sheer horror" of discovering the loss of almost £300,000 through such a scam.

Ms Blakeley, who was in the process of buying a house with her partner, described her experience. She thought she was transferring money to the right account, but it was in fact one controlled by a fraudster.

"Everything had gone very smoothly," she said. "Our conveyancing solicitor provided details by email of the bank accounts to make the money transfers on the day of completion.

"We transferred just under £300,000 on the day and within about three hours, we realised the money had gone missing.

"The moment of realising the money hadn't arrived as intended with the bank account we sent it to, or thought we'd sent it to, was just sheer horror."

Ms Blakeley did get all the money back eventually, but lost thousands in solicitors' fees. The matter is still subject to a legal dispute.

'No silver bullet'

The PSR has been investigating APP scams following a super-complaint by consumer body Which?.

The regulator said "good progress" was being made in a number of areas and it hoped a compensation system would be in place by September 2018.

As well as starting to record and understand the scale of APP scams, the PSR will also introduce new standards for banks to follow when a victim reports such a scam, which should improve victims' experience and banks' response times.

However, PSR managing director Hannah Nixon warned that not every scam could be prevented.

"There is no silver bullet for APP scams, and some people will still, unfortunately, lose out," she said.

"That's why we've continued to look for a solution that could reimburse those who are scammed, and today we begin consulting on an option that we think could work."

She added that account holders also needed to take "an appropriate level of care" in protecting themselves.

How to protect youself against "push" fraud

When you transfer money from your bank account, you are asked to enter three pieces of information: the name of the payee, their account number, and the sort code. However, only the last two are cross-checked by the bank. So putting in the correct name is no guarantee that person will get the money.

Financial Fraud Action UK offers the following advice:

- Never disclose security details, such as your PIN or full banking password
- Don't assume an email, text or phone call is authentic
- Don't be rushed - a genuine organisation won't mind waiting
- Listen to your instincts - you know if something doesn't feel right
- Stay in control - don't panic and make a decision you'll regret

'Significant win'

The Financial Conduct Authority (FCA) has reviewed the way banks handle APP scams.

It found banks' procedures were inconsistent, their existing fraud detection systems could not easily detect APP scams, and they did not collect enough data.

However, the FCA considers the industry initiatives underway will help to tackle these issues.

Peter Vicary-Smith, chief executive of Which?, said: "It's good to see the regulator coming down on the side of consumers. If this stops the huge amounts of money lost to bank transfer scams, it'll be a significant win.

"To make this a reality, the regulator must now ensure any reimbursement scheme properly compensates victims. Meanwhile, banks must move to quickly put in place better checks and protections to prevent these scams happening in the first place."

(1st December 2017)

(The Telegraph - Money, dated 4th November 2017 author Amelia Murray)

Full article [Option 1]:

Experts have condemned the banking industry for its inconsistent approach in dealing with victims of "transfer fraud" - which is now one of the fastest-growing forms of financial crime.

The fraud usually involves email interception or some form of trickery, whereby the victim unknowingly sends money to a criminal's account. In many cases - but not all - where the recipient is proved to be a criminal, the bank that operated their account makes good the victim's loss.

Telegraph Money reported how David Burton and Derek Mackenzie were reimbursed by TSB after falling victim to eBay fraud, on the grounds that the bank allowed fraudsters to open accounts with false information (see box below).

Now, in a remarkably similar case, Nationwide has refused to pay back victim Balazs Kelemen the £8,700 he transferred into a fraudster's account operated by the building society. Mr Kelemen believed he was buying a BMW.

A police report later confirmed that a false Romanian ID card and counterfeit British Gas utility bill in the name of Constantin Chescu was used to open the Nationwide FlexAccount on Jan 10.

The criminal was apprehended and in May charged with "fraud in relation to opening accounts, using false identity documents and money-laundering, in relation to receiving victim's monies and subsequently withdrawing the funds". He was sentenced to 12 months in prison in July.

Mr Kelemen, 33, made two payments totalling £8,700 on Jan 23 and 24 to a firm called BC Motors, which turned out to be a fake website. He was one of 32 people who reported the company to the police.

When the car failed to materialise, Mr Kelemen, who lives in Southampton, realised the ruse.

But by the time he called his bank HSBC on Jan 31, the money had already been drained from the Nationwide account. Mr Kelemen also reported the crime to Action Fraud, the UK's cybercrime and fraud reporting service. Despite the conviction, Nationwide refused to accept responsibility for the fraudulent account. It insisted it was not negligent.

However, Richard Emery of fraud consultancy 4Keys International and an expert witness, argued that if the mutual had done its due diligence "properly" it would have spotted the documents were fake and the account would not have existed.

He said: "I don't accept the argument that the documents 'looked all right'. Nationwide has a moral obligation to refund the customer. Essentially its processes failed." A spokesman from UK Finance, representing banks, admitted fraudulent information could be "extremely difficult to detect".

Telegraph Money has long campaigned for the banks operating criminals' accounts to take greater responsibility for other, innocent users of banking services.

The Payment Systems Regulator, which oversees transactions, is issuing a report on Nov 7 on this issue. Last week Barclays became the first British bank to introduce pop-up windows that warn customers they may have been targeted by fraudsters when they make online payments that appear to be "suspicious or out of character".

And on Thursday Lloyds announced a new measure that would see its customers being prompted to answer additional security questions before setting up new online payments.

It was different with TSB: the bank acknowledged its role - and paid up

Earlier this year two fraud victims, David Burton and Derek Mackenzie, were refunded by TSB on the grounds that the accounts they transferred money into were opened with false information.

Mr Burton paid £3,400 to a fraudster on eBay for a non-existent motorhome in 2014. When it failed to turn up he contacted his own bank, Barclays, but the money had already been cleared from the TSB account.

Mr Burton also reported the crime to Action Fraud, which passed it on to the police for investigation.

A report from Bloxwich police revealed that fake details were used to open the account.

Following pressure from Telegraph Money, TSB admitted that the opening of the account did not meet its "strict anti-fraud requirements and ID checks". It refunded the £3,400 along with £250 compensation.

Mr Mackenzie got his money back from TSB on similar grounds after he transferred £7,858 to its criminal customer for a cherry picker he saw on eBay. A data disclosure from Devon and Cornwall Police revealed that the fraudster was able to bypass TSB's systems using a "made up" National Insurance number.

TSB agreed to reimburse Mr Mackenzie the full amount, along with £300 and interest.

(1st December 2017)

(The Guardian, dated 27th November 2017 author Vikram Dodd)

Full article [Option 1]:

Record numbers of young people are letting their bank accounts be used by criminals engaged in terrorism and other serious offences, it has been claimed.

The past year saw a 105% increase in cases of "money muling" for those aged 21 years or under, to 6,484 cases, where seemingly innocent bank accounts are used to launder criminal proceeds.

Simon Dukes, chief executive of Cifas, the UK's fraud prevention service, said: "The criminals behind money mules often use the cash to fund major crime, like terrorism and people-trafficking. We want to educate young people about how serious this fraud is in the hope that they will think twice before getting involved."

Cifas says there were 8,652 cases of bank accounts belonging to 18- to 24-year-olds being misused in the first nine months of this year, a 75% increase in the last 12 months. That is double the number in 2013 when there were 4,315 cases.

Experts say one fraud asks people to reply to job adverts or social media posts that promise big sums of money way in excess of the work that will be needed.

Katy Worobec, head of fraud and financial crime prevention, at UK finance, which represents banking and financial companies, said: "Money muling is money laundering and criminals are using young people as mules in increasing numbers. We know that students are particularly vulnerable as they are often short of cash.

"When you're caught, your bank account will be closed, making it difficult to access cash and credit. You could even face up to 14 years in jail. We're urging people not to give their bank account details to anyone unless they know and trust them. If an offer of easy money sounds too good to be true, it probably is."

(1st December 2017)

(FT Adviser, dated 4th September 2017 author Maria Espadinha)

Full article [Option 1]:

uaware note : Article forwarded via National Trading Standards alert 44

A number of suspected scam websites have been referred to The Pensions Regulator (TPR) over the suspicion they are being dressed up as legitimate investment vehicles.

The Pensions Regulator is warning rogue pension websites are carrying anti-scam messages to try to trick consumers into thinking they are legitimate entities.

This warning comes after the government announced it was introducing a cold calling ban, which will also include texts and email.

The new legislation will also include tighter rules to prevent the opening of fraudulent pension schemes and restrictions to prevent transfers into scam schemes.

According to experts, some of the new rules might be introduced as soon as this week in the second Finance Bill of the year.

The Pensions Regulator is currently leading the multi-agency Project Bloom taskforce, which was set up to tackle pension scams.

It includes the Department for Work & Pensions, HM Treasury, the Financial Conduct Authority, HM Revenue & Customs, the Serious Fraud Office, City of London Police, the National Fraud Intelligence Bureau, The Pensions Advisory Service and the National Crime Agency.

Some of the rogue websites are even carrying the Bloom campaign's anti-scam material without TPR's consent, the regulator said.

Some even imply they are regulated by carrying warning messages designed to prevent people falling victim to scams, such as making reference to the tax implications over accessing your pension before the age of 55 and the danger of cold-callers.

According to Lesley Titcomb, chief executive at TPR, "these sites are wolves in sheep's clothing, lying in wait for unsuspecting victims by portraying themselves as being beyond reproach".

She said: "The truth is that this next generation of scam sites poses a real threat to people's financial futures and should be avoided."

According to government figures, almost £5m was obtained by pension scammers in the first five months of 2017.

It is estimated that £43m has also been unlawfully obtained by scammers since April 2014, with those targeted having lost an average of nearly £15,000.

The regulator is working closely with government, enforcement agencies and key financial service bodies to bring scammers to justice and, through its Scorpion campaign, to help the public protect themselves from scams, Ms Titcomb added.

Malcolm McLean, senior consultant at Barnett Waddingham, said scammers "are pretty clever people" and savers "need to very wary".

He said: "It is very clear that the original messages [on scams] are applicable here - if someone contacts you out of the blue, without any approach from you in the first place, then you should be extremely suspicious and in most cases, do not deal with them at all."

Even after the ban on cold calling in implemented, saver need to continue to be cautious, Mr McLean said.

"The ban on cold calling is only going so far, the calls will still be coming in, it is just that it will be against the law to do that," he added.

Where the regulator finds such rogue websites, it will demand they immediately cease using material that TPR owns and will investigate with other agencies whether further action, such as legal proceedings, should be launched.

The regulator is also updating its own portal with more information on these rogue websites.

(1st December 2017)

(Cornwall Live, dated 22nd September 2017 author Graeme Wilkinson)

Full article [Option 1]:

uaware note : Article forwarded via National Trading Standards alert 45

People are being urged not to fall for this latest telephone scam, which is ingeniously simple and preys on our respect for authority and curiosity.

Alarm bells should ring as the scam begins with an improbable recorded-message from a man stating to be from HM Customs and Excise.

The call alerts the householder that the Government agency is poised to take legal action and then invites the listener to press a key to speak to the case manager. And there is the trick - if the householder presses a button, the call connects to a premium line from which the scammers make money.

The call alerts the householder that the Government agency is poised to take legal action and then invites the listener to press a key to speak to the case manager. And there is the trick - if the householder presses a button, the call connects to a premium line from which the scammers make money.

"This is a scam, if you also get this call don't press 1. It can cost you a lot of money. Just hang up. If you have call identify, it comes up as International."

Always remember - If any agency is going to take legal action against you, they will do so by post.

(1st December 2017)

(The Guardian, dated 10th November 2017 author Eleanor Ainge Roy)

Full article [Option 1]:

Thousands of online scammers around the globe are being fooled by artificial intelligence bots posing as New Zealanders and created by the country's internet watchdog to protect it from "phishing" scams.

Chatbots that use distinct New Zealand slang such as "aye" have been deployed by Netsafe in a bid to engage scammers in protracted email exchanges that waste their time, gather intelligence and lure them away from actual victims.

Cyber crime costs New Zealanders around NZ$250m annually. Computer programmers at Netsafe spent more than a year designing the bots as part of their Re:scam initiative, which went live on Wednesday.

Within 24 hours 6,000 scam emails had been sent to the Re:scam email address and there were 1000 active conversations taking place between scammers and chatbots.

So far, the longest exchange between a scammer and a chatbot pretending to be a New Zealander was 20 emails long.

The bots use humour, grammatical errors and local slang to make their "personas" believable, said Netsafe CEO Martin Cocker. As the programme engages in more fake conversations with scammers overseas, its vocabulary, intelligence and personality traits will grow.

Cocker says if the scammers aren't astute or paying attention, the exchanges could go on for a "very very long time".

"We are really concerned about the growth of predatory email phishing, while victims remain essentially powerless," said Cocker.

"Everyone is susceptible to online phishing schemes and no matter how tech savvy you are, scammers are becoming increasingly sophisticated. Re:scam will adapt as the scammers adapt their techniques, collecting data that will help us to keep up and protect more people across New Zealand."

Cocker said Netsafe had designed a bot that was as convincing and long-winded as possible, asking scammers a seemingly never-ending series of benign questions.

"Dear Illuminati, what a wonderful surprise," wrote a Re:scam chatbot responding to a scammer offering $5m.

"I'd love to join your secret club. Do you do a bingo night?"

"There is not bingo night," replied the scammer.

"Please complete attached form with bank details for your recieve full payments of 5 million."

"Terrific!" replied the Re:scam chatbot.

"But to avoid detection I am going to send my bank details through one number at a time. Ready? 4..."

"That is not nessasary," replied the scammer.

"7" said the bot.

Cocker says the bot works particularly well because New Zealand isn't targeted by any home-grown scammers - only those targeting the country from overseas.

"The bot does a pretty good job of impersonating how many New Zealanders would engage with scammers, it is fairly well-developed in terms of its phrasing and language and approach, so it is quite realistic," said Cocker.

Netsafe website :

(The Independent, dated 9th November 2017 author Aatif Sulleyman)

Full article [Option 1]:

An artificially intelligent bot that inundates email scammers with a never-ending stream of questions has been created.

Re:scam is designed to waste the time of the people behind email scams, and annoy them until they give up.

It's been developed by Netsafe, which says it's time regular web users "fought back".

At the time of writing, Re:scam has sent over 16,000 emails to scammers which, according to Netsafe's calculations, have collectively wasted more than 25 days of scammers' time.

"I adopt one of my many personalities to continue the conversations of any would-be victim," the bot, which also describes itself as "super-interested" and "a bit naive", says.

"I waste their time with a never-ending series of questions and anecdotes so that they have less time to pursue real people. Just like you, I mqke typos, and jokes that no one appreciates.

"They won't know when they're scamming, or getting scammed out of their own time. It's bad for business."

According to Netsafe, $12 billion is lost globally each year because of phishing scams.

The organisation is inviting anyone who thinks they've been targeted by a scam email to forward it to Re:scam, which will verify if it is a scam or not.

It will then use its own email address to target any scammers it manages to detect.

"Deleting a scam email protects you, but forwarding to protects others," says Re:scam. "It's also kinda funny."

The chat bot "service", for bogus mail to :


(1st December 2017)

(Mail on Sunday / This is Money, dated 12th November 2017 author Laura Shannon)

Full article [Option 1]:

A new era of banking will be ushered in from January next year - and security experts say it could put people at greater risk of scams and identity theft.

Under new 'open banking' rules, Britain's biggest banks will be forced to share customer data with companies that demand it.

Providers of other 'payment accounts', such as credit cards and some savings accounts, will have to do the same under separate European Union legislation.

This is part of the Second Payment Services Directive, PSD2.

Some banks have already sent letters to customers warning that 'third parties' can access their personal data from January, and that account terms and conditions are being changed to reflect this.

Third parties could include price comparison websites, start-ups specialising in financial technology or rival banks.

Data can only be shared with a customer's explicit consent, which they might give if slick new online companies offer to help them budget and save more effectively.They can be reassured as the data will only be shared with third parties governed by regulator the Financial Conduct Authority.

But as the walls around banking are torn down, customers will need to put their guard up.

Security experts say cyber-criminals will seek fresh opportunities under open banking.

Hackers will turn their attention to smaller firms managing sensitive information and which have less robust security than banks. And new internet scams will surface at a time when data loss, theft and misuse is rife.

Stuart Poole-Robb, chief executive of internet security company KCS Group and a former MI6 intelligence officer, says: 'Because open banking means more data shared, this problem is going to get worse.

'It creates more points of failure. Either the bank is hacked and your data is compromised - or you approve it being passed to a new start-up, which is hacked and your data is compromised.'

Companies will be held accountable if data is lost or misused and banks have to pay refunds if customers dispute a payment. The technology behind open banking - Application Programming Interfaces (APIs) - is considered secure and makes data sharing possible. But no business is immune to hacking or scams.

Poole-Robb says: 'Banks and financial technology firms cannot protect you against something they do not know about.

'It is all very well having firewalls and encryption against known threats, but all organisations are susceptible to social engineering and unwittingly giving attackers footholds.'

If scammers use stolen data to dupe victims into handing over further sensitive information, those people are unlikely to get their money back. Individuals are also responsible for checking a website or app is legitimate. If it is a scam website, they lose protection from regulators. If it is genuine, customers have right to redress.

Customers also retain control over what information is shared, if any. Some might only agree to a third party accessing data as a one-off. Whatever they decide, banks will have to double-check with customers first.

Providers have strong incentives to look after data, beyond protecting their brand reputation, as data protection laws become stricter from May next year.

They could be forced to pay penalties of up to €20 million (£18 million) - or 4 per cent of turnover for any sloppy practices that breach rules.

Online payments will also be subject to more rigorous checks under EU law, but these guidelines will not appear until later next year.



Consumers will need to be vigilant about a new wave of 'phishing' fraud. This is where cyber-crooks use confidence tricks to reel in people's account passwords.

For example, they might imitate a high street bank in an email and suggest there are security concerns with a customer's account.

Victims are persuaded to click on a link and verify their identity by entering account log-in details.

Criminals can use those details to access a person's account and drain it of funds.

Banks will not refund customers who are thought to have been careless with passwords.

Nor will they help if a victim has been tricked into authorising a payment to a fraudster believing it to be the account of a genuine person or business.

New figures show this type of scam has cost more than 19,000 people £100 million in the first six months of 2017 alone. Tony Neate, of GetSafeOnline, a website offering advice and support to consumers, says: 'Security has been looked at seriously with regard to open banking but it is always a concern.

'This is something we are going to have to look out for because there are new opportunities for criminals to apply old tricks.

'Never give away your user name and password.'

Identity theft

Hackers stealing data could also sell it to fraudsters, who use it to steal a customer's identity.

Only a few details - such as name, address and date of birth - need to fall into the wrong hands to create a ripple effect of problems.

Fraudsters use the information to take out loans and credit cards in that person's name.

Victims then see unusual transactions on their accounts, receive bills for goods they did not buy and are refused financial deals such as credit cards and loans despite previously having a good credit rating.

Clearing up a trail of problems caused by identity theft is not an easy task and can cause administrative headaches for years.


A campaign called 'Take Five' encourages the public to be vigilant about scams. It is run by Financial Fraud Action UK - which represents banks and financial companies.

Criminals play on fear and create a sense of urgency in their stories to make victims act without thinking.

Typically, they claim customers' money is at risk and advise quick action is needed to safeguard funds.

The campaign reminds people to always take a step back and think about what is being asked of them. Actions such as clicking on a link, requests to move money to a 'safe account' and demands for personal information should all sound alarm bells.

Find out more at You can also learn more about a wide range of scams at and


Open banking and the Second Payment Services Directive are the twin laws bringing change.

Banks and building societies will have to share data with third parties - if customers give permission.

Consumers might choose to share their current account history if it means saving money or budgeting more effectively. The nine largest current account providers ordered to take part in open banking are: Allied Irish Bank Group, Bank of Ireland, Barclays, Danske, HSBC, Lloyds Banking Group, Nationwide Building Society, RBS and Santander.

Comparison websites like MoneySuperMarket and GoCompare are likely to be the ones asking for access to data, as well as small start-ups specialising in financial technology.

For example Yolt, owned by ING Bank, is a money management app giving customers a view of all their accounts and credit cards in one place. It has just added digital challenger Starling Bank - a mobile-only current account provider - to its list of partners.

HSBC and its subsidiary online bank First Direct are already testing out new apps that give customers a broad view of all accounts - even from rivals.


Customers can see multiple accounts in one place using just one phone app.

Within that same app customers might be able to compare deals across the whole of the market based on their personal history of income and spending.

Customers could then switch products and transfer money while borrowers should quickly find providers prepared to lend to them.

Imran Gulamhuseinwala, of the Open Banking Implementation Entity, in charge of delivering the initiative, says: 'Open Banking has potential to change retail banking forever. We will for the first time put customers in control of their data, privacy and finances.'

Debit and credit cards could also be made redundant in online shopping as part of law changes which let shoppers pay a retailer directly from their bank account.

Tech savvy customers are likely to be winners from the reforms - while the digitally shy face having to adapt or risk being left behind. Losers might also be those excluded from the best deals if the technology assesses them to be an unprofitable bet.


Drastic action is needed to challenge the complacency of banks.

That was the conclusion of a report published last year by regulator the Competition and Markets Authority.

Few current accounts are switched - less than 2 per cent a year. Such apathy means many customers get a poor deal.

Overdraft users could benefit most from easier switching - saving £180 a year each if nudged towards cheaper accounts.


- Do nothing if 'open banking' worries you. David Firth, of credit reference agency Callcredit, says: 'No one can be forced to use open banking. You will need to opt in.' Companies will require permission to access your data.

- Consider switching before the reforms take hold. Comparison website GoCompare's 'midata' tool can already find you a better account based on account history.

- Check out challenger banks such as M&S Bank, Metro, Virgin Money, Tesco Bank and Handelsbanken or new online providers Atom, Starling and Monzo.

- Use the free automatic Current Account Switch Service, which safeguards the process.

- Be scam-aware. Never surrender log-in and password details. Find extra guidance from or

- Report any concerns about data misuse to watchdog the Information Commissioner's Office at

- Make sure companies are regulated by checking the register

(1st December 2017)

(Action Fraud, dated 13th November 2017)

The National Fraud Intelligence Bureau (NFIB) has identified a number of reports where job seekers are being targeted by fraudsters trying to obtain personal and banking details from them, or requesting money to secure accommodation.

Individuals registering with job seeking websites or searching for jobs on The Student Room website are being contacted by bogus recruitment companies/businesses asking them to complete application and interview forms which request personal details and banking details, as well as copies of identity documents.

In some instances the applicant is invited along for interview, either in person or over the phone, to make the process look as legitimate as possible. This is impacting on students and graduates looking for work both in the UK and overseas. Some job seekers, as well as divulging personal details, have paid money to the fraudsters in order to secure a bogus rental property alongside the job offer.

How to protect yourself:

- Check emails and documents from the recruiter for poor spelling and grammar - this is often a sign that fraudsters are at work.

- If visa fees are mentioned, ask the embassy representing the country where you believe you will be working how to obtain a visa and how much it costs. Check that the answers the potential employer or recruiter gave you are the same - if they're not, it may be a sign of fraud.

- Carry out thorough research to confirm that the organisation offering you the job actually exists. If it does exist, contact the organisation directly using contact details obtained through your own research or their website to confirm the job offer is genuine.

What to do if you're a victim:

- If you think your bank details have been compromised or if you believe you have been defrauded contact your bank immediately.

- Stop all communication with the 'agency' but make a note of their details and report it to Action Fraud.

- Warn the operators of the job website you used that their site is being used by fraudsters.

- If you have been affected by this, or any other type of fraud, report it to Action Fraud by visiting or by calling 0300 123 2040.

(1st December 2017)

(Mirror, dated 13th November 2017 author Dave Burke)

Full article [Option 1]:

Scammers claiming to be illegal immigrants with winning lottery tickets have conned elderly victims out of thousands of pounds in an alarming plot.

Criminals have repeatedly preyed on elderly people by convincing them to hand over cash and jewellery after asking for their help, detectives revealed.

Some have lost up to £5,000 after being targeted, and police have appealed for people to be on the lookout for the heartless scam.

The conmen approach their victims pretending to have won huge sums on the National Lottery, but claim they cannot claim their prize because they are not in the UK legally.

The fraudsters ask victims to claim the prize money on their behalf, in exchange for a share of the spoils.

In some cases, an accomplice pretends to be interested, in order to convince the victim that it is genuine.

Victims are persuaded to hand over valuables as 'insurance' - only to learn that the lottery wins are complete fiction.

Officers from Hertfordshire, where at least five cases have been reported, are investigating.

A force spokeswoman told Mirror Online that victims are approached face-to-face.

She said detectives in neighbouring Bedfordshire have been made aware of the trick, but it is not known if it has been attempted elsewhere in the country.

Detective Constable Kirsty Rusbridge said: "This is the first time we have seen this method being used in Hertfordshire and we want to get the message out to people to help prevent them from falling prey to these callous fraudsters.

"It has been reported that the offender often has an accomplice who poses as a member of the public, keen to take up the offer.

"If you are approached in similar circumstances, please don't hand over any cash or belongings and contact police straight away."

"Please also share this advice with neighbours, friends and relatives so we can spread the word as far as possible."

(1st December 2017)

(The Telegraph, dated 8th November 2017 author Katie Morley)

Full article [Option 1]:

Scam victims who fail to take "reasonable care" to protect themselves against criminals will not get their money back under a formal compensation scheme being designed by watchdogs.

From next year, an anti-fraud revolution will see consumers who have been conned into transferring money to fraudsters reimbursed by their bank - but only if they can prove that they did not act recklessly.

Victims who have lost life-changing amounts could be denied a single penny of compensation if they did not conduct "common sense" checks, such as spotting bogus email addresses or account details and names that do not correspond.

The plans are being drawn up by the Payment Systems Regulator (PSR) to curb a growing fraud epidemic in which criminals posing as legitimate organisations are extracting £200million from 40,000 victims every year.

Consumer groups said bank customers who fall for scams should not be blamed and called for banks to take the responsibility.

The fraud usually involves email interception or some form of trickery, whereby the victim unknowingly sends money to a criminal's account, meaning they are often unaware of the scam until it is too late.

Gareth Shaw, the Which? Money Expert, said: "These scams have become so complex and believable that many consumers couldn't be expected to spot them. Banks should consider introducing additional checks - such as delayed payments or third party signatures - with extra focus on protecting vulnerable customers."

James Daley, director at Fairer Finance, a consumer group, said: "The test should be how far did the bank go to stop the scam, not how far did the consumer go.

"It is perfectly possible for banks to install enough checks to fully put an end to this and the test should be how far have they gone - not how far have consumers gone. Losing their life savings is far too high a penalty for customers who have been negligent and this should not happen."

At present, just one in four victims are reimbursed, but this figure is set to rise considerably. The action follows a "super-complaint" by Which? over concerns people were being conned out of huge sums of money with no hope of compensation.

The PSR said it was considering changing the law to allow criminal funds frozen in bank accounts to be used to compensate victims.

The Telegraph has previously called for regulators to act to stop consumers being tricked as we have heard from dozens of consumers swindled by tricksters posing as solicitors, investment professionals, government departments and salesmen.

In one shocking case, a woman lost £130,000 in a sophisticated solicitor scam and reported it to First Direct, her bank, only to be told the fraud team had finished for the night.

Bank transfer fraud - How you can be targeted

Consumers have to be on guard every time they are asked to make a bank transfer as fraudsters grow evermore sophisticated and target their victims in a number of ways.

Conveyancing fraud:

Property buyers and sellers are at risk of losing life-changing sums should they become victims of "conveyancing fraud".

Criminals are able to hack into online systems and intercept emails between clients and solicitors just before completion.

They replace the details of the account where the payment is due with their own so the unsuspecting victims often pay hundreds of thousands of pounds into the fraudster's account. In the numerous cases reported by Telegraph Money this money is never reimbursed.

Rental fraud:

Potential tenants are tricked into transferring an upfront fee by bank transfer to a fake landlord or rental firm ahead of a property viewing. The fraudster then disappears.

Overpayment fraud:

Landlords have also been targeted by fraudsters. One bed and breakfast owner was sent a bank draft by a "customer" which amounted to more than the cost of the room. She transferred the excess £1,400 back to the fraudster. She later discovered the bank draft was fraudulent. Her bank refused to reimburse her.

Online marketplace fraud:

Countless readers have reported paying fake sellers on eBay, Gumtree, Amazon for items that fail to arrive.

Some of the largest losses are related to vehicle purchases where the fraudster asks for an upfront payment by bank transfer and promises to deliver the car on an agreed day. Victims only realise the ruse when the car does not show up and the seller disappears.

Those who buy vehicles on eBay are not eligible for its Money Back Guarantee which applies to most items paid for through the platform using PayPal. Motors should be viewed in person before the money is handed over directly to the seller.

Telegraph Money readers have also reported similar scams on Airbnb, the accommodation booking site. Fraudsters posing as hosts trick users into making bank transfers outside of the site for properties that don't exist.

Airbnb said hosts and guests are protected by making payments through its site.

BANK TRANSFER FRAUD - THE NUMBERS January - June 2017 (Source : UK Finance)

n = Personal (n) = non-personal

Total Cases : 17,064 (2,306)
Total Victims : 16,993 (2,244)
Total Lost : £51.7m (£49.5m)
Total returned to victim : £9.8m (£15.4m)

(1st December 2017)

(International Business Times, dated 6th November 2017 author Jason Murdock)

Full article [Option 1]:

Dozens of social media users have spoken out in frustration after receiving scam messages on WhatsApp and Facebook that claim to offer free £250 vouchers for UK supermarkets.

In every instance, a suspicious link will lead victims to an external website asking for the recipient's personal details. If entered, the information would be sent to the digital fraudsters. To date, it has been spotted posing as retailers including Asda, Tesco and Marks & Spencer.

Based on numerous screenshots posted by those who have received the scam messages, there are a number of variations currently in circulation.

Some are text-based and others are disguised as a customer survey. One asks the victim to share the text with 20 friends to claim the non-existent money.

Experts advise that recipients delete the texts.

"Hello, Asda is giving away £250 free voucher to celebrate 68th anniversary, go here to get it. Enjoy and thanks me later!" one version reads, alongside a link to the phishing website.

UK internet watchdog Action Fraud confirmed Asda was not the only retailer to be used as a lure.

"WhatsApp supermarket voucher scams are back! So far we've seen M&S, Tesco & Asda variations! Don't click the link or forward to friends," it tweeted Monday (6 November).

Meanwhile, social media was buzzing with complaints about the messages.

"Getting lots of scam messages about Asda/Tesco vouchers through different contacts on #whatsapp - just a warning! #ScamAlert" tweeted Leah Smith. "The Asda scam on WhatsApp is doing my head in ... please stop," vented another Twitter user called Samantha Cutts.

Responding to one direct complaint on Twitter, the Asda service team wrote: "Unfortunately this was not sent by ourselves and I would advise you to ignore and delete this message."

It's not the first time Action Fraud has spotted such a scam. In October last year a similar scheme was in circulation, posing as WhatsApp links to voucher deals for Sainsbury's and Topshop.

"Once you click on the malicious link fraudsters also collect personal information from your device by installing cookies on your phone that track you, or add browser extensions that can be used to show you advertisements," it wrote in a blog post at the time.

To report a fraud and cybercrime and receive a police crime reference number, call Action Fraud on 0300 123 2040 or use its online fraud reporting tool.

(1st December 2017)


(Metro, dated 28th October 2017 author Tanveer Mann)

Full article [Option 1]:

If you receive an email that looks like it's a speeding ticket from police, do not open it.

It's a scam and could cause you to lose a lot of money.

The bogus email is circulating to motorists in an attempt to extort money from them by claiming they were caught speeding.

The letter, titled Notice of Intended Prosecution and featuring a logo, reads: 'In accordance with Section One of the Road Traffic Offenders Act 1988 we hereby inform you that it is intended to take proceedings against the driver of motor vehicle.

Greater Manchester Police has now warned people to be aware of the speeding scam and urged people not to open the email as it is clearly a fake email.

Police in Bedfordshire, Hertfordshire and Cambridgeshire have also advised motorists to be alert to the scam and how to spot the signs.

A spokesman for Hertfordshire Constabulary said: 'A legitimate Notice of Intended Prosecution would never display the GOV.UK logo.

'The Road Traffic Act 1988 states that the notice must be served 14 days after the alleged offence in the form of a physical letter sent via first class post.

A NIP sent from Bedfordshire Police, Cambridgeshire Constabulary or Hertfordshire Constabulary would always display the CTC unit's logo and contact details.'

(1st November 2017)

(BBC News, dated 27th October)

Full article [Option 1]:

A third of charity fraud cases in England and Wales are suspected to involve staff, trustees or volunteers, the charity watchdog has claimed.

The Charity Commission report said organisations should stay alert to "insider fraud", and make sure that "mutual trust" is not abused.

The commission said crimes committed could be opportunistic or due to a lack of charity oversight.

The organisation also issued an appeal on insider fraud incidents.

The statistics relate to instances of fraud between April 2015 and March 2016.

Director of investigations Michelle Russell said charities were trusting as they were "committed to making a difference in society".

But she added: "Unfortunately, for a range of reasons, that mutual trust can be abused. The reality is insider fraud does happen in charities.

"Ultimately, whether it happens in a small charity with no employees or a multi-million pound household name, fraud diverts money away from those the charity is helping and who need it."

The warning to charitable organisations comes as the boss of a defunct Welsh charity was jailed for five years for embezzling £1.3m to fund his lavish lifestyle.

Robert Davies, 50, who worked for Swansea-based Cyrenians Cymru admitted fraud by abuse of position and was sentenced at Cardiff Crown Court in July.

He spent £100,000 on boats, £26,000 on airfares and £80,000 staying at The Savoy Hotel in London.

The charity, which tackled homelessness in Swansea, south west Wales, collapsed in 2015.

Mr Davies's offences were committed between 2008 and 2014.

The Charity Commission has urged donors to be vigilant and watch out for sudden lifestyle changes in its volunteers and staff.

It added that strange behaviour or unexplained cash withdrawals could be a sign of insider fraud.

Ms Russell added: "Our aim is to help charities increase their own resilience to this kind of abuse and protect donors' valued funds as well as protect public trust and confidence in charities."

(1st November 2017)

(Fraud Advisory Panel notification, dated 26th October 2017)

Charities do vital work. They need our donations. But charities and their supporters are also targets for criminals. Fraudsters eagerly exploit our trust and compassion to steal donations and undermine the important work that charities do.

As part of National Charity Fraud Awareness Week the Fraud Advisory Panel has joined forces with police, regulators and other stakeholders to issue simple fraud prevention advice for anyone wanting to donate on the doorstep, on the street or online, helping donors make sure their money really does reach those who need it.

David Kirk, Chairman of the Fraud Advisory Panel said: "The vast majority of fundraising activities are legitimate but fraudsters are expert at hijacking our kindness and diverting our charitable donations into their pockets. Cruelly, they are especially active during a crisis or tragedy. But making sure our donations really do reach the causes we care about is easier than most people realise. For example:

- Ignore unsolicited emails, texts or social media messages/posts from charities you've never heard of or have no association with.

- Protect your personal information - never reveal passwords or PINs.

- Watch out for tell-tale signs like spelling or grammar mistakes in the literature, photocopied IDs and unsealed collection buckets.

- Don't feel under pressure - take your time to make a considered, informed decision."

The Fraud Advisory Panel, Get Safe Online and GoFundMe have also simultaneously released five tips for donating safely through crowdfunding sites.

Kirk explains that it is vital we don't simply stop giving: "Charities need our support more than ever in these difficult times. But we can all keep donating and make life a lot harder for the charity fraudster by taking the straightforward precautions listed in this new guide."

Fraud advisory panel website :

(1st November 2017)

(The Telegraph, dated 23rd October 2017 author Katie Morley)

Full article [Option 1]:

Young people are losing three times as much money to online scams as their parents' generation because they are more easily tricked by "family and friends" fraud, a study has found.

A survey of fraud victims by Get Safe Online found under 25s typically lose £613 per scam, compared to over 55s who hand over £214 on average.

This is because they are more likely to fall for so-called "phishing" scams where criminals hack into people's social media accounts and purport to be them to persuade their friends and family to transfer them money.

Scammers lure in victims by tricking them into believing that their loved ones are in dire financial trouble, or that they are seriously ill abroad and need money for treatment.

More than one in ten 18-24 year olds have fallen victim to phishing scams, compared to just one in 20 55+ year olds, according to Get Safe Online.

Older victims were more likely to fall for scams in which criminals pretend to be household name companies, it found.

Overall, half of all Brits have been targeted, with eight per cent of the UK population falling victim to the cybercriminals, but Millennials are now more likely than pensioners to be targeted by fraudsters for the first time.

In August analysis of millions of credit files by credit checking firm, Experian, found people in their mid to late 20s had overtaken over 60s as the most likely age group to fall victim to fraud.

It comes after many years of elderly people being the biggest target. Tony Neate, CEO of Get Safe Online; "Younger people have grown up with smart phones and tablets as well as social media which means they are always online in some way or another.

Naturally, that means there are much more opportunities for scammers to target them.

"Secondly, young people are so comfortable with technology and using new devices or platforms. On the one hand this is great, the UK needs a digitally savvy population but on the other hand, it can make younger people more complacent to risk - they just don't believe that they could be caught out by a cyber crime. The assumption is that it's only older people are the only victims of online scams.

"Lastly, there is also an outdated idea that a scam email isn't targeted or sophisticated. For example, the ones that come from rich kings who have been forced into hiding and want to use our bank accounts to hide their millions in, with a handsome fee offered as a thank you. Although these types of emails are still doing the rounds, cyber criminals have become way more sophisticated in their approach."

(1st November 2017)

(The Telegraph, dated 18th October 2017 author Sophie Christie)

Full article [Option 1]:

Note : The orignal article contains photographic examples of scams emails and nine email addresses to avoid.

HM Revenue & Customs has published example images of fake emails and text messages on its website in the hope that it will show people how convincing bogus messages can be.

While various fraud prevention bodies have published a plethora of images of fake messages claiming to be from the taxman, it is thought to the first time HMRC has published its own illustrations.

As well as showing some of the fake tax rebate messages people have reported receiving, HMRC publicised a number of convincing email addresses commonly used to distribute scam emails, including and

HMRC said: "We'll never send notifications of a tax rebate or refund by email, or ask you to disclose personal or payment information by email. Don't visit the website within the email or disclose any personal or payment information."

'Phishing' emails

This is an example of an HMRC related "phishing" email scam and associated phishing website designed to trick people into handing over their card details or other financial information.

Phishing refers to emails sent out that contain either links or attachments that take you to a website that looks like your bank's, or installs malware on your computer system. A report by Verizon into data breach investigations has shown that nearly one in four (23pc) people open phishing emails.

HMRC said it has also been alerted to a phishing campaign advising customers they need to "download a PDF attachment" in order to receive a tax refund. This attachment contains a link to a phishing site requesting personal or financial information, and recipients should neither respond to the email or download the attachment.

Text messages

While the taxman may occasionally issue text messages, it will never request personal or financial information.

"If you receive a text message claiming to be from HMRC offering a 'tax refund' in exchange for personal or financial details you should not respond, and don't open any links contained within the message," it said.

Social media scams

Scams are no longer confined to text messages and emails, with social media platforms an increasingly popular way for criminals trying to fool people into handing over valuable information.

On Twitter, for example, crooks have been known to send direct messages to unsuspecting users offering a tax refund, even though HMRC would never offer a tax rebate or request information via a social media channel.

Export clearance process emails

Emails which claim that goods have been withheld by customs and require a payment before release are known as "419 scams".

They typically ask recipients to provide their personal and financial information, or to make an upfront payment, in exchange for fictitious items, including prize money, seized goods or packages, and inheritance payments.

In addition to scam emails, texts and social media messages, HMRC warned of bogus callers that leave recorded messages claiming to be from HMRC.

These callers may encourage victims to provide bank account or personal information in exchange for "tax advice" or a pretend refund, or they may say that HMRC is filing a lawsuit against them and that they must make immediate payment or police will be sent to their home.

Elderly and vulnerable people are most likely to be victims of this specific scam, HMRC said.

(1st November 2017)

(Action Fraud, originally June 2017)

- Fraudsters are contacting the elderly and vulnerable claiming to be from HM Revenue & Customs.

- Victims are being told they have arrest warrants, outstanding debts or unpaid taxes in their name.

- The fraudsters are asking victims to purchase iTunes gift cards as payment.

- There are a variety of methods being used including calls, texts and voicemails.

Action Fraud is warning people once again of scammers contacting victims claiming to be from HM Revenue & Customs (HMRC) that trick people into paying bogus debts and taxes using iTunes gift cards.

Victims are being contacted in a variety of methods by fraudsters claiming to be from HMRC and are being told they owe an outstanding debt. In most cases they ask for payment in iTunes gift card voucher codes.
Fraudsters like iTunes gift cards to collect money from victims because they can be easily redeemed and easily sold on. The scammers don't need the physical card to redeem the value and instead get victims to read out the serial code on the back over the phone.

Methods fraudsters use:

- Spoofed calls: Fraudsters cold call victims using a spoofed number and convince them that they owe unpaid tax to HMRC.

- Voicemails: Fraudsters leave victims automated voicemails saying that they owe HMRC unpaid taxes. When victims call back on the number provided, they are told that there is a warrant out in their name and if they don't pay, the police will arrest them

- Text messages: They may also use text messages that ask victims to urgently call back on the number provided. When victims call back, they are told that there is a case being built against them for an outstanding debt and they must pay immediately.

One 87 year old victim recently told the BBC he was phoned by fraudsters who claimed to be from HMRC stating there was an arrest warrant out in his name. They told him it would be cancelled if he bought £500 in iTunes gift cards at Tesco.

The man bought the cards and gave them the serial numbers. But when they asked for a further £1,300 in vouchers, he became suspicious and hung up.

How to protect yourself:

- HMRC will never use texts to tell you about a tax rebate or penalty or ever ask for payment in this way.

- Telephone numbers and text messages can easily be spoofed. You should never trust the number you see on your telephones display.

- If you receive a suspicious cold call, end it immediately.

(1st November 2017)

(The Guardian, dated 21st October 2017 author Miles Brignall)

Full article [Option 1]:

It is the worst case of email intercept fraud that Money has ever featured. An Essex couple have lost £120,000 after sending the money to what they thought was their solicitor's bank account, but which instead went to an account in Kent that was systematically emptied of £20,000 in cash every day for the next six days.

Peter and Alice Scott (not their real names), who live near Chelmsford, say they are "simply staggered" at the lack of response by the banks and the police after they unwittingly became the latest victims of email hacking fraudsters who have been targeting solicitors across the UK.

The couple's story will serve as a warning to anyone about to send a large sum of money to a solicitor. It also exposes systemic flaws in the banking system that make it easy for fraudsters to operate unchecked and banks' indifference to customers who have lost life-changing sums of money.

The extraordinary story started in late August when Peter telephoned his family's long-used firm of solicitors, Steed & Steed, based in Braintree, Essex. He rang because he was due to pay his grandmother's inheritance tax bill to HM Revenue & Customs and needed the law firm's bank details. Later that morning, an email duly arrived with the firm's account and sort code detailed in a Word file attachment. This was the first contact he had had with anyone at the law firm, he says.

Three days later, Peter went to the Braintree branch of Lloyds bank where he instructed staff to make a Chaps electronic payment for £120,000 to Steed & Steed, handing over the account details he had been sent in the email and his debit card. Eight hours later he received a text message from Lloyds to say the funds had been transferred to the receiving account.

"When I got home I emailed Steed & Steed to confirm I had made the payment and later received a reply from it confirming the funds had been received. A week later my wife asked me why we had not yet received a receipt from the solicitor so I called the firm and, to my shock, I was told it had not received the funds. At first I thought it was an error and went straight to the Lloyds branch," he says.

Within a few hours the true horror of what had happened emerged. The email from Steed & Steed had been hacked and what Peter had been sent was the fraudster's account details, to which he had sent the £120,000.

Through his contacts he was able to establish that the account the money had been sent to was a NatWest business account in the name of Graceak Ltd. He was also able to establish that all of his £120,000 had gone from that account, as £20,000 had been withdrawn over six days. The company has since been dissolved, according to Companies House.

"The Lloyds bank manager called the fraud team and later apologised for what had happened," Peter says. "I felt it was a bit of an 'Oh well, I'm really sorry, but there's nothing we can do'. He advised me to call Action Fraud and the police. I left the branch feeling physically sick."

Since then he says he has been staggered at the lack of interest in the theft of what is a considerable amount of money.

"We feel let down by everyone involved. We have heard nothing from the police or Action Fraud even though we have the name and address of the woman who ran the company account to which my money was paid. Action Fraud told me there was no guarantee that the police would even look at my case, and if they did it may take up to eight weeks to start their investigation. I could not believe my ears."

Peter says Lloyds, which took eight hours to make the payment, did not carry out any checks to ensure the name of the firm to which the payment was to be made matched the account numbers, even though staff would have been aware that fraud in this area is rife. Lloyds did not appear to notice that it was paying Steed & Steed £120,000 in a NatWest account in Kent. He says he has since learned that the Steed & Steed account was held at that very branch in Braintree. The bank has declined all liability and told the couple they must to go to the Financial Ombudsman Service (FOS). They have been forced to borrow the £120,000 to make the original HMRC payment.

When staff at FOS look at this case, which could take months, they are likely to examine Lloyds' liability to the couple. UK Payments, the body that oversees banking payments, pointed us to the regulations that govern this area. These state that a bank has to "have made clear to their customer how a Chaps payment will be processed" and that the bank "will make a payment solely on the basis of a unique identifier and will not execute it on the basis of the intended recipient's name".

Meanwhile, the security or otherwise of Steed & Steed's email system is also likely to be investigated. In December 2016, regulatory body the Solicitors Regulation Authority warned that email hacks of conveyancing transactions had become the most common cybercrime in the legal sector. Firms are duty bound to inform the SRA if a client's money is lost in this way.

Steed & Steed declined to tell Money what steps it had in place to prevent email fraud. It said it would be "inappropriate for us to provide any comment due to reasons of confidentiality and the fact that this matter is under police investigation".

Lloyds similarly said it would not be commenting while the FOS investigation is ongoing.

NatWest said it had tried to help recover the couple's funds but that none had remained when Lloyds advised it of this case.

Richard Emery, an independent bank security expert who has helped previous victims featured in Money, has offered to look at the case. Money will be passing on his details to the Scotts.

Banking flaw that puts consumers at risk

The Scotts' story is a timely reminder to never trust an email containing bank or other payment request details and to always phone the person you want to pay to check the information before you send a significant sum.

In recent years Money has featured many cases of email interception fraud and the sums lost have been eye-watering. In January, Howard Mollett lost £67,000 after hackers gained access to his solicitor's email account. As a result, he sent his house purchase deposit to an account used by fraudsters. Last year, a north London couple lost £25,000 after conmen intercepted emails between them and their builder. They thought they had sent him a deposit allowing him to buy materials. Instead, the money was lost.

In each case the fraudsters exploited a little-known but significant flaw in the banking system - the name on a bank account does not have to match an online or Chaps payment request.

A person can put Mickey Mouse in a transfer mandate and the money will be paid to the account with that sort code and account number, irrespective of whether the name matches or not. Campaigners have described this flaw as a "fraudster's dream". Despite the fact that bank fraud is out of control, the Financial Conduct Authority, which oversees banks, has shown little interest in forcing them to match payment requests to account names. Experts say such a move would halt most of these frauds overnight.

Over a year ago, the consumer body Which? lodged a "supercomplaint" with financial regulators demanding banks do more to protect customers tricked into transferring money. So far no concrete measurers have emerged and consumers' losses grow every week.

(1st November 2017)

(Action Fraud, dated 21st October 2017)

The National Fraud Intelligence Bureau (NFIB) and Action Fraud have recently noticed that Fraudsters have been setting up fake adverts on social media (including Facebook, Instagram and WhatsApp) and job browsing websites to dupe people into believing they are recruiting for prospective models.
Once victims show interest in the job, the fraudsters contact potential victims on the false promise of a modelling career and subsequently advise the victims to come in for a test shoot.

The fraud can then potentially be carried out in two ways;
Firstly, the fraudsters can pressurise the victims in sending an upfront fee to book a slot for the test shoot. Once they have received the upfront fee, the victim will never hear from the fraudsters again.

The second possible method is that the fraudsters will take the advance fee that the victim sends for a photo shoot and arrange a photo shoot with the victim. After the photo shoot, the fraudsters will contact the victim after a few days and convince them that their shoot was successful and offer them a job as a model. The victim will then be asked to sign a contract and pay another upfront fee, usually to secure the modelling contract.

Fraudsters are also creating fake adverts for supposed modelling opportunities for children which do not exist. Fraudsters will inform parents or guardians that a potential career in modelling awaits their child. This tactic convinces the parent or guardian to sign up their child and send an advance fee.

The suspects will also convince the victim that in order to become a model, they will need to have a portfolio. The fraudsters will recommend a number of packages and stress that if a package is not paid for in advance, the process of becoming a model cannot continue.

Over a two year period (September 2015 - August 2017), an average of 28 reports of advance fee modelling frauds have been received per month by the NFIB. In August 2017, 49 Action Fraud reports of this fraud type were received and may continue to rise. The total loss in August 2017 alone was over £71,000.

Tips for staying safe:

- Carry out your own research prior to paying any type of advance or upfront fee.

- Be wary if you are asked to pay for a portfolio, as many legitimate agencies will cover that cost.

- Don't give your bank account details or sensitive information to anyone without carrying out your own research on the relevant agency.

- If you have been affected by this, or any other type of fraud, report it to Action Fraud by visiting or by calling 0300 123 2040.

(1st November 2017)

(Which, dated 21st October 2017 author Faye Lipson)

Full article [Option 1]:

Fraudsters are able to send 'spoofed' bank texts with incredible ease, a Which? Money investigation has found - with many landing in previously legitimate message threads due to a quirk of smartphone technology.

Text spoofing scams - where fraudulent messages bear the name of a bank or other genuine business - are increasingly prominent. A spate of high-profile cases in recent years has seen bank customers tricked out of £1,000s.

The texts are particularly effective at duping customers because of the way smartphones group messages which claim to come from the same source.

So if you already have genuine texts from Barclays on your phone, and a fraudster sends a message using the short name 'Barclays,' your phone will include it under the legitimate ones, making it harder to spot the deception.

Victims of such scams are often devastated to learn they won't get their money back, as by providing their online banking information to the impostor, they are said to have authorised the payment. In May this year, Action Fraud warned about the latest round of text message scams duping people with credit cards.

We set out to infiltrate a message thread and prove how easy it is for fraudsters to abuse the technology.

Impersonating banks

Banks and credit card firms sometimes text you to let you know about new products or offers, or to check whether you've carried out a particular transaction.

To make sure these texts come from a company name rather than a number, organisations use text 'gateways', which allow them to send thousands or even millions of messages at a time using a computer, for less than a penny a text.

Most texts sent this way are legitimate, and the providers of those services do attempt to check use is lawful. Unfortunately, fraudsters are making good use of this technology, too.

How we managed to scam by text message

We teamed up with ethical hacker and Trading Standards 'scambassador' Scott McGready. Mr McGready has set up his own spoofing gateway, which he uses to educate the public about the risk of scams.

We wrote a message mimicking a typical fraudulent text: it claimed to be from a major bank, building society or card firm, stated that the recipient's account had been suspended and asked them to click on a link to unlock it.

The link we included was benign and led to a blank webpage - but in a real scam it could contain software that harms your phone, or lead you to a convincing mock-up of your bank's online login page, which tricks you into giving away your details.

The texts were sent in the names of more than a dozen financial firms and all of them arrived on our test phones, with some appearing in existing threads.

Independently of our work with an ethical hacker, we were also able to send a fraudulent text with the short name of a high street bank by using a number-spoofing website, which advertises itself as being a way to prank your friends. This also arrived in a legitimate message thread.

Many of these sites are freely available on the web.

Thousands lost from 'spoofed' bank messages

The true scale of the problem isn't known as none of the bodies involved in preventing this type of crime collect data specifically on text spoofing.

However, the Financial Ombudsman Service (FOS) has heard several complaints related to this in recent months, including the case of 'Mrs P,' who 'received a text message asking whether certain payments from her account were genuine. The text had been 'spoofed' to show it as coming from Santander.

'She called the number [contained within the text] as she did not recognise the payments given.' Mrs P was then duped into telling the fraudsters her passcode, which they used to access her accounts and transfer £18,000 to another bank.

Sadly for Mrs P, the FOS ruled that Santander need not refund her as it hadn't been responsible for the fraud.

The story closely mirrors that of one Which? member, who we have chosen not to name to protect her privacy. Earlier this year, she too received a text purporting to be a security check from her bank.

She rang the number within the message and was tricked into generating and handing over a one-time passcode which allowed fraudsters to ransack her account. In total £20,000 was taken and her request for the bank to refund it is now being considered by the FOS.

Can spoofing be stopped?

In February 2016 a new taskforce was announced to tackle fraud, encompassing the government, the police, and the legal and banking sectors. One of its main aims is tackling 'systematic vulnerabilities' and 'weak links' in processes, which fraudsters can exploit.

Eighteen months on, Which? wants to know what action it will urgently take to safeguard consumers from scams.

As it stands, banks say they can't prevent scammers using technology to impersonate them, as they don't control the gateways through which spoofed texts are sent - while Mobile UK (which represents mobile networks) says it's 'not possible to distinguish spoofed from genuine texts ex ante [before they're delivered].'

However, Scott McGready believes he's devised a possible solution, which verifies banking texts at the receiving end and would 'mark genuine messages as such and, more importantly in my opinion, mark spoof and fake messages as illegitimate - or just not display them at all.'

Whether this solution, or something like it, will eventually be adopted by the financial services industry, remains to be seen.

How to protect yourself from text message scams

- Never assume a text from a company is genuine. Even if it's in a previously legitimate thread, it could still be a scam.

- Don't click on any links or call any numbers contained within a text message - look up the organisation's details independently and contact it to verify the message.

- A genuine bank will never contact you asking for your Pin, full password, or to move money to a safe account.

- Avoid giving out your number on publicly available websites or social media profiles.

- Don't respond to or text 'STOP' to a message if you're not sure it's genuine; if it's a scam, doing so could confirm to the fraudster(s) that your line is 'live'.

- Spam and suspicious texts can be reported to your network by forwarding them to 7726 and to the regulator by filling in a form at

If you're conned out of money or tricked into giving away your personal details, contact your bank immediately and report it to Action Fraud at

- If you're scammed, you may not get your money back - the rules on this are complex.

Visit for more, and help us to force action on scams at You can also share your thoughts on whether the fight against fraud is happening fast enough.

(1st November 2017)

(London Evening Standard, dated 18th October 2017 author Chris Baynes)

Full article [Option 1]:

A conman posing as defence secretary Michael Fallon tried to dupe Sir Richard Branson out of $5 million (£3.8m) by faking a kidnapping, the Virgin boss has revealed.

The businessman said he spoke to a man who "sounded exactly like Sir Michael" who claimed a British diplomat was being held hostage by terrorists.

Writing on his blog, Sir Richard said his assistant received a message on what appeared to be official notepaper with a request to call the defence secretary.

The 67-year-old said: "He told me that British laws prevented the Government from paying out ransoms, which he normally completely concurred with. But he said on this occasion there was a particular, very sensitive, reason why they had to get this diplomat back.

"So they were extremely confidentially asking a syndicate of British businesspersons to step in.

"I was asked to contribute 5 million dollars of the ransom money, which he assured me the British Government would find a way of paying back."

Sir Richard said he was "sympathetic" to the request, but wanted to carry out checks.

After he rang Downing Street and asked to be put through to Sir Michael's office, he realised the truth.

He wrote: "His secretary assured me that Sir Michael hadn't spoken to me and that nobody had been kidnapped. It was clearly a scam. I told them what had happened and we passed the matter over to the police."

The tycoon also wrote of a similar incident where a fraudster impersonated him and was able to con $2 million (£1.5m) of money destined to help victims of Hurricane Irma in the British Virgin Islands.

He wrote: "They told me that they had received an email from somebody claiming they were my assistant, to arrange a call with me.

"When the call happened the conman did an extremely accurate impression of me and spun a big lie about urgently needing a loan while I was trying to mobilise aid in the BVI.

"They claimed I couldn't get hold of my bank in the UK because I didn't have any communications going to Europe and I'd only just managed to make a satellite call to the businessman in America. The business person, incredibly graciously, gave 2 million, which promptly disappeared."

He added: "People used to raid banks and trains for smaller amounts - it's frightening to think how easy it is becoming to pull off these crimes for larger amounts."

(1st November 2017)

(Wales Online, dated 20th October 2017 author Caitlin O'Sullivan)

Full article [Option 1]:

'Frighteningly convincing' scammers have been phoning Carmarthen businesses, pretending to be bailiffs.

Emma Lewis, of Emma Phillips Bridal Studio, was almost scammed for nearly £3,000 when the false bailiffs rang her business threatening court action.

She took to Facebook to try and warn others about the convincing scammers, in a post that has been shared over 320 times.

She posted: "He phoned to say there was a claim against us going back to 2014, and we owed nearly £3k to 'The Business Directory'.

"He said he was in Worcester Court and that if we didn't pay the money, High Court bailiffs would be at the shop within 72 hours.

"However if we paid into this "account" everything would be 'on hold' for a while."

She was in New York at the time with her husband Eurig, and after almost half an hour on the phone she was about to transfer the money when the fraudster began to slip up.

Emma said: "A few things didn't add up. He said we'd been emailed, and we hadn't, and he called me Emma Phillips and my name is Lewis.

"Eurig rang the court direct while I was on the phone; no sign of the claim against us, the reference he gave didn't match anything."

Other Carmarthen businesses have also been phoned by these scammers, including Bethaney's Hair Salon, which commented on the post: "We had a similar call from people a few months ago, just claiming to be HMRC for a fake debt of over £4k!

"They said bailiffs would be at our door within an hour if I didn't pay it.

"Luckily, the Police and HMRC were both phoned while I was talking to the guy on the other phone and it had turned out they'd done it to another salon in Llanelli the week before!"

Emma Phillips appealed for caution: "Please, please be careful. If it wasn't for Eurig checking, I'd have paid the money!"

In reality bailiffs do not operate in this way, as county court judgments can only be enforced by either the county court bailiffs, or a certificated enforcement agent working on behalf of a high court enforcement officer.

Certificated enforcement agents never ring up first. They send out an official notice called a notice of enforcement, usually by first class post. At this point they are allowed to charge £90.

They can only charge further fees by attending, so it is in their interest to attend, or they do not make much money.

A spokeswoman for Dyfed-Powys Police offered some advice: "This is a classic example of Vishing, or Voice Fishing.

"Voice phishing is the criminal practice of using social engineering over the telephone system to gain access to private personal and financial information from the public for the purpose of financial reward.

"Remember - transferring money directly to another person's account is similar to handing money over to someone on the street, banks can offer little protection if you authorise a transaction.

"Always treat calls that come out of the blue as suspicious, especially if the caller's request will involve you making a payment.

"If you are unsure of who you're talking to, take their name, hang up and call them back, but not on the number they provide.

"Call the office they state they have come from on a publicly available number, such as a switchboard, and ask to be put through. That way, you know who you are talking to.

"Never pay money on a card or by bank transfer without first getting paperwork.

"Ask yourself; 'Why are they ringing you when the bailiff is only 20 minutes away?' The attendance is how they make their money.

"If someone does turn up, then check their identification, and call the Police to verify it if necessary."

The scammers may give a warrant number and claim not to have a case number.

The warrant number can only be checked on the court's own system, and is not generally used.

County executive board member for public protection, Councillor Philip Hughes, said: "If people are unaware of any court hearings or pending court actions then any person purporting to represent the court whilst requesting money should be viewed with suspicion.

"The court service and any legitimate bailiff will make several attempts to contact you prior to any hearing or award.

"We would urge people to conduct their own checks. Phone the organisation up, but remember not to use the telephone number supplied by these individuals either verbally or on paper.

"An internet search should reveal their official website and contact details or they can contact the authority.

(1st November 2017)

(The Telegraph, dated 19th October 2017 author Telegraph Reporters)

Full article [Option 1]:

A new 555 emergency hotline may be set up for bank fraud victims under plans to tackle the growing number of crimes.

The emergency number specifically for bank fraud has been suggested in order to crack down on rising scams and alert banks to illegal money transfers.

The idea is reportedly being discussed by ministers, police and financial officials. Current advice states that victims should contact Action Fraud rather than 999 as police rarely investigate individual instances of bank fraud.

More than 900,000 cases of fraud were recorded in the first half of 2017 alone, equating to more than 5,000 a day.

The idea for a hotline was put forward at a meeting of the Joint Fraud Taskforce in September attended by Home Secretary Amber Rudd and senior staff from a number of UK banks.

Minutes published by the Home Office reveal that Brian Dilley, of Lloyds Banking Group, told the meeting about an "early stage idea" of having a single number - such as 555 - for the reporting of scams and fraud.

Currently victims of fraud are advised to call Action Fraud on 0300 123 2040. Details about how any hotline would operate are not clear as the suggestion is in its infancy.

The minutes say: "Brian Dilley (BD)... commented on the issue of communicating to customers who have been told not to trust unsolicited contact from their bank.

"BD outlined an early stage idea... for a central reporting telephone number e.g. 555 that victims of fraud/scams could contact.

"At its simplest the number could be a triaging facility directing victims to the appropriate agency and at its most ambitious it could sit in front of enhanced data sharing/analytics which would take in all reporting and provide standardised reporting and a collective intelligence picture across fraud and money laundering."

James Freedman, fraud ambassador for City of London Police, told the Daily Mail: "The problem is that people may liken the number to 999 and expect an emergency response. In reality fraud can take time to investigate.

"However, it is vital to encourage more people to report scams, even in instances where they have got their money back or not fallen for them at all, as this is the only way the body of information available to the police will grow."

A Home Office spokeswoman said: "Through the Joint Task Force we are in discussions with banks and UK Finance over a number of initiatives to enable the public to better protect themselves more effectively from fraud."

Cyber crime - most common UK online offences (Source : Office for National Statistics)

These are the ten most common cyber-crimes in the UK, with number of cases reported in the year to June 2016

1. Bank account fraud - 2,356,000

Criminals trick their way to get account details. For example: "Phishing" emails contain links or attachments that either take you to a website that looks like your bank's, or install malware on your system. A 2015 report by Verizon into data breach investigations has shown that 23pc of people open phishing emails.

2. Non-investment fraud - 1,028,000

AKA Ponzi schemes. Examples include penny stocks, pension liberation, and investment in commodities, such as wine or art, that later prove worthless

3. Computer virus - 1,340,000

Unauthorised software damages or takes control of your machine. For example: "Ransomware" encrypts your files and pictures then demands a payment to restore your access to it

4. Hacking - 681,000

Criminals exploit security weaknesses to illegally access other machines or networks. They steal sensitive data or subvert machines for their own purposes, such as sending spam or launching other cyber attacks

5. Advance fee fraud - 117,000

The victim is promised access to a great deal of money in return for a smaller upfront payment. For example, the classic "Nigerian Prince" email scam

6. Other fraud - 116,000

One example is "solicitor scams", where a solicitor's website is hacked, then clients asked to divert large payments into the criminals' bank accounts.

7. Harassment and stalking - 18,826

Threats, abuse and online bullying - what's commonly been termed "trolling" on social media

8. Obscene publications - 6,292

Pornography that meets the definition of the Obscene Publications Act, thus generally involving some form of physical abuse

9. Child sexual offences - 4,184

Assault, grooming, indecent communication, coercing a child to witness a sex act. These crimes may be being under-reported

10. Blackmail - 2,028

This includes threats to publish intimate photographs online

(1st November 2017)

(The Telegraph, dated 7th October 2017 author Sam Meadows)

Full article [Option 1]:

Property buyers who sought to sidestep stamp duty - in some cases by using apparently legitimate schemes - now face having to pay the original duty and in certain instances fines and costs on top.

The marketing of so-called "avoidance schemes" surged in the wake of successive stamp duty increases, particularly after the 3 percentage point surcharge that has applied to second property purchases from April 2016.

Many schemes sought to establish their legitimacy by quoting opinions of lawyers - but in many cases the processes had not been tested in court. Other schemes were plainly fraudulent and destined to fail.

But the backdrop of stamp duty bills running into tens of thousands of pounds, and widespread confusion around the surcharge rules, meant these schemes were tempting to many.

Telegraph Money first warned in July 2016 of the dubious legal basis regarding these manoeuvres, some of which promised to cut the duty by up to 100pc - for a fee.

Now a number of cases are coming through where HM Revenue & Customs has caught up with property buyers and is demanding payment - and in some instances is adding 100pc to the bill as a penalty.
'We should have paid £37,000 - we'll end up paying £91,000'

One Telegraph Money reader, a hospital doctor, bought a house in Cambridgeshire in 2014. Self-professedly "ignorant" about how stamp duty worked, in the course of researching the transaction she came across a company named CDP Corporate, which was promoting a tantalising avoidance scheme.

The stamp duty bill on the property, costing around £1m, should have been £37,000. The use of the scheme would cut this to just £5,000 and save £32,000, she was promised.

The deal went through using a conveyancer recommended by CDP Corporate. She paid £16,000 in fees for using the scheme. In all, once the purchase went through, the buyer believed she had saved £16,000.

Yet six months after the transaction she received a letter from HMRC saying it was investigating the legality of the scheme. She heard nothing more - until last month.

Out of the blue HMRC sent her a bill for £75,000. This was made up of the original duty plus a raft of penalties. She and her husband attempted to contact CDP Corporate but found it had been dissolved.

But the husband told Telegraph Money: "My wife is a doctor. She doesn't have the time to think about these things, so it has come as a massive shock. Her mistake was not taking a second opinion, but she thought she was dealing with trustworthy professionals, and just did what they asked."

He added: "For people with no financial training or experience this is a serious trap."

When Telegraph Money approached him this week he said he believed the scheme had been designed by a solicitor based on the advice of a QC. But he admitted that the "advice" was later discovered to be a forgery.

He said the solicitor in question had fabricated the opinion of a prominent barrister, and that CDP Corporate - which he presented as merely marketing the scheme for a fee - was forced out of business as a result. He said that he had no knowledge of the forgery while recommending the scheme to people.

Mr Connolly is currently a director of a separate company named CDP Tax & Wealth, trading under the name Fiducia Wealth & Tax. Its website claims to be able to save a buyer of a £1m second home £43,328 in stamp duty. Mr Connolly insisted the strategies deployed by Fiducia Wealth & Tax were entirely legal. He said: "Touch wood, our barristers and accountants are as good as it gets."

Inventive Tax Strategies, Professional Advice Bureau, Sterling Tax Strategies and Bell Strategies had promised to refund customers' fees if their tax-busting strategies failed, but were unable to do so.

Two insurance policies taken out with a company based in Belize also failed to pay out. In a further twist, court papers show the companies made applications to HMRC for VAT refunds in order to pay their creditors - leading the taxman to make payments totalling more than £3m. HMRC later realised its mistake and blocked further requests for a sum of £2.1m.

ITS Action Group now represents a number of the four companies' customers, who have been made creditors by the administrators.

A spokesman for HMRC said: "Most avoidance schemes simply do not work, and the people who get involved can end up paying more than they were trying to avoid in their misguided attempts to save money."

He added that a "scheme reference number" - a reference for HMRC - does not mean it has been cleared by the taxman. Schemes must always be disclosed.

Paul Emery, a partner at PwC, the accountancy firm, said new rules requiring anyone using a scheme to mitigate tax to disclose details to HMRC were curtailing these sorts of cases, noting: "HMRC is also using Land Registry data and matching this up with tax returns."

He added: "It can be difficult to discern legitimate planning from something the courts are likely to find against. If it does sound too good to be true, get a second opinion from a professional."

The Fiducia mentioned here is in no way connected with Colchester-based Fiducia Wealth Management

(1st November 2017)

(Huffington Post, dated 3rd October 2017 author Christopher Elliott)

Full article [Option 1]:

Harvey. Irma. Maria.

In a hyperactive hurricane season, the mere mention of these storms evokes fear, dread - and regret.
But this year feels a little different, maybe because of the proliferation of rip-offs that followed these disasters, from repair fraud to relief scams. And these swindles continue in Texas, Florida, Puerto Rico - and perhaps even in your own neighborhood.

"There are the normal scams that occur after a hurricane that have become tried and true," says Daniel Stermer, the mayor of Weston, Fla., and a former prosecutor who handled price gouging claims and other fraud-related crimes. "They include debris cleanup, storm shutter removal, tree trimming, home repairs, and other things that homeowners need immediately and do not have a frame of reference on whether the price they are being quoted is reasonable or truly price gouging and a scam."

Since this year's storms have been so intense, the scammers are reaching new victims, particularly when it comes to hurricane-related charities. To get the full picture, you have to look at what happened, consider what might happen, and talk to hurricane scam experts. And it quickly becomes clear that even though the storms are past, the worst is not over.

Bottom line: You can fall for a swindle without being in a state, or even a country, affected by a hurricane. And this year's wave of hurricane scams, like the storms themselves, have been remarkable:

Fake charity scams

"Beware of fake charity websites set up to take advantage of those looking to donate for a recent disaster," warns Michael Lai, CEO of, a ratings site. After every major disaster, fake websites spring up that take advantage of people who want to help, he says. "For example, after the Haiti earthquake, there were fake Haiti earthquake relief sites. It was simply astounding."

What to do? Look up your charity on a site :

For the USA :Charity Navigator or GuideStar to ensure it's legit.
For the UK : Charity Commission

Never send charity money through a wire transfer, Western Union or MoneyGram. A reputable nonprofit never requests money by wire transfer, says Lai. "If you can, use a credit card or PayPal which will offer fraud protection." Never give out personal information, such as your social security number, or home address to someone calling to ask for a donation.

(1st November 2017)

(London Evening Standard, dated 9th October 2017 author Patrick Grafton-Green)

Full article [Option 1]:

A serial fraudster who was caught trying to flee the country after phoning an investigating police officer to threaten him and his family has been jailed.

Jonathan Richman, 52, of no fixed abode, was sentenced to a total of two years in prison at Isleworth Crown Court on Friday after fleecing travel companies and holidaymakers for years.
He pleaded guilty to fraud and money laundering offences totalling more than £80,000.

Between 2011 and 2015, Richman posed as a travel agent under the name Jamie Malcolm dealing in last-minute holidays at low prices.
But without his clients' knowledge, Richman paid for the holidays using fraudulent credit card details, as they paid money into bank accounts he controlled.

Travel companies were left thousands of pounds out of pocket when credit card companies later spotted the fraudulent payments and recovered the money.

And in some cases, where the fraud was spotted quickly, Richman's customers had their holidays cancelled, and were left unable to get their money back from him.

The Met launched an investigation in September 2013 when two people returning from a holiday in Thailand were arrested by officers at Heathrow Airport.

It quickly became apparent they were victims of Richman's fraud, police said.

A breakthrough in finding out Richman's true identity or whereabouts came in October 2014 when Richman called the Heathrow CID office and made threats against one of the investigating officers and his family, telling him to "leave [him] alone".

Detectives traced the mobile phone numbers used to make the calls, and were then able to link the numbers to Richman. He was arrested in February 2015 in Brighton.
In total, officers identified around 16 victims - including companies or people - who had fallen foul of Richman's scams.

He was convicted of fraud and malicious communications offences in March 2015 and sentenced to a total of four years' in prison.

After Richman was released on licence from prison in August 2016, he breached his licence and was on the run from police. He was eventually arrested at Gatwick Airport on August 28, trying to board a flight to Morocco.

He was charged on August 29 with the additional offences, and pleaded guilty at Isleworth Crown Court on September 27 to three counts of fraud, money laundering and the possession of fraudulent documents and articles for use in fraud.

Detective Sergeant Dave Bullamore, from the Met's Aviation Policing Command, said: "Richman was carrying out these frauds effectively as a full time occupation.

"He went to great lengths to try and conceal his true identity, right from renting a flat under a false name to setting up fake bank accounts.

"But his arrogance proved to be his downfall when he called the detectives to threaten and warn them off from investigating him.

"We were finally able to match his face to his true identity and arrest him, and despite his attempts to go on the run and evade justice, he is now facing further time behind bars."

(1st November 2017)



If the scam is not in the UK at the moment, it probably will be in the future !

(Bloomberg Business Week, dated 12th September 2017 author Jennifer Surane)

Full article [Option 1]:

On a warm day in May, agents from the FBI and the U.S. Postal Inspection Service descended on a leafy neighborhood in South Carolina and raided the home of a DJ suspected of using fake identities to obtain 558 credit cards from Capital One Financial Corp.

Inside, investigators found a pair of handwritten ledgers listing names alongside purported Social Security numbers, birth dates, and addresses-tracking some of the identities he allegedly had cultivated since the end of 2013. Prosecutors estimate Whitlock tapped at least $340,000 using the credit cards.

Such scenes are part of a newly defined front in the war against credit card fraud. Known as synthetic identity theft, the scam relies on creating identities rather than stealing existing ones.

(The Dallas Morning News, dated 8th September 2017 author Kevin Krause)

Full article [Option 1]:

When employees get an email from their CEO asking them to do something, chances are they will do it - fairly quickly and with no questions asked.

Amechi Colvis Amuegbunam counted on it. And he was right.

Employees wired company money to where Amuegbunam told them - most often foreign banks. He pulled it off by cleverly creating email accounts that made it appear as if he were a company executive, authorities said.

A federal judge sentenced him last week to 46 months in federal prison for duping more than 10 victims out of about $3.7 million.

(Irish Examiner, dated 7th September 2017)

Full article [Option 1]:

Householders have been warned to remain vigilant as cybercriminals aim to steal from bank accounts via another wave of fraudulent emails claiming to come from Irish Water, writes Joe Leogue of the Irish Examiner.

Internet security firm ESET Ireland has warned computer users are receiving an email titled "Update your account details" which is doctored to resemble a communication from Irish Water.

The email is a phishing scam designed to steal credit card information and Irish Water login information.

"Clicking on the link leads to a forged log-in page, where the victim first hands over their Irish Water log-in details, and is then asked to enter all the details of their credit or debit card as well and confirm it," ESET warned. "After providing the cybercriminals with all the required info, the user gets bounced back to the actual Irish Water website," it said.

(Fox News, dated 1st September 2017 author James Rogers)

Full article [Option 1]:

MacEwan University in Edmonton, Alberta has confirmed that it lost 11.8 million Canadian dollars (US $9.5 million) after falling victim to a phishing attack.

In a statement released Thursday, the university said that a series of fraudulent emails convinced staff to change electronic banking information for one of the institution's major vendors. As a result of the fraud, $9.5 million was transferred to an account that staff believed belonged to the vendor.

(Tech Republic, dated 1st September 2017 author Alison DeNisco)

Full article [Option 1]:

With every large news event of natural disaster comes a barrage of scam emails and websites, with cybercriminals attempting to take advantage of interest in the situation. Hurricane Harvey, which damaged or destroyed more than 44,000 homes in Houston, TX, has sadly set off a spate of hackers attempting to profit from the disaster.

"Natural disasters are open season for cyber criminals intent on making a buck using time-tested and fraudulent means," said Steve Durbin, managing director of the Information Security Forum. "Email infection, fake websites, and traditional phishing attacks are all to be expected."

(1st October 2017)

(International Business Times, dated 20th September 2017 author Jason Murdock)

Full article [Option 1]:

A "corrupt banking insider" working for Barclays, along with four other men, have admitted laundering at least £16m ($21m) for a gang of international cybercriminals.

Between 2013 and 2016, the group used roughly 400 bank accounts in a conspiracy that involved receiving stolen money into one account and then dispersing it into smaller sums across multiple other accounts, the National Crime Agency (NCA) said Tuesday (19 September).

The process, investigators found, would be repeated several times - to disguise the source of the money - before being sent back to cybercriminals.

The hackers were reportedly traced back to a location in Eastern Europe, which has not been revealed.

Nilesh Sheth, 53, a personal banking manager at Barclays, opened a large number of so-called "mule accounts" using fake IDs and address documents.

And he was not alone, the NCA quickly concluded.

Iurie Mereacre, a 37-year-old Moldovan national, ran the money laundering service from his home in London, along with three associates, brothers Iurie Bivol (36) and Serghei Bivol (31) along with Ryingota Gincota (28).

"Sheth abused his position of trust at the bank to knowingly open sham accounts for the network, providing a vital service which enabled them to launder £16 million worth of stolen cash," said Mike Hulett, head of operations at the NCA's cybercrime unit.

The "step-by-step" guide

Prior to their arrests, on 3 November 2016, the laundering group was seen meeting with Sheth on numerous occasions at his bank, and in public places including restaurants and car parks.

On the day of the arrests, NCA officers recovered multiple mobile phones, financial ledgers and 70 mule packs from Mereacre's flat.

The mule packs contained ID and banking documents, bank cards and security information that enabled the group to obtain access to the accounts.

In a move that was surely pivotal to the investigation, officers also seized a hand-written "step-by-step guide to money laundering", which contained instructions on how to move money to accounts at various banks and notes on which accounts had been blocked by bank security.

In a search of Sheth's home in Redwoods Close, Buckhurst Hill, officers recovered over £16,000 in cash and nine mobile phones hidden around his house, including under the kitchen sink.

A number of the phones, the NCA discovered, had been used to communicate with Mereacre and contained text messages sent between the pair, organising meetings and payment.

On Thursday 15 June 2017, at the Old Bailey, Mereacre, Sheth and both Bivol brothers pleaded guilty to roles in the conspiracy.

Gincota opted to take the case to trial but later pleaded guilty to fraud offences on 19 September, authorities said.

A Barclays spokesperson said: "This is a rare occasion where an individual deliberately exploited our systems. We have worked with and supported the NCA with this investigation and welcome the outcome of proceedings.

"Barclays will always support law enforcement in identifying criminal activity and bringing prosecutions."

"Abused his position"

Rose-Marie Franton, from the Crown Prosecution Service's (CPS) International Justice and Organised Crime Division, said: "These men deliberately and persistently set about transferring millions of pounds of stolen money out of the UK to Eastern Europe.

"Working closely with NCA investigators, the CPS presented a strong case with the result that today all the defendants have admitted their guilt.

"The evidence we gathered showed how Nilesh Sheth abused his position as a bank employee for personal gain by facilitating the laundering the criminal proceeds of an organised crime group both within the UK and across borders."

The NCA could not elaborate on the identity of the foreign cybercriminal gang.

Back in 2008, the Northampton Chronicle and Echo reported that Mereacre was linked to an "international card cloning and skimming scam" that was using more than 100 bank accounts and pin numbers were used to net approximately £105,000 in illegal profit.

At the time, the regional newspaper reported he was caught by a Tesco security guard.

(1st October 2017)

(International Business Times, dated 20th September 2017 author AJ Dellinger)

Full article [Option 1]:

A new, widespread ransomware attack has started spreading through emails with malicious attachments-including some disguised to look like they came from multi-level marketing nutrition company Herbalife-is hitting millions of inboxes around the world.

The campaign was first spotted by cybersecurity firm Barracuda Labs on Tuesday, at which point the attack had been delivered about 20 million times over the course of a 24 hour period. Since then, the campaign has continued at rate of about two million attacks per hour.

The attack has been impressively prolific since it launched earlier this week. Barracuda has identified at least 8,000 different versions of the virus script so far, suggesting the attackers are randomizing parts of the attack in order to avoid detection from anti-virus tools.

While the origins of the attack are still unknown, Barracuda did note that the largest volume of the emails appeared to come from Vietnam, with other significant sources of the attack including India, Columbia, Turkey and Greece.

According to Barracuda, the payload files delivered by the malicious emails and the domains used to host the secondary payloads downloaded onto a victim's computer have also changed multiple times since the start of the attack.

Potential victims may see any number of variants of the attack, though a common version of the malicious email has contained branding from Herbalife, a popular nutritional supplement and personal care product provider.

The email claims to contain an attachment that is an invoice for an order placed through the company. If a person downloads and opens the file, it will launch the ransomware installer hidden in the document.

Other variants of the email that have appeared claim to be a delivery of a "copier" file or contain a paragraph of legalese that make it appear as though the email is some sort of official or legitimate document.

The messages often come from a spoofed domain, making it appear as though it is from a person within the same organization as the target or from another trusted source-an increasingly popular technique for tricking people into clicking on malicious links, though one that could be avoided with the proper protocols like DMARC implemented by organizations.

While the campaign is currently targeting organizations and businesses, it isn't believed to be from a state-sponsored actor and the motivations appear to be primarily financial, as is often the case with widespread ransomware attacks.

While victims may be tempted to pay the ransom when their computer is infected and their files are made inaccessible by the attack, they are advised not to do so. This is generally the best practice but applies to this attack in particular, as Barracuda noted that victims who pay will not have their files unlocked.

"Barracuda researchers have confirmed that this attack is using a Locky variant with a single identifier. The identifier allows the attacker to identify the victim so that when the victim pays the ransom, the attacker can send that victim the decryptor," the researchers explained in a blog post. "In this attack, all victims get the same identifier, which means that victims who pay the ransom will not get a decryptor because it will be impossible for the criminal to identify them."

Barracuda also noted the campaign is checking the language files on a victim's computer, suggesting it may may lead to an international version of the attack in the future.

(1st October 2017)

(Mirror, dated 13th September 2017 author Emma Munbodh)

Full article [Option 1]:

Clever fraudsters are posing as anti-scam officers to trick victims into handing over details for 'refunds', it has emerged.

In a warning on Wednesday, Action Fraud - the government's security arm - said it was aware of a series of letters currently in circulation that are claiming to be from the National Fraud Intelligence Bureau (NFIB).

The letters - which are being sent out to victims of fraud - are offering them the chance to have their money returned.

To receive the refunds, it asks them to send their personal details to a South African bank. However, it uses the NFIB branding and the name of the City of London Police's Commissioner, Ian Dyson, to appear credible.

The NFIB is part of Action Fraud, it sits within the City of London Police which is the national policing lead for fraud.

In a statement it said: "The fraudsters are sending these letters so that they are able to gather bank details and defraud people who have already fallen victim to fraud."

However to protect themselves, customers are being warned to take the following steps:

- Be prepared: If you've been a victim in the past, challenge any letters from people you don't know or companies you've never contacted. Clarify any letters directly with the relevant organisation.

- If you're asked to pay, or give your bank account details, end all contact.

- Ask questions: Ask them how they found out that you had been a victim. Any report of fraud is protected by law and can't be shared with anyone else outside of law enforcement agencies.

City of London Police's Detective Chief Inspector Andy Fyfe said: "This fraudulent letter is clearly not something that the National Fraud Intelligence Bureau would send to the public. It takes advantage of peoples' trust in order to steal money from those who have already fallen victim.

"By using recognised organisations, including the National Fraud Intelligence Bureau's branding and the City of London Police's reputation, the fraudsters are attempting to appear credible.

"If you are unsure about a letter you have received from the National Fraud Intelligence Bureau, please contact Action Fraud directly before giving away any of your personal details."

If you have been affected by this, or any other scam, report it to Action Fraud by calling 0300 123 2040, or visiting .

(1st October 2017)

(The Register, dated 6th September 2017 author Kat Hall)

Full article [Option 1]:

BT customers in the UK have been targeted by scammers in India - with one person reporting they were defrauded for thousands of pounds this week.

The issue appears to have been going on for more than a year. Some customers said the fraudsters knew their personal details.

One reader got in touch to report that his father-in-law has been having problems with his BT broadband, which he contacted the company about.

This week he got a call from someone asking for him by name, talking about his broadband problems. This individual claimed he had malware on his computer and said he need to access his machine via a third-party client.

"Within the hour he had over £1,000 in two payments from his bank account. Fortunately Lloyds stepped in on the second larger payment and stopped it progressing," said his son-in-law, who asked not to be named.

A BT customer forum thread entitled Possible Scam has hundreds of comments dating back from last year.

One recently wrote they had already been in touch with BT about their broadband prior to receiving a call from an Indian man stating that he was calling from BT.

"He asked me to confirm the postcode and address which he gave to me over the phone and then my date of birth. At that point I said no and he hung up. Clearly a scam call and weirdly, never had to call BT until the last few weeks and all of a sudden a call."

Another said the same thing happened to him, adding that the caller was very plausible until they wanted remote access to his PC hard drive.

"She even knew my address, phone number and both mine and my husbands name... so had access to some of our details."

Fraud appears to be a growing problem across the sector. Last month TalkTalk was hit with a £100,000 fine after the data of the records of 21,000 people were exposed to fraudsters in an Indian call centre.

A BT spokesman said: "BT takes the security of its customers' accounts very seriously. We proactively warn our customers to be on their guard against scams. Fraudsters use various methods to 'glean' your personal or financial details with the ultimate aim of stealing from you. This can include trying to use your BT bill and account number."

He advised customers should never share their BT account number with anyone and always shred bills. "Be wary of calls or emails you're not expecting. Even if someone quotes your BT account number, you shouldn't trust them with your personal information."

He said: "We'll never ask customers for personal information out of the blue and we'll never call from an 'unknown' number. If we're getting in touch about your bill, it will usually be from either 0800 328 9393 or 0800 028 5085."

(1st October 2017)


(Actuarial Post, dated July 2017)

Full article [Option 1]:

At the start of Citizens Advice's 'Scams Awareness Month', Kate Smith, head of pensions at Aegon, highlights the need for consumers to be on their guard to spot and prevent scams:

"Not only are they master manipulators, scammers are constantly evolving ways to trick victims. The sad fact is that in today's world, people's savings are under threat from potential fraudsters. However, while incredibly serious, this isn't something that should keep people awake at night. Following some simple steps can ensure that people protect themselves.

"Scammers are becoming increasingly sophisticated in the ways they target people's money, including pension savings. Being aware of what to look out for can not only protect your money, but save you a lot of stress as well. While initially tempting, companies promising high returns from unusual unregulated investments, or offering early access to pension savings, more often than not, turn out to be scams. It can be all too easy to be taken in by scammers, but being on your guard is your first, and best, line of defence.

"It's not only individuals who need to guard against the threat of scammers though, we stand a much stronger chance of beating them by being collectively vigilant. No controls are infallible, so pension providers and schemes, along with advisers, need to be alert and update controls as scams evolve.

"Thwarting scammers at every opportunity is key and strengthening regulation can certainly dent scammers' success rates. The promise of high returns by persuading individuals to move pensions overseas, when the individual has no intention of living abroad, was previously one of the scammers' favourite tactics. Today, it has almost disappeared off the radar, thanks to government regulation. The introduction of an immediate 25% tax charge proved a simple and effective way to clamp down on this type of fraudulent activity, resulting in an almost immediate decline in this type of scam.

"In a similar vein, we were relying on a new Pension Bill to address issues highlighted by the pension industry to give savers greater protection. Unfortunately, the Queen's Speech was disturbingly quiet on any legislation to ban pension cold-calling or give schemes and providers greater powers to block suspicious transfers.

"Pension scams won't just go away without some serious action. Limiting the right to a statutory transfer could potentially safeguard millions of pounds from scammers. The government must keep this on its agenda, speak up and take the issue seriously.

Top Tips to avoid scammers

1. Try not to engage in conversation with Cold Callers. The safest thing to do is to hang up.
2. Think about installing call blocker technology on your phone.
3. Never give out personal information, including your bank details.
4. Always check the Financial Conduct Authority (FCA) online register if you doubt a company.
5. Check the FCA ScamSmart warning list for known investment scams.
6. Use the Pension Advisory Online tool to Identify a pension scam if you are worried about information given or action you've taken
7. Never feel pressurised into making a quick decision, and read any documents carefully before you sign on the dotted line.
8. Always do the research. As always, if in doubt, use a regulated adviser. You can find one of these using the 'unbiased adviser' website.
9. Report any concerns to your pension provider, adviser, or Action Fraud by calling 0300 123 2040 or online at

(28th September 2017)

(Which ?, dated 9th August 2017 author Melissa Massey)

Full Article [Option 1]:

As many as nine in ten people said they are receiving at least one dodgy email a month that's evaded their spam filters, new Which? research on email scams has found.

Our research also found that more than half of people are getting as many as five scam emails a month in their inbox, with many claiming to be from trusted services and legitimate brands.

The research highlights how common the problem of bogus phishing emails is. And, with many appearing to be from what look like reputable sources, they can all too often trick people into losing money or giving away personal information.

Positively, almost all of respondents were able to spot at least one tell-tale sign in a scam email, but only around two in five look out for any links to dodgy websites included in the email or look to see if the branding is any different than usual.

The research showed that while overall only 3% of people lost money to a scam email, on average women ended up parting with more than double the amount of money as their male counterparts. Women lost £2,186 on average, while men lost £975 on average. If you've lost money to a scam your next steps will depend on how you were parted from your cash.

Impersonating trusted brands

Fake emails impersonating PayPal top the list of the most common phishing scams, with 56% of respondents saying they had received an email claiming to be from the payments company.

Trusted services and brands impersonated by scammers include PayPal, banks, HMRC and Apple (including iTunes). Nearly a third of respondents also reported that they'd received emails from a stranger asking for money.

Where some scam emails received claimed to be from :

PayPal : 56%
A Bank : 49%
HMRC : 40%
Stranger asking : 31%
Apple (+itune) : 26%
eBay : 20%
A Supermarket : 18%
An email provider : 13%
Microsoft : 13%

(Answers from 1,575 respondents)

Bogus phishing emails all too common

And, while most people are likely to delete dodgy emails and some mark them as spam, almost one in four of today's centennials (18-21 year olds) did nothing with the scam email they received - a much higher proportion than the national average of just 4%.

Alex Neill, Managing Director of Home Products and Services at Which? said: 'Bogus phishing emails that look like they are from reputable sources are all too common and can trick people into giving away personal information, and in some cases losing money.

'Our research shows it's often the youngest consumers that are most at risk of opening these emails and that they are also less likely to do something about a scam email. Our top tips guide on how to spot an email scam is available for free on our website to help consumers stay ahead of the scammers' tactics and reduce the risk of them becoming a victim of fraud.'

Stay vigilant and take action to tackle fraud

Which? is warning consumers to be vigilant and take action, to reduce the risk of them becoming a victim of fraud. To help consumers stay safe online, Which? has produced a free online guide full of tips to help people spot an email scam here.

Which? is calling on the Government to set out an ambitious agenda to tackle fraud, publish an update on the progress of the Joint Fraud Taskforce and outline what action it will urgently take to safeguard consumers from scams.

This research was carried out by Populus on behalf of Which?. They contacted 2,114 adults via an online poll in June 2017. The data is weighted to be nationally representative of the UK.

(28th September 2017)

(The Independent, dated 22nd August 2017 author Aatif Sulleyman)

Full article [Option 1]:

Criminals are stealing people's money by taking control of their phone numbers behind their backs, a new report says.

They're managing to persuade agents at mobile networks to transfer control of targets' phone numbers to their own devices.

The technique isn't brand new, but is growing increasingly popular, according to the New York Times.

It reports that identity thieves often call agents multiple times, to request the transfer of a particular phone number, with "sob stories" about made-up emergencies commonly used.

Even if their request for the number is turned down repeatedly, their hope is that they'll eventually get to speak to an agent that falls for the scam.

Once they succeed, they can break into any accounts that use the number as a security backup, by resetting the passwords.

This can give them access to valuable information, such as bank account details, and also enable them to blackmail their intended target, by threatening to leak personal information.

However, the New York Times says criminals have started targeting investors in digital currencies - such as bitcoin - and venture capitalists, often finding them through social media.

This is largely because digital currency transactions are irreversible, leaving victims completely helpless.

Earlier this year, a security researcher discovered a "gaping hole" in Facebook that lets anyone easily break into an account.

The problem stems from the fact that Facebook allows you to link multiple phone numbers to your account, and doesn't force you to remove old ones once you've stopped using them.

Therefore, anyone who inherits your old number could easily reset your password and lock you out of your own account.

(28th September 2017)

(This is Money, dated 25th August 2017 author Rachel Straus)

Full article [Option 1]:

Cases of insurance identity fraud have shot up this year, from just 20 between January and June 2016 to 2,070 over the same period this year.

The rise means it's the fastest-growing type of identity theft in the UK, at a time when it is reaching 'epidemic' levels.

Identity theft is when fraudsters get hold of the data of their victims, such as their names, dates of birth and addresses, through a variety of routes including stolen mail, the dark web, hacking or exploiting information on social media.

The fraudsters then use this information to take out products in their victims' names, for example opening bank accounts and applying for credit cards, loans, shopping online - and now, insurance.

nsurance identity fraud is when a criminal uses these methods to take out an insurance product in someone else's name.

Nick Mothershaw, director of identity and fraud solutions at Experian, explains why someone would want to do this.

He says that this type of fraud is often called 'ghost broking', and involves 'taking out a policy using a good address that gets a low premium, doctoring it, and selling on to an unsuspecting buyer looking for a better premium'.

The victim of insurance identity theft might not find out about the crime until they receive some kind of correspondence from an insurance provider with whom they do not have a policy, asking for payment or alerting them to an issue.

Similarly, the victim who unwittingly buys the doctored insurance cover may not find out that they do not have a valid policy until it's too late and they try to make a claim.

Other types of insurance fraud can involve people not telling the truth to get a better premium or people making false or exaggerated claims, says Nick.

To check whether your insurance product is legitimate, the Association of British Insurers says you can check that it is listed on the Motor Insurers' Bureau's Motor Insurance Database, which records policy details of all vehicles in the UK.

It also says to beware of insurance policies sold via social networking websites, pubs clubs and bars, newsagents and motor repair shops.

The Insurance Fraud Bureau ( ) runs Cheatline with Crimestoppers to report insurance fraud.

Identity fraud cases overall rose by another five per cent in the last year, with nearly 500 cases a day - with the majority of scams taking place online, according to fraud prevention body Cifas.

Simon Dukes, Cifas chief executive, said: 'We have seen identity fraud attempts increase year-on-year, now reaching epidemic levels.

'These frauds are taking place almost exclusively online. The vast amounts of personal data that is available either online or through data breaches is only making it easier for the fraudster.

'Criminals are relentlessly targeting consumers and businesses and we must all be alert to the threat and do more to protect personal information.

'For smaller and medium-sized businesses in particular, they must focus on educating staff on good cyber security behaviours and raise awareness of the social engineering techniques employed by fraudsters. Relying solely on new fraud prevention technology is not enough.'

(28th September 2017)

(Hertfordshire Police Neighbourhood Watch, dated 28th August 2017)

We have received a number of reports recently where Hertfordshire residents have lost items or money after they believed they had sold items online to purchasers using PayPal. The two most common scams were:

Buyer asks for items to be sent to an alternative address

The buyer sends money via PayPal but asks for item to be sent to a different address, such as their "work address" or a "gift address". The victim receives the payment and sends the item to the new address. The buyer then claims they did not receive the item and requests a refund. Because the seller sent the item to a different address, they are not covered by PayPal's seller protection, so the buyer receives their refund and the seller ends up with neither the items nor the money.

Fake PayPal confirmation email

The buyer tells the seller that they will pay using PayPal. The seller then receives an email (that looks to be identical to a normal PayPal email) confirming payment has been received. The seller then sends the item. However, the PayPal confirmation email was fraudulent and the payment was never made.

Protect Your Money

- Don't accept an email as proof of payment, always check your account to ensure monies have been received. Log in to your account via your app or browser, never via an emailed link.

- Please bear in mind when selling items via PayPal, the User Agreement contains the following: "A key eligibility requirement of the Seller Protection Programme is that, for tangible items, the seller must post the item to the address which appears on the transaction details page."

- To view the PayPal User Agreement, visit and click on "Legal" in the bottom right hand corner of the page.

(28th September 2017)

(International Business Times, dated 25th August 2017 author James Billington)

Full article [Option 1]:

When something looks too good to be true, it usually is. That's why easyJet has issued a warning about a free ticket internet scam fooling Facebook users into thinking they've won complimentary trips away.

Hackers are luring users into clicking on potentially harmful malware by posting on what looks like a genuine easyJet Facebook account with a competition celebrating the low-cost airline's 22nd anniversary. The fake advert claimed "easyJet is gifting 2 free tickets to everyone!" along with a picture of a boarding pass and the offer of two tickets per users if they took part in a survey.

Victims who click on the link were redirected to a fake page where it urged users to "hurry up" due to a limited number of tickets left. The survey asks for personal information and to also share the offer on Facebook in order to redeem the prize, thus gaining access to their profile.

This information could then be sold on or used for further phishing attacks.

"These stolen credentials can be resold or traded on underground forums and sites. Also, these scams can be further weaponised to drop ransomware or other more advanced styles of malware if the attackers so choose. The ease of further weaponising a simple campaign like this is concerning in and of itself," said Tim Helming, Director, Product Management at DomainTools.

The scammers were able to make the scheme look as genuine as possible by also including comments from fake customers who said they had won.

"I won the tickets...thank you easyJet," said one, while another claimed "it was busy at the easyJet counter today. It seems that so many people have won these tickets".

The false website was also set up with an address similar to that of the genuine easyJet site but not affiliated at all, further duping victims into thinking it was real.

This practise is known as typo squatting and here, the easyjetlover[.]us web address was used and repeats an identical scam that appeared on Facebook the week before claiming to be offering free RyanAir tickets, as well as an Aldi scam offering shoppers a free £65 coupon.

Helming reveals that on further investigation DomainTools found that the same person behind this campaign is connected to 113 other domains that are disguised as brands including British Airways, Ryanair and Pizza Hut.

EasyJet has acknowledged the scam, confirming it is fake and not a real giveaway and that "genuine competitions of this nature will only be hosted on easyJet's official Facebook page".

It warns customers to stay clear and encourages users to flag any malicious posts of this nature to the company.

The security experts at DomainTools advise users to stay safe by looking out for tell-tale signs such as typos on the website or coupon, as well as domains that have '.com-[text]'. A good way to ensure you're not being redirected somewhere you shouldn't is by hovering your mouse over the URL to see where the link will take you.

(28th September 2017)

JULY 2017

(The Register, dated 20th Jul 2017 author Iain Thomson)

Full article [Option 1]:

Foreign students looking to experience the stochastic joys of a year at Newcastle University in England are being warned that phishers are after their cash - using an unusually well-crafted attack.

The raiders set up a very realistic-looking fake website proclaiming itself to be Newcastle International University, complete with pages of well-laid-out information. The URL isn't that of the actual university site, but if you're a student unfamiliar with the center of learning, it would be easy to be fooled.

"We have been made aware of an unofficial website which is fraudulently using the Newcastle University brand and accepting credit card payments to apply for courses," the university said. "The website Newcastle International University is in no way affiliated with the University and we are advising anyone who finds the website should not submit any personal details."

It's the ideal time for phishers to pull a stunt like this. The exam results announcements for British students looking to go to university will be released within a month and overseas students are already trying to secure their places, and so could be vulnerable to slapping down the plastic if they think they can secure their place in academia now.

While the university has no comment at this time, it's thought the website was spammed out via email to these foreign students, who are also unlikely to notice that the site uses faked Newcastle University logos and coat of arms. The fake site not only tries to harvest credit card data, but also asks for other personal information, including passport details.

"Make no mistake, this is an effective scam. They've put in the time and effort to create a remarkably realistic website. It is well designed, well executed, and it highlights the very real danger of modern spoofing attacks," said Azeem Aleem, director of advanced cyber defence practice - EMEA at RSA.

"Newcastle University's response has been admirable, quickly identifying and warning prospects about the site. Yet it is often very hard for a company or organisation to know if their site has been spoofed until someone has already become a victim."

(21st September 2017)

(Via BBC News, dated 12th July 2017 author Bruno Buonaguidi - Universita della Svizzera italiana)

Full article :

If you are the owner of a credit or a debit card, there is a non-negligible chance that you may be subject to fraud, like millions of other people around the world.

Starting in the 1980s, there has been an impressive increase in the use of credit, debit and pre-paid cards internationally. According to an October 2016 Nilson Report, in 2015 more than $31 trillion were generated worldwide by these payment systems, up 7.3% from 2014.

In 2015, seven in eight purchases in Europe were made electronically.

Thanks to new online money-transfer systems, such as Paypal, and the spread of e-commerce around the world - including, increasingly, in the developing world (which was slow to adopt online payments) - these trends are expected to continue.

Worldwide losses from card fraud rose to $21 billion in 2015, up from about $8 billion in 2010. By 2020, that number is expected to reach $31 billion

Thanks to leading companies such as Flipkart, Snapdeal and Amazon India (which together had 80% of the Indian e-commerce market share in 2015) as well as Alibaba and JingDong (which had upwards of 70% of the Chinese market in 2016), electronic payments are reaching massive new consumer populations.

This is a goldmine for cybercriminals. According to the Nilson Report, worldwide losses from card fraud rose to $21 billion in 2015, up from about $8 billion in 2010. By 2020, that number is expected to reach $31 billion.

Such costs include, among other expenses, the refunds that banks and credit card companies make to defrauded clients (many banks in the West cap consumers' liability at $50 as long as the crime is reported within 30 days for credit cards and within two days for debit cards. This incentivises banks to make significant investments in anti-fraud technologies.

Cybercrime costs vendors in other ways too. They are charged with providing customers with a high standard of security. If they are negligent in this duty, credit card companies may charge them the cost of reimbursing a fraud.

###The types of frauds

There are many kinds of credit card fraud, and they change so frequently as new technologies enable novel cybercrimes that it's nearly impossible to list them all.

But there are two main categories:

card-not-present (CNP) frauds:

This, the most common kind of fraud, occurs when the cardholder's information is stolen and used illegally without the physical presence of the card. This kind of fraud usually occurs online, and may be the result of so-called "phishing" emails sent by fraudsters impersonating credible institutions to steal personal or financial information via a contaminated link.


This is less common today, but it's still worth watching out for. It often takes the form of "skimming" - when a dishonest seller swipes a consumer's credit card into a device that stores the information. Once that data is used to make a purchase, the consumer's account is charged.

The mechanism of a credit card transaction

Credit card fraud is facilitated, in part, because credit card transactions are a simple, two-step process: authorisation and settlement.

At the beginning, those involved in the transaction (customer, card issuer, merchant and merchant's bank) send and receive information to authorise or reject a given purchase. If the purchase is authorised, it is settled by an exchange of money, which usually takes place several days after the authorisation.

Once a purchase had been authorised, there is no going back. That means that all fraud detection measures must be done during in the first step of a transaction

Once a purchase had been authorised, there is no going back. That means that all fraud detection measures must be done during in the first step of a transaction.

Here's how it works (in a dramatically simplified fashion).

Once companies such as Visa or Mastercard have licensed their brands to a card issuer - a lender like, say, Barclays Bank - and to the merchant's bank, they fix the terms of the transaction agreement.

Then, the card issuer physically delivers the credit card to the consumer. To make a purchase with it, the cardholder gives his card to the vendor (or, online, manually enters the card information), who forwards data on the consumer and the desired purchase to the merchant's bank.

The bank, in turn, routes the required information to the card issuer for analysis and approval - or rejection. The card issuer's final decision is sent back to both the merchant's bank and the vendor.

Rejection may be issued only in two situations: if the balance on the cardholder's account is insufficient or if, based on the data provided by the merchant's bank, there is suspicion of fraud.

Incorrect suspicions of fraud is inconvenient for the consumer, whose purchase has been denied and whose card may summarily be blocked by the card issuer, and poses a reputational damage to the vendor.

How to counter frauds?

Based on my research, which examines how advanced statistical and probabilistic techniques could better detect fraud, sequential analysis - coupled with new technology - holds the key.

Thanks to the continuous monitoring of cardholder expenditure and information - including the time, amount and geographical coordinates of each purchase - it should be possible to develop a computer model that would calculate the probability that a purchase is fraudulent. If the probability passes a certain threshold, the card issuer would be issued an alarm.

The company could then decide to either block the card directly or undertake further investigation, such as calling the consumer.

The strength of this model, which applies a well-known mathematical theory called optimal stopping theory to fraud detection, is that it aims at either maximising an expected payoff or minimising an expected cost. In other words, all the computations would be aimed at limiting the frequency of false alarms.

My research is still underway. But, in the meantime, to reduce significantly the risk of falling victim to credit card fraud, here are some golden rules.

First, never click on links in emails that ask you to provide personal information, even if the sender appears to be your bank.

Second, before you buy something online from an unknown seller, google the vendor's name to see whether consumer feedback has been mainly positive.

And, finally, when you make online payments, check that the webpage address starts with https://, a communication protocol for secure data transfer, and confirm that the web page does not contain grammatical errors or strange words. That suggests it may be a fake designed solely to steal your financial data.

The Conversation

Bruno Buonaguidi is a researcher at the InterDisciplinary Institute of Data Science at the Università della Svizzera italiana. This article originally appeared on The Conversation.

(21st September 2017)

(The Telegraph, dated 4th July 2017 author Sam Meadows)

Full article [Option 1]:

When Ian Price handed over his bank cards, pin, and all the cash he had to a motorbike-riding courier in the dead of night he thought that he was acting on instructions from the police.

In fact, he was one of an estimated half a million over-65s who have fallen victim to scammers. More than half of all pensioners have been targeted by fraudsters, according to research by Age UK, the charity, so being aware of scammers is more important than ever.

Mr Price, 89, was phoned by someone purporting to be a police officer. The caller told him that he had been monitoring his bank accounts and had noticed some suspicious activity. The "officer" would send a courier, he said, to collect his bank cards for his own protection. The clincher for Mr Price was the scammer's claim that he could hang up and dial 999 if he was unsure.

He did so, but the fraudster was relying on a little-known quirk of the telephone system that allows a caller to "tie up" your line for a few minutes if they remain on the line after you have put the phone down. This meant that when Mr Price dialled 999 immediately, he was reconnected to the scammer (BT said lines were now tied up for no more than 10 seconds).

Reassured, Mr Price handed his cards and pin to the courier - who arrived at 11pm - thinking that he was doing the right thing. Instead, the scammers ransacked his accounts.

Mr Price's son, Christopher, a charity worker, said the incident had taken an incredible toll on his father. "If you get swindled at a younger age you can kind of rationalise it and deal with it," he said. "At an older age, when your confidence is waning anyway, it can really knock you down.

"It's got to the point where he really has lost his confidence to deal with money or passwords. I deal with his banking, and my sister does all of his online shopping for him. He has an iPad, which he uses to listen to the radio, but anything with an app or a password, he now struggles with. We joke that I'm giving him his pocket money every week."

Mr Price was relatively lucky. His credit card companies refunded him the money and he lost only around £100. But Telegraph Money has reported several times how elderly people who have been scammed have lost tens of thousands of pounds.

Last year, we reported that one reader, Shaun Phillips, had lost £51,000 to fraudsters after he had already been targeted twice and told by his bank, TSB, that he was protected.

Experts have also predicted the Government's database of scam victims - which currently numbers around 300,000 - could reach close to one million by 2019.

Lucy Harmer, a director at Independent Age, a charity that provides information and advice, said the elderly were disproportionately likely to be targeted by scammers. According to the Financial Ombudsman Service, 80pc of phone scam victims are aged over 55, and 65pc of doorstep-scam victims are over 65.

"Older people face multiple risk factors," she said. "They are often home alone, and during the day. They are more likely to pick up the phone and more willing to talk. They may well be more vulnerable the older they get, suffering from dementia and other illnesses."

She added that while statistics existed for the number of people who fell for online scams, many people were too embarrassed to come forward, meaning that the true scale of the issue could be much larger.

Elderly people who fall for one scam often also find themselves put on a "suckers' list". Government estimates suggest that there could be a million people on these lists by 2019. "There are some really sad stories about people who receive more and more contact," Ms Harmer said.

"One of the signs that an older person may be falling victim to scammers is that they receive an unusual amount of post, or they get a lot of phone calls from strangers. If you have been conned once, they pass your details around and you can very easily become a victim again.

"If older people have the information they need," she added, "they can start to spot the things to look out for, and become less likely to fall for the scams."

How can I protect myself from scammers?

Independent Age has launched a Scamwise campaign to help older people stay ahead of the con men. As well as an advice leaflet, the charity has produced an online quiz that allows you to test your knowledge of some of the most common scams.

Ms Harmer said: "For older people who think they may have been scammed, it's important to remember that anyone can be a victim of a crime. It's nothing to be ashamed of. The most important thing is to report it so you can get the support you need, and to help prevent other people being targeted by the same scam.

"It's also good to be aware of the tactics scammers use, and learn how to protect yourself. There are a few simple things you can do, such as hanging up on cold callers, registering with the Mailing Preference Service to reduce the amount of junk mail you get, and never giving out personal information."

(21st September 2017)

(Independent, dated 28th July 2017 author Josie Cox)

Full article [Option 1]:

Thousands of pensioners are at risk of losing their life savings in a rapidly growing financial scam that British authorities are powerless to clamp down on, The Independent can reveal.

Savers are investing their money in fraudulent online trading sites offering the promise of potentially huge payouts with little risk attached.

The majority of the complaints relate to companies that appear to be based overseas and are attracting increasing numbers of users, particularly pensioners, who say their investments are frozen if they try to withdraw their money.

The companies encourage investors to make apparently simple bets on whether shares or currencies will rise or fall in value. Many such "binary options trading platforms" are legitimate, but an increasing number are fraudulent.

Both types currently fall outside the control of financial regulators in the UK, meaning that people have little recourse to get their money back if they feel they've been scammed.

In the year to May 2016, the most recent for which figures are available, the National Fraud Intelligence Bureau (NFIB), which is part of the City of London Police, reported having received 305 reports of binary options scams, or 27 each month.

But one lawyer representing victims told The Independent that the true number is likely to be significantly higher - running into the thousands each year - as victims are frequently too embarrassed to come forward and admit to being conned. He described it as "possibly the biggest financial scam in the world".

Elizabeth Ablett from Derbyshire said that she signed up to a platform caller Binary Uno in December 2016. The 70-year-old's husband had died the previous year and she didn't have a pension big enough to live on.

Ms Ablett said that she initially invested £200 with the company, but that individuals who described themselves to her as "brokers" convinced her to up her stakes, telling her she was trading on the performance of gold and stocks.

By the end of March, she said, she had invested a total equivalent to almost £40,000, nearly her entire life savings. The following month, she said, her online account balance was shown to have slipped to zero. She said that nobody at BinaryUno answered her calls.

"They basically had assured me that the money I invested could not be lost," she told The Independent. She said that they had convinced her to keep paying in by promising to match some of her investments.

Later she said she was contacted by a representative who told her that she would only be paid out if she had trading revenues of at least £1.5m. "Now I realise just how stupid I was," she said. "I have no money at all. I'm skint."

The Australian Securities and Investments Commission and the British Columbia Securities Commission in Canada have both publicly called for caution when dealing with binary options trading platforms. Both specifically name Binary Uno.

Lawyers and personal finance experts speaking to The Independent said the Government was unable to regulate the market because the platforms - even the legitimate ones - were not controlled by the Financial Conduct Authority (FCA) watchdog.

Some binary options trading platforms are regulated by the UK's Gambling Commission, but only if the firm has gambling equipment located in the country.

Pensioner James Hellis, a former self-employed IT worker, said he invested a total of nearly £60,000 in a binary trading platform called Tradorax. Mr Hellis said he was initially approached online by the firm in February 2016. He said that he felt his pension income might be improved by accepting the investment opportunity he said they were offering him.

Like Ms Ablett, Mr Hellis said he was assigned someone who identified themselves as a "broker" to trade on his behalf and made a series of investments over the course of several months.

In December, he said he filed a request with the platform to withdraw his money, the majority of which had stemmed from his pension fund. He claims that request was denied and - like Ms Ablett - he said his account later appeared to have been blocked.

Because Mr Hellis had paid for some of the investments with credit cards, he said he raised a chargeback dispute with his banks, but they have so far been unable to help him.

He said he also reported the matter to the Action Fraud Police - the national reporting centre for fraud and cyber crime which operates alongside the NFIB within the City of London Police - and the Financial Ombudsman Service (FOS), which was set up by Parliament to resolve problems with financial services. The latter, Mr Hellis said, has told him that it is looking into his case.

"If this situation occurred in the front office of an investment bank the perpetrators would be fired," Mr Hellis claimed. "Why is the regulator doing nothing? Why are the banks doing nothing?"

A spokesperson for the FOS confirmed that Tradorax is not regulated by the FCA, which means investors do not have recourse to the ombudsman "if things go wrong".

The Independent received no replies to emails sent to addresses on both Tradorax and Binary Uno's websites or calls made to numbers listed.

Richard Howlett, a partner at London-based law firm Selachii LLP, has dealt with dozens of cases concerning binary options trading fraud, with victims conned out of anywhere from a few hundred pounds to more than £1m.

He said he had been approached by people who have lost money on dozens of different sites and that new ones appear to be springing up daily.

In many cases, clients' only hope for getting their money back is if banks to which victims have made payments are willing to cooperate by freezing accounts out of fear of being accused of facilitating criminal activity, he said.

"Sometimes that puts enough pressure on the platform to pay out at least some of the money owed," he said. "But most of the time there's nothing to be done except raise awareness to prevent more people from being conned."

He said fraud perpetrated by certain binary options trading platforms was "possibly the biggest financial scam in the world".

Many of the individuals who turn to Mr Howlett for help are pensioners, especially tempted to give trading a shot because of changes to regulation introduced in April 2015, which allow for easier access to funds.

Under the new rules, pensioners are no longer required to buy an annuity and are able to take their entire pension as a lump sum. Suddenly having access to so much cash, and with such low returns offered by other investment options, the prospect of trading binary options can be enticing.

"Pension freedoms have to a certain extent opened a can of worms," says Kate Smith, head of pensions at Aegon. She said that some scammers are specifically targeting pensioners.

"They're playing on people's weaknesses."

David Newman, head of pensions at investment firm Close Brothers Asset Management, said that "greed can send people to do silly things" but also admitted that anyone is at risk of falling for a fraudster.

"People need to be educated as early as possible about this sort of thing," he said. "Just putting a leaflet at the back of a financial statement is not enough."

Figures published this month by the FCA show that 53 per cent of pension pots accessed since the new rules were introduced have been withdrawn fully. And the watchdog has recently raised a number of concerns relating to what people are doing with that money.

A full report into the issues around pension freedom is due to be published next year.

In December the FCA published a consultation paper on the risks associated with binary options trading and, under a piece of financial regulation due to be introduced in January, regulated financial betting platforms will come under the FCA's remit, but the watchdog says that its hands are tied when it comes to any unregulated operations.

(21st September 2017)

(Mirror, dated 30th June 2017 author Ruki Sayid)

Full article [Option 1]:

Britain's love affair with online shopping has sent credit card fraud to a record high of £618 million, figures reveal.

The 9% rise year-on-year puts Britain at the top of the European card crime league with crooks cashing in at a rate eight times higher than Germany.

And an internet shopping boom is at the heart of the cyber crime explosion with Card Not Present (CNP) fraud rocketing 103% between 2011-16, according to the National Audit Office (NAO).

Its Online Fraud report out today (Fri) found there were almost two million cyber fraud incidents in the 12 months to September 30 last year with CNP a game changer.

The watchdog said CNP crime cost the nation almost £309 million last year but estimates that figure will more than double to £680 million by 2021.

A study by analytics firm FICO found crooks went on a £1.44 billion credit card spending spree across 19 European nations with Britain the easiest country to pickpocket.

Only France came any where near the UK's losses with gangs putting £438.4 million on stolen card details and Germany was third with £76.8 million.

By comparison countries like Austria, Portugal, the Czech Republic and Hungary barely registered in the card crime league with losses ranging between £1.6-£5 million.

The NAO admitted there was "much work to be done" in the UK to keep the banking industry, police and consumers a step ahead of the criminals.

NAO boss Sir Amyas Morse said: "For too long, as a low value but high volume crime, online fraud has been overlooked by government, law enforcement and industry.

"It is now the most commonly experienced crime in England and Wales and demands an urgent response."

The NAO was critical of both the police for not making fraud a "priority" and said the Home Office was also not doing enough to crack down on gangs.

But Sir Amyas added that the department was "the only body that can oversee the system and lead change" and said the launch of the Joint Fraud Taskforce last year was "a positive step".

FICO senior consultant Martin Warwick added: "The growth in online spending and CNP fraud brings new challenges for banks and retailers, as criminals thwarted by chip & PIN have moved to a less risky channel.

"Hiding amongst the growth in online purchases is great from a criminal point of view, but finding and stopping fraudulent transactions just gets tougher.

"Spotting the 'needle in a haystack' requires new behavioural analytics and artificial intelligence, combined with enhanced information from outside the traditional data contained within a purchase."

According to the NAO, last year fraud overall cost the nation £10 billion with four in ten Brits losing £250 or more to crooks.

Almost 12 million adults were victims of fraudsters in England and Wales with crimes ranging from phishing attacks that sent out spoof emails to glean personal details and lottery scams to ransomware and fake dating sites.

How to protect yourself

Trading Standards recommend looking for a professional website, with a landline contact number, and details of a head office before entering any details online.

Here are Get Safe, Action Fraud and NordVPN's top tips for shopping online:

- Get protected: Before you start shopping online, secure your device with anti-virus software or a firewall. This will help block out pop-ups and hackers.

- Check the URL: Only use secure websites for purchases, never buy anything from a site that does not have 'https' at the start of the URL and also look for the icon of a locked padlock at the bottom of the screen.

- Is the deal too good to be true? Don't be seduced by "bargains" from companies which you don't know, if something appears too good to be true, it probably is.

-Only shop with companies you know and trust: Watch out for fake websites. You can tell by checking the URL of the website, it may have a different spelling or a different domain name that ends in .net or .org.

-Shop from home: Using public WiFi hotspots such as those offered by coffee shops and libraries could leave you vulnerable. If it won't wait until you get home use your own 3G/4G network.

NOTE - This article provides some comprehensive information on the following :

Financial Scams - How to stay safe

- Tips to avoid pension scams
- Fake holiday websites
- HMRC tax rebate text scam
- Card dangers
- student loan scams
- contactless card dangers
- Scams that steal your savings
- rental scams

Scams to watch out for

- Caught speeding scam
- How Groupon hackers work
- EHIC and DVLA scammers
- 4 dangerous WhatsApp scams
- Fake supermarket coupons
- SIM - splitting scams - how they work
- Fake "Wcouncil tax refund" emails
- NHS scams

(21st September 2017)

(Bury Times, dated 27th July 2017 author David Taylor)

Full article [Option 1]:

CYBER criminals have stolen £235,000 from Bury Hospice in a sophisticated and "sickening" fraud.

The online crooks plundered hospice bank accounts following an elaborate hoax involving an online virus check.

Bury Hospice chairman Prof Eileen Fairhurst said: "We are shocked and sickened that fraudsters would target hospices and other charities. It is beneath contempt when you think how this money was raised by hard-working volunteers and kind benefactors - and what it is needed for."

The hospice is now carrying out a full investigation and keeping in close contact with its bank.

Prof Fairhurst said: "Our own protection systems are now subject to extensive review. The police and the Charity Commission have been informed. There will be no immediate impact on the running of Bury Hospice and we will continue to provide an excellent service to those in the Bury community who need us."

Prof Fairhurst said all avenues are now being explored to recover the money and the matter is being investigated by the police national fraud investigation team.

Other charities in the Greater Manchester area have also been targeted in a similar way and some have also suffered financial loss.

And hospices in other parts of the UK have also been victims of online theft.

The news is a further blow to the hospice after a turbulent few years during which some people are believed to have lost confidence in the charity and fundraising became difficult.

In March, the former chief executive of the hospice, Jacqui Comber, won a claim of unfair dismissal and could be in line for a payout of up to £72,000.

However, the hospice in Rochdale Old Road recently celebrated the start of a new era after it was given a 'good' rating by the Care Quality Commission following its latest inspection.

But despite the hope of a fresh start, the fraud comes at a time when Bury Hospice can only afford to keep open six of its 12 available beds.

Fundraiser Ann Birch, former chairman of the Ramsbottom support group for the hospice, said: "I am absolutely horrified.

"We have had it bad enough, this on top is just dreadful. We have all been trying to raise as much money as possible for the hospice. I am sure everybody involved with fundraising will be very shocked. It is hard work raising money these days, because there are a lot of different charities and people don't have that much money.
We were really just getting on top of things, so that is really bad news. It costs so much every day to keep that place going, it is devastating. But hopefully now people will all get together and try to reimburse it, but that is a lot of money to replace."

Sgt Simon Ward, from Bury police, works across the borough raising awareness about and tackling cyber crime.

He said: "The fraudsters don't care who they affect or the impact that their actions might have on people.
It can be very lucrative work for them and it is usually well-organised. It is not the old style criminal who will turn their hand to anything. This kind of cybercrime can be used to fund even more serious crimes such as terrorism, so it is a national threat. Once the money has been taken, it is very difficult to get back."

Sgt Ward and his team will be visiting business, banks and charities in the coming weeks to advise on how best prevent online fraud and cybercrime.

Action Fraud is the UK's national reporting centre for fraud and cyber crime where people should report fraud if they believe they have been scammed, defrauded or experienced cyber crime.

For more information, visit:

(21st September 2017)

JUNE 2017

(Good Housekeeping, dated June 2017) [Option 1]

With cons and rip-offs on the rise, you need to keep your wits about you when you're online. Here's what to look out for :

Fake Holiday booking sites

One common scam involves fraudsters hacking into the accounts of owners on well known accommodation sites, such as Aidbnb, and creating convincing fake entries. You may receive emails from so-called "owner" asking you to send money, but this cash goes into a criminal's bank account.


- Check the web address is legitimate. Make sure it has not been altered, for example, with unexpected numbers or characters.

- Contact the accommodation' owner before and after you book, through the websites messaging feature.

- Never pay money into a personal bank account. Use a secure service - look for the "https" and a closed padlock symbol - or a payment provider, such as PayPal.

- Google the property. Bad reviews - or none at all - are a clue.

Fake Passport renewal sites

When you're applying for a new passport, driving licence or European Health Insurance Card (EHIC), make sure you don't get caught out by a copycat website. These sites may closely resemble the legimate ones, but you will be charged a premium for a public service that's either free, or much cheaper, via the official channel. Misleading sites also crop up when you search to apply for a holiday visa, birth or marriage certificate, book a driving theory test, or file a tax return.


- Go directly to the site - or, for the EHIC card, to

- If you do fall for a copycat site, you may be able to get your money back using Section 75 of the Consumer Credit Act, if you paid with a credit card.

Fake Social Media promotions

Beware of promotions claiming to offer vouchers if you share a particular message on Facebook or via WhatsApp. These scams can seem very convincing, and its easy to get sucked in if you see people you know sharing the message. But the bogus links can lead to phishing or malware sites. Spam you friends with fake promotions and you could end up sreading a virus.


- Tread carefully if a promotion asks you to share a page with friends.

- Watch out for tell tale speling and grammar mistakes.

- Think twice if a well known brand offers freebies to celebrate an anniversary.

- Type the promotion into Google and see what comes up.

And finally

- Trust your instincts - if something sounds too good to be true, it probably is.

- Fallen victim ? Contact Action Fraud at or call 0300 123 2040

(1st September 2017)

(Mirror, dated 28th June 2017 author Emma Munbodh)

Full article [Option 1]:

How safe do you consider your personal details to be on the internet? If the answer is 'very', you might want to think again.

That's because new figures released today by the government's security arm, Action Fraud, have revealed that identify theft is at an all time high in the UK - with record numbers of criminals stealing people's data online for financial gain.

And it's costing the UK £5.4 billion a year. In 2016, 172,919 people reported identity theft to fraud protection agency Cifas, with the figures steadily rising since 2008.

Despite these numbers, a YouGov and Equifax report released today, has found that thousands of Brits are still browsing - and entering sensitive data - on the web without precautionary measures in place - even though they're aware of the potential risks.

According to Cifas, 40% of us don't have antivirus software installed on our devices and 27% use the same password across all accounts, a further 55% admit to using password-free wi-fi in public and entering sensitive data whilst on it.

City of London Police spokesman Dave Clark, said: "The recent survey results have highlighted that we need to do more to protect ourselves from fraudsters.

"There is a common misconception that only old people fall victim to fraud but reports show that every age and demographic is affected."

YouGov found that 31% of people think the over 60's are the most at risk to fraud - this is not necessarily the case.

Lisa Hardstaff, fraud expert at Equifax added: "How people manage and store their passwords for their online accounts is the first line of defence to keeping their personal information safe and secure from fraudsters.

"The fact that just under a third use the same password for multiple accounts and slightly more admitted to writing them down, clearly demonstrates people are being complacent and are of the belief that their personal information won't be at risk," Hardstaff added.

"The reality is that ID fraud is an indiscriminate crime that affects all ages in the UK irrespective of where they live or how much they earn. Everyone is vulnerable - so everyone needs to be vigilant."

How to protect yourself from identity fraud

Action Fraud, Cifas and Equifax have revealed the measures people should be taking to protect their identities from unscrupulous criminals - and it takes just five minutes.

- Set your privacy settings across all the social media channels you use, and think twice before you share details - in particular your full date of birth, your address, contacts details - all this information can be useful to fraudsters.

- Password protect your devices. Keep these complex by picking three random words, such as roverducklemon and add or split them with symbols, numbers and capitals: R0v3rDuckLemon!.

- Install anti-virus software on your laptop and any other personal devices and then keep it up to date. Check MoneySavingExpert have a recommended list of the best free anti-virus software here.

- Take care on public wi-fi - fraudsters hack them or mimic them. If you're using one, avoid accessing sensitive apps such as mobile banking.

- Download updates to your software when your device prompts you - they often add enhanced security features.

What to do if you're a victim

Act fast if you think you have been a victim of identity fraud.

If you receive any mail that seems suspicious or implies you have an account with the sender when you don't, do not ignore it.

Get a copy of your credit report as it is one of the first places you can spot if someone is misusing your personal information - before you suffer financial loss.

Review every entry on your credit report and if you see an account or even a credit search from a company that you do not recognise, notify the credit reference agency. They all offer a free service to victims of fraud.

Individuals or businesses who have fallen victim to identity theft should report to Action Fraud.

(1st September 2017)

(This is money, dated 20th June 2017 author Lily Canter)

Full article [Option 1]:

Fraudsters scammed £18,000 from a high profile criminal psychologist using 'persuasive techniques straight out of a psychology textbook'.

The professor, who has helped police hunt serial rapists, arsonists and murderers, was caught out when conmen phoned his home.

The scammers took him through a series of fake 'security' checks before transferring the money from three separate bank accounts.

Professor David Canter, who is director of the International Research Centre for Investigative Psychology at The University of Huddersfield, is one of Britain's foremost behavioural profilers.

He is best known for developing criminal profiling in the 1990s after he helped police catch Railway Rapist and serial murderer John Duffy.

More recently his research has involved studying fraudulent emails and warning people of the dangers of online scams.

But the 73-year-old was caught out himself when he was embroiled in an elaborate con to empty his bank accounts.

'I was a complete idiot. I am the first to admit it. I should have known better and I should have spotted it,' said Professor Canter.

ronically, the scam began when fraudsters hacked into his BT email account despite the professor using a complex password.

He said: 'A colleague told me a spoof email had been sent from my address saying I was in Turkey and needed money. I immediately changed my password and didn't think anymore of it.'

But a week later the professor realised he wasn't receiving any emails. After lengthy conversations with BT helpdesk he realised his email messages were being automatically forwarded onto another address the fraudsters had set up.

'I stopped the forwarding but then a few days later I got a phone call at home saying my IP address had been compromised.'

Professor Canter received the phone call on his ex-directory number from a 'polite woman with an Indian accent' claiming to be acting on behalf of BT.

'I was immediately very suspicious and asked how they got my number. She said they got it from BT and they had been alerted to a security problem with my computer. In hindsight I think they got the number when they hacked my email in the weeks before.'

The woman took Professor Canter through a series of 'checks' asking him to corroborate unique numbers on his computer, which he wrongly assumed meant the caller was legitimate.

He said: 'She knew all these details about me and my computer and she was very formal. There was a sense of urgency and concern and it makes you feel you have to something about it.'

The woman then passed him onto a man who asked the professor to download some 'protective' software before logging into his bank accounts. The whole operation took several hours and the professor chatted to the fake technician about his BT training and university education in Britain.

'They were very sophisticated in terms of their plausibility,' said Professor Canter. 'We can learn a lot about the techniques of persuasion from these people. They use just the right level of technical terms to make you think you understand when you don't. They probably spent a few weeks building up how they were going to deal with me.'

The convincing back story made the professor believe that they were putting a block on his bank accounts so they could not be accessed. But in reality the scammers were setting up transfers to move thousands of pounds into their own account.

Whilst they were putting this block into the system the screen went completely blank. The man on the phone said 'don't panic', and then he moved onto the next account. I was doing other work at the same time and I think they deliberately targeted me before a bank holiday so it would be difficult for me to contact the banks.'

At the end of the call Professor Canter started to get suspicious and the realisation of what was happening sunk in.

'They said they were at the end of their working day and they would finish in the morning as it was about 5pm. When the call finished I rang an IT expert I use and he told me straight away that it was a scam.'

Professor Canter immediately logged into his online accounts to change the password then contacted Lloyds, Natwest and Santander to alert their fraud departments. This was not as easy as he had expected.

He saw that the hackers had set up transfers of £2,500 from his Lloyds account, £7,500 from his Natwest account and two lots of £3,919 from his Santander account - a total of £17,838.

And he was surprised to find that the banks all had different security systems to deal with fraudulent transfers.

'Lloyds had the best system. If there is an unusual sum of money going to an unusual location they put a temporary block on it. I was able to put a stop to that transfer. The money had transferred out of my Natwest account and although it was difficult to get through to someone they repaid me all of the money the next day.'

Santander eventually repaid Professor Canter £3,919, around six weeks after it was taken by the scammers.

'Their system recognised one of the transfers as fraudulent and automatically stopped it. I don't understand why they did not do that for the other one. Santander said I endorsed the transfer via a message on my phone. I was in such a tizzy I don't know what I did, but I can't find the message on my phone.'

Frustratingly, Professor Canter says he knows the account numbers the money was transferred to and yet he says the banks and police do not appear to be chasing the money.

The police gave the professor a crime number and told him to contact Action Fraud, the national fraud and cyber crime reporting centre.

This was assessed by the National Fraud Intelligence Bureau who contacted the professor to say they would not be able to investigate. They were unable to provide a comment on his case.

'No-one has the resources to follow through on these bank accounts. Santander told me they get a case like mine every three minutes,' said Professor Canter.

The trauma of the crime has left the professor feeling 'violated and vulnerable' and cost him both financially and emotionally.

He said: 'It has made me terribly anxious about having an online account. I have had to change all my bank accounts and buy a new computer as I found that the fraudsters had put about 300 programmes on it. It has made me suspicious of everyone and caused me a lot of stress.'

Action Fraud said that it had received the report in April, which was assessed by the National Fraud Intelligence Bureau at the City of London Police. However it said there were 'insufficient lines of enquiry for an investigation based in the UK'.

It added that with 250,000 crimes reported to Action Fraud every year, not all cases can be passed on for further investigation, but that the disruptions team was able to take down the phone number used by the fraudsters.

(1st September 2017)

(Echo, dated 16th June 2017 author John Lucas)

Full article [Option 1]:

A BANK worker took part in a "sophisticated fraud" which saw scammers steal millions of pounds from rich customers using a string of impersonators, a court heard.

Molly Jones, 24, of Bohemia Chase, Leigh, scoured computer systems at Lloyds Bank for rarely-accessed accounts holding large sums of money before passing the details to the criminal gang.

The gang then ordered new bank cards so imposters could pose as the customers and set up transfers of hundreds of thousands of pounds.

The money was laundered through a series of bogus companies before being moved offshore to prevent it being recovered, it is claimed.

One victim lost more than £750,000 after an unknown man used a fake driving licence in his name to set up two transfers over three days.

The Old Bailey heard Jones was involved in the attempted fraud on the account of Thomas Murphy at time when it had a £3million balance.

She set up a payment of £486,000 - supposedly for a house purchase - after an imposter came into her branch of Lloyds TSB.

Investigations of her mobile phone revealed messages relating to the Murphy account and a description of the man impersonating the customer.

She has admitted conspiracy to defraud but other defendants are standing trial at the Old Bailey.

Benjamin Omoregie, of no fixed address, has also admitted involvement.

Courtney Ayinbode, 29, of Magdalen Court, Enmore Road, South Norwood, denies conspiracy to defraud between 9 November 2012 and 8 August 2013.

Kushveer Raulia, 25, of Gledwood Gardens, Hayes, West London, denies two counts of conspiracy to defraud and one count of converting criminal property.

Parvez Hussain, of Cedar Road, Romford,, denies converting criminal property.

Another bank worker accused of involvement- Tajinder Galsinh- is not involved in proceedings.

Prosecutor Paul Cavin told the Old Bailey: "They were all involved in an agreement to defraud Lloyds TSB of millions of pounds.

"Accounts belonging to people with large balances - in some cases several millions of pounds - were targeted.

"To identify those rich accounts, an insider, an employee of the bank was recruited to help the gang.

"The insider would then assist in breaching the security protocols in order to steal the money.

"The money would be transferred to accomplices who would swiftly transfer the money through a number of bogus businesses before eventually the money would disappear offshore.

"Once it is offshore it can come back onshore and nobody can trace it."

The first victim lost £750,975 in the space of three days after his account was accessed by both Ayinbode and Omoregie at the Balham and Streatham branches of Lloyds TSB in July 2013.

A few days later the customer's address was changed and a new card was issued to the new address, it is claimed.

Then on August 5 a man claiming to be the customer went into the Kings Cross branch to ask to set up a transfer.

The Echo told last year how Jones was involved in another major scam. She admitted being part of a money-laundering ring involving a luxury car firm based at London's Canary Wharf. She was given a two-year suspended sentence. The trial continues.

(1st September 2017)

(Mirror, dated 12th June 2017 author Emma Munbodh)

Full article [Option 1]:

A new wave of suspicious emails claiming to be from online payments platform PayPal are back in circulation, the UK's security body has warned, and they can empty out your bank account in just seconds.

Action Fraud UK - the government's cyber crime agency - has warned of a particularly high number of PayPal phishing emails that are landing in people's inboxes, claiming to be from the electronic payments company.

The emails claim 'unusual activity' has been flagged on their accounts - although this is not the case.

Once clicked on, victims are redirected to a fraudulent version of the PayPal website - one that looks remarkably similar - where they are asked for sensitive data to resolve the alleged 'issue'.

A PayPal spokesperson told Mirror Money: "At PayPal we go to great lengths to protect our customers in the UK, but there are still a few, simple precautions we should all take to avoids scams."

"We do contact our customers by email (e.g. for marketing purposes), however if the email is about an account limitation, then the customer should: open their internet browser, visit and login.

"If we require the customer to take any action, we will communicate that in the secure message centre."

Deputy Head of Action Fraud, Steve Proffitt added: "Fraudsters are increasingly targeting people with very professional looking emails warning that online accounts have been compromised and asking you to click on links to verify your details.

"Action Fraud is now warning people about fake emails that appear to have been sent from PayPal. These emails ask you to log in and review your Paypal account. It is difficult to know if they are fake as they look so professional.

"If you have received one of these fake emails, we are advising people not to follow the links in the email as by logging into your account, you are providing fraudsters with your login details which gives them access to your account.

"Always contact the fraud department of the organisation directly from the contact details you have on your statements or bank card and explain the contents of the email you have received."

What the emails say

This fake PayPal email even made us look twice! Well designed, slick and personalised. The link leads to a fake login page!

In most cases, the emails open with the line: 'We noticed unusual activity in your PayPal account'.

The emails appear incredibly professional - and feature PayPal's trademark font, logo and layout.

In a tweet, Action Fraud said: "This fake PayPal email even made us look twice! Well designed, slick and personalised. The link leads to a fake login page! #Phi shing".

Other customers have reported emails claiming their accounts had been either 'suspended' or 'lifted'. These featured prominent typos which experts warn should not be ignored.

"We've limited your access and the reason is the last login attemp , we've limited your account for security reasons.

"To fix this problem you have to login and update your personal informations by following this link."
(Don't its bogus)

In several more cases, the scammers claimed the victim had "added a new email address to their account". This is a common tactic used by criminals to instill fear or panic, prompting the user to click on the email in haste.

But it doesn't end there.

One email doing the rounds claims you've made a payment - which of course is not the case.

These emails employ similar tricks to those used by banking fraudsters - which alerts users to unidentified transactions.

How to tell if the email is genuine or a hoax

- Check the email address - in most cases fraudulent addresses will contain multiple letters and numbers and will appear unusually long.

- Be aware of any emails and pop-up windows asking you to click on a link or provide personal information directly in response.

- A genuine email will only ever address you by your full name at the beginning - anything that starts 'Dear customer' should immediately raise your suspicions.

- Do not reply or open any attachments that arrive with the email.

- If you suspect something is wrong, get in touch with the firm directly to verify it.

What PayPal say you should do

"Phishing" is an illegal attempt to "fish" for your private and/or sensitive data. In most cases the criminals will claim to be from a well-known company such as PayPal.

If you believe you've received a phishing email, follow these steps:

1. Be aware of any emails or text messages that ask you to provide personal information directly in response.

2. Look out for spelling mistakes, which are a common tell-tale sign of a fraudulent message.

3. A genuine PayPal email will only ever address you by your full name at the beginning - anything that starts 'Dear customer' should immediately raise your suspicions.

4. Scammers often use a false sense of urgency to prompt you to act on a phishing email such as hyperlinks asking you to login to your account. If you want to check that PayPal has tried to reach you, go to and log into your account normally. You will have a secure message waiting if PayPal does need you to take any action.

5. If you have any concerns regarding an email you have received, you should send it to .

Action Fraud tips if you've received a suspicious email

- Do not click on any links in the scam email.

- Do not reply to the email or contact the senders in any way.

- If you have clicked on a link in the email, do not supply any information on the website that may open.

- Do not open any attachments that arrive with the email.

- If you've been a victim of fraud, report it to Action Fraud .

(1st September 2017)

(BBC News, dated 31st May 2017)

Full article :

Cold-calling fraudsters use an urgent tempo of conversation or apologetic language to convince victims they are genuine, research has suggested.

The con-artists often adopt the persona of someone in authority such as a police officer or a fraud detection manager, transcripts have shown.

The Take Five campaign, which raises awareness of scams, asked a speech pattern analyst to study calls.

Dr Paul Breen said fraudsters use a variety of techniques to garner trust.

"The process used by fraudsters is carefully scripted from beginning to end - knowing the language fraudsters will use to mimic patterns of trust can help people to avoid becoming a victim," he said.

He found that while many people are more likely to trust a stranger over the phone if they sound like a "nice person", a caller acknowledging someone's concerns and sounding apologetic can be the hallmark of a scam.

Analysis suggested that fraudsters use snippets of information about their victims, remain patient and acknowledge concerns about security to gain the trust of the person being called.

Cases of identity fraud have been rising, with young people a growing target, often after people give up personal information to someone pretending to be from their bank, the police or a retailer.
Related Topics

(1st September 2017)

(Daily Mail / This is money, dated 13th June 2017 author Rob Hull)

Full article [Option 1]:

Drivers are being warned of a new scam email feigning to be from the Driver & Vehicle Licensing Agency telling them they are due a refund on their car tax.

The email, which 'brazenly' includes an address for reporting scam emails, has a link to a 'secure web form' that's designed to collect personal information from unwitting recipients.

The correspondence targeting motorists says: 'We would like to notify you that you have an outstanding vehicle tax refund of £239.35 from an overpayment, request a refund.'

It goes on to urge recipients to complete the web form and promises that funds will be paid into their account within four to six days.

BBC Watchdog tweeted the phishing email to warn motorists to ignore and delete it immediately.

The email looks legitimate and includes the DVLA's existing logo and fonts - something that could dupe many motorists into sharing their personal data.

And as one final brash move, the scammers have included a link to the email address phishing@dvla.gsi, for people to report possible fraudulent emails to the DLVA.

When would I receive a refund from the DVLA?

Criminals behind the email seemingly timed it to take advantage of changes to Vehicle Excise Duty rates from April 1 and ongoing confusion surrounding the switch to online car tax after paper discs were scrapped in 2014.

Under the current system, when an owner sells a vehicle they must cancel the outstanding tax and they are then refunded the remaining full months.

The only other scenarios where you'll receive a tax refund from the DVLA will be if the car has been declared SORN (Statutory Off Road Notification), written off by your insurer, scrapped at a vehicle scrapyard, stolen, exported out of the UK, or registered as exempt from vehicle tax.

If you currently still have your car and none of the above scenarios are true, there is no reason why the DVLA would offer a refund.

In fact, the DVLA said it will never send links to third party sites or ask for confirmation of personal details or payment information - red flags that should stall confused drivers before they they fall for the scam and submit their own data.

It's not the first time scammers have targeted motorists by impersonating the DVLA.

Last year, This is Money revealed an example of an email that was sent to drivers asking them to confirm their direct debit details.

The DVLA warned motorists that it would never contact them about direct debits and said not to open the PDF attached to the scam as it contained malware.

Over the last two years, fraudsters have also pretended to be the DVLA by contacting drivers via text.

Tony Neate, CEO of Get Safe Online, said the switch has made it easier to manage your car tax but has also made it easier for scammers to defraud people by sending them 'sophisticated hoax emails'.

'As phishing emails become ever more sophisticated and elaborate, it is important to be vigilant about sharing any of your personal information online,' he told This is Money.

'Like many official bodies, the DVLA's policy is to never send links to third party sites or ask for confirmation of personal or payment details - so if you do receive emails asking for this sort of information, stay one step ahead and report them immediately.

'If you're ever not sure, be your own detective and contact them by other means - perhaps phoning the number you would use normally.

'In addition, you should never use free public Wi-Fi to fill out online forms, however convenient, as you can't guarantee it will be secure.

'And always look out for 'https' at the beginning of the address as well as the 'padlock symbol' in the browser frame as it shows the website you are using is secure.'

(1st September 2017)

(Love Money / BT News, dated 16th June 2017)

Full article [Option 1]:

New research from Which? has revealed the top danger zones around the country for dating fraud, computer repair scams, investments cons and other types of fraudulent schemes.

The study draws on data from Action Fraud - the main body to report cases of fraud in the UK - on scams reported during 2014, 2015 and 2016, broken down by police area and type.

Which? has used the information to reveal where certain types of fraud appear to be more common in England and Wales and is urging the Government to tackle the growing problem.


Norfolk residents were the most likely to report incidents of dating fraud, where victims are duped into sending money to bogus lovers.

This impacted 1.6 people for every 10,000 people in the country, compared with the national average of 1.1.

The county was also a prime location for reported lottery scams, where victims are tricked into paying to enter a fake lottery, with 2.2 people per 10,000 reporting compared with one nationally.


Those living in Dyfed-Powys, Wales, commonly reported losing money to computer repair fraud, which involves a cold caller getting in touch to help fix a non-existent computer glitch.

Which? noted that this type of fraud tended to be reported in areas with an older population. In Dyfed-Powys 19.3 people per 10,000 were hit compared to the national average of 10.4.

The area was also a hotspot for fake services fraud, where victims are tricked into paying for a service that doesn't exist or aren't delivered. This impacted 13.4 people per 10,000 in contrast to the national average of 9.5.


London was also revealed to be a common are for scammers to target with a myriad of frauds, probably thanks to the large amounts of wealth and people concentrated in the area.

Which? found those living and working in the capital were most at risk of falling victim to a range of scams including: being charged fees for fake loans (4 per 10,000 people), social media or email hacking (3.7per 10,000), scam door-to-door sales (4.3 per 10,000), rental scams (3.4 per 10,000) fraud involving false or stolen goods (8.55 per 10,000), payment redirect fraud (3.9 per 10,000) and ticket fraud (4.7 per 10,000).

Other fraud hotspots

The data revealed that Dorset residents were particularly prone to being targeted by computer virus, malware and spyware fraud, with 3.8 cases per 10,000 people, compared to the national average of 2.3.

Households in affluent Surrey most commonly reported financial investment fraud, with 2.1 people per 10,000 compared to 1.3 nationally.

While those living in Warwickshire typically reported the most cases of retail fraud with 15.67 reports per 10,000 people in contrast to the 3.4 national average.
The scale of the fraud problem

In total Which? Found there were 266,964 frauds reported between 2014 and 2016. Below are the types, what they involve and the scale of the problem.

TYPE OF FRAUD (Source: Which?)

The reported cases were to Action Fraud (2014-2016)

Online shopping and auction fraud - Number reported : 123,298

What it involves : A product advertised online doesn't exist, arrive, or match its original description. It also includes where sellers aren't paid for goods sold online.

Computer fixing fraud - Number reported : 80,264

What it involves: Someone is told that there's a problem with their computer which can be fixed for a fee. No fix actually happens.

Fees for fake services - Number reported : 66,035

What it involves: Victims pay an upfront fee for a service that doesn't exist. For example, cold callers falsely offer to make PPI claim for money, or employers demanding money for employment checks for jobs that don't exist.

Cheque, plastic card and online bank account fraud
- Number reported : 54,696

What it involves: Someone's cheque, card or online bank account is fraudulently used. It doesn't include companies that deal with electronic money transfers.

Fake or stolen products fraud - Number reported : 41,108

What it involves: Victims make a purchase after being shown, or test a product. However, that product is later found to be false or stolen - also known as 'Other consumer non-investment fraud'.

Retail fraud - Number reported : 30,944

What it involves: Fraud committed against retailers, such as when goods are ordered with no intention of paying, or when a fraudster tries to get a refund from stolen goods.

Fake loan fraud - Number reported : 19,531

What it involves: A victim is offered a 'loan' in exchange for a fee. The loan never materialises.

Payment redirect fraud - Number reported : 16,467

What it involves: Fraudsters get a victim to change a direct debit, standing order or bank transfer by pretending to be an organisation that the victim regularly pays. This could be a phone or energy company, for example.

Hacking cases - social media and email - Number reported : 16,249

What it involves: Someone's social media or email account is hacked. This is unlikely to result in money loss directly.

Door-to-door sales and bogus tradesmen - Number reported : 15,907

What it involves: Fraudsters go door-to-door offering goods or services that are never delivered, or are of poor quality.

Computer virus/malware/spyware - Number reported : 15,561

What it involves: Scammers trick you into spreading a virus or allowing malware to be installed on a device. A virus is a computer program that can replicate itself and spread from one computer to another. Malware/spyware collect information or data from infected devices and passes them on to another device.

Fake ticket fraud
- Number reported : 14,949

What it involves: A victim purchases a ticket in advance only to find that it's never received, or isn't valid for the event.

Other financial investment fraud - Number reported : 9,521

What it involves: This covers a range of scams designed to convince people to part with their savings.

Dating scams - Number reported : 8,311

What it involves: The victim is persuaded to send money to a prospective 'lover'.

Lottery scams - Number reported :6,933

What it involves: The victim pays to enter a non-existent 'lottery'.

What about Scotland and Northern Ireland?

The research found that Scotland and Northern Ireland had much lower reports of fraud compared to the rest of the UK over this three-year period.

Which? says this is likely because the Scottish police aren't officially part of Action Fraud reporting network while Northern Ireland joined in June 2015.
Getting tough on fraud

Which? is urging the Government to set out plans to tackle fraud and scams.

It suggests improving how businesses handle customer data, the response to a data breach and to ensure people get the right redress.

The watchdog is also calling for the Payment Systems Regulator (PSR) to implement stronger rules to protect consumers from bank transfer scams.

Gareth Shaw, Which? money expert, said:"As more information is available about us online than ever before, fraudsters are finding it much easier to know who to target and how.

"These criminals are constantly finding new ways to rip us off and those tackling fraud should be upping their game. The Government needs to set out an ambitious agenda to tackle fraud, while law enforcement agencies need to be working harder to identify and protect the people most at risk from fraud."

If you think you may have fallen victim to a scam you should report it to Action Fraud.

uaware Further information

Original Which ? article :

(1st September 2017)

(Action Fraud, dated 12th June 2017)

Fraudsters have been advertising vehicles and machinery for sale on various selling platforms online. The victims, after communicating via email with the fraudster, will receive a bogus email which purports to be from an established escrow provider (a third party who will keep the payment until the buying and selling parties are both happy with the deal).

These emails are designed to persuade victims to pay upfront, via bank transfer, before visiting the seller to collect the goods. The emails also claim that the buyer (victim) has a cooling off period to reclaim the payment if they change their mind. This gives victims the false sense of security that their money is being looked after by this trustworthy third party, when in fact it is not and the money has gone straight to the fraudster.

Protect yourself:

- When making a large purchase such as a new car or machinery, always meet the seller face to face first and ask to see the goods before transferring any money.

- If you receive a suspicious email asking for payment, check for spelling, grammar, or any other errors, and check who sent the email. If in doubt, check feedback online by searching the associated phone numbers or email addresses of the seller.

- Contact the third party the fraudsters are purporting to be using to make the transaction. They should be able to confirm whether the email you have received is legitimate or not.

- False adverts often offer vehicles or machinery for sale well below market value to entice potential victims; always be cautious. If it looks too good to be true then it probably is.

If you have been affected by this, or any other type of fraud, report it to Action Fraud by visiting, or by calling 0300 123 2040.

(1st September 2017)

(Essex Community Messaging, dated 1st June 2017)

We have recently had a couple of incidents in different areas of Essex where Bogus Callers have made out they were from the local council and had come to investigate and remove rats nests in the loft. These bogus callers have then proceeded to take a deposit of cash (or in at least one case with a card reader) and said they would return to remove the nest and then disappeared.

If you do get a visitor along these lines, they are likely to be fraudulent. Please ring your local council direct to confirm that any caller is bonafide. Fraudsters can produce fake ID badges.

If an unknown trader knocks on your door at any time , don't open it unless you use a door chain . Preferably, open a small window either upstairs or downstairs and speak through the window.

To verify someone's identity please ring the organisation they claim to be from. Use a number from a bill or telephone directory that you have looked up yourself - never use a telephone number provided by the caller. A bona fide caller will wait outside whilst you verify their validity - a bogus caller is also likely to disappear as soon as they know you are telephoning to check identity.

Please do not let anyone into your home if you are not expecting them. REMEMBER - Your door - Your House - Your choice. Not sure? Don't Open the Door

Display a 'No Cold Calling' sticker on your front door. These are available from Trading Standards free of charge. Call them on 03454 040506.

If you do need work undertaken on your property, Trading Standards operate a 'Buy With Confidence' scheme, which enables residents to identify approved local traders who have readily demonstrated a commitment to high working standards, high levels of customer care and a fair trading policy.

The 'Buy with Confidence' scheme is available via the internet or by telephone 03454 040506.


(1st September 2017)

(Action Fraud, dated 6th June)

With the upcoming "Wedding Season", and for those individuals who are considering making plans for next year and beyond, you should be aware of the potential risks of fraud involved.

According to '', in 2017 the average wedding cost spend is approximately £30,111. This will be paid out to multiple vendors, including; photographers, caterers, reception venues and travel companies, to name a few. Many of these services will require booking at least several months in advance and you may be obliged to pay a deposit or even the full balance at the time.

Being aware of the potential risks and following the below prevention advice could minimise the likelihood of fraud:

Paying by Credit Card will provide you with protection under Section 75 of the Consumer Credit Act, for purchases above £100 and below £30,000. This means that even if a Company goes into liquidation before your big day, you could claim a refund through your Credit Card Company.

Social Media - Some Companies run their businesses entirely via social media sites, offering low cost services. Whilst many are genuine, some may not be insured or may even be fraudulent. There are a few things you can do to protect yourself;

- Ensure you obtain a physical address and contact details for the vendor and verify this information. Should you experience any problems, you will then be able to make a complaint to Trading Standards or consider pursuing via the Small Claims Court.

- Ensure you obtain a contract before paying money for services. Make certain you fully read and understand what you are signing and note the terms of cancellation.

Consider purchasing Wedding Insurance - Policies vary in cover and can be purchased up to two years in advance. They can protect you from events that would not be covered under the Consumer Credit Act.

Complete research on each vendor, ensuring you are dealing with a bona fide person or company. Explore the internet for reviews and ratings and ask the vendor to provide details of past clients you can speak to. You should do this even if using companies recommended by a trustworthy friend or source.

For services such as wedding photographers, beware of websites using fake images. Look for inconsistencies in style; Meet the photographer in person and ask to view sample albums. If you like an image from a wedding, ask to view the photographs taken of the whole event so you can see the overall quality.

Remember, if something appears too good to be true, it probably is!

(1st September 2017)

(BT / Love Money, dated 5th June 2017)

Full article [Option 1]:

New research from Financial Fraud Action (FFA) shows how scammers manipulate our instinctive human willingness to accept someone at their word in order to con us.

Dr Paul Breen. a speech pattern analyst, has found that fraudsters use specific techniques to gain our trust when they call before they try and get us to hand over valuable financial or personal information.

"The process used by fraudsters is carefully scripted from beginning to end - knowing the language fraudsters will use to mimic patterns of trust can help people to avoid becoming a victim," says Dr Breen, senior lecturer at the Westminster Professional Language Centre.

Six common scam call tricks

Dr Breen analysed recordings and transcripts of real-life scam phone calls and discovered six key tricks fraudsters use to gain your trust.

1. Seem to know you - the con artist will use snippets of information about you that they've gathered from different sources to sound like they are familiar with you and know what they are talking about.

2. Use apologetic language - they will attempt to create a false balance of power by apologising for taking up your time so that you feel sympathy for them.

3. Layers of authenticity - they will remain patient as they seemingly build up authenticity until they have convinced you they are legitimate.

4. Impersonate an authority figure - criminals will pretend to be someone in authority such as a police officer or fraud detection manager.

5. Welcome scepticism - if you are dubious they will turn that to their advantage by welcoming it and acknowledging your concerns about being security conscious.

6. Switch tempo - con artists will increase or decrease the pressure by creating a false sense of urgency or using understanding language.

Would you fall for them?

Reading through those tricks you may think you wouldn't fall for them, but a survey by FFA UK's Take Five campaign suggests otherwise.

It looked at the factors that make us more likely to trust a stranger over the phone and asked people to rank trust factors. The top three results were all tricks used by criminals.

The most common factor that makes us trust someone over the phone is 'sounding like a nice person' followed by 'sounding like they know what they're talking about', and almost a third listed 'offering to help with a problem'.

Most of the people surveyed said they were cautious of trusting strangers without meeting them, and a third of people said they never trust anyone on the phone. But fraudsters are prepared for our scepticism.

Dr Breen found that scammers used the 'patterns of trust' outlined above to build up an appearance that they were legitimate and get around our mistrust by mimicking the kinds of people we tend to believe.

"Tackling financial fraud is a priority for every bank and each one continuously invests in advanced security systems to protect their customers," says Katy Worobec, director of FFA UK. "However, as this research confirms, fraudsters use sophisticated methods in an attempt to circumvent these when targeting victims.

"While the payments industry stops six in every £10 of attempted fraud, it cannot solve the problem alone. Criminals try to take advantage of our instinctive willingness to accept someone at their word."

You can protect yourself from financial fraud by taking a moment to step back and think whether a phone call really seems genuine.

"We are asking everyone to take five - to take that moment - to pause and think before they respond to any financial requests and share any personal or financial details."

(1st September 2017)

MAY 2017

(The Guardian, dated 27th May 2017 author Rupert Jones)

Full article [Option 1]:

Retirees have been persuaded to switch all their cash into schemes involving self-storage facilities and there are fears they may have lost huge sums

Fears are growing that large numbers of people may have lost huge sums of money after investing their retirement pots in - of all things - self-storage units. The Serious Fraud Office this week launched an investigation into storage unit investment schemes, and revealed that more than £120m has been poured into them. But could that just be the tip of the iceberg?

One man was persuaded to transfer almost £370,000 out of his workplace pension and put it all into one such scheme supposedly offering an 8%-12% return. The Pensions Ombudsman, which looked at his case, said the "blameless" man had switched out of the "secure and generous" NHS pension scheme and may have lost all his money as a result. Others were lured in with claims that they could more than double their money in just six years.

Many of us have used a self-storage facility at some point - perhaps to temporarily stash our belongings when moving home. But what most people probably don't realise is that these units (also known as storage pods) have been touted as a wonder investment with double-digit returns. Many people appear to have lost some, or all, of their retirement savings after falling for the spiel of firms flogging dodgy schemes.

The SFO says it is probing several, including Capita Oak Pension and Henley Retirement Benefit, plus some schemes that invested in other products. It adds that more than 1,000 individual investors are thought to be affected by the alleged fraud, though it presumably thinks the number could be higher as it is asking people who have paid into these schemes between 2011 and 2017 to complete a questionnaire available on its website.

One brochure, issued by a property investment company, boasted of a 14% average annual yield

Kate Smith, head of pensions at insurer Aegon, says the SFO probe "is a timely reminder that unregulated unusual investments at home or abroad come with a high risk that people could lose all their hard-earned pension and other savings". She adds that it is possible that thousands more people may find they have lost money, too.

"Pension liberation" scams - where people are persuaded to transfer or cash in their pension pots and put the money into often exotic-sounding investments - have been around for years, but there has been a surge in activity since April 2015 when the government introduced reforms giving over-55s more freedom in terms of what they can do with their retirement cash.

Storage units on UK industrial estates might not have the exotic allure of hotel rooms in the Caribbean and palm oil plantations in Asia, but perhaps that was their selling point. Marketing tended to highlight how this was a profitable and growing industry.

One glossy brochure seen by Guardian Money offered the chance to buy individual units from £3,750-£30,000 said to be located in the north-west of England. The investor would buy the unit on a long-term lease from Store First Limited, and then sublet it to a management company which would subsequently rent it out.

The brochure, issued by a property investment company, boasted of a "14% average annual yield" and claimed that when capital growth and income were combined, the "forecast net return" over six years for someone investing £11,250 would be £12,180, "or over 108%" - equating to a total return of £23,430.

In December 2014, the Pensions Ombudsman published its decision in the case of "Mr X" who was persuaded to transfer his entire future pension - £367,601 - from the NHS Scotland scheme into Capita Oak. The ruling stated that Mr X was told his money would be invested in "Storefirst Limited" (sic), "a large self-storage firm in the north of England". It was offering a 8%-12% return "and therefore it seemed a good investment". He later discovered that he couldn't get his money out.

The ombudsman said Mr X may well have been "duped" out of his entire pension, and it is not known whether he ever recovered any of his money.

In April 2015 the ombudsman published two decisions relating to a man called Joseph Winning, who transferred £52,401 in pension cash from Scottish Widows and Legal & General to Capita Oak. Winning's money had apparently been invested in Store First storage pods, the rulings said.

Things don't look good for Mr X or Winning (and doubtless others) because the two companies that acted as trustees to Capita Oak and Henley Retirement were wound up by the high court in July 2015. This was after an official investigation found that they were involved in a venture where people were cold called and persuaded to transfer their pensions "on the basis of misrepresentations made" concerning returns. The investigation found that the only investments offered to the public were storage pods marketed for sale by Store First, which paid commissions of up to 46% to another company which was part of the overall scheme.

It's all been quite frustrating for the Self Storage Association UK, which describes itself as the main trade body for the industry. Its boss Rennie Schafer says investment companies have been aggressively marketing these unregulated schemes to small investors "who are less informed of their perils," adding: "The idea of breaking it up into little pieces and selling it off is not how self-storage works."

Store First, based near Burnley, told us: "The SFO investigation is not against Store First or its product of storage pods, but against the schemes named … Store First is in no way connected with the running of any pension scheme being investigated by the SFO or, indeed, any scheme. In addition, Store First does not carry out any direct sales activity, and all sales are made by third party intermediaries."

The company added it had "no connection whatsoever" with any financial advice these schemes receive or give, or to their ongoing administration.

(Action Fraud, dated 26th May 2017)

Smishing - the term used for SMS phishing - is an activity which enables criminals to steal victims' money or identity, or both, as a result of a response to a text message. Smishing uses your mobile phone (either a smartphone or traditional non-internet connected handset) to manipulate innocent people into taking various actions which can lead to being defrauded.

The National Fraud Intelligence Bureau has received information that fraudsters are targeting victims via text message, purporting to be from their credit card provider, stating a transaction has been approved on their credit card.

The text message further states to confirm if the transaction is genuine by replying 'Y' for Yes or 'N' for No.

Through this method the fraudster would receive confirmation of the victim's active telephone number and would be able to engage further by asking for the victim's credit card details, CVV number (the three digits on the back of your bank card) and/or other personal information.

Protect yourself:

- Always check the validity of the text message by contacting your credit card provider through the number provided at the back of the card or on the credit card/bank statement.

- Beware of cold calls purporting to be from banks and/or credit card providers.

- If the phone call from the bank seems suspicious, hang up the phone and wait for 10 minutes before calling the bank back. Again, refer to the number at the back of the card or on the bank statement in order to contact your bank.

If you have been a victim of fraud or cyber crime, please report it to Action Fraud at or alternatively by calling 0300 123 2040

(1st June 2017)

(Action Fraud, dated 15th May 2017)

Following the ransomware cyber attack on Friday 12 May which affected the NHS and is believed to have affected other organisations globally, the City of London Police's National Fraud Intelligence Bureau has issued an alert urging both individuals and businesses to follow protection advice immediately and in the coming days.

Ransomware is a form of malicious software (Malware) that enables cyber criminals to remotely lock down files on your computer or mobile device. Criminals will use ransomware to extort money from you (a ransom), before they restore access to your files. There are many ways that ransomware can infect your device, whether it be a link to a malicious website in an unsolicited email, or through a security vulnerability in a piece of software you use.

Key Protect messages for businesses to protect themselves from ransomware:

- Install system and application updates on all devices as soon as they become available.

- Install anti-virus software on all devices and keep it updated.

- Create regular backups of your important files to a device that isn't left connected to your network as any malware infection could spread to that too.

The National Cyber Security Centre's technical guidance includes specific software patches to use that will prevent uninfected computers on your network from becoming infected with the "WannaCry" Ransomware:

For additional in-depth technical guidance on how to protect your organisation from ransomware, details can be found here:

Key Protect advice for individuals:

- Install system and application updates on all devices as soon as they become available.

- Install anti-virus software on all devices and keep it updated.

- Create regular backups of your important files to a device (such as an external hard drive or memory stick) that isn't left connected to your computer as any malware infection could spread to that too.

- Only install apps from official app stores, such as Google's Play Store, or Apple's App Store as they offer better levels of protection than some 3rd party stores. Jailbreaking, rooting, or disabling any of the default security features of your device will make it more susceptible to malware infections.


Fraudsters may exploit this high profile incident and use it as part of phishing/smishing campaigns. We urge people to be cautious if they receive any unsolicited communications from the NHS. The protect advice for that is the following:

- An email address can be spoofed. Don't open attachments or click on the links within any unsolicited emails you receive, and never respond to emails that ask for your personal or financial details.

- The sender's name and number in a text message can be spoofed, so even if the message appears to be from an organisation you know of, you should still exercise caution, particularly if the texts are asking you to click on a link or call a number.

Don't disclose your personal or financial details during a cold call, and remember that the police and banks will never ring you and ask you to verify your PIN, withdraw your cash, or transfer your money to another "safe" account.

If you have been a victim of fraud or cyber crime, please report it to Action Fraud at

(1st June 2017)

(Action Fraud via Essex Community Messaging, dated 23rd May 2017)

Action Fraud has received the first reports of Tech-Support scammers claiming to be from Microsoft who are taking advantage of the global Wanna Cry ransomware attack.

One victim fell for the scam after calling a 'help' number advertised on a pop up window. The window which wouldn't close said the victim had been affected by WannaCry Ransomware.

The victim granted the fraudsters remote access to their PC after being convinced there wasn't sufficient anti-virus protection. The fraudsters then installed Windows Malicious Software Removal Tool,which is actually free, and took £320 as payment.

It is important to remember that Microsoft's error and warning messages on your PC will never include a phone number. Additionally Microsoft will never proactively reach out to you to provide unsolicited PC or technical support.

Any communication they have with you must be initiated by you.


How to protect yourself:

- Don't call numbers from pop-up messages.
- Never allow remote access to your computer.
- Always be wary of unsolicited calls. If you're unsure of a caller's identity, hang up.
- Never divulge passwords or pin numbers.
- Microsoft or someone on their behalf will never call you.

If you believe you have already been a victim

- Get your computer checked for any additional programmes or software that may have been installed.

-Contact your bank to stop any further payments being taken

If you have been a victim of fraud or cyber crime, please report it to Action Fraud at

(1st June 2017)

(BT News, dated 14th May 2017)

Full article [Option 1]:

Criminal gangs are using empty homes to take out loans and mortgages, the National Fraud Intelligence Bureau (NFIB) is warning.

Evidence has been unconvered to suggest criminals are choosing empty homes by scouring obituaries and the Land Registry.

Once an empty property is identified, the scammers organise fake documentation in order to apply for finance linked to the address.

The fraudsters will register on the electoral roll and with utility providers in order to build up the required proof to pass through all the legal hurdles.

This criminal group works until it has met all the criteria needed to get funds released, while the homeowner is none the wiser and left saddled with the debt against the property.

Are you at risk?

The NFIB says the main homeowners at risk include:

- Owners that are absent from their property
- Buy-to-let landlords who may have empty properties
- Owners that are living abroad with an empty property in the UK
- Elderly people that don't live in their properties for reasons such as long term hospital or residential care

How to protect yourself

There are certain things you can do to protect yourself from this sort of devious fraud.

Make sure your property is registered with the Land Registry. Doing this will mean you will be compensated for financial loss if you do fall victim to mortgage fraud.

It's also important to keep your contact information up to date once registered so you can be easily contacted if something suspicious is spotted.

It's also a good idea to sign up for Land Registry's free Property Alert service. If someone tries to take out a mortgage on a home you own you'll receive an alert.

You can then judge whether the activity is suspicious and seek further advice.

You should also check your credit report regularly as this logs credit searches linked to addresses in your name, so you can spot suspicious loans linked to your home.

Registering Property :

Property Alert :

Where to get help

If you're concerned that your home is being used to fraudulently leverage finance call the Land Registry on its Property Fraud Line on 0300 006 7030.

The line is open from 8.30am to 5pm Monday to Friday and you can talk to specially trained staff who can provide practical guidance about what to do next.

(1st June 2017)

(Action Fraud, dated 4th May 2017)

There has been a series of recent incidents reported to Action Fraud where a lone fraudster has approached victims whom they believe to be unfamiliar with the local area. They make an excuse to talk to the victims such as enquiring about directions or offering a recommendation for a good hotel.

After this interaction, several other fraudsters will intervene purporting to be police officers in plain clothes and will sometimes present false identification as proof. The fake officers will then give a reason to examine the victims' wallet, purse or personal items. They may also examine the first fraudster's items or try to tell victims that the first fraudster is suspicious in order to gain victim trust and appear more realistic in their guise.

After all the fake police 'checks' are finished, victims have then reported being handed back their personal items only to later realise that a quantity of money or valuables were missing.

How to protect yourself:

- If an individual claims to be a police officer ask for their name and rank, force, and examine any identification presented; this is always good practice but especially important if they are not wearing a uniform.

- The Police will never ask for your passwords or PIN details. Do not give this information to anyone.

- The Police will never request that you withdraw/transfer any money to them or to a 'safe' account.

If you have been affected by this, or any other fraud, report it to Action Fraud by visiting

(1st June 2017)

(BT News, dated 9th May 2017)

Full article [Option 1]:

A new scam using the lure of a £75 anniversary voucher for Sainsbury's or Morrisons is doing the rounds. It's the latest fraud involving supermarket vouchers designed to rip you off.

There are several fake supermarket vouchers scams being operated by fraudsters, purporting to be from the of the UK's biggest chains.

These fake vouchers have been frequently appearing on Facebook, Twitter as well as messenger services like WhatsApp, text and email.

Here's what to watch out for and how to stay safe.

Sainsbury's and Morrisons £75 anniversary voucher scam

Facebook posts have been cropping up claiming to offer a free £75 voucher for either Sainsbury's or Morrisons as part of their anniversary celebrations.

The text used can vary, but the offer is generally along the lines of: "Get a FREE £75 Morrisons Coupon to celebrate 117th Anniversary!". We've seen some with different anniversary years mentioned.

The Sainsbury's versions read much the same.

In order to claim your 'free' voucher, you are redirected to an external site where you are asked to share your details. However, there is no prize and your details will be used to inundate you with spam messages.

Avoid this scam, and definitely don't share it with your friends on Facebook.

Sainsbury's £250 WhatsApp voucher scam

Sainsbury's shoppers are also being targeted with a £250 voucher scam.

Customers are being asked to do a survey through WhatsApp in exchange for £250. They're then asked to send the survey on to 10 other users.

Sainsbury's £100 voucher scam

Be wary of a similar Sainsbury's scam that's being widely shared on Facebook.

Customers have taken to Sainsbury's official Facebook page to ask whether messages they've received claiming to offer a £100 Sainsbury's gift card are genuine.

We asked Sainsbury's about the issue and it confirmed that it is aware of the £100 gift card voucher offer being circulated and confirmed that these were not genuine.

A spokesperson for the supermarket told loveMONEY it's advising anyone that receives a message offering the £100 gift card to delete it and not click on any of the links.

Tesco voucher scam

Scammers targeting Tesco shoppers are using a slightly different approach.

At the moment there is a scam email promising £500 worth of Tesco vouchers after answering a survey on their phone.

However, those that complete the questionnaire are finding they've been signed up to a premium rate text service, which charges them to be entered into a monthly draw.

Aldi fake £65 coupon scam

Scammers are trying to trick Aldi shoppers into handing over their details in return for a "free £65 coupon" that can be redeemed in-store.

The victims are asked to click on a link, which takes them to a website where they're asked to enter personal information before they can print off the voucher.

The offer is of course fake and the fraudsters will then use the information to commit ID fraud.

Victims are also asked to share the voucher on social media, thus keeping the scam going. We've seen a number of the fake vouchers on both Twitter and Facebook.

Aldi has taken to Twitter to say it is aware of the hoax voucher and is investigating the matter.

It also stressed it would never ask you to share your personal details via a website in order to redeem a voucher.

If someone sends you a Facebook message or email suggesting you could get an Aldi voucher, treat it with caution and don't automatically click on the link.

If the offer is too good to be true it probably is. Also, check for spelling mistakes and use your common sense about the details it is asking you to share.

How to get genuine supermarket discounts and vouchers

Not all supermarket promotions are a scam.

You can use cashback websites like Quidco and TopCashback as well as websites like Vouchercloud and, which list genuine voucher codes and discounts.

You should also keep an eye on official Facebook and Twitter feeds for genuine offers from the supermarkets and other retailers.

How to keep safe

The company really doesn't matter. Whatever the name, and whether the too good to be true 'promotion' is on Facebook, WhatsApp or via email, the whole thing is a swindle.

They have nothing to do with the stores and, of course, there are no vouchers.

Ther best thing to do is delete the message and not click on any of the links.

(1st June 2017)

(The Sun, dated 12th May 2017 author Brittany Vonow)

Full article [Option 1]:

A woman has spoken of her horror after she was scammed out of £915 for a holiday getaway through Airbnb.

Ms Brown said she had never used the online rental marketplace before, but was delighted when she found the perfect spot to celebrate her boyfriend's birthday in Amsterdam in October this year.

After contacting the Airbnb host, the 20-year-old said she was asked to transfer the £915 payment to a bank account for the three-night stay at the four bedroom home.

But after receiving a confirmation email, the young woman called Airbnb to confirm - only to be told the email address was not an official address.

Quickly calling her bank Santander in a desperate attempt to stop the payment from going through, Georgia has now slammed Airbnb for not sharing enough warnings about scammers on the site.

The house was advertised on Airbnb, asking for people to transfer money through to the personal account, rather than through the online platform.

She told The Sun Online: "When I signed up, there were not terms and conditions that told you about the site.

"I was reading through the description of the place and it said to book, please send through a query through this email address - it all seemed really friendly and he said they had availability."

Checking the accommodation with the friends she would be travelling with, Ms Brown got the contact details for the owner, confirmed the dates and paid the money.

She said: "Because I hadn't used it before, I presumed people advertised on there and then you make payments to them directly.

"After I paid them, I thought, I'll just check and I went on the Airbnb website. It took me a good half an hour to find anything about payments and it said that they should all be made through the website.

"I called my bank straight away and explained, and they said they'll do everything we can."

But the young legal secretary said she was disgusted by Airbnb's response, saying: "All I got was a 'Oh no, Ms Brown, you shouldn't have done that'.

"They shouldn't have had the advert on their website in the first place."

She said the advertisement told people looking at the rental that they would need to bank transfer the funds to the agent's account, saying that Airbnb should police the advertisements better.

The young Essex woman is now fighting to get her money back, with the scammer since contacting her and asking for more details - leaving her hopeful that they still have not received the money and she will be able to get it back.

She said: "I want to make more people aware - Air BnB is massively advertised, they want everyone to think their website is the safest.

"In fact, by not having warnings about scammers they are putting a lot of people at risk.

"I'm not stupid, I can spot things like this but it looked so legitimate.

"Air BnB preach about how they do all of these checks on the hosts, then how can something like this happen."

The Sun Online has since tried to contact the host but the number was disconnected.

An Airbnb spokesman said: "Fake or misrepresented listings have no place in our community and our team is working hard to constantly strengthen our defenses and stay ahead of fraudsters.

"We just introduced new security tools to help tackle fake listings and educate our community about staying safe online, including more warnings.

"The most important thing to know is as long as you stay on the platform and only send money through Airbnb, you will always be protected. There have been over 160 million guest arrivals on on Airbnb and bad experiences are extremely rare."

The listing has since been removed from Airbnb.

A Santander bank spokesperson said: "Our customer, Ms Brown found a holiday property on AirBnB and sent an email to somebody she believed was the owner of the property.

"A return email was received purportedly from AirBnB confirming beneficiary account details. Miss Brown then sent a payment of £913 to the bank account provided by the third party.

"She has since discovered this is a scam and funds were not sent to AirBnB.

"Santander were in contact with Ms Brown from the day of the transaction to start the process to try and recover the funds from the recipient bank. However, as the funds were sent overseas it can take up to 90 days to get a response."

(1st June 2017)

(Essex Police Community Messaging, dated 9th May 2017)

Note : This advice applies to the whole of the UK, not just Essex !!!

Following DVSA clarification used car buyers are urged to check MOT details online - the paper certificate is too susceptible to forgery.

Following a clarification by the Driver and Vehicle Standards Agency (DVSA), we are urging used car buyers to check MOT details online, rather than relying on the paper certificate.

In response to a Freedom of Information request the DVSA's MOT Scheme Management Team confirmed: "…the view of DVSA is that the test certificate is a receipt style certificate and it is the database holds the authorative record ,DVSA advice is that if a customer has concerns to the validity of the certificate or wishes to, they can confirm the details via the website."

"This important clarification should signal a change in consumer best practice. Most car buyers accept the paper MOT at face value, but 25 years of investigating cloned and clocked vehicles has taught us not to be so trusting. The first thing we do with any claim

is check the MOT on the primary source, the government website. It is a great free service and you can see at a glance the recorded mileages going back years and any advisory notes on the condition of the vehicle.

Any discrepancy between this data and the paper certificate should set alarm bells ringing. Vehicle crime has become highly sophisticated but when it comes to paper MOTs a lot of the tactics are rudimentary, commonly simple photocopies with the mileage altered.

In one recent case, someone had downloaded the sample certificate from the government website, filled it in and passed it off as genuine. They should at least put a watermark on that because they've inadvertently provided a handy resource for fraudsters."

MoT history -
MoT (current) & tax -

(1st June 2017)

(International Business Times, dated 8th May 2017 author Pramod Sharma)

Full article [Option 1]:

Leading UK bank Barclays is launching a £10m nationwide initiative, dubbed the 'Great British Fraud Fightback', aimed at spreading awareness about financial fraud risks. The bank hopes to boost the protection of digital identities of Britons through the dissemination of information, tools and tips.

The digital safety drive launched on Monday (8 May) marks the first attempt by a high street bank to enable their customers to assume full control over how their debit cards would operate. Customers would be able to use the Barclays mobile banking app to instantly enable or disable remote purchases and set their daily ATM withdrawal limits. Branch employees will also have access to a new police hotline to be used in instances when customers are scammed.

The bank will also extend its awareness campaign beyond its customer network. UK residents will be able to assess their own digital safety level online through the Barclays website.

Additionally, the bank will launch a £10m multimedia nationwide campaign to spread awareness about fraud related risks.

"Fraud is often wrongly described as an invisible crime, but the effects are no less damaging to people's lives" said Ashok Vaswani, chief executive of Barclays UK.

"As a society our confidence in using digital technology to shop, pay our bills and connect with others has grown faster than our knowledge of how to do so safely. This has created a 'digital safety gap' which is being exploited by criminals."

"I believe the need to fight fraud has now become a national resilience issue, and we all need to boost our digital safety levels in order to close the gap."

The initiative comes on the heels of the Digital Safety Index survey launched on 8 May. The survey revealed that London, Bristol and Birmingham are the "scam capitals" of the UK with the largest gaps in public resilience. The survey also pointed out that only 17% of people in the UK can correctly identify basic digital threats, such as scams posted on various social media platforms.

London in particular is a city favoured by cybercriminals, as it ranked the lowest on the digital safety scale with a score of 5.89 on a scale of 1 to 10. Moreover, the City also ranks with Bristol as one of the cities with the largest proportion of the population experiencing at least one type of online fraud.

In a surprising revelation, the survey further pointed out that young people between 25 and 34 years of age were twice as likely to be victims of online fraud as older generations. The figure dispels the commonly held notion that older people are the most vulnerable victims of cybercriminals.

Instead, young Londoners possessing a postgraduate degree or above have been identified as the most vulnerable group.

"It's alarming that younger people and those in cities are more at risk", remarked Barclays head of digital safety, Laura Flack.

"We need to super-charge our digital know-how and talk to our friends and relatives to prevent these crimes from happening."

(1st June 2017)

(International Business Times, dated 3rd May 2017 author Jason Murdock)

Full article [Option 1]:

Hundreds of fake website domains are being used by hackers to mimic some of the most popular banking services in the UK in an attempt to trick victims into handing over personal details and sensitive login credentials, a cybersecurity firm said this week (2 May).

DomainTools, a US company that monitors trends on the internet by analysing IP addresses and Whois records, warned that a quick four-day peek into global web traffic showed a number of top high street UK banks were being targeted in the scheme.

From 27-31 March, researchers monitored financial firms and a selection of US-based retailers and uncovered 324 separate websites posing as services including Barclays, HSBC and Lloyds.

DomainTools found 110 fake HSBC websites, 22 for Lloyds, 74 for Barclays and 66 posing as NatWest.

Web addresses included natwesti[.]com, lloydstbs[.]com and barclaysbank-plc[.], standardchartered-bank[.]com and hsbcgrp[.]com.

Upon analysis, the domains were "closely connected" to websites already blacklisted for spam, malware and phishing. For most consumers, this means mainstream web browsers will likely block these automatically.

The hackers are using a tactic known as "cybersquatting", DomainTools said in a blog post. This is when website domains are cheaply purchased and then designed to include brand names, trademarked logos and only slight variations of the proper internet URLs.

No banks were legitimately compromised in the attacks.

The technique is traditionally deployed by cybercriminals to help conduct widespread phishing campaigns to scoop up users' login details and passwords.

However, by redirecting a web user to a fraudulent website it can also be used in pay-per-click ad scams or even drive-by ransomware attacks, the firm warned.

In the retail realm, the DomainTools research team uncovered web addresses impersonating a variety of top US-based retailers including Amazon, Apple, Best Buy, Nike and Walmart. Fake domains included auth-apple-id[.]com and amazonhome[.]club.

"Imitation has long been thought to be the sincerest form of flattery, but not when it comes to domains," said Kyle Wilhoit, senior security researcher at DomainTools.

He continued: "While domain squatters of the past were mostly trying to profit from the domain itself, these days they're often sophisticated cybercriminals using the spoofed domain names for more malicious endeavours.

"Many simply add a letter to a brand name while others will add an entire word such as 'login' to either side of a brand name. Users should remember to carefully inspect every domain they are clicking on or entering in their browser. Also, ensure you are watching redirects.

"Brands can and should start monitoring for fraudulent domain name registrations and defensively register their own typo variants. It is better to lock down typo domains than to leave them available to someone else. This is a relatively cheap insurance policy."

This is a technique famously used by US president Donald Trump, who regularly purchases website domains which are either critical of him or may be needed in the future. In the 18 months leading up to his January 2017 inauguration he bought a selection of 500 new website addresses.

These included, and

Top tips for consumers to avoid falling victim to spoofed websites:

- Check for extra added letters in the domain, such as Yahooo[.]com

- Check for dashes in the domain name, such as Domain-tools[.]com

- Look out for ''rn'' disguised as an ''m'', such as versus

- Check for reversed letters, such as Domiantools[.]com

- A plural or singular form of the domain, such as Domaintool[.]com

(1st June 2017)

(The Scotsman, dated 18th April 2017 author Martin Flanagan)

Full article [Option 1]:

Royal Bank of Scotland-owned NatWest has revealed that nearly 7,000 customers have become the victims of fraudsters since the start of 2016.

The lender, which under RBS chief executive Ross McEwan has been striving to make itself a "safer, simpler bank", says "goods not received" cases - when someone pays for items or services that are never delivered - were the most common scam.

These account for 2,073 cases seen by the bank - or about three in ten scams carried out against NatWest customers.

Les Matheson, NatWest chief executive of personal and business banking, said: "We know scammers can be convincing and they work round the clock to persuade their victims to part with money.

"We have hundreds of people working 24/7 to detect and stop fraud, but it's very important that, as individuals and businesses, we know how to protect ourselves."

The lender said other hoaxes included "advance fee fraud", where conmen ask customers for an advance or upfront payments for goods, services and/or financial gains that do not materialise.

There are also "spoof payment requests", where people receive a bogus official request "purporting to be from someone senior in a company or a client, for payment or draw down of funds".

NatWest said business customers also continued to be defrauded for big sums via invoice fraud, when a firm receives an invoice that appears to be from a trusted trading partner but is actually fake.

(1st June 2017)

(NBC News, dated 20th April 2017 author Nicola Spector)

Full article [Option 1]:

Note : Yes, I know, another USA article about a scam.

We may be getting more technologically advanced every day, but we still haven't outgrown (or outsmarted) the age-old nuisance of robocalls. In fact, robocalling is more rampant than ever - and scamming Americans out of billions.

A new study by Truecaller found that in 2016 roughly 22.1 million Americans lost a total of $9.5 billion in robocall scams - far more than in 2015 - with the average loss per person at roughly $430. In 2015, 27 million people reported scams to Truecaller, and though the number of reports was higher than in 2016, the average loss was much lower, at about $274, said Tom Hsieh, VP of growth and partnerships at Truecaller.

Additionally, Hiya, an app that provides caller ID and spam protection services, recorded a 130 percent growth in fraudulent robocalls since 2015.

Millennials Take the Bait

Truecaller determined that millennials are now "the most targeted group," noted Hsieh, adding that of persons aged 18-34, men reported far more scam incidents than women (33 percent of millennial men versus 11 percent of millennial women).

Hsieh and his team were surprised to see millennials falling for robocall scams. Traditionally, it's thought that elderly people - attached to their landlines and less prone to doing research online - were the prime targets.

"Our hypothesis prior to conducting the study was that millennials would be less susceptible, being tech savvy - but the victims run the full gamut," said Hsieh. "Part of that I think is due to the nature of the scam itself. These scams prey on fear that all ages have. They also appeal to the good nature of people. During the Napa Valley earthquake last year, we saw a spike in scam calls pretending to be from local charity organizations."

Alex Quilici, the CEO of YouMail, which provides voicemail and robocall blocking services, said that he knows a few people who fell for the Microsoft robocall scam that started in 2014 and got so bad, Microsoft itself addressed it.

"People thought it was real, that their computer did have a virus because of course, their computer was running slow," said Quilici. "Also, the scam websites looked just like Microsoft's, just with a different URL."

Robocalling Has Evolved to Mobile, Just Like You

Once the pesky province of landlines, robocalls have made the shift to mobile, just like most everyone else.

"Like the attractiveness of a healthy shark to hungry remora, robocalls and fraudulent phone scams were in many respects inevitable follow-ons to a global commerce shift to digital mobile devices," said Jason Flaks, senior director of product and engineering at mobile advertising analytics company, Marchex.

Plenty of millennials have eliminated or never had a landline, meaning they're relying wholly on a mobile number, entering it on countless forms, possibly even on their own website or social media pages.

"If you sell your used bike on Craigslist and you put your phone number on there, you have between 12 and 24 hours before you start to get robocalls," said Jan Volzke, VP, data at Hiya. "Same goes if you put your number in a Facebook or Twitter post."

And if your number is San Francisco-based, chances are your robocaller is also San Francisco-based - or so he tries to trick you into assuming.

"If you're in a 415 area code, they'll use that area code to target you," said Volzke. "The [scam artists] use automated platforms to fire out millions of calls from anywhere, either in the U.S or overseas, and all you will see is a local number."

Not Just Scams, But a Whole Lot of Spam

Volzke told NBC News that Hiya detected 10.2 billion robocalls in the U.S in 2016, and that at least 10 percent (100 million calls per month) were unwanted spam calls. Dear mother of dial tones, why on earth are companies still able to do this to us?

The answer is two-fold: Firstly, it's really, really cheap to do it; and secondly, once in a blue moon it actually works.

"The business strategy of companies using this technique is similar to email spammers," said Bob Bentz, president of Advanced Telecom Services. "Since calls are nearly free over the internet, the businesses are hoping for that one rare response that will earn them a profit. I'm sure it is working or they wouldn't be continuing to do it."

Some Robocalls Serve a Good Purpose

The very word "robocall" may send chills of irritation down your spine, but it's important to remember that not all robocalls are bad. In fact, some are genuinely useful.

"Many robocalls, or calls from an auto-dialer, come from legitimate businesses," said Jim Gustke, robocall expert at Ooma. "A good example is an appointment reminder from your doctor's or dentist's office."

And then there's the perspective of the small business that may depend on robocalling services because they don't have enough people to make all the necessary outbound calls.

"Robocalls make outbound telemarketing and debt collection efforts easier for many small businesses who are short-staffed," said Niquenya Collins, president and CEO of Building Bridges Consulting. "Rather than expending human resources, computerized autodialers do the job of calling potential or existing customers to deliver updates and reminders, gauge interest in new product or service offers, or simply to save time by predetermining if the target party actually picks up the phone before the human representative takes over the call."

Useful as they can be for the business on a budget, Collins does see robocalling being abused or misused by businesses.

"Robocalls only work when there is an existing relationship with the customer and should not be used as a cold-calling strategy," said Collins, adding that companies should check Do No Call lists. "Unfortunately, many small businesses on shoestring budgets and some unscrupulous companies fail to vet their purchased lead lists against these registries."

How to Stay Safe, and What New Scams We Can Expect

If you're receiving robocalls from a company you give business to (like a pharmacy or a hair salon), but don't want to, you should be able to opt out. If you're being targeted by scam or spam artists, you'll need to do more, including flat out not answering numbers from unknown callers.

"If you're really worried about robocalls, do not ever answer an unknown number - let it go to voicemail. You may also want to find tools (such as apps) that prevent robocalls," said YouMail's Quilici. "Over time, the carriers, infrastructure, and regulations will get better, but it will take time."

Unfortunately, you may want to brace yourselves for more fraudulent robocalls. 'Tis the season for robocallers posing as the IRS.

"This time of year we see a spike in IRS type scamming," said Hsieh of Truecaller. "If you really suspect it's the IRS, ask for an official response in the mail - that is how the IRS [reaches people], through physical mail."

Hsieh also expects that given the new administration's crackdown on immigrants, there will be robocalling scams that will "target the immigrant population." So, again, keep in mind that a government agency would first contact you by mail.

(1st June 2017)

(The Telegraph, dated 13th April 2017 author Amelia Murray)

Full article [Option 1]:

Fraudsters need just three key bits of information to steal your identity and access your accounts, take out loans, credit cards, mobile phones in your name.

All it takes is a name, date of birth and address - and most of this can be found on social media profiles, such as Facebook. And if your settings are not private, this is available for anyone to see.

A third of British adults with online profiles include their full name and date of birth, according to a YouGov survey.

Younger people are even more likely to display this information.

The survey revealed that 48pc of 18 to 24-year-olds divulge this information on social media sites compared to 28pc for those between 35 and 44.

Even if your date of birth isn't displayed, fraudsters will be able to tell if your friends post birthday messages with reference to your age.

"It's not hard to work out," said John Marsden, head of ID and fraud at Equifax, the credit reference agency.

"The date of birth is a crucial part of identification as it's the only detail that never changes. And once it's posted online, it's out there", said Mr Marsden.

Getting hold of your address and stealing your identity

Once fraudsters have your name and date of birth, it's not difficult to track down where you live.

Online directories hold huge quantities of information - from addresses, phone numbers and even a list of your past and present housemates. This can all be pieced together to assume your identity.

Some sites offer a limited number of free searches and will then charge a small fee for premium information.

The next step would be to obtain fake identification documents using your details.

These can be easily ordered online - Telegraph Money discovered one site which promised high quality passports that included security features such as watermarks, microprinting and security threads.

The site claims these would be "no different from the original documents".

The price of a replica passport depends on the country it's purported to be issued from.

A fake British passport costs £550. Those who want an additional bogus driving licence can get both for £720.

A replica US passport is priced at £590.

The site also offers money off for repeat customers. Those who order again will receive a 5pc discount - this increases to 10pc for the third and fourth order, and 15pc when five or more orders are made.

There are also a number of websites that sell imitation utility bills for £25 a time which could also be used in a credit or loan application.

Trial, error and interception

Each provider will require specific information when processing online and face to face applications. It doesn't take long to "crack the system", according to Mr Marsden.

And through trial and error, fraudsters can quickly learn what details are needed so they can go back and reapply.

Once the account is opened, the fraudster will try and intercept the documents or credit cards sent from the bank or other provider to your address.

Many addresses are targeted because of shared mail boxes - such as a set of flats with open access to post.

Protect your date of birth on social media

You can adjust the settings on your Facebook profile so that only you can see your date of birth and other personal details.

"People need to be mindful about their credentials displayed on social media - consumers don't seem to realise how key their date of birth is to their identity," Mr Marsden said.

"Cases of fraud are on the rise, with identity theft representing a major slice of fraudulent activity. More adults in the UK are engaging with social media than ever before, especially on their smartphones, and a high number are readily sharing their personal information on these platforms."

(1st June 2017)

(International Business Times, dated 12th April 2017 author Jason Murdock)

Full article [Option 1]:

A 38-year-old victim of a banking scam which uses fraudulent text messages has spoken out after digital fraudsters were able to drain tens of thousands of pounds from her account. The technique, known as ''smishing'', is currently in operation in the UK, experts warn.

The culprits are spoofing mobile details to make the SMS messages look like they are being sent from a legitimate source. The texts warn your card has been used in a shop and - if you don't recognise the transaction - ask you call an embedded "fraud prevention" helpline.

Of course, this will transfer your call straight through to the fraudsters, who then pose as a friendly banking representative and ask you to "confirm" your credentials.

If you give them enough information to enter your account, money will quickly be siphoned out as they set up new payees. It's not sophisticated, but it works.

This week, one victim spoke out. Surrey-based Claire Pearson, 38, opened up to ITV's This Morning programme about the scam which targeted her father's inheritance fund of more than £71,000. The target's bank has declined to reimburse the lost money.

"I received the text, but this wasn't unusual as I've had messages from them before," explained Pearson, who is heavily pregnant with her first child. "It said there had been suspicious activity on my account, asked 'do you recognise this transaction?, if not call this number.'"

"I clicked the number and it called through, and the call went on for 30 minutes," she continued, adding: "The man I spoke to was lovely, we built up a rapport and he said they would send me a new card in three days." Pearson said that by the time she became suspicious it was too late.

Santander has effectively closed the case on the basis that Pearson willingly handed over access to her passwords to a third party. A spokesperson said: "We are very sympathetic to customers who are victims of scams and welcome the media's involvement in raising awareness of scams. We investigate all instances of fraud fully, as we have done with this case."

The statement concluded: "When there has been no Santander error and customers have divulged personal, security information, we cannot accept any responsibility for the losses on the account."

It was reportedly able to retrieve roughly £2,000 of funds.

Pearson told ITV: "They reversed one transaction as it was in process when I was on the call, and since then Santander have frozen the remaining receiving accounts and returned the money in them to me. But as far as the bank is concerned the case is closed."

Action Fraud, the UK's internet and advice watchdog, said the aim of smishing scams is to "trick you into thinking you're giving up personal information or making payments with someone you can trust, such as your bank, a government agency or a business or brand name."
'The new phishing'

Harry Wallop, a consumer issues journalist told ITV: "This text message scamming is known as smishing and it is the new phishing. They are spoofing a mobile number, with a message coming in to a string of legitimate texts you've already got from your bank.

"Alarm bells shouldn't necessarily have rung when the text come through - but you should always call the number on the back of your bank card, not a number in a text message. The second alarm bell should have rung when they asked for your password."

According to the UK's Financial Ombudsman there has been roughly 6,000 complaints about disputed banking transactions over the past two years. It said claims are typically decided by taking into account if the victim's bank has made an error - which in this instance was not the case.

###Action Fraud has some top tips on how to stay safe from smishing attacks:

- Don't assume anyone who has sent you an email or text message - or has called your phone or left you a voicemail message - is who they say they are.

- If a phone call or voicemail, email or text message asks you to make a payment, log in to an online account or offers you a deal, be cautious.

- Never call numbers or follow links provided in suspicious texts; find the official website or customer support number using a separate browser and search engine.

(1st June 2017)

(London Evening Standard, dated 21st April 2017 author Matt Watts)

Full article [Option 1]:

A conman posed as a Met police officer to persuade his victim to hand over thousands of pounds in cash from her life savings.

The scam started when the thief rang a 51-year-old woman at her home in Waltham Forest on Thursday, February 9, telling her she had been a victim of fraud and her identification had been stolen.

Pretending to be a Metropolitan Police detective called James Portman, he told her to hang up the phone, dial 999 and quote a crime reference number, and she would be put back through to him.

In reality, he stayed on the line, meaning she did not speak to a genuine 999 operator.

Having gained her trust, the victim was then given a set of instructions by "DC Portman" and told to visit a bank on Leytonstone High Road to withdraw cash, then a bureau de change in Walthamstow to withdraw Euros and American dollars.

The conman called her again at 6pm and convinced her to hand over the cash and her bank cards as evidence, to a courier who came to her house who claimed he would take the cash to Hammersmith Police Station.

The next day she was made to transfer savings into her current account, then go to a jewellery shop on Old Bond Street to buy a high-end watch which she gave to another courier,

On Monday, 13 February, "DC Portman" told her by phone she must withdraw everything or she could lose her life savings. She was then ordered to buy another watch from a jewellers and hand it to a different courier.

The scam was rumbled when the victim's phone ran out of battery while on the phone to the con artist.

She borrowed a member of public's phone to dial 101, quoting DC Portman's name and the crime reference number she was given, which the operator said was false and there was no DC James Portman in the system.

The victim became suspicious and reported the crime to police.

Police investigating the "courier" scam have now released an image of a man they want to speak to.

Detective Constable James Egley, the investigating officer from the Met's Operation Falcon, said: "These conmen went to extreme lengths to gain the victim's trust to deliberately deceive her out of her hard-earned life-savings.

"We would appeal for anyone who recognises the man in the CCTV to contact us or Crimestoppers.

"People should be aware that the police would never send a courier service to collect items and would never ask for your PIN, bank cards, to withdraw money or to buy expensive items."

Anyone who recognises the man or has any information should call Operation Falcon on 020 7230 8203, Crimestoppers anonymously on 0800 555 111 or tweet @MetCC.

For fraud advice visit

(1st June 2017)

(London Evening Standard, dated 21st April 2017 author Ben Morgan)

Full article [Option 1]:

Heathrow travellers were today warned to be vigilant after almost 300 fines were issued on cars stored without permission by a private parking firm.

The penalties were given out over four days at two car parks run by Hillingdon council.

The town hall's trading standards team is now investigating whether one firm is using the car parks to store vehicles while the owners are away.

It is alleged that the owners did not park them and cars were not authorised to be left at the two sites, resulting in parking fines. Scores of parking companies near the airport offer "meet and greet" services, where cars are picked up and stored in a secure compound while the owners are away, for as much as £150 a week.

In photographs of the Yiewsley car park posted online by resident Sarah Harvey vehicles including BMWs, Mercedes and 4x4s have as many as five £60 fixed penalty notices attached to windscreens. Ms Harvey said: "I looked inside a few cars and saw some tickets on the seat that clearly say Terminal 2. It looks like people are being ripped off by the airport parking."

The 275 tickets were handed out in Fairfield Road car park, Yiewsley and Brandville Road car park, West Drayton. The total value of the fines is estimated to be £16,500.

A council spokesman said: "We urge members of the public to make adequate checks with any companies they are considering leaving their cars with, and wherever possible ensure that the facilities and services companies offer meet expectations, particularly with regards to the security of vehicles. We are aware of reports that some vehicles were parked in the car parks by a Heathrow parking company and not the vehicle owners.

"This is a matter we're taking very seriously. Our trading standards team has launched an investigation and will be contacting the people who have received the parking tickets.

"Everyone who receives a parking ticket has the right to appeal and we will be dealing with each ticket on a case-by-case basis."

Anyone with information should contact trading standards via the Citizens Advice helpline on 0345 4 040506

(1st June 2017)

(Womens Weekly, 18th April 2017)


In a survey by Citizens Advice, three out of four people felt confident they could spot a pension scam, but when researchers showed them three mock adverts, and asked them to pick which they'd respond to if looking for pension advice, almost nine in 10 picked ads which contained clear warning signs of a scam, such as unusually hign returns, offers of pension access at under 55, or paperwork delivered by courier. And you don't have to be dim or naive to fall for the fraudsters tricks. "Many scammers use professional looking websites and leaflets to fool their victims", says Citizens Advice Chief Executive Gillian Guy. "And its difficult for consumers to stay ahead of pension scams as they evolve".


The Government service Pensionwise says these are the warning signs to look out for :

- Any contact that comes out of the blue, whether by text, phone or email, offering a pension review, advice or investment opportunities.

- Offers to get you access to your pension pot before you're 55, often using words like "pension liberation", "pension loan" or "legal loophole". The only way to do this without losing most of it to tax is if you are terminallly ill, and even then there are strict rules.

- Recommendations to move your money into schemes offering high returns (anything over 8% is potentially suspicious). These will often, though not always, be based abroad, and common buzzwords are "unique", "overseas", environmently friendly", "ethical" or "in you as a "a new industry". Scammers will often flatter you by describing you as a sophisticated investor", suitable for such a scheme.

- Offers of a "free pension review", or help to track down an old pension. You can get a free overview of your pension options through the government service Pensionwise (visit, or call 0800 138 3944), and track down old pensions through the Pensions Tracing Service (visit, or call 0345 600 2537). Neither of these organisations will cold call, text or email you.

- Companies claiming to be affiliated with or endorsed by Pensionwise or any other government organisation, or calls claiming to be from the government, and asking for details of your pension; these calls won't be genuine.
Look out too, for websites that look very like the official ones - there are a lot of copycat sites. Fraudsters also sometimes use company names that sound like familiar ones.

- Anyone who encourages you to take your whole pension pot out at once, or a large sum, and let them invest it for you.

- Any suggestion of time pressure, such as offers that will close after a limited time period, documents being sent to you by courier, or pushing to make you decide quickly. If you're making any decision on your pension, take your time and consider getting professional advice.

If you think you may have been scammed, contact Action Fraud (visit, or call 0300 123 2040).

(1st June 2017)

(Daily Mirror, dated 10th April 2017 author Andrew Penman)

Full article [Option 1]:

A company which tricked callers into ringing expensive numbers beginning 09 has been fined £645,000.

Most victims had used their smart phones to search online for the number of well-known organisations such as Sky or HM Revenue & Customs .

But the links they clicked on were for connection service DK Call Limited of Bournemouth, which did not disclose that calls cost £3.60 a minute, plus network access charges.

Some victims unknowingly spent £100 on a single call.

Joe Prowse, chief executive of the watchdog Phone-paid Services Authority said: "Our investigation found that consumers were calling these numbers as a result of the company's failure to provide key and clear information about the service.

"We encourage anyone using a search engine to look for a number to be aware that the first results are not always the organisation you are looking for.

"Be particularly wary of numbers for well-known companies that seem to be operating on 087 and 09 number ranges. There is likely to be a cheaper alternative."

In addition to the fine, the watchdog ordered DK Call to refund ripped-off callers.

The PSA received 69 complaints about the company in three months.

(1st June 2017)

(Action Fraud, dated 13th April 2017)

Wonga has confirmed a data breach where up to 250,000 accounts have been compromised. The incident is now being investigated by the police and has been reported to the Financial Conduct Authority.

Wonga has updated their website with further information and confirmed that they are contacting all those affected and are taking steps to protect them, but there are also some things you can do to keep your information secure.

Here's what you can do to make yourself safer:

If any of your financial details were compromised, notify your bank or card company as soon as possible. Review your financial statements regularly for any unusual activity.
Criminals can use personal data obtained from a data breach to commit identity fraud. Consider using credit reference agencies, such as Experian or Equifax, to regularly monitor your credit file for unusual activity.
Be suspicious of any unsolicited calls, emails or texts, even if it appears to be from a company you know of. Don't open the attachments or click on links within unsolicited emails, and never disclose any personal or financial details during a cold call.

If you have been a victim of fraud or cyber crime, please report it to us:

(1st June 2017)

(The Register, dated 12th April 2017 author Kat Hall)

Full article [Option 1]:

BT's free [CALL] spam filter, launched earlier this year to crack down on nuisance calls, has identified accident claims as the worst offender for nuisance calls with 12 million made in the first week of March.

Some two million customers have signed up to the BT Call Protect service, which it says has diverted 65 per cent of calls to the junk voicemail box.

Accident claims made up 41 per cent of nuisance callers; followed by scammers fishing for personal details (18.5 per cent); computer scams (12.6 per cent); debt collection (7.5 per cent) and PPI (6.4 per cent).

It was recently revealed that hundreds of staff were hired by scammers in Indian call centres to defraud TalkTalk customers.

BT said the service harnesses huge computing power to analyse large amounts of live data.

Rogue numbers are identified and added to the BT blacklist, which proactively diverts nuisance calls before they reach customers, unlike reactive blocking where the calls reach the customer and the numbers are changed frequently to avoid detection.

BT said customers are making more than 80,000 calls a week to BT Call Protect's 1572 number to add numbers to their personal blacklist.

BT estimates that if all its customers signed up to BT Call Protect, it could divert 1.6 billion nuisance calls a year. It is thought that PPI and accident claims companies alone are responsible for 800 million of these calls.

(1st June 2017)

(Hertfordshire Neighbourhood Watch circular, dated 11th April 2017)

Many Hertfordshire residents have had credit cards, mobile phones or other services ordered in their name after their post has been stolen or tampered with. This is a form of Identity Fraud, causing disruption, inconvenience, credit problems and potential financial loss to victims. Cifas, the UK fraud prevention service, recently released figures showing that identity fraud has hit the highest levels ever recorded in the UK.

Residents with external mailboxes appear to be particularly at risk from this type of crime, with fraudsters stealing documents containing personal details, which they then use to order credit cards, open accounts, or order other services in the resident's name.

When the fraudulently ordered credit cards are delivered, the fraudster intercepts them, taking them from the resident's external mailbox. People who have been victims to this type of fraud are particularly unhappy to realise that fraudsters have been monitoring their home, watching their movements, and taking the items from their letterbox as soon as they have been delivered. This may happen over a considerable period of time before the crimes come to light, often when the credit card or other service providers contact the resident to chase payment.

A recent Hertfordshire victim had numerous items stolen from a locked mailbox out of sight of his house over a period of time. It is believed that the fraudters used skeleton keys. He has since added a combination lock and also suggests that a deep mail box with an internal baffle plate (which makes it very hard/impossible to take anything out of the box) is a good security measure.

Please consider the security of your postal deliveries.

Note: Police recommend that residents wishing to purchase items to improve the security of their home should look for items endorsed by "Secured By Design" ( )

(1st June 2017)

(Action Fraud, dated 3rd April 2017)

Fraudsters are sending out a high volume of phishing emails to personal and business email addresses, pretending to come from various email addresses, which have been compromised.

The subject line contains the recipient's name, and the main body of text is as below:


"Hi, [name]!

I am disturbing you for a very serious reason. Although we are not familiar, but I have significant amount of individual info concerning you. The thing is that, most likely mistakenly, the data of your account has been emailed to me.

For instance, your address is:

[real home address]

I am a law-abiding citizen, so I decided to personal data may have been hacked. I attached the file - [surname].dot that I received, that you could explore what info has become obtainable for scammers. File password is - 2811

Best Wishes,"

The emails include an attachment - a '.dot' file usually titled with the recipient's name.


This attachment is thought to contain the Banking Trojan Ursniff/Gozi, hidden within an image in the document. The Ursniff Banking Trojan attempts to obtain sensitive data from victims, such as banking credentials and passwords. The data is subsequently used by criminals for monetary gain.

Protect Yourself:

Having up-to-date virus protection is essential; however it will not always prevent your device(s) from becoming infected.

Please consider the following actions:

- Don't click on links or open any attachments you receive in unsolicited emails or SMS messages: Remember that fraudsters can 'spoof' an email address to make it look like one used by someone you trust. If you are unsure, check the email header to identify the true source of communication (you can find out how by searching the internet for relevant advice for your email provider).

- Do not enable macros in downloads; enabling macros will allow Trojan/malware to be installed onto your device.

- Always install software updates as soon as they become available. Whether you are updating the operating system or an application, the update will often include fixes for critical security vulnerabilities.

- Create regular backups of your important files to an external hard drive, memory stick or online storage provider. It is important that the device you back up to is not connected to your computer as any malware infection could spread to that as well.

- If you think your bank details have been compromised, you should contact your bank immediately.

If you have been affected by this or any other fraud, report it to Action Fraud by calling 0300 123 2040, or visit

(4th April 2017)

(Entity magazine, dated 18th March 2017 author Vanessa McGrady)

Full Article [Option 1]:

Kelli Williams, a market researcher by day, was looking for a little side hustle. The 38-year-old from Oak Park, Ill., cruised Craigslist and found what seemed like a great moonlighting gig. "It seemed like it would be perfect. You could work as many or as few hours as you wanted and it was all done from your computer, remotely," she said.

A guy named "Bill" had a warehouse in California and wanted her to list items on eBay-under Williams' account-and manage the transactions and inquiries. Bill would receive the order and ship the goods to the customers. "It all actually worked at first. I listed the items, the people received them, I got some money," Williams said.

The honeymoon didn't last long. "As I took on more and larger items, complaints started rolling in. People weren't getting their items. They were demanding refunds. I kept pestering Bill and he would say the item was on its way. More emails, more demands for refunds. His next excuse was that they got lost in the mail (and he told me some ridiculous percentage of items get lost in the mail every day)."

But because the items were under Williams' name and account, she was responsible for giving out refunds for increasingly expensive items, such as exercise equipment, electronics and software. "The last time I contacted Bill to essentially beg him to make this right, he became a totally different person (for all I know he could have been) and threatened me. He said he knew where I lived and worked and would send his 'family in Chicago' after me."

All in all, Williams lost about $5,000 in what's known as a "reshipping scam," and she had to start all over again building a new eBay account because all the bad reviews had made her original one unusable. This happened about 13 years ago, and she's since rebuilt her reputation, but unfortunately, she's not alone in falling victim to a scam. According to the FBI, college students, especially now, are prone to this kind of con. "Never accept a job that requires depositing checks into your account or wiring portions to other individuals or accounts," the FBI warns on its website.

"Reshipping scams, like many job scams, are appealing because they offer the opportunity to get a job and get paid quickly. Because they don't have any experiential or educational requirements, most job seekers are qualified for these sorts of scam jobs, which allows scammers to access a bigger pool of potential victims. Most job seekers feel at least some pressure to get a job quickly, especially if they've been out of work or need extra income to meet their debt obligations. Scammers understand this vulnerability and they prey on it," says Brie Reynolds, a senior career specialist at, an agency that helps place people in legitimate work-from-home and part-time positions.

And to make matters worse, the damage could go beyond losing money for the victims . "Reshipping job scams aren't just annoying-they can actually involve job seekers in criminal activities. Most of the time, the goods being reshipped are stolen, and once a person receives those stolen goods and then mails them to another location, they've unwittingly become part of that crime," Reynolds says. In fact, to her knowledge, there are basically zero legitimate reshipping jobs.

uaware comment

Yes, I know, another USA article. This is another example of a scam that can be transfered Worldwide. Instead of the crook dipping their hands directly into you pockets they get innocent people (customers) to demand refunds and destroy your reputation in the process.

(2nd April 2017)

(Fox News, dated 20th March 2017)

Full Article [Option 1]:

Think you've won an all-expenses paid hotel stay at a premium brand? Not so fast. If you receive a phone call offering a free stay at a Marriot hotel, you might just want to hang up immediately.

According to the hotel chain, that call is likely part of a continuing phone scam that utilizes the brand's well recognized name to access personal and financial information from potential guests.

According to Travel Pulse, the trick has been played on victims since at least 2015 and the chain has issued a series of statements warning about the calls since. But the scammers apparently haven't been deterred.

"Marriott International has been made aware of a series of fraudulent telephone calls being made in different parts of the world where the caller offers a complimentary stay at a Marriott hotel to entice the person taking the call to listen to a sales pitch unrelated to Marriott," the hotel said on March 15.

But according to the global hotel company, Marriott has absolutely nothing to do with these phoners.

"Marriott has not provided any information to the parties involved in these fraudulent calls," the hotel said in a statement.

"If you receive a suspicious telephone call, especially for a contest you did not enter, we urge you not to provide any personal information, especially credit card information. Instead, simply end the phone call."

If received, the fishy calls can be reported to the ##############. Phone cons, the commission said on their website, have led to thousands of people losing money ("from a few dollars to their life savings") each year.

According to the Commission, travel scams are a particularly common way for thieves to obtain information and money.

"'Free' or 'low cost' vacations can end up costing a bundle in hidden costs," the commission said. "Some of these vacations never take place, even after you've paid."

uaware comment

If you have been drawn in by this scam (or similar) contact your bank and warn them of an impending "dodgy" transaction. Also report the incident to Action Fraud : 0300 123 2040.

(2nd April 2017)

(Good Housekeeping, dated March 2017) [Option 1]

In the Autumn Statement, the Government announced that it wants to make pension cold calls illegal. Why ?

Because these calls are not only a nuisance, but also usually the work of scammers. Almost 11 million pensioners are being targeted annually by cold callers with savers reporting estimated losses of almost £19 million to pension scams between April 2015 and March 2016. If you get a call about your pension from someone you're not expecting, hang up immediately. If you think you've been targeted by a scam, call The Pensions Advisory Service on : 0300 123 1047. You should also report scams to Action Fraud on 0300 123 2040.

(2nd April 2017)

(BBC News, dated 22nd March 2017 author Zoe Kleinman)

Full article [Option 1]:

What is spear phishing?

"Phishing uses behavioural psychology to trick victims into trusting the attacker in order to obtain sensitive information," said Paul Bischoff of Comparitech, who also talked to Zed.

"Spear phishing is less prevalent, but far more dangerous. Spear phishing targets an individual or small group of people. The attacker can gather personal information about their target to build a more believable persona."

The incident

Six weeks ago, a young woman called Zed (not her real name) was in a meeting at work when a message popped up on Facebook Messenger from a distant friend.

"Hey babe," it began.

The friend asked Zed to vote for her in an online modelling competition, which she agreed to do.

But then - disaster. Adding her email address to the competition register had caused a tech meltdown, her friend said. She needed to borrow her email log-in to fix it quickly and restore her votes.

Zed was unsure. The friend begged - her career was at stake, she pleaded. Still in the meeting and powerless to make a call, Zed gave in - a momentary leap of faith.

Except it was not her friend that she was talking to - someone else had got into the account and was pretending to be her.

It's a scamming technique known as spear phishing.

Within minutes, Zed watched in horror as she was locked out of one account after another, as well as her Apple iCloud where she stored all her data - including a photo of her passport, bank details, and some explicit pictures. The hacker took control of all her IDs as they were all linked to the email address details she had supplied.

The scammer also activated an extra layer of security, called two-step authentication, meaning that they received all alerts about her accounts and could reset them.

Then a man called. The number had a Pakistan area code.

"He started the call by saying he didn't want any drama, he didn't want me to cry, he wanted me to talk to him like a professional," she said.

He sounded young, perhaps a college student, she thought.


He accused her of leading an "immoral" life. He had seen her photographs, he knew she had smoked and had boyfriends and was sexually active.

He asked her what her parents would think and was furious when she said they already knew.

"He claimed he had hacked thousands of women," Zed says.

"He said 10 or 12 he had felt bad about because he couldn't find anything about them that was 'wrong'."

Zed was not part of that group.

"He said he was happy when he hacked my account. That I deserved everything."

He told her he would post the explicit pictures on her Facebook page - where she has more than 1,000 friends.

"I offered him money. I asked if I could pay. He said, 'Don't talk about money.' He sounded irritated," she said.

Instead, he wanted her to perform a sex act for him on camera.

Zed refused.

"Either you do it for me or you do it for the whole world," he told her - and uploaded one of the photos to Facebook.

Zed had already warned her boyfriend and parents who assembled an army of friends waiting to report activity on her account. Within 15 minutes it had been disabled by Facebook - but she still received concerned messages from contacts.

"A friend who is like a brother sent me a message - it wasn't him who had seen [the photo] but a friend of his," she said.

"I feel like I mustn't think too much about how many people saw [the photos]."

The last thing the scammer said to her was, "Have a great life."

"It seemed to me the only reason he was doing this was to morally police women and get them to do stuff for him," Zed said.

"He wanted a gallery of explicit photographs of women. That seemed to be his motive."

Zed does not consider herself to be digitally naive. She is a bright, articulate 20-something from India who works in the media industry on the US east coast.

"I have been tech savvy and on the internet almost my entire life - but I've never really seen the power of what people can do until now," she says.

Regaining control of her accounts has been a struggle. It took Zed a month to get her Apple ID back after engineers created a bespoke questionnaire for her containing answers that were not stored in her account.

Gmail and Facebook have also been restored, but she has lost Snapchat and her Hotmail address - her central account which she had used for more than 13 years.

'Chink in the armour'

"I feel for the poor woman - these scams are so easy to fall for," said cybersecurity expert Prof Alan Woodward from Surrey University.

"I think what it shows is that security is a combination of people, process and technology. You can be very 'savvy' in any one or two of these but scammers are superb at finding novel combinations that, frankly, we just wouldn't think of.

"I know it sounds so obvious but, regardless of who they are, you should not share your username and password. Give these scammers a small chink in the armour and they are sadly brilliant at getting in and running amok in your digital life."

Zed still uses iCloud but does not store personal stuff on it anymore - and has activated two-step verification everywhere.

"I still see the value in the storage. But I will never ever give any information away again," she said.

Zed originally decided to share her story on community site Reddit after trying to find others who may have been conned by the same man.

"I was really shocked to discover that I found absolutely nothing," she said.

"I was hoping that speaking up about it would remedy that problem and encourage others to share their stories.

"It also felt like the only way to get back at him."

As far as Zed knows, the scammer has not been caught.

"Cyber-criminals come in all shapes and sizes,' said prof Woodward.

"Their motive is not always monetary gain. As we have sadly seen of late, revenge or just being plain malicious is a growing trend."

How do I protect myself?

Besides never sharing the credentials for your online accounts, a good way to stay safe is to enable "two-step authentication". This means that users must enter another code besides their password, received for example by their mobile phone, to log in.

This can usually be set up in the security settings for your account or during the sign-up process. Two-step authentication is offered by Gmail, Hotmail, Apple, Amazon, Yahoo, Facebook and Twitter among others.

uaware comment

- Don't use the same password for every online service

- Use security software on every device that can go online.

(2nd April 2017)

(ZDNET, dated 23rd February 2017 author Danny Palmer)

Full article [Option 1]:

Cybercriminals are attempting to steal credentials from government workers and university staff by deploying phishing emails claiming that the target is due for a pay rise.

Claiming to be from the human resources department, the email tells staff that they're soon to be offered a pay rise and to click a link in order to enter their credentials for 'authentication purposes'.

This fraudulent link takes the target to a fake website where they are asked to enter personal information including university log in and financial details, data which the cybercriminal perpetrators can use to gain unauthorised access to systems and steal money.

The UK's fraud and cybercrime centre Action Fraud and the City of London police issued a warning on the pay rise phishing scam following more than a hundred reports of victims receiving them.

Action Fraud also warns that universities, police forces and government agencies have been targeted by cyberfraudsters using this scheme, which is being investigated by various regional police forces.

Police advice to those who have been targeted by this phishing scam is to change any passwords associated with any passwords associated with their email accounts and IT accounts.

"Phishing emails continue to be a serious problem. It is essential that those affected take the appropriate action to protect their personal details, says Stephen Proffitt, deputy head of Action Fraud.

The University of Bath computing services department published a warning after users were sent the email.

Phishing emails are an effective attack vector for cybercriminals, who use them for everything from stealing credentials to distributing malware and ransomware. Those behind phishing schemes can send millions of emails in just a day, so even if just a tiny number of targets fall for the scam, they're still making off with a big haul of data.

The university pay rise scam isn't the first phishing campaign which Action Fraud has recently warned against; in January police warned that cybercriminals are attempting to infect people with bank data stealing malware by using emails pretending to come from a charity.

(2nd April 2017)

(Los Angeles Times, dated 26th March 2017)

Full article :

I got scammed by a magazine company a year ago. I thought the call was about two magazines I wanted to stop as I was moving. The woman talked fast and took me through the steps with my bank card (which was stupid of me, I now know) as if she was helping and at the end she said, "Oh, those are not our magazines." Two weeks later I was receiving about eight magazines I do not want. I changed my bank card so the withdrawals would stop, but I get so many collection calls. I hang up and block that number, but then I get more. My bank manager said consumers don't have to pay for what they don't want. I have told the collectors that, but they still send bills for $1,200 for three years of magazines.

Answer: Don't expect collectors for scam artists to help you out. Amy Nofziger, regional director for the American Association of Retired Persons (AARP), recommends you contact your state's attorney general to file a complaint.

"Magazine subscriptions like this are still a huge complaint and the AGs need to know about it, so they [can] file enforcement against the company if needed," Nofziger said.

You must follow certain procedures to request that the debt collection agency stop contacting you. The AG's office may be able to help or there may be a separate collection agency board you need to contact. The Federal Trade Commission also has guidance at

You also can call and speak to a trained volunteer at the AARP Fraud Watch Network who can help you through the steps. Its number is ************** and you can learn more at

uaware comment

The point of including this article is an example of scams that can easily be tranported from one country to another. When these con artists victims dry up in their own country they will just dial another countries access code !

If you need to alter or cancel an existing magazine subscription telephone the publishers number on your previous orders documentation. If you can't find your documentation, contact your local library (your librairian will love my suggestion - but they do order magazines !).

If you have fallen foul of this con inform your bank, then call the Citizens Advice line for further help.

(2nd April 2017)

(Metro, dated 26th March 2017 author Jen Mills)

Full article [Option 1]:

A woman who worked crimping Cornish pasties used her spare time to defraud a pensioner by pretending to be a porn star, a court heard.

Aysha Begum, 27, allegedly told retired divorcee Geoffrey Hoyland that she was a 22-year-old Bangladeshi exotic model and sent explicit videos and photos she claimed were of her.

In reality she was a pasty crimper in a factory in St Austell, Cornwall.

Begum allegedly struck up a 'relationship' after meeting him on Facebook, and asked for money and gifts including £20,000 in cash.

She reportedly told him that was to assure her conservative mother that he was financially secure and their wedding could go ahead.

Mr Hoyland, who lives with his two cats in Banbury, Oxfordshire, also sent gifts including a strapless basque, G-string and stockings, gold necklace, iPhone and white sofa.

Truro Crown Court was told that Begum's husband Jynal Khan has already pleaded guilty to fraud and was being dealt with in a separate court case.

Begum, of St Austell, is accused of committing fraud and spending £35,16.19 knowing that the money came from criminal conduct. She denies both charges.

The alleged offences date between December 26, 2014, and December 9, 2015.

Paul Grumbar, prosecuting, said: 'This case is about the allegation that this lady and her husband worked together and committed what is called a dating scam to extract money from a man, in this case a Mr Hoyland.

'He joined a Facebook page that was introducing ladies who were interested in relationships with older men.

'Mr Hoyland was, you may think, in many ways naive.'

The court heard Begum allegedly used the name Alisa Begum, so that gifts and money could be sent to her under the name 'A. Begum'.

Paul Grumbar, prosecuting, said Begum asked for cash so she could buy a car and drive to Oxfordshire to visit him, as well as money for new tyres, a satnav and to cover cost of converting the vehicle to LPG fuel.

Mr Grumbar said all the money was sent to her personal bank account which was used to pay the couple's mortgage and large sums of cash were also withdrawn.

He added: 'The Crown is saying that it is all very well her husband saying he was the man responsible for the fraud, but she must have known about it and very large sums of money going into her bank account.'

(2nd April 2017)

(The Register, dated 20th March 2017 author John Leyden)

Full article [Option 1]:

WWE star's swiped sex snaps survey spam snares selfie sickos !!!

Scammers are exploiting a new batch of leaked celebrity nudes, using the stolen selfies to lure in gawpers and make a fast buck.

Voyeurs are told to install a smartphone app that promises to reveal comprising photos of British WWE star Paige - whose intimate private photos and videos were leaked online this month without permission. The wrestler is among a clutch of celebs whose nude pics and sex tapes were very recently snatched and spread on the web, an act dubbed The Fappening 2.0 after similar leaks in 2014.

Pervs hoping for an illicit glimpse of Paige are tricked into allowing the app to access their Twitter account, and then led along a warren of URLs that go nowhere and serve no purpose other than to make crooks money from affiliate marketing and advertising link clicks.

Determined gawpers will eventually wind up on an internet survey page that promises to reward you with an Amazon gift card after you hand over details about yourself. "Filling this in hands your personal information to marketers," said Chris Boyd, a malware intelligence analyst at Malwarebytes. A writeup of the scam - complete with screenshots - can be found in a blog post by Boyd, here.

While surfers are looking through all these links, the dodgy phone app spams out tweets from their accounts, complete with yet more pictures and URLs as bait. It's another example - only days after the Twitter Counter app was hacked to send out propaganda branding the Dutch and Germans as Nazis - why netizens should be wary of third-party Twitter apps.

This month's Fappening 2.0 leak has cropped up in other cybercrime scams. For example, message board denizens are warning others of dodgy download links and random zip files claiming to contain stolen nude photos and video clips.

"As freshly leaked pictures and video of celebrities continue to be dropped online, so too will scammers try to make capital out of image-hungry clickers," Boyd warned.

"Apart from the fact that these images have been taken without permission so you really shouldn't be hunting for them, anyone going digging on less-than-reputable sites is pretty much declaring open season on their computers. Do yourself a favor and leave this leak alone. It probably won't be long before the Malware authors and exploit slingers roll into town."

(2nd April 2017)

(BT News, dated 22nd March 2017)

Full article [Option 1]:

Criminals are targeting Santander customers using a text message trick to steal funds out of current accounts.

All of the victims who have lost money are now struggling to recoup their losses as they all revealed their One-Time Passcode to the scammers. This is a vital piece of information fraudsters need to steal money.

Here's what you need to know to keep your accounts safe.

How the scam works

In the latest spate of incidents criminals are reportedly using a technique called number spoofing to send messages to victims that appear to be from the bank and part of an existing thread.

These warn that there has been unusual activity on the account and that the customer needs to call a number or click a link to verify information.

Scammers then convince the victims to provide account details for their online banking and generate a One-Time Passcode (OTP), which allows them to empty the accounts.

The OTP is an extra layer of security Santander uses to authorise things like setting up a new payee or changing details on the account.

Savings stolen

At least three Santander customers have lost more than £36,000 in total this month thanks to this 'smishing' scam, according to This is Money.

Ruth Quinn from Kent lost £15,000, Ron Williams from Southampton had £12,000 stolen and Rod Owens from Coventry is £9,200 out of pocket.

More and more people are using current accounts as savings accounts as they offer more interest than traditional deals.

This means more cash is likely to be held in a current account, which makes them a prime target for fraudsters.

The Santander 123 Current Account pays 1.5% on savings up to £20,000 and is especially good for large balances.

Growing trend

Of course the scammers can easily imitate any other bank, so it's not just Santander customers who need to be vigilent.

The industry as a whole has seen an alarming rise in the use of 'social engineering techniques', including targeted smishing.

Figures from Financial Fraud Action UK show that the amount lost to financial fraud has increased from £755 million in 2015 to £768.8 million in 2016.

Take a look at our guide to the common tricks scammers use to keep up to date with how criminals are trying to steal your money.

Can victims get their money back?

Sadly, Santander will not refund the victims of this nasty smishing scam because they handed over the essential OTP code, which allowed the fraudsters to siphon the money.

A spokesman for Santander told This is Money: "Each of these customers provided the fraudsters with their OTPs and allowed the fraudsters access to their online banking.

"OTPs are security measures we put in place to protect customers, and we have specific warnings on our online banking log-in screen and when sending OTPs not to divulge these to anyone.

"In two of the cases our fraud detection flagged the transactions and contact was made to the customers' registered telephone where these transactions were confirmed as genuine, authorising them to go ahead.

'Whilst we are very sympathetic to customers who are victims of scams, as there was no Santander error and all three customers divulged personal, security information, we therefore cannot accept any responsibility for the losses on these accounts.

'We assess all fraud claims on a case by case basis, in line with the Payment Service Regulations and the Consumer Credit Association.'

How to stay safe

Your bank will never contact you to ask for your account details, Pin or your OTP code.

You should ignore and report any message, call or email you get asking for this sort of sensitive personal information.

If you think if you have become a victim of a smishing scam, contact your bank as soon as possible using the number on the back of your debit card.

(2nd April 2017)

(CIFAS, Dated 15th March 2016)

Full article [Option 1]:

Cifas, the UK's leading fraud prevention service, has released new figures showing that identity fraud has hit the highest levels ever recorded. A record 172,919 identity frauds were recorded in 2016 more than in any other previous year. Identity fraud now represents over half of all fraud recorded by the UK's not-for-profit fraud data sharing organisation (53.3% of all frauds recorded to Cifas), of which 88% was perpetrated online.

The vast majority of identity fraud happens when a fraudster pretends to be an innocent individual to buy a product or take out a loan in their name. Often victims do not even realise that they have been targeted until a bill arrives for something they did not buy or they experience problems with their credit rating. To carry out this kind of fraud successfully, fraudsters need access to their victim's personal information such as name, date of birth, address, their bank and who they hold accounts with. Fraudsters get hold of this in a variety of ways, from stealing mail through to hacking; obtaining data on the 'dark web'; exploiting personal information on social media, or though 'social engineering' where innocent parties are persuaded to give up personal information to someone pretending to be from their bank, the police or a trusted retailer.

We have seen growing numbers of young people falling victim in recent years and this upward trend continued in 2016 with almost 25,000 victims under 30. In particular we saw a 34% increase in under 21s, and therefore Cifas is again calling for better education around fraud and financial crime and urging young people to be vigilant about protecting their personal data.

2016 also saw increases in victims aged over 40, with 1,869 more victims recorded by Cifas members.

Mike Haley, Deputy Chief Executive, Cifas said:

"These new figures show that identity fraud continues to be the number one fraud threat. With nine out of ten identity frauds committed online and with all age groups at risk, we are urging everyone to make it more difficult for fraudsters to abuse their identity. There are three simple steps that anyone can take to protect themselves: use strong passwords, download software updates when prompted on your devices; and avoid using public wi-fi for banking and online shopping.

"We all remember to protect our possessions through locking our house or flat or car but we don't take the same care to protect our most important asset - our identities. We all need to take responsibility to secure our mail boxes, shred our important documents like bank statements and utility bills, and take sensible precautions online - otherwise we are making ourselves a target for the identity fraudster."

Commander Chris Greany, National co-ordinator for economic crime said:

"With close to half of all crime now either fraud or cyber crime we all need to make sure we protect our identity.

"Identity fraud is the key to unlocking your valuables. Things like weak passwords or not updating your software are the same as leaving a window or door unlocked."

Year on year breakdown of UK total fraud figures (Recorded)

2008 : 77,642
2009 : 102,327
2010 : 102,672
2011 : 113,259
2012 : 123,589
2013 : 108,554
2014 : 113,839
2015 : 169,592
2016 : 172,919

uaware comment : National Trading Standards have stated that only 5% of fraud incidents are reported.

Age breakdown of victims impersonation

n = 2015, (n) = 2016

Under 21 : 1343 (1803)
Age 21 - 30 : 22616 (22572)
Age 31 - 40 : 36502 (33883)
Age 41 - 50 : 33702 (34010)
Age 51 - 60 : 28366 (29818)
Age 61 + : 25934 (26043)

What can consumers do to protect themselves?

- Set your privacy settings across all the social media channels you use. And just think twice before you share details - in particular your full date of birth, your address, contacts details - all this information can be useful to fraudsters!

- Password protect your devices. Keep your passwords complex by picking three random words, such as roverducklemon and add or split them with symbols, numbers and capitals:R0v3rDuckLemon!.

- Install anti-virus software on your laptop and any other personal devices and then keep it up to date. MoneySavingExpert have a recommended list of the best free anti-virus software:

- Take care on public wi-fi - fraudsters hack them or mimic them. If you're using one, avoid accessing sensitive apps such as mobile banking.

- Download updates to your software when your device prompts you - they often add enhanced security features.

Think about your offline information too:

- Like post. Always redirect your mail when you leave home and try to make sure your mailbox is secure.

What to do if you're a victim:

ACT FAST if you think you have been a victim of identity fraud

- If you receive any mail that seems suspicious or implies you have an account with the sender when you don't, do not ignore it.

- Get a copy of your credit report as it is one of the first places you can spot if someone is misusing your personal information - before you suffer financial loss. Review every entry on your credit report and if you see an account or even a credit search from a company that you do not recognise, notify the credit reference agency.

- If you have information about those committing identity crime please tell independent charity Crimestoppers anonymously on 0800 555 111 or at

- If you have been a victim of fraud, you can contact Victim Support for free, confidential advice and support. Victim Support is the independent charity for victims and witnesses of crime in England and Wales. Find out more at

- Individuals or businesses who have fallen victim to identity fraud should report to Action Fraud on 0300 123 2040 or online at

About Cifas

Cifas aims to make the UK a safer place to do business, by enabling organisations in every sector to prevent fraud and protect the public through the sharing of confirmed fraud data.

Cifas is a not-for-profit organisation and has over 360 members spanning the public and private sectors. In 2015 alone, Cifas members prevented over £1.1 billion of avoidable fraud losses by using Cifas databases. Cifas also offers Protective Registration for individuals whose identities are at risk of being used fraudulently, for instance after a burglary.

In 2014, Cifas launched a scheme called Protecting the Vulnerable. This service is offered free of charge to local authorities to protect those under the care of Court Deputies who are unable to access financial products and whose identities may be at risk.

Visit for more information

(2nd April 2017)

(Mirror, dated 7th March 2017 author Andrew Penman)

Full article [Option 1]:

Phone scammers posing as bank staff are calling customers then putting them on hold and playing holding music to make the call more convincing.

The fraudsters hope that the ploy will fool people into thinking that the call genuinely must be from their bank.

Victims are then persuaded to give personal financial information such as online banking log in details, warns The City of London Police's National Fraud Intelligence Bureau.

"Fraudsters are constantly developing new ways to make their calls more convincing so members of the public need to remain vigilant," said Stephen Proffitt, Deputy Head of Action Fraud.

"If you receive a cold call purporting to be from your bank, always end the call as soon as possible and call your bank back using the number on the back of your bank card or statement and ask to be put through to the fraud team.

"Tell them exactly what has just occurred.

"If you believe your bank details may have been compromised, you should report this to your bank immediately."

(2nd April 2017)

(BBC News, dated 4th March 2017 author Tony Bonsignore)

Full article :

All bank staff are to be trained to spot signs that a customer may be withdrawing cash to give to a scammer.

Police hope the scheme will help reduce financial crime by spotting scams before money has been handed over.

The plan is to train every single front-facing employee of banks, building societies and Post Offices.

Cash payments to fraudsters are typically much harder to trace than online payments with the vast majority of cases going unsolved.

Typical frauds of this kind include paying rogue builders, romance scams and elderly abuse.

The new scheme, known as the Banking Protocol, is aimed at ensuring banks and police are more active in protecting customers.

It is being run as a joint venture between the police, Financial Fraud Action - which represents banks - and Trading Standards.

All customer-facing bank staff will be told to look out for specific signs that a client may be the victim of ongoing fraud.

If they have suspicions, they are encouraged to call the police and give a special password.

Sixteen arrests

Police trained under the protocol will also commit to investigating the fraud as a priority - often visiting the bank branch, or the customer's home, immediately.

In some cases, they may be able to catch the criminal waiting outside the bank or the victim's home to collect the cash.

Bank staff taking part in the trial scheme in London made 178 calls to police which resulted in 16 arrests.

Banks say £1.4m has already been stopped from leaving customer accounts.

Police, Financial Fraud Action and Trading Standards have hailed the trial a success.

The scheme is expected to begin in the next few weeks with the first 16 police forces trained by the end of June.

''It just didn't add up'

Staff at one bank which has trialled the scheme helped stop a customer being swindled out of £13,000.

Ray, who is in his 60s, was approached by a builder at his home in London about some work on his house.

He had withdrawn £6,000 from his local branch after explaining to staff what it was going to be used for.

But when he returned a week later to take out another £13,000 he was recognised by staff member Ann-Marie.

She asked him questions about his cash withdrawal which raised suspicions.

Ray handed over the flier he had been given with the builder's contact details and staff gave him a call.

Ann-Marie added: "The person that answered wasn't very professional and the alarm bells started to ring. Plus the amount he [Ray] wanted to cash and the work he needed done just didn't add up."

Staff contacted the police who visited Ray the next day when the builder was at his property.

Officers did a background check on the builder and which uncovered suspicious activity and he was arrested.

Finance Fraud Agency (FFA) :

(2nd April 2017)

(Computer Weekly, dated Feb / March 2017 author Warwick Ashford)

Full article [Option 1]:

The National Trading Standards (NTS) eCrime Team has issued a warning about a scam targeting those looking for help with printer problems.

The eCrime Team provides a national resource to support all local authority areas in England and Wales, tackling the increasing threat to businesses and consumers in relation to internet scams.

The "printer helpline scam" differs from most scams as it requires consumers to contact the criminals directly using fake "helpline" numbers in online adverts in search engines results or social media.

According to the eCrime Team, the criminals behind the scam are gaining remote access to people's computers by pretending to help them to resolve their technical problems.

Once victims have allowed access to their systems, the criminals are stealing personal information, including bank account details, and infecting computers with malware.

One particular criminal group, which claims to be affiliated with a wide range of technology brands and printer manufacturers, takes control of victims' computers and demands payment to release them.

Figures from Action Fraud, UK's national reporting centre for fraud and cyber crime, reveal that cases such as computer service fraud, which includes scams such this, have risen by 47% since 2014.

"This printer helpline scam is particularly pernicious because it encourages victims to unknowingly contact the fraudsters of their own accord," said Mike Andrews, lead co-ordinator of the NTS eCrime Team.

"While victims expect they will receive help with their printer problems, they have in fact been lured into a trap and find themselves at risking of losing money, important personal information and also have their computer security compromised."

Toby Harris, chair of NTS, urged people to be particularly vigilant about this scam and to use official printer helpline details or consult the official website of the manufacturer for helpline details.

"If you have fallen victim to a scam or see suspicious activity online then please report it to the Action Fraud and to Citizens Advice on 03454 040506," he said.

National Trading Standards is advising people be suspicious of helplines asking to take remote control of computers to fix printer problems.

The eCrime Team said organisations should ensure that their anti-virus and online security software is kept up-to-date to reduce the risk of unwanted pop-ups on-screen that may advertise fraudulent services.

(2nd April 2017)


uaware pre-amble

Yes, I know, these are North American articles. It still shows the type of problems that are circulating about.
Internal Revenue Service (IRS) can be translated into HMRC and fraudsters do do that. The other problem (if you can call it that) is services such as Facebook, Twitter etc are global; making scams easier to transport between countries.

(INC. , dated February 2017 author John Rampton)

Full article [Option 1]:

Despite the numerous anti-fraud efforts utilized by businesses and consumers, the threat of a being becoming a victim of a cyber attack or scam is persistent. This isn't just costly, it's been estimated that the median loss caused by fraud was $145,000 in 2014, it's also frustrating, can do serious damage to your brand's reputation, and could months, if not years, for you to completely cover.

That's why it's imperative for you to be proactive when it comes to securing either your business or personal information. Having updated anti-virus software, using unique passwords, and using some common sense are a start. But, since scammers are always changing the rules to the game, you also need to stay up-to-date on the latest scams, like these 10 payments scams.

Top Banking Malware of 2016

According to the Check Point 2016 H2 Global Threat Intelligence Trends report, these were the most common of 2016;

Zeus 33% - This Trojan targets Windows platforms to steal banking information via man-in-the-browser keystroke logging and form grabbing.
Tinba 21% - A banking Trojan that steals victim's credentials whenever using web-injects and is activated when users attempt to login to their bank website.
Ramnit 16% - Another banking Trojan that steals banking credentials, FTP passwords, session cookies, and personal data.

Form W-2 Scam

This phishing scam, which is formally known as a BEC (business email compromise) or BES (business email spoofing) attack, first appeared in 2016. But, it's back with a vengeance in 2017. According to the IRS, this is "an email scam that uses a corporate officer's name to request employee Forms W-2 from company payroll or human resources departments" where cyber criminals pretend to be an "executive" to obtain employee names, SSNs and income information so that they can file a fraudulent tax return.

The latest variation of this scam, however, asks payroll or HR staff to wire money to a certain account.

Vishing and Smishing

These scams aren't exactly new, but with the mobile revolution in full swing, they could cause havoc for unsuspecting victims like this woman from the UK and these individuals in the Czech Republic.

Vishing is where a scammer calls you and pretends to be from your bank or a trusted institution like Microsoft. They trick you into thinking that there's an emergency so that you'll willingly hand over account information or download malicious malware.

Smishing, which is short for SMS phishing, works just like phishing in that you're duped into downloading a Trojan horse or virus. However, instead of downloading like this virus from an email, you download it onto your phone via SMS. The most prevalent mobile malware in 2016 was Hummingbird, Triada, and Ztorg.

PayPal Phishing Scam

If you're a PayPal user, you may receive an email that includes the PayPal logo, a well-written message, and even some fine print that informs you that you most login into your account to resolve some issues. You're then directed to click on a link to sign into your account. But, instead of logging into your PayPal account, you're actually logging into a fake page. Now the scammers have all of your PayPal credentials.

To make matters worse, some of these pages are requesting information like the user's address, phone number, social security number, and date of birth.

Venmo Scams

Venmo has quickly become one of the most popular payment apps available. It makes it painless to pay back friends or family and even split bills. However, it's also a hotbed for payment scams.

As reported in VR-Zone; "A man selling his car on Craigslist was scammed out of $1,800 when the buyer agreed to transfer the money via Venmo. According to the seller's report, he confirmed the payment when he received a deposit into this Venmo account. Things went smoothly until Venmo reversed the payment. The car title was already signed over, and the seller was out $1,800.

In another incident, a man selling iPhones over the holiday was scammed out of over $5,000 in a blink of an eye. He saw the money coming into his account, and then after everything was finalized the money was taken back by Venmo."

"These Venmo scams work so well because the scammers know a few things that you don't," writes Alison Griswold for Slate. "They are taking advantage of your assumption that because transacting on Venmo is simple and quick, it is also always safe."

The easiest way to protect yourself on Venmo is to only transfer funds to and from people that you know.

Sneaky Social Media Scams

It's not uncommon for you to catch ads or unsolicited content while on your favorite social media channel. However, like Venmo, social media has become a hotbed for fraudsters. Here are a couple of the more prevalent social media scams to be cautious of;

- Instagram money-flipping scams where a scammer promises that they can help you turn your pictures into card-hard-cash. After sending the initial payment, you never hear from the scammer again.

-Facebook charity scams where you purchase products at unbelievable prices from a fake website.

- Other Facebook scams, such as of pop culture quizzes, free product contests, salacious fake news stories, photos of baby otters, can contain malware links that of pop culture quizzes, free product contests, salacious fake news stories, photos of baby otters before viewing the content.

- Customer service scams on Twitter where hackers pretend to be from a legit organization in order to obtain personal information, like a login, password, account number or PIN, or they may direct you to phishing sites.

- WhatsApp scams that promise a gift card if you complete a survey. In reality, it's a trick so that scammers can steal personal information.

Amazon Gift Cards

According to the Federal Trade Commission, scammers are asking people to buy big online purchases, like a car or a boat, with an Amazon gift card. "Posing as sellers, scammers say they need to sell a car fast -- maybe they're in the military or about to deploy. They tell you to pay with an Amazon gift card."

"Don't do it. Amazon gift cards aren't a way to pay someone -- you can only use them at So if someone asks you to pay with an Amazon gift card, it's a scam. If you share the code from an Amazon gift card with someone, you're giving that person control of the money on the card. By the time you realize it's a scam and report it, the money will likely be gone."

Fake Altcoin Sites

Cryptocurrency scams have been around since the launch of bitcoin in 2009. However, with eCash becoming more widely embraced by the mainstream, many newbies who want to start investing in cryptocurrency may fall victim the increasing amount of fake altcoin sites.

Examples of these sites include OneCoin, S-Coin, and Earthcoin. Another site, which appears to have been shutdown, is Hashpoke.

To avoid getting scammed, do your research before handing over money to a new or lesser known altcoin site. Look for reviews, trust your instincts when reviewing their website, and stick with reputable bitcoin alternatives like Litecoin or Dash.

Calling the "Issuing Bank"

If you have a brick-and-mortar location, you may encounter a customer whose credit card is denied. They angrily call their "issuing bank" from their cell phone. Once they're in contact with a "representative," they hand the phone over to you so that you can be informed that the card is good and the transaction can be authorized offline. In good faith, you complete the transaction.

According to Heartland Payment Systems, when your monthly statement arrives, you notice a "Code 72 dispute (i.e., the issuing bank received a transaction that was not authorized). The jewelry store's account is debited and a chargeback reversal is denied."


Scammers are always modifying their techniques and using the latest technology to trick you into submitting financial information. In order to stay ahead of these nefarious individuals, follow basic security protocols like not opening links from unknown senders, never sharing account information or information with anyone over-the-phone, avoiding public WiFi, and using anti-virus software, firewalls, and tools that detect malware.

You also need to educate yourself, and your team if you're a business owner, on the most common security threats and stay updated on the latest scams and trends by frequently visiting sites like the Federal Trade Commission's Scam Alerts page and reviewing the previously mentioned Global Threat Intelligence Trends.

Most importantly, don't be complacent. Just because you have anti-virus software and use common sense doesn't mean that you're 100% safe. For example, digital wallets are fairly secure, but some are known to have bugs and security flaws. And, there's always the instances of human error during the card-setup process. In short, make sure that your accounts are set-up properly and that you constantly review your account activity.


(CBC News, dated 1st March 2017 author Roshini Nair)

Full article [Option 1]:

Canadians lost a reported $90 million to scams last year, but the total could be much higher, according to the Better Business Bureau.

The BBB's newly released list of the top 10 scams of 2016 includes information from the bureau's scam tracker website, the Canadian Anti-Fraud Centre and concerns from community partners.

Danielle Primrose, president of the Better Business Bureau of Mainland B.C., said the biggest scam last year involved fake employment recruiting.

"Even though it wasn't the largest reported loss, it was reported all across Canada," she said.

As part of the scam, callers "hire" people over the phone or online, and ask them for banking information so they can get paid. Instead, they get robbed.

"The scammers are getting very savvy now," said Primrose. "They're getting people to fill out a lot of paperwork and they make it look very official. They'll send you a signing bonus and then ask you to wire money back or send it to another employee."

Other scams that made the top 10 this year included online dating, investment fraud and the notorious Canada Revenue Agency (CRA) tax hoax.

Unreported losses could be much higher

In addition to getting more savvy, the scammers are also getting more profitable, according to Primrose.

The $90-million loss is much higher than in 2015, when $61 million in losses was reported, and 2014, when scammers took $71 million.

While the higher number could be due to increased reporting, Primrose said the vast majority of scams remain unreported.

"We think [$90 million] is only around five per cent of the total loss," she said. "If you do the math, it could be as high as $1.8 billion."

Primrose said many people are reluctant to report a scam because they are embarrassed or don't know where to report. She recommended contacting a local authority or the Better Business Bureau.

Even if you have already been scammed and lost money, it's still important to report it as the statistics are helpful to track the scam, she added.

Top 10 scams (Canada)

Here are the top 10 scams of 2016 and how much was lost based on the people reporting them:

Employment: $5.3 million.
Online dating: $17 million.
Identity fraud: $11 million.
Advance fee loans: $1.1 million.
Online purchases: $8.6 million.
Wire fraud spear phishing: $13 million.
Binary option scams: $7.5 million.
Fake lottery winnings: $3 million.
Scam involving person claiming to be from CRA: $4.3 million.
Fake online endorsements: Amount unknown.

Better Business Bureau (Scam Tracker - North America) :


(1st March 2017)

(London Evening Standard, dated 27th February 2017 author John Dunne)
Full article and photograph [Option 1]:

Elderly women have been tricked out of thousands of pounds by a man pretending to be a courier.

Detectives say the victims received phone calls telling them they had to hand their bank cards and PIN numbers to a courier for security reasons.

The cards and numbers were then used to take cash out of the women's accounts.

Police have issued this image of a man they wish to identify and speak with in connection with the incidents, which all took place in south London.

The first incident took place on November 14 last year at around 10am, when an elderly Croydon woman in her 80s was targeted.

A man was later seen in a Beckenham branch of Barclays Bank using the cards to take £1,000 out of her account.

The second incident was reported in Thornton Heath at about 3pm on Friday January 6 when a woman in her 70s was defrauded.

The suspect was seen withdrawing £5,600 from a cash point at Barclays in Thornton Heath.

Another elderly woman - aged in her 80s - was called by a man purporting to be from her bank at about 2pm on Monday, January 23.

The suspect kept her on the phone for more than two hours and warned her if she didn't hand over her cards and PIN numbers she would be arrested and sent to prison.

A courier collected her cards and withdrew £500 from her account at a cash point in Norbury.

The suspect is described as a black man, about 5ft 8in to 6ft tall, with dreadlocks or braids tied up at the back.

During one of the incidents he wore glasses and distinctive red tracksuit bottoms with the number 23 in white on the right thigh.

People with information are urged to call Detective Sergeant Natalie Reseigh from Croydon CID on 101 or Crimestoppers on 0800 555 111.

 uaware comment

Just because this criminal has operated in South London doesn't just mean he will operate only in that area.

(1st March 2017)

(BBC News, dated 15th February 2017)

Full article [Option 1]:

A fraudster has been jailed for conning money from women he met through dating websites.

David Coombs also targeted people in hospitals in Hampshire and Dorset, pretending to be a wealthy businessman.

The 52-year-old, of Hunston Road, Chichester, had previously pleaded guilty to nine fraud offences committed in 2015.

He received a four-year sentence at a hearing at Southampton Crown Court.

Police said his victims were aged between 49 and 83 years old.
'Immeasurable effect'

Coombs would strike up relationships with them before asking to borrow money claiming his wallet had been stolen or his card mistakenly blocked by his bank.

He purported to be a wealthy businessman, employed by an interior design company, and claimed to have multiple properties and offshore bank accounts.

Coombs came to the attention of police after one woman he had been in a relationship with contacted them when he began to harass her.

Det Sgt Will Whale said he had been "spinning a web of lies" over 22 months.

"His persistent offending has had an immeasurable effect on the lives of his victims, not just financially but also psychologically."

(1st March 2017)

(The Guardian, dated 11th February 2017 author Sofija Stefanovic)

Full article [Option 1]:

On 2 February, at the cusp of Valentine's Day, the Los Angeles sheriff's department warned of the "growing criminal epidemic" of romance scams during a community meeting called Love Hurts. Romance scams are a type of online fraud, in which criminals pose as desirable partners on dating sites or email, win the hearts of their victims and end up fleecing them of their money. Lt Antonio Leon said the forum's name was tongue-in-cheek, "but the truth of the matter is that love really does hurt, for some people".

According to the Internet Crime Complaint Center, last year romance scam victims lost $173m in California alone. Ouch. And that's just the reported scams; victims are often too embarrassed to report they've been duped.

So how is it possible people still fall for them? That's the attitude I used to have - until I got involved with a scammer myself, and things got messy.

I met "Cindy" via my spam folder, not long after I moved to New York City from Melbourne. "If you would be interested for a serious friendship hit me back with more details about yourself. I am 26 years old, I live alone in Senegal." Yes, Cindy was obviously a scammer. And knowing this, I got back to her.

Let me back up. I'd become fascinated with scams back when I lived in Australia. Back then I was researching them for a TV show. Scams were a hot-button topic, and I went to a victims' support group to learn more. That's where I met a widower named Bill.

"I just wanted someone to hold me," Bill said, explaining why he joined a dating site in the first place. He met someone, fell in love, and was eventually left bankrupt. Bill and I became friends. He was a smart, worldly man, and I was baffled as to how he could have fallen for a scam.

Just before I left Australia, Bill and I celebrated his 80th birthday. We talked about his scam, and Bill said something that stuck with me. He said that in the back of his mind he knew he was being scammed, but he kept sending money because couldn't bear for his relationship to end. This fascinated me - it seemed his loneliness overrode his common sense. Even as Bill and I spoke about the detrimental effects of scams, I was pretty sure he was still sending money overseas. I suspected that when I left his place, he'd jump online and give himself over to his scam once more.

Not long after, I moved to New York with my boyfriend, Michael. Michael went to work in an office and made new friends, while I stayed home and researched scams. I was haunted by Bill's story, and I wanted to write about lovelorn victims like him, but I also wanted to find out more about perpetrators - those who leech victims of their money.

And that's when Cindy's email arrived. I got a notification that Cindy wanted to talk via Gchat, and voilà, I thought: I had my guinea pig scammer.

In customized curly rainbow font, Cindy asked what the weather was like in Mumbai, which made me realize she had her wires crossed between me and someone else she was scamming. I decided there was no need to correct her, for now, so I Googled the weather in Mumbai.

Cindy sent a photo: a pretty, ponytailed woman about my age, with a full build, leaning against a car. Scammers often steal photographs online, and though I knew that the "Cindy" I was chatting to was probably not the woman in the photo, it was easier to attach a face to the name. So whenever I communicated with Cindy, I pictured the woman leaning on the car.

The soccer World Cup was starting, and in Australia I'd always watched with friends. Cindy said she wasn't into soccer, but that she'd make an effort to watch because I liked it, and that's the sort of thing people in relationships did for each other. According to her, we were dating.

So while my boyfriend was at work, my Senegalese girlfriend and I watched soccer and chatted online. When my boyfriend wasn't at work, I tactfully closed my laptop, because I preferred for him not to think I was chatting to a scammer all day.

Cindy was either the most attentive person I have ever semi-dated (ready with a "hi babe!" the second I came online) or she was a team of people. I knew scammers often worked for syndicates, taking shifts, communicating with dozens of victims at once, referring to dossiers ("she is into World Cup soccer", mine might say). Whether Cindy was a lone wolf or a group, I took comfort knowing I was chatting with someone real - which was better than talking to my dogs - so I'd rattle off my opinions on Brazil's team into a chat box and wait for Cindy's immediate ping of response.

And then, one day, Cindy asked for my photo.

Cindy surprised me by saying she believed women should date men, but that she had fallen in love with me

This was a problem, as she still thought I was a middle-aged Indian man. I decided to come clean. "I am a woman. I hope you won't be angry with me," I said, assuming she would dump me and move on to a more trustworthy victim.

But Cindy surprised me by saying she'd been brought up believing women should be with men, but that she had fallen in love with me, and was willing to take a chance on a same-sex relationship if I was. I found this simultaneously funny, confusing and endearing. She asked for a photo, and, slightly baffled by this turn of events, against all reason, I sent one.

That night she sent an email:

"The feelings I have for you is true and will last for Eternity as long as you accept me in your heart just as I have accepted you.

"I love you. I Love Every little thing about you.

"I love your Cute smile, your magical eyes, and the sound of your words."

And though I was fully aware that Cindy had cut and pasted this from somewhere, and I knew that a scammer's job was to stroke victims' egos, I couldn't help but glance at the photo I sent Cindy to see if my eyes did indeed look magical.

Cindy asked me to call. Suddenly my scammer had a voice, which didn't sound like that of a criminal, but of a tired woman keeping her voice down. A baby started crying and Cindy was quick to say it was someone else's kid. I wondered if she was lying. Does she have a partner, I thought, or is she a single parent?

Then Cindy told me she was being evicted, and she needed $140. And there it was: I'd been expecting her to ask for money all along, except suddenly I wasn't ready for it. Cindy was no longer a random email in my spam folder. She was a person on the other end of the line, asking for help. It was suddenly hard to just say "no".

Instead, I beat around the bush like a coward. I pretended I had a friend whom I'd told about Cindy, and the friend suggested Cindy might be a scammer. Cindy acted outraged at the suggestion, and our conversation petered out, with me saying I couldn't spare the money.

I Googled Senegal and discovered that almost 50% of its population lived in poverty. Who's to say Cindy wasn't being evicted? I thought. Right on cue, an email came from Cindy. "My life is not easy," she said. "I am trying to survive as a responsible girl. I do not go out to sell my body like some other girls do here."

I knew scammers rarely got arrested; it was a relatively safe crime. If one of the other options was sex work, I could see that chatting to amorous westerners on the internet would be more appealing. Could I blame her for what she was doing? I felt like a jerk for stringing her along.

I decided to write an email, from the real me, to the real Cindy. I intended to tell her a bit about me, but I found myself telling her a lot. I told her my family came to Australia when the war in Yugoslavia began, and that my dad died when I was a child. I wrote that when we moved to Australia, my parents never thought we'd be split up again, yet I'd voluntarily moved to New York City, and I felt guilty. I said I felt lonely and friendless.

I wasn't sure why I told Cindy all this, but in hindsight I think it was because I wanted her to like me. And as I wrote, I found myself tearing up. I told her I didn't blame her for being a scammer, and that I wanted her to be honest with me. I said that if she told me about her real life, about scamming, I would find some money to send her.

She wrote back ignoring most of what I said, emphasizing that she was not a scammer - and including her Western Union details. I felt a pang of annoyance and embarrassment for opening up to her. Did she think I was an idiot? Cindy and I went back and forth playing this game: me offering money for the truth, and Cindy feigning ignorance. We were at an impasse.

Finally, Cindy snapped. She called me a wicked, selfish woman. She said she never wanted to hear from me again. And for the first time in a long time, my computer went silent.

After Cindy dumped me, I felt like I understood Bill better. He knew in the back of his mind he was being scammed, but he chose to keep going so he wouldn't end up where I was. Bill had made excuses for his scammer, just like I'd made excuses for Cindy.

It reminded me one of those bad relationships where you're willing to overlook so much because you don't want to be alone.

Romance scams, I decided, weren't about being tricked by someone, they were about tricking yourself - telling yourself lies, to keep loneliness at bay.

(1st March 2017)

(Forbes, dated 19th February 2017 author John Wasik)

Full article [Option 1]:

My wife received a letter from Canada the other day. It was neatly typed, but had no return address.

The first paragraph sounded promising, noting an "inheritance opportunity" with "genuine intentions." Not suprisingly, letters that start this way are anything but genuine.

According to the letter, an unknown relative of my wife died in Canada in 2007: "Unfortunately, this customer died intestate leaving his bank account with an open beneficiary status."

At the end of the second paragraph, the good news emerges: "I would like to present you to our bank as his next of kin to claims the dormant account worth $6.9 million."

Oh boy, this fellow wants to help us claim $7 million from a relative my wife never knew she had -- in Canada, no less. The money sure could come in handy!

Of course, this letter, if we reply to this fellow, is going to request our bank account and other financial information, perhaps even a Social Security number. Then he will either sell this information or just fleece us by opening up fraudulent credit card or other accounts. He'd also ask for a fee to cover transaction costs, which, of course, we'd never see again.

What tipped me off immediately? Here are the danger signals:

-- No return address. Just a personal email is provided.

-- No banking identification. Although "Richard Atkins" claims to be "an account manager with the Royal Bank of Canada," why isn't it on official stationery? Even if bank stationery was faked, if someone was trying to track you down for an inheritance it would be through certified mail and most likely through a law firm.

-- The name used in the letter. Only my wife uses the surname in the letter, so it's not possible she would have another relative with that name.

-- Request for more information. The letter closes with "I will discuss more details...this is an opportunity of a lifetime." Well, this is not about a sweepstakes. Had we followed through to give this guy our personal information, we would've gotten into trouble. The letter might also ask us to send cash "to complete the transaction."

"Similar to the Nigerian Scam and the foreign lottery fraud, the promise of untold wealth is used to distract the overly trusting away from the sorry fact that they are being asked to send money," notes

"In all three cases, the con works the same way: after being mesmerized by the vision of riches to come, those being taken advantage of are required to open their wallets and whip out their checkbooks to bring about the happy event. There is no dead Uncle Fred, no rich deceased Reese. It's all a lie told to part you from your cash."

Moral of the story: Windfalls happen, but you should be able to verify them and not provide any money or information that can be used to fleece you.

(1st March 2017)

(The Telegraph, dated 19th February 2017 author Jessica Gorst-Williams)

Full article [Option 1]:

Note : This is a question and answer article.


Some years ago I bought an investment in the carbon credit market.

Then three years ago I got caught in a scam via a Spanish company. It wanted £1,500 upfront, which I paid. Fortunately I was able to retrieve this as I had used a credit card.

Having consigned this to the past, I recently received a call from someone else advising that he had a customer for my carbon credits who was willing to pay more than £30,000.

He put me in touch with his "floor manager" who explained that an upfront payment of £8,000 was necessary to put all the legal documentation in place. This fee was to be completely refundable on completion of the deal.

I am totally unprepared to commit such a lot of money with such uncertainty.

I would dearly like to recover this investment but not at such a risk. What do you think?

By the way, the deal "has to be completed by Friday".

DB, Middlesex

Answer / response

Some fraudsters were quite recently jailed for cheating dozens of people out of millions of pounds by deliberately selling carbon credits they knew to be worthless or of only nominal value.

What you describe has the hallmarks of a scam and you are quite right not to be falling for it.

You have been caught out in the past so it is likely that you are on a "suckers' list", with your details circulating among fraudsters.

You do not say who you originally "bought" the carbon credits from but I hope it was for far less than the sum it is being alleged they could be sold for now.

Cold callers touting any investment offers should be treated with extreme caution. You can safely assume that all will be bogus. The adage, "If it seems too good to be true, it probably is" is as relevant today as it ever was.

Be suspicious of any transaction that requires an upfront fee in such circumstances. And always consider why it is not being suggested that the fee should be deducted from the proceeds.

The haste you describe is a common tactic designed to blind victims to sheer common sense.

When I tried the 0203 phone number you had been given and which you thought was bona fide, it seemed to be re-routed halfway around the world and I gave up.

Moreover, the firm that called you this time is now on the FCA's website for providing financial services or products without the regulator's authorisation.

See or call 0800 111 6768 for any queries.

Postings on this website do take time to go up and the fact that a firm isn't featured on the blacklist doesn't necessarily mean it is OK. This site also has a useful page featuring carbon credit trading.

Con men operate through charm, persuasion and flattery, and sometimes by inventing their own hard-luck story. They tend to have an instinctive nose for their victims' weaknesses and prey on loneliness.

Do report all such occurrences to the FCA.

(1st March 2017)

(London Evening Standard, dated 17th February 2017 author Benedict Moore-Bridger)

Full article [Option 1]:

Holidaymakers were urged today to be wary of "fake" booking websites that are fleecing customers of significant sums of money.

Several new alleged scams have been detected this month after hundreds of travellers were taken in by similar sites last year, the boss of a leading holiday booking website today warned.

Nick Cooper, founder and co-owner of Villa Plus, said cyber-criminals were again targeting holidaymakers by fraudulently advertising homes and taking cash for bookings.

Villa Plus said it contacted police after discovering its properties were being advertised on websites without the owners' knowledge or consent. Last year, fake sites conned hundreds of people and a police report said holidaymakers lost £11.5 million in 2015 in booking scams.

Mr Cooper said there had been a marked increase in the number of fake sites since August, claiming that it could take months for web hosting companies to shut them down. He said: "Scam websites are promoting villa rentals, where there is seemingly no intention of providing any service other than to steal customers' money, and more must be done by those responsible for hosting the sites to shut them down.

They are operating illegally, and it seems, with impunity. Our solicitors have attempted to get the host of the sites in question to take action but they have unfortunately refused to do so in the absence of a court order."

Mr Cooper said the scams could be very sophisticated, typically involving websites with search results showing plenty of peak season availability and professional photographs of villas copied from genuine websites.

Villa Plus contacted Action Fraud on February 7 to report the apparent deception.

In a letter, Pauline Smith, head of Action Fraud, the national centre for reporting fraud and internet crime, said the case would be sent to City of London Police's National Fraud Intelligence Bureau which would assess whether there was "enough evidence for the police or Trading Standards to investigate your fraud".

A police source said two websites, and, were being shut down in response to an alleged fraud.

The source said: "We are using the tools available to protect other holidaymakers from falling prey to the same scam websites. Any prosecution of the website owners will be a longer job to prepare."

A City of London police spokesman confirmed it had "requested that two websites be suspended", meaning they will not be able to trade under those domain names.

He said: "Following an allegation made to Action Fraud the City of London Police has requested the suspension of website domains suspected of being involved in fraud.

"The Internet service provider has since taken down the websites."

City of London police commander Chris Greany, national co-ordinator for economic crime, said: "When booking a holiday, it is vitally important you take your time and follow a number of basic checks designed to protect you from falling victim to a fraud.

"These include researching the name of the company online you are considering using and ensuring it is a member of a recognised trade body. It is also key that you make sure the website is legitimate by carefully checking the domain name and pay with a credit card, rather than using a debit card or cash."

Last year City of London Police requested the suspension of 160,000 websites, bank accounts and phone lines used by fraudsters to commit crime, the spokesman added.

Policing fraudulent websites is notoriously difficult because site owners can make subtle changes to the domain names in order to keep operating and websites based outside the UK are much harder to control.

Last year, a report by the NFIB revealed fraudsters stole £11.5 million from holidaymakers and other travellers in 2015, a 425 per cent increase on the previous year.

The most common types of fraud related to accommodation, with scammers conning travellers by setting up fake websites, hacking legitimate accounts and posting fake adverts on websites and social media.

Luxuryrentalsvilla and cycladesrentals did not respond to requests for comment.

(1st March 2017)

(The Telegraph, dated 10th February 2017 author Telegraph Reporters)

Full article [Option 1]:

A cold caller "hounded an elderly couple to their deaths" by bombarding them with sales calls and leaving them more than £74,000 in debt, a court heard.

Barbara Stone targeted John and Olga Moyle on a daily basis from as early as 7.45am and convinced the pair to place adverts in a lifestyle magazine for the small holiday home they owned in France.

The 62-year-old persuaded Mr Moyle to hand over £8,000 a month for almost a year, falsely promising non-existent sponsors would reimburse the money.

But not a single booking for the property, near Nice, was ever made - and the Moyles were eventually forced to sell the Shropshire home they had lived in for almost 50 years to pay off the debts they built up because of the scam.

Grandmother Mrs Moyle, 84, died just a month after the house was placed on the market in 2011. Mr Moyle, who had pleaded with Stone to stop, passed away four years later at the age of 83. A judge, Trading Standards, and the couple's daughter have all said they believe the "relentless" sales representative's actions played a part in their deaths.

At Nottingham Crown Court on Friday, Stone, of Winston, Leicester, admitted two counts of fraud by false representation between January and November 2010, and was given a 22-month suspended jail term.

Judge Stuart Rafferty told her she had "made people's lives a misery" and "hounded (the Moyles) to death".

The court heard Stone, who worked for a West Midlands-based? magazine, first contacted retired teacher Mr Moyle in 2010, offering to advertise stays in the two-bed holiday home he and his wife owned in the south of France, which required around £5,000 a year in upkeep.

For the next 10 months, she inundated the couple with calls, pressuring them into taking out more adverts in the publication. Mrs Moyle, who had also worked as a teacher, was suffering from cancer at the time.

Mr Moyle ended up spending all the cash he had taken from an equity release scheme on his home on the worthless adverts, as well as exhausting the couple's life savings and using a credit card. They lost a total of £74,139 and were also conned out of thousands more by another company, which Stone had previously worked for.

Left with nothing, the pair were forced to sell the village home they had lived in since 1964. After Mrs Moyle's death, her husband moved into a smaller property in nearby Ludlow with the financial help of his daughter, Franny.

She said: "The story of what happened to my parents is just astonishing and seven years on it still keeps me awake at night. I completely agree with the judge - they were hounded to death by Stone. My mother was ill - but the last year of her life on this earth was an utter agony.

"Stone would ring every day, putting my father under huge pressure - harassing him, when he should have been looking after his poorly wife. Whenever I tried to call I couldn't get through - the line was constantly engaged.

"It is quite clear to me that she targeted my father. She put him under huge duress, managing to secure £8,000 a month in advertising from them as a couple. My father didn't realise that amount of money was going out because he wasn't checking his accounts. He wasn't checking his accounts because my mother was dying."

Ms Moyle, 52, a writer and TV executive producer who lives in Hackney, London, added: "When they realised they had lost everything, and the house they lived in all their lives, it was, I suppose, a moment of great trauma.

"My father was a broken man. My mother was ever so brave and she put the house on the market with him. But within about a month of it going on the market, in February 2011, my mother died.

"Then he died four years later in the midst of misery, feeling he had brought this disaster on the family. Can you imagine his guilt? He cried himself to sleep for the last years of his life. And for what? A quarter page advert? A sales bonus? A pat on the back from a colleague? It's utterly horrendous."

Ms Moyle, who has three children, said her father wrote to the magazine? in June 2010 begging for the calls to stop, and saying he was "alarmed by the amounts which have been extracted from our account, for advertising with your paper".

But she added Stone was "straight back on the phone" and the harassment continued for another five months. The scam finally came to an end in November 2010 after Ms Moyle discovered what had been going on with Stone and her parents, calling in the police and Trading Standards.

She said: "When I found out what had been going on I was in shock, horrified. Stone must be without scruple. She has shown absolutely no remorse whatsoever. And I have contacted [the magazine]? - but they just said they would look into it.

"I believe that the relentless, daily telephone calls deprived my parents of normal life at a time when they most needed calm security and peace and quiet. I feel equally sure that the realisation that they had lost such a vast sum of money hastened my mother's death.

"My poor father, a man who had been so careful with money all his life and was then plunged into so much debt that he was forced to sell the home he and my mother had shared for almost 50 years, never recovered from the events of that year, which cast a shadow over the end of his life, and continue to cast a shadow over mine."

Ms Moyle said she didn't know how Stone had managed to get hold of her father's details, but thought it may have been through previous adverts he had placed about the French property in a cross-channel ferry magazine.

Speaking before he died in 2015, Mr Moyle said: "I do get annoyed with myself that I fell for it, but they're just persistent. The whole time I just wanted to get rid of it all because I had so much else on my mind."

The second fraud count admitted by Stone related to a £14,100 loss experienced by Jutta Patterson, who ran a dog rescue home in Shropshire. Mrs Patterson was led to believe that a sponsor would fund an advertising campaign in a magazine on behalf of the dog charity and the magazine would publish advertising for a year at a cost of £6,000, neither of which materialised.

James Delaney, from Trading Standards, described Stone as "heartless". "She embarked on a callous cold-calling campaign subjecting people to direct pressure, pressurised sales, and she was relentless in taking money from them fraudulently," he said.

"I hope it sends out a message that we will pursue any company that looks to make illegal gains fraudulently by misleading businesses and consumers. We would tell people to report it if they believe they have been a victim of a scam.

"Stone was callous and manipulative. She relentlessly targeted people who begged her to stop. Unfortunately the Moyles are not here today and I'm sure her behaviour had an impact on their final years."

Stone declined to comment as she left court. Her defence team in court said she was "stressed at work, eager to please bosses and did not receive any of the money".

Highest financial losses between January and March 2016

Coventry : 97
Tonbridge : 94
Brighton : 84
Bournemouth : 83
Swansea : 79
Norwich : 77
Redhill : 71
Chester : 64
Gloucester : 63
York : 62
Rochester : 61
Exeter : 61
Llandudno : 53
Hemel Hempstead : 48
Lancaster : 47
Lincoln : 31
Salisbury : 31
Dorchester : 28
Torquay : 27
Telford : 22

(1st March 2017)

(BBC News, dated 12th February 2017 author Zoe Kleinman)

Full article [Option 1]:

People looking for love online are being urged to do a search of phrases in the messages they receive to help them spot sweet-talking conmen.

A new UK campaign, starting on Sunday, aims to raise awareness about the growing problem of online dating fraud.

The campaign, Date Safe, suggests criminals are using love letter templates and an online search could flag up some of the stock phrases.

Police say the average dating scam victim is aged 49 and loses £10,000.

The new report, published by the City of London Police and the National Fraud Intelligence Bureau, also reveals that on average, money is transferred within 30 days of initial contact with the perpetrator.

Repeat victims

In a dating scam, criminals pose as potential matches and contact people seeking romance on dating platforms - then, after a period of correspondence and sometimes also phone contact, they start asking for money using various excuses.

The police report, which analysed data from the Action Fraud helpline, estimated that in the UK a victim files a report about dating scams every three hours.

Of those who stated their gender, 61% of the victims were female and 66% of the suspects were male, it said.

While most activity occurred on dating websites, the majority of the 15% that did not was carried out via Facebook, the report claimed.

It also said that 213 people admitted they had been a victim of a dating scam more than once.

"The growth in online dating has led to a rise in organised criminals targeting people looking for love," said Commander Chris Greany, of the City of London Police and National Co-ordinator for Economic Crime.

"These crimes destroy lives and the emotional damage often far outweighs the financial loss.

"Never give money to people you meet online, no matter what emotional sob story the person uses."

People are also advised to talk to friends and family about those they are in touch with online.

Dating scam 'packs'

Criminals can purchase scam "packs" containing love letter templates, photos, videos and false identities for as little as a few dollars on the dark web, said Prof Alan Woodward, cybersecurity expert at Surrey University.

"So many people fall for these scams that the price of the packs has dropped as it has become a high volume sale," he said.

"Social engineering is a very active black market.

"As dating scams are becoming more widely known, there is evidence that a follow-up scam has been developed where 'detectives' or 'investigators' offer to try to recover any money you may have been duped out of... for a fee," he added.

"Needless to say it is throwing good money after bad."

The Date Safe campaign is a partnership between Get Safe Online, Victim Support, AgeUK, City of London Police, the Metropolitan Police and the Online Dating Association.

(1st March 2017)

(The Telegraph, dated 12th February 2017 author Amelia Murray)

Full article [Option 1]:

Victims of fraud struggle to navigate the complicated process of reporting the scam and often feel that the criminals have more rights than they do.

Some victims seek help and information from the bank used by the fraudsters, only to be told that data about the criminals' accounts cannot be disclosed because of data protection rules.

When one reader, Alistair Black, paid £6,000 for a non-existent Harley-Davidson motorcycle on eBay, he thought the recipient bank would be best placed to stop the payment leaving the fraudster's account.

However, when he tried to report the fraud to Nationwide, the criminal's provider, it refused to help.

Banks have a duty only to their own customers - in this case, the fraudster - and could not tell Mr Black anything because of "data protection".

Mr Black also reported the crime to eBay, his local police in Rothesay, on the Isle of Bute, Scotland, and Action Fraud, the national cybercrime reporting service.

Mr Black, 62, a motorcycle enthusiast said he mentioned the fraud in passing to a staff member at his branch of Halifax, but didn't think it could do anything as he had instructed it to make the payment.

Mr Black said he felt that he had been a "bit of a fool".

He had used eBay for the first time and was drawn to the motorbike by its attractive price.

"I would've paid £7,000 for that bike. Or even £8,000," he said.

After extensive correspondence with the fraudster, Mr Black was convinced he was genuine seller who "wrote in perfect English and knew about bikes".

However, he did find it odd that when he asked for a phone number, the request was ignored.

Mr Black made a £6,000 bank transfer in his branch on November 1. When the bike failed to arrive as agreed that week, he contacted the buyer but got no response.

He contacted the organisations he thought would be able to help, but didn't realise that any remaining funds would need to be clawed back by his own bank.

###No word from the banks - and an unexplained delay

In mid-December, police told Mr Black that there was £2,500 frozen in the criminal's account.

Mr Black said this was the first he had heard of remaining funds.

According to Mr Black, police said the criminal had withdrawn £3,000 from a Nationwide branch in the south of England on the day of the transaction and then took out £500 from a cash machine outside.

It was then that Nationwide became suspicious and froze the account, although it would not say what caused the alert.

The building society then contacted Mr Black's bank, Halifax, to make it aware of the scam.

However, under data protection regulation, Nationwide was not permitted to inform Mr Black of the remaining funds.

Mr Black contacted Halifax on December 19 and asked it to get his money back.

However, the bank did not carry out his instruction until eight weeks later on February 6 - and then only with the involvement of Telegraph Money.

Halifax admitted it had been contacted by Nationwide on November 3 regarding Mr Black's transaction.

The bank claimed it "attempted to reach" Mr Black by telephone.

When it could not get through, it sent a letter, which Mr Black said he did not receive.

Halifax did not comment on what caused the delay, but has apologised to Mr Black and offered him £150 as a goodwill gesture. It explained to Mr Black that it would take six to eight weeks to get his £2,500 back.

Protecting the fraudster?

Numerous victims of fraud have told this newspaper that they feel the criminals have more rights than they do.

The recipient bank, which manages the account on behalf of the criminal, cannot communicate information about the fraudster's account, such as whether it was newly opened or if fake identity documents were used, because of data protection and other legislation.

David Clarke, a former detective and director of the Fraud Advisory Panel, a charity, said scam victims should be able to find out if there was any way the bank could have prevented it. And if the answer was yes, the banks should be viewed as "having facilitated the crime".

If police investigate the crime, they are unlikely to reveal details about the fraudster either. But such information could make the difference between getting your money back and not.

For example, David Burton was reimbursed £3,400 by TSB two years after he was tricked into buying a fake motorhome on eBay after police told him that the criminal had used false details to open the account.

The British Bankers' Association said the financial industry was working closely with law enforcement agencies to improve the handling of cases that involved suspicious activity.

A spokesman for Nationwide said: "In order to open an account, customers have to provide valid identity documents to verify their name and address. If there is any suspicion of fraud, an account would not be opened.

"Nationwide takes the protection of customers' money very seriously, and if we notice any suspicious activity, we will take action, as we did in this case."

(1st March 2017)

(BT Corporate website, dated February 2017)

Full notice [Option 1]:

Fraudsters use persuasive, high pressure tactics to scam investors. They may offer to sell you shares that turn out to be fake of worthless, or to buy your shares at a high price if you pay an upfront fee. Either way, the promised profits won't materialise and you'll probably lose your money. Here's how to avoid investment scams.

Remember: if it sounds too good to be true, it probably is!


1. Reject cold calls

If you've been cold called with an offer to buy or sell shares, chances are it's a high risk investment or a scam. You should treat the call with extreme caution. The safest thing to do is to hang up.

2. Check the firm on the FS register at

The Financial Services Register is a public record of all the firms and individuals in the financial services industry that are regulated by the FCA.

3. Get impartial advice

Think about getting impartial financial advice before you hand over any money. Seek advice from someone unconnected to the firm that has approached you.


If you suspect that you have been approached by fraudsters please tell the FCA using the share fraud reporting form at you can find out more about investment scams. You can also call the FCA Consumer Helpline on 0800 111 6768.

If you have lost money to investment fraud, you should report it to Action Fraud on 0300 123 2040 or online at

Find out more at

Further BT advice on scam prevention :

uaware Disclaimer

The uaware website considers the advice provided within this BT corporate notice as being sensible and concise. The uaware website does not neccessarily agree that these suggestions are the only precautions that should be taken.

(1st March 2017)

(Action Fraud, dated 26th January 2017)

Fraudsters are sending out a high number of phishing emails to personal and business email addresses pretending to come from ', with the subject line being 'Your Relish bill is ready'. This is a 'spoofed' email pretending to come from the London based broadband company 'Relish'. The emails contain a link which will redirect victims to a compromised website. Once at the destination website a .zip file containing concealed JavaScript will be downloaded onto the victim's device. This JavaScript is ransomware and will encrypt files on  the victim's devices and demand money (up to £1000) from the victim to recover the files.

Prevention Advice :

Having up-to-date virus protection is essential; however it will not always prevent you from becoming infected. Please consider the following actions:

- Don't click on links or open any attachments you receive in unsolicited emails or SMS messages. Remember that fraudsters can 'spoof' an email address to make it look like one used by someone you trust. If you are unsure, check the email header to identify the true source of communication. Details on finding email headers can be found online.

- Always install software updates as soon as they become available. Whether you are updating the operating system or an application, the update will often include fixes for critical security vulnerabilities.

- Create regular backups of your important files to an external hard drive, memory stick or online storage provider. It's important that the device you back up to isn't left connected to your computer as any malware infection could spread to that as well.

- Don't pay extortion demands as this only feeds into criminals' hands, and there's no guarantee that access to your files will be restored if you do pay.

- If you think your bank details have been compromised, you should immediately contact your bank.

If you have been affected by this, or any other scam, report it to Action Fraud by calling
0300 123 2040, or visiting

(4th February 2017)

(The Telegraph, dated 2nd February 2017 author Amelia Murray)

Full article [Option 1]:

Fraudsters are perfecting the art of impersonating large companies such as PayPal and Amazon, Britain's leading anti-fraud agency has warned.

A combination of improved technology and more accurate spelling and grammar is making the fake communication harder than ever to detect.

Tony Neate, of Get Safe Online, described the bogus messages as "highly convincing" which often appear to come from genuine addresses.

In many cases they indicate that some sort of error has been made - as a prompt to recipients to take action.

The fake Amazon email, below, looks just like an order confirmation but contains details and delivery date of a product that the recipient did not order, for example.

One message seen by Telegraph Money suggested the customer had purchased a hard drive for £129.11. Another confirmed the sale of six "Amscan International Baby Little Angel Costumes" for £69.49.

Other customers have reported receiving similar emails for TVs, cameras and iPhones.

The messages appear to come from legitimate email addresses Amazon UK and

However, correspondence from the UK arm of Amazon would be sent from an address ending in

These messages are designed to get customers to query the order by clicking on the link at the bottom of the email.

On one of the emails it says: "If you haven't authorized the transaction, go to the Refund page for full refund."

Other messages require similar action.

Customers who click through are typically led to an authentic-looking website, which asks victims to confirm their name, address, and bank card information, according to Action Fraud, the UK's cyber crime reporting service.

Action Fraud said one victim who entered his details had £750 stolen from his Nationwide account as a consequence. This was repaid by the bank after he reported it.

Those who use PayPal should also be on high alert as another convincing phishing scam does the rounds.

The text message, which using a spoofed phone number appears to come from PayPal, explains the customer account has been suspended due to unauthorized login attempts and offers a link for customers to click on to confirm their details.

These spoofed texts are especially concerning, according to Tony Neate, chief executive officer of Get Safe Online, the government-backed cyber safety initiative.

With spoofed emails, you can usually hover over the address and the real one is revealed.

However with texts, consumers may not know the real providers' phone number.

Mr Neate says spoofing contact details is easy to do. There are a number of websites who offer the service as a way to "prank" your friends.

"I'm not saying this sites are set up for criminals but are they taking into account that fraudsters are making use of the spoofing services as well as those looking for a laugh?" said Mr Neate.

raudsters use well known brands such as Amazon and Paypal to target numerous victims with relevant messages designed to cause panic.

While obvious spelling and grammar is improving in scam messages, Mr Neate suggested there are a number of suspicious signs to look out for.

He said, for example, "the "" would be a strange link for PayPal to use and the fact that they have also used the American spelling of "unauthorised" is unusual for a UK customer."

Mr Neate suggested those who are concerned about their online accounts should change their password and use different ones for each service.

He also suggested contacting the genuine company the fraudster is attempting to purport - in this case Amazon and PayPal - using the correct details.

A PayPal spokesman said all communication to account holders regarding account limitation would be sent to the secure message centre with their PayPal account.

Any concerns about fraudulent messages should be sent to

(4th February 2017)

(Good Housekeeping, dated 27th January 2017 author Diana Bruk)

Full article [Option 1]:

Police are warning cellphone users of a terrifying new scam, multiple news agencies report. The scam is brilliantly simple: all it consists of is a scammer calling from an unfamiliar number (but often one with a familiar area code) and asking, "Can you hear me?" It seems like a simple question, and most people would just answer, "Yes." In this case, however, the hacker records you saying "Yes" and then uses the response to authorize credit card or bill charges.

"You say 'yes,' it gets recorded and they say that you have agreed to something," Susan Grant, director of consumer protection for the Consumer Federation of America, told CBS News. "I know that people think it's impolite to hang up, but it's a good strategy."

While "Can you hear me?" seems to be the most popular question, scammers are using other questions that would prompt a "Yes" response, like "Are you the homeowner?" and "Do you pay the bills."

Fox News provided the following tips to avoid this scam:

- Do not answer the phone from numbers you do not recognize.
- Do not give out personal information.
- Do not confirm your number over the phone.
- Do not answer questions over the phone.

If you do receive a suspicious call, authorities are advising people to hang up right away and call 911. And if you've already received a call like this, make sure to carefully monitor your credit activity!

(Real Simple, dated 27th January 2017 author Brigitt Early)

Full article [Option 1]:

lthough criminals need more than a recorded "yes" to make purchases, they may already have access to credit card numbers and sensitive, identifying information that can be used to make charges. They can then use the recorded "yes" response in attempt to prove they gained your permission to make the charge.

Though it may be tempting to answer calls from an unknown number-what if it's someone you know who needs to reach you in a pinch?-the surest way to protect yourself is to let these types of calls go to voicemail. Anyone who needs to reach you will call back or leave a voicemail. If you do decide to answer, always verify the caller and never give out personal information. (Though scammers may claim to be from a credit card company or a government agency, legitimate requests from these organizations will never be made over the phone.)

uaware comment

I know the article is from the USA, but this type of scam is easily transferable into the UK. Think about the number of silent calls you have received over the last month. You answer the telephone, silence, you say "hello", then someone says "can you hear me ?". Then you reply.....YES !

(4th February 2017)

(The Telegraph, dated 29th January 2017 author Katie Morley)

Full article [Option 1]:

Around one million pensioners will be on "suckers lists" of people vulnerable to scams within two years, a lead researcher for trading standards has warned.

The number of victims is soaring at a rapid rate with the Government's database of 300,000 people expected to more than triple by 2019, according to Prof Keith Brown who conducts scams research on behalf of the Chartered Trading Standards Institute.

It comes just a day after the Government was accused of failing to inform 270,000 people that they were at risk of fraud, despite trading standards having held their names and addresses in a suckers list database for two years.

Suckers lists are made up of repeat victims who may have responded to mail scams, such as fake competitions and lotteries.The majority of victims are elderly and live alone.

Prof Brown said that without urgent action they would soon represent one of the biggest crime waves the UK has ever seen with around £10bn being stolen every year and rising.

He said: "The difficulty with cracking down on this is that it's often very hard to differentiate between criminals and 'legitimate' companies with no morals. This makes it very hard to prosecute. Even if someone gets caught conning an elderly person by charging them £2,000 for some vitamins, for example, it is not easy to get justice."

One solution to the problem would be for trading standards to pass suckers lists onto banks and other financial institutions which could then put a red flag next to victims' names. This would prompt further questioning from staff in the event of a suspicious transfer of money.

However under current laws sharing such personal details without permission is forbidden under the Data Protection Act.

Now experts including former pensions minister Sir Steve Webb are calling for amendments to the Act to give trading standards the powers it needs to distribute suckers lists to approved firms.

Following this newspaper's disclosures, the Department for Business has hinted that it will use a green paper due to be published later this year to announce a tougher, more effective regime to help people who are known to be vulnerable to scam victims.

A spokesman said: "While funding and prioritization for trading standards are decisions for local authorities, the Government is continuing to improve consumer protection.

"We will be publishing a green paper looking at where markets aren't working fairly for consumers and where the protection regime could be strengthened."

"This Government is committed to stamping out these appalling criminal scams that target elderly or vulnerable people. The Consumer Protection Partnership, Home Office and National Crime Agency are working together to educate, inform and protect those most at risk of scams."

(4th February 2017)

(SC Magazine, dated 27th January 2017 author Bradley Barth)

Full article [Option 1]:

A phishing email scam that warns PayPal users of possible fraudulent account activity in hopes of scaring personally identifiable information out of them is currently making the rounds.

According to a blog post from ESET, the phishing emails falsely inform recipients that PayPal has detected "unusual activity" on their accounts and has "temporary limited what you can do" until the possible security issue can be resolved. Clicking the log-in button on these emails redirects victims to what appears to be a legitimate log-in screen - it even displays an SSL certificate to sell its supposed authenticity - but is actually a fake PayPal web page hosted on a malicious domain.

After victims "log in," the fake PayPal site displays another message informing victims that they will not be able to withdraw funds for 15 days, unless the issue is addressed further. Those who click a "Continue" button to proceed are then asked to enter even more detailed information, including their Social Security number, address, phone number, birthdate and mother's maiden name.

As phishing scams go, this one is convincing, but there are still some clues that PayPal did not send this alert, ESET reported. For instance, the email contains minor grammatical and syntax errors, and the fake web page's request to enter your home country is unusual, considering it also asks for your Social Security number, which only applies to the U.S.

(4th February 2017)

(London Evening Standard, dated 27th January 2017)

Full article [Option 1]:

A man is being sought by police in connection with an Airbnb rental scam in London.

Detectives say the victim was conned out of £1,600 after responding to a listing on the Gumtree website for a property to let in Haringey.

The man was shown around the property in Sanford Road on September 18 last year by someone claiming to be the flat's landlord.

The prospective tenant then transferred an advance rental payment of £1,600 to an account, the details for which were provided by the fraudster.

Soon after the money was transferred contact with the bogus landlord ceased and he stopped replying to messages.

It emerged the man had gained access to the property via a short-term let on Airbnb, according to police, and had no authority to arrange for it to be rented out.

The payment of £1,600 was lost, having been paid to a "mule" account - controlled through details obtained from a stolen bank card - from where it had been withdrawn.

Detectives from Scotland Yard's Operation Falcon fraud and cyber crime unit released images of the man today in an attempt to identify him. [uaware note : see actual London Evening Standard article]

The image was taken while the prospective tenant was being shown around at the initial viewing. Police are trying to establish if the bogus landlord has been involved in other frauds associated with Airbub properties and to establish who gained from the fraud.

Action Fraud, the national fraud and internet crime reporting centre, says the most comon scam involving Airbnb is conmen advertising properties for rent on it without owners knowledge then convincing site users to transfer money into their bank accounts.

Anyone with information about the fraud should call 101 or Crimestoppers anonymously on 0800 555 111.

(4th February 2017)

(MONEY, dated 26th January 2017)

Full article [Option 1]:

Scammers are using text messages to try to con Nationwide building society customers into revealing their personal details.

The messages, which claim to be from Nationwide, ask the victim to verify a high-value purchase supposedly made on their card at a well-known retailer.

Victims are then urged to contact the Nationwide fraud prevention team on a phone number included in the text, which is actually controlled by the scammers.

Anyone who calls will be asked security questions aimed at stealing their bank details.

In one example shared by Nationwide to raise awareness, the message reads:

"Nationwide has noticed your card was recently used on 29-11-2016 at APPLE ONLINE STORE for 1976.00 GBP. If not you please urgently call fraud prevention on 03303800231 or Intl +443303800231. Do not reply by SMS."


Has anyone lost money?

Nationwide told The Sun that "a handful" of customers had fallen for the text message scam.

However, it added: "We were proactive, shut it down and customers received refunds on the same day. So no-one lost out. "It's important to be alert and take time to think before sharing financial details."

How to stay safe

While it's pretty easy to spot the scam if you aren't a Nationwide customer, it could look convincing if you did bank with the building society as you may well have received texts from them in the past.

It's worth noting that this scam can easily be tweaked to reference a different financial institution, so it's not just Nationwide customers who need to be vigilant.

As always when it comes to suspicious texts and emails, the key is to never respond directly.

If you want to verify the information contained in the message, contact your bank or building society on a number that you have looked up separately.

uaware comment


(4th February 2017)

(, dated January 2017 author Robert Hackett)

Full article [Option 1]:

Security researchers have identified a "highly effective" phishing scam that's been fooling Google Gmail customers into divulging their login credentials. The scheme, which has been gaining popularity in the past few months and has reportedly been hitting other email services, involves a clever trick that can be difficult to detect.

Here's how the swindle works. The attacker, usually disguised as a trusted contact, sends a boobytrapped email to a prospective victim. Affixed to that email, there appears to be a regular attachment, say a PDF document. Nothing seemingly out of the ordinary.

But the attachment is actually an embedded image that has been crafted to look like a PDF. Rather than reveal a preview of the document when clicked, that embedded image links out to a fake Google login page. And this is where the scam gets really devious.

Everything about this sign-in page looks authentic: the Google logo, the username and password entry fields, the tagline ("One account. All of Google."). By all indications, the page is a facsimile of the real thing. Except for one clue: the browser's address bar.

Even there, it can be easy to miss the cue. The text still includes the "," a URL that seems legitimate. There's a problem though; that URL is preceded by the prefix "data:text/html."

Normally the URL for Gmail looks like :

The BOGUS / FALSE login looks like :


In fact, the text in the address bar is what's known as a "data URI," not a URL. A data URI embeds a file, whereas a URL identifies a page's location on the web. If you were were to zoom out on the address bar, you would find a long string of characters, a script that serves up a file designed to look like a Gmail login page. THIS IS THE TRAP.

As soon as a person enters her username and password into the fields, the attackers capture the information. To make matters worse, once they gain access to a person's inbox, they immediately reconnoiter the compromised account and prepare to launch their next bombardment. They find past emails and attachments, create boobytrapped-image versions, drum up believable subject lines, and then target the person's contacts.

Google Chrome users can protect themselves by checking the address bar and making sure a green lock symbol appears before entering their personal information into a site. Because scammers have been known to create HTTPS-protected phishing sites, which also display a green lock, it's also important to make sure this appears alongside a proper, intended URL-without any funny business preceding it.

(4th February 2017)

(International Business Times, dated 25th January 2017 author Himanshu Goenka)

Full article [Option 1]:

Hacking and fake news have been in the news a lot lately, what with the allegations of Russians using both those tools to influence the outcome of the U.S. presidential election. And both those online risks come together in a seemingly innocuous but potentially dangerous form: phishing.

Put simply, phishing is the attempt to steal your personal information, such as passwords and financial details, using an email or website that looks like it is legitimate but is in fact merely designed to look like that to lull you into a false sense of security.

Diligent Corporation, a New York company that provides secure platforms for boards and leaders of other companies and organizations to share information, put together data from various sources that show phishing attacks have gone up by over 300 percent between 2013 and 2016. About 156 million phishing emails are sent around the world every day, of which some 16 million are not detected by spam filters.

So if you get one of these fishy-looking emails, how do you know if it is actually a scam? Diligent surveyed over 2,000 people, using an experimental setup, and came up with some possible answers.

Some of the warning signs it lists are: spelling and grammar mistakes; generic salutations that don't use your name; seems too good (or bad) to be real; is from an unknown sender; requests money or personal information; asks you to click on a link or download a file, while being vague.

Of the people surveyed, over half had been victims of some phishing scam or another. About 52 percent had an unauthorized charge on their credit card, 33 percent had their email accounts hacked and almost a quarter had their social media accounts compromised.

Some of the most effective phishing scams pretend to be sent from email addresses of people we know, such as friends or colleagues. The maximum number of people in the survey, over 68 percent, were fooled by emails that purported to be from a colleague to schedule a meeting the next day, followed by messages from friends claiming to share photographs on social media (almost 61 percent) or Dropbox (37.6 percent).


Co-worker - Schedule for our meeting tomorrow : 68.3%
Social Media - "Did you see the pic of you ? LOL : 60.8%
Dropbox - Click to view file someone has shared : 37.6%
Software Company - Compulsory update to secure your account : 26.7%
Social Media - New login system : 23.9%
Court - Order to apppear; notice attached : 22.1%
Major Bank - Click to restore account access : 16.6%
IRS (Tax) - You are owed tax refund : 14.7%
Online Merchant - Temporary Account suspension : 14.7%
Credit card - Open attachment to confirm account details : 14%
Contest - Voucher for lucky credit card holder : 5.7%
Contest - Big prize from soft drink company : 2.7%

(Source : Survey of over 2,000 people USA) - Diligent

In contrast, the least effective phishing scams were those that promised a tax refund from the IRS, or gifts of cash and vouchers.

Being wary of phishing emails has a flip side - marking genuine emails as spam. The survey found about 40 percent of genuine emails were marked as phishing attempts. Those aged between 35 and 54 were the best at being able to tell real emails from phishing attempts, while the 18-24 and over 65 groups fared the worst. Men and women were fooled almost the same number of times, 23 percent and 23.3 percent, respectively.

If you want to check your own ability to identify scam emails, Diligent has a shorter version of its survey, designed like a quick quiz, on its website that can be accessed here :

(4th February 2017)

(The Guardian, dated 24th January 2017 author Jill Treanor)

Full article [Option 1]:

The value of fraud committed in the UK last year topped £1bn for the first time since 2011, prompting a warning about increasing cyber crime and the risk of more large-scale scams as the economy comes under pressure.

The 55% year-on-year rise in the value of fraud to £1.1bn reported in the court system was recorded by accountants KPMG, which found that while the cost of fraud was higher the number of incidents was lower.

Highlighting a dramatic rise in cybercrime, KPMG's statistics included a £113m cold-calling scam for which the ringleader received an 11-year jail sentence in September. Feezan Hameed was caught after targeting 750 Royal Bank of Scotland customers in the biggest cyberfraud the Metropolitan police had seen.

Hitesh Patel, UK forensic partner at KPMG, said: "The figures for 2016 tell us two things. Firstly, that we can expect more of these super frauds as challenging economic circumstances place pressures on businesses and individuals and as technology becomes more sophisticated.

"Secondly, that this is going to put even more strain on law enforcement agencies who don't have the resources to investigate every report of fraud that they receive: getting the large, often cross-border and complex frauds to court is extremely time consuming and resource intensive. This places much more emphasis on businesses and consumers to protect themselves from fraudsters who will take advantage given the opportunity."

KMPG found £900m of fraud from just seven "super cases" - with a value of £50m or over - compared with £250m a year ago.

It pointed to a 51-year-old Leicester man jailed for six years for masterminding a £60m fraud to supply free cable TV using illicit set-top boxes, who promoted the business on internet forums and his own website.

Patel said: "Through the rapid rise of technology and online platforms, more people than ever are being targeted by fraudsters who have unrestricted access to a larger pool of victims. However, we are also seeing the internet being used by consumers who are being tempted to obtain goods and services that they have, or perhaps should have, a fair idea are not legitimate."

(The Register, dated 24th January 2017 author John Leyden)

Full article [Option 1]:

The total cost of fraudulent activity in the UK surpassed a billion pounds for the first time in five years, reaching £1.137bn in 2016 compared to £732m the year before.

Fraud against businesses was up sevenfold last year, with inside jobs committed by employees and management the most common method, as measured by alleged fraud cases reaching court.

"The figures include over £900m derived from just seven super cases," according to management consultants KPMG. "The surge in super cases, from £250m last year, may be a reflection of fraud becoming a more lucrative and practical proposition for those with the right skills and technology, or those in senior commercial roles."

A major cause for the overall increase was a surge in cyber-fraud losses of £124m, according the latest edition of KPMG's Fraud Barometer, out Tuesday. One case alone cost an eye-watering £113m via a boiler-room scam that involved crooks cold-calling prospective marks while posing as the security department of banks and tricking victims into handing over banking details.

Crime figures for England and Wales, put together by the UK Office for National Statistics and released earlier this month, featured the inclusion of fraud and computer misuse offences for the first time. A total of 3.6 million cases of fraud and 2 million computer misuse offences were logged. That's a record of crime reports, many of which won't lead to prosecutions, by contrast to the massive cases covering multimillion-pound frauds that are the focus of KPMG's Fraud Barometer.

Criminal structures supporting cyber-fraud exist in many forms and sizes from organisations comparable to Gus Fring's business in Breaking Bad to street-corner operations that security experts fear are drawing youngsters and the technically unskilled into its web.

Ilia Kolochenko, chief exec of web security firm High-Tech Bridge, commented: "What is particularly alarming is the rise of small online fraud committed by teenagers and people with almost no technical skills."


(4th February 2017)

(Action Fraud, dated 23rd January 2017)

Fraudsters are emailing members of the public who are expecting to make a payment for property repairs. The fraudsters will purport to be a tradesman who has recently completed work at the property and use a similar email address to that of the genuine tradesman. They will ask for funds to be transferred via bank transfer. Once payment is made the victims of the scam soon realise they have been deceived when the genuine tradesman requests payment for their services.

Protect yourself

- Always check the email address is exactly the same as previous correspondence with the genuine contact.

- For any request of payment via email verify the validity of the request with a phone call to the person who carried out the work.

- Check the email for spelling and grammar as these signs can indicate that the email is not genuine.

- Payments via bank transfer offer no financial protection; consider using alternative methods such as a credit card or PayPal which offer protection and an avenue for recompense.

If you believe that you have been a victim of fraud you can report it :

Online :

By telephone : 0300 123 2040

(4th February 2017)

(The Telegraph, dated 23rd January 2017 author Martin Evans)

Full article [Option 1]:

The number of people falling victim to so-called romance scams has reached a record high in Britain with almost 40 per cent of those affected being men, new figures have revealed.

Criminals, often based overseas, use online dating sites to pose as people looking for love in order to snare their victims.

After striking up a rapport and gaining the trust of the unsuspecting target, the scammer then quickly persuades them to part with money, often claiming it is to help pay for an emergency.

Last year almost 4,000 people came forward to report cases of romance fraud, but not all of those targeted were women.

At least 39 per cent of those who are duped are men, according to Action Fraud, the UK's cyber-crime reporting centre, which is operated by the City of London Police.

The majority of perpetrators are thought to be male organised criminals, who create fictitious online characters to target people of both sexes.

But police believe there are also a number of female romance scammers operating, who specifically target lonely men aged over 50.

In 2016 a total of 3,889 people came forward to report having been scammed, with a record £39 million handed over.

While the figure has risen sharply in recent years, police believe the figure is just the "tip of the iceberg" because many victims are too embarrassed to admit it.

Steve Proffitt, deputy head of Action Fraud, said each victim lost around £10,000 on average, but there have been cases where victims has lost far more.

In 2015 a businesswoman from Hillingdon in North West London was duped into handing over £1.6 million.

The woman thought she was communicating with an oil worker called Christian Anderson but was in fact exchanging emails with a gang of scammers who were originally from Nigeria.

When police eventually tracked the perpetrators down they found they had been using a seduction manual, entitled The Game: Penetrating the Society of Pick Up Artists.

Last year the Royal Bank of Scotland reported that it was seeing an average of nine cases of fraud involving single men aged over 50 who were duped into giving away tens of thousands of pounds to fraudsters.

The average length of time it takes for a scammer to mention money after first striking up a relationship is just 30 days, according to Action Fraud.

But there are no estimates as to how many people are targeted but never come forward to report the crime.

Mr Proffitt said: "A lot of the online dating fraudsters we know are abroad. They're in West Africa, Eastern Europe and it's very difficult for British law enforcement to take action against them in those jurisdictions."


Dating expert, James Preece ( shares his tips on how to avoid scammers :

1. If you're suspicious about a profile report it to the dating website or app so they can investigate it.

2. Try doing your own detective work - ask them for their full name and look them up on Google and social media.

3. Don't be afraid to question their authenticity - if they are genuine they won't mind you trying to verify them.

4. Remember, they may spend months building a relationship with you and will only ask for money once you're emotionally involved.

5. Ask a friend for advice as they are not as emotionally involved as you, they may be able to see something you can't.

6. Look out for fake or stolen photographs. You can use sites like to check the authenticity of a photo and you can try doing a reverse image search on Google (by clicking on the camera logo in the search bar and uploading an image) to see if they are using a fake picture.

7. Never give out too much personal information, such as your home address, phone number or email.

8. Consider setting up a new email address to use for online dating and perhaps even get a cheap Pay As You Go phone to use for making phone calls.

CYBER CRIME - Most common UK online offences

These are the ten most common cyber-crimes in the UK, with number of cases reported in the year to June 2016

1. Bank account fraud - 2,356,000

Criminals trick their way to get account details. For example: "Phishing" emails contain links or attachments that either take you to a website that looks like your bank's, or install malware on your system. A 2015 report by Verizon into data breach investigations has shown that 23pc of people open phishing emails.

2. Non-investment fraud - 1,028,000

AKA Ponzi schemes. Examples include penny stocks, pension liberation, and investment in commodities, such as wine or art, that later prove worthless

3. Computer virus - 1,340,000

Unauthorised software damages or takes control of your machine. For example: "Ransomware" encrypts your files and pictures then demands a payment to restore your access to it

4. Hacking - 681,000

Criminals exploit security weaknesses to illegally access other machines or networks. They steal sensitive data or subvert machines for their own purposes, such as sending spam or launching other cyber attacks

5. Advance fee fraud - 117,000

The victim is promised access to a great deal of money in return for a smaller upfront payment. For example, the classic "Nigerian Prince" email scam

6. Other fraud - 116,000

One example is "solicitor scams", where a solicitor's website is hacked, then clients asked to divert large payments into the criminals' bank accounts.

7. Harassment and stalking - 18,826

Threats, abuse and online bullying - what's commonly been termed "trolling" on social media

8. Obscene publications - 6,292

Pornography that meets the definition of the Obscene Publications Act, thus generally involving some form of physical abuse

9. Child sexual offences - 4,184

Assault, grooming, indecent communication, coercing a child to witness a sex act. These crimes may be being under-reported

10. Blackmail - 2,028

This includes threats to publish intimate photographs online

(4th February 2017)

(London Evening Standard, dated 23rd January 2017 author Justin Davenport)

Full article [Option 1]:

Dating fraudsters conned a record 3,889 victims out of £39 million last year, it emerged today.

Figures show the number of people in the UK who were defrauded via online dating scams reached a record high in 2016.

Action Fraud, the UK's cyber-crime reporting centre, says it gets more than 350 reports of such scams a month. Its deputy head, Steve Proffitt, said each victim on average lost about £10,000.

He told the BBC's Victoria Derbyshire programme: "A lot of the online dating fraudsters we know are abroad.

"They're in west Africa, eastern Europe and it's very difficult for British law enforcement to take action against them in those jurisdictions."

Last week, Office for National Statistics figures showed fraud is the most commonly perpetrated crime, with almost one in 10 adults falling victim to scams.

Today's figures, from the National Fraud Intelligence Bureau, reveal that the number of victims of online dating fraud has risen steadily in recent years.

In 2013 there were 2,824 reports of dating scams, with reported losses of £27,344,814. In 2014, these rose to 3,295 reports and £32,259,381. In 2015, the reports rose to 3,363, although reported losses fell to £25,882,339.

One woman told the Victoria Derbyshire programme how she was left feeling "brutalised" after losing more than £300,000 to a dating fraudster.

Business owner Nancy - not her real name - signed up to dating website in 2015 after her marriage broke down.

The single mother, 47, from Yorkshire, said she made contact with a man called Marcelo from Manchester, an attractive Italian supposedly working in Turkey, with whom she found she had "a rapport and similar values".

"Marcelo" persuaded her to move their chat off the website on to an instant messaging service and the two began exchanging messages from morning until night.

After about six weeks, he said he had been mugged in Turkey and was unable to pay his workers before returning to the UK, when he and Nancy were due to meet. He also said his son was in hospital and needed surgery.

Nancy said she felt uncomfortable with the situation but ended up "reluctantly" sending 3,650 (£3,160).

She said: "It escalated unbelievably quickly, so straight away it was the medical fees, then it was money for food, money needed to pay rent, money for taxes to get out of Turkey.

"I wasn't comfortable, and then I got so far in I couldn't get myself out, and I didn't want to walk away having lost £50,000 or what-have-you, so you keep going in the hope that you're wrong and this person is genuine."

Nancy said she now faces bankruptcy after losing "over £300,000, maybe even over £350,000". She said: "That's really frightening, and the other aspect is that somebody's got inside your head, and they've just brutalised you emotionally.

"In some ways I'm not sure I'll ever recover from that."

Police advise people never to send money to someone online they have not met and think twice about posting personal information that could be used to manipulate or bribe them.

(4th February 2017)

(The Telegraph, dated 23rd January 2017 author Amelia Murray)

Full article [Option 1]:

Solicitors are failing to warn clients about the risks of using email during property transactions, despite explicit guidelines from anti-fraud authorities and their own trade body, the Solicitors Regulation Authority.

Howard Mollett, who had was tricked into paying over £74,000 to a fraudster posing as his solicitor over email, said he was never warned about the threat of online criminals by his firm, Sethi Partnership, which is based in west London.

In fact, first-time buyer Mr Mollett, 40, said the firm only put a "cyber crime alert" at the bottom of their emails on the day he discovered he had become a victim of conveyancing fraud.

The alert read: "Please be aware that there is a significant risk posed by cyber fraud, specifically affecting email accounts and bank account details.

#########"PLEASE NOTE that this firm's bank account details WILL NOT change during the course of a transaction and we WILL NOT change our bank account details via email. Please check account details with us in person if in any doubt. We will not accept responsibility if you transfer money into an incorrect bank account."

The Solicitors Regulation Authority has made repeated warnings to firms about the threat of online attacks since February 2014.

Conveyancing fraud occurs when criminals intercept emails exchanged between homebuyers (or homesellers) and their solicitors.

The fraudsters then generate fake emails purporting to be from one of the parties, asking the other to make payments in to a new bank account.

The payments are often very large, representing deposits on properties or in some cases the entire proceeds of a property sale.

Once the money has been paid, the criminals drain the accounts.

The banks involved are frequently unhelpful and slow to act.

In December 2016 the Solicitors Regulation Authority identified conveyancing fraud as the most common cyber crime in the legal sector. It suggested that a quarter of firms had been targeted by online fraudsters. In one in 10 of these cases money had been stolen as a result, it said.

Victim of conveyancing scams lose £101,000 on average.

- Cyber criminals rob £10.9bn from UK residents in a year - and even more goes unreported

- One in three cases of 'solicitor fraud' not even looked at, police admit

There are 10,500 solicitor firms in England and Wales, according to the SRA.

Based on its own numbers 2,625 companies have been targeted by fraudsters, with criminals having been successful in almost 300 cases. But under-reporting of cases and size of the loss means the actual numbers are likely to be far greater.

Mr Mollett, who works at a charity, successfully transferred a downpayment of just over £32,500 to Sethi Partnership's HSBC bank account in August last year.

On Friday September 23, the firm emailed a summary of his outstanding final costs. His outstanding balance was £119,837 for a one-bed flat in Brixton, south London, which cost £310,000. The firm insisted this needed to be in its account before completion on October 5.

He tried to make a same day transfer of £45,000 the following Thursday while working abroad in the US. However, a message appeared on his online banking that said the transfer could take up to three days to clear.

Mr Mollett could not pay off the balance in one go as he had a daily transfer limit of £50,000. However, he was anxious about missing his completion date so emailed Sethi Partnership for advice.

It was then the fraudsters pounced. Posing as Mr Mollett's solicitor, the criminal said the firm was having issues with its HSBC account and requested the remaining funds be paid into an alternative Yorkshire Building Society account.

He transferred £42,000 into the account on Friday 30th and £25,000 the following day.

On Sunday Mr Mollett received another email from the bogus solicitor asking for the last £7,837 to be paid into a NatWest account as it was below £10,000.

He was told the solicitor would be in touch on Tuesday to make completion arrangements for Wednesday.

However, on Tuesday, Mr Mollett received a genuine email from the firm stating it had only received the first £45,000 payment.

It was at that moment Mr Mollett saw the cyber security alert at the bottom of the message and realised something had "gone seriously wrong".

He immediately called his bank, the police and in desperation, Yorkshire Building Society and NatWest.

Over the next few days Mr Mollett, his parents and his sister manage to scrape their savings and replace the missing funds so the property purchased completed.

The last payment to NatWest was recovered but the £67,000 has yet to be returned.

Mr Mollett described the situation as "incredibly stressful".

His father, who is 72 and not in the best of health, was due to retire in December but has been forced to carry on working as he now has no savings.

He said: "The SRA has a name for this kind of fraud, for goodness sake. Why wasn't the firm on top of it? It should have warned me about cyber security and explained it would never offer alternative bank accounts by email?

"What are we paying solicitors for if not to guide us through buying a home, possibly the biggest transaction of our lives?"

Mr Mollett is seeking the advice of a lawyer and cyber security expert. He believes if he can prove Sethi Partnership's systems were compromised he will get his money back.

Sethi Partnership refused to comment on why it did not warn Mr Mollett about cyber crime or what prompted it to add the alert to its emails.

It said it takes the issue seriously and has the required "compliance measures in place". It said it sends bank details in hard copy rather than email.

Mr Mollett's case is currently being investigated by the firm, the police and the banks. Sethi Partnership said that while it "could not comment directly" it had "never had to deal with an incident like this before".

The SRA said it constantly warns firms of the risks.

A spokesman said: "We would ask Mr Mollett to get in touch with the SRA. If the firm has been hacked, it too has been a victim of crime, and this is what insurance is for."

Telegraph Money has reported extensively on the epidemic of conveyancing fraud. Property buyers and sellers are advised not to communicate with solicitors about payments over email and to transfer a small amount, such as £1, before making the full payment.

(4th February 2017)

(Computer World, dated 18th January 2017 author Matt Hamblen)

Full article [Option 1]:

uaware note : This may be an article describing fraud in the USA, but this type of problem is global.

Fraud attempts on digital retail sales jumped 31% from Thanksgiving to Dec. 31 over the previous year, according to a survey of purchasing data from ACI Worldwide.

The fraud increase was based on hundreds of millions of online transactions with major merchants globally. Also, the number of e-commerce transactions grew by 16% for the same period, ACI said.

Some of the fraud attempts came from the use of credit card numbers purchased in underground chat channels, ACI said.

"Given the consistent and alarming uptick in fraudulent activity on key dates, merchants must be proactive in their efforts to identify weak spots and define short and long-term strategies for improved security and enhanced customer experience," said Markus Rinderer, senior vice president of platform solutions at ACI.

ACI provides electronic payments technology for more than 5,000 organizations globally. One of its products, ReD Shield, was used to collect the data in the survey. ReD Shield, a fraud detection and prevention software product, was used to process 7% of all Black Friday online spending and 13% of Cyber Monday's spending.

The data showed that the highest fraud attempt rates were on Christmas Eve and on days when shipments were cut off. The key shopping dates by volume (number of transactions) were Cyber Monday, which showed 15% growth, and Black Friday, which showed 19% growth.

The average sales ticket declined by 7% during the 2016 holiday period. The average was $228 in 2016, down from $243 in 2015.

In 2016, one of every 97 transactions was a fraudulent attempt, compared with 1 out of 109 transactions in 2015.

ACI defines a fraud attempt as a transaction confirmed by a merchant as fraudulent; a transaction that matched a record in an ACI database for a credit card number that was sold online in an underground chat channel; or as reported as fraud by a bank or other issuer. ACI also includes as fraud attempts those data patterns that match a recently confirmed fraud behavior.

(22nd January 2017)

(Action Fraud, dated 18th January 2017)

Full article :

uaware comment

The "Test" asks for your age, post code and gender. Even for a simple test like this, provide some information, but just make it up. If you are 65, say you are 40, and give the post code of your local Sainsburys !


With fraud set to become the most prevalent type of crime in England and Wales, we're urging you to act now to protect yourself from falling victim to fraud and cyber crime.

The Crime Survey of England and Wales, published tomorrow, is likely to indicate fraud and cyber crime now account for close to half of all crime, making you much more likely to be a victim of these crimes than any other. In July 2016, the crime survey indicated 3.8 million frauds and 2 million cyber crimes occurred in the 12 months to the end of March 2016.

How to protect yourself

- Sign up to our alert-by-email system to get the latest trending frauds across the country. The alerts are also sent to the 250,000 people who have signed-up to the Neighbourhood Alert System.

Register for Alerts :

- Take the Fraud Defence Test. The test, developed by City of London Police and built with funding from the Home Office's Police Innovation Fund, takes just a couple of minutes and is designed to help you understand how you could become a victim of fraud in relation to your circumstances and knowledge of fraud.

The Test :

- Take a look at Take Five, a new campaign funded by the banking industry to help you take a moment before acting.

Take Five campaign :

Tips include:

- Never disclose security details, such as your PIN or full banking password.
- Don't assume an email, text or phone call is authentic.
- Don't be rushed - a genuine organisation won't mind waiting.
- Listen to your instincts - you know if something doesn't feel right.
- Stay in control - don't panic and make a decision you'll regret.

Commander Chris Greany, the National Police Coordinator for Economic Crime, said: "The Crime Survey of England and Wales shows us that Fraud and Cyber Crime are the largest single crime types today, and the figures only include individuals and not businesses who are also victims.

"Policing is working closely with Government and the private sector to do what we can to arrest offenders, protect victims and provide suitable guidance to help support all people and businesses in preventing fraud.

"There are many ways we can all protect ourselves, websites such as Action Fraud and Take Five provide help and guidance as does our social media streams on :

Twitter :
Facebook :

(22nd January 2017)

(The Register, dated 6th October 2016 author Kat Hall)

Full article [Option 1]:

More than 500 call centre staff have been detained by police in India, after allegedly threatening US citizens and siphoning off their money.

The raid was carried out by over 200 Indian police personnel across three separate call centres, according to reports.

The operators are alleged to have posed as officials of US Tax Department and demanded financial and bank details, threatening legal action if the victims did not comply.

According to the Mumbai Mirror, the fraudulent activity amounted to the equivalent of £125,752 per day.

Thane police commissioner Param Bir Singh told India's Economic Times: "It could be the tip of the iceberg and the amount could multiply as our probe progresses," adding that there is a possibility that people in the UK and Australia, too, could have been conned.

He said the caller would use the VoIP technology using a proxy server and make hundreds of calls.

"But the amount they stole from the innocent people is mind-boggling. In one case, one of the victims shelled out $60,000 just to escape a so-called raid on his house by taxmen."

(22nd January 2017)

(BBC News, dated 16th January 2017)

Full article :

North Wales PCC Arfon Jones also warned businesses were "most at risk".

The North Wales Police Cyber Crime Team said ransomware crimes - where hackers encrypt files and demand thousands of pounds to unlock them - were being reported to the force "each week".

Mr Jones said: "The front line is now online."

He went on: "Technology has provided criminals with new tools and different methods to perpetrate crime.

"Traditional crimes such as burglary, shoplifting and theft have seen a reduction over the last decade but the number of offences hasn't reduced - it has moved online.

"The playing field has changed and we need to work more effectively in partnership to prevent the newer crimes, such as cyber-crime, from being committed."

He issued the warning to members of the North Wales Business Club on Monday.

It heard how one firm in Wrexham nearly folded after it had 15 years' of accounts data encrypted.

Det Sgt Peter Jarvis, of the cyber crime team, said businesses that do not have data back-ups were "left with some difficult decisions".

"It's very unlikely you will find the person responsible, they don't leave a footprint, so it's vital to have the right security and to follow the right procedures and to make sure your staff do as well," he added.

ONS figures released in July showed almost six million fraud and cyber crimes were committed in England and Wales in 2015.

(22nd January 2017)

(16th January 2017)

The following email has been forwarded to "uaware" by one of it's readers. The recipients name has been changed to "Mr Blobby" and the donation reference changed to "nnnnnnnnnn" to protect their identity. The donation reference was also repeated further in the text and this has been changed to yyyyyyyy; this was a link to a website holding malware or ransomware.

If you receive the same email or something similar, ignore and delete it. Don't click on the link.

From : Migrant Helpline
Sent : January 2017
To : Blobby
Subject : Dear Mr Blobby, Thank you for choosing to donate

Dear Mr Blobby,

Thank you for giving a much-needed donation of £194 to help families affected by the terrifying violence in Syria. With so many people who need our support, your gift is vital and greatly appreciated.


Thanks again for donating

We're sending it straight to Migrant Helpline so you'll be making a difference very soon.

Your donation details:
Name: Mr Blobby
Amount: £200
Donation Reference: nnnnnnnnnnnn

If you have any questions about your donation, please follow this link and download Your donation receipt yyyyyyyyyy, with the transaction details.

With your help, ATFU-Donations can continue to work in Syria and neighbouring countries to deliver clean water and life-saving supplies to millions of people.

Thank you again for your support.

Your generosity is bringing much-needed assistance to families who have lost everything as a result of the crisis in Syria.

Warm regards,


(22nd January 2017)

(National Fraud Intelligence Bureau, dated January 2017)

The NFIB has identified that overseas crime groups are targeting UK based car leasing companies to fraudulently obtain high performance motor vehicles.
The NFIB has ascertained that high end quality motor vehicles are rented from legitimate car leasing companies using fraudulent identification. The criminals have no intention of returning the motor vehicles.

The vehicles are shipped abroad where the index plates are changed and bodywork re-painted. Leasing the vehicle affords the criminal group time to move the motor vehicle out of the UK without raising suspicion.
A proportion of the vehicles are taken out of the UK to places such as Cyprus, Spain and Poland.
According to the fraudster, most of the vehicles end up in the hands of organised crime groups who are involved with boiler rooms and high-end money laundering in the UK.


- Consider other methods of checking customer authenticity.
- Consider due diligence and know your customer options
- Ensure vehicles are equipped with appropriate tracking devices
- If you have been affected by this, or any other fraud, report it to Action Fraud by :

calling : 0300 123 2040, or
visiting :

(22nd January 2017)

(Action Fraud, dated 11th January 2017)

Full article :

The National Fraud Intelligence Bureau's (NFIB) Proactive Intelligence Team is warning homeowners about organised criminal groups that target empty properties in the UK to apply for mortgages and loans.

The team have gathered information that shows criminal networks identifying empty properties by using names on the published obituaries and carrying out research on the Land Registry.

Once a suitable property is discovered the criminal group then organise for fake documentation to be produced and register on the electoral role and with utility providers.

The group tirelessly work through the legal hurdles until the funds are released by the organisation, whilst the innocent party has no idea a crime has taken place.

Fraudsters can also take advantage when:

Owners are absent.
There are buy to let landlords.
Owners are living abroad.
Elderly people don't live in their properties for reasons such as long term hospital or residential care.

How to protect against property fraud

Owners who are concerned their property might be subject to a fraudulent sale or mortgage can quickly alert the Land Registry and speak to specially trained staff for practical guidance about what to do next by calling the Property Fraud Line on 0300 006 7030. The line is open from 8.30am to 5pm Monday to Friday.


- Make sure your property is registered with the Land Registry - you will be compensated for financial loss if you do fall victim to fraud.

- Keep your contact information up to date once registered so you can be easily contacted if a complication arises.

- Sign up for Land Registry's free Property Alert service. If someone tries to take out a mortgage on a home you own you'll receive an alert. You can then judge whether the activity is suspicious and seek further advice.

(22nd January 2017)

(Action Fraud, dated 5th January 2017)

Action Fraud has received several reports from victims who have been sent convincing looking emails claiming to be from Amazon. The spoofed emails from "" claim recipients have made an order online and mimic an automatic customer email notification.
The scam email claims recipients have ordered an expensive vintage chandelier. Other reported examples include: Bose stereos, iPhone's and luxury watches.

The emails cleverly state that if recipients haven't authorised the transaction they can click on the help centre link to receive a full refund. The link leads to an authentic-looking website, which asks victims to confirm their name, address, and bank card information.

Amazon says that suspicious e-mails will often contain:

- Links to websites that look like, but aren't
- Attachments or prompts to install software on your computer.
- Typos or grammatical errors.
- Forged (or spoofed) e-mail addresses to make it look like the e-mail is coming from

Amazon will never ask for personal information to be supplied by e-mail.

You can read more about identifying suspicious emails claiming to be from Amazon by visiting :

To report a fraud or cyber crime, call us on 0300 123 2040.

(22nd January 2017)

(Action Fraud, dated 4th January 2017)

Full article :

Fraudsters are posing government officials in order to trick people into installing ransomware which encrypts files on victim's computers.

Fraudsters are initially cold calling education establishments claiming to be from the "Department of Education". They then ask to be given the personal email and/or phone number of the head teacher/financial administrator.

The fraudsters claim that they need to send guidance forms to the head teacher (these so far have varied from exam guidance to mental health assessments).

The scammers on the phone will claim that they need to send these documents directly to the head teacher and not to a generic school inbox, using the argument that they contain sensitive information.

The emails will include an attachment - a .zip file (potentially masked as an Excel or Word document). This attachment will contain ransomware, that once downloaded will encrypt files and demand money (up to £8,000) to recover the files.

It should be noted that similar scam attempts have been made recently by fraudsters claiming to be from the Department for Work and Pensions and telecoms providers (in this case they need to speak to the head teacher about 'internet systems').

How to protect against this type of fraud

Having up-to-date virus protection is essential; however it will not always be able to prevent you from becoming infected.

Please consider the following actions:

- Although the scammers may know personal details about the head teacher and use these to convince you they are a real employee, be mindful of where these have been obtained from, are these listed on your public facing website?

- Please note that the "Department of Education" is not a real government department (the real name is the Department for Education).

- Don't click on links or open any attachments you receive in unsolicited emails or SMS messages. Remember that fraudsters can 'spoof' an email address to make it look like one used by someone you trust. If you are unsure, check the email header to identify the true source of communication.

- Always install software updates as soon as they become available. Whether you are updating the operating system or an application, the update will often include fixes for critical security vulnerabilities.

- Create regular backups of your important files to an external hard drive, memory stick or online storage provider. It's important that the device you back up to aren't left in an insecure location or on the same network that your machines are connected too.

To report a fraud and cyber crime and receive a police crime reference number, call us on 0300 123 2040 or use our online fraud reporting tool :

uaware comment

This scam can easily be adapted to other scenario's. For example, "Dept of Education" could become : the NHS, the Dept for Rural Affairs, the Charities Commission, the National Lottery Heritage Fund, etc. So a whole swathe of professions could become victims.

(22nd January 2017)

(The Register, dated 6th January 2017 author John Leyden)

Full article [Option 1]:

Amazon UK customers would do well to be vigilant about the post-holiday deals they find on the retail site following the discovery of a sophisticated scam.

A rogue merchant, called Sc-Elegance, is primarily offering high-end electronics, advertising them as "used - like new" at significantly lower costs than in the shops. However, when the shopper adds the item to their basket and checks out, it redirects them away from Amazon to make the payment at a convincing phishing site.

"This particular seller has been reported a number of times to Amazon in its forums," according to Lee Munson, a researcher for security and privacy advice and comparison website "While Amazon has taken some action to remove listings, the merchant keeps popping up again and again under different guises.

"Customers need to be aware that if they pay for goods outside of Amazon, they will not get the item and their money will be gone - and there will be no support from Amazon in getting compensation," he warned.

Amazon removed the Sc-Elegance listings after being contacted by about the rogue seller. Similar scams along the same lines might easily reappear. advises consumers to be wary of deals that seem too good to be true. Never buy a product that requires payment outside of the official Amazon website or app,

(22nd January 2017)

(The Telegraph, dated 31st December 2016) [Option 1]

These are the ten most common cyber-crimes in the UK, with number of cases reported in the year to June 2016

1. Bank account fraud - 2,356,000

Criminals trick their way to get account details. For example: "Phishing" emails contain links or attachments that either take you to a website that looks like your bank's, or install malware on your system. A 2015 report by Verizon into data breach investigations has shown that 23pc of people open phishing emails.

2. Non-investment fraud - 1,028,000

AKA Ponzi schemes. Examples include penny stocks, pension liberation, and investment in commodities, such as wine or art, that later prove worthless

3. Computer virus - 1,340,000

Unauthorised software damages or takes control of your machine. For example: "Ransomware" encrypts your files and pictures then demands a payment to restore your access to it

4. Hacking - 681,000

Criminals exploit security weaknesses to illegally access other machines or networks. They steal sensitive data or subvert machines for their own purposes, such as sending spam or launching other cyber attacks

5. Advance fee fraud - 117,000

The victim is promised access to a great deal of money in return for a smaller upfront payment. For example, the classic "Nigerian Prince" email scam

6. Other fraud - 116,000

One example is "solicitor scams", where a solicitor's website is hacked, then clients asked to divert large payments into the criminals' bank accounts.

7. Harassment and stalking - 18,826

Threats, abuse and online bullying - what's commonly been termed "trolling" on social media

8. Obscene publications - 6,292

Pornography that meets the definition of the Obscene Publications Act, thus generally involving some form of physical abuse

9. Child sexual offences - 4,184

Assault, grooming, indecent communication, coercing a child to witness a sex act. These crimes may be being under-reported

10. Blackmail - 2,028

This includes threats to publish intimate photographs online

Source: Office for National Statistics

(1st January 2017)

(International Business Times, dated 30th December 2016 author Jason Murdock)

Full article [Option 1]:

Hackers, spammers and cybercriminals have a multitude of methods they can use to infiltrate computer systems, steal data, plant malware or compromise your personal information. One of the most long-standing tactics is targeting 'phishing', also known as spearphishing.

It has endured because it works: unwitting web users continue to receive malicious messages and still fall victim to their charms. If you are wondering how dangerous they can be, just ask John Podesta: the US political player who lost tens of thousands of email with a single click.

When a spearphishing email lands in your inbox, it's rarely a mistake. Using your personal information - either hacked from another source or lifted from public social media profile - spammers are able to produce slick, and highly-convincing, messages.

They will appear legitimate, but spearphishing emails usually contain malware, spyware or another form of virus - often hidden in a link. When clicked, the payload will usually download automatically onto your computer and go to work - stealing files, locking records or logging your keystrokes.

Using your own personal information against you, hackers can craft an extremely personalised email message. It will likely be addressed to you by name and will reference a specific event in your life, something that will make you believe the sender is real and trustworthy.

What information could they possibly know?

Using social media, the spammer will likely already know your age, where you work, what school you attended, personal interests, what you eat for dinner, what concerts you have been to recently, where you shop, what films you like, what music you listen to, your sexual preference, and more.

But this is enough. Using the information, a fictitious hacker could easily pose as your friend and ask for further information about you - your phone number, password, even bank details? Not everyone would fall for the scam, but many still do if the recipient believes the identity of the sender.

A hacker using spearphishing may pose as a retailor, online service or bank to fool you into resetting your credentials via a spoofed landing page. The email may ask you to reset your password or re-verify your credit card number because suspicious activity has been monitored on your account.

If the email tempts you to click an embedded link, it could also download a keylogger or Remote Access Trojan (RAT) onto your computer to steal bank details or social media passwords as you type them. Many people re-use passwords across multiple websites, so the danger of hacking is high.

How to stay protected

Stay protected by being aware of the threats and remaining extremely careful about what personal information you put online. Limit what pictures to post to Facebook or Twitter, check where your email is listed and ensure your computer's security is kept up to date.

Ensure the passwords you use are original, lengthy and, most importantly, unique to every online website or service. A strong password will contain a mixture of characters, numbers and symbols. If possible, enable two-step authentication on every account that offers it.

Finally, know the signs and stay vigilant. If you receive an email from a close friend that asks for personal information - think twice before replying and send them a reply asking them to verify their identity. Also, know that any real business or bank is unlikely to request sensitive data via email.

Unfortunately, it only takes one click of a mouse for the hacker to access your system and despite advanced spam filters on current email providers spearphishing emails will continue to slip through the cracks.

(1st January 2017)


(Chicago Tribune, dated 21st December 2016 author Robert Reed)

Norb Tatro, a former local TV news producer and friend of mine, was recently cloned. On Facebook, that is.

I know this because his cyber alter ego contacted me one evening with some "happy" news: He'd just won $250,000 from a new U.S. government/Facebook grant program. What's more, my name was also on a list of grant recipients.

The clone suggested we kibitz (speak informally) on the phone to discuss our shared good fortune.

That's when I caught on (yes, it took me a moment) to effectively respond, "Yeah, thanks but no thanks."

Soon after, I reached the real Norb, as did some other Facebook pals, to flag him. He and wife, Elaine Feldman, notified the social network and in a few hours the bogus site was removed, hopefully never to be seen again.

This cloning episode got me thinking about some wider implications: While many individuals fall victim to expensive, disruptive and time-wasting cyberattacks, so do a lot of businesses. In fact, companies are increasingly up against new, more creative types of Internet hacking and are scrambling to defend themselves against online threats.

"Getting hit with some type of cybersecurity event is the new natural disaster for business. It can be catastrophic," says Rob Clyde, board director of Rolling Meadows-based ISACA, a nonprofit industry association for digital information and technology issues, including cybersecurity.

A Facebook cloning or hacking attack could be devastating to a small-business operator, many of whom use the site to promote products, maintain business contacts and do bits of business.

Think about it. There's an estimated 60 million small businesses with Facebook pages, according to Facebook.

Such a huge and growing universe is a natural target for hackers and ne'er-do-wells. Moreover, no matter how it tries, it's nearly impossible for Facebook to proactively monitor every post, piece of content and network activity on its site.

As such, entrepreneurs are often the first line of defense against a nefarious hacker infecting or hijacking their page. If something is wrong, small-business owners should quickly complain to Facebook.

"Claiming to be another person violates our community standards and we remove profiles reported to us that impersonate other people," a Menlo Park, Calif.-based Facebook spokeswoman said.

Oddly enough, targeting Facebook pages may become old-school, at least when it comes to online harassment of business, which is coping with a more emerging danger: Ransomware.

Incidents of ransomware are "just exploding" says ISACA's Clyde.

ISACA link :

Usually, a hacker will use malware to infiltrate a poorly protected data site, capture sensitive files and literally hold them hostage in an encrypted form beyond the company's computer reach.

Oftentimes, the ransom is for a nominal amount, a few thousand dollars. The requested payoff can be made with the internationallyused bitcoins, which can signal the data kidnappers are an overseas gang, Clyde adds.

Cyber kidnappers also know something about customer service. Some will open a chat line with a company executive to help facilitate payment.

The FBI strongly urges companies not to pay and to report any ransomware threats to the agency and police. But it is not illegal to pay a ransom.

At risk are mid-sized enterprises, including law firms and health care concerns. Organizations become desperate to get back their data and justify the ransom as another cost of doing business in the Internet age. "It's a nuisance fee and they pay it," Clyde adds. If that seems odd to you, you're not alone.

Paying off data kidnappers shouldn't be such a gray area. Yet it seems to be a grudging admission that our cyber cops are having trouble cracking down on tech-savvy crooks and that real-time business needs can outweigh the moral imperative of not encouraging criminal behavior.

Still, anyone who has been victim of Internet scam artists realizes it pays to be resilient.

(22nd December 2016)

(Computerworld, dated 10th December 2016 author Ryan Francis)

Full article [Option 1]:

Scams to keep an eye out for

It always happens this time of year -- an influx of holiday related scams circulating the interwebs. Scams don't wait for the holidays, but scammers do take advantage of the increased shopping and distraction when things get busy to take your money and personal information. Jon French, security analyst at AppRiver, warns you of six holiday threats to watch out for.

Look out for fake purchase invoices

With holiday shopping starting to ramp up and the daily deluge of holiday discounts in your inbox, it can be confusing to remember which online stores you actually purchased items from. This creates a vector where attackers can be more successful in attacks with things like fake purchase receipts. An unexpected receipt from Amazon or Wal-Mart during most of the year would hopefully raise some red flags for most users, but during the prime time for shopping for the holidays, users will likely be more susceptible to clicking those types of things. Victims could find themselves installing malware or landing on a phishing page if they aren't cautious.

Shipping status malware messages

Along the same lines as fake email receipt messages, fake shipping notifications usually increase each year around the holidays. With so many online orders being shipped around during peoples shopping sprees, they again might be more likely to click something they wouldn't normally click. If you just placed an order that shipped via UPS, and then you get a zipped virus with the vague wording about your recent order being delayed, you may be more likely to click it.

Be cautious of email deals

Not all email flyers and sales are going to be legitimate this shopping season. Some of the big stores where you have previously shopped or signed up for newsletters will likely be OK and legitimate. But be cautious of unexpected deals or product promotions from stores or sellers you have never dealt with. There will be people trying to take advantage of buyers where the victim could be subject to phishing tactics or just stolen money for an order that will never come in.

Take a little more care at looking at links and URLs

Phishing websites are around all year, but again with the sometimes hectic holiday season, people's guards can be down and they could fall victim to phishing attempts. Hovering over links in webpages and emails as well as taking that second to just look at the address bar and see what site you're really at can save you from falling for a phishing page.

Keep an eye on your bank accounts

Some people may be spending money on whatever catches their eye, and others may be planning every purchase out. Regardless, people should keep an eye on their accounts and make sure the purchases made are ones they are actually making. It would only take one store you shop at being compromised to give criminals the chance to drain your bank account -- whether it be a card scanner at a gas pump, POS malware at a retailer store, or an online store with lax web security.

Fake surveys

Survey emails sent out promising some sort of money or gift card in exchange for completing it can end up being a scam. Often the surveys are very short and generic, but at the end they may ask for some personal information. This can be what the attackers are really after. By gathering this information, they can use it to further a more advanced phishing attack. Some may even directly ask you for bank details or credit card information promising you won't lose money.

(20th December 2016)

(BT News, dated 16th December 2016)

Full article [Option 1]:

Criminals are on another drive to get hold of our personal information, this time by sending out emails claiming you have been caught speeding.

The fraudulent email says you have been caught speeding and warns that a Notice of Intended Prosecution has been issued by Greater Manchester Police (GMP).

The email is a fake and the police are warning that it could infect people's computers with malware that enables criminals to access your personal information including your financial details.

"Greater Manchester Police are aware of a scam email circulating informing the recipient that they have been caught speeding. This email is fraudulent and may ask you to give your personal or financial information or attempt to infect your computer with malware," says Detective Inspector Martin Hopkinson of GMP's Serious Crime Division.

"Once your computer is infected with malware, cyber criminals may be able to access your personal and financial information which could be used to defraud you.

"GMP would never send out correspondence via email requesting payment of fines now will we ask for your personal and financial information."

If you receive the email you should not respond to it. Instead report it to Action Fraud or 0300 123 2040.

"I would urge people to delete any such emails and ensure they always have the most up-to-date security software," adds Hopkinson.

How to spot a scam email

Fortunately, scammers don't always cover their tracks so well. Look out for these classic scam email warning signs:

- The sender's email address doesn't match with the real organisation's web address.
- You aren't addressed by your proper name, instead there is a generic greeting such as 'Dear customer'.
- There is pressure to act quickly - either you need to claim a prize before a deadline or if you don't act your account will be closed.
- You need to click on a link in order to act.
- You are asked for personal information such as a user name, password or your bank details.
- Mistakes - scam emails often contain spelling and grammatical errors.

uware comment

The advice quoted above is a generalism. Some of these emails are quite convincing and may include the recipients name.

(20th December 2016)

(Hertfordshire Police, dated 9th December 2016 author "Watch Liaison")

Residents are being warned to question written correspondence from their banks following a new scam which has targeted Lloyd's customers. The letter looks genuine, featuring the Lloyds logo, customer service address and is even signed by a customer relations manager. It informs the recipient of 'unusual transactions' on their personal current account and asks the customer to call a telephone number to discuss the transactions.

When customers call the number provided, they are taken through to what seems to be a Lloyds automated service. The caller is asked to enter their card/account number, sort code, date of birth and then instructed to enter the first and last digit of their security code. At this point, the automated voice states they have been unable to match the digits and asks for the third and fifth number of the security code. Customers are then put on hold to speak to an adviser, who asks for more information, and they are also asked if they are happy to give customer feedback.

The phone number on the letter was 08438 495865 - this is not a genuine Lloyds number and has since been blocked.

If you receive an unusual letter or other unexpected contact from your bank, it is a good idea to check if it is genuine by calling the customer services number printed on the back of your bank card, your regular statement or another reputable source.

(20th December 2016)


This is not a definitive list, but just an example of some of the scams occuring during November 2016.

(Dated : 14th November 2016)

Sussex residents have been warned that a text message claiming their homes will be repossessed is a scam.

People have reported receiving texts saying their home would be repossessed the following day.

Suzanne Newman, a spokesperson for Worthing Homes, many of whose residents received the text, said the scam had been spotted all over the UK and was not unique to Worthing Homes.

The text claimed the repossession was following 'previous correspondance'.

Action Fraud, the UK's national reporting centre for fraud and cyber crime, list different types of text message based scam:

"You're sent a text from a number you don't recognise, but it'll be worded as if it's from a friend.


Scammers are sending out emails purportedly from Amazon saying there is a problem processing orders and that they won't be shipped.

It adds that you won't be able to access your Amazon account or place any orders until you confirm certain information.

Naturally, there's a link at the bottom of the page telling you to 'confirm' your account.

It'll take you to a fake website which looks very similar to the real one - when you enter your personal details, they'll go straight to the scammers harvesting them.

Once you click the 'Save & Continue' button, you'll automatically be redirected to the Amazon site so that you're none the wiser.

The fraudsters can use your newly-acquired details to make purchases in your name, and potentially use your information to open financial products in your name.

(Dated : 23rd November 2016)

Heartless hackers are targeting fans of rap star Kanye West using a newly-uncovered iTunes phishing scam.

The attack has been branded "especially greedy" by experts for its attempts to steal both personal data and credit card information.

Email security firm Mimecast analysed the attack after it was discovered by the INQUIRER.

(Action Fraud, dated 22nd November 2016)

New research released by Financial Fraud Action UK (FFA UK) shows that 31% of online shoppers admit that they are more likely to take a financial risk if an online retailer offers them a bargain.

This means there are potentially 15 million online shoppers who could be putting themselves at risk of financial fraud.

Those aged 16-34 are most at risk, with almost half of that age group (46%) admitting they are more likely to take a chance, compared to just 18% of people aged 55 or over.

The findings come at the start of the festive shopping season; with Black Friday (25th November) and Cyber Monday (28th November) offering online bargains and time limited discounts.

It is also a time when fraudsters try to entice people into giving away their debit and credit card details on fake websites.


(Dated : 26th November 2016)

Gwent Police says it has received reports of men cold calling in the Monmouthshire area.

So far the Monmouth, Osbaston, Usk and Goytre have been affected.

The males state they are from Wolverhampton, Scunthorpe and Middlesborough.

They then proceed to try and sell their services by showing a laminated piece of paper to homeowners to prove their legitimacy.

(Dated : 19th November 2016)

A vulnerable pensioner had nearly £500 stolen by a heartless crook pretending to be a tree surgeon.
The incident happened in Styvechale , at around 11am.

West Midlands Police have categorised the incident as a distraction burglary after it was called in by the elderly woman's neighbour.

According to police, a man came to the door claiming to be a tree surgeon. A spokesman for the force said: "The offender claimed to be a tree surgeon and offered to do some work.

"The woman has gone upstairs to get money. She has then come downstairs and the man has asked for a cup of tea. "He then went upstairs and stole some more money ."

In total around £500 in cash was taken from the property.

(Dated : 18th November 2016)

Suffolk Trading Standards has today issued a 'rogue trader' warning to householders in Bury St Edmunds after a man climbed on a roof without permission.

Trading Standards say the man was on the west side of Bury St Edmunds last weekend looking for work.

Its warning adds: "The male went up on the roof of a house without permission and then called at the door, stating that work was required to the flashing on the chimney to prevent leaks.

"He said that this would cost £5,500 in total, but that he had some materials on his van so that the cost would be £1,250.

"When this was refused, the male said he has got to do the work now and asked how much the resident was willing to pay."

No work was undertaken, but the individual might have called at other houses in the area as he was seen the next day.

Flashing is the lead strip that covers the join between brickwork and tiles.

(1st December 2016)

(BT News, dated 25th November 2016)

Full article [Option 1]:

Scammers are now pretending to be the Metropolitan Police in a new (crime) wave of emails designed to steal our personal details.

The fake emails are being sent from an address called, which isn't a valid Metropolitan Police email address.

According to Action Fraud, the UK's national reporting centre for fraud and cyber crime, the emails ask the victim to open an attachment containing "crime prevention advice".

However, anyone who does so will automatically download key logger software onto their computer or device.

"The iSpy key logger gives fraudsters the power to record every keystroke from a victim's device and steal sensitive information," Action Fraud said in a release.

Alert: Fake Met Police emails are being sent from that contain iSpy key logger software
Action Fraud (@actionfrauduk) November 23, 2016

How a typical scam email look

The subject line of the email is 'Crime Prevention Advice' or some variation thereof, while the attached file is called ''.

An example email reads:

To the general public:

See attached document to read more about crime prevention advice.


Metropolitan Police Service.
A simple scam

The fact the email isn't addressed to a specific person is a trademark of a typical scam email.

Likewise, the fact the attachment is a random sequence of numbers shows this to be a fairly unsophisticated scam attempt.

Nonetheless, some people might be tempted to open the email and click on the attachment if they believe it to be from the police.

If you do receive this email, just delete it. As always, make sure your antivurs software is up to date just in case you do get conned!

How to avoid email scams

Of course, there are many more sophisticated scams doing the rounds. To help you stay safe, Action Fraud has provided a few general email safety tips.

- Never click on links within emails you weren't expecting.
- Look up the address of a company and type it into the address bar yourself if you think you need to visit the website.
- Never reply to spam emails.
- If you get an email from your bank or building society asking for personal details do not respond. Look up a telephone number and call to check, but financial institutions won't contact you out of the blue asking you to give out personal information.
- Never download attachments unless you know and trust the sender.
- Keep abreast of the latest cons and scams by visiting Action Fraud.

(1st December 2016)

(International Business Times, dated 25th November 2016 author India Ashok)

Full article [Option 1]:

Cybercrime, like any other enterprise is a business, albeit an illegal one. Apart from targeting individuals, businesses and governments, cybercriminals also cash in by creating, using and marketing malware to other crooks. It appears however, that the age old adage of "honour among thieves" does not apply to cybercriminals these days.

Security researchers have uncovered cybercrooks advertising and distributing phishing kits, that come with how-to videos and links to additional information, to wannabe hackers via YouTube. The catch however is that the advertised kits come with a secret backdoor that sends all the phished data back to the author.

According to Proofpoint security researchers, hackers using YouTube to advertise and market their malicious wares marks the beginning of a new trend. "A simple search for "paypal scama" returns over 114,000 results," researchers noted, indicating that this new trend already appears to have been propagated fairly successfully.

Researchers said, "Many of the video samples we found on YouTube have been posted for months, suggesting that YouTube does not have an automated mechanism for detection and removal of these types of videos and links. They remain a free, easy-to-use method for the authors of phishing kits and templates to advertise, demonstrate, and distribute their software."

Researchers also added that the YouTube videos came with links to templates and phishing kits. The videos themselves featured the "look and feel of the templates" and provided pointers on how to go about collecting the phished data. One such video was for an Amazon phishing template which cloned the Amazon login page. Researchers noted that this particular video also came with a Facebook link to contact the author.

Proofpoint researchers decoded a sample of a phishing template downloaded from a link provided in a similar video and discovered that the author's Gmail address was "hardcoded to receive the results of the phish every time the kit was used, regardless of who used it."

Researchers warned that the concept of honour among thieves does not apply in this case "since multiple samples revealed authors including backdoors to harvest phished credentials even after new phishing actors purchased the templates for use in their own campaigns.

"The real losers in these transactions, though, are the victims who have their credentials stolen by multiple actors every time the kits are used," researchers added.

It is still unclear as to how many people may have been affected by this latest phishing scam. The identity and location of the individual/individuals behind this campaign also remains unknown. IBTimes UK has reached out to Proofpoint for further clarity on the matter and will update this article in that a response is provided.

(1st December 2016)

(The Register, dated 23rd November 2016 author John Leyden)

Full article [Option 1]:

The EU banking regulator's plans to reduce fraud by obliging the use of passwords, codes or a card reader to authenticate electronic payments above 10 euros have drawn fire from the payments industry.

Visa and others argue that mandated authentication checks put forward by the European Banking Authority risk disrupting online shopping without increasing security.

The concern is that making customers jump through more hoops to complete online transactions will result in increased cart abandonment rates, which will likely impact retailers' bottom line.

The regulation threatens to cramp one-click shopping and automatic app payment technologies for anything other than small payments, the argument goes.

"Changes mean no more express checkouts or quick in-app payments from mobiles, reduced access to non-European online shopping sites, and longer queues at places like toll booths and parking," according to Visa.

The payments technology company took the unusual step of putting out a statement lambasting the EBA's draft plan for strong customer authentication (SCA), the final version of which is due out in January.

Robert Capps, VP of business development at behaviour-based biometrics firm NuData Security, said, "We'd tend to support Visa's stance on this issue in several ways. While it may seem that adding more identity tests to the transaction stream should make the transaction more secure, this isn't necessarily true.

"If the test is vulnerable to impersonation, as we see with physical biometrics, or is as vulnerable as passwords, no number of additional touchpoints will make the transaction more secure," he added.

The proposed changes are part of the European Commission's forthcoming Payment Services Directive 2. If ratified as part of the proposals, strong customer authentication would come into effect across Europe from 2018 onwards.

(1st December 2016)

(Hertfordshire Police Neighbourhood Watch Liaison, November 2016)

Herts Trading Standards have alerted us to increases in two particular types of telephone scam. Never buy anything over the phone as a result of a cold call. Never give bank or card details to a telephone caller, whatever they say.

Extended Warranty Scam

One scam which is conning residents over the phone, is the sale of extended warranties for electronic devices such as televisions and washing machines. The salesman says that because the resident hasn't made a claim in the last 12 months, the price will be reduced, say from £75 to £40. The salesman says he knows the first 4 digits of your card but needs you to confirm the rest of the number. Payment is taken and a warranty for goods that are too old or different from those owned, and hence useless, is provided.

The Bogus "Telephone Preference Service" Scam

The other scam involves callers claiming to be from the Telephone Preference Service (TPS) or similar sounding company, phoning residents and trying to extract money for registration or for call blocking devices. This cynical scam targets people who are trying to protect themselves or vulnerable relatives. A UK director was recently imprisoned for a similar call blocker scam. Please remember that the genuine TPS never cold calls people and its service is always free. Visit

Always beware unexpected calls. Scammers are convincing, that's how they make their money. Even if a caller seems to know details about you, it doesn't mean they are who they say. If they try to rush you into a decision, then it's likely to be a scam, just try to keep your head and don't give them any information. If in doubt, end the call.

Please look out for elderly and vulnerable residents who may be targeted by these scams.

For advice or to report complaints to Trading Standards, contact Citizen's Advice Consumer Service on 03454 040506 and/ or report to Action Fraud on 0300 123 2040.

(1st December 2016)

(BBC News, datd 23rd November 2016)

Full article [Option 1]:

An identity fraud victim has described the horror of discovering his £500,000 home up for sale on a property website.

Minh To, of Stockport, Greater Manchester said he was left "scared" and "terrified" after seeing pictures of the five-bedroom home on Rightmove.

Police later discovered two men had stolen his mail and forged his signature in order to falsify the documents needed to auction the house.

Two men have been jailed for their part in the scam at Preston Crown Court.

Mike Haley, deputy chief executive of the fraud prevention organisation CIFAS, said Mr To had been "more vulnerable" to the fraud because he had paid off his mortgage.

Saeed Ghani and Atif Mahmood both admitted conspiracy to defraud.

Ghani, 30, of Polefield Circle, Prestwich, was jailed for seven and a half years.

Mahmood, 42, of Sarnsfield Close, Gorton, was sentenced to two years and nine months.

On Wednesday a third member of the gang, Toma Ramanauskaite, was sentenced for a separate fraud.

'Felt terrible'

Mr To was first alerted to what was going on when he received a phone call from his daughter in November 2012.

He said: "She rang me and said 'where are you going?' I said 'I'm going nowhere'. Then she said 'Why are you selling the house then? I've seen it on Rightmove'.

"I didn't know what to think. I felt terrible. I felt scared."

Mr To logged on to the website to find the advert featured several pictures of his home and was inviting bids starting at £300,000.

The details even included a request that the tenants were "not to be disturbed".

Police later discovered Ghani and Mahmood carried out the fraud after stealing three utility bills from Mr To's mailbox.

Having forged his signature, they then transferred the deeds to his house into Ghani's name.

They put the property up for auction in the hope it would sell quickly, without the need for estate agents to show people around.

Mr To discovered the advert just three days before the auction was due to commence.

The court heard Ghani had carried out a similar fraud targeting a couple in Bolton, using fraudulent passports to transfer the deeds to their £300,000 house into his name.

Working with Ramanauskaite, he also took out driving licences in the names of a couple from Salford, before stealing their savings of £90,000.

Ramanauskaite, 30, of Spring Street, Bury, also admitted conspiracy to defraud and was sentenced to 14 months, suspended for two years, and ordered to carry out 250 hours in unpaid work.

Because Mr To had paid off his mortgage, the men were able to transfer the deeds without needing the extra authority of the lender.

He believes the rules need tightening before more people are targeted.

"It's very simple. The government should make it the law that if you're going to change the land registry deeds you should need two signatures," Mr To said.

Det Sgt Phil Larratt, of Greater Manchester Police, said: "As this case demonstrates, fraudsters can use your identity details to open new bank accounts, request new driving licences and even try and steal your own home.

"We urge the public to secure their mail boxes and employ measures to protect their identities."

uaware comment

Virtually all estate agents advertise their clients properties on marketing websites. These websites have property by postcode search facility, so why not enter your own postcode and see what comes up ! You could carry out this exercise on regular basis, perhaps when you check your bank statements against your actual spend (you do, do this don't you ?). Then if some crook tries to sell your property you can catch them out before things get really bad.

(1st December 2016)

(Daily Mail, dated 19th November 2016 author Jeff Prestridge)

Full article [Option 1]:

Taxpayers are being warned to ignore a new blight of emails from fraudsters passing themselves off as HM Revenue & Customs and inviting them to claim refunds for overpaid tax.

The fraudulent 'phishing' emails or texts are designed to trick people into giving key details about their bank accounts which are then used by the criminals to gain access and empty them.

On Friday, a Revenue official, given copies by The Mail on Sunday of the latest phishing emails doing the rounds, described them 'as 100 per cent rank' and 'vile attempts by pond life to steal money from your good readers'.

In the year to this March, the Revenue blocked more than eight million phishing emails and took down nearly 14,000 fraudulent websites. But the fraudsters are nothing if not persistent.

Traditionally, they target two key times of the year: July when people are renewing their entitlement to tax credits and December in the run-up to the end of January deadline for completing self-assessment tax returns and paying any tax owed.

Worryingly, their emails are more authentic than ever before. In the past, some of them were littered with spelling mistakes and compiled so poorly that most recipients knew they were not genuine straightaway.

But not as much the current ones. Reader James Anderson, a 72-year-old retired teacher from Winchester, has received two such scam emails in recent weeks.

Both were from HMRC Tax Refund Services and each promised James a refund - £907.41 first time around and then £1,098.54.

This second email looked as if it could have been official because of its near-perfect rip off of the HM Revenue & Customs logo.

James files a tax return every year and is meticulous about getting his tax affairs in good order, so he was not tempted by either offer. But he says he can see how some people may fall for the bait.

He adds: 'These phishing emails are getting more sophisticated. When someone is told they are due a refund and they are given details of the local "tax credit officer" and their "tax refund ID number" you can understand why some bite.'

James believes the Revenue should come down on these fraudsters 'like a ton of bricks' and close them down. 'I get the impression it is not doing enough and doesn't see this fraudulent activity as its problem. But it is.

'We are being pushed all the time to both pay our taxes and file our tax returns online. So it should do everything possible to keep fraudulent emails out of our inboxes. I see it as a law and order issue. The Revenue must ensure law and order is maintained.'

The Revenue, which received more complaints in the last tax year than any since the 2008 financial crisis, says it never notifies taxpayers by text or email of a tax rebate. It also would never use such communication tools to request personal or financial details.

On Friday, it said it took taxpayers' data security 'extremely seriously'. It also confirmed it was working with law enforcement agencies worldwide 'to bring down the criminals behind these scams'.

Key steps to beat fraudsters

- To report a suspicious email, go to:

- For help on telling the difference between genuine Revenue and phishing emails, visit:

- If you receive a telephone call from someone claiming to be from the Revenue and requesting either your bank account or personal details because you are owed a tax refund or maybe have a tax debt, it will invariably be bogus.

- Report any incident to Action Fraud at

(1st December 2016)

(London Evening Standard, dated 19th November 2016 author Francesca Gillett)

Full article [Option 1]:

A gang of north London internet shopping fraudsters who duped hundreds of people out of £600,000 through fake adverts including on Gumtree and Airbnb have been jailed.

The scammers posted bogus ads for cars and property rentals and set up a sham online shopping website pretending to sell washing machines, cookers, computers and phones.

But when victims tried to enter their card details, the swindlers lied and claimed the card had been declineMost of the victims never heard from the fake business again, while others found their stolen card details were being used to make more fraudulent purchases.

Two men and their accomplices, a man and a woman, were sentenced for their part in the scheme.

Horatiu Sbughiu, 32, of East Drive in Barnet, used his Toshiba laptop to carry out over 200 fraudulent transactions and steal more than £387,000.

Cristian Nicolaescu, 28, of Spring Garden, Redbridge, used his laptop to carry out over £300,000 worth of fraud and used counterfeit Romanian ID cards, false proof of address and false employment references to open mule accounts.

The pair pleaded guilty to conspiracy to commit internet shopping fraud and possessing a laptop for use in fraud and were jailed for four years at Harrow Crown Court on Friday.

Money laundering accomplices Nicolae Boieru, 40, and Alexandra Gyor, 28, both of Spring Garden in Redbridge, were also caught and pleaded guilty to laundering the proceeds of the fraud.

Boieru was locked up for eight months' while Gyor received a 12 month community order with unpaid work.

DC Chris Collins of the Met's online fraud team, said: "These individuals duped over 500 people after fraudulent adverts, usually for motor vehicles and property lettings, were placed on classifieds websites such as Autotrader, Gumtree and Airbnb.

"In addition, a series of wholly fake websites were set up mimicking an online shopping store purporting to sell electronic goods such as washing machines, cookers, computers, mobiles and cameras."

(1st December 2016)

(International Business Times, dated 27th October 2016 author India Ashok)

Full article [Option 1]:

A new active Angler phishing social media scam campaign has been identified by security researchers, which is targeting all major UK banks and their customers. The scam campaign involves hackers creating fake Twitter accounts, posing as customer support staff, in efforts to hoodwink customers into divulging credentials.

In this case, ProofPoint researchers noted that the hackers operating the Angler phishing campaign were monitoring bank customers' accounts on Twitter. They hijacked conversations users attempted to have with genuine support staff of banks, and redirected customers to a fake support page.

For instance, when a customer tweeted to the genuine Barclay's bank support account (@BarclaysUKHelp), hackers hijacked the request of support by replying with a fake customer support account (@BarclaysHelpUK).

Proofpoint researchers said: "Angler phishing is named after the anglerfish, which uses a glowing lure to bait and eat smaller fish. In this attack, the 'lure' is a fake customer support account that tricks your customers into giving up credentials and other sensitive information."

Social media phishing campaigns have increasingly become popular among hackers looking to gain access to sensitive user data. Proofpoint had previously stated that the firm had seen a 150% rise in social media phishing in 2016. In addition to banks, such campaigns target major brands, especially those that rely heavily on social media to advertise their products and connect with their consumers.

Such phishing campaigns are fairly simple to execute and difficult to defend, especially given that customers are often redirected to authentic seeming fake websites, designed to grab user data when victims unknowingly provide their usernames and passwords.

The fake accounts are generally successful in duping users, especially given that the language and tone used is similar to that of authentic support accounts. Moreover, the fake website is also designed such that it looks similar to authentic login pages commonly used by banks.

"This method of phishing is highly effective because your customers are already expecting a response from your brand. Unfortunately, angler phishing is part of a broader trend in social media fraud," said Proofpoint researchers.

Proofpoint is yet to comment on which banks have been targeted by the attack so far, IBTimes UK has reached out to the firm and will update the article in the event a response is provided.

(1st November 2016)

(Described by a victim, 2016)

You arrive at your hotel and check in at the front desk. Typically when checking in, you give the front desk your credit card details (for any charges to your room) and they don't retain the card.

You go to your room and settle in. All is good.

The hotel receives a call and the caller asks for (as an example) room 620 - which happens to be your room.

The phone rings in your room. You answer and the person on the other end says the following:
'This is the front desk. When checking in, we came across a problem with your credit card information.
Please re-read me your credit card numbers and verify the last 3 digits numbers at the reverse side of your card.'

Not thinking anything wrong, since the call seems to come from the front desk you oblige. But actually, it is a scam by someone calling from outside the hotel. They have asked for a random room number, then ask you for your credit card and address information.

They sound so professional, that you think you are talking to the front desk.

If you ever encounter this scenario on your travels, tell the caller that you will be down to the front desk to clear up any problems.

Then, go to the front desk or call directly and ask if there was a problem. If there was none, inform the manager of the hotel that someone tried to scam you of your credit card information, acting like a front desk employee.

This was sent by someone who has been duped........ and is still cleaning up the mess.

(1st November 2016)

(BT News, dated 23rd October 2016)

Full article [Option 1]:

Aldi shoppers are being targeted by the latest fake voucher doing the rounds online.

The supermarket used its Facebook page to alert shoppers about a fake £85 Aldi voucher being circulated.

It indicates that the hoax message is asking people to share their personal details, which will help scammers commit ID fraud.

Aldi warns that it will never ask customers to share sensitive personal details for a promotion.

If someone sends you a Facebook message or email suggesting you could get an Aldi voucher treat it with caution and don't automatically click on the link.

If the the offer is too good to be true it probably is. Check for spelling mistakes and use your common sense about the details it is asking you to share.

This is the latest example of a supermarket voucher scam, which include fake vouchers and fake prize draws.

How a typical voucher scam works

Typically, a voucher scam involves a 'free' voucher, with the store ranging from Asda and Tesco to Marks & Spencer and John Lewis which can be as much as £500. A variant is to promise a free product like an iPad for "consumer testing".

The company really doesn't matter. Whatever the name, and whether the too good to be true 'promotion' is on Facebook or via email, the whole thing is a swindle. They have nothing to do with the stores and, of course, there are no vouchers.

A scam of this nature can start with you receiving a Facebook message from one of your friends. It will say something like: "Happy Christmas. Free £500 ASDA Voucher Now. (173 Left). Claim your Free £500 ASDA Voucher this Christmas. Offer still open!"

If you fall for it, you go to a site which looks as though it belongs to the company in question. The scamsters rip off logos hoping to dupe people into applying for their 'free' shopping opportunity. Here, you will be led through some questions to get your voucher.

You will have to supply your mobile number and your address - ostensibly so your "prize" can be sent out.

In reality, your phone will be hit by premium rate calls because each of the very easy questions costs £5, as shoppers caught by a Tesco prize draw scam are discovering. This may appear in the very small print, but who reads that when they are looking for a big boost to the Christmas spending budget?

At the same time, this "free offer" will also go to your friends.

In other cases, the link you get in the email or over social media may send you to a site which asks you to share more personal details, which puts you at risk of ID theft.

(1st November 2016)

(The Telegraph, dated 5th October 2016 author Sam Dean)

Full article [Option 1]:

Jockeys have been forced to alter their signatures or avoid signing autographs after being targeted by a series of frauds.

The Professional Jockeys Association has criticised the "ineptitude of the major high street banks" in tackling the scam, which has seen more than £200,000 stolen from around 30 jockeys.

The fraud has been ongoing since 2014 and the body is now urging its members to move their money out of the "unwilling and incapable" banks.

The money has largely been withdrawn over the counter, by fraudsters possibly using fake IDs. One jockey told the Telegraph that the "very clever" criminals can even take money from cash machines without the account holder's bank cards.

The ongoing scam, which was first reported in 2014, has been taking place across the country and involves a number of major banks. It was described as "frightening" by jockeys.

West Sussex-based rider Jim Crowley, who had more than £10,000 taken from his account, said he has had to change the signature he gives to autograph-hunters after he was defrauded twice, despite changing banks after the first fraud.

He added that he even received a phone call from a man purporting to be one of the fraudsters, who warned him the group would continue to target his account.

"It is very frustrating because you have got things like direct debits and mortgages and you can't just shut your bank account down," he said. "These fraudsters know that.

"One of them actually rang me and told me they were doing it. He was giving me the heads-up and told me to leave the high street banks, but by this stage I had already left."

Andrew Tinkler, a jockey from Cheltenham, said: "It was a little bit frightening that someone would do that and it was a disappointing that they were able to.

"Whether there are people out there trying to get an autograph for the wrong reasons, it's a possibility. Personally I would be very wary of it."

In a newsletter to its members, the PJA said banks were "unwilling and incapable" of stopping the fraudsters.

Paul Struthers, the body's chief executive, said it is suspected that the jockey's details had been "leaked".

He said: "The only conclusion we can come to is that somehow, somewhere, whether it's one individual or a group, there is a leakage of information.

"You are fundamentally left with the question of why it is happening. It's not like it happens with one bank and then stops and never happens again. It's ongoing and these are not small sums of money."

A spokesman for Financial Fraud Action UK said: "Banks take fraud extremely seriously and stopped £7 in £10 of all attempted fraud last year.

"Fraudsters may try to use stolen or fake documents in order to commit their crimes, and banks do have systems in place to prevent this.

"The spate of crimes targeting jockeys suggests fraudsters may have gained access to data relating to these victims. It's important that any organisations holding personal data take steps to ensure it is safeguarded."

A new kind of fraud

Action Fraud is warning of a new form of fraud in which the public are sent letters, texts or emails asking them to phone their banks.

There is no request for passwords or other personal information, so many recipients may phone the number provided.

When your call is answered, a recording device is switched on. Your call is then transferred to a legitimate phone line operated by your bank, where you log in as usual by providing key letters of your password and other information. All of this is recorded, allowing the fraudster to build up information which could be used in future to access your accounts.

"The reason why this scam is so successful is because the fraudster's presence is unknown to both the victim and the bank," Action Fraud said.

Customers should only ever use phone numbers displayed on banks' websites or on statements, it said.

If you are responding to a message or letter, you should tell the bank member of staff at the outset of the call, it advised.

(1st November 2016)

(The Telegraph, dated 10th October 2016 author Camilla Turner)

Full article [Option 1]:

Broadcaster Gloria Hunniford has said she lost all faith in banks after fraudsters stole £120,000 from her account.

The veteran broadcaster had her savings taken by a woman pretending to be her by using a fake driving licence earlier this year.

Ahead of a new episode of the BBC show Rip Off Britain, the 76-year-old Loose Women panelist urged banks to do more to protect their customers' money.

Her bank, Santander, said it is striving to make improvements to stop similar offences taking place.

Hunniford said: "It turned out complete strangers could get their hands on my money easier than I can.

"I have to admit that since this whole thing happened, personally I have lost all faith in banks, and my big question is, are they really doing enough to keep every customer's money safe?

"Now, not in a million years would I expect everybody to know who I am or what I look like, and I totally get it that you don't have to dress up to look like somebody in order to impersonate them.

"But I would expect that the banks would carry out stringent security checks before they literally handed over tens of thousands of pounds to a stranger."

In January, Hunniford had her bank account emptied just days after an imposter posed as the star arrived at a Santander branch with her "daughter" and "grandson".

Personal banker Aysha Davis, 28, said the woman told her she had "a few bob" in there and had come to add the teenager as a signatory because she had been ill.

She then helped them complete the paperwork, including photocopying their driving licences, at the Croydon North End branch.

Davis was initially accused of being part of the plot but was acquitted after less than 30 minutes of jury deliberation after saying the TV star was "not of my time".

Rip Off Britain, which features the stories of several people who have lost thousands of pounds in similar cons, will be broadcast on BBC One at 9.15am on Monday.

A new kind of fraud

Action Fraud is warning of a new form of fraud in which the public are sent letters, texts or emails asking them to phone their banks.

There is no request for passwords or other personal information, so many recipients may phone the number provided.

When your call is answered, a recording device is switched on. Your call is then transferred to a legitimate phone line operated by your bank, where you log in as usual by providing key letters of your password and other information. All of this is recorded, allowing the fraudster to build up information which could be used in future to access your accounts.

"The reason why this scam is so successful is because the fraudster's presence is unknown to both the victim and the bank," Action Fraud said.

Customers should only ever use phone numbers displayed on banks' websites or on statements, it said.

If you are responding to a message or letter, you should tell the bank member of staff at the outset of the call, it advised.

(1st November 2016)

(BBC News, dated 22nd June 2016 author Jane Wakefield)

Full article :

A new scam, in which fraudsters pose as legitimate internet service providers to offer bogus tech support, either via the phone or on the net, is on the rise, the BBC has found.

It is a twist on an old trick which involved cold-calling a victim - often claiming to represent Microsoft - and charging for fake tech support.

The new variants have been spotted in the UK and US.

BT said that it was investigating the issue.

The online version of the scam involves a realistic pop-up that interrupts a victim's normal browsing session with a message that appears to be legitimate and seems to come from the victim's real ISP.

US security firm Malwarebytes has spotted several from US and Canadian ISPs, including ComCast and AT&T. It has also seen webpages created for UK ISPs, including TalkTalk and BT.

The pop-up contains a message saying that the ISP has "detected malware", and urging victims to call a number "for immediate assistance".

Jerome Segura, a consultant at security firm Malwarebytes, has been investigating tech support scams for years but when he came across the latest iteration, he nearly fell for it.

"It caught me by surprise and I almost thought that it was real. It was a page from my ISP telling me my computer was infected. It was only when I looked in closer detail that I saw it was a scam," he told the BBC.

He is not surprised scammers have found new methods to fool people.

"Cold calls are very wasteful and after years of being told, people are starting to realise it is a scam so the scammers have to find new ways to make it personalised and legitimate. It is more cost-effective and efficient than cold-calling," said Mr Segura.

Fraudsters do still use cold-calling but their methods here have also become more sophisticated - instead of a vague description of themselves as a Windows Support agent, many are now claiming to represent legitimate ISPs, with very believable answers when they are challenged.

Take David from the Midlands, who falls into the category of a typical victim, being older and not entirely tech-savvy. He is, coincidentally, related to a Malwarebytes employee.

He recently received a phone call from someone claiming to represent the BT Rescue centre.

The fact that the call had come up as an international number aroused David's suspicions.

"We get inundated periodically with international calls and we know that they are either trying to sell us something or are up to no good," he told the BBC.

The caller tried to persuade David that he had been monitoring his BT broadband service for some time and had become aware of a number of viruses that needed immediate attention.

David was not sure - he had fallen for a similar scam a few years ago and was not ready to do so again. He asked for the caller's telephone number and address and told him he would check with BT and get back to him.

The number the man gave him to call back on looked like a London one (with a 0203 prefix) and the address he gave was the actual address of BT's London headquarters.

After several unsuccessful attempts to get through to BT's genuine helpline number to verify the call, David decided to ring back.

"I got through to what sounded like a call centre and a young lady said 'this is BT Support and I will put you through to a technician'. It all sounded very believable.

"The technician, who I think was a different person to the original caller, said he was from the BT rescue team and had been monitoring the use of my BT broadband and had been getting signals that it had been hacked into," David told the BBC.

He asked David to type Alureon into Google, to show him the virus he was claiming had infected his computer. Alureon is a real virus that buries itself deep inside the Windows operating system.

After scaring him with the possible dangers, he asked David to visit a website and enter a code which gave the technician remote access to his computer.

He showed him a range of programs on his computer that looked as if they could have a problem - one of the issues with the Windows operating system is that it shows a lot of errors that can look suspicious to the untrained eye.

Malwarebytes has recently seen a lot more cases of scammers targeting Mac computers but Microsoft remains the main method because it is fair bet that many older users will have a computer that runs a Windows operating system.

The software giant is well aware of the tech support scam and since May 2014, has received over 200,000 customer complaints regarding them. This year alone, an estimated 3.3 million people in the United States will pay more than $1.5bn to scammers, according to its figures.

David was starting to believe that the call he had received was genuine but when the "technician" asked him to log into his banking site, he felt something was wrong and hung up.

He is angry that he fell for the scam and even more angry with BT.

"When I needed to get through to them, I couldn't," he said.

In a statement BT told the BBC: "BT takes the security of our customers' accounts very seriously. We have recently been proactively warning our customers to be on their guard against scams. Fraudsters use various methods to 'glean' your personal or financial details with the ultimate aim of stealing from you.

"Our advice is that customers should never share their BT account number with anyone and should always shred bills. Be wary of calls or emails you're not expecting. Even if someone quotes your BT account number, you shouldn't trust them with your personal information."

Older, less tech-savvy individuals like David tend to be the main targets of such scammers and, once they fall for it, are called again and again by fraudsters, Courtney Gregoire, a senior lawyer at Microsoft, told the BBC.

"Some lose hundreds of thousands of dollars," she said.

"80% of what we see are cold callers but we are now seeing traffic for the new type of pop-up fraudsters," she added.

As well as seeing examples of fraudsters using bogus ISP pop-ups, the cybercrime unit at Microsoft has also seen pop-ups which lock a computer and demand a fee.

The firm has begun talks with ISPs, including US-based ComCast and the UK's BT on the issue.

In December 2014, in its first big strike against technical support scamming companies, Microsoft's Digital Crimes Unit filed a civil lawsuit in a federal court in the Central District of California against Omnitech Support for unfair and deceptive business practices and trademark infringement.

The case was settled out of court under a confidential agreement.

According to Ms Gregoire, Microsoft has tracked many of the call centres from which the scams are run back to India and is now working with Indian law enforcement to crack down on them.

Raids on such call centres are starting to shed light on the operation behind the scam.

"We will find out whether the employees know that they are engaged in a scam or whether they were just reading from a script," she said.

The pop-up scam seems to be mainly focused in the US at the moment, with Verizon, AT&T and TimeWarner all being impersonated but Malwarebytes also discovered fake pages set up for BT, PlusNet, Sky and TalkTalk.

Security firm Symantec told the BBC it had seen a 200% rise in tech support scams this year - with 100 million malware exploits related to them.

Consultant Sian John said the firm had seen more and more scammers using pop-ups, in a reversal of the traditional cold call.

"The scammers are trying to get people to call them - people are literally paying to be scammed."

There are two main ways that the scammers make money from tech support scams.

Users are either persuaded to download software that will install malware - this could be banking trojans that will offer direct access to all your financial information or malware that joins your computer to a botnet.

In other cases, people are persuaded to sign up for bogus tech support services, giving credit card details that provide the scammers with a one-off payment of around $200.

In November the FBI shut down several tech support scammers going under the name of Click4Support operating in Philadelphia and Connecticut.

It is believed that the scammers had been in operation since 2013 and during those two years had made more than $17m.

How do scammers know your ISP?

In the case of cold calls it may just be a lucky case of guessing a common ISP but in the case of pop-ups, there is an altogether cleverer way for fraudsters to glean information that can help them.

How it works

- Big ad networks allow users to win ad space on websites by bidding at a particular price
- Criminals are taking advantage of this to place adverts which are infected with a single "bad" pixel
- This pixel can redirect users and infect them in the background when they are browsing on a perfectly legitimate site - they do not even need to click on the ad
- The malware in the ad redirects users to a website in the background - invisible to the user - which checks their computer and discovers their IP address
- From the IP address it is easy to find out which ISP owns which IP address
- Victims will be served a pop-up tailored for their specific ISP which warns them their computer is infected and gives them a number to call

(1st November 2016)

(Action Fraud, datd 12th September 2016)

There is a phishing email currently in circulation that claims to be from the City of London Police. The departments that it claims to represent include the 'Fraud Intelligence Unit' and the 'National Fraud Intelligence Bureau'. The email is titled 'compensation fund' and has a letter attachment that claims to be offering financial compensation to victims of fraud. The letter uses the City of London Police logo.

The letter states that in order for compensation to be arranged, the receiver of the email should reply disclosing personal information. It states that HSBC and the South African Reserve Bank have been chosen to handle the compensation claims. All of these claims are false.

The email and letter are fraudulent and should not be replied to.

Protect Yourself

- Opening attachments or clicking links contained within emails from unknown sources could result in your device being infected with malware or a virus.

- The City of London Police and the National Fraud Intelligence Bureau will never email you asking for you to disclose personal information.

If you believe you have become a victim of this fraudulent email get your device checked by a professional and make a report to Action Fraud, the UK's national fraud and cyber crime reporting centre:

(1st October 2016)

(Action Fraud, dated 1st September 2016)

Seasonal rental fraud is an emerging trend with students looking for suitable accommodation around August, before the start of the new term. Fraudsters use a variety of websites to advertise available properties to rent, often at attractive rates and convenient locations. Adverts will seem genuine, accompanied by a number of photos and contact information to discuss your interest.
Due to demand, students will often agree to pay upfront fees to secure the property quickly, without viewing the property, only to discover that the fraudster posing as the landlord does not have ownership of the property, or often there are already tenants living there.

Protect Yourself

- Only use reputable letting companies.

- Do some online research such as using Google maps to check the property does exist.

- Make an appointment to view the property in person.

- Always view the property prior to paying any advance fees.

- Look out for warning signs, such as landlords requesting a 'holding deposit' due to the property being in high demand.

- A landlord will usually conduct some due diligence on any successful applicant. Be wary of handing over cash without the landlord requesting employment or character references.

If you, or anyone you know, have been affected by this fraud or any other scam, report it to Action Fraud by calling 0300 123 2040 or visiting

(10th September 2016)

(Symantec Official Blog, dated 14th July 2016 author Dinesh Venkatesan)

Full article [Option 1]:

In March 2016, newer variants of the Android.Fakebank.B family arrived with call-barring functionality. The feature aims to stop customers of Russian and South Korean banks from cancelling payment cards that the malware stole. The latest version of the threat shows how Android banking malware continues to evolve.

Once installed, the new Android.Fakebank.B variants register a BroadcastReceiver component that gets triggered every time the user tries to make an outgoing call. If the dialed number belongs to any of the customer service call centers of the target banks, the malware programmatically cancels the call from being placed.

We have observed the variants targeting financial institutions in Russia and South Korea. The following are some of the customer care numbers that the variants are blocking:

- KB Bank: 15999999
- KEB Hana Bank: 15991111
- NH Bank: 15442100 and 15882100
- Sberbank: 80055550
- SC Bank: 15881599 and 15889999
- Shinhan Bank: 15448000, 15778000, and 15998000

Typically, when a banking customer calls a customer care number through a registered mobile device, their call will be routed to an Interactive Voice Response (IVR) System. By blocking these numbers, the malware creators can stop a victim from asking their bank to cancel payment cards that the variants stole. This also gives the malware more time to steal data from the compromised device. Affected users can still find other channels, such as email or landline calls, to reach customer care.


Symantec recommends users follow these best practices to stay protected from mobile threats:

- Keep your software up to date
- Refrain from downloading apps from unfamiliar sites and only install apps from trusted sources
- Pay close attention to the permissions requested by apps
- Install a suitable mobile security app, such as Norton, to protect your device and data
- Make frequent backups of important data

(10th September 2016)

(Symantec / Norton Website)

Full article [Option 1]:

uaware note : This webpage includes access to other articles on crime and scam prevention. The inclusion of this article does not imply an endorsement of Symantec or its products.

Our computers, smartphones and tablets are an integral part of daily existence. Don't believe me? Just think about the last time you left your phone at home or suffered through an Internet outage. But when you've been online for a long time, it can get easy to be a little too casual about your digital security. So read on to make sure you've covered your bases when it comes to keeping your devices, your wallet, and yourself safe and sound.

1. Back it up
This one should be a no-brainer, but losing data because it wasn't properly backed up is still a sadly common digital disaster. You can lose your data a million different ways-hardware failure, a lost laptop, security breach, elephant stampede-and performing regular backups with reliable methods is the only way to avoid eventual tragedy. Choose a physical means of backup via external hard drive or other device, or choose a solution like Norton Online Backup* that backs up your photos, music, and other files automatically.

2. You only have one reputation…protect it!
Here's an aspect of security that flies under the radar until it's too late, the need to keep your online image intact. Everything you do, comment on, purchase, like or "retweet" eventually adds up to your public digital personality. And this personality is projected to the world, including potential employers, college admissions offices, health insurance companies, and banks vetting you for a mortgage. In fact, a recent Microsoft privacy survey determined that a full 14% of adults have experienced negative consequences due to online activities, including being fired from a job (21%) or losing their health insurance (16%).

So, how do you protect your online reputation? Consider separating your personal and professional profiles by using different addresses and screen names, one for your personal activities and another for your professional endeavors. And be sure to double-check your security settings on your social networking sites, personal blogs, and other places where you maintain personal data.

We also recommend using the "inner-mother" test. Basically, before you post that incriminating picture, make that snarky comment, or toss up that incendiary blog, think of how your mother would feel if she saw it. Now, we know this isn't the most scientific way to protect yourself because every mother is different! but it will at least give you a chance to consider the consequence of your actions. Believe me, the 14% of kids who didn't get into the college they wanted because of their online image, probably wish they had listened to their inner-mother.

3. Take information-gathering scams personally.
We recommend taking the old saying "if it sounds too good to be true, it probably is" to heart whenever you're offered something online. Phishing scams involving sites that lure you in with fraudulent emails or fake messages from your bank abound, all with an aim at gathering your most sensitive information…or at the very least, your credit card number.

And have you heard of Smishing?. Smishing uses text messages to lure people into giving up their sensitive information. Posing as a bank, their bogus texts claiming to be from your bank show up on your smartphone requesting your personal data and passwords in order to rectify a problem with your account. Protect yourself by never, ever responding to a text that requests personal information. If you are concerned about your account, contact your bank directly.

4. Malware is everywhere.
Downloaders of free apps and software, beware! No matter what the device, if it connects to the Internet you are at risk of opening the door to malicious software bearing viruses, worms, spyware, Trojan horses, and all matter of nasty stuff. The best defense is a strong offense basically, only download software from well-known, trusted entities and look for established, highly-rated apps from your device's official App Store.

(10th September 2016)

(The Telegraph, dated 23rd August 2016 author Telegraph Reporters)

Full article [Option 1]:

A wine company boss who cheated his clients out of their fine vintages is facing jail.

Jonathan Piper, 30, was the sole director of Embassy Wine UK Ltd, which claimed to act as brokers for investors in fine wine.

The company cold-called prospective investors and persuaded them to hand over control of their collections to Embassy, which then sold them and broke off contact.

These "clients" were also made to pay fees before sales could be transacted. Victims took out bank loans, used credit cards and even cashed in pensions to pay the fees.

At least five people lost up to £300,000 in the scam - one of whom lost £150,000 out of her life savings - which operated between June 2011 and October 2014.

Piper used the cash from the con to fund a lavish lifestyle and spent almost £90,000 on a BMW X6 and Range Rover Sport.

None of the income he generated between 2008 and 2014 - either legitimately or otherwise - was declared to HMRC, which was subsequently swindled out of £51,104 in income tax payments.

Piper appeared at Snaresbrook Crown Court on Tuesday, where he had been due to stand trial accused of fraud by false representation, cheating the Inland Revenue, fraudulent trading and two counts of converting criminal property.

Prosecutor Leo Seelig said: "The prosecution would simply say that this was a sophisticated and an involved fraud which preyed on vulnerable and elderly victims."

The court heard that Piper, now working as a scaffolder, intended to borrow money from friends in order to repay a portion of the money, which he put at closer to £200,000, following his guilty pleas.

"It is his hope that he will be able to reduce the amount that is owed to the victims before sentencing," said Thomas Day, defending.

Judge Louise Kamill said: "I have listened very carefully to Mr Day, but I am afraid I am not going to grant bail.

"It seems to me before reparations are proposed, first of all, they will of course be taken into account by the sentencing court.

"Secondly, these reparations are not going to be personally made by Mr Piper. He never has done and nothing has been done to date.

"If people are intending to make a dent in the losses on his behalf, their efforts of course will be taken into account. But it does not devolve around Mr Piper.

"He is not, himself as a scaffolder, going to get a loan of about £200,000 or however he is proposing to repay those losers."

She added: "These offences, just one of them alone, is likely to attract a custodial sentence and for my part I cannot see any reason why Mr Piper should not begin that sentence as of now.

"It would be unfair, in fact, for him to go out and come back knowing that there is a lengthy sentence that he will face and in those circumstances I refuse bail.

"It is my decision and I appreciate that he has been entrusted with bail in the past but he must begin his sentence now."

Piper, of Wanstead, east London, admitted cheating the Inland Revenue, fraudulent trading and two counts of converting criminal property. He was remanded in custody ahead of sentence on September 16.

(10th September 2016)

(Action Fraud, dated 22nd August 2016)

Students are being recruited, sometimes unwittingly, as "mules" by criminals to transfer illegally obtained money between different bank accounts.

What is a money mule?

A money mule is someone who is recruited by those needing to launder money obtained illegally. Criminals advertise fake jobs in newspapers and on the internet in a number of ways, usually offering opportunities to make money quickly, in order to lure potential money mule recruits. These include:

- Social media posts
- Copying genuine company's websites to create impression of legitimacy
- Sending mass emails offering employment
- Targeting individuals that have posted their CVs on employment websites

Students are particularly susceptible to adverts of this nature. For someone in full-time education, the opportunity for making money quickly can understandably be an attractive one. The mule will accept money into their bank account, before following further instructions on what to do with the funds. Instructions could include transferring the money into a separate specified account or withdrawing the cash and forwarding it on via money transfer service companies like Western Union or MoneyGram. The mule is generally paid a small percentage of the funds as they pass through their account.

Money Laundering is a criminal offence which can lead to prosecution and a custodial sentence. Furthermore, it can lead to the mule being unable to obtain credit in the UK and prevented from holding a bank account.

Protect Yourself

Be aware that the offence of money laundering carries a maximum prison sentence, in the UK, of 14 years.
Never give the details of your bank account to anyone that you do not trust.
No legitimate company will ever ask you to use your own bank account to transfer their money. Don't accept any job offers that ask you to do this.
Be wary of unsolicited emails or social media posts promising ways of earning easy money. If it seems too good to be true, it probably is.
Don't be afraid to question the legitimacy of any businesses that make you a job offer, especially if the recruitment procedure strays from the conventional.

(10th September 2016)

(Action Fraud, dated 12th August 2016)

Online shopping websites are being utilised by fraudsters to advertise nonexistent drones of various specifications for competitive prices.

Drones are personal flying devices that often carry cameras and can be navigated remotely by smartphones or hand-held controllers. Fraudsters are capitalising on their recent popularity and advertising non-existent drones at a lower value than their recommended retail price to tempt buyers.

After victims agree to purchase the drone, the fraudsters request payment to be paid via bank transfer saying that it will quicken the delivery process. After transferring the money the buyers never receive the drone and the fraudster blocks the victim to prevent further conversation.

How to protect yourself:

- Check the validity of the post.
- Avoid paying by bank transfer and instead use an online payment option such as PayPal, which helps to protect you.
- Check feedback online by searching the associated phone numbers or email addresses of the seller. Feedback will give you useful information about recent transactions other buyers may have made.
- If the item is below market value consider whether this is an opportunity too good to be true.

If you have been affected by this, or any other scam, report it to Action Fraud by calling 0300 123 2040, or visiting

(10th September 2016)

(The Register, dated 9th August 2016 author Darren Pauli)

Full article [Option 1]:

The United Kingdom has copped the largest jump in credit card fraud of all European countries with an 18 per cent rise resulting in £88m ($114m, A$150m) of additional losses.

Blighty outpaced fraud growth in Greece and Denmark where fraud increased by five percent according to Euromonitor International data mapped out by big data company FICO.

Much of the additional losses in the UK are thanks to data breaches and fraudulent online transactions, rather than ATM skimming.

Some 75 per cent of the lost cash is due to card-not-present fraud, where CVC numbers on the back of cards are not required, of which more than half was conducted in online transactions.

That form of fraud has bottomed out in Portugal where authorities have it "fully under control".

All told the UK contributed to some 43 per cent of all card fraud losses across the 19 European countries studied.

Fraud increased in 10 of those countries with Greece, Denmark, France and Russia trailing the UK with small rises in card theft.

FICO fraud consultant Martin Warwick says consumer pressures for seamless online payments frustrate security efforts.

"Banks want to avoid intervening unnecessarily when customers are shopping on the internet," Warwick says.

"E-commerce spending in the UK has nearly quadrupled since 2007, so you see why this is such a target for criminals."

Fraudsters have always moved to the easiest pickings. In Europe this has driven fraud away from point of sales terminals thanks to deployment of chip-and-PIN, to online card-not-present transactions.

They flocked to Russia to get a piece of its rapid adoption of online payments between 2010 and 2015 which amounted to a 500 percent increase in "total card payment value", according to Euromonitor.

Fraud went up some 130 per cent over that time.

America's reliance on magnetic stripe data has left it a ripe harvest for fraud. Slow chip-and-PIN deployments will help stem the flow in coming years.

Australia by contrast is one of the world's toughest places to commit fraud thanks to its widespread adoption of the most modern and secure payment methods available such as Android and Apple Pay and contactless card payments.

Base data displaying fraud :

(10th September 2016)

(Action Fraud, dated 11th August 2016)

People selling their items on online platforms are falling victim to a new type of advance fee fraud. This involves a fraudster, posing as a buyer, sending an email to the seller (victim), agreeing to the full asking price of the item. They state that they are unable to collect the item themselves and will arrange for a courier to pick it up instead.

The fraudster then sends a fake payment confirmation email from a different email address, one which falsely purports to be from a payment platform. In the course of the email exchange, the seller/victim is requested to pay the courier fee. Once the payment is made the contact is broken, the item is not picked up and the money paid for the 'courier' is gone.

An example of the most recent emails received by the victim/seller, from the 'Buyer', read:

"I want you to consider this a deal as i am willing to pay your full asking price! i actually want to buy it for a family member who is urgently in need of it, i have checked through your posting and i'm fully satisfied with it. Unfortunately, i would not be able to come personally to view/collect, i work offshore as an instructor on a oil rig so i dont have time at all, but like i said i am 100% OK with the advert"

Protect Yourself:

- Be wary when buyers wish to purchase items at the full asking price without viewing them.

- Check the validity of the payment receipt confirmation

- Avoid paying an advanced fee if you are a seller; should you choose to use a courier, arrange your own.

- Check feedback online by searching the associated phone numbers or email addresses of the seller/buyer. Feedback will give you useful information about recent transactions other buyers/sellers have made.

If you, or anyone you know, have been affected by this fraud or any other scam, report it to Action Fraud by calling 0300 123 2040 or visiting

(11th August 2016)

(International Business Times, dated 3rd August 2016 author Karthick Arvinth)

Full article [Option 1]:

The amount of money lost due to fraud on credit and debit cards in the UK rose in 2015 by 18% to £492m (€585m; $656m), fuelled by online shopping and data breaches.

The rise was the sharpest recorded in 19 European countries studied by Fico.

The software analytics firm said card fraud was a growing challenge for the financial services industry as more and more consumers conduct transactions or shop online.

The UK contributed 43% of the total card fraud losses across Europe.

Most of the increase in card fraud in Britain came from online transactions and the theft of personal data through cybercrime.

"We cardholders are very demanding, and if we don't get what we want then we let people know in the form of reviews and feedback, not to mention switching cards," said Martin Warwick, Fico's fraud chief in Europe.

"Banks want to avoid intervening unnecessarily when customers are shopping on the internet.

"E-commerce spending in the UK has nearly quadrupled since 2007, so you see why this is such a target for criminals."

Overall, 10 of the 19 countries studied saw increases in card fraud in 2015, with Greece, Denmark, France and Russia posting the highest rises after the UK.

Kendrick Sands, senior analyst at Euromonitor, warned: "The further projected increase in online payments over the forecast period suggests additional security measures will be required throughout Europe.

"If greater security measures are not adopted to combat card not present fraud, the broader advance of card payments over paper alternatives could be negatively impacted."

(3rd August 2016)

(International Business Times, dated 1st August 2016 author Jason Murdock)

Full article [Option 1]:

A suspected ringleader of an international criminal network responsible for thousands of online frauds has been arrested in a joint cybercrime operation by Interpol and the Nigerian Economic and Financial Crime Commission (EFCC).

Known only as 'Mike', the 40-year-old Nigerian national is believed to have led a network of roughly 40 individuals who routinely launched cyber-attacks and malware injections against email accounts of businesses located in countries across the world, including Australia, South Africa and the US.

In total, the operation gained over $60m (£45m) in illicit revenue and, according to law enforcement, one fraud case alone resulted in a payment of a massive $15.4m (£11m).

'Mike', who was apprehended in southern Nigeria, also allegedly had "money laundering contacts" in China, Europe and the US who provided bank account details to his criminal gang.

"The main two types of scam run [by 'Mike'] targeted businesses [and] were payment diversion fraud, where a supplier's email would be compromised and fake messages would then be sent to the buyer with instructions for payment to a bank account under the criminal's control, and CEO fraud," explained Interpol in a release.

"In CEO fraud, the email account of a high-level executive is compromised and a request for a wire transfer is sent to another employee who has been identified as responsible for handling these requests. The money is then paid into a designated bank account held by the criminal."

Cybersecurity firm Trend Micro initially reported the activities of the criminal gang to authorities based on research first published in November 2014 that analysed hundreds of Nigerian scams based on 'keylogger' technology and data-exfiltration methods.

Abdul Chukkol, head of the EFCC's cyber-crime division said: "The success of this operation is the result of close cooperation between Interpol and the EFCC, whose understanding of the Nigerian environment made it possible to disrupt the criminal organisation's network traversing many countries, targeting individuals and companies."

"For a long time we have said in order to be effective, the fight against cyber-crime must rely on public-private partnerships and international cooperation," he added.

Both 'Mike' and another suspect, who has not been named, now face charges including hacking, conspiracy and obtaining money under false pretences.

(1st August 2016)

(Action Fraud, dated 15th July 2016)

Fraudsters are impersonating telephone service providers and contacting their clients offering a phone upgrade on a low monthly payment contract. The fraudsters will glean all your personal and financial details which will then be used to contact the genuine phone provider and order a new mobile phone handset. The fraudsters will either intercept the delivery before it reaches the victim's address or order the handset to a different address.

Protect yourself

- Never provide your personal information to a third party from an unsolicited communication.

- Obtain the genuine number of the organisation being represented and verify the legitimacy of the communication.

- If the offer is too good to be true it probably is.

- If you have provided personal information and you are concerned that your identity may be compromised consider Cifas Protection Registration.

If you have been a victim of fraud report it to Action Fraud on 0300 123 2040 or

(1st August 2016)

(Action Fraud, dated 11th July 2016)

With summer holidays fast approaching, individuals are often more exposed to travel booking frauds when looking for last minute package deals / cheap flights. Whether paying upfront for a family holiday or simply booking a flight, payments are transferred only to discover that the holiday / airline ticket does not exist and was sold to you by a bogus travel company. Fraudsters will often lure in potential customers with low prices and 'one time only' offers that are simply too good to pass up, requesting payment by the preferred method of direct bank transfer.


- Paying for a holiday / airline tickets / accommodation via direct bank transfer. No reputable company will ever request payment via this method.

- Responding to unsolicited calls, texts or emails offering holidays at incredibly low prices.

Protect Yourself

- Whenever possible, pay for your holiday by credit card as it offers increased protection.

- Always remember to look for the 'https' and locked padlock icon in the address bar before entering your payment details.

- Never feel pressured to make a booking for fear that you will miss out on this 'low price' opportunity. If you have never used the company before, take your time to do some online research to ensure they are reputable.

- Should you make a flight or hotel booking through a travel company, feel free to separately check with the hotel / particular airline that your booking does indeed exist.

If you have been affected by this, or any other scam, report it to Action Fraud by calling 0300 123 2040, or visiting

(1st August 2016)

(The Guardian, dated 19th July 2016 author Press Association)

Full article [Option 1]:

A line-up of 10 wanted alleged con artists has been released in advance of new crime figures that are expected to reveal the huge scale of fraud in the UK.

Details of the alleged criminals, published on Tuesday by City of London Police and the National Crime Agency, include Alex McKenzie, 33, from London, who is accused of targeting victims using the gay social networking app Scruff, gaining their trust by claiming to work for MI6.

It is claimed he conned two former lovers and one of their parents by taking out credit cards, bank accounts and loans worth a total of £300,000 in their names.

Another is Bollywood film producer Sandeep Arora, 42, from Beckton, east London, who allegedly claimed £4.5m in VAT and film tax rebates for movies that either did not exist or with which he had no involvement.

Also on the list is Bayo Lawrence Anoworin, 41, from Lagos, Nigeria, who is wanted by Lincolnshire police over an alleged scam by a gang that stole more than £12m from NHS trusts in the UK and Guernsey between January 2011 and July 2012.

The publication comes before annual crime figures due for release by the Office for National Statistics on Thursday that will include a full year of fraud and cybercrime for the first time.

Preliminary figures released in October 2015 found that there had been 5.1 million incidents of fraud in England and Wales in the previous year, affecting an estimated one in 12 adults and making it the most common form of crime.

Donald Toon, director of the NCA's economic crime command, said: "The annual losses to the UK from fraud are estimated to be more than £190bn. Behind this headline figure lies the actions of criminals like the wanted fraudsters highlighted in this appeal, who have caused distress and loss to people and businesses up and down the country.

"Law enforcement cannot tackle this problem alone. It is only by working together, individuals, law enforcement, government and the private sector that we can protect the UK against fraud.

"It is important that anyone able to provide information on the 10 fraudsters we are highlighting today takes the opportunity to pass that information to law enforcement to help bring them to justice."

(1st August 2016)

(Action Fraud, dated 28th June 2016)

The Olympic Games in Rio de Janeiro begin on 6th August 2016 and as of late June, you will be able to purchase tickets from the Rio 2016 ticket offices. Purchasing from an unauthorised seller or a ticket tout could leave you out of pocket; not only are the tickets advertised at inflated prices, but there is also a risk that the tickets purchased are counterfeit or do not exist. Any individual with a counterfeit ticket will be refused entry.

To help protect yourself, the list of authorised sellers has been published on the official website and provides a list of trusted resellers; this can be found at Equally, tickets purchased that are no longer needed can be sold through the Rio 2016 website for a 100% reimbursement of the amount paid if the tickets are resold.

Protect yourself
- When purchasing from another company or individual, ask questions; specifically when you will receive the ticket and what type of ticket you are purchasing.

- Pay for tickets by using a credit card or trusted payment service. Payments made by bank transfer may not be recoverable.
- Always check that the payment screen is secure by looking for the padlock symbol or making sure the website/url begins with "https".

If you have been affected by this, or any other scam, report it to Action Fraud by calling 0300 123 2040, or visiting

(1st July 2016)


(Action Fraud alert, dated 27th June 2016)

The National Fraud Intelligence Bureau (NFIB) has noticed an increase in reports of fraudsters placing fake letter boxes on residential properties in an attempt to harvest the mail. Residents are sometimes unaware of the fake letterbox as the fraudsters will periodically remove the item, which may leave notable markings. The mail is then used to open various lines of credit with financial providers in the name of the innocent resident.

Protect Yourself
- Be vigilant and check for any suspicious activity, tampering of your post/letterbox or for suspicious glue markings on the wall.
- Check all post received from financial institutions, even if it appears unsolicited.
- Consider reporting theft of mail to your local police force and any cases of identity fraud to Action Fraud.
- If you have been a victim of identity fraud consider Cifas Protection Registration (

If you, or anyone you know, has been affected by this fraud or any other scam, report it to Action Fraud by calling 0300 123 2040 or visiting

(1st July 2016)

(Action Fraud, dated 24th June 2016)

Online shopping websites are being utilised by fraudsters to advertise vehicles for sale which do not exist. After agreeing to purchase the vehicle via email with the fraudsters, buyers then receive emails purporting to be from Amazon Payments and/or Amazon Flexible Payment Service stating that their money will be held in an 'escrow account' (a bank account held by a third party, used as a temporary holding account during a transaction between two parties- for a 7 day 'cooling off' period). Once happy with the purchase the email indicates the money will be released to the seller, therefore offering 'buyer protection'. In reality these emails are fraudulent and do not come from Amazon. The bank accounts are controlled by fraudsters.

Protect yourself
- Remember that Amazon does not provide an escrow account to purchase items.
- Meet the seller 'face to face' and view the vehicle before parting with any money.

- Be vigilant of emails that purport to be from genuine companies and check the 'domain' name of the email address for any inconsistencies.
- Check feedback online by searching the associated phone numbers or email addresses of the seller.
- If the vehicle is below market value consider whether this is an opportunity too good to be true!

If you, or anyone you know, have been affected by this fraud or any other scam, report it to Action Fraud by calling 0300 123 2040 or visiting

(1st July 2016)

(Action Fraud, dated 10th June 2016)

Businesses are being contacted for the sale of goods or services by fraudsters, who request to pay by cheque. The fraudster sends a cheque with a higher value than the amount expected, and then sends the business a request for the difference with instructions on how it should be paid back. This is usually by bank transfer or through a money transfer service, such as Western Union or PaySafe. Once the 'refund' has been provided, it is realised that the cheque provided was fraudulent and no funds are credited to the business's account.

The NFIB has seen an increase of 84% in the number of counterfeit cheque frauds reported to Action Fraud since November 2015. Criminals are targeting a wide range of services including paintings or other artwork, photography and lessons, with various amounts requested to be refunded. The average amount requested to be refunded is £1,818. The highest amount requested was over £80,000.

The suspects have used pressure tactics to persuade victims to refund the amounts immediately prior to the cheques clearing.
Crime Prevention Advice
- Be cautious of payments where the amount provided is higher than expected. Refuse to provide the service unless the correct balance is received or wait until the cheque has cleared before refunding the difference.

- Always contact banks on a trusted number found on their website or correspondence that is known to be authentic to confirm whether the cheque has cleared.
- Do not feel pressured to provide a refund before the cheque has cleared.

If you have been affected by this, or any other scam, report it to Action Fraud by calling 0300 123 2040, or visiting

(1st July 2016)

(Action Fraud, dated 13th June 2016)

A new phishing campaign which has hit students of UK universities claims that the student has been awarded an educational grant by the Department for Education. The email purports to have come from the finance department of the student's university and tricks the recipient into clicking on a link contained in the message to provide personal and banking details.

One victim reported that after submitting their sensitive information (including name, address, date of birth, contact details, telephone provider, bank account details, student ID, National Insurance Number, driving licence number and mother's maiden name), they were taken to a spoofed website which appeared like a genuine website of their bank, where they were asked to type in their online banking login credentials.

Protect Yourself:

- Do not click on any links or open attachments contained within unsolicited emails.

- Do not reply to scam emails or contact the senders in any way.

- If an email appears to have come from a person or organisation you know of but the message is unexpected or unusual, contact them directly via another method to confirm that they sent you the email.
- If you receive an email which asks you to login to an online account via a link provided in the email, instead of clicking on the link, open your browser and go directly to the company's website yourself.
- If you have clicked on a link in the email, do not supply any information on the website that may open.

If you think you may have compromised the safety of your bank details and/or have lost money due to fraudulent misuse of your cards, you should immediately contact your bank, and report it to Action Fraud by calling 0300 123 2040, or visiting

(1st July 2016)

(International Business Times, dated 8th June 2016 author India Ashok)

Full article [Option 1]:
US visa applicants in Switzerland are falling victim to a hitherto unknown malware called Qarallaz RAT or QRAT, which is being distributed via Skype by an unknown entity posing as a US government official. Upon further investigation, security researchers uncovered that the malware has been active elsewhere as well, targeting US visa applicants in various countries.
F-Secure security researchers claim that hacker/hackers posing as US government officials, claiming to provide guidance on visa application procedures, have been sending people a malicious Java file named "US Travel Docs Information.jar", containing a new strain of RAT (Remote Access Trojan), which enables hackers to gain access to victims' computers. The QRAT malware has the alarming ability to seize mouse clicks, cursor movements, keystrokes and even remotely operate and manipulate webcam operations such as taking snapshots or videos.
F- Secure security researcher Frederic Vila cautions: "If you are going to look for information about travel visas, you need to double check the Skype handle and the document that you have received. Be aware that a lowercase "l" can be confused with a capital "I" or the number one (1); or a capital "O" can be confused with a zero (0). There are many ways people can be victimized, but with some scrutiny it can be prevented."

(1st July 2016)

(Action Fraud, dated 8th June 2016)

The 2016 European Football Championships will begin shortly and those wanting to purchase last minute tickets are likely to be targeted by fraudsters posing as official sellers. Purchasing from an unauthorised seller or a ticket tout could leave you out of pocket; not only are the tickets advertised at inflated prices, there is a risk that the tickets purchased are counterfeit or do not exist. Any individual with a counterfeit ticket will be refused entry.
Resale Platform

Consumers wanting to sell their tickets can do so through the resale platform, where tickets will be resold at face value. For further information please visit UEFA's website. Those seeking to purchase tickets are advised to check the site regularly as tickets will be sold on a first come first serve basis and are likely to change regularly as different tickets become available to purchase. •Only purchase tickets from an authorised seller by using the exchange portal.
- When using the portal do not be encouraged to contact the seller privately and complete the transaction outside of the portal.
- Be wary of purchasing tickets from a social media account. There is a risk that the ticket does not exist or is counterfeit. Consider conducting research on the information provided by the seller, for example a mobile phone number or email address used by the seller could alert you to any negative information associated to them online.
- Avoid making payments through bank transfer or money transfer services, as the payment may not be recoverable.

If you have been affected by this, or any other scam, report it to Action Fraud by calling 0300 123 2040, or visiting

(8th June 2016)


(Womens Weekly, dated 31st May 2016 author Frances Quinn)

Just when you though you were wise to all the latest scams, fraudsters find other ways to part you from your money.

The Grandchild in distress
In a particular nasty scam that's spead here from the US, you get a phone call or email claiming to be from your Grandchild, saying they're in serious trouble - often while travelling abroad - and need money urgently. The call may come in the middle of the night, when panic makes it easier for the person on the receiving end to get confused, and the conversation is often muffled, which is blamed on a bad line. Before you can be sure whether you are actually speaking to your Grandchild, the phone is passed to an accomplice, usually posing as a police officer / embassy official / angry road accident victim / helpful bystander, who'll instruct yu on how to send money - usually by a wire transfer system such as Western Union, which means it can't be traced or reclaimed. The "Grandchild" will also often ask you to promise not to tell their parents or siblings.
ACTION - If you've got a Grandchild who's going travelling, get them to choose a code word, known only to the family, that the can use in the unlikely event that they ever need to make a call like this. If you get such a call, try to contact the child ourself, and members of the family however convincing the story sounds, don't send money unless you're certain they are who they say they are.

The computer "kidnap"
This happens when you've clicked on an infected website or popup ad, which gives hackers access to your computer. They install "ransomware", which prevents you accessing your files and photos, then demand you pay to get them released. They may also say you've done something illegal with your computer, or install embarrassing pornography that you can't get rid of, in order to prevent you reporting the probem to anyone else.
ACTION - Make sure you have upto-date security software that includes protection against ransomeware. If you do get hacked, don't pay the money - ther is no gaurantee that the fraudsterss will release your compter at that point, and even if they do, there's a ver good chance you'll find yourself hacked again once they know you're willing to pay. If you're good with computers, there are DIY solutions availabe at (search "ransomeware"). If not, a local computer repair service should be abe to help.

The council tax scam
This one involves bogus agents contacting you by phone, or just knocking on the door, claiming that your property is in the wrong council tax band and they can get your bill reduced. Often claiming to be from the council or the Valuation Office Agency (VAO), they say you need to pay for the service and ask for money upfront, which you'll never see again, or request your bank details so they can "claim your refund" for you. There is in fact a process whereby you can challenge your council tax band, but you don't need to pay someone to do it for you, and the VOA doesn't have a list of agents that it uses to help people do it.

ACTION - Don't give your bank details or money to anyone making these claims, don't let theminto your house and if you get a call, just put the phone down. You can check your counci tax band yourself by contacting the VOA at 03000 501 501, or finding the address of your local Valuation Office at

The "Good Citizen" award
Action Fraud is warning against a scam where you get a call claiming you've won a "Good Citizen" award or grant from Government - usually several thousand pounds. You're asked to pay a much smaller amount to get access to the money. There is no such thing as the "Good Citizen" aware, and even if there were, you wouldn't be asked to pay money upfront to get it.

ACTION - If you get a cold call promising you a large sum in return for paying a small sum - whether its an award, a grant or a competitionprize - it will be a scam. Don't engage in conversation, as scammers can be very convincing - just put the phone down.

The account switch scam
This is one of the fastest-growing scams, with more than 5,000 people being conned by it last year, and many losing thousands of pounds. Thought to be made possible by scammers hacking into companies' email systems, it happens when you have a significant bill to pay or money to transfer typically after building work, or when buying a new home. You're emailed with an invoice or request for payment, which will look completely convincing and contain all the details you'd expect, but the bank details in it will be the scammers', not the firm you think you're paying. In some cases, the bnkshave refused to refund the oney, saying the transfers were made according to victims' instructions. The accounts had of course been immediately emptied and closed.

ACTION - If you get an email regarding a large payment, even if you're expecting it,call and check the amount and bank details before paying it. It's a hassle - but not as much of a hassle as losing thousands of pounds.
While some scams take your money directly, others are designed to help the fraudsters get hold of personal details, such as date of birth, bank account ad card numbers, and PINs. They're then used in identity theft, where fraudsters can set up loans and credit cards in your name, and potentially run up massive bills, or use your identity to fraudulently obtain benefits or tax rebates. If you can prove you weren't responsible, you should get your money back - but it can be a long and difficult process, and there have been cases of refunds being refused.
For advice, see

Never give out personal details in response to a phone call. If you think the call's genuine, find the organisation's number from a safe source, and call them back from another phone - scammers sometimes stay on the line so when you think you're ringing out, you're still talking to them.

- DON'T be pressurised into making a decision or paying any money immediately - thats often as sign of a scam.

- DON'T click o links in an email to pay money - always go to your bank # credit card company's website.

- DON'T be deceived by the fact that a caller seems to know a lot about you, or your accounts - there are all sorts of ways the more skillfu scammers can obtain information.

(8th June 2016)



(Action Fraud, dated 4th May 2016)

The National Fraud Intelligence Bureau (NFIB) and Action Fraud have noticed a rise in the reporting of pets, and in particular puppies and kittens, being advertised for sale via popular online auction websites. The fraudsters will place an advert of the pet for sale, often claiming that the pet is currently held somewhere less accessible or overseas. Upon agreement of a sale, the suspect will usually request an advance payment by money transfer or bank transfer. However, the pet does not materialise and the fraudster will subsequently ask for further advanced payments for courier charges, shipping fees and additional transportation costs. Even if further payments are made, the pet will still not materialise as it is likely that the pet does not exist.

Protect Yourself:

- Stay within auction guidelines.

- Be cautious if the seller initially requests payment via one method, but later claims that due to 'issues with their account' they will need to take the payment via an alternative method such as a bank transfer.

- Consider conducting research on other information provided by the seller, for example a mobile phone number or email address used by the seller could alert you to any negative information associated with the number/email address online.

- Request details of the courier company being used and consider researching it.

- Agree a suitable time to meet face to face to agree the purchase and to collect the pet. If the seller is reluctant to meet then it could be an indication that the pet does not exist.

- A genuine seller should be keen to ensure that the pet is going to a caring and loving new home. If the seller does not express any interest in you and the pet's new home, be wary.

- If you think the purchase price is too good to be true then it probably is, especially if the pet is advertised as a pure-breed.

- Do not be afraid to request copies of the pet's inoculation history, breed paperwork and certification prior to agreeing a sale. If the seller is reluctant or unable to provide this information it could be an indication that either the pet does not exist or the pet has been illegally bred e.g. it originates from a 'puppy farm'. A 'puppy farm' is a commercial dog breeding enterprise where the sole aim is to maximise profit for the least investment. Commercial dog breeders must be registered with their local authority and undergo regular inspections to ensure that the puppies are bred responsibly and are in turn fit and healthy. Illegally farmed puppies will often be kept in inadequate conditions and are more likely to suffer from ailments and illnesses associated with irresponsible breeding.

- When thinking of buying a pet, consider buying them in person from rescue centres or from reputable breeders

If you have been affected by this, or any other scam, report it to Action Fraud by calling 0300 123 2040, or visiting

(5th May 2016)

(The Telegraph, dated 29th April 2016 author Amelia Murray)

Full article [Option 1]:

A rise in conveyancing and solicitor scams has seen a number of unsuspecting property buyers robbed of hundreds of thousands of pounds with little chance of ever getting it back.
Fraudsters typically hack into solicitors' or clients' emails. They then fake emails from one party or another, instructing the victims to divert large payments to their own accounts during the final stages of a property purchase or sale.
Telegraph Money has spoken to a number of experts in cyber security and online fraud to help prevent more people falling victim.

Check your solicitor's website is secure
The first thing prospective property buyers should do is check the solicitor or conveyancer has a secure website.
The web address should start with HTTPS - the 'S' stands for secure. There should also be a padlock on the left hand side of the browser.
HTTPS pages are often used for online banking and other internet transactions and ensures the information between your browser and the website is protected.
Chris Underhill, head of IT and security at phishing detection company, Cyber Security Partners said an HTTPS page is a basic requirement for solicitors or conveyancers. Such firms hold an incredible amount of valuable data which makes them vulnerable to hackers and investing in a secure platform should be a priority.
An HTTPS page is especially critical when submitting information on the website such as through the solicitor's contact form.

Is the price right?
There is no hard and fast rule to how much you should be paying for a conveyancer. However, John Marsden, identity and fraud expert at credit agency Equifax said be wary of those which seem too cheap.
He said: "Low cost firms may not have invested as much in their security system.
"Consumers need to ask themselves how much they value a secure platform."
Rob Hailstone, ex-residential property conveyancer and founder of advice group Bold Legal, said: "Remember that buying or selling a property is one of the most important and complicated things you will ever do. Do not instruct the cheapest firm to act for you."

Ask what security measures are in place
Emails can be secured for free using three types of software - Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM) and Domain-Based Message Authentication (DMARC).
Mr Underhill explained: "SPF is a simple whitelist of computers allowed to send email on behalf of an organisation." This aims to stop emails coming through from spoof email addresses created on unknown computers.
DKIM is used as a way to preserve the content of emails to ensure they have not been tampered with.
DMARC is a method to stop illegitimate emails from being delivered.
However, it is important to realise that no matter how good the firm's online security is, the customer's system is also at risk of being hacked. You won't know when this happens.
Try not to indicate the contents of your email in the subject line, especially when discussing payments and bank details.

Establish a named contact at the firm
Customers should be able to meet and speak to a member of staff who they can contact directly.
Mr Marsden said customers should use a firm that "adopts security measures from the ground up" and that all members of staff are happy to verify information when asked to.
Mr Hailstone advised: "Visit the firm if possible. Certainly speak to the person who will be handling your transaction and make sure you feel confident in them and their ability."

Be wise with communication
Mr Underhill said the majority of solicitors and conveyancers are likely to communicate with customers over email because it is quick and cheap.
However, many firms have reverted to using fax machines as they cannot be hacked.
Where payments are concerned, experts advise customers to make the transaction over the phone or in the office.
However, if firms insist on sending details by email, customers should check the address is genuine.
"Spoof" addresses can be hard to spot - differences can be as subtle as a missing or additional letter.

Check, check and check again
Experts strongly recommend calling the firm to verify the email is real and the payment details are genuine.
A spokesman from national fraud and cyber crime reporting centre Action Fraud said: "Never accept changes of banking details at face value and to always verify with the relevant parties directly before making any changes.
"Take those few extra minutes to check, double-check and check again, otherwise there is a good chance you will be liable for the loss, and it may affect your insurance premium too.
The spokesman added: "Preferably talk to the solicitor whose voice you recognise to check the change of bank details."

Don't send the full payment straight away
Even if you verify the payment with the firm, Tony Neate, head of government backed online advice site Get Safe Online, said it is a good idea to transfer a small payment first before going through with the final transaction.
He said: "Send £1 to the firm first and check it has arrived in the right bank account before transferring the rest."

(1st May 2016)

(BT News, dated 29th April 2016)

Full article [Option 1]:

More and more of us are falling for a range of holiday and travel scams.
A new report compiled by the City of London Police's National Fraud Intelligence Bureau showed scammers stole £11.5 million from unsuspecting travellers in 2015 - up a staggering 425% compared to 2014.

Cases spike in the summer months and December, which suggests that fraudsters are homing in on holidaymakers and people making last-minute arrangements for Christmas. The most commonly-targeted age group is 30-49, many of whom will have young families, the report found.
Victims lose nearly £3,000 on average, with almost half of them (44%) saying that the fraud also had a significant impact on their health.

Common holiday scams to watch out for
Be extra careful when booking these as they're prime targets for fraudsters.

Holiday accommodation
Scammers are adept at making up fake websites which look astonishingly like the real thing. They also hack into legitimate accounts and post fake adverts on websites and social media.

Airline tickets
These cases involve customers booking a flight and receiving a fake ticket or paying for a ticket that just doesn't turn up.
Last year, flights to Nigeria, India and Pakistan were heavily targeted, suggesting that those visiting friends and family are more vulnerable.

Sports and religious trips
Tickets with limited availability are a magnet for fraudsters because of the higher prices they can grab. Experts predict that both the European Football Championships in France and the Olympics in Rio de Janeiro will be major draws for scammers.

Timeshares and holiday clubs
Victims lose between £9,000 and £35,000 each to timeshare and holiday club fraud, making up over a quarter (26%) of the total reported amounts lost.

How to avoid becoming a victim of travel fraud

Now that we're coming up to peak holiday season, it's vital that you stay sharp when booking that holiday.
City of London Police Commander Chris Greany, Police National Coordinator for Economic Crime, said:
"We live in a world where we are under pressure to get things done quickly. However, when booking a holiday it is vitally important you take your time and follow a number of basic checks designed to protect you from falling victim to a fraud."
Do some thorough research on companies you don't recognise before you confirm any arrangements. Start by checking the company's credentials - if it's defrauding people, victims will likely have posted their story online or contacted the press.
Look for the ABTA or ATOL logo to confirm that the company is legitimate. You can verify membership on their respective websites.
Even though it's quick and easy, don't pay direct into the owner's bank account. It's much more difficult to trace and retrieve your funds, similar to paying in cash.
Try and pay by credit card if you can - transactions over £100 will likely be covered by your credit card provider under Section 75 of the Consumer Credit Act.
Study receipts, invoices and small print, and be very wary of companies that don't provide any at all. If you're booking through a holiday club or timeshare, ask a solicitor to comb through the documentation before signing up.

As always, if it sounds too good to be true, it probably is. You can find more information about how to stay safe when booking or researching travel online at Get Safe Online and report anything suspicious to Action Fraud.

(1st May 2016)

(Action Fraud, dated 29th April 2016)

Within the past 24 hours a number of businesses throughout the UK have received extortion demands from a group calling themselves 'Lizard Squad'.

Method of Attack:

The group have sent emails demanding payment of 5 Bitcoins, to be paid by a certain time and date. The email states that this demand will increase by 5 Bitcoins for each day that it goes unpaid.

If their demand is not met, they have threatened to launch a Denial of Service attack against the businesses' websites and networks, taking them offline until payment is made.
The demand states that once their actions have started, they cannot be undone.
What to do if you've received one of these demands:

- Report it to Action Fraud by calling 0300 123 2040 or by using the online reporting tool
- Do not pay the demand
- Retain the original emails (with headers)
- Maintain a timeline of the attack, recording all times, type and content of the contact
If you are experiencing a DDoS right now you should:

- Report it to Action Fraud by calling 0300 123 2040 immediately.
- Call your Internet Service Provider (ISP) (or hosting provider if you do not host your own Web server), tell them you are under attack and ask for help.
- Keep a timeline of events and save server logs, web logs, email logs, any packet capture, network graphs, reports etc.
Get Safe Online top tips for protecting your business from a DDoS:

- Consider the likelihood and risks to your organisation of a DDoS attack, and put appropriate threat reduction/mitigation measures in place.
- If you consider that protection is necessary, speak to a DDoS prevention specialist.
- Whether you are at risk of a DDoS attack or not, you should have the hosting facilities in place to handle large, unexpected volumes of website hits.

(1st May 2016)

(Action Fraud, dated 23rd April 2016)

Fraudsters are texting members of the public offering a tax rebate. The text message contains a link to a website and requests to provide personal information, such as bank account information, to claim the nonexistent rebate.

Protect Yourself
- Don't click on web links contained in unsolicited texts or emails.
- Never provide your personal information to a third party from an unsolicited communication.
- Obtain the genuine number of the organisation being represented and verify the legitimacy of the communication.
- HMRC will never use texts or emails or tell you about a potential rebate or ask for personal information.
- If you have provided personal information and you are concerned that your identity may be compromised consider Cifas Protection Registration.

(1st May 2016)

(Action Fraud, dated 26th April 2016)

The National Fraud Intelligence Bureau (NFIB) and Action Fraud have noticed a rise in the reporting of victims being recruited via Facebook to sell items for suspects on eBay - often stating that it is a quick way of making money.
The items are said to be bankrupt stock, purchased via auctions, and need to be sold on quickly. The majority of the items reported have been Apple Mac Book Pro/Electrical Items.
The victim places the items on eBay and once the items are sold, the victim will get paid and transfer the funds to the suspect/recruiter.
Once the suspect/recruiter gets the funds, the purchasers are claiming that they have received empty cereal boxes or often no goods at all, leaving the victim being reported as the actual suspect, and leaving them out of pocket as their account will be debited.
Protect yourself:
- Consider conducting research on other information provided by the seller, for example: a mobile phone number or email address could alert you to negative information associated with the number/email address online.
- Be very cautious of unsolicited emails or approaches over social media promising opportunities to make easy money.
- When accepting offers, verify the company/entity details provided to you and check whether they have been registered in the UK.

- If you think the deal or offer is too good to be true then it probably is!

If you, or anyone you know, have been affected by this fraud or any other scam, report it to Action Fraud by calling 0300 123 2040 or visiting

(1st May 2016)

(Action Fraud, dated 22nd April 2016)

A new investment fraud trend is targeting members of the public who are seeking to sell their wine investment. Fraudsters agree to purchase the victim's wine, but instead transfer the stock into their own account without paying the victim. The fraudulently obtained wine is then believed to be sold on to other, unsuspecting victims.  
How does it work?

Fraudsters set up fake companies and websites as well as exploit the names of legitimate, established companies to facilitate this fraud. They cold-call the victims and offer to purchase their wine for significantly more than the actual market value.

Fraudulent documents, such as purchase agreements, are used to facilitate the fraud and are sent to the victims via post and email. Some fraudsters have gone as far as setting up fake escrow services in order to fool the potential sellers that the payments have been transferred.

The fraudsters send the victims instructions to transfer their wine into storage accounts held within legitimate bonded warehouses. The victims are informed that upon doing this they will be paid the agreed amount. The use of storage accounts held within legitimate bonded warehouses adds an air of legitimacy to the process but in actual fact these storage accounts are controlled by the fraudsters.

Once the wine is transferred into the new storage accounts the suspects break off all contact with the victims. The wine is then moved again, normally within days and often abroad, and, needless to say, the victim never receives the money from the agreed sale.

Protect Yourself

- Never respond to unsolicited phone calls - if in doubt, hang up
- Always check that the details of the organisation or company contacting you (such as website, address and phone number) are correct - the fraudsters may be masquerading as a legitimate organisation
- Never sign over your wine (or any other investment) to another party without first checking they are authentic
- Don't be fooled by a professional looking website, as the cost of creating a professional website is easily affordable
- Escrow services are regulated by the FCA under the Payment Services Directive 2009. Only deal with a registered Authorised Payment Institution. You can check the FCA register online at
- Consider seeking independent legal and/or financial advice before making a decision
If you have been affected by this, or any other scam, report it to Action Fraud by calling 0300 123 2040, or visiting

(1st May 2016)

(Action Fraud, dated 20th April 2016)
The National Fraud Intelligence Bureau (NFIB) has recently received an influx of reports that fraudsters are targeting the public, via social media, in relation to football tickets.

Fraudsters are posting pictures or statuses online telling members of the public to contact them via Direct Message for football tickets. This then leads to a mobile messaging conversation. During the conversation, bank details are provided by the suspect so that the tickets can be purchased.

After the victim has paid for the ticket the fraudster blocks them to stop further conversation, leaving victims without the tickets and out of pocket.

Protect yourself:
- Check the security of the website and validity of the post
- Avoid taking the conversation offline to private messages
- When purchasing any products over the internet always try to make the payment via PayPal or a credit card where you have some sort of payment cover

If you, or anyone you know, have been affected by this fraud or any other scam, report it to Action Fraud by calling 0300 123 2040 or visiting

(1st May 2016)


(BBC News, dated 21st April 2016 author Jon Douglas)

More than 5,000 people were conned into sending planned payments to fraudsters' bank accounts last year.
Victims were fooled by emails asking them to divert payments into criminals' accounts, leaving the genuine recipient unpaid.
The number of cases of the scam - also known as "mandate" or "invoice" fraud - is up 71% on the previous year.
Losses in the UK totalled £126m, according to police figures compiled for Radio 4's You & Yours.
Police said people need to be suspicious of any persistent emails that suggest a change of bank account details.

Massive shock

Georgia Morandi, from Carmarthenshire, lost £2,514 to this sort of scam after having a wood burning stove installed. She received messages - apparently from her stove fitter's email account - asking for the money she owed him to be paid into a different bank account.
"The timing of it was perfect because, of course, it was a bill that I inevitably had to pay," she said.
But the messages she had received were not really from her stove fitter. It is thought his email account had been compromised and somebody posed as him online.
"It was a massive shock because I could instantly see that it would be an issue trying to get the money back," said Ms Morandi.
"I went into a bit of a panic wondering how it was going to end. I couldn't afford to pay for the stove twice; the stove fitter couldn't afford to be out of pocket. It was very difficult to know who is responsible for that stolen money."
In the end, Ms Morandi's bank refunded the money she had sent to criminals. But they called it a goodwill gesture and not everyone caught out in this way will get their money back.

'Ask questions'

The police recorded 5,480 similar cases in 2015, compared with 3,206 in 2014.
Of those affected, 36% of them said it had a severe or significant impact on them, meaning it affected their health or their ability to make ends meet.
The scam tends to happen in two main ways. The first is where a company's IT system is infected with malware allowing criminals to spy on emails and then contact customers. The second is where a criminal pretends to be someone senior in a company and emails a junior member of staff asking them to make a business payment, known as CEO fraud.
"Junior people in very large organisations need to feel comfortable to ask the question of someone senior whether or not this is a real transaction," said Commander Chris Greany from City of London Police, which monitors and investigates fraud across the UK.
"Sadly email is just not safe and you cannot trust it all the time."
Commander Greany thinks more people need to be suspicious of emails that ask for payment particularly if they are persistent and include new bank account details.
"The best thing for any individual to do is to pick up the phone and speak to the business they are dealing with," he suggested.

(1st May 2016)

(BT News, dated 17th April 2016)

Full article [Option 1]:

We're aware that some customers are being contacted by companies fraudulently claiming to be, or acting on behalf of, Microsoft and other companies - including on occasions BT.

The main purpose for these calls is to try and convince you that they have identified a fault with either your internet or your router, or they have detected a virus or other malware on your computer.
These fraudsters may attempt to take control of your computer via remote access software, claiming that this is the only way to fix these issues, before 'identifying' a problem and offering to resolve the issue for a small fee. If you agree, often the value of the money taken is considerably more than originally quoted.

These companies use a 'spoof' telephone number when making such calls. This means the number displayed on your caller ID, or obtained by dialling 1471, is incorrect and you are unable to reconnect if redialled.

Please be aware that any unsolicited calls you may receive where the caller asks to take remote access of your computer could be related to one of these known scams.
If you're suspicious about a call you receive, here are some steps you can take if you're unsure about the caller:

- Never offer private or personal security information to unsolicited callers (even if they quote what is, or seems to be your account number).

- If a caller claims to be from BT and you are concerned, ask them to leave notes on your account and you can then call BT on 0800 800 150 to confirm the call is genuine. Always check that the phone line has been cleared by the fraudsters and you are able to dial out as normal. For even greater security, use a different phone line.

- Be suspicious of unsolicited calls relating to a security/system problem, even if they claim to represent a respected company. If you have any doubt at all, contact the company yourself to verify the call using their published numbers.

- Never provide personal information, such as credit card or bank details, to an unsolicited caller. BT will never send you an unsolicited email asking for personal / private details or banking information.
You can find out more information about your BT account security at, and further details on the latest scams and how to protect yourself at

(19th April 2016)

(Action Fraud, dated 11th April 2016)

Fraudsters are targeting members of the public who are expecting to make a payment for property repairs. The fraudsters, via email, will purport to be a tradesman who has recently completed work at the property and use a similar email address to that of the genuine tradesman. They will ask for funds to be transferred via bank transfer and once payment is made the victims of the fraud soon realise they have been deceived when the genuine tradesman requests payment for their services.

Protect Yourself:
- Always check the email address is exactly the same as previous correspondence with the genuine contact.
- For any request of payment via email verify the validity of the request with a phone call to the person who carried out the work.
- Check the email for spelling and grammar as these signs can indicate that the email is not genuine.
- Payments via bank transfer offer no financial protection; consider using alternative methods such as a credit card or PayPal which offer some protection and avenue for recompense.

If you believe that you have been a victim of fraud you can report it online at: or by telephone on: 0300 123 2040.

(19th April 2016)


(BT News, dated 10th April 2016)

Full article [[Option 1]:

A new email scam is doing the rounds, and this one looks even more genuine as it includes your home address. In this case, scammers are trying to con you into believing you owe money to genuine companies.
Here's what you need to know and how to stay safe.

###The email

As well as personal details like your full name and home address the email demands a payment of more than £800 to clear a debt with legitimate companies.
These include a waxed cotton manufacturer British Millerain Co Ltd located in Rochdale and a shelving firm called Greenoaks based in Manchester.
The email also has a link to the 'original invoice where presumably you will find the details of where to send the cash, but actually could install malware on your device.
Members of the BBC Radio 4's You and Yours team are among those who have been targeted by this new wave of fraudulent activity.
Vahl said: "The email has good spelling and grammar and my exact home address...when I say exact I mean, not the way my address is written by those autofill sections on web pages, but the way I write my address.
"My tummy did a bit of a somersault when I read that, because I wondered who on earth I could owe £800 to and what was about to land on my doormat."
Worryingly, at least two other members of Vahl's team also reported receiving a similar email.
The You and Yours team contacted the companies named in the emails staff had received, who said they had been inundated with calls from people worried they owed them money.
Dr Steven Murdoch, principle research fellow at the department of computer science at University College London, reckons the scam could actually be the result of a hack.
He told You and Yours: "Most likely it was a retailer or other internet site that had been hacked into and the database stolen, it then could have been sold or passed through several different people and then eventually it got to the person who sent out these emails."
Murdoch also said the email had hallmarks of phishing attempts from gangs in Eastern Europe and Russia and warned clicking the link could install malware like Cryptolocker, which is a type of ransomware that locks files on Windows-based computers and demands a fee to release them.

###What to do if you get this email

If you've received a suspicious email don't click the link or take any notice of the demands.
Instead just delete it from your inbox and report it to Action Fraud. You can do this over the phone on 0300 123 2040 or using its online fraud reporting tool.

(19th April 2016)



(Philadelphia Magazine, dated 25th March 2016 author Victor Fiorillo)
Full article [Option 1] :

We all see plenty of email scams landing in our inbox, whether it's the ex-finance minister of some third-world dictatorship asking us for help moving around vast sums of loot, or some phishing teenage hacker trying his best to look like Apple Customer Service. But this new speeding ticket scam hitting inboxes in the region really takes the cake.

The Tredyffrin Police Department in Chester County announced the speeding ticket scam this week, explaining that three local residents reported receiving emails notifying them of speeding infractions. Tredyffrin doesn't have speed cameras, and the police say that they have nothing to do with these citation notices, but here's the thing: The residents were, in fact, speeding at the locations cited in the citations.

Investigators shared a redacted version of one of the emails with Philadelphia magazine, and we mocked it up to show you what the speeding ticket scam looks like. The sender is the actual sender that appears on the bogus citation email.
Again, police say that the people named in the emails were speeding at the location and time listed in the fake infraction notices.

How is this possible? Well, investigators suspect that a hacker has exploited a security flaw in some GPS-enabled smartphone app. If you know where your target is located and how long it takes them to get from Point A to Point B, then you can do a quick computation to determine how fast they were traveling.

Police say that it doesn't look like this speeding ticket scam is actually an attempt to get you to fork over fines to some bogus entity. Instead, they say it appears that when the recipient clicks on the link at the bottom of the message - the one that mentions the image of the license plate - some form of malware is automatically downloaded to the person's computer. The message does not contain the driver's actual license plate number.
And in case you're wondering, the drivers aren't liable for any fines even though they were speeding, because Tredyffrin police don't cite drivers for speeding unless a real, live cop catches them in the act, which we think is very sporting of them.

(4th April 2016)

(The Guardian, dated 2nd April 2016 author Miles Brignall)
Full article [Option 1]:

If your bank has your mobile number to help it "manage" your current account, you may want to have a rethink. John Ellard, managing director of a small internet service provider, has had his Nationwide current account emptied of £6,000 after fraudsters apparently took over his O2 mobile account, switched his number to a new Apple handset, and then used it to make a series of fraudulent purchases.

While Ellard was wondering why his mobile wasn't working at his Hertford home last month, fraudsters were calling O2 pretending to be him to report it stolen. Simultaneously, the crooks had managed to obtain his bank account details to gain access to his Nationwide account, and were able to register him for telephone banking and increase his overdraft to £5,000.
In a bold move, they were then able to link his stolen phone number to a newly created Apple Pay account and use it clear out his bank account in a matter of hours by going on a spending spree at various Apple stores.

The case will alarm anyone who has registered their mobile with their bank and relies on it to receive security information.
Ellard, who says he has spent the past few days in financial and emotional turmoil trying to deal with the fallout, appears to be the latest victim of fraudsters targeting vulnerabilities in the mobile phone system.

Guardian Money has already reported on so-called "sim swap frauds", which see fraudsters taking over people's bank accounts via their mobile phone. The fraudsters call the phone provider and, as long as they can answer basic security questions - which can be things as simple as your name, address and date of birth - are able to cancel the old sim and gain a new one. From then on they can intercept or initiate calls and texts as if they were the victim.

The first Ellard knew of this was when he got a letter from Nationwide telling him his overdraft had been increased. Ellard, who regards himself as technically savvy, says he has been astounded that both O2 and Nationwide's anti-fraud systems were so easily evaded. He also says other bank customers should seriously consider whether they want their bank to use the mobile network to check their identity, given the flaws. He won't be doing so in the future, he says.
Ellard believes the theft of his bank details may be linked to the fact he had just moved house and had ordered a carpet. He had paid using his bank card, and store staff had his address, card details and mobile number.
"The fraudsters simply rang O2 and reported my phone stolen. I just thought it was on the blink. In the meantime, armed with my bank card number - plus the three digits on the back, mobile number and date of birth - they were able to clean out my account. I'm a company director, and it would have been very easy to find my date of birth at Companies House."

He says people have no idea how draining it is dealing with something like this. He criticises Nationwide for allowing the access, but says the building society has at least been helpful since the event. It has told him the £6,000 will be repaid, and offered £350 compensation.
O2 told Money that someone posing as Ellard had twice tried to take over his account but failed the security checks. On a third occasion the phone was reported stolen and the account blocked until the real Ellard reported it as not working. O2 maintains that at no point was Ellard's mobile account taken over, and claims no other sim card other than the one Ellard had in his phone has been associated with his account.

Nationwide told Money that Ellard's mobile number had been used to make the Apple Pay purchases linked to his account. When the fraudster tried to make the first Apple store purchase for almost £2,000 it blocked it as unusual - but the fraudster phoned the society and convinced staff that they were Ellard.

A Nationwide spokeswoman says: "Unfortunately, our customer has been the victim of account takeover fraud after his details were compromised. As soon as the society became aware of the fraud it acted swiftly to protect his accounts, and the stolen money was refunded. Additional security has been placed on his account. While we are able to stop most fraud from occurring, it is not possible to stop all. However, when a customer is an innocent victim of fraud we will look to refund their money immediately."

This is not the first case of a fraudster using a victim's mobile to access their bank account. In September last year we featured the case of Emma Franks who had £1,500 taken from her after thieves took over her Vodafone account. Someone - not her - had reported her sim card water-damaged, and requested a replacement.

Last month, meanwhile, NatWest was forced to admit that its security measures weren't good enough after staff on BBC Radio 4's You and Yours programme were able to hack into a colleague's bank account and steal a token sum using her phone.

The programme had been contacted by a number of people who had lost money to sim card fraudsters. One of these victims, Robert from East Anglia, said he had lost £3,000. NatWest had tried to blame him for the theft, even though £500 was spent on an online betting site at the exact time he was sitting in a NatWest branch trying to solve the problem. NatWest has since placed a warning about sim swap fraud on its own website, though the consumer is often powerless to halt this scam.

'Fraudsters are incredibly sophisticated'

Few UK banks have the technology in place to spot sim-swap fraud. One exception is Santander, which uses a system developed by US software firm Fico, which claims to have a 100% success rate in halting fraudulent account takeover attempts following a sim swap.
Fico director Gabriel Hopkins told Guardian Money that his company's technology is able to detect whether a sim card has been swapped since the last transaction by comparing its unique international mobile subscriber identity number.

If the system detects that the sim card has been changed, he says, it triggers a notification which in turn will prompt stronger checks into the person making the cash transfer - in short, to establish whether or not they are the account holder.
"In many cases there will be a legitimate reason for a sim change. The customer might have upgraded their handset or genuinely lost their phone and had their sim replaced. In that instance, the system will pass the case over to a fraud handler who can then call up the customer and verify their identity before approving the money transfer," Hopkins says.

He adds that banks have increasingly used mobiles as a way to verify their customer's transactions because bank customers prefer not to have to carry around card readers or dongles.
"The fraudsters have become incredibly sophisticated, and it's a battle for all the banks and telecoms firms. It's easy for someone with a phone number and card details etc, to go into, say, a Vodafone store, go up to the youngest person working there and explain they have lost their phone. That person, trying to be helpful, will give them a replacement sim and they leave the shop with a working replacement - in effect, the fraud victim's phone."

(4th April 2016)


(Computer Active, Issue 471, dated 16th March 2016)

What happened
Security experts warned people about a spate of banking scams in which hackers sned texts to phone in an attempt to steal money. Known as "smishing" - a combination of phishing and SMS - these scams try to trick users with messages that appear to be legitimate alerts from banks.
Worryingly criminals are getting much better at making these messages look genuine. They send you messages in the same conversation "thread" that your bank uses, making it very hard to tell what's real.
A popular tactic of scammers is to send warnings about "suspicious" or "unusual" activity in users accounts" These messages emphasise how important it is that the victim takes action immediately, normally by transferring their money into a new account. Often this threat appears serious enough to persuade people to click links or ring a numbers, where the criminals are waiting to steal their passwords and other personal information.
Unsurprisingly, the hackers are chiefly targeting older people, because they are likely to have a bigger pot of savings to steal.

What should you do ?
It's vital to be highly vigilant when banking via your phone, particularly because banks may not give you back any money that's stolen. You should be very suspicious about clicking any link in a text message from your bank. Banks say they will never ask for your password and other log-in details by phone or email, nor will they ask you to transfer money into a new account. If you're unsure, phone your bank.
uaware note : always use literature from your bank that you have your possession for information (helpdesk numbers etc).  Not those quoted in texts, emails, from people phoning you, newspaper or magazine articles.
(1st April 2016)

(Action Fraud, dated 1st April 2016)

This alert is a reminder to be aware of emails that appear to have been sent from a legitimate organisation. Fraudsters often use fake email addresses designed to encourage recipients to open attachments or links. You are advised that if you are in any doubt as to the origin of an email, do not open it. Consider that emails can be spoofed and used to generate spam to recipients far and wide. If you receive a spam email, you MUST NOT open it. Instead, delete it from your email system to avoid infecting your device. If you have opened an attachment from a spam email, you should get your device checked over by a professional and change the passwords for all your bank, email and online shopping accounts.

Protect yourself:
- Do not click or open unfamiliar links in emails or on websites.
- Make sure you install and use up-to-date anti-virus software.
- Have a pop-up blocker running in the background of your web browser.
- If you have opened an attachment and 'enabled macros' it is very likely that all your personal data will have been breached. You MUST change all your passwords for personal accounts, including your bank accounts.
- Ensure Adobe, Flash and any similar software is up to date on your computer.

If you think you have been a victim of this type of email you should report the email to Action Fraud, the UK's national fraud and cyber crime reporting centre:
If you do make a report please provide as much detail as you can about the email and any effects it has had on your computer. Additionally if your Anti-Virus software detects any issues in relation to this email please provide us with the details.

(1st April 2016)


(Computer Active)

In each edition, the Computer Active magazine publish small snippet warnings of scams experienced by their readers. The initials shown within the brackets are those of the Computer Active reader
The website link shown within these articles have been abbreviated by Computer Active to "snipca" followed by a reference number, around 15 characters. As readers know, some links (URL's) seem to go on forever.
(October 2015, AS)
I got a phone call from a foreign sounding person who said he was from Microsoft and that the Windows licenc on my PC had expired. I said "which computer?". He asked "how many hae you got?" "Three", I said - an Apple Mac, a PC I built and a clone of that on my Mac. This baffled him and he repeated that I should upgrade to Windows 10 now. I told him I will upgrade when move of the bugs have been fixed. He then became aggressive and said he would shut down my PC. He then hung up. It's a scam that Microsoft are aware of :
(November 2015, AFS)
I want to alert readers of a phone scam aimed at TalkTalk customers. You are told your router is causing security problems. They ask you to visit a website, from where they can remotely use your PC. They then say you're due a £200 refund, and take you to what appears to be your online bank, where it seems they refunded £5,000 to your account. By way of apologising for this mistake, they promise you a further £100, by asking you to refund them only £4,700. You are told to post the money in cash to an address in China.
November 2015, PC)
My Husband got an email from "Ocado customer services" - the address was "" and the subject line was "Your receipt for today's Ocado delivery". It said the receipt for todays delivery is attached and that goods would be delivered between 10 and 11. We have started ordering groceries online, but didn't open the attachment. The scam was plausible : correct punctuation, no spelling mistakes and believable email address. After a little research, it seems clicking the attachment downloads Dridex, which steals your bank account details.
uaware note : clicking on a link in an unsolicited email is foolhardy. No security software regardless of provenance and star rating is 100% secure.
(December 2015, LH)
I was almost caught out by a PayPal scam which I think is new. I received an email that looked professional and error free. I had no reason to believe it wasn't from PayPal. It told me that there had been unusual activity on my accoun, and suggested I update my profile. With all the high-profile hacks recently, including TalkTalk, I instantly thought "oh no", and clicked the link, which sent me to a "profile update" page. It was only when they asked for credit card details that it dawned on me that it was probably a scam. I found evidence of it online :
(December 2015, RC)
I bought my first iPhone a few months ago, which was probably why I was targeted by an Apple related email scam. The email from "iTunes Store" contains an invoice for £42.99 for an app I'd apparently paid for, a sat nav tool called TomTom Western Europe. But I'd never pay that much for an app. It's a clever scam because you urgently feel the need to click the "iTunes Payment Cancellation Form" link at the bottom of the invoice. I did this, and was asked for my bank details. It became obvious at that point that it was a scam.
uaware note : Even clicking on a link could download malicious software to your computer.
(January 2016, DJ)
In early Dececmber, I received a scam email. It was apparently from "Virgin Media", and the subject line was "Your Virgin Media billing details are incomplete". I am a Virgin Media customer, so I thought at first it was genuine. It asked me to click a link to update my billing information, but I moved my mouse over the senders email address, and that revealed the true source ( I found evidence of the scam on the Virgin''s Community forums :
Virgin Media customers can report scams at :

(January 2016, EP)
I received two emails purportedly from BT with the subject line "You,ve got a BT delivery soon". They said that BT had sent me a "Standard / Micro SIM" that would arrive in the "Next couple of days". But they got my address wrong - I don't live in Dundee ! And I hadn't ordered a new SIM card. I phoned BT to check that this had not been set against my account. It confirmed that I hadn't ordered a SIM card. Fortunately, I did not click the links in the email. They were very convincing, and even had a warning about phishing scams at the bottom.
(February 2016, JD)
In January, I got a call from someone purporting to to be from BT. He quoted my BT account number and said that other people were using my broadband without my knowledge. He said that BT would suspend my broadband for 72 hours, and send a technician to my house. I told him it was a scam and hung up. Worringly the account number he gave me was correct. Bt confirmed to me that the call hadn't come from them, but they didn't seem concerned about this apparent breach of security involving their customer account details.
(February 2016, MK)
In January, I received a scam that appears to be a new twist on the bank-phishing emails. Rather than saying " Your account has been compromised", it said that my account had had security upgrades applied. It came from "NatWest", though the address was "". It said that the updates meant I now had "even better control and greater peace of mind". It urged me to "try these new features" and there was a link at the bottom stating "Get Started", but hovering my mouse over it showed that it did not go to a NatWest site.
(March 2016, MO'R)
I recently recieved an email that proved the old saying that if something sounds too good to be true, then it probably is. The email said that it was from Amazon's "member support" and said that I had been specially selected for a chance to win £10 for answering a quick survey. I suspected a scam straight away, and found the evidence online at Malwarebytes' blog : . Apparently clicking the link in the email led to a page that asked for your credit card details and bank account number.
(March 2016, MW)
A couple of years ago I was targeted by those phone scammers who pretend to be from Microsoft. I got an email promising me compensation for the scam. The email originator was
"uk.govdepartment-refund" and an organisation called the "ALL Competition and Consumer Commission". I Googled this and realised it was another scam (more info at So scammers are trying to trick people into claiming compensation for distress caused by other scammers! Unbelievable ! We need tougher laws to catch them.
(March 2016, DH)
In February I received a genuine looking email purporting to come from EE. The address was bogus originator was "Account Services" the subject line read "Your EE broadband account - your credit card is about to expire". It told me that because my credit card needed to be renewed, I should click the link provided. My details in the email were correct, but knowing my credit card was not due to expire I checked with EE and they told me it was a scam. There's more information from EE about email scams at .
uaware note : I would have been more concerned that the bogus email having "correct" details of mine. This could indicate that the computer had been corrupted by banking malware.
(1st April 2016)

(The Times, dated 17th March 2016 author Simon de Bruxelles) [Option 1]

A family of fraudsters posing as bank officials conned more tan 40 pensioners out of their life savings and spent the money on expensive cars, watches and holidays, a court has been told.

From its base, a newsagents in Glasgow, the gang telephoned victims claiming that thee was concern about possible fraudulent activity on their bank accounts.
The family raked in £1.3 million from 42 victims. It was spent on Rolex watches, trips to Dubai to buy gold, and Lamborghini, Ferrari and Mercedes cars. They boasted of defrauding "losers" in Whatsapp messages and exchanged photographs of newspaper reports about people they had tricked.
Bristol Crown Court heard that one of their victims had transferred £84,000 to an account controlled by the fraudsters after being tricked into believing that the call was genuine. The gang member had asked the victim to ring their banks fraud team but stayed on the linehad been able to intercept the call.
The scam was believed to be one of the biggest examples of "voice phishing" in the UK.
The gang were caught when one member ignored instructions to use an untraceable mobile and not a landline and made a call from the telephone behind the counter in the family's news agents, Stravanan Off Sales, in Crosshill, Glasgow.
Four cousins admitted conspiracy to commit fraud by false representation at seperate hearings at Bristol Crown Court last year. One of the accused admitted concealing, disguising, transferring or converting criminal property.
The family, called thousands of people using dozens of phones over the course of a year. When police raided the six bedroom family home in Glasgow they found 41 mobile phones and 57 sim cards. The court heard that their victims details had been passed on by a call centre worker who was the girl friend on one of the accused. She admitted encouraging or assisting indictable offences.
The Mother of two of the accused, was charged with possessing criminal property after raid on her home during which £100,000 was found in her bedroom. She denies any knowledge of the fraud.
Rupert Lowe, for the prosecution said: " The declared income of the family was extremely modest but thy had the trappings of very significant wealth. They hired Ferraris and Lamborghinis and purchased a Mercedes in cash, which was sitting in their drive. They bought expensive watches, jewellery and designer bags, indulged in high value gambling and travelling and purchased a house in Dubai.
He added:" The effect on the people they targeted was extremely grave".
One victim, lost £84,00 after receiving a call from a "Christopher McDonald in 2014. Another victim, transferred £15,400 of his savings after receiving a call from a man posing as a fraud investigator. The court heard that the fraudsters raked in £300,000 in November 2014 alone. The trial continues for one of the accused. The other defendants who have already pleaded guilty will be sentenced together at the end of the trial.

How phone scams work

The Independent Banking Advisory Service says phone scamming netted as estimated £23.9 million last year. The con artists pretend to be calling from th police, a bank or computer company. they suggest that the individual has suffered fraud and ask for information, such as card details or a PIN code, to access their account. Some ask victims to transfer money, withdraw cash or hand over a bank card to a courier.
They suggest that the victim phones their banks fraud line but intercept the call by keeping the line open. The IBAS says banks will never ask for personal details or request individuals to withdraw or transfer money.

(1st April 2016)



(The Register, dated 4th March 2016 author John Leyden)

Full article [Option 1]:
British customers of the NatWest bank should be on their guard against a particularly convincing SMS-based phishing scam, Action Fraud warns.
The spoofed texts being sent out by fraudsters "could catch you out if it appears in an existing message thread," the UK's national fraud & cyber reporting centre advised on Wednesday.
The Register reader Nicholas was among those targeted by the link-containing message. He was concerned that fraudsters had managed to get their hands on his mobile phone number in the first place.
"I have received two text alerts from NatWest, coming in from their 'official' SMS number, advising me that there has been 'unusual activity on my on-line banking account' and advising me to log into my account," Nicholas told The Register.
"I am concerned how the fraudsters can spoof the text alerts to a valid NatWest telephone number and also how they have managed to get my own mobile phone number."

(1st April 2016)


(Action Fraud, dated 2nd March 2016)

Action Fraud has received several reports in the last 24 hours from businesses who have been sent online extortion demands from scammers threatening a cyber attack.

The scammers, who call themselves the "RepKiller Team", have been sending emails to businesses across the UK demanding payment of between £300-£500 in Bitcoins by a certain date and time.

If the demands are not met, the team have threatened to launch a cyber attack against the businesses and their reputation by automating hundreds of negative reviews online.

The emails also claim that once actions have started, they cannot be undone. Although these scammers are currently calling themselves "RepKiller", it is common for fraudsters to continually change and adopt new tactics - email names can be made and changed easily.

What to do if you receive one of these emails?
•Whether the attack is attempted or successful, you should report it to Action Fraud on 0300 123 2040 or by using our online reporting tool
•Do not pay the demand. There is no guarantee the scammers won't launch an attack and could encourage further extortion demands in the future.

•Retain all the original emails. Should law enforcement investigate, the information contained within the email headers can be used as evidence.

•Maintain a timeline of the attack recording all times, type and content of contact.

(3rd March 2016)


(International Business Times, dated 2nd March 2016 author Graham Lanktree)

Full article [Option 1]:

The death threats Simon Woodhead has been receiving all seem sincere. People want revenge. Woodhead has been the target of a fast-growing number of angry UK phone customers who are victims of voice phishing, or "vishing" - a form of telephone fraud where scammers pose as an insurance company or bank representative to seize financial information and defraud their victims.

"I've had a number of experiences with angry mobs," said Woodhead, CEO of Simwood, a UK telecoms company, "from people threatening to come around and kill me one Christmas, through to people posting my personal details and those of charities I'm involved with online."
It might sound like a classic swindle, but these scammers now cover their tracks with an advanced phone hacking technique called "spoofing" whereby they obscure their identity by hijacking another caller's ID.

The terms are reminiscent of Dr Seuss, but spoofing in combination with vishing is "a growing problem in the UK," a spokesperson for communications regulator Ofcom told IBTimes UK.
Due to the technical sophistication of this new breed of scam, however, it's nearly impossible for authorities to catch the cybercriminals behind it. Through late 2015 and early 2016 thousands of phone customers in the UK have experienced a barrage of spoofed caller ID vishing calls.

The Big Vish

According to Action Fraud, the UK's national fraud reporting centre, UK phone customers were scammed of £23.9 million by vishing ploys from December 2013 to December 2014. That's a big jump from £7m the previous year.

Where all this money is going remains a mystery, although in 2015 proceeds from some of these scams in London were traced to jihadist groups, including Isis.

Woodhead is certainly not benefiting. His company Simwood, a telecoms wholesaler that runs the networks for major retail phone companies on the scale of BT, TalkTalk and Three, is itself a spoofing victim. Angry customers trying to call their scammers back find themselves connected instead with Simwood, and hear a message explaining the number has been spoofed.

"The disguised calls are often routed via the internet and/or a number of different international networks," said Ofcom's spokesperson. This exacerbates the problem, making it nearly impossible to trace the cybercriminals. And even when they can be traced, they are often found in another country, far from the reach of UK law.

Many who receive scam calls take to online forums and social media to warn others. "Just had cold call from 'Action Claims Bureau' asking about accident I haven't had," wrote John Hyde, deputy news editor for the Law Society Gazette, on Twitter last November, noting the message was an obvious attempt at vishing and "totally unacceptable".
"Asked me if I had been involved in a car accident that was not my fault," wrote user Chris on the forum last November, referring to the same 'Action Claims Bureau' vishing scam. "I asked who reported it and she hung up." Other forums that gathered similar complaints about the group include,, and a host of others. They show thousands of searches from customers for the offending numbers.

Action Fraud's online fraud reporting tool is where customers should report vishing. But the tool doesn't provide a searchable database of numbers to avoid, or a forum where users can share their experiences.

Deep Sea Vishing

The volume of spoofed vishing calls in the UK is unknown. Ofcom suspects many are coming from overseas. Even the extent of complaints about vishing is difficult to determine.

Action Fraud, for instance, recorded more than 5,000 vishing crime reports between April 2014 and March 2015. But the UK's Information Commissioner's Office (ICO) does not separate out vishing-specific complaints from the 14,343 complaints about nuisance calls it receives on average each month.

Action Fraud has estimated a quarter of people in the UK are at risk of vishing scams. It's simply a question of volume: perpetrators can place millions of calls a day using digital dialing technology.

Woodhead wants more to be done to educate the public about the dangers of vishing. In 2013 Simwood responded to a parliamentary report investigating what could be done about the swell of phone fraud.

Public awareness "that people cannot trust the caller ID that appears on their phone isn't there at the moment," Woodhead said.

In a number of cases, he added, retail phone companies have given victims "our name as the perpetrator, [denying] that the call origin can be spoofed".

One particular victim sticks in his mind. Woodhead recalls a 90-year-old woman on oxygen tanks who was "transferred to my direct line by BT with no introduction." She was in floods of tears, he said, "because she had to keep rushing to the phone to get what was a pointless call, undergoing significant medical disruption to do so."

More than 50% of vishing fraud affects seniors over 65.

A Hard Vish To Catch

According to Woodhead, the current investigative process used by Ofcom and the ICO doesn't focus on the origin of the calls, but rather who owns or operates the spoofed number.

"So you have a scenario where a complete third party is making calls with a falsified caller ID," he said, "and the whole investigation process trundles on in completely the wrong direction."

But regulators are increasingly working to bring nuisance callers to justice. Fines for nuisance calls increased dramatically in 2015. A company called National Advice Clinic was fined £850,000 - the highest financial penalty yet for nuisance calls - in late 2015.

However, developing the ability to trace spoofed numbers remains a challenge. Last year Ofcom placed 30 traces on spoofed calls using a brand-new investigation process. But it was able to identify the source of the calls in just 10 of those cases.

The findings, published in December 2015 in an Ofcom and ICO annual review, also show the ICO made only one successful trace last year.

Last April regulators rallied the likes of BT, TalkTalk, Virgin Media, Sky, Vodafone, Telefonica/O2, and four others to put in place better tracking mechanisms.

Still "call tracing is not always successful, for a number of reasons," said Ofcom's spokesperson. "For example, communications providers outside of the UK may not be responsive to call-tracing requests."

New technical standards on internet traffic that would thwart number spoofing is in the works at the global Internet Engineering Task Force (IETF). But this will require global agreements between standards bodies, equipment vendors and communications providers, and "may take a number of years," according to Ofcom.

So for now, Woodhead says, "this is a real issue that really hurts people," and in which "we are powerless to intervene".

(3rd March 2016)


(Action Fraud, dated 22nd February 2016)

Action Fraud has been receiving reports of an advanced fee fraud whereby suspects phone a member of the public and claim to be calling on behalf of the UK (or British) Government Grant Department.

They go on to state that the individual has won a Good Citizen Award - of typically £8,000 - and that the grant can be released for a fee (of around £210).

Fortunately, very few members of the public have lost any money as a result of this scam but have reported to Action Fraud in order to help build a picture of this fraud and protect others from falling victim to it.

Protect yourself:
- There is no genuine 'Good Citizen Award' scheme in the UK that operates by cold calling "winners" and asking for an upfront fee to release a grant.

- If you receive a call that claims to represent such a scheme, it is a scam. End the phone call - do not give out any personal or financial data.

If you, or anyone you know, have been affected by this fraud or any other scam, report it to Action Fraud by calling 0300 123 2040 or visiting

(1st March 2016)


(Action Fraud, dated 19th February 2016)

This is an update to a previous alert sent from Action Fraud in November 2015.

Fraudsters are setting up high specification websites advertising various electrical goods and domestic appliances. These goods are below market value and do not exist. The website will state you can pay via card; however when the purchaser goes to pay, this option is not available and the payment must be made via bank transfer.

The fraudster entices the purchaser and reassures them it is a legitimate purchase by using the widely recognised Trusted Shop Trustmark. They then use the Trustmark fraudulently and provide a link on the bogus electrical website to another bogus website (which purports to be Trusted Shops). This website shows a fake certificate purporting to be from Trusted Shops and provides thousands of reviews for the bogus electrical website. These reviews are all fraudulent. The website has not been certified by Trusted Shops and therefore the purchaser is not covered by the Trusted Shop money-back guarantee.

Protect yourself:

- Check the authenticity of the website before making any purchases. Conduct a 'Whois' search on the website which will identify when the website has been created- Be wary of newly formed domains. You can conduct this search using the following website -

- Conduct online research in relation to the website, company name and the business address provided to identify any poor feedback or possible irregularities.

- Check the Trusted Shops Facebook page where warnings about websites using their Trustmark are published. If you are in doubt about the legitimacy of a Trustmark then you can contact Trusted Shops on 0203 364 5906 or by email They will confirm whether they have certified that website.

- Payments made via bank transfer are not protected should you not receive the item. Therefore always try to make the payment via PayPal or a credit card where you have some payment cover should you not receive your product.

- If the item advertised seems too good to be true, then it probably is.

If you, or anyone you know, have been affected by this fraud or any other scam, report it to Action Fraud by calling 0300 123 2040 or visiting

(1st March 2016)


(The Register, dated 8th February 2016 author Kat Hall)

Full article [Option 1]:

A number of TalkTalk customers have had their maintenance visits data breached by fraudsters in an attempt to gain remote access of their computers, it has emerged.

One customer, Chris, told The Register that a week after the cyber attack was reported he experienced some issues with his broadband, so TalkTalk sent an engineer round. "The day after this visit my partner received a call from someone claiming to be from TalkTalk, who knew the engineer's name, and exactly what she and the engineer had discussed the previous day."

The caller - purporting to be from TalkTalk - then told the customer to download TeamViewer software, which was used to try to make a number of money transfers using third-parties' credit card information.

After the customer realised what was happening, he shut down his computer and bought new security software.
He said: "When I challenged TalkTalk to explain how the scam caller knew so many details of our account, the manager suggested the engineer may have passed on our details to a third party.

However, TalkTalk refused to agree to contact or otherwise investigate this engineer."
Chris said he left the company at the end of November 2015 following the "dismal" customer service he experienced over the incident.

According to the BBC Radio 4 programme Money Box yesterday, TalkTalk admitted that criminals have had access to information of its third party engineers' visits.

Two customers told the programme they had received calls from scammers who knew details of their recent engineers' visits and account reference numbers. One woman had £300 taken from her PayPal account, which her bank was able to refund.
In a statement TalkTalk admitted to receiving complaints about this happening from a "small number" of customers.

It said the issue has been investigated and reported to the Information Commissioner's Office, and it has not received any more complaints about this since the end of 2015.

Money Box noted that in the last four years, TalkTalk has had to admit to four different breaches of data, two directly from the company itself and two others from partners here and in India. The Register has asked TalkTalk for further comment.

At the end of January, TalkTalk said it was considering cutting ties with its Indian call centre provider after three employees at the site were arrested for allegedly scamming customers.

TalkTalk has reported a loss of £60m related to its major hack in October, attributing the write-off to
IT costs and shedding 101,000 customers during its third quarter, according to its latest financial results.

(1st March 2016)



(The Telegraph, dated 10th February 2016 author Tara Evans)

Full article [Option 1]:

Hundreds of thousands of people use dating websites and apps to chat and arrange meetings. For many, the dream is that they will lead to life-changing romances and relationships.

But a growing number of fraudsters are targeting those seeking love online.
Nearly one third of daters have been approached by users for financial help, according to recent research by virus software firm Norton.

Many victims are too embarrassed to report crime. But the number of cases that are reported keep growing.

Last year there were 3,363 reported cases of dating fraud, up 2pc on the previous year. The sums lost totalled £24m, according to police figures.

Fraudsters create realistic profiles made up of stolen photographs and fake details before speaking to a target for a number of weeks.
Once they've gained their victim's trust, they ask for money for a range of often emotive reasons.

This was a pattern of crime that became only too real for Karen Beale (not her real name), a 66-year-old, teacher from Cornwall. She spoke to Telegraph Money about how she was conned into transferring tens of thousands of pounds from her savings account to a man she met on a dating website.

Karen - who doesn't wish to disclose her full name but wants to share her story to help prevent others from falling victim - joined a popular dating website in March 2013, newly single after the breakup of a relationship.

She got chatting with a fellow user who quickly encouraged her to move their conversation offline and to the telephone.

He told Karen that he worked in an oil rig and was away for work a lot. He sent her photos purporting to be of him at work with his colleagues. They spoke regularly on the phone.

Eventually, after several weeks of contact he asked Karen if she thought it was a good idea if he invested in oil, just like his supposed colleagues were doing.
A few days later he asked her if she would like to make a contribution to this investment.

Karen says: "I was suspicious but I wanted to believe him. It was like he put a spell on me. The first time he asked me for money I got quite upset but he somehow talked me round."

Karen, who didn't want to reveal the total amount of money that was transferred, said that she deep down she feared or even "knew" that he was "manipulating" her.

In total, their communication went on for a year. It wasn't until he asked her to take a loan out against her house that Karen realised matters had gone too far.
She confronted him via phone and text message and soon after he disappeared from her life, ending communication entirely.
"I didn't want to give up hope in him. When I realised, I felt sick. I felt lonely and abandoned."
"I reported the case to Action Fraud and after the police investigation I was told that they couldn't do anything because I had voluntarily put the money in his bank.
"More should be done to ensure justice is served and these people are caught."

A spokesman for Action Fraud says: "Action Fraud does not have investigation powers.
The reports taken by Action Fraud are sent to the National Fraud Intelligence Bureau (NFIB) who collate and analyse intelligence on fraud.
"It makes the decision to send crimes to law enforcement agencies for investigation, disruption and prevention purposes."
Tony Neate, from Get Safe Online, an organisation offering free safety advice to consumers, says that fraudsters can be hard to spot where emotions are involved.
"As Karen's story highlights, these sort of criminals will do everything they can to convince you that the relationship is real and that you should trust them.
"Often there are doubts on the part of victim, but a bigger part of us wants to feel like this could be the real thing.
"Unfortunately, these criminals are still out there. We hope with the right precautions and advice in place, we can raise awareness of romance fraud and stop people falling victim in the future."

How to avoid online dating scams

Dating expert James Preece shares his tips on avoiding fraudsters:
1. If you're suspicious about a profile report it to the site or app.

2. Do your own detective work - ask them for their full name and look them up on Google and social media.

3. Don't be afraid to question their authenticity - if they are genuine they won't mind you trying to verify them.

4. They may spend months building up a relationship with you and will only ask for money once you're emotionally involved.

5. Ask a friend for advice as they will be able to give you a different perspective.

6. Look out for fake or stolen photos. Use websites like to check if a picture is real. You can also do a reverse image search on Google (by clicking on the camera logo in the search bar and uploading the image) to see if it's a fake.

7. Never give out too much information, such as your home address, phone number or email.

8. Consider setting up a new email address to use for online dating and perhaps even get a Pay As You Go phone.

Five top tips for staying safe online

Hugh Boyes, a cyber security expert at the Institution of Engineering and Technology (IET) has five top tips for avoiding scams and keeping your personal information safe online.

1. Do not use an account with administrative privileges for normal day-to-day activities and web browsing - accounts with lower privileges warn you if a program tries to install software or modify computer settings thus allowing you to decide whether the proposed action is safe.
2. Ensure that your operating system and application software is up-to-date and install anti-malware software.
3. Take care when downloading and installing software, if it is free or is not from a well-recognised and trustworthy brand there is a risk that the software may include features that spy on you.
4. Treat emails containing attachments or hyperlinks (particularly shortened links) with caution.
5. Use your common sense - if an email offer looks too good to be true, the prices on a website are abnormally low or you receive an unsolicited telephone call offering computer support, it's probably a scam.

(1st March 2016)




(Action Fraud, dated 5th February 2016)

In December 2015 the UK was hit by three severe storms resulting in widespread flooding across the North of England and Scotland.

The NFIB would like to make flood victims aware of the possible threat that Rogue Traders and Bogus Trades People pose to them. Buying on your doorstep can be convenient. However, a salesman who uses clever tactics can pressurise you into buying something you actually don't want or something that's poor value for money.

Protect yourself against bogus trades people fraud
- Always ask for identification before letting anyone you don't know into your house.
- Check credentials, including a permanent business address and landline telephone number. The mobile phone numbers given on business cards are often pay-as-you-go numbers which are virtually impossible to trace.
- Take control by asking the questions. Ask for references from previous customers or to see examples of their work.
- Don't sign on the spot - shop around. Get at least three written quotes to make sure you're not being ripped off.
- If in any doubt, ask the person to leave or call the Citizens Advice consumer helpline on
03454 04 05 06.

If you do decide to buy:
- Always get any agreement you make in writing.
- Beware when filling in forms or when speaking to the salesperson, and ensure you don't reveal confidential details that a fraudster could use to assume your identity or take control of your finances. This may allow a fraudster to steal money from your account or order goods and services in your name.
- Usually, you have a seven-day cooling off period. So if you decide to cancel the contract, act fast.
- Think very carefully about having any work done or goods delivered during the cooling off period. You may have to pay, even if you change your mind.
- Never pay for work before it has been completed, and only then if you are happy with it.

If you believe that you have been a victim of fraud you can report it online or by telephone 0300 123 2040.

(5th February 2016)


(Action Fraud, dated 1st February 2016)

Fraudsters are sending out virus infected emails that claim a package has been seized by HM Revenue & Customs upon arrival into the United Kingdom. The official looking scam emails claiming to be from Royal Mail contain a link to a document which will install malicious software on your computer designed to steal credentials like account names, email addresses and passwords.

An example email reads:
Title: Your parcel has been seized
Royal Mail is sorry to inform you that a package addressed to you was seized by HM Revenue & Customs upon arrival into the United Kingdom.
A close inspection deemed your items as counterfeit and the manufacturers have been notified. If your items are declared genuine then they will be returned back to you with the appropriate custom charges.
You may have been a victim of counterfeit merchandise and the RM Group UK will notify you on how to get your money back. Please review the attached PDF document for more information.
Document (RM7002137GB).Zip
Please accept our apologies for any inconvenience this may have caused.

To help the spread of the virus, the email also says: "you will need to have access to a computer to download and open the Zip file". If you receive one of these emails, do not click on any links or download any attachments and report it to Action Fraud.

Protect Yourself
- Royal Mail will never send an email asking for credit card numbers or other personal or confidential information.
- Royal Mail will never ask customers to enter information on a page that isn't part of the Royal Mail website.
- Royal Mail will never include attachments unless the email was solicited by a customer e.g. customer has contacted Royal Mail with an enquiry or has signed up for updates from Royal Mail.
- Royal Mail have also stressed that they do not receive a person's email address as part of any home shopping experience.

If you believe that you have been a victim of fraud you can report it online: or by telephone: 0300 123 2040

(1st February 2016)


(Action Fraud, dated 28th January 2016)

The National Fraud Intelligence Bureau (NFIB) is warning people of the dangers of Recovery Room fraudsters targeting former victims of Timeshare fraud.

Recovery Room Fraud refers to a scam whereby fraudsters contact the victims of previous frauds, often by way of cold calling them, and claim to be able to recover previously lost funds. In July 2014 the Financial Services Authority (FSA) estimated that 30% of people who had lost money through Investment fraud would also fall victim to a Recovery Room fraud.

When Recovery Room fraudsters target victims of timeshare frauds they usually claim to be a legal professional or a representative of a government agency (normally within the country where the original timeshare property was based) in order to legitimise the scam. The fraudsters know personal details about the victim and their previous investment which gives them credibility. They claim that the advanced fees requested are for 'local taxes' or 'litigation costs' incurred during the recovery of the funds. It is suspected that the persons behind Recovery Room frauds are often the same people involved in the original scams even though these crimes may have occurred years earlier.

Initially, a small fee, typically in the region of £200-400, is requested by the fraudsters which they often claim is refundable as part of a 'no-win no-fee' basis. The fraudsters rely on the victims seeing this as a nominal fee compared to the amounts lost, which often run into the tens-of-thousands of pounds, and therefore worth paying if it facilitates the return of their money. Once paid, various excuses are made by the fraudsters to explain delays in the recovery of the funds. Subsequently, further larger amounts are then requested by the fraudsters. Needless to say, no refunds ever materialise and no money is ever recovered.  
Protect Yourself

- Never respond to unsolicited phone calls - if in doubt, hang up.
- Always check that the details of the organisation or company contacting you (such as website, address and phone number) are correct - the fraudsters may be masquerading as a legitimate organisation.
- Don't be fooled by a professional looking website as nowadays the cost of creating a professional website is easily affordable.
- Be wary of any firms or individuals asking for advanced fees.
- Consider seeking independent legal and/or financial advice before making a decision.

If you believe that you have been a victim of fraud you can report it online:

(1st February 2016)



(The Telegraph, dated 9th January 2016 authors Robert Mendick and Nicole Blackmore)

Full article [Option 1]:

Organised crime gangs are suspected to have stolen more than £10 million by hacking into the emails of people buying and selling houses.

New figures show 91 victims have reported falling prey to the conveyancing fraud. The rewards for the gangs are potentially huge, with each successful scam worth on average more than £112,000.

The problem is escalating, with latest figures showing fraudsters carrying out two successful conveyancing frauds a week, earning them in the region of £250,000 a week.
Police have admit they have no idea who is behind the frauds but suspect crime syndicates abroad are involved.

The criminals hack into the email chains between sellers and buyers and their solicitors and estate agents. The fraudsters then send an email - usually on the day of sale completion - informing the parties that bank account details have changed at the last minute and that money should be deposited in a different account.

There is no way to tell from the email header that the instruction is fake. The money is then deposited into the specially set-up account then transferred electronically by the fraudsters to bank accounts around the world where it becomes impossible to trace.

The scam was first highlighted by The Telegraph's Money section last year when a couple described how £340,000 for the sale of their flat was transferred by their solicitor into a criminal's account.

The fraudsters had hacked into the email chain and sent an email to the law firm purporting to be from the vendors explaining that they wanted the money transferred into another account.

The National Fraud Intelligence Bureau, which operates the Action Fraud reporting hotline, recorded 91 conveyancing fraud crimes up to last October, the latest month for which figures are available. In September and October alone, 16 cases were reported to Action Fraud - an average of two a week.
"The hit is massive," said Steve Proffitt, deputy head of Action Fraud, "We are getting more and more instances of this. The outcome for the fraudster is tremendous. They can earn £1m on the sale of a house in the south-east."

Police believe the fraudsters use malware that allows them to gain access to individuals' computers as well as those of estate agents and law firms.

(1st February 2016)



(National Fraud Intelligence Bureau, December 2012)
Christmas is a time for celebration, a time to be with friends and family.


Unfortunately it is also a time when fraudsters cash in, using cons old and new to exploit people's good will and ruin their festive period.

This year the National Fraud Intelligence Bureau (NFIB) will be aiming to keep the criminals at bay through 'The Twelve Frauds of Christmas', highlighting fraudulent activities, increasing business and community awareness and providing fraud prevention advice.

The team, based at the City of London Police and working as the central fraud intelligence hub for the UK, have compiled a list of a dozen frauds that they suspect will be repeatedly put into play throughout December.

On the top of the tree is online shopping fraud. Every year more and more of us are searching and buying our gifts over the internet, and every year fraudsters are finding new ways to move our money into their pockets.

Sitting amongst the presents is postal fraud. During the festive period you may receive additional letters and parcels, but not all of them may be for you!

Fraudsters will purchase goods online and then direct them to an innocent person's address. Once an item has been delivered a person wearing official looking clothing will arrive at the door and attempt to take the parcel by stating it has been delivered incorrectly.

Resting on the mantelpiece can be found electronic 'E' cards. More of these will be sent this Christmas than ever before, but there are a few you do not want to open.

The fraudsters email may contain a virus and once activated the file will embed itself in your compute without your knowledge. This malware works inside your computer collecting personal data, financial information, passwords and usernames, all of which will then be sent back to the fraudster.

The NFIB's "Twelve frauds of Christmas" in full for 2012 are:

1. online shopping fraud
2. postal fraud
3. auction fraud
4. holiday fraud
5. electronic 'E' cards
6. ticketing fraud
7. phishing emails
8. social networking
9. cash point fraud
10. voucher fraud
11. card not present fraud
12. mobile payment

By being aware of these cons and scams, you can avoid opening an advent calendar door to fraud this Christmas.

If you feel you have been a victim of these frauds, or any other, you should report to Action Fraud at or 0300 123 2040.

(16th December 2015)

(BBC News, dated 11th December 2015)


Full article :

Over one million people are buying counterfeit electrical products in the UK every year, according to Electrical Safety First.

Steve Curtler, the charity's product safety manager, told the BBC that the products, many of which could be found online, often did "not work" and could be a "potential fire risk, electric shock risk."

To illustrate the dangers, 5 live Investigates went to the TÜV Rheinland laboratory with the charity to test a genuine Nutribullet blender and a fake.

Whilst simulating what would happen if a piece of ice or stone jammed in the blades, the genuine product passed the safety test. However, the fake product exploded after just 4.28 seconds.

Nutribullet's UK distributor, High Street TV, said Nutribullet was independently tested to ensure that it met all UK and European safety regulations. They recommended only purchasing the product direct from approved stockists.

This clip is originally from 5 live Investigates on Sunday 13 December 2015.

(12th December 2015)


(BBC News, dated 10th December 2015 author June Kelly)


Full article :

Four men have been found guilty at the Old Bailey of taking part in a scam targeting pensioners across the south of England.

This was a fraud which preyed upon people's vulnerability and in some cases their frailty and isolation to net a gang what police believe could be more than £1m.

They called more than 3,700 phone numbers as they trawled for victims focusing on the places where people retire - counties like Dorset, Devon and Cornwall.

The victims were in their 70s, 80s and 90s, and the scam was always the same.

Pretending to be police officers, the fraudsters would phone an elderly person's home and lie to them that their bank account was being defrauded and they should call 999 or their bank's fraud department.

What the victim didn't realise was that the fraudsters stayed on the line after they hung up. The elderly people who thought they were reporting crime were in fact speaking to the criminals.

'Very plausible'

Another five members of the gang had already pleaded guilty in relation to the phone scam before the trial started.

The cases of 18 pensioners who suffered losses of £600,000 were put before the jury. But Scotland Yard says there were at least 140 victims in total.

The pensioners were instructed to go to their banks and withdraw or move thousands of pounds of their savings.

The bogus police officers convinced their victims that they had to take possession of their money to check whether it was counterfeit, saying bank staff were involved in the fraud.

One victim, Patricia Burnham, told BBC: News "They were very plausible, very believable and I wanted to do my bit for England. I have to admit that in a funny sort of way it was actually quite exciting 'working for the police'."

So believing she was helping officers with a fraud investigation, Mrs Burnham withdrew a total of a £135,000 from various accounts.

It was as she attempted to make a final withdrawal of £20,000 that the manager of her branch of RBS began asking a lot of questions.

At the same time Mrs Burnham, 73, read a leaflet warning about the "bogus police" scam. That was when she realised she had been duped.

"I said to my husband, 'Oh my God what have I done. I had better ring fraud line and check'. And then the person who answered said 'It's a scam' and I remember saying 'It can't be'.

"I just felt devastated, stupid embarrassed. How could I have been so taken in?"

Landline change

Patricia Burnham's 85-year-old husband, Anthony, who was already very ill, died shortly after.

"I don't think it contributed to his death," she said. "But I just feel very sad that he had this worry and concern at a time when he was very frail and really couldn't cope with what was going on."

Before Mr Burnham's death, his wife had told the gang she had to have her money back, partly because her husband might have to go into a care home.

The gang remained unmoved and the trial heard about their cruelty to other victims:
?One man, suffering from cancer, was instructed to cancel a doctor's appointment and go to his bank immediately to withdraw thousands of pounds
?A female victim broke down in tears during her police interview after she described the relentless nature of the calls
?Another pensioner was informed a grandchild was caught up in the fraud and that was a reason to co-operate.

In an additional callous twist, the victims were instructed that when they handed over their savings, the courier would use the password "Charlie".

The gang told the pensioners to have a plausible story to tell bank staff why they needed such large amounts of cash.

The High Street banks say while they work hard to protect customers from fraud - particularly the elderly and vulnerable - they cannot stop people withdrawing their own money when they say they need it for something specific.

That is why some of the pensioners in the case may struggle to be reimbursed, and police estimate only £18,000 will be recoverable from the gang.

Meanwhile, in the drive to stop the phone scammers, the regulator Ofcom says changes to networks have reduced to a couple of seconds the time the majority of landline phones can now be kept open.

(15th December 2015)



(The Telegraph, dated 1st December 2015 author Nicole Blackmore)

Full article [Option 1]:

Farmers are being warned to be "extremely wary" of fraudsters who are likely to try to steal European Union grants that are paid to the agricultural sector each December.

Financial Fraud Action UK said farmers should be wary of any suspicious calls, texts or emails.

The Basic Payment Scheme (BPS) is the biggest of the EU's rural grants. Farmers apply once a year, normally in May, and payments begin in December.

Information about the payments, including the recipients' names and the amount paid, is publicly available, meaning criminals are able to directly target vict