• +44 7503 218 152
  • ronna@xtrabyte.co.uk

Category >Online Securities

Courier Fraud – £10K Watch

What you are about to read has just been brought to the attention of the cybercrime department.

The victim of the crime receives a telephone call on their home phone.
A male voice states their name and that they were a fraud investigator for the Halifax. Later, the victim was called by someone referring to themselves as a Police Sergeant from the Scotland Yard Fraud Team to advise her that her bank card had been cloned and there had been a breach of security somewhere within a Cambridgeshire Halifax branch.
The victim was deceived into transferring money from their savings account to their current account and then purchasing a physical asset to protect her cash until such time the investigation had concluded. They could then sell the asset and replace the funds into their account.

All the calls made to the victim were from a withheld number. The victim later made a payment of over £10k to purchase a single item, a watch.
On the same day of purchase, a caller at the door delivered the watch.
A couple of hours later, another caller at the door collected the watch.

The victim of this crime lost over £10K because they genuinely believed they were helping the police!

This is a text book courier fraud that starts with a telephone call from the criminal pretending to be from the police or the bank or both. I appreciate that you may have heard me say this many times before. The police or the bank will never contact you to transfer money out of your accounts.

For more information about their work or if you would like to be a supporter, then visit: https://www.cambridgeshire.gov.uk/residents/community-protection/against-scams-partnership

Windows 10 OS update

On the 13th October 2020, Microsoft released a significant update to all users of Windows 10 OS. (CVE-2020-1047) (If you use Windows OS on a work computer, then updates may be managed by your ICT)

The update fixes 87 vulnerabilities with one having a Microsoft severity score of 9.8 out of 10 and has been described as dangerous. This bug can allow a criminal to take over any Windows operating system that has not been patched.

The second issue of note relates to Outlook in which the bug can be exploited by tricking the user into opening a specially crafted file with an affected version of the Microsoft Outlook software.

You may already have updates set to Automatic, but please check just in case the updates have not been applied.

To do this, click on the magnifying glass on the taskbar bottom left of your screen, then in the search bar start typing ‘windows update’, and you will then see Windows Update Settings appear, click on this and follow the instructions.

Male claiming to be from MI5 and Cambridgeshire Police

A slightly unusual attempted scam telephone call to tell you about, this time the caller claimed to be from the UK’s Security Service MI5.
Interestingly, the intended victim later checked the telephone number displayed on their caller ID with the MI5 website, and the number matched.

The male caller then claimed he was in fact a Police Officer in Peterborough but was working with the MI5 agency. 

The conversation is not clear from this point but it appears that the caller tried to get the recipient to go to their bank and withdraw some money and made reference to a National Insurance number, the caller then said that if they could not get to the bank then an alternative payment would be gift vouchers. 

I have checked the MI5 website and there are only two contact numbers listed, 999 for an emergency and 0800 789 321 which is for the Anti-Terrorist Hotline. The following is a screenshot from the MI5 website, and suggests MI5 are well aware that their organisation is being used in similar scams:

Please note: If you receive a call from M15, it will not come from any the numbers listed below. Please treat any calls received from these numbers with caution. and do not divulge any personal information or banking details.

So, please remember, do not trust the number displayed on your caller ID because it can be spoofed/made to look genuine. Treat the number displayed with caution until such time you can be confident the caller is genuine, and that is not easy if you don’t recognise the voice because if you can’t, they could be anyone.

Any request for gift vouchers as a payment method suggests the call is a scam.

Any non-urgent questions or concerns relating to fraud and cyber crime please contact me.

Kind regards,
Nigel

Mr Nigel Sutton 8517
Cyber Protect Officer
Serious & Organised Crime (Intelligence and Specialist Crime Department)
Ext: 01480 422773
Cambridgeshire Constabulary
Hinchingbrooke Park,
Huntingdon, PE29 6NP

Working together to deliver an inclusive and professional policing service with: Fairness, Integrity, Diligence and Impartiality.

Compromised Facebook Accounts

Compromised Facebook accounts used to lure victims into PayPal scam

Attached here is an important scam alert from the City of London Police, National Fraud Intelligence Bureau.

Should the content of the document raise any questions or issues, then please contact Mr Nigel Sutton 8517, Cyber Protect Officer.

Please consider forwarding to family and friends and any appropriate community group.

Fraud and Cyber Security

What is phishing and how does it work?

You wouldn’t let a thief enter your home, but what if the thief was masquerading as someone familiar, such as a postman, and tricked you into opening the door? Phishing works in a similar way – criminals use legitimate-looking messages and websites to trick people into opening the doors to their personal data, giving up logins, passwords or even payment details. That information can then be used to commit fraud and cyber crime.

How big is the problem?

Phishing attacks are a common security challenge that both individuals and businesses across the UK face on a regular basis.
The National Cyber Security Centre’s Suspicious Email Reporting Service (SERS) received over 1.7M reports from the public between April and August 2020, with the most commonly faked brands being TV Licensing, HMRC and GOV.UK.

How can you protect yourself from phishing scams?

Many of the phishing scams that get reported to us have one thing in common, they started with a message out of the blue. Whether it’s an email asking you to “verify” account information, or a text message claiming to be from your bank, the goal of a phishing attack is usually the same – to trick you into revealing personal and financial information.
Criminals are experts at impersonation and they’re constantly getting better at creating fake emails and texts that look like the real thing. Here’s some simple advice you can follow when it comes to dealing with phishing scams:

1 – Remember, your bank, or any other official organisation, won’t ask you to share personal information over email or text. If you need to check that it’s a genuine message, call them directly. Don’t use the numbers/emails in the email, but visit the official website instead.

2 – If you have received an email which you’re not quite sure about, forward it to the Suspicious Email Reporting Service (SERS):
report@phishing.gov.uk. If it turns out to be a malicious, your report will help other people from falling victim to it.

3 – Received a text message you’re not quite sure about? Maybe it’s asking you to “verify” personal or financial details, such as a banking password? You can report suspicious text messages by forwarding them to 7726.

4 – If you’ve lost money or provided personal information as a result of a phishing email, notify your bank immediately and report it to

Action Fraud: www.actionfraud.police.uk

For more simple tips on how to protect yourself online, visit: www.actionfraud.police.uk/cybercrime

The QR code

You may already have seen or used the QR (Quick Response) code like the one above, but since pandemic measures have been relaxed, the QR code is being seen more often especially in pubs and restaurants.

So what is the QR code? It is simply a shortcut to a webpage, just like the link or shortcut we are used to in an email or other electronic messages.

To read the QR code, simply point your phone camera at it and your smart phone will read it and tell your phone browser to display the webpage it relates to, it is that simple. (There are also QR code reading apps available)

People like shortcuts, and criminals know we do.

Although the use of the QR code has benefits just like the link or shortcut in an email, it could be exploited by cyber criminals so I just want you to know how, and then you can make your own mind up whether to scan or not.

The image below was taken in a shopping centre the QR code is printed on a professional looking 5 foot high banner outside the shop. Because the banner looks high quality and is in a secure shopping centre with cameras and security, it unlikely that it had been placed there by a criminal. (Not guaranteed of course, but on balance I would scan it but not provide any personal information)

Another example of when I would consider scanning a QR code, would be when I have entered a restaurant or pub, and on the table is a guide to ordering food and drinks. The laminated sheet gives me the choice of downloading an app from Google Play or the App Store, or I can scan the QR code.

If however, I was in public and I read a poster with a QR code on it advertising a service or product, I will be far more cautious of scanning it because it is in a far less secure environment which a criminal could exploit. How? It is technically possible for the criminal to create their own QR code, print it and place it over the original QR code on the poster, they then create a fake website and have it hosted on the internet. If this QR code is scanned by a third party then their device will display a fake website deceiving the user to submit private information to the criminal. Exactly how phishing emails work.

So, if you are going to scan a QR code, just assure yourself that the QR code you are scanning is genuine, does the poster look genuine? Is it printed to a high commercial standard? Can you tell if there is another layer of paper over the QR code that suggests the poster has been tampered with? If in doubt, don’t scan it, and if you want to find out more about what the poster is advertising, consider using your browser on your device.

The good news, I am yet to read a crime report that suggests anyone in the UK has been caught out in such a way, could this change in the future?

Being aware of the tactics used by cyber criminals to steal our data and money, helps us to defend ourselves and families.

If you have any questions or concerns involving QR codes, then please contact:
Mr Nigel Sutton 8517
Cyber Protect Officer
Serious & Organised Crime (Intelligence and Specialist Crime Department)
Ext: 01480 422773

Amazon account security

The following information is for those of you who have an Amazon account, or know someone that does.

Yesterday, I was contacted about fraud on an Amazon account.

They had received what appears to have been a genuine email from Amazon thanking them and detailing an order they had made.

Guess what? They had not made the order, so they checked their Amazon account and there was no indication of an order having been placed as per the email.

The person looked at their bank account and there were three small payments to Amazon totalling only £30.

They instructed the bank to stop the payments, which the bank did. They went back to their Amazon account again but still could not find any detail of the order having being made.

They changed their password for one that was strong and unique and enabled two-factor authentication.

Having contacted me, I asked them to go into their Amazon account and check what devices were linked to their account, and if they did not recognise a device or they no longer had it, then they should remove it/deregister.

So these are the instructions I gave them:

How to disconnect devices from your Amazon account.

Login to your Amazon account

Click on the tab called MANAGE YOUR CONTENT AND DEVICES

This will bring a list up of all devices allowed to access the Amazon account. Deregister anything that you do not recognise, or even if you recognise it, consider deregistering if you no longer have or use the device.

When the victim did this, they actually identified an email address they did not recognise name_eDevjx@kindle.com

I have removed the victim’s name but from the underscore, the rest is as seen on the account.

The victim has now removed this email address from their account.

What was the long game of the criminal who had unlawfully accessed the account? We shall never know, but I bet they are off to find another Amazon account.

When a criminal compromises an Amazon account, they can move their fraudulent order to the archive, which means when the victim looks for the order if they only look at the recent transactions, they will not find anything suspicious. But if they had changed the date range to include all dates, all folders, then they may have found the orders in question.

In summary, ensure you have a strong unique password on your Amazon account. Enable 2FA or two-factor authentication. Consider checking your account information is correct, contact details. Check what devices are linked to your account and deregister those you do not recognise. And if you identify a suspicious email address remove it. Keep a regular eye on your bank account for unrecognised payments and if you identify suspicious payments notify the bank immediately.

Health and Safety Executive phishing email

Whether you are a business or individual, please be aware of the following phishing email which purports to represent HM Government Health and Safety Executive.
 
The original phishing email has an attachment and the criminal states that in order to read the nature of the complaint, the recipient must open it.
DO NOT OPEN THE ATTACHMENT
Many phishing emails lure the recipient to click on a link, in this example, the danger to your computer and network is opening the attachment which could result in a range of threats to your computer and network including ransomware in which file is encrypted with a demand of up to £200k for the files to be unencrypted. In the following phishing email, there is an attachment and shortcuts to avoid.
 
If you are confident, forward any phishing email to report@phishing.gov.uk otherwise, DELETE and DELETE from the Trash or Recycle Bin, this will ensure any attachment is not opened in error.
Hyperlinks have been removed and edited from the email below, to prevent any accidental launching of the hyperlink.


PHISHING EMAIL BELOW
 
From: HSE Health & Safety 12:30 < SHORTCUT EDITED BY POLICE> Sent: 09 June 2020 11:31
To:
Subject: HSE Complaint Escalation
Importance: High
 
This is an official notification regarding an occurring investigation (case UEBDOGIH) made by our team (Health & Safety Executive).
 
We have received a complaint against your company regarding possible violations during the period of March – April 2020.
 
The main reason described in the complaint is regarding the inability of your company to adapt and respect the government regulations during this period.
 
We will begin our investigation targeting a period of the past three months.
 
The complainant will remain anonymous until an eventual trial will begin.
 
Sanctions:

  • possible sanctions may include the permanent suspension of your company’s activity
  • a complaint with the local prosecutor

Before we move forward we are expecting an answer from you and we will also schedule a phone call to discuss things further.
 
The complaint in full has been attached to this message, including the official HSE accusation.
 
Note: This email was sent from a notification-only email address which cannot accept incoming email. Please do not reply directly to this message and wait for our call and hard copy letter.

Health & Safety Executive
HSE Complaint Escalation

END



Mr Nigel Sutton 8517
Cyber Protect Officer
Serious & Organised Crime (Intelligence and Specialist Crime Department)
Ext: 01480 422773
Cambridgeshire Constabulary, Hinchingbrooke Park, Huntingdon, PE29 6NP

Bogus tax refund emails

Bogus tax refund emails sent to students

If you have family or know of young people in further education, then please all be alert to the following scam:

Bogus tax refund emails sent to students tell them to watch out for scams

Students are being warned to watch out for a fresh wave of bogus tax refund emails – which often contain “scam warnings”. HM Revenue and Customs (HMRC) said there was a sudden spike in students reporting suspected scams received at their official university email addresses last week. Some bogus emails tell the recipient to avoid scams and report suspect correspondence to HMRC. HMRC said new scams targeting students often multiply – so it is warning students to take a pause and think before parting with their personal information. The scam emails say that the student is owed a tax refund and invite them to click on a link to “complete the required form”. They add: “If you do not complete the refund form now, you will not be able to claim your tax refund online.”

Please don’t open attachments or click on links within any email, text or instant messages unless you are confident the sender is genuine.

Contact the sender using a tried, tested, and trusted means, do not reply or use any contact details from within the suspicious communication.

Criminals will always use language in their communications which creates a sense of urgency, a need to act now. They may offer payment or reward, or they will use a threat such as an arrest, bailiffs, police.

Criminals know how to motivate people into doing something which they wouldn’t have done if they had known the true intent of the criminal sending the communication.

Please consider visiting www.actionfraud.police.uk for further information on protecting your family from fraud.

For information on protecting your computers from cybercrime, visit www.ncsc.gov.uk/cyberware
 
Mr Nigel Sutton 8517
Cyber Protect Officer
Serious & Organised Crime (Intelligence and Specialist Crime Department)
Ext: 01480 422773
Cambridgeshire Constabulary
Hinchingbrooke Park,
Huntingdon, PE29 6NP

EasyJet Cyber Breach

No business however big, however good they perceive their IT security to be, cyber criminals can reach out from anywhere in the world.
 
In the last hour, the Financial Times and Sky newsfeed has announced a huge data breach involving EasyJet. 9 million customers data, 2000 credit cards stolen. News report at:
https://www.ft.com/content/b22deb69-2be7-4611-b7b9-6ec3adc45465
 
If you have ever been an EasyJet customer, be alert to phishing emails. Do not click on links or open attachments unless you are confident the sender is genuine. Phishing emails will not necessarily be titled from EasyJet, criminals will just use stolen data to send phishing emails that appear to have come from any recognisable company, organisation etc.

Be wary of emails attempting to blackmail you accusing you of having viewed unlawful images on the internet, the email may contain a password you may recognise, but they may just being using stolen passwords from a data breach.
 
Report phishing email to report@phishing.gov.uk
 
Be alert to telephone calls, remember just because someone knows your name does not make them genuine. They may just may have access to all your private information.

Always use strong unique passwords. If you don’t, once they know one password they will try their luck on the top 100 websites in the hope that you use the same combination of email and password and if they are lucky, they can login to your other accounts.

Use 2FA on all accounts where supported, this means that even if they have your password, they will not be able to access your account unless they have access to your mobile phone.
 
At this time, I only have access to the same media reports as the public. I do not know exactly what data they have stolen. The news article on Sky states that EasyJet will be contacting 9 million customers, just remember don’t click on any links or open an attachment unless you are sure the sender is genuine, if in doubt don’t do it.
 
For further advice on cyber security whether a business, charity, organisation or individual visit the National Cyber Security Centre. www.ncsc.gov.uk
 
Consider visiting www.haveibeenpwned.com where you can enter an email address and it will give details as to whether it has been compromised by cyber criminals. I don’t know how long it will be before the EasyJet breach is on the site.

This message was circulated by: Mr Nigel Sutton 8517
Cyber Protect Officer
Serious & Organised Crime (Intelligence and Specialist Crime Department)
Ext: 01480 422773
Cambridgeshire Constabulary
Hinchingbrooke Park,
Huntingdon, PE29 6NP