• +44 7503 218 152
  • ronna@xtrabyte.co.uk

Category >Annoucements

Fake telephone call in the name of the Financial Services Agency

A local and trusted contact has just alerted me to the following telephone scam.

Person A receives a telephone call in which the caller ID displays 0800 111 6768 Research shows this number relates to the Financial Services Agency.

Person A hears a female voice which quoted their name and address, the caller went on to say that they were calling from the Financial Services Agency.

Person A was told that someone using their name and address had taken out a loan in Brighton and that it could affect their credit rating.

Person A told the caller that they had not taken out a loan and asked the caller to put the details in writing and send via the post.

Person A was asked to hold the line whilst the caller obtained more details, but after a few minutes the line was disconnected but not by Person A.

Person A contacted the Financial Services Agency who stated that they do not phone any private individuals and confirmed that the call was a scam.

Please DO NOT trust the telephone number displayed. Criminals can spoof telephone numbers meaning they are made to appear genuine; criminals just copy the numbers from genuine websites.

Always ensure you have a dial tone before calling any number, especially if the caller has asked you to call them back to prove they are genuine. Either use a different phone if you have one or, wait and ensure there is a dial tone. If you don’t hear a dial tone the line to the criminal could still be open.

Just because someone knows your name and address, telephone number, email, it does not make them genuine.

If in doubt, do what Person A did, invite the caller to write to you. I am not sure how keen criminals are keen to put pen to paper and a stamp on the envelope?

Interestingly, this is the first time I have heard that the scammer had a female voice and I have no reason to believe they were using software to alter their voice.

If you are wondering if your private data is in the hands of cyber criminals, then visit www.haveibeenpwned.com and put your email and/or telephone number in the search box.

Many internet security products are now providing data breach alerts in which you provide them with your email address and if it appears online in suspicious circumstances, then you will be notified. Only use these services from genuine recognisable companies through your existing security software.

Recovery Room Scams

UK consumers are being increasingly targeted by recovery room scams. This is where fraudsters approach those who have been scammed or had failed investments, offering to help them get their money back for an upfront fee. This scam is particularly effective in cases where the person does not get a refund from their bank.

There is usually no explanation on how money will be recovered or, if an explanation is given, it is likely to be false or implausible. For example, falsely claiming to be the Financial Conduct Authority or working with the Government, Police, Action Fraud, to recover any monies which have been lost. Generally, recovery rooms insist on being paid a fee or transaction charge before carrying out any services to recover any losses.

How recovery room scam works

Recovery room scams usually follow on from the original scam where someone has lost money. The perpetrators of the original scam may operate the recovery room and contact the victim again pretending to be from a different firm or sell on their details to other recovery rooms. The scam tends to involve cold calling with high-pressure tactics and upfront charges described as a tax, solicitor, or administrative fees, which can result in losses that can be greater than the initial loss.

The recovery rooms often have professional-looking websites to persuade visitors they are legitimate and claim to have a UK presence when they don’t. These websites often make false claims to have successfully recovered money for other consumers involved in scams.

Recovery rooms generally use a web-based email address, such as Gmail, Yahoo, Hotmail, or Russian search engine, Yandex. The Police, FCA, HMRC, banks never use webmail providers to contact consumers, nor does the Government, law enforcement agencies or law firms.

Be aware of clone firms

Many bogus firms will use the name, firm registration number (FRN), and address of firms and individuals who are FCA authorised. This is called a clone firm. Scammers may even copy legitimate websites, making subtle changes such as changing the phone number.

How to protect yourself

Always be wary if you are contacted out of the blue about recovering money lost due to fraud or due to a failed investment, or if you feel pressured to hand over money quickly or are promised something that sound too good to be true.

Be wary of websites, phone calls, and online or social media adverts promising to recover any money you may have lost from investments or fraud.

If you get a phone call offering to recover your losses, ask how the caller has information about your lost money. Any report of fraud can only be shared between other law enforcement agencies. It cannot be shared with a private business operating a recovery room.

If you have been asked to pay a fee or provide your bank account, card, or other financial details, end all contact immediately and do not pay any money or provide any banking details.

Recovery room scams claim to provide services usually offered by claims management companies. A firm must be authorised to advertise or undertake these services in the UK. Check the FCA website Financial Services Register to make sure the firm is authorised. www.fca.org.uk

Fake Emails re Energy Suppliers

Energy companies are closing at unprecedented rates and with more than two million customers being affected, this is just another opportunity for fraudsters to exploit.

There is limited information that fraudsters are sending fake emails purporting to be from a solicitor on behalf of a recognisable energy supplier, these emails claim to be collecting outstanding payments and may make reference to your account being taken over and managed by another energy company. Like most phishing communications they not only intend to appear genuine, but they also install fear, anxiety, stress, a sense of urgency and a veiled threat such as legal action and disconnection of supply.

If you receive any such email or message:

STOP – Taking a moment to stop and think before replying, parting with your money or information could keep you safe.

CHALLENGE – Could it be fake? It is ok to reject, refuse or ignore any requests. Only criminals will try and rush or panic you.

PROTECT – Contact your bank immediately if you think you have fallen for a scam and report it to Action Fraud.

Do not reply to the suspicious communication or use the contacts details provided.

Do not open any attachment or click on any link.

Contact your current and genuine energy supplier using your previously tried, tested, and trusted means, this is either an app, website or contact telephone number from a genuine previous bill.

They will soon confirm or deny whether the communication is a scam or not. If you receive a suspicious email forward to report@phishing.gov.uk or text to 7726. Ensure any suspicious communication is deleted from your device.

Fake Banking App Scam

Fake banking apps are available to download from both the Apple Store and Google Play, apps that fraudsters could use to scam people.

The link below relates to a Wiltshire media article and provides more detail of the scam in action, but I will provide a summary.

Fraudsters download a fake banking app and search local online marketplaces.If you are selling something locally and you invite the buyer to visit your home, or an agreed meeting place, be alert if you agree to the sale when the buyer produces their mobile phone and asks for your bank account and sort code. You will be able to watch them enter the details into their fake banking app and then they will show you the screen of their phone which will display a message that the agreed amount has successfully been paid into your bank.

Please do not hand over the goods until you have checked and confirmed that the payment has been received into your own bank account, but this is where the criminal may try and distract you.

This type of scam could impact on any one of us potentially, but I am concerned for those who are vulnerable and feel intimidated, so they don’t check their bank account before handing over the goods. Please take the time to read the media article and mention to family and friends.

Watch out for fake bank app used by crooks in attempted £600 iPhone scam | This Is Wiltshire.

How secure is your contactless bank card?

How secure is your contactless bank card?
 
Have you ever wondered that if someone could get close enough to you and your contactless bank cards, they could somehow capture the data and use it in fraud? Well, the simple answer is they can’t. (According to global business Thales Group)
 
The link below, details some myths and facts that will explain why your contactless card/s are safe from being skimmed, whether they are in some form of protective wallet or not.

Read here for more information.

Amazon UK to stop accepting Visa credit cards

For those of you that use Amazon.co.uk you may already have been informed that as of January 19th 2022, Amazon will not accept Visa credit cards for payment.

I note with interest, that they advise you to replace the card with either a Debit Card or another credit card issuer.

Please remember, that using a credit card to online shop provides you with more consumer protection than using your debit card.

Using a credit card, you are spending someone else’s money until you pay it back.

Using a debit card, you are spending your own money.

I like to try and predict how the criminals will react to the Amazon announcement, so I would not be surprised and I urge you to be alert to the fact, that criminals will exploit this situation to send phishing communications that appear to come from Amazon, inviting you to click on a link so you can change the card details on your account.

May I suggest, that you access your Amazon account (or any online account) via the genuine website or genuine app, not via a link in a text, email or social media message.

Mr Nigel Sutton 8517
Fraud and Cyber Security Advisor
Serious & Organised Crime (Intelligence and Specialist Crime Department)
Ext: 01480 422773
Cambridgeshire Constabulary
Hinchingbrooke Park,
Huntingdon, PE29 6NP

Royal Mail scam text messages

The Cambridgeshire and Peterborough Against Scams Partnership, are warning us all of a scam text message purporting to be from Royal Mail.

Royal Mail scam text messages

NHS Vaccine Scam

An NHS related scam text message has been brought to the attention of the cybercrime department. There is no additional information at this time. We should all be aware and exercise caution that this and similar messages are being received across the county.

The text message below states that the recipient is entitled to a vaccine and to receive more information they should click on the link in blue. Once the link is clicked, the recipient will see the message ‘we need to prove ownership of address’. They are then asked to provide bank account, sort code and a full bank card number. The message is a SCAM!

For genuine COVID-19 related advice including vaccination information, visit www.gov.uk and www.nhs.uk.

For more advice about protection from scams visit:  https://www.cambridgeshire.gov.uk/residents/community-protection/against-scams-partnership

Windows 10 OS update

On the 13th October 2020, Microsoft released a significant update to all users of Windows 10 OS. (CVE-2020-1047) (If you use Windows OS on a work computer, then updates may be managed by your ICT)

The update fixes 87 vulnerabilities with one having a Microsoft severity score of 9.8 out of 10 and has been described as dangerous. This bug can allow a criminal to take over any Windows operating system that has not been patched.

The second issue of note relates to Outlook in which the bug can be exploited by tricking the user into opening a specially crafted file with an affected version of the Microsoft Outlook software.

You may already have updates set to Automatic, but please check just in case the updates have not been applied.

To do this, click on the magnifying glass on the taskbar bottom left of your screen, then in the search bar start typing ‘windows update’, and you will then see Windows Update Settings appear, click on this and follow the instructions.

Romance and Dating Fraud

All this week, Cambridgeshire Police will be supporting a national campaign involving all the UK police services and some of the companies providing dating services. The campaign is to help raise the awareness of online romance/dating fraud and provide advice on how to stay safe online.

Romance, or dating fraud, occurs when a relationship is formed online, but the profile of the perfect partner you think you’ve met, is fake.
The scammer makes you believe you’re in a loving relationship spanning weeks, or perhaps months to gain your trust. However, the end goal is always a much more sinister one, with criminals after money or personal information.

Between August 2019 and August 2020, Action Fraud received over 400 reports a month from victims of romance fraud in the UK. Losses reported by victims during this time totalled £66,335,239, equating to an average loss of just over £10,000 per victim.

During June, July and August 2020, romance fraud reports jumped to more than 600 per month, indicating people may have met, and begun talking to, romance fraudsters during the national lockdown caused by the coronavirus outbreak.

It has a devastating emotional and financial impact on the victim, who often feel foolish for falling for the lies once they realise what’s happened. It may then have an impact on people deciding not to report such instances. Still, it’s vital to understand criminals are experts at impersonating people; they spend hours researching individuals for their scams.

Criminals from across the world use common dating apps to create fake accounts using images they copied from the internet. They use persuasive language to groom and control their victim, coercing them into parting with large sums of money or personal information.

During the week-long campaign, many dating apps will be running additional fraud protection advice throughout October to help raise awareness. The campaign will show signs to look out as they use more advanced technology to keep users safe. There are simple steps you can take to help keep yourself safe and several warning signs to look out for:

  • if someone you’re talking to declares their love quite quickly, with talk of making significant commitments like marriage or buying a house together, be wary and don’t give away too many personal details;
  • they claim to work overseas, perhaps in the military or medical profession, often painting a picture of themselves as being heroic, but also gives a credible reason for an international dialling code or poor internet connection. A lot of fraudsters are not based in the UK;
  • if they’re reluctant to meet in person, or even video chat and quickly want to move off onto other messaging platforms, which have better encryption, meaning evidence of your conversations are harder to find. Stay on the site’s messaging service until you’ve met someone or you’re sure they are who they say they are;
  • if they ask for financial help, it’s likely to be for something urgent and emotive, to trick you into feeling sorry for them and want to help. If you’re asked for money or are suspicious their photos aren’t theirs, most platforms have a reporting tool – which will help to protect others. They may ask you to buy gift cards, Amazon, iTunes and alike, a scratch of the back of the card and send them the code.
  • they tell you to keep your relationship quiet and insist you don’t tell your friends and family about them. This is because someone close to you is likely to question this person’s motives, as they’ve not been emotionally involved. They’re an excellent place to start if you’re unsure of someone’s motives and will give you their honest opinion, don’t shut them out or isolate yourself.

The top five platforms where victims reported first interacting with the criminal committing romance fraud were Facebook, Plenty of Fish, Instagram, Tinder and Match.com.

A technical tip, on any online image, you can do what is called a reverse image search. For example, on a profile, you could save the image of the person you are communicating with and then upload it to Google images or to a website called Tin Eye (others are available). It may return a search result that shows you where the image has featured on another website. Remember, just because the search result reveals no matches, it does not mean the profile picture is genuine. Criminals know of this feature, and so they manipulate images using software, or they use images that do not feature anywhere else on the internet.

For more information about protecting yourself, family or friends visit; www.actionfraud.police.uk or www.getsafeonline.org or read the advice on the dating app or website.

As always, please contact me with any non-urgent fraud or internet-related question.

Mr Nigel Sutton 8517
Cyber Protect Officer
Serious & Organised Crime (Intelligence and Specialist Crime Department)
Ext: 01480 422773