• +44 7503 218 152
  • ronna@xtrabyte.co.uk

Category >Online Securities

Royal Mail scam text messages

The Cambridgeshire and Peterborough Against Scams Partnership, are warning us all of a scam text message purporting to be from Royal Mail.

Royal Mail scam text messages

National campaign #SecureYourAccounts

A national campaign has been launched by Action Fraud and Cyber Aware, to encourage us all to secure our online accounts with a strong, unique password and to enable two-factor authentication. Some people continue to use the same password for more than one online account, yet in the physical world, they would not use the same key for their car and their house locks. Online accounts, especially email and social media, contain a lot of valuable information that could lead to identity theft or a financial loss in some form.

Over this week, I shall be sending out graphics like the one below; feel free to post on social media or forward this email to friends and family.

national campaign on online fraud

Clone firm investment scam

The Financial Conduct Authority (FCA) issued a warning to the public as reports of ‘clone firm’ investment scams increased by 29%1 in April 2020 compared to March, when the UK went into its first lockdown. Action Fraud data reveals consumers reported losses of more than £78 million1 between January-December 2020. Throughout 2020, consumers reported average losses of £45,2421 each on average when investing with fraudsters imitating genuine investment firms. The data has been released as part of the FCA’s ScamSmart campaign, alongside advice to help investors avoid fake firms and protect their hard-earned cash.

The ongoing financial impact of Covid-19 may also make people more susceptible to these types of clone scams. 42%2 of investors say they are currently worried about their finances because of the pandemic. Over three quarters (77%)2 have or plan to invest within the next six months to improve their financial situation. 

However, the FCA highlights that even the most experienced investor could be at risk. Three quarters (75%)3 of investors said they felt confident they could spot a scam. However, 77%3 admitted they did not know or were unsure what a ‘clone investment firm’ was. 

Clone firms are fake firms set up by scammers using the name, address and ‘Firm Reference Number’ (FRN) of actual companies authorised by the FCA. Once set up, these fraudsters will then send sales materials linking to legitimate firms’ websites to dupe potential investors into thinking they are the real firm when they are not. 

The FCA is advising anyone considering an investment opportunity to check the Warning List of firms, which is updated daily, and not to deal with a firm not authorised by the FCA. The specific details, such as a telephone number and website address, can be verified on the FCA Register (register.fca.org.uk). The FCA also warns consumers to use the FCA Register’s phone number to contact an FCA authorised firm to be sure they are dealing with the genuine firm.

Even though two in five (38%)3 investors said they would check the company’s Firm Reference Number (FRN), checking this alone isn’t enough. Scammers will often copy FRN numbers and encourage victims to check the FCA Register to prove their legitimacy. 

Mark Steward, Executive Director of Enforcement and Market Oversight, FCA, said

“Clone investment scams can look real and sophisticated, but anyone can spot them by following our advice.” 

“Fraudsters use literature and websites that mirror those of legitimate firms, as well as encouraging investors to check the Firm Reference Number (FRN) on the FCA Register to sound as convincing as possible. Last year we issued alerts concerning over 1,100 firms, including clones, which has more than doubled since 2019, and we are working with the National Economic Crime Centre (NECC) and National Cyber Security Centre to take down clone sites when they are discovered.”

“If you’re considering an investment, visit the FCA Register to make sure the firm you’re dealing with is authorised. Check our Warning List of firms you should avoid, use the contact details on our FCA Register, not the details the firm gives you, and check for subtle differences to avoid ‘clone firm’ scams. And if you’re still unsure, call our consumer helpline for further information. When it comes to clones, I cannot emphasise enough how important it is to double-check every detail.” 

Cambridgeshire Police is a partner of the Cambridgeshire and Peterborough Against Scams Partnership (CAPASP); for more information and resources, visit www.cambridgeshire.gov.uk/against-scams

Courier Fraud – £10K Watch

What you are about to read has just been brought to the cybercrime department’s attention.

The victim of the crime receives a telephone call on their home phone. A male voice stated their name and was a fraud investigator for the Halifax. Later, the victim was called by someone referring to themselves as a Police Sergeant from the Scotland Yard Fraud Team to advise her that her bank card had been cloned and there had been a breach of security somewhere within a Cambridgeshire Halifax branch.

The victim was deceived into transferring money from their savings account to their current account and then purchasing a physical asset to protect her cash until the investigation concluded. They could then sell the asset and replace the funds into their account.

All the calls made to the victim were from a withheld number. The victim later made a payment of over £10k to purchase a single item, a watch.

On the same day of purchase, a caller at the door delivered the watch. A couple of hours later, another caller at the door collected the watch. The victim of this crime lost over £10K because they genuinely believed they were helping the police!

This is a textbook courier fraud that starts with a telephone call from the criminal pretending to be from the police or the bank or both. I appreciate that you may have heard me say this many times before. The police or the bank will never contact you to transfer money out of your accounts.

For more information about their work or if you would like to be a supporter, then visit https://www.cambridgeshire.gov.uk/residents/community-protection/against-scams-partnership.

Windows 10 OS update

On the 13th October 2020, Microsoft released a significant update to all users of Windows 10 OS. (CVE-2020-1047) (If you use Windows OS on a work computer, then updates may be managed by your ICT)

The update fixes 87 vulnerabilities with one having a Microsoft severity score of 9.8 out of 10 and has been described as dangerous. This bug can allow a criminal to take over any Windows operating system that has not been patched.

The second issue of note relates to Outlook in which the bug can be exploited by tricking the user into opening a specially crafted file with an affected version of the Microsoft Outlook software.

You may already have updates set to Automatic, but please check just in case the updates have not been applied.

To do this, click on the magnifying glass on the taskbar bottom left of your screen, then in the search bar start typing ‘windows update’, and you will then see Windows Update Settings appear, click on this and follow the instructions.

Male claiming to be from MI5 and Cambridgeshire Police

A slightly unusual attempted scam telephone call to tell you about, this time the caller claimed to be from the UK’s Security Service MI5.
Interestingly, the intended victim later checked the telephone number displayed on their caller ID with the MI5 website, and the number matched.

The male caller then claimed he was in fact a Police Officer in Peterborough but was working with the MI5 agency. 

The conversation is not clear from this point but it appears that the caller tried to get the recipient to go to their bank and withdraw some money and made reference to a National Insurance number, the caller then said that if they could not get to the bank then an alternative payment would be gift vouchers. 

I have checked the MI5 website and there are only two contact numbers listed, 999 for an emergency and 0800 789 321 which is for the Anti-Terrorist Hotline. The following is a screenshot from the MI5 website, and suggests MI5 are well aware that their organisation is being used in similar scams:

Please note: If you receive a call from M15, it will not come from any the numbers listed below. Please treat any calls received from these numbers with caution. and do not divulge any personal information or banking details.

So, please remember, do not trust the number displayed on your caller ID because it can be spoofed/made to look genuine. Treat the number displayed with caution until such time you can be confident the caller is genuine, and that is not easy if you don’t recognise the voice because if you can’t, they could be anyone.

Any request for gift vouchers as a payment method suggests the call is a scam.

Any non-urgent questions or concerns relating to fraud and cyber crime please contact me.

Kind regards,
Nigel

Mr Nigel Sutton 8517
Cyber Protect Officer
Serious & Organised Crime (Intelligence and Specialist Crime Department)
Ext: 01480 422773
Cambridgeshire Constabulary
Hinchingbrooke Park,
Huntingdon, PE29 6NP

Working together to deliver an inclusive and professional policing service with: Fairness, Integrity, Diligence and Impartiality.

Compromised Facebook Accounts

Compromised Facebook accounts used to lure victims into PayPal scam

Attached here is an important scam alert from the City of London Police, National Fraud Intelligence Bureau.

Should the content of the document raise any questions or issues, then please contact Mr Nigel Sutton 8517, Cyber Protect Officer.

Please consider forwarding to family and friends and any appropriate community group.

Fraud and Cyber Security

What is phishing and how does it work?

You wouldn’t let a thief enter your home, but what if the thief was masquerading as someone familiar, such as a postman, and tricked you into opening the door? Phishing works in a similar way – criminals use legitimate-looking messages and websites to trick people into opening the doors to their personal data, giving up logins, passwords or even payment details. That information can then be used to commit fraud and cyber crime.

How big is the problem?

Phishing attacks are a common security challenge that both individuals and businesses across the UK face on a regular basis.
The National Cyber Security Centre’s Suspicious Email Reporting Service (SERS) received over 1.7M reports from the public between April and August 2020, with the most commonly faked brands being TV Licensing, HMRC and GOV.UK.

How can you protect yourself from phishing scams?

Many of the phishing scams that get reported to us have one thing in common, they started with a message out of the blue. Whether it’s an email asking you to “verify” account information, or a text message claiming to be from your bank, the goal of a phishing attack is usually the same – to trick you into revealing personal and financial information.
Criminals are experts at impersonation and they’re constantly getting better at creating fake emails and texts that look like the real thing. Here’s some simple advice you can follow when it comes to dealing with phishing scams:

1 – Remember, your bank, or any other official organisation, won’t ask you to share personal information over email or text. If you need to check that it’s a genuine message, call them directly. Don’t use the numbers/emails in the email, but visit the official website instead.

2 – If you have received an email which you’re not quite sure about, forward it to the Suspicious Email Reporting Service (SERS):
report@phishing.gov.uk. If it turns out to be a malicious, your report will help other people from falling victim to it.

3 – Received a text message you’re not quite sure about? Maybe it’s asking you to “verify” personal or financial details, such as a banking password? You can report suspicious text messages by forwarding them to 7726.

4 – If you’ve lost money or provided personal information as a result of a phishing email, notify your bank immediately and report it to

Action Fraud: www.actionfraud.police.uk

For more simple tips on how to protect yourself online, visit: www.actionfraud.police.uk/cybercrime

The QR code

You may already have seen or used the QR (Quick Response) code like the one above, but since pandemic measures have been relaxed, the QR code is being seen more often especially in pubs and restaurants.

So what is the QR code? It is simply a shortcut to a webpage, just like the link or shortcut we are used to in an email or other electronic messages.

To read the QR code, simply point your phone camera at it and your smart phone will read it and tell your phone browser to display the webpage it relates to, it is that simple. (There are also QR code reading apps available)

People like shortcuts, and criminals know we do.

Although the use of the QR code has benefits just like the link or shortcut in an email, it could be exploited by cyber criminals so I just want you to know how, and then you can make your own mind up whether to scan or not.

The image below was taken in a shopping centre the QR code is printed on a professional looking 5 foot high banner outside the shop. Because the banner looks high quality and is in a secure shopping centre with cameras and security, it unlikely that it had been placed there by a criminal. (Not guaranteed of course, but on balance I would scan it but not provide any personal information)

Another example of when I would consider scanning a QR code, would be when I have entered a restaurant or pub, and on the table is a guide to ordering food and drinks. The laminated sheet gives me the choice of downloading an app from Google Play or the App Store, or I can scan the QR code.

If however, I was in public and I read a poster with a QR code on it advertising a service or product, I will be far more cautious of scanning it because it is in a far less secure environment which a criminal could exploit. How? It is technically possible for the criminal to create their own QR code, print it and place it over the original QR code on the poster, they then create a fake website and have it hosted on the internet. If this QR code is scanned by a third party then their device will display a fake website deceiving the user to submit private information to the criminal. Exactly how phishing emails work.

So, if you are going to scan a QR code, just assure yourself that the QR code you are scanning is genuine, does the poster look genuine? Is it printed to a high commercial standard? Can you tell if there is another layer of paper over the QR code that suggests the poster has been tampered with? If in doubt, don’t scan it, and if you want to find out more about what the poster is advertising, consider using your browser on your device.

The good news, I am yet to read a crime report that suggests anyone in the UK has been caught out in such a way, could this change in the future?

Being aware of the tactics used by cyber criminals to steal our data and money, helps us to defend ourselves and families.

If you have any questions or concerns involving QR codes, then please contact:
Mr Nigel Sutton 8517
Cyber Protect Officer
Serious & Organised Crime (Intelligence and Specialist Crime Department)
Ext: 01480 422773

Amazon account security

The following information is for those of you who have an Amazon account, or know someone that does.

Yesterday, I was contacted about fraud on an Amazon account.

They had received what appears to have been a genuine email from Amazon thanking them and detailing an order they had made.

Guess what? They had not made the order, so they checked their Amazon account and there was no indication of an order having been placed as per the email.

The person looked at their bank account and there were three small payments to Amazon totalling only £30.

They instructed the bank to stop the payments, which the bank did. They went back to their Amazon account again but still could not find any detail of the order having being made.

They changed their password for one that was strong and unique and enabled two-factor authentication.

Having contacted me, I asked them to go into their Amazon account and check what devices were linked to their account, and if they did not recognise a device or they no longer had it, then they should remove it/deregister.

So these are the instructions I gave them:

How to disconnect devices from your Amazon account.

Login to your Amazon account

Click on the tab called MANAGE YOUR CONTENT AND DEVICES

This will bring a list up of all devices allowed to access the Amazon account. Deregister anything that you do not recognise, or even if you recognise it, consider deregistering if you no longer have or use the device.

When the victim did this, they actually identified an email address they did not recognise name_eDevjx@kindle.com

I have removed the victim’s name but from the underscore, the rest is as seen on the account.

The victim has now removed this email address from their account.

What was the long game of the criminal who had unlawfully accessed the account? We shall never know, but I bet they are off to find another Amazon account.

When a criminal compromises an Amazon account, they can move their fraudulent order to the archive, which means when the victim looks for the order if they only look at the recent transactions, they will not find anything suspicious. But if they had changed the date range to include all dates, all folders, then they may have found the orders in question.

In summary, ensure you have a strong unique password on your Amazon account. Enable 2FA or two-factor authentication. Consider checking your account information is correct, contact details. Check what devices are linked to your account and deregister those you do not recognise. And if you identify a suspicious email address remove it. Keep a regular eye on your bank account for unrecognised payments and if you identify suspicious payments notify the bank immediately.