Action Fraud Alert: Beware of an extortion scam

The In the Know service from Surrey Police has issued details of an extortion scam in the latest Action Fraud Alert,

Cyber criminals send victims their own passwords in extortion scam

Cyber criminals are attempting to blackmail unsuspecting victims by claiming to have used the victims’ password to install spying malware on the victims’ computer. The criminals claim they’ve recorded videos of the victim watching adult material by activating their webcam when they visit these websites. What makes this scam so convincing is that the email usually includes a genuine password the victim has used for one of their online accounts. We believe criminals obtain the passwords from data breaches.

What to do if you get one of these emails?

Don’t reply to the email, or be pressured into paying. The police advise that you do not pay criminals. Try flagging the email as spam/junk if you receive it multiple times. Perform a password reset as soon as possible on any accounts where you’ve used the password mentioned in the email. Always use a strong, separate password for important accounts, such as your email. Where available, enable two-factor authentication (2FA). Always install the latest software and app updates. Install, or enable, anti-virus software on your laptops and computers and keep it updated.

If you receive one of these emails, report it to Action Fraud’s phishing reporting tool. If you have received one of these emails and paid the ransom, report it to your local police force.

 

Police notice: Beware of courier fraud

This is a message sent by Action Fraud Administrator, National,

The National Fraud Intelligence Bureau has identified an increasing number of reports submitted to Action Fraud from the public concerning courier fraud.

Fraudsters are contacting victims by telephone and purporting to be a police officer or bank official. To substantiate this claim, the caller might be able to confirm some easily obtainable basic details about the victim such as their full name and address. They may also offer a telephone number for the victim to call to check that they are genuine; this number is not genuine and simply redirects to the fraudster who pretends to be a different person. After some trust has been established, the fraudster will then, for example, suggest;

  • Some money has been removed from a victim’s bank account and staff at their local bank branch are responsible.
  • Suspects have already been arrested but the “police” need money for evidence.
  • A business such as a jewellers or currency exchange is operating fraudulently and they require assistance to help secure evidence.

Victims are then asked to cooperate in an investigation by attending their bank and withdrawing money, withdrawing foreign currency from an exchange or purchasing an expensive item to hand over to a courier for examination who will also be a fraudster. Again, to reassure the victim, a safe word might be communicated to the victim so the courier appears genuine.

At the time of handover, unsuspecting victims are promised the money they’ve handed over or spent will be reimbursed but in reality there is no further contact and the money is never seen again.

Protect Yourself

Your bank or the police will never:

  • Phone and ask you for your PIN or full banking password.
  • Ask you to withdraw money to hand over to them for safe-keeping, or send someone to your home to collect cash, PIN, cards or cheque books if you are a victim of fraud.

Don’t assume an email or phone call is authentic
Just because someone knows your basic details (such as your name and address or even your mother’s maiden name), it doesn’t mean they are genuine. Be mindful of who you trust – criminals may try and trick you into their confidence by telling you that you’ve been a victim of fraud

Stay in control

If something feels wrong then it is usually right to question it. Have the confidence to refuse unusual requests for personal or financial information.

For more information about how to protect yourself online visit www.cyberaware.gov.uk  and www.takefive.stopfraud.org.uk

Fraud Alert: Head Teachers/Principals targeted in fraud

A message sent by Action Fraud (Action Fraud, Administrator, National) about school fraud

The National Fraud Intelligence Bureau (NFIB) has seen an increase in recent weeks in the volume of CEO Fraud reports whereby schools are the targeted victim. This has resulted in substantial financial losses for several schools that have fallen victim to this type of fraud.

A school is targeted by a fraudster who purports to be the Head Teacher / Principal. The fraudster contacts a member of staff with responsibility for authorising financial transfers and requests for a one off, often urgent, bank transfer to be made. The amounts requested have been between £8,000 and £10,000.

Contact is made by email and from a spoofed / similar email address to the one the Head Teacher / Principal would use.

PROTECTION / PREVENTION ADVICE

  • Ensure that you have robust processes in place to verify and corroborate all requests to change any supplier or payment details. Get in touch with the supplier (or internal colleague) directly, using contact details you know to be correct, to confirm that a request you have received is legitimate.
  • All employees should be aware of these procedures and encouraged to challenge requests they think may be suspicious, particularly urgent sounding requests from senior employees.
  • Sensitive information you post publicly, or dispose of incorrectly, can be used by fraudsters to perpetrate fraud against you. The more information they have about you, the more convincingly they can purport to be one of your legitimate suppliers or employees. Always shred confidential documents before throwing them away.
  • Email addresses can be spoofed to appear as though an email is from someone you know. If an email is unexpected or unusual, then don’t click on the links or open the attachments. Staff should not be allowed to check emails or use the internet with administrator accounts.
  • If you have been affected by this, or any other type of fraud, report it to Action Fraud by calling 0300 123 2040, or visiting www.actionfraud.police.uk.

Action Fraud Alert: Improve Your Internet Security For Free

Here’s a message from Action Fraud Alert (Action Fraud, Administrator, National)

Better internet security in two minutes: Visit Quad9.net for a step-by-step guide on how to improve your online security in two minutes.

Domain Name Systems (DNS) are like public phone books for the web. They’re the reason you only need to remember a website’s name and not its IP address (think of these as phone numbers for computers). When you type “www.youtube.com” into a browser, a DNS service translates that into the associated IP address (199.223.232.0) for you.

Imagine a phone book that automatically filters and removes phone numbers known to be used for fraud. That’s what Quad9 does for websites. Quad9 provides an automated way to protect yourself and your business by blocking access to known malicious websites, like phishing sites designed to steal personal or banking details. Quad9 checks the website to determine if it’s malicious.

Fraud Alert: Fake Government Grants

Message sent by Action Fraud (Action Fraud, Administrator, National)

Individuals and businesses are being warned to watch out for cold calls and online contact from fraudsters who are offering opportunity to apply for Government grants for an advance fee.

To make the grants look legitimate fraudsters have set up bogus companies and convincing looking websites that claim to be operating on behalf of the UK Government.

Fraudsters cold call businesses and individuals offering the grant and if they’re interested direct them to fill out an online application form with their personal information.
Once the fraudsters have that information they’ll contact back victims and congratulate them on being accepted onto the grant programme.

Pre-paid credit cards
Applicants are then asked to provide identification and are instructed to get a pre-paid credit card to deposit their own contribution to the fake Government grant scheme. Fraudsters will then contact victims on the phone or are emailed and asked for the details of their pre-paid credit card and copies of statements to in order for them to add the grant funds.

Of course the grant funds are never given by the fraudsters and the money that’s been loaded by the victim onto the card is stolen.

If you receive one of these calls, hang up immediately and report it to us. We’ve already taken down one website fraudsters have been using to commit this fraud and are working with Companies House to combat this issue.

How to protect yourself
Be wary of unsolicited callers implying that you can apply for grants. You should never have to pay to receive a government grant, and they definitely won’t instruct you to obtain a pre-paid credit card. The government should have all the information they need if a genuine grant application was submitted, therefore any requests for personal or banking information either over the phone or online should be refused.

What to do if you’re a victim:

• If you think your bank or personal details have been compromised or if you believe you have been defrauded contact your bank immediately.
• Stop all communication with the ‘agency’ but make a note of their details and report it to Action Fraud.
• If you have been affected by this, or any other type of fraud, report it to Action Fraud by visiting http://www.actionfraud.police.uk or by calling 0300 123 2040.

The information contained within this alert is based on information from gathered by the National Fraud Intelligence Bureau (NFIB). The purpose of this alert is to increase awareness of this type of fraud. The alert is aimed at members of the public, local police forces, businesses and governmental agencies.

Action Fraud Alert: Beware of fraud when buying pets online

This is a message sent via In The Know – Surrey and Sussex. It has been sent on behalf of Action Fraud. Fraudsters advertising puppies and kittens on popular online auction websites requesting advance payment are failing to deliver the pets.

The National Fraud Intelligence Bureau and Action Fraud have recently noticed a rise in the reporting of pets, and in particular puppies and kittens, being advertised for sale via popular online auction websites. The fraudsters will place an advert of the pet for sale, often claiming that the pet is currently held somewhere less accessible or overseas. Upon agreement of a sale, the suspect will usually request an advance payment by money transfer or bank transfer. However, the pet does not materialise and the fraudster will subsequently ask for further advanced payments for courier charges, shipping fees and additional transportation costs. Even if further payments are made, the pet will still not materialise as it is likely to not exist.

Tips to staying safe when purchasing pets:

  • Stay within auction guidelines
  • Be cautious if the seller initially requests payment via one method, but later claims that due to ‘issues with their account’ they will need to take the payment via an alternative method such as a bank transfer.
  • Consider conducting research on other information provided by the seller, for example a mobile phone number or email address used by the seller could alert you to any negative information associated with the number/email address online.
  • Request details of the courier company being used and consider researching it.
  • Agree a suitable time to meet face-to-face to agree the purchase and to collect the pet. If the seller is reluctant to meet then it could be an indication that the pet does not exist.
  • A genuine seller should be keen to ensure that the pet is going to a caring and loving new home. If the seller does not express any interest in you and the pet’s new home, be wary.
  • If you think the purchase price is too good to be true then it probably is, especially if the pet is advertised as a pure-breed.
  • Do not be afraid to request copies of the pet’s inoculation history, breed paperwork and certification prior to agreeing a sale. If the seller is reluctant or unable to provide this information it could be an indication that either the pet does not exist or the pet has been illegally bred e.g. it originates from a ‘puppy farm’. A ‘puppy farm’ is a commercial dog breeding enterprise where the sole aim is to maximise profit for the least investment. Commercial dog breeders must be registered with their local authority and undergo regular inspections to ensure that the puppies are bred responsibly and are in turn fit and healthy. Illegally farmed puppies will often be kept in inadequate conditions and are more likely to suffer from ailments and illnesses associated with irresponsible breeding.
  • When thinking of buying a pet, consider buying them in person from rescue centres or from reputable breeders.
  • If you have been affected by this, or any other type of fraud, report it to Action Fraud by visiting  www.actionfraud.police.uk or by calling 0300 123 2040.

Action Fraud Alert: Beware of online vehicle shopping fraud

This is a message sent via In The Know – Surrey and Sussex. This information has been sent on behalf of Action Fraud (National Fraud Intelligence Bureau)

Fraudsters have been advertising vehicles and machinery for sale on various selling platforms online. The victims, after communicating via email with the fraudster, will receive a bogus email which purports to be from an established escrow provider (a third party who will keep the payment until the buying and selling parties are both happy with the deal).

These emails are designed to persuade victims to pay upfront, via bank transfer, before visiting the seller to collect the goods. The emails also claim that the buyer (victim) has a cooling off period to reclaim the payment if they change their mind. This gives victims the false sense of security that their money is being looked after by this trustworthy third party, when in fact it is not and the money has gone straight to the fraudster.

Protect yourself:

  • When making a large purchase such as a new car or machinery, always meet the seller face to face first and ask to see the goods before transferring any money.
  • If you receive a suspicious email asking for payment, check for spelling, grammar, or any other errors, and check who sent the email. If in doubt, check feedback online by searching the associated phone numbers or email addresses of the seller.
  • Contact the third party the fraudsters are purporting to be using to make the transaction. They should be able to confirm whether the email you have received is legitimate or not.
  • False adverts often offer vehicles or machinery for sale well below market value to entice potential victims; always be cautious. If it looks too good to be true then it probably is.

If you have been affected by this, or any other type of fraud, report it to Action Fraud by visiting www.actionfraud.police.uk, or by calling 0300 123 2040.

Action Fraud Alert: Beware of ‘Wedding Season’ fraud

This is a message sent via In The Know – Surrey and Sussex. This information has been sent on behalf of Action Fraud (National Fraud Intelligence Bureau)

With the upcoming “Wedding Season”, and for those individuals who are considering making plans for next year and beyond, you should be aware of the potential risks of fraud involved.

According to ‘bridesmagazine.co.uk’, in 2017 the average wedding cost spend is approximately £30,111.  This will be paid out to multiple vendors, including; photographers, caterers, reception venues and travel companies, to name a few.  Many of these services will require booking at least several months in advance and you may be obliged to pay a deposit or even the full balance at the time.

Being aware of the potential risks and following the below prevention advice could minimise the likelihood of fraud:

Paying by Credit Card will provide you with protection under Section 75 of the Consumer Credit Act, for purchases above £100 and below £30,000. This means that even if a Company goes into liquidation before your big day, you could claim a refund through your Credit Card Company.

Social Media – Some Companies run their businesses entirely via social media sites, offering low cost services.  Whilst many are genuine, some may not be insured or may even be fraudulent. There are a few things you can do to protect yourself;

Continue reading

Action Fraud Alert: Beware of fraudsters smishing tactics

This is a message sent via In The Know – Surrey and Sussex. This information has been sent on behalf of Action Fraud (National Fraud Intelligence Bureau)

Smishing – the term used for SMS phishing – is an activity which enables criminals to steal victims’ money or identity, or both, as a result of a response to a text message. Smishing uses your mobile phone (either a smartphone or traditional non-internet connected handset) to manipulate innocent people into taking various actions which can lead to being defrauded.

The National Fraud Intelligence Bureau has received information that fraudsters are targeting victims via text message, purporting to be from their credit card provider, stating a transaction has been approved on their credit card.

The text message further states to confirm if the transaction is genuine by replying ‘Y’ for Yes or ‘N’ for No.

Through this method the fraudster would receive confirmation of the victim’s active telephone number and would be able to engage further by asking for the victim’s credit card details, CVV number (the three digits on the back of your bank card) and/or other personal information.

Protect yourself:

  • Always check the validity of the text message by contacting your credit card provider through the number provided at the back of the card or on the credit card/bank statement.
  • Beware of cold calls purporting to be from banks and/or credit card providers.
  • If the phone call from the bank seems suspicious, hang up the phone and wait for 10 minutes before calling the bank back. Again, refer to the number at the back of the card or on the bank statement in order to contact your bank.
  • If you have been a victim of fraud or cyber crime, please report it to Action Fraud at http://www.actionfraud.police.uk/ or alternatively by calling 0300 123 2040

Action Fraud alert: Don’t respond to ransomware scammers

This is a message sent via In The Know – Surrey and Sussex. This information has been sent on behalf of Action Fraud (National Fraud Intelligence Bureau)

Action Fraud has received the first reports of Tech-Support scammers claiming to be from Microsoft who are taking advantage of the global WannaCry ransomware attack.

One victim fell for the scam after calling a ‘help’ number advertised on a pop up window. The window which wouldn’t close said the victim had been affected by WannaCry Ransomware.

The victim granted the fraudsters remote access to their PC after being convinced there wasn’t sufficient anti-virus protection. The fraudsters then installed Windows Malicious Software Removal Tool, which is actually free and took £320 as payment.

It is important to remember that Microsoft’s error and warning messages on your PC will never include a phone number. Additionally Microsoft will never proactively reach out to you to provide unsolicited PC or technical support. Any communication they have with you must be initiated by you.

How to protect yourself

  • Don’t call numbers from pop-up messages.
  • Never allow remote access to your computer.
  • Always be wary of unsolicited calls. If you’re unsure of a caller’s identity, hang up.
  • Never divulge passwords or pin numbers.
  • Microsoft or someone on their behalf will never call you.

If you believe you have already been a victim

  • Get your computer checked for any additional programmes or software that may have been installed.
  • Contact your bank to stop any further payments being taken.

Report fraud and cyber crime to Actionfraud.police.uk