This page covers details of scams and fraud. The vehicle of much of this crime is via email, so examples of SPAM and Phishing is also included.

Remember, this is NOT a definitive list of scams and fraud. This page only provides an example of what is going on.

Note : Some of the information provided is from ActionFraud Alerts, in the past they have been included on the NEWS pages. From September 2015 they will appear on this page.





JULY 2018


WATCH FOR THESE FAKE LINKEDIN EMAILS
(Action Fraud, dated 27th July 2018)
www.actionfraud.police.uk

Watch out for fake LinkedIn emails. They are phishing attacks.

We’ve received multiple reports about these fake LinkedIn emails. They claim that your LinkedIn profile has appeared in multiple searches and provide links you can click on to get more details. These links lead to malicious websites designed to steal your personal and financial details.

Always question unsolicited requests for your personal or financial information in case it’s a scam. Never automatically click on a link in an unexpected email or text.

(1st August 2018)


PEPPA PIG WORLD WARNS PARENTS OF NEW WHATSAPP SCAM THAT OFFERS FIVE FREE PASSES
(The Sun, dated 23rd July 2018 author Zlata Rodionova)

Full article [Option 1]:

www.thesun.co.uk/money/6841642/peppa-pig-world-warns-parents-of-new-whatsapp-scam-that-offers-five-free-passes/

PAULTONS theme park - home of Peppa Pig World - has warned parents of a new scam circulating on WhatsApp that offers claimants free tickets to the park.

The fake offer is luring potential visitors into handing over their personal details by giving them a chance to grab five press passes.

Clicking on it directs users to an online survey designed to steal their personal information like their bank details.

The company warned WhatsApp users in a message on Twitter. It comes after many schools broke up for the summer holiday this week.

Paultons Park said: "We have been advised that a message offering 5 free passes to 500 families to Paultons is being shared on WhatsApp.

"Please note this is not a genuine offer and is not associated with Paultons Park.

We advise that you do not click the link or share the message. PP."

It's not the first time scammers have used the messaging app to trick people into handing over their details by tempting them with spoof offers.

Earlier this year, WhatsApp was used to send fake vouchers to people, appearing to be from trusted chains such as Asda, Tesco and Aldi.

But when they clicked on the provided download link, they were directed to a website riddled with malicious software.

ust last week, Alton Towers issued a similar warning, after a fake giveaway offering free tickets to the theme park spread on WhatsApp, with users complaining of receiving a torrent of spam messages with links to a malicious website.

Another spin on the same scam features the Alton Towers resort logo with a button beneath it that shows how many free tickets are remaining.

Like other WhatsApp scam messages, it's full of grammatical errors: a dead giveaway that something dodgy is at play.

"We're giving 5 free passes to 500 families to celebrate our 110nd birthday!" reads the text below the image. (Bogus offer)

Clicking on it directs users to an online survey and encourages them to send it on to 20 of their friends.

Action Fraud, the UK's national reporting centre for fraud and cyber crime, suggests anyone who has fallen victim to this scam to report it online or call 0300 123 2040.

(1st August 2018)


SCAM VICTIMS THREATENED WITH "HACKED ADAULT CONTENT" - HERE IS HOW TO PROTECT YOURSELF
(Which?, dated 21st July 2018 author Danielle Richardson)

Full Article [Option 1]:

www.which.co.uk/news/2018/07/scam-victims-threatened-with-hacked-adult-content-heres-how-to-protect-yourself/

Scammers are finding new ways to target people, threatening to share compromising footage captured without victims’ knowledge unless they transfer large sums of money, Action Fraud has warned.

At least 110 cases so far have been reported to the organisation, which is the UK’s national reporting centre for fraud and cyber crime and part of the City of London Police.

Which? explains what the scam is, what to do if you’ve been affected and how you can prevent becoming the next victim.

What are the scammers doing?


In a new tactic by scammers, the bribery begins with the cyber criminal emailing the victim with their own password as ‘proof’ that they have been hacked in some way.

In a twist straight out of dystopian sci-fi series ‘Black Mirror’, the hacker then claims to have discovered not just the victim’s password, but also footage of adult content that they’ve been watching, footage of the victim watching it, plus details of their contacts on Facebook, Messenger and email.

The victim is left with the choice of sending a large Bitcoin payment to the hacker, or taking the risk that very private footage could be revealed to everyone they know.

Action Fraud has said there is currently no evidence to suggest that these videos have actually been made, although it’s worth bearing in mind that it is possible for your webcam to be hacked.

The issue is also not necessarily specific to computers, Action Fraud has said.

While 110 instances of this fraud have been recorded so far, it could be the case that many more people have been too embarrassed to come forward.

If you have been scammed, defrauded or experienced cyber crime, you should always report it to Action Fraud.

Could I be at risk?

It’s suspected that, rather than actually hacking into individuals’ computers and gaining access to their screens and passwords, fraudsters have actually gained victims’ passwords from old data breaches.

These are incidents where people have signed up to various accounts, which have then been hacked, and the data has been sold on to a network of cyber criminals.

Several data breaches have taken place over the years, and not all of them hit the headlines.

Action Fraud recommends checking whether your details have been accessed on the website (Have I been pwned? : https://haveibeenpwned.com/) After entering your email address, it will tell you whether any sites holding your details have been hacked and which details could have been stolen.

In regards to this latest scam, Action Fraud has run some victims’ email addresses through the site and found almost all affected accounts were identified as at risk.

I’ve received these emails. What should I do?


The police advise against paying criminals and you shouldn’t email the fraudsters back.

Instead, report the incident to Action Fraud as a phishing attempt through the online form.

If you’ve received the email and have already paid the fine, report the incident to your local police force.

How to protect yourself from scammers


There are steps you can take to keep your identity safe online.

Action Fraud suggests doing the following:

_ Always use a strong and separate password for any account you set up. If possible, enable two-factor authentication (2FA).

- Regularly update your antivirus software and operating systems.

- Cover your webcam whenever it’s not in use.

(1st August 2018)


A CRIMINAL POSING AS BT ENGINEER TOOK CONTROL OF MY COMPUTER AND ROBBED ME OF £7,800
(Daily Mail, dated 21st July 2018 author Jeff Prestridge)

Full article [Option 1]:

www.dailymail.co.uk/money/beatthescammers/article-5977457/A-criminal-posing-BT-engineer-took-control-computer-robbed-7-800.html

Fraudsters are using new tactics to plunder people’s bank accounts. They include social engineering and computer takeover fraud.

When David Couldwell received a call on his landline from a BT engineer explaining that his internet router had been hacked and urgent security tests were needed, he was only too willing to help.

But unbeknown to David, the call was not from BT. It was from a fraudster who, by taking control of his computer remotely, removed almost £7,800 from his bank and saving accounts with NatWest.

The fraud David suffered is the new game in town. Such ‘computer takeovers’ are increasingly used by criminals developing new ways of emptying victims’ bank accounts. Last year, we reported on a near identical case involving financial adviser Joanna Coull, who was also scammed out of £7,800.

According to the latest data on banking fraud from trade body UK Finance, last year £121 million was removed from customers’ accounts by criminals who had gained unauthorised online access. This is a 19 per cent increase on the year before and more than double the figure five years ago.

By contrast fraud losses overall are falling, according to UK Finance, with banks and card companies preventing £2 in every £3 of attempted unauthorised fraud.

The report says that computer takeovers often result from criminals using ‘social engineering’ tactics to deceive and manipulate people into divulging key details.

The ‘manipulation’ stems from the criminal purporting to be from a trusted organisation, such as a person’s bank, the police, a government department or utility firm. In many cases, they ring claiming there has been suspicious activity on the victim’s bank account or there is an internet problem that needs fixing.

For the ‘problem’ to be resolved, the victim is asked for more details. This allows them to be tricked into giving away sufficient information for the criminals to gain remote access to their bank account and steal money.

For David Couldwell, the ‘trusted’ company was BT. Late last month, the 73-year-old was at home in Norfolk and took a call from a man claiming to be from the telecoms giant. The individual said the internet router which David and his wife Brenda use had been hacked and that he needed to carry out urgent tests. David, a retired computer manager, agreed and was reassured by the fact the caller proceeded to get the router to flash. But the fraudster had only just begun. He then asked if he could have access to David’s computer to ensure no hacker had managed to log into it.

It was then the caller said David would receive £500 by way of a thank you for the inconvenience caused. The call was transferred to ‘BT’s accounts department’ so it could effect the payment.

David was asked to provide his account details and then instructed to log in to his NatWest account to check the money had gone in. When he looked he found that £5,000 – not £500 – had been deposited. He was asked to refund the overpayment – to Wells Fargo Bank in San Francisco. When he queried this, he was told BT was a global firm and had accounts worldwide.

By this stage, the fraudsters had taken control of his account – not just the main one but three others – including an Isa – that he either held in his own name or jointly with Brenda. The £5,000 was not a ‘deposit’ but money moved by the criminals from the other accounts to look as if it were a fresh credit.

By the time David discovered this and alerted NatWest to the fraud, it was too late. The criminals had extracted £7,767 from his accounts.

Initially, NatWest told David he would not get a full refund, holding him partly culpable. But last week it backtracked after The Mail on Sunday’s intervention and agreed to refund the full loss.

David is grateful. He says: ‘I am sure we would have had a long battle getting our money back had it not been for The Mail on Sunday. Maybe I should not have allowed myself to be tricked, but at the time I was convinced I was dealing with bona fide BT employees.’

He says the criminals tried the same scam on both his neighbours but failed.

On Friday, NatWest said: ‘We appreciate this has been a distressing experience for the Couldwells. We take our responsibilities seriously in preventing fraud and remind customers to remain vigilant against scams.’

It added: ‘Customers should never give anyone remote access to their computer and not divulge security details to someone over the phone. They should decline and report it to their bank immediately on a phone number they can trust.’

Katy Worobec, at UK Finance, said: ‘Criminals have become adept at impersonating legitimate organisations such as banks and utility companies to trick people into giving away their bank details.

‘Never let someone else have access to your computer remotely, especially if they have contacted you via an unsolicited phone call.’

BT said it was working with law enforcement agencies to bring fraudsters to justice.

WISE UP TO WAYS OF FOILING THE CYBER ATTACKERS

Be extremely wary of unsolicited approaches by phone, especially people claiming to offer refunds.

- Avoid letting someone you do not know have access to your computer, especially remotely.

- Do not log on to your bank account while someone else has remote control of your computer.

- Do not share passcodes or card reader codes with anyone.

- Do not share your Pin or online banking password, even by tapping them into a telephone keypad.

- Further details on how to combat financial fraud can be obtained from the ‘Take 5 – To Stop Fraud’ pages of the website of trade body UK Finance, available at: takefive-stopfraud.org.uk

(1st August 2018)


RISE IN FAKE AMAZON EMAILS
(Action Fraud, dated 20th July 2018)
www.actionfraud.police.uk

These fake emails are after your Amazon login details!

We’ve had an increased number of reports about these fake emails purporting to be from Amazon. The subject line and content of the emails vary, but they all contain links leading to phishing websites designed to steal your Amazon login details.

Always question unsolicited requests for your personal or financial information in case it’s a scam. Never automatically click on a link in an unexpected email or text.???????

(1st August 2018)


FRAUD - HERE'S HOW SCAMMERS GET AWAY WITH IT
(The Guardian, dated 7th July 2018 author Patrick Collinson)

Full article [Option 1]:

www.theguardian.com/money/2018/jul/07/heres-how-scammers-get-away-with-it

Digital bank Monzo is one of the fastest-growing new banks in Britain, opening 750,000 accounts over the past two years. Now, in an extraordinarily candid move for a bank, it has thrown open its doors to Guardian Money to expose the scams and brazen criminality that threaten customers – and how it is fighting back. Some of the scams are shocking, others audacious – and one so simple we are banned from telling you about it.

The student ‘mules’

Students are selling their bank accounts – giving someone else their account details such as logons – for as little as £50 to £100, often as they are finishing university and heading abroad for a period. These accounts are then used by fraudsters to evade the strict checking procedures when individuals try to open an account.

These “mule” accounts are a vital link for crooks moving money around the banking system. A common cry among victims of fraud is that banks must have an electronic record of where their money has gone. The mules are the way stolen money is transferred and laundered through the system.

Sometimes the scamsters ask students for their active cooperation – for example, they will tell them that £20,000 will come into their account and that they should send £19,800 to a different account, often overseas, and keep £200 themselves.

Monzo says it uses artificial-intelligence systems to flag up unusual sums and block accounts. But Tom Blomfield, the bank’s chief executive, makes a plea to students: “Don’t sell your identity. All you are doing is enabling money laundering.”

Transaction attacks

On the Monday morning I visited Monzo’s offices, just 12 hours earlier there had been a “pan enumeration” attack on its computer systems. This is where fraudsters, often based overseas, bombard a bank’s computers, trying to guess passwords and logins, or attempting to do transactions by generating card expiry dates and three-digit CVCs (card verification codes) in the hope that some might break through.

Often the attacks begin in the middle of the night. I was shown a screen of transaction activity that spiked around midnight on a Sunday. Suddenly Monzo was being hit with 100 failed transactions a second. This went on for 10 minutes. I was told that the bank experienced “a few of these every month. Last night’s attack could just be a warm-up,” said an IT expert at the bank.

Monzo is aware that as a challenger bank it is high on the target list for fraudsters keen to exploit any gaps in its defences. But it also has an advantage – its new IT systems are better primed to deter fraud than the legacy systems of traditional banks. Monzo says that following Sunday’s attack it had “new kill switches and triggers” in place within hours.

Blocking dodgy transfers and deposits


One of the saddest scams is when an older person is conned by a cold caller posing as their bank manager. They are told there has been suspicious activity on their account and that they need to switch their money to a safer place. The calls can be frighteningly convincing.

What Monzo sees is the other side of the equation – when a large sum from a big bank is deposited into a Monzo account (which later turns out to be a mule). Using sophisticated machine-learning techniques, Monzo says it is better able to identify suspicious deposits. In one instance, it froze thousands of pounds that had arrived into an account. “We blocked it and contacted the originating bank,” says Blomfield. “But that bank [one of the biggest UK players] said it was all fine. Then it rang a few days later to say it looked like the customer had been conned. Luckily, we were able to return the money.”

Frustratingly, there are few mechanisms for banks to communicate with each other. “In the US, there is a web portal for banks to contact each other on these issues. Here, it’s just email, Blomfield adds. “Sometimes we are even told to use a fax.”

Detecting data breaches


On 6 April, Monzo was contacted by 50 customers reporting fraudulent transactions. This was not remarkable in itself – Monzo has about 750,000 customers – and it replaced their cards immediately. But its financial crime and security team noticed a pattern. “About 70% of those affected had used their cards with the same online merchant between December of last year and April this year,” a Monzo statement said. “That merchant was Ticketmaster. This seemed unusual, as overall only 0.8% of all our customers had used Ticketmaster.

“Within four-and-a-half hours, the team rolled out updates to our fraud systems to block suspicious transactions on other customers’ cards. That evening, we reached out to other banks and the US Secret Service (which is responsible for credit card fraud in the US) to ask if they had seen anything similar. At the time, they hadn’t.”

The following week, it saw four more compromised cards – all had been used at Ticketmaster. “Given the pattern that was emerging, we decided to reach out to Ticketmaster directly,” the statement continued. “On 12 April, Ticketmaster’s security team visited the Monzo office so we could share the information we had gathered. They told us they would investigate internally.”

Over the next few weeks it became obvious that something was happening with cards used on Ticketmaster. Confident that the ticket site had suffered a data breach, the bank contacted Mastercard and replaced every Monzo card – 6,000 – that had been used at Ticketmaster.

Meanwhile, on 19 April, Ticketmaster told Monzo it had found no evidence of a breach. But on 27 June, its customers were informed by that they could be at risk of fraud or identity theft, admitting a major breach had affected tens of thousands of people.

The question is why it took Ticketmaster so long to inform customers, given Monzo’s warnings. Ticketmaster says: “When a bank or credit card provider alerts us to suspicious activity it is always investigated thoroughly with our acquiring bank, which processes card payments on our behalf. In this case, there was an investigation, but there was no evidence the issue originated with Ticketmaster.”

Meet Fraudster No 1

In Monzo’s financial crime unit at its London offices just off London’s so-called “Silicon Roundabout”, he is known as Fraudster No 1. I was shown his picture, name, full address (in south-west London), Facebook page and even photographs of the luxury goods he has snaffled with money looted from other people’s accounts and ostentatiously posted on Instagram. Monzo has shared all these details with the police. Yet this man has not been apprehended. Why? Because, much to the frustration of Monzo’s fraud team, the police are not interested because the sum stolen – £40,000 – is deemed not large enough to bother the authorities.

The man is known as Fraudster No 1 not because of the £40,000 he has stolen, but because he was the first account holder that the bank, which was founded in 2015, identified as a con man.

“He used the dark web to buy a few hundred stolen debit and credit cards,” says Tom Blomfield, chief executive of Monzo. “He loaded cash stolen from those cards on to his Monzo prepaid card, then used that to buy goods. He’s utterly brazen. He has posted on Instagram the high-value electricals he has bought with the money, from stores such as Maplin.

“He has stolen £40,000 from us. We have passed his details to the NCA [National Crime Agency]. It’s so frustrating. He actually poses in pictures with his stolen gear. If someone smashed your windows and stole £40,000 from you, the police would be all over it. But nothing has been done to him.”

In one extreme case, Monzo identified a man who was convicted for card fraud, who subsequently used a stolen debit card to pay his court fine. Unlike Fraudster No 1, at least he has been apprehended.

Monzo suspends or terminates accounts when it identifies fraud, but can’t tell the “customer” of its suspicions. The response from the fraudsters is shocking. “They will go on to their Twitter feed and accuse us of being scammers,” says Natasha Vernier, head of Monzo’s financial crime unit. “We don’t respond. They will call our customer centre and use every trick to try to get them to buckle and reopen the account, so they can continue defrauding others.”

Call centre workers will hear sob stories from crooks who pretend that the account closure is causing them huge grief – to the extent that they even use recordings of babies crying, while screaming down the line that they need the money for baby food. The call centre workers have to stand firm and refuse to reopen the account.

Fancy a £5,000 refund?


A gang goes into a shop and distracts staff. One of them goes to the point-of-sale (POS) terminal, inserts their card and requests a refund. Monzo says it is aware of merchants losing up to £5,000 in this way, and banks do not cover them for it.

In a more basic version of the fraud, gangs grab a POS terminal in a shop, run out and try to process a refund outside.

Fuelling card crime


This is an extraordinary new fraud, which relies on petrol stations where there are no attendants – often at night – and where drivers can use a card to pay at the pump.

According to Monzo, it works like this: the customer has a card with £100 in their account. The card reader at the pump pre-authorises the person wanting to fill their car by taking an initial £1 payment, purely for card validation purposes. After that, the driver can fill up with up to £100 worth of petrol. The charge may take a day or two to be deducted from the person’s account. The fraudster does the pre-authorisation again and again, with just £1 deducted each time, until the £100 on the card has been used up. The customer therefore gets 100 times £100 worth of petrol, at a deduction from the card of just £100. Only later is the £10,000 worth of petrol charged to the card, which does not have the funds and is therefore bounced.

Fraudsters are buying vans and retro-fitting them with huge tanks. Monzo says it knows of £56,000 worth of petrol stolen in this way. The loser here is the petrol station as, while the money initially comes off the card, it is then charged back to the forecourt operator.

The police are concerned about the prospect of vans carrying vast amounts of petrol.

Natasha Vernier, head of Monzo’s financial crime unit, says that when other banks spot a new kind of fraud, they can take weeks to put in place technical patches to spot it on their systems. “When we first saw pay-at-pump fraud, we had a new rule in place in five hours,” she says.

Your ears are the giveaway


Monzo requires that new account openers submit a photo of their identity document, plus a selfie video. It sends this to an ID verifier such as Jumio or Au10tix, which have software that checks whether the person in the ID photo is the same as the one in the selfie.

I was shown pictures of one male in his 20s who made four attempts to open an account at Monzo. He was identified as a fraudster on his first attempt. In later attempts his picture changes – it is still him, but with a beard, then a long beard, short hair on top, longer hair on top, and so on. Each time Monzo’s systems identified him – because of his ears. According to Monzo, ear positions are the most difficult thing to fake.

(1st August 2018)


WATCH OUT FOR THESE FAKE ARGOS TEXTS
(Action Fraud, dated 6th July 2018)
www.actionfraud.police.uk

These fake text messages purport to be from Argos and claim that you're owed a refund. The link in the messages lead to phishing websites designed to steal your personal information, as well as payment details.

Always question unsolicited requests for your personal or financial information in case its a scam. Never automatically click on a link in an unexpected email or text.

For more information on how to stay ecure online, visit www.cyberaware.co.uk

(1st August 2018)


JUNE 2018


NATIONAL TRADING STANDARDS - JUNE 2018 - SCAM NEWS
(Dated May / June 2018)

-----------------------
THE PEOPLE MOST LIKELY TO BE SCAMMED
(The Herald, dated 3rd June 2018 author Peter Swindon)

Full article [Option 1]:

www.heraldscotland.com/news/16266090.Revealed__the_people_most_likely_to_be_scammed/?mc_cid=9d7f8c7a7a&mc_eid=f46eab0a3f

HOW safe from the scammers do you think you are? Many of us are confident that we would never fall for crimes that can end up costing thousands of pounds.

However, Citizens Advice Scotland (CAS), which oversees 60 advice bureaux, says more of us are at risk than we might have thought, and a new campaign will warn four groups of people most at risk of being conned out of cash.

CAS says people aged over 70 are most at risk, but three other groups are also likely to fall victim to scammers - young people aged 16 to 24, life established people aged 45 to 60 and socially isolated people of all ages.

The organisation has launched Scams Awareness Month, which begins tomorrow, in the hope of helping people to spot the dangers.

CAS has seen a sharp increase in the number of victims coming forward in the last year. Lucy Manson, a Community Action Team manager with the organisation, said: "Scams can happen by phone, by mail, online or on your own doorstep, and they can cost people hundreds or even thousands of pounds.

"We've seen a 24 per cent increase over the last year in people reporting scams to the Scottish CAB network. That shows how big the problem is, but it is also an encouraging sign that people are coming forward to talk about their experience of being scammed, because that is the way we are going to beat the scammers.

"So, our message throughout this month is that we all need to be vigilant and watch out for scams." And the key messages?

Take your time before making any decisions to part with your cash. Don't be rushed into a decision.

Make sure you research the company first - for example by asking friends and family about them or researching them online.

Remember, if something sounds too good to be true, it probably is.

"If people are hit by a scam," Manson added, "they should talk about it to their friends and family and report it to the CAB service or to Trading Standards or the police, so we can warn other people about it."

THE VULNERABLE GROUPS

Over-70s

The average age of reported scam victims is 75 and those over 70 have the highest losses from a range of scams, targeted by landline, phone and mail. CAS research found the average financial loss for those aged between 75 to 79 is £4,500. Although older people often report scams, they can lack confidence in their ability to protect themselves against scammers, which makes them more vulnerable.

CAS advice: Be wary of cold callers and thoroughly check the ID of tradespeople on your doorstep. Be cautious when answering the phone to an unknown caller or opening unexpected letters.

Life established

People aged 45 to 60 are targets because they are more likely to own their own home and have access to financial assets, making them a likely target of investment scams. Seven out of ten people with income exceeding £25,000 say they have been contacted by someone trying to scam them, compared with four of out ten of whose earnings are less than £9,500 per year, according to research by CAS. A third of all victims of scams are aged 41 to 60.

While the life established are targeted by a wide range of scams, they are most vulnerable to phishing and other banking scams, property scams and pension liberation scams.

CAS advice: Be wary of deals that use persuasive messaging to sell you 'once in a lifetime' deals.

Young people

As digital natives, young people are confident when using the internet, leading them to feel they are unlikely to fall for online scams that target them through social media and website advertising. They are often found to be victims of online scams, such as subscription traps, job scams and identity fraud. But they are least likely to report a scam - CAS research found that more than half of adults aged 18 to 24 would be unlikely to report being conned, making them the largest group who are unlikely to take any action when encountering a scam.

CAS Advice: Be cautious of pop-ups on social media and websites that take you to an unknown site.

Socially isolated

People who are socially isolated can be the hardest to reach and often can't access the same support to protect themselves from scams as other groups. Although people who are socially isolated don't always report scams, they can be badly affected, both mentally and financially. It has been reported that the names and addresses of approximately 300,000 people nationally are on lists which are being sold between criminals to use as targets for scams. CAS research has found that nine out of ten people on these target lists are unaware that they are being targeted. Often, people who are socially isolated are not able to connect to support or help to prevent this.

CAS Advice: Be cautious of unknown callers and unexpected mail
.

I WAS CONNED OUT OF £3,500 AND I'M STRUGGLING TO MAKE ENDS MEET

A businessman has revealed he was conned out of £3,500 after his details and passwords were obtained by scammers.

Clifford Selbie, 48, from Glenrothes, runs a gardening business in Fife and agreed to an advertising deal with a magazine for emergency services personnel which cost him £250 a year.

The married father-of-three paid up front and the advert appeared for a year, then last year he received a call from someone claiming to be a debt collector who demanded thousands of pounds.

Selbie said: "They threatening to go to take my house over a £3,500 debt, unless I paid £2,500 immediately. Straight away alarm bells went off in my head and I told them if they called again I'd call the police, then I hung up.

"But they phoned me back and said they had my password, and it wasn't a simple password. When they read it out I just assumed it was legitimate.

"I protested and said I'd paid upfront, but they then threatened to get the police and go to my house and take what they wanted. I gave them bank details. They took the money twenty minutes later."

He later went online and discovered the magazine publisher had gone bust and his personal data had been sold on to scammers.

Selbie contacted his bank and the police but there was nothing they could do because he had willingly handed over the cash.

He has since to borrow money from relatives which he is struggling to pay back.

"I'm doing overtime, working an extra job as a forklift operator for a building company to get that money back. My gardening business is struggling too, because I can't afford to buy equipment and materials.

"I'm angry at the scammers, I'm angry at the company which went bust, I'm angry at the law because nothing can be done, I'm also disappointed at having my trust violated.

"I would say to anyone else contacted by so-called debt collectors to check a company still exists and make sure you get a letter from the company to confirm they have referred you to debt collector."

------------------------

ARRESTS MADE IN CRACKDOWN AGAINST ONLINE FRAUDSTERS
(London Loves Business, dated 20th June 2018 author LLB Reporter)

Full article [Option 1]:

https://londonlovesbusiness.com/arrests-made-in-crackdown-against-online-fraudsters/

Ninety five arrests have been made across Europe following a joint law enforcement operation targeting online fraudsters between 4 and 15 June 2018. The suspects arrested during the operation are believed to be responsible for more than 20,000 fraudulent transactions using compromised credit cards, with an estimated value exceeding EUR 8 million (£7 million). The action was coordinated by Europol, working closely with law enforcement, the banking industry and retailers across 28 countries.

The operations in the UK were led by officers from the Dedicated Card and Payment Crime Unit (DCPCU). Nine search warrants were executed across the country, resulting in four interviews under caution and two arrests - one in Bolton and another in London. During the searches valuable intelligence was gathered and several devices that were suspected of being used to commit remote purchase fraud were seized. Ongoing investigations are now underway that are expected to result in further arrests and charges.

Several of the fraudsters targeted during the operations were using social media to commit remote purchase fraud. Often, criminals will offer goods to buyers for a heavily discounted price via social media and then use stolen card details to make the purchase. The buyers' card details are then usually stolen and passed on to other fraudsters.

The operation has been followed by the launch of an awareness-raising campaign on social media -#BuySafePaySafe - by Europol and law enforcement agencies across Europe. This complements UK Finance's Take Five to Stop Fraud campaign, which provides customers with advice to help them stay safe from fraud and scams.

T/DCI Glyn Whittick, head of the DCPCU, commented: "The success of these operations shows how through close cooperation with our European partners, retailers and the financial sector, we are cracking down on the criminal gangs targeting consumers online.

"Ongoing investigations are now underway and we will continue to work together to bring those committing remote purchase fraud to justice.

"Fraudsters are increasingly targeting people through social media so it's vital that everyone follows the advice of the Take Five to Stop Fraud campaign and keeps their details safe. People should also remember when shopping online that if an offer seems too good to be true, it probably is."

------------------------

(17th July 2018)


IDENTITY THEFT WARNING AFTER MAJOR DATA BREACH AT TICKETMASTER
(The Guardian, dated 27th June 2018 authors Rupert Jones and Patrick Collinson)

Full article [Option 1]:

www.theguardian.com/money/2018/jun/27/identity-theft-warning-after-major-data-breach-at-ticketmaster

UK customers of Ticketmaster have been warned they could be at risk of fraud or identity theft after the global ticketing group revealed a major data breach that has affected tens of thousands of people.

The company could face questions over whether there was a delay in disclosing the breach after it emerged that some UK banks have known about the incident since early April.

The Guardian understands that a number of Ticketmaster customers have already had fraudulent transactions debited from their accounts, with the fraudsters spending people's cash on money transfer service Xendpay, Uber gift cards and Netflix, among other items.

Ticketmaster said customers who bought concert, theatre and sporting event tickets between February and 23 June 2018 may have been affected by the incident, which involved malicious software being used to steal people's names, addresses, email addresses, phone numbers, payment details and Ticketmaster login details.

The breach also affects customers of two other UK websites owned by Ticketmaster: TicketWeb and the resale website Get Me In!.

The company said less than 5% of its global customer base had been caught up in the breach, and indicated the number directly affected was fewer than 40,000. However, Ticketmaster claims to serve more than 230 million customers a year globally.

Ticketmaster, part of the Live Nation Entertainment group, said that on 23 June it discovered that malware on a customer support product hosted by Inbenta Technologies, an external third-party supplier, was exporting UK customers' data to an unknown third-party. As a result, it said, some of its customers' personal or payment information may have been accessed by this third party.

Digital bank Monzo was the first to spot customers' cards were being compromised. It identified in April that the common factor behind a spike in frauds was that every customer who lost money had also had interaction with Ticketmaster.

On 12 April it warned Ticketmaster of the issue, but "couldn't get any traction" out of the company, according to Monzo's head of financial crime, Natasha Vernier.

In the meantime, Monzo contacted all customers who had ever dealt with Ticketmaster - about 5,000 - to replace their cards.

It also told banks that are part of the UK Finance group in April that it was aware of what appeared to be a significant data breach at Ticketmaster.

Monzo's experience suggests that anyone who has bought a ticket through Ticketmaster should check their accounts for unusual transactions involving Xendpay, Uber and Netflix. None of these companies were involved in the fraud itself, but were the means by which the fraudsters were able to steal money from people's accounts.

Ticketmaster did not give any further information about precisely which payment details may be affected, but it warned customers: "We recommend that you monitor your account statements for evidence of fraud or identity theft.

"If you are concerned or notice any suspicious activity on your account, you should contact your bank(s) and any credit card companies."

The company said: "Based on our investigation, we understand that only certain UK customers who purchased or attempted to purchase tickets may have been affected by the incident."

It added that forensic teams and security experts were "working around the clock" to understand how the data was compromised, and that it was working with the Information Commissioner's Office, credit card companies, banks and others.

A page on Inbenta's website - which appears to have been taken down - reveals that Ticketmaster turned to Inbenta because it was having to deal with large numbers of "repetitive questions" from customers "that fatigued agents and cost a lot of money to answer".

As a result, it said, "Ticketmaster now saves hundreds of thousands of dollars in unnecessary incoming support emails and contact center calls".

Ticketmaster said it was offering affected customers a free 12-month identity monitoring service. There is a dedicated website, security.ticketmaster.co.uk, and customers can also email fan.help@ticketmaster.co.uk.

(17th July 2018)


SCAMMERS ARE POSING AS THE FINANCIAL OMBUDSMAN, WATCHDOG WARNS
(Money Saving Expert, dated 26th June 2018 author Callum Mason)

Full article [Option 1]:

www.moneysavingexpert.com/news/banking/2018/06/scammers-are-calling-customers-customers-and-pretending-to-be-the-financial-ombudsman-watchdog-warns?mc_cid=ec1ce70734&mc_eid=f46eab0a3f

Scammers are pretending to be from the Financial Ombudsman Service to try and trick victims into handing over personal information, the watchdog has warned.

Fraudusters are falsely claiming to be calling from the Financial Ombudsman Service (FOS) to try to persuade people to reveal details about their personal and financial circumstances - and they are even managing to make FOS's number appear on people's caller ID.

The ombudsman - which sorts out complaints between financial businesses and their customers - doesn't write to or phone people out of the blue to ask for personal information. It will only contact you if you've been in touch to register a complaint, and even then it would only speak to you about that complaint.

It's also a free service and would NEVER ask you for money. It also wouldn't pay you compensation directly.

I've been caught out - what should I do?

If you've been contacted by someone pretending to be from the FOS, you should contact the ombudsman on 0800 023 4567.

Remember though, even if this number appears on your caller ID when you get an incoming call, it isn't necessarily the FOS.

If you've given out personal information, call your bank and let it know.

You can also report the scam to the police through Action Fraud on 0300 123 2040, or report a scam anonymously on its website (https://actionfraud.police.uk/).

What does the FOS say?

A Financial Ombudsman Service spokesperson said: "Criminals use a wide range of tactics to defraud people, even stooping so low as to pretend to from our service. If you're suspicious about a call you've received, hang-up, check the line is clear, then call back by dialling our helpline number.

"We update our website whenever we hear fraudsters are actively trying to con people in our name; and pass the information we get from our customers onto Action Fraud - the agency that works closely with the police to tackle fraud crimes."

(17th July 2018)


CITY WATCHDOG BOOSTS FRAUD VICTIMS RIGHTS IN MAJOR VICTORY FOR WAR ON SCAMS
(Telegraph, dated 26th June 2018 author Sam Meadows)

Full article [Option 1]:

www.telegraph.co.uk/money/consumer-affairs/city-watchdog-boosts-fraud-victims-rights-major-victory-war/

Banks will now be forced to accept complaints from fraud victims if they have allowed criminals to open accounts, under proposals from the City watchdog.

In a major victory for Telegraph Money's Make Banks Act on Fraud campaign, the FCA has published plans which would allow you to complain to a bank despite not being a customer.

Bank transfer fraud, officially known as "authorised push payment" fraud, where a victim is tricked into sending money to scammers, has hit record levels with £236m stolen last year.

Telegraph Money has consistently called on the banks which received the stolen money, and often breached money laundering regulations by allowing an account to be opened with false credentials, to do more to support victims.

Most are told they must liaise with their own bank and are given spurious reasons, including data protection, for the recipient bank's silence.

Many of these sorts of scams involve life-changing sums. One of the most common types of case involves a criminal impersonating a conveyancer and stealing money for a house deposit. The worst case Telegraph Money has seen resulted in the victim losing £600,000.

If the Financial Conduct Authority's (FCA) proposed rules are adopted it would mean fraud victims could make an official complaint to the criminal's bank and, if they were unsatisfied with the response, then take the case to the Financial Ombudsman Service.

Christopher Woolard, the watchdog's executive director of strategy, said: "The FCA takes push payment fraud and the harm it causes to consumers very seriously.

"Our proposals build on our work in this area, and seek to reduce the harm experienced by victims of push payment fraud where they believe the bank who received the money did not do enough to prevent it.

"We are proposing to require payment service providers to handle complaints about this in line with our complaint handling rules, and to provide the victims with access to the Financial Ombudsman Service."

The Payment Systems Regulator (PSR) is currently working on an industry framework which will determine in what circumstances a bank or building society should refund victims or pay compensation. The finished document is expected later this year.

A spokesman said the body welcomed any changes which would help reduce the impact of bank transfer fraud on victims. "The PSR is driving a range of initiatives in this area, working with industry, consumer groups and other regulatory and government bodies to make it harder for criminals to commit this type of crime - but if they do occur, to reduce the impact on the victim," she added.

Telegraph Money has reported in the past on the unwillingness of recipient banks to support the victims of crime, even when they have allowed criminals to open accounts.

In one case Halifax held a victim's money for six months despite admitting the account in question belonged to fraudsters. It only refunded the £8,000 after pressure from Telegraph Money.

The FCA is welcoming comments on its proposals until September 26 and is expected to publish its final findings before the end of the year.

(17th July 2018)


THE MOSTON MAN WHO HAD THOUSANDS OF POUNDS OF WIDOWS CASH IN HIS ACCOUNT FOLLOWING BOGUS DOCTOR SCAM
(Manchester Evening News, dated 21st June 2018 author Paul Beard)

Full article [Option 1]:

www.manchestereveningnews.co.uk/news/greater-manchester-news/moston-fraudster-who-cheated-lonely-14810080

A Moston man kept thousands of pounds belonging to a lonely widow in his account following an intricate scam involving a bogus doctor.

The woman was tricked into parting with more than £9,000 after being assured that 'Dr Marcus Harry' would be able to pay her back when he returned to the UK, a jury has heard.

She paid £4,000 into an account owned by Akinyemi Adigun, 35, from Attleboro Road, Moston, but he denied any involvement in the activity.

A jury at Warwick Crown Court found Adigun guilty of possessing criminal property.

Prosecutor Daniel Wright explained that the 'property' Adigun possessed was money paid into his bank account which was the proceeds of criminal activity.

He said that by September 2015 the victim, a Leamington woman, had been living alone for three years following the death of her husband.

"She found herself getting lonely and, at the suggestion of a friend, she joined a dating site for widows.

"She was contacted by 'Dr Marcus Harry,' who said he was a 50-year-old male from Bristol who was working overseas in Nepal.

"They hit it off, and within a month Dr Marcus Harry starts to ask for money from her. At first these were small amounts," said Mr Wright.

It began with a request over WhatsApp, asking her if she would mind getting him £50 of i-Tunes vouchers which he said he was unable to get hold of in Nepal.

She agreed, and bought a £50 voucher at Argos in Leamington before photographing it and sending the picture to him by e-mail.

Two weeks later Dr Harry told her he was planning to fly back to the UK on October 17, but was unable to get hold of the £1,000 he needed for the flight - so she agreed to send it to him on the basis that he would repay it on his return.

That money was transferred into the account of a woman called Jayne Chew, from Burnley, but although she had originally faced a similar charge, proceedings against her have ceased, said Mr Wight.

The victim also sent Dr Harry another £50, supposedly so he could top up his mobile phone.

"A few days later there were further requests. This time Dr Harry asked for £4,000 on the fifth of October because he said he had been fined for bringing gold into Dubai on his way back, and would not be released until he had paid a £25,000 fine."

She was reluctant, but he pleaded with her and said he would pay her back, and she transferred the £4,000 to the account of a co-defendant, Dare Moyo, who has pleaded guilty.

Dr Harry then claimed he had not been able to come up with all of the rest of the money, and persuaded the woman to transfer a further £4,000 which was paid into Adigun's account.

t initially went into his business account, but the same day £3,100 of it was transferred into his personal account and then back into the business account.

"Ultimately the £3,100 was transferred out with the payee reference 'Bro TJ.' The prosecutions say the remaining £900 was the defendant's cut.

"The prosecution say that what happened was a fraud, that she was duped, so whatever money flows from that is criminal property."

Adigun, who accepted the money had been transferred into his account, made no comment when he was arrested.

But in court he claimed it had been done at the request of a friend, a Nigerian national who had been living in the UK but had returned to Nigeria and needed the use of a UK bank account for the transfer of some money.

Adigun said he had agreed the man could use his account, and that he had no idea the money had come from a crime.

After the jury rejected his account and found him guilty, he was granted bail as the case was adjourned for a pre-sentence report, and he and Moyo (39) will be sentenced together at a later date.

(17th July 2018)


FOLLOW UP CALLS COMPUTER SOFTWARE SERVICE FRAUD
(Action Fraud, dated 20th June 2018)
www.Actionfraud.police.uk

There is concern that victims of previous Computer Software Service Fraud (CSSF) are being re-targeted for "owed money". The National Fraud Intelligence Bureau (NFIB) reports that CSSF scammers are returning to contact previous victims, requesting that they pay money owed for a fake malware protection service they had provided. Alternatively, the fraudster will ask for a new subscription fee in return for protection from a new threat. The victims that have made payments to the fraudsters have done so via credit/debit card payments. In some instances threatening and aggressive language has been used against victims, as part of the attempt to coerce them into sending money.

Computer Software Service Fraud involves the victim being contacted, told that there is a problem with their computer, and that for a fee this issue can be resolved. The aim of the fraudster at this point is usually to gain remote access to the victim's computer and, subsequently, access to their online banking account. No fix actually occurs. The victims will often be cold-called or will receive a pop-up on their computer, prompting them to phone the suspect.

Since the beginning of this year (2018), the total loss for repeat victims of CSSF has been reported as £16,712.85. The National Fraud Intelligence Bureau has noticed an increase in such reports since the beginning of May.

Protect Yourself

- If you receive such an unsolicited call or pop-up, do not make a payment. Always ensure you know who you are talking to. If in doubt, hang up immediately.

- Do not allow remote access to your computer.

- Don't be rushed or pressured into making a decision. Under no circumstances would a genuine bank, or another trusted organisation, force you to make a financial transaction on the spot; they would never ask you to transfer money into another account for fraud reasons. Remember to stop and take time to carefully consider your actions.

- Listen to your instincts. If something feels wrong then it is usually right to question it. Criminals may lull you into a false sense of security when you are out and about or rely on your defences being down when you're in the comfort of your own home. They may appear trustworthy, but they may not be who they claim to be.

For more information about how to protect yourself online, visit www.cyberaware.gov.uk and takefive-stopfraud.org.uk

If you have been a victim of fraud or cybercrime, report it to us at Actionfraud.police.uk, or by calling 0300 123 2040.

(17th July 2018)


WATCH OUT FOR THESE FAKE TEXTS ABOUT YOUR EE BILL
(Action Fraud, dated 19th June 2018)
www.actionfraud.police.uk

These fake text messages purport to be from EE and claim that you haven't paid a bill. The link in the message leads to a phishing website designed to steal your EE account login details, as well as personal & financial information.

Don't be tricked into giving a fraudster access to your personal or financial details. Never automatically click on a link or attachment in an unexpected email or text.

For more information on how to stay secure online, visit www.cyberaware.gov.uk

(17th July 2018)


COURIER FRAUD
(Action Fraud, dated 15th June 2018)
www.actionfraud.police.uk

The National Fraud Intelligence Bureau has identified an increasing number of reports submitted to Action Fraud from the public concerning courier fraud.

Fraudsters are contacting victims by telephone and purporting to be a police officer or bank official. To substantiate this claim, the caller might be able to confirm some easily obtainable basic details about the victim such as their full name and address. They may also offer a telephone number for the victim to call to check that they are genuine; this number is not genuine and simply redirects to the fraudster who pretends to be a different person. After some trust has been established, the fraudster will then, for example, suggest;

- Some money has been removed from a victim's bank account and staff at their local bank branch are responsible.
- Suspects have already been arrested but the "police" need money for evidence.
- A business such as a jewellers or currency exchange is operating fraudulently and they require assistance to help secure evidence.

Victims are then asked to cooperate in an investigation by attending their bank and withdrawing money, withdrawing foreign currency from an exchange or purchasing an expensive item to hand over to a courier for examination who will also be a fraudster. Again, to reassure the victim, a safe word might be communicated to the victim so the courier appears genuine.

At the time of handover, unsuspecting victims are promised the money they've handed over or spent will be reimbursed but in reality there is no further contact and the money is never seen again.

Protect Yourself

Your bank or the police will never:

- Phone and ask you for your PIN or full banking password.
- Ask you to withdraw money to hand over to them for safe-keeping, or send someone to your home to collect cash, PIN, cards or cheque books if you are a victim of fraud.

Don't assume an email or phone call is authentic

Just because someone knows your basic details (such as your name and address or even your mother's maiden name), it doesn't mean they are genuine. Be mindful of who you trust - criminals may try and trick you into their confidence by telling you that you've been a victim of fraud

Stay in control
If something feels wrong then it is usually right to question it. Have the confidence to refuse unusual requests for personal or financial information.

For more information about how to protect yourself online visit
www.cyberaware.gov.uk and www.takefive.stopfraud.org.uk

(17th July 2018)


FRAUDSTER RAN UP A 16k BILL - BUT THEY STILL GET SENT MORE CREDIT CARDS
(The Guardian, dated 5th June 2018 author Miles Brignall)

Full article [Option 1]:

www.theguardian.com/money/2018/jun/05/identity-fraud-credit-card-scam-action-fraud-bank

Problem

I have been the victim of identity theft and card fraud over several months now. I have had a bank account opened in my name and four credit cards issued, two of which have been maxed out and run up more than £16,000.

I have reported events as they happen to Action Fraud and dealt with the banks directly to stop the accounts.

However, as there seems to be no end to the card applications being passed, I am wondering if something is going wrong with the reporting to the credit agencies that would flag up concerns attached to my name and address.

There is also the issue of how they are physically getting hold of the cards, as they have not come to the house. I have applied for an Experian report but it insists I send it several forms of ID. I have had to take days off work to sort it out.

Every time a white envelope comes through the door now, I feel sick.

SM, London

------------------------

Response

What a nightmare this has been, and our first reaction was that you must make sure you are registered with Cifas - the fraud prevention body that will warn any other bank that your ID has been used by thieves. This has since been done and should prevent any future applications succeeding.

The next thing to do is to get a copy of your credit file. You said you were having problems. We asked Experian's HQ to step in and it has now sorted this out and sent you a code that will enable you to see your file. You probably need to contact the other two credit agencies, Equifax and CallCredit, too.

Experian says that once you have established the fraudulent applications, its "victims of fraud team" will then dispute these entries directly with the lenders on your behalf, to help take away some of the legwork.

It says it will take some time to sort out, depending on the extent of the fraud.

However, once it is all done, your credit file should be restored. It also says you should consider adding a password to this report using a "notice of correction". This is an additional security measure that can be sensible if your identity has been compromised, particularly as not all lenders are members of Cifas - this was a new one to me and, I suspect, many others.

Lastly, I would be asking for compensation from the bank (HSBC) and the card providers to cover the days that it will take you to get it all resolved.

(17th July 2018)


CYBER CRIMINALS ARE TARGETING BOOKING.COM CUSTOMERS
(Daily Mail, dated 3rd June 2018 author Charlotte Dean)

Full article [Option 1]:

www.dailymail.co.uk/news/article-5800323/Cyber-criminals-targeting-Booking-com-customers.html

Cyber thieves are sending Booking.com's partner properties bogus texts warning of a security breach in a bid to steal cash.

Victims of the scam were told via Whatsapp and text messages that due to a security breach they must change their account password.

However once they clicked on the link given in the message the hackers had full access to the customers booking details.

They then sent them a further message warning that a full payment for their holiday accommodation was needed with bank details to send it to.

Due to the thieves access to booking details including names, addresses, phone numbers, dates, prices and reference numbers the texts appeared legitimate.

Marketing manager David Watts, 35, of Newcastle, told the Sun: 'It looked very believable and I can believe people fell for it.'

However even if alert customers avoided falling for the scam the hackers still managed to retrieve personal data.

Booking.com reported that their systems were not compromised, but hotels it works with on a separate portal were and customers will be compensated. A spokesperson for the company told Mail Online "Security and the protection of our partner and customer data is a top priority...in this case, there has been no compromise on Booking.com systems. This property has been targeted by phishing emails sent by cyber criminals and by clicking on those emails, the property compromised its account. If customers have any questions, they can contact our customer service team" .

(17th July 2018)


FRAUDSTERS POSING AS BANKS IN DATA PROTECTION EMAILS PHISHING SCAM
(Independent, dated 25th May 2018 author Oliver Wheaton)

Full article [Option 1]:

www.independent.co.uk/news/uk/crime/gdpr-latest-updates-emails-fraud-data-protection-phishing-scam-a8368741.html?mc_cid=9d7f8c7a7a&mc_eid=f46eab0a3f

New data laws (GDPR) coming into force are being used by scammers to steal personal information, police have warned.

Customers of NatWest are among those targeted by the scammers, who have been sending fraudulent emails claiming to be from the bank.

Companies have been contacting their customers to give reassurance that they are adhering to the new General Data Protection Regulation laws. In addition, many companies are asking customers if they are happy to continue receiving emails.

However scammers have created fake emails telling customers their accounts could be terminated if they do not update their records, at which point they are directed to a site which steals any data they input.

These phishing scams are usually perpetrated to gain access to victims' bank accounts.

Action Fraud have released a statement confirming that banks will never ask for a pin, password or memorable information by text or email.

The agency has also pointed out that fraudulent GDPR emails will often contain poor spelling or grammar, as well as sub-quality design you would not expect in a legitimate email from a bank.

Fake emails might also fail to address you by name (instead starting with "Dear friend" or "Dear customer") or could come from a strange email address, such as a Gmail or Yahoo account.

The new GDPR law brought in on Friday after being passed by the European Parliament forces businesses to actively secure consent before using customers' personal data such as their name, phone number and email address.

Having been enshrined in the UK's upcoming Data Protection Bill, the laws will still apply after Brexit and apply to all businesses offering goods or services within the EU.

Several US websites including that of the Los Angeles Times have temporarily been made unavailable in EU counties as a precaution due to the law coming into effect.

(17th July 2018)


MAY 2018


LONDON POLICE SEIZE £500k IN BITCOIN FROM "CYBER CRIME WAVE" HACKER
(CCN, Dated 28th May 2018 author Conor Maloney)

Full article [Option 1]:

www.ccn.com/london-police-seize-500000-in-bitcoin-from-cyber-crime-wave-hacker/

Described by his sentencing judge as a "one man cybercrime wave", British hacker Grant West caused hundreds of thousands of dollars worth of damages through his activities stealing and selling personal and financial information on the dark web.

West sent phishing emails under the guise of surveys from popular takeaway food delivery service Just Eat, offering food vouchers in exchange for completing a survey. The survey was a fake, and respondents were actually sending their personal details back to Grant so that he could sell them to the dark black market - the phishing scam alone netted West £180,000 or $240,000 which he then converted into Bitcoin. BBC reports that the scam cost the Just Eat company £200,000 or $265,000.

West also directly targeted over 100 other companies including major firms like Barclay's, Asda, Ladbrokes, Uber, and British Airways, hacking them for more customer data to sell. His Barclay's attacks resulted in West's clients fraudulently removing £84,000 or $110,000 from customer accounts and costing the bank £300,000 or $400,000 to remedy through new security measures. Similarly, West cost British Airways £400,000 or $530,000 after he hacked Avios accounts.

He reportedly used the money to pay for a new Audi worth £40,000 or $53,000 and several trips to Las Vegas among other luxuries.

West was arrested in 2017 on a first-class train to London in September 2017. Detectives from the Scotland Yard cybercrime unit chose the moment to end their two-year investigation carefully, making sure Grant was logged into his computer so and grabbing his arms before he could log out of his heavily encrypted cryptocurrency wallets and dark web accounts, which otherwise would be very difficult to link to him legally.

On the laptop, which belonged to West's girlfriend, police found the financial information of 100,000 people. A subsequent raid on his home revealed an SD card with the details of 63,000 credit and debit cards as well as 7 million email addresses and passwords, along with £25,000 or $33,000 in cash and half a kilogram of cannabis, which West was also selling on the dark web.

West went by the username Courvoisier, after the top-shelf brandy, selling stolen information and drugs on the now-defunct site Alpha Bay. He pled guilty to conspiracy to commit fraud, computer misuse, and drug offenses on 2 May and on Friday May 25 Judge Michael Gledhill sentenced West to 10 years and eight months in prison.

Police accessed and seized over £500,000 or $667,000 worth of ill-gotten Bitcoin from West's girlfriend's device, and she was sentenced to community service for unauthorised access of computer material - however, according to Judge Gledhill, over £1.6 million or $2.13 million worth of West's cryptocurrency is still unaccounted for.

(16th July 2018)


TSB PORT OUT ALERT
(Action Fraud, dated 26th May 2018)
www.actionfraud.police.uk

There has been an increase in reports made in May by TSB customers relating to "port-out" fraud. Fraudsters are number porting a victim's telephone number to a SIM card under their control and then using the number to access the victim's bank accounts.

The increase in the number of reports corresponds with the timing of TSB's computer system update, which resulted in 1.9 million users being locked out of their accounts. Opportunistic fraudsters are using TSB's system issue to target individuals, which follows the increase in phishing and smishing communications also targeting TSB customers this month. Victims' bank account and personal details including their phone number are collected by the fraudster, providing them with the information to execute the fraud.

Number porting is a genuine service provided by telecommunication companies. It allows customers to keep their existing phone number and transfer it to a new SIM card. The existing network provider sends the customer a Port Authorisation Code (PAC), that when presented to the new provider allows the number to be transferred across. This service can, however, be abused by fraudsters.

To gain control of the victim's phone number, fraudsters convince the victim's mobile phone network provider to swap their number on to a SIM card in the fraudster's control. Once the fraudster has control of the number they are able to intercept the victims' text messages, allowing them to use services linked to the victim's phone number. This can include requesting an online banking password reset or access to any two factor authentication services.

Victims have reported large losses as a result of this fraud. One victim initially dismissed text messages received from their network provider containing a PAC number. Two days later £6,000 was removed from the victim's TSB current account. The victim subsequently contacted their phone provider and was informed that someone contacted the provider purporting to be the victim and had cancelled their contract and transferred their number to a new SIM. This action allowed the banking fraud to take place.

Protect Yourself:

PAC Code notifications

If you receive an unsolicited notification about a PAC Code request, contact your network provider immediately to terminate the request. Also notify your bank about your phone number being compromised.

Clicking on links/files:


Don't be tricked into giving a fraudster access to your personal or financial details. Never automatically click on a link in an unexpected email or text. Remember, criminals can spoof the phone numbers and email addresses of companies you know and trust, such as your bank.

Requests to move money:


A genuine bank or organisation will never contact you out of the blue to ask for your PIN, full password or to move money to another account.

Port-out Fraud versus SIM Swapping


Port-out fraud is often incorrectly referred to as SIM swap fraud. SIM swap fraud works in a similar fashion, however, instead of porting the victim's number to a new network provider, the fraudster impersonates the victim and requests a new SIM card for their account. Once they have access to the new sim, they have access to the number.

(16th July 2018)


TSB PHISHING ATTACKS
(Action Fraud, dated 25th May 2018)
www.actionfraud.police.uk

There has been a sharp rise in fraudsters sending out fake text messages (smishing) and phishing emails claiming to be from TSB. The increase in the number of reports corresponds with the timing of TSB's computer system update, which resulted in 1.9 million users being locked out of their accounts. Opportunistic fraudsters are using TSB's system issue to target people with this type of fraud.

Since the start of May there have been 321 phishing reports of TSB phishing made to Action Fraud. This is an increase of 970% on the previous month. In the same reporting period, there have been 51 reports of cybercrime to Action Fraud which mention TSB - an increase of 112% on the previous month.

Fraudsters are commonly using text messages as a way to defraud unsuspecting victims out of money. Known as smishing, this involves the victim receiving a text message purporting to be from TSB. The message requests that the recipient clicks onto a website link that leads to a phishing website designed to steal online banking details.

Although text messages are currently the most common delivery method, similar communications have been reported with fraudsters using email and telephone to defraud individuals.

In several cases, people have lost vast sums of money, with one victim losing £3,890 after initially receiving a text message claiming to be from TSB. Fraudsters used specialist software which changed the sender ID on the message so that it looked like it was from TSB. This added the spoofed text to an existing TSB message thread on the victim's phone.

The victim clicked on the link within the text message and entered their personal information. Armed with this information, the fraudsters then called the victim back and persuaded them to hand over their banking authentication code from their mobile phone. The fraudsters then moved all of the victim's savings to a current account and paid a suspicious company.

Protect Yourself:


Don't assume an email or text is authentic:


Always question uninvited approaches in case it's a scam. Phone numbers and email addresses can be spoofed, so always contact the company directly via a known email or phone number (such as the one on the back of your bank card).

Clicking on links/files

Don't be tricked into giving a fraudster access to your personal or financial details. Never automatically click on a link in an unexpected text or email. Remember, a genuine bank will never contact you out of the blue to ask for your full PIN or password.

If you have received a suspicious TSB email, please do not respond to it, report it to us https://www.actionfraud.police.uk/report_phishing and also forward it to emailscams@tsb.co.uk

Every Report Matters. If you have been a victim of fraud or cyber crime, report it to us online or by calling 0300 123 2040.

Visit Take Five and Cyber Aware for more information about how to protect yourself online.

(16th July 2018)


GARDAI ISSUE WARNING OVER GDPR EMAIL SCAM
(Leinster Express, dated 23rd May 2018 author Justin Kelly)

Full article [Option 1]:

www.leinsterexpress.ie/news/crime-and-courts/314574/gardai-issue-warning-over-gdpr-email-scam.html

uaware note : Scams are international and travel !

The advent of the new General Data Protection Regulation on May 25 within the EU has seen online customers being asked by their service providers to update personal user agreements so that their services such as email updates or record maintenance can be continued.

However, cybercriminals have been trying to take advantage of this type of email on the continent, using it as an opportunity to exploit those agreements and sent fake GDPR notices to customers asking them to confirm login or personal information via online links so that they can continue to use the service being provided.

Recent enquires have already identified a string involving the sending of fake notices which allege to be from Airbnb asking customers to update details in order to continue their agreement.

Clicking on fake or fraudulent links within a phishing email can result in:

- Redirections to fake/infected sites for watering-hole attacks targeting specific online users or organisations
- Malicious attachments which appear to be GDPR related documents or invitations which attack the network or system
- Request for private or personal and financial information such as account details, credit card details, passwords etc.
- Harvesting of email account details which can be exploited for marketing or junk mail campaigns

Users and organisations who have agreements or connections with services for which they have supplied personal information should be aware of this potential threat. The Garda National Cyber Crime Bureau advises that before following any link which asks for personal or financial data, you should ensure

- you are careful before responding to unsolicited emails

- You have an agreement with the service sending you the email

- The email address used to send you the message is genuine and from the provider

- The link within the email is genuine by either hovering over it to ensure it leads to where it says it does, or by checking the page it leads to and its contents

- If still unsure contact the service provider or organisation and confirm that they sent the email

- Never supply banking or financial information via email

Gardaí have stated that banking institutions will never ask for personal information via email. If you receive one, the advice is to delete it and report it to your bank or financial institution. All incidents of phishing or theft of personal information should be reported to your Local Garda Station with a copy of the original email you received.

(16th July 2018)


HOPE FOR VICTIMS OF "HIJACKED HOMES" SCAMS AFTER SUCCESSFUL FRAUDS TRIPLE
(The Telegraph, dated 16th May 2018 author Sam Meadows)

Full article [Option 1]:

www.telegraph.co.uk/money/consumer-affairs/hope-victims-hijacked-homes-scams-successful-frauds-triple/

Those who have lost hundreds of thousands of pounds in so-called "home hijacking" scams - where criminals pose as the owner of a building to sell it - have been given fresh hope after a High Court ruling.

Development company Dreamvar successfully appealed to the High Court relating to a £1.1m fraud. Yesterday's decision places liability on the seller's solicitors for failing to carry out adequate identity checks.

According to Land Registry figures released last year, property hijackings are on the rise. The value of successful frauds rocketed from £7.2m in 2013 to £24.9m this time last year.

Suzanne Raftery, of Requite Solutions, a scam recovery business, said the frequency of cases was increasing, particularly in London where is it not uncommon for properties to be marketed for £1m or more.

She explained that criminals will typically rent a vacant property and begin to intercept the landlord's post before posing as the true owner and selling the house to a cash buyer. Often the Land Registry will be the first to recognise the crime, by which time it is usually too late.

Ms Raftery said: "It's very easy to pretend to be the seller of a property. The checks are pretty much non-existent, solicitors will check a passport and verify it's a picture of you but they often won't verify that it's a real passport. A good fake will get you through.

"The estate agents will then just go 'that's fine' and the sale can go ahead. If you're actually in a property it is much easier to intercept mail and you will have utility bills with your name on. A lot of people are actually renting property with the intention of committing this crime."

In the Dreamvar case, the company purchased a London property from a seemingly legitimate seller for £1.1m. It was only after the firm had already begun refurbishment work that the scam came to light.

Jerome O'Sullivan, a partner at Healys, the law firm that acted for Dreamvar, said the court had confirmed that the vendor's solicitor was best-placed to verify the seller's identity, and that solicitors who were negligent in this duty would have liability to the victim.

He told Telegraph Money that the conveyancers had not met the fraudsters posing as the owners and had accepted a week-old driving licence and a TV licence form as proof of identification.

The Land Registry has reportedly prevented hundreds of these cases in the past decade with a total value of more than £100m.

Ms Raftery, who is a former Metropolitan Police detective, said that cases in London were frequent given the value of homes in the capital. She said she had investigated a case worth £10m relating to the fake sale of a property in Kensington.

"In London even flats are worth a lot so it doesn't look out of the ordinary when someone says they own a £1m property. So it becomes a target for these criminals," she said.

Telegraph Money has reported extensively on conveyancing scams, also known as "Friday afternoon fraud" because of the day that many property purchases go through.

Often fraudsters will gain access to a buyer's email account or that of the solicitor, and insert themselves into the conversation shortly before money is due to be transferred "informing" the buyer of a change of bank account.

After transferring the money, which could be for a deposit or, in some cases, the total value of the property, the criminals will disappear - leaving the victim down tens if not hundreds of thousands of pounds.

In one case reported by this newspaper in March, a 50-year-old restaurateur lost £600,000 to this sort of scam.

How to protect yourself


If you are the owner of a property then an easy and free way to secure it is to register for the Land Registry's alert service. This will notify you whenever someone makes a search for your property.

Ms Raftery said anyone looking to rent out a property should take this step.

In almost all cases the owner will regain control of their property, but this involves complex legal wrangling and could take a long time. It could also derail a sale if you had planned to sell in the near future.

If you are the buyer, there are some avenues you can take to attempt to recover your money, or prevent this from happening to you. Ms Raftery said you should ask your solicitor to check that the vendor's representatives had made the required checks.

If you have already been the victim of a scam you could take hope from the Dreamvar case. Mr O'Sullivan said the case put liability on to the vendor's solicitor if they had not carried out the required identity checks.

Another avenue could be to target the bank that allowed the criminal to open an account. Telegraph Money has campaigned for so-called "recipient banks" to take more responsibility when they have allowed a fraudster to open an account - usually with false or forged documents.

Some banks have paid refunds and compensation to victims in these circumstances, but there is currently no requirement for them to do so and responses are inconsistent.

Ms Raftery said: "If the bank hadn't allowed the proceeds to be laundered then this fraud just couldn't take place."

(16th July 2018)


COFFEE DRINKERS ARE BEING CONNED BY SUPPLIERS FRAUDULENTLY USING INFERIOR BEANS IN "ARABICA" PRODUCTS
(The Telegraph, dated 16th May 2018 author Telegraph Reporters)

Full article [Option 1]:

www.telegraph.co.uk/news/2018/05/16/coffeedrinkers-conned-suppliers-fraudulently-using-inferior/

Coffee drinkers are being conned by suppliers fraudulently mixing inferior beans into products labelled 100% Arabica, scientists say.

A study by British researchers testing a new and more accurate method of testing coffee quality looked at coffee on sale at shops and supermarkets.

They found that a tenth of high quality products labelled "100% Arabica" contained significant levels of inferior and cheaper "Robusta" beans. Arabica coffee trades at twice the price of Robusta because of its superior taste.

Finding rogue Robusta in a sample labelled Arabica is not easy, especially after grinding and roasting.

The standard technique detects the fingerprint chemical 16-OMC, which is only found in Robusta coffee, but is costly and takes three days, making large scale surveillance impractical.

The new method takes only 30 minutes and is sensitive enough to detect just 1% Robusta in a blended coffee.

Lead scientist Dr Kate Kemsley, from the Quadram Institute, formerly known as the Institute of Food Research, said: "This is an important milestone for detecting fraud in coffee, as 1% is the generally accepted cut-off between trace contamination, which might be accidental, and more deliberate adulteration for economic gain."

For the study a total of 60 different coffee samples were purchased in consumer countries around the world, including 22 from the UK.

All were tested for 16-OMC using the new nuclear magnetic resonance (NMR) technique, which employs radio waves and strong magnetic fields to obtain detailed information about a substance's molecular composition.

"It was immediately obvious using our test that there were several suspicious samples, producing results that were consistent with the presence of substantial amounts of Robusta - far more than would be expected through unavoidable contamination," said Dr Kemsley.

Two of the samples flagged as "suspicious" were bought in the UK. One contained 1.6% Robusta and the other 21.7%. Other UK samples had notable levels of 16-OMC but fell below the "suspicious" threshold.

Suspicious samples were also obtained from the US, Italy, France and Estonia. One US sample was a third Robusta, despite being labelled 100% Arabica.

A spokesman for the Quadram Institute said it was not possible to name the brands involved. The research, published in the journal Food Chemistry, was funded by the Biotechnology and Biological Sciences Research Council (BBSRC) and had no support from the coffee industry.

Giles Chapman, head of intelligence at the Food Standards Agency's National Food Crime Unit, said: "We're always keen to understand how scientific advances expand the range of tools which can be used to validate the authenticity of food products sold to UK consumers.

"This piece of work has generated some interesting insights which we will be looking to explore further."

Chris Stemman, executive director of the British Coffee Association, said: "The BCA welcomes the new insights that the Quadrum Institute are able to provide in determining what types of coffee make up specific products on sale.

"This is an important and easily accessible tool that could potentially be applied as an assurance measure along the coffee supply chain, so that authenticity can be checked and validated at all stages from farm to cup.

"Supply chain integrity remains a key priority for the UK coffee industry and we welcome further research that looks into this in further depth. Currently there is no evidence to suggest that these findings have any impact on the vast majority of products that consumers buy and enjoy drinking every day in the UK."

(16th July 2018)


SHOPPER GIVEN FAKE £5 WARNS OTHERS TO BE CAREFUL - BUT COULD YOU TELL ITS NOT REAL ?
(Mirror, dated 13th May 2018 author Bronte Howard)

Full article [Option 1]:

www.mirror.co.uk/news/uk-news/shopper-given-fake-5-warns-12529348

The new plastic fiver has been around for almost two years but would you know if you were handed a fake one?

The new £5 note was released in September 2016 amid much fanfare as the first polymer currency ever issued by the Bank of England.

It's supposed to be the safest yet with a host of new security features.

But one man claims he was handed a counterfeit and is now warning other people to watch out.

Peter Fowler, 37, bought lunch in Port Talbot, south Wales, on Friday and was given a £5 note as part of his change.

But when he folded it up to put it into his wallet he said he noticed something strange, reports WalesOnline .

He said: "It felt like a plastic carrier bag. It felt like it was made out of thin plastic. I looked closer and saw the Big Ben was missing and part of the serial number and the Queen's face were coming off.

"When I compared it to a genuine note I already had I also saw the silver strips were green."

Mr Fowler, who works as a heating engineer, said that if he had been given the £5 note with other notes, he wouldn't have realised.

"At first glance, it looked real. People definitely need to pay attention when they're being handed their change," he said.

"A lot of people won't think twice when putting it in their pocket and it's a lot of money to lose."

So, how do you spot a fake note? This is the Bank of England's official guide to spotting a real one...

- Check the see through window and the portrait of the Queen.
- Check the Elizabeth Tower (Big Ben) is gold on the front of the note and silver on the back.
- Check the foil patch below the see through window changes from 'Five' to 'Pounds' when the note is tilted.
- Check the coronation crown appears 3D.
- Check the ultra-violet feature.
- Check the circular green foil patch on the back of the note which contains the word BLENHEIM.
- If you're worried about whether a note is fake, the Bank of England has a free smartphone app you can download to check.

(16th July 2018)


POLICE WINNING BATTLES IN WAR AGAINST THE FRAUDSTERS WHO POSE AS OFFICERS
(Mirror, dated 10th May 2018 author Andrew Penman)

Full article [Option 1]:

www.mirror.co.uk/news/uk-news/police-winning-battles-war-against-12513259

The bogus police officer scam continues to claim victims.

One 91-year-old woman lost almost £1,000 after being called by a supposed detective who said that her bank cards had been cloned and should be handed over to a police courier who would come to her home - this scam is sometimes known as courier fraud.

The cards were used in shops and a cash point in Epsom and Ewell, Surrey, before being cancelled. Surrey Police are keen to speak to a skinny man in a green cap captured on CCTV.

Meanwhile, in North Yorkshire there have been some great results in the fight against this scam.

Last week crooks convinced a man aged 78 that he must withdraw £13,000 from his supposedly compromised bank account to help with a police investigation.

Another man, aged 85, was persuaded to withdraw £8,000 and an 80-year-old woman was told she had to take out £7,500.

Worst of all was the attempt to extract £20,000 from an 86-year-old woman who lived in Knaresborough.

In all cases, staff at Lloyds, Barclays and Yorkshire Bank branches realised that something was wrong, prevented the transactions and contacted police.

"The fact that the Banking Protocol has prevented such significant amounts of money being lost to fraudsters this week shows how collaborating with the banks and building societies in North Yorkshire can make a real difference when it matters most," said Detective Inspector Jonathan Rowland, of North Yorkshire Police's Economic Crime Unit.

In three other cases, the intended victims, including a York woman aged 93, realised the calls were bogus and contacted their banks or the police.

Det Insp Rowland added: "It's also positive that our message is getting out there and that members of our community are recognising that these types of calls are not genuine.

"They absolutely did the right thing by ending the phone calls then either alerting the police or their banks.

"North Yorkshire Detectives from the forces Economic Crime Unit are investigating these crimes and doing everything possible to catch those responsible."

(16th July 2018)


FAKE HOTELS - THE NEW WEAPON OF CHOCE FOR FRAUDSTERS
(tnooz, dated 2nd May 2018)

Full article [Option 1]:

www.tnooz.com/article/fake-hotels-the-new-weapon-of-choice-for-fraudsters/

Travel fraud is escalating at an unprecedented rate. In 2017 alone 4,700 travelers were impacted by fraud. The new findings from ABTA, the City of London Police and Get Safe Online also revealed accommodation booking to be one of the main types of travel fraud.

In many cases, the fraud was related to fake hotels - a scam in which a fraudster will list a fake hotel and then use stolen credit cards to make a booking via the online travel agent's (OTA) website. The OTA will then receive chargebacks for bookings after making a payment to the fake hotel. By this point, the fraudster will have withdrawn all the funds paid by the OTA and won't respond to any contact attempts, leaving the OTA with a financial loss.

This phenomenon is leaving both consumers and online travel agents (OTAs) frustrated and out of pocket. And the criminals are becoming more sophisticated and believable too. In recent months, the travel industry has witnessed an avalanche of fake chalet websites, with consumer press identifying how some criminal enterprises have conned unsuspecting holiday-makers out of tens of thousands of euros.

Another rising accommodation booking scam is 'inflated room prices', with instances of room prices being inflated dramatically followed by a spike in booking volume. This indicates collusion between a hotel and a fraudster. When hotels raise the cost of their rooms, fraudsters will use stolen card details to book rooms via an OTA. When the OTA receives chargebacks, the hotel can provide guest documentation that relinquishes responsibility of them being debited for the fraud. The result? The OTA takes the hit and the hotel and fraudsters split the winnings.

Combating accommodation booking fraud


Travel and tourism now accounts for 10.2 per cent of global GDP and continues to grow as prices reduce and online brands make it easier for consumers to spend. And, with hotel revPAR in Europe increasing 6% in 2017 compared to 2016, accommodation booking is a natural breeding ground for cybercriminals.

Our new research, "It Pays to Know", reveals that fraud is now costing travel intermediaries a whopping $21 billion each year. The rise of fake hotels and inflated room prices must be taken seriously.

There is some straightforward best practice advice that, if followed correctly, could limit OTA's exposure to accommodation booking fraud. This can be as simple as educating employees to recognise the warning signs of dodgy customers. Or it might be ensuring your company's payment solutions are up to date and offer protection and recovery mechanisms.

Virtual cards generally allow controls to be set that significantly decrease the risk of fraud, and they also help recover from it too. For example, Virtual Account Numbers (VANs) allow users to define booking and payment parameters, minimising the risk of fraud when paying travel suppliers. It also offers sophisticated chargeback capabilities, meaning funds may be recovered should fraud occur.

There's no getting away from the fact that fraud in the travel industry will continue to surge, with fraudsters becoming more creative in how they con consumers and OTAs. However, being aware of the signs for new types of fraud, and following simple steps to protect your business, will put you in the best position to reduce incidents and impact.

o learn more about how to better control fraud and lower the potential impact on profits, download our Fraud in travel payments report.

https://www.enett.com/insights/it-pays-to-know-fraud-whitepaper-form

uaware comment

Eight years ago we booked a hotel in Kensington through LastMinute. The hotel was meant to be a 4 star. It was a rush booking on the day and we only viewed the pictures on the Lastminute website rather than also checking rating sites. When we arrived we discovered it was a Georgian "boutique" hotel, but due to an electrical fault we were unable to stay there and a booking had been made a their sister hotel. A taxi had been arranged to take us to the other hotel which was 10 minutes drive away.

When we arrived at the other hotel we discovered it was a seedy hostel and refused the room. We also wrote a refusal letter at the reception desk and asked for a copy; the receptionist complied.

On contacting Lastminute we informed them that the original hotel was not a 4 star hotel, but a 4 star English Tourist Board bed and breakfast. Lastminute gave us a refund. Luckily we are Londoners and know the location of other hotels. Many other London visitors dont know the lie of the land and would have been duped.

Always double check hotel credentials, no matter where you are going.

(16th July 2018)


WHAT IS SYNTHETIC IDENTITY THEFT ?
(Nerdwallet, dated 27th April 2018 author Bev O'Shea)

Full article [Option 1]:

www.nerdwallet.com/blog/finance/synthetic-identity-theft/

Note : This is a US article, so Social Security Number equals NI number. If someone steals a NI number in the UK, it gives them the right to work. There has been many cases of crooks registering themselves against details of deceased children to get NI Numbers. That scam is meant to have been blocked ???

Identity theft, or identity fraud, once meant crooks were churning out fake credit cards. But as that became easier to detect, a more insidious crime has evolved: the creation of completely new identities.

Known as "synthetic identity theft," it involves fraudsters using a combination of fake information, such as a fictitious name, and real data, like a child's Social Security number, to create fraudulent accounts.

It is a growing problem, says Eva Casey-Velasquez, president and CEO of the nonprofit Identity Theft Resource Center.

But the scope of the problem is difficult to determine because the crime can go undetected for years, she says. However, the rate of children's identity theft was more than 50 times that of adults, according to a 2011 report by Carnegie Mellon University's CyLab, which studied the identities of over 40,000 children. And that report was published before a change in the way Social Security numbers are issued made identity thieves' work a bit easier.

How does synthetic identity theft work?

First, thieves assemble an unused Social Security number - typically that of a minor - along with a fictitious name and birthdate, and an address controlled by the thief.

With those pieces in hand, identity thieves apply for a credit card. While an initial application will be turned down because the "applicant" doesn't have a credit profile, it creates a record of a "person" who doesn't actually exist. The next step is to add that "person" to a legitimate account, or more likely several.

One way to do that is by "piggybacking" - or becoming an authorized user - on a legitimate account, perhaps that of an accomplice or a patsy, who doesn't understand what's going on, Casey-Velasquez says.

A second, more pernicious piggybacking involves paying a credit-boosting company for the persona to be temporarily added as an authorized user to someone else's card - a card that has a long history and low utilization. It doesn't include getting a physical card or a card number or having charging privileges.

In time, there will be a credit history and score for this fictitious person, making it easier to qualify for credit. Casey-Velasquez said the identity often includes an occupation and income, and as long as it seems reasonable, it can go undetected by card issuers.

Over a period that can span years, identity thieves may make small charges and pay them off, thus building a good credit score and receiving higher credit limits.

Then, when they decide the limits are high enough, they do what is called a "bust-out" - suddenly charging the cards up to their limits, paying nothing and discarding the identity.

How do thieves get minors' Social Security numbers?


Taking over a child's Social Security number was made easier after the federal agency's switch to randomization in 2011. Before then, the digits were tied to birthdate and geography, so it was more difficult to use a child's Social Security number without it being discovered.

Now a child's number can more easily be used to establish a credit history. Minors are especially vulnerable because they are likely to have an unblemished credit history.

Some thieves have even been able to make made-up, random numbers work. Casey-Velasquez said criminals have used Social Security numbers that haven't even been issued yet - and when that number is eventually assigned to a newborn, parents find out that the number already has a credit history. In some cases, thieves get access to a child's stolen Social Security number.

And since address verification measures for credit applicants are often out of date, anyone with a printer can produce a fake utility bill for an abandoned property to "prove" the fictitious person lives there.

What are the uses of synthetic identity?


According to the Government Accountability Office, there are three main reasons people create these false identities:

- Identity fraud for nefarious activities: stealing money or benefits. This is the one that costs businesses the most in terms of credit card fraud.

- Identity fraud for residency or work: a false identity created to live or work in the U.S.

-Identity fraud for credit repair: the perpetrator combines his or her real name with an unblemished Social Security number to create an alternate credit history.

Who is most at risk?


Randomized Social Security numbers put children born after 2011 at especially high risk for synthetic identity theft - and the theft of a child's Social Security number can go undetected for years.

Only later, when a victim tries to apply for credit using that number, is he or she likely to discover it has been misused. For example, a high school student applying for a student loan or a first job might find their Social Security number is already in use. Then, it's their mess to clean up.

Anyone with a pristine credit history can be a target. Data breaches mean a lot of Social Security numbers are out there and up for sale. It's best to assume those digits aren't private and to try to ensure they aren't misused.

(16th July 2018)


HELP FOR HEROES FRAUDSTER HAS ASSETS SEIZED BY JUDGE
(BBC News, dated 30th April 2018)

Full article : www.bbc.co.uk/news/uk-england-lincolnshire-43954982

A bogus Help for Heroes collector who made thousands of pounds while pretending to be a serving soldier must pay back £725.

David Santini, 56, was caught while collecting money at an antiques fair when police became suspicious about the style of his military uniform.

Lincoln Crown Court heard he made £5,000 from his crimes, with a significant amount already seized.

He was jailed in November for 15 months after admitting two charges of fraud.

The hearing was told Santini, of North Drove, Quadring, near Spalding, had already been freed from jail under the early-release scheme.

He came to the attention of police who were patrolling the antiques fair at Newark Showground in Nottinghamshire in 2014.

During sentencing, the court heard he was unable to produce an armed forces identity card when challenged.

It was later discovered that he had served in the army but received a dishonourable discharge in 1983.

He also admitted conning £2,000 out of Patricia Taylor, a widow in her 70s, which she wanted to donate to a Lincolnshire-based veteran's charity.

The cash collected at Newark was already with police and Mrs Taylor's money had already been returned, the court previously heard.

Judge Andrew Easteal ordered £518 in cash and a further £207 in Santini's bank account to be confiscated under the Proceeds of Crime Act.

(16th July 2018)


HULL FRAUDSTER FORGED HUNDREDS OF CAR INSURANCE POLICIES AND FAKED NO CLAIMS DISCOUNT LETTERS
(Hull Daily Mail, dated 15th May 2018 author Sophie Corcoran)

Full article [Option 1]L:

www.hulldailymail.co.uk/news/hull-east-yorkshire-news/hull-fraudster-forged-hundreds-car-1570310

A fraudster made fake car insurance policies for hundreds of people and offered quotes to thousands.

Nigel Fox, 49, of Hull, admitted acting as a "ghost broker" and using false personal details to create numerous fake motor insurance policies.

He also forged no claims discount letters (NCDs), which he submitted to insurance companies to significantly lower the price of the premium.

Fox, who had been faking documents since 2009, had previously been employed as an insurance broker for a company in Hull, and he knew about insurance practices and the industry.

Fox told an investigation by City of London Police's Insurance Fraud Enforcement Department (IFED) he did not change his contact work mobile number after he left his previous employment, and as a result, continued to receive calls from his customer base of 5,000 people.

He went on to admit he arranged policies for those who contacted him, and admitted he had made around 7,000 quotes for people who had contacted him. In a separate interview, Fox also stated that he intercepted motor insurance policies for "hundreds" of people from 2009-2015.

An investigator by a financial investigator for IFED identified a significant amount of financial transactions passing through bank accounts held by Fox during the years of his offences. It is estimated that Fox gained roughly £25,000.

Fox has been jailed for 12 months at Hull Crown Court.

City of London Police Detective Constable Peter Gartland, who led the IFED's investigation, said: "It's clear Fox used his prior knowledge of the insurance industry to deceive multiple insurance companies and manipulate their policies so that he could offer them at a cheaper price.

"On top of this, he defrauded a number of innocent members of the public with offers of fraudulent cheap insurance and exposed them to the direct harms caused by ghost broking, such as points on their licence and possible seizure of their car. It seems his fraudulent activity also helped facilitate local criminal gangs as their vehicles were insured to appear legitimate.

"This case is just one in a series of investigations where the IFB and the insurance industry has shared valuable intelligence with IFED to help us convict insurance fraudsters, including ghost brokers, and bring them to justice."

Head of investigations, Jason Potter, said: "Fox was a particularly manipulative individual who was willing to go to great lengths to deceive members of the public in order to line his own pockets. We are pleased that the collaborative work between IFB, IFED and our insurer members has been successful in bringing Fox's criminal activities to light.

"We hope that this sentencing sends a clear message to anyone considering carrying out an insurance fraud scam that the industry is committed to tackling this serious issue and we are dedicated to working together in order to ensure these fraudsters get the justice they deserve."

(16th July 2018)


PENSIONER, 85, FOOLED INTO MASSIVE CITY CENTRE SPENDING SPREE IN CRUEL ONLINE SCAM
(Birmingham Live, dated 1st May 2018 author Cathrina Hulse)

Full article [Option 1]:

www.birminghammail.co.uk/news/midlands-news/pensioner-85-fooled-massive-city-14600062

A pensioner was scammed out of thousands of pounds and fooled into a £16,500 spending spree in Birmingham city centre by a conman she met on a gaming app.

The 85-year-old victim was drained of ever-increasing sums of money after handing over her name and address to a man she encountered on the 'Words with Friends' platform.

Police said the crook sent a 'friend' to her address to collect cash after they met on the app last October.

The scam only ended when police received a tip-off and visited the victim's home on April 9.

It was revealed that the she'd been taken into Birmingham city centre on April 3 and made to buy £16,500-worth of jewellery under false pretences.

Officers conducted CCTV checks at the store on Vittoria Street in the Jewellery Quarter .

They now want to trace a man who was spotted with the victim inside the shop.

Anyone with information should call West Midlands Police on 101, quoting 20WS/78872X/18.

To remain anonymous, contact Crimestoppers on 0800 555 111.

Last month, a Solihull pensioner was conned out of £500 in a cruel doorstep scam by a man claiming to be a council worker.

The elderly victim, from Shirley , handed over the cash after the con-artist knocked at his door earlier this month.

The fraudster said he was investigating a 'cowboy builder' job and that he would need £500 in 'court fees'.

The victim told Solihull Trading Standards that he paid the bogus official the money in order to get rid of him.

Shockingly, the brazen thief tried to con the pensioner out of more cash on March 14 and 15 but the victim did not have any money.

The ruthless crook even managed to obtain the pensioner's phone number and later harassed him for more cash.

(16th July 2018)


EBAY ACCUSED OF FAILING TO STOP SCAMS AS ANOTHER BUYER LOSES £1500
(The Telegraph, dated 28th April 2018 author Amelia Murray)

Full article [Option 1]:

www.telegraph.co.uk/money/consumer-affairs/ebay-accused-failing-stop-scams-another-buyer-loses-1500/

EBay has been accused of failing to protect users from scams and dodging responsibility for the number of fake listings it allows to be posted on its website. Shopping scams of all kinds are rife online.

More than 42,000 reports were made to Action Fraud, Britain's fraud reporting service, last year. The average loss was £1,349.

Yet a protective legal framework introduced almost 20 years ago and its own terms and conditions allow eBay, the multi-billion-pound online marketplace, to distance itself from the problem.

The e-Commerce Directive 2000 states that as long as the "service provider has no knowledge or control over the information that is transmitted" it is not liable for the accuracy of the listings. But sites must "act expeditiously" when "removing or disabling access to information on obtaining actual knowledge".

Sarah Miles, a partner at Nockolds, the law firm, said eBay "obviously relies" on this part of the directive as a "get-out clause" when accused of failing to combat fraud. EBay's own terms and conditions also allow it to shrug off responsibility.

It said that although it used "techniques" that aim to verify users, it was a "difficult" task. Therefore the company says it is "not responsible" for ensuring "the accuracy or truthfulness" of users or the information they provide.

Thousands of individuals have joined Facebook groups, such as eBay Vehicle Scam Alerts, which has more than 5,000 members, or forums to warn others.

They publicise suspicious email addresses used by criminals on eBay and to report scam listings, often featuring high-value items such as vehicles, before others are conned out of thousands of pounds.

###'An eBay fraudster stole £1,500 and they'd been reported before'

After Colin Labouchere lost £1,500 trying to buy an organ on eBay, he discovered that the fraudster's email address had been reported online months earlier.

Mr Labouchere, 79, spotted a Roland C-330 Classic organ listed on the site at the start of April.

Within the listing was an email address, which is against eBay's rules. This is to ensure that deals are not taken "off platform".

But the fraudster had managed to bypass the marketplace's systems by including the information in an image.

Criminals will try to get buyers to contact them directly so that eBay cannot intervene and they avoid detection.

The listing disappeared but Mr Labouchere emailed the seller and they agreed on £1,500, which the seller insisted was paid "through eBay".

Mr Labouchere, who said he was a regular user of eBay, received what appeared to be an invoice from eBay. He said he hadn't seen one before but believed it was genuine, and protected, so went ahead and paid by bank transfer.

The seller said he would arrange for a delivery the next week. But when the organ didn't arrive as expected, and the fraudster stopped responding to emails, Mr Labouchere knew he'd been conned.

He reported the crime to his bank, Action Fraud and eBay and found that someone had posted a list of email addresses used by eBay scammers on the Facebook page of Action Fraud in December last year, including the one he had corresponded with.

Mr Labouchere said: "If eBay had taken due care it would have picked up that the email address had been associated with another scam before."

###'The website can't seem to stop scam listings'

Peter Barrett spotted a number of suspicious listings for around 20 classic cars on eBay last October, all with a starting price of 99p.

The seller explained in the post he would offer a reasonable quick-sale price. Those interested were to contact the user directly over email.

Mr Barrett, 62, said the messages were almost identical and contained the same email address. He suspected a scam and contacted eBay. Eventually the ads got removed, he said, but they would soon reappear.

He said: "This has been going on since at least October last year. It's clearly a problem but eBay doesn't seem to be able to stop it."

Mr Barrett, who teaches computing at a junior school, said eBay "didn't seem to be that bothered" but he was concerned for new users of the service.

###Is eBay doing enough to protect users from fraudsters?

Chris Underhill, chief technical officer at Equiniti Cyber Security, said there was a "massive fraud team" at eBay, which should be "keeping on top of this".

He said it wouldn't be unreasonable for eBay to install software that detected text, such as email addresses, in images.

"You can hide all sorts of information in pictures but the technology that detects it is not that advanced," Mr Underhill added.

"It's not difficult for eBay to implement this software."

Telegraph Money reported how fraudsters used pictures to hide text on eBay in 2016 - yet fraudsters are still able to get away with it.

Ms Miles said until eBay was forced to take responsibility for the scams, which would "hit it in its pocket", the onus would be on users to keep themselves safe.

###How to protect yourself against eBay scams

Be suspicious of items with unrealistically low prices.

If you are buying a car arrange to see it before paying. Walk away if the seller refuses.

Don't email the seller directly, even if they offer you an "off platform" price. Use eBay's messaging service.

Be wary if the descriptive text is in a picture or screenshot. This is to stop buyers copying and pasting the text into a search engine to see if it has appeared elsewhere.

?Google the email address to see if it's been associated with a scam and report it to eBay if so.

?Don't pay by bank transfer, as the bank won't refund you if things go wrong; neither will eBay. PayPal is safer. Vehicles are not covered by eBay's money back guarantee.

If you've been tricked into making a bank transfer, on eBay or otherwise, read our guide which explains in detail what you should do.

For more tips about avoiding vehicle scams on eBay see here :

www.telegraph.co.uk/money/consumer-affairs/i-scam-the-scammers-confessions-of-an-ebay-vigilante/

EBay's response

The firm said it continually invested in new technology and "works hard to protect customers from criminals who attempt to attack the entire industry".

It claimed to use a "combination of online and human detection methods" but said criminals "continue to actively try to engage in online fraud" and on "very rare occasions make it beyond listing". An eBay spokesman said the site had "redoubled" efforts to help users protect themselves.

(16th July 2018)


APRIL 2018


TV PROVIDER DISCOUNT FRAUD
(Action Fraud, dated 30th April 2018)
www.actionfraud.police.uk

The National Fraud Intelligence Bureau (NFIB) have noticed an increase in Action Fraud reports where fraudsters are offering a discount on Television service provider subscriptions. Fraudsters are cold-calling victims, purporting to be from a Television (TV) provider offering a discount on their monthly subscription. Victims have been told the following: their subscription needs to be renewed; that part or all, of the TV equipment has expired and they are due an upgrade on the equipment/subscription. In order to falsely process the discount, the fraudster asks victims to confirm or provide their bank account details. The scammers may also request the victim's identification documents, such as scanned copies of passports.

The fraudsters are using the following telephone numbers: "08447111444", "02035190197" and "08001514141". The fraudster's voices are reported to sound feminine and have an Asian accent.

Later victims make enquiries and then discover that their TV service provider did not call them and that the fraudster has made transactions using the victim's bank account details.

This type of fraud is nationwide. Since the beginning of this year (2018), there have been 300 Action Fraud Reports relating to this fraud. From the reports received, victims aged over 66 seem to be the most targeted.

What you need to do


- Don't assume a phone call or email is authentic: Just because someone knows your basic details (such as your name and address or even your mother's maiden name), it doesn't mean they are genuine. Criminals can exploit the names of well-known companies in order to make their scams appear genuine.

- Don't be rushed or pressured into making a decision: a genuine company won't force you to make a financial decisions on the spot. Always be wary if you're pressured to purchase a product or service quickly, and don't hesitate to question uninvited approaches in case it's a scam.

- Stay in control: Have the confidence to refuse unusual requests for personal or financial information. Always contact the company yourself using a known email or phone number, such as the one written on a bank statement or bill.

Visit Take Five (takefive-stopfraud.org.uk/advice/) and Cyber Aware (cyberaware.gov.uk) for more information about how to protect yourself online.

(1st May 2018)


MET PROBE POSTAL VOTING ABUSES IN KEY MARGINALS
(London Evening Standard, dated 25th April 2018 authors Nicholas Cecil and Joe Murphy)

Full article [Option 1]:

www.standard.co.uk/news/politics/police-probe-launched-over-postal-vote-abuse-in-key-local-election-boroughs-a3823156.html

Scotland Yard is probing allegations of postal vote malpractices in a key borough for the May 3rd local elections, the Standard reveals today.

Eleven cases in Hammersmith and Fulham have been reported to police including some where residents say they have been issued with postal votes they did not request. Officers are understood to have spoken to some individuals who believe they were tricked into applying for a postal vote.

One woman thought that she was signing a petition about Charing Cross Hospital, it is claimed.

The allegations come amid a surge in people applying for postal votes in some marginal wards in the Labour-run borough. The Conservatives claim there have been huge increases in postal vote registration on several estates where Labour is strong.

Figures compiled by the Tories show postal vote registrations in Town ward, which has three Conservative councillors, rose from 1,268 before last year's general election to 2,005 this month. More specifically, in the Town ward "C" polling district which runs from Fulham Road towards Putney Bridge, the number jumped from 307 in March 2017 to 758 this month.

Conservatives say that on four estates in this district there have been big rises in postal vote registrations to 50 per cent of the electorate in Pulton Place, 42 per cent in Fulham Court, and 35 per cent on Barclay Close and Lancaster Court.

Greg Hands, Tory MP for Chelsea and Fulham, said: "Some people were signed up by the Labour Party and are telling us that they had not knowingly requested one [a postal vote] and do not want one." The Conservatives referred their concerns to the police.

The London Labour Party rejected accusations of wrongdoing against its campaign teams. A spokesman said: "This is a completely baseless allegation and a desperate, politically-motivated attempt by a Tory MP to use the police to grab a headline during a closely-fought election campaign."

A council spokesman said: "There are currently no concerns about the validity of any votes in Hammersmith and Fulham." Scotland Yard has been contacted for comment.

(1st May 2018)


FIFA 2018 WORLD CUP ALERT
(Action Fraud, dated 24th April 2018)
www.actionfraud.police.uk

The 2018 FIFA World Cup will take place from 14th June - 15th July 2018. The worldwide demand for match tickets, flight tickets, and somewhere to stay throughout the competition is expected to be significant. Those planning to travel should exercise caution when considering the purchase of tickets or accommodation because the event is highly likely to be targeted by fraudsters looking to take advantage of unsuspecting fans.

Fraudsters will likely be posing as;

- Official World Cup ticket vendors or private individuals attempting to sell on a match ticket via online marketplace.

- A fraudulent website or operator offering non-existent flights or other transport to host cities.

- An accommodation booking service, hotel or operator, offering seemingly convenient accommodation in one of the host cities for the duration of the game.

- Lottery or competition organisers claiming that you've won a prize or cash related to the tournament.

Action Fraud received over six hundred reports and intelligence submissions in relation to the previous World Cup so it's vital that football fans exercise caution when considering a purchase or making a transaction.

Protect yourself:

- Listen to your instincts: If something feels wrong then it is usually right to question it. Fraudsters will use the promise of steep discounts to lure you into handing over your money or revealing personal/financial details.

- Clicking on links/files: Don't be tricked into giving a fraudster access to your personal or financial details, and never automatically click on a link in an unexpected email or text.

- Visit the Action Fraud website and take a look at their Ticket Fraud, Holiday Fraud and Lottery Fraud advice pages before making any decisions or bookings.

- For useful advice and information on the World Cup please visit the Government Guidance Pages: https://www.gov.uk/guidance/be-on-the-ball-world-cup-2018

Visit Take Five (takefive-stopfraud.org.uk/advice/) and Cyber Aware (cyberaware.gov.uk) for more information about how to protect yourself online.

(1st May 2018)


MARTIN LEWIS TO SUE FACEBOOK OVER FAKE ADS WHICH SCAM PEOPLE OUT OF THOUSANDS
(The Telegraph, dated 23rd April 2018 author Olivia Rudgard)

Full article [Option 1]:

www.telegraph.co.uk/news/2018/04/22/martin-lewis-sue-facebook-fake-ads-scam-people-thousands/

MoneySavingExpert founder Martin Lewis is to sue Facebook over scam adverts using his image.

The commentator and financial journalist is claiming defamation over allegations that the site is publishing scam adverts using his image causing vulnerable people to hand over thousands of pounds to criminals.

He said the company had hosted more than 50 of the scam ads and that it had failed to act because it was motivated by "greed".

Mr Lewis said the legal action, due to be launched on Monday, was the result of months of frustration with scammers who were piggybacking on his reputation and preying on Facebook users with outlandish get-rich-quick scams.

Supporters have handed over thousands of pounds in good faith, only to find the advert has nothing to do with Mr Lewis or his company.

"Vulnerable people are the ones being scammed and the ones being hurt," he told the Daily Telegraph. "It has to take some responsibility."

"It is not worth Facebook's while improving its systems. The company who is the leader in facial recognition, when it's been put on notice by someone that there is a scam and that that person never does adverts, it is not beyond its wit and wisdom to notify me of these adverts, and ask if they are legitimate.

"But its processes don't work like that - it wants to make it flexible and easy for anyone to be able to advertise - and it has done, including criminal scammers.

"Facebook has become this big agglomerated organisation where no-one seems to take care and responsibility."

Any damages won through the lawsuit will be donated to charity, by Mr Lewis said the legal action was not designed to win the case itself, but to force the company to change its policy on advertising, for example by having inbuilt settings notifying well-known people every time their image was used in an advert, requiring their approval.

He said he has repeatedly reported the adverts, only for new, almost identical ones to appear days later.

"I don't do ads, so an ad with me in it, does not have my permission. These are companies warned about by the FCA, warned about by Action Fraud - this is about as clear cut as it gets," he said.

"Why do I have to go through the time, cost and stress of doing the work? I have people spending half their week doing this. I'm not being paid by Facebook. It's making the money - if I'm going to have to do that can it pay me a fee to police it?

"It sees each advert as discrete, and the next day there's another one. They're not identical but it's the same thing. They say 'it's a new advert, you've got to report it'.

"It's distressing, and genuinely makes me feel physically sick when I hear someone has lost money because of this, and because they trusted me, and now they blame me. It is very upsetting, personally - not as upsetting as it is for the people who have lost money."

He said "fake ads" needed to be taken seriously alongside "fake news" as a threat to civil society.

"Our democracy is failing to protect vulnerable from scammers by appeasing one of the world's biggest and richest companies. That is a bit of a threat as well. There isn't enough focus on fake ads."

Solicitor Mark Lewis of Seddons, leading the lawsuit, said: "Facebook is not above the law - it cannot hide outside the UK and think that it is untouchable.

"Exemplary damages are being sought. This means we will ask the court to ensure they are substantial enough that Facebook can't simply see paying out damages as just the 'cost of business' and carry on regardless.

"It needs to be shown that the price of causing misery is very high."

A Facebook spokesperson said: "We do not allow adverts which are misleading or false on Facebook and have explained to Martin Lewis that he should report any adverts that infringe his rights and they will be removed.

"We are in direct contact with his team, offering to help and promptly investigating their requests, and only last week confirmed that several adverts and accounts that violated our Advertising Policies had been taken down."

What happens to victims of fraud

Victims are told to first report the scam or fraud to Action Fraud, the national reporting centre for cyber crime and fraud.

Action Fraud passes the report to the National Fraud Intelligence Bureau. The NFBI then analyses the case to find out if there are any viable lines of enquiry. If there are, the report is sent to the police for investigation.

The police unit may not have the resources to dedicate to investigating the fraud even if it receives the report.

According to independent charity, the Fraud Advisory Panel, victims outside of London have even less chance of their fraud cases being investigated.

If there are insufficient viable lines of enquiry for an investigation, the NFBI holds the report in case new leads emerge.

(1st May 2018)


FRAUDSTERS TARGET CASH-STRAPPED STUDENTS FOR USE AS "MONEY MULES"
(The Telegraph, dated 20th April 2018 author Adam Williams)

Full article [Option 1]:

www.telegraph.co.uk/personal-banking/current-accounts/fraudsters-target-cash-strapped-students-use-money-mules/

A growing number of young people are being lured into illegal work as "money mules".

Anti-fraud prevention service Cifas said there was a 27pc increase in the number of 14-24 year olds being used as money mules during 2017.

A money mule is a person who is used by criminals to move illegal funds between accounts, whether in person or electronically, in order to launder the money and evade authorities.

Young people are often used to transfer money. The National Fraud Database warned earlier this year that fraudsters were using popular messaging app WhatsApp to lure in unsuspecting youngsters.

Cifas said cash-strapped students were a particular target for the scam as criminals often promised large rewards for small amounts of work.

More than 32,000 bank accounts were highlighted as being subject to money laundering by money mules last year, an 11pc rise on 2016.

Dean Curtis, of financial crime firm LexisNexis Risk Solutions, said young people were engaging in illegal activity without considering the potential repercussions.

"To avoid banks' stringent identity fraud checks, criminals are increasingly turning to laundering their illicit funds through other people's bank accounts, and probably giving them great compensation for doing so," he said.

"This trend has already increased 11pc since 2016 and could easily continue to rise. More young people are being recruited in this manner, particularly among the student population, who are handing over their identities and banking credentials without understanding the implications."

Other data published by Cifas showed identity fraud reached an all-time high during 2017, with 174,523 cases recorded. It said 95pc of these cases involved the impersonation of an innocent victim.

Mike Haley, of Cifas, described the levels of fraud in the UK as "frighteningly high" and said criminals were using increasingly sophisticated techniques to find victims.

"As some targets become harder to crack, criminals turn to what they consider are softer targets. However, as fraudsters see their attempts become more difficult, the question will arise about where they will target next."

(1st May 2018)


FIFA WORLD CUP 2018 TICKET ALERT
(Action Fraud, dated 20th April 2018)
www.actionfraud.police.uk

The 2018 FIFA World Cup will take place from 14th June - 15th July 2018. The worldwide demand for match tickets is expected to be significant. Action Fraud have been alerted to several websites which are offering World Cup Tickets for sale, some at highly inflated prices. A FIFA spokesperson said:

"FIFA regards the illicit sale and distribution of tickets as a very serious issue and it has been reminding all football fans that FIFA.com/tickets is the only official and legitimate website on which to buy 2018 FIFA World Cup tickets."

"FIFA has received various complaints and enquiries by customers of non-authorised ticket sales platforms, and has consistently confirmed that these companies cannot guarantee access to the stadiums as the respective tickets may be cancelled. Insofar customers are at risk of investing a high amount of money (also for travelling and accommodation) without having the certainty to actually be able to attend the matches."

FIFA have also warned that "any tickets obtained from any other source, such as ticket brokers, internet auctions or unofficial ticket exchange platforms, will be automatically rendered void and invalid".

Action Fraud received over six hundred reports and intelligence submissions in relation to the previous World Cup so it's vital that football fans exercise caution when considering a purchase or making a transaction.

Protect yourself:

- Don't take the risk. Tickets for the World Cup 2018 can only be purchased directly from FIFA. For more information, please visit www.FIFA.com/tickets.

- A FAN ID is required for fans to be able to enter the 2018 FIFA World Cup stadiums. Exercise caution if using a third party to obtain your FAN ID for you. You may be charged inflated costs for the service and your personal details may be compromised. For more information, please visit www.fan-id.ru.

- Visit the Take Five website for the latest guidance on how to avoid becoming a victim of fraud.

- For useful advice and information on the World Cup please visit the Government Guidance Pages; https://www.gov.uk/guidance/be-on-the-ball-world-cup-2018

(1st May 2018)


BRISTOL AIRPORT PARKNG FIRM "FAILS TO RETURN CARS"
(BBC News, dated 9th April 2018)

Full article : www.bbc.co.uk/news/uk-england-bristol-43697408

Dozens of travellers returning to Bristol Airport were left stranded after a meet-and-greet parking company failed to return their cars.

Police said a "significant number of motorists had been unable to retrieve vehicles" after returning to the terminal between Friday and Sunday.

Bristol Airport said the firm involved - Absolutely Secure Airport Parking - was not connected with the airport.

The company is yet to respond to requests for a comment.

The Bristol Post reported that some customers found their "filthy" vehicles in lay-bys and fields.

Russell and Amanda Lewington, from Box in Wiltshire, called police on Friday morning after their calls to the company went unanswered.

They said dozens of other travellers who were in a similar situation had apparently booked the same service through different intermediaries.

Mrs Lewington said, when the company's owner eventually left with police to fetch the keys, he was taken ill.

She said: "People were getting more fractious but trying to stay calm because there were children waiting with us.

"Some people were returned their keys but had no idea where their cars were parked. Some found their cars in lay-bys near the airport."

After getting a taxi home, the Lewingtons eventually located their car through a WhatsApp social media group set up by another stranded passenger and collected it from a farmers' field about 15 miles from the airport on Saturday afternoon.

Lee Drinkwater, a Royal Marine from Exmouth in Devon, found his Mercedes nine hours after returning to the airport on Friday.

He said he was charged £35 by the company for 24 hours of secure parking.

"The vehicles were stored in lay-bys, farmers' fields, down dirt tracks. They were not in secure locations as advertised."

Mr Drinkwater said that up to 30 families were among those waiting for their cars on Friday.

"They were cold, tired and hungry," he added.

Other passengers took to social media to express their anger at the situation.

Writing on Facebook, Kim Price-Harris said: "Cars left in lay-bys or on farms covered in mud. They don't even know where people's cars are or their keys.

"Lots of people left stranded at the airport."

A spokesperson for Bristol Airport said: "While we have no control nor influence over the services provided by Absolutely Secure Airport Parking Bristol, our ground transportation team and on-site police unit provided assistance to passengers affected to help locate their vehicles."

Avon and Somerset Police said it was investigating but "keeping an open mind as to whether any criminal offences have been committed".

uaware comment

This may not be deemed as fraud, but it definitely is deception.

(1st May 2018)


HOLIDAYMAKERS WARNED ABOUT FAKE ACCOMMODATION BOOKINGS
(BBC News, dated 7th April 2018)

Full article : www.bbc.co.uk/news/business-43669007

Holidaymakers are being warned about fraudsters who place false adverts on accommodation websites, conning them out of hundreds of pounds.

Last year, some 4,700 travellers fell victim to such scams, which included fake airline tickets.

On average those affected lost £1,500 each in 2017, according to the police, a 25% rise on the year before.

In many cases the fraudsters hack into accommodation websites and ask to be paid directly.

But as soon as payment is made, they disappear.

The Association of British Travel Agents (Abta) is also warning about fake airline tickets that never arrive. Last year, most of the flights concerned were to Africa or Asia.

"I was petrified"


Last May, legal secretary Georgia Brown tried to book a holiday in Amsterdam for herself, her partner Jamie, and some friends.

She spotted an advert on an accommodation website, where the owner of the apartment was asking for a deposit of £915.

She corresponded with the man by email, and then sent the money off by bank transfer.

But she never heard from him again.

"At the time I was petrified. I thought someone had hacked into my bank account. It was really scary," she said.

She was also critical of the booking site involved.

"I just don't understand how this person was allowed to advertise on the website."

Georgia Brown eventually got her money back through her bank.

'Emotional impact'

In order to avoid being conned, Abta advises holidaymakers to:

- Do research. Check the holiday company's credentials, and look at several reviews of the property involved

- Check the web address is legitimate, and has not been altered. For example from co.uk to .org

- Be cautious about paying directly into an individual's bank account. Bank transfers are like paying by cash, so are difficult to trace. It is safer to use a debit or credit card

More than half of the victims of travel scams told Action Fraud that the experience had affected their mental health or financial well-being.

In some cases the impact was even more serious.

"The startling emotional impact of falling victim to holiday fraud is highlighted in the latest figures, as 575 people reported that the harm to them was so severe, they had to receive medical treatment or were at risk of bankruptcy," said Pauline Smith, head of Action Fraud.

It follows earlier warnings this year about so-called "chalet fraud" for people booking ski-ing holidays.

On average those who were tricked into sending off money to reserve a chalet lost more than £2,000 each.

(1st May 2018)


ONLINE MARKETPLACE FRAUD ADVICE FOR SELLERS
(Action Fraud, dated 5th April 2018)
www.actionfraud.police.uk

Action Fraud has received several reports indicating that sellers of items on online marketplace websites are falling victim to fraud by bogus buyers. Typically, the bogus buyers contact the seller wanting to purchase the item for sale and advise they will be sending the requested amount via PayPal or other electronic payment method. The seller then receives a fake, but official looking email stating they have been paid more than the asking price and to send the difference back to the buyer's bank account. In reality, no money has ever been sent to the seller; the bogus buyer has spoofed an email and purported to be an online payment company. All contact is then severed with the seller.

It is important to remember that selling anything could make you a target to these fraudsters however the NFIB has identified that those offering sofas, large furniture and homeware are particularly vulnerable.

Protection Advice


- Don't assume an email or phone call is authentic. Remember criminals can imitate any email address. Stay in control. Always use a trusted payment method online, such as Paypal, and have the confidence to refuse unusual requests for payment like bank transfers.

- Don't be rushed or pressured into making a decision. Always verify that you have received payment from the buyer before completing a sale.

- Listen to your instincts. Criminals will try and make unusual behaviour, like overpaying, seem like a genuine mistake.

Visit Take Five (takefive-stopfraud.org.uk/advice/) and Cyber Aware (cyberaware.gov.uk) for more information about how to protect yourself online.

If you have been affected by this, or any other type of fraud, report it to Action Fraud by visiting www.actionfraud.police.uk or by calling 0300 123 2040.

(1st May 2018)


MAGAZINE ADVERTISEMENT DEBT ALERT
(Action Fruad, dated 5th April 2018)
www.actionfraud.police.uk

Victims receive a telephone call from someone purporting to be a bailiff enforcing a court judgement, attempting to recover funds for a non-existent debt. The fraudsters state the debt originates from the victim not paying a magazine advertisement subscription.

A variety of magazine names and publishers are being used by the fraudsters, who also commonly use the names of certified Bailiff Enforcement Agents such "Scott Davis", "Stephen King" and "Mark Taylor". These are names of certified Bailiff Enforcement Agents employed by debt enforcement companies.

The fraudsters request that the debt be repaid by bank transfer. If the victim refuses, they threaten to visit the victim's home or place of work to recover the debt that is owed.

Once the money has been transferred, victims are not provided with receipt details of the payment or contact details. Later when victims make enquiries, they'll discover that the debt did not exist, and often that no advertisement was placed.

This type of fraud is nationwide. Since 2017, there have been 52 Action Fraud Reports relating to this fraud. From the reports received, there are a range of different businesses and individuals being targeted.

Protection Advice:

1. Listen to your instinct: just because someone knows your basic details, such as your name and address, it doesn't mean they are genuine.

2. Stay in control: always question cold callers: always contact the companies directly using a known email or phone number.

3. Don't be rushed or pressured into making a decision: a legitimate company will be prepared to wait whilst you verify information.

If you have been affected by this, or any other type of fraud, report it to Action Fraud by visiting www.actionfraud.police.uk or by calling 0300 123 2040.

Visit Take Five (takefive-stopfraud.org.uk/advice/) and Cyber Aware (cyberaware.gov.uk) for more information about how to protect yourself online.

(1st May 2018)


MARCH 2018


HOSPITAL LOCKSMITH DEFRAUDED NHS OUT OF £600K BY HIRING HIS OWN FIRM TO SUPPLY GOODS AT MARKED UP PRICES
(Telegraph, dated 27th March 2018 author Telegraph Reporters)

Full article [Option 1]:

www.telegraph.co.uk/news/2018/03/27/hospital-locksmith-defrauded-nhs-600k-hiring-firm-supply-goods/

The chief locksmith at a major hospital trust defrauded it out of nearly £600,000 by hiring his own supply firm and charging a 1,200 per cent mark-up on goods, a court heard.

Andrew Taylor, who was the main locksmith for Guy's and St Thomas' NHS Foundation Trust in London, was found guilty of fraud by abuse of position at Inner London Crown Court and jailed for six years.

The 55-year-old, of London, was responsible for obtaining a best value quotes for locksmith supplies, but purchased locksmith materials from a company that he owned himself.

According to the NHS Counter Fraud Authority (NHSCFA), which investigated the case, he failed to declare a conflict of interest and charged "extortionate" mark-up prices, some up to 1,200%.

Taylor started to work at the hospital trust as a carpenter in 1998 and was appointed permanent locksmith in 2006. Between 2007 and 2013, a company called Surety Security supplied Guy's and St Thomas' with locksmith materials.

Investigators found that apart from two very low value jobs, Surety Security had no customer other than Guy's and St Thomas'. It was later discovered that the company was owned and controlled by Taylor.

When the deception was discovered Taylor was suspended, and resigned before disciplinary procedures were completed.

The NHSCFA said Taylor abused his position of trust to defraud his employer of £598,524.27.

It is the first conviction secured by the NHSCFA since its establishment as a special health authority in November 2017.

"This is a significant and rewarding outcome for the NHSCFA, and sends a clear message that we will intervene and take action against those who commit fraud against the NHS and who take money originally intended for patient care for their own personal gain," said Sue Frith, interim chief executive of the NHSCFA.

"Andrew Taylor exploited his position at Guy's and St Thomas' to satisfy his own greed and personal lifestyle.

"The sentence imposed today should act as a clear deterrent to anyone else who thinks that NHS funds are there for their own gain, instead of being there to meet the healthcare needs of everyone.

"The NHSCFA's action now continues to pursue the money taken by Taylor in order to return it to the NHS."

(1st April 2018)


FALSE TELEPHONE PREFERENCE SERVICE CALLS
(Action Fraud, dated 16th March 2018)
www.actionfraud.police.uk

Fraudsters are cold-calling victims, falsely stating that they are calling from one of the well-known UK telecommunication service providers. They call victims claiming to provide a 'Telephone Preference Service' - an enhanced call-barring service, which includes barring international call centres.

The fraudsters ask victims to confirm/provide their bank account details, informing them that there is a one-off charge for the service. Victims instead see monthly debits deducted from their accounts, which they have not authorised. The fraudsters often target elderly victims.

In all instances, direct debits are set up without following proper procedure. The victim is not sent written confirmation of the direct debit instruction, which is supposed to be sent within three days.

On occasions when victims attempted to call back, the telephone number provided by the fraudster was either unable to be reached or the victim's direct debit cancellation request was refused.

During 2017, there were 493 Action Fraud Reports relating to this fraud.

Protect yourself:


- There is only one Telephone Preference Service (TPS). The TPS is the only official UK 'do-not-call' register for opting out of live telesales calls. It is FREE to sign-up to the register. TPS never charge for registration. You can register for this service at http://www.tpsonline.org.uk.

- You will receive postal confirmation of genuine direct debits. If you notice unauthorised payments leaving your account, you should contact your bank promptly.

- Always be wary of providing personal information, or confirming that personal information the caller already claims to hold is correct. Always be certain that you know who you talking to. If in doubt hang up immediately.

If you have been affected by this, or any other type of fraud, report it to Action Fraud by visiting www.actionfraud.police.uk or by calling 0300 123 2040.

(1st April 2018)


HOW YOU COULD BE A VICTIM OF GHOST-BROKING - A CAR INSURANCE SCCAM YOU MAY HAVE NEVER HEARD OF
(Liverpool Echo, dated 12th March 2018 author Caroline Jones)

Full article [Option 1]:

www.liverpoolecho.co.uk/news/liverpool-news/how-you-could-victim-ghost-14396682

Sorting out your car insurance can be enough of a nightmare without falling foul of a scam in the process.

But there's a scheme you'll want to be aware of when deciding where to get your policy from - and it's been doing the rounds for a little while now.

Not everyone, however, has heard of ghost-broking, which makes it very difficult for motorists to remain vigilant about what has been described as an "extremely complex" scam.

Here, we explain what it is and how you can avoid being fooled by it:

So, just what is ghost-broking?

Ghost brokers are fraudsters who sell drivers apparently cheap motor insurance deals but issue policies that aren't worth the paper they're written on, says the Insurance Fraud Bureau.

They may use some of the drivers' correct details but often falsify information, such as the address or age, to benefit from lower premiums.

Typically the scam works in one of two ways:

- Policies are bought from legitimate insurance companies using false information and then doctored before being sold on to customers;

- Fake policy documents designed to look like they have been issued by legitimate insurance companies are created and sold on to customers.

The consequences of buying a fake insurance policy can be the same as having no policy at all:

- Your car may be seized by police;
- You'll pay a fixed penalty notice of £300;
- You'll have to buy valid insurance and pay at least £150 to get your car back from the pound;
- You could be liable for any damage you cause while driving without insurance, which could include compensation if you injure someone.

So, how can I beat the fraudsters?

Advice from the Insurance Fraud Bureau says:

Find a legitimate broker via the BIBA website and check that your insurance adviser is on the Financial Services Register - www.biba.org.uk

Beware of buying insurance policies from unusual sources such as social networks, newsagents or bars and pubs;

Check your insurer is a Motor Insurers' Bureau (MIB) member - www.mib.org.uk

It's also worth bearing in mind that some of the bogus websites set up by scammers appear genuine, while others are clearly fake and are usually advertised through social media.

People should ensure websites are regulated by the Financial Conduct Authority (FCA) before handing over details or money. Report any suspicious activity to the fraud bureau on 0800 422 0421.

(1st April 2018)


THIS HORRIBLE E-MAIL SCAM COULD TRY TO TRICK YOU WHILE YOU ARE AT WORK
(Liverpool Echo, dated 9th March 2018 author Caroline Jones)

Full article [Option 1]:

www.liverpoolecho.co.uk/news/liverpool-news/horrible-e-mail-scam-could-14391120

It's fair to say that keeping an eye out for scams is becoming an important part of our daily routine.

Once upon a time, many of us would recognise a scam from miles away - and we would be on the alert for the promise of too-good-to-be-true lottery wins or appeals for money which just didn't make sense.

But, now, more and more of us are on the lookout for seemingly routine e-mails, text messages and communications via social media which could have a hidden agenda lurking behind them.

And, today, Action Fraud has tweeted about yet another nasty scam which is trying to trick us - this time while we're at work. It's called spear phishing and it's important not to be fooled by it.

So, what exactly is spear phishing?

Basically, this involves fraudsters sending e-mails - which appear to be from a known or trusted sender - in order to induce targeted individuals to reveal confidential information.

In the most recent case revealed by Action Fraud, an e-mail was sent to a worker which appeared to be from a senior member of staff within the same organisation.

It said in its tweet: "Spear phishing campaign targets businesses with fake payment requests. (In this case), the spoofed e-mail purports to be from a senior staff member within the recipient's organisation and requests that a new 'faster payment' be set up.

"The attachment doesn't contain malware and the bank details are fake. It works when victims email back the criminals after unsuccessfully trying to pay. Fraudsters then get in contact and send over real bank details.

"Remember, criminals can spoof e-mail address to make it appear as though an e-mail was sent by a person or company you know.

"Ensure that your organisation has established procedures in place to verify and corroborate all payment requests."

How can I protect myself from scams like this?

Phishing, vishing and smishing scams come in the form of any website, online service, phone call or text message that poses as a company or brand you recognise.

Any contact like this is designed to convince you to hand over valuable personal details or your money, or download something that infects your computer.

This is advice from Action Fraud about how to protect yourself:

- Don't assume anyone who's sent you an email or text message - or has called your phone or left you a voicemail message - is who they say they are.

- If a phone call or voicemail, email or text message asks you to make a payment, log in to an online account or offers you a deal, be cautious. Real banks never email you for passwords or any other sensitive information by clicking on a link and visiting a website. If you get a call from someone who claims to be from your bank, don't give away any personal details.

- Make sure your spam filter is on your emails. If you find a suspicious email, mark it as spam and delete it to keep out similar emails in future.

- If in doubt, check it's genuine by asking the company itself. Never call numbers or follow links provided in suspicious e-mails; find the official website or customer support number using a separate browser and search engine.

If you think you have been a victim of fraud, you should report it to Action Fraud by calling 0300 123 20 40 or by visiting https://actionfraud.police.uk/report_fraud

(1st April 2018)


WHATSAPP FRAUDSTERS TURNING "NAIVE" YOUNG PEOPLE INTO MONEY MULES
(Telegraph, dated 7th March 2018 author Sara Spary)

Full article [Option 1]:

www.telegraph.co.uk/news/2018/03/07/whatsapp-fraudsters-turning-naive-young-people-money-mules/

WhatsApp fraudsters are targeting 'naive' young people and turning them into money mules.

New data, compiled from the National Fraud Database by not-for-profit fraud prevention body, Cifas, suggests in the past year there has there has been a "sharp rise" the number of 18 to 24 year olds being tricked into using their bank accounts to transfer the proceeds of crime.

According to the figures, there were 8,652 cases of 'misuse of facility' between January and the end of September this year, a 75 per cent rise.

Speaking to The Telegraph, Sandra Peaston, Assistant Director at Cifas, said social media was being increasingly tool used by fraudsters to convert young people into accidental money launderers - by offering them fake money making schemes or even fake job offers, and then convincing people "who don't ask many questions" to transfer money as a favour.

"The use of social media is one of the things we know is happening... be that by instant messages, or via adverts on YouTube.

Ms Peaston said they were known to be using messaging apps such as WhatsApp to communicate with would-be victims.

Cifas is launching a 'Don't Be Fooled' campaign alongside UK Finance that aims to deter young people - in particular, students - from becoming money mules.

UK Finance added: "If an offer of easy money sounds too good to be true, it probably is."

(1st April 2018)


SIX JAILED FOR RUNNING £37m "COPYCAT WEBSITE" FRAUD
(The Guardian, dated 6th March 2018 author Rebecca Smithers)

Full article [Option 1]:

www.theguardian.com/uk-news/2018/mar/06/six-jailed-for-running-37m-copycat-website

Six people have been given jail sentences after defrauding the public out of more than £37m in one of the largest UK online crime cases brought to court.

The group set up and operated a number of "copycat websites", which impersonated official government services to sell passports, driving licences and other key documents for hugely inflated prices. The convictions and sentences followed one of the biggest investigations undertaken by the National Trading Standards eCrime Team.

The convictions and sentences were handed down following two trials - one in July 2017 and another that ended this week. The convictions and sentences relating to the July 2017 trial can only now be reported.

The individuals - who received sentences of varying lengths - are Peter Hall, Claire Hall, Syed Bilal Zaidi, Collette Ferrow, Liam Hincks and Kerry Mill, all of various addresses across the UK.

The July 2017 trial heard how the defendants set up copycat websites through the company Tadservices Limited between January 2011 and November 2014. These mimicked official websites run by 11 government agencies and departments and manipulated search engine results to appear more genuine.

Hundreds of thousands of purchasers were duped into paying more than they needed for new or replacement passports, visas, birth and death certificates, driving licences, driving tests, car tax discs and the London congestion charge.

The criminals also set up websites that mimicked the American, Cambodian, Sri Lankan, Turkish and Vietnamese official visa sites where travellers could apply and pay for electronic visas. It is believed that in addition to UK consumers, Indian, Turkish and US citizens were also defrauded.

The illegal profits funded a glamorous lifestyle for the defendants, with extravagant spending on expensive cars and luxury holidays. At one stage Claire Hall was preparing to buy a house for £1.4m in cash when the authorities intervened.

"These convictions represent an important milestone in the fight against online fraud," said Lord Harris, the chair of National Trading Standards. "This was a huge fraud and a very large number of people lost money as a result of the malicious actions of these criminals."

Handing down sentence on Tuesday, Judge Sean Morris said: "The internet is now the most frequently used marketplace. It is full of busy people in a rush who don't have time. There is a lot of money to be made by dishonest people out of the honest people who don't have time to check that a site is an official government service."

(1st April 2018)


POLICE REITERATE WARNING OVER FAKE OFFICER SCAM
(Penarth Times, dated 6th March 2018 author anon)

Full article [Option 1]:

www.penarthtimes.co.uk/news/16067489.Police_reiterate_warning_over_fake_officer_scam/?ref=rss

People are continuing to be scammed in the Vale of Glamorgan by someone claiming to be a police detective, prompting police to reiterate their warning not to hand money over to the fraudster.

The individual masquerading as a police officer has been targeting individuals with an elaborate story, before attempting to get victims to hand over significant amounts of money.

In the past fortnight, South Wales Police has seen a marked increase in the number of people reporting calls of this nature. In Cardiff, at least eight reports were received in two days, while in the Vale of Glamorgan reports have been made on an almost daily basis. Force-wide, the number of similar reports has also increased.

In some of the instances, the victims were told their cards had been cloned or they had been victim of fraud, and they were asked to provide their bank details. During other calls, the victims were told a family member had been arrested, while others were told to visit cashpoints and draw out thousands of pounds or purchase expensive items to hand over to a 'courier' who would collect the money from their home.

In all of the cases, the person calling claimed to be a detective and was so convincing that some of those contacted handed over the money or bank details requested.

Detective Inspector Paul Raikes, said: "These scammers are extremely persuasive and convincing and are often very successful in duping people in to handing over substantial amounts of money.

"Many of this week's victims have been elderly, but the truth is anyone can be targeted by these scammers and I'd urge everyone to be on their guard and to talk to their friends and loved ones about the scams. The more awareness there is of them, the less successful these fraudsters will be. Anything suspicious should be reported to us immediately."

Detective Inspector Paul Giess, from the Economic Crime Unit, added: "While many of the victims in these cases have been elderly or vulnerable, I cannot stress enough how sophisticated and well-rehearsed these scammers are, and any one of us could fall victim to their con if we are not vigilant.

"My message to the public is simple - the police, or any other legitimate organisation for that matter - will never contact you in this manner. All calls of this nature are a scam, and the person receiving the call should hang up as soon as possible."

To minimise the risk of falling victims to fraudsters, the public are encouraged to remember these simple tips:

Do:

- Obtain details of caller including name, rank, collar number and station
- Ascertain what Police force they identify themselves as working for
- Note any contact details from caller display or via 1471 after the call has concluded
- Obtain the main force control room number from the phonebook, internet or directory enquiries service
- Terminate the call advising you will contact the force control room directly to confirm their identity and be put through to them internally. (Ring a family member first to ensure the line has disconnected from the initial caller)
- If anyone calls at your address following on from this communication please call 999

Don't:


- Provide any details of bank cards, account numbers, financial circumstances or personal details
- Agree to make purchases or obtain funds from accounts to hand over to couriers
- Hand over your bank cards or account paperwork

Anyone who thinks they may have fallen victim to a scammer should report it via 101, or Action Fraud on 0300 123 2040.

(1st April 2018)


KENT MAN JAILED AFTER TRYING TO CON ELDERLY MAN OUT OF THOUSANDS
(Kent online, dated 6th March 2018 author Kentonline Reporter)

Full article [Option 1]:

www.kentonline.co.uk/gravesend/news/bank-staff-thwart-fraudsters-theft-161086/

A fraudster who tried to con an elderly man out of thousands of pounds was thwarted by suspicious bank staff who stopped the victim withdrawing cash.

Aaron Wiltshire, 31, of Page Crescent, Slade Green, attempted to convince the victim - aged in his 90s - that he needed to hand over money for work to his home.

Maidstone Crown Court heard a man knocked on the victim's front door in Old Perry Street, Northfleet on January 17 last year claiming to live nearby.

He said there was a problem causing his water to turn brown, and he thought it may also be affecting him.
Two days later, a different man knocked on the victim's door and claimed there was a problem with the victim's water which would require a lot of specialist equipment.

This man, later identified as Aaron Wiltshire, said it would cost around £9,000 to repair.

The victim gave the man his mobile phone number and later that day he received a call from a man discussing the repairs.

The man told the victim he would need a £3,000 deposit, and believing the man, the victim went to the NatWest bank in Gravesend to withdraw the money. But staff would not release the funds as they felt it was suspicious.

The following day, Wiltshire visited the victim's home and took him via a number of taxis to banks in Dartford to withdraw funds up to £1,700. Returning to his address, Wiltshire then told the man that he wanted more cash.

The victim told Wiltshire he had no further money and wrote out a cheque for £19,800, which Wiltshire took before leaving.

Later that night the victim was contacted by an officer at Kent Police. The victim then cancelled the cheque and his cards.

The next day Wiltshire went back to the victim's address asking why he cancelled the cheque.

The victim told him that he did not wish to go ahead with the work. The man was also told that solicitors would be contacted over the breach of contract. Wiltshire then ripped up the cheque before leaving.

Following an investigation by Kent Police, Wiltshire was identified through CCTV and was arrested and later charged with fraud.

He has now been jailed for four years after being found guilty by a jury of two counts of fraud by false representation, with an additional four weeks for breaching a suspended sentence.

The judge praised the bank staff for their actions.

Investigating officer PC Colin Bassett said: "Wiltshire preyed on a vulnerable man on numerous occasions pressurising him to hand over thousands of pounds of cash without any care for the victim.

"I'd like to echo the judge's sentiments and commend the staff at the bank for stopping the first large transaction and passing on their concerns. Had it not been for those staff then this case would have had a very different outcome and who knows where it would have stopped.

"If anyone thinks they have been a victim of fraud or believes someone they know may be being targeted then please do get in touch with Kent Police so officers can investigate fully."

(1st April 2018)


ROYAL MAIL HALTS THREE MILLION SCAM LETTERS
(BBC News, dated 5th March 2018 author Kevin Peachey)

Full article : www.bbc.co.uk/news/business-43289354

Hoards of scam letters are being seized before reaching the letterboxes of vulnerable potential victims, according to Royal Mail.

The delivery service received stinging criticism from government and campaigners after the Royal Mail logo was found on scam letters.

It prompted a series of changes which the service said had halted three million letters in just over a year.

Fake lotteries and bogus clairvoyants have used mass mail drops in the past.

The BBC has reported cases in which people have lost tens of thousands of pounds to these postal scammers.

Impounding letters

An investigation by the Daily Mail in 2016 alleged that scammers paid companies to print their scam letters in bulk.

If printed abroad, the letters were then taken to the UK where firms sorted and mass transported them to Royal Mail, which made the final delivery to people's homes. The Royal Mail logo was printed on the envelopes.

The issue led Royal Mail to be hauled before a government minister.

The service said it faced difficulties owing to the law which made it an offence to open postal items to look at the contents. Once envelopes were sealed, neither Royal Mail nor the intermediary companies delivering the mail to Royal Mail for final delivery were permitted to open them and assess the content, it said.

However, staff were trained to spot potential scam letters, and a series of new initiatives - including an industry-wide code of practice - have been launched since 2016.

Changes to terms and conditions governing bulk mail contracts in March 2017 meant Royal Mail could follow up on solid intelligence by refusing to carry mail suspected to be fraudulent.

The next month it started to contact, by Special Delivery, households receiving high volumes of scam mail, and impounded scam letters at its distribution centres before it reached the customers' letterboxes.

"We are committed to doing everything we can to stop this fraudulent material from reaching UK households," said Stephen Agar, managing director of letters at Royal Mail.

"We continue to deploy a range of different initiatives to keep one step ahead of the scammers."

The initiative does not cover electronic mail, and many con-artists have turned to email and social media to blitz potential victims with similar scams.

(1st April 2018)


WREXHAM MAN ADMITS ROLE IN £37m COPYCAT WEBSITE SCAM
(The Leader, dated 12th March 2018 author Rory Sheeham)

Full article [Option 1]:

www.leaderlive.co.uk/news/16080666.Wrexham_man_admits_role_in___37m_copycat_website_scam/

A MAN from Wrexham has admitted his role in a £37 million copycat website fraud scam.

Six people have been sentenced to a total of more than 35 years in prison after being convicted of defrauding UK consumers out of more than £37m in one of the largest UK online crime cases.

They operated a number of 'copycat websites', impersonating official government services to sell passports, driving licences and other key documents for vastly inflated prices.

The convictions and sentences follow one of the biggest investigations undertaken by the National Trading Standards eCrime Team.

These sentences were handed down following two trials - one in July 2017 and the other in March 2018.

The convictions and sentences relating to the July 2017 trial can only be reported now due reporting restrictions which were in place.

Liam Hincks, 28, of St Albans Heights, Tanyfron, pleaded guilty before the July 2017 trial began and was sentenced to three years for his part in the multi-million pound fraud.

Hincks also pleaded guilty before the March 2018 trial and will be sentenced at a later date.

The July 2017 trial heard how the defendants set up copycat websites through the company Tadservices Limited between January 2011 and November 2014.

These sites mimicked official websites run by eleven government agencies and departments and manipulated search engine results to appear more genuine. They knowingly misled hundreds of thousands of consumers into paying more than they needed for a number of government services including new or replacement passports, visas, birth and death certificates, driving licences, driving tests, car tax discs and the London Congestion Charge.

The criminals also set up websites that mimicked the American, Turkish, Cambodian, Vietnamese and Sri Lankan official visa sites where travellers could apply and pay for electronic visas to visit those countries. In all cases the sites offered little or no additional value to consumers using them. It is believed that in addition to UK consumers Indian, Turkish and US citizens were also defrauded.

The second trial in March 2018 heard how five defendants established a series of copycat websites through the companies Online Forms Limited and AE Online Services Limited in 2014 and 2015.

These copycat websites mimicked a range of the visa application websites in countries including the United States, India, Turkey, Bahrain and Sri Lanka.

Lord Toby Harris, who chairs National Trading Standards, said: "These convictions represent an important milestone in the fight against online fraud.

"This was a huge fraud and a very large number of people lost money as a result of the malicious actions of these criminals.

"Our eCrime team, operating with finite resources, has worked tirelessly to bring these criminals to justice and I'm delighted their efforts have led to these historic convictions.

"I urge members of the public to report any copycat websites they spot to the Citizens Advice consumer service by calling 03454 04 05 06."

Mike Andrews from the National Trading Standards eCrime Team said: "This was a crime motivated by greed. This group defrauded people so they could enjoy a luxury lifestyle.

"They showed no regard for the unnecessary costs they imposed on their victims. I would say they treated them with contempt.

"I urge people to always use the GOV.UK website when looking to apply for any kind of government service such as a passport, driving licence or EHIC card.

"Search engines may seem the easiest route but searching using the GOV.UK website is the safest way of ensuring you do not fall victim to a copycat website."

(1st April 2018)


BOGUS HMRC EMAILS : THE OFFICIAL GUIDE TO SPOTTING SCAMS
(Telegraph, dated 2nd March 2018 author Sophie Christie)

Full article [Option 1]:

www.telegraph.co.uk/tax/income-tax/bogus-hmrc-emails-official-guide-spotting-scams/

As well as spelling mistakes and poor grammar, there are a number of things you can look out for to help you recognise a 'phishing' or bogus email, says HM Revenue & Customs (HMRC) in its latest guide on scams.

Thousands of taxpayers are targeted by criminals every year with bogus emails, texts, and even social media messages that can seem genuine, but on closer inspection provide clues to their falsity.

Here are the five things you should look out for if you receive correspondence purporting to be from the taxman.

1. Fake email addresses


Fraudsters typically own email addresses with names associated with HMRC, like Revenue, HMRC or gov. Here's an example of a fake email address: refunds@hmrc.org.uk.

Be aware that fraudsters can spoof the "from" address to look legitimate. For example: it may look like it is from 'refunds@hmrc.gov.uk', but if you hover over the link and look at the bottom left-hand corner of your browser page, you will see the actual link that that text leads to, and that will not end with @hmrc.gov.uk at all. If you're unsure whether the message is real, don't open it. Instead, forward suspicious emails to HMRC 's phishing team at phishing@hmrc.gsi.gov.uk, and wait for their guidance.

2. Offering a tax rebate or payment

Emails from HMRC will never offer you a repayment, notify you of a tax rebate, ask you to disclose personal information such as an address or bank details, or provide a non-HMRC personal email address to send a response to.

But because the taxman does offer tax rebates to customers, which can be significant sums of money, people are often lured into engaging with crooks who are promising to transfer large amounts of cash.

3. Demanding urgent action

Con artists often ask for immediate action in their emails. Be wary of messages containing phrases like "you only have three days to reply" or "urgent action required".

4. Bogus links to websites and dodgy attachments


If the email includes a link to a webpage or an attachment, be on your guard. Fraudsters often include web links that lead to pages that look like the homepage of the Revenue's website. This is to trick recipients into disclosing personal or confidential information.

Sometimes they'll even include links to actual HMRC webpages in their emails, to try and make them appear genuine.

Attachments could contain viruses designed to steal your personal information.

5. Common greeting

If an email claiming to be from the taxman begins with a general greeting, such as "Dear Sir/Madam", "Dear customer" or "Hello", rather than your name, it's highly likely to be fake.

Emails from HMRC will usually start with the recipients name and will include information on how to report phishing scams further down the page.

In 2014 almost 50 per cent of HMRC consumers reported being targeted in a phishing scam. And in 2013 customers reported more than 91,000 phishing emails to the tax agency.



FEBRUARY 2018


MORE SCAMS !

This group of group of scams was compiled by the National Trading Standards team.

-----------------------
FACEBOOK TAKES ACTION TO PROTECT USERS AGAINST BITCOIN FRAUD
(The Herald / Sunday Herald, dated 3rd February 2018 author Iona Bain)

Full article [Option 1]:

www.heraldscotland.com/business_hq/15917943.Facebook_takes_action_to_protect_users_against_Bitcoin_fraud/?mc_cid=759df86f23&mc_eid=f46eab0a3f

Facebook has banned advertising for Bitcoin following a wave of complaints about the number of crypto-currency scams being promoted through the site.

The world's most popular social networking site said its ban will cover all adverts for "financial products and services that are frequently associated with misleading or deceptive promotional practices", with crypto-currencies and binary options cited as the main offenders.

-----------------------

POLICE URGE PUBLIC TO BE AWARE OF "ROMANCE FRAUD"
(Llanelli Herald, dated 5th February 2018 author Jason Cooper)

Full article [Option 1]:

www.llanelliherald.com/39935/police-urge-public-aware-romance-fraud/?mc_cid=759df86f23&mc_eid=f46eab0a3f

Love might be in the air around Valentine's Day, but Dyfed-Powys Police is urging people to be wary of who they meet on dating websites after saving potential victims from sending £52,000 to fraudsters.

The force's Financial Crime Team has offered advice to people dating online to help stop their heart - and their finances - take a bruising.

Romance fraud is where fraudsters set up fake profiles to form relationships with unsuspecting people looking for a genuine partner on dating websites. They use the site to gain your trust and ask you for money or enough personal information to steal your identity.

-----------------------
WARNING OVER WHATSAPP SCAM OFFERING "FREE ADIDAS TRAINERS"
(Birminghamlive, 5th February 2018 author James Rodger)

Full article [Option 1]:

www.birminghammail.co.uk/news/midlands-news/warning-over-whatsapp-scam-offering-14282005?mc_cid=759df86f23&mc_eid=f46eab0a3f

WhatsApp users are being warned over yet another scam doing the rounds. This is because free pairs of Adidas trainers are being used as bait by cruel scammers.
Fraudsters offering the recipient one of 3,000 pairs of free trainers in exchange for the completion of a survey.

"We are aware of the WhatsApp message that is currently circulating claiming that Adidas is giving away free footwear and would like to caution the public about believing this, as it is definitely a hoax", said Lauren Haakman, Brand Communications & PR Manager of Adidas South Africa.

-----------------------------------------
###ROGUE TRADERS AND DOORSTEP SCAMS

SUSPECTED ROGUE TRADERS FROM LANCASHIRE ARRESTED IN YORK
(North Yorkshire Police, dated 6th February 2018)

Full article :

https://northyorkshire.police.uk/news/suspected-rogue-traders-lancashire-arrested-york/?mc_cid=759df86f23&mc_eid=f46eab0a3f

Police in York have urged residents to be on their guard following the arrest of three suspected rogue traders.

Neighbourhood Policing Team were alerted to the Dunnington area at 8.17am on Monday (5 February 2018) after an elderly and vulnerable resident reported she had been pressured into purchasing a new front door by men claiming to be from a reputable home improvement company.

-----------------------
RUDE AND ITIMIDATING DOORSTEP SELLER TRIE TO FLOG HOUSEHOLD CLEANING PRODUCTS TO PEOPLE IN TUNBRIDGE WELLS
(Kentlive, 9th February 2018 author Mary Harris)

Full article [Option 1]:

www.kentlive.news/news/kent-news/tunbridge-wells-salesman-cleaning-1193367?mc_cid=759df86f23&mc_eid=f46eab0a3f

Residents have been warned about a "rude and intimidating" doorstep seller knocking on the doors of residents in Tunbridge Wells.

People who live in the town have reported a man with an "aggressive manner" who was "banging on doors" trying to sell over-priced cleaning goods, with two saying they had been sworn at when they refused to buy anything.

One householder nicknamed the sellers "Nottingham Knockers".
Trading Standards has today (February 9) issued an alert about a man selling household cleaning products door-to-door.

-----------------------------------------------------------
###TELEPHONE SCAMS

FRAUDSTERS POSE AS FINANCIAL OMBUDSMAN SERVICE STAFF WITH FAKE COMPENSATION
(Action Fraud, 1st February 2018)

Full article :

www.actionfraud.police.uk/news/fraudsters-pose-as-financial-ombudsman-service-staff-with-fake-compensation-feb18?mc_cid=759df86f23&mc_eid=f46eab0a3f

Action Fraud are warning people to watch out for fraudsters claiming to be from the Financial Ombudsman Service.

Fraudsters claiming to be from the Ombudsman are cold-calling victims and telling them they have a cheque for a large amount of money from a compensation claim. The victim is then told to buy an iTunes (or similar voucher) roughly to the value of £300 to 'release' the compensation. They then claim that a courier will collect it from their home address and that a cheque will be sent to them in the post.

The service, which deals with complaints from consumers about the financial services industry, is a free service for the public and it would never cold call households to ask for a fee in order to claim reimbursement.

------------------------
ELDERLY LADY NEARLY LOSES LIFE SAVINGS IN "POLICE INSPECTOR" SCAM
(Somersetlive, dated 6th February 2018 author Liam Trim)

Full article [Option 1]:

www.somersetlive.co.uk/news/somerset-news/elderly-lady-nearly-loses-life-1171379?mc_cid=759df86f23&mc_eid=f46eab0a3f

A criminal pretending to be a Metropolitan Police Inspector almost defrauded an elderly woman out of her life savings, according to a police Twitter account.

Only the intervention of staff at a Somerset bank branch stopped a devastating fraud taking place.

-----------------------
FRAUDSTER "MILKED" WIDOW,80, OUT OF £20k SAVINGS - AND BLEW IT ON DRUM KITS
(Birmingham Live, dated 7th February 2018 author Ross McCarthy)

Full article[Option 1]:

www.birminghammail.co.uk/news/midlands-news/fraudster-milked-widow-80-out-14253012

A greedy fraudster who fleeced a frail widow out of her £20,000 life savings - and used it to buy five drum kits - has been jailed.
Heartless Simon Roe also splashed out on fast food binges and video game consoles, using his housebound neighbour's cash as his "own little lottery fund".

He left the 80-year-old with just £13.33 in her account after she trusted him with her bank card to do her shopping.

-----------------------
COLD CALLS FROM FRAUDSTERS CLAIMING TO BE FROM THE HOME OFFICE
(Action Fraud, dated 12th February 2018)

Full article :

www.actionfraud.police.uk/news/alert-cold-calls-from-fraudsters-claiming-to-be-from-the-home-office-feb18?mc_cid=759df86f23&mc_eid=f46eab0a3f

Fraudsters are purporting to be from the Home Office and cold-calling victims to claim that there is a problem with their immigration status.

Fraudsters are calling victims from what appears to a genuine Home Office telephone number 0207 354 848 - which has in fact been 'spoofed'. To spoof numbers, fraudsters use software that allows them to display any number they wish on a victim's phone.

Fraudsters tell victims there is a problem with their immigration status and in order to rectify this issue, they must pay an up-front fee. They are asked to confirm personal details, such as their passport number and date of arrival in the United Kingdom. If a victim starts to question the call, the fraudsters point out the 'spoofed' number to make the request seem legitimate.

------------------------

(1st March 2018)


HUNDREDS OF SCAM LETTER CONMEN HELD IN CRACKDOWN
(Daily Mail, dated 24th February 2018 author Katherine Faulkner)

Full article [Option 1]:

www.dailymail.co.uk/news/article-5429169/More-200-conmen-charged-following-Mail-investigation.html

Conmen who targeted British pensioners with millions of letter frauds are facing court action after a Daily Mail investigation.

More than 200 scammers have been charged or served with court orders in a joint action by US and Canadian police using evidence uncovered by this newspaper's investigations unit.

One of those facing legal action, Andrew John Thomas, was caught on camera by an undercover Mail reporter boasting that he was a 'proud w****' who used his 'beautiful talent to sell this s**t to people who don't need it'. Another is his associate Patrick Fraser.

The evidence gathered by the Mail is described in court papers as proof of the pair's 'intent to defraud'. Police believe they may have run hundreds of millions of pounds worth of frauds, sending four million letters a year.

They are understood to have told their printing providers they valued having Royal Mail branding on their letters to dupe British victims into thinking they were genuine.

The developments will pile pressure on postage firms in the UK and on Royal Mail, which has launched a drive to stamp out scam letters in response to the Daily Mail's investigation in October 2016.

We revealed how conmen were using Royal Mail's bulk mail contracts with postal partners to target the elderly. In some cases they paid to use the Royal Mail logo.

Some of their letters conned vulnerable people, including dementia patients, into thinking they had won a prize they could claim by sending money. Officials believe up to £10billion is lost to such scams each year.

Court papers filed in New York by the US Department of Justice on Thursday cite evidence gathered by the Daily Mail that Thomas and Fraser were directors of a mail fraud scheme to defraud the elderly.

They used eight shell companies, rented mailboxes and cross-border couriers to hide their activities, the US Department of Justice alleges.

The pair have now been banned from sending further mass mailings pending an investigation by the department. Criminal charges have not yet been brought against them, but sources said they could later be charged with mail fraud.

The hundreds of scammers targeted by the action are accused of defrauding more than a million elderly people globally out of more than £600million. More than 200 have been charged and civil actions brought against dozens more.

The Daily Mail's exposé came after reporters infiltrated a conference at a ski resort in Canada where scammers met to trade 'suckers lists' with names and addresses of those considered susceptible to fraud.

They boasted of 'ripping off suggestible' victims and of using Royal Mail's discounted bulk postage rates to send letters to the UK. This also allowed them to have Royal Mail branding on envelopes.

Royal Mail said last night it was 'working with industry partners and law enforcement agencies to tackle this issue even more vigorously'.

Since its crackdown in 2016, more than three million fraud letters have been stopped before delivery.

(1st March 2018)


NEW ONLINE FRAUD WARNING : ONE WRONG CLICK COULD WIPE OUT YOUR ENTIRE LIFE SAVINGS
(Daily Express, dated 20th February 2018 author Tom Gillespie)

Full article [Option 1]:

www.express.co.uk/news/uk/921067/retirement-news-financial-conduct-authority-clone-fraud-elderly-savers-halifax-vanguard

CONVINCING copy-cat websites which mimic those of big legitimate pensions and savings firms are leaving Brits just one click away from losing their entire lifesavings to fraudsters.

Criminals have been impersonating legitimate companies such as Halifax and Vanguard Asset Management to target people with savings to invest or with access to their pension - and they are raking in £500,000-a-day from victims.

So-called clone fraud investigations have almost doubled in the past year, and pensioners are especially at risk, the Financial Conduct Authority (FCA) said.

The body, the City's chief watchdog, has said some victims have lost out on hundreds of thousands of pounds. Official figures sourced by The Times show that nearly £200million has been stolen by "investment fraudsters" in the last year.

The paper reports that the figure is thought to grossly underestimate the seriousness of the problem, citing the fact many victims will be too embarrassed to report the crime.

Some victims have been tricked out of more than £250,000.

The FCA has looked into 157 attempts of fraudsters imitating companies over the past year - a huge rise from the 90 attempts recorded in 2015.

Each cloned company is thought to have been likely to have targeted thousands of savers.

The gangs typically cold-call investors to promote property, shares or other non-existent opportunities.

The scale of the problem is likely to fuel further calls for a ban on pensioner cold-calling.

Con artists have been targeting elderly savers ever since pensions freedoms introduced in 2015 allowed anyone over 55 to gain early access to their retirement pots.

The oldest reported victim of investment fraud is 98, while the average age is 61, according to City of London police.

Ministers vowed last week to ban pension cold-calling so that if an old person is called they know it is a fraudster.

It has not been made clear how the law would be rolled out.

The FCA says that clone fraudsters use the name, address and registration number of established businesses.

They then give their own phone number, address and website details to victims.

The website details will often link to a copy of the actual company's page.

Subtle changes will have been made, such as an altered phone number.

The cruel fraudsters have even faked the watchdog's website to include their own contact details rather those of a genuine company.

Last year a con-artist pretended to be a top fund manager at JO Hambro Capital Management, and went on to persuade a victim to invest £100,000.

The unnamed victim, told they were investing in Barclays bonds, never saw his cash again.

The FCA is said to issuing a warning on its website every other day about a cloned firm.

The watchdog said clone fraudsters are tough to tackle because they operate from outside the UK.

Their British addresses are said to be fake and the bank accounts they use are usually based abroad.

The FCA has also warned about a pension review scam.

Investors are phoned out of the blue and are offered a free pension review designed to encourage them to move money into high-risk or fake investment schemes.

FCA spokesman Tim Matthews said: "Fraudsters use sophisticated methods to get hold of your cash - this can include cloning a legitimate firm. If you're buying a financial product such as a loan, insurance, investment or pension, only deal with an FCA-authorised firm."

###How can you protect yourself?

If you are uncertain about a firm that has contacted you, be sure to check the FCA's online registers.

The authority says the investor should sued the details on the register to contact the firm, rather than information provide by the person who has phoned you.

The FCA added that you should only access their register from its website, and not through links provided by anyone else.

------------------------
SAVERS LOSE MILLIONS TO RETIREMENT FRAUDSTERS
(The Times, dated 19th February 2018 author Andrew Ellson)

Full article [Option 1]:

www.thetimes.co.uk/article/savers-lose-millions-to-retirement-fraudsters-3ff3x6zwb

Savers are being tricked out of half a million pounds every day after a surge in criminals targeting British pension riches, The Times can reveal.

People with nest eggs to invest, including those with new freedoms to access their pensions, are falling for well-resourced foreign fraudsters impersonating the identities of legitimate companies.

Investigations into "clone fraud" have almost doubled over the past year, according to the Financial Conduct Authority (FCA), the City's chief watchdog, with some victims losing hundreds of thousands of pounds.

The finding comes as official figures obtained by The Times show that almost £200 million has been stolen by investment fraudsters over the past year, although this is thought to grossly underestimate the true scale of the problem.

------------------------
(1st March 2018)


ORGANISED CRIMINALS STEALING IDENTITIES OF DEAD PEOPLE TO GET CHEAPER CAR INSURANCE
(Telegraph, dated 24th February 2018 author Martin Evans)

Full article [Option 1]:

www.telegraph.co.uk/news/2018/02/24/organised-criminals-stealing-identities-dead-people-get-cheaper/

Organised criminals and fraudsters are stealing the identities of dead people in order to get cheaper car insurance, it has emerged.

Unscrupulous motorists with poor driving records are increasingly targeting the deceased, in order to take advantage of more attractive premiums.

Police technology also means it is now very difficult to drive around in an uninsured vehicle without being detected, so having some sort of cover is usually vital to avoid unwanted attention.

Driving a vehicle that is insured in a dead person's name also means there no chance of the scam being discovered by the victim.

It is feared organised criminals and even terrorists, could take advantage of the scam, in order to move around on the roads undetected.

The widow of former Tory Minister, Ian Sproat, has described how she realised his identity had been stolen when she received a letter saying he was being prosecuted for speeding, six years after his death.

Judith Sproat, 80, said: "The first I knew of this was in August last year when I received a letter from an insurance company asking for bank details to renew Ian's insurance. He had died in 2011 and so of course I knew it was a mistake.

"Then in January this year I received a letter from South Yorkshire Police, again addressed to my husband, containing a Notice of Impending Prosecution for a speeding offence committed on 1 September 2017.

"The police explained they had obtained my late husband's name and address from the car number plates of the speeding vehicle."

Mrs Sproat contacted both the insurer and the police to inform them of the situation but was simply told to report it to the National Fraud Intelligence Bureau. And while she cannot be held liable for any financial penalty incurred in the scam, she is angry that her law abiding husband's name, has been used as part of a criminal enterprise.

She said: "There could be many motives for this identity theft, from the fairly simple one of wanting to gain benefit of a no claims bonus, the more sinister ones of a fraudster being banned from driving, or a career criminal wishing to avoid detection, or even to a terrorist with the same idea."

Mrs Sproat added: "Of course I have no means of knowing if my late husband's identity theft relates only to car use. If it has been used in other ways I daresay I will find out in time."

Last month the Sunday Telegraph reported on the growth of a worrying phenomenon known as Ghost Broking, where fraudsters sell fake insurance policies to drivers desperate to find a good deal.

But experts at the Insurance Fraud Enforcement Department (IFED) at the City of London Police admitted they have no idea of the scale of identity theft involving car insurance, because so few cases have been reported.

This could be because it is still not widespread, but it could also be because the families of those dead people being targeted are simply unaware.

A spokesman for the City of London Police said: "False addresses are used to get cheap insurance as they are often taken out using low risk postcodes.

"We have often seen that this type of fraud can facilitate organised crime gangs with insuring their vehicles so they don't come to the notice of police and also obtain cheaper policies."

Colin Jemide, and adviser with IFED said: "There is so much information available online these days that identity fraud is obviously a danger. There could be all sorts of reasons why someone would seek to use somebody else's details when getting car insurance.

"In order to prevent this sort of thing happening it is important to carefully check all letters you receive in the post from insurance companies and not assume they are junk mail.

"If you receive documents for someone with no connection with your address contact the company's fraud department immediately and report it."

(1st March 2018)


CITY BOSSES LEFT FEELING "LIKE MUGS" AFTER FALLING FOR £1M RUGBY SCAM
(London Evening Standard, dated 23rd February 2018 authors Jonathan Prynn and Barney Davis)

Full article [Option 1]:

www.standard.co.uk/news/crime/city-bosses-fall-victim-to-slick-1-million-rugby-tickets-scam-a3773961.html

A string of City bosses have fallen victim to a "slick" £1 million rugby tickets scam after paying for fake Six Nations corporate boxes at Twickenham.

Dozens of senior executives said they were left feeling "like mugs" when they learned that the corporate hospitality packages they had paid up to £12,000 each for did not exist.

A company calling itself Elite Sports Hospitality targeted senior business figures with offers of "half-price" boxes at sell-out rugby fixtures including last week's clash between England and Wales and likely decider England v Ireland on March 17, St Patrick's Day.

The Oxford-based firm sent emails detailing packages for up to 20 people in a "glass-fronted private box" in the ground's East Stand costing between £8,700 and £12,240 including VAT.

The deals promised a champagne reception, four-course lunch with "fine wines", a complimentary bar and "post-match savoury selection".

However, rugby fans who transferred money to the company's HSBC account received emails at the start of February signed by a "Delroy Forgah" telling them that their "booking will no longer be going ahead" after a "mix-up".

The email went on to ask for bank details as "a full refund will be offered on the package purchased". But when victims tried to contact Elite Sports Hospitality, emails bounced back and phone lines were dead.

As many as 80 executives are believed to have fallen victim, handing over hundreds of thousands of pounds and possibly as much as £1 million.

One target, Patrick Goodwin, head of a City financial recruitment firm, who booked a box at the Irish game, said: "I received the first email approach in September last year. It all seemed above board, they had a slick website, they checked out on Companies House.

"I must have spoken to them six to eight times about details such as dietary requirements, parking and the itinerary - they were genuinely nice people, it was incredibly well done.

"I've been in business over 20 years and I've never been scammed before. I like to think I'm pretty streetwise. If I can get ripped off then anyone can get ripped off."

He said when he contacted Elite Sports Hospitality's address he was told the company had moved out without paying its bill.

Another victim Glyn Heatley, of Clerkenwell-based data services group Cervello, who also paid for a box at the Ireland game, said: "It's not just the financial aspect of it, I feel like a mug.

"We had to go back and tell clients it's a scam, it was a bit embarrassing and we've been the butt of many jokes."

A third, Mark Cardy of financial adviser Skerritt, said: "I thought £500 a head for a slap-up lunch at Twickenham on St Patrick's Day was pretty good value. I was super-excited. Now I've had to confess I've been a bit of a numpty. I feel pretty gutted, annoyed, frustrated and stupid really."

The website for Elite Sports Hospitality lists its parent company as Elite Direct Advertising and Marketing Ltd. Documents at Companies House lists that company's sole director and shareholder as Dunstable-based businessman Jermaine Daley.

Mr Daley told the Standard he sold the company to Mr Forgah for £1 in December last year and knew nothing about the scam.

The Standard was unable to contact Mr Forgah. The scam is being investigated by Bedfordshire Police.

A spokeswoman for Bedfordshire Police said: "We have received reports that more than 80 victims have been defrauded out of hundreds of thousands of pounds in total after hospitality packages were offered to businesses for various high profile rugby events. Payment was requested by bank transfer, but the victims never received the tickets.

"We are investigating the web company which offered the packages. Our advice to stay safe online is always be suspicious if a website asks you to make a bank transfer instead of paying by card. "

Dan Hyde, a partner at law firm Pennington Manches, which is advising several of the victims said: "This type of fraud is pernicious and highly effective.

"The perfected fraudulent email can be copied and pasted or forwarded repeatedly.

"Company details and sales language give a veneer of authenticity and reassurance to the unsuspecting victim. Like many such scams it urges speed to avoid missing the cut price bargain by making early payment.

"We would ask anyone who has been a victim to get in touch urgently"

(1st March 2018)


SCHOOLS FRAUD - CHIEF EXECUTIVE OFFICER
(Action Fraud, dated 20th February 2018)
www.actionfraud.police.uk

The National Fraud Intelligence Bureau (NFIB) has seen an increase in recent weeks in the volume of CEO Fraud reports whereby schools are the targeted victim. This has resulted in substantial financial losses for several schools that have fallen victim to this type of fraud.

A school is targeted by a fraudster who purports to be the Head Teacher / Principal. The fraudster contacts a member of staff with responsibility for authorising financial transfers and requests for a one off, often urgent, bank transfer to be made. The amounts requested have been between £8,000 and £10,000.

Contact is made by email and from a spoofed / similar email address to the one the Head Teacher / Principal would use.

PROTECTION / PREVENTION ADVICE

- Ensure that you have robust processes in place to verify and corroborate all requests to change any supplier or payment details. Get in touch with the supplier (or internal colleague) directly, using contact details you know to be correct, to confirm that a request you have received is legitimate.

- All employees should be aware of these procedures and encouraged to challenge requests they think may be suspicious, particularly urgent sounding requests from senior employees.

- Sensitive information you post publicly, or dispose of incorrectly, can be used by fraudsters to perpetrate fraud against you. The more information they have about you, the more convincingly they can purport to be one of your legitimate suppliers or employees. Always shred confidential documents before throwing them away.

- Email addresses can be spoofed to appear as though an email is from someone you know. If an email is unexpected or unusual, then don't click on the links or open the attachments. Staff should not be allowed to check emails or use the internet with administrator accounts.

If you have been affected by this, or any other type of fraud, report it to Action Fraud by calling 0300 123 2040, or visiting www.actionfraud.police.uk.

(1st March 2018)


WEDDING BOUTIQUE CONS BRIDES INTO BUYING "BESPOKE HAND-MADE" DRESSES THAT HAVE "MADE IN CHINA" LABELS
(The Telegraph, dated 9th February 2018 author Telegraph Reporters)

Full article [Option 1]:

www.telegraph.co.uk/news/2018/02/09/wedding-boutique-cons-brides-buying-bespoke-hand-made-dresses/

A wedding boutique was caught selling fake "hand-made" dresses when brides spotted the "made in China" labels, a court heard.

Melanie Bishop, 36, and her 60-year-old mother Patricia tricked 13 brides into thinking they were buying bespoke gowns.

A court heard the pair advertised hand-made bridal dresses costing up to £1,000 from a workshop in Wales.

Brides first found out they had been duped when they spotted "made in China" labels on their dresses and launched a campaign to get their cash back.

But Bishop quickly shut up shop, leaving more than 100 other brides worried they would be left without their dresses.

Both women now face possible jail sentences after pleading guilty to 18 counts of "engaging in unfair commercial practice" after brides complained to consumer watchdogs.

Before she was charged with fraud, Bishop spoke about the "hellish nightmare" that led to close her bridal boutique Anna Sara Bridal in Newport, South Wales.

One bride Nichola Pakau, 34, said: "It has been an awful experience. It has affected my home life and work life."

Another bride's mother, 55-year-old Kim Burroughs, said: "You expect everything to be perfect for your daughter's wedding. I didn't expect this."

The Bishop mother and daughter pleaded guilty at Cardiff Crown Court to 18 counts of engaging in unfair commercial practice between March 2015 and April 2016.

Melanie Bishop claimed her customers should have known their dresses from £700 to £1,000 were manufactured in China and said she was the victim of a campaign of "abuse and lies".

Speaking at the time the boutique was closed, she said: "It's not that we set out to deliberately mislead people, that's not it. When I said our dresses were all our own designs that was true.

"The only thing I could have done differently was be explicitly clear about the origins of the dresses, but so many shops outsource their materials and labour from China. It's not uncommon and I never hid it. I left the made in China labels in."

But an investigation by Newport Trading Standards ended with Bishop and her mother being charged with fraud. The court heard they accepted claiming they had designed and made the dresses themselves.

The pair pleaded guilty to failing to inform customers the wedding dresses were actually made in China, falsely stating they would be made in their local workshop.

Melanie and Patricia Bishop admitted their behaviour was likely to distort the behaviour of the average consumer.

Judge Patrick Curran QC told them he will not be the sentencing judge and warned them: "All appropriate sentencing options are open."

Both women, of Oakdale, near Blackwood, South Wales, were granted bail ahead of their sentencing in March.

(1st March 2018)


COST OF CAR INSURANCE FRAUD TO VICTIMS REVEALED IN NEW POLICE CAMPAIGN
(Action Fraud, dated 5th February 2018)

Full article [Option 1]:

https://actionfraud.police.uk/news/cost-of-car-insurance-fraud-to-victims-revealed-in-new-police-campaign-feb18

- City of London Police's Insurance Fraud Enforcement Department launches campaign to raise awareness of fraudsters selling fake car insurance and warn motorists to 'Steer Clear of Fraud'

- Over 850 reports of ghost broking have been reported to Action Fraud in last three years, with reported losses from individuals and organisations totalling £631,000

- Individual victims of ghost brokers lose on average £769

- Ghost brokers typically target men in their 20s, using social media

The City of London Police's Insurance Fraud Enforcement Department (IFED) has launched a national awareness campaign today (Monday 5 February 2018) to warn motorists about the dangers of buying fake car insurance from fraudsters, also known as 'ghost brokers', who are potentially leaving thousands of unsuspecting victims driving without insurance.

Extent of the problem

From November 2014 to October 2017, Action Fraud received more than 850 reports linked to ghost broking, with reported losses for both individuals and organisations totalling £631,000. On average, each individual victim lost £769 from this type of fraud.

Of these reports, 417 resulted in action being taken against the offenders by IFED following their investigations into ghost broking over the past three years, which included a man who set up 133 fake policies, a teenage ghost broker who was sentenced to jail and a man who made £59,000 from ghost broking.

However, it is thought that the true number of ghost broking victims may be much higher than this figure, as some motorists may be driving on the roads right now unaware that their policy is fraudulent. It is only when they are stopped by police or attempt to make a claim will they find out that they don't have genuine cover.

This leads police to believe that ghost broking is actually being under reported each year due to the way ghost brokers deceive motorists into thinking they have legitimate insurance, when in fact it's worthless.

What is ghost broking?


Ghost broking is the name given to a tactic used by fraudsters who sell fraudulent car insurance by a number of different methods. They typically carry out the fraud by one of three ways: they will either forge insurance documents, falsify the driver's details to bring the price down or take out a genuine policy, before cancelling it soon after and claiming the refund plus the victim's money.

It is a legal obligation to have valid car insurance and without it victims will experience the severe harm caused by ghost broking, including:

- Points on their driving licence
- Vehicle seizure and possible destruction of it
- A fixed penalty notice
- Costs to retrieve impounded vehicle
- Liable for claims costs if involved in an accident

This is on top of the money motorists will have lost buying the invalid car insurance and the money they will have to spend to then buy a legitimate insurance policy.

IFED analysis into the ghost broking reports reveals that men aged 20-29 are most likely to get targeted and that the most common method ghost brokers will use to make initial contact with people is through social media, particularly Facebook and Instagram. Other contact methods include adverts in newspapers and magazines, cold calls and being introduced, either directly or by friends, family members or work colleagues.

Stay safe when buying car insurance

In light of these worrying figures, IFED is encouraging drivers to be wary of heavily discounted prices on the internet or cheap prices they're offered directly for car insurance, as they may well be ghost brokers.

IFED is issuing the following advice and tips to help drivers avoid falling victim to ghost brokers:

• Trust your instincts - if an offer looks too good to be true, then it probably is.

• Ghost brokers often advertise on student websites or money-saving forums, university notice boards and marketplace websites. They may also try to sell insurance policies in pubs, clubs or bars, newsagents and car repair shops.

• Be wary of ghost brokers using only mobile phone or email as a way of contact. Ghost brokers have even been reported using messaging apps, including WhatsApp, Snapchat and Facebook. Fraudsters don't want to be traced after they've taken your money.

• If you are not sure about the broker, check on the Financial Conduct Authority or the British Insurance Brokers' Association website for a full list of all authorised insurance brokers.

• You can also contact the insurance company directly to verify the broker's details.

• You can check to see if your car is legitimately insured on the Motor Insurance Database website.

Detective Chief Inspector Andy Fyfe, Head of the City of London Police's Insurance Fraud Enforcement Department, said:

"Ghost brokers trick unsuspecting victims with offers of heavily discounted car insurance, leaving them with a policy that isn't worth the paper it's written on and open to the severe harm that comes with driving without valid insurance. Being able to drive is vital for a lot people, whether it be to get to work or pick up their children from school or nursery, so if they fall victim to a ghost broker it could not only impact on them financially but also seriously affect their day to day life and make things very difficult.

"As well as the personal harm experienced by victims, ghost brokers also cause financial harm to the insurance industry, driving up the cost of insurance premiums for all motorists.

"While an offer of cheap car insurance may seem tempting, falling victim to ghost broking will end up costing you far more in the long run - both in terms of money and your licence."

(1st March 2018)


BEWARE THIS THREATENING TEXT MESSAGE PRETENDING TO BE FROM THE DVLA
(Mailonline / This is money, dated 1st February 2018 author Lee Boyce)

Full article [Option 1]:

www.thisismoney.co.uk/money/cars/article-5330323/Beware-text-message-pretending-DVLA.html

Drivers should beware a text message scam which attempts to scare people into revealing personal information.

The message, which even appears to have the gov.uk logo, reads: 'FINAL REQUEST: 'DVLA Swansea have been trying to contact you, Click below for more information.'

A This is Money reader contacted us to warn about a text message scam and the link in the message may trick people as it has dvla.gov.uk as part of the URL, which in a snap moment may convince them to click on it.

Additionally, many will be worried that they may be in trouble with the organisation, which is indeed based in the Welsh city of Swansea.

However, the DVLA has previously warned that it doesn't send text messages with links to websites asking to confirm personal details or payment information.

The phony website may also include a range of nasties, including malware, a type of virus that lurks in your device to steal information, such as bank log-in details.

The reader, named April, says she would usually discard contact like this, but was almost tricked as she knew her car tax was due for renewal this week - and she has also signed up on the gov.uk for its reminder service.

It is not clear whether this is a targeted attempt to dupe her with the knowledge that her car tax is due - or whether scammers are just using a scattergun approach.

Also in the URL is the words tax disc. Although abolished in 2014, many still associate vehicle excise duty, widely known as car tax, with the old paper disc.

The DVLA says that some members of the public have received e-mails, texts and telephone calls claiming to be from the agency.

Links to a website mocked up to look like a DVLA online service are sometimes included in the message, as highlighted in this case.

It adds: 'The Government, led by Cabinet Office's Government Digital Service, will continue to investigate reports of organisations which may be actively misleading users about their services or acting illegally, taking swift action when necessary.

'By using the online driving licence or vehicle tax transactions on GOV.UK you can be sure that you are dealing directly with DVLA.'

On social media website Twitter, This is Money found plenty more examples of the scam - with one claiming the domain is registered in Panama, while the DVLA says it is currently investigating:

Last summer, the DVLA revealed e-mails that been sent to people, which had a link to a 'secure web form' that's designed to collect personal information from unwitting recipients.

The correspondence targeting motorists says: 'We would like to notify you that you have an outstanding vehicle tax refund of £239.35 from an overpayment, request a refund.'

The email looks legitimate and includes the DVLA's existing logo and fonts - something that could dupe many motorists into sharing their personal data.

(1st March 2018)


FLIGHT TICKET FRAUD
(Action Fraud, dated 7th February 2018)
www.actionfraud.police.uk.

Fraudsters are attempting to entice victims who are looking for cheap flights abroad.

Victims have reported booking tickets via websites or a "popular" ticket broker, only to discover that after payment via bank transfer or electronic wire transfer, the tickets/booking references received are counterfeit. In some cases, all communications between the company or broker and the victim have been severed.

Fraudsters are targeting individuals who are seeking to travel to African nations and the Middle East, particularly those wishing to travel in time for popular public and religious holidays.

Prevention Advice:


- Pay safe: Be cautious if you're asked to pay directly into a private individual's bank account. Paying by direct bank transfer is like paying by cash - the money is very difficult to trace and is not refundable. Wherever possible, pay by credit card or a debit card.

- Conduct research on any company you're considering purchasing tickets from; for example, are there any negative reviews or forum posts by previous customers online? Don't just rely on one review - do a thorough online search to check the company's credentials.

- Check any company website thoroughly; does it look professional? Are there any spelling mistakes or irregularities? There should be a valid landline phone number and a full postal address so that the company can be contacted. Avoid using the site if there is only a PO Box address and mobile phone number, as it could be difficult to get in touch after you buy tickets. PO Box addresses and mobile phone numbers are easy to change and difficult to trace.

- Be aware that purchasing tickets from a third party, particularly when initial contact has been made via a social media platform can be incredibly risky.
If tickets to your intended destination appear cheaper than any other vendor, always consider this; if it looks too good to be true, it probably is!

- Look for the logo: Check whether the company is a member of a recognised trade body such as ABTA or ATOL. You can verify membership of ABTA online, at www.abta.com.

If you have been affected by this, or any other type of fraud, report it to Action Fraud by calling
0300 123 2040, or visiting www.actionfraud.police.uk.

(1st March 2018)


JANUARY 2018


GEOGRAPHIC SCAMS

Some scams only appear to be reported in certain geographic areas, but that doesn't mean the scammers can't move onto another area. Or, crooks in your locality have their own " dodgy brainwave" !

-----------------------
PETERBOROUGH POLICE WARN OF "DEATH THREAT" EMAIL SCAM
(Global News, dated 24th January 2018 author Greg Davis)

Full article [Option 1]:

https://globalnews.ca/news/3984952/peterborough-police-warn-of-death-threat-email-scam/

uaware comment : Yes, there is a Peterborough in California, USA !

The Peterborough Police Service is warning residents about the so-called "death threat" email scam now circulating in the Peterborough area.

The scam involves an email stating that sender has been hired by someone the email recipient knows to "remove you" and that the only way to save your life is to pay thousands of dollars in Bitcoin.

Police say the email sender may also indicate they've done research on the recipient and will make a "final offer" before retiring after being a hit man.

"He then states he will give the victim the name of the individual who paid for the hit if the victim sends him $2,000 in Bitcoin currency," said police spokesperson Lauren Gilchrist. "The sender will then give the victim all other evidence needed for police to prosecute the individual who paid for the hit. The sender tells the victim that they have three days to send the money."

Police say they've received complaints about the email.

"We urge residents to ignore and delete these emails," said Gilchrist.

They also advise to not respond to any unsolicited emails and to not send money, virtual currency or otherwise to someone you don't know or have never met. They also advise to never provide personal information for another person to use.

Police warn that the way in which money is sent via Bitcoin is completely anonymous and not traceable.

"If the victim does send the money, the police are not able to investigate beyond taking a report," stated Gilchrist.

-----------------------
AREA RESIDENTS TARGETED BY TEXT PHISHING SCAM
(Andover Leader, dated 18th January 2018 author Grant Merrill)

Full article [Option 1]:

http://andoverleader.com/2018/01/area-residents-targeted-by-text-phishing-scam/

###uaware comment : Yes, there is an Andover in the Kansas, USA.

ANDOVER- A number of area banks have reported that their customers are being targeted by phishing scams. At least two financial institutions sent messages this week over social media that indicated that there were problems with unscrupulous people trying to gain money in an illegal manner.

Meritrust Credit Union reported that some of their customers were among those who were victims:

"Attention members: if you receive a suspicious text message appearing to be from Meritrust that asks for you to call with your debit card number, please be advised this may be a phishing attempt. Meritrust will never contact you in attempt to obtain sensitive information. We advise that you do not respond or provide any information, but instead contact us at 800.342.9278 immediately to confirm its validity."

Capitol Federal also said they had problems reported to them as well:

"Please be aware, there is a new text message phishing scam in the area. This specific phishing attempt sends a text message to mobile phone users indicating that unusual activity has occurred on their account. The phone number could appear to come from a local area code. Please do NOT call this number or provide any personal information. This is not a message from CapFed®. For more information on this scam and other phishing help, please visit: https://capfed.com/privacy-and-security/fraud-alerts"

-----------------------
LOCAL MAN CONNED OUT OF £29k IN VOICE PHISHING SCAM
(Evening Telegraph, dated 19th January 2018 author Reporter)

Full article [Option 1]:

www.eveningtelegraph.co.uk/fp/local-man-conned-29k-voice-phishing-scam/

Police have issued a warning to the public following a vishing - voice phishing - scam that resulted in a man losing £29,000.

The incident involved scammers cold-calling a 50-year-old man from the Cupar area last Thursday.

They pretended to be from his bank using software that made it appear as if they were calling from an official number and claimed his account had been compromised.

The man was then convinced to transfer his money into another account for safekeeping, which resulted in the loss.

Officers have issued a warning to the public about the vishing scam and are investigating it through Operation Principle, Fife Division's response to acquisitive crime.

Detective Chief Inspector Scott Cunningham, the lead for Operation Principle, said: "These scammers claim to be from legitimate organisations and try to frighten or pressure people into revealing personal details or banking information.

"Never give such information or transfer money to an unexpected caller and, although anyone can fall victim to this, please warn elderly or vulnerable friends or relatives in particular to be wary this type of scam.

"If you receive such a call, advise the caller that you will contact the company on your own terms and hang up immediately.

"Find the organisation's phone number from its official website or a previous correspondence and call them back yourself, always on a different phone, to verify it."

------------------------
IF YOU GET A CALL FROM GREATER MANCHESTER POLICE, IT'S PROBABLY NOT REAL - FRAUD WARNING
(Birmingham Live, dated 5th January 2018 author Alex Keller)

Full article [Option 1]:

www.birminghammail.co.uk/news/local-news/you-call-greater-manchester-police-14117319

Staffordshire Police are warning people across the county to be on their guard against fraudsters intent on scamming residents out of their hard-earned cash.

Bogus cold callers pretending to be police officers have been targeting potential victims with the intention of obtaining personal or financial information - and money.

A spokesman for Staffordshire Police said: "Victims have received a phone call from a fraudster who tells them they are speaking to a police officer from Greater Manchester Police and that they need them to assist in an undercover investigation.

"Victims are requested to withdraw cash from their bank accounts which is then collected by a courier later that day."

Detectives have issued this advice:

- The police or your bank would never ask someone to aid an investigation by withdrawing or transferring money.

- Never give out or confirm personal and/or financial information to anyone over the phone.

- If you receive one of these calls, hang up immediately and - especially if the caller has stated they are coming to collect the money - call police on 101.

- You can also call Action Fraud on 0300 123 2040 or Crimestoppers on 0800 555111.

------------------------
WARNING AFTER MEN POSING AS BT WORKERS TRY TO GET INTO MERSEYSIDE HOMES
(Liverpool Echo, dated 4th January 2018 author Kate McMullin)

Full article [Option 1]:

www.liverpoolecho.co.uk/news/liverpool-news/warning-after-men-posing-bt-14114234

Vulnerable people who are living alone are being targeted by fraudsters claiming to be from BT.

The police have received reports of two men knocking on doors of houses in the Merseyside area in an attempt to gain entry.

The men claim to be from BT and then tell the occupier that they need access to their property immediately to fix a phone line problem.

However police have warned that these two men do not represent BT and have no ID cards on them and appear to be targeting vulnerable people who are living alone.

Police have also said that the men are pushing cards through the doors of houses, stating the time that they will return.

A spokesman for said: "Please make your loved ones aware and remind them that they do not need to let strangers in to their house.

"People may claim to be from any number of utility companies or other organisations but the advice is always the same - ask for ID, and if in doubt, call the company which they claim to represent.

"Don't call any phone numbers they give you themselves.

"If you are unsure never let them in and always use a door chain if you have one.

"If you have someone trying to gain entry to your property, you can call us on 999, or report any other suspicious sightings on 101."

On its website BT has a list of tips for customers on 'common doorstep scams and how to deal with them'.

###The list reads:

-Always check a charity is genuine before making a donation. The same goes for the person claiming to be from the charity.

-Think about whether you want or need anything the visitor is offering.

-Make sure the visitor properly identities him/herself and the company they represent. Keep a note of these details to check out.

-Don't feel pressurised to sign up for a service or pay for goods straight away. Get more quotes for jobs that need doing and compare prices for goods that a salesperson claims to be a bargain.

-Do your homework before going ahead with improvements or repairs.

-Always get a quote made in writing, with a full breakdown of the costs including VAT before allowing any work to start.

-Be wary of people offering a one-time only price for agreeing to transactions on the spot.

-If you can pay for goods and services over £100 on a credit card, you'll get protection under Section 75 of the Consumer Credit Act, which makes the credit card provider equally liable with the salesman or tradesman.

-Resist paying for work upfront before it has been completed. Only pay once you are happy with a job or set a strict timetable of payments for longer jobs.

-You should install a peep hole to check who's at your door before opening it, plus a safety chain is also a good idea to ensure no one can force their way into your home.

-------------------------
WARNING OVER iTUNES GIFT CARD PHONE SCAM
(East Lothian Courier, dated 20th December 2017)

Full article [Option 1]:

www.eastlothiancourier.com/news/15784651.Warning_over_iTunes_gift_card_phone_scam/?mc_cid=d26cd2d490&mc_eid=f46eab0a3f

EAST Lothian residents are being warned of a phone scam involving iTunes gift cards.

HM Revenue and Customs (HMRC) has issued a warning about a high-profile phone scam that is conning vulnerable and elderly people out of thousands of pounds.

The scammers are preying on victims by cold calling them and impersonating an HMRC member of staff.

They tell them that they owe large amounts of tax which they can only pay off through digital vouchers and gift cards, including those used for Apple's iTunes Store.

Victims are told to go to a local shop, buy these vouchers and then read out the redemption code to the scammer, who has kept them on the phone the whole time.

The conmen then sell on the codes or purchase high-value products, all at the victim's expense.

The scammers frequently use intimidation to get what they want, threatening to seize the victim's property or involve the police.

The use of vouchers is an attractive scam as they are easy to sell on and hard to trace once used.

HMRC said they would never request the settling of debt through such a method.

The scam continues to hit a large number of people. Figures from Action Fraud, the UK's national fraud reporting centre, show that between the beginning of 2016 and August this year there have been more than 1,500 reports of this scam, with the numbers increasing in recent months.

The vast majority of the victims are aged over 65 and suffered an average financial loss of £1,150 each.

HMRC says it is working closely with law enforcement agencies, Apple and campaign groups to make sure the public know how to spot the scam and who to report it to.

Angela MacDonald, HMRC's director general of customer services, said: "These scammers are very confident, convincing and utterly ruthless.

"We don't want to see anyone fall victim to this scam just before Christmas. That's why we're working closely with crime fighters to ensure taxpayers know how to avoid it.

"These scams often prey on vulnerable people. We urge people with elderly relatives to warn them about this scam and remind them that they should never trust anyone who phones them out of the blue and asks them to pay a tax bill.

"If you think you've been a victim you should contact Action Fraud immediately."

Gary Millner, chief executive of Tax Help for Older People, said: "Tax Help for Older People fully support HMRC in tackling this particularly wicked scam.

"We have taken too many calls from people who have fallen foul of it.

"The amounts of money lost are significant for some and the feelings of helplessness, violation and embarrassment are immense."

-------------------------

(27th February 2018)


PHAMTOM DEBT FRAUD ALERT
(Action Fraud, dated 31st January 2018)
www.actionfaud.police.uk

Action Fraud has recently experienced an increase in the number of calls to members of the public by fraudsters requesting payments for a "phantom" debt. The fraud involves being cold-called by someone purporting to be a debt collector, bailiff or other type of enforcement agent. The fraudster may claim to be working under instruction of a court, business or other body and suggest they are recovering funds for a non-existent debt.

The fraudsters are requesting payment, sometimes by bank transfer and if refused, they threaten to visit homes or workplaces in order to recover the supposed debt that is owed. In some cases, the victim is also threatened with arrest. From the reports Action Fraud has received, this type of fraud is presently occurring throughout the UK.

It is important to recognise that there are key differences between the various entities who seek to settle debts or outstanding fees in England and Wales. These differences range from the type of debt they will enforce to the legal powers they possess. To learn more, please take a look at some of the helpful information and links on the Step Change Debt Charity website :

https://www.stepchange.org/debt-info/debt-collection/bailiffs-and-debt-collectors-differences.aspx

Protect Yourself


- Make vigorous checks if you ever get a cold call. Bailiffs for example, should always be able to provide you with a case number and warrant number, along with their name and the court they are calling from; make a note of all details provided to you.

- If you receive a visit from a bailiff, they must always identify themselves as a Court Bailiff at the earliest possible opportunity. Ask to see their identity card which they must carry to prove who they are, this card shows their photograph and identity number. They will also carry the physical warrant showing the debt and endorsed with a court seal.

- If you work for a business and receive a call or visit, be sure to speak with your manager or business owner first. Never pay the debts yourself on behalf of the business you work for; some fraudsters have suggested employees make payment suggesting they can then be reimbursed by their employer when in reality the debt is non-existent.

- Exercise caution believing someone is genuine because you've found something on the internet; fraudsters could easily create fake online profiles to make you believe them.

- Double check with the court, company or public body they claim to work for to confirm whether the call is legitimate; if you use a landline make sure you hear the dialling tone prior to dialling as the caller could still be on the line and you could potentially speak to the fraudster(s) to confirm the non-existent debt. Also be sure to independently search for a telephone number to call; never use a number provided by the caller without carrying out your own research.

- Do not feel rushed or intimidated to make a decision based on a phone call. Take five and listen to your instincts.

- If you know you have a debt, keep in regular contact with your creditor and be sure to establish the debt type at the earliest opportunity if you are not aware. This will help you to understand who might be in contact with you regarding any repayments or arrears.

You can report suspicious calls like these to Action Fraud by visiting www.actionfaud.police.uk or by calling 0300 123 2040.

(27th February 2018)


BEWARE HMRC SCAMS AS THE TAX DEADLINE APPROACHES - HACKERS WILL BE OUT IN FORCE
(International Business Times, dated 26th January 2018 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/beware-hmrc-scams-self-assessment-tax-deadline-approach-hackers-will-be-out-force-1656697

HM Revenue and Customs (HMRC) says it has stopped thousands of taxpayers from receiving scam text messages in the past year, but security experts warn the public is still at risk.

The agency is working to raise awareness of potential fraud ahead of the self-assessment deadline of 31 January, a period when scammers will be out in force. Officials stressed that they will never contact customers who are due a tax refund by text message or by email.

Digital fraudsters posing as HMRC send text messages to unsuspecting members of the public and make false claims, such as suggesting they are due a tax rebate.

Messages will usually include links to websites which harvest personal information or spread malware.

Ultimately, this can lead to identity fraud and the theft of people's personal savings via further cyberattack.

Reports of this type of fraud have quickly increased in volume over the last few years, HMRC said. It noted that text message based scams are highly effective because they can appear to be legitimate. For example, texts can display 'HMRC' as the sender rather than a phone number.

HMRC began a pilot in April 2017 to combat these messages, using new technology to identify fraud texts with 'tags' that suggest it's from HMRC and stops them from being delivered.

Since the pilot began, there has been a 90% reduction in customer reports around the spoofing.

The initiative helped reduce reports of these scams from over 5,000 in March 2017, before the new programme was introduced, to less than 1,000 in December 2017. In the last 12 months, HMRC said that it successfully removed 16,000 malicious websites linked to phishing attacks.

"As email and website scams become less effective, fraudsters are increasingly turning to text messages to con taxpayers," said HMRC customer services director Angela MacDonald. "But as these numbers show, we won't rest until these criminals are out of avenues to exploit."

Working overtime

The department is working alongside the UK's National Cyber Security Centre (NCSC). Experts told IBTimes UK fraudsters will likely be working overtime as the tax deadline approaches.

"Scams and fraud always spike around large events such as holidays and tax season," said Lane Thames, senior security researcher at Tripwire. He added: "It's nice to see organisations such as HMRC implementing technologies to reduce the spread of scam-based messages.

"However, technology can never stop all malicious activities and messages. As such, individuals must, unfortunately, stay mindful and vigilant when using digital services.

"When in doubt, simply look up the organisation online or make a call to verify the claim (do not use the contact information that was delivered to you).

"A little bit of precaution can go a long way in preventing phone, email and text scams."

Mark James, specialist at security firm ESET, commented: "When it comes to tax returns or indeed any type of interaction with HMRC, the scammers have every ingredient they need to deliver an effective attack method with a higher-than-normal chance of success.

"The end user is presented with something they are expecting from an organisation that they need to respond too, along with the perceived scare factor of not answering or cooperating."

(27th February 2018)


167,000 MORE EQUIFAX VICTIMS ALERTED
(Which ?, dated 23rd January 2018 author Faye Lipson)

Full article [Option 1]:

www.which.co.uk/news/2018/01/equifax-to-alert-another-167000-uk-victims-of-its-data-breach/

A further 167,000 victims of the Equifax data breach will receive a warning from the firm, indicating the May 2017 hack may have left them at greater risk of fraud.

The latest wave comes after the firm previously wrote to 693,000 UK individuals thought to be most at risk - taking the total number of UK warning letters to over 860,000.

The credit reference agency says it has decided to write to thousands more victims whose landline telephone numbers were already published in public telephone directories but were accessed as part of last year's cyber-attack.

Which? has already highlighted confusion and alarm caused by the letters, which fail to explain who Equifax is or why it holds victims' data.

Equifax data breach: 15.2m Brits affected

In May this year, Equifax announced its data had been access by hackers in a cyber-attack. Some 15.2 million UK client records were compromised, and Equifax initially wrote to 690,000 UK consumers who are likely to have had sensitive details stolen.

These include email addresses, passwords, driving license numbers, phone numbers and partial credit card details.

This latest announcement reveals that a further 167,000 had their telephone numbers stolen in the attack.

The warning letters offer free identity-monitoring services aimed at spotting impostor applications for credit cards and bank accounts.

Why Equifax has victims' data

Equifax has confirmed that just 3% of the 693,000 worst-hit victims were its direct customers. Many of the victims may have never dealt with - or even heard of - the firm before.

How is this possible? As a credit reference agency, Equifax receives personal data from banks and financial institutions whenever someone applies for a bank account, mortgage or credit card.

Consent for this is usually included in the application terms and conditions, meaning Equifax may hold data on you even if you've never dealt with it directly.

It uses this data to generate your credit reports and score. Lenders then use these to decide how much of a risk you are before they approve your application.

As a result, Equifax's only direct customers are the tiny minority who have transacted with it by purchasing a credit report or identity-monitoring services.

How to verify your letter

If you receive a letter regarding the Equifax data breach, and you're not sure if it's genuine, call Equifax on 0800 587 1584 to confirm the letter is genuinely from them.

If the letter is telling you to call a number other than the one above, it may be a scam.

Should you accept the free identity monitoring services?


If your data has been breached, you may be at heightened risk of identity fraud. To combat this, Equifax is offering its worst-affected UK customers free services which monitor whether your identity has been compromised online.

It's also offering Cifas Protective Registration - a third-party service which prompts banks to conduct extra identity checks when they receive an application in your name.

If you are concerned about the security of Equifax's own products, you can opt to be enrolled in Cifas's service instead - however you will still have to give some personal information to Equifax so it can enrol you for free.

It is possible to enrol directly through Cifas, though this will attract a £20 charge (for two years' cover).

uaware comment

Things are so dodgy now with links, don't even trust the link I provide. Go direct to the "Which ?" website and look for this article. Check the contact details mentioned above, yourself !

(27th February 2018)


"FRAUDSTERS POSED AS TALK TALK AND TRIED TO STEAL £5000" - THE WARNING SIGN TO WATCH FOR
(Mirror, dated 24th January 2018 author Tricia Phillips)

Full article [Option 1]:

www.mirror.co.uk/money/fraudsters-posed-talk-talk-tried-11902442

Jack Taylor was tricked by crooks into giving them access to his bank account and almost lost £5,000 from a clever - and very believable - scam.

Last year he had an issue with his wi-fi router and found a contact number for customer services on the Talk Talk website.

Their team rebooted his router from their end and the problem was solved.

All seemed good until a few weeks later when he received a phone call from someone he believed to be from the Talk Talk team he had spoken to previously.

The caller said his router was reportedly having problems and was running corrupt software.

Jack, 71, was assured they would be able to sort this out and prevent the corrupt software from causing any further damage, but they would need to gain access to his computer using TeamViewer - software that allows remote access to a user's computer.

Jack was quickly transferred from 'customer services' to a member of the fraud team before he'd had the chance to really think about what they were asking him to do.

He was then rushed into entering passcodes into his computer so the person on the phone could access and stop the corrupt software.

ack was told he would receive £200 compensation and was put through to the finance team to sort out the credit.

After giving the caller access to his bank account, the caller claimed they had sent the wrong amount of compensation as the account read £5,200 and they'd need to credit back the £5,000.

That's when alarm bells rang, and Jack had an opportunity to take a breath. He thought to himself, this doesn't sound quite right.

Luckily, each of the attempts by the criminals to withdraw the £5,000 were blocked by Jack's bank. But this didn't deter the fraudsters.

They kept calling and urging Jack to call his bank and let them know this was genuine. He realised this wasn't the real Talk Talk and called his bank to let them know what had happened.

Jack from Herefordshire says: "I just wanted to solve the issue as quickly as possible. The scam call was so quick and seemed legitimate given the recent problems with my router that I didn't have any time to think something was wrong.

"I had a lucky escape as the bank's security system was efficient and raised alarm bells which were going off quietly in my head.

"Many others aren't as lucky as I was."

Financial thieves are out in force with ever-changing scams and dodgy deals which can be difficult to spot.

In the first six months of 2017, a shocking £366.4million was lost to fraudsters and a further £101.2million was stolen through bank transfer scams.

3 Things to remember

1. A genuine bank or other financial organisation will NEVER contact you out of the blue to ask for your PIN or full password - and won't ask you to tap these into your phone keypad. They would never ask you to move money to another account for fraud reasons or send someone to your home to collect cash, PIN, cards or cheque books if you are a victim of fraud.

2. Don't be tricked into giving a crook access to your personal or financial details. NEVER automatically click on a link in an unexpected email or text.

3. Always question uninvited approaches in case it's a scam. Put the phone down. Contact a company direct, using their official telephone number or email.

(27th February 2018)


WHY DO BANKS TAKE DIFFERENT APPROACHES TO FRAUD
(Independent, dated 19th January 2018 autho Felicity Hannah)

Full article [Option 1]:

www.independent.co.uk/money/spend-save/bank-account-fraud-reimburse-customers-pensioners-vulnerable-responsibility-security-a8166316.html

The question of who should bear the loss when a banking customer falls victim to a scam is a thorny one. After all, if a customer has been defrauded by a criminal then it seems unfair that they alone should suffer the entire loss. Yet it's also understandable that few banks want to be responsible for every victim's money. They can argue that those victims failed to take sufficient steps to protect themselves.

Yet this difficult issue appears to be being answered by banks in different ways and the result is that customers are left confused about whether their bank will have their back if they fall victim to fraud. A lack of clarity on the rules leaves them unsure about whether they can appeal if their bank simply says it will not reimburse them.

It can sometimes feel rather like a lottery, with money being returned or not depending on which bank a customer is with when they are targeted by scammers. That's a situation perfectly illustrated by pensioner Susan Moon.

When she fell victim to a sophisticated scam two of her accounts were emptied. One bank immediately reimbursed her. The other did not.

Perfect timing

The scammers struck at the perfect time. Susan and her husband had newly moved into their new home and had builders in when the thieves called. They had been travelling until the early hours the night before and had just a few hours' sleep and Susan was worried about her mother who was unwell.

In the midst of all that came a call from a genuine-sounding man who claimed to be from a BT call centre. Their internet had been compromised, he explained, and he needed to help them protect their accounts. Following his instructions, she and her husband installed software on their computer, entered their bank details and entered information that, without their knowledge, authorised the transfer of money from their accounts.

The scammers were relentlessly plausible, providing a number the couple could call to confirm they were legitimate, offering a code that would be quoted when a "genuine" BT employee called back and reassuring them at every stage that their accounts would soon be safe.

By the time Susan and her husband realised these helpful men were most likely fraudsters it was too late and her money was transferred away into a Metro Bank account.

She explained: "I share an account with my mother so I can help her manage her bills and so on. £3,200 was gone out of that Nationwide account. I just started to sob. Then I went back onto my computer and £3,600 was gone from my HSBC account.

"I just kept crying, we were both so traumatised."

Distressing dealings

Susan's experience shows how distressing fraud can be. However, she says her distress was compounded by the different way one of her banks then treated her.

"Every time I spoke to Nationwide it was like they were wrapping me up in a blanket and reassuring me. HSBC were just demanding 'What did you do?'"

"We had to pick my mum up and she had been ill and I just couldn't tell her. We felt so stupid! You think you're savvy but it was just so believable at the time."

After reporting the fraud on a Friday, Susan had a sleepless weekend. Then on Sunday, she decided to go for a walk to help clear her head.

"On the way back [Nationwide] called. He said, 'I'm not sure about HSBC but we are going to refund your money.' I could have kissed his feet because that was Mum's money. He said it's fine, he told me to stop blaming myself. He was wonderful and the money was there within two hours.

"The phone went an hour later and it was HSBC. She said, 'Because you pressed the button on your keypad, you are responsible for that money. We cannot give you the money back.'"

Susan told the HSBC employee that Nationwide had immediately refunded her but says she was told: "All banks do things differently."

Nationwide told us: "We assess liability on a case-by-case basis but, as a general guide, if a fraudster manages to transact on an account, and the customer did not knowingly authorise and consent to the transaction, we will give a refund."

An HSBC spokesperson said: "The circumstances of each scam dispute are reviewed on a case-by-case basis. As soon as we were made aware of the payment we contacted Metro Bank to make them aware, but it seems their customer had already withdrawn the money.

"We would encourage people to look at the finance industry's 'Take 5' campaign, which we fully support, which provides information on the techniques used by scammers, as well as giving important advice to customers on what they should do when receiving uninvited approaches and requests to share financial information."

Fortunately, for Susan at least, there was a happy ending. After calls from this publication, HSBC said it would credit her account with the full £3,600 "as a gesture of goodwill". Yet she remains shaken by fraud that left her sleepless and tearful, and says that some of that distress was caused by her experiences in dealing with bank employees.

Not clear-cut

It's easy to sympathise with Susan, who was targeted by thieves carrying out such a sophisticated scam, and to agree that both banks should have immediately paid up to spare her any additional distress. However, it's also easy to see that if banks have to accept total liability for fraud losses then we will all pay the price.

Nikki Worden is a partner at Osborne Clarke's financial institutions group, specialising in the regulation of financial services offered to consumers. She says there's a real danger that making banks liable for losses would drive up the cost of consumer banking, potentially ending fee-free banking or increasing other charges.

"I have sympathy for both sides," she says. "I think it's very easy to say 'this should be done' but it's a really complex problem. The more banks pay out then the higher the cost of banking.

"There are also potentially unintended consequences of making banks liable. Just look at the car insurance sector: people made claims for whiplash and it pushed up premiums for everyone."

Worden also worries that making banks liable would encourage criminals to see bank fraud as a "victimless crime", when in fact we would all shoulder the burden.

Pépin Aslett, deputy head of the commercial and chancery group at St John's Buildings, explains that the rules were recently tightened to protect customers from some losses. He says: "From 13 January 2018, the Payment Services Regulations 2017 (implementing the second EU Payment Services Directive) will require banks to refund unauthorised payments no later than the end of the next working day following notification to them. Customers should notify as soon as possible, but do have up to 13 months. The new regulations are a development of existing law."

Unfortunately for those who fall victim to fraud and authorise payments mistakenly or accidentally, there's less protection. Aslett adds: "Although there is a presumption that the customer is right, the new regulations dictate that the bank can refuse to refund the money, or can ask for it back, if they can show that the customer authorised the payment by their consent, the customer acted fraudulently, or it is shown they were grossly negligent in protecting their information."

(27th February 2018)


THE INCREDIBLY BELIEVABLE TRICK FRAUDSTERS ARE USING TO GET YOUR NATWEST BANK DETAILS
(Wales Online, dated 16th January 2018 author Will Hayward)

Full article [Option 1]:

www.walesonline.co.uk/news/wales-news/incredibly-believable-trick-fraudsters-using-14163297

Fraudsters are using fake texts from banks to "harvest" unsuspecting victims' personal banking details.

Anti-fraud organisation Action Fraud have received reports about con artists sending out a range of messages purporting to be from the bank NatWest.

The fraudsters are using specialist software which alters the sender ID on the message so that it appears as if it's come from NatWest, adding it to any existing message threads on the recipient's phone.

If you already bank with NatWest and had a legitimate message from them in the past this could easily catch you out. It seems to be targeting individuals regardless of whether they are customers of NatWest or not.

Victims who click on the link are taken to an exact replica of the NatWest website that asks for sensitive personal information including their full name, address, contact details, and pin and debit card numbers.

The con, known as smishing, is when criminals pretend a message is from your bank or another organisation you trust. They will usually tell you there has been fraud on your account and will ask you to deal with it by calling a number or visiting a fake website to update your personal details.

Some victims have also received calls purporting to be from NatWest after receiving these scam text messages. One woman reported receiving a fake text message like the ones above that urged her to "avoid account suspension", which she ignored.

Later on that day she received a call from a withheld number on her mobile phone from a fraudster posing as a member of the NatWest security team. The fraudster said she would be sent a text message with a six-digit security code and once she received it to immediately tell him what that code was.

The text came through instantly while she was still on the phone and she gave the fraudster the code. This was in fact a genuine NatWest message which contained a warning not to disclose the code.

The victim then got a further real text from NatWest to say a different mobile number to her own had been registered to her NatWest mobile banking app. After the victim immediately checked her app she found £130 had been removed via the "Get Cash" function.

NatWest are investigating the fraud.

According to an Action Fraud spokesman: "A genuine bank or organisation will never contact you in this way. Only give out your personal or financial details to use a service that you have given your consent to, that you trust, and that you are expecting to be contacted by.

(27th Febraury 2018)


PRIVATE SCHOOL PARENTS WARNED AS FRAUDSTERS DIVERT PAYMENTS
(Cornwall Live, dated 5th January 2018 author Shannon Hards)

Full article [Option 1]:

www.cornwalllive.com/news/cornwall-news/private-school-parents-warned-fraudsters-1017337

Parents of privately educated pupils have been warned of fraudsters posing as school staff and intercepting payments.

According to Devon and Cornwall Police, fraudsters are placing themselves in the middle of transactions between parents and private schools.

The fraudster contacts the parents outlining details and payment instructions for the latest school fees.

Initial contact appears to primarily be made via email and often from the school's own compromised email system.

However the National Fraud Intelligence Bureau (NFIB) says it has also seen instances where the email address used is similar to that of the school (i.e. nn instead of an m).

The victim then makes the required payment into the bank account which is in the control of the fraudster. By the time the fraud has been identified, the funds have already been dissipated.

In several instances there has been a strong social engineering element at play within the email, with the fraudster suggesting a discount on the fees can be obtained if the parents pay early.

School

- Ensure all administration staff are aware of this fraud.

- Ensure staff are aware of protocols regarding not opening links or attachments from unexpected or suspicious emails in the event the email system may get compromised.

- Review password protocols and ensure those that are used are strong, as long as possible and contain a combination of letters as well as numbers and symbols.

- Review internal procedures regarding how the fee payments are requested and ensure these are relayed to the parents so they can easily identify suspicious requests.

- Ensure computer systems are secure and that antivirus software is up to date.

- To help combat "typo squatting" the school could consider registering similar domain names.

- Ensure required security updates to computer systems are completed.

- Consider using a payment gateway for any monies required to be received from parents.

Parents

- Always verify email payment changes in respect of payment fees with the school directly using established contact details you have on file, especially for ones which are not expected or for a different amount than expected.

- Always review requests to changes for payment requests. Check for inconsistencies or grammatical errors, such as a misspelled school name or a slightly different email address.

- Don't be afraid to verify details when being asked to make fee payments into a new bank account.

(27th February 2018)


WARNING ISSUED ABOUT "MOST CONVINCING PHISHING EMAIL" EVER SEEN
(Penarth Times, dated 6th January 2018)

Full article [Option 1]:

www.penarthtimes.co.uk/news/15810318.Warning_issued_about__most_convincing_phishing_email__ever_seen/?ref=rss

A WARNING has gone out telling people to be on the lookout for the "most convincing phishing email" it has ever seen.

Scammers have made an exact replica of a real e-receipt from Debenhams and are sending it out in a scam where they ask for personal details in order to get money from people.

A spokesperson for Action Fraud, the UK's national fraud and cyber crime reporting centre said: "This Debenhams e-receipt is the most convincing phishing email we've seen and could be lurking in your inbox.

"More than 55 information reports have been sent to our National Fraud Intelligence Bureau (NFIB).

"We would advise people to not click on any links, delete it and report it to us "Debenhams are aware it's a fake and have had customers contact them directly about it.

"Their e-receipts are issued to people when they make a purchase in store and this is a carbon copy. So these are not only unusual, but could catch some people off guard.

"The giveaway is the fact they were sent from personal email addresses."

A Debenhams spokesperson added: "We are aware of this and we continually take steps to protect customers and support the work that organisations such as Action Fraud and Cyber Aware conduct to encourage customers to be vigilant and aware of the steps they can take to stay cyber secure."

This Debenhams e-receipt is the most convincing #phishing email we've seen and could be lurking in your inbox. Fraudsters have created an exact replica of a real e-receipt, but you'll notice they're sent from personal email addresses and not Debenhams. We've had 55+ reports!

If you received one of these emails, delete it straight away. Do not open any links. Report it to Action Fraud at www.actionfraud.police.uk

(27th February 2018)


WATCH OUT FOR THIS NETFLIX PHISHING SCAM THAT WILL STEAL YOUR CREDIT CARD DETAILS
(International Business Times, dated 10th January 2018 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/watch-out-this-netflix-phishing-scam-that-will-steal-your-credit-card-details-1654630

Netflix users are being warned to avoid clicking on any suspicious email links after a phishing scam was uncovered, which security experts say is designed to steal credit card details.

Found by Australian cybersecurity firm MailGuard, and shared on Twitter by the New South Wales police, the fake emails use convincing social engineering tactics - including the official Netflix website layout - in an attempt to dupe recipients into entering financial details.

The email reads: "We attempted to authorise the Amex card you have no file but were unable to do so. We will automatically attempt to charge your card again within 24-48 hours. Update the expiry date and CVV as soon as possible so you can continue using it with your account."

An 'update payment' button in the email, if clicked, will lead to a phishing site with bogus Netflix branding. Any card details entered will be sent directly to the hackers.

After details are hijacked, the fake website even sends the victim to a real Netflix page to reduce suspicions.

"Netflix has become a favourite vehicle for email fraudsters," MailGuard's Emmanuel Marshall wrote in a blog post Wednesday (10 January).

"Its large customer base makes them a valuable target for brandjacking; cybercrime that exploits the trademarks of well-known companies to deceive victims.

"Phishing can be enormously costly and destructive, and new scams are appearing every day."

A Netflix spokesperson told news.com.au in a statement: "We take the security of our members' accounts seriously and Netflix employs numerous proactive measures to detect fraudulent activity to keep the Netflix service and our members' accounts secure.

"Unfortunately, these scams are common on the internet and target popular brands such as Netflix and other companies with large customer bases to lure users into giving out personal information."

It remains unknown how many people have been targeted in the scam so far.

Luckily, there are ways to stay protected from such schemes, the official Netflix notes on a help page. Crucially, it tells users to never click suspicious messages claiming to be from the firm.

It states: "Never enter your login or financial details after following a link in an email or text message. If you're unsure if you're visiting our legitimate Netflix website, type www.netflix.com directly into your web browser."

And if you clicked a suspicious link or provided any personal information to website posing as Netflix, the company suggests you do the following:

- Change your Netflix password to a new, unique one.
- Update your password on any other websites where you used the same email and password.
- Contact your bank if any payment information was entered, it may have been compromised.
- Forward the message to phishing@netflix.com with the steps above.

(27th February 2018)


DON'T GET CAUGHT OUT BY THE DANGEROUS NEW ARGOS SCAM DOING THE ROUNDS
(Mirror, dated 17th January 2018 author James Andrews)

Full article [Option 1]: www.mirror.co.uk/money/dont-caught-out-dangerous-new-11860029

Note : The actual article has screen shots of the fake emails and texts.

Fraudsters are sending out fake Argos text messages saying you have a package waiting - don't click on them.

The messages look like they've been sent from Argos, but are designed to trick you into clicking on the URL to find out what's waiting.

Members of the Mirror Money team have been sent the message, reading: "Dear shopper, There is (1) package waiting for you! Check here >>," followed by the URL to their scam site.

But there isn't a package waiting, you are directed to a site where they attempt to grab your details by pretending they're offering cheap iPhones.

It's especially dangerous, because if you have ordered anything from Argos, it will appear in a message thread along with genuine messages - perhaps from Christmas presents you bought from the shop.

Worse, once you click fraudsters might be able to collect personal information from your device by installing cookies on your phone that track you, or add browser extensions that can be used to show you advertisements.

How to protect yourself

Sadly, this isn't the only scam message doing the rounds.

"We are aware of fraudulent text messages claiming to be from high street retailers that can lead to fraudsters harvesting your personal banking information," a spokesperson from Action Fraud told Mirror Money.

"Fraudsters will send you a text message that asks you to reply with your personal or banking details, or to call or text a premium-rate number they have created to run up a large bill. This is called smishing. Contact like this is designed to convince you to hand over valuable personal details or your money.

"Don't assume anyone who's sent you a text message is who they say they are. If a text message asks you to make a payment, log in to an online account or offers you a deal, be cautious and report it to Action Fraud online or call 0300 123 2040."

Action Fraud has the following tips for staying safe from phone scams:

Protect yourself


- Don't assume anyone who's sent you an email or text message - or has called your phone or left you a voicemail message - is who they say they are.

- If a phone call or voicemail, email or text message asks you to make a payment, log in to an online account or offers you a deal, be cautious. Real banks never email you for passwords or any other sensitive information by clicking on a link and visiting a website. If you get a call from someone who claims to be from your bank, don't give away any personal details.

- Make sure your spam filter is on your emails. If you find a suspicious email, mark it as spam and delete it to keep out similar emails in future.

- If in doubt, check it's genuine by asking the company itself. Never call numbers or follow links provided in suspicious emails; find the official website or customer support number using a separate browser and search engine.

Spot the signs

- Their spelling, grammar, graphic design or image quality is poor quality. They may use odd 'spe11lings' or 'cApiTals' in the email subject to fool your spam filter.

- If they know your email address but not your name, it'll begin with something like 'To our valued customer', or 'Dear...' followed by your email address.

- The website or email address doesn't look right; authentic website addresses are usually short and don't use irrelevant words or phrases. Businesses and organisations don't use web-based addresses such as Gmail or Yahoo.

- Money's been taken from your account, or there are withdrawals or purchases on your bank statement that you don't remember making.

To report a fraud and cyber crime and receive a police crime reference number, call Action Fraud on 0300 123 2040 or use the website : www.actionfraud.police.uk/report_fraud

(27th Febraury 2018)



DECEMBER 2017

NO, OPRAH ISN'T GOING TO GIVE YOU £3,700 THIS CHRISTMAS
(BBC Trending, 22nd December 2017 author Jonathan Griffin)

Full article [Option 1]: www.bbc.co.uk/news/blogs-trending-42441795

Instagram imposters are trying to trick users into following fake celebrity accounts and sharing confidential details, with promises of thousands of dollars worth of Christmas cash giveaways.

It seems too good to be true - and it is. Instagram accounts purporting to be from celebrities such as Oprah Winfrey, director Tyler Perry and boxer Floyd Mayweather are advertising Christmas cash giveaways.

The accounts urge users to "follow page" and "share with friends" in order to receive handouts as large as $5,000 (£3,700). But they are fake, and anyone counting on a big payout simply for following an account will be disappointed.

After following the fake accounts, users are encouraged to privately send personal information, including email addresses and financial details, to the account owners.

"Money distribution has been slower than expected," claimed one post from a recently-deactivated fake Oprah Winfrey account. "For a quicker distribution please send your CASH APP usernames to @OwnChistmas__ direct messages."

"Cash App" refers to a a money transfer application.

Some of the accounts even claim they have users' security in mind when they encourage the switch to private communication.

"DO NOT share your email address in the comments section due to possible identity theft. We will contact you via direct message," added another post from the now deactivated @OprahOwnsChristmasRealPage.

Thousands of Instagram users appear to be following the accounts, oblivious to the potential danger posed by the hoaxers.

"I really hope this works," wrote one Instagram user using the hashtag #OprahOwnChristmas.
"As a mother facing homelessness if there's even the smallest chance something good like this will happen, I'm taking it," she added, after being informed that the accounts were a hoax. "I don't care if it's fake. If it is oh well but if even for the smallest chance of it being real, I'm taking that chance."

"So my idol is giving out $5,000" wrote another user. "Ma'am $5000 will go a long way in building my business and securing my tomorrow. I pray I get it!"

The celebrities whose images are being used have made it clear that they have nothing to do with the scams.

"These are false social accounts," a spokesperson for Oprah Winfrey told BBC Trending. "We have notified the social media platforms who are working diligently to deactivate these accounts."

BBC Trending approached boxer Floyd Mayweather's team to ask if he had any connection in a similar scheme called the "MoneyMayweatherChristmasGiveaway".

"None whatsoever," responded a publicist for the former five-weight world champion.

While a number of the accounts have been removed, others using similar names now operate in their place using the same hashtags and claiming "we are back" and "it was hacked".

"We work aggressively to fight spam on Instagram," said a spokesperson for Instagram. "If people see these types of accounts, we advise them to report them using our in-app tools, so that we can immediately remove them."

(23rd December 2017)


NAUGHTY, NOT NICE : THESE ARE THE 12 SCAMS OF CHRISTMAS
(Market Watch, dated 18th December 2017)

Full article [Option 1]:

www.marketwatch.com/story/naughty-not-nice-these-are-the-12-scams-of-christmas-2017-12-18

uaware comment : This is a US article, but now slightly Anglacised.

Scammers make a killing during the holiday season. While you spend your time thinking of ways to bring holiday joy to others, they spend their time thinking up ways to steal from you. The saddest part about this is that the ghosts of Christmases past keep visiting Christmas present.

With that, I give you this year's 12 scams of Christmas.

1. The gift card scam

While definitely a ghost of Christmas past, this still works so scammers still do it. It's pretty simple. The thief records the numbers displayed on a gift card, and then calls the company that issued it to find out if it has been activated, which occurs when the card is purchased. The problem here is one of timing. If you buy a gift card early in the shopping season, it's more exposed to fraud. That said, recipients of gift cards often take a while to use them.

Tip: If you are going to purchase a gift card, do it as close to Christmas Day as possible, and encourage the recipient to use it as soon as possible.

2. Sneak attacks on your credit

With the nonstop news of data breaches involving credit card numbers, many of us are walking around with compromised payment cards that can be used by a scammer, and there is no more perfect time of the year for them to try than Christmas. The usual warning signs of an account takeover, or a fraudulent charge, may be harder for financial institutions to spot, since Christmas gifts often don't conform to a cardholder's buying patterns.

Tip: Sign up for transaction alerts from your bank or credit card issuer that notify you any time there is activity on your accounts.

3. Fake charities


While it's not exactly the way it plays out in our nation's malls and shopping districts, Christmas is traditionally a time for contemplation and charitable giving-something captured very well in Charles Dickens's classic, "A Christmas Carol." So if you want to give during the holiday season, it's crucial to make sure the appeal is real.

Tip: Before responding to an online appeal, visit the website by typing in the organization's URL manually, or by using search to find the link. If you are still unsure, call. If you are still uncomfortable, go to the UK Charity Commission website.

4. Temporary holiday jobs

Holiday jobs are a good way to make some extra money, and there are a lot of them, but bear in mind there are myriad scammers out there who may offer fake jobs to harvest your very real personally identifiable information-the most valuable of which being your Social Security number.

Tip: Don't give your Social Security number to anyone unless you absolutely have to, and don't provide it before you confirm you're dealing with a representative of a real organization that has offered a job to you. Never send your information digitally unless you know the recipient uses proper security protocols. (You may not be using secure tech either, so try to be conservative about what you send digitally.)

5. Phishing, vishing and smishing

You might receive a phone call, a text or an email. It doesn't matter what the delivery system is, it's a fraud but it won't necessarily look like one. It could look like a sales promotion from a brand you like, or an offer on a deal that seems too good to be true, or even just "pretty good." Scam artists can be very nuanced. Be on the alert before you act on any offer.

Tips: Check to see the URL matches exactly, and that you never provide any personal information on any webpage unless the URL is secure and starts with "https." Email links should always be considered suspect.

6. True love

The holidays can be lonely, and catphishers know that. Love scams are the worst, as they prey on the emotions in the most exploitative ways disarming the heartstrings with an eye to loosening purse strings. The money lost can be considerable, and the upset unfathomable.

Tip: As corny as it seems, be careful with your heart and don't give it away to just anyone. If you feel like you're falling for someone and they somehow can never make an in-person appearance, don't send them money to do so. You can do better.

7. Hotel scams

You might fall victim to the restaurant flyer scam, the menu for a nonexistent eatery shoved under the door resulting in an order that gets you robbed, or it could be the front desk scam where you get a call after check-in asking for another credit card number because "the one you provided was rejected."

Tip: Assume the worst when in unfamiliar territory, and be on guard when traveling. Always distrust. Always verify.

8. Fake online shops

This is a tough one, but here's the deal…Bargain? Amazing prices on things that should cost a lot more than they are asking on a fake online shop is alluring, which is why people fall for them all the time. Pop up shops are cool, but they may not always be legit.

Tip: Look at the About Us page and call the designated contact number. If there is no number, think twice before making a purchase. Also pay attention to detail. Are there spelling errors in the copy? Bad-looking stock photos? Look for trouble.

9. E-cards

We all appreciate the sentiment behind an e-card, but that should not outweigh the risk of malware that can take a computer hostage or record every keystroke so that your most sensitive credentials for financial accounts can be stolen. E-cards are a popular form of fraud among scam artists, and you should be very cautious when you receive one.

Tip: Email, call or text the sender and ask if they sent an e-card. In this environment of constant attack, they will understand

10. E-voucher scams

This scam is built for people old enough to remember a physical, printed voucher, which, presented in person at a brick and mortar store, would get you a discount. They were basically a coupon. E-vouchers are fine if they come in the form of a number sequence, discount code or keyword, but anything else should be considered suspect.

Tip: Be on the lookout for grammar or spelling errors. Always type in the URL of the site for which you have an e-voucher, and enter the code or number there. If it comes by way of text or email and it involves a link, don't click through.

11. Fake shipping notifications

What could be worse than a message from your favorite e-tailer letting you know that the must-have item you ordered is out of stock or was sent to the wrong address. Another oldie but goodie among thieves is a notice informing you that the "Item has been delivered" when it hasn't been.

Tip: Never click any link associated with this type of communication. Always log onto the e-tailer site for more information, or pick up your phone and call.

12. Wish list scams

Online wish lists are a bad practice that should be discouraged. In theory, the online wish list creates a place where friends and relatives can find out what you want for Christmas, which many find preferable to guesswork. Beyond being horribly transactional, the practice opens the list-maker to phishing attacks, since scam artists will automatically know what interests you.

Tip: If you must post a wish list online, custom set the privacy on the post so that only particular people can see it, and don't include any personally identifiable information.

At Christmas it's always better to give the gift, than be the gift that keeps on giving to identity thieves.

If your personal information does fall into the hands of a scammer, be sure to monitor your credit for signs of identity theft.

(23rd December 2017)


POLICE INVESTIGATED MY £66k FRAUD LOSS AND TOLD ME NATIONWIDE'S PROCEDURES WERE SUBSTANDARD
(The Telegraph, dated 16th December 2017 author Amelia Murray)

Full article [Option 1]:

www.telegraph.co.uk/personal-banking/savings/police-investigated-66000-fraud-loss-told-nationwides-procedures/

ank transfer fraud has been one of the most talked about financial issues this year.

Yet victims, such as reader Cally Ellison continue to lose life-changing sums because of weaknesses in the banking system.

Ms Ellison, 61, was developing a property in east London, with her business partner Julia Lee, when she received what looked like a genuine email from her building firm.

It requested a payment into an alternative Nationwide account because it claimed its bank was in the process of completing its "end-of-year account reconciliation".

Ms Ellison, who lives in London, made two separate transactions, one for £50,000 on Sept 14 last year, and another for £25,478 the next day. Days later the building company contacted Ms Ellison to say it had not been paid.

She immediately called her bank Barclays to report the scam. Just over £9,000 was recovered but more than £66,000 had already been transferred out of the Nationwide account.

Ms Ellison contacted Nationwide, the Metropolitan Police and the Mayor's Office for Policing and Crime headed by Sadiq Khan.

Three months later she received a call from Edmonton police force. Ms Ellison said an officer explained that the details of her case had "filtered down" from the Mayor's office and would be passed to police in Scotland because one of the fraudster's transactions had taken place in Aberdeen.

It was during this investigation that Ms Ellison said she was told by the police that Nationwide's "know your customer" checks - supposed to be conducted when an account is opened - were "substandard".

She said the police "weren't happy" and reported Nationwide to the regulator, the Financial Conduct Authority. Despite the allegation Nationwide refused to reimburse Ms Ellison the stolen funds.

The building society also refused to refund £8,700 to another scam victim, Balazs Kelemen, last month, despite damning police evidence that revealed that it had allowed a fraudster to open an account with a false Romanian ID card and a counterfeit British Gas utility bill.

The mutual insisted it made "required and reasonable" checks and was satisfied the paperwork appeared to be genuine. It denied negligence.

Arun Chauhan, director of Tenet Compliance & Litigation, a law firm providing advice on financial crime compliance, suggested that staff were not being trained well enough to identify ID documents and there was a lack of consistency across the industry when it came to account opening procedures.

Mr Chauhan said banks needed to tighten up their checks by asking for a greater number of documents or more time to gain "independent verification" before approving an application for an account.

He said that if the banks' checks failed, there should be a compensation scheme operated by the FCA which would be contributed to by all banks.

Nationwide said it "sympathised" with Ms Ellison, but denied an error had been made.

It said that the account was opened in accordance with the "legal and regulatory standards in place at the time".

Police Scotland said enquiries had concluded and the victim had been offered "appropriate advice".

Telegraph Money has waged a campaign to force those banks that provide services to criminals - the recipient banks, in cases of transfer scams - to take greater responsibility for their role in these crimes. And while there is much further to go, we have celebrated a number of successes with readers' losses being recouped.

Patterns have emerged in the cases we have brought to light that suggest consistent weaknesses in some banks' processes. Banks are required to carry out "customer due diligence" measures, for example, as part of their anti-money laundering procedures.

But in numerous cases reported by Telegraph Money, banks are still accepting fake IDs and other false documents as sufficient proof to open and operate accounts. Nor do banks operate consistent screens to detect questionable payments.

Transfer fraud data was collated and published for the first time in November this year by UK Finance, the industry body, which revealed that these scams are now the second biggest type of payment fraud after card fraud.

More than £100m was lost to these types of scam in the first half of this year in nearly 20,000 cases. Just £25m was recovered. Consumers lost an average of £3,000 and businesses £21,500.

The Payments Systems Regulator is considering a "reimbursement model", among a number of other remedies, which if introduced would apply from September 2018.


How can non-customers report fraudulent accounts?


Readers have asked how they might report a suspicious account to a bank when they are not a customer.

- Suspect Halifax accounts can be reported on 03457 22 55 25. Lloyds' number is 0800 917 7017.

- Barclays takes calls from customers and non-customers on 0345 050 4585.

- Santander's 24-hour hotline is 0800 9 123 123.

- TSB Reports can be made on 03459 758 758.

- HSBC said people should contact their own bank if they have concerns about HSBC accounts.

- RBS and NatWest do not have a way for non-customers to report accounts.

******** Also report scams to Action Fraud.

(23rd December 2017)


POLICE WARN AGAINST FRAUDSTERS DISGUISED AS BANKS AFTER 74 YEAR OLD SCAMMED OUT OF £140K
(Daily Record, dated 13th December 2017 author Graeme Murray)

Full article [Option 1]:

www.dailyrecord.co.uk/news/scottish-news/police-warn-against-fraudsters-disguised-11688721

Police have warned the public to remain vigilant against telephone fraudsters after a 74-year-old woman was scammed out of £140,000.

Residents in Tayside, Angus and Perthshire have been targeted by callers pretending to be from their bank or from other business companies.

The "phishing" fraud ends with victims being encouraged to either transfer their money to another account or provide personal details to the fraudster allowing them to transfer the money.

A 74-year-old woman from Dundee, Tayside, lost £140,000 after being scammed by criminals claiming to be from the fraud department of her bank.

Police say attempts by the bank are under way to retrieve the money.

In another scam, a 75-year-old man from Montrose, Angus, was duped into transferring £74,000 into other accounts. On this occasion the bank managed to retrieve the funds.

And an elderly woman from Kinross, Perthshire, was called by someone claiming to be from BT. She was told her computer had been hacked and her bank details were required which she gave to the caller and lost £5,000.

A spokesman for Police Scotland said: "Police would advise residents to be alert to any phone call they receive from a person claiming to be from a bank, financial institution, business company either asking for money to be transferred or asking for a phone call to be made to the bank. Do not provide any of your details.

"If you do decide to call the bank, where possible call from a different phone line or mobile number. If in doubt, ask the caller to put a stop on your account and attend your branch in person."

------------------------
A PENSIONER LOST £15K IN A BOGUS POLICE OFFICER CON
(Wales Online, dated 13th December 2017 author Will Hayward)

Full article [Option 1]:

www.walesonline.co.uk/news/wales-news/pensioner-lost-15000-bogus-police-14030881

A new scam has seen a Welsh pensioner conned out of almost £15,000 by fraudsters posing as police officers.

Members of the public are being contacted, usually by phone, by fraudsters pretending to be from the police or in some cases the fraud team within their bank.

The criminals claim they are investigating a fraud at a local bank branch where staff are suspected of being complicit, including issuing fake bank notes.

They then ask their target to help with their operation.

As part of the scam the individual is asked to visit the branch and withdraw a substantial sum, often thousands of pounds, of the supposedly counterfeit cash to hand over to the fake police for "analysis".

he victim is assured that the money will be deposited back into their account after the operation is complete.

However, once the money is passed over the fraudster disappears with the cash.

The criminals instruct their victims not to discuss the case with anyone in the branch, giving them plausible explanations as to why they are withdrawing the money.

As a result, despite being questioned by the bank staff, the victims takes out the cash, convinced staff are part of a fraud.

One of the victims was a pensioner from Crickhowell who was unable to get all her money back.

Paul Callard, Financial Crime Team Manager for Dyfed-Powys Police, said: "This scam has targeted individuals in our force area and we've actually received a report from a female victim in her 70s from Crickhowell, who was conned out of almost £15,000.

"The victim was able to get the initial £5,000 back from the victims bank however has not been able to get the other £9,638.16 back. Scams like these have such a negative impact on victims.

"I would urge people to please act with caution if approached by these types of scamsters. If in doubt, hang up and ring police on 101."

Katy Worobec, Head of Fraud and Financial Crime Prevention, Cyber and Data Sharing at UK Finance said: "This is a particularly nasty scam as it plays on people's public-spirited nature to assist the police.

"We are receiving a growing number of reports of it occurring, with people often losing large amounts of money, so it's vital that everyone is aware.

"Remember, the police will never ask you to withdraw money and hand it over to them for safe-keeping."

How to avoid this scam:


-The police will never ask you to become part of an undercover investigation or for you to withdraw cash and hand it to them for safe-keeping.

-Be wary of any calls, texts or emails purporting to be from the police asking for your personal or financial details, or for you to transfer money.

-If you are approached, or feel something is suspicious, hang up the phone and don't reply. Then report it to Action Fraud and your bank on their advertised number.

Visit the Take Five to Stop Fraud website for more advice on how to stay safe from scams.

----------------------

(23rd December 2017)


NEW ANTI-SCAM SCHEME BLOCKS £9m OF FRAUD IN A YEAR - BY GIVING BANKS THE POWER TO TELL POLICE IF YOU'RE AT RISK
(Mirror, dated 13th December 2017 author Vicky Shaw)

Full article [Option 1]:

www.mirror.co.uk/money/new-anti-scams-scheme-blocks-11683072

More than £9 million of potential fraud has been stopped in the first year of a scheme which protects victims when they visit a bank or building society branch, a finance industry body has said.

In the 12 months since a pilot launch, the banking protocol has prevented £9.1 million of fraud - with individual customers protected from losing sums ranging from £99 up to £212,000, according to trade association UK Finance.

The "rapid response" scheme enables bank staff to contact police if they suspect a customer is in the process of being scammed, with an immediate priority response to the branch.

As well as preventing fraud, the initiative ensures a consistent response to potential victims.

UK Finance said the scheme has led to 101 arrests being made nationally, with police having responded to 1,262 banking protocol calls.

The banking protocol was first launched in October last year with a pilot in London, before a national roll-out started in May.

It was developed as a partnership between the finance industry, police and Trading Standards. The Post Office is also part of the protocol.

The scheme is now in place in 43 police forces across the country, with all remaining forces across the UK committed to introducing it, UK Finance said.

Katy Worobec, managing director of economic crime at UK Finance, said: "Fraud can have a devastating effect on some of the most susceptible people in society and it's by working together with law enforcement, and others, that we can make a real difference when it matters most.

"The finance industry is determined to crack down on fraud and is taking action on all fronts - the protocol is an important weapon in our armoury."

Lord Harris, chairman of National Trading Standards, said: "The National Trading Standards' scams team has been integral to the implementation of the banking protocol and I am pleased to see that it is already having a real impact.

"This example of partnership working is key to tackling criminal activity in a world where criminals are constantly innovating and finding new ways to convince consumers of their legitimacy."

Commander David Clark, City of London Police, said: "I applaud the initial success of the scheme and support it going forwards."

------------------------
I WAS SAVED FROM A £10,000 CAR SCAM
(BBC News, dated 13th December 2017 authors Simon Gompertz and Kevin Peachey)

Full article [Option 1]: www.bbc.co.uk/news/business-42323411

Seventy-two-year-old Barry Fox is one of hundreds of people saved from scams after bank staff stopped him spending £10,000 on a fictitious Rolls-Royce.

The retired lorry driver went into his Barclays branch intending to withdraw the cash to pay for the luxury car he saw on an internet auction site.

Staff were concerned and used a new system to alert police to the case and, within 30 minutes, officers were there.

They made checks and alerted Mr Fox to the fact he was about to be scammed.

This was one of 1,262 calls made by bank staff to police or trading standards under the Banking Protocol system that should see an officer arrive to offer help within an hour.

UK Finance, which represents the major banks, said this had saved potential victims a combined total of £9.1m in its first year of operation. Individuals had been saved between £99 and £212,000 each.

Mr Fox had received some inheritance and decided to spend it on his dream car.

The seller told him that they would pick him up from a railway station and then travel to a countryside location to pick up the car. He would pay £10,000 in cash. Bank staff said it "didn't seem right".

The police officers alerted him to the fact that the car was registered hundreds of miles away. The details of the seller on eBay did not match the business which had the car, so there was no realistic possibility of buying it.

"I might have gone there with £10,000 in my pocket and been knocked over the head with a stick or something," said Mr Fox.

Mr Fox was simply advised not to take out the money in this case. Eventually he bought another Rolls-Royce being sold legitimately.

In other cases in the last 12 months, 101 arrests have been made after calls were made by concerned bank staff.

The system has been introduced gradually across the country since May and nearly all UK police forces are now signed up.

Katy Worobec, from UK Finance, said: "The finance industry is determined to crack down on fraud and is taking action on all fronts. The protocol is an important weapon in our armoury."

(23rd December 2017)


TECH SUPPORT SCAMS HITTING MORE COMPUTER USERS ONLINE
(Chicago Tribune, dated 11th December 2017 author Robert Channick)

Full article [Option 1]:

www.chicagotribune.com/business/ct-biz-tech-support-computer-scams-bbb-20171211-story.html

uaware comment :
This US article just shows the variance of this common scam

For consumers who turn over control of their computers to remote technicians online, the fix may already be in.

A growing number of remote tech support scams are popping up, in which users facing "crashed" computers give online access for repairs that do nothing more than drain their wallets, according to a study released Monday by the Better Business Bureau.

"We're getting a lot more calls on these types of scams," said Steve Bernas, president and CEO of the Better Business Bureau of Chicago and Northern Illinois. "But what's really alarming is most consumers don't realize they've been scammed."

For many users, the scams begin with pop-up warnings saying their computers have been infected by viruses or malware. The computers may lock up, issue piercing alarms or even mimic the dreaded "blue screen of death" that appears when a computer has crashed completely.

The pop-up messages, which often appear to come from reputable tech companies such as Microsoft, HP, Apple or Dell, offer help fixing the problem with a toll-free tech support number. In actuality, that's when the problem begins.

Consumers who call the number will be hooked up with technicians who offer to take remote control of the computers, scan for issues and repair them. The fee is generally around $500.

In most cases, the technician will repair nothing but may spend as much as an hour nosing around the computer, looking for sensitive information and inserting malware to continue to monitor the user's activity.

"If you did pay somebody recently $500 or so to dial in and fix your computer, it may have malware in it, so be very careful," Bernas said.

Illinois Attorney General Lisa Madigan also warned computer users to be wary.

"Do not respond to any communications claiming your computer has a problem - do not click on pop-up ads or email attachments and hang up immediately on calls; these are scams," Madigan said in a news release. "Please contact my office if you want to determine whether a call or message is a scam."

The Federal Trade Commission and the FBI received more than 41,000 remote tech scam complaints through the first nine months of 2017, resulting in more than $21 million in losses, according to the Better Business Bureau report.

That may represent just a fraction of the actual scams taking place, with less than 10 percent of victims reporting it, according to the FTC.

Victims run the demographic gamut, with millennials more likely to continue with a fraudulent tech scam offer than any other age group.

In addition to online recruitment, victims are lured into the scams through cold calls from technicians claiming to be from Comcast, Norton, Dell and other major companies. Scammers have also begun to use robocalls with fake caller IDs to sell the fraudulent remote computer repairs.

Beyond the initial fee, the tech support scammers may take advantage of remote computer access to view online bank accounts and other sensitive financial information to directly take money from the victims.

The tech scams are becoming more common, with two out of three internet users affected in the previous 12 months, according to a 2016 Microsoft survey.

A report by Stony Brook University found that more than 85 percent of the tech scammers were based in India, where many U.S. companies outsource for legitimate information technology support. Less than 10 percent of the scammers are based in the U.S.

Consumers who believe they have been scammed should report the incident to the Better Business Bureau and the FTC, change their passwords, and take their computers to legitimate bricks-and-mortar repair shops, if necessary, the report advises.

The report recommends keeping anti-virus software up to date and thoroughly researching tech support companies before giving them online access. And for those suddenly confronted with blaring and potentially fraudulent pop-up messages warning of a computer virus, there may be a very simple fix.

In most cases, the Better Business Bureau advises, the best way to clear the warnings is simply to close the browser or reboot the computer.

(23rd December 2017)


HSBC FINALLY PAID ME £4,000 AFTER I WAS FLEECED BY ONE OF ITS CRIMINAL CUSTOMERS
(Telegraph, dated 9th December 2017 author Amelia Murray)

Full article [Option 1]:

www.telegraph.co.uk/personal-banking/savings/hsbc-finally-paid-4000-fleeced-one-criminal-customers/

A high street bank used by an eBay fraudster to steal thousands of pounds has agreed to refund a scam victim the full amount as a "goodwill gesture".

HSBC refused to explain why it would be refunding £4,000 to Halim Soltani and his wife after they realised they had been defrauded but experts suggested it might have been because the bank realised the criminal's account should "never have existed".

Other banks used by fraudsters have refused refunds in similar circumstances, highlighting the inconsistent approach to fraud in the banking sector.

Last week Telegraph Money reported how two scam victims had been refused refunds from the criminals' banks, despite police reports showing that the accounts had been opened using false details.

Mr Soltani found a shepherds hut on eBay listed for £5,000. The seller agreed to reduce the price to £4,000 for a "quick sale" and a few days later Mr Soltani received an invoice sent in a spoofed email which looked as if it came from eBay and paid £4,000 by bank transfer.

The hut failed to show up and the seller stopped responding to messages. Mr Soltani said he realised that he had been duped when he saw the hut relisted on eBay under a different user name.

Ebay refused to refund him as he hadn't paid through the platform using PayPal.

Mr Soltani said: "It's ridiculous how we're protected through PayPal and when we use credit cards but not when we pay by bank transfer. This was still a crime - why aren't we protected?

Mr Soltani first contacted eBay, his bank, Santander, his local police and Action Fraud, the national cybercrime reporting service. When none of these organisations was able to help he wrote to this newspaper for advice before emailing the chief executive of HSBC.

He gave us the details of the fraudster's HSBC account - the account number, sort code and account holder's name - and we offered to cross-check them with a source who collates data on fraudulent accounts.

Our source had no record of the account but said the surname of the account holder, Andy Rybbar, had been associated with a number of accounts set up in September this year for the purpose of fraud and that he had alerted the Financial Conduct Authority (FCA), the City regulator.

Mr Soltani included this information in the email he sent to HSBC's boss on November 3. He referred to the notification to the FCA and asked why HSBC allowed the account to be set up and what checks and controls were used.

Less than a week later the bank agreed to reimburse the money although it refused to share any information about the fraudulent account because of its "data protection responsibilities". The money was refunded on November 8.

HSBC refused to explain to Telegraph Money why it had offered a refund in circumstances where other banks had not.

It said "each case is looked at individually" and in this case it had "considered all the facts and decided to refund as a goodwill gesture".

Richard Emery of fraud consultancy 4Keys International, who has appeared as an expert witness in fraud cases, said he believed that HSBC had decided to pay up because it might have discovered that it had made a mistake with the account involved.

He said: "I believe the bank made a gesture of goodwill because it recognised that the receiving account should not have existed. This is different from admitting that there are flaws with its general anti-money laundering processes."

Experts have advised victims to hold the "recipient bank" - the one used by the fraudster - to account.

Earlier this year David Clarke, a former detective chief superintendent and board member of the Fraud Advisory Panel, the leading anti-fraud charity, said in every case of bank transfer fraud "we need to ask if the bank could have prevented it".

"If the answer is yes, the banks should be viewed as having facilitated the crime," he said.

Boost for victms : MP backs Telegraph campaign

Telegraph Money was the first to highlight the significance of the "recipient bank" in cases of bank transfer fraud. This is the bank that runs the criminal's account, the one to which the victim is deceived into sending his or her money, as opposed to the victim's own bank.

TSB was the recipient bank in a case we reported in January.

This newspaper forced TSB to admit that it had allowed a criminal to open an account with fake credentials, enabling the theft of £3,400 from a reader, David Burton.

The bank refunded him the full amount plus interest and compensation three years after the scam took place.

However, victims are often turned away by the recipient bank when they try to report the crime or ask for information about the fraudster's account on the grounds that the bank has no duty of care to non-customers.

"Data protection" is often cited. As a result, success stories are rare, even when there is glaring evidence that banks' systems have failed.

But our campaign received a boost this week when MPs attacked banks for failing to tackle online fraud or to compensate victims when their processes for vetting new customers were found to be lax.

Maria Miller, MP for Basingstoke, secured a Westminster Hall debate on Tuesday on "fraudulent accounts in the banking sector", during which she demanded to know which organisations were holding banks to account when their systems failed, and acknowledged this newspaper's attempts to force recipient banks to take responsibility.

She also highlighted how the City regulator had the power to fine firms but would not look at "individual cases".

The Financial Ombudsman Service can usually look at problems only with a customer's own bank or with matters that directly concern the payment in question - not account opening processes.

Ms Miller called for a review of "banking responsibility" and an extension of consumer protection for those tricked by bank transfer fraud.

The public accounts committee, which looks at government spending, also criticised the banks' response to online fraud, which it said had "not been proportionate to the scale of the problem".

It said it was "not convinced" that fraud awareness campaigns, such as "Take Five", led by Financial Fraud Action UK, the industry body, were effective.


What the banks should do to fight fraud

Telegraph Money has consistently highlighted banks' failure to help fraud victims. These are five measures that we have called on banks to adopt:

- The victim's bank should contact the recipient bank within 30 minutes of the fraudulent bank transfer being reported

- Banks should question and halt unusual transactions

- They should check account holders' names in addition to account numbers when processing payments

- Banks that provide accounts to fraudsters should be required to demonstrate that proper checks were carried out

- All banks should offer easy-to-find ways for non-customers to report fraud 24 hours a day

(23rd December 2017)


TEXT ALERT - THE "BANK" MESSAGE THAT COST A STUDENT £5,400 OF HER LOAN MONEY
(The Guardian, dated 9th December 2017 author Miles Brignall)

Full article [Option 1]:

www.theguardian.com/money/2017/dec/09/text-bank-student-loan-money

When Alison Dean received a text from her bank, the Co-operative, asking whether she had just made a £999 purchase - asking her to call the bank if she hadn't - she did what many of us would have done, and dialled the number in the message.

After all, the text had clearly come from the bank - it was listed on her handset amid previously sent texts that the PhD student knew had come from the Co-op - and she was well used to getting such messages from the bank.

But the text message wasn't from the Co-op. Somehow, fraudsters had managed to insert the message into the run of authentic texts from the bank. When Dean rang the number, she was duped into handing over her personal details - and the crucial card-reader-generated code. That allowed the crooks to remove £5,400 from her account - and the Co-op says it will not be refunding her.

If that sounds bad, how about the case of Ben Bowman, who thought he might have to give up his university place after less than three weeks at Bristol, after being similarly conned? In his case he was rung up by fraudsters who knew all his details and previous transactions - to the extent he was convinced he was talking to his bank, Natwest.

Once they had duped the budding rapper into handing over his personal details, the crooks managed to take his first student loan payment of £1,713 and, incredibly, to successfully apply for a £20,000 loan in his name. Both duped students say they have no idea how the fraudsters got their mobile number, or how they knew that they were customers of those particular banks (see below).

Dean's case is particularly worrying as it exposes how easy it is for fraudsters to text customers "as the bank" by disguising the number the text is sent from.

It is also a reminder that consumers should not trust any information apparently to them sent by their bank via email or text. Account holders should only call their bank using the phone number on the back of their card, not the number on a text or email. Students seem particularly prone to this scam as they are often financially inexperienced.

Dean, who is studying biology, says: "As soon as I got the text I called the number and they answered as the Co-op's fraud department. I was on the phone to them for 24 minutes. Throughout the call I had no reason to believe I wasn't talking to Co-op staff. I gave them my card details and used my card reader over the phone. Looking back it seems rather stupid but it was all done so expertly. I genuinely thought I was talking to bank staff who were helping me deal with a fraud."

She says as soon as she realised that something was wrong she called the Co-op to report what had happened. By that time five transactions had been made from her online banking account. The Co-op cancelled two of them, but three had already gone through. It has since refused to refund her the £5,400 taken and has, she says, just washed its hands of the matter.

Ben Bowman's case is similar except that he was physically called on his mobile by someone claiming to be from Natwest's fraud department. The caller proceeded to list his previous transactions, and asked him to confirm the genuine ones. He was then asked if had bought a £140 handbag in Edinburgh.

"The caller knew I had bought a Domino's pizza two days ago and all my other purchases. I had never been called up by a fraud department but he sounded exactly as I would have expected. All the account details he quoted were right. I was 1000% convinced that the guy worked for Natwest and was genuine. He said he would send me a text which I should read back to him. I kept thanking him for helping me," says the politics and international studies student.

At the end of the call he says he was told that Natwest would shut down his online banking facility and that he should delete the mobile app. He just happened to go home for the weekend, where he received a letter from Natwest approving the £20,000 loan the bank had given the "penniless" student. A visit to his local branch exposed the scam - £500 had been taken each day for five days. Staff, he says, spent three minutes analysing the case and then declared he was responsible and would get no refund.

"They were quite happy to send me out of the branch knowing that I had absolutely no money in the world," he says.

Following the Guardian's intervention, Natwest has had a change of heart and has refunded Bowman the £2,500 he lost as a "one-off" gesture of goodwill.

"We know how distressing being a victim of fraud can be and would encourage customers to remain vigilant in response to unexpected phone calls from individuals acting as their bank and if requested to provide security details, hang up immediately and phone the bank on a trusted number," says a Natwest spokesman.

However, the ethical bank, the Co-op, has refused to refund its customer despite Money's intervention.

A Co-op spokesman said: "She responded to the fraudulent message and disclosed her full security details, which is something we explicitly advise customers not to do. As with all banks, we would never ask customers to disclose full security details, or use our two-factor authentication card reader to perform transactions over the phone. As she was in breach of our terms and conditions and means we are unable to refund her for the losses she incurred."

Meanwhile, Bowman says his online banking days are probably over. "It will be a pain but this episode says to me that it's just not worth the risk," he says. "The way the bank wanted to put it all on me, was just ridiculous and breaks all the safety promises they make when you start banking online."

Some names have been changed

How did the fraudsters get their details?

Could the two featured victims both have been caught up in hacking incidents that could have put their personal details in the hands of fraudsters?

Both victims had registered their debit cards with Uber. The company has admitted its customers' mobile phone, email and other personal details were hacked last year, but claimed no card details were compromised. Many shopping sites have poor online security, and there are probably other hacking incidents of which consumers are not even aware. Any one of these might have led to fraudsters obtaining crucial details about the students.

Fraudsters who know the first few digits of a debit card can usually work out which bank provided the card. If they also have the mobile phone number and customer's name they are in business, and can immediately target the customers in the ways seen above. These are not mass texts and emailing exercises; individuals are targeted so that the fraudster has someone ready to pick up the call to the "bank".

The real banks all use clients' mobile numbers as a way to contact them, but the systems are arguably insecure. It is easy for a fraudster to send texts as if they were the bank. In the past Money has highlighted how easy it is for fraudsters to take over a victim's mobile phone account entirely. If your phone suddenly stops working and your bank uses your mobile to contact you, be on guard for a possible fraud.

(23rd December 2017)


TWO IN 3 SHOPPERS "AT RISK" ONLINE - SIMPLE CHECKS YOU CAN DO TO STAY SAFE THIS CHRISTMAS
(Mirror, dated 8th December 2017 author Tricia Phillips)

Full article [Option 1]:

www.mirror.co.uk/money/two-3-shoppers-at-risk-11655957

Two-thirds of online Christmas shoppers are putting themselves at risk of fraud over the festive season.

Research from National Trading Standards found people are being careless with at least one simple safety check, such as not looking for signs a website is secure and not doing their research on products or sellers before pressing the purchase button.

Shoppers said the reason for not doing vital checks is because they were in a rush and didn't have the time. Or they got carried away trying to bag the cheapest price.

But, one in five people hadn't a clue what they should look out for when shopping online.

Almost a third of people admitted to buying from social media sites or websites promoted by them.

Trading Standards says this is notoriously risky as crooks target their victims via social media. It said there is a mass of counterfeit and unsafe products, subscription traps and other scams lurking out there.

Lord Toby Harris, chair, National Trading Standards, said: As Christmas delivery deadlines draw closer it can be tempting to rush your online purchases, but I would urge people to take their time and do simple safety checks before pressing 'purchase'.

"These checks aren't infallible, but by taking the precautions that are available to us we can make it less likely that we will end up with something unsatisfactory - or dangerous - under the Christmas tree."

Check before your buy

- Search for reviews of products and sellers to try and find out if they seem genuine.

- Spelling or grammar mistakes on websites could mean it's not a professionally run business.

- Look for the 's' at the end of the http part of the web address, and for the padlock symbol in the task bar - this means the site is using an encrypted system that keeps your details more secure.

- Be wary of links to offers and promotions on social media they can take you to fake websites.

- Does the site have a landline you can call if there are any problems? Be wary of mobile phone only contact details.

- See if you can find out where the company's head office is based - and whether that fits with how the website presents itself.

- Don't be tempted by a bargain price that seems to good to be true - it probably is, especially if some of your other checks put doubts in you mind.

- Criminals will try and cash in on those sold out must-have Christmas toys. Either with poor quality imitations that could be dangerous to children or with scam links that take your cash and you won't get the goods.

- If you believe that any online, or face-to-face, seller is selling potentially dangerous goods, or something you've bought has made you suspicious, report it to Citizens Advice Consumer Helpline on 03454 040506.

(23rd December 2017)


THIS HOTEL BOOKING SCAM IS ON THE RISE. HERE'S HOW TO SPOT IT
(Time, dated 7th December 2017 author Megan Leonhardt)

Full article [Option 1]:

http://time.com/money/5050538/hotel-booking-scam-protect-yourself/

There are about eight hotel reservations made in the U.S. every second. But a growing number of people are being scammed when they go to book a room.

In fact, almost one in four American travelers reported booking on what they thought was a hotel website, only to find later it was another site, according to AHLA research released in April. That's up dramatically from the just 6% of travelers who reported being duped by a lookalike in 2015.

"Hotel booking scams are a major problem in the hospitality space today," says Mike Tanenbaum, who works on cybersecurity issues for insurance company Chubb.

Part of the issue is the wide range of booking options travelers now have for hotels-from booking directly to using a travel agent to making a reservation through an aggregation site. And even within the aggregation sites, there is a wide range, from the big names like Expedia, Hotels.com, and Priceline to lesser known sites like Reservation Counter and AMOMA.

So it pays to watch closely who you're booking with. "There are scam websites out there-small, fly-by-night affiliates looking to make a quick buck," says a spokesman for Reservation Counter.

Even legitimate sites can run into trouble if consumers are confused. Reservation Counter, for instance, says it made some cosmetic changes in recent months on the advice of a Google team, increasing the size of its logo and changing some of its ad links to make its own branding clearer. "It doesn't do any good to mislead or deceive consumers," the spokesman said. "You can't brand if you're confusing customers."

Even if you don't lose money on these scams, you may lose out on hotel loyalty points or other perks-and special requests for bed configurations or disability access may not find their way to the hotel, AHLA warns.

If you do think you've been scammed, contact your bank and credit card company immediately, Tanenbaum says. And the next time you're booking a hotel room, take these precautions to protect yourself.

Check the Booking Site's URL

When booking a hotel, check the website's URL carefully. Legitimate hotel sites generally will begin with the characters "https://"-with the "s" denoting a secure site-rather than just "http://," according to the AHLA. Tanenbaum also recommends that consumers look for the lock symbol in the upper left hand side of the search bar, a sign that denotes the site is secure.

If there's a website that does not have the locked symbol or an "https" in the web address, do not do business there, Tanenbaum warns: "I'd never put secure credentials [credit card information, a password, or any form of identification] into it."

Also avoid booking with websites whose URLs contain vague names that you don't recognize, such as "national reservation center," after the hotel's name, according to the AHLA. These sites are likely using the hotel name in the URL to make it seem that they are the official hotel website.

Know When You're Making a Nonrefundable Payment


Be wary of sites that charge for rooms in full, in advance-and be especially careful with sites that do all of this without your express authorization, the AHLA says. Most legitimate hotels will take your payment information and charge you when you arrive, or perhaps charge a deposit to hold the room. Some may also offer price breaks for payment in advance. But either way, at the time you are booking, the sites should clearly and transparently communicate when the payment is due.

No matter when you're making a payment, always use a credit card for a hotel booking. Credit cards generally offer more fraud protection than debit cards; you can usually work with the credit card company to recoup your money if there is a scam afoot.

"It's still better to use your credit card than your debit card," Tanenbaum says.

Ask Questions

If you have any doubts about the site you're using, call it directly, using any customer service number it provides, and ask to speak to the local staff. Ask questions that only legitimate front desk staff would be able to answer, the AHLA suggests-like recommendations for local restaurants and attractions. "The actual hotel should be able to provide this information, a third-party call center won't," the AHLA says.

Even if you don't reach out to the hotel while you're booking, it's worth contacting the property before you arrive. You can call or send a short email to the hotel confirming your reservation. This will help you avoid showing up to a completely booked hotel with no reservation on file.

(23rd December 2017)


GOVERNMENT GRANTS FRAUD
(Action Fraud, dated 13th December 2017)
www.actionfraud.police.uk

Individuals and businesses are being warned to watch out for cold calls and online contact from fraudsters who are offering victims the opportunity to apply for Government grants for an advance fee.

To make the grants look legitimate fraudsters have set up bogus companies and convincing looking websites that claim to be operating on behalf of the UK Government.

Fraudsters cold call businesses and individuals offering the grant and if they're interested direct them to fill out an online application form with their personal information.
Once the fraudsters have that information they'll contact back victims and congratulate them on being accepted onto the grant programme.

Pre-paid credit cards


Applicants are then asked to provide identification and are instructed to get a pre-paid credit card to deposit their own contribution to the fake Government grant scheme. Fraudsters will then contact victims on the phone or are emailed and asked for the details of their pre-paid credit card and copies of statements to in order for them to add the grant funds.

Of course the grant funds are never given by the fraudsters and the money that's been loaded by the victim onto the card is stolen.

If you receive one of these calls, hang up immediately and report it to us. We've already taken down one website fraudsters have been using to commit this fraud and are working with Companies House to combat this issue.

How to protect yourself:

Be wary of unsolicited callers implying that you can apply for grants. You should never have to pay to receive a government grant, and they definitely won't instruct you to obtain a pre-paid credit card. The government should have all the information they need if a genuine grant application was submitted, therefore any requests for personal or banking information either over the phone or online should be refused.

What to do if you're a victim:

- If you think your bank or personal details have been compromised or if you believe you have been defrauded contact your bank immediately.

- Stop all communication with the 'agency' but make a note of their details and report it to Action Fraud.

- If you have been affected by this, or any other type of fraud, report it to Action Fraud by visiting www.actionfraud.police.uk or by calling 0300 123 2040.

The information contained within this alert is based on information from gathered by the National Fraud Intelligence Bureau (NFIB). The purpose of this alert is to increase awareness of this type of fraud. The alert is aimed at members of the public, local police forces, businesses and governmental agencies.

(23rd December 2017)


NOVEMBER 2017


SUMMARY OF FURTHER SCAMS - NOVEMBER 2017

-----------------------
DON'T FALL PREY TO CONVINCING ALDI COUPON SCAM
(First for Women, dated 9th November 2017 author Jaclyn Anglis)

uaware comment : Yes I know this is a US article, but the scam is transportable globally !

Full article [Option 1]:

www.firstforwomen.com/posts/aldi-coupon-scam-146369

Heads up, Aldi shoppers: There's an Aldi coupon scam making the rounds on the internet, and it's important that you don't fall for the convincing fraud. The latest fake coupon, circulating on Facebook, includes a link to an illegitimate website and claims to give away $40 to anyone who completes the survey.

"Hey ALDI fans! Looks like another fake ALDI coupon is making its way around the internet," Aldi said in a Facebook post earlier this week. "We're sorry for any confusion, but we don't offer electronic coupons and they won't be accepted at our stores. We're currently working on fixing the situation, but we'd love your help. Feel free to share this post to help us spread the word."

-----------------------
WARNING OVER SCAM WHATSAPP MESSAGE OFFERING ASDA, TESCO AND MARKS AND SPENCER £250 "FREE" VOUCHER GIVEAWAY
(Birmingham Mail, dated 7th November 2017 author James Rodgers)

Full article [Option 1]:

www.birminghammail.co.uk/news/midlands-news/whatsapp-scam-marks-spencer-giveaway-13864430?service=responsive

The £250 vouchers doing the rounds on the widely-used messaging service are nothing but a scam, experts have warned.

Those regularly using WhatsApp to message friends and family are now being told to be vigilant.

Fraudsters are sending out fake Marks & Spencer, Tesco and Asda vouchers on WhatsApp.

Asda supermarket has issued confirmation, telling customers the vouchers are bogus.
-----------------------
IKEA SHOPPER SCAM TARGETING WHATSAPP USERS
(Country Living, dated 3rd November author Jessica Mattern)

Full article [Option 1]:

www.countryliving.com/life/news/a45505/ikea-scam/

With the holiday season just around the corner, get ready for an influx of scams targeting holiday shoppers online. In fact, there's one circulating right now that's affecting IKEA fans overseas.

The new scheme is tricking WhatsApp users into turning over their personal information in exchange for a fake store coupon, according to the Gulf News Society. On the messaging app, users are seeing a fraudulent message that claims IKEA is celebrating its 75th birthday by giving away $500 vouchers


LONDONERS FALL VICTIM TO 3,500 CYBER FRAUD ATTACKS A MONTH
(London Evening Standard, dated 30th November 2017 author Justin Davenport)

Full article [Option 1]:

www.standard.co.uk/news/crime/revealed-londoners-fall-victim-to-3500-cyber-fraud-attacks-a-month-a3706566.html

Londoners are falling victim to at least 3,500 cyber fraud attacks a month, police revealed today.

Scotland Yard warned that the scale of the problem could be far greater because such offences were "vastly under-reported".

The Met now says it wants to encourage stronger links with private sector volunteers to combat cyber crime.

Detective Chief Inspector Gary Miles, head of the Falcon cyber fraud unit, said one of the most prolific scams was online advertising fraud offering non-existent properties for sale or rent.

Others include romance frauds - tricking people into meeting their "perfect partner" through dating websites - and identity frauds, where criminals use victims' details from social media. Individuals and businesses also face phishing emails, ransomware attacks and more complex hacking raids.

Mr Miles said his detectives were investigating about 1,000 "volume fraud" offences and around 130 more complex cases. He added: "We are getting about 3,500 victim reports a month, but we think this is vastly under-reported."

Last month, a gang investigated by the unit was jailed for using the bank details of hundreds of students to carry out a £2 million mobile phone fraud.

Ringleader Jonathan Boorman, 32, of Bath, and six others, including five from London, set up fraudulent phone contracts with the personal details.

Detective Chief Superintendent Mick Gallagher, head of the Met's Organised Crime Command, today said the force already has "a lot of expertise that comes in through police volunteers".

He added: "We have people from the banking sector working alongside my officers to investigate economic crime and we want to replicate that with cyber investigations."

Mr Gallagher said the Met also wanted to recruit people straight from university to tackle the fraudsters. "Some criminal individuals have a high level of sophistication and are clearly very knowledgeable - our challenge is to raise our knowledge and skills above theirs to deal with them," he said.

He added: "We do work in a clandestine way within the dark web to make sure that Londoners stay safe."

Police are also aiming to raise awareness about how to avoid becoming a victim of cyber fraud. Mr Miles said: "We want to get people to think of their online security in the same way they think about their physical security.

"There are simple measures people can take, such as going to the Get Safe Online website and learning about how to improve passwords."

Online fraud is now the most common crime in the UK, with more than 5.5 million offences each year.

(1st December 2017)


PHONE SCAMMERS ARE CLAIMING PEOPLE MISSED JURY DUTY, DEMANDING PAYMENT
(CBS New York, dated 12th November 2017)

Full article [Option 1]:

https://newyork.cbslocal.com/2017/11/12/jury-duty-phone-scam/

uaware comment : You never know, this may end up being a US fraud import !

Federal officials in New Jersey warned Sunday night that scammers claiming to be from the U.S. Marshals service are telling people they missed jury duty and must pay a fine.

The FBI Philadelphia and Newark divisions and the New Jersey district U.S. Marshals service said the callers pretend to be law enforcement or court officials.

The scammers say they are with the U.S. Marshals service, the local county sheriff's department, or another law enforcement agency. They accuse the call recipients of failing to appear for federal or local jury duty and warn that an arrest warrant has been issued.

The intended victim is told he or she must pay a fine and report to court. To settle the fine, the scammers instruct the person to buy a prepaid debit card and give them card information.

Recent reports indicate the scammers have been targeting New Jersey residents. Various recipients of the scam have been documented in other states, officials said.

The FBI and the U.S. Marshals Service advised people that they should:

- Always be suspicious of unsolicited calls;

- Never give money or personal information to someone with whom you do not have ties and did not initiate contact;

- Trust your instincts - if a caller pressures you or says things that do not sound right, hang up;

- If concerns remain about the caller's claims, verify the information with local law enforcement or court officials.

(1st December 2017)


YOUNG ADULTS "PUTTING THEMSELVES AT FRAUD RISK BY SHARING DETAILS ONLINE"
(Birmingham Mail, dated 14th November 2017 author James Rodgers)

Full article [Option 1]:

www.birminghammail.co.uk/news/uk-news/young-adults-putting-themselves-fraud-13901390

Young adults' willingness to share personal information with others online could be putting them at greater risk of fraud, a report warns.

While older people are often seen as less tech-savvy, potentially putting them at greater risk of fraud, NatWest found that less cautious behaviour among those aged 18 to 24 years old in particular could be making them vulnerable.

NatWest, which commissioned think tank Policy Network to look into financial fraud trends, found more than 80% of young adults in this age group are willing to share their email address online with their friends, and as many as 29% are willing to share their mother's maiden name - a commonly used security question.

This contrasts with just 60% of over-55s willing to share their email address, and only 12% willing to share their mother's maiden name.

The report was launched at a fraud summit being held by NatWest.

David Lowe, NatWest's head of fraud prevention, said traditionally the view has been that older people are most at risk from financial fraud.

He said: "Whilst fraud is still prevalent in this age category, we are seeing an increasing trend in younger 'digital natives' falling victim to online fraud."

Matthew Laza, director at Policy Network, said: "We need to ensure that today's school children don't become another 'generation scammed'.

As more and more of life moves online this is a real danger for the future.

"Which is why we believe every UK school child should have completed a fraud and cyber security course by the time they leave school, so we can have a generation digitally ready."

Research for this report involved a review of available data on fraud and scams, analysis of YouGov survey data, and interviews with fraud experts.

(1st December 2017)


VICTIMS LOSE OVER £100m TO BANK TRANSFER SCAMS IN JUST SIX MONTHS
(Which?, dated 7th November 2017 author Stefanie Garber)

Full article [Option 1]:

www.which.co.uk/news/2017/11/victims-lose-over-100m-to-bank-transfer-scams-in-just-six-months/

Thousands of people and businesses have been tricked into transferring just over £100m to scammers in the past six months alone, new data shows. But proposals from the Payment Services Regulator (PSR) may offer more consumers a way to get their money back.

Which? has been campaigning for over a year to protect consumers from bank transfer scams. The PSR has now unveiled new measures to reimburse victims and prevent fraud, as well as data that for the first time reveals the full scope of the problem. This means that victims of bank transfer fraud - which has become the second biggest type of fraud (after card fraud) may soon have the chance to get their money back

£100m lost, just 25% recovered


Bank transfer fraud happens when a person is tricked into transferring money into a scammer's account - either buying something that don't exist, or being misled about the recipient's identity.

The PSR has today released figures that reveal the scale of the problem for the first time. In the past six months alone, over £100m was transferred to scammers by people in the UK, according to data from UK Finance.

Of this, around £25.2 million was recovered - meaning just £1 in every £4 lost to this type of fraud has been paid back to victims.

In the six month period, around 19,370 cases were recorded. On average, individuals lost around £3,027, while businesses lost £21,477.

Bank transfer fraud at a glance (Figures from UK Finance, November 2017)


- Amount transferred to scammers in past 6 months : £101.2 million
- Cases in the UK in the past six months : 19,370
- Average loss per person : £3,027
- Average loss per business : £21,500

Unlike credit or debit card frauds, people who are tricked by a bank transfer scam currently have no legal right to get the money back from their bank. If the money cannot be recovered from the recipient's account - and often, funds are immediately withdrawn or sent offshore - then you may have little recourse to get your money back.

PSR proposes reimbursement scheme


Which? launched a super-complaint to the PSR on 23 September 2016, calling for the regulator to investigate whether banks were doing enough to protect consumers from bank transfer scams.

The PSR today released its full report, and launched a consultation into a contingent reimbursement scheme.

Under the proposal, victims would be entitled to a refund from their bank in certain circumstances. Stakeholders, including consumer groups and banks, have been invited to respond within the next three months. If the scheme were implemented, the PSR expected it would be in place by September 2018.

Industry makes progress on prevention

The PSR also provided an update on the banking industry's progress towards better fraud prevention and protection for customers.

UK Finance has published a set of best practice standards, which its members have agreed to fully implement by the end of Q3 2018.

From 2018, banks will improve their information sharing, and financial crime data sharing. The Joint Fraud Taskforce, of which UK Finance is a part, is also developing a framework to allow stolen funds to be tracked across payment systems, frozen and then returned to victims.

The PSR also noted that the industry had made positive steps towards fraud prevention, including towards the development of a 'confirmation of payee' tool. This would raise an alert if the name entered as the payee in a transaction didn't match the account details. The tool is expected to start rolling out during 2018.

###Which? welcomes reimbursement plans

Since filing its super-complaint, Which? has called on the PSR and the banking industry to show progress on tackling transfer fraud.

Which? welcomed the PSR's latest proposals, but called for the banking industry to move quickly to protect consumers.

Which? CEO Peter Vicary-Smith said: 'A year on from our super-complaint, it's good to see the regulator coming down on the side of consumers. If this stops the huge amounts of money lost to bank transfer scams, it'll be a significant win.

'To make this a reality, the regulator must now ensure any reimbursement scheme properly compensates victims. Meanwhile, banks must move to quickly put in place better checks and protections to prevent these scams happening in the first place."

(1st December 2017)


UBER CUSTOMERS : BEWARE THIS SCAM
(INC, dated 29th November 2017 author Joseph Steinberg)

Full article [Option 1]: www.inc.com/joseph-steinberg/uber-customers-beware-this-scam.html

Criminals are exploiting the news that Uber suffered a serious data breach to inflict more harm on Uber customers. As if it the pilfering by hackers of the names, email addresses, and mobile-phone numbers of 57 million customers of the ride service as well as the driver's license numbers of 600,000 Uber drivers was not bad enough, criminals are now crafting sophisticated phishing emails that prey on the same group of people.

There are multiple variants of the scam -- and surely more to come.

Various realistic-looking phishing emails appear to come from Uber and apologize for the breach. Some request that the user reset his/her password so as to ensure that any passwords compromised in the breach cannot be used by criminals. This may appear to be sound advice - and it actually might be if it were not for the fact that the password reset link provided in the email directs clickers to a bogus Uber site run by criminals in order to collect passwords. Of course, the site asks you to enter your "old password" along with your desired new password.

Another variant of the phishing email contains a profound apology for the breach, and offers the customer a $50 credit towards rides on Lyft, Uber's main competitor in many markets. While anyone who spends a moment thinking about the offer should realize that it is likely bogus - why in the world would Uber be both providing its primary competitor with revenue and directing its already upset customers to that primary competitor - people have a tendency to act without thinking when offered "free money" which they think may no longer be available if they do not act quickly.

Other variants of the phishing scam already exist, and more will continue to appear in the upcoming weeks.

So, if you are an Uber customer -- or ever were an Uber customer -- stay vigilant and suspect that any emails that you receive either asking you to take action to protect your Uber account, or promising you compensation for the breach, are likely scams. Of course, it is a good idea to change your Uber password - but do so by using the app on your phone, not by clicking links in an email that was sent to you by someone of whose identity you simply cannot be certain.

(1st December 2017)


TV LICENCE FEE REFUND - THE DANGEROUS SCAM EMAIL SPREADING FAST AND THE REAL REFUNDS YOU MIGHT QUALIFY FOR (Extract)
(Mirror, dated 14th November 2017 author James Andrews)

Full article [Option 1]: www.mirror.co.uk/money/tv-licence-fee-refund-dangerous-11517529

A new warning has been issued about a convincing scam email pretending to be from TV Licensing.

Action Fraud has warned that it's had more than 200 reports of the new scam, adding that TV Licensing would never email to tell you you're due a refund.

Instead, the scammers are simply trying to get you to enter your bank account details.

The worrying thing is that there are actual refunds available for some Britons - with £37 back a real possibility - something scammers are trying to exploit.

t's a lie. There is no refund available and even if there was, TV Licensing simply doesn't email people telling them they are due refunds.

"A small number of our customers have received scam email messages saying they are due a refund. A link directs customers to a fake version of the official TV Licensing website which asks them to enter personal information and bank details," TV Licensing warned .

"If you receive a similar email message, please delete it. If you have already clicked the link, do not enter or submit any information. TV Licensing never sends refund information by email and is investigating the source of this fraud."

But while this email is fake, there are ways to pay less for a TV Licence.

As TV licences apply to addresses, not individuals, as long as someone qualifying for a discount lives at your address and the licence is in their name, the whole house benefits.

So who gets a discount? Well, older Britons don't need a TV licence.

That means when you reach the age of 75, you can apply for a free over 75 TV Licence . They last 3 years and will be sent out provided you give them your national insurance number. In fact, if you're 74, you can even apply for a short-term licence to cover up up until your 75th birthday.

Secondly, while it's not free, but anyone who's blind (severely sight impaired) can get half price TV licences . Again, this means the rest of the house is covered too.

If you're renting, you don't need a separate TV licence for your room if you have a relationship with the homeowner (and live in their main house) or a joint tenancy agreement - but do need one if you have a separate tenancy agreement for just your room.

There are also other times you might be able to get money back on the £145.50 - for example if you're a student you can get a £37 refund .

(1st December 2017)


THE FAKE PANDORA WEBSITES PROMISING 70% DISCOUNTS THIS CHRISTMAS
(Mirror, dated 14th November 2017 author Emma Munbodh)

Full article [Option 1]:

www.mirror.co.uk/money/warning-over-fake-pandora-websites-11514544

Christmas shoppers are being warned to think twice before entering sensitive details online this season following a rise in the number of fraudulent Pandora websites selling counterfeit goods on the internet.

The online pages, which offer up to 70% reductions, are uncannily like the official online jewellery store, however, hand your details over and you could be left hundreds of pounds out of pocket, or at best, with a fake item.

This includes one page called pandorasukonline which has since disappeared online.

On Facebook, a customer reported that they'd ordered several charms at a total price of £235 from the website on 10 October 2017.

On later inspection, the shopper discovered they'd been billed £265 instead, to date, the items have still not arrived.

Facebook page Pandora Scam Sites first warned of the rogue website last month. It shared a list of several more sites to watch , which it alleged were all 'scams'.

Hundreds more have also since been shared on the official Pandora Facebook page (see below) - with customers being warned to check here if they are suspicious .

Head of Group Press. Martin Kjærsgaard Nielsen told Mirror Money: "At Pandora we are full aware that there are dark forces out there who seek to exploit and misuse our strong brand with counterfeit jewellery.

"This is obviously completely unacceptable and we are taking and will continue to take necessary measures to end this practice. We closely monitor the situation as it is important for us to protect our brand.

"Ultimately, it is a matter for authorities to enforce the legislation that protect our legal rights, which in turn will prevent consumers from ending up with fake and counterfeit jewellery."

*******The orginal article provides details of some BOGUS "Pandora" websites ********

Spot the signs - how to tell if a website is genuine

Action Fraud, the government's anti fraud body, has identified a number of preventative steps for customers shopping online this Christmas.

In a statement, detective inspector Chris Felton told Mirror Money: "As with any online shopping, we would urge people to research a seller before paying any money. Search for reviews from people who have previously purchased from the seller and check the item description carefully. If you are unsure, ask the seller questions.

"To protect your money until you've resolved any problems with the seller, always pay suing a recognised service; never pay by money transfers."

- If something seems too good to be true, it probably is. Don't be fooled into thinking you're getting a great deal.

- Get the trader to tell you if they provide an after-sales service, warranty or guarantee. Most rogue traders don't.

- Make sure you understand how the website's feedback function works. Feedback will give you useful information about recent transactions other buyers have made.

- Check the item's description carefully - ask the seller questions if you're not sure of something.

- Be aware of phishing emails that look like they come from the online auction or payment site you're registered with, asking you to update your account details or re-enter them because your account has been suspended.

- Check the URL in the web browser. A tactic often used by fraudsters is to change the address very slightly (if they're spoofing an eBay site, for instance, they may have an address such as '. . . @ebayz.com' whereas the real site is '. . . @ebay.com')

- Read the terms and conditions carefully, including those relating to any dispute resolution procedures the site offers.

- Run the site through a search engine - often if a site is suspicious, there'll be people talking about it online.

As a buyer you should:

- Try to avoid paying by money transfers - they aren't secure.

- Be careful when using direct banking transactions to pay for goods. Make sure transactions are secure.

- Don't send confidential personal or financial information by email.

- Use an online payment option such as PayPal, which helps to protect you.

I've been caught out - what should I do?

- If the seller has misrepresented the goods you've bought or your goods have failed to arrive, report the incident to Action Fraud .

- If you have passed on your personal banking details or any sensitive information relating to money, inform your bank immediately.

- Keep all evidence of the offence, including goods and correspondence.

- If there is a business dispute over the nature of the transaction, contact the website involved. Or, you can alert Consumer Direct by phone on 08454 04 05 06.

What Pandora says

In a statement on the Pandora Facebook page, the firm states the following in relation to counterfeit goods:

"As soon as a brand becomes popular you will see counterfeits multiply. Copies and fake products are unfortunately a challenge for Pandora - just as it is for most other jewellery manufacturers. Jewellery is easy to copy because of its size and character, and that unfortunately also goes for the lettering, e.g. our marker's mark "ALE" or our trademark "Pandora", which otherwise show customers that the product is authentic.

"This means that you can easily find products that have this stamp, but which is most definitely not authentic Pandora. Rest assured that we do not tolerate such counterfeits and take appropriate action.

"PANDORA takes trademark infringement very seriously and we have a department dedicated to brand protection. Unfortunately, it is not always easy to shut down a website, and the process can take some time if the company hosting the website will not cooperate.

"We are also working with Facebook to find a solution to stop fake sites advertising. Many fake websites and Facebook pages are daily being closed down."

The statement adds that customers suspicious of any websites should send the address and Facebook URL to its Brand Protection team: brandprotection@pandora.net.

(1st December 2017)


THIS TYPE OF FRAUD IS RISING FRIGHTENINGLY FAST : HERE IS HOW TO PROTECT YOURSELF
(The Motley Fool, dated 15th November 2017 author Matthew Cochrane)

Full article [Option 1]:

www.fool.com/investing/2017/11/15/this-type-of-fraud-is-rising-frighteningly-fast-he.aspx?source=isafpbcs0000001&utm_campaign=investment+plann&utm_medium=feed&utm_source=flipboard

uaware comment :
okay, I have done it again, I have provided a US article. My defence is that it explains the problem and possible prevention. Take heed !

While there are many advantages to living in a digital world, the connected life also has its drawbacks. One of the biggest disadvantages is that it gives fraudsters numerous opportunities to gain access to our personal identification. Last year alone, 15.4 million consumers were the victims of identity theft, a 17.5% increase from the previous year. With this information, thieves can open new accounts in our names, steal from our existing accounts, and use it as a veil of authenticity during the commission of scams.

Fraud and identity theft have become a fact of life in today's world. This year, when the Global Fraud Index was released, one statistic stood out more than any other: Account takeover fraud skyrocketed by more than 45% year over year in 2017's second quarter and cost merchants a whopping $3.3 billion in that three-month period. While exact figures are extremely difficult to come by, other studies confirm the overall trend. Javelin Strategy's 2017 Identity Fraud Study, released in February, reported account takeover incidents increased by 31% in 2016 with consumer losses reaching $2.3 billion, a 61% increase from the previous year.

As an economic-crimes detective, I see the financial pain and emotional stress this type of crime causes firsthand. And while this type of fraud has always been rampant, my own experience confirms the research results: This type of fraud isn't going away and only seems to be growing more common.

What is account takeover fraud?

Account takeover fraud occurs when criminals gain access to victims' bank or credit card accounts and then make unauthorized transactions on the account. While this encompasses credit card fraud, when someone uses your credit card number to make a purchase, more insidious versions of this crime go deeper. After all, consumers enjoy far-reaching protection against permanent monetary loss when they are victims of simple credit card fraud, but bad cases of account takeover fraud can involve far more.

I've seen cases where suspects gain access to a victim's banking account and promptly change the account holder's phone number, physical and email address, and online password. The legitimate account holders are effectively locked out of their own accounts, ensuring that they will no longer even receive texts or emails alerting them to the suspicious activity.

How account takeovers happen

Consumer information can be stolen in a variety of ways; some of the most common methods of stealing data include malware, phishing, and data breaches. Indeed, it seems hardly a month goes by without another data breach at a major corporation where millions of consumers' payment information was stored. Earlier this fall, the data breach at Equifax was nearly unprecedented in scope and breadth, affecting 143 million Americans.

Phishing and malware attacks are also on the rise. Symantec estimates that 54.3% of all email is spam and that there are nearly 1.6 million blocked Web attacks each day. In June, the company stated that phishing attacks increased to about one out of every 1,975 emails. With massive, high-profile data breaches making the news and phishing and malware attacks rising, the increase in account takeovers doesn't seem poised to slow down anytime soon.

What you can do to protect yourself


There is no silver bullet to stop fraud. With these types of attacks on the rise, it's almost inevitably just a matter of time before we're all victimized. We can, however, take definitive steps that will decrease our exposure to being targeted and mitigate the severity of the incidents when they take place.

1. Develop strong and unique passwords across all of your accounts. When most of us hear of a data breach that might directly affect us, we immediately fear the theft of our personal identification, including our name, address, date of birth, and Social Security number. What many of us fail to consider is whether we've used a password for that account that we used elsewhere.

Unless one is unusually savvy with memorizing odd word combinations or develops a highly sophisticated system, using unique, strong passwords (using letters, numbers, and symbols) across every single site where an account is kept is almost impossible. That's why I strongly suggest using software or websites that are designed to do this very thing. Doing so saves people the headache of performing this Herculean task on their own. Although most of these cost money, some will run their program across one device for free. A few things to look for when researching these services include two-factor authentication, automatic password capture, form-filling capabilities with multiple form-filling identities, and secure sharing.

2. Always pay with a credit card. Frank Abagnale Jr., the former conman turned security consultant made famous by the movie Catch Me If You Can, tells clients he removes 99.9% of all fraud risk by using credit cards. Why? Because consumers are limited to $50 of liability when credit card fraud is reported in a timely manner. That's far more legal protection than any other payment method offers. Likewise, consumers are in a position of strength because they're never without the money in their banking accounts; they're merely arguing over how much money they owe their credit card company.

3. Avoid writing personal checks whenever possible. Think about the most damaging information that could be leaked to potential thieves and fraudsters and then consider what's printed on the front of your personal checks: your name, address, banking institution, routing number, and bank account number. That's a treasure trove of information for anyone wishing to defraud you. For this reason, if at all possible, only write checks to trusted friends or family members. Otherwise, run to the ATM for a quick cash withdrawal if you can't pay with a credit card, or use a digital payment service such as PayPal or Venmo.

4. Monitor your accounts closely. Finally, make sure you keep tabs on all of your accounts -- checking, savings, brokerage, credit card -- and immediately report any suspicious activity. Regularly make sure your account contact information is up to date and correct. Even watch out for small charges that almost seem inconsequential at first. Many times, fraudsters will use the account for small transactions first to ensure the information they have is working.

Account-takeover fraud can be draining affairs -- both financially and emotionally. But people who take these steps stand to be affected much less if they're victimized.

(1st December 2017)


OLD SCAMS, NEW TRICKS AS FRAUDSTERS ADAPT
(BBC News, dated 3rd November 2017)

Full article : www.bbc.co.uk/news/business-41851510

The organisation at the frontline of UK consumer protection says it is seeing a pattern of "old scams, new tricks".

National Trading Standards (NTS) said that while online crime was a growing problem, time-honoured fraud methods would not disappear any time soon.

It said many people were still hounded by cold callers, scam mail and doorstep criminals.

Criminals were also using smart TVs and voice-activated home devices to steal data, its Consumer Harm Report warned.
'Challenging times'

NTS, which was set up by the government in 2012, said 2016-17 had been a record-breaking year, with 104 criminal convictions.

However, it said criminals were using new tactics to avoid detection, such as mail arriving via third-party countries and the use of blank envelopes, so that people had to open them to find out what they contained.

In its annual report, it listed the potential emerging threats to consumers over the coming year, including:

- Continued manipulation of online ticket retail sites by scammers and organised criminals

- The growth of social media as a selling platform, putting consumers at risk of intellectual property crime and product safety issues

- The risk posed by connected devices such as smart TVs and home assistants, which may leave consumers open to data theft

- Increasing sophistication of doorstep criminals who use websites, social media and fake reviews and are increasingly part of larger organised crime groups.

"An evolving criminal landscape does not mean the more traditional scams will disappear," it said.

"Instead, National Trading Standards is seeing a trend of criminals diversifying and adapting their current schemes, evidenced in mass marketing mail scams.

"Additionally, more scams are originating abroad, with criminals concealing the payments they're receiving from their victims through payment processing companies," it said.

But it said its actions had prevented nearly £127m in losses to consumers and businesses during the year.

Lord Toby Harris, who chairs the NTS, said: "Our teams are operating in an ever-evolving criminal environment. Consumer protection bodies are facing changing and challenging times."

He also praised the efforts of the public, who were "pivotal" in reporting crimes and supporting the NTS's work.

"So together, we continue to work to disrupt, investigate, prosecute and keep people safe."

(1st December 2017)


AMAZON SCAM : CONVINCING FAKE EMAILS TRY TO TRICK PEOPLE INTO REVEALING THEIR BANK DETAILS
(Independent, dated 8th November 2017 author Aatif Sulleyman)

Full article [Option 1]:

www.independent.co.uk/life-style/gadgets-and-tech/news/amazon-scam-fake-emails-how-to-protect-yourself-payment-information-report-phishing-a8043646.html

Internet users are being targeted by a fake email claiming to have been sent by Amazon.

The scam message features the company's logo and even social platform icons, and has been carefully formulated to look as official as possible.

However, it's designed to trick you into giving out your personal details and visiting malicious websites.

The fake email, which was first spotted by Better Business Bureau, claims that Amazon can't confirm some of your personal details, such as your identity, payment information or address.

It asks you to update your information by clicking a link, which looks a lot like the gold-coloured buttons that feature on the Amazon website.

Despite its convincing appearance, you should not click it.

Doing so won't take you to Amazon, but to a third-party website that could try to steal your sensitive data by infecting your computer with malware.

Action Fraud has also noticed the scam, and is advising people to log in to the Amazon site directly, rather than risking your safety by engaging with the potentially dangerous emails.

"Amazon will never ask for personal information to be supplied by e-mail," the company says.

"Emails from Amazon will never request you to update payment information via a link. Instead, we would include instructions on how to verify your account information, including payment options, through the Amazon.co.uk website."

Amazon says it would also never ask for your National Insurance number, your bank account information, credit card number, PIN number, or credit card security code, your mother's maiden name or other information to identify you, or your Amazon account password over email.

You can report a scam email to Amazon by following the instructions on the company's help page.

(1st December 2017)


A SCAM ON TOP OF A SCAM ? EQUIFAX LETTERS SPARK CONCERN AMONG VICTIMS
(Which?, dated 4th November 2017 author Faye Lipson)

Full article [Option 1]:

www.which.co.uk/news/2017/11/a-scam-on-top-of-a-scam-equifax-letters-spark-concern-among-victims/

UK victims of May's Equifax data breach have been left confused and panicked by a letter from the firm which says their personal information has been compromised - but doesn't say what Equifax is or why it holds their data.

Which? has heard from dozens of people who received the letter and were confused by it - with some fearing it to be a scam - because they have never heard of or directly dealt with Equifax before.

Equifax has now confirmed that only 27,000 of the nearly 700,000 people it has written to were its direct customers - and the rest may previously have had no inkling they were affected by the breach.

Equifax data breach: 15.2m Brits affected

In May this year, Equifax announced its data had been access by hackers in a cyber-attack. Some 15.2 million UK client records were compromised and more than 690,000 UK consumers are likely to have had sensitive details stolen.

These include email addresses, passwords, driving license numbers, phone numbers and partial credit card details.

Equifax is now writing to those worst-affected UK individuals to offer a choice of free ID-monitoring services.

Why does Equifax hold data for non-customers?

Equifax has confirmed that just 3% of the worst-hit victims were its direct customers.

How is this possible? As a credit reference agency, Equifax receives personal data from banks and financial institutions whenever someone applies for a bank account, mortgage or credit card. Consent for this is usually included in the application terms and conditions.

This means Equifax may hold data on you even if you've never dealt with it directly. Others will have transacted with Equifax by purchasing a credit report or identity monitoring services from it.

Victims express confusion, fear of further scams


Which? has seen evidence the letters are causing widespread confusion among the victims. One person who'd had their name, date of birth and telephone number compromised emailed us:

As far as I am aware I have never used this organisation, they now advise me to use their "free" services to help protect myself. If they are so incompetent in the first place to have been the subject of a cyberattack why should I trust any of the services they recommend.

Is this a scam on top of a scam?


In addition, the Which? Money helpline has fielded more than 25 calls so far this week from people concerned by the letter.

Technical expert and Trading Standards 'Scambassador' Scott McGready took to Twitter to blast the way Equifax has handled informing the public, branding it 'Like herding cats,' and insisting that 'more needs to be done'.

Which? asked Equifax to comment on the apparent confusion its letter had caused, but it declined to do so.

------------- See orginal article to view the Equifax letter --------------

How to verify your letter?

If you receive a letter regarding the Equifax data breach, and you're not sure if it's genuine, look up Equifax's number independently via a search engine or directory enquiries. Then give them a call to confirm the letter is genuinely from them.

Should I accept the free identity monitoring services?

If your data has been breached, you may be at heightened risk of identity fraud. To combat this, Equifax is offering its worst-affected UK customers free services which monitor how your identity is being used online - some of them run by Equifax itself, and one run by anti-fraud body Cifas.

If you are concerned about the security of Equifax's own products, you can opt to be enrolled in Cifas's Protective Registration scheme - however you will still have to give some personal information to Equifax so it can enrol you for free.

It is possible to enrol directly through Cifas, though this will attract a £20 charge (for two years' cover).

Which? tips for surviving a data breach

If you believe you've been a victim of a data breach, take the following steps to protect yourself:
- Contact your mortgage, current account and credit card providers to make them aware of the potential breach.

- Change your passwords on any online accounts holding sensitive information.

- Check your credit card statements and credit reports for unusual or unauthorised activity. Report any discrepancies to the provider immediately.

- Apply for protective registration from CIFAS - the Fraud Prevention Service. This will trigger additional checks any time someone tries to open a financial product in your name.

- Be extra-vigilant against phishing messages.

- Our (Which?) consumer rights guide explains how to spot a scam message.

(1st December 2017)


BANKS PLAN TO STOP FRAUDSTERS VANISHING INTO THE ETHER WITH YOUR CASH
(Daily Mail / This is money, dated 7th November 2017 author Victoria Bischoff)

Full article [Option 1]:

www.thisismoney.co.uk/money/beatthescammers/article-5060237/Banks-plan-stop-fraudsters-vanishing-cash.html

Banks are working on plans to track down stolen money and return it to fraud victims within days.

They are setting up a new system that allows them find out where a payment has ended up - regardless of how many bank accounts the money has been moved through.

It means fraud victims will stand a far greater chance of getting back the cash they've lost.

Yesterday, new industry figures revealed for the first time the scale of bank transfer scams where con artists trick victims into handing over money.

In the first six months of this year 19,000 people were hit by this type of fraud, losing £101million. Just £25million, a quarter of the stolen money, was returned to customers.

Most victims are left permanently out of pocket because banks struggle to trace the stolen funds.

When a fraudster tricks someone into handing over cash, it is typically moved out of the receiving account and into another one within minutes.

From there it will be moved again and again through different accounts - known as mule accounts - with different banks.

It may be mixed with other money, some of which may be completely unrelated to crime, until it is almost impossible to work out where it originally came from.

The criminal will then withdraw the funds in cash, transfer the money overseas or use it to make a purchase.

At that point, your cash is usually gone for good - and banks won't offer a refund - which is why it is vital to track it down before it leaves the banking system.

A new digital tracing tool, which banks are calling the 'funds repatriation initiative', will make this possible.

Brian Dilley, group director of fraud & financial crime prevention at Lloyds Banking Group, says: 'The banking industry has been working together to develop a central system that enables us to trace and track the proceeds of fraud through the banking system.

'Money stolen by fraudsters often exits the banking system and is long gone before people know they've been conned, but an infrastructure allowing banks to identify money quicker as fraudsters try to move it down the line will make it harder for them to get away with stolen cash and help victims get their money back.'

At present, when a victim of fraud contacts their bank for help getting their money back the bank can only see the first account the money was moved into.

If the bank that received this money says it has already been moved out of the account there is little, if anything, they can do.

But under the new system the victim's bank will be able to enter the payment details into a central computer that will show almost instantaneously every account the money has moved through since it was stolen - and crucially, where it ended up.

Once they know what bank has the money they can call and ask for it to be frozen so fraudsters can't touch it again.

If the case is simple and does not involve foreign bank accounts, the money could be transferred back to the victim within days.

In more complicated scenarios the bank may need longer to investigate to ensure the money is going back to the right owner.

Experts say this new system could protect significant numbers of customers and prevent millions falling into fraudsters' hands.

As Money Mail has highlighted over the past two weeks, around £130million has been frozen in accounts opened by criminals.

Often, this money has been abandoned by fraudsters after banks have become suspicious and flagged the account for investigation.

In many cases banks are then unable to return the cash to the victim either because they can't trace where the money came from or are prevented from touching it by onerous rules and laws.

Money Mail is campaigning for a tweak to the law so this cash can be used to pay back fraud victims who've been left out of pocket.

If the original victims can't be found, banks should be allowed to use it as a compensation fund for other victims.

Barclays, HSBC, Santander, Nationwide and TSB have backed our campaign.

And over the past week Money Mail has convinced Lloyds bank to throw its full weight behind our proposals.

Initially, it had suggested the money might go towards general efforts to tackle fraud rather than as compensation.

But now it says: 'Lloyds fully supports Money Mail's campaign to change the law and unlock all the £130million in the frozen funds to compensate victims of fraud.'

If it was easier for banks to trace money through the system this money wouldn't amass in the first place.

Writing for Money Mail today, Stephen Jones, chief executive of banking trade body UK Finance, says: 'We need changes to the law to help stop the criminals in the first place, as well as helping victims get their money back.

'That is why the UK banking industry welcomes Money Mail's campaign.'

Banks have already begun piloting this new technology and are aiming to move into a second phase of testing early next year.

They say that realistically the new system will not be fully up and running for another two years.

There are also questions around who will fund the system, how people's data will be protected and if it will be mandatory for all banks and building societies to sign up.

There are also legal and data protection issues to consider.

For example, banks say that there needs to be protection in place in the event that they take money out of someone's account to return to a victim and the owner of that account turns out to be innocent.

For example, the criminal could have used the money to pay their rent. In this instance the bank can't just take back the money from the landlord, who may be completely unaware they have been paid in criminal money.

There will also need to be a framework in place to deal with disputes when things go wrong.

Despite being a giant leap forward, the new system will not protect all victims, as it cannot stop fraudsters taking money out of the banking system altogether.

Yesterday, the Payment Systems Regulator announced plans to force banks to reimburse people where firms 'have not met the required standards' in protecting customers.

It also wants to make it harder for criminals to set up bank accounts and is asking banks to share data so it's easier to spot scammers.

(1st December 2017)


WE HAD £300,000 TAKEN IN PAYMENT SCAM
(BBC News, dated 7th November 2017)

Full article : www.bbc.co.uk/news/business-41897888

People who have been conned into authorising their bank to pay a fraudster could find it easier to get compensation, under plans being put together by the regulator.

The Payment Systems Regulator is trying to devise a way to reimburse victims of authorised push payment (APP) scams.

In the first half of this year, 19,000 victims lost £100m to APP scams.

One such, Kate Blakeley, described the "sheer horror" of discovering the loss of almost £300,000 through such a scam.

Ms Blakeley, who was in the process of buying a house with her partner, described her experience. She thought she was transferring money to the right account, but it was in fact one controlled by a fraudster.

"Everything had gone very smoothly," she said. "Our conveyancing solicitor provided details by email of the bank accounts to make the money transfers on the day of completion.

"We transferred just under £300,000 on the day and within about three hours, we realised the money had gone missing.

"The moment of realising the money hadn't arrived as intended with the bank account we sent it to, or thought we'd sent it to, was just sheer horror."

Ms Blakeley did get all the money back eventually, but lost thousands in solicitors' fees. The matter is still subject to a legal dispute.

'No silver bullet'

The PSR has been investigating APP scams following a super-complaint by consumer body Which?.

The regulator said "good progress" was being made in a number of areas and it hoped a compensation system would be in place by September 2018.

As well as starting to record and understand the scale of APP scams, the PSR will also introduce new standards for banks to follow when a victim reports such a scam, which should improve victims' experience and banks' response times.

However, PSR managing director Hannah Nixon warned that not every scam could be prevented.

"There is no silver bullet for APP scams, and some people will still, unfortunately, lose out," she said.

"That's why we've continued to look for a solution that could reimburse those who are scammed, and today we begin consulting on an option that we think could work."

She added that account holders also needed to take "an appropriate level of care" in protecting themselves.

How to protect youself against "push" fraud

When you transfer money from your bank account, you are asked to enter three pieces of information: the name of the payee, their account number, and the sort code. However, only the last two are cross-checked by the bank. So putting in the correct name is no guarantee that person will get the money.

Financial Fraud Action UK offers the following advice:

- Never disclose security details, such as your PIN or full banking password
- Don't assume an email, text or phone call is authentic
- Don't be rushed - a genuine organisation won't mind waiting
- Listen to your instincts - you know if something doesn't feel right
- Stay in control - don't panic and make a decision you'll regret

'Significant win'

The Financial Conduct Authority (FCA) has reviewed the way banks handle APP scams.

It found banks' procedures were inconsistent, their existing fraud detection systems could not easily detect APP scams, and they did not collect enough data.

However, the FCA considers the industry initiatives underway will help to tackle these issues.

Peter Vicary-Smith, chief executive of Which?, said: "It's good to see the regulator coming down on the side of consumers. If this stops the huge amounts of money lost to bank transfer scams, it'll be a significant win.

"To make this a reality, the regulator must now ensure any reimbursement scheme properly compensates victims. Meanwhile, banks must move to quickly put in place better checks and protections to prevent these scams happening in the first place."

(1st December 2017)


NATIONWIDE GAVE A CRIMINAL WITH FAKE ID AN ACCOUNT BUT REFUSED TO REFUND ME £8,700
(The Telegraph - Money, dated 4th November 2017 author Amelia Murray)

Full article [Option 1]:

www.telegraph.co.uk/personal-banking/savings/nationwide-gave-criminal-fake-account-refused-refund-8700/

Experts have condemned the banking industry for its inconsistent approach in dealing with victims of "transfer fraud" - which is now one of the fastest-growing forms of financial crime.

The fraud usually involves email interception or some form of trickery, whereby the victim unknowingly sends money to a criminal's account. In many cases - but not all - where the recipient is proved to be a criminal, the bank that operated their account makes good the victim's loss.

Telegraph Money reported how David Burton and Derek Mackenzie were reimbursed by TSB after falling victim to eBay fraud, on the grounds that the bank allowed fraudsters to open accounts with false information (see box below).

Now, in a remarkably similar case, Nationwide has refused to pay back victim Balazs Kelemen the £8,700 he transferred into a fraudster's account operated by the building society. Mr Kelemen believed he was buying a BMW.

A police report later confirmed that a false Romanian ID card and counterfeit British Gas utility bill in the name of Constantin Chescu was used to open the Nationwide FlexAccount on Jan 10.

The criminal was apprehended and in May charged with "fraud in relation to opening accounts, using false identity documents and money-laundering, in relation to receiving victim's monies and subsequently withdrawing the funds". He was sentenced to 12 months in prison in July.

Mr Kelemen, 33, made two payments totalling £8,700 on Jan 23 and 24 to a firm called BC Motors, which turned out to be a fake website. He was one of 32 people who reported the company to the police.

When the car failed to materialise, Mr Kelemen, who lives in Southampton, realised the ruse.

But by the time he called his bank HSBC on Jan 31, the money had already been drained from the Nationwide account. Mr Kelemen also reported the crime to Action Fraud, the UK's cybercrime and fraud reporting service. Despite the conviction, Nationwide refused to accept responsibility for the fraudulent account. It insisted it was not negligent.

However, Richard Emery of fraud consultancy 4Keys International and an expert witness, argued that if the mutual had done its due diligence "properly" it would have spotted the documents were fake and the account would not have existed.

He said: "I don't accept the argument that the documents 'looked all right'. Nationwide has a moral obligation to refund the customer. Essentially its processes failed." A spokesman from UK Finance, representing banks, admitted fraudulent information could be "extremely difficult to detect".

Telegraph Money has long campaigned for the banks operating criminals' accounts to take greater responsibility for other, innocent users of banking services.

The Payment Systems Regulator, which oversees transactions, is issuing a report on Nov 7 on this issue. Last week Barclays became the first British bank to introduce pop-up windows that warn customers they may have been targeted by fraudsters when they make online payments that appear to be "suspicious or out of character".

And on Thursday Lloyds announced a new measure that would see its customers being prompted to answer additional security questions before setting up new online payments.

It was different with TSB: the bank acknowledged its role - and paid up

Earlier this year two fraud victims, David Burton and Derek Mackenzie, were refunded by TSB on the grounds that the accounts they transferred money into were opened with false information.

Mr Burton paid £3,400 to a fraudster on eBay for a non-existent motorhome in 2014. When it failed to turn up he contacted his own bank, Barclays, but the money had already been cleared from the TSB account.

Mr Burton also reported the crime to Action Fraud, which passed it on to the police for investigation.

A report from Bloxwich police revealed that fake details were used to open the account.

Following pressure from Telegraph Money, TSB admitted that the opening of the account did not meet its "strict anti-fraud requirements and ID checks". It refunded the £3,400 along with £250 compensation.

Mr Mackenzie got his money back from TSB on similar grounds after he transferred £7,858 to its criminal customer for a cherry picker he saw on eBay. A data disclosure from Devon and Cornwall Police revealed that the fraudster was able to bypass TSB's systems using a "made up" National Insurance number.

TSB agreed to reimburse Mr Mackenzie the full amount, along with £300 and interest.

(1st December 2017)


RECORD INCREASE IN "MONEY MULE" CASES AMONG UK YOUNG PEOPLE
(The Guardian, dated 27th November 2017 author Vikram Dodd)

Full article [Option 1]:

www.theguardian.com/uk-news/2017/nov/27/rmoney-mule-uk-young-people-bank-accounts

Record numbers of young people are letting their bank accounts be used by criminals engaged in terrorism and other serious offences, it has been claimed.

The past year saw a 105% increase in cases of "money muling" for those aged 21 years or under, to 6,484 cases, where seemingly innocent bank accounts are used to launder criminal proceeds.

Simon Dukes, chief executive of Cifas, the UK's fraud prevention service, said: "The criminals behind money mules often use the cash to fund major crime, like terrorism and people-trafficking. We want to educate young people about how serious this fraud is in the hope that they will think twice before getting involved."

Cifas says there were 8,652 cases of bank accounts belonging to 18- to 24-year-olds being misused in the first nine months of this year, a 75% increase in the last 12 months. That is double the number in 2013 when there were 4,315 cases.

Experts say one fraud asks people to reply to job adverts or social media posts that promise big sums of money way in excess of the work that will be needed.

Katy Worobec, head of fraud and financial crime prevention, at UK finance, which represents banking and financial companies, said: "Money muling is money laundering and criminals are using young people as mules in increasing numbers. We know that students are particularly vulnerable as they are often short of cash.

"When you're caught, your bank account will be closed, making it difficult to access cash and credit. You could even face up to 14 years in jail. We're urging people not to give their bank account details to anyone unless they know and trust them. If an offer of easy money sounds too good to be true, it probably is."

(1st December 2017)


PENSION REGULATOR WARNS FRAUDSTER WEBSITES CARRY ANTI-SCAM MESSAGE
(FT Adviser, dated 4th September 2017 author Maria Espadinha)

Full article [Option 1]:

www.ftadviser.com/pensions/2017/09/04/regulator-warns-fraudster-websites-carry-anti-scam-message/?mc_cid=bdd1075ef4&mc_eid=f46eab0a3f

uaware note : Article forwarded via National Trading Standards alert 44

A number of suspected scam websites have been referred to The Pensions Regulator (TPR) over the suspicion they are being dressed up as legitimate investment vehicles.

The Pensions Regulator is warning rogue pension websites are carrying anti-scam messages to try to trick consumers into thinking they are legitimate entities.

This warning comes after the government announced it was introducing a cold calling ban, which will also include texts and email.

The new legislation will also include tighter rules to prevent the opening of fraudulent pension schemes and restrictions to prevent transfers into scam schemes.

According to experts, some of the new rules might be introduced as soon as this week in the second Finance Bill of the year.

The Pensions Regulator is currently leading the multi-agency Project Bloom taskforce, which was set up to tackle pension scams.

It includes the Department for Work & Pensions, HM Treasury, the Financial Conduct Authority, HM Revenue & Customs, the Serious Fraud Office, City of London Police, the National Fraud Intelligence Bureau, The Pensions Advisory Service and the National Crime Agency.

Some of the rogue websites are even carrying the Bloom campaign's anti-scam material without TPR's consent, the regulator said.

Some even imply they are regulated by carrying warning messages designed to prevent people falling victim to scams, such as making reference to the tax implications over accessing your pension before the age of 55 and the danger of cold-callers.

According to Lesley Titcomb, chief executive at TPR, "these sites are wolves in sheep's clothing, lying in wait for unsuspecting victims by portraying themselves as being beyond reproach".

She said: "The truth is that this next generation of scam sites poses a real threat to people's financial futures and should be avoided."

According to government figures, almost £5m was obtained by pension scammers in the first five months of 2017.

It is estimated that £43m has also been unlawfully obtained by scammers since April 2014, with those targeted having lost an average of nearly £15,000.

The regulator is working closely with government, enforcement agencies and key financial service bodies to bring scammers to justice and, through its Scorpion campaign, to help the public protect themselves from scams, Ms Titcomb added.

Malcolm McLean, senior consultant at Barnett Waddingham, said scammers "are pretty clever people" and savers "need to very wary".

He said: "It is very clear that the original messages [on scams] are applicable here - if someone contacts you out of the blue, without any approach from you in the first place, then you should be extremely suspicious and in most cases, do not deal with them at all."

Even after the ban on cold calling in implemented, saver need to continue to be cautious, Mr McLean said.

"The ban on cold calling is only going so far, the calls will still be coming in, it is just that it will be against the law to do that," he added.

Where the regulator finds such rogue websites, it will demand they immediately cease using material that TPR owns and will investigate with other agencies whether further action, such as legal proceedings, should be launched.

The regulator is also updating its own portal with more information on these rogue websites.

(1st December 2017)


TELEPHONE SCAM TARGETING PEOPLE IN CORNWALL STARTS WITH APPARENT MESSAGE FROM "HM CUSTOMS AND EXCISE"
(Cornwall Live, dated 22nd September 2017 author Graeme Wilkinson)

Full article [Option 1]:

www.cornwalllive.com/news/cornwall-news/telephone-scam-warning-customs-cornwall-518259?mc_cid=e141e2bbf3&mc_eid=f46eab0a3f

uaware note : Article forwarded via National Trading Standards alert 45

People are being urged not to fall for this latest telephone scam, which is ingeniously simple and preys on our respect for authority and curiosity.

Alarm bells should ring as the scam begins with an improbable recorded-message from a man stating to be from HM Customs and Excise.

The call alerts the householder that the Government agency is poised to take legal action and then invites the listener to press a key to speak to the case manager. And there is the trick - if the householder presses a button, the call connects to a premium line from which the scammers make money.

The call alerts the householder that the Government agency is poised to take legal action and then invites the listener to press a key to speak to the case manager. And there is the trick - if the householder presses a button, the call connects to a premium line from which the scammers make money.

"This is a scam, if you also get this call don't press 1. It can cost you a lot of money. Just hang up. If you have call identify, it comes up as International."

Always remember - If any agency is going to take legal action against you, they will do so by post.

(1st December 2017)


"DO YOU DO A BINGO NIGHT ?" THE NEW ZEALAND CHATBOTS DESIGNED TO SCAM THE SCAMMERS
(The Guardian, dated 10th November 2017 author Eleanor Ainge Roy)

Full article [Option 1]:

www.theguardian.com/world/2017/nov/10/new-zealand-chatbots-artificial-intelligence-scam-conversations

Thousands of online scammers around the globe are being fooled by artificial intelligence bots posing as New Zealanders and created by the country's internet watchdog to protect it from "phishing" scams.

Chatbots that use distinct New Zealand slang such as "aye" have been deployed by Netsafe in a bid to engage scammers in protracted email exchanges that waste their time, gather intelligence and lure them away from actual victims.

Cyber crime costs New Zealanders around NZ$250m annually. Computer programmers at Netsafe spent more than a year designing the bots as part of their Re:scam initiative, which went live on Wednesday.

Within 24 hours 6,000 scam emails had been sent to the Re:scam email address and there were 1000 active conversations taking place between scammers and chatbots.

So far, the longest exchange between a scammer and a chatbot pretending to be a New Zealander was 20 emails long.

The bots use humour, grammatical errors and local slang to make their "personas" believable, said Netsafe CEO Martin Cocker. As the programme engages in more fake conversations with scammers overseas, its vocabulary, intelligence and personality traits will grow.

Cocker says if the scammers aren't astute or paying attention, the exchanges could go on for a "very very long time".

"We are really concerned about the growth of predatory email phishing, while victims remain essentially powerless," said Cocker.

"Everyone is susceptible to online phishing schemes and no matter how tech savvy you are, scammers are becoming increasingly sophisticated. Re:scam will adapt as the scammers adapt their techniques, collecting data that will help us to keep up and protect more people across New Zealand."

Cocker said Netsafe had designed a bot that was as convincing and long-winded as possible, asking scammers a seemingly never-ending series of benign questions.

"Dear Illuminati, what a wonderful surprise," wrote a Re:scam chatbot responding to a scammer offering $5m.

"I'd love to join your secret club. Do you do a bingo night?"

"There is not bingo night," replied the scammer.

"Please complete attached form with bank details for your recieve full payments of 5 million."

"Terrific!" replied the Re:scam chatbot.

"But to avoid detection I am going to send my bank details through one number at a time. Ready? 4..."

"That is not nessasary," replied the scammer.

"7" said the bot.

Cocker says the bot works particularly well because New Zealand isn't targeted by any home-grown scammers - only those targeting the country from overseas.

"The bot does a pretty good job of impersonating how many New Zealanders would engage with scammers, it is fairly well-developed in terms of its phrasing and language and approach, so it is quite realistic," said Cocker.

Netsafe website : www.netsafe.org.nz/

-----------------------
EMAIL SCAMMERS TARGETED BY NEW BOT THAT INUNDATES THEM WITH ENDLESS ANNOYING QUESTIONS
(The Independent, dated 9th November 2017 author Aatif Sulleyman)

Full article [Option 1]:

www.independent.co.uk/life-style/gadgets-and-tech/news/re-scam-bot-email-scammers-questions-fraudsters-a8046731.html

An artificially intelligent bot that inundates email scammers with a never-ending stream of questions has been created.

Re:scam is designed to waste the time of the people behind email scams, and annoy them until they give up.

It's been developed by Netsafe, which says it's time regular web users "fought back".

At the time of writing, Re:scam has sent over 16,000 emails to scammers which, according to Netsafe's calculations, have collectively wasted more than 25 days of scammers' time.

"I adopt one of my many personalities to continue the conversations of any would-be victim," the bot, which also describes itself as "super-interested" and "a bit naive", says.

"I waste their time with a never-ending series of questions and anecdotes so that they have less time to pursue real people. Just like you, I mqke typos, and jokes that no one appreciates.

"They won't know when they're scamming, or getting scammed out of their own time. It's bad for business."

According to Netsafe, $12 billion is lost globally each year because of phishing scams.

The organisation is inviting anyone who thinks they've been targeted by a scam email to forward it to Re:scam, which will verify if it is a scam or not.

It will then use its own email address to target any scammers it manages to detect.

"Deleting a scam email protects you, but forwarding to me@rescam.org protects others," says Re:scam. "It's also kinda funny."

The chat bot "service", for bogus mail to : me@rescam.org

-----------------------

(1st December 2017)


WILL "OPEN BANKING" BE AN OPEN DOOR TO FRAUDSTERS ?
(Mail on Sunday / This is Money, dated 12th November 2017 author Laura Shannon)

Full article [Option 1]:

www.thisismoney.co.uk/money/meandmymoney/article-5072953/Fears-freeing-data-help-conmen.html

A new era of banking will be ushered in from January next year - and security experts say it could put people at greater risk of scams and identity theft.

Under new 'open banking' rules, Britain's biggest banks will be forced to share customer data with companies that demand it.

Providers of other 'payment accounts', such as credit cards and some savings accounts, will have to do the same under separate European Union legislation.

This is part of the Second Payment Services Directive, PSD2.

Some banks have already sent letters to customers warning that 'third parties' can access their personal data from January, and that account terms and conditions are being changed to reflect this.

Third parties could include price comparison websites, start-ups specialising in financial technology or rival banks.

Data can only be shared with a customer's explicit consent, which they might give if slick new online companies offer to help them budget and save more effectively.They can be reassured as the data will only be shared with third parties governed by regulator the Financial Conduct Authority.

But as the walls around banking are torn down, customers will need to put their guard up.

Security experts say cyber-criminals will seek fresh opportunities under open banking.

Hackers will turn their attention to smaller firms managing sensitive information and which have less robust security than banks. And new internet scams will surface at a time when data loss, theft and misuse is rife.

Stuart Poole-Robb, chief executive of internet security company KCS Group and a former MI6 intelligence officer, says: 'Because open banking means more data shared, this problem is going to get worse.

'It creates more points of failure. Either the bank is hacked and your data is compromised - or you approve it being passed to a new start-up, which is hacked and your data is compromised.'

Companies will be held accountable if data is lost or misused and banks have to pay refunds if customers dispute a payment. The technology behind open banking - Application Programming Interfaces (APIs) - is considered secure and makes data sharing possible. But no business is immune to hacking or scams.

Poole-Robb says: 'Banks and financial technology firms cannot protect you against something they do not know about.

'It is all very well having firewalls and encryption against known threats, but all organisations are susceptible to social engineering and unwittingly giving attackers footholds.'

If scammers use stolen data to dupe victims into handing over further sensitive information, those people are unlikely to get their money back. Individuals are also responsible for checking a website or app is legitimate. If it is a scam website, they lose protection from regulators. If it is genuine, customers have right to redress.

Customers also retain control over what information is shared, if any. Some might only agree to a third party accessing data as a one-off. Whatever they decide, banks will have to double-check with customers first.

Providers have strong incentives to look after data, beyond protecting their brand reputation, as data protection laws become stricter from May next year.

They could be forced to pay penalties of up to €20 million (£18 million) - or 4 per cent of turnover for any sloppy practices that breach rules.

Online payments will also be subject to more rigorous checks under EU law, but these guidelines will not appear until later next year.

SCAMS TO WATCH OUT FOR

Phishing

Consumers will need to be vigilant about a new wave of 'phishing' fraud. This is where cyber-crooks use confidence tricks to reel in people's account passwords.

For example, they might imitate a high street bank in an email and suggest there are security concerns with a customer's account.

Victims are persuaded to click on a link and verify their identity by entering account log-in details.

Criminals can use those details to access a person's account and drain it of funds.

Banks will not refund customers who are thought to have been careless with passwords.

Nor will they help if a victim has been tricked into authorising a payment to a fraudster believing it to be the account of a genuine person or business.

New figures show this type of scam has cost more than 19,000 people £100 million in the first six months of 2017 alone. Tony Neate, of GetSafeOnline, a website offering advice and support to consumers, says: 'Security has been looked at seriously with regard to open banking but it is always a concern.

'This is something we are going to have to look out for because there are new opportunities for criminals to apply old tricks.

'Never give away your user name and password.'

Identity theft

Hackers stealing data could also sell it to fraudsters, who use it to steal a customer's identity.

Only a few details - such as name, address and date of birth - need to fall into the wrong hands to create a ripple effect of problems.

Fraudsters use the information to take out loans and credit cards in that person's name.

Victims then see unusual transactions on their accounts, receive bills for goods they did not buy and are refused financial deals such as credit cards and loans despite previously having a good credit rating.

Clearing up a trail of problems caused by identity theft is not an easy task and can cause administrative headaches for years.

KNOW THE SIGNS OF FRAUD


A campaign called 'Take Five' encourages the public to be vigilant about scams. It is run by Financial Fraud Action UK - which represents banks and financial companies.

Criminals play on fear and create a sense of urgency in their stories to make victims act without thinking.

Typically, they claim customers' money is at risk and advise quick action is needed to safeguard funds.

The campaign reminds people to always take a step back and think about what is being asked of them. Actions such as clicking on a link, requests to move money to a 'safe account' and demands for personal information should all sound alarm bells.

Find out more at takefive-stopfraud.org.uk. You can also learn more about a wide range of scams at getsafeonline.org and actionfraud.police.uk.

WHAT IS HAPPENING?


Open banking and the Second Payment Services Directive are the twin laws bringing change.

Banks and building societies will have to share data with third parties - if customers give permission.

Consumers might choose to share their current account history if it means saving money or budgeting more effectively. The nine largest current account providers ordered to take part in open banking are: Allied Irish Bank Group, Bank of Ireland, Barclays, Danske, HSBC, Lloyds Banking Group, Nationwide Building Society, RBS and Santander.

Comparison websites like MoneySuperMarket and GoCompare are likely to be the ones asking for access to data, as well as small start-ups specialising in financial technology.

For example Yolt, owned by ING Bank, is a money management app giving customers a view of all their accounts and credit cards in one place. It has just added digital challenger Starling Bank - a mobile-only current account provider - to its list of partners.

HSBC and its subsidiary online bank First Direct are already testing out new apps that give customers a broad view of all accounts - even from rivals.

WHAT WILL IT LOOK LIKE?


Customers can see multiple accounts in one place using just one phone app.

Within that same app customers might be able to compare deals across the whole of the market based on their personal history of income and spending.

Customers could then switch products and transfer money while borrowers should quickly find providers prepared to lend to them.

Imran Gulamhuseinwala, of the Open Banking Implementation Entity, in charge of delivering the initiative, says: 'Open Banking has potential to change retail banking forever. We will for the first time put customers in control of their data, privacy and finances.'

Debit and credit cards could also be made redundant in online shopping as part of law changes which let shoppers pay a retailer directly from their bank account.

Tech savvy customers are likely to be winners from the reforms - while the digitally shy face having to adapt or risk being left behind. Losers might also be those excluded from the best deals if the technology assesses them to be an unprofitable bet.

WHY IS REFORM NECESSARY?


Drastic action is needed to challenge the complacency of banks.

That was the conclusion of a report published last year by regulator the Competition and Markets Authority.

Few current accounts are switched - less than 2 per cent a year. Such apathy means many customers get a poor deal.

Overdraft users could benefit most from easier switching - saving £180 a year each if nudged towards cheaper accounts.

HOW TO SURVIVE CHANGE

- Do nothing if 'open banking' worries you. David Firth, of credit reference agency Callcredit, says: 'No one can be forced to use open banking. You will need to opt in.' Companies will require permission to access your data.

- Consider switching before the reforms take hold. Comparison website GoCompare's 'midata' tool can already find you a better account based on account history.

- Check out challenger banks such as M&S Bank, Metro, Virgin Money, Tesco Bank and Handelsbanken or new online providers Atom, Starling and Monzo.

- Use the free automatic Current Account Switch Service, which safeguards the process.

- Be scam-aware. Never surrender log-in and password details. Find extra guidance from getsafeonline.org or takefive-stopfraud.org.uk.

- Report any concerns about data misuse to watchdog the Information Commissioner's Office at ico.org.uk.

- Make sure companies are regulated by checking the register fca.org.uk

(1st December 2017)


EMPLOYMENT FRAUD ALERT
(Action Fraud, dated 13th November 2017)
www.actionfraud.police.uk

The National Fraud Intelligence Bureau (NFIB) has identified a number of reports where job seekers are being targeted by fraudsters trying to obtain personal and banking details from them, or requesting money to secure accommodation.

Individuals registering with job seeking websites or searching for jobs on The Student Room website are being contacted by bogus recruitment companies/businesses asking them to complete application and interview forms which request personal details and banking details, as well as copies of identity documents.

In some instances the applicant is invited along for interview, either in person or over the phone, to make the process look as legitimate as possible. This is impacting on students and graduates looking for work both in the UK and overseas. Some job seekers, as well as divulging personal details, have paid money to the fraudsters in order to secure a bogus rental property alongside the job offer.

How to protect yourself:

- Check emails and documents from the recruiter for poor spelling and grammar - this is often a sign that fraudsters are at work.

- If visa fees are mentioned, ask the embassy representing the country where you believe you will be working how to obtain a visa and how much it costs. Check that the answers the potential employer or recruiter gave you are the same - if they're not, it may be a sign of fraud.

- Carry out thorough research to confirm that the organisation offering you the job actually exists. If it does exist, contact the organisation directly using contact details obtained through your own research or their website to confirm the job offer is genuine.

What to do if you're a victim:

- If you think your bank details have been compromised or if you believe you have been defrauded contact your bank immediately.

- Stop all communication with the 'agency' but make a note of their details and report it to Action Fraud.

- Warn the operators of the job website you used that their site is being used by fraudsters.

- If you have been affected by this, or any other type of fraud, report it to Action Fraud by visiting www.actionfraud.police.uk or by calling 0300 123 2040.

(1st December 2017)


FRAUDSTERS ARE PRETENDING TO HAVE WON THE LOTTERY IN A SCAM WHICH HAS COST SOME VICTIMS UP TO £5,000
(Mirror, dated 13th November 2017 author Dave Burke)

Full article [Option 1]:

www.mirror.co.uk/news/uk-news/fraudsters-pretending-won-lottery-scam-11514046

Scammers claiming to be illegal immigrants with winning lottery tickets have conned elderly victims out of thousands of pounds in an alarming plot.

Criminals have repeatedly preyed on elderly people by convincing them to hand over cash and jewellery after asking for their help, detectives revealed.

Some have lost up to £5,000 after being targeted, and police have appealed for people to be on the lookout for the heartless scam.

The conmen approach their victims pretending to have won huge sums on the National Lottery, but claim they cannot claim their prize because they are not in the UK legally.

The fraudsters ask victims to claim the prize money on their behalf, in exchange for a share of the spoils.

In some cases, an accomplice pretends to be interested, in order to convince the victim that it is genuine.

Victims are persuaded to hand over valuables as 'insurance' - only to learn that the lottery wins are complete fiction.

Officers from Hertfordshire, where at least five cases have been reported, are investigating.

A force spokeswoman told Mirror Online that victims are approached face-to-face.

She said detectives in neighbouring Bedfordshire have been made aware of the trick, but it is not known if it has been attempted elsewhere in the country.

Detective Constable Kirsty Rusbridge said: "This is the first time we have seen this method being used in Hertfordshire and we want to get the message out to people to help prevent them from falling prey to these callous fraudsters.

"It has been reported that the offender often has an accomplice who poses as a member of the public, keen to take up the offer.

"If you are approached in similar circumstances, please don't hand over any cash or belongings and contact police straight away."

"Please also share this advice with neighbours, friends and relatives so we can spread the word as far as possible."

(1st December 2017)


SCAM VICTIMS WHO "FAIL TO TAKE REASONABLE CARE" WILL NOT GET A PENNY IN COMPENSATION
(The Telegraph, dated 8th November 2017 author Katie Morley)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/11/08/scam-victims-fail-take-reasonable-care-will-not-get-penny-ofcompensation/

Scam victims who fail to take "reasonable care" to protect themselves against criminals will not get their money back under a formal compensation scheme being designed by watchdogs.

From next year, an anti-fraud revolution will see consumers who have been conned into transferring money to fraudsters reimbursed by their bank - but only if they can prove that they did not act recklessly.

Victims who have lost life-changing amounts could be denied a single penny of compensation if they did not conduct "common sense" checks, such as spotting bogus email addresses or account details and names that do not correspond.

The plans are being drawn up by the Payment Systems Regulator (PSR) to curb a growing fraud epidemic in which criminals posing as legitimate organisations are extracting £200million from 40,000 victims every year.

Consumer groups said bank customers who fall for scams should not be blamed and called for banks to take the responsibility.

The fraud usually involves email interception or some form of trickery, whereby the victim unknowingly sends money to a criminal's account, meaning they are often unaware of the scam until it is too late.

Gareth Shaw, the Which? Money Expert, said: "These scams have become so complex and believable that many consumers couldn't be expected to spot them. Banks should consider introducing additional checks - such as delayed payments or third party signatures - with extra focus on protecting vulnerable customers."

James Daley, director at Fairer Finance, a consumer group, said: "The test should be how far did the bank go to stop the scam, not how far did the consumer go.

"It is perfectly possible for banks to install enough checks to fully put an end to this and the test should be how far have they gone - not how far have consumers gone. Losing their life savings is far too high a penalty for customers who have been negligent and this should not happen."

At present, just one in four victims are reimbursed, but this figure is set to rise considerably. The action follows a "super-complaint" by Which? over concerns people were being conned out of huge sums of money with no hope of compensation.

The PSR said it was considering changing the law to allow criminal funds frozen in bank accounts to be used to compensate victims.

The Telegraph has previously called for regulators to act to stop consumers being tricked as we have heard from dozens of consumers swindled by tricksters posing as solicitors, investment professionals, government departments and salesmen.

In one shocking case, a woman lost £130,000 in a sophisticated solicitor scam and reported it to First Direct, her bank, only to be told the fraud team had finished for the night.


Bank transfer fraud - How you can be targeted


Consumers have to be on guard every time they are asked to make a bank transfer as fraudsters grow evermore sophisticated and target their victims in a number of ways.

Conveyancing fraud:

Property buyers and sellers are at risk of losing life-changing sums should they become victims of "conveyancing fraud".

Criminals are able to hack into online systems and intercept emails between clients and solicitors just before completion.

They replace the details of the account where the payment is due with their own so the unsuspecting victims often pay hundreds of thousands of pounds into the fraudster's account. In the numerous cases reported by Telegraph Money this money is never reimbursed.

Rental fraud:

Potential tenants are tricked into transferring an upfront fee by bank transfer to a fake landlord or rental firm ahead of a property viewing. The fraudster then disappears.

Overpayment fraud:

Landlords have also been targeted by fraudsters. One bed and breakfast owner was sent a bank draft by a "customer" which amounted to more than the cost of the room. She transferred the excess £1,400 back to the fraudster. She later discovered the bank draft was fraudulent. Her bank refused to reimburse her.

Online marketplace fraud:

Countless readers have reported paying fake sellers on eBay, Gumtree, Amazon for items that fail to arrive.

Some of the largest losses are related to vehicle purchases where the fraudster asks for an upfront payment by bank transfer and promises to deliver the car on an agreed day. Victims only realise the ruse when the car does not show up and the seller disappears.

Those who buy vehicles on eBay are not eligible for its Money Back Guarantee which applies to most items paid for through the platform using PayPal. Motors should be viewed in person before the money is handed over directly to the seller.

Telegraph Money readers have also reported similar scams on Airbnb, the accommodation booking site. Fraudsters posing as hosts trick users into making bank transfers outside of the site for properties that don't exist.

Airbnb said hosts and guests are protected by making payments through its site.

BANK TRANSFER FRAUD - THE NUMBERS January - June 2017 (Source : UK Finance)

n = Personal (n) = non-personal

Total Cases : 17,064 (2,306)
Total Victims : 16,993 (2,244)
Total Lost : £51.7m (£49.5m)
Total returned to victim : £9.8m (£15.4m)

(1st December 2017)


DON'T FALL FOR THIS WHATSAPP SCAM POSING AS FREE £250 VOUCHERS FOR ASDA AND TESCO
(International Business Times, dated 6th November 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/dont-fall-this-whatsapp-scam-posing-free-250-vouchers-asda-tesco-1646110

Dozens of social media users have spoken out in frustration after receiving scam messages on WhatsApp and Facebook that claim to offer free £250 vouchers for UK supermarkets.

In every instance, a suspicious link will lead victims to an external website asking for the recipient's personal details. If entered, the information would be sent to the digital fraudsters. To date, it has been spotted posing as retailers including Asda, Tesco and Marks & Spencer.

Based on numerous screenshots posted by those who have received the scam messages, there are a number of variations currently in circulation.

Some are text-based and others are disguised as a customer survey. One asks the victim to share the text with 20 friends to claim the non-existent money.

Experts advise that recipients delete the texts.

"Hello, Asda is giving away £250 free voucher to celebrate 68th anniversary, go here to get it. Enjoy and thanks me later!" one version reads, alongside a link to the phishing website.

UK internet watchdog Action Fraud confirmed Asda was not the only retailer to be used as a lure.

"WhatsApp supermarket voucher scams are back! So far we've seen M&S, Tesco & Asda variations! Don't click the link or forward to friends," it tweeted Monday (6 November).

Meanwhile, social media was buzzing with complaints about the messages.

"Getting lots of scam messages about Asda/Tesco vouchers through different contacts on #whatsapp - just a warning! #ScamAlert" tweeted Leah Smith. "The Asda scam on WhatsApp is doing my head in ... please stop," vented another Twitter user called Samantha Cutts.

Responding to one direct complaint on Twitter, the Asda service team wrote: "Unfortunately this was not sent by ourselves and I would advise you to ignore and delete this message."

It's not the first time Action Fraud has spotted such a scam. In October last year a similar scheme was in circulation, posing as WhatsApp links to voucher deals for Sainsbury's and Topshop.

"Once you click on the malicious link fraudsters also collect personal information from your device by installing cookies on your phone that track you, or add browser extensions that can be used to show you advertisements," it wrote in a blog post at the time.

To report a fraud and cybercrime and receive a police crime reference number, call Action Fraud on 0300 123 2040 or use its online fraud reporting tool.

(1st December 2017)


OCTOBER 2017


IF YOU RECEIVE THIS "SPEEDING TICKET" BY EMAIL DO NOT OPEN IT
(Metro, dated 28th October 2017 author Tanveer Mann)

Full article [Option 1]:

http://metro.co.uk/2017/10/28/if-you-receive-this-speeding-ticket-by-email-do-not-open-it-7035368/

If you receive an email that looks like it's a speeding ticket from police, do not open it.

It's a scam and could cause you to lose a lot of money.

The bogus email is circulating to motorists in an attempt to extort money from them by claiming they were caught speeding.

The letter, titled Notice of Intended Prosecution and featuring a gov.uk logo, reads: 'In accordance with Section One of the Road Traffic Offenders Act 1988 we hereby inform you that it is intended to take proceedings against the driver of motor vehicle.

Greater Manchester Police has now warned people to be aware of the speeding scam and urged people not to open the email as it is clearly a fake email.

Police in Bedfordshire, Hertfordshire and Cambridgeshire have also advised motorists to be alert to the scam and how to spot the signs.

A spokesman for Hertfordshire Constabulary said: 'A legitimate Notice of Intended Prosecution would never display the GOV.UK logo.

'The Road Traffic Act 1988 states that the notice must be served 14 days after the alleged offence in the form of a physical letter sent via first class post.

A NIP sent from Bedfordshire Police, Cambridgeshire Constabulary or Hertfordshire Constabulary would always display the CTC unit's logo and contact details.'

(1st November 2017)


THIRD OF CHARITY FRAUD INVOLVED VOLUNTEERSOR STAFF, REPORT CLAIMS
(BBC News, dated 27th October)

Full article [Option 1]:

www.bbc.co.uk/news/uk-41772294

A third of charity fraud cases in England and Wales are suspected to involve staff, trustees or volunteers, the charity watchdog has claimed.

The Charity Commission report said organisations should stay alert to "insider fraud", and make sure that "mutual trust" is not abused.

The commission said crimes committed could be opportunistic or due to a lack of charity oversight.

The organisation also issued an appeal on insider fraud incidents.

The statistics relate to instances of fraud between April 2015 and March 2016.

Director of investigations Michelle Russell said charities were trusting as they were "committed to making a difference in society".

But she added: "Unfortunately, for a range of reasons, that mutual trust can be abused. The reality is insider fraud does happen in charities.

"Ultimately, whether it happens in a small charity with no employees or a multi-million pound household name, fraud diverts money away from those the charity is helping and who need it."

The warning to charitable organisations comes as the boss of a defunct Welsh charity was jailed for five years for embezzling £1.3m to fund his lavish lifestyle.

Robert Davies, 50, who worked for Swansea-based Cyrenians Cymru admitted fraud by abuse of position and was sentenced at Cardiff Crown Court in July.

He spent £100,000 on boats, £26,000 on airfares and £80,000 staying at The Savoy Hotel in London.

The charity, which tackled homelessness in Swansea, south west Wales, collapsed in 2015.

Mr Davies's offences were committed between 2008 and 2014.

The Charity Commission has urged donors to be vigilant and watch out for sudden lifestyle changes in its volunteers and staff.

It added that strange behaviour or unexplained cash withdrawals could be a sign of insider fraud.

Ms Russell added: "Our aim is to help charities increase their own resilience to this kind of abuse and protect donors' valued funds as well as protect public trust and confidence in charities."

(1st November 2017)


NEW GIVING SAFELY GUIDANCE ON DONATING TO UK CHARITIES
(Fraud Advisory Panel notification, dated 26th October 2017)

Charities do vital work. They need our donations. But charities and their supporters are also targets for criminals. Fraudsters eagerly exploit our trust and compassion to steal donations and undermine the important work that charities do.

As part of National Charity Fraud Awareness Week the Fraud Advisory Panel has joined forces with police, regulators and other stakeholders to issue simple fraud prevention advice for anyone wanting to donate on the doorstep, on the street or online, helping donors make sure their money really does reach those who need it.

David Kirk, Chairman of the Fraud Advisory Panel said: "The vast majority of fundraising activities are legitimate but fraudsters are expert at hijacking our kindness and diverting our charitable donations into their pockets. Cruelly, they are especially active during a crisis or tragedy. But making sure our donations really do reach the causes we care about is easier than most people realise. For example:

- Ignore unsolicited emails, texts or social media messages/posts from charities you've never heard of or have no association with.

- Protect your personal information - never reveal passwords or PINs.

- Watch out for tell-tale signs like spelling or grammar mistakes in the literature, photocopied IDs and unsealed collection buckets.

- Don't feel under pressure - take your time to make a considered, informed decision."

The Fraud Advisory Panel, Get Safe Online and GoFundMe have also simultaneously released five tips for donating safely through crowdfunding sites.

Kirk explains that it is vital we don't simply stop giving: "Charities need our support more than ever in these difficult times. But we can all keep donating and make life a lot harder for the charity fraudster by taking the straightforward precautions listed in this new guide."

Fraud advisory panel website : www.fraudadvisorypanel.org

(1st November 2017)


MILLENIAL CYBER CRIME VICTIMS LOSING £612 EACH AS THEY FALL FOR "FAMILY AND FRIENDS" FRAUD
(The Telegraph, dated 23rd October 2017 author Katie Morley)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/10/23/millennial-cyber-crime-victims-losing-612-fall-family-friends/

Young people are losing three times as much money to online scams as their parents' generation because they are more easily tricked by "family and friends" fraud, a study has found.

A survey of fraud victims by Get Safe Online found under 25s typically lose £613 per scam, compared to over 55s who hand over £214 on average.

This is because they are more likely to fall for so-called "phishing" scams where criminals hack into people's social media accounts and purport to be them to persuade their friends and family to transfer them money.

Scammers lure in victims by tricking them into believing that their loved ones are in dire financial trouble, or that they are seriously ill abroad and need money for treatment.

More than one in ten 18-24 year olds have fallen victim to phishing scams, compared to just one in 20 55+ year olds, according to Get Safe Online.

Older victims were more likely to fall for scams in which criminals pretend to be household name companies, it found.

Overall, half of all Brits have been targeted, with eight per cent of the UK population falling victim to the cybercriminals, but Millennials are now more likely than pensioners to be targeted by fraudsters for the first time.

In August analysis of millions of credit files by credit checking firm, Experian, found people in their mid to late 20s had overtaken over 60s as the most likely age group to fall victim to fraud.

It comes after many years of elderly people being the biggest target. Tony Neate, CEO of Get Safe Online; "Younger people have grown up with smart phones and tablets as well as social media which means they are always online in some way or another.

Naturally, that means there are much more opportunities for scammers to target them.

"Secondly, young people are so comfortable with technology and using new devices or platforms. On the one hand this is great, the UK needs a digitally savvy population but on the other hand, it can make younger people more complacent to risk - they just don't believe that they could be caught out by a cyber crime. The assumption is that it's only older people are the only victims of online scams.

"Lastly, there is also an outdated idea that a scam email isn't targeted or sophisticated. For example, the ones that come from rich kings who have been forced into hiding and want to use our bank accounts to hide their millions in, with a handsome fee offered as a thank you. Although these types of emails are still doing the rounds, cyber criminals have become way more sophisticated in their approach."

(1st November 2017)


SIX FAKE HMRC MESSAGES THAT ARE CATCHING PEOPLE OUT
(The Telegraph, dated 18th October 2017 author Sophie Christie)

Full article [Option 1]:

www.telegraph.co.uk/tax/income-tax/pictures-six-fake-hmrc-messages-catching-people/

Note : The orignal article contains photographic examples of scams emails and nine email addresses to avoid.

HM Revenue & Customs has published example images of fake emails and text messages on its website in the hope that it will show people how convincing bogus messages can be.

While various fraud prevention bodies have published a plethora of images of fake messages claiming to be from the taxman, it is thought to the first time HMRC has published its own illustrations.

As well as showing some of the fake tax rebate messages people have reported receiving, HMRC publicised a number of convincing email addresses commonly used to distribute scam emails, including refunds@hmrc.gov.uk and rebate@hmrc.gov.uk.

HMRC said: "We'll never send notifications of a tax rebate or refund by email, or ask you to disclose personal or payment information by email. Don't visit the website within the email or disclose any personal or payment information."


'Phishing' emails

This is an example of an HMRC related "phishing" email scam and associated phishing website designed to trick people into handing over their card details or other financial information.

Phishing refers to emails sent out that contain either links or attachments that take you to a website that looks like your bank's, or installs malware on your computer system. A report by Verizon into data breach investigations has shown that nearly one in four (23pc) people open phishing emails.

HMRC said it has also been alerted to a phishing campaign advising customers they need to "download a PDF attachment" in order to receive a tax refund. This attachment contains a link to a phishing site requesting personal or financial information, and recipients should neither respond to the email or download the attachment.


Text messages

While the taxman may occasionally issue text messages, it will never request personal or financial information.

"If you receive a text message claiming to be from HMRC offering a 'tax refund' in exchange for personal or financial details you should not respond, and don't open any links contained within the message," it said.

Social media scams

Scams are no longer confined to text messages and emails, with social media platforms an increasingly popular way for criminals trying to fool people into handing over valuable information.

On Twitter, for example, crooks have been known to send direct messages to unsuspecting users offering a tax refund, even though HMRC would never offer a tax rebate or request information via a social media channel.

Export clearance process emails


Emails which claim that goods have been withheld by customs and require a payment before release are known as "419 scams".

They typically ask recipients to provide their personal and financial information, or to make an upfront payment, in exchange for fictitious items, including prize money, seized goods or packages, and inheritance payments.

In addition to scam emails, texts and social media messages, HMRC warned of bogus callers that leave recorded messages claiming to be from HMRC.

These callers may encourage victims to provide bank account or personal information in exchange for "tax advice" or a pretend refund, or they may say that HMRC is filing a lawsuit against them and that they must make immediate payment or police will be sent to their home.

Elderly and vulnerable people are most likely to be victims of this specific scam, HMRC said.

(1st November 2017)


FRAUDSTERS CLAIMING TO BE FROM HMRC
(Action Fraud, originally June 2017)

- Fraudsters are contacting the elderly and vulnerable claiming to be from HM Revenue & Customs.

- Victims are being told they have arrest warrants, outstanding debts or unpaid taxes in their name.

- The fraudsters are asking victims to purchase iTunes gift cards as payment.

- There are a variety of methods being used including calls, texts and voicemails.

Action Fraud is warning people once again of scammers contacting victims claiming to be from HM Revenue & Customs (HMRC) that trick people into paying bogus debts and taxes using iTunes gift cards.

Victims are being contacted in a variety of methods by fraudsters claiming to be from HMRC and are being told they owe an outstanding debt. In most cases they ask for payment in iTunes gift card voucher codes.
Fraudsters like iTunes gift cards to collect money from victims because they can be easily redeemed and easily sold on. The scammers don't need the physical card to redeem the value and instead get victims to read out the serial code on the back over the phone.

Methods fraudsters use:


- Spoofed calls: Fraudsters cold call victims using a spoofed number and convince them that they owe unpaid tax to HMRC.

- Voicemails: Fraudsters leave victims automated voicemails saying that they owe HMRC unpaid taxes. When victims call back on the number provided, they are told that there is a warrant out in their name and if they don't pay, the police will arrest them

- Text messages: They may also use text messages that ask victims to urgently call back on the number provided. When victims call back, they are told that there is a case being built against them for an outstanding debt and they must pay immediately.

One 87 year old victim recently told the BBC he was phoned by fraudsters who claimed to be from HMRC stating there was an arrest warrant out in his name. They told him it would be cancelled if he bought £500 in iTunes gift cards at Tesco.

The man bought the cards and gave them the serial numbers. But when they asked for a further £1,300 in vouchers, he became suspicious and hung up.

How to protect yourself:

- HMRC will never use texts to tell you about a tax rebate or penalty or ever ask for payment in this way.

- Telephone numbers and text messages can easily be spoofed. You should never trust the number you see on your telephones display.

- If you receive a suspicious cold call, end it immediately.

(1st November 2017)


WE LOST £120k IN AN EMAIL SCAM BUT THE BANKS WON'T HELP IT BACK
(The Guardian, dated 21st October 2017 author Miles Brignall)

Full article [Option 1]:

www.theguardian.com/money/2017/oct/21/couple-lose-120000-email-hacking-fraud-legal-sector

It is the worst case of email intercept fraud that Money has ever featured. An Essex couple have lost £120,000 after sending the money to what they thought was their solicitor's bank account, but which instead went to an account in Kent that was systematically emptied of £20,000 in cash every day for the next six days.

Peter and Alice Scott (not their real names), who live near Chelmsford, say they are "simply staggered" at the lack of response by the banks and the police after they unwittingly became the latest victims of email hacking fraudsters who have been targeting solicitors across the UK.

The couple's story will serve as a warning to anyone about to send a large sum of money to a solicitor. It also exposes systemic flaws in the banking system that make it easy for fraudsters to operate unchecked and banks' indifference to customers who have lost life-changing sums of money.

The extraordinary story started in late August when Peter telephoned his family's long-used firm of solicitors, Steed & Steed, based in Braintree, Essex. He rang because he was due to pay his grandmother's inheritance tax bill to HM Revenue & Customs and needed the law firm's bank details. Later that morning, an email duly arrived with the firm's account and sort code detailed in a Word file attachment. This was the first contact he had had with anyone at the law firm, he says.

Three days later, Peter went to the Braintree branch of Lloyds bank where he instructed staff to make a Chaps electronic payment for £120,000 to Steed & Steed, handing over the account details he had been sent in the email and his debit card. Eight hours later he received a text message from Lloyds to say the funds had been transferred to the receiving account.

"When I got home I emailed Steed & Steed to confirm I had made the payment and later received a reply from it confirming the funds had been received. A week later my wife asked me why we had not yet received a receipt from the solicitor so I called the firm and, to my shock, I was told it had not received the funds. At first I thought it was an error and went straight to the Lloyds branch," he says.

Within a few hours the true horror of what had happened emerged. The email from Steed & Steed had been hacked and what Peter had been sent was the fraudster's account details, to which he had sent the £120,000.

Through his contacts he was able to establish that the account the money had been sent to was a NatWest business account in the name of Graceak Ltd. He was also able to establish that all of his £120,000 had gone from that account, as £20,000 had been withdrawn over six days. The company has since been dissolved, according to Companies House.

"The Lloyds bank manager called the fraud team and later apologised for what had happened," Peter says. "I felt it was a bit of an 'Oh well, I'm really sorry, but there's nothing we can do'. He advised me to call Action Fraud and the police. I left the branch feeling physically sick."

Since then he says he has been staggered at the lack of interest in the theft of what is a considerable amount of money.

"We feel let down by everyone involved. We have heard nothing from the police or Action Fraud even though we have the name and address of the woman who ran the company account to which my money was paid. Action Fraud told me there was no guarantee that the police would even look at my case, and if they did it may take up to eight weeks to start their investigation. I could not believe my ears."

Peter says Lloyds, which took eight hours to make the payment, did not carry out any checks to ensure the name of the firm to which the payment was to be made matched the account numbers, even though staff would have been aware that fraud in this area is rife. Lloyds did not appear to notice that it was paying Steed & Steed £120,000 in a NatWest account in Kent. He says he has since learned that the Steed & Steed account was held at that very branch in Braintree. The bank has declined all liability and told the couple they must to go to the Financial Ombudsman Service (FOS). They have been forced to borrow the £120,000 to make the original HMRC payment.

When staff at FOS look at this case, which could take months, they are likely to examine Lloyds' liability to the couple. UK Payments, the body that oversees banking payments, pointed us to the regulations that govern this area. These state that a bank has to "have made clear to their customer how a Chaps payment will be processed" and that the bank "will make a payment solely on the basis of a unique identifier and will not execute it on the basis of the intended recipient's name".

Meanwhile, the security or otherwise of Steed & Steed's email system is also likely to be investigated. In December 2016, regulatory body the Solicitors Regulation Authority warned that email hacks of conveyancing transactions had become the most common cybercrime in the legal sector. Firms are duty bound to inform the SRA if a client's money is lost in this way.

Steed & Steed declined to tell Money what steps it had in place to prevent email fraud. It said it would be "inappropriate for us to provide any comment due to reasons of confidentiality and the fact that this matter is under police investigation".

Lloyds similarly said it would not be commenting while the FOS investigation is ongoing.

NatWest said it had tried to help recover the couple's funds but that none had remained when Lloyds advised it of this case.

Richard Emery, an independent bank security expert who has helped previous victims featured in Money, has offered to look at the case. Money will be passing on his details to the Scotts.

Banking flaw that puts consumers at risk

The Scotts' story is a timely reminder to never trust an email containing bank or other payment request details and to always phone the person you want to pay to check the information before you send a significant sum.

In recent years Money has featured many cases of email interception fraud and the sums lost have been eye-watering. In January, Howard Mollett lost £67,000 after hackers gained access to his solicitor's email account. As a result, he sent his house purchase deposit to an account used by fraudsters. Last year, a north London couple lost £25,000 after conmen intercepted emails between them and their builder. They thought they had sent him a deposit allowing him to buy materials. Instead, the money was lost.

In each case the fraudsters exploited a little-known but significant flaw in the banking system - the name on a bank account does not have to match an online or Chaps payment request.

A person can put Mickey Mouse in a transfer mandate and the money will be paid to the account with that sort code and account number, irrespective of whether the name matches or not. Campaigners have described this flaw as a "fraudster's dream". Despite the fact that bank fraud is out of control, the Financial Conduct Authority, which oversees banks, has shown little interest in forcing them to match payment requests to account names. Experts say such a move would halt most of these frauds overnight.

Over a year ago, the consumer body Which? lodged a "supercomplaint" with financial regulators demanding banks do more to protect customers tricked into transferring money. So far no concrete measurers have emerged and consumers' losses grow every week.

(1st November 2017)


MODELLING JOBS ADVANCED FEE FRAUD ALERT
(Action Fraud, dated 21st October 2017)

The National Fraud Intelligence Bureau (NFIB) and Action Fraud have recently noticed that Fraudsters have been setting up fake adverts on social media (including Facebook, Instagram and WhatsApp) and job browsing websites to dupe people into believing they are recruiting for prospective models.
Once victims show interest in the job, the fraudsters contact potential victims on the false promise of a modelling career and subsequently advise the victims to come in for a test shoot.

The fraud can then potentially be carried out in two ways;
Firstly, the fraudsters can pressurise the victims in sending an upfront fee to book a slot for the test shoot. Once they have received the upfront fee, the victim will never hear from the fraudsters again.

The second possible method is that the fraudsters will take the advance fee that the victim sends for a photo shoot and arrange a photo shoot with the victim. After the photo shoot, the fraudsters will contact the victim after a few days and convince them that their shoot was successful and offer them a job as a model. The victim will then be asked to sign a contract and pay another upfront fee, usually to secure the modelling contract.

Fraudsters are also creating fake adverts for supposed modelling opportunities for children which do not exist. Fraudsters will inform parents or guardians that a potential career in modelling awaits their child. This tactic convinces the parent or guardian to sign up their child and send an advance fee.

The suspects will also convince the victim that in order to become a model, they will need to have a portfolio. The fraudsters will recommend a number of packages and stress that if a package is not paid for in advance, the process of becoming a model cannot continue.

Over a two year period (September 2015 - August 2017), an average of 28 reports of advance fee modelling frauds have been received per month by the NFIB. In August 2017, 49 Action Fraud reports of this fraud type were received and may continue to rise. The total loss in August 2017 alone was over £71,000.

Tips for staying safe:

- Carry out your own research prior to paying any type of advance or upfront fee.

- Be wary if you are asked to pay for a portfolio, as many legitimate agencies will cover that cost.

- Don't give your bank account details or sensitive information to anyone without carrying out your own research on the relevant agency.

- If you have been affected by this, or any other type of fraud, report it to Action Fraud by visiting www.actionfraud.police.uk or by calling 0300 123 2040.

(1st November 2017)


HOW TEXT MESSAGE SCAMMERS POSE AS YOUR BANK TO RIP YOU OFF
(Which, dated 21st October 2017 author Faye Lipson)

Full article [Option 1]:

www.which.co.uk/news/2017/10/revealed-how-text-message-scammers-pose-as-your-bank-to-rip-you-off/

Fraudsters are able to send 'spoofed' bank texts with incredible ease, a Which? Money investigation has found - with many landing in previously legitimate message threads due to a quirk of smartphone technology.

Text spoofing scams - where fraudulent messages bear the name of a bank or other genuine business - are increasingly prominent. A spate of high-profile cases in recent years has seen bank customers tricked out of £1,000s.

The texts are particularly effective at duping customers because of the way smartphones group messages which claim to come from the same source.

So if you already have genuine texts from Barclays on your phone, and a fraudster sends a message using the short name 'Barclays,' your phone will include it under the legitimate ones, making it harder to spot the deception.

Victims of such scams are often devastated to learn they won't get their money back, as by providing their online banking information to the impostor, they are said to have authorised the payment. In May this year, Action Fraud warned about the latest round of text message scams duping people with credit cards.

We set out to infiltrate a message thread and prove how easy it is for fraudsters to abuse the technology.

Impersonating banks

Banks and credit card firms sometimes text you to let you know about new products or offers, or to check whether you've carried out a particular transaction.

To make sure these texts come from a company name rather than a number, organisations use text 'gateways', which allow them to send thousands or even millions of messages at a time using a computer, for less than a penny a text.

Most texts sent this way are legitimate, and the providers of those services do attempt to check use is lawful. Unfortunately, fraudsters are making good use of this technology, too.

How we managed to scam by text message

We teamed up with ethical hacker and Trading Standards 'scambassador' Scott McGready. Mr McGready has set up his own spoofing gateway, which he uses to educate the public about the risk of scams.

We wrote a message mimicking a typical fraudulent text: it claimed to be from a major bank, building society or card firm, stated that the recipient's account had been suspended and asked them to click on a link to unlock it.

The link we included was benign and led to a blank webpage - but in a real scam it could contain software that harms your phone, or lead you to a convincing mock-up of your bank's online login page, which tricks you into giving away your details.

The texts were sent in the names of more than a dozen financial firms and all of them arrived on our test phones, with some appearing in existing threads.

Independently of our work with an ethical hacker, we were also able to send a fraudulent text with the short name of a high street bank by using a number-spoofing website, which advertises itself as being a way to prank your friends. This also arrived in a legitimate message thread.

Many of these sites are freely available on the web.

Thousands lost from 'spoofed' bank messages

The true scale of the problem isn't known as none of the bodies involved in preventing this type of crime collect data specifically on text spoofing.

However, the Financial Ombudsman Service (FOS) has heard several complaints related to this in recent months, including the case of 'Mrs P,' who 'received a text message asking whether certain payments from her account were genuine. The text had been 'spoofed' to show it as coming from Santander.

'She called the number [contained within the text] as she did not recognise the payments given.' Mrs P was then duped into telling the fraudsters her passcode, which they used to access her accounts and transfer £18,000 to another bank.

Sadly for Mrs P, the FOS ruled that Santander need not refund her as it hadn't been responsible for the fraud.

The story closely mirrors that of one Which? member, who we have chosen not to name to protect her privacy. Earlier this year, she too received a text purporting to be a security check from her bank.

She rang the number within the message and was tricked into generating and handing over a one-time passcode which allowed fraudsters to ransack her account. In total £20,000 was taken and her request for the bank to refund it is now being considered by the FOS.

Can spoofing be stopped?

In February 2016 a new taskforce was announced to tackle fraud, encompassing the government, the police, and the legal and banking sectors. One of its main aims is tackling 'systematic vulnerabilities' and 'weak links' in processes, which fraudsters can exploit.

Eighteen months on, Which? wants to know what action it will urgently take to safeguard consumers from scams.

As it stands, banks say they can't prevent scammers using technology to impersonate them, as they don't control the gateways through which spoofed texts are sent - while Mobile UK (which represents mobile networks) says it's 'not possible to distinguish spoofed from genuine texts ex ante [before they're delivered].'

However, Scott McGready believes he's devised a possible solution, which verifies banking texts at the receiving end and would 'mark genuine messages as such and, more importantly in my opinion, mark spoof and fake messages as illegitimate - or just not display them at all.'

Whether this solution, or something like it, will eventually be adopted by the financial services industry, remains to be seen.

How to protect yourself from text message scams

- Never assume a text from a company is genuine. Even if it's in a previously legitimate thread, it could still be a scam.

- Don't click on any links or call any numbers contained within a text message - look up the organisation's details independently and contact it to verify the message.

- A genuine bank will never contact you asking for your Pin, full password, or to move money to a safe account.

- Avoid giving out your number on publicly available websites or social media profiles.

- Don't respond to or text 'STOP' to a message if you're not sure it's genuine; if it's a scam, doing so could confirm to the fraudster(s) that your line is 'live'.

- Spam and suspicious texts can be reported to your network by forwarding them to 7726 and to the regulator by filling in a form at ico.org.uk.

If you're conned out of money or tricked into giving away your personal details, contact your bank immediately and report it to Action Fraud at actionfraud.police.uk.

- If you're scammed, you may not get your money back - the rules on this are complex.

Visit which.co.uk/scam for more, and help us to force action on scams at which.co.uk/scamscampaign. You can also share your thoughts on whether the fight against fraud is happening fast enough.

(1st November 2017)


CONMAN POSING AS DEFENCE SECRETARY MICHAEL FALLON TRIED TO DUPE RICHARD BRANSON OUT OF £3.8m IN KIDNAP PLOT
(London Evening Standard, dated 18th October 2017 author Chris Baynes)

Full article [Option 1]:

www.standard.co.uk/news/crime/conman-posing-as-defence-secretary-michael-fallon-tried-to-dupe-richard-branson-out-of-38m-with-fake-a3661701.html

A conman posing as defence secretary Michael Fallon tried to dupe Sir Richard Branson out of $5 million (£3.8m) by faking a kidnapping, the Virgin boss has revealed.

The businessman said he spoke to a man who "sounded exactly like Sir Michael" who claimed a British diplomat was being held hostage by terrorists.

Writing on his blog, Sir Richard said his assistant received a message on what appeared to be official notepaper with a request to call the defence secretary.

The 67-year-old said: "He told me that British laws prevented the Government from paying out ransoms, which he normally completely concurred with. But he said on this occasion there was a particular, very sensitive, reason why they had to get this diplomat back.

"So they were extremely confidentially asking a syndicate of British businesspersons to step in.

"I was asked to contribute 5 million dollars of the ransom money, which he assured me the British Government would find a way of paying back."

Sir Richard said he was "sympathetic" to the request, but wanted to carry out checks.

After he rang Downing Street and asked to be put through to Sir Michael's office, he realised the truth.

He wrote: "His secretary assured me that Sir Michael hadn't spoken to me and that nobody had been kidnapped. It was clearly a scam. I told them what had happened and we passed the matter over to the police."

The tycoon also wrote of a similar incident where a fraudster impersonated him and was able to con $2 million (£1.5m) of money destined to help victims of Hurricane Irma in the British Virgin Islands.

He wrote: "They told me that they had received an email from somebody claiming they were my assistant, to arrange a call with me.

"When the call happened the conman did an extremely accurate impression of me and spun a big lie about urgently needing a loan while I was trying to mobilise aid in the BVI.

"They claimed I couldn't get hold of my bank in the UK because I didn't have any communications going to Europe and I'd only just managed to make a satellite call to the businessman in America. The business person, incredibly graciously, gave 2 million, which promptly disappeared."

He added: "People used to raid banks and trains for smaller amounts - it's frightening to think how easy it is becoming to pull off these crimes for larger amounts."

(1st November 2017)


SCAMMERS ARE CALLING BUSINESSES IN A WELSH TOWN PRETENDING TO BE BAILIFFS
(Wales Online, dated 20th October 2017 author Caitlin O'Sullivan)

Full article [Option 1]:

www.walesonline.co.uk/news/wales-news/scammers-calling-businesses-carmarthen-pretending-13790944

'Frighteningly convincing' scammers have been phoning Carmarthen businesses, pretending to be bailiffs.

Emma Lewis, of Emma Phillips Bridal Studio, was almost scammed for nearly £3,000 when the false bailiffs rang her business threatening court action.

She took to Facebook to try and warn others about the convincing scammers, in a post that has been shared over 320 times.

She posted: "He phoned to say there was a claim against us going back to 2014, and we owed nearly £3k to 'The Business Directory'.

"He said he was in Worcester Court and that if we didn't pay the money, High Court bailiffs would be at the shop within 72 hours.

"However if we paid into this "account" everything would be 'on hold' for a while."

She was in New York at the time with her husband Eurig, and after almost half an hour on the phone she was about to transfer the money when the fraudster began to slip up.

Emma said: "A few things didn't add up. He said we'd been emailed, and we hadn't, and he called me Emma Phillips and my name is Lewis.

"Eurig rang the court direct while I was on the phone; no sign of the claim against us, the reference he gave didn't match anything."

Other Carmarthen businesses have also been phoned by these scammers, including Bethaney's Hair Salon, which commented on the post: "We had a similar call from people a few months ago, just claiming to be HMRC for a fake debt of over £4k!

"They said bailiffs would be at our door within an hour if I didn't pay it.

"Luckily, the Police and HMRC were both phoned while I was talking to the guy on the other phone and it had turned out they'd done it to another salon in Llanelli the week before!"

Emma Phillips appealed for caution: "Please, please be careful. If it wasn't for Eurig checking, I'd have paid the money!"

In reality bailiffs do not operate in this way, as county court judgments can only be enforced by either the county court bailiffs, or a certificated enforcement agent working on behalf of a high court enforcement officer.

Certificated enforcement agents never ring up first. They send out an official notice called a notice of enforcement, usually by first class post. At this point they are allowed to charge £90.

They can only charge further fees by attending, so it is in their interest to attend, or they do not make much money.

A spokeswoman for Dyfed-Powys Police offered some advice: "This is a classic example of Vishing, or Voice Fishing.

"Voice phishing is the criminal practice of using social engineering over the telephone system to gain access to private personal and financial information from the public for the purpose of financial reward.

"Remember - transferring money directly to another person's account is similar to handing money over to someone on the street, banks can offer little protection if you authorise a transaction.

"Always treat calls that come out of the blue as suspicious, especially if the caller's request will involve you making a payment.

"If you are unsure of who you're talking to, take their name, hang up and call them back, but not on the number they provide.

"Call the office they state they have come from on a publicly available number, such as a switchboard, and ask to be put through. That way, you know who you are talking to.

"Never pay money on a card or by bank transfer without first getting paperwork.

"Ask yourself; 'Why are they ringing you when the bailiff is only 20 minutes away?' The attendance is how they make their money.

"If someone does turn up, then check their identification, and call the Police to verify it if necessary."

The scammers may give a warrant number and claim not to have a case number.

The warrant number can only be checked on the court's own system, and is not generally used.

County executive board member for public protection, Councillor Philip Hughes, said: "If people are unaware of any court hearings or pending court actions then any person purporting to represent the court whilst requesting money should be viewed with suspicion.

"The court service and any legitimate bailiff will make several attempts to contact you prior to any hearing or award.

"We would urge people to conduct their own checks. Phone the organisation up, but remember not to use the telephone number supplied by these individuals either verbally or on paper.

"An internet search should reveal their official website and contact details or they can contact the authority.

(1st November 2017)


RING 555 IF YOU ARE A VICTIM OF BANK FRAUD - NEW HOTLINE SUGGESTED TO TACKLE SCAMS
(The Telegraph, dated 19th October 2017 author Telegraph Reporters)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/10/19/ring-555-victim-bank-fraud-new-hotline-suggested-tackle-scams/

A new 555 emergency hotline may be set up for bank fraud victims under plans to tackle the growing number of crimes.

The emergency number specifically for bank fraud has been suggested in order to crack down on rising scams and alert banks to illegal money transfers.

The idea is reportedly being discussed by ministers, police and financial officials. Current advice states that victims should contact Action Fraud rather than 999 as police rarely investigate individual instances of bank fraud.

More than 900,000 cases of fraud were recorded in the first half of 2017 alone, equating to more than 5,000 a day.

The idea for a hotline was put forward at a meeting of the Joint Fraud Taskforce in September attended by Home Secretary Amber Rudd and senior staff from a number of UK banks.

Minutes published by the Home Office reveal that Brian Dilley, of Lloyds Banking Group, told the meeting about an "early stage idea" of having a single number - such as 555 - for the reporting of scams and fraud.

Currently victims of fraud are advised to call Action Fraud on 0300 123 2040. Details about how any hotline would operate are not clear as the suggestion is in its infancy.

The minutes say: "Brian Dilley (BD)... commented on the issue of communicating to customers who have been told not to trust unsolicited contact from their bank.

"BD outlined an early stage idea... for a central reporting telephone number e.g. 555 that victims of fraud/scams could contact.

"At its simplest the number could be a triaging facility directing victims to the appropriate agency and at its most ambitious it could sit in front of enhanced data sharing/analytics which would take in all reporting and provide standardised reporting and a collective intelligence picture across fraud and money laundering."

James Freedman, fraud ambassador for City of London Police, told the Daily Mail: "The problem is that people may liken the number to 999 and expect an emergency response. In reality fraud can take time to investigate.

"However, it is vital to encourage more people to report scams, even in instances where they have got their money back or not fallen for them at all, as this is the only way the body of information available to the police will grow."

A Home Office spokeswoman said: "Through the Joint Task Force we are in discussions with banks and UK Finance over a number of initiatives to enable the public to better protect themselves more effectively from fraud."

Cyber crime - most common UK online offences (Source : Office for National Statistics)

These are the ten most common cyber-crimes in the UK, with number of cases reported in the year to June 2016

1. Bank account fraud - 2,356,000

Criminals trick their way to get account details. For example: "Phishing" emails contain links or attachments that either take you to a website that looks like your bank's, or install malware on your system. A 2015 report by Verizon into data breach investigations has shown that 23pc of people open phishing emails.

2. Non-investment fraud - 1,028,000

AKA Ponzi schemes. Examples include penny stocks, pension liberation, and investment in commodities, such as wine or art, that later prove worthless

3. Computer virus - 1,340,000

Unauthorised software damages or takes control of your machine. For example: "Ransomware" encrypts your files and pictures then demands a payment to restore your access to it

4. Hacking - 681,000

Criminals exploit security weaknesses to illegally access other machines or networks. They steal sensitive data or subvert machines for their own purposes, such as sending spam or launching other cyber attacks

5. Advance fee fraud - 117,000

The victim is promised access to a great deal of money in return for a smaller upfront payment. For example, the classic "Nigerian Prince" email scam

6. Other fraud - 116,000

One example is "solicitor scams", where a solicitor's website is hacked, then clients asked to divert large payments into the criminals' bank accounts.

7. Harassment and stalking - 18,826

Threats, abuse and online bullying - what's commonly been termed "trolling" on social media

8. Obscene publications - 6,292

Pornography that meets the definition of the Obscene Publications Act, thus generally involving some form of physical abuse

9. Child sexual offences - 4,184

Assault, grooming, indecent communication, coercing a child to witness a sex act. These crimes may be being under-reported

10. Blackmail - 2,028

This includes threats to publish intimate photographs online

(1st November 2017)


BOGUS STAMP DUTY DODGE MEANT WE HAD TO PAY £54,000 MORE
(The Telegraph, dated 7th October 2017 author Sam Meadows)

Full article [Option 1]:

www.telegraph.co.uk/tax/news/bogus-stamp-duty-dodge-meant-had-pay-54000/

Property buyers who sought to sidestep stamp duty - in some cases by using apparently legitimate schemes - now face having to pay the original duty and in certain instances fines and costs on top.

The marketing of so-called "avoidance schemes" surged in the wake of successive stamp duty increases, particularly after the 3 percentage point surcharge that has applied to second property purchases from April 2016.

Many schemes sought to establish their legitimacy by quoting opinions of lawyers - but in many cases the processes had not been tested in court. Other schemes were plainly fraudulent and destined to fail.

But the backdrop of stamp duty bills running into tens of thousands of pounds, and widespread confusion around the surcharge rules, meant these schemes were tempting to many.

Telegraph Money first warned in July 2016 of the dubious legal basis regarding these manoeuvres, some of which promised to cut the duty by up to 100pc - for a fee.

Now a number of cases are coming through where HM Revenue & Customs has caught up with property buyers and is demanding payment - and in some instances is adding 100pc to the bill as a penalty.
'We should have paid £37,000 - we'll end up paying £91,000'

One Telegraph Money reader, a hospital doctor, bought a house in Cambridgeshire in 2014. Self-professedly "ignorant" about how stamp duty worked, in the course of researching the transaction she came across a company named CDP Corporate, which was promoting a tantalising avoidance scheme.

The stamp duty bill on the property, costing around £1m, should have been £37,000. The use of the scheme would cut this to just £5,000 and save £32,000, she was promised.

The deal went through using a conveyancer recommended by CDP Corporate. She paid £16,000 in fees for using the scheme. In all, once the purchase went through, the buyer believed she had saved £16,000.

Yet six months after the transaction she received a letter from HMRC saying it was investigating the legality of the scheme. She heard nothing more - until last month.

Out of the blue HMRC sent her a bill for £75,000. This was made up of the original duty plus a raft of penalties. She and her husband attempted to contact CDP Corporate but found it had been dissolved.

But the husband told Telegraph Money: "My wife is a doctor. She doesn't have the time to think about these things, so it has come as a massive shock. Her mistake was not taking a second opinion, but she thought she was dealing with trustworthy professionals, and just did what they asked."

He added: "For people with no financial training or experience this is a serious trap."

When Telegraph Money approached him this week he said he believed the scheme had been designed by a solicitor based on the advice of a QC. But he admitted that the "advice" was later discovered to be a forgery.

He said the solicitor in question had fabricated the opinion of a prominent barrister, and that CDP Corporate - which he presented as merely marketing the scheme for a fee - was forced out of business as a result. He said that he had no knowledge of the forgery while recommending the scheme to people.

Mr Connolly is currently a director of a separate company named CDP Tax & Wealth, trading under the name Fiducia Wealth & Tax. Its website claims to be able to save a buyer of a £1m second home £43,328 in stamp duty. Mr Connolly insisted the strategies deployed by Fiducia Wealth & Tax were entirely legal. He said: "Touch wood, our barristers and accountants are as good as it gets."

Inventive Tax Strategies, Professional Advice Bureau, Sterling Tax Strategies and Bell Strategies had promised to refund customers' fees if their tax-busting strategies failed, but were unable to do so.

Two insurance policies taken out with a company based in Belize also failed to pay out. In a further twist, court papers show the companies made applications to HMRC for VAT refunds in order to pay their creditors - leading the taxman to make payments totalling more than £3m. HMRC later realised its mistake and blocked further requests for a sum of £2.1m.

ITS Action Group now represents a number of the four companies' customers, who have been made creditors by the administrators.

A spokesman for HMRC said: "Most avoidance schemes simply do not work, and the people who get involved can end up paying more than they were trying to avoid in their misguided attempts to save money."

He added that a "scheme reference number" - a reference for HMRC - does not mean it has been cleared by the taxman. Schemes must always be disclosed.

Paul Emery, a partner at PwC, the accountancy firm, said new rules requiring anyone using a scheme to mitigate tax to disclose details to HMRC were curtailing these sorts of cases, noting: "HMRC is also using Land Registry data and matching this up with tax returns."

He added: "It can be difficult to discern legitimate planning from something the courts are likely to find against. If it does sound too good to be true, get a second opinion from a professional."

The Fiducia mentioned here is in no way connected with Colchester-based Fiducia Wealth Management

(1st November 2017)


SCAM ALERT - HURRICANE CHARITY CONS (Extract and adapted)
(Huffington Post, dated 3rd October 2017 author Christopher Elliott)

Full article [Option 1]:

www.huffingtonpost.com/entry/scam-alert-in-a-hyperactive-hurricane-season-the_us_59d3a1a8e4b043b4fb095c80

Harvey. Irma. Maria.

In a hyperactive hurricane season, the mere mention of these storms evokes fear, dread - and regret.
But this year feels a little different, maybe because of the proliferation of rip-offs that followed these disasters, from repair fraud to relief scams. And these swindles continue in Texas, Florida, Puerto Rico - and perhaps even in your own neighborhood.

"There are the normal scams that occur after a hurricane that have become tried and true," says Daniel Stermer, the mayor of Weston, Fla., and a former prosecutor who handled price gouging claims and other fraud-related crimes. "They include debris cleanup, storm shutter removal, tree trimming, home repairs, and other things that homeowners need immediately and do not have a frame of reference on whether the price they are being quoted is reasonable or truly price gouging and a scam."

Since this year's storms have been so intense, the scammers are reaching new victims, particularly when it comes to hurricane-related charities. To get the full picture, you have to look at what happened, consider what might happen, and talk to hurricane scam experts. And it quickly becomes clear that even though the storms are past, the worst is not over.

Bottom line: You can fall for a swindle without being in a state, or even a country, affected by a hurricane. And this year's wave of hurricane scams, like the storms themselves, have been remarkable:

Fake charity scams

"Beware of fake charity websites set up to take advantage of those looking to donate for a recent disaster," warns Michael Lai, CEO of Sitejabber.com, a ratings site. After every major disaster, fake websites spring up that take advantage of people who want to help, he says. "For example, after the Haiti earthquake, there were fake Haiti earthquake relief sites. It was simply astounding."

What to do? Look up your charity on a site :

For the USA :Charity Navigator or GuideStar to ensure it's legit.
For the UK : Charity Commission

Never send charity money through a wire transfer, Western Union or MoneyGram. A reputable nonprofit never requests money by wire transfer, says Lai. "If you can, use a credit card or PayPal which will offer fraud protection." Never give out personal information, such as your social security number, or home address to someone calling to ask for a donation.

(1st November 2017)


TRAVEL AGENT FRAUDSTER WHO PHONED POLICE WITH THREATS IS CAUGHT AT GATWICK
(London Evening Standard, dated 9th October 2017 author Patrick Grafton-Green)

Full article [Option 1]:

www.standard.co.uk/news/crime/travel-agent-fraudster-who-phoned-police-with-threats-is-caught-at-gatwick-airport-trying-to-flee-a3654086.html

A serial fraudster who was caught trying to flee the country after phoning an investigating police officer to threaten him and his family has been jailed.

Jonathan Richman, 52, of no fixed abode, was sentenced to a total of two years in prison at Isleworth Crown Court on Friday after fleecing travel companies and holidaymakers for years.
He pleaded guilty to fraud and money laundering offences totalling more than £80,000.

Between 2011 and 2015, Richman posed as a travel agent under the name Jamie Malcolm dealing in last-minute holidays at low prices.
But without his clients' knowledge, Richman paid for the holidays using fraudulent credit card details, as they paid money into bank accounts he controlled.

Travel companies were left thousands of pounds out of pocket when credit card companies later spotted the fraudulent payments and recovered the money.

And in some cases, where the fraud was spotted quickly, Richman's customers had their holidays cancelled, and were left unable to get their money back from him.

The Met launched an investigation in September 2013 when two people returning from a holiday in Thailand were arrested by officers at Heathrow Airport.

It quickly became apparent they were victims of Richman's fraud, police said.

A breakthrough in finding out Richman's true identity or whereabouts came in October 2014 when Richman called the Heathrow CID office and made threats against one of the investigating officers and his family, telling him to "leave [him] alone".

Detectives traced the mobile phone numbers used to make the calls, and were then able to link the numbers to Richman. He was arrested in February 2015 in Brighton.
In total, officers identified around 16 victims - including companies or people - who had fallen foul of Richman's scams.

He was convicted of fraud and malicious communications offences in March 2015 and sentenced to a total of four years' in prison.

After Richman was released on licence from prison in August 2016, he breached his licence and was on the run from police. He was eventually arrested at Gatwick Airport on August 28, trying to board a flight to Morocco.

He was charged on August 29 with the additional offences, and pleaded guilty at Isleworth Crown Court on September 27 to three counts of fraud, money laundering and the possession of fraudulent documents and articles for use in fraud.

Detective Sergeant Dave Bullamore, from the Met's Aviation Policing Command, said: "Richman was carrying out these frauds effectively as a full time occupation.

"He went to great lengths to try and conceal his true identity, right from renting a flat under a false name to setting up fake bank accounts.

"But his arrogance proved to be his downfall when he called the detectives to threaten and warn them off from investigating him.

"We were finally able to match his face to his true identity and arrest him, and despite his attempts to go on the run and evade justice, he is now facing further time behind bars."

(1st November 2017)


SEPTEMBER 2017


THE WORLD OF SCAMS - SEPTEMBER 2017

If the scam is not in the UK at the moment, it probably will be in the future !

-----------------------
SCAMMERS ARE CONSTRUCTING FAKE PEOPLE TO GET REAL CREDIT CARDS
(Bloomberg Business Week, dated 12th September 2017 author Jennifer Surane)

Full article [Option 1]:

www.bloomberg.com/news/articles/2017-09-12/scammers-are-constructing-fake-people-to-get-real-credit-cards?cmpId=flipboard

On a warm day in May, agents from the FBI and the U.S. Postal Inspection Service descended on a leafy neighborhood in South Carolina and raided the home of a DJ suspected of using fake identities to obtain 558 credit cards from Capital One Financial Corp.

Inside, investigators found a pair of handwritten ledgers listing names alongside purported Social Security numbers, birth dates, and addresses-tracking some of the identities he allegedly had cultivated since the end of 2013. Prosecutors estimate Whitlock tapped at least $340,000 using the credit cards.

Such scenes are part of a newly defined front in the war against credit card fraud. Known as synthetic identity theft, the scam relies on creating identities rather than stealing existing ones.

-----------------------
NIGERIAN STUDENT'S SCAM TRICKS U.S. COMPANIES INTO SENDING HIM MILLIONS
(The Dallas Morning News, dated 8th September 2017 author Kevin Krause)

Full article [Option 1]:

www.dallasnews.com/news/crime/2017/09/08/nigerian-students-scam-tricks-us-companies-sending-millions

When employees get an email from their CEO asking them to do something, chances are they will do it - fairly quickly and with no questions asked.

Amechi Colvis Amuegbunam counted on it. And he was right.

Employees wired company money to where Amuegbunam told them - most often foreign banks. He pulled it off by cleverly creating email accounts that made it appear as if he were a company executive, authorities said.

A federal judge sentenced him last week to 46 months in federal prison for duping more than 10 victims out of about $3.7 million.

-----------------------
HOUSEHOLDERS WARNED ABOUT FAKE IRISH WATER EMAILS
(Irish Examiner, dated 7th September 2017)

Full article [Option 1]:

www.irishexaminer.com/breakingnews/ireland/householders-warned-about-fake-irish-water-emails-804989.html

Householders have been warned to remain vigilant as cybercriminals aim to steal from bank accounts via another wave of fraudulent emails claiming to come from Irish Water, writes Joe Leogue of the Irish Examiner.

Internet security firm ESET Ireland has warned computer users are receiving an email titled "Update your account details" which is doctored to resemble a communication from Irish Water.

The email is a phishing scam designed to steal credit card information and Irish Water login information.

"Clicking on the link leads to a forged log-in page, where the victim first hands over their Irish Water log-in details, and is then asked to enter all the details of their credit or debit card as well and confirm it," ESET warned. "After providing the cybercriminals with all the required info, the user gets bounced back to the actual Irish Water website," it said.

-----------------------
CANADIAN UNIVERSITY FALLS VICTIM TO EMAIL PHISHING SCAM
(Fox News, dated 1st September 2017 author James Rogers)

Full article [Option 1]:

www.foxnews.com/tech/2017/09/01/canadian-university-falls-victim-to-email-phishing-scam-loses-9-5m-to-fraudsters.html

MacEwan University in Edmonton, Alberta has confirmed that it lost 11.8 million Canadian dollars (US $9.5 million) after falling victim to a phishing attack.

In a statement released Thursday, the university said that a series of fraudulent emails convinced staff to change electronic banking information for one of the institution's major vendors. As a result of the fraud, $9.5 million was transferred to an account that staff believed belonged to the vendor.

-----------------------
BEWARE THESE HURRICANE HARVEY PHISHING AND SPAM ATTACKS
(Tech Republic, dated 1st September 2017 author Alison DeNisco)

Full article [Option 1]:

www.techrepublic.com/article/beware-these-hurricane-harvey-phishing-and-spam-attacks/

With every large news event of natural disaster comes a barrage of scam emails and websites, with cybercriminals attempting to take advantage of interest in the situation. Hurricane Harvey, which damaged or destroyed more than 44,000 homes in Houston, TX, has sadly set off a spate of hackers attempting to profit from the disaster.

"Natural disasters are open season for cyber criminals intent on making a buck using time-tested and fraudulent means," said Steve Durbin, managing director of the Information Security Forum. "Email infection, fake websites, and traditional phishing attacks are all to be expected."

-----------------------
(1st October 2017)


CORRUPT BARCLAYS BANKER HELPED GANG LAUNDER £16m FOR EASTERN EUROPEAN CYBERCRIMINALS
(International Business Times, dated 20th September 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/corrupt-barclays-banker-helped-gang-launder-16m-eastern-european-cybercriminals-1640110

A "corrupt banking insider" working for Barclays, along with four other men, have admitted laundering at least £16m ($21m) for a gang of international cybercriminals.

Between 2013 and 2016, the group used roughly 400 bank accounts in a conspiracy that involved receiving stolen money into one account and then dispersing it into smaller sums across multiple other accounts, the National Crime Agency (NCA) said Tuesday (19 September).

The process, investigators found, would be repeated several times - to disguise the source of the money - before being sent back to cybercriminals.

The hackers were reportedly traced back to a location in Eastern Europe, which has not been revealed.

Nilesh Sheth, 53, a personal banking manager at Barclays, opened a large number of so-called "mule accounts" using fake IDs and address documents.

And he was not alone, the NCA quickly concluded.

Iurie Mereacre, a 37-year-old Moldovan national, ran the money laundering service from his home in London, along with three associates, brothers Iurie Bivol (36) and Serghei Bivol (31) along with Ryingota Gincota (28).

"Sheth abused his position of trust at the bank to knowingly open sham accounts for the network, providing a vital service which enabled them to launder £16 million worth of stolen cash," said Mike Hulett, head of operations at the NCA's cybercrime unit.

The "step-by-step" guide

Prior to their arrests, on 3 November 2016, the laundering group was seen meeting with Sheth on numerous occasions at his bank, and in public places including restaurants and car parks.

On the day of the arrests, NCA officers recovered multiple mobile phones, financial ledgers and 70 mule packs from Mereacre's flat.

The mule packs contained ID and banking documents, bank cards and security information that enabled the group to obtain access to the accounts.

In a move that was surely pivotal to the investigation, officers also seized a hand-written "step-by-step guide to money laundering", which contained instructions on how to move money to accounts at various banks and notes on which accounts had been blocked by bank security.

In a search of Sheth's home in Redwoods Close, Buckhurst Hill, officers recovered over £16,000 in cash and nine mobile phones hidden around his house, including under the kitchen sink.

A number of the phones, the NCA discovered, had been used to communicate with Mereacre and contained text messages sent between the pair, organising meetings and payment.

On Thursday 15 June 2017, at the Old Bailey, Mereacre, Sheth and both Bivol brothers pleaded guilty to roles in the conspiracy.

Gincota opted to take the case to trial but later pleaded guilty to fraud offences on 19 September, authorities said.

A Barclays spokesperson said: "This is a rare occasion where an individual deliberately exploited our systems. We have worked with and supported the NCA with this investigation and welcome the outcome of proceedings.

"Barclays will always support law enforcement in identifying criminal activity and bringing prosecutions."

"Abused his position"


Rose-Marie Franton, from the Crown Prosecution Service's (CPS) International Justice and Organised Crime Division, said: "These men deliberately and persistently set about transferring millions of pounds of stolen money out of the UK to Eastern Europe.

"Working closely with NCA investigators, the CPS presented a strong case with the result that today all the defendants have admitted their guilt.

"The evidence we gathered showed how Nilesh Sheth abused his position as a bank employee for personal gain by facilitating the laundering the criminal proceeds of an organised crime group both within the UK and across borders."

The NCA could not elaborate on the identity of the foreign cybercriminal gang.

Back in 2008, the Northampton Chronicle and Echo reported that Mereacre was linked to an "international card cloning and skimming scam" that was using more than 100 bank accounts and pin numbers were used to net approximately £105,000 in illegal profit.

At the time, the regional newspaper reported he was caught by a Tesco security guard.

(1st October 2017)


HERBALIFE SCAM - EMAILS DISGUISED AS INVOICES CONTAIN RANSOMWARE
(International Business Times, dated 20th September 2017 author AJ Dellinger)

Full article [Option 1]:

www.ibtimes.com/herbalife-scam-emails-disguised-invoices-contain-ransomware-2592174

A new, widespread ransomware attack has started spreading through emails with malicious attachments-including some disguised to look like they came from multi-level marketing nutrition company Herbalife-is hitting millions of inboxes around the world.

The campaign was first spotted by cybersecurity firm Barracuda Labs on Tuesday, at which point the attack had been delivered about 20 million times over the course of a 24 hour period. Since then, the campaign has continued at rate of about two million attacks per hour.

The attack has been impressively prolific since it launched earlier this week. Barracuda has identified at least 8,000 different versions of the virus script so far, suggesting the attackers are randomizing parts of the attack in order to avoid detection from anti-virus tools.

While the origins of the attack are still unknown, Barracuda did note that the largest volume of the emails appeared to come from Vietnam, with other significant sources of the attack including India, Columbia, Turkey and Greece.

According to Barracuda, the payload files delivered by the malicious emails and the domains used to host the secondary payloads downloaded onto a victim's computer have also changed multiple times since the start of the attack.

Potential victims may see any number of variants of the attack, though a common version of the malicious email has contained branding from Herbalife, a popular nutritional supplement and personal care product provider.

The email claims to contain an attachment that is an invoice for an order placed through the company. If a person downloads and opens the file, it will launch the ransomware installer hidden in the document.

Other variants of the email that have appeared claim to be a delivery of a "copier" file or contain a paragraph of legalese that make it appear as though the email is some sort of official or legitimate document.

The messages often come from a spoofed domain, making it appear as though it is from a person within the same organization as the target or from another trusted source-an increasingly popular technique for tricking people into clicking on malicious links, though one that could be avoided with the proper protocols like DMARC implemented by organizations.

While the campaign is currently targeting organizations and businesses, it isn't believed to be from a state-sponsored actor and the motivations appear to be primarily financial, as is often the case with widespread ransomware attacks.

While victims may be tempted to pay the ransom when their computer is infected and their files are made inaccessible by the attack, they are advised not to do so. This is generally the best practice but applies to this attack in particular, as Barracuda noted that victims who pay will not have their files unlocked.

"Barracuda researchers have confirmed that this attack is using a Locky variant with a single identifier. The identifier allows the attacker to identify the victim so that when the victim pays the ransom, the attacker can send that victim the decryptor," the researchers explained in a blog post. "In this attack, all victims get the same identifier, which means that victims who pay the ransom will not get a decryptor because it will be impossible for the criminal to identify them."

Barracuda also noted the campaign is checking the language files on a victim's computer, suggesting it may may lead to an international version of the attack in the future.

(1st October 2017)


THE SAFETY WARNING BEING SENT OUT TO FRAUD VICTIMS - AND WHY YOU NEED TO IGNORE IT (Extract)
(Mirror, dated 13th September 2017 author Emma Munbodh)

Full article [Option 1]:

www.mirror.co.uk/money/safety-warning-being-sent-out-11161835

Clever fraudsters are posing as anti-scam officers to trick victims into handing over details for 'refunds', it has emerged.

In a warning on Wednesday, Action Fraud - the government's security arm - said it was aware of a series of letters currently in circulation that are claiming to be from the National Fraud Intelligence Bureau (NFIB).

The letters - which are being sent out to victims of fraud - are offering them the chance to have their money returned.

To receive the refunds, it asks them to send their personal details to a South African bank. However, it uses the NFIB branding and the name of the City of London Police's Commissioner, Ian Dyson, to appear credible.

The NFIB is part of Action Fraud, it sits within the City of London Police which is the national policing lead for fraud.

In a statement it said: "The fraudsters are sending these letters so that they are able to gather bank details and defraud people who have already fallen victim to fraud."

However to protect themselves, customers are being warned to take the following steps:

- Be prepared: If you've been a victim in the past, challenge any letters from people you don't know or companies you've never contacted. Clarify any letters directly with the relevant organisation.

- If you're asked to pay, or give your bank account details, end all contact.

- Ask questions: Ask them how they found out that you had been a victim. Any report of fraud is protected by law and can't be shared with anyone else outside of law enforcement agencies.

City of London Police's Detective Chief Inspector Andy Fyfe said: "This fraudulent letter is clearly not something that the National Fraud Intelligence Bureau would send to the public. It takes advantage of peoples' trust in order to steal money from those who have already fallen victim.

"By using recognised organisations, including the National Fraud Intelligence Bureau's branding and the City of London Police's reputation, the fraudsters are attempting to appear credible.

"If you are unsure about a letter you have received from the National Fraud Intelligence Bureau, please contact Action Fraud directly before giving away any of your personal details."

If you have been affected by this, or any other scam, report it to Action Fraud by calling 0300 123 2040, or visiting Actionfraud.police.uk .

(1st October 2017)


INDIAN CALL CENTRE SCAMMERS ARE TARGETING BT CUSTOMERS
(The Register, dated 6th September 2017 author Kat Hall)

Full article [Option 1]: www.theregister.co.uk/2017/09/06/bt_call_scam/

BT customers in the UK have been targeted by scammers in India - with one person reporting they were defrauded for thousands of pounds this week.

The issue appears to have been going on for more than a year. Some customers said the fraudsters knew their personal details.

One reader got in touch to report that his father-in-law has been having problems with his BT broadband, which he contacted the company about.

This week he got a call from someone asking for him by name, talking about his broadband problems. This individual claimed he had malware on his computer and said he need to access his machine via a third-party client.

"Within the hour he had over £1,000 in two payments from his bank account. Fortunately Lloyds stepped in on the second larger payment and stopped it progressing," said his son-in-law, who asked not to be named.

A BT customer forum thread entitled Possible Scam has hundreds of comments dating back from last year.

One recently wrote they had already been in touch with BT about their broadband prior to receiving a call from an Indian man stating that he was calling from BT.

"He asked me to confirm the postcode and address which he gave to me over the phone and then my date of birth. At that point I said no and he hung up. Clearly a scam call and weirdly, never had to call BT until the last few weeks and all of a sudden a call."

Another said the same thing happened to him, adding that the caller was very plausible until they wanted remote access to his PC hard drive.

"She even knew my address, phone number and both mine and my husbands name... so had access to some of our details."

Fraud appears to be a growing problem across the sector. Last month TalkTalk was hit with a £100,000 fine after the data of the records of 21,000 people were exposed to fraudsters in an Indian call centre.

A BT spokesman said: "BT takes the security of its customers' accounts very seriously. We proactively warn our customers to be on their guard against scams. Fraudsters use various methods to 'glean' your personal or financial details with the ultimate aim of stealing from you. This can include trying to use your BT bill and account number."

He advised customers should never share their BT account number with anyone and always shred bills. "Be wary of calls or emails you're not expecting. Even if someone quotes your BT account number, you shouldn't trust them with your personal information."

He said: "We'll never ask customers for personal information out of the blue and we'll never call from an 'unknown' number. If we're getting in touch about your bill, it will usually be from either 0800 328 9393 or 0800 028 5085."

(1st October 2017)


AUGUST 2017


HOW TO STOP THE CON ARTISTS
(Actuarial Post, dated July 2017)

Full article [Option 1]:

www.actuarialpost.co.uk/article/in-scam-awareness-month-how-to-stop-the-con-artists-12292.htm?mc_cid=534bc8a309&mc_eid=f46eab0a3f

At the start of Citizens Advice's 'Scams Awareness Month', Kate Smith, head of pensions at Aegon, highlights the need for consumers to be on their guard to spot and prevent scams:

"Not only are they master manipulators, scammers are constantly evolving ways to trick victims. The sad fact is that in today's world, people's savings are under threat from potential fraudsters. However, while incredibly serious, this isn't something that should keep people awake at night. Following some simple steps can ensure that people protect themselves.

"Scammers are becoming increasingly sophisticated in the ways they target people's money, including pension savings. Being aware of what to look out for can not only protect your money, but save you a lot of stress as well. While initially tempting, companies promising high returns from unusual unregulated investments, or offering early access to pension savings, more often than not, turn out to be scams. It can be all too easy to be taken in by scammers, but being on your guard is your first, and best, line of defence.

"It's not only individuals who need to guard against the threat of scammers though, we stand a much stronger chance of beating them by being collectively vigilant. No controls are infallible, so pension providers and schemes, along with advisers, need to be alert and update controls as scams evolve.

"Thwarting scammers at every opportunity is key and strengthening regulation can certainly dent scammers' success rates. The promise of high returns by persuading individuals to move pensions overseas, when the individual has no intention of living abroad, was previously one of the scammers' favourite tactics. Today, it has almost disappeared off the radar, thanks to government regulation. The introduction of an immediate 25% tax charge proved a simple and effective way to clamp down on this type of fraudulent activity, resulting in an almost immediate decline in this type of scam.

"In a similar vein, we were relying on a new Pension Bill to address issues highlighted by the pension industry to give savers greater protection. Unfortunately, the Queen's Speech was disturbingly quiet on any legislation to ban pension cold-calling or give schemes and providers greater powers to block suspicious transfers.

"Pension scams won't just go away without some serious action. Limiting the right to a statutory transfer could potentially safeguard millions of pounds from scammers. The government must keep this on its agenda, speak up and take the issue seriously.


Top Tips to avoid scammers

1. Try not to engage in conversation with Cold Callers. The safest thing to do is to hang up.
2. Think about installing call blocker technology on your phone.
3. Never give out personal information, including your bank details.
4. Always check the Financial Conduct Authority (FCA) online register if you doubt a company.
5. Check the FCA ScamSmart warning list for known investment scams.
6. Use the Pension Advisory Online tool to Identify a pension scam if you are worried about information given or action you've taken https://www.pensionsadvisoryservice.org.uk/my-pension/online-tools?moreInfo=4
7. Never feel pressurised into making a quick decision, and read any documents carefully before you sign on the dotted line.
8. Always do the research. As always, if in doubt, use a regulated adviser. You can find one of these using the 'unbiased adviser' website.
9. Report any concerns to your pension provider, adviser, or Action Fraud by calling 0300 123 2040 or online at actionfraud.police.uk.

(28th September 2017)


NINE IN TEN PEOPLE HIT BY EMAIL SCAMS EVERY MONTH
(Which ?, dated 9th August 2017 author Melissa Massey)

Full Article [Option 1]:

www.which.co.uk/news/2017/08/nine-in-ten-people-hit-by-email-scams-every-month/

As many as nine in ten people said they are receiving at least one dodgy email a month that's evaded their spam filters, new Which? research on email scams has found.

Our research also found that more than half of people are getting as many as five scam emails a month in their inbox, with many claiming to be from trusted services and legitimate brands.

The research highlights how common the problem of bogus phishing emails is. And, with many appearing to be from what look like reputable sources, they can all too often trick people into losing money or giving away personal information.

Positively, almost all of respondents were able to spot at least one tell-tale sign in a scam email, but only around two in five look out for any links to dodgy websites included in the email or look to see if the branding is any different than usual.

The research showed that while overall only 3% of people lost money to a scam email, on average women ended up parting with more than double the amount of money as their male counterparts. Women lost £2,186 on average, while men lost £975 on average. If you've lost money to a scam your next steps will depend on how you were parted from your cash.

Impersonating trusted brands

Fake emails impersonating PayPal top the list of the most common phishing scams, with 56% of respondents saying they had received an email claiming to be from the payments company.

Trusted services and brands impersonated by scammers include PayPal, banks, HMRC and Apple (including iTunes). Nearly a third of respondents also reported that they'd received emails from a stranger asking for money.

Where some scam emails received claimed to be from :

PayPal : 56%
A Bank : 49%
HMRC : 40%
Stranger asking : 31%
Apple (+itune) : 26%
eBay : 20%
A Supermarket : 18%
An email provider : 13%
Microsoft : 13%

(Answers from 1,575 respondents)

Bogus phishing emails all too common

And, while most people are likely to delete dodgy emails and some mark them as spam, almost one in four of today's centennials (18-21 year olds) did nothing with the scam email they received - a much higher proportion than the national average of just 4%.

Alex Neill, Managing Director of Home Products and Services at Which? said: 'Bogus phishing emails that look like they are from reputable sources are all too common and can trick people into giving away personal information, and in some cases losing money.

'Our research shows it's often the youngest consumers that are most at risk of opening these emails and that they are also less likely to do something about a scam email. Our top tips guide on how to spot an email scam is available for free on our website to help consumers stay ahead of the scammers' tactics and reduce the risk of them becoming a victim of fraud.'

Stay vigilant and take action to tackle fraud

Which? is warning consumers to be vigilant and take action, to reduce the risk of them becoming a victim of fraud. To help consumers stay safe online, Which? has produced a free online guide full of tips to help people spot an email scam here.

Which? is calling on the Government to set out an ambitious agenda to tackle fraud, publish an update on the progress of the Joint Fraud Taskforce and outline what action it will urgently take to safeguard consumers from scams.

https://campaigns.which.co.uk/scams-fraud-safeguard/

This research was carried out by Populus on behalf of Which?. They contacted 2,114 adults via an online poll in June 2017. The data is weighted to be nationally representative of the UK.

(28th September 2017)


IDENTITY THIEVES STEALING PEOPLE'S MONEY BY SEIZING CONTROL OF THEIR PHONE NUMBERS WITHOUT THEM KNOWING
(The Independent, dated 22nd August 2017 author Aatif Sulleyman)

Full article [Option 1]:

www.independent.co.uk/life-style/gadgets-and-tech/news/identity-thieves-steal-money-phone-numbers-transfer-control-mobile-networks-fraud-a7906271.html

Criminals are stealing people's money by taking control of their phone numbers behind their backs, a new report says.

They're managing to persuade agents at mobile networks to transfer control of targets' phone numbers to their own devices.

The technique isn't brand new, but is growing increasingly popular, according to the New York Times.

It reports that identity thieves often call agents multiple times, to request the transfer of a particular phone number, with "sob stories" about made-up emergencies commonly used.

Even if their request for the number is turned down repeatedly, their hope is that they'll eventually get to speak to an agent that falls for the scam.

Once they succeed, they can break into any accounts that use the number as a security backup, by resetting the passwords.

This can give them access to valuable information, such as bank account details, and also enable them to blackmail their intended target, by threatening to leak personal information.

However, the New York Times says criminals have started targeting investors in digital currencies - such as bitcoin - and venture capitalists, often finding them through social media.

This is largely because digital currency transactions are irreversible, leaving victims completely helpless.

Earlier this year, a security researcher discovered a "gaping hole" in Facebook that lets anyone easily break into an account.

The problem stems from the fact that Facebook allows you to link multiple phone numbers to your account, and doesn't force you to remove old ones once you've stopped using them.

Therefore, anyone who inherits your old number could easily reset your password and lock you out of your own account.

(28th September 2017)


CASES OF INSURANCE ID FRAUD ARE SOARING
(This is Money, dated 25th August 2017 author Rachel Straus)

Full article [Option 1]:

www.thisismoney.co.uk/money/beatthescammers/article-4819762/What-insurance-identity-fraud-does-work.html

Cases of insurance identity fraud have shot up this year, from just 20 between January and June 2016 to 2,070 over the same period this year.

The rise means it's the fastest-growing type of identity theft in the UK, at a time when it is reaching 'epidemic' levels.

Identity theft is when fraudsters get hold of the data of their victims, such as their names, dates of birth and addresses, through a variety of routes including stolen mail, the dark web, hacking or exploiting information on social media.

The fraudsters then use this information to take out products in their victims' names, for example opening bank accounts and applying for credit cards, loans, shopping online - and now, insurance.

nsurance identity fraud is when a criminal uses these methods to take out an insurance product in someone else's name.

Nick Mothershaw, director of identity and fraud solutions at Experian, explains why someone would want to do this.

He says that this type of fraud is often called 'ghost broking', and involves 'taking out a policy using a good address that gets a low premium, doctoring it, and selling on to an unsuspecting buyer looking for a better premium'.

The victim of insurance identity theft might not find out about the crime until they receive some kind of correspondence from an insurance provider with whom they do not have a policy, asking for payment or alerting them to an issue.

Similarly, the victim who unwittingly buys the doctored insurance cover may not find out that they do not have a valid policy until it's too late and they try to make a claim.

Other types of insurance fraud can involve people not telling the truth to get a better premium or people making false or exaggerated claims, says Nick.

To check whether your insurance product is legitimate, the Association of British Insurers says you can check that it is listed on the Motor Insurers' Bureau's Motor Insurance Database, which records policy details of all vehicles in the UK.

It also says to beware of insurance policies sold via social networking websites, pubs clubs and bars, newsagents and motor repair shops.

The Insurance Fraud Bureau ( https://www.insurancefraudbureau.org/ ) runs Cheatline with Crimestoppers to report insurance fraud.

Identity fraud cases overall rose by another five per cent in the last year, with nearly 500 cases a day - with the majority of scams taking place online, according to fraud prevention body Cifas.

Simon Dukes, Cifas chief executive, said: 'We have seen identity fraud attempts increase year-on-year, now reaching epidemic levels.

'These frauds are taking place almost exclusively online. The vast amounts of personal data that is available either online or through data breaches is only making it easier for the fraudster.

'Criminals are relentlessly targeting consumers and businesses and we must all be alert to the threat and do more to protect personal information.

'For smaller and medium-sized businesses in particular, they must focus on educating staff on good cyber security behaviours and raise awareness of the social engineering techniques employed by fraudsters. Relying solely on new fraud prevention technology is not enough.'

(28th September 2017)


DO YOU SELL ITEMS ON PAYPAL
(Hertfordshire Police Neighbourhood Watch, dated 28th August 2017)
www.owl.co.uk

We have received a number of reports recently where Hertfordshire residents have lost items or money after they believed they had sold items online to purchasers using PayPal. The two most common scams were:

Buyer asks for items to be sent to an alternative address

The buyer sends money via PayPal but asks for item to be sent to a different address, such as their "work address" or a "gift address". The victim receives the payment and sends the item to the new address. The buyer then claims they did not receive the item and requests a refund. Because the seller sent the item to a different address, they are not covered by PayPal's seller protection, so the buyer receives their refund and the seller ends up with neither the items nor the money.

Fake PayPal confirmation email

The buyer tells the seller that they will pay using PayPal. The seller then receives an email (that looks to be identical to a normal PayPal email) confirming payment has been received. The seller then sends the item. However, the PayPal confirmation email was fraudulent and the payment was never made.

Protect Your Money

- Don't accept an email as proof of payment, always check your account to ensure monies have been received. Log in to your account via your app or browser, never via an emailed link.

- Please bear in mind when selling items via PayPal, the User Agreement contains the following: "A key eligibility requirement of the Seller Protection Programme is that, for tangible items, the seller must post the item to the address which appears on the transaction details page."

- To view the PayPal User Agreement, visit www.paypal.com/uk and click on "Legal" in the bottom right hand corner of the page.

(28th September 2017)


EASYJET FREE TICKET GIVEAWAY SCAM IS DUPING CUSTOMERS WITH FAKE BOARDING PASSES
(International Business Times, dated 25th August 2017 author James Billington)

Full article [Option 1]:

www.ibtimes.co.uk/easyjet-free-ticket-giveaway-scam-duping-customers-fake-boarding-passes-1636686

When something looks too good to be true, it usually is. That's why easyJet has issued a warning about a free ticket internet scam fooling Facebook users into thinking they've won complimentary trips away.

Hackers are luring users into clicking on potentially harmful malware by posting on what looks like a genuine easyJet Facebook account with a competition celebrating the low-cost airline's 22nd anniversary. The fake advert claimed "easyJet is gifting 2 free tickets to everyone!" along with a picture of a boarding pass and the offer of two tickets per users if they took part in a survey.

Victims who click on the link were redirected to a fake page where it urged users to "hurry up" due to a limited number of tickets left. The survey asks for personal information and to also share the offer on Facebook in order to redeem the prize, thus gaining access to their profile.

This information could then be sold on or used for further phishing attacks.

"These stolen credentials can be resold or traded on underground forums and sites. Also, these scams can be further weaponised to drop ransomware or other more advanced styles of malware if the attackers so choose. The ease of further weaponising a simple campaign like this is concerning in and of itself," said Tim Helming, Director, Product Management at DomainTools.

The scammers were able to make the scheme look as genuine as possible by also including comments from fake customers who said they had won.

"I won the tickets...thank you easyJet," said one, while another claimed "it was busy at the easyJet counter today. It seems that so many people have won these tickets".

The false website was also set up with an address similar to that of the genuine easyJet site but not affiliated at all, further duping victims into thinking it was real.

This practise is known as typo squatting and here, the easyjetlover[.]us web address was used and repeats an identical scam that appeared on Facebook the week before claiming to be offering free RyanAir tickets, as well as an Aldi scam offering shoppers a free £65 coupon.

Helming reveals that on further investigation DomainTools found that the same person behind this campaign is connected to 113 other domains that are disguised as brands including British Airways, Ryanair and Pizza Hut.

EasyJet has acknowledged the scam, confirming it is fake and not a real giveaway and that "genuine competitions of this nature will only be hosted on easyJet's official Facebook page".

It warns customers to stay clear and encourages users to flag any malicious posts of this nature to the company.

The security experts at DomainTools advise users to stay safe by looking out for tell-tale signs such as typos on the website or coupon, as well as domains that have '.com-[text]'. A good way to ensure you're not being redirected somewhere you shouldn't is by hovering your mouse over the URL to see where the link will take you.

(28th September 2017)


JULY 2017


UK UNI WARNS STUDENTS OF PHISHERS TRYING TO NICK THEIR TUITION FEES
(The Register, dated 20th Jul 2017 author Iain Thomson)

Full article [Option 1]: www.theregister.co.uk/2017/07/20/newcastle_uni_website_phishing/

Foreign students looking to experience the stochastic joys of a year at Newcastle University in England are being warned that phishers are after their cash - using an unusually well-crafted attack.

The raiders set up a very realistic-looking fake website proclaiming itself to be Newcastle International University, complete with pages of well-laid-out information. The URL isn't that of the actual university site, but if you're a student unfamiliar with the center of learning, it would be easy to be fooled.

"We have been made aware of an unofficial website which is fraudulently using the Newcastle University brand and accepting credit card payments to apply for courses," the university said. "The website Newcastle International University is in no way affiliated with the University and we are advising anyone who finds the website should not submit any personal details."

It's the ideal time for phishers to pull a stunt like this. The exam results announcements for British students looking to go to university will be released within a month and overseas students are already trying to secure their places, and so could be vulnerable to slapping down the plastic if they think they can secure their place in academia now.

While the university has no comment at this time, it's thought the website was spammed out via email to these foreign students, who are also unlikely to notice that the site uses faked Newcastle University logos and coat of arms. The fake site not only tries to harvest credit card data, but also asks for other personal information, including passport details.

"Make no mistake, this is an effective scam. They've put in the time and effort to create a remarkably realistic website. It is well designed, well executed, and it highlights the very real danger of modern spoofing attacks," said Azeem Aleem, director of advanced cyber defence practice - EMEA at RSA.

"Newcastle University's response has been admirable, quickly identifying and warning prospects about the site. Yet it is often very hard for a company or organisation to know if their site has been spoofed until someone has already become a victim."

(21st September 2017)


CREDIT CARD FRAUD - WHAT YOU NEED TO KNOW
(Via BBC News, dated 12th July 2017 author Bruno Buonaguidi - Universita della Svizzera italiana)

Full article :

www.bbc.com/capital/story/20170711-credit-card-fraud-what-you-need-to-know?ocid=global_capital_rss

If you are the owner of a credit or a debit card, there is a non-negligible chance that you may be subject to fraud, like millions of other people around the world.

Starting in the 1980s, there has been an impressive increase in the use of credit, debit and pre-paid cards internationally. According to an October 2016 Nilson Report, in 2015 more than $31 trillion were generated worldwide by these payment systems, up 7.3% from 2014.

In 2015, seven in eight purchases in Europe were made electronically.

Thanks to new online money-transfer systems, such as Paypal, and the spread of e-commerce around the world - including, increasingly, in the developing world (which was slow to adopt online payments) - these trends are expected to continue.

Worldwide losses from card fraud rose to $21 billion in 2015, up from about $8 billion in 2010. By 2020, that number is expected to reach $31 billion

Thanks to leading companies such as Flipkart, Snapdeal and Amazon India (which together had 80% of the Indian e-commerce market share in 2015) as well as Alibaba and JingDong (which had upwards of 70% of the Chinese market in 2016), electronic payments are reaching massive new consumer populations.

This is a goldmine for cybercriminals. According to the Nilson Report, worldwide losses from card fraud rose to $21 billion in 2015, up from about $8 billion in 2010. By 2020, that number is expected to reach $31 billion.

Such costs include, among other expenses, the refunds that banks and credit card companies make to defrauded clients (many banks in the West cap consumers' liability at $50 as long as the crime is reported within 30 days for credit cards and within two days for debit cards. This incentivises banks to make significant investments in anti-fraud technologies.

Cybercrime costs vendors in other ways too. They are charged with providing customers with a high standard of security. If they are negligent in this duty, credit card companies may charge them the cost of reimbursing a fraud.

###The types of frauds

There are many kinds of credit card fraud, and they change so frequently as new technologies enable novel cybercrimes that it's nearly impossible to list them all.

But there are two main categories:

card-not-present (CNP) frauds:

This, the most common kind of fraud, occurs when the cardholder's information is stolen and used illegally without the physical presence of the card. This kind of fraud usually occurs online, and may be the result of so-called "phishing" emails sent by fraudsters impersonating credible institutions to steal personal or financial information via a contaminated link.

card-present-frauds:

This is less common today, but it's still worth watching out for. It often takes the form of "skimming" - when a dishonest seller swipes a consumer's credit card into a device that stores the information. Once that data is used to make a purchase, the consumer's account is charged.

The mechanism of a credit card transaction


Credit card fraud is facilitated, in part, because credit card transactions are a simple, two-step process: authorisation and settlement.

At the beginning, those involved in the transaction (customer, card issuer, merchant and merchant's bank) send and receive information to authorise or reject a given purchase. If the purchase is authorised, it is settled by an exchange of money, which usually takes place several days after the authorisation.

Once a purchase had been authorised, there is no going back. That means that all fraud detection measures must be done during in the first step of a transaction

Once a purchase had been authorised, there is no going back. That means that all fraud detection measures must be done during in the first step of a transaction.

Here's how it works (in a dramatically simplified fashion).

Once companies such as Visa or Mastercard have licensed their brands to a card issuer - a lender like, say, Barclays Bank - and to the merchant's bank, they fix the terms of the transaction agreement.

Then, the card issuer physically delivers the credit card to the consumer. To make a purchase with it, the cardholder gives his card to the vendor (or, online, manually enters the card information), who forwards data on the consumer and the desired purchase to the merchant's bank.

The bank, in turn, routes the required information to the card issuer for analysis and approval - or rejection. The card issuer's final decision is sent back to both the merchant's bank and the vendor.

Rejection may be issued only in two situations: if the balance on the cardholder's account is insufficient or if, based on the data provided by the merchant's bank, there is suspicion of fraud.

Incorrect suspicions of fraud is inconvenient for the consumer, whose purchase has been denied and whose card may summarily be blocked by the card issuer, and poses a reputational damage to the vendor.

How to counter frauds?

Based on my research, which examines how advanced statistical and probabilistic techniques could better detect fraud, sequential analysis - coupled with new technology - holds the key.

Thanks to the continuous monitoring of cardholder expenditure and information - including the time, amount and geographical coordinates of each purchase - it should be possible to develop a computer model that would calculate the probability that a purchase is fraudulent. If the probability passes a certain threshold, the card issuer would be issued an alarm.

The company could then decide to either block the card directly or undertake further investigation, such as calling the consumer.

The strength of this model, which applies a well-known mathematical theory called optimal stopping theory to fraud detection, is that it aims at either maximising an expected payoff or minimising an expected cost. In other words, all the computations would be aimed at limiting the frequency of false alarms.

My research is still underway. But, in the meantime, to reduce significantly the risk of falling victim to credit card fraud, here are some golden rules.

First, never click on links in emails that ask you to provide personal information, even if the sender appears to be your bank.

Second, before you buy something online from an unknown seller, google the vendor's name to see whether consumer feedback has been mainly positive.

And, finally, when you make online payments, check that the webpage address starts with https://, a communication protocol for secure data transfer, and confirm that the web page does not contain grammatical errors or strange words. That suggests it may be a fake designed solely to steal your financial data.

The Conversation

Bruno Buonaguidi is a researcher at the InterDisciplinary Institute of Data Science at the Università della Svizzera italiana. This article originally appeared on The Conversation.

(21st September 2017)


THEY SENT A MOTORBIKE COURIER AT 11PM : HOW ELDERLY PEOPLE FALL FOR BANK SCAMS
(The Telegraph, dated 4th July 2017 author Sam Meadows)

Full article [Option 1]:

www.telegraph.co.uk/money/consumer-affairs/sent-motorbike-courier-11pm-elderly-people-fall-bank-scams/

When Ian Price handed over his bank cards, pin, and all the cash he had to a motorbike-riding courier in the dead of night he thought that he was acting on instructions from the police.

In fact, he was one of an estimated half a million over-65s who have fallen victim to scammers. More than half of all pensioners have been targeted by fraudsters, according to research by Age UK, the charity, so being aware of scammers is more important than ever.

Mr Price, 89, was phoned by someone purporting to be a police officer. The caller told him that he had been monitoring his bank accounts and had noticed some suspicious activity. The "officer" would send a courier, he said, to collect his bank cards for his own protection. The clincher for Mr Price was the scammer's claim that he could hang up and dial 999 if he was unsure.

He did so, but the fraudster was relying on a little-known quirk of the telephone system that allows a caller to "tie up" your line for a few minutes if they remain on the line after you have put the phone down. This meant that when Mr Price dialled 999 immediately, he was reconnected to the scammer (BT said lines were now tied up for no more than 10 seconds).

Reassured, Mr Price handed his cards and pin to the courier - who arrived at 11pm - thinking that he was doing the right thing. Instead, the scammers ransacked his accounts.

Mr Price's son, Christopher, a charity worker, said the incident had taken an incredible toll on his father. "If you get swindled at a younger age you can kind of rationalise it and deal with it," he said. "At an older age, when your confidence is waning anyway, it can really knock you down.

"It's got to the point where he really has lost his confidence to deal with money or passwords. I deal with his banking, and my sister does all of his online shopping for him. He has an iPad, which he uses to listen to the radio, but anything with an app or a password, he now struggles with. We joke that I'm giving him his pocket money every week."

Mr Price was relatively lucky. His credit card companies refunded him the money and he lost only around £100. But Telegraph Money has reported several times how elderly people who have been scammed have lost tens of thousands of pounds.

Last year, we reported that one reader, Shaun Phillips, had lost £51,000 to fraudsters after he had already been targeted twice and told by his bank, TSB, that he was protected.

Experts have also predicted the Government's database of scam victims - which currently numbers around 300,000 - could reach close to one million by 2019.

Lucy Harmer, a director at Independent Age, a charity that provides information and advice, said the elderly were disproportionately likely to be targeted by scammers. According to the Financial Ombudsman Service, 80pc of phone scam victims are aged over 55, and 65pc of doorstep-scam victims are over 65.

"Older people face multiple risk factors," she said. "They are often home alone, and during the day. They are more likely to pick up the phone and more willing to talk. They may well be more vulnerable the older they get, suffering from dementia and other illnesses."

She added that while statistics existed for the number of people who fell for online scams, many people were too embarrassed to come forward, meaning that the true scale of the issue could be much larger.

Elderly people who fall for one scam often also find themselves put on a "suckers' list". Government estimates suggest that there could be a million people on these lists by 2019. "There are some really sad stories about people who receive more and more contact," Ms Harmer said.

"One of the signs that an older person may be falling victim to scammers is that they receive an unusual amount of post, or they get a lot of phone calls from strangers. If you have been conned once, they pass your details around and you can very easily become a victim again.

"If older people have the information they need," she added, "they can start to spot the things to look out for, and become less likely to fall for the scams."

How can I protect myself from scammers?

Independent Age has launched a Scamwise campaign to help older people stay ahead of the con men. As well as an advice leaflet, the charity has produced an online quiz that allows you to test your knowledge of some of the most common scams.

Ms Harmer said: "For older people who think they may have been scammed, it's important to remember that anyone can be a victim of a crime. It's nothing to be ashamed of. The most important thing is to report it so you can get the support you need, and to help prevent other people being targeted by the same scam.

"It's also good to be aware of the tactics scammers use, and learn how to protect yourself. There are a few simple things you can do, such as hanging up on cold callers, registering with the Mailing Preference Service to reduce the amount of junk mail you get, and never giving out personal information."

(21st September 2017)


HOW THOUSANDS OF BRITONS ARE AT RISK FROM "WORLDS BIGGEST ONLINE SCAM"
(Independent, dated 28th July 2017 author Josie Cox)

Full article [Option 1]:

www.independent.co.uk/news/business/news/online-scam-thousands-pounds-life-savings-trading-binary-options-fraud-pensioners-fca-a7865856.html?amp

Thousands of pensioners are at risk of losing their life savings in a rapidly growing financial scam that British authorities are powerless to clamp down on, The Independent can reveal.

Savers are investing their money in fraudulent online trading sites offering the promise of potentially huge payouts with little risk attached.

The majority of the complaints relate to companies that appear to be based overseas and are attracting increasing numbers of users, particularly pensioners, who say their investments are frozen if they try to withdraw their money.

The companies encourage investors to make apparently simple bets on whether shares or currencies will rise or fall in value. Many such "binary options trading platforms" are legitimate, but an increasing number are fraudulent.

Both types currently fall outside the control of financial regulators in the UK, meaning that people have little recourse to get their money back if they feel they've been scammed.

In the year to May 2016, the most recent for which figures are available, the National Fraud Intelligence Bureau (NFIB), which is part of the City of London Police, reported having received 305 reports of binary options scams, or 27 each month.

But one lawyer representing victims told The Independent that the true number is likely to be significantly higher - running into the thousands each year - as victims are frequently too embarrassed to come forward and admit to being conned. He described it as "possibly the biggest financial scam in the world".

Elizabeth Ablett from Derbyshire said that she signed up to a platform caller Binary Uno in December 2016. The 70-year-old's husband had died the previous year and she didn't have a pension big enough to live on.

Ms Ablett said that she initially invested £200 with the company, but that individuals who described themselves to her as "brokers" convinced her to up her stakes, telling her she was trading on the performance of gold and stocks.

By the end of March, she said, she had invested a total equivalent to almost £40,000, nearly her entire life savings. The following month, she said, her online account balance was shown to have slipped to zero. She said that nobody at BinaryUno answered her calls.

"They basically had assured me that the money I invested could not be lost," she told The Independent. She said that they had convinced her to keep paying in by promising to match some of her investments.

Later she said she was contacted by a representative who told her that she would only be paid out if she had trading revenues of at least £1.5m. "Now I realise just how stupid I was," she said. "I have no money at all. I'm skint."

The Australian Securities and Investments Commission and the British Columbia Securities Commission in Canada have both publicly called for caution when dealing with binary options trading platforms. Both specifically name Binary Uno.

Lawyers and personal finance experts speaking to The Independent said the Government was unable to regulate the market because the platforms - even the legitimate ones - were not controlled by the Financial Conduct Authority (FCA) watchdog.

Some binary options trading platforms are regulated by the UK's Gambling Commission, but only if the firm has gambling equipment located in the country.

Pensioner James Hellis, a former self-employed IT worker, said he invested a total of nearly £60,000 in a binary trading platform called Tradorax. Mr Hellis said he was initially approached online by the firm in February 2016. He said that he felt his pension income might be improved by accepting the investment opportunity he said they were offering him.

Like Ms Ablett, Mr Hellis said he was assigned someone who identified themselves as a "broker" to trade on his behalf and made a series of investments over the course of several months.

In December, he said he filed a request with the platform to withdraw his money, the majority of which had stemmed from his pension fund. He claims that request was denied and - like Ms Ablett - he said his account later appeared to have been blocked.

Because Mr Hellis had paid for some of the investments with credit cards, he said he raised a chargeback dispute with his banks, but they have so far been unable to help him.

He said he also reported the matter to the Action Fraud Police - the national reporting centre for fraud and cyber crime which operates alongside the NFIB within the City of London Police - and the Financial Ombudsman Service (FOS), which was set up by Parliament to resolve problems with financial services. The latter, Mr Hellis said, has told him that it is looking into his case.

"If this situation occurred in the front office of an investment bank the perpetrators would be fired," Mr Hellis claimed. "Why is the regulator doing nothing? Why are the banks doing nothing?"

A spokesperson for the FOS confirmed that Tradorax is not regulated by the FCA, which means investors do not have recourse to the ombudsman "if things go wrong".

The Independent received no replies to emails sent to addresses on both Tradorax and Binary Uno's websites or calls made to numbers listed.

Richard Howlett, a partner at London-based law firm Selachii LLP, has dealt with dozens of cases concerning binary options trading fraud, with victims conned out of anywhere from a few hundred pounds to more than £1m.

He said he had been approached by people who have lost money on dozens of different sites and that new ones appear to be springing up daily.

In many cases, clients' only hope for getting their money back is if banks to which victims have made payments are willing to cooperate by freezing accounts out of fear of being accused of facilitating criminal activity, he said.

"Sometimes that puts enough pressure on the platform to pay out at least some of the money owed," he said. "But most of the time there's nothing to be done except raise awareness to prevent more people from being conned."

He said fraud perpetrated by certain binary options trading platforms was "possibly the biggest financial scam in the world".

Many of the individuals who turn to Mr Howlett for help are pensioners, especially tempted to give trading a shot because of changes to regulation introduced in April 2015, which allow for easier access to funds.

Under the new rules, pensioners are no longer required to buy an annuity and are able to take their entire pension as a lump sum. Suddenly having access to so much cash, and with such low returns offered by other investment options, the prospect of trading binary options can be enticing.

"Pension freedoms have to a certain extent opened a can of worms," says Kate Smith, head of pensions at Aegon. She said that some scammers are specifically targeting pensioners.

"They're playing on people's weaknesses."

David Newman, head of pensions at investment firm Close Brothers Asset Management, said that "greed can send people to do silly things" but also admitted that anyone is at risk of falling for a fraudster.

"People need to be educated as early as possible about this sort of thing," he said. "Just putting a leaflet at the back of a financial statement is not enough."

Figures published this month by the FCA show that 53 per cent of pension pots accessed since the new rules were introduced have been withdrawn fully. And the watchdog has recently raised a number of concerns relating to what people are doing with that money.

A full report into the issues around pension freedom is due to be published next year.

In December the FCA published a consultation paper on the risks associated with binary options trading and, under a piece of financial regulation due to be introduced in January, regulated financial betting platforms will come under the FCA's remit, but the watchdog says that its hands are tied when it comes to any unregulated operations.

(21st September 2017)


HOW TO STAY SAFE WHILST ONLINE SHOPPING
(Mirror, dated 30th June 2017 author Ruki Sayid)

Full article [Option 1]: www.mirror.co.uk/news/uk-news/how-stay-safe-whilst-online-10710012

Britain's love affair with online shopping has sent credit card fraud to a record high of £618 million, figures reveal.

The 9% rise year-on-year puts Britain at the top of the European card crime league with crooks cashing in at a rate eight times higher than Germany.

And an internet shopping boom is at the heart of the cyber crime explosion with Card Not Present (CNP) fraud rocketing 103% between 2011-16, according to the National Audit Office (NAO).

Its Online Fraud report out today (Fri) found there were almost two million cyber fraud incidents in the 12 months to September 30 last year with CNP a game changer.

The watchdog said CNP crime cost the nation almost £309 million last year but estimates that figure will more than double to £680 million by 2021.

A study by analytics firm FICO found crooks went on a £1.44 billion credit card spending spree across 19 European nations with Britain the easiest country to pickpocket.

Only France came any where near the UK's losses with gangs putting £438.4 million on stolen card details and Germany was third with £76.8 million.

By comparison countries like Austria, Portugal, the Czech Republic and Hungary barely registered in the card crime league with losses ranging between £1.6-£5 million.

The NAO admitted there was "much work to be done" in the UK to keep the banking industry, police and consumers a step ahead of the criminals.

NAO boss Sir Amyas Morse said: "For too long, as a low value but high volume crime, online fraud has been overlooked by government, law enforcement and industry.

"It is now the most commonly experienced crime in England and Wales and demands an urgent response."

The NAO was critical of both the police for not making fraud a "priority" and said the Home Office was also not doing enough to crack down on gangs.

But Sir Amyas added that the department was "the only body that can oversee the system and lead change" and said the launch of the Joint Fraud Taskforce last year was "a positive step".

FICO senior consultant Martin Warwick added: "The growth in online spending and CNP fraud brings new challenges for banks and retailers, as criminals thwarted by chip & PIN have moved to a less risky channel.

"Hiding amongst the growth in online purchases is great from a criminal point of view, but finding and stopping fraudulent transactions just gets tougher.

"Spotting the 'needle in a haystack' requires new behavioural analytics and artificial intelligence, combined with enhanced information from outside the traditional data contained within a purchase."

According to the NAO, last year fraud overall cost the nation £10 billion with four in ten Brits losing £250 or more to crooks.

Almost 12 million adults were victims of fraudsters in England and Wales with crimes ranging from phishing attacks that sent out spoof emails to glean personal details and lottery scams to ransomware and fake dating sites.

How to protect yourself

Trading Standards recommend looking for a professional website, with a landline contact number, and details of a head office before entering any details online.

Here are Get Safe, Action Fraud and NordVPN's top tips for shopping online:

- Get protected: Before you start shopping online, secure your device with anti-virus software or a firewall. This will help block out pop-ups and hackers.

- Check the URL: Only use secure websites for purchases, never buy anything from a site that does not have 'https' at the start of the URL and also look for the icon of a locked padlock at the bottom of the screen.

- Is the deal too good to be true? Don't be seduced by "bargains" from companies which you don't know, if something appears too good to be true, it probably is.

-Only shop with companies you know and trust: Watch out for fake websites. You can tell by checking the URL of the website, it may have a different spelling or a different domain name that ends in .net or .org.

-Shop from home: Using public WiFi hotspots such as those offered by coffee shops and libraries could leave you vulnerable. If it won't wait until you get home use your own 3G/4G network.

NOTE - This article provides some comprehensive information on the following :

Financial Scams - How to stay safe

- Tips to avoid pension scams
- Fake holiday websites
- HMRC tax rebate text scam
- Card dangers
- student loan scams
- contactless card dangers
- Scams that steal your savings
- rental scams

Scams to watch out for

- Caught speeding scam
- How Groupon hackers work
- EHIC and DVLA scammers
- 4 dangerous WhatsApp scams
- Fake supermarket coupons
- SIM - splitting scams - how they work
- Fake "Wcouncil tax refund" emails
- NHS scams

(21st September 2017)


SHOCK AS BURY HOSPICE LOSES £235K IN CYBER FRAUD
(Bury Times, dated 27th July 2017 author David Taylor)

Full article [Option 1]:

www.burytimes.co.uk/news/prestwich/15433370.Cyber_criminals_steal___235k_from_Bury_Hospice/?ref=rss

CYBER criminals have stolen £235,000 from Bury Hospice in a sophisticated and "sickening" fraud.

The online crooks plundered hospice bank accounts following an elaborate hoax involving an online virus check.

Bury Hospice chairman Prof Eileen Fairhurst said: "We are shocked and sickened that fraudsters would target hospices and other charities. It is beneath contempt when you think how this money was raised by hard-working volunteers and kind benefactors - and what it is needed for."

The hospice is now carrying out a full investigation and keeping in close contact with its bank.

Prof Fairhurst said: "Our own protection systems are now subject to extensive review. The police and the Charity Commission have been informed. There will be no immediate impact on the running of Bury Hospice and we will continue to provide an excellent service to those in the Bury community who need us."

Prof Fairhurst said all avenues are now being explored to recover the money and the matter is being investigated by the police national fraud investigation team.

Other charities in the Greater Manchester area have also been targeted in a similar way and some have also suffered financial loss.

And hospices in other parts of the UK have also been victims of online theft.

The news is a further blow to the hospice after a turbulent few years during which some people are believed to have lost confidence in the charity and fundraising became difficult.

In March, the former chief executive of the hospice, Jacqui Comber, won a claim of unfair dismissal and could be in line for a payout of up to £72,000.

However, the hospice in Rochdale Old Road recently celebrated the start of a new era after it was given a 'good' rating by the Care Quality Commission following its latest inspection.

But despite the hope of a fresh start, the fraud comes at a time when Bury Hospice can only afford to keep open six of its 12 available beds.

Fundraiser Ann Birch, former chairman of the Ramsbottom support group for the hospice, said: "I am absolutely horrified.

"We have had it bad enough, this on top is just dreadful. We have all been trying to raise as much money as possible for the hospice. I am sure everybody involved with fundraising will be very shocked. It is hard work raising money these days, because there are a lot of different charities and people don't have that much money.
We were really just getting on top of things, so that is really bad news. It costs so much every day to keep that place going, it is devastating. But hopefully now people will all get together and try to reimburse it, but that is a lot of money to replace."

Sgt Simon Ward, from Bury police, works across the borough raising awareness about and tackling cyber crime.

He said: "The fraudsters don't care who they affect or the impact that their actions might have on people.
It can be very lucrative work for them and it is usually well-organised. It is not the old style criminal who will turn their hand to anything. This kind of cybercrime can be used to fund even more serious crimes such as terrorism, so it is a national threat. Once the money has been taken, it is very difficult to get back."

Sgt Ward and his team will be visiting business, banks and charities in the coming weeks to advise on how best prevent online fraud and cybercrime.

Action Fraud is the UK's national reporting centre for fraud and cyber crime where people should report fraud if they believe they have been scammed, defrauded or experienced cyber crime.

For more information, visit: http://www.actionfraud.police.uk

(21st September 2017)


JUNE 2017


HOW TO TELL IF IT IS REAL
(Good Housekeeping, dated June 2017)
www.goodhousekeeping.co.uk [Option 1]

With cons and rip-offs on the rise, you need to keep your wits about you when you're online. Here's what to look out for :

Fake Holiday booking sites


One common scam involves fraudsters hacking into the accounts of owners on well known accommodation sites, such as Aidbnb, and creating convincing fake entries. You may receive emails from so-called "owner" asking you to send money, but this cash goes into a criminal's bank account.

STAY VIGILANT

- Check the web address is legitimate. Make sure it has not been altered, for example, with unexpected numbers or characters.

- Contact the accommodation' owner before and after you book, through the websites messaging feature.

- Never pay money into a personal bank account. Use a secure service - look for the "https" and a closed padlock symbol - or a payment provider, such as PayPal.

- Google the property. Bad reviews - or none at all - are a clue.

Fake Passport renewal sites

When you're applying for a new passport, driving licence or European Health Insurance Card (EHIC), make sure you don't get caught out by a copycat website. These sites may closely resemble the legimate ones, but you will be charged a premium for a public service that's either free, or much cheaper, via the official channel. Misleading sites also crop up when you search to apply for a holiday visa, birth or marriage certificate, book a driving theory test, or file a tax return.

STAY VIGILANT

- Go directly to the gov.uk site - or, for the EHIC card, to nhs.uk.

- If you do fall for a copycat site, you may be able to get your money back using Section 75 of the Consumer Credit Act, if you paid with a credit card.

Fake Social Media promotions

Beware of promotions claiming to offer vouchers if you share a particular message on Facebook or via WhatsApp. These scams can seem very convincing, and its easy to get sucked in if you see people you know sharing the message. But the bogus links can lead to phishing or malware sites. Spam you friends with fake promotions and you could end up sreading a virus.

STAY VIGILANT

- Tread carefully if a promotion asks you to share a page with friends.

- Watch out for tell tale speling and grammar mistakes.

- Think twice if a well known brand offers freebies to celebrate an anniversary.

- Type the promotion into Google and see what comes up.

And finally

- Trust your instincts - if something sounds too good to be true, it probably is.

- Fallen victim ? Contact Action Fraud at actionfraud.police.uk or call 0300 123 2040

(1st September 2017)


PEOPLE ARE NOT PROTECTING THEMSELVES - WHY THOUSANDS OF BRITS ARE STILL AT RISK OF FINANCIAL FRAUD
(Mirror, dated 28th June 2017 author Emma Munbodh)

Full article [Option 1]:

www.mirror.co.uk/money/people-not-protecting-themselves-thousands-10697588

How safe do you consider your personal details to be on the internet? If the answer is 'very', you might want to think again.

That's because new figures released today by the government's security arm, Action Fraud, have revealed that identify theft is at an all time high in the UK - with record numbers of criminals stealing people's data online for financial gain.

And it's costing the UK £5.4 billion a year. In 2016, 172,919 people reported identity theft to fraud protection agency Cifas, with the figures steadily rising since 2008.

Despite these numbers, a YouGov and Equifax report released today, has found that thousands of Brits are still browsing - and entering sensitive data - on the web without precautionary measures in place - even though they're aware of the potential risks.

According to Cifas, 40% of us don't have antivirus software installed on our devices and 27% use the same password across all accounts, a further 55% admit to using password-free wi-fi in public and entering sensitive data whilst on it.

City of London Police spokesman Dave Clark, said: "The recent survey results have highlighted that we need to do more to protect ourselves from fraudsters.

"There is a common misconception that only old people fall victim to fraud but reports show that every age and demographic is affected."

YouGov found that 31% of people think the over 60's are the most at risk to fraud - this is not necessarily the case.

Lisa Hardstaff, fraud expert at Equifax added: "How people manage and store their passwords for their online accounts is the first line of defence to keeping their personal information safe and secure from fraudsters.

"The fact that just under a third use the same password for multiple accounts and slightly more admitted to writing them down, clearly demonstrates people are being complacent and are of the belief that their personal information won't be at risk," Hardstaff added.

"The reality is that ID fraud is an indiscriminate crime that affects all ages in the UK irrespective of where they live or how much they earn. Everyone is vulnerable - so everyone needs to be vigilant."

How to protect yourself from identity fraud

Action Fraud, Cifas and Equifax have revealed the measures people should be taking to protect their identities from unscrupulous criminals - and it takes just five minutes.

- Set your privacy settings across all the social media channels you use, and think twice before you share details - in particular your full date of birth, your address, contacts details - all this information can be useful to fraudsters.

- Password protect your devices. Keep these complex by picking three random words, such as roverducklemon and add or split them with symbols, numbers and capitals: R0v3rDuckLemon!.

- Install anti-virus software on your laptop and any other personal devices and then keep it up to date. Check MoneySavingExpert have a recommended list of the best free anti-virus software here.

- Take care on public wi-fi - fraudsters hack them or mimic them. If you're using one, avoid accessing sensitive apps such as mobile banking.

- Download updates to your software when your device prompts you - they often add enhanced security features.

What to do if you're a victim


Act fast if you think you have been a victim of identity fraud.

If you receive any mail that seems suspicious or implies you have an account with the sender when you don't, do not ignore it.

Get a copy of your credit report as it is one of the first places you can spot if someone is misusing your personal information - before you suffer financial loss.

Review every entry on your credit report and if you see an account or even a credit search from a company that you do not recognise, notify the credit reference agency. They all offer a free service to victims of fraud.

Individuals or businesses who have fallen victim to identity theft should report to Action Fraud.

(1st September 2017)


HOW FRAUDSTERS SCAMMED £18,000 FROM A CRIMINAL PSYCHOLOGIST
(This is money, dated 20th June 2017 author Lily Canter)

Full article [Option 1]:

www.thisismoney.co.uk/money/beatthescammers/article-4566082/Fraudsters-scammed-18-000-criminal-psychologist.html

Fraudsters scammed £18,000 from a high profile criminal psychologist using 'persuasive techniques straight out of a psychology textbook'.

The professor, who has helped police hunt serial rapists, arsonists and murderers, was caught out when conmen phoned his home.

The scammers took him through a series of fake 'security' checks before transferring the money from three separate bank accounts.

Professor David Canter, who is director of the International Research Centre for Investigative Psychology at The University of Huddersfield, is one of Britain's foremost behavioural profilers.

He is best known for developing criminal profiling in the 1990s after he helped police catch Railway Rapist and serial murderer John Duffy.

More recently his research has involved studying fraudulent emails and warning people of the dangers of online scams.

But the 73-year-old was caught out himself when he was embroiled in an elaborate con to empty his bank accounts.

'I was a complete idiot. I am the first to admit it. I should have known better and I should have spotted it,' said Professor Canter.

ronically, the scam began when fraudsters hacked into his BT email account despite the professor using a complex password.

He said: 'A colleague told me a spoof email had been sent from my address saying I was in Turkey and needed money. I immediately changed my password and didn't think anymore of it.'

But a week later the professor realised he wasn't receiving any emails. After lengthy conversations with BT helpdesk he realised his email messages were being automatically forwarded onto another address the fraudsters had set up.

'I stopped the forwarding but then a few days later I got a phone call at home saying my IP address had been compromised.'

Professor Canter received the phone call on his ex-directory number from a 'polite woman with an Indian accent' claiming to be acting on behalf of BT.

'I was immediately very suspicious and asked how they got my number. She said they got it from BT and they had been alerted to a security problem with my computer. In hindsight I think they got the number when they hacked my email in the weeks before.'

The woman took Professor Canter through a series of 'checks' asking him to corroborate unique numbers on his computer, which he wrongly assumed meant the caller was legitimate.

He said: 'She knew all these details about me and my computer and she was very formal. There was a sense of urgency and concern and it makes you feel you have to something about it.'

The woman then passed him onto a man who asked the professor to download some 'protective' software before logging into his bank accounts. The whole operation took several hours and the professor chatted to the fake technician about his BT training and university education in Britain.

'They were very sophisticated in terms of their plausibility,' said Professor Canter. 'We can learn a lot about the techniques of persuasion from these people. They use just the right level of technical terms to make you think you understand when you don't. They probably spent a few weeks building up how they were going to deal with me.'

The convincing back story made the professor believe that they were putting a block on his bank accounts so they could not be accessed. But in reality the scammers were setting up transfers to move thousands of pounds into their own account.

Whilst they were putting this block into the system the screen went completely blank. The man on the phone said 'don't panic', and then he moved onto the next account. I was doing other work at the same time and I think they deliberately targeted me before a bank holiday so it would be difficult for me to contact the banks.'

At the end of the call Professor Canter started to get suspicious and the realisation of what was happening sunk in.

'They said they were at the end of their working day and they would finish in the morning as it was about 5pm. When the call finished I rang an IT expert I use and he told me straight away that it was a scam.'

Professor Canter immediately logged into his online accounts to change the password then contacted Lloyds, Natwest and Santander to alert their fraud departments. This was not as easy as he had expected.

He saw that the hackers had set up transfers of £2,500 from his Lloyds account, £7,500 from his Natwest account and two lots of £3,919 from his Santander account - a total of £17,838.

And he was surprised to find that the banks all had different security systems to deal with fraudulent transfers.

'Lloyds had the best system. If there is an unusual sum of money going to an unusual location they put a temporary block on it. I was able to put a stop to that transfer. The money had transferred out of my Natwest account and although it was difficult to get through to someone they repaid me all of the money the next day.'

Santander eventually repaid Professor Canter £3,919, around six weeks after it was taken by the scammers.

'Their system recognised one of the transfers as fraudulent and automatically stopped it. I don't understand why they did not do that for the other one. Santander said I endorsed the transfer via a message on my phone. I was in such a tizzy I don't know what I did, but I can't find the message on my phone.'

Frustratingly, Professor Canter says he knows the account numbers the money was transferred to and yet he says the banks and police do not appear to be chasing the money.

The police gave the professor a crime number and told him to contact Action Fraud, the national fraud and cyber crime reporting centre.

This was assessed by the National Fraud Intelligence Bureau who contacted the professor to say they would not be able to investigate. They were unable to provide a comment on his case.

'No-one has the resources to follow through on these bank accounts. Santander told me they get a case like mine every three minutes,' said Professor Canter.

The trauma of the crime has left the professor feeling 'violated and vulnerable' and cost him both financially and emotionally.

He said: 'It has made me terribly anxious about having an online account. I have had to change all my bank accounts and buy a new computer as I found that the fraudsters had put about 300 programmes on it. It has made me suspicious of everyone and caused me a lot of stress.'

Action Fraud said that it had received the report in April, which was assessed by the National Fraud Intelligence Bureau at the City of London Police. However it said there were 'insufficient lines of enquiry for an investigation based in the UK'.

It added that with 250,000 crimes reported to Action Fraud every year, not all cases can be passed on for further investigation, but that the disruptions team was able to take down the phone number used by the fraudsters.

(1st September 2017)


BANK WORKER ADMITS PART IN SOPHISTICATED FRAUD
(Echo, dated 16th June 2017 author John Lucas)

Full article [Option 1]:

http://www.echo-news.co.uk/news/15334306.Bank_worker__24__admits_part_in____sophisticated____fraud_in_which_a_group_of_scammers_stole_millions_of_pounds/

A BANK worker took part in a "sophisticated fraud" which saw scammers steal millions of pounds from rich customers using a string of impersonators, a court heard.

Molly Jones, 24, of Bohemia Chase, Leigh, scoured computer systems at Lloyds Bank for rarely-accessed accounts holding large sums of money before passing the details to the criminal gang.

The gang then ordered new bank cards so imposters could pose as the customers and set up transfers of hundreds of thousands of pounds.

The money was laundered through a series of bogus companies before being moved offshore to prevent it being recovered, it is claimed.

One victim lost more than £750,000 after an unknown man used a fake driving licence in his name to set up two transfers over three days.

The Old Bailey heard Jones was involved in the attempted fraud on the account of Thomas Murphy at time when it had a £3million balance.

She set up a payment of £486,000 - supposedly for a house purchase - after an imposter came into her branch of Lloyds TSB.

Investigations of her mobile phone revealed messages relating to the Murphy account and a description of the man impersonating the customer.

She has admitted conspiracy to defraud but other defendants are standing trial at the Old Bailey.

Benjamin Omoregie, of no fixed address, has also admitted involvement.

Courtney Ayinbode, 29, of Magdalen Court, Enmore Road, South Norwood, denies conspiracy to defraud between 9 November 2012 and 8 August 2013.

Kushveer Raulia, 25, of Gledwood Gardens, Hayes, West London, denies two counts of conspiracy to defraud and one count of converting criminal property.

Parvez Hussain, of Cedar Road, Romford,, denies converting criminal property.

Another bank worker accused of involvement- Tajinder Galsinh- is not involved in proceedings.

Prosecutor Paul Cavin told the Old Bailey: "They were all involved in an agreement to defraud Lloyds TSB of millions of pounds.

"Accounts belonging to people with large balances - in some cases several millions of pounds - were targeted.

"To identify those rich accounts, an insider, an employee of the bank was recruited to help the gang.

"The insider would then assist in breaching the security protocols in order to steal the money.

"The money would be transferred to accomplices who would swiftly transfer the money through a number of bogus businesses before eventually the money would disappear offshore.

"Once it is offshore it can come back onshore and nobody can trace it."

The first victim lost £750,975 in the space of three days after his account was accessed by both Ayinbode and Omoregie at the Balham and Streatham branches of Lloyds TSB in July 2013.

A few days later the customer's address was changed and a new card was issued to the new address, it is claimed.

Then on August 5 a man claiming to be the customer went into the Kings Cross branch to ask to set up a transfer.

The Echo told last year how Jones was involved in another major scam. She admitted being part of a money-laundering ring involving a luxury car firm based at London's Canary Wharf. She was given a two-year suspended sentence. The trial continues.

(1st September 2017)


THE FAKE PAYPAL EMAILS THAT ARE TRICKING BRITS OUT OF THOUSANDS - WARNING SIGNS AND HOW TO REPORT IT
(Mirror, dated 12th June 2017 author Emma Munbodh)

Full article [Option 1]:

www.mirror.co.uk/money/fake-paypal-emails-tricking-brits-10611050

A new wave of suspicious emails claiming to be from online payments platform PayPal are back in circulation, the UK's security body has warned, and they can empty out your bank account in just seconds.

Action Fraud UK - the government's cyber crime agency - has warned of a particularly high number of PayPal phishing emails that are landing in people's inboxes, claiming to be from the electronic payments company.

The emails claim 'unusual activity' has been flagged on their accounts - although this is not the case.

Once clicked on, victims are redirected to a fraudulent version of the PayPal website - one that looks remarkably similar - where they are asked for sensitive data to resolve the alleged 'issue'.

A PayPal spokesperson told Mirror Money: "At PayPal we go to great lengths to protect our customers in the UK, but there are still a few, simple precautions we should all take to avoids scams."

"We do contact our customers by email (e.g. for marketing purposes), however if the email is about an account limitation, then the customer should: open their internet browser, visit www.paypal.co.uk and login.

"If we require the customer to take any action, we will communicate that in the secure message centre."

Deputy Head of Action Fraud, Steve Proffitt added: "Fraudsters are increasingly targeting people with very professional looking emails warning that online accounts have been compromised and asking you to click on links to verify your details.

"Action Fraud is now warning people about fake emails that appear to have been sent from PayPal. These emails ask you to log in and review your Paypal account. It is difficult to know if they are fake as they look so professional.

"If you have received one of these fake emails, we are advising people not to follow the links in the email as by logging into your account, you are providing fraudsters with your login details which gives them access to your account.

"Always contact the fraud department of the organisation directly from the contact details you have on your statements or bank card and explain the contents of the email you have received."

What the emails say

This fake PayPal email even made us look twice! Well designed, slick and personalised. The link leads to a fake login page!

In most cases, the emails open with the line: 'We noticed unusual activity in your PayPal account'.

The emails appear incredibly professional - and feature PayPal's trademark font, logo and layout.

In a tweet, Action Fraud said: "This fake PayPal email even made us look twice! Well designed, slick and personalised. The link leads to a fake login page! #Phi shing".

Other customers have reported emails claiming their accounts had been either 'suspended' or 'lifted'. These featured prominent typos which experts warn should not be ignored.

"We've limited your access and the reason is the last login attemp , we've limited your account for security reasons.

"To fix this problem you have to login and update your personal informations by following this link."
(Don't its bogus)

In several more cases, the scammers claimed the victim had "added a new email address to their account". This is a common tactic used by criminals to instill fear or panic, prompting the user to click on the email in haste.

But it doesn't end there.

One email doing the rounds claims you've made a payment - which of course is not the case.

These emails employ similar tricks to those used by banking fraudsters - which alerts users to unidentified transactions.

How to tell if the email is genuine or a hoax

- Check the email address - in most cases fraudulent addresses will contain multiple letters and numbers and will appear unusually long.

- Be aware of any emails and pop-up windows asking you to click on a link or provide personal information directly in response.

- A genuine email will only ever address you by your full name at the beginning - anything that starts 'Dear customer' should immediately raise your suspicions.

- Do not reply or open any attachments that arrive with the email.

- If you suspect something is wrong, get in touch with the firm directly to verify it.


What PayPal say you should do


"Phishing" is an illegal attempt to "fish" for your private and/or sensitive data. In most cases the criminals will claim to be from a well-known company such as PayPal.

If you believe you've received a phishing email, follow these steps:

1. Be aware of any emails or text messages that ask you to provide personal information directly in response.

2. Look out for spelling mistakes, which are a common tell-tale sign of a fraudulent message.

3. A genuine PayPal email will only ever address you by your full name at the beginning - anything that starts 'Dear customer' should immediately raise your suspicions.

4. Scammers often use a false sense of urgency to prompt you to act on a phishing email such as hyperlinks asking you to login to your account. If you want to check that PayPal has tried to reach you, go to PayPal.co.uk and log into your account normally. You will have a secure message waiting if PayPal does need you to take any action.

5. If you have any concerns regarding an email you have received, you should send it to spoof@paypal.com .


Action Fraud tips if you've received a suspicious email

- Do not click on any links in the scam email.

- Do not reply to the email or contact the senders in any way.

- If you have clicked on a link in the email, do not supply any information on the website that may open.

- Do not open any attachments that arrive with the email.

- If you've been a victim of fraud, report it to Action Fraud .

(1st September 2017)


FRAUDSTERS "USE TRICKS OF SPEECH" IN CONS
(BBC News, dated 31st May 2017)

Full article : www.bbc.co.uk/news/business-40104294

Cold-calling fraudsters use an urgent tempo of conversation or apologetic language to convince victims they are genuine, research has suggested.

The con-artists often adopt the persona of someone in authority such as a police officer or a fraud detection manager, transcripts have shown.

The Take Five campaign, which raises awareness of scams, asked a speech pattern analyst to study calls.

Dr Paul Breen said fraudsters use a variety of techniques to garner trust.

"The process used by fraudsters is carefully scripted from beginning to end - knowing the language fraudsters will use to mimic patterns of trust can help people to avoid becoming a victim," he said.

He found that while many people are more likely to trust a stranger over the phone if they sound like a "nice person", a caller acknowledging someone's concerns and sounding apologetic can be the hallmark of a scam.

Analysis suggested that fraudsters use snippets of information about their victims, remain patient and acknowledge concerns about security to gain the trust of the person being called.

Cases of identity fraud have been rising, with young people a growing target, often after people give up personal information to someone pretending to be from their bank, the police or a retailer.
Related Topics

(1st September 2017)


BEWARE THIS PHISHING EMAIL SENT BY SCAMMERS WHO PRETEND TO BE THE DVLA OFFERING YOU A CAR TAX REFUND
(Daily Mail / This is money, dated 13th June 2017 author Rob Hull)

Full article [Option 1]:

http://www.thisismoney.co.uk/money/cars/article-4599872/Scam-email-fraudsters-posing-DVLA.html

Drivers are being warned of a new scam email feigning to be from the Driver & Vehicle Licensing Agency telling them they are due a refund on their car tax.

The email, which 'brazenly' includes an address for reporting scam emails, has a link to a 'secure web form' that's designed to collect personal information from unwitting recipients.

The correspondence targeting motorists says: 'We would like to notify you that you have an outstanding vehicle tax refund of £239.35 from an overpayment, request a refund.'

It goes on to urge recipients to complete the web form and promises that funds will be paid into their account within four to six days.

BBC Watchdog tweeted the phishing email to warn motorists to ignore and delete it immediately.

The email looks legitimate and includes the DVLA's existing logo and fonts - something that could dupe many motorists into sharing their personal data.

And as one final brash move, the scammers have included a link to the email address phishing@dvla.gsi,gov.uk for people to report possible fraudulent emails to the DLVA.

When would I receive a refund from the DVLA?

Criminals behind the email seemingly timed it to take advantage of changes to Vehicle Excise Duty rates from April 1 and ongoing confusion surrounding the switch to online car tax after paper discs were scrapped in 2014.

Under the current system, when an owner sells a vehicle they must cancel the outstanding tax and they are then refunded the remaining full months.

The only other scenarios where you'll receive a tax refund from the DVLA will be if the car has been declared SORN (Statutory Off Road Notification), written off by your insurer, scrapped at a vehicle scrapyard, stolen, exported out of the UK, or registered as exempt from vehicle tax.

If you currently still have your car and none of the above scenarios are true, there is no reason why the DVLA would offer a refund.

In fact, the DVLA said it will never send links to third party sites or ask for confirmation of personal details or payment information - red flags that should stall confused drivers before they they fall for the scam and submit their own data.

It's not the first time scammers have targeted motorists by impersonating the DVLA.

Last year, This is Money revealed an example of an email that was sent to drivers asking them to confirm their direct debit details.

The DVLA warned motorists that it would never contact them about direct debits and said not to open the PDF attached to the scam as it contained malware.

Over the last two years, fraudsters have also pretended to be the DVLA by contacting drivers via text.

Tony Neate, CEO of Get Safe Online, said the switch has made it easier to manage your car tax but has also made it easier for scammers to defraud people by sending them 'sophisticated hoax emails'.

'As phishing emails become ever more sophisticated and elaborate, it is important to be vigilant about sharing any of your personal information online,' he told This is Money.

'Like many official bodies, the DVLA's policy is to never send links to third party sites or ask for confirmation of personal or payment details - so if you do receive emails asking for this sort of information, stay one step ahead and report them immediately.

'If you're ever not sure, be your own detective and contact them by other means - perhaps phoning the number you would use normally.

'In addition, you should never use free public Wi-Fi to fill out online forms, however convenient, as you can't guarantee it will be secure.

'And always look out for 'https' at the beginning of the address as well as the 'padlock symbol' in the browser frame as it shows the website you are using is secure.'

(1st September 2017)


FRAUD HOTSPOTS : DO YOU LIVE IN A DANGER ZONE ?
(Love Money / BT News, dated 16th June 2017)

Full article [Option 1]:

https://home.bt.com/lifestyle/money/money-tips/fraud-hotspots-do-you-live-in-a-danger-zone-11364188604295

New research from Which? has revealed the top danger zones around the country for dating fraud, computer repair scams, investments cons and other types of fraudulent schemes.

The study draws on data from Action Fraud - the main body to report cases of fraud in the UK - on scams reported during 2014, 2015 and 2016, broken down by police area and type.

Which? has used the information to reveal where certain types of fraud appear to be more common in England and Wales and is urging the Government to tackle the growing problem.

Norfolk

Norfolk residents were the most likely to report incidents of dating fraud, where victims are duped into sending money to bogus lovers.

This impacted 1.6 people for every 10,000 people in the country, compared with the national average of 1.1.

The county was also a prime location for reported lottery scams, where victims are tricked into paying to enter a fake lottery, with 2.2 people per 10,000 reporting compared with one nationally.

Dyfed-Powys


Those living in Dyfed-Powys, Wales, commonly reported losing money to computer repair fraud, which involves a cold caller getting in touch to help fix a non-existent computer glitch.

Which? noted that this type of fraud tended to be reported in areas with an older population. In Dyfed-Powys 19.3 people per 10,000 were hit compared to the national average of 10.4.

The area was also a hotspot for fake services fraud, where victims are tricked into paying for a service that doesn't exist or aren't delivered. This impacted 13.4 people per 10,000 in contrast to the national average of 9.5.

London

London was also revealed to be a common are for scammers to target with a myriad of frauds, probably thanks to the large amounts of wealth and people concentrated in the area.

Which? found those living and working in the capital were most at risk of falling victim to a range of scams including: being charged fees for fake loans (4 per 10,000 people), social media or email hacking (3.7per 10,000), scam door-to-door sales (4.3 per 10,000), rental scams (3.4 per 10,000) fraud involving false or stolen goods (8.55 per 10,000), payment redirect fraud (3.9 per 10,000) and ticket fraud (4.7 per 10,000).

Other fraud hotspots

The data revealed that Dorset residents were particularly prone to being targeted by computer virus, malware and spyware fraud, with 3.8 cases per 10,000 people, compared to the national average of 2.3.

Households in affluent Surrey most commonly reported financial investment fraud, with 2.1 people per 10,000 compared to 1.3 nationally.

While those living in Warwickshire typically reported the most cases of retail fraud with 15.67 reports per 10,000 people in contrast to the 3.4 national average.
The scale of the fraud problem

In total Which? Found there were 266,964 frauds reported between 2014 and 2016. Below are the types, what they involve and the scale of the problem.

TYPE OF FRAUD (Source: Which?)

The reported cases were to Action Fraud (2014-2016)

Online shopping and auction fraud - Number reported : 123,298

What it involves : A product advertised online doesn't exist, arrive, or match its original description. It also includes where sellers aren't paid for goods sold online.


Computer fixing fraud - Number reported : 80,264

What it involves: Someone is told that there's a problem with their computer which can be fixed for a fee. No fix actually happens.


Fees for fake services - Number reported : 66,035

What it involves: Victims pay an upfront fee for a service that doesn't exist. For example, cold callers falsely offer to make PPI claim for money, or employers demanding money for employment checks for jobs that don't exist.


Cheque, plastic card and online bank account fraud
- Number reported : 54,696

What it involves: Someone's cheque, card or online bank account is fraudulently used. It doesn't include companies that deal with electronic money transfers.


Fake or stolen products fraud - Number reported : 41,108

What it involves: Victims make a purchase after being shown, or test a product. However, that product is later found to be false or stolen - also known as 'Other consumer non-investment fraud'.

Retail fraud - Number reported : 30,944

What it involves: Fraud committed against retailers, such as when goods are ordered with no intention of paying, or when a fraudster tries to get a refund from stolen goods.

Fake loan fraud - Number reported : 19,531

What it involves: A victim is offered a 'loan' in exchange for a fee. The loan never materialises.


Payment redirect fraud - Number reported : 16,467

What it involves: Fraudsters get a victim to change a direct debit, standing order or bank transfer by pretending to be an organisation that the victim regularly pays. This could be a phone or energy company, for example.

Hacking cases - social media and email - Number reported : 16,249

What it involves: Someone's social media or email account is hacked. This is unlikely to result in money loss directly.

Door-to-door sales and bogus tradesmen - Number reported : 15,907

What it involves: Fraudsters go door-to-door offering goods or services that are never delivered, or are of poor quality.

Computer virus/malware/spyware - Number reported : 15,561

What it involves: Scammers trick you into spreading a virus or allowing malware to be installed on a device. A virus is a computer program that can replicate itself and spread from one computer to another. Malware/spyware collect information or data from infected devices and passes them on to another device.

Fake ticket fraud
- Number reported : 14,949

What it involves: A victim purchases a ticket in advance only to find that it's never received, or isn't valid for the event.

Other financial investment fraud - Number reported : 9,521

What it involves: This covers a range of scams designed to convince people to part with their savings.

Dating scams - Number reported : 8,311

What it involves: The victim is persuaded to send money to a prospective 'lover'.

Lottery scams - Number reported :6,933

What it involves: The victim pays to enter a non-existent 'lottery'.


What about Scotland and Northern Ireland?

The research found that Scotland and Northern Ireland had much lower reports of fraud compared to the rest of the UK over this three-year period.

Which? says this is likely because the Scottish police aren't officially part of Action Fraud reporting network while Northern Ireland joined in June 2015.
Getting tough on fraud

Which? is urging the Government to set out plans to tackle fraud and scams.

It suggests improving how businesses handle customer data, the response to a data breach and to ensure people get the right redress.

The watchdog is also calling for the Payment Systems Regulator (PSR) to implement stronger rules to protect consumers from bank transfer scams.

Gareth Shaw, Which? money expert, said:"As more information is available about us online than ever before, fraudsters are finding it much easier to know who to target and how.

"These criminals are constantly finding new ways to rip us off and those tackling fraud should be upping their game. The Government needs to set out an ambitious agenda to tackle fraud, while law enforcement agencies need to be working harder to identify and protect the people most at risk from fraud."

If you think you may have fallen victim to a scam you should report it to Action Fraud.

uaware Further information

Original Which ? article :

http://www.which.co.uk/news/2017/06/revealed-the-fraud-capitals-near-you/?utm_medium=Email&utm_source=ExactTarget&utm_campaign=Weekly_Scoop_170617

(1st September 2017)


VEHICLE ONLINE SHOPPING FRAUD
(Action Fraud, dated 12th June 2017)
www.actionfraud.police.uk

Fraudsters have been advertising vehicles and machinery for sale on various selling platforms online. The victims, after communicating via email with the fraudster, will receive a bogus email which purports to be from an established escrow provider (a third party who will keep the payment until the buying and selling parties are both happy with the deal).

These emails are designed to persuade victims to pay upfront, via bank transfer, before visiting the seller to collect the goods. The emails also claim that the buyer (victim) has a cooling off period to reclaim the payment if they change their mind. This gives victims the false sense of security that their money is being looked after by this trustworthy third party, when in fact it is not and the money has gone straight to the fraudster.

Protect yourself:


- When making a large purchase such as a new car or machinery, always meet the seller face to face first and ask to see the goods before transferring any money.

- If you receive a suspicious email asking for payment, check for spelling, grammar, or any other errors, and check who sent the email. If in doubt, check feedback online by searching the associated phone numbers or email addresses of the seller.

- Contact the third party the fraudsters are purporting to be using to make the transaction. They should be able to confirm whether the email you have received is legitimate or not.

- False adverts often offer vehicles or machinery for sale well below market value to entice potential victims; always be cautious. If it looks too good to be true then it probably is.

If you have been affected by this, or any other type of fraud, report it to Action Fraud by visiting www.actionfraud.police.uk, or by calling 0300 123 2040.

(1st September 2017)


BOGUS CALLERS
(Essex Community Messaging, dated 1st June 2017)

We have recently had a couple of incidents in different areas of Essex where Bogus Callers have made out they were from the local council and had come to investigate and remove rats nests in the loft. These bogus callers have then proceeded to take a deposit of cash (or in at least one case with a card reader) and said they would return to remove the nest and then disappeared.

If you do get a visitor along these lines, they are likely to be fraudulent. Please ring your local council direct to confirm that any caller is bonafide. Fraudsters can produce fake ID badges.

If an unknown trader knocks on your door at any time , don't open it unless you use a door chain . Preferably, open a small window either upstairs or downstairs and speak through the window.

To verify someone's identity please ring the organisation they claim to be from. Use a number from a bill or telephone directory that you have looked up yourself - never use a telephone number provided by the caller. A bona fide caller will wait outside whilst you verify their validity - a bogus caller is also likely to disappear as soon as they know you are telephoning to check identity.

Please do not let anyone into your home if you are not expecting them. REMEMBER - Your door - Your House - Your choice. Not sure? Don't Open the Door

Display a 'No Cold Calling' sticker on your front door. These are available from Trading Standards free of charge. Call them on 03454 040506.

If you do need work undertaken on your property, Trading Standards operate a 'Buy With Confidence' scheme, which enables residents to identify approved local traders who have readily demonstrated a commitment to high working standards, high levels of customer care and a fair trading policy.

The 'Buy with Confidence' scheme is available via the internet https://www.buywithconfidence.gov.uk/ or by telephone 03454 040506.

REMEMBER: NOT SURE? DON'T OPEN THE DOOR.

(1st September 2017)


WEDDING SERVICES FRAUD
(Action Fraud, dated 6th June)
www.actionfraud.police.uk

With the upcoming "Wedding Season", and for those individuals who are considering making plans for next year and beyond, you should be aware of the potential risks of fraud involved.

According to 'bridesmagazine.co.uk', in 2017 the average wedding cost spend is approximately £30,111. This will be paid out to multiple vendors, including; photographers, caterers, reception venues and travel companies, to name a few. Many of these services will require booking at least several months in advance and you may be obliged to pay a deposit or even the full balance at the time.

Being aware of the potential risks and following the below prevention advice could minimise the likelihood of fraud:

Paying by Credit Card will provide you with protection under Section 75 of the Consumer Credit Act, for purchases above £100 and below £30,000. This means that even if a Company goes into liquidation before your big day, you could claim a refund through your Credit Card Company.

Social Media - Some Companies run their businesses entirely via social media sites, offering low cost services. Whilst many are genuine, some may not be insured or may even be fraudulent. There are a few things you can do to protect yourself;

- Ensure you obtain a physical address and contact details for the vendor and verify this information. Should you experience any problems, you will then be able to make a complaint to Trading Standards or consider pursuing via the Small Claims Court.

- Ensure you obtain a contract before paying money for services. Make certain you fully read and understand what you are signing and note the terms of cancellation.


Consider purchasing Wedding Insurance - Policies vary in cover and can be purchased up to two years in advance. They can protect you from events that would not be covered under the Consumer Credit Act.

Complete research on each vendor, ensuring you are dealing with a bona fide person or company. Explore the internet for reviews and ratings and ask the vendor to provide details of past clients you can speak to. You should do this even if using companies recommended by a trustworthy friend or source.

For services such as wedding photographers, beware of websites using fake images. Look for inconsistencies in style; Meet the photographer in person and ask to view sample albums. If you like an image from a wedding, ask to view the photographs taken of the whole event so you can see the overall quality.

Remember, if something appears too good to be true, it probably is!

(1st September 2017)


SIX TRICKS FRAUDSTERS USE TO GAIN YOUR TRUST
(BT / Love Money, dated 5th June 2017)

Full article [Option 1]:

https://home.bt.com/lifestyle/money/money-tips/six-tricks-fraudsters-use-to-gain-your-trust-11364184899041

New research from Financial Fraud Action (FFA) shows how scammers manipulate our instinctive human willingness to accept someone at their word in order to con us.

Dr Paul Breen. a speech pattern analyst, has found that fraudsters use specific techniques to gain our trust when they call before they try and get us to hand over valuable financial or personal information.

"The process used by fraudsters is carefully scripted from beginning to end - knowing the language fraudsters will use to mimic patterns of trust can help people to avoid becoming a victim," says Dr Breen, senior lecturer at the Westminster Professional Language Centre.

Six common scam call tricks


Dr Breen analysed recordings and transcripts of real-life scam phone calls and discovered six key tricks fraudsters use to gain your trust.

1. Seem to know you - the con artist will use snippets of information about you that they've gathered from different sources to sound like they are familiar with you and know what they are talking about.

2. Use apologetic language - they will attempt to create a false balance of power by apologising for taking up your time so that you feel sympathy for them.

3. Layers of authenticity - they will remain patient as they seemingly build up authenticity until they have convinced you they are legitimate.

4. Impersonate an authority figure - criminals will pretend to be someone in authority such as a police officer or fraud detection manager.

5. Welcome scepticism - if you are dubious they will turn that to their advantage by welcoming it and acknowledging your concerns about being security conscious.

6. Switch tempo - con artists will increase or decrease the pressure by creating a false sense of urgency or using understanding language.

Would you fall for them?

Reading through those tricks you may think you wouldn't fall for them, but a survey by FFA UK's Take Five campaign suggests otherwise.

It looked at the factors that make us more likely to trust a stranger over the phone and asked people to rank trust factors. The top three results were all tricks used by criminals.

The most common factor that makes us trust someone over the phone is 'sounding like a nice person' followed by 'sounding like they know what they're talking about', and almost a third listed 'offering to help with a problem'.

Most of the people surveyed said they were cautious of trusting strangers without meeting them, and a third of people said they never trust anyone on the phone. But fraudsters are prepared for our scepticism.

Dr Breen found that scammers used the 'patterns of trust' outlined above to build up an appearance that they were legitimate and get around our mistrust by mimicking the kinds of people we tend to believe.

"Tackling financial fraud is a priority for every bank and each one continuously invests in advanced security systems to protect their customers," says Katy Worobec, director of FFA UK. "However, as this research confirms, fraudsters use sophisticated methods in an attempt to circumvent these when targeting victims.

"While the payments industry stops six in every £10 of attempted fraud, it cannot solve the problem alone. Criminals try to take advantage of our instinctive willingness to accept someone at their word."

You can protect yourself from financial fraud by taking a moment to step back and think whether a phone call really seems genuine.

"We are asking everyone to take five - to take that moment - to pause and think before they respond to any financial requests and share any personal or financial details."

(1st September 2017)


MAY 2017


SERIOUS FRAUD OFFICE WARNS OF £120m PENSION SCAM
(The Guardian, dated 27th May 2017 author Rupert Jones)

Full article [Option 1]:

www.theguardian.com/money/2017/may/27/pensions-scam-self-storage-serious-fraud-office-warning

Retirees have been persuaded to switch all their cash into schemes involving self-storage facilities and there are fears they may have lost huge sums

Fears are growing that large numbers of people may have lost huge sums of money after investing their retirement pots in - of all things - self-storage units. The Serious Fraud Office this week launched an investigation into storage unit investment schemes, and revealed that more than £120m has been poured into them. But could that just be the tip of the iceberg?

One man was persuaded to transfer almost £370,000 out of his workplace pension and put it all into one such scheme supposedly offering an 8%-12% return. The Pensions Ombudsman, which looked at his case, said the "blameless" man had switched out of the "secure and generous" NHS pension scheme and may have lost all his money as a result. Others were lured in with claims that they could more than double their money in just six years.

Many of us have used a self-storage facility at some point - perhaps to temporarily stash our belongings when moving home. But what most people probably don't realise is that these units (also known as storage pods) have been touted as a wonder investment with double-digit returns. Many people appear to have lost some, or all, of their retirement savings after falling for the spiel of firms flogging dodgy schemes.

The SFO says it is probing several, including Capita Oak Pension and Henley Retirement Benefit, plus some schemes that invested in other products. It adds that more than 1,000 individual investors are thought to be affected by the alleged fraud, though it presumably thinks the number could be higher as it is asking people who have paid into these schemes between 2011 and 2017 to complete a questionnaire available on its website.

One brochure, issued by a property investment company, boasted of a 14% average annual yield

Kate Smith, head of pensions at insurer Aegon, says the SFO probe "is a timely reminder that unregulated unusual investments at home or abroad come with a high risk that people could lose all their hard-earned pension and other savings". She adds that it is possible that thousands more people may find they have lost money, too.

"Pension liberation" scams - where people are persuaded to transfer or cash in their pension pots and put the money into often exotic-sounding investments - have been around for years, but there has been a surge in activity since April 2015 when the government introduced reforms giving over-55s more freedom in terms of what they can do with their retirement cash.

Storage units on UK industrial estates might not have the exotic allure of hotel rooms in the Caribbean and palm oil plantations in Asia, but perhaps that was their selling point. Marketing tended to highlight how this was a profitable and growing industry.

One glossy brochure seen by Guardian Money offered the chance to buy individual units from £3,750-£30,000 said to be located in the north-west of England. The investor would buy the unit on a long-term lease from Store First Limited, and then sublet it to a management company which would subsequently rent it out.

The brochure, issued by a property investment company, boasted of a "14% average annual yield" and claimed that when capital growth and income were combined, the "forecast net return" over six years for someone investing £11,250 would be £12,180, "or over 108%" - equating to a total return of £23,430.

In December 2014, the Pensions Ombudsman published its decision in the case of "Mr X" who was persuaded to transfer his entire future pension - £367,601 - from the NHS Scotland scheme into Capita Oak. The ruling stated that Mr X was told his money would be invested in "Storefirst Limited" (sic), "a large self-storage firm in the north of England". It was offering a 8%-12% return "and therefore it seemed a good investment". He later discovered that he couldn't get his money out.

The ombudsman said Mr X may well have been "duped" out of his entire pension, and it is not known whether he ever recovered any of his money.

In April 2015 the ombudsman published two decisions relating to a man called Joseph Winning, who transferred £52,401 in pension cash from Scottish Widows and Legal & General to Capita Oak. Winning's money had apparently been invested in Store First storage pods, the rulings said.

Things don't look good for Mr X or Winning (and doubtless others) because the two companies that acted as trustees to Capita Oak and Henley Retirement were wound up by the high court in July 2015. This was after an official investigation found that they were involved in a venture where people were cold called and persuaded to transfer their pensions "on the basis of misrepresentations made" concerning returns. The investigation found that the only investments offered to the public were storage pods marketed for sale by Store First, which paid commissions of up to 46% to another company which was part of the overall scheme.

It's all been quite frustrating for the Self Storage Association UK, which describes itself as the main trade body for the industry. Its boss Rennie Schafer says investment companies have been aggressively marketing these unregulated schemes to small investors "who are less informed of their perils," adding: "The idea of breaking it up into little pieces and selling it off is not how self-storage works."

Store First, based near Burnley, told us: "The SFO investigation is not against Store First or its product of storage pods, but against the schemes named … Store First is in no way connected with the running of any pension scheme being investigated by the SFO or, indeed, any scheme. In addition, Store First does not carry out any direct sales activity, and all sales are made by third party intermediaries."

The company added it had "no connection whatsoever" with any financial advice these schemes receive or give, or to their ongoing administration.


SMISHING FRAUD ALERT
(Action Fraud, dated 26th May 2017)
www.actionfraud.police.uk

Smishing - the term used for SMS phishing - is an activity which enables criminals to steal victims' money or identity, or both, as a result of a response to a text message. Smishing uses your mobile phone (either a smartphone or traditional non-internet connected handset) to manipulate innocent people into taking various actions which can lead to being defrauded.

The National Fraud Intelligence Bureau has received information that fraudsters are targeting victims via text message, purporting to be from their credit card provider, stating a transaction has been approved on their credit card.

The text message further states to confirm if the transaction is genuine by replying 'Y' for Yes or 'N' for No.

Through this method the fraudster would receive confirmation of the victim's active telephone number and would be able to engage further by asking for the victim's credit card details, CVV number (the three digits on the back of your bank card) and/or other personal information.

Protect yourself:

- Always check the validity of the text message by contacting your credit card provider through the number provided at the back of the card or on the credit card/bank statement.

- Beware of cold calls purporting to be from banks and/or credit card providers.

- If the phone call from the bank seems suspicious, hang up the phone and wait for 10 minutes before calling the bank back. Again, refer to the number at the back of the card or on the bank statement in order to contact your bank.

If you have been a victim of fraud or cyber crime, please report it to Action Fraud at http://www.actionfraud.police.uk/ or alternatively by calling 0300 123 2040

(1st June 2017)


RANSOMWARE CYBER ATTACK
(Action Fraud, dated 15th May 2017)
www.actionfraud.police.uk

Following the ransomware cyber attack on Friday 12 May which affected the NHS and is believed to have affected other organisations globally, the City of London Police's National Fraud Intelligence Bureau has issued an alert urging both individuals and businesses to follow protection advice immediately and in the coming days.

Ransomware is a form of malicious software (Malware) that enables cyber criminals to remotely lock down files on your computer or mobile device. Criminals will use ransomware to extort money from you (a ransom), before they restore access to your files. There are many ways that ransomware can infect your device, whether it be a link to a malicious website in an unsolicited email, or through a security vulnerability in a piece of software you use.

Key Protect messages for businesses to protect themselves from ransomware:

- Install system and application updates on all devices as soon as they become available.

- Install anti-virus software on all devices and keep it updated.

- Create regular backups of your important files to a device that isn't left connected to your network as any malware infection could spread to that too.


The National Cyber Security Centre's technical guidance includes specific software patches to use that will prevent uninfected computers on your network from becoming infected with the "WannaCry" Ransomware: https://www.ncsc.gov.uk/guidance/ransomware-latest-ncsc-guidance

For additional in-depth technical guidance on how to protect your organisation from ransomware, details can be found here: https://www.ncsc.gov.uk/guidance/protecting-your-organisation-ransomware

Key Protect advice for individuals:

- Install system and application updates on all devices as soon as they become available.

- Install anti-virus software on all devices and keep it updated.

- Create regular backups of your important files to a device (such as an external hard drive or memory stick) that isn't left connected to your computer as any malware infection could spread to that too.

- Only install apps from official app stores, such as Google's Play Store, or Apple's App Store as they offer better levels of protection than some 3rd party stores. Jailbreaking, rooting, or disabling any of the default security features of your device will make it more susceptible to malware infections.


Phishing/smishing

Fraudsters may exploit this high profile incident and use it as part of phishing/smishing campaigns. We urge people to be cautious if they receive any unsolicited communications from the NHS. The protect advice for that is the following:

- An email address can be spoofed. Don't open attachments or click on the links within any unsolicited emails you receive, and never respond to emails that ask for your personal or financial details.

- The sender's name and number in a text message can be spoofed, so even if the message appears to be from an organisation you know of, you should still exercise caution, particularly if the texts are asking you to click on a link or call a number.

Don't disclose your personal or financial details during a cold call, and remember that the police and banks will never ring you and ask you to verify your PIN, withdraw your cash, or transfer your money to another "safe" account.

If you have been a victim of fraud or cyber crime, please report it to Action Fraud at http://www.actionfraud.police.uk

(1st June 2017)


TECH-SUPPORT SCAMMERS USING WANNACRY ATTACK TO LURE VICTIMS
(Action Fraud via Essex Community Messaging, dated 23rd May 2017)
www.actionfraud.police.uk

Action Fraud has received the first reports of Tech-Support scammers claiming to be from Microsoft who are taking advantage of the global Wanna Cry ransomware attack.

One victim fell for the scam after calling a 'help' number advertised on a pop up window. The window which wouldn't close said the victim had been affected by WannaCry Ransomware.

The victim granted the fraudsters remote access to their PC after being convinced there wasn't sufficient anti-virus protection. The fraudsters then installed Windows Malicious Software Removal Tool,which is actually free, and took £320 as payment.

It is important to remember that Microsoft's error and warning messages on your PC will never include a phone number. Additionally Microsoft will never proactively reach out to you to provide unsolicited PC or technical support.

Any communication they have with you must be initiated by you.

PROTECTION / PREVENTION ADVICE

How to protect yourself:

- Don't call numbers from pop-up messages.
- Never allow remote access to your computer.
- Always be wary of unsolicited calls. If you're unsure of a caller's identity, hang up.
- Never divulge passwords or pin numbers.
- Microsoft or someone on their behalf will never call you.

If you believe you have already been a victim

- Get your computer checked for any additional programmes or software that may have been installed.

-Contact your bank to stop any further payments being taken

If you have been a victim of fraud or cyber crime, please report it to Action Fraud at http://www.actionfraud.police.uk

(1st June 2017)


PROPERTY TITLE FRAUD : SCAMMERS TARGETING EMPTY HOMES
(BT News, dated 14th May 2017)

Full article [Option 1]:

https://home.bt.com/lifestyle/money/mortgages-bills/property-title-fraud-scammers-targeting-empty-homes-11364179851756

Criminal gangs are using empty homes to take out loans and mortgages, the National Fraud Intelligence Bureau (NFIB) is warning.

Evidence has been unconvered to suggest criminals are choosing empty homes by scouring obituaries and the Land Registry.

Once an empty property is identified, the scammers organise fake documentation in order to apply for finance linked to the address.

The fraudsters will register on the electoral roll and with utility providers in order to build up the required proof to pass through all the legal hurdles.

This criminal group works until it has met all the criteria needed to get funds released, while the homeowner is none the wiser and left saddled with the debt against the property.

Are you at risk?

The NFIB says the main homeowners at risk include:

- Owners that are absent from their property
- Buy-to-let landlords who may have empty properties
- Owners that are living abroad with an empty property in the UK
- Elderly people that don't live in their properties for reasons such as long term hospital or residential care

How to protect yourself

There are certain things you can do to protect yourself from this sort of devious fraud.

Make sure your property is registered with the Land Registry. Doing this will mean you will be compensated for financial loss if you do fall victim to mortgage fraud.

It's also important to keep your contact information up to date once registered so you can be easily contacted if something suspicious is spotted.

It's also a good idea to sign up for Land Registry's free Property Alert service. If someone tries to take out a mortgage on a home you own you'll receive an alert.

You can then judge whether the activity is suspicious and seek further advice.

You should also check your credit report regularly as this logs credit searches linked to addresses in your name, so you can spot suspicious loans linked to your home.

Registering Property : www.gov.uk/registering-land-or-property-with-land-registry/when-you-must-register

Property Alert : www.gov.uk/guidance/property-alert

Where to get help

If you're concerned that your home is being used to fraudulently leverage finance call the Land Registry on its Property Fraud Line on 0300 006 7030.

The line is open from 8.30am to 5pm Monday to Friday and you can talk to specially trained staff who can provide practical guidance about what to do next.

(1st June 2017)


TOURISTS TARGETED BY FAKE POLICE OFFICERS
(Action Fraud, dated 4th May 2017)
www.actionfraud.police.uk

There has been a series of recent incidents reported to Action Fraud where a lone fraudster has approached victims whom they believe to be unfamiliar with the local area. They make an excuse to talk to the victims such as enquiring about directions or offering a recommendation for a good hotel.

After this interaction, several other fraudsters will intervene purporting to be police officers in plain clothes and will sometimes present false identification as proof. The fake officers will then give a reason to examine the victims' wallet, purse or personal items. They may also examine the first fraudster's items or try to tell victims that the first fraudster is suspicious in order to gain victim trust and appear more realistic in their guise.

After all the fake police 'checks' are finished, victims have then reported being handed back their personal items only to later realise that a quantity of money or valuables were missing.

How to protect yourself:

- If an individual claims to be a police officer ask for their name and rank, force, and examine any identification presented; this is always good practice but especially important if they are not wearing a uniform.

- The Police will never ask for your passwords or PIN details. Do not give this information to anyone.

- The Police will never request that you withdraw/transfer any money to them or to a 'safe' account.

If you have been affected by this, or any other fraud, report it to Action Fraud by visiting www.actionfraud.police.uk

(1st June 2017)


NEW SUPERMARKET ANNIVERSARY VOUCHER SCAM
(BT News, dated 9th May 2017)

Full article [Option 1]:

http://home.bt.com/lifestyle/money/money-tips/new-aldi-65-voucher-scam-how-to-tell-if-a-coupon-is-fake-11364167113171

A new scam using the lure of a £75 anniversary voucher for Sainsbury's or Morrisons is doing the rounds. It's the latest fraud involving supermarket vouchers designed to rip you off.

There are several fake supermarket vouchers scams being operated by fraudsters, purporting to be from the of the UK's biggest chains.

These fake vouchers have been frequently appearing on Facebook, Twitter as well as messenger services like WhatsApp, text and email.

Here's what to watch out for and how to stay safe.

Sainsbury's and Morrisons £75 anniversary voucher scam

Facebook posts have been cropping up claiming to offer a free £75 voucher for either Sainsbury's or Morrisons as part of their anniversary celebrations.

The text used can vary, but the offer is generally along the lines of: "Get a FREE £75 Morrisons Coupon to celebrate 117th Anniversary!". We've seen some with different anniversary years mentioned.

The Sainsbury's versions read much the same.

In order to claim your 'free' voucher, you are redirected to an external site where you are asked to share your details. However, there is no prize and your details will be used to inundate you with spam messages.

Avoid this scam, and definitely don't share it with your friends on Facebook.

Sainsbury's £250 WhatsApp voucher scam

Sainsbury's shoppers are also being targeted with a £250 voucher scam.

Customers are being asked to do a survey through WhatsApp in exchange for £250. They're then asked to send the survey on to 10 other users.

Sainsbury's £100 voucher scam

Be wary of a similar Sainsbury's scam that's being widely shared on Facebook.

Customers have taken to Sainsbury's official Facebook page to ask whether messages they've received claiming to offer a £100 Sainsbury's gift card are genuine.

We asked Sainsbury's about the issue and it confirmed that it is aware of the £100 gift card voucher offer being circulated and confirmed that these were not genuine.

A spokesperson for the supermarket told loveMONEY it's advising anyone that receives a message offering the £100 gift card to delete it and not click on any of the links.

Tesco voucher scam

Scammers targeting Tesco shoppers are using a slightly different approach.

At the moment there is a scam email promising £500 worth of Tesco vouchers after answering a survey on their phone.

However, those that complete the questionnaire are finding they've been signed up to a premium rate text service, which charges them to be entered into a monthly draw.

Aldi fake £65 coupon scam

Scammers are trying to trick Aldi shoppers into handing over their details in return for a "free £65 coupon" that can be redeemed in-store.

The victims are asked to click on a link, which takes them to a website where they're asked to enter personal information before they can print off the voucher.

The offer is of course fake and the fraudsters will then use the information to commit ID fraud.

Victims are also asked to share the voucher on social media, thus keeping the scam going. We've seen a number of the fake vouchers on both Twitter and Facebook.

Aldi has taken to Twitter to say it is aware of the hoax voucher and is investigating the matter.

It also stressed it would never ask you to share your personal details via a website in order to redeem a voucher.

If someone sends you a Facebook message or email suggesting you could get an Aldi voucher, treat it with caution and don't automatically click on the link.

If the offer is too good to be true it probably is. Also, check for spelling mistakes and use your common sense about the details it is asking you to share.

How to get genuine supermarket discounts and vouchers

Not all supermarket promotions are a scam.

You can use cashback websites like Quidco and TopCashback as well as websites like Vouchercloud and VoucherCodes.co.uk, which list genuine voucher codes and discounts.

You should also keep an eye on official Facebook and Twitter feeds for genuine offers from the supermarkets and other retailers.

How to keep safe

The company really doesn't matter. Whatever the name, and whether the too good to be true 'promotion' is on Facebook, WhatsApp or via email, the whole thing is a swindle.

They have nothing to do with the stores and, of course, there are no vouchers.

Ther best thing to do is delete the message and not click on any of the links.

(1st June 2017)


AIRBNB SCAM ALERT
(The Sun, dated 12th May 2017 author Brittany Vonow)

Full article [Option 1]:

www.thesun.co.uk/news/3543284/brit-tourist-scammed-airbnb-amsterdam/

A woman has spoken of her horror after she was scammed out of £915 for a holiday getaway through Airbnb.

Ms Brown said she had never used the online rental marketplace before, but was delighted when she found the perfect spot to celebrate her boyfriend's birthday in Amsterdam in October this year.

After contacting the Airbnb host, the 20-year-old said she was asked to transfer the £915 payment to a bank account for the three-night stay at the four bedroom home.

But after receiving a confirmation email, the young woman called Airbnb to confirm - only to be told the email address was not an official address.

Quickly calling her bank Santander in a desperate attempt to stop the payment from going through, Georgia has now slammed Airbnb for not sharing enough warnings about scammers on the site.

The house was advertised on Airbnb, asking for people to transfer money through to the personal account, rather than through the online platform.

She told The Sun Online: "When I signed up, there were not terms and conditions that told you about the site.

"I was reading through the description of the place and it said to book, please send through a query through this email address - it all seemed really friendly and he said they had availability."

Checking the accommodation with the friends she would be travelling with, Ms Brown got the contact details for the owner, confirmed the dates and paid the money.

She said: "Because I hadn't used it before, I presumed people advertised on there and then you make payments to them directly.

"After I paid them, I thought, I'll just check and I went on the Airbnb website. It took me a good half an hour to find anything about payments and it said that they should all be made through the website.

"I called my bank straight away and explained, and they said they'll do everything we can."

But the young legal secretary said she was disgusted by Airbnb's response, saying: "All I got was a 'Oh no, Ms Brown, you shouldn't have done that'.

"They shouldn't have had the advert on their website in the first place."

She said the advertisement told people looking at the rental that they would need to bank transfer the funds to the agent's account, saying that Airbnb should police the advertisements better.

The young Essex woman is now fighting to get her money back, with the scammer since contacting her and asking for more details - leaving her hopeful that they still have not received the money and she will be able to get it back.

She said: "I want to make more people aware - Air BnB is massively advertised, they want everyone to think their website is the safest.

"In fact, by not having warnings about scammers they are putting a lot of people at risk.

"I'm not stupid, I can spot things like this but it looked so legitimate.

"Air BnB preach about how they do all of these checks on the hosts, then how can something like this happen."

The Sun Online has since tried to contact the host but the number was disconnected.

An Airbnb spokesman said: "Fake or misrepresented listings have no place in our community and our team is working hard to constantly strengthen our defenses and stay ahead of fraudsters.

"We just introduced new security tools to help tackle fake listings and educate our community about staying safe online, including more warnings.

"The most important thing to know is as long as you stay on the airbnb.com platform and only send money through Airbnb, you will always be protected. There have been over 160 million guest arrivals on on Airbnb and bad experiences are extremely rare."

The listing has since been removed from Airbnb.

A Santander bank spokesperson said: "Our customer, Ms Brown found a holiday property on AirBnB and sent an email to somebody she believed was the owner of the property.

"A return email was received purportedly from AirBnB confirming beneficiary account details. Miss Brown then sent a payment of £913 to the bank account provided by the third party.

"She has since discovered this is a scam and funds were not sent to AirBnB.

"Santander were in contact with Ms Brown from the day of the transaction to start the process to try and recover the funds from the recipient bank. However, as the funds were sent overseas it can take up to 90 days to get a response."

(1st June 2017)


MOT FRAUD ADVICE
(Essex Police Community Messaging, dated 9th May 2017)

Note : This advice applies to the whole of the UK, not just Essex !!!

Following DVSA clarification used car buyers are urged to check MOT details online - the paper certificate is too susceptible to forgery.

Following a clarification by the Driver and Vehicle Standards Agency (DVSA), we are urging used car buyers to check MOT details online, rather than relying on the paper certificate.

In response to a Freedom of Information request the DVSA's MOT Scheme Management Team confirmed: "…the view of DVSA is that the test certificate is a receipt style certificate and it is the database holds the authorative record ,DVSA advice is that if a customer has concerns to the validity of the certificate or wishes to, they can confirm the details via the gov.uk website."

"This important clarification should signal a change in consumer best practice. Most car buyers accept the paper MOT at face value, but 25 years of investigating cloned and clocked vehicles has taught us not to be so trusting. The first thing we do with any claim

is check the MOT on the primary source, the government website. It is a great free service and you can see at a glance the recorded mileages going back years and any advisory notes on the condition of the vehicle.

Any discrepancy between this data and the paper certificate should set alarm bells ringing. Vehicle crime has become highly sophisticated but when it comes to paper MOTs a lot of the tactics are rudimentary, commonly simple photocopies with the mileage altered.

In one recent case, someone had downloaded the sample certificate from the government website, filled it in and passed it off as genuine. They should at least put a watermark on that because they've inadvertently provided a handy resource for fraudsters."


MoT history - https://www.gov.uk/check-mot-history
MoT (current) & tax - https://www.gov.uk/check-vehicle-tax

(1st June 2017)


UK BANK LAUNCHES "GREAT BRITISH FRAUD FIGHTBACK" TO HELP TACKLE ONLINE CRIME
(International Business Times, dated 8th May 2017 author Pramod Sharma)

Full article [Option 1]:

www.ibtimes.co.uk/barclays-launches-great-british-fraud-fightback-initiative-help-tackle-online-crime-1620292

Leading UK bank Barclays is launching a £10m nationwide initiative, dubbed the 'Great British Fraud Fightback', aimed at spreading awareness about financial fraud risks. The bank hopes to boost the protection of digital identities of Britons through the dissemination of information, tools and tips.

The digital safety drive launched on Monday (8 May) marks the first attempt by a high street bank to enable their customers to assume full control over how their debit cards would operate. Customers would be able to use the Barclays mobile banking app to instantly enable or disable remote purchases and set their daily ATM withdrawal limits. Branch employees will also have access to a new police hotline to be used in instances when customers are scammed.

The bank will also extend its awareness campaign beyond its customer network. UK residents will be able to assess their own digital safety level online through the Barclays website.

Additionally, the bank will launch a £10m multimedia nationwide campaign to spread awareness about fraud related risks.

"Fraud is often wrongly described as an invisible crime, but the effects are no less damaging to people's lives" said Ashok Vaswani, chief executive of Barclays UK.

"As a society our confidence in using digital technology to shop, pay our bills and connect with others has grown faster than our knowledge of how to do so safely. This has created a 'digital safety gap' which is being exploited by criminals."

"I believe the need to fight fraud has now become a national resilience issue, and we all need to boost our digital safety levels in order to close the gap."

The initiative comes on the heels of the Digital Safety Index survey launched on 8 May. The survey revealed that London, Bristol and Birmingham are the "scam capitals" of the UK with the largest gaps in public resilience. The survey also pointed out that only 17% of people in the UK can correctly identify basic digital threats, such as scams posted on various social media platforms.

London in particular is a city favoured by cybercriminals, as it ranked the lowest on the digital safety scale with a score of 5.89 on a scale of 1 to 10. Moreover, the City also ranks with Bristol as one of the cities with the largest proportion of the population experiencing at least one type of online fraud.

In a surprising revelation, the survey further pointed out that young people between 25 and 34 years of age were twice as likely to be victims of online fraud as older generations. The figure dispels the commonly held notion that older people are the most vulnerable victims of cybercriminals.

Instead, young Londoners possessing a postgraduate degree or above have been identified as the most vulnerable group.

"It's alarming that younger people and those in cities are more at risk", remarked Barclays head of digital safety, Laura Flack.

"We need to super-charge our digital know-how and talk to our friends and relatives to prevent these crimes from happening."

(1st June 2017)


HACKERS USING "CYBERSQUATTING" TACTICS TO SPOOF WEBSITES OF UK's BIGGEST BANKS
(International Business Times, dated 3rd May 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/hackers-using-cybersquatting-tactics-spoof-websites-uks-biggest-banks-1619769

Hundreds of fake website domains are being used by hackers to mimic some of the most popular banking services in the UK in an attempt to trick victims into handing over personal details and sensitive login credentials, a cybersecurity firm said this week (2 May).

DomainTools, a US company that monitors trends on the internet by analysing IP addresses and Whois records, warned that a quick four-day peek into global web traffic showed a number of top high street UK banks were being targeted in the scheme.

From 27-31 March, researchers monitored financial firms and a selection of US-based retailers and uncovered 324 separate websites posing as services including Barclays, HSBC and Lloyds.

DomainTools found 110 fake HSBC websites, 22 for Lloyds, 74 for Barclays and 66 posing as NatWest.

Web addresses included natwesti[.]com, lloydstbs[.]com and barclaysbank-plc[.]co.uk, standardchartered-bank[.]com and hsbcgrp[.]com.

Upon analysis, the domains were "closely connected" to websites already blacklisted for spam, malware and phishing. For most consumers, this means mainstream web browsers will likely block these automatically.

The hackers are using a tactic known as "cybersquatting", DomainTools said in a blog post. This is when website domains are cheaply purchased and then designed to include brand names, trademarked logos and only slight variations of the proper internet URLs.

No banks were legitimately compromised in the attacks.

The technique is traditionally deployed by cybercriminals to help conduct widespread phishing campaigns to scoop up users' login details and passwords.

However, by redirecting a web user to a fraudulent website it can also be used in pay-per-click ad scams or even drive-by ransomware attacks, the firm warned.

In the retail realm, the DomainTools research team uncovered web addresses impersonating a variety of top US-based retailers including Amazon, Apple, Best Buy, Nike and Walmart. Fake domains included auth-apple-id[.]com and amazonhome[.]club.

"Imitation has long been thought to be the sincerest form of flattery, but not when it comes to domains," said Kyle Wilhoit, senior security researcher at DomainTools.

He continued: "While domain squatters of the past were mostly trying to profit from the domain itself, these days they're often sophisticated cybercriminals using the spoofed domain names for more malicious endeavours.

"Many simply add a letter to a brand name while others will add an entire word such as 'login' to either side of a brand name. Users should remember to carefully inspect every domain they are clicking on or entering in their browser. Also, ensure you are watching redirects.

"Brands can and should start monitoring for fraudulent domain name registrations and defensively register their own typo variants. It is better to lock down typo domains than to leave them available to someone else. This is a relatively cheap insurance policy."

This is a technique famously used by US president Donald Trump, who regularly purchases website domains which are either critical of him or may be needed in the future. In the 18 months leading up to his January 2017 inauguration he bought a selection of 500 new website addresses.

These included DonaldTrumpSucks.com, TrumpIsFired.com and TrumpScam.org.

Top tips for consumers to avoid falling victim to spoofed websites:


- Check for extra added letters in the domain, such as Yahooo[.]com

- Check for dashes in the domain name, such as Domain-tools[.]com

- Look out for ''rn'' disguised as an ''m'', such as modem.com versus modern.com

- Check for reversed letters, such as Domiantools[.]com

- A plural or singular form of the domain, such as Domaintool[.]com

(1st June 2017)


NEARLY 7000 NATWEST CUSTOMERS FALL VICTIM TO SCAMS
(The Scotsman, dated 18th April 2017 author Martin Flanagan)

Full article [Option 1]:

www.scotsman.com/business/companies/financial/nearly-7-000-natwest-customers-fall-victim-to-scams-1-4421888

Royal Bank of Scotland-owned NatWest has revealed that nearly 7,000 customers have become the victims of fraudsters since the start of 2016.

The lender, which under RBS chief executive Ross McEwan has been striving to make itself a "safer, simpler bank", says "goods not received" cases - when someone pays for items or services that are never delivered - were the most common scam.

These account for 2,073 cases seen by the bank - or about three in ten scams carried out against NatWest customers.

Les Matheson, NatWest chief executive of personal and business banking, said: "We know scammers can be convincing and they work round the clock to persuade their victims to part with money.

"We have hundreds of people working 24/7 to detect and stop fraud, but it's very important that, as individuals and businesses, we know how to protect ourselves."

The lender said other hoaxes included "advance fee fraud", where conmen ask customers for an advance or upfront payments for goods, services and/or financial gains that do not materialise.

There are also "spoof payment requests", where people receive a bogus official request "purporting to be from someone senior in a company or a client, for payment or draw down of funds".

NatWest said business customers also continued to be defrauded for big sums via invoice fraud, when a firm receives an invoice that appears to be from a trusted trading partner but is actually fake.

(1st June 2017)


ROBOCALL SCAMS ARE COSTING US BILLIONS
(NBC News, dated 20th April 2017 author Nicola Spector)

Full article [Option 1]:

www.nbcnews.com/tech/tech-news/robocall-scams-are-costing-us-billions-millennials-are-prime-target-n748901

Note : Yes, I know, another USA article about a scam.


We may be getting more technologically advanced every day, but we still haven't outgrown (or outsmarted) the age-old nuisance of robocalls. In fact, robocalling is more rampant than ever - and scamming Americans out of billions.

A new study by Truecaller found that in 2016 roughly 22.1 million Americans lost a total of $9.5 billion in robocall scams - far more than in 2015 - with the average loss per person at roughly $430. In 2015, 27 million people reported scams to Truecaller, and though the number of reports was higher than in 2016, the average loss was much lower, at about $274, said Tom Hsieh, VP of growth and partnerships at Truecaller.

Additionally, Hiya, an app that provides caller ID and spam protection services, recorded a 130 percent growth in fraudulent robocalls since 2015.

Millennials Take the Bait

Truecaller determined that millennials are now "the most targeted group," noted Hsieh, adding that of persons aged 18-34, men reported far more scam incidents than women (33 percent of millennial men versus 11 percent of millennial women).

Hsieh and his team were surprised to see millennials falling for robocall scams. Traditionally, it's thought that elderly people - attached to their landlines and less prone to doing research online - were the prime targets.

"Our hypothesis prior to conducting the study was that millennials would be less susceptible, being tech savvy - but the victims run the full gamut," said Hsieh. "Part of that I think is due to the nature of the scam itself. These scams prey on fear that all ages have. They also appeal to the good nature of people. During the Napa Valley earthquake last year, we saw a spike in scam calls pretending to be from local charity organizations."

Alex Quilici, the CEO of YouMail, which provides voicemail and robocall blocking services, said that he knows a few people who fell for the Microsoft robocall scam that started in 2014 and got so bad, Microsoft itself addressed it.

"People thought it was real, that their computer did have a virus because of course, their computer was running slow," said Quilici. "Also, the scam websites looked just like Microsoft's, just with a different URL."

Robocalling Has Evolved to Mobile, Just Like You


Once the pesky province of landlines, robocalls have made the shift to mobile, just like most everyone else.

"Like the attractiveness of a healthy shark to hungry remora, robocalls and fraudulent phone scams were in many respects inevitable follow-ons to a global commerce shift to digital mobile devices," said Jason Flaks, senior director of product and engineering at mobile advertising analytics company, Marchex.

Plenty of millennials have eliminated or never had a landline, meaning they're relying wholly on a mobile number, entering it on countless forms, possibly even on their own website or social media pages.

"If you sell your used bike on Craigslist and you put your phone number on there, you have between 12 and 24 hours before you start to get robocalls," said Jan Volzke, VP, data at Hiya. "Same goes if you put your number in a Facebook or Twitter post."

And if your number is San Francisco-based, chances are your robocaller is also San Francisco-based - or so he tries to trick you into assuming.

"If you're in a 415 area code, they'll use that area code to target you," said Volzke. "The [scam artists] use automated platforms to fire out millions of calls from anywhere, either in the U.S or overseas, and all you will see is a local number."

Not Just Scams, But a Whole Lot of Spam

Volzke told NBC News that Hiya detected 10.2 billion robocalls in the U.S in 2016, and that at least 10 percent (100 million calls per month) were unwanted spam calls. Dear mother of dial tones, why on earth are companies still able to do this to us?

The answer is two-fold: Firstly, it's really, really cheap to do it; and secondly, once in a blue moon it actually works.

"The business strategy of companies using this technique is similar to email spammers," said Bob Bentz, president of Advanced Telecom Services. "Since calls are nearly free over the internet, the businesses are hoping for that one rare response that will earn them a profit. I'm sure it is working or they wouldn't be continuing to do it."

Some Robocalls Serve a Good Purpose


The very word "robocall" may send chills of irritation down your spine, but it's important to remember that not all robocalls are bad. In fact, some are genuinely useful.

"Many robocalls, or calls from an auto-dialer, come from legitimate businesses," said Jim Gustke, robocall expert at Ooma. "A good example is an appointment reminder from your doctor's or dentist's office."

And then there's the perspective of the small business that may depend on robocalling services because they don't have enough people to make all the necessary outbound calls.

"Robocalls make outbound telemarketing and debt collection efforts easier for many small businesses who are short-staffed," said Niquenya Collins, president and CEO of Building Bridges Consulting. "Rather than expending human resources, computerized autodialers do the job of calling potential or existing customers to deliver updates and reminders, gauge interest in new product or service offers, or simply to save time by predetermining if the target party actually picks up the phone before the human representative takes over the call."

Useful as they can be for the business on a budget, Collins does see robocalling being abused or misused by businesses.

"Robocalls only work when there is an existing relationship with the customer and should not be used as a cold-calling strategy," said Collins, adding that companies should check Do No Call lists. "Unfortunately, many small businesses on shoestring budgets and some unscrupulous companies fail to vet their purchased lead lists against these registries."

How to Stay Safe, and What New Scams We Can Expect

If you're receiving robocalls from a company you give business to (like a pharmacy or a hair salon), but don't want to, you should be able to opt out. If you're being targeted by scam or spam artists, you'll need to do more, including flat out not answering numbers from unknown callers.

"If you're really worried about robocalls, do not ever answer an unknown number - let it go to voicemail. You may also want to find tools (such as apps) that prevent robocalls," said YouMail's Quilici. "Over time, the carriers, infrastructure, and regulations will get better, but it will take time."

Unfortunately, you may want to brace yourselves for more fraudulent robocalls. 'Tis the season for robocallers posing as the IRS.

"This time of year we see a spike in IRS type scamming," said Hsieh of Truecaller. "If you really suspect it's the IRS, ask for an official response in the mail - that is how the IRS [reaches people], through physical mail."

Hsieh also expects that given the new administration's crackdown on immigrants, there will be robocalling scams that will "target the immigrant population." So, again, keep in mind that a government agency would first contact you by mail.

(1st June 2017)


FRAUDSTERS NEED JUST THREE DETAILS TO STEAL YOUR IDENTITY - AND MOST OF IT CAN BE FOUND ON FACEBOOK
(The Telegraph, dated 13th April 2017 author Amelia Murray)

Full article [Option 1]:

www.telegraph.co.uk/money/consumer-affairs/fraudsters-need-just-three-details-steal-identity-and-can-found/

Fraudsters need just three key bits of information to steal your identity and access your accounts, take out loans, credit cards, mobile phones in your name.

All it takes is a name, date of birth and address - and most of this can be found on social media profiles, such as Facebook. And if your settings are not private, this is available for anyone to see.

A third of British adults with online profiles include their full name and date of birth, according to a YouGov survey.

Younger people are even more likely to display this information.

The survey revealed that 48pc of 18 to 24-year-olds divulge this information on social media sites compared to 28pc for those between 35 and 44.

Even if your date of birth isn't displayed, fraudsters will be able to tell if your friends post birthday messages with reference to your age.

"It's not hard to work out," said John Marsden, head of ID and fraud at Equifax, the credit reference agency.

"The date of birth is a crucial part of identification as it's the only detail that never changes. And once it's posted online, it's out there", said Mr Marsden.

Getting hold of your address and stealing your identity


Once fraudsters have your name and date of birth, it's not difficult to track down where you live.

Online directories hold huge quantities of information - from addresses, phone numbers and even a list of your past and present housemates. This can all be pieced together to assume your identity.

Some sites offer a limited number of free searches and will then charge a small fee for premium information.

The next step would be to obtain fake identification documents using your details.

These can be easily ordered online - Telegraph Money discovered one site which promised high quality passports that included security features such as watermarks, microprinting and security threads.

The site claims these would be "no different from the original documents".

The price of a replica passport depends on the country it's purported to be issued from.

A fake British passport costs £550. Those who want an additional bogus driving licence can get both for £720.

A replica US passport is priced at £590.

The site also offers money off for repeat customers. Those who order again will receive a 5pc discount - this increases to 10pc for the third and fourth order, and 15pc when five or more orders are made.

There are also a number of websites that sell imitation utility bills for £25 a time which could also be used in a credit or loan application.

Trial, error and interception


Each provider will require specific information when processing online and face to face applications. It doesn't take long to "crack the system", according to Mr Marsden.

And through trial and error, fraudsters can quickly learn what details are needed so they can go back and reapply.

Once the account is opened, the fraudster will try and intercept the documents or credit cards sent from the bank or other provider to your address.

Many addresses are targeted because of shared mail boxes - such as a set of flats with open access to post.

Protect your date of birth on social media


You can adjust the settings on your Facebook profile so that only you can see your date of birth and other personal details.

"People need to be mindful about their credentials displayed on social media - consumers don't seem to realise how key their date of birth is to their identity," Mr Marsden said.

"Cases of fraud are on the rise, with identity theft representing a major slice of fraudulent activity. More adults in the UK are engaging with social media than ever before, especially on their smartphones, and a high number are readily sharing their personal information on these platforms."

(1st June 2017)


BEWARE OF THIS BANK "SMISHING" SCAM THAT TRICKED VICTI OUT OF £71,000 INHERITANCE
(International Business Times, dated 12th April 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/beware-this-bank-smishing-scam-that-tricked-victim-out-71000-inheritance-1616710

A 38-year-old victim of a banking scam which uses fraudulent text messages has spoken out after digital fraudsters were able to drain tens of thousands of pounds from her account. The technique, known as ''smishing'', is currently in operation in the UK, experts warn.

The culprits are spoofing mobile details to make the SMS messages look like they are being sent from a legitimate source. The texts warn your card has been used in a shop and - if you don't recognise the transaction - ask you call an embedded "fraud prevention" helpline.

Of course, this will transfer your call straight through to the fraudsters, who then pose as a friendly banking representative and ask you to "confirm" your credentials.

If you give them enough information to enter your account, money will quickly be siphoned out as they set up new payees. It's not sophisticated, but it works.

This week, one victim spoke out. Surrey-based Claire Pearson, 38, opened up to ITV's This Morning programme about the scam which targeted her father's inheritance fund of more than £71,000. The target's bank has declined to reimburse the lost money.

"I received the text, but this wasn't unusual as I've had messages from them before," explained Pearson, who is heavily pregnant with her first child. "It said there had been suspicious activity on my account, asked 'do you recognise this transaction?, if not call this number.'"

"I clicked the number and it called through, and the call went on for 30 minutes," she continued, adding: "The man I spoke to was lovely, we built up a rapport and he said they would send me a new card in three days." Pearson said that by the time she became suspicious it was too late.

Santander has effectively closed the case on the basis that Pearson willingly handed over access to her passwords to a third party. A spokesperson said: "We are very sympathetic to customers who are victims of scams and welcome the media's involvement in raising awareness of scams. We investigate all instances of fraud fully, as we have done with this case."

The statement concluded: "When there has been no Santander error and customers have divulged personal, security information, we cannot accept any responsibility for the losses on the account."

It was reportedly able to retrieve roughly £2,000 of funds.

Pearson told ITV: "They reversed one transaction as it was in process when I was on the call, and since then Santander have frozen the remaining receiving accounts and returned the money in them to me. But as far as the bank is concerned the case is closed."

Action Fraud, the UK's internet and advice watchdog, said the aim of smishing scams is to "trick you into thinking you're giving up personal information or making payments with someone you can trust, such as your bank, a government agency or a business or brand name."
'The new phishing'

Harry Wallop, a consumer issues journalist told ITV: "This text message scamming is known as smishing and it is the new phishing. They are spoofing a mobile number, with a message coming in to a string of legitimate texts you've already got from your bank.

"Alarm bells shouldn't necessarily have rung when the text come through - but you should always call the number on the back of your bank card, not a number in a text message. The second alarm bell should have rung when they asked for your password."

According to the UK's Financial Ombudsman there has been roughly 6,000 complaints about disputed banking transactions over the past two years. It said claims are typically decided by taking into account if the victim's bank has made an error - which in this instance was not the case.

###Action Fraud has some top tips on how to stay safe from smishing attacks:

- Don't assume anyone who has sent you an email or text message - or has called your phone or left you a voicemail message - is who they say they are.

- If a phone call or voicemail, email or text message asks you to make a payment, log in to an online account or offers you a deal, be cautious.

- Never call numbers or follow links provided in suspicious texts; find the official website or customer support number using a separate browser and search engine.

(1st June 2017)


CON ARTIST POSING AS MET DETECTIVE CHEATED WOMAN OUT OF THOUSANDS IN LIFE SAVINGS
(London Evening Standard, dated 21st April 2017 author Matt Watts)

Full article [Option 1]:

www.standard.co.uk/news/crime/moment-wouldbe-rapist-is-snared-by-police-captured-in-dramatic-bodycam-footage-a3520096.html

A conman posed as a Met police officer to persuade his victim to hand over thousands of pounds in cash from her life savings.

The scam started when the thief rang a 51-year-old woman at her home in Waltham Forest on Thursday, February 9, telling her she had been a victim of fraud and her identification had been stolen.

Pretending to be a Metropolitan Police detective called James Portman, he told her to hang up the phone, dial 999 and quote a crime reference number, and she would be put back through to him.

In reality, he stayed on the line, meaning she did not speak to a genuine 999 operator.

Having gained her trust, the victim was then given a set of instructions by "DC Portman" and told to visit a bank on Leytonstone High Road to withdraw cash, then a bureau de change in Walthamstow to withdraw Euros and American dollars.

The conman called her again at 6pm and convinced her to hand over the cash and her bank cards as evidence, to a courier who came to her house who claimed he would take the cash to Hammersmith Police Station.

The next day she was made to transfer savings into her current account, then go to a jewellery shop on Old Bond Street to buy a high-end watch which she gave to another courier,

On Monday, 13 February, "DC Portman" told her by phone she must withdraw everything or she could lose her life savings. She was then ordered to buy another watch from a jewellers and hand it to a different courier.

The scam was rumbled when the victim's phone ran out of battery while on the phone to the con artist.

She borrowed a member of public's phone to dial 101, quoting DC Portman's name and the crime reference number she was given, which the operator said was false and there was no DC James Portman in the system.

The victim became suspicious and reported the crime to police.

Police investigating the "courier" scam have now released an image of a man they want to speak to.

Detective Constable James Egley, the investigating officer from the Met's Operation Falcon, said: "These conmen went to extreme lengths to gain the victim's trust to deliberately deceive her out of her hard-earned life-savings.

"We would appeal for anyone who recognises the man in the CCTV to contact us or Crimestoppers.

"People should be aware that the police would never send a courier service to collect items and would never ask for your PIN, bank cards, to withdraw money or to buy expensive items."

Anyone who recognises the man or has any information should call Operation Falcon on 020 7230 8203, Crimestoppers anonymously on 0800 555 111 or tweet @MetCC.

For fraud advice visit www.met.police.uk

(1st June 2017)


TRAVELLERS FACE FINES AFTER HEATHROW "PARKING SCAM"
(London Evening Standard, dated 21st April 2017 author Ben Morgan)

Full article [Option 1]:

www.standard.co.uk/news/london/travellers-face-fines-after-heathrow-parking-scam-a3519966.html

Heathrow travellers were today warned to be vigilant after almost 300 fines were issued on cars stored without permission by a private parking firm.

The penalties were given out over four days at two car parks run by Hillingdon council.

The town hall's trading standards team is now investigating whether one firm is using the car parks to store vehicles while the owners are away.

It is alleged that the owners did not park them and cars were not authorised to be left at the two sites, resulting in parking fines. Scores of parking companies near the airport offer "meet and greet" services, where cars are picked up and stored in a secure compound while the owners are away, for as much as £150 a week.

In photographs of the Yiewsley car park posted online by resident Sarah Harvey vehicles including BMWs, Mercedes and 4x4s have as many as five £60 fixed penalty notices attached to windscreens. Ms Harvey said: "I looked inside a few cars and saw some tickets on the seat that clearly say Terminal 2. It looks like people are being ripped off by the airport parking."

The 275 tickets were handed out in Fairfield Road car park, Yiewsley and Brandville Road car park, West Drayton. The total value of the fines is estimated to be £16,500.

A council spokesman said: "We urge members of the public to make adequate checks with any companies they are considering leaving their cars with, and wherever possible ensure that the facilities and services companies offer meet expectations, particularly with regards to the security of vehicles. We are aware of reports that some vehicles were parked in the car parks by a Heathrow parking company and not the vehicle owners.

"This is a matter we're taking very seriously. Our trading standards team has launched an investigation and will be contacting the people who have received the parking tickets.

"Everyone who receives a parking ticket has the right to appeal and we will be dealing with each ticket on a case-by-case basis."

Anyone with information should contact trading standards via the Citizens Advice helpline on 0345 4 040506

(1st June 2017)


PENSION ALERT
(Womens Weekly, 18th April 2017)
www.womansweekly.com

THINK YOU COULDN'T BE FOOLED ?


In a survey by Citizens Advice, three out of four people felt confident they could spot a pension scam, but when researchers showed them three mock adverts, and asked them to pick which they'd respond to if looking for pension advice, almost nine in 10 picked ads which contained clear warning signs of a scam, such as unusually hign returns, offers of pension access at under 55, or paperwork delivered by courier. And you don't have to be dim or naive to fall for the fraudsters tricks. "Many scammers use professional looking websites and leaflets to fool their victims", says Citizens Advice Chief Executive Gillian Guy. "And its difficult for consumers to stay ahead of pension scams as they evolve".


HOW TO KEEP YOUR MONEY SAFE


The Government service Pensionwise says these are the warning signs to look out for :

- Any contact that comes out of the blue, whether by text, phone or email, offering a pension review, advice or investment opportunities.

- Offers to get you access to your pension pot before you're 55, often using words like "pension liberation", "pension loan" or "legal loophole". The only way to do this without losing most of it to tax is if you are terminallly ill, and even then there are strict rules.

- Recommendations to move your money into schemes offering high returns (anything over 8% is potentially suspicious). These will often, though not always, be based abroad, and common buzzwords are "unique", "overseas", environmently friendly", "ethical" or "in you as a "a new industry". Scammers will often flatter you by describing you as a sophisticated investor", suitable for such a scheme.

- Offers of a "free pension review", or help to track down an old pension. You can get a free overview of your pension options through the government service Pensionwise (visit pensionwise.gov.uk, or call 0800 138 3944), and track down old pensions through the Pensions Tracing Service (visit gov.uk, or call 0345 600 2537). Neither of these organisations will cold call, text or email you.

- Companies claiming to be affiliated with or endorsed by Pensionwise or any other government organisation, or calls claiming to be from the government, and asking for details of your pension; these calls won't be genuine.
Look out too, for websites that look very like the official ones - there are a lot of copycat sites. Fraudsters also sometimes use company names that sound like familiar ones.

- Anyone who encourages you to take your whole pension pot out at once, or a large sum, and let them invest it for you.

- Any suggestion of time pressure, such as offers that will close after a limited time period, documents being sent to you by courier, or pushing to make you decide quickly. If you're making any decision on your pension, take your time and consider getting professional advice.

If you think you may have been scammed, contact Action Fraud (visit actionfraud.police.uk, or call 0300 123 2040).

(1st June 2017)


COMPANY THAT DUPED PEOPLE INTO CALLING PREMIUM NUMBER AT £3.60 A MINUTE IS TOLD TO REFUND VICTIMS
(Daily Mirror, dated 10th April 2017 author Andrew Penman)

Full article [Option 1]: www.mirror.co.uk/news/uk-news/company-duped-people-calling-premium-10197392

A company which tricked callers into ringing expensive numbers beginning 09 has been fined £645,000.

Most victims had used their smart phones to search online for the number of well-known organisations such as Sky or HM Revenue & Customs .

But the links they clicked on were for connection service DK Call Limited of Bournemouth, which did not disclose that calls cost £3.60 a minute, plus network access charges.

Some victims unknowingly spent £100 on a single call.

Joe Prowse, chief executive of the watchdog Phone-paid Services Authority said: "Our investigation found that consumers were calling these numbers as a result of the company's failure to provide key and clear information about the service.

"We encourage anyone using a search engine to look for a number to be aware that the first results are not always the organisation you are looking for.

"Be particularly wary of numbers for well-known companies that seem to be operating on 087 and 09 number ranges. There is likely to be a cheaper alternative."

In addition to the fine, the watchdog ordered DK Call to refund ripped-off callers.

The PSA received 69 complaints about the company in three months.

(1st June 2017)


WONGA DATA BREACH
(Action Fraud, dated 13th April 2017)
www.actionfraud.police.uk

Wonga has confirmed a data breach where up to 250,000 accounts have been compromised. The incident is now being investigated by the police and has been reported to the Financial Conduct Authority.

Wonga has updated their website with further information and confirmed that they are contacting all those affected and are taking steps to protect them, but there are also some things you can do to keep your information secure.

Here's what you can do to make yourself safer:

If any of your financial details were compromised, notify your bank or card company as soon as possible. Review your financial statements regularly for any unusual activity.
Criminals can use personal data obtained from a data breach to commit identity fraud. Consider using credit reference agencies, such as Experian or Equifax, to regularly monitor your credit file for unusual activity.
Be suspicious of any unsolicited calls, emails or texts, even if it appears to be from a company you know of. Don't open the attachments or click on links within unsolicited emails, and never disclose any personal or financial details during a cold call.

If you have been a victim of fraud or cyber crime, please report it to us: http://www.actionfraud.police.uk/report_fraud

(1st June 2017)


BT's DODGY CALL BLOCKER IDENTIFIES ACCIDENT CLAIMS AS TOP NUISANCE CALL
(The Register, dated 12th April 2017 author Kat Hall)

Full article [Option 1]:

www.theregister.co.uk/2017/04/12/bt_accident_claims_top_nuisance_call/

BT's free [CALL] spam filter, launched earlier this year to crack down on nuisance calls, has identified accident claims as the worst offender for nuisance calls with 12 million made in the first week of March.

Some two million customers have signed up to the BT Call Protect service, which it says has diverted 65 per cent of calls to the junk voicemail box.

Accident claims made up 41 per cent of nuisance callers; followed by scammers fishing for personal details (18.5 per cent); computer scams (12.6 per cent); debt collection (7.5 per cent) and PPI (6.4 per cent).

It was recently revealed that hundreds of staff were hired by scammers in Indian call centres to defraud TalkTalk customers.

BT said the service harnesses huge computing power to analyse large amounts of live data.

Rogue numbers are identified and added to the BT blacklist, which proactively diverts nuisance calls before they reach customers, unlike reactive blocking where the calls reach the customer and the numbers are changed frequently to avoid detection.

BT said customers are making more than 80,000 calls a week to BT Call Protect's 1572 number to add numbers to their personal blacklist.

BT estimates that if all its customers signed up to BT Call Protect, it could divert 1.6 billion nuisance calls a year. It is thought that PPI and accident claims companies alone are responsible for 800 million of these calls.

(1st June 2017)


DO YOU HAVE AN EXTERNAL MAILBOX
(Hertfordshire Neighbourhood Watch circular, dated 11th April 2017)

Many Hertfordshire residents have had credit cards, mobile phones or other services ordered in their name after their post has been stolen or tampered with. This is a form of Identity Fraud, causing disruption, inconvenience, credit problems and potential financial loss to victims. Cifas, the UK fraud prevention service, recently released figures showing that identity fraud has hit the highest levels ever recorded in the UK.

Residents with external mailboxes appear to be particularly at risk from this type of crime, with fraudsters stealing documents containing personal details, which they then use to order credit cards, open accounts, or order other services in the resident's name.

When the fraudulently ordered credit cards are delivered, the fraudster intercepts them, taking them from the resident's external mailbox. People who have been victims to this type of fraud are particularly unhappy to realise that fraudsters have been monitoring their home, watching their movements, and taking the items from their letterbox as soon as they have been delivered. This may happen over a considerable period of time before the crimes come to light, often when the credit card or other service providers contact the resident to chase payment.

A recent Hertfordshire victim had numerous items stolen from a locked mailbox out of sight of his house over a period of time. It is believed that the fraudters used skeleton keys. He has since added a combination lock and also suggests that a deep mail box with an internal baffle plate (which makes it very hard/impossible to take anything out of the box) is a good security measure.

Please consider the security of your postal deliveries.

Note: Police recommend that residents wishing to purchase items to improve the security of their home should look for items endorsed by "Secured By Design" ( securedbydesign.com )

(1st June 2017)


LAW ABIDING CITIZEN ALERT
(Action Fraud, dated 3rd April 2017)
www.actionfraud.police.uk

Fraudsters are sending out a high volume of phishing emails to personal and business email addresses, pretending to come from various email addresses, which have been compromised.

The subject line contains the recipient's name, and the main body of text is as below:

------------------------------

"Hi, [name]!

I am disturbing you for a very serious reason. Although we are not familiar, but I have significant amount of individual info concerning you. The thing is that, most likely mistakenly, the data of your account has been emailed to me.

For instance, your address is:

[real home address]

I am a law-abiding citizen, so I decided to personal data may have been hacked. I attached the file - [surname].dot that I received, that you could explore what info has become obtainable for scammers. File password is - 2811

Best Wishes,"

The emails include an attachment - a '.dot' file usually titled with the recipient's name.

------------------------------

This attachment is thought to contain the Banking Trojan Ursniff/Gozi, hidden within an image in the document. The Ursniff Banking Trojan attempts to obtain sensitive data from victims, such as banking credentials and passwords. The data is subsequently used by criminals for monetary gain.

Protect Yourself:


Having up-to-date virus protection is essential; however it will not always prevent your device(s) from becoming infected.

Please consider the following actions:

- Don't click on links or open any attachments you receive in unsolicited emails or SMS messages: Remember that fraudsters can 'spoof' an email address to make it look like one used by someone you trust. If you are unsure, check the email header to identify the true source of communication (you can find out how by searching the internet for relevant advice for your email provider).

- Do not enable macros in downloads; enabling macros will allow Trojan/malware to be installed onto your device.

- Always install software updates as soon as they become available. Whether you are updating the operating system or an application, the update will often include fixes for critical security vulnerabilities.

- Create regular backups of your important files to an external hard drive, memory stick or online storage provider. It is important that the device you back up to is not connected to your computer as any malware infection could spread to that as well.

- If you think your bank details have been compromised, you should contact your bank immediately.


If you have been affected by this or any other fraud, report it to Action Fraud by calling 0300 123 2040, or visit www.actionfraud.police.uk.

(4th April 2017)


THIS CON CAN COST YOU MONEY AND SEND YOU TO JAIL (Extract)
(Entity magazine, dated 18th March 2017 author Vanessa McGrady)

Full Article [Option 1]:
http://the-entity.com/e_magazine/magazine/2017/03/18/scam-alert-this-con-can-cost-you-money-and-send-you-to-jail/

Kelli Williams, a market researcher by day, was looking for a little side hustle. The 38-year-old from Oak Park, Ill., cruised Craigslist and found what seemed like a great moonlighting gig. "It seemed like it would be perfect. You could work as many or as few hours as you wanted and it was all done from your computer, remotely," she said.

A guy named "Bill" had a warehouse in California and wanted her to list items on eBay-under Williams' account-and manage the transactions and inquiries. Bill would receive the order and ship the goods to the customers. "It all actually worked at first. I listed the items, the people received them, I got some money," Williams said.

The honeymoon didn't last long. "As I took on more and larger items, complaints started rolling in. People weren't getting their items. They were demanding refunds. I kept pestering Bill and he would say the item was on its way. More emails, more demands for refunds. His next excuse was that they got lost in the mail (and he told me some ridiculous percentage of items get lost in the mail every day)."

But because the items were under Williams' name and account, she was responsible for giving out refunds for increasingly expensive items, such as exercise equipment, electronics and software. "The last time I contacted Bill to essentially beg him to make this right, he became a totally different person (for all I know he could have been) and threatened me. He said he knew where I lived and worked and would send his 'family in Chicago' after me."

All in all, Williams lost about $5,000 in what's known as a "reshipping scam," and she had to start all over again building a new eBay account because all the bad reviews had made her original one unusable. This happened about 13 years ago, and she's since rebuilt her reputation, but unfortunately, she's not alone in falling victim to a scam. According to the FBI, college students, especially now, are prone to this kind of con. "Never accept a job that requires depositing checks into your account or wiring portions to other individuals or accounts," the FBI warns on its website.

"Reshipping scams, like many job scams, are appealing because they offer the opportunity to get a job and get paid quickly. Because they don't have any experiential or educational requirements, most job seekers are qualified for these sorts of scam jobs, which allows scammers to access a bigger pool of potential victims. Most job seekers feel at least some pressure to get a job quickly, especially if they've been out of work or need extra income to meet their debt obligations. Scammers understand this vulnerability and they prey on it," says Brie Reynolds, a senior career specialist at FlexJobs.com, an agency that helps place people in legitimate work-from-home and part-time positions.

And to make matters worse, the damage could go beyond losing money for the victims . "Reshipping job scams aren't just annoying-they can actually involve job seekers in criminal activities. Most of the time, the goods being reshipped are stolen, and once a person receives those stolen goods and then mails them to another location, they've unwittingly become part of that crime," Reynolds says. In fact, to her knowledge, there are basically zero legitimate reshipping jobs.

uaware comment

Yes, I know, another USA article. This is another example of a scam that can be transfered Worldwide. Instead of the crook dipping their hands directly into you pockets they get innocent people (customers) to demand refunds and destroy your reputation in the process.

(2nd April 2017)


MARRIOTT HOTEL CONTINUES TO WARN PEOPLE ABOUT FAKE PHONE SCAM
(Fox News, dated 20th March 2017)

Full Article [Option 1]:

www.foxnews.com/travel/2017/03/20/marriott-hotel-continues-to-warn-people-about-fake-phone-scam.html

Think you've won an all-expenses paid hotel stay at a premium brand? Not so fast. If you receive a phone call offering a free stay at a Marriot hotel, you might just want to hang up immediately.

According to the hotel chain, that call is likely part of a continuing phone scam that utilizes the brand's well recognized name to access personal and financial information from potential guests.

According to Travel Pulse, the trick has been played on victims since at least 2015 and the chain has issued a series of statements warning about the calls since. But the scammers apparently haven't been deterred.

"Marriott International has been made aware of a series of fraudulent telephone calls being made in different parts of the world where the caller offers a complimentary stay at a Marriott hotel to entice the person taking the call to listen to a sales pitch unrelated to Marriott," the hotel said on March 15.

But according to the global hotel company, Marriott has absolutely nothing to do with these phoners.

"Marriott has not provided any information to the parties involved in these fraudulent calls," the hotel said in a statement.

"If you receive a suspicious telephone call, especially for a contest you did not enter, we urge you not to provide any personal information, especially credit card information. Instead, simply end the phone call."

If received, the fishy calls can be reported to the ##############. Phone cons, the commission said on their website, have led to thousands of people losing money ("from a few dollars to their life savings") each year.

According to the Commission, travel scams are a particularly common way for thieves to obtain information and money.

"'Free' or 'low cost' vacations can end up costing a bundle in hidden costs," the commission said. "Some of these vacations never take place, even after you've paid."

uaware comment


If you have been drawn in by this scam (or similar) contact your bank and warn them of an impending "dodgy" transaction. Also report the incident to Action Fraud : 0300 123 2040.

(2nd April 2017)


BEWARE UNSOLICITED PENSION CALLS
(Good Housekeeping, dated March 2017)
www.goodhousekeeping.co.uk [Option 1]

In the Autumn Statement, the Government announced that it wants to make pension cold calls illegal. Why ?

Because these calls are not only a nuisance, but also usually the work of scammers. Almost 11 million pensioners are being targeted annually by cold callers with savers reporting estimated losses of almost £19 million to pension scams between April 2015 and March 2016. If you get a call about your pension from someone you're not expecting, hang up immediately. If you think you've been targeted by a scam, call The Pensions Advisory Service on : 0300 123 1047. You should also report scams to Action Fraud on 0300 123 2040.

(2nd April 2017)


SPEAR-PHISHING SCAMMER DEMANDED SEX SHOW
(BBC News, dated 22nd March 2017 author Zoe Kleinman)

Full article [Option 1]: www.bbc.co.uk/news/technology-39338004

What is spear phishing?


"Phishing uses behavioural psychology to trick victims into trusting the attacker in order to obtain sensitive information," said Paul Bischoff of Comparitech, who also talked to Zed.

"Spear phishing is less prevalent, but far more dangerous. Spear phishing targets an individual or small group of people. The attacker can gather personal information about their target to build a more believable persona."

The incident

Six weeks ago, a young woman called Zed (not her real name) was in a meeting at work when a message popped up on Facebook Messenger from a distant friend.

"Hey babe," it began.

The friend asked Zed to vote for her in an online modelling competition, which she agreed to do.

But then - disaster. Adding her email address to the competition register had caused a tech meltdown, her friend said. She needed to borrow her email log-in to fix it quickly and restore her votes.

Zed was unsure. The friend begged - her career was at stake, she pleaded. Still in the meeting and powerless to make a call, Zed gave in - a momentary leap of faith.

Except it was not her friend that she was talking to - someone else had got into the account and was pretending to be her.

It's a scamming technique known as spear phishing.


Within minutes, Zed watched in horror as she was locked out of one account after another, as well as her Apple iCloud where she stored all her data - including a photo of her passport, bank details, and some explicit pictures. The hacker took control of all her IDs as they were all linked to the email address details she had supplied.

The scammer also activated an extra layer of security, called two-step authentication, meaning that they received all alerts about her accounts and could reset them.

Then a man called. The number had a Pakistan area code.

"He started the call by saying he didn't want any drama, he didn't want me to cry, he wanted me to talk to him like a professional," she said.

He sounded young, perhaps a college student, she thought.

'Immoral'

He accused her of leading an "immoral" life. He had seen her photographs, he knew she had smoked and had boyfriends and was sexually active.

He asked her what her parents would think and was furious when she said they already knew.

"He claimed he had hacked thousands of women," Zed says.

"He said 10 or 12 he had felt bad about because he couldn't find anything about them that was 'wrong'."

Zed was not part of that group.

"He said he was happy when he hacked my account. That I deserved everything."

He told her he would post the explicit pictures on her Facebook page - where she has more than 1,000 friends.

"I offered him money. I asked if I could pay. He said, 'Don't talk about money.' He sounded irritated," she said.

Instead, he wanted her to perform a sex act for him on camera.

Zed refused.

"Either you do it for me or you do it for the whole world," he told her - and uploaded one of the photos to Facebook.

Zed had already warned her boyfriend and parents who assembled an army of friends waiting to report activity on her account. Within 15 minutes it had been disabled by Facebook - but she still received concerned messages from contacts.

"A friend who is like a brother sent me a message - it wasn't him who had seen [the photo] but a friend of his," she said.

"I feel like I mustn't think too much about how many people saw [the photos]."

The last thing the scammer said to her was, "Have a great life."

"It seemed to me the only reason he was doing this was to morally police women and get them to do stuff for him," Zed said.

"He wanted a gallery of explicit photographs of women. That seemed to be his motive."

Zed does not consider herself to be digitally naive. She is a bright, articulate 20-something from India who works in the media industry on the US east coast.

"I have been tech savvy and on the internet almost my entire life - but I've never really seen the power of what people can do until now," she says.

Regaining control of her accounts has been a struggle. It took Zed a month to get her Apple ID back after engineers created a bespoke questionnaire for her containing answers that were not stored in her account.

Gmail and Facebook have also been restored, but she has lost Snapchat and her Hotmail address - her central account which she had used for more than 13 years.

'Chink in the armour'

"I feel for the poor woman - these scams are so easy to fall for," said cybersecurity expert Prof Alan Woodward from Surrey University.

"I think what it shows is that security is a combination of people, process and technology. You can be very 'savvy' in any one or two of these but scammers are superb at finding novel combinations that, frankly, we just wouldn't think of.

"I know it sounds so obvious but, regardless of who they are, you should not share your username and password. Give these scammers a small chink in the armour and they are sadly brilliant at getting in and running amok in your digital life."

Zed still uses iCloud but does not store personal stuff on it anymore - and has activated two-step verification everywhere.

"I still see the value in the storage. But I will never ever give any information away again," she said.

Zed originally decided to share her story on community site Reddit after trying to find others who may have been conned by the same man.

"I was really shocked to discover that I found absolutely nothing," she said.

"I was hoping that speaking up about it would remedy that problem and encourage others to share their stories.

"It also felt like the only way to get back at him."

As far as Zed knows, the scammer has not been caught.

"Cyber-criminals come in all shapes and sizes,' said prof Woodward.

"Their motive is not always monetary gain. As we have sadly seen of late, revenge or just being plain malicious is a growing trend."


How do I protect myself?


Besides never sharing the credentials for your online accounts, a good way to stay safe is to enable "two-step authentication". This means that users must enter another code besides their password, received for example by their mobile phone, to log in.

This can usually be set up in the security settings for your account or during the sign-up process. Two-step authentication is offered by Gmail, Hotmail, Apple, Amazon, Yahoo, Facebook and Twitter among others.

uaware comment

- Don't use the same password for every online service

- Use security software on every device that can go online.

(2nd April 2017)


HOPING FOR A PAYRISE ? THAN WATCH OUT FOR THIS SNEAKY PHISHING SCAM
(ZDNET, dated 23rd February 2017 author Danny Palmer)

Full article [Option 1]:

www.zdnet.com/article/hoping-for-a-payrise-watch-out-for-this-sneaky-phishing-scam/

Cybercriminals are attempting to steal credentials from government workers and university staff by deploying phishing emails claiming that the target is due for a pay rise.

Claiming to be from the human resources department, the email tells staff that they're soon to be offered a pay rise and to click a link in order to enter their credentials for 'authentication purposes'.

This fraudulent link takes the target to a fake website where they are asked to enter personal information including university log in and financial details, data which the cybercriminal perpetrators can use to gain unauthorised access to systems and steal money.

The UK's fraud and cybercrime centre Action Fraud and the City of London police issued a warning on the pay rise phishing scam following more than a hundred reports of victims receiving them.

Action Fraud also warns that universities, police forces and government agencies have been targeted by cyberfraudsters using this scheme, which is being investigated by various regional police forces.

Police advice to those who have been targeted by this phishing scam is to change any passwords associated with any passwords associated with their email accounts and IT accounts.

"Phishing emails continue to be a serious problem. It is essential that those affected take the appropriate action to protect their personal details, says Stephen Proffitt, deputy head of Action Fraud.

The University of Bath computing services department published a warning after users were sent the email.

Phishing emails are an effective attack vector for cybercriminals, who use them for everything from stealing credentials to distributing malware and ransomware. Those behind phishing schemes can send millions of emails in just a day, so even if just a tiny number of targets fall for the scam, they're still making off with a big haul of data.

The university pay rise scam isn't the first phishing campaign which Action Fraud has recently warned against; in January police warned that cybercriminals are attempting to infect people with bank data stealing malware by using emails pretending to come from a charity.

(2nd April 2017)


OLD MAGAZINE SCAM IS ALIVE AND WELL
(Los Angeles Times, dated 26th March 2017)

Full article : www.latimes.com/business/la-fi-montalk-20170327-story.html

I got scammed by a magazine company a year ago. I thought the call was about two magazines I wanted to stop as I was moving. The woman talked fast and took me through the steps with my bank card (which was stupid of me, I now know) as if she was helping and at the end she said, "Oh, those are not our magazines." Two weeks later I was receiving about eight magazines I do not want. I changed my bank card so the withdrawals would stop, but I get so many collection calls. I hang up and block that number, but then I get more. My bank manager said consumers don't have to pay for what they don't want. I have told the collectors that, but they still send bills for $1,200 for three years of magazines.

Answer: Don't expect collectors for scam artists to help you out. Amy Nofziger, regional director for the American Association of Retired Persons (AARP), recommends you contact your state's attorney general to file a complaint.

"Magazine subscriptions like this are still a huge complaint and the AGs need to know about it, so they [can] file enforcement against the company if needed," Nofziger said.

You must follow certain procedures to request that the debt collection agency stop contacting you. The AG's office may be able to help or there may be a separate collection agency board you need to contact. The Federal Trade Commission also has guidance at www.consumer.ftc.gov/articles/0149-debt-collection.

You also can call and speak to a trained volunteer at the AARP Fraud Watch Network who can help you through the steps. Its number is ************** and you can learn more at www.aarp.org/FraudWatchNetwork.

uaware comment
- YES I KNOW, THIS ARTICLE COVERS THE USA !

The point of including this article is an example of scams that can easily be tranported from one country to another. When these con artists victims dry up in their own country they will just dial another countries access code !

If you need to alter or cancel an existing magazine subscription telephone the publishers number on your previous orders documentation. If you can't find your documentation, contact your local library (your librairian will love my suggestion - but they do order magazines !).

If you have fallen foul of this con inform your bank, then call the Citizens Advice line for further help.

(2nd April 2017)


PASTY CRIMPER POSED AS ASIAN PORN STAR TO CON PENSIONER OUT OF £35,000
(Metro, dated 26th March 2017 author Jen Mills)

Full article [Option 1]:

http://metro.co.uk/2017/03/26/cornish-pasty-crimper-posed-as-asian-porn-star-to-con-pensioner-out-of-35000-6534795/

A woman who worked crimping Cornish pasties used her spare time to defraud a pensioner by pretending to be a porn star, a court heard.

Aysha Begum, 27, allegedly told retired divorcee Geoffrey Hoyland that she was a 22-year-old Bangladeshi exotic model and sent explicit videos and photos she claimed were of her.

In reality she was a pasty crimper in a factory in St Austell, Cornwall.

Begum allegedly struck up a 'relationship' after meeting him on Facebook, and asked for money and gifts including £20,000 in cash.

She reportedly told him that was to assure her conservative mother that he was financially secure and their wedding could go ahead.

Mr Hoyland, who lives with his two cats in Banbury, Oxfordshire, also sent gifts including a strapless basque, G-string and stockings, gold necklace, iPhone and white sofa.

Truro Crown Court was told that Begum's husband Jynal Khan has already pleaded guilty to fraud and was being dealt with in a separate court case.

Begum, of St Austell, is accused of committing fraud and spending £35,16.19 knowing that the money came from criminal conduct. She denies both charges.

The alleged offences date between December 26, 2014, and December 9, 2015.

Paul Grumbar, prosecuting, said: 'This case is about the allegation that this lady and her husband worked together and committed what is called a dating scam to extract money from a man, in this case a Mr Hoyland.

'He joined a Facebook page that was introducing ladies who were interested in relationships with older men.

'Mr Hoyland was, you may think, in many ways naive.'

The court heard Begum allegedly used the name Alisa Begum, so that gifts and money could be sent to her under the name 'A. Begum'.

Paul Grumbar, prosecuting, said Begum asked for cash so she could buy a car and drive to Oxfordshire to visit him, as well as money for new tyres, a satnav and to cover cost of converting the vehicle to LPG fuel.

Mr Grumbar said all the money was sent to her personal bank account which was used to pay the couple's mortgage and large sums of cash were also withdrawn.

He added: 'The Crown is saying that it is all very well her husband saying he was the man responsible for the fraud, but she must have known about it and very large sums of money going into her bank account.'

(2nd April 2017)


VOYEURS DUPED INTO PROVIDING THEIR PERSONAL DETAILS
(The Register, dated 20th March 2017 author John Leyden)

Full article [Option 1]: www.theregister.co.uk/2017/03/20/wwe_paige_survey_scam/

WWE star's swiped sex snaps survey spam snares selfie sickos !!!

Scammers are exploiting a new batch of leaked celebrity nudes, using the stolen selfies to lure in gawpers and make a fast buck.

Voyeurs are told to install a smartphone app that promises to reveal comprising photos of British WWE star Paige - whose intimate private photos and videos were leaked online this month without permission. The wrestler is among a clutch of celebs whose nude pics and sex tapes were very recently snatched and spread on the web, an act dubbed The Fappening 2.0 after similar leaks in 2014.

Pervs hoping for an illicit glimpse of Paige are tricked into allowing the app to access their Twitter account, and then led along a warren of URLs that go nowhere and serve no purpose other than to make crooks money from affiliate marketing and advertising link clicks.

Determined gawpers will eventually wind up on an internet survey page that promises to reward you with an Amazon gift card after you hand over details about yourself. "Filling this in hands your personal information to marketers," said Chris Boyd, a malware intelligence analyst at Malwarebytes. A writeup of the scam - complete with screenshots - can be found in a blog post by Boyd, here.

While surfers are looking through all these links, the dodgy phone app spams out tweets from their accounts, complete with yet more pictures and URLs as bait. It's another example - only days after the Twitter Counter app was hacked to send out propaganda branding the Dutch and Germans as Nazis - why netizens should be wary of third-party Twitter apps.

This month's Fappening 2.0 leak has cropped up in other cybercrime scams. For example, message board denizens are warning others of dodgy download links and random zip files claiming to contain stolen nude photos and video clips.

"As freshly leaked pictures and video of celebrities continue to be dropped online, so too will scammers try to make capital out of image-hungry clickers," Boyd warned.

"Apart from the fact that these images have been taken without permission so you really shouldn't be hunting for them, anyone going digging on less-than-reputable sites is pretty much declaring open season on their computers. Do yourself a favor and leave this leak alone. It probably won't be long before the Malware authors and exploit slingers roll into town."

(2nd April 2017)


SANTANDER TEXT MESSAGE SCAM
(BT News, dated 22nd March 2017)

Full article [Option 1]:

http://home.bt.com/lifestyle/money/money-tips/santander-text-message-scam-tips-to-stay-safe-and-protect-your-bank-account-11364166756084

Criminals are targeting Santander customers using a text message trick to steal funds out of current accounts.

All of the victims who have lost money are now struggling to recoup their losses as they all revealed their One-Time Passcode to the scammers. This is a vital piece of information fraudsters need to steal money.

Here's what you need to know to keep your accounts safe.

How the scam works


In the latest spate of incidents criminals are reportedly using a technique called number spoofing to send messages to victims that appear to be from the bank and part of an existing thread.

These warn that there has been unusual activity on the account and that the customer needs to call a number or click a link to verify information.

Scammers then convince the victims to provide account details for their online banking and generate a One-Time Passcode (OTP), which allows them to empty the accounts.

The OTP is an extra layer of security Santander uses to authorise things like setting up a new payee or changing details on the account.

Savings stolen

At least three Santander customers have lost more than £36,000 in total this month thanks to this 'smishing' scam, according to This is Money.

Ruth Quinn from Kent lost £15,000, Ron Williams from Southampton had £12,000 stolen and Rod Owens from Coventry is £9,200 out of pocket.

More and more people are using current accounts as savings accounts as they offer more interest than traditional deals.

This means more cash is likely to be held in a current account, which makes them a prime target for fraudsters.

The Santander 123 Current Account pays 1.5% on savings up to £20,000 and is especially good for large balances.

Growing trend

Of course the scammers can easily imitate any other bank, so it's not just Santander customers who need to be vigilent.

The industry as a whole has seen an alarming rise in the use of 'social engineering techniques', including targeted smishing.

Figures from Financial Fraud Action UK show that the amount lost to financial fraud has increased from £755 million in 2015 to £768.8 million in 2016.

Take a look at our guide to the common tricks scammers use to keep up to date with how criminals are trying to steal your money.

Can victims get their money back?


Sadly, Santander will not refund the victims of this nasty smishing scam because they handed over the essential OTP code, which allowed the fraudsters to siphon the money.

A spokesman for Santander told This is Money: "Each of these customers provided the fraudsters with their OTPs and allowed the fraudsters access to their online banking.

"OTPs are security measures we put in place to protect customers, and we have specific warnings on our online banking log-in screen and when sending OTPs not to divulge these to anyone.

"In two of the cases our fraud detection flagged the transactions and contact was made to the customers' registered telephone where these transactions were confirmed as genuine, authorising them to go ahead.

'Whilst we are very sympathetic to customers who are victims of scams, as there was no Santander error and all three customers divulged personal, security information, we therefore cannot accept any responsibility for the losses on these accounts.

'We assess all fraud claims on a case by case basis, in line with the Payment Service Regulations and the Consumer Credit Association.'

How to stay safe

Your bank will never contact you to ask for your account details, Pin or your OTP code.

You should ignore and report any message, call or email you get asking for this sort of sensitive personal information.

If you think if you have become a victim of a smishing scam, contact your bank as soon as possible using the number on the back of your debit card.

(2nd April 2017)


IDENTITY FRAUD REACHES RECORD LEVELS
(CIFAS, Dated 15th March 2016)

Full article [Option 1]: www.cifas.org.uk/press_centre/identity-fraud-reaches-record-levels

Cifas, the UK's leading fraud prevention service, has released new figures showing that identity fraud has hit the highest levels ever recorded. A record 172,919 identity frauds were recorded in 2016 more than in any other previous year. Identity fraud now represents over half of all fraud recorded by the UK's not-for-profit fraud data sharing organisation (53.3% of all frauds recorded to Cifas), of which 88% was perpetrated online.

The vast majority of identity fraud happens when a fraudster pretends to be an innocent individual to buy a product or take out a loan in their name. Often victims do not even realise that they have been targeted until a bill arrives for something they did not buy or they experience problems with their credit rating. To carry out this kind of fraud successfully, fraudsters need access to their victim's personal information such as name, date of birth, address, their bank and who they hold accounts with. Fraudsters get hold of this in a variety of ways, from stealing mail through to hacking; obtaining data on the 'dark web'; exploiting personal information on social media, or though 'social engineering' where innocent parties are persuaded to give up personal information to someone pretending to be from their bank, the police or a trusted retailer.

We have seen growing numbers of young people falling victim in recent years and this upward trend continued in 2016 with almost 25,000 victims under 30. In particular we saw a 34% increase in under 21s, and therefore Cifas is again calling for better education around fraud and financial crime and urging young people to be vigilant about protecting their personal data.

2016 also saw increases in victims aged over 40, with 1,869 more victims recorded by Cifas members.

Mike Haley, Deputy Chief Executive, Cifas said:


"These new figures show that identity fraud continues to be the number one fraud threat. With nine out of ten identity frauds committed online and with all age groups at risk, we are urging everyone to make it more difficult for fraudsters to abuse their identity. There are three simple steps that anyone can take to protect themselves: use strong passwords, download software updates when prompted on your devices; and avoid using public wi-fi for banking and online shopping.

"We all remember to protect our possessions through locking our house or flat or car but we don't take the same care to protect our most important asset - our identities. We all need to take responsibility to secure our mail boxes, shred our important documents like bank statements and utility bills, and take sensible precautions online - otherwise we are making ourselves a target for the identity fraudster."

Commander Chris Greany, National co-ordinator for economic crime said:


"With close to half of all crime now either fraud or cyber crime we all need to make sure we protect our identity.

"Identity fraud is the key to unlocking your valuables. Things like weak passwords or not updating your software are the same as leaving a window or door unlocked."

Year on year breakdown of UK total fraud figures (Recorded)

2008 : 77,642
2009 : 102,327
2010 : 102,672
2011 : 113,259
2012 : 123,589
2013 : 108,554
2014 : 113,839
2015 : 169,592
2016 : 172,919

uaware comment : National Trading Standards have stated that only 5% of fraud incidents are reported.

Age breakdown of victims impersonation


n = 2015, (n) = 2016

Under 21 : 1343 (1803)
Age 21 - 30 : 22616 (22572)
Age 31 - 40 : 36502 (33883)
Age 41 - 50 : 33702 (34010)
Age 51 - 60 : 28366 (29818)
Age 61 + : 25934 (26043)

What can consumers do to protect themselves?


- Set your privacy settings across all the social media channels you use. And just think twice before you share details - in particular your full date of birth, your address, contacts details - all this information can be useful to fraudsters!

- Password protect your devices. Keep your passwords complex by picking three random words, such as roverducklemon and add or split them with symbols, numbers and capitals:R0v3rDuckLemon!.

- Install anti-virus software on your laptop and any other personal devices and then keep it up to date. MoneySavingExpert have a recommended list of the best free anti-virus software: www.moneysavingexpert.com/shopping/free-anti-virus-software

- Take care on public wi-fi - fraudsters hack them or mimic them. If you're using one, avoid accessing sensitive apps such as mobile banking.

- Download updates to your software when your device prompts you - they often add enhanced security features.

Think about your offline information too:

- Like post. Always redirect your mail when you leave home and try to make sure your mailbox is secure.

What to do if you're a victim:

ACT FAST if you think you have been a victim of identity fraud

- If you receive any mail that seems suspicious or implies you have an account with the sender when you don't, do not ignore it.

- Get a copy of your credit report as it is one of the first places you can spot if someone is misusing your personal information - before you suffer financial loss. Review every entry on your credit report and if you see an account or even a credit search from a company that you do not recognise, notify the credit reference agency.

- If you have information about those committing identity crime please tell independent charity Crimestoppers anonymously on 0800 555 111 or at www.crimestoppers-uk.org

- If you have been a victim of fraud, you can contact Victim Support for free, confidential advice and support. Victim Support is the independent charity for victims and witnesses of crime in England and Wales. Find out more at www.victimsupport.org.uk

- Individuals or businesses who have fallen victim to identity fraud should report to Action Fraud on 0300 123 2040 or online at www.actionfraud.police.uk/


About Cifas


Cifas aims to make the UK a safer place to do business, by enabling organisations in every sector to prevent fraud and protect the public through the sharing of confirmed fraud data.

Cifas is a not-for-profit organisation and has over 360 members spanning the public and private sectors. In 2015 alone, Cifas members prevented over £1.1 billion of avoidable fraud losses by using Cifas databases. Cifas also offers Protective Registration for individuals whose identities are at risk of being used fraudulently, for instance after a burglary.

In 2014, Cifas launched a scheme called Protecting the Vulnerable. This service is offered free of charge to local authorities to protect those under the care of Court Deputies who are unable to access financial products and whose identities may be at risk.

Visit www.cifas.org.uk for more information

(2nd April 2017)


PHONE FRAUDSTERS ARE USING THIS NEW TRICK TO MAKE YOU BELIEVE YOU'RE SPEAKING TO YOUR REAL BANK
(Mirror, dated 7th March 2017 author Andrew Penman)

Full article [Option 1]:

www.mirror.co.uk/news/uk-news/phone-fraudsters-using-new-trick-9984197

Phone scammers posing as bank staff are calling customers then putting them on hold and playing holding music to make the call more convincing.

The fraudsters hope that the ploy will fool people into thinking that the call genuinely must be from their bank.

Victims are then persuaded to give personal financial information such as online banking log in details, warns The City of London Police's National Fraud Intelligence Bureau.

"Fraudsters are constantly developing new ways to make their calls more convincing so members of the public need to remain vigilant," said Stephen Proffitt, Deputy Head of Action Fraud.

"If you receive a cold call purporting to be from your bank, always end the call as soon as possible and call your bank back using the number on the back of your bank card or statement and ask to be put through to the fraud team.

"Tell them exactly what has just occurred.

"If you believe your bank details may have been compromised, you should report this to your bank immediately."

(2nd April 2017)


BANK STAFF TRAINED TO SPOT CASH SCAMS AS THEY TAKE PLACE
(BBC News, dated 4th March 2017 author Tony Bonsignore)

Full article : www.bbc.co.uk/news/business-39166130

All bank staff are to be trained to spot signs that a customer may be withdrawing cash to give to a scammer.

Police hope the scheme will help reduce financial crime by spotting scams before money has been handed over.

The plan is to train every single front-facing employee of banks, building societies and Post Offices.

Cash payments to fraudsters are typically much harder to trace than online payments with the vast majority of cases going unsolved.

Typical frauds of this kind include paying rogue builders, romance scams and elderly abuse.

The new scheme, known as the Banking Protocol, is aimed at ensuring banks and police are more active in protecting customers.

It is being run as a joint venture between the police, Financial Fraud Action - which represents banks - and Trading Standards.

All customer-facing bank staff will be told to look out for specific signs that a client may be the victim of ongoing fraud.

If they have suspicions, they are encouraged to call the police and give a special password.

Sixteen arrests

Police trained under the protocol will also commit to investigating the fraud as a priority - often visiting the bank branch, or the customer's home, immediately.

In some cases, they may be able to catch the criminal waiting outside the bank or the victim's home to collect the cash.

Bank staff taking part in the trial scheme in London made 178 calls to police which resulted in 16 arrests.

Banks say £1.4m has already been stopped from leaving customer accounts.

Police, Financial Fraud Action and Trading Standards have hailed the trial a success.

The scheme is expected to begin in the next few weeks with the first 16 police forces trained by the end of June.

''It just didn't add up'


Staff at one bank which has trialled the scheme helped stop a customer being swindled out of £13,000.

Ray, who is in his 60s, was approached by a builder at his home in London about some work on his house.

He had withdrawn £6,000 from his local branch after explaining to staff what it was going to be used for.

But when he returned a week later to take out another £13,000 he was recognised by staff member Ann-Marie.

She asked him questions about his cash withdrawal which raised suspicions.

Ray handed over the flier he had been given with the builder's contact details and staff gave him a call.

Ann-Marie added: "The person that answered wasn't very professional and the alarm bells started to ring. Plus the amount he [Ray] wanted to cash and the work he needed done just didn't add up."

Staff contacted the police who visited Ray the next day when the builder was at his property.

Officers did a background check on the builder and which uncovered suspicious activity and he was arrested.

Finance Fraud Agency (FFA) : https://www.financialfraudaction.org.uk/

(2nd April 2017)


BEWARE PRINTER HELPLINE SCAM, WARNS NATIONAL TRADING STANDARDS eCRIME TEAM
(Computer Weekly, dated Feb / March 2017 author Warwick Ashford)

Full article [Option 1]:

www.computerweekly.com/news/450413534/Beware-printer-helpline-scam-warns-NTS-eCrime-Team

The National Trading Standards (NTS) eCrime Team has issued a warning about a scam targeting those looking for help with printer problems.

The eCrime Team provides a national resource to support all local authority areas in England and Wales, tackling the increasing threat to businesses and consumers in relation to internet scams.

The "printer helpline scam" differs from most scams as it requires consumers to contact the criminals directly using fake "helpline" numbers in online adverts in search engines results or social media.

According to the eCrime Team, the criminals behind the scam are gaining remote access to people's computers by pretending to help them to resolve their technical problems.

Once victims have allowed access to their systems, the criminals are stealing personal information, including bank account details, and infecting computers with malware.

One particular criminal group, which claims to be affiliated with a wide range of technology brands and printer manufacturers, takes control of victims' computers and demands payment to release them.

Figures from Action Fraud, UK's national reporting centre for fraud and cyber crime, reveal that cases such as computer service fraud, which includes scams such this, have risen by 47% since 2014.

"This printer helpline scam is particularly pernicious because it encourages victims to unknowingly contact the fraudsters of their own accord," said Mike Andrews, lead co-ordinator of the NTS eCrime Team.

"While victims expect they will receive help with their printer problems, they have in fact been lured into a trap and find themselves at risking of losing money, important personal information and also have their computer security compromised."

Toby Harris, chair of NTS, urged people to be particularly vigilant about this scam and to use official printer helpline details or consult the official website of the manufacturer for helpline details.

"If you have fallen victim to a scam or see suspicious activity online then please report it to the Action Fraud and to Citizens Advice on 03454 040506," he said.

National Trading Standards is advising people be suspicious of helplines asking to take remote control of computers to fix printer problems.

The eCrime Team said organisations should ensure that their anti-virus and online security software is kept up-to-date to reduce the risk of unwanted pop-ups on-screen that may advertise fraudulent services.

(2nd April 2017)


SCAMS FROM ACROSS THE "POND"

uaware pre-amble


Yes, I know, these are North American articles. It still shows the type of problems that are circulating about.
Internal Revenue Service (IRS) can be translated into HMRC and fraudsters do do that. The other problem (if you can call it that) is services such as Facebook, Twitter etc are global; making scams easier to transport between countries.

THE LATEST ONLINE SCAMS EVERY BUSINESS OWNER SHOULD KNOW ABOUT
(INC. , dated February 2017 author John Rampton)

Full article [Option 1]:

www.inc.com/john-rampton/the-latest-online-scams-every-business-owner-should-know-about.html

Despite the numerous anti-fraud efforts utilized by businesses and consumers, the threat of a being becoming a victim of a cyber attack or scam is persistent. This isn't just costly, it's been estimated that the median loss caused by fraud was $145,000 in 2014, it's also frustrating, can do serious damage to your brand's reputation, and could months, if not years, for you to completely cover.

That's why it's imperative for you to be proactive when it comes to securing either your business or personal information. Having updated anti-virus software, using unique passwords, and using some common sense are a start. But, since scammers are always changing the rules to the game, you also need to stay up-to-date on the latest scams, like these 10 payments scams.

Top Banking Malware of 2016

According to the Check Point 2016 H2 Global Threat Intelligence Trends report, these were the most common of 2016;

Zeus 33% - This Trojan targets Windows platforms to steal banking information via man-in-the-browser keystroke logging and form grabbing.
Tinba 21% - A banking Trojan that steals victim's credentials whenever using web-injects and is activated when users attempt to login to their bank website.
Ramnit 16% - Another banking Trojan that steals banking credentials, FTP passwords, session cookies, and personal data.

Form W-2 Scam

This phishing scam, which is formally known as a BEC (business email compromise) or BES (business email spoofing) attack, first appeared in 2016. But, it's back with a vengeance in 2017. According to the IRS, this is "an email scam that uses a corporate officer's name to request employee Forms W-2 from company payroll or human resources departments" where cyber criminals pretend to be an "executive" to obtain employee names, SSNs and income information so that they can file a fraudulent tax return.

The latest variation of this scam, however, asks payroll or HR staff to wire money to a certain account.

Vishing and Smishing

These scams aren't exactly new, but with the mobile revolution in full swing, they could cause havoc for unsuspecting victims like this woman from the UK and these individuals in the Czech Republic.

Vishing is where a scammer calls you and pretends to be from your bank or a trusted institution like Microsoft. They trick you into thinking that there's an emergency so that you'll willingly hand over account information or download malicious malware.

Smishing, which is short for SMS phishing, works just like phishing in that you're duped into downloading a Trojan horse or virus. However, instead of downloading like this virus from an email, you download it onto your phone via SMS. The most prevalent mobile malware in 2016 was Hummingbird, Triada, and Ztorg.

PayPal Phishing Scam


If you're a PayPal user, you may receive an email that includes the PayPal logo, a well-written message, and even some fine print that informs you that you most login into your account to resolve some issues. You're then directed to click on a link to sign into your account. But, instead of logging into your PayPal account, you're actually logging into a fake page. Now the scammers have all of your PayPal credentials.

To make matters worse, some of these pages are requesting information like the user's address, phone number, social security number, and date of birth.

Venmo Scams

Venmo has quickly become one of the most popular payment apps available. It makes it painless to pay back friends or family and even split bills. However, it's also a hotbed for payment scams.

As reported in VR-Zone; "A man selling his car on Craigslist was scammed out of $1,800 when the buyer agreed to transfer the money via Venmo. According to the seller's report, he confirmed the payment when he received a deposit into this Venmo account. Things went smoothly until Venmo reversed the payment. The car title was already signed over, and the seller was out $1,800.

In another incident, a man selling iPhones over the holiday was scammed out of over $5,000 in a blink of an eye. He saw the money coming into his account, and then after everything was finalized the money was taken back by Venmo."

"These Venmo scams work so well because the scammers know a few things that you don't," writes Alison Griswold for Slate. "They are taking advantage of your assumption that because transacting on Venmo is simple and quick, it is also always safe."

The easiest way to protect yourself on Venmo is to only transfer funds to and from people that you know.

Sneaky Social Media Scams


It's not uncommon for you to catch ads or unsolicited content while on your favorite social media channel. However, like Venmo, social media has become a hotbed for fraudsters. Here are a couple of the more prevalent social media scams to be cautious of;

- Instagram money-flipping scams where a scammer promises that they can help you turn your pictures into card-hard-cash. After sending the initial payment, you never hear from the scammer again.

-Facebook charity scams where you purchase products at unbelievable prices from a fake website.

- Other Facebook scams, such as of pop culture quizzes, free product contests, salacious fake news stories, photos of baby otters, can contain malware links that of pop culture quizzes, free product contests, salacious fake news stories, photos of baby otters before viewing the content.

- Customer service scams on Twitter where hackers pretend to be from a legit organization in order to obtain personal information, like a login, password, account number or PIN, or they may direct you to phishing sites.

- WhatsApp scams that promise a gift card if you complete a survey. In reality, it's a trick so that scammers can steal personal information.

Amazon Gift Cards


According to the Federal Trade Commission, scammers are asking people to buy big online purchases, like a car or a boat, with an Amazon gift card. "Posing as sellers, scammers say they need to sell a car fast -- maybe they're in the military or about to deploy. They tell you to pay with an Amazon gift card."

"Don't do it. Amazon gift cards aren't a way to pay someone -- you can only use them at Amazon.com. So if someone asks you to pay with an Amazon gift card, it's a scam. If you share the code from an Amazon gift card with someone, you're giving that person control of the money on the card. By the time you realize it's a scam and report it, the money will likely be gone."

Fake Altcoin Sites


Cryptocurrency scams have been around since the launch of bitcoin in 2009. However, with eCash becoming more widely embraced by the mainstream, many newbies who want to start investing in cryptocurrency may fall victim the increasing amount of fake altcoin sites.

Examples of these sites include OneCoin, S-Coin, and Earthcoin. Another site, which appears to have been shutdown, is Hashpoke.

To avoid getting scammed, do your research before handing over money to a new or lesser known altcoin site. Look for reviews, trust your instincts when reviewing their website, and stick with reputable bitcoin alternatives like Litecoin or Dash.

Calling the "Issuing Bank"


If you have a brick-and-mortar location, you may encounter a customer whose credit card is denied. They angrily call their "issuing bank" from their cell phone. Once they're in contact with a "representative," they hand the phone over to you so that you can be informed that the card is good and the transaction can be authorized offline. In good faith, you complete the transaction.

According to Heartland Payment Systems, when your monthly statement arrives, you notice a "Code 72 dispute (i.e., the issuing bank received a transaction that was not authorized). The jewelry store's account is debited and a chargeback reversal is denied."

Conclusion


Scammers are always modifying their techniques and using the latest technology to trick you into submitting financial information. In order to stay ahead of these nefarious individuals, follow basic security protocols like not opening links from unknown senders, never sharing account information or information with anyone over-the-phone, avoiding public WiFi, and using anti-virus software, firewalls, and tools that detect malware.

You also need to educate yourself, and your team if you're a business owner, on the most common security threats and stay updated on the latest scams and trends by frequently visiting sites like the Federal Trade Commission's Scam Alerts page and reviewing the previously mentioned Global Threat Intelligence Trends.

Most importantly, don't be complacent. Just because you have anti-virus software and use common sense doesn't mean that you're 100% safe. For example, digital wallets are fairly secure, but some are known to have bugs and security flaws. And, there's always the instances of human error during the card-setup process. In short, make sure that your accounts are set-up properly and that you constantly review your account activity.

----------------------

EMPLOYMENT SCAM TOPS BBB's LIST OF TOP CON JOBS IN 2016
(CBC News, dated 1st March 2017 author Roshini Nair)

Full article [Option 1]:

www.cbc.ca/news/canada/british-columbia/employment-scam-tops-bbb-s-list-of-top-10-con-jobs-in-2016-1.4003556

Canadians lost a reported $90 million to scams last year, but the total could be much higher, according to the Better Business Bureau.

The BBB's newly released list of the top 10 scams of 2016 includes information from the bureau's scam tracker website, the Canadian Anti-Fraud Centre and concerns from community partners.

Danielle Primrose, president of the Better Business Bureau of Mainland B.C., said the biggest scam last year involved fake employment recruiting.

"Even though it wasn't the largest reported loss, it was reported all across Canada," she said.

As part of the scam, callers "hire" people over the phone or online, and ask them for banking information so they can get paid. Instead, they get robbed.

"The scammers are getting very savvy now," said Primrose. "They're getting people to fill out a lot of paperwork and they make it look very official. They'll send you a signing bonus and then ask you to wire money back or send it to another employee."

Other scams that made the top 10 this year included online dating, investment fraud and the notorious Canada Revenue Agency (CRA) tax hoax.

Unreported losses could be much higher


In addition to getting more savvy, the scammers are also getting more profitable, according to Primrose.

The $90-million loss is much higher than in 2015, when $61 million in losses was reported, and 2014, when scammers took $71 million.

While the higher number could be due to increased reporting, Primrose said the vast majority of scams remain unreported.

"We think [$90 million] is only around five per cent of the total loss," she said. "If you do the math, it could be as high as $1.8 billion."

Primrose said many people are reluctant to report a scam because they are embarrassed or don't know where to report. She recommended contacting a local authority or the Better Business Bureau.

Even if you have already been scammed and lost money, it's still important to report it as the statistics are helpful to track the scam, she added.

Top 10 scams (Canada)


Here are the top 10 scams of 2016 and how much was lost based on the people reporting them:

Employment: $5.3 million.
Online dating: $17 million.
Identity fraud: $11 million.
Advance fee loans: $1.1 million.
Online purchases: $8.6 million.
Wire fraud spear phishing: $13 million.
Binary option scams: $7.5 million.
Fake lottery winnings: $3 million.
Scam involving person claiming to be from CRA: $4.3 million.
Fake online endorsements: Amount unknown.

Better Business Bureau (Scam Tracker - North America) : https://www.bbb.org/scamtracker/canada

---------------------------

(1st March 2017)


MAN POSING AS COURIER CONNED ELDERLY WOMEN OUT OF THOUSANDS OF POUNDS
(London Evening Standard, dated 27th February 2017 author John Dunne)
Full article and photograph [Option 1]:

www.standard.co.uk/news/crime/man-posing-as-courier-conned-elderly-women-out-of-thousands-of-pounds-a3476726.html

Elderly women have been tricked out of thousands of pounds by a man pretending to be a courier.

Detectives say the victims received phone calls telling them they had to hand their bank cards and PIN numbers to a courier for security reasons.

The cards and numbers were then used to take cash out of the women's accounts.

Police have issued this image of a man they wish to identify and speak with in connection with the incidents, which all took place in south London.

The first incident took place on November 14 last year at around 10am, when an elderly Croydon woman in her 80s was targeted.

A man was later seen in a Beckenham branch of Barclays Bank using the cards to take £1,000 out of her account.

The second incident was reported in Thornton Heath at about 3pm on Friday January 6 when a woman in her 70s was defrauded.

The suspect was seen withdrawing £5,600 from a cash point at Barclays in Thornton Heath.

Another elderly woman - aged in her 80s - was called by a man purporting to be from her bank at about 2pm on Monday, January 23.

The suspect kept her on the phone for more than two hours and warned her if she didn't hand over her cards and PIN numbers she would be arrested and sent to prison.

A courier collected her cards and withdrew £500 from her account at a cash point in Norbury.

The suspect is described as a black man, about 5ft 8in to 6ft tall, with dreadlocks or braids tied up at the back.

During one of the incidents he wore glasses and distinctive red tracksuit bottoms with the number 23 in white on the right thigh.

People with information are urged to call Detective Sergeant Natalie Reseigh from Croydon CID on 101 or Crimestoppers on 0800 555 111.

 uaware comment

Just because this criminal has operated in South London doesn't just mean he will operate only in that area.

(1st March 2017)


MAN JAILED FOR FOUR YEARS FOR DATING WEBSITE FRAUD
(BBC News, dated 15th February 2017)

Full article [Option 1]:

www.bbc.co.uk/news/uk-england-hampshire-38980568

A fraudster has been jailed for conning money from women he met through dating websites.

David Coombs also targeted people in hospitals in Hampshire and Dorset, pretending to be a wealthy businessman.

The 52-year-old, of Hunston Road, Chichester, had previously pleaded guilty to nine fraud offences committed in 2015.

He received a four-year sentence at a hearing at Southampton Crown Court.

Police said his victims were aged between 49 and 83 years old.
'Immeasurable effect'

Coombs would strike up relationships with them before asking to borrow money claiming his wallet had been stolen or his card mistakenly blocked by his bank.

He purported to be a wealthy businessman, employed by an interior design company, and claimed to have multiple properties and offshore bank accounts.

Coombs came to the attention of police after one woman he had been in a relationship with contacted them when he began to harass her.

Det Sgt Will Whale said he had been "spinning a web of lies" over 22 months.

"His persistent offending has had an immeasurable effect on the lives of his victims, not just financially but also psychologically."

(1st March 2017)


THE INTERNET SCAMMER WHO LOVED ME.......NOT
(The Guardian, dated 11th February 2017 author Sofija Stefanovic)

Full article [Option 1]:

www.theguardian.com/lifeandstyle/2017/feb/11/internet-scams-dating-romance-money

On 2 February, at the cusp of Valentine's Day, the Los Angeles sheriff's department warned of the "growing criminal epidemic" of romance scams during a community meeting called Love Hurts. Romance scams are a type of online fraud, in which criminals pose as desirable partners on dating sites or email, win the hearts of their victims and end up fleecing them of their money. Lt Antonio Leon said the forum's name was tongue-in-cheek, "but the truth of the matter is that love really does hurt, for some people".

According to the Internet Crime Complaint Center, last year romance scam victims lost $173m in California alone. Ouch. And that's just the reported scams; victims are often too embarrassed to report they've been duped.

So how is it possible people still fall for them? That's the attitude I used to have - until I got involved with a scammer myself, and things got messy.

I met "Cindy" via my spam folder, not long after I moved to New York City from Melbourne. "If you would be interested for a serious friendship hit me back with more details about yourself. I am 26 years old, I live alone in Senegal." Yes, Cindy was obviously a scammer. And knowing this, I got back to her.

Let me back up. I'd become fascinated with scams back when I lived in Australia. Back then I was researching them for a TV show. Scams were a hot-button topic, and I went to a victims' support group to learn more. That's where I met a widower named Bill.

"I just wanted someone to hold me," Bill said, explaining why he joined a dating site in the first place. He met someone, fell in love, and was eventually left bankrupt. Bill and I became friends. He was a smart, worldly man, and I was baffled as to how he could have fallen for a scam.

Just before I left Australia, Bill and I celebrated his 80th birthday. We talked about his scam, and Bill said something that stuck with me. He said that in the back of his mind he knew he was being scammed, but he kept sending money because couldn't bear for his relationship to end. This fascinated me - it seemed his loneliness overrode his common sense. Even as Bill and I spoke about the detrimental effects of scams, I was pretty sure he was still sending money overseas. I suspected that when I left his place, he'd jump online and give himself over to his scam once more.

Not long after, I moved to New York with my boyfriend, Michael. Michael went to work in an office and made new friends, while I stayed home and researched scams. I was haunted by Bill's story, and I wanted to write about lovelorn victims like him, but I also wanted to find out more about perpetrators - those who leech victims of their money.

And that's when Cindy's email arrived. I got a notification that Cindy wanted to talk via Gchat, and voilà, I thought: I had my guinea pig scammer.

In customized curly rainbow font, Cindy asked what the weather was like in Mumbai, which made me realize she had her wires crossed between me and someone else she was scamming. I decided there was no need to correct her, for now, so I Googled the weather in Mumbai.

Cindy sent a photo: a pretty, ponytailed woman about my age, with a full build, leaning against a car. Scammers often steal photographs online, and though I knew that the "Cindy" I was chatting to was probably not the woman in the photo, it was easier to attach a face to the name. So whenever I communicated with Cindy, I pictured the woman leaning on the car.

The soccer World Cup was starting, and in Australia I'd always watched with friends. Cindy said she wasn't into soccer, but that she'd make an effort to watch because I liked it, and that's the sort of thing people in relationships did for each other. According to her, we were dating.

So while my boyfriend was at work, my Senegalese girlfriend and I watched soccer and chatted online. When my boyfriend wasn't at work, I tactfully closed my laptop, because I preferred for him not to think I was chatting to a scammer all day.

Cindy was either the most attentive person I have ever semi-dated (ready with a "hi babe!" the second I came online) or she was a team of people. I knew scammers often worked for syndicates, taking shifts, communicating with dozens of victims at once, referring to dossiers ("she is into World Cup soccer", mine might say). Whether Cindy was a lone wolf or a group, I took comfort knowing I was chatting with someone real - which was better than talking to my dogs - so I'd rattle off my opinions on Brazil's team into a chat box and wait for Cindy's immediate ping of response.

And then, one day, Cindy asked for my photo.

Cindy surprised me by saying she believed women should date men, but that she had fallen in love with me

This was a problem, as she still thought I was a middle-aged Indian man. I decided to come clean. "I am a woman. I hope you won't be angry with me," I said, assuming she would dump me and move on to a more trustworthy victim.

But Cindy surprised me by saying she'd been brought up believing women should be with men, but that she had fallen in love with me, and was willing to take a chance on a same-sex relationship if I was. I found this simultaneously funny, confusing and endearing. She asked for a photo, and, slightly baffled by this turn of events, against all reason, I sent one.

That night she sent an email:

"The feelings I have for you is true and will last for Eternity as long as you accept me in your heart just as I have accepted you.

"I love you. I Love Every little thing about you.

"I love your Cute smile, your magical eyes, and the sound of your words."

And though I was fully aware that Cindy had cut and pasted this from somewhere, and I knew that a scammer's job was to stroke victims' egos, I couldn't help but glance at the photo I sent Cindy to see if my eyes did indeed look magical.

Cindy asked me to call. Suddenly my scammer had a voice, which didn't sound like that of a criminal, but of a tired woman keeping her voice down. A baby started crying and Cindy was quick to say it was someone else's kid. I wondered if she was lying. Does she have a partner, I thought, or is she a single parent?

Then Cindy told me she was being evicted, and she needed $140. And there it was: I'd been expecting her to ask for money all along, except suddenly I wasn't ready for it. Cindy was no longer a random email in my spam folder. She was a person on the other end of the line, asking for help. It was suddenly hard to just say "no".

Instead, I beat around the bush like a coward. I pretended I had a friend whom I'd told about Cindy, and the friend suggested Cindy might be a scammer. Cindy acted outraged at the suggestion, and our conversation petered out, with me saying I couldn't spare the money.

I Googled Senegal and discovered that almost 50% of its population lived in poverty. Who's to say Cindy wasn't being evicted? I thought. Right on cue, an email came from Cindy. "My life is not easy," she said. "I am trying to survive as a responsible girl. I do not go out to sell my body like some other girls do here."

I knew scammers rarely got arrested; it was a relatively safe crime. If one of the other options was sex work, I could see that chatting to amorous westerners on the internet would be more appealing. Could I blame her for what she was doing? I felt like a jerk for stringing her along.

I decided to write an email, from the real me, to the real Cindy. I intended to tell her a bit about me, but I found myself telling her a lot. I told her my family came to Australia when the war in Yugoslavia began, and that my dad died when I was a child. I wrote that when we moved to Australia, my parents never thought we'd be split up again, yet I'd voluntarily moved to New York City, and I felt guilty. I said I felt lonely and friendless.

I wasn't sure why I told Cindy all this, but in hindsight I think it was because I wanted her to like me. And as I wrote, I found myself tearing up. I told her I didn't blame her for being a scammer, and that I wanted her to be honest with me. I said that if she told me about her real life, about scamming, I would find some money to send her.

She wrote back ignoring most of what I said, emphasizing that she was not a scammer - and including her Western Union details. I felt a pang of annoyance and embarrassment for opening up to her. Did she think I was an idiot? Cindy and I went back and forth playing this game: me offering money for the truth, and Cindy feigning ignorance. We were at an impasse.

Finally, Cindy snapped. She called me a wicked, selfish woman. She said she never wanted to hear from me again. And for the first time in a long time, my computer went silent.

After Cindy dumped me, I felt like I understood Bill better. He knew in the back of his mind he was being scammed, but he chose to keep going so he wouldn't end up where I was. Bill had made excuses for his scammer, just like I'd made excuses for Cindy.

It reminded me one of those bad relationships where you're willing to overlook so much because you don't want to be alone.

Romance scams, I decided, weren't about being tricked by someone, they were about tricking yourself - telling yourself lies, to keep loneliness at bay.

(1st March 2017)


SCAM ALERT : ANATOMY OF AN INHERITANCE FRAUD LETTER
(Forbes, dated 19th February 2017 author John Wasik)

Full article [Option 1]:

www.forbes.com/sites/johnwasik/2017/02/19/scam-alert-anatomy-of-an-inheritance-fraud-letter/#384c6b36e685

My wife received a letter from Canada the other day. It was neatly typed, but had no return address.

The first paragraph sounded promising, noting an "inheritance opportunity" with "genuine intentions." Not suprisingly, letters that start this way are anything but genuine.

According to the letter, an unknown relative of my wife died in Canada in 2007: "Unfortunately, this customer died intestate leaving his bank account with an open beneficiary status."

At the end of the second paragraph, the good news emerges: "I would like to present you to our bank as his next of kin to claims the dormant account worth $6.9 million."

Oh boy, this fellow wants to help us claim $7 million from a relative my wife never knew she had -- in Canada, no less. The money sure could come in handy!

Of course, this letter, if we reply to this fellow, is going to request our bank account and other financial information, perhaps even a Social Security number. Then he will either sell this information or just fleece us by opening up fraudulent credit card or other accounts. He'd also ask for a fee to cover transaction costs, which, of course, we'd never see again.

What tipped me off immediately? Here are the danger signals:

-- No return address. Just a personal email is provided.

-- No banking identification. Although "Richard Atkins" claims to be "an account manager with the Royal Bank of Canada," why isn't it on official stationery? Even if bank stationery was faked, if someone was trying to track you down for an inheritance it would be through certified mail and most likely through a law firm.

-- The name used in the letter. Only my wife uses the surname in the letter, so it's not possible she would have another relative with that name.

-- Request for more information. The letter closes with "I will discuss more details...this is an opportunity of a lifetime." Well, this is not about a sweepstakes. Had we followed through to give this guy our personal information, we would've gotten into trouble. The letter might also ask us to send cash "to complete the transaction."

"Similar to the Nigerian Scam and the foreign lottery fraud, the promise of untold wealth is used to distract the overly trusting away from the sorry fact that they are being asked to send money," notes Snopes.com.

"In all three cases, the con works the same way: after being mesmerized by the vision of riches to come, those being taken advantage of are required to open their wallets and whip out their checkbooks to bring about the happy event. There is no dead Uncle Fred, no rich deceased Reese. It's all a lie told to part you from your cash."

Moral of the story: Windfalls happen, but you should be able to verify them and not provide any money or information that can be used to fleece you.

(1st March 2017)


I FELL FOR A CARBON CREDIT SCAM. CAN I GET MY MONEY BACK ?
(The Telegraph, dated 19th February 2017 author Jessica Gorst-Williams)

Full article [Option 1]:

www.telegraph.co.uk/money/jessica-investigates/fell-carbon-credit-scam-can-get-money-back/

Note : This is a question and answer article.

Question


Some years ago I bought an investment in the carbon credit market.

Then three years ago I got caught in a scam via a Spanish company. It wanted £1,500 upfront, which I paid. Fortunately I was able to retrieve this as I had used a credit card.

Having consigned this to the past, I recently received a call from someone else advising that he had a customer for my carbon credits who was willing to pay more than £30,000.

He put me in touch with his "floor manager" who explained that an upfront payment of £8,000 was necessary to put all the legal documentation in place. This fee was to be completely refundable on completion of the deal.

I am totally unprepared to commit such a lot of money with such uncertainty.

I would dearly like to recover this investment but not at such a risk. What do you think?

By the way, the deal "has to be completed by Friday".

DB, Middlesex

Answer / response

Some fraudsters were quite recently jailed for cheating dozens of people out of millions of pounds by deliberately selling carbon credits they knew to be worthless or of only nominal value.

What you describe has the hallmarks of a scam and you are quite right not to be falling for it.

You have been caught out in the past so it is likely that you are on a "suckers' list", with your details circulating among fraudsters.

You do not say who you originally "bought" the carbon credits from but I hope it was for far less than the sum it is being alleged they could be sold for now.

Cold callers touting any investment offers should be treated with extreme caution. You can safely assume that all will be bogus. The adage, "If it seems too good to be true, it probably is" is as relevant today as it ever was.

Be suspicious of any transaction that requires an upfront fee in such circumstances. And always consider why it is not being suggested that the fee should be deducted from the proceeds.

The haste you describe is a common tactic designed to blind victims to sheer common sense.

When I tried the 0203 phone number you had been given and which you thought was bona fide, it seemed to be re-routed halfway around the world and I gave up.

Moreover, the firm that called you this time is now on the FCA's website for providing financial services or products without the regulator's authorisation.

See register.fca.org.uk or call 0800 111 6768 for any queries.

Postings on this website do take time to go up and the fact that a firm isn't featured on the blacklist doesn't necessarily mean it is OK. This site also has a useful page featuring carbon credit trading.

Con men operate through charm, persuasion and flattery, and sometimes by inventing their own hard-luck story. They tend to have an instinctive nose for their victims' weaknesses and prey on loneliness.

Do report all such occurrences to the FCA.

(1st March 2017)


TRAVELLERS WARNED AFTER SURGE IN "FAKE" BOOKING WEBSITES FOR HOLIDAY VILLAS
(London Evening Standard, dated 17th February 2017 author Benedict Moore-Bridger)

Full article [Option 1]:

www.standard.co.uk/news/techandgadgets/travellers-warned-after-surge-in-fake-booking-websites-for-holiday-villas-a3469141.html

Holidaymakers were urged today to be wary of "fake" booking websites that are fleecing customers of significant sums of money.

Several new alleged scams have been detected this month after hundreds of travellers were taken in by similar sites last year, the boss of a leading holiday booking website today warned.

Nick Cooper, founder and co-owner of Villa Plus, said cyber-criminals were again targeting holidaymakers by fraudulently advertising homes and taking cash for bookings.

Villa Plus said it contacted police after discovering its properties were being advertised on websites without the owners' knowledge or consent. Last year, fake sites conned hundreds of people and a police report said holidaymakers lost £11.5 million in 2015 in booking scams.

Mr Cooper said there had been a marked increase in the number of fake sites since August, claiming that it could take months for web hosting companies to shut them down. He said: "Scam websites are promoting villa rentals, where there is seemingly no intention of providing any service other than to steal customers' money, and more must be done by those responsible for hosting the sites to shut them down.

They are operating illegally, and it seems, with impunity. Our solicitors have attempted to get the host of the sites in question to take action but they have unfortunately refused to do so in the absence of a court order."

Mr Cooper said the scams could be very sophisticated, typically involving websites with search results showing plenty of peak season availability and professional photographs of villas copied from genuine websites.

Villa Plus contacted Action Fraud on February 7 to report the apparent deception.

In a letter, Pauline Smith, head of Action Fraud, the national centre for reporting fraud and internet crime, said the case would be sent to City of London Police's National Fraud Intelligence Bureau which would assess whether there was "enough evidence for the police or Trading Standards to investigate your fraud".

A police source said two websites, luxuryrentalsvilla.com and cycladesrentals.com, were being shut down in response to an alleged fraud.

The source said: "We are using the tools available to protect other holidaymakers from falling prey to the same scam websites. Any prosecution of the website owners will be a longer job to prepare."

A City of London police spokesman confirmed it had "requested that two websites be suspended", meaning they will not be able to trade under those domain names.

He said: "Following an allegation made to Action Fraud the City of London Police has requested the suspension of website domains suspected of being involved in fraud.

"The Internet service provider has since taken down the websites."


City of London police commander Chris Greany, national co-ordinator for economic crime, said: "When booking a holiday, it is vitally important you take your time and follow a number of basic checks designed to protect you from falling victim to a fraud.

"These include researching the name of the company online you are considering using and ensuring it is a member of a recognised trade body. It is also key that you make sure the website is legitimate by carefully checking the domain name and pay with a credit card, rather than using a debit card or cash."

Last year City of London Police requested the suspension of 160,000 websites, bank accounts and phone lines used by fraudsters to commit crime, the spokesman added.

Policing fraudulent websites is notoriously difficult because site owners can make subtle changes to the domain names in order to keep operating and websites based outside the UK are much harder to control.

Last year, a report by the NFIB revealed fraudsters stole £11.5 million from holidaymakers and other travellers in 2015, a 425 per cent increase on the previous year.

The most common types of fraud related to accommodation, with scammers conning travellers by setting up fake websites, hacking legitimate accounts and posting fake adverts on websites and social media.

Luxuryrentalsvilla and cycladesrentals did not respond to requests for comment.

(1st March 2017)


COLD CALLER "HOUNDED ELDERLY COUPLE TO THEIR DEATHS" AFTER LEAVING THEM MORE THAN £74K IN DEBT
(The Telegraph, dated 10th February 2017 author Telegraph Reporters)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/02/10/cold-caller-hounded-elderly-couple-deaths-leaving-74000-debt/

A cold caller "hounded an elderly couple to their deaths" by bombarding them with sales calls and leaving them more than £74,000 in debt, a court heard.

Barbara Stone targeted John and Olga Moyle on a daily basis from as early as 7.45am and convinced the pair to place adverts in a lifestyle magazine for the small holiday home they owned in France.

The 62-year-old persuaded Mr Moyle to hand over £8,000 a month for almost a year, falsely promising non-existent sponsors would reimburse the money.

But not a single booking for the property, near Nice, was ever made - and the Moyles were eventually forced to sell the Shropshire home they had lived in for almost 50 years to pay off the debts they built up because of the scam.

Grandmother Mrs Moyle, 84, died just a month after the house was placed on the market in 2011. Mr Moyle, who had pleaded with Stone to stop, passed away four years later at the age of 83. A judge, Trading Standards, and the couple's daughter have all said they believe the "relentless" sales representative's actions played a part in their deaths.

At Nottingham Crown Court on Friday, Stone, of Winston, Leicester, admitted two counts of fraud by false representation between January and November 2010, and was given a 22-month suspended jail term.

Judge Stuart Rafferty told her she had "made people's lives a misery" and "hounded (the Moyles) to death".

The court heard Stone, who worked for a West Midlands-based? magazine, first contacted retired teacher Mr Moyle in 2010, offering to advertise stays in the two-bed holiday home he and his wife owned in the south of France, which required around £5,000 a year in upkeep.

For the next 10 months, she inundated the couple with calls, pressuring them into taking out more adverts in the publication. Mrs Moyle, who had also worked as a teacher, was suffering from cancer at the time.

Mr Moyle ended up spending all the cash he had taken from an equity release scheme on his home on the worthless adverts, as well as exhausting the couple's life savings and using a credit card. They lost a total of £74,139 and were also conned out of thousands more by another company, which Stone had previously worked for.

Left with nothing, the pair were forced to sell the village home they had lived in since 1964. After Mrs Moyle's death, her husband moved into a smaller property in nearby Ludlow with the financial help of his daughter, Franny.

She said: "The story of what happened to my parents is just astonishing and seven years on it still keeps me awake at night. I completely agree with the judge - they were hounded to death by Stone. My mother was ill - but the last year of her life on this earth was an utter agony.

"Stone would ring every day, putting my father under huge pressure - harassing him, when he should have been looking after his poorly wife. Whenever I tried to call I couldn't get through - the line was constantly engaged.

"It is quite clear to me that she targeted my father. She put him under huge duress, managing to secure £8,000 a month in advertising from them as a couple. My father didn't realise that amount of money was going out because he wasn't checking his accounts. He wasn't checking his accounts because my mother was dying."

Ms Moyle, 52, a writer and TV executive producer who lives in Hackney, London, added: "When they realised they had lost everything, and the house they lived in all their lives, it was, I suppose, a moment of great trauma.

"My father was a broken man. My mother was ever so brave and she put the house on the market with him. But within about a month of it going on the market, in February 2011, my mother died.

"Then he died four years later in the midst of misery, feeling he had brought this disaster on the family. Can you imagine his guilt? He cried himself to sleep for the last years of his life. And for what? A quarter page advert? A sales bonus? A pat on the back from a colleague? It's utterly horrendous."

Ms Moyle, who has three children, said her father wrote to the magazine? in June 2010 begging for the calls to stop, and saying he was "alarmed by the amounts which have been extracted from our account, for advertising with your paper".

But she added Stone was "straight back on the phone" and the harassment continued for another five months. The scam finally came to an end in November 2010 after Ms Moyle discovered what had been going on with Stone and her parents, calling in the police and Trading Standards.

She said: "When I found out what had been going on I was in shock, horrified. Stone must be without scruple. She has shown absolutely no remorse whatsoever. And I have contacted [the magazine]? - but they just said they would look into it.

"I believe that the relentless, daily telephone calls deprived my parents of normal life at a time when they most needed calm security and peace and quiet. I feel equally sure that the realisation that they had lost such a vast sum of money hastened my mother's death.

"My poor father, a man who had been so careful with money all his life and was then plunged into so much debt that he was forced to sell the home he and my mother had shared for almost 50 years, never recovered from the events of that year, which cast a shadow over the end of his life, and continue to cast a shadow over mine."

Ms Moyle said she didn't know how Stone had managed to get hold of her father's details, but thought it may have been through previous adverts he had placed about the French property in a cross-channel ferry magazine.

Speaking before he died in 2015, Mr Moyle said: "I do get annoyed with myself that I fell for it, but they're just persistent. The whole time I just wanted to get rid of it all because I had so much else on my mind."

The second fraud count admitted by Stone related to a £14,100 loss experienced by Jutta Patterson, who ran a dog rescue home in Shropshire. Mrs Patterson was led to believe that a sponsor would fund an advertising campaign in a magazine on behalf of the dog charity and the magazine would publish advertising for a year at a cost of £6,000, neither of which materialised.

James Delaney, from Trading Standards, described Stone as "heartless". "She embarked on a callous cold-calling campaign subjecting people to direct pressure, pressurised sales, and she was relentless in taking money from them fraudulently," he said.

"I hope it sends out a message that we will pursue any company that looks to make illegal gains fraudulently by misleading businesses and consumers. We would tell people to report it if they believe they have been a victim of a scam.

"Stone was callous and manipulative. She relentlessly targeted people who begged her to stop. Unfortunately the Moyles are not here today and I'm sure her behaviour had an impact on their final years."

Stone declined to comment as she left court. Her defence team in court said she was "stressed at work, eager to please bosses and did not receive any of the money".

Highest financial losses between January and March 2016


Coventry : 97
Tonbridge : 94
Brighton : 84
Bournemouth : 83
Swansea : 79
Norwich : 77
Redhill : 71
Chester : 64
Gloucester : 63
York : 62
Rochester : 61
Exeter : 61
Llandudno : 53
Hemel Hempstead : 48
Lancaster : 47
Lincoln : 31
Salisbury : 31
Dorchester : 28
Torquay : 27
Telford : 22

(1st March 2017)


ONLINE DATING CONMEN "USING LOVE LETTER TEMPLATES"
(BBC News, dated 12th February 2017 author Zoe Kleinman)

Full article [Option 1]: www.bbc.co.uk/news/technology-38936509

People looking for love online are being urged to do a search of phrases in the messages they receive to help them spot sweet-talking conmen.

A new UK campaign, starting on Sunday, aims to raise awareness about the growing problem of online dating fraud.

The campaign, Date Safe, suggests criminals are using love letter templates and an online search could flag up some of the stock phrases.

Police say the average dating scam victim is aged 49 and loses £10,000.

The new report, published by the City of London Police and the National Fraud Intelligence Bureau, also reveals that on average, money is transferred within 30 days of initial contact with the perpetrator.

Repeat victims

In a dating scam, criminals pose as potential matches and contact people seeking romance on dating platforms - then, after a period of correspondence and sometimes also phone contact, they start asking for money using various excuses.

The police report, which analysed data from the Action Fraud helpline, estimated that in the UK a victim files a report about dating scams every three hours.

Of those who stated their gender, 61% of the victims were female and 66% of the suspects were male, it said.

While most activity occurred on dating websites, the majority of the 15% that did not was carried out via Facebook, the report claimed.

It also said that 213 people admitted they had been a victim of a dating scam more than once.

"The growth in online dating has led to a rise in organised criminals targeting people looking for love," said Commander Chris Greany, of the City of London Police and National Co-ordinator for Economic Crime.

"These crimes destroy lives and the emotional damage often far outweighs the financial loss.

"Never give money to people you meet online, no matter what emotional sob story the person uses."

People are also advised to talk to friends and family about those they are in touch with online.

Dating scam 'packs'


Criminals can purchase scam "packs" containing love letter templates, photos, videos and false identities for as little as a few dollars on the dark web, said Prof Alan Woodward, cybersecurity expert at Surrey University.

"So many people fall for these scams that the price of the packs has dropped as it has become a high volume sale," he said.

"Social engineering is a very active black market.

"As dating scams are becoming more widely known, there is evidence that a follow-up scam has been developed where 'detectives' or 'investigators' offer to try to recover any money you may have been duped out of... for a fee," he added.

"Needless to say it is throwing good money after bad."

The Date Safe campaign is a partnership between Get Safe Online, Victim Support, AgeUK, City of London Police, the Metropolitan Police and the Online Dating Association.

(1st March 2017)


"I PAID £6,000 TO AN eBAY FRAUDSTER. WHY DIDN'THE CRIMINALS BANK HELP ME ?"
(The Telegraph, dated 12th February 2017 author Amelia Murray)

Full article [Option 1]:

www.telegraph.co.uk/personal-banking/savings/paid-6000-ebay-fraudster-didnt-criminals-bank-help/

Victims of fraud struggle to navigate the complicated process of reporting the scam and often feel that the criminals have more rights than they do.

Some victims seek help and information from the bank used by the fraudsters, only to be told that data about the criminals' accounts cannot be disclosed because of data protection rules.

When one reader, Alistair Black, paid £6,000 for a non-existent Harley-Davidson motorcycle on eBay, he thought the recipient bank would be best placed to stop the payment leaving the fraudster's account.

However, when he tried to report the fraud to Nationwide, the criminal's provider, it refused to help.

Banks have a duty only to their own customers - in this case, the fraudster - and could not tell Mr Black anything because of "data protection".

Mr Black also reported the crime to eBay, his local police in Rothesay, on the Isle of Bute, Scotland, and Action Fraud, the national cybercrime reporting service.

Mr Black, 62, a motorcycle enthusiast said he mentioned the fraud in passing to a staff member at his branch of Halifax, but didn't think it could do anything as he had instructed it to make the payment.

Mr Black said he felt that he had been a "bit of a fool".

He had used eBay for the first time and was drawn to the motorbike by its attractive price.

"I would've paid £7,000 for that bike. Or even £8,000," he said.

After extensive correspondence with the fraudster, Mr Black was convinced he was genuine seller who "wrote in perfect English and knew about bikes".

However, he did find it odd that when he asked for a phone number, the request was ignored.

Mr Black made a £6,000 bank transfer in his branch on November 1. When the bike failed to arrive as agreed that week, he contacted the buyer but got no response.

He contacted the organisations he thought would be able to help, but didn't realise that any remaining funds would need to be clawed back by his own bank.

###No word from the banks - and an unexplained delay

In mid-December, police told Mr Black that there was £2,500 frozen in the criminal's account.

Mr Black said this was the first he had heard of remaining funds.

According to Mr Black, police said the criminal had withdrawn £3,000 from a Nationwide branch in the south of England on the day of the transaction and then took out £500 from a cash machine outside.

It was then that Nationwide became suspicious and froze the account, although it would not say what caused the alert.

The building society then contacted Mr Black's bank, Halifax, to make it aware of the scam.

However, under data protection regulation, Nationwide was not permitted to inform Mr Black of the remaining funds.

Mr Black contacted Halifax on December 19 and asked it to get his money back.

However, the bank did not carry out his instruction until eight weeks later on February 6 - and then only with the involvement of Telegraph Money.

Halifax admitted it had been contacted by Nationwide on November 3 regarding Mr Black's transaction.

The bank claimed it "attempted to reach" Mr Black by telephone.

When it could not get through, it sent a letter, which Mr Black said he did not receive.

Halifax did not comment on what caused the delay, but has apologised to Mr Black and offered him £150 as a goodwill gesture. It explained to Mr Black that it would take six to eight weeks to get his £2,500 back.

Protecting the fraudster?

Numerous victims of fraud have told this newspaper that they feel the criminals have more rights than they do.

The recipient bank, which manages the account on behalf of the criminal, cannot communicate information about the fraudster's account, such as whether it was newly opened or if fake identity documents were used, because of data protection and other legislation.

David Clarke, a former detective and director of the Fraud Advisory Panel, a charity, said scam victims should be able to find out if there was any way the bank could have prevented it. And if the answer was yes, the banks should be viewed as "having facilitated the crime".

If police investigate the crime, they are unlikely to reveal details about the fraudster either. But such information could make the difference between getting your money back and not.

For example, David Burton was reimbursed £3,400 by TSB two years after he was tricked into buying a fake motorhome on eBay after police told him that the criminal had used false details to open the account.

The British Bankers' Association said the financial industry was working closely with law enforcement agencies to improve the handling of cases that involved suspicious activity.

A spokesman for Nationwide said: "In order to open an account, customers have to provide valid identity documents to verify their name and address. If there is any suspicion of fraud, an account would not be opened.

"Nationwide takes the protection of customers' money very seriously, and if we notice any suspicious activity, we will take action, as we did in this case."

(1st March 2017)



WARNING TO SHAREHOLDERS
(BT Corporate website, dated February 2017)

Full notice [Option 1]:

www.btplc.com/Sharesandperformance/Shareholders/Shareholderadministration/Unsolictedmail/Warning.htm

Fraudsters use persuasive, high pressure tactics to scam investors. They may offer to sell you shares that turn out to be fake of worthless, or to buy your shares at a high price if you pay an upfront fee. Either way, the promised profits won't materialise and you'll probably lose your money. Here's how to avoid investment scams.

Remember: if it sounds too good to be true, it probably is!



HOW TO AVOID SHARE FRAUD


1. Reject cold calls

If you've been cold called with an offer to buy or sell shares, chances are it's a high risk investment or a scam. You should treat the call with extreme caution. The safest thing to do is to hang up.

2. Check the firm on the FS register at www.fca.org.uk/register

The Financial Services Register is a public record of all the firms and individuals in the financial services industry that are regulated by the FCA.

3. Get impartial advice

Think about getting impartial financial advice before you hand over any money. Seek advice from someone unconnected to the firm that has approached you.

REPORT A SCAM

If you suspect that you have been approached by fraudsters please tell the FCA using the share fraud reporting form at www.fca.org.uk/scamswhere you can find out more about investment scams. You can also call the FCA Consumer Helpline on 0800 111 6768.

If you have lost money to investment fraud, you should report it to Action Fraud on 0300 123 2040 or online at www.actionfraud.police.uk

Find out more at www.fca.org.uk/scamsmart

Further BT advice on scam prevention :

http://btplc.com/Inclusion/ProductsAndServices/Scams/index.htm?s_cid=con_FURL_scams

uaware Disclaimer

The uaware website considers the advice provided within this BT corporate notice as being sensible and concise. The uaware website does not neccessarily agree that these suggestions are the only precautions that should be taken.

(1st March 2017)


"YOUR BILL IS READY" RANSOMWARE ALERT
(Action Fraud, dated 26th January 2017)
www.actionfraud.police.uk

Fraudsters are sending out a high number of phishing emails to personal and business email addresses pretending to come from 'noreply@relishcare.net, with the subject line being 'Your Relish bill is ready'. This is a 'spoofed' email pretending to come from the London based broadband company 'Relish'. The emails contain a link which will redirect victims to a compromised website. Once at the destination website a .zip file containing concealed JavaScript will be downloaded onto the victim's device. This JavaScript is ransomware and will encrypt files on  the victim's devices and demand money (up to £1000) from the victim to recover the files.

Prevention Advice :

Having up-to-date virus protection is essential; however it will not always prevent you from becoming infected. Please consider the following actions:

- Don't click on links or open any attachments you receive in unsolicited emails or SMS messages. Remember that fraudsters can 'spoof' an email address to make it look like one used by someone you trust. If you are unsure, check the email header to identify the true source of communication. Details on finding email headers can be found online.

- Always install software updates as soon as they become available. Whether you are updating the operating system or an application, the update will often include fixes for critical security vulnerabilities.

- Create regular backups of your important files to an external hard drive, memory stick or online storage provider. It's important that the device you back up to isn't left connected to your computer as any malware infection could spread to that as well.

- Don't pay extortion demands as this only feeds into criminals' hands, and there's no guarantee that access to your files will be restored if you do pay.

- If you think your bank details have been compromised, you should immediately contact your bank.

If you have been affected by this, or any other scam, report it to Action Fraud by calling
0300 123 2040, or visiting www.actionfraud.police.uk

(4th February 2017)


AMAZON AND PAYPAL FRAUDSTERS "UP THEIR GAME WITH FAKE MESSAGES"
(The Telegraph, dated 2nd February 2017 author Amelia Murray)

Full article [Option 1]:

www.telegraph.co.uk/money/consumer-affairs/amazon-paypal-fraudsters-game-fake-messages/

Fraudsters are perfecting the art of impersonating large companies such as PayPal and Amazon, Britain's leading anti-fraud agency has warned.

A combination of improved technology and more accurate spelling and grammar is making the fake communication harder than ever to detect.

Tony Neate, of Get Safe Online, described the bogus messages as "highly convincing" which often appear to come from genuine addresses.

In many cases they indicate that some sort of error has been made - as a prompt to recipients to take action.

The fake Amazon email, below, looks just like an order confirmation but contains details and delivery date of a product that the recipient did not order, for example.

One message seen by Telegraph Money suggested the customer had purchased a hard drive for £129.11. Another confirmed the sale of six "Amscan International Baby Little Angel Costumes" for £69.49.

Other customers have reported receiving similar emails for TVs, cameras and iPhones.

The messages appear to come from legitimate email addresses Amazon UK and server-info@amazononline.co.uk.

However, correspondence from the UK arm of Amazon would be sent from an address ending in @amazon.co.uk.

These messages are designed to get customers to query the order by clicking on the link at the bottom of the email.

On one of the emails it says: "If you haven't authorized the transaction, go to the Refund page for full refund."

Other messages require similar action.

Customers who click through are typically led to an authentic-looking website, which asks victims to confirm their name, address, and bank card information, according to Action Fraud, the UK's cyber crime reporting service.

Action Fraud said one victim who entered his details had £750 stolen from his Nationwide account as a consequence. This was repaid by the bank after he reported it.

Those who use PayPal should also be on high alert as another convincing phishing scam does the rounds.

The text message, which using a spoofed phone number appears to come from PayPal, explains the customer account has been suspended due to unauthorized login attempts and offers a link for customers to click on to confirm their details.

These spoofed texts are especially concerning, according to Tony Neate, chief executive officer of Get Safe Online, the government-backed cyber safety initiative.

With spoofed emails, you can usually hover over the address and the real one is revealed.

However with texts, consumers may not know the real providers' phone number.

Mr Neate says spoofing contact details is easy to do. There are a number of websites who offer the service as a way to "prank" your friends.

"I'm not saying this sites are set up for criminals but are they taking into account that fraudsters are making use of the spoofing services as well as those looking for a laugh?" said Mr Neate.

raudsters use well known brands such as Amazon and Paypal to target numerous victims with relevant messages designed to cause panic.

While obvious spelling and grammar is improving in scam messages, Mr Neate suggested there are a number of suspicious signs to look out for.

He said, for example, "the "bit.do" would be a strange link for PayPal to use and the fact that they have also used the American spelling of "unauthorised" is unusual for a UK customer."

Mr Neate suggested those who are concerned about their online accounts should change their password and use different ones for each service.

He also suggested contacting the genuine company the fraudster is attempting to purport - in this case Amazon and PayPal - using the correct details.

A PayPal spokesman said all communication to account holders regarding account limitation would be sent to the secure message centre with their PayPal account.

Any concerns about fraudulent messages should be sent to spoof@paypal.com.

(4th February 2017)


POLICE WARN : "CAN YOU HEAR ME ?" PHONE SCAM COULD COST YOU A LOT
(Good Housekeeping, dated 27th January 2017 author Diana Bruk)

Full article [Option 1]:

www.goodhousekeeping.com/life/news/a42577/can-you-hear-me-phone-scam/

Police are warning cellphone users of a terrifying new scam, multiple news agencies report. The scam is brilliantly simple: all it consists of is a scammer calling from an unfamiliar number (but often one with a familiar area code) and asking, "Can you hear me?" It seems like a simple question, and most people would just answer, "Yes." In this case, however, the hacker records you saying "Yes" and then uses the response to authorize credit card or bill charges.

"You say 'yes,' it gets recorded and they say that you have agreed to something," Susan Grant, director of consumer protection for the Consumer Federation of America, told CBS News. "I know that people think it's impolite to hang up, but it's a good strategy."

While "Can you hear me?" seems to be the most popular question, scammers are using other questions that would prompt a "Yes" response, like "Are you the homeowner?" and "Do you pay the bills."

Fox News provided the following tips to avoid this scam:

- Do not answer the phone from numbers you do not recognize.
- Do not give out personal information.
- Do not confirm your number over the phone.
- Do not answer questions over the phone.

If you do receive a suspicious call, authorities are advising people to hang up right away and call 911. And if you've already received a call like this, make sure to carefully monitor your credit activity!

---------------------
POLICE ARE WARNING AGAINST SCARY NEW PHONE SCAM (Extract)
(Real Simple, dated 27th January 2017 author Brigitt Early)

Full article [Option 1]: www.realsimple.com/work-life/technology/new-phone-scam

lthough criminals need more than a recorded "yes" to make purchases, they may already have access to credit card numbers and sensitive, identifying information that can be used to make charges. They can then use the recorded "yes" response in attempt to prove they gained your permission to make the charge.

Though it may be tempting to answer calls from an unknown number-what if it's someone you know who needs to reach you in a pinch?-the surest way to protect yourself is to let these types of calls go to voicemail. Anyone who needs to reach you will call back or leave a voicemail. If you do decide to answer, always verify the caller and never give out personal information. (Though scammers may claim to be from a credit card company or a government agency, legitimate requests from these organizations will never be made over the phone.)

uaware comment

I know the article is from the USA, but this type of scam is easily transferable into the UK. Think about the number of silent calls you have received over the last month. You answer the telephone, silence, you say "hello", then someone says "can you hear me ?". Then you reply.....YES !

(4th February 2017)


ONE MILLION PENSIONERS WILL BE ON "SUCKERS LISTS" BY 2019
(The Telegraph, dated 29th January 2017 author Katie Morley)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/01/29/one-million-pensioners-will-suckers-lists-2019/

Around one million pensioners will be on "suckers lists" of people vulnerable to scams within two years, a lead researcher for trading standards has warned.

The number of victims is soaring at a rapid rate with the Government's database of 300,000 people expected to more than triple by 2019, according to Prof Keith Brown who conducts scams research on behalf of the Chartered Trading Standards Institute.

It comes just a day after the Government was accused of failing to inform 270,000 people that they were at risk of fraud, despite trading standards having held their names and addresses in a suckers list database for two years.

Suckers lists are made up of repeat victims who may have responded to mail scams, such as fake competitions and lotteries.The majority of victims are elderly and live alone.

Prof Brown said that without urgent action they would soon represent one of the biggest crime waves the UK has ever seen with around £10bn being stolen every year and rising.

He said: "The difficulty with cracking down on this is that it's often very hard to differentiate between criminals and 'legitimate' companies with no morals. This makes it very hard to prosecute. Even if someone gets caught conning an elderly person by charging them £2,000 for some vitamins, for example, it is not easy to get justice."

One solution to the problem would be for trading standards to pass suckers lists onto banks and other financial institutions which could then put a red flag next to victims' names. This would prompt further questioning from staff in the event of a suspicious transfer of money.

However under current laws sharing such personal details without permission is forbidden under the Data Protection Act.

Now experts including former pensions minister Sir Steve Webb are calling for amendments to the Act to give trading standards the powers it needs to distribute suckers lists to approved firms.

Following this newspaper's disclosures, the Department for Business has hinted that it will use a green paper due to be published later this year to announce a tougher, more effective regime to help people who are known to be vulnerable to scam victims.

A spokesman said: "While funding and prioritization for trading standards are decisions for local authorities, the Government is continuing to improve consumer protection.

"We will be publishing a green paper looking at where markets aren't working fairly for consumers and where the protection regime could be strengthened."

"This Government is committed to stamping out these appalling criminal scams that target elderly or vulnerable people. The Consumer Protection Partnership, Home Office and National Crime Agency are working together to educate, inform and protect those most at risk of scams."

(4th February 2017)


PAYPAL SCAM USES ACCOUNT FRAUD SCARE TACTICS TO PHISH PERSONAL DATA
(SC Magazine, dated 27th January 2017 author Bradley Barth)

Full article [Option 1]:

www.scmagazine.com/paypal-scam-uses-account-fraud-scare-tactics-to-phish-personal-data/article/634258/

A phishing email scam that warns PayPal users of possible fraudulent account activity in hopes of scaring personally identifiable information out of them is currently making the rounds.

According to a blog post from ESET, the phishing emails falsely inform recipients that PayPal has detected "unusual activity" on their accounts and has "temporary limited what you can do" until the possible security issue can be resolved. Clicking the log-in button on these emails redirects victims to what appears to be a legitimate log-in screen - it even displays an SSL certificate to sell its supposed authenticity - but is actually a fake PayPal web page hosted on a malicious domain.

After victims "log in," the fake PayPal site displays another message informing victims that they will not be able to withdraw funds for 15 days, unless the issue is addressed further. Those who click a "Continue" button to proceed are then asked to enter even more detailed information, including their Social Security number, address, phone number, birthdate and mother's maiden name.

As phishing scams go, this one is convincing, but there are still some clues that PayPal did not send this alert, ESET reported. For instance, the email contains minor grammatical and syntax errors, and the fake web page's request to enter your home country is unusual, considering it also asks for your Social Security number, which only applies to the U.S.

(4th February 2017)


MAN PAID £1600 TO FAKE LANDLORD IN AIRBNB SCAM
(London Evening Standard, dated 27th January 2017)

Full article [Option 1]:

www.standard.co.uk/news/crime/police-hunt-tenant-who-posed-as-landlord-to-fleece-victim-of-1600-a3451091.html

A man is being sought by police in connection with an Airbnb rental scam in London.

Detectives say the victim was conned out of £1,600 after responding to a listing on the Gumtree website for a property to let in Haringey.

The man was shown around the property in Sanford Road on September 18 last year by someone claiming to be the flat's landlord.

The prospective tenant then transferred an advance rental payment of £1,600 to an account, the details for which were provided by the fraudster.

Soon after the money was transferred contact with the bogus landlord ceased and he stopped replying to messages.

It emerged the man had gained access to the property via a short-term let on Airbnb, according to police, and had no authority to arrange for it to be rented out.

The payment of £1,600 was lost, having been paid to a "mule" account - controlled through details obtained from a stolen bank card - from where it had been withdrawn.

Detectives from Scotland Yard's Operation Falcon fraud and cyber crime unit released images of the man today in an attempt to identify him. [uaware note : see actual London Evening Standard article]

The image was taken while the prospective tenant was being shown around at the initial viewing. Police are trying to establish if the bogus landlord has been involved in other frauds associated with Airbub properties and to establish who gained from the fraud.

Action Fraud, the national fraud and internet crime reporting centre, says the most comon scam involving Airbnb is conmen advertising properties for rent on it without owners knowledge then convincing site users to transfer money into their bank accounts.

Anyone with information about the fraud should call 101 or Crimestoppers anonymously on 0800 555 111.

(4th February 2017)


WARNING ABOUT NATIONWIDE TEXT MESSAGE SCAM
(MONEY, dated 26th January 2017)

Full article [Option 1]:

http://home.bt.com/lifestyle/money/money-tips/warning-about-nationwide-text-message-scam-11364141885403

Scammers are using text messages to try to con Nationwide building society customers into revealing their personal details.

The messages, which claim to be from Nationwide, ask the victim to verify a high-value purchase supposedly made on their card at a well-known retailer.

Victims are then urged to contact the Nationwide fraud prevention team on a phone number included in the text, which is actually controlled by the scammers.

Anyone who calls will be asked security questions aimed at stealing their bank details.

------------------------------------------------------------------------------
In one example shared by Nationwide to raise awareness, the message reads:

"Nationwide has noticed your card was recently used on 29-11-2016 at APPLE ONLINE STORE for 1976.00 GBP. If not you please urgently call fraud prevention on 03303800231 or Intl +443303800231. Do not reply by SMS."

-------------------------------------------------------------------------------

Has anyone lost money?

Nationwide told The Sun that "a handful" of customers had fallen for the text message scam.

However, it added: "We were proactive, shut it down and customers received refunds on the same day. So no-one lost out. "It's important to be alert and take time to think before sharing financial details."

How to stay safe

While it's pretty easy to spot the scam if you aren't a Nationwide customer, it could look convincing if you did bank with the building society as you may well have received texts from them in the past.

It's worth noting that this scam can easily be tweaked to reference a different financial institution, so it's not just Nationwide customers who need to be vigilant.

As always when it comes to suspicious texts and emails, the key is to never respond directly.

If you want to verify the information contained in the message, contact your bank or building society on a number that you have looked up separately.

uaware comment

Emphasise : DO NOT USE ANY CONTACT INFORMATION IN THE BOGUS EMAIL. REFER TO BANK CONTACT DETAILS IN YOUR PERSONAL DOCUMENTATION OR VISIT A BANK BRANCH.

(4th February 2017)


EVERYONE IS FALLING FOR THIS FRIGHTENINGLY EFFECTIVE GMAIL SCAM
(Realsimple.com, dated January 2017 author Robert Hackett)

Full article [Option 1]:

http://www.realsimple.com/work-life/technology/google-gmail-scam-phishing

Security researchers have identified a "highly effective" phishing scam that's been fooling Google Gmail customers into divulging their login credentials. The scheme, which has been gaining popularity in the past few months and has reportedly been hitting other email services, involves a clever trick that can be difficult to detect.

Here's how the swindle works. The attacker, usually disguised as a trusted contact, sends a boobytrapped email to a prospective victim. Affixed to that email, there appears to be a regular attachment, say a PDF document. Nothing seemingly out of the ordinary.

But the attachment is actually an embedded image that has been crafted to look like a PDF. Rather than reveal a preview of the document when clicked, that embedded image links out to a fake Google login page. And this is where the scam gets really devious.

Everything about this sign-in page looks authentic: the Google logo, the username and password entry fields, the tagline ("One account. All of Google."). By all indications, the page is a facsimile of the real thing. Except for one clue: the browser's address bar.

Even there, it can be easy to miss the cue. The text still includes the "https://accounts.google.com," a URL that seems legitimate. There's a problem though; that URL is preceded by the prefix "data:text/html."

Normally the URL for Gmail looks like :

https://accounts.google.com/ServiceLogin?service=mail

The BOGUS / FALSE login looks like :

data:text/html,https://accounts.google.com/ServiceLogin?service=mail

In fact, the text in the address bar is what's known as a "data URI," not a URL. A data URI embeds a file, whereas a URL identifies a page's location on the web. If you were were to zoom out on the address bar, you would find a long string of characters, a script that serves up a file designed to look like a Gmail login page. THIS IS THE TRAP.

As soon as a person enters her username and password into the fields, the attackers capture the information. To make matters worse, once they gain access to a person's inbox, they immediately reconnoiter the compromised account and prepare to launch their next bombardment. They find past emails and attachments, create boobytrapped-image versions, drum up believable subject lines, and then target the person's contacts.

Google Chrome users can protect themselves by checking the address bar and making sure a green lock symbol appears before entering their personal information into a site. Because scammers have been known to create HTTPS-protected phishing sites, which also display a green lock, it's also important to make sure this appears alongside a proper, intended URL-without any funny business preceding it.

(4th February 2017)


PHISHING SCAMS - HOW TO IDENTIFY FRAUDULENT EMAILS
(International Business Times, dated 25th January 2017 author Himanshu Goenka)

Full article [Option 1]:

www.ibtimes.com/phishing-scams-how-identify-fraudulent-emails-want-steal-your-money-identity-2480902

Hacking and fake news have been in the news a lot lately, what with the allegations of Russians using both those tools to influence the outcome of the U.S. presidential election. And both those online risks come together in a seemingly innocuous but potentially dangerous form: phishing.

Put simply, phishing is the attempt to steal your personal information, such as passwords and financial details, using an email or website that looks like it is legitimate but is in fact merely designed to look like that to lull you into a false sense of security.

Diligent Corporation, a New York company that provides secure platforms for boards and leaders of other companies and organizations to share information, put together data from various sources that show phishing attacks have gone up by over 300 percent between 2013 and 2016. About 156 million phishing emails are sent around the world every day, of which some 16 million are not detected by spam filters.

So if you get one of these fishy-looking emails, how do you know if it is actually a scam? Diligent surveyed over 2,000 people, using an experimental setup, and came up with some possible answers.

Some of the warning signs it lists are: spelling and grammar mistakes; generic salutations that don't use your name; seems too good (or bad) to be real; is from an unknown sender; requests money or personal information; asks you to click on a link or download a file, while being vague.

Of the people surveyed, over half had been victims of some phishing scam or another. About 52 percent had an unauthorized charge on their credit card, 33 percent had their email accounts hacked and almost a quarter had their social media accounts compromised.

Some of the most effective phishing scams pretend to be sent from email addresses of people we know, such as friends or colleagues. The maximum number of people in the survey, over 68 percent, were fooled by emails that purported to be from a colleague to schedule a meeting the next day, followed by messages from friends claiming to share photographs on social media (almost 61 percent) or Dropbox (37.6 percent).

WHICH PHISHING EMAILS - FOOLED THE MOST PEOPLE

Co-worker - Schedule for our meeting tomorrow : 68.3%
Social Media - "Did you see the pic of you ? LOL : 60.8%
Dropbox - Click to view file someone has shared : 37.6%
Software Company - Compulsory update to secure your account : 26.7%
Social Media - New login system : 23.9%
Court - Order to apppear; notice attached : 22.1%
Major Bank - Click to restore account access : 16.6%
IRS (Tax) - You are owed tax refund : 14.7%
Online Merchant - Temporary Account suspension : 14.7%
Credit card - Open attachment to confirm account details : 14%
Contest - Voucher for lucky credit card holder : 5.7%
Contest - Big prize from soft drink company : 2.7%

(Source : Survey of over 2,000 people USA) - Diligent

In contrast, the least effective phishing scams were those that promised a tax refund from the IRS, or gifts of cash and vouchers.

Being wary of phishing emails has a flip side - marking genuine emails as spam. The survey found about 40 percent of genuine emails were marked as phishing attempts. Those aged between 35 and 54 were the best at being able to tell real emails from phishing attempts, while the 18-24 and over 65 groups fared the worst. Men and women were fooled almost the same number of times, 23 percent and 23.3 percent, respectively.

If you want to check your own ability to identify scam emails, Diligent has a shorter version of its survey, designed like a quick quiz, on its website that can be accessed here :

http://diligent.com/blog/can-tell-email-real/

(4th February 2017)


UK FRAUD HITS RECORD £1.1bn AS CYBERCRIME SOARS
(The Guardian, dated 24th January 2017 author Jill Treanor)

Full article [Option 1]:

www.theguardian.com/uk-news/2017/jan/24/uk-fraud-record-cybercrime-kpmg

The value of fraud committed in the UK last year topped £1bn for the first time since 2011, prompting a warning about increasing cyber crime and the risk of more large-scale scams as the economy comes under pressure.

The 55% year-on-year rise in the value of fraud to £1.1bn reported in the court system was recorded by accountants KPMG, which found that while the cost of fraud was higher the number of incidents was lower.

Highlighting a dramatic rise in cybercrime, KPMG's statistics included a £113m cold-calling scam for which the ringleader received an 11-year jail sentence in September. Feezan Hameed was caught after targeting 750 Royal Bank of Scotland customers in the biggest cyberfraud the Metropolitan police had seen.

Hitesh Patel, UK forensic partner at KPMG, said: "The figures for 2016 tell us two things. Firstly, that we can expect more of these super frauds as challenging economic circumstances place pressures on businesses and individuals and as technology becomes more sophisticated.

"Secondly, that this is going to put even more strain on law enforcement agencies who don't have the resources to investigate every report of fraud that they receive: getting the large, often cross-border and complex frauds to court is extremely time consuming and resource intensive. This places much more emphasis on businesses and consumers to protect themselves from fraudsters who will take advantage given the opportunity."

KMPG found £900m of fraud from just seven "super cases" - with a value of £50m or over - compared with £250m a year ago.

It pointed to a 51-year-old Leicester man jailed for six years for masterminding a £60m fraud to supply free cable TV using illicit set-top boxes, who promoted the business on internet forums and his own website.

Patel said: "Through the rapid rise of technology and online platforms, more people than ever are being targeted by fraudsters who have unrestricted access to a larger pool of victims. However, we are also seeing the internet being used by consumers who are being tempted to obtain goods and services that they have, or perhaps should have, a fair idea are not legitimate."

-----------------------
UK COURTS EXPERIENCING SURGE IN CYBER-CRIME CASE LOAD
(The Register, dated 24th January 2017 author John Leyden)

Full article [Option 1]: www.theregister.co.uk/2017/01/24/kpmg_fraud_barometer/

The total cost of fraudulent activity in the UK surpassed a billion pounds for the first time in five years, reaching £1.137bn in 2016 compared to £732m the year before.

Fraud against businesses was up sevenfold last year, with inside jobs committed by employees and management the most common method, as measured by alleged fraud cases reaching court.

"The figures include over £900m derived from just seven super cases," according to management consultants KPMG. "The surge in super cases, from £250m last year, may be a reflection of fraud becoming a more lucrative and practical proposition for those with the right skills and technology, or those in senior commercial roles."

A major cause for the overall increase was a surge in cyber-fraud losses of £124m, according the latest edition of KPMG's Fraud Barometer, out Tuesday. One case alone cost an eye-watering £113m via a boiler-room scam that involved crooks cold-calling prospective marks while posing as the security department of banks and tricking victims into handing over banking details.

Crime figures for England and Wales, put together by the UK Office for National Statistics and released earlier this month, featured the inclusion of fraud and computer misuse offences for the first time. A total of 3.6 million cases of fraud and 2 million computer misuse offences were logged. That's a record of crime reports, many of which won't lead to prosecutions, by contrast to the massive cases covering multimillion-pound frauds that are the focus of KPMG's Fraud Barometer.

Criminal structures supporting cyber-fraud exist in many forms and sizes from organisations comparable to Gus Fring's business in Breaking Bad to street-corner operations that security experts fear are drawing youngsters and the technically unskilled into its web.

Ilia Kolochenko, chief exec of web security firm High-Tech Bridge, commented: "What is particularly alarming is the rise of small online fraud committed by teenagers and people with almost no technical skills."

----------------------

(4th February 2017)


PAYMENT DIVERSION ALERT
(Action Fraud, dated 23rd January 2017)
www.actionfraud.police.uk

Fraudsters are emailing members of the public who are expecting to make a payment for property repairs. The fraudsters will purport to be a tradesman who has recently completed work at the property and use a similar email address to that of the genuine tradesman. They will ask for funds to be transferred via bank transfer. Once payment is made the victims of the scam soon realise they have been deceived when the genuine tradesman requests payment for their services.

Protect yourself

- Always check the email address is exactly the same as previous correspondence with the genuine contact.

- For any request of payment via email verify the validity of the request with a phone call to the person who carried out the work.

- Check the email for spelling and grammar as these signs can indicate that the email is not genuine.

- Payments via bank transfer offer no financial protection; consider using alternative methods such as a credit card or PayPal which offer protection and an avenue for recompense.

If you believe that you have been a victim of fraud you can report it :

Online : http://www.actionfraud.police.uk/report_fraud

By telephone : 0300 123 2040

(4th February 2017)


MEN INCREASINGLY TARGETTED BY ROMANCE SCAMMERS ON ONLINE DATING WEBSITES
(The Telegraph, dated 23rd January 2017 author Martin Evans)

Full article [Option 1]:

www.telegraph.co.uk/news/2017/01/23/men-targetted-romance-scammers-likely-hand-large-sums-money/

The number of people falling victim to so-called romance scams has reached a record high in Britain with almost 40 per cent of those affected being men, new figures have revealed.

Criminals, often based overseas, use online dating sites to pose as people looking for love in order to snare their victims.

After striking up a rapport and gaining the trust of the unsuspecting target, the scammer then quickly persuades them to part with money, often claiming it is to help pay for an emergency.

Last year almost 4,000 people came forward to report cases of romance fraud, but not all of those targeted were women.

At least 39 per cent of those who are duped are men, according to Action Fraud, the UK's cyber-crime reporting centre, which is operated by the City of London Police.

The majority of perpetrators are thought to be male organised criminals, who create fictitious online characters to target people of both sexes.

But police believe there are also a number of female romance scammers operating, who specifically target lonely men aged over 50.

In 2016 a total of 3,889 people came forward to report having been scammed, with a record £39 million handed over.

While the figure has risen sharply in recent years, police believe the figure is just the "tip of the iceberg" because many victims are too embarrassed to admit it.

Steve Proffitt, deputy head of Action Fraud, said each victim lost around £10,000 on average, but there have been cases where victims has lost far more.

In 2015 a businesswoman from Hillingdon in North West London was duped into handing over £1.6 million.

The woman thought she was communicating with an oil worker called Christian Anderson but was in fact exchanging emails with a gang of scammers who were originally from Nigeria.

When police eventually tracked the perpetrators down they found they had been using a seduction manual, entitled The Game: Penetrating the Society of Pick Up Artists.

Last year the Royal Bank of Scotland reported that it was seeing an average of nine cases of fraud involving single men aged over 50 who were duped into giving away tens of thousands of pounds to fraudsters.

The average length of time it takes for a scammer to mention money after first striking up a relationship is just 30 days, according to Action Fraud.

But there are no estimates as to how many people are targeted but never come forward to report the crime.

Mr Proffitt said: "A lot of the online dating fraudsters we know are abroad. They're in West Africa, Eastern Europe and it's very difficult for British law enforcement to take action against them in those jurisdictions."

HOW TO AVOID DATING SCAMS

Dating expert, James Preece (jamespreece.com) shares his tips on how to avoid scammers :

1. If you're suspicious about a profile report it to the dating website or app so they can investigate it.

2. Try doing your own detective work - ask them for their full name and look them up on Google and social media.

3. Don't be afraid to question their authenticity - if they are genuine they won't mind you trying to verify them.

4. Remember, they may spend months building a relationship with you and will only ask for money once you're emotionally involved.

5. Ask a friend for advice as they are not as emotionally involved as you, they may be able to see something you can't.

6. Look out for fake or stolen photographs. You can use sites like TinEye.com to check the authenticity of a photo and you can try doing a reverse image search on Google (by clicking on the camera logo in the search bar and uploading an image) to see if they are using a fake picture.

7. Never give out too much personal information, such as your home address, phone number or email.

8. Consider setting up a new email address to use for online dating and perhaps even get a cheap Pay As You Go phone to use for making phone calls.

CYBER CRIME - Most common UK online offences


These are the ten most common cyber-crimes in the UK, with number of cases reported in the year to June 2016

1. Bank account fraud - 2,356,000

Criminals trick their way to get account details. For example: "Phishing" emails contain links or attachments that either take you to a website that looks like your bank's, or install malware on your system. A 2015 report by Verizon into data breach investigations has shown that 23pc of people open phishing emails.

2. Non-investment fraud - 1,028,000

AKA Ponzi schemes. Examples include penny stocks, pension liberation, and investment in commodities, such as wine or art, that later prove worthless

3. Computer virus - 1,340,000

Unauthorised software damages or takes control of your machine. For example: "Ransomware" encrypts your files and pictures then demands a payment to restore your access to it

4. Hacking - 681,000

Criminals exploit security weaknesses to illegally access other machines or networks. They steal sensitive data or subvert machines for their own purposes, such as sending spam or launching other cyber attacks

5. Advance fee fraud - 117,000

The victim is promised access to a great deal of money in return for a smaller upfront payment. For example, the classic "Nigerian Prince" email scam

6. Other fraud - 116,000

One example is "solicitor scams", where a solicitor's website is hacked, then clients asked to divert large payments into the criminals' bank accounts.

7. Harassment and stalking - 18,826

Threats, abuse and online bullying - what's commonly been termed "trolling" on social media

8. Obscene publications - 6,292

Pornography that meets the definition of the Obscene Publications Act, thus generally involving some form of physical abuse

9. Child sexual offences - 4,184

Assault, grooming, indecent communication, coercing a child to witness a sex act. These crimes may be being under-reported

10. Blackmail - 2,028

This includes threats to publish intimate photographs online

(4th February 2017)


HOW DATING WEBSITE FRAUDSTERS CONNED BRITS OUT OF £39m LAST YEAR
(London Evening Standard, dated 23rd January 2017 author Justin Davenport)

Full article [Option 1]:

www.standard.co.uk/news/crime/revealed-how-dating-website-fraudsters-conned-brits-out-of-39m-last-year-a3447341.html

Dating fraudsters conned a record 3,889 victims out of £39 million last year, it emerged today.

Figures show the number of people in the UK who were defrauded via online dating scams reached a record high in 2016.

Action Fraud, the UK's cyber-crime reporting centre, says it gets more than 350 reports of such scams a month. Its deputy head, Steve Proffitt, said each victim on average lost about £10,000.

He told the BBC's Victoria Derbyshire programme: "A lot of the online dating fraudsters we know are abroad.

"They're in west Africa, eastern Europe and it's very difficult for British law enforcement to take action against them in those jurisdictions."

Last week, Office for National Statistics figures showed fraud is the most commonly perpetrated crime, with almost one in 10 adults falling victim to scams.

Today's figures, from the National Fraud Intelligence Bureau, reveal that the number of victims of online dating fraud has risen steadily in recent years.

In 2013 there were 2,824 reports of dating scams, with reported losses of £27,344,814. In 2014, these rose to 3,295 reports and £32,259,381. In 2015, the reports rose to 3,363, although reported losses fell to £25,882,339.

One woman told the Victoria Derbyshire programme how she was left feeling "brutalised" after losing more than £300,000 to a dating fraudster.

Business owner Nancy - not her real name - signed up to dating website Match.com in 2015 after her marriage broke down.

The single mother, 47, from Yorkshire, said she made contact with a man called Marcelo from Manchester, an attractive Italian supposedly working in Turkey, with whom she found she had "a rapport and similar values".

"Marcelo" persuaded her to move their chat off the website on to an instant messaging service and the two began exchanging messages from morning until night.

After about six weeks, he said he had been mugged in Turkey and was unable to pay his workers before returning to the UK, when he and Nancy were due to meet. He also said his son was in hospital and needed surgery.

Nancy said she felt uncomfortable with the situation but ended up "reluctantly" sending 3,650 (£3,160).

She said: "It escalated unbelievably quickly, so straight away it was the medical fees, then it was money for food, money needed to pay rent, money for taxes to get out of Turkey.

"I wasn't comfortable, and then I got so far in I couldn't get myself out, and I didn't want to walk away having lost £50,000 or what-have-you, so you keep going in the hope that you're wrong and this person is genuine."

Nancy said she now faces bankruptcy after losing "over £300,000, maybe even over £350,000". She said: "That's really frightening, and the other aspect is that somebody's got inside your head, and they've just brutalised you emotionally.

"In some ways I'm not sure I'll ever recover from that."

Police advise people never to send money to someone online they have not met and think twice about posting personal information that could be used to manipulate or bribe them.

(4th February 2017)


ANOTHER HOMEBUYER LOSES £67K AS SOLICITORS FAIL TO WARN OF EMAIL FRAUD
(The Telegraph, dated 23rd January 2017 author Amelia Murray)

Full article [Option 1]:

www.telegraph.co.uk/money/consumer-affairs/another-homebuyer-loses-67k-solicitors-fail-warn-email-fraud/

Solicitors are failing to warn clients about the risks of using email during property transactions, despite explicit guidelines from anti-fraud authorities and their own trade body, the Solicitors Regulation Authority.

Howard Mollett, who had was tricked into paying over £74,000 to a fraudster posing as his solicitor over email, said he was never warned about the threat of online criminals by his firm, Sethi Partnership, which is based in west London.

In fact, first-time buyer Mr Mollett, 40, said the firm only put a "cyber crime alert" at the bottom of their emails on the day he discovered he had become a victim of conveyancing fraud.

The alert read: "Please be aware that there is a significant risk posed by cyber fraud, specifically affecting email accounts and bank account details.

#########"PLEASE NOTE that this firm's bank account details WILL NOT change during the course of a transaction and we WILL NOT change our bank account details via email. Please check account details with us in person if in any doubt. We will not accept responsibility if you transfer money into an incorrect bank account."

The Solicitors Regulation Authority has made repeated warnings to firms about the threat of online attacks since February 2014.

Conveyancing fraud occurs when criminals intercept emails exchanged between homebuyers (or homesellers) and their solicitors.

The fraudsters then generate fake emails purporting to be from one of the parties, asking the other to make payments in to a new bank account.

The payments are often very large, representing deposits on properties or in some cases the entire proceeds of a property sale.

Once the money has been paid, the criminals drain the accounts.

The banks involved are frequently unhelpful and slow to act.

In December 2016 the Solicitors Regulation Authority identified conveyancing fraud as the most common cyber crime in the legal sector. It suggested that a quarter of firms had been targeted by online fraudsters. In one in 10 of these cases money had been stolen as a result, it said.

Victim of conveyancing scams lose £101,000 on average.

- Cyber criminals rob £10.9bn from UK residents in a year - and even more goes unreported

- One in three cases of 'solicitor fraud' not even looked at, police admit

www.telegraph.co.uk/money/consumer-affairs/one-in-three-cases-of-solicitor-fraud-not-even-looked-at-police/

There are 10,500 solicitor firms in England and Wales, according to the SRA.

Based on its own numbers 2,625 companies have been targeted by fraudsters, with criminals having been successful in almost 300 cases. But under-reporting of cases and size of the loss means the actual numbers are likely to be far greater.

Mr Mollett, who works at a charity, successfully transferred a downpayment of just over £32,500 to Sethi Partnership's HSBC bank account in August last year.

On Friday September 23, the firm emailed a summary of his outstanding final costs. His outstanding balance was £119,837 for a one-bed flat in Brixton, south London, which cost £310,000. The firm insisted this needed to be in its account before completion on October 5.

He tried to make a same day transfer of £45,000 the following Thursday while working abroad in the US. However, a message appeared on his online banking that said the transfer could take up to three days to clear.

Mr Mollett could not pay off the balance in one go as he had a daily transfer limit of £50,000. However, he was anxious about missing his completion date so emailed Sethi Partnership for advice.

It was then the fraudsters pounced. Posing as Mr Mollett's solicitor, the criminal said the firm was having issues with its HSBC account and requested the remaining funds be paid into an alternative Yorkshire Building Society account.

He transferred £42,000 into the account on Friday 30th and £25,000 the following day.

On Sunday Mr Mollett received another email from the bogus solicitor asking for the last £7,837 to be paid into a NatWest account as it was below £10,000.

He was told the solicitor would be in touch on Tuesday to make completion arrangements for Wednesday.

However, on Tuesday, Mr Mollett received a genuine email from the firm stating it had only received the first £45,000 payment.

It was at that moment Mr Mollett saw the cyber security alert at the bottom of the message and realised something had "gone seriously wrong".

He immediately called his bank, the police and in desperation, Yorkshire Building Society and NatWest.

Over the next few days Mr Mollett, his parents and his sister manage to scrape their savings and replace the missing funds so the property purchased completed.

The last payment to NatWest was recovered but the £67,000 has yet to be returned.

Mr Mollett described the situation as "incredibly stressful".

His father, who is 72 and not in the best of health, was due to retire in December but has been forced to carry on working as he now has no savings.

He said: "The SRA has a name for this kind of fraud, for goodness sake. Why wasn't the firm on top of it? It should have warned me about cyber security and explained it would never offer alternative bank accounts by email?

"What are we paying solicitors for if not to guide us through buying a home, possibly the biggest transaction of our lives?"

Mr Mollett is seeking the advice of a lawyer and cyber security expert. He believes if he can prove Sethi Partnership's systems were compromised he will get his money back.

Sethi Partnership refused to comment on why it did not warn Mr Mollett about cyber crime or what prompted it to add the alert to its emails.

It said it takes the issue seriously and has the required "compliance measures in place". It said it sends bank details in hard copy rather than email.

Mr Mollett's case is currently being investigated by the firm, the police and the banks. Sethi Partnership said that while it "could not comment directly" it had "never had to deal with an incident like this before".

The SRA said it constantly warns firms of the risks.

A spokesman said: "We would ask Mr Mollett to get in touch with the SRA. If the firm has been hacked, it too has been a victim of crime, and this is what insurance is for."

Telegraph Money has reported extensively on the epidemic of conveyancing fraud. Property buyers and sellers are advised not to communicate with solicitors about payments over email and to transfer a small amount, such as £1, before making the full payment.

(4th February 2017)


FRAUD FOR ONLINE HOLIDAY SALES SPIKE BY 31%
(Computer World, dated 18th January 2017 author Matt Hamblen)

Full article [Option 1]:

www.computerworld.com/article/3158862/e-commerce/fraud-for-online-holiday-sales-spikes-by-31.html

uaware note : This may be an article describing fraud in the USA, but this type of problem is global.

Fraud attempts on digital retail sales jumped 31% from Thanksgiving to Dec. 31 over the previous year, according to a survey of purchasing data from ACI Worldwide.

The fraud increase was based on hundreds of millions of online transactions with major merchants globally. Also, the number of e-commerce transactions grew by 16% for the same period, ACI said.

Some of the fraud attempts came from the use of credit card numbers purchased in underground chat channels, ACI said.

"Given the consistent and alarming uptick in fraudulent activity on key dates, merchants must be proactive in their efforts to identify weak spots and define short and long-term strategies for improved security and enhanced customer experience," said Markus Rinderer, senior vice president of platform solutions at ACI.

ACI provides electronic payments technology for more than 5,000 organizations globally. One of its products, ReD Shield, was used to collect the data in the survey. ReD Shield, a fraud detection and prevention software product, was used to process 7% of all Black Friday online spending and 13% of Cyber Monday's spending.

The data showed that the highest fraud attempt rates were on Christmas Eve and on days when shipments were cut off. The key shopping dates by volume (number of transactions) were Cyber Monday, which showed 15% growth, and Black Friday, which showed 19% growth.

The average sales ticket declined by 7% during the 2016 holiday period. The average was $228 in 2016, down from $243 in 2015.

In 2016, one of every 97 transactions was a fraudulent attempt, compared with 1 out of 109 transactions in 2015.

ACI defines a fraud attempt as a transaction confirmed by a merchant as fraudulent; a transaction that matched a record in an ACI database for a credit card number that was sold online in an underground chat channel; or as reported as fraud by a bank or other issuer. ACI also includes as fraud attempts those data patterns that match a recently confirmed fraud behavior.

(22nd January 2017)


TAKE THE FRAUD DEFENCE TEST AND PROTECT YOURSELF
(Action Fraud, dated 18th January 2017)

Full article : www.actionfraud.police.uk/news/take-the-fraud-defence-test-and-protect-yourself-jan17

-------------------------------------------------------
uaware comment

The "Test" asks for your age, post code and gender. Even for a simple test like this, provide some information, but just make it up. If you are 65, say you are 40, and give the post code of your local Sainsburys !

-------------------------------------------------------

With fraud set to become the most prevalent type of crime in England and Wales, we're urging you to act now to protect yourself from falling victim to fraud and cyber crime.

The Crime Survey of England and Wales, published tomorrow, is likely to indicate fraud and cyber crime now account for close to half of all crime, making you much more likely to be a victim of these crimes than any other. In July 2016, the crime survey indicated 3.8 million frauds and 2 million cyber crimes occurred in the 12 months to the end of March 2016.

How to protect yourself

- Sign up to our alert-by-email system to get the latest trending frauds across the country. The alerts are also sent to the 250,000 people who have signed-up to the Neighbourhood Alert System.

Register for Alerts : www.actionfraud.police.uk/alerts

- Take the Fraud Defence Test. The test, developed by City of London Police and built with funding from the Home Office's Police Innovation Fund, takes just a couple of minutes and is designed to help you understand how you could become a victim of fraud in relation to your circumstances and knowledge of fraud.

The Test : https://frauddefencetest.com/

- Take a look at Take Five, a new campaign funded by the banking industry to help you take a moment before acting.

Take Five campaign : https://takefive-stopfraud.org.uk/

Tips include:

- Never disclose security details, such as your PIN or full banking password.
- Don't assume an email, text or phone call is authentic.
- Don't be rushed - a genuine organisation won't mind waiting.
- Listen to your instincts - you know if something doesn't feel right.
- Stay in control - don't panic and make a decision you'll regret.

Commander Chris Greany, the National Police Coordinator for Economic Crime, said: "The Crime Survey of England and Wales shows us that Fraud and Cyber Crime are the largest single crime types today, and the figures only include individuals and not businesses who are also victims.

"Policing is working closely with Government and the private sector to do what we can to arrest offenders, protect victims and provide suitable guidance to help support all people and businesses in preventing fraud.

"There are many ways we can all protect ourselves, websites such as Action Fraud and Take Five provide help and guidance as does our social media streams on :

Twitter : https://twitter.com/actionfrauduk
Facebook : https://www.facebook.com/actionfraud

(22nd January 2017)


POLICE RAID INDIA CALL CENTRE, DETAIN 500 IN FRAUD PROBE
(The Register, dated 6th October 2016 author Kat Hall)

Full article [Option 1]:

www.theregister.co.uk/2016/10/06/police_raid_india_call_centre_detain_500_in_fraud_sting/

More than 500 call centre staff have been detained by police in India, after allegedly threatening US citizens and siphoning off their money.

The raid was carried out by over 200 Indian police personnel across three separate call centres, according to reports.

The operators are alleged to have posed as officials of US Tax Department and demanded financial and bank details, threatening legal action if the victims did not comply.

According to the Mumbai Mirror, the fraudulent activity amounted to the equivalent of £125,752 per day.

Thane police commissioner Param Bir Singh told India's Economic Times: "It could be the tip of the iceberg and the amount could multiply as our probe progresses," adding that there is a possibility that people in the UK and Australia, too, could have been conned.

He said the caller would use the VoIP technology using a proxy server and make hundreds of calls.

"But the amount they stole from the innocent people is mind-boggling. In one case, one of the victims shelled out $60,000 just to escape a so-called raid on his house by taxmen."

(22nd January 2017)


MORE CYBER ATTACKS IN NORTH WALES THAN STREET CRIME
(BBC News, dated 16th January 2017)

Full article : www.bbc.co.uk/news/uk-wales-38634289

North Wales PCC Arfon Jones also warned businesses were "most at risk".

The North Wales Police Cyber Crime Team said ransomware crimes - where hackers encrypt files and demand thousands of pounds to unlock them - were being reported to the force "each week".

Mr Jones said: "The front line is now online."

He went on: "Technology has provided criminals with new tools and different methods to perpetrate crime.

"Traditional crimes such as burglary, shoplifting and theft have seen a reduction over the last decade but the number of offences hasn't reduced - it has moved online.

"The playing field has changed and we need to work more effectively in partnership to prevent the newer crimes, such as cyber-crime, from being committed."

He issued the warning to members of the North Wales Business Club on Monday.

It heard how one firm in Wrexham nearly folded after it had 15 years' of accounts data encrypted.

Det Sgt Peter Jarvis, of the cyber crime team, said businesses that do not have data back-ups were "left with some difficult decisions".

"It's very unlikely you will find the person responsible, they don't leave a footprint, so it's vital to have the right security and to follow the right procedures and to make sure your staff do as well," he added.

ONS figures released in July showed almost six million fraud and cyber crimes were committed in England and Wales in 2015.

(22nd January 2017)


ANOTHER BOGUS EMAIL
(16th January 2017)

The following email has been forwarded to "uaware" by one of it's readers. The recipients name has been changed to "Mr Blobby" and the donation reference changed to "nnnnnnnnnn" to protect their identity. The donation reference was also repeated further in the text and this has been changed to yyyyyyyy; this was a link to a website holding malware or ransomware.

If you receive the same email or something similar, ignore and delete it. Don't click on the link.

--------------------------------------------------------------------------------------------------------------------
From : Migrant Helpline
Sent : January 2017
To : Blobby
Subject : Dear Mr Blobby, Thank you for choosing to donate

Dear Mr Blobby,

Thank you for giving a much-needed donation of £194 to help families affected by the terrifying violence in Syria. With so many people who need our support, your gift is vital and greatly appreciated.

================================================================================================================

Thanks again for donating

We're sending it straight to Migrant Helpline so you'll be making a difference very soon.

Your donation details:
Name: Mr Blobby
Amount: £200
Donation Reference: nnnnnnnnnnnn

If you have any questions about your donation, please follow this link and download Your donation receipt yyyyyyyyyy, with the transaction details.

With your help, ATFU-Donations can continue to work in Syria and neighbouring countries to deliver clean water and life-saving supplies to millions of people.

Thank you again for your support.

Your generosity is bringing much-needed assistance to families who have lost everything as a result of the crisis in Syria.

Warm regards,
ATFU-Donations

----------------------

(22nd January 2017)


VEHICLE LEASING FRAUD ALERT
(National Fraud Intelligence Bureau, dated January 2017)

The NFIB has identified that overseas crime groups are targeting UK based car leasing companies to fraudulently obtain high performance motor vehicles.
The NFIB has ascertained that high end quality motor vehicles are rented from legitimate car leasing companies using fraudulent identification. The criminals have no intention of returning the motor vehicles.

The vehicles are shipped abroad where the index plates are changed and bodywork re-painted. Leasing the vehicle affords the criminal group time to move the motor vehicle out of the UK without raising suspicion.
A proportion of the vehicles are taken out of the UK to places such as Cyprus, Spain and Poland.
According to the fraudster, most of the vehicles end up in the hands of organised crime groups who are involved with boiler rooms and high-end money laundering in the UK.

PROTECTION / PREVENTION ADVICE


- Consider other methods of checking customer authenticity.
- Consider due diligence and know your customer options
- Ensure vehicles are equipped with appropriate tracking devices
- If you have been affected by this, or any other fraud, report it to Action Fraud by :

calling : 0300 123 2040, or
visiting :  www.actionfraud.police.uk

(22nd January 2017)


FRAUDSTERS ARE TARGETING EMPTY HOMES
(Action Fraud, dated 11th January 2017)

Full article : www.actionfraud.police.uk/news/fraudsters-are-targeting-empty-homes-jan17

The National Fraud Intelligence Bureau's (NFIB) Proactive Intelligence Team is warning homeowners about organised criminal groups that target empty properties in the UK to apply for mortgages and loans.

The team have gathered information that shows criminal networks identifying empty properties by using names on the published obituaries and carrying out research on the Land Registry.

Once a suitable property is discovered the criminal group then organise for fake documentation to be produced and register on the electoral role and with utility providers.

The group tirelessly work through the legal hurdles until the funds are released by the organisation, whilst the innocent party has no idea a crime has taken place.

Fraudsters can also take advantage when:

Owners are absent.
There are buy to let landlords.
Owners are living abroad.
Elderly people don't live in their properties for reasons such as long term hospital or residential care.

How to protect against property fraud

Owners who are concerned their property might be subject to a fraudulent sale or mortgage can quickly alert the Land Registry and speak to specially trained staff for practical guidance about what to do next by calling the Property Fraud Line on 0300 006 7030. The line is open from 8.30am to 5pm Monday to Friday.

Additionally:

- Make sure your property is registered with the Land Registry - you will be compensated for financial loss if you do fall victim to fraud.

https://www.gov.uk/registering-land-or-property-with-land-registry/when-you-must-register

- Keep your contact information up to date once registered so you can be easily contacted if a complication arises.

- Sign up for Land Registry's free Property Alert service. If someone tries to take out a mortgage on a home you own you'll receive an alert. You can then judge whether the activity is suspicious and seek further advice.

https://www.gov.uk/guidance/property-alert

(22nd January 2017)


FAKE AMAZON EMAILS CLAIM YOU HAVE PLACED AN ORDER
(Action Fraud, dated 5th January 2017)
www.actionfraud.co.uk

Action Fraud has received several reports from victims who have been sent convincing looking emails claiming to be from Amazon. The spoofed emails from "service@amazon.co.uk" claim recipients have made an order online and mimic an automatic customer email notification.
The scam email claims recipients have ordered an expensive vintage chandelier. Other reported examples include: Bose stereos, iPhone's and luxury watches.

The emails cleverly state that if recipients haven't authorised the transaction they can click on the help centre link to receive a full refund. The link leads to an authentic-looking website, which asks victims to confirm their name, address, and bank card information.

Amazon says that suspicious e-mails will often contain:

- Links to websites that look like Amazon.co.uk, but aren't Amazon.co.uk.
- Attachments or prompts to install software on your computer.
- Typos or grammatical errors.
- Forged (or spoofed) e-mail addresses to make it look like the e-mail is coming from Amazon.co.uk.

Amazon will never ask for personal information to be supplied by e-mail.

You can read more about identifying suspicious emails claiming to be from Amazon by visiting :

https://www.amazon.co.uk/gp/help/customer/display.html?nodeId=201489210

To report a fraud or cyber crime, call us on 0300 123 2040.

(22nd January 2017)


DEPARTMENT OF EDUCATION RANSOMWARE ALERT
(Action Fraud, dated 4th January 2017)

Full article : www.actionfraud.police.uk/news/department-of-education-ransomware-alert-jan17

Fraudsters are posing government officials in order to trick people into installing ransomware which encrypts files on victim's computers.

Fraudsters are initially cold calling education establishments claiming to be from the "Department of Education". They then ask to be given the personal email and/or phone number of the head teacher/financial administrator.

The fraudsters claim that they need to send guidance forms to the head teacher (these so far have varied from exam guidance to mental health assessments).

The scammers on the phone will claim that they need to send these documents directly to the head teacher and not to a generic school inbox, using the argument that they contain sensitive information.

The emails will include an attachment - a .zip file (potentially masked as an Excel or Word document). This attachment will contain ransomware, that once downloaded will encrypt files and demand money (up to £8,000) to recover the files.

It should be noted that similar scam attempts have been made recently by fraudsters claiming to be from the Department for Work and Pensions and telecoms providers (in this case they need to speak to the head teacher about 'internet systems').

How to protect against this type of fraud

Having up-to-date virus protection is essential; however it will not always be able to prevent you from becoming infected.

Please consider the following actions:


- Although the scammers may know personal details about the head teacher and use these to convince you they are a real employee, be mindful of where these have been obtained from, are these listed on your public facing website?

- Please note that the "Department of Education" is not a real government department (the real name is the Department for Education).

- Don't click on links or open any attachments you receive in unsolicited emails or SMS messages. Remember that fraudsters can 'spoof' an email address to make it look like one used by someone you trust. If you are unsure, check the email header to identify the true source of communication.

- Always install software updates as soon as they become available. Whether you are updating the operating system or an application, the update will often include fixes for critical security vulnerabilities.

- Create regular backups of your important files to an external hard drive, memory stick or online storage provider. It's important that the device you back up to aren't left in an insecure location or on the same network that your machines are connected too.

To report a fraud and cyber crime and receive a police crime reference number, call us on 0300 123 2040 or use our online fraud reporting tool : www.actionfraud.police.uk/report_fraud

uaware comment


This scam can easily be adapted to other scenario's. For example, "Dept of Education" could become : the NHS, the Dept for Rural Affairs, the Charities Commission, the National Lottery Heritage Fund, etc. So a whole swathe of professions could become victims.

(22nd January 2017)


DODGY DEALER ON AMAZON LURES MARKS TOWARDS PHISHING SITE
(The Register, dated 6th January 2017 author John Leyden)

Full article [Option 1]: www.theregister.co.uk/2017/01/06/amazon_scam/

Amazon UK customers would do well to be vigilant about the post-holiday deals they find on the retail site following the discovery of a sophisticated scam.

A rogue merchant, called Sc-Elegance, is primarily offering high-end electronics, advertising them as "used - like new" at significantly lower costs than in the shops. However, when the shopper adds the item to their basket and checks out, it redirects them away from Amazon to make the payment at a convincing phishing site.

"This particular seller has been reported a number of times to Amazon in its forums," according to Lee Munson, a researcher for security and privacy advice and comparison website Comparitech.com. "While Amazon has taken some action to remove listings, the merchant keeps popping up again and again under different guises.

"Customers need to be aware that if they pay for goods outside of Amazon, they will not get the item and their money will be gone - and there will be no support from Amazon in getting compensation," he warned.

Amazon removed the Sc-Elegance listings after being contacted by Comparitech.com about the rogue seller. Similar scams along the same lines might easily reappear. Comparitech.com advises consumers to be wary of deals that seem too good to be true. Never buy a product that requires payment outside of the official Amazon website or app,

(22nd January 2017)


MOST COMMON UK ONLINE OFFENCES
(The Telegraph, dated 31st December 2016)

www.telegraph.co.uk [Option 1]

These are the ten most common cyber-crimes in the UK, with number of cases reported in the year to June 2016

1. Bank account fraud - 2,356,000

Criminals trick their way to get account details. For example: "Phishing" emails contain links or attachments that either take you to a website that looks like your bank's, or install malware on your system. A 2015 report by Verizon into data breach investigations has shown that 23pc of people open phishing emails.

2. Non-investment fraud - 1,028,000

AKA Ponzi schemes. Examples include penny stocks, pension liberation, and investment in commodities, such as wine or art, that later prove worthless

3. Computer virus - 1,340,000

Unauthorised software damages or takes control of your machine. For example: "Ransomware" encrypts your files and pictures then demands a payment to restore your access to it

4. Hacking - 681,000

Criminals exploit security weaknesses to illegally access other machines or networks. They steal sensitive data or subvert machines for their own purposes, such as sending spam or launching other cyber attacks

5. Advance fee fraud - 117,000

The victim is promised access to a great deal of money in return for a smaller upfront payment. For example, the classic "Nigerian Prince" email scam

6. Other fraud - 116,000

One example is "solicitor scams", where a solicitor's website is hacked, then clients asked to divert large payments into the criminals' bank accounts.

7. Harassment and stalking - 18,826

Threats, abuse and online bullying - what's commonly been termed "trolling" on social media

8. Obscene publications - 6,292

Pornography that meets the definition of the Obscene Publications Act, thus generally involving some form of physical abuse

9. Child sexual offences - 4,184

Assault, grooming, indecent communication, coercing a child to witness a sex act. These crimes may be being under-reported

10. Blackmail - 2,028

This includes threats to publish intimate photographs online

Source: Office for National Statistics

(1st January 2017)


WHAT IS SPEARPHISHING ? HOW TO STAY SAFE ONLINE
(International Business Times, dated 30th December 2016 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/what-spearphishing-how-stay-safe-online-this-effective-cybercrime-technique-1598738

Hackers, spammers and cybercriminals have a multitude of methods they can use to infiltrate computer systems, steal data, plant malware or compromise your personal information. One of the most long-standing tactics is targeting 'phishing', also known as spearphishing.

It has endured because it works: unwitting web users continue to receive malicious messages and still fall victim to their charms. If you are wondering how dangerous they can be, just ask John Podesta: the US political player who lost tens of thousands of email with a single click.

When a spearphishing email lands in your inbox, it's rarely a mistake. Using your personal information - either hacked from another source or lifted from public social media profile - spammers are able to produce slick, and highly-convincing, messages.

They will appear legitimate, but spearphishing emails usually contain malware, spyware or another form of virus - often hidden in a link. When clicked, the payload will usually download automatically onto your computer and go to work - stealing files, locking records or logging your keystrokes.

Using your own personal information against you, hackers can craft an extremely personalised email message. It will likely be addressed to you by name and will reference a specific event in your life, something that will make you believe the sender is real and trustworthy.

What information could they possibly know?


Using social media, the spammer will likely already know your age, where you work, what school you attended, personal interests, what you eat for dinner, what concerts you have been to recently, where you shop, what films you like, what music you listen to, your sexual preference, and more.

But this is enough. Using the information, a fictitious hacker could easily pose as your friend and ask for further information about you - your phone number, password, even bank details? Not everyone would fall for the scam, but many still do if the recipient believes the identity of the sender.

A hacker using spearphishing may pose as a retailor, online service or bank to fool you into resetting your credentials via a spoofed landing page. The email may ask you to reset your password or re-verify your credit card number because suspicious activity has been monitored on your account.

If the email tempts you to click an embedded link, it could also download a keylogger or Remote Access Trojan (RAT) onto your computer to steal bank details or social media passwords as you type them. Many people re-use passwords across multiple websites, so the danger of hacking is high.

How to stay protected


Stay protected by being aware of the threats and remaining extremely careful about what personal information you put online. Limit what pictures to post to Facebook or Twitter, check where your email is listed and ensure your computer's security is kept up to date.

Ensure the passwords you use are original, lengthy and, most importantly, unique to every online website or service. A strong password will contain a mixture of characters, numbers and symbols. If possible, enable two-step authentication on every account that offers it.

Finally, know the signs and stay vigilant. If you receive an email from a close friend that asks for personal information - think twice before replying and send them a reply asking them to verify their identity. Also, know that any real business or bank is unlikely to request sensitive data via email.

Unfortunately, it only takes one click of a mouse for the hacker to access your system and despite advanced spam filters on current email providers spearphishing emails will continue to slip through the cracks.

(1st January 2017)


FACEBOOK IS ALSO HIT BY SCAMS - EXAMPLE

BUSINESSES SNAGGED BY WEB OF NEW INTERNET SCAMS
(Chicago Tribune, dated 21st December 2016 author Robert Reed)
www.chicagotribune.com

Norb Tatro, a former local TV news producer and friend of mine, was recently cloned. On Facebook, that is.

I know this because his cyber alter ego contacted me one evening with some "happy" news: He'd just won $250,000 from a new U.S. government/Facebook grant program. What's more, my name was also on a list of grant recipients.

The clone suggested we kibitz (speak informally) on the phone to discuss our shared good fortune.

That's when I caught on (yes, it took me a moment) to effectively respond, "Yeah, thanks but no thanks."

Soon after, I reached the real Norb, as did some other Facebook pals, to flag him. He and wife, Elaine Feldman, notified the social network and in a few hours the bogus site was removed, hopefully never to be seen again.

This cloning episode got me thinking about some wider implications: While many individuals fall victim to expensive, disruptive and time-wasting cyberattacks, so do a lot of businesses. In fact, companies are increasingly up against new, more creative types of Internet hacking and are scrambling to defend themselves against online threats.

"Getting hit with some type of cybersecurity event is the new natural disaster for business. It can be catastrophic," says Rob Clyde, board director of Rolling Meadows-based ISACA, a nonprofit industry association for digital information and technology issues, including cybersecurity.

A Facebook cloning or hacking attack could be devastating to a small-business operator, many of whom use the site to promote products, maintain business contacts and do bits of business.

Think about it. There's an estimated 60 million small businesses with Facebook pages, according to Facebook.

Such a huge and growing universe is a natural target for hackers and ne'er-do-wells. Moreover, no matter how it tries, it's nearly impossible for Facebook to proactively monitor every post, piece of content and network activity on its site.

As such, entrepreneurs are often the first line of defense against a nefarious hacker infecting or hijacking their page. If something is wrong, small-business owners should quickly complain to Facebook.

"Claiming to be another person violates our community standards and we remove profiles reported to us that impersonate other people," a Menlo Park, Calif.-based Facebook spokeswoman said.

Oddly enough, targeting Facebook pages may become old-school, at least when it comes to online harassment of business, which is coping with a more emerging danger: Ransomware.

Incidents of ransomware are "just exploding" says ISACA's Clyde.

ISACA link : www.isaca.org/about-isaca/Pages/default.aspx

Usually, a hacker will use malware to infiltrate a poorly protected data site, capture sensitive files and literally hold them hostage in an encrypted form beyond the company's computer reach.

Oftentimes, the ransom is for a nominal amount, a few thousand dollars. The requested payoff can be made with the internationallyused bitcoins, which can signal the data kidnappers are an overseas gang, Clyde adds.

Cyber kidnappers also know something about customer service. Some will open a chat line with a company executive to help facilitate payment.

The FBI strongly urges companies not to pay and to report any ransomware threats to the agency and police. But it is not illegal to pay a ransom.

At risk are mid-sized enterprises, including law firms and health care concerns. Organizations become desperate to get back their data and justify the ransom as another cost of doing business in the Internet age. "It's a nuisance fee and they pay it," Clyde adds. If that seems odd to you, you're not alone.

Paying off data kidnappers shouldn't be such a gray area. Yet it seems to be a grudging admission that our cyber cops are having trouble cracking down on tech-savvy crooks and that real-time business needs can outweigh the moral imperative of not encouraging criminal behavior.

Still, anyone who has been victim of Internet scam artists realizes it pays to be resilient.

(22nd December 2016)


FESTIVE SEASON PHISHING SCAMS
(Computerworld, dated 10th December 2016 author Ryan Francis)

Full article [Option 1]:

www.computerworld.com/article/3145389/security/10-top-holiday-phishing-scams.html

Scams to keep an eye out for

It always happens this time of year -- an influx of holiday related scams circulating the interwebs. Scams don't wait for the holidays, but scammers do take advantage of the increased shopping and distraction when things get busy to take your money and personal information. Jon French, security analyst at AppRiver, warns you of six holiday threats to watch out for.

Look out for fake purchase invoices

With holiday shopping starting to ramp up and the daily deluge of holiday discounts in your inbox, it can be confusing to remember which online stores you actually purchased items from. This creates a vector where attackers can be more successful in attacks with things like fake purchase receipts. An unexpected receipt from Amazon or Wal-Mart during most of the year would hopefully raise some red flags for most users, but during the prime time for shopping for the holidays, users will likely be more susceptible to clicking those types of things. Victims could find themselves installing malware or landing on a phishing page if they aren't cautious.

Shipping status malware messages

Along the same lines as fake email receipt messages, fake shipping notifications usually increase each year around the holidays. With so many online orders being shipped around during peoples shopping sprees, they again might be more likely to click something they wouldn't normally click. If you just placed an order that shipped via UPS, and then you get a zipped virus with the vague wording about your recent order being delayed, you may be more likely to click it.

Be cautious of email deals

Not all email flyers and sales are going to be legitimate this shopping season. Some of the big stores where you have previously shopped or signed up for newsletters will likely be OK and legitimate. But be cautious of unexpected deals or product promotions from stores or sellers you have never dealt with. There will be people trying to take advantage of buyers where the victim could be subject to phishing tactics or just stolen money for an order that will never come in.

Take a little more care at looking at links and URLs


Phishing websites are around all year, but again with the sometimes hectic holiday season, people's guards can be down and they could fall victim to phishing attempts. Hovering over links in webpages and emails as well as taking that second to just look at the address bar and see what site you're really at can save you from falling for a phishing page.

Keep an eye on your bank accounts

Some people may be spending money on whatever catches their eye, and others may be planning every purchase out. Regardless, people should keep an eye on their accounts and make sure the purchases made are ones they are actually making. It would only take one store you shop at being compromised to give criminals the chance to drain your bank account -- whether it be a card scanner at a gas pump, POS malware at a retailer store, or an online store with lax web security.

Fake surveys

Survey emails sent out promising some sort of money or gift card in exchange for completing it can end up being a scam. Often the surveys are very short and generic, but at the end they may ask for some personal information. This can be what the attackers are really after. By gathering this information, they can use it to further a more advanced phishing attack. Some may even directly ask you for bank details or credit card information promising you won't lose money.

(20th December 2016)


DON'T GET CAUGHT BY THIS SPEEDING FINE SCAM EMAIL
(BT News, dated 16th December 2016)

Full article [Option 1]:

http://home.bt.com/lifestyle/money/money-tips/dont-get-caught-by-this-speeding-fine-scam-email-11364121900635

Criminals are on another drive to get hold of our personal information, this time by sending out emails claiming you have been caught speeding.

The fraudulent email says you have been caught speeding and warns that a Notice of Intended Prosecution has been issued by Greater Manchester Police (GMP).

The email is a fake and the police are warning that it could infect people's computers with malware that enables criminals to access your personal information including your financial details.

"Greater Manchester Police are aware of a scam email circulating informing the recipient that they have been caught speeding. This email is fraudulent and may ask you to give your personal or financial information or attempt to infect your computer with malware," says Detective Inspector Martin Hopkinson of GMP's Serious Crime Division.

"Once your computer is infected with malware, cyber criminals may be able to access your personal and financial information which could be used to defraud you.

"GMP would never send out correspondence via email requesting payment of fines now will we ask for your personal and financial information."

If you receive the email you should not respond to it. Instead report it to Action Fraud or 0300 123 2040.

"I would urge people to delete any such emails and ensure they always have the most up-to-date security software," adds Hopkinson.

How to spot a scam email

Fortunately, scammers don't always cover their tracks so well. Look out for these classic scam email warning signs:

- The sender's email address doesn't match with the real organisation's web address.
- You aren't addressed by your proper name, instead there is a generic greeting such as 'Dear customer'.
- There is pressure to act quickly - either you need to claim a prize before a deadline or if you don't act your account will be closed.
- You need to click on a link in order to act.
- You are asked for personal information such as a user name, password or your bank details.
- Mistakes - scam emails often contain spelling and grammatical errors.

uware comment


The advice quoted above is a generalism. Some of these emails are quite convincing and may include the recipients name.

(20th December 2016)


LLOYDS BANK SCAM LETTER
(Hertfordshire Police, dated 9th December 2016 author "Watch Liaison")

Residents are being warned to question written correspondence from their banks following a new scam which has targeted Lloyd's customers. The letter looks genuine, featuring the Lloyds logo, customer service address and is even signed by a customer relations manager. It informs the recipient of 'unusual transactions' on their personal current account and asks the customer to call a telephone number to discuss the transactions.

When customers call the number provided, they are taken through to what seems to be a Lloyds automated service. The caller is asked to enter their card/account number, sort code, date of birth and then instructed to enter the first and last digit of their security code. At this point, the automated voice states they have been unable to match the digits and asks for the third and fifth number of the security code. Customers are then put on hold to speak to an adviser, who asks for more information, and they are also asked if they are happy to give customer feedback.

The phone number on the letter was 08438 495865 - this is not a genuine Lloyds number and has since been blocked.

If you receive an unusual letter or other unexpected contact from your bank, it is a good idea to check if it is genuine by calling the customer services number printed on the back of your bank card, your regular statement or another reputable source.

(20th December 2016)


SCAM ALERTS FROM NATIONAL TRADING STANDARDS - NOVEMBER 2016

This is not a definitive list, but just an example of some of the scams occuring during November 2016.

-----------------------
REPOSSESSION SCAM
(Dated : 14th November 2016)

Sussex residents have been warned that a text message claiming their homes will be repossessed is a scam.

People have reported receiving texts saying their home would be repossessed the following day.

Suzanne Newman, a spokesperson for Worthing Homes, many of whose residents received the text, said the scam had been spotted all over the UK and was not unique to Worthing Homes.

The text claimed the repossession was following 'previous correspondance'.

Action Fraud, the UK's national reporting centre for fraud and cyber crime, list different types of text message based scam:

"You're sent a text from a number you don't recognise, but it'll be worded as if it's from a friend.

-----------------------
AMAZON SHIPPING ORDER EMAIL SCAM

Scammers are sending out emails purportedly from Amazon saying there is a problem processing orders and that they won't be shipped.

It adds that you won't be able to access your Amazon account or place any orders until you confirm certain information.

Naturally, there's a link at the bottom of the page telling you to 'confirm' your account.

It'll take you to a fake website which looks very similar to the real one - when you enter your personal details, they'll go straight to the scammers harvesting them.

Once you click the 'Save & Continue' button, you'll automatically be redirected to the Amazon site so that you're none the wiser.

The fraudsters can use your newly-acquired details to make purchases in your name, and potentially use your information to open financial products in your name.

----------------------
GOLD DIGGING HACKERS TARGET KANYE FANS USING iTUNES PHISHING SCAM
(Dated : 23rd November 2016)

Heartless hackers are targeting fans of rap star Kanye West using a newly-uncovered iTunes phishing scam.

The attack has been branded "especially greedy" by experts for its attempts to steal both personal data and credit card information.

Email security firm Mimecast analysed the attack after it was discovered by the INQUIRER.

-----------------------
MILLIONS PUT THEMSELVES AT RISK OF FRAUD CHASING BARGAINS ONLINE
(Action Fraud, dated 22nd November 2016)

New research released by Financial Fraud Action UK (FFA UK) shows that 31% of online shoppers admit that they are more likely to take a financial risk if an online retailer offers them a bargain.

This means there are potentially 15 million online shoppers who could be putting themselves at risk of financial fraud.

Those aged 16-34 are most at risk, with almost half of that age group (46%) admitting they are more likely to take a chance, compared to just 18% of people aged 55 or over.

The findings come at the start of the festive shopping season; with Black Friday (25th November) and Cyber Monday (28th November) offering online bargains and time limited discounts.

It is also a time when fraudsters try to entice people into giving away their debit and credit card details on fake websites.

----------------------

POLICE ISSUE WARNING OVER COLD CALLERS
(Dated : 26th November 2016)

Gwent Police says it has received reports of men cold calling in the Monmouthshire area.

So far the Monmouth, Osbaston, Usk and Goytre have been affected.

The males state they are from Wolverhampton, Scunthorpe and Middlesborough.

They then proceed to try and sell their services by showing a laminated piece of paper to homeowners to prove their legitimacy.

-----------------------
PENSIONER TARGETED BY CROOK PRETENDING TO BE TREE SURGEON
(Dated : 19th November 2016)

A vulnerable pensioner had nearly £500 stolen by a heartless crook pretending to be a tree surgeon.
The incident happened in Styvechale , at around 11am.

West Midlands Police have categorised the incident as a distraction burglary after it was called in by the elderly woman's neighbour.

According to police, a man came to the door claiming to be a tree surgeon. A spokesman for the force said: "The offender claimed to be a tree surgeon and offered to do some work.

"The woman has gone upstairs to get money. She has then come downstairs and the man has asked for a cup of tea. "He then went upstairs and stole some more money ."

In total around £500 in cash was taken from the property.

-----------------------
ROGUE TRADER WARNING FOR BURY ST EDMUNDS
(Dated : 18th November 2016)

Suffolk Trading Standards has today issued a 'rogue trader' warning to householders in Bury St Edmunds after a man climbed on a roof without permission.

Trading Standards say the man was on the west side of Bury St Edmunds last weekend looking for work.

Its warning adds: "The male went up on the roof of a house without permission and then called at the door, stating that work was required to the flashing on the chimney to prevent leaks.

"He said that this would cost £5,500 in total, but that he had some materials on his van so that the cost would be £1,250.

"When this was refused, the male said he has got to do the work now and asked how much the resident was willing to pay."

No work was undertaken, but the individual might have called at other houses in the area as he was seen the next day.

Flashing is the lead strip that covers the join between brickwork and tiles.

----------------------
(1st December 2016)


METROPOLITAN POLICE SCAM EMAIL OFFERS "ADVICE" YOU DON'T NEED
(BT News, dated 25th November 2016)

Full article [Option 1]:

http://home.bt.com/lifestyle/money/money-tips/metropolitan-police-scam-email-offers-advice-you-dont-need-11364115913115

Scammers are now pretending to be the Metropolitan Police in a new (crime) wave of emails designed to steal our personal details.

The fake emails are being sent from an address called crime@content.met.police.uk, which isn't a valid Metropolitan Police email address.

According to Action Fraud, the UK's national reporting centre for fraud and cyber crime, the emails ask the victim to open an attachment containing "crime prevention advice".

However, anyone who does so will automatically download key logger software onto their computer or device.

"The iSpy key logger gives fraudsters the power to record every keystroke from a victim's device and steal sensitive information," Action Fraud said in a release.

Alert: Fake Met Police emails are being sent from crime@content.met.police.uk that contain iSpy key logger software https://t.co/6nODc33vDy
Action Fraud (@actionfrauduk) November 23, 2016

How a typical scam email look

The subject line of the email is 'Crime Prevention Advice' or some variation thereof, while the attached file is called '11212527.zip'.

An example email reads:

------------------------
To the general public:

See attached document to read more about crime prevention advice.

Regards,

Metropolitan Police Service.
A simple scam


-----------------------------
The fact the email isn't addressed to a specific person is a trademark of a typical scam email.

Likewise, the fact the attachment is a random sequence of numbers shows this to be a fairly unsophisticated scam attempt.

Nonetheless, some people might be tempted to open the email and click on the attachment if they believe it to be from the police.

If you do receive this email, just delete it. As always, make sure your antivurs software is up to date just in case you do get conned!

How to avoid email scams

Of course, there are many more sophisticated scams doing the rounds. To help you stay safe, Action Fraud has provided a few general email safety tips.

- Never click on links within emails you weren't expecting.
- Look up the address of a company and type it into the address bar yourself if you think you need to visit the website.
- Never reply to spam emails.
- If you get an email from your bank or building society asking for personal details do not respond. Look up a telephone number and call to check, but financial institutions won't contact you out of the blue asking you to give out personal information.
- Never download attachments unless you know and trust the sender.
- Keep abreast of the latest cons and scams by visiting Action Fraud.

(1st December 2016)


HACKERS ADVERTISING AND SELLING PHISHING KITS VIA YOUTUBE WITH SECRET BACKDOOR
(International Business Times, dated 25th November 2016 author India Ashok)

Full article [Option 1]:

www.ibtimes.co.uk/hackers-advertising-selling-phishing-kits-via-youtube-secret-backdoor-1593396

Cybercrime, like any other enterprise is a business, albeit an illegal one. Apart from targeting individuals, businesses and governments, cybercriminals also cash in by creating, using and marketing malware to other crooks. It appears however, that the age old adage of "honour among thieves" does not apply to cybercriminals these days.

Security researchers have uncovered cybercrooks advertising and distributing phishing kits, that come with how-to videos and links to additional information, to wannabe hackers via YouTube. The catch however is that the advertised kits come with a secret backdoor that sends all the phished data back to the author.

According to Proofpoint security researchers, hackers using YouTube to advertise and market their malicious wares marks the beginning of a new trend. "A simple search for "paypal scama" returns over 114,000 results," researchers noted, indicating that this new trend already appears to have been propagated fairly successfully.

Researchers said, "Many of the video samples we found on YouTube have been posted for months, suggesting that YouTube does not have an automated mechanism for detection and removal of these types of videos and links. They remain a free, easy-to-use method for the authors of phishing kits and templates to advertise, demonstrate, and distribute their software."

Researchers also added that the YouTube videos came with links to templates and phishing kits. The videos themselves featured the "look and feel of the templates" and provided pointers on how to go about collecting the phished data. One such video was for an Amazon phishing template which cloned the Amazon login page. Researchers noted that this particular video also came with a Facebook link to contact the author.

Proofpoint researchers decoded a sample of a phishing template downloaded from a link provided in a similar video and discovered that the author's Gmail address was "hardcoded to receive the results of the phish every time the kit was used, regardless of who used it."

Researchers warned that the concept of honour among thieves does not apply in this case "since multiple samples revealed authors including backdoors to harvest phished credentials even after new phishing actors purchased the templates for use in their own campaigns.

"The real losers in these transactions, though, are the victims who have their credentials stolen by multiple actors every time the kits are used," researchers added.

It is still unclear as to how many people may have been affected by this latest phishing scam. The identity and location of the individual/individuals behind this campaign also remains unknown. IBTimes UK has reached out to Proofpoint for further clarity on the matter and will update this article in that a response is provided.

(1st December 2016)


VISA CRIES FOUL OVER EURO REGULATORS STRONGER AUTHENTICATION DEMANDS
(The Register, dated 23rd November 2016 author John Leyden)

Full article [Option 1]:

www.theregister.co.uk/2016/11/23/visa_criticises_eu_stronger_authentication_plan/

The EU banking regulator's plans to reduce fraud by obliging the use of passwords, codes or a card reader to authenticate electronic payments above 10 euros have drawn fire from the payments industry.

Visa and others argue that mandated authentication checks put forward by the European Banking Authority risk disrupting online shopping without increasing security.

The concern is that making customers jump through more hoops to complete online transactions will result in increased cart abandonment rates, which will likely impact retailers' bottom line.

The regulation threatens to cramp one-click shopping and automatic app payment technologies for anything other than small payments, the argument goes.

"Changes mean no more express checkouts or quick in-app payments from mobiles, reduced access to non-European online shopping sites, and longer queues at places like toll booths and parking," according to Visa.

The payments technology company took the unusual step of putting out a statement lambasting the EBA's draft plan for strong customer authentication (SCA), the final version of which is due out in January.

Robert Capps, VP of business development at behaviour-based biometrics firm NuData Security, said, "We'd tend to support Visa's stance on this issue in several ways. While it may seem that adding more identity tests to the transaction stream should make the transaction more secure, this isn't necessarily true.

"If the test is vulnerable to impersonation, as we see with physical biometrics, or is as vulnerable as passwords, no number of additional touchpoints will make the transaction more secure," he added.

The proposed changes are part of the European Commission's forthcoming Payment Services Directive 2. If ratified as part of the proposals, strong customer authentication would come into effect across Europe from 2018 onwards.

(1st December 2016)


SCAM WARNING FROM THE SHIRES
(Hertfordshire Police Neighbourhood Watch Liaison, November 2016)

Herts Trading Standards have alerted us to increases in two particular types of telephone scam. Never buy anything over the phone as a result of a cold call. Never give bank or card details to a telephone caller, whatever they say.

Extended Warranty Scam

One scam which is conning residents over the phone, is the sale of extended warranties for electronic devices such as televisions and washing machines. The salesman says that because the resident hasn't made a claim in the last 12 months, the price will be reduced, say from £75 to £40. The salesman says he knows the first 4 digits of your card but needs you to confirm the rest of the number. Payment is taken and a warranty for goods that are too old or different from those owned, and hence useless, is provided.

The Bogus "Telephone Preference Service" Scam


The other scam involves callers claiming to be from the Telephone Preference Service (TPS) or similar sounding company, phoning residents and trying to extract money for registration or for call blocking devices. This cynical scam targets people who are trying to protect themselves or vulnerable relatives. A UK director was recently imprisoned for a similar call blocker scam. Please remember that the genuine TPS never cold calls people and its service is always free. Visit www.tpsonline.org.uk

Always beware unexpected calls. Scammers are convincing, that's how they make their money. Even if a caller seems to know details about you, it doesn't mean they are who they say. If they try to rush you into a decision, then it's likely to be a scam, just try to keep your head and don't give them any information. If in doubt, end the call.

Please look out for elderly and vulnerable residents who may be targeted by these scams.

For advice or to report complaints to Trading Standards, contact Citizen's Advice Consumer Service on 03454 040506 and/ or report to Action Fraud on 0300 123 2040.

(1st December 2016)


IDENTITY FRAUD VICTIM'S £500k HOME PUT ON THE MARKET
(BBC News, datd 23rd November 2016)

Full article [Option 1]: www.bbc.co.uk/news/uk-england-manchester-38080102

An identity fraud victim has described the horror of discovering his £500,000 home up for sale on a property website.

Minh To, of Stockport, Greater Manchester said he was left "scared" and "terrified" after seeing pictures of the five-bedroom home on Rightmove.

Police later discovered two men had stolen his mail and forged his signature in order to falsify the documents needed to auction the house.

Two men have been jailed for their part in the scam at Preston Crown Court.

Mike Haley, deputy chief executive of the fraud prevention organisation CIFAS, said Mr To had been "more vulnerable" to the fraud because he had paid off his mortgage.

Saeed Ghani and Atif Mahmood both admitted conspiracy to defraud.

Ghani, 30, of Polefield Circle, Prestwich, was jailed for seven and a half years.

Mahmood, 42, of Sarnsfield Close, Gorton, was sentenced to two years and nine months.

On Wednesday a third member of the gang, Toma Ramanauskaite, was sentenced for a separate fraud.

'Felt terrible'

Mr To was first alerted to what was going on when he received a phone call from his daughter in November 2012.

He said: "She rang me and said 'where are you going?' I said 'I'm going nowhere'. Then she said 'Why are you selling the house then? I've seen it on Rightmove'.

"I didn't know what to think. I felt terrible. I felt scared."

Mr To logged on to the website to find the advert featured several pictures of his home and was inviting bids starting at £300,000.

The details even included a request that the tenants were "not to be disturbed".

Police later discovered Ghani and Mahmood carried out the fraud after stealing three utility bills from Mr To's mailbox.

Having forged his signature, they then transferred the deeds to his house into Ghani's name.

They put the property up for auction in the hope it would sell quickly, without the need for estate agents to show people around.

Mr To discovered the advert just three days before the auction was due to commence.

The court heard Ghani had carried out a similar fraud targeting a couple in Bolton, using fraudulent passports to transfer the deeds to their £300,000 house into his name.

Working with Ramanauskaite, he also took out driving licences in the names of a couple from Salford, before stealing their savings of £90,000.

Ramanauskaite, 30, of Spring Street, Bury, also admitted conspiracy to defraud and was sentenced to 14 months, suspended for two years, and ordered to carry out 250 hours in unpaid work.

Because Mr To had paid off his mortgage, the men were able to transfer the deeds without needing the extra authority of the lender.

He believes the rules need tightening before more people are targeted.

"It's very simple. The government should make it the law that if you're going to change the land registry deeds you should need two signatures," Mr To said.

Det Sgt Phil Larratt, of Greater Manchester Police, said: "As this case demonstrates, fraudsters can use your identity details to open new bank accounts, request new driving licences and even try and steal your own home.

"We urge the public to secure their mail boxes and employ measures to protect their identities."

uaware comment

Virtually all estate agents advertise their clients properties on marketing websites. These websites have property by postcode search facility, so why not enter your own postcode and see what comes up ! You could carry out this exercise on regular basis, perhaps when you check your bank statements against your actual spend (you do, do this don't you ?). Then if some crook tries to sell your property you can catch them out before things get really bad.

www.rightmove.com

www.zoopla.co.uk

(1st December 2016)


THEY LOOK JUST LIKE A TAX REFUND OFFER - BUT BEWARE !
(Daily Mail, dated 19th November 2016 author Jeff Prestridge)

Full article [Option 1]:

www.dailymail.co.uk/money/bills/article-3952486/They-look-like-tax-refund-offer-one-man-hit-TWICE-online-fraud.html

Taxpayers are being warned to ignore a new blight of emails from fraudsters passing themselves off as HM Revenue & Customs and inviting them to claim refunds for overpaid tax.

The fraudulent 'phishing' emails or texts are designed to trick people into giving key details about their bank accounts which are then used by the criminals to gain access and empty them.

On Friday, a Revenue official, given copies by The Mail on Sunday of the latest phishing emails doing the rounds, described them 'as 100 per cent rank' and 'vile attempts by pond life to steal money from your good readers'.

In the year to this March, the Revenue blocked more than eight million phishing emails and took down nearly 14,000 fraudulent websites. But the fraudsters are nothing if not persistent.

Traditionally, they target two key times of the year: July when people are renewing their entitlement to tax credits and December in the run-up to the end of January deadline for completing self-assessment tax returns and paying any tax owed.

Worryingly, their emails are more authentic than ever before. In the past, some of them were littered with spelling mistakes and compiled so poorly that most recipients knew they were not genuine straightaway.

But not as much the current ones. Reader James Anderson, a 72-year-old retired teacher from Winchester, has received two such scam emails in recent weeks.

Both were from HMRC Tax Refund Services and each promised James a refund - £907.41 first time around and then £1,098.54.

This second email looked as if it could have been official because of its near-perfect rip off of the HM Revenue & Customs logo.

James files a tax return every year and is meticulous about getting his tax affairs in good order, so he was not tempted by either offer. But he says he can see how some people may fall for the bait.

He adds: 'These phishing emails are getting more sophisticated. When someone is told they are due a refund and they are given details of the local "tax credit officer" and their "tax refund ID number" you can understand why some bite.'

James believes the Revenue should come down on these fraudsters 'like a ton of bricks' and close them down. 'I get the impression it is not doing enough and doesn't see this fraudulent activity as its problem. But it is.

'We are being pushed all the time to both pay our taxes and file our tax returns online. So it should do everything possible to keep fraudulent emails out of our inboxes. I see it as a law and order issue. The Revenue must ensure law and order is maintained.'

The Revenue, which received more complaints in the last tax year than any since the 2008 financial crisis, says it never notifies taxpayers by text or email of a tax rebate. It also would never use such communication tools to request personal or financial details.

On Friday, it said it took taxpayers' data security 'extremely seriously'. It also confirmed it was working with law enforcement agencies worldwide 'to bring down the criminals behind these scams'.

Key steps to beat fraudsters


- To report a suspicious email, go to: https://www.gov.uk/report-suspicious-emails-websites-phishing.

- For help on telling the difference between genuine Revenue and phishing emails, visit: https://www.gov.uk/government/publications/genuine-hmrc-contact-and-recognising-phishing-emails.

- If you receive a telephone call from someone claiming to be from the Revenue and requesting either your bank account or personal details because you are owed a tax refund or maybe have a tax debt, it will invariably be bogus.

- Report any incident to Action Fraud at http://www.actionfraud.police.uk/.

(1st December 2016)



JAIL FOR ONLINE SHOPPING FRAUDSTERS WHO SCAMMED £600k FROM AIRBNB, AUTOTRADER AND GUMTREE CUSTOMERS
(London Evening Standard, dated 19th November 2016 author Francesca Gillett)

Full article [Option 1]:

www.standard.co.uk/news/crime/jail-for-online-shopping-fraudsters-who-scammed-600k-from-airbnb-autotrader-and-gumtree-customers-a3399736.html

A gang of north London internet shopping fraudsters who duped hundreds of people out of £600,000 through fake adverts including on Gumtree and Airbnb have been jailed.

The scammers posted bogus ads for cars and property rentals and set up a sham online shopping website pretending to sell washing machines, cookers, computers and phones.

But when victims tried to enter their card details, the swindlers lied and claimed the card had been declineMost of the victims never heard from the fake business again, while others found their stolen card details were being used to make more fraudulent purchases.

Two men and their accomplices, a man and a woman, were sentenced for their part in the scheme.

Horatiu Sbughiu, 32, of East Drive in Barnet, used his Toshiba laptop to carry out over 200 fraudulent transactions and steal more than £387,000.

Cristian Nicolaescu, 28, of Spring Garden, Redbridge, used his laptop to carry out over £300,000 worth of fraud and used counterfeit Romanian ID cards, false proof of address and false employment references to open mule accounts.

The pair pleaded guilty to conspiracy to commit internet shopping fraud and possessing a laptop for use in fraud and were jailed for four years at Harrow Crown Court on Friday.

Money laundering accomplices Nicolae Boieru, 40, and Alexandra Gyor, 28, both of Spring Garden in Redbridge, were also caught and pleaded guilty to laundering the proceeds of the fraud.

Boieru was locked up for eight months' while Gyor received a 12 month community order with unpaid work.

DC Chris Collins of the Met's online fraud team, said: "These individuals duped over 500 people after fraudulent adverts, usually for motor vehicles and property lettings, were placed on classifieds websites such as Autotrader, Gumtree and Airbnb.

"In addition, a series of wholly fake websites were set up mimicking an online shopping store purporting to sell electronic goods such as washing machines, cookers, computers, mobiles and cameras."

(1st December 2016)


HACKERS TARGET ALL MAJOR UK BANKS WITH NEW TWITTER PHISHING CAMPAIGN
(International Business Times, dated 27th October 2016 author India Ashok)

Full article [Option 1]:

www.ibtimes.co.uk/hackers-target-all-major-uk-banks-new-twitter-phishing-campaign-1588498#

A new active Angler phishing social media scam campaign has been identified by security researchers, which is targeting all major UK banks and their customers. The scam campaign involves hackers creating fake Twitter accounts, posing as customer support staff, in efforts to hoodwink customers into divulging credentials.

In this case, ProofPoint researchers noted that the hackers operating the Angler phishing campaign were monitoring bank customers' accounts on Twitter. They hijacked conversations users attempted to have with genuine support staff of banks, and redirected customers to a fake support page.

For instance, when a customer tweeted to the genuine Barclay's bank support account (@BarclaysUKHelp), hackers hijacked the request of support by replying with a fake customer support account (@BarclaysHelpUK).

Proofpoint researchers said: "Angler phishing is named after the anglerfish, which uses a glowing lure to bait and eat smaller fish. In this attack, the 'lure' is a fake customer support account that tricks your customers into giving up credentials and other sensitive information."

Social media phishing campaigns have increasingly become popular among hackers looking to gain access to sensitive user data. Proofpoint had previously stated that the firm had seen a 150% rise in social media phishing in 2016. In addition to banks, such campaigns target major brands, especially those that rely heavily on social media to advertise their products and connect with their consumers.

Such phishing campaigns are fairly simple to execute and difficult to defend, especially given that customers are often redirected to authentic seeming fake websites, designed to grab user data when victims unknowingly provide their usernames and passwords.

The fake accounts are generally successful in duping users, especially given that the language and tone used is similar to that of authentic support accounts. Moreover, the fake website is also designed such that it looks similar to authentic login pages commonly used by banks.

"This method of phishing is highly effective because your customers are already expecting a response from your brand. Unfortunately, angler phishing is part of a broader trend in social media fraud," said Proofpoint researchers.

Proofpoint is yet to comment on which banks have been targeted by the attack so far, IBTimes UK has reached out to the firm and will update the article in the event a response is provided.

(1st November 2016)


ANOTHER HOTEL SCAM !
(Described by a victim, 2016)

You arrive at your hotel and check in at the front desk. Typically when checking in, you give the front desk your credit card details (for any charges to your room) and they don't retain the card.

You go to your room and settle in. All is good.

The hotel receives a call and the caller asks for (as an example) room 620 - which happens to be your room.

The phone rings in your room. You answer and the person on the other end says the following:
'This is the front desk. When checking in, we came across a problem with your credit card information.
Please re-read me your credit card numbers and verify the last 3 digits numbers at the reverse side of your card.'

Not thinking anything wrong, since the call seems to come from the front desk you oblige. But actually, it is a scam by someone calling from outside the hotel. They have asked for a random room number, then ask you for your credit card and address information.

They sound so professional, that you think you are talking to the front desk.

If you ever encounter this scenario on your travels, tell the caller that you will be down to the front desk to clear up any problems.

Then, go to the front desk or call directly and ask if there was a problem. If there was none, inform the manager of the hotel that someone tried to scam you of your credit card information, acting like a front desk employee.

This was sent by someone who has been duped........ and is still cleaning up the mess.

(1st November 2016)


WATCH OUT FOR NEW ALDI ONLINE VOUCHER SCAM
(BT News, dated 23rd October 2016)

Full article [Option 1]:

http://home.bt.com/lifestyle/money/money-tips/watch-out-for-new-aldi-online-voucher-scam-11364107098408

Aldi shoppers are being targeted by the latest fake voucher doing the rounds online.

The supermarket used its Facebook page to alert shoppers about a fake £85 Aldi voucher being circulated.

It indicates that the hoax message is asking people to share their personal details, which will help scammers commit ID fraud.

Aldi warns that it will never ask customers to share sensitive personal details for a promotion.

If someone sends you a Facebook message or email suggesting you could get an Aldi voucher treat it with caution and don't automatically click on the link.

If the the offer is too good to be true it probably is. Check for spelling mistakes and use your common sense about the details it is asking you to share.

This is the latest example of a supermarket voucher scam, which include fake vouchers and fake prize draws.

How a typical voucher scam works

Typically, a voucher scam involves a 'free' voucher, with the store ranging from Asda and Tesco to Marks & Spencer and John Lewis which can be as much as £500. A variant is to promise a free product like an iPad for "consumer testing".

The company really doesn't matter. Whatever the name, and whether the too good to be true 'promotion' is on Facebook or via email, the whole thing is a swindle. They have nothing to do with the stores and, of course, there are no vouchers.

A scam of this nature can start with you receiving a Facebook message from one of your friends. It will say something like: "Happy Christmas. Free £500 ASDA Voucher Now. (173 Left). Claim your Free £500 ASDA Voucher this Christmas. Offer still open!"

If you fall for it, you go to a site which looks as though it belongs to the company in question. The scamsters rip off logos hoping to dupe people into applying for their 'free' shopping opportunity. Here, you will be led through some questions to get your voucher.

You will have to supply your mobile number and your address - ostensibly so your "prize" can be sent out.

In reality, your phone will be hit by premium rate calls because each of the very easy questions costs £5, as shoppers caught by a Tesco prize draw scam are discovering. This may appear in the very small print, but who reads that when they are looking for a big boost to the Christmas spending budget?

At the same time, this "free offer" will also go to your friends.

In other cases, the link you get in the email or over social media may send you to a site which asks you to share more personal details, which puts you at risk of ID theft.

(1st November 2016)


JOCKEYS WARY OF SIGNING AUTOGRAPHS AFTER STRING OF FARUD TARGETING RIDERS
(The Telegraph, dated 5th October 2016 author Sam Dean)

Full article [Option 1]:

www.telegraph.co.uk/news/2016/10/05/jockeys-warned-to-move-money-out-of-high-street-banks-after-stri/

Jockeys have been forced to alter their signatures or avoid signing autographs after being targeted by a series of frauds.

The Professional Jockeys Association has criticised the "ineptitude of the major high street banks" in tackling the scam, which has seen more than £200,000 stolen from around 30 jockeys.

The fraud has been ongoing since 2014 and the body is now urging its members to move their money out of the "unwilling and incapable" banks.

The money has largely been withdrawn over the counter, by fraudsters possibly using fake IDs. One jockey told the Telegraph that the "very clever" criminals can even take money from cash machines without the account holder's bank cards.

The ongoing scam, which was first reported in 2014, has been taking place across the country and involves a number of major banks. It was described as "frightening" by jockeys.

West Sussex-based rider Jim Crowley, who had more than £10,000 taken from his account, said he has had to change the signature he gives to autograph-hunters after he was defrauded twice, despite changing banks after the first fraud.

He added that he even received a phone call from a man purporting to be one of the fraudsters, who warned him the group would continue to target his account.

"It is very frustrating because you have got things like direct debits and mortgages and you can't just shut your bank account down," he said. "These fraudsters know that.

"One of them actually rang me and told me they were doing it. He was giving me the heads-up and told me to leave the high street banks, but by this stage I had already left."

Andrew Tinkler, a jockey from Cheltenham, said: "It was a little bit frightening that someone would do that and it was a disappointing that they were able to.

"Whether there are people out there trying to get an autograph for the wrong reasons, it's a possibility. Personally I would be very wary of it."

In a newsletter to its members, the PJA said banks were "unwilling and incapable" of stopping the fraudsters.

Paul Struthers, the body's chief executive, said it is suspected that the jockey's details had been "leaked".

He said: "The only conclusion we can come to is that somehow, somewhere, whether it's one individual or a group, there is a leakage of information.

"You are fundamentally left with the question of why it is happening. It's not like it happens with one bank and then stops and never happens again. It's ongoing and these are not small sums of money."

A spokesman for Financial Fraud Action UK said: "Banks take fraud extremely seriously and stopped £7 in £10 of all attempted fraud last year.

"Fraudsters may try to use stolen or fake documents in order to commit their crimes, and banks do have systems in place to prevent this.

"The spate of crimes targeting jockeys suggests fraudsters may have gained access to data relating to these victims. It's important that any organisations holding personal data take steps to ensure it is safeguarded."

A new kind of fraud

Action Fraud is warning of a new form of fraud in which the public are sent letters, texts or emails asking them to phone their banks.

There is no request for passwords or other personal information, so many recipients may phone the number provided.

When your call is answered, a recording device is switched on. Your call is then transferred to a legitimate phone line operated by your bank, where you log in as usual by providing key letters of your password and other information. All of this is recorded, allowing the fraudster to build up information which could be used in future to access your accounts.

"The reason why this scam is so successful is because the fraudster's presence is unknown to both the victim and the bank," Action Fraud said.

Customers should only ever use phone numbers displayed on banks' websites or on statements, it said.

If you are responding to a message or letter, you should tell the bank member of staff at the outset of the call, it advised.

(1st November 2016)


I HAVE LOST ALL FAITH IN BANKS AFTER FRAUDSTERS STOLE £120,000, SAYS GLORIA HUNNIFORD
(The Telegraph, dated 10th October 2016 author Camilla Turner)

Full article [Option 1]:

www.telegraph.co.uk/news/2016/10/09/i-have-lost-all-faith-in-banks-after-fraudsters-stole120000-says/

Broadcaster Gloria Hunniford has said she lost all faith in banks after fraudsters stole £120,000 from her account.

The veteran broadcaster had her savings taken by a woman pretending to be her by using a fake driving licence earlier this year.

Ahead of a new episode of the BBC show Rip Off Britain, the 76-year-old Loose Women panelist urged banks to do more to protect their customers' money.

Her bank, Santander, said it is striving to make improvements to stop similar offences taking place.

Hunniford said: "It turned out complete strangers could get their hands on my money easier than I can.

"I have to admit that since this whole thing happened, personally I have lost all faith in banks, and my big question is, are they really doing enough to keep every customer's money safe?

"Now, not in a million years would I expect everybody to know who I am or what I look like, and I totally get it that you don't have to dress up to look like somebody in order to impersonate them.

"But I would expect that the banks would carry out stringent security checks before they literally handed over tens of thousands of pounds to a stranger."

In January, Hunniford had her bank account emptied just days after an imposter posed as the star arrived at a Santander branch with her "daughter" and "grandson".

Personal banker Aysha Davis, 28, said the woman told her she had "a few bob" in there and had come to add the teenager as a signatory because she had been ill.

She then helped them complete the paperwork, including photocopying their driving licences, at the Croydon North End branch.

Davis was initially accused of being part of the plot but was acquitted after less than 30 minutes of jury deliberation after saying the TV star was "not of my time".

Rip Off Britain, which features the stories of several people who have lost thousands of pounds in similar cons, will be broadcast on BBC One at 9.15am on Monday.

A new kind of fraud

Action Fraud is warning of a new form of fraud in which the public are sent letters, texts or emails asking them to phone their banks.

There is no request for passwords or other personal information, so many recipients may phone the number provided.

When your call is answered, a recording device is switched on. Your call is then transferred to a legitimate phone line operated by your bank, where you log in as usual by providing key letters of your password and other information. All of this is recorded, allowing the fraudster to build up information which could be used in future to access your accounts.

"The reason why this scam is so successful is because the fraudster's presence is unknown to both the victim and the bank," Action Fraud said.

Customers should only ever use phone numbers displayed on banks' websites or on statements, it said.

If you are responding to a message or letter, you should tell the bank member of staff at the outset of the call, it advised.

(1st November 2016)


TECH SUPPORT SCAMS TARGET VICTIMS VIA THEIR ISP
(BBC News, dated 22nd June 2016 author Jane Wakefield)

Full article : www.bbc.co.uk/news/technology-36084989

A new scam, in which fraudsters pose as legitimate internet service providers to offer bogus tech support, either via the phone or on the net, is on the rise, the BBC has found.

It is a twist on an old trick which involved cold-calling a victim - often claiming to represent Microsoft - and charging for fake tech support.

The new variants have been spotted in the UK and US.

BT said that it was investigating the issue.

The online version of the scam involves a realistic pop-up that interrupts a victim's normal browsing session with a message that appears to be legitimate and seems to come from the victim's real ISP.

US security firm Malwarebytes has spotted several from US and Canadian ISPs, including ComCast and AT&T. It has also seen webpages created for UK ISPs, including TalkTalk and BT.

The pop-up contains a message saying that the ISP has "detected malware", and urging victims to call a number "for immediate assistance".

Jerome Segura, a consultant at security firm Malwarebytes, has been investigating tech support scams for years but when he came across the latest iteration, he nearly fell for it.

"It caught me by surprise and I almost thought that it was real. It was a page from my ISP telling me my computer was infected. It was only when I looked in closer detail that I saw it was a scam," he told the BBC.

He is not surprised scammers have found new methods to fool people.

"Cold calls are very wasteful and after years of being told, people are starting to realise it is a scam so the scammers have to find new ways to make it personalised and legitimate. It is more cost-effective and efficient than cold-calling," said Mr Segura.

Fraudsters do still use cold-calling but their methods here have also become more sophisticated - instead of a vague description of themselves as a Windows Support agent, many are now claiming to represent legitimate ISPs, with very believable answers when they are challenged.

Take David from the Midlands, who falls into the category of a typical victim, being older and not entirely tech-savvy. He is, coincidentally, related to a Malwarebytes employee.

He recently received a phone call from someone claiming to represent the BT Rescue centre.

The fact that the call had come up as an international number aroused David's suspicions.

"We get inundated periodically with international calls and we know that they are either trying to sell us something or are up to no good," he told the BBC.

The caller tried to persuade David that he had been monitoring his BT broadband service for some time and had become aware of a number of viruses that needed immediate attention.

David was not sure - he had fallen for a similar scam a few years ago and was not ready to do so again. He asked for the caller's telephone number and address and told him he would check with BT and get back to him.

The number the man gave him to call back on looked like a London one (with a 0203 prefix) and the address he gave was the actual address of BT's London headquarters.

After several unsuccessful attempts to get through to BT's genuine helpline number to verify the call, David decided to ring back.

"I got through to what sounded like a call centre and a young lady said 'this is BT Support and I will put you through to a technician'. It all sounded very believable.

"The technician, who I think was a different person to the original caller, said he was from the BT rescue team and had been monitoring the use of my BT broadband and had been getting signals that it had been hacked into," David told the BBC.

He asked David to type Alureon into Google, to show him the virus he was claiming had infected his computer. Alureon is a real virus that buries itself deep inside the Windows operating system.

After scaring him with the possible dangers, he asked David to visit a website and enter a code which gave the technician remote access to his computer.

He showed him a range of programs on his computer that looked as if they could have a problem - one of the issues with the Windows operating system is that it shows a lot of errors that can look suspicious to the untrained eye.

Malwarebytes has recently seen a lot more cases of scammers targeting Mac computers but Microsoft remains the main method because it is fair bet that many older users will have a computer that runs a Windows operating system.

The software giant is well aware of the tech support scam and since May 2014, has received over 200,000 customer complaints regarding them. This year alone, an estimated 3.3 million people in the United States will pay more than $1.5bn to scammers, according to its figures.

David was starting to believe that the call he had received was genuine but when the "technician" asked him to log into his banking site, he felt something was wrong and hung up.

He is angry that he fell for the scam and even more angry with BT.

"When I needed to get through to them, I couldn't," he said.

In a statement BT told the BBC: "BT takes the security of our customers' accounts very seriously. We have recently been proactively warning our customers to be on their guard against scams. Fraudsters use various methods to 'glean' your personal or financial details with the ultimate aim of stealing from you.

"Our advice is that customers should never share their BT account number with anyone and should always shred bills. Be wary of calls or emails you're not expecting. Even if someone quotes your BT account number, you shouldn't trust them with your personal information."

Older, less tech-savvy individuals like David tend to be the main targets of such scammers and, once they fall for it, are called again and again by fraudsters, Courtney Gregoire, a senior lawyer at Microsoft, told the BBC.

"Some lose hundreds of thousands of dollars," she said.

"80% of what we see are cold callers but we are now seeing traffic for the new type of pop-up fraudsters," she added.

As well as seeing examples of fraudsters using bogus ISP pop-ups, the cybercrime unit at Microsoft has also seen pop-ups which lock a computer and demand a fee.

The firm has begun talks with ISPs, including US-based ComCast and the UK's BT on the issue.

In December 2014, in its first big strike against technical support scamming companies, Microsoft's Digital Crimes Unit filed a civil lawsuit in a federal court in the Central District of California against Omnitech Support for unfair and deceptive business practices and trademark infringement.

The case was settled out of court under a confidential agreement.

According to Ms Gregoire, Microsoft has tracked many of the call centres from which the scams are run back to India and is now working with Indian law enforcement to crack down on them.

Raids on such call centres are starting to shed light on the operation behind the scam.

"We will find out whether the employees know that they are engaged in a scam or whether they were just reading from a script," she said.

The pop-up scam seems to be mainly focused in the US at the moment, with Verizon, AT&T and TimeWarner all being impersonated but Malwarebytes also discovered fake pages set up for BT, PlusNet, Sky and TalkTalk.

Security firm Symantec told the BBC it had seen a 200% rise in tech support scams this year - with 100 million malware exploits related to them.

Consultant Sian John said the firm had seen more and more scammers using pop-ups, in a reversal of the traditional cold call.

"The scammers are trying to get people to call them - people are literally paying to be scammed."

There are two main ways that the scammers make money from tech support scams.

Users are either persuaded to download software that will install malware - this could be banking trojans that will offer direct access to all your financial information or malware that joins your computer to a botnet.

In other cases, people are persuaded to sign up for bogus tech support services, giving credit card details that provide the scammers with a one-off payment of around $200.

In November the FBI shut down several tech support scammers going under the name of Click4Support operating in Philadelphia and Connecticut.

It is believed that the scammers had been in operation since 2013 and during those two years had made more than $17m.

How do scammers know your ISP?


In the case of cold calls it may just be a lucky case of guessing a common ISP but in the case of pop-ups, there is an altogether cleverer way for fraudsters to glean information that can help them.

How it works

- Big ad networks allow users to win ad space on websites by bidding at a particular price
- Criminals are taking advantage of this to place adverts which are infected with a single "bad" pixel
- This pixel can redirect users and infect them in the background when they are browsing on a perfectly legitimate site - they do not even need to click on the ad
- The malware in the ad redirects users to a website in the background - invisible to the user - which checks their computer and discovers their IP address
- From the IP address it is easy to find out which ISP owns which IP address
- Victims will be served a pop-up tailored for their specific ISP which warns them their computer is infected and gives them a number to call

(1st November 2016)


PHISHING EMAIL ALERT - BOGUS COMPENSATION
(Action Fraud, datd 12th September 2016)
www.actionfraud.police.uk

There is a phishing email currently in circulation that claims to be from the City of London Police. The departments that it claims to represent include the 'Fraud Intelligence Unit' and the 'National Fraud Intelligence Bureau'. The email is titled 'compensation fund' and has a letter attachment that claims to be offering financial compensation to victims of fraud. The letter uses the City of London Police logo.

The letter states that in order for compensation to be arranged, the receiver of the email should reply disclosing personal information. It states that HSBC and the South African Reserve Bank have been chosen to handle the compensation claims. All of these claims are false.

The email and letter are fraudulent and should not be replied to.

Protect Yourself

- Opening attachments or clicking links contained within emails from unknown sources could result in your device being infected with malware or a virus.

- The City of London Police and the National Fraud Intelligence Bureau will never email you asking for you to disclose personal information.

If you believe you have become a victim of this fraudulent email get your device checked by a professional and make a report to Action Fraud, the UK's national fraud and cyber crime reporting centre: http://www.actionfraud.police.uk

(1st October 2016)


RENTAL FRAUD IN STUDENT ACCOMMODATION
(Action Fraud, dated 1st September 2016)
www.actionfraud.police.uk

Seasonal rental fraud is an emerging trend with students looking for suitable accommodation around August, before the start of the new term. Fraudsters use a variety of websites to advertise available properties to rent, often at attractive rates and convenient locations. Adverts will seem genuine, accompanied by a number of photos and contact information to discuss your interest.
Due to demand, students will often agree to pay upfront fees to secure the property quickly, without viewing the property, only to discover that the fraudster posing as the landlord does not have ownership of the property, or often there are already tenants living there.

Protect Yourself

- Only use reputable letting companies.

- Do some online research such as using Google maps to check the property does exist.

- Make an appointment to view the property in person.

- Always view the property prior to paying any advance fees.

- Look out for warning signs, such as landlords requesting a 'holding deposit' due to the property being in high demand.

- A landlord will usually conduct some due diligence on any successful applicant. Be wary of handing over cash without the landlord requesting employment or character references.

If you, or anyone you know, have been affected by this fraud or any other scam, report it to Action Fraud by calling 0300 123 2040 or visiting www.actionfraud.police.uk.

(10th September 2016)


ANDROID BANKING MALWARE BLOCKS VICTIMS OUTGOING CALLS TO CUSTOMER SERVICE
(Symantec Official Blog, dated 14th July 2016 author Dinesh Venkatesan)

Full article [Option 1]:

www.symantec.com/connect/blogs/android-banking-malware-blocks-victims-outgoing-calls-customer-service?om_em_cid=hho_email_GB_BLST_ACT_08_2016_CLUBNORTON

In March 2016, newer variants of the Android.Fakebank.B family arrived with call-barring functionality. The feature aims to stop customers of Russian and South Korean banks from cancelling payment cards that the malware stole. The latest version of the threat shows how Android banking malware continues to evolve.

Once installed, the new Android.Fakebank.B variants register a BroadcastReceiver component that gets triggered every time the user tries to make an outgoing call. If the dialed number belongs to any of the customer service call centers of the target banks, the malware programmatically cancels the call from being placed.

We have observed the variants targeting financial institutions in Russia and South Korea. The following are some of the customer care numbers that the variants are blocking:

- KB Bank: 15999999
- KEB Hana Bank: 15991111
- NH Bank: 15442100 and 15882100
- Sberbank: 80055550
- SC Bank: 15881599 and 15889999
- Shinhan Bank: 15448000, 15778000, and 15998000

Typically, when a banking customer calls a customer care number through a registered mobile device, their call will be routed to an Interactive Voice Response (IVR) System. By blocking these numbers, the malware creators can stop a victim from asking their bank to cancel payment cards that the variants stole. This also gives the malware more time to steal data from the compromised device. Affected users can still find other channels, such as email or landline calls, to reach customer care.

Mitigation

Symantec recommends users follow these best practices to stay protected from mobile threats:

- Keep your software up to date
- Refrain from downloading apps from unfamiliar sites and only install apps from trusted sources
- Pay close attention to the permissions requested by apps
- Install a suitable mobile security app, such as Norton, to protect your device and data
- Make frequent backups of important data

(10th September 2016)


SAFETY IQ : ARE YOU A SECURITY SUPERSTAR ? OR YOUR OWN WORST ENEMY ?
(Symantec / Norton Website)

Full article [Option 1]: http://uk.norton.com/safety-iq/promo

uaware note : This webpage includes access to other articles on crime and scam prevention. The inclusion of this article does not imply an endorsement of Symantec or its products.

Our computers, smartphones and tablets are an integral part of daily existence. Don't believe me? Just think about the last time you left your phone at home or suffered through an Internet outage. But when you've been online for a long time, it can get easy to be a little too casual about your digital security. So read on to make sure you've covered your bases when it comes to keeping your devices, your wallet, and yourself safe and sound.

1. Back it up
This one should be a no-brainer, but losing data because it wasn't properly backed up is still a sadly common digital disaster. You can lose your data a million different ways-hardware failure, a lost laptop, security breach, elephant stampede-and performing regular backups with reliable methods is the only way to avoid eventual tragedy. Choose a physical means of backup via external hard drive or other device, or choose a solution like Norton Online Backup* that backs up your photos, music, and other files automatically.

2. You only have one reputation…protect it!
Here's an aspect of security that flies under the radar until it's too late, the need to keep your online image intact. Everything you do, comment on, purchase, like or "retweet" eventually adds up to your public digital personality. And this personality is projected to the world, including potential employers, college admissions offices, health insurance companies, and banks vetting you for a mortgage. In fact, a recent Microsoft privacy survey determined that a full 14% of adults have experienced negative consequences due to online activities, including being fired from a job (21%) or losing their health insurance (16%).

So, how do you protect your online reputation? Consider separating your personal and professional profiles by using different addresses and screen names, one for your personal activities and another for your professional endeavors. And be sure to double-check your security settings on your social networking sites, personal blogs, and other places where you maintain personal data.

We also recommend using the "inner-mother" test. Basically, before you post that incriminating picture, make that snarky comment, or toss up that incendiary blog, think of how your mother would feel if she saw it. Now, we know this isn't the most scientific way to protect yourself because every mother is different! but it will at least give you a chance to consider the consequence of your actions. Believe me, the 14% of kids who didn't get into the college they wanted because of their online image, probably wish they had listened to their inner-mother.

3. Take information-gathering scams personally.
We recommend taking the old saying "if it sounds too good to be true, it probably is" to heart whenever you're offered something online. Phishing scams involving sites that lure you in with fraudulent emails or fake messages from your bank abound, all with an aim at gathering your most sensitive information…or at the very least, your credit card number.

And have you heard of Smishing?. Smishing uses text messages to lure people into giving up their sensitive information. Posing as a bank, their bogus texts claiming to be from your bank show up on your smartphone requesting your personal data and passwords in order to rectify a problem with your account. Protect yourself by never, ever responding to a text that requests personal information. If you are concerned about your account, contact your bank directly.

4. Malware is everywhere.
Downloaders of free apps and software, beware! No matter what the device, if it connects to the Internet you are at risk of opening the door to malicious software bearing viruses, worms, spyware, Trojan horses, and all matter of nasty stuff. The best defense is a strong offense basically, only download software from well-known, trusted entities and look for established, highly-rated apps from your device's official App Store.

(10th September 2016)


ELDERLY WINE INVESTORS SCAMMED BY COLD CALLER WHO SOLD OFF ENTIRE COLLECTIONS BEFORE FLEEING
(The Telegraph, dated 23rd August 2016 author Telegraph Reporters)

Full article [Option 1]:

www.telegraph.co.uk/news/2016/08/23/elderly-wine-investors-scammed-by-cold-caller-who-sold-off-entir/

A wine company boss who cheated his clients out of their fine vintages is facing jail.

Jonathan Piper, 30, was the sole director of Embassy Wine UK Ltd, which claimed to act as brokers for investors in fine wine.

The company cold-called prospective investors and persuaded them to hand over control of their collections to Embassy, which then sold them and broke off contact.

These "clients" were also made to pay fees before sales could be transacted. Victims took out bank loans, used credit cards and even cashed in pensions to pay the fees.

At least five people lost up to £300,000 in the scam - one of whom lost £150,000 out of her life savings - which operated between June 2011 and October 2014.

Piper used the cash from the con to fund a lavish lifestyle and spent almost £90,000 on a BMW X6 and Range Rover Sport.

None of the income he generated between 2008 and 2014 - either legitimately or otherwise - was declared to HMRC, which was subsequently swindled out of £51,104 in income tax payments.

Piper appeared at Snaresbrook Crown Court on Tuesday, where he had been due to stand trial accused of fraud by false representation, cheating the Inland Revenue, fraudulent trading and two counts of converting criminal property.

Prosecutor Leo Seelig said: "The prosecution would simply say that this was a sophisticated and an involved fraud which preyed on vulnerable and elderly victims."

The court heard that Piper, now working as a scaffolder, intended to borrow money from friends in order to repay a portion of the money, which he put at closer to £200,000, following his guilty pleas.

"It is his hope that he will be able to reduce the amount that is owed to the victims before sentencing," said Thomas Day, defending.

Judge Louise Kamill said: "I have listened very carefully to Mr Day, but I am afraid I am not going to grant bail.

"It seems to me before reparations are proposed, first of all, they will of course be taken into account by the sentencing court.

"Secondly, these reparations are not going to be personally made by Mr Piper. He never has done and nothing has been done to date.

"If people are intending to make a dent in the losses on his behalf, their efforts of course will be taken into account. But it does not devolve around Mr Piper.

"He is not, himself as a scaffolder, going to get a loan of about £200,000 or however he is proposing to repay those losers."

She added: "These offences, just one of them alone, is likely to attract a custodial sentence and for my part I cannot see any reason why Mr Piper should not begin that sentence as of now.

"It would be unfair, in fact, for him to go out and come back knowing that there is a lengthy sentence that he will face and in those circumstances I refuse bail.

"It is my decision and I appreciate that he has been entrusted with bail in the past but he must begin his sentence now."

Piper, of Wanstead, east London, admitted cheating the Inland Revenue, fraudulent trading and two counts of converting criminal property. He was remanded in custody ahead of sentence on September 16.

(10th September 2016)


DON'T BE A MONEY MULE
(Action Fraud, dated 22nd August 2016)
www.actionfraud.police.uk

Students are being recruited, sometimes unwittingly, as "mules" by criminals to transfer illegally obtained money between different bank accounts.

What is a money mule?

A money mule is someone who is recruited by those needing to launder money obtained illegally. Criminals advertise fake jobs in newspapers and on the internet in a number of ways, usually offering opportunities to make money quickly, in order to lure potential money mule recruits. These include:

- Social media posts
- Copying genuine company's websites to create impression of legitimacy
- Sending mass emails offering employment
- Targeting individuals that have posted their CVs on employment websites

Students are particularly susceptible to adverts of this nature. For someone in full-time education, the opportunity for making money quickly can understandably be an attractive one. The mule will accept money into their bank account, before following further instructions on what to do with the funds. Instructions could include transferring the money into a separate specified account or withdrawing the cash and forwarding it on via money transfer service companies like Western Union or MoneyGram. The mule is generally paid a small percentage of the funds as they pass through their account.

Money Laundering is a criminal offence which can lead to prosecution and a custodial sentence. Furthermore, it can lead to the mule being unable to obtain credit in the UK and prevented from holding a bank account.

Protect Yourself

Be aware that the offence of money laundering carries a maximum prison sentence, in the UK, of 14 years.
Never give the details of your bank account to anyone that you do not trust.
No legitimate company will ever ask you to use your own bank account to transfer their money. Don't accept any job offers that ask you to do this.
Be wary of unsolicited emails or social media posts promising ways of earning easy money. If it seems too good to be true, it probably is.
Don't be afraid to question the legitimacy of any businesses that make you a job offer, especially if the recruitment procedure strays from the conventional.

(10th September 2016)


FRAUDSTERS SELLING NON-EXISTENT DRONES
(Action Fraud, dated 12th August 2016)
www.actionfraud.police.uk

Online shopping websites are being utilised by fraudsters to advertise nonexistent drones of various specifications for competitive prices.

Drones are personal flying devices that often carry cameras and can be navigated remotely by smartphones or hand-held controllers. Fraudsters are capitalising on their recent popularity and advertising non-existent drones at a lower value than their recommended retail price to tempt buyers.

After victims agree to purchase the drone, the fraudsters request payment to be paid via bank transfer saying that it will quicken the delivery process. After transferring the money the buyers never receive the drone and the fraudster blocks the victim to prevent further conversation.

How to protect yourself:

- Check the validity of the post.
- Avoid paying by bank transfer and instead use an online payment option such as PayPal, which helps to protect you.
- Check feedback online by searching the associated phone numbers or email addresses of the seller. Feedback will give you useful information about recent transactions other buyers may have made.
- If the item is below market value consider whether this is an opportunity too good to be true.

If you have been affected by this, or any other scam, report it to Action Fraud by calling 0300 123 2040, or visiting www.actionfraud.police.uk

(10th September 2016)


UK TOPS EUROPEAN CHARTS - FOR CARD FRAUD
(The Register, dated 9th August 2016 author Darren Pauli)

Full article [Option 1]:

www.theregister.co.uk/2016/08/09/uk_dominates_euro_carder_fraud_charts/

The United Kingdom has copped the largest jump in credit card fraud of all European countries with an 18 per cent rise resulting in £88m ($114m, A$150m) of additional losses.

Blighty outpaced fraud growth in Greece and Denmark where fraud increased by five percent according to Euromonitor International data mapped out by big data company FICO.

Much of the additional losses in the UK are thanks to data breaches and fraudulent online transactions, rather than ATM skimming.

Some 75 per cent of the lost cash is due to card-not-present fraud, where CVC numbers on the back of cards are not required, of which more than half was conducted in online transactions.

That form of fraud has bottomed out in Portugal where authorities have it "fully under control".

All told the UK contributed to some 43 per cent of all card fraud losses across the 19 European countries studied.

Fraud increased in 10 of those countries with Greece, Denmark, France and Russia trailing the UK with small rises in card theft.

FICO fraud consultant Martin Warwick says consumer pressures for seamless online payments frustrate security efforts.

"Banks want to avoid intervening unnecessarily when customers are shopping on the internet," Warwick says.

"E-commerce spending in the UK has nearly quadrupled since 2007, so you see why this is such a target for criminals."

Fraudsters have always moved to the easiest pickings. In Europe this has driven fraud away from point of sales terminals thanks to deployment of chip-and-PIN, to online card-not-present transactions.

They flocked to Russia to get a piece of its rapid adoption of online payments between 2010 and 2015 which amounted to a 500 percent increase in "total card payment value", according to Euromonitor.

Fraud went up some 130 per cent over that time.

America's reliance on magnetic stripe data has left it a ripe harvest for fraud. Slow chip-and-PIN deployments will help stem the flow in coming years.

Australia by contrast is one of the world's toughest places to commit fraud thanks to its widespread adoption of the most modern and secure payment methods available such as Android and Apple Pay and contactless card payments.

Base data displaying fraud : www.fico.com/europeanfraud/

(10th September 2016)


ADVANCE FEE FRAUD (COURIER)
(Action Fraud, dated 11th August 2016)
www.actionfraud.police.uk

People selling their items on online platforms are falling victim to a new type of advance fee fraud. This involves a fraudster, posing as a buyer, sending an email to the seller (victim), agreeing to the full asking price of the item. They state that they are unable to collect the item themselves and will arrange for a courier to pick it up instead.

The fraudster then sends a fake payment confirmation email from a different email address, one which falsely purports to be from a payment platform. In the course of the email exchange, the seller/victim is requested to pay the courier fee. Once the payment is made the contact is broken, the item is not picked up and the money paid for the 'courier' is gone.

An example of the most recent emails received by the victim/seller, from the 'Buyer', read:

"I want you to consider this a deal as i am willing to pay your full asking price! i actually want to buy it for a family member who is urgently in need of it, i have checked through your posting and i'm fully satisfied with it. Unfortunately, i would not be able to come personally to view/collect, i work offshore as an instructor on a oil rig so i dont have time at all, but like i said i am 100% OK with the advert"

Protect Yourself:


- Be wary when buyers wish to purchase items at the full asking price without viewing them.

- Check the validity of the payment receipt confirmation

- Avoid paying an advanced fee if you are a seller; should you choose to use a courier, arrange your own.

- Check feedback online by searching the associated phone numbers or email addresses of the seller/buyer. Feedback will give you useful information about recent transactions other buyers/sellers have made.

If you, or anyone you know, have been affected by this fraud or any other scam, report it to Action Fraud by calling 0300 123 2040 or visiting www.actionfraud.police.uk.

(11th August 2016)


UK LEADS EUROPE IN CARD FRAUD
(International Business Times, dated 3rd August 2016 author Karthick Arvinth)

Full article [Option 1]:

www.ibtimes.co.uk/uk-leads-europe-card-fraud-1573954

The amount of money lost due to fraud on credit and debit cards in the UK rose in 2015 by 18% to £492m (€585m; $656m), fuelled by online shopping and data breaches.

The rise was the sharpest recorded in 19 European countries studied by Fico.

The software analytics firm said card fraud was a growing challenge for the financial services industry as more and more consumers conduct transactions or shop online.

The UK contributed 43% of the total card fraud losses across Europe.

Most of the increase in card fraud in Britain came from online transactions and the theft of personal data through cybercrime.

"We cardholders are very demanding, and if we don't get what we want then we let people know in the form of reviews and feedback, not to mention switching cards," said Martin Warwick, Fico's fraud chief in Europe.

"Banks want to avoid intervening unnecessarily when customers are shopping on the internet.

"E-commerce spending in the UK has nearly quadrupled since 2007, so you see why this is such a target for criminals."

Overall, 10 of the 19 countries studied saw increases in card fraud in 2015, with Greece, Denmark, France and Russia posting the highest rises after the UK.

Kendrick Sands, senior analyst at Euromonitor, warned: "The further projected increase in online payments over the forecast period suggests additional security measures will be required throughout Europe.

"If greater security measures are not adopted to combat card not present fraud, the broader advance of card payments over paper alternatives could be negatively impacted."

(3rd August 2016)


NIGERIAN MALWARE KINGPIN,RESPONSIBLE FOR $60m FRAUD SCHEMES
(International Business Times, dated 1st August 2016 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/nigerian-malware-kingpin-mike-responsible-60m-fraud-schemes-netted-by-interpol-1573698

A suspected ringleader of an international criminal network responsible for thousands of online frauds has been arrested in a joint cybercrime operation by Interpol and the Nigerian Economic and Financial Crime Commission (EFCC).

Known only as 'Mike', the 40-year-old Nigerian national is believed to have led a network of roughly 40 individuals who routinely launched cyber-attacks and malware injections against email accounts of businesses located in countries across the world, including Australia, South Africa and the US.

In total, the operation gained over $60m (£45m) in illicit revenue and, according to law enforcement, one fraud case alone resulted in a payment of a massive $15.4m (£11m).

'Mike', who was apprehended in southern Nigeria, also allegedly had "money laundering contacts" in China, Europe and the US who provided bank account details to his criminal gang.

"The main two types of scam run [by 'Mike'] targeted businesses [and] were payment diversion fraud, where a supplier's email would be compromised and fake messages would then be sent to the buyer with instructions for payment to a bank account under the criminal's control, and CEO fraud," explained Interpol in a release.

"In CEO fraud, the email account of a high-level executive is compromised and a request for a wire transfer is sent to another employee who has been identified as responsible for handling these requests. The money is then paid into a designated bank account held by the criminal."

Cybersecurity firm Trend Micro initially reported the activities of the criminal gang to authorities based on research first published in November 2014 that analysed hundreds of Nigerian scams based on 'keylogger' technology and data-exfiltration methods.

Abdul Chukkol, head of the EFCC's cyber-crime division said: "The success of this operation is the result of close cooperation between Interpol and the EFCC, whose understanding of the Nigerian environment made it possible to disrupt the criminal organisation's network traversing many countries, targeting individuals and companies."

"For a long time we have said in order to be effective, the fight against cyber-crime must rely on public-private partnerships and international cooperation," he added.

Both 'Mike' and another suspect, who has not been named, now face charges including hacking, conspiracy and obtaining money under false pretences.

(1st August 2016)


UPGRADE FRAUD
(Action Fraud, dated 15th July 2016)
www.actionfraud.police.uk/

Fraudsters are impersonating telephone service providers and contacting their clients offering a phone upgrade on a low monthly payment contract. The fraudsters will glean all your personal and financial details which will then be used to contact the genuine phone provider and order a new mobile phone handset. The fraudsters will either intercept the delivery before it reaches the victim's address or order the handset to a different address.

Protect yourself

- Never provide your personal information to a third party from an unsolicited communication.

- Obtain the genuine number of the organisation being represented and verify the legitimacy of the communication.

- If the offer is too good to be true it probably is.

- If you have provided personal information and you are concerned that your identity may be compromised consider Cifas Protection Registration.

If you have been a victim of fraud report it to Action Fraud on 0300 123 2040 or http://www.actionfraud.police.uk/

(1st August 2016)


HOLIDAY BOOKING FRAUD
(Action Fraud, dated 11th July 2016)
www.actionfraud.police.uk

With summer holidays fast approaching, individuals are often more exposed to travel booking frauds when looking for last minute package deals / cheap flights. Whether paying upfront for a family holiday or simply booking a flight, payments are transferred only to discover that the holiday / airline ticket does not exist and was sold to you by a bogus travel company. Fraudsters will often lure in potential customers with low prices and 'one time only' offers that are simply too good to pass up, requesting payment by the preferred method of direct bank transfer.

Avoid

- Paying for a holiday / airline tickets / accommodation via direct bank transfer. No reputable company will ever request payment via this method.

- Responding to unsolicited calls, texts or emails offering holidays at incredibly low prices.

Protect Yourself

- Whenever possible, pay for your holiday by credit card as it offers increased protection.

- Always remember to look for the 'https' and locked padlock icon in the address bar before entering your payment details.

- Never feel pressured to make a booking for fear that you will miss out on this 'low price' opportunity. If you have never used the company before, take your time to do some online research to ensure they are reputable.

- Should you make a flight or hotel booking through a travel company, feel free to separately check with the hotel / particular airline that your booking does indeed exist.

If you have been affected by this, or any other scam, report it to Action Fraud by calling 0300 123 2040, or visiting www.actionfraud.police.uk

(1st August 2016)


POLICE RELEASE DETAILS OF 10 WANTED ALLEGED UK CON ARTISTS
(The Guardian, dated 19th July 2016 author Press Association)

Full article [Option 1]:

www.theguardian.com/uk-news/2016/jul/19/police-release-details-of-10-most-wanted-alleged-uk-con-artists

A line-up of 10 wanted alleged con artists has been released in advance of new crime figures that are expected to reveal the huge scale of fraud in the UK.

Details of the alleged criminals, published on Tuesday by City of London Police and the National Crime Agency, include Alex McKenzie, 33, from London, who is accused of targeting victims using the gay social networking app Scruff, gaining their trust by claiming to work for MI6.

It is claimed he conned two former lovers and one of their parents by taking out credit cards, bank accounts and loans worth a total of £300,000 in their names.

Another is Bollywood film producer Sandeep Arora, 42, from Beckton, east London, who allegedly claimed £4.5m in VAT and film tax rebates for movies that either did not exist or with which he had no involvement.

Also on the list is Bayo Lawrence Anoworin, 41, from Lagos, Nigeria, who is wanted by Lincolnshire police over an alleged scam by a gang that stole more than £12m from NHS trusts in the UK and Guernsey between January 2011 and July 2012.

The publication comes before annual crime figures due for release by the Office for National Statistics on Thursday that will include a full year of fraud and cybercrime for the first time.

Preliminary figures released in October 2015 found that there had been 5.1 million incidents of fraud in England and Wales in the previous year, affecting an estimated one in 12 adults and making it the most common form of crime.

Donald Toon, director of the NCA's economic crime command, said: "The annual losses to the UK from fraud are estimated to be more than £190bn. Behind this headline figure lies the actions of criminals like the wanted fraudsters highlighted in this appeal, who have caused distress and loss to people and businesses up and down the country.

"Law enforcement cannot tackle this problem alone. It is only by working together, individuals, law enforcement, government and the private sector that we can protect the UK against fraud.

"It is important that anyone able to provide information on the 10 fraudsters we are highlighting today takes the opportunity to pass that information to law enforcement to help bring them to justice."

(1st August 2016)


RIO 2016 OLYMPIC TICKET FRAUD
(Action Fraud, dated 28th June 2016)
www.actionfraud.police.uk

The Olympic Games in Rio de Janeiro begin on 6th August 2016 and as of late June, you will be able to purchase tickets from the Rio 2016 ticket offices. Purchasing from an unauthorised seller or a ticket tout could leave you out of pocket; not only are the tickets advertised at inflated prices, but there is also a risk that the tickets purchased are counterfeit or do not exist. Any individual with a counterfeit ticket will be refused entry.

To help protect yourself, the list of authorised sellers has been published on the official website and provides a list of trusted resellers; this can be found at www.rio2016.com. Equally, tickets purchased that are no longer needed can be sold through the Rio 2016 website for a 100% reimbursement of the amount paid if the tickets are resold.

Protect yourself
- When purchasing from another company or individual, ask questions; specifically when you will receive the ticket and what type of ticket you are purchasing.

- Pay for tickets by using a credit card or trusted payment service. Payments made by bank transfer may not be recoverable.
- Always check that the payment screen is secure by looking for the padlock symbol or making sure the website/url begins with "https".

If you have been affected by this, or any other scam, report it to Action Fraud by calling 0300 123 2040, or visiting www.actionfraud.police.uk

(1st July 2016)


FAKE LETTER BOXES

(Action Fraud alert, dated 27th June 2016)
www.actionfraud.police.uk

The National Fraud Intelligence Bureau (NFIB) has noticed an increase in reports of fraudsters placing fake letter boxes on residential properties in an attempt to harvest the mail. Residents are sometimes unaware of the fake letterbox as the fraudsters will periodically remove the item, which may leave notable markings. The mail is then used to open various lines of credit with financial providers in the name of the innocent resident.

Protect Yourself
- Be vigilant and check for any suspicious activity, tampering of your post/letterbox or for suspicious glue markings on the wall.
- Check all post received from financial institutions, even if it appears unsolicited.
- Consider reporting theft of mail to your local police force and any cases of identity fraud to Action Fraud.
- If you have been a victim of identity fraud consider Cifas Protection Registration (https://www.cifas.org.uk/protective_registration_form)

If you, or anyone you know, has been affected by this fraud or any other scam, report it to Action Fraud by calling 0300 123 2040 or visiting www.actionfraud.police.uk.

(1st July 2016)


BE AWARE OF SPOOF EMAILS CLAIMING BUYER PROTECTION
(Action Fraud, dated 24th June 2016)
www.actionfraud.police.uk

Online shopping websites are being utilised by fraudsters to advertise vehicles for sale which do not exist. After agreeing to purchase the vehicle via email with the fraudsters, buyers then receive emails purporting to be from Amazon Payments and/or Amazon Flexible Payment Service stating that their money will be held in an 'escrow account' (a bank account held by a third party, used as a temporary holding account during a transaction between two parties- for a 7 day 'cooling off' period). Once happy with the purchase the email indicates the money will be released to the seller, therefore offering 'buyer protection'. In reality these emails are fraudulent and do not come from Amazon. The bank accounts are controlled by fraudsters.

Protect yourself
- Remember that Amazon does not provide an escrow account to purchase items.
- Meet the seller 'face to face' and view the vehicle before parting with any money.

- Be vigilant of emails that purport to be from genuine companies and check the 'domain' name of the email address for any inconsistencies.
- Check feedback online by searching the associated phone numbers or email addresses of the seller.
- If the vehicle is below market value consider whether this is an opportunity too good to be true!

If you, or anyone you know, have been affected by this fraud or any other scam, report it to Action Fraud by calling 0300 123 2040 or visiting www.actionfraud.police.uk.

(1st July 2016)


COUNTERFEIT CHEQUES
(Action Fraud, dated 10th June 2016)

Businesses are being contacted for the sale of goods or services by fraudsters, who request to pay by cheque. The fraudster sends a cheque with a higher value than the amount expected, and then sends the business a request for the difference with instructions on how it should be paid back. This is usually by bank transfer or through a money transfer service, such as Western Union or PaySafe. Once the 'refund' has been provided, it is realised that the cheque provided was fraudulent and no funds are credited to the business's account.

The NFIB has seen an increase of 84% in the number of counterfeit cheque frauds reported to Action Fraud since November 2015. Criminals are targeting a wide range of services including paintings or other artwork, photography and lessons, with various amounts requested to be refunded. The average amount requested to be refunded is £1,818. The highest amount requested was over £80,000.

The suspects have used pressure tactics to persuade victims to refund the amounts immediately prior to the cheques clearing.
 
Crime Prevention Advice
- Be cautious of payments where the amount provided is higher than expected. Refuse to provide the service unless the correct balance is received or wait until the cheque has cleared before refunding the difference.

- Always contact banks on a trusted number found on their website or correspondence that is known to be authentic to confirm whether the cheque has cleared.
- Do not feel pressured to provide a refund before the cheque has cleared.

If you have been affected by this, or any other scam, report it to Action Fraud by calling 0300 123 2040, or visiting www.actionfraud.police.uk

(1st July 2016)


PHISHING CAMPAIGN TARGETING UNIVERSITY STUDENTS
(Action Fraud, dated 13th June 2016)

A new phishing campaign which has hit students of UK universities claims that the student has been awarded an educational grant by the Department for Education. The email purports to have come from the finance department of the student's university and tricks the recipient into clicking on a link contained in the message to provide personal and banking details.

One victim reported that after submitting their sensitive information (including name, address, date of birth, contact details, telephone provider, bank account details, student ID, National Insurance Number, driving licence number and mother's maiden name), they were taken to a spoofed website which appeared like a genuine website of their bank, where they were asked to type in their online banking login credentials.

Protect Yourself:

- Do not click on any links or open attachments contained within unsolicited emails.

- Do not reply to scam emails or contact the senders in any way.

- If an email appears to have come from a person or organisation you know of but the message is unex