• +44 7503 218 152
  • ronna@xtrabyte.co.uk

Category >Scams

Fake online reviews

National Trading Standards (NTS) are warning the public that criminals are using fake online reviews to sell poor quality goods and services.
It has become a common practice for a lot of people to seek reviews prior to making a purchase, but how do we know whether the reviews we read are genuine?
The following guidance is from NTS:
• Timing and spacing – check for multiple similar reviews that have been uploaded within a few minutes or hours.
• Check the reviewer’s activity – if an account has been activated recently or has only reviewed a narrow range of products/services, it could indicate suspicious activity.
• Vague language – legitimate reviews will often be personal and specific to the individual’s experience. A fake is more likely to be vague, using generic words and phrases such as ‘amazing’, ‘awesome’ and ‘buy this product’.
• Check contact details – if a reviewer is happy to be contacted with questions, and is responsive, it’s a good sign they’re legitimate.
• Use a browser plug-in – they use artificial intelligence to analyse reviews, identify suspicious activity and suggest better alternatives. Examples are Fakespot and ReviewMeta.
• Look beyond the star rating – whilst a star rating of 4.5 or 5 can be a good quality indicator, be sure to look at the reviews too.
For further information and advice visit Online shoppers buy 80 million ‘disappointing’ items based on rave reviews – National Trading Standards

Scam Omicron PCR testing kit

Please be alert to the suspicious email (detailed below) that has been received today by a resident within Cambridgeshire, it exploits the briefing at the weekend by Prime Minister Boris Johnson.

In the suspicious email note the ‘From’ address.

The official domain name of the NHS is @nhs.uk NOT @pcr-nhs-test.co.uk

There is no such thing as an OMICRON PCR TEST.

Omicron is a variant of Covid, and a PCR (polymerase chain reaction) test, detects the presence of the COVID-19 virus in the human body.

The official sources make NO reference to an ‘Omicron PCR test kit’ because it does not exisit.

The wording in the suspicious email is not what I would expect from the NHS or gov.uk, it refers to NHS scientists, which I find VERY odd due to the private sector developing the vaccine.

It asks the question ‘What happen if you decline a COVID-19 Omicron test’? There is no ‘s’ after the word happen, poor grammar which I would expect from an official genuine sender.

You may also note in the body of text, that they also spell Omicron, OMICORN.

Spelling, grammar, all the red flags are in this phishing email.

If you wish to find out more about the variant Omicron or forms of testing, then visit the genuine websites www.gov.uk or www.nhs.uk

If you receive any suspicious email please forward to report@phishing.gov.uk

Avoid clicking on links instead, visit the genuine official website or genuine app of the alleged sender.

Lottery Fraud warning issued by the National Fraud Intelligence Bureau

Please read the following fraud alert issued by the National Fraud Intelligence Bureau.

Lottery fraud

Currys PC World phishing email

Another phishing email just brought to my attention and doing the rounds over the internet.

This one purports to be from Currys PC World and offers an expensive Apple iPhone 13 if the recipient takes part in a loyalty programme, all they have to do is click on the link and provide the criminal with their private information.

It is a SCAM.

A couple of things to note, since October 2021 the name Currys PC World no longer exists it is now just Currys. (I appreciate the rebranding will take time and not everyone will know about it)

Secondly, if you note the ‘From’ address of the mail it states ‘CurrysPCWorld’ but if you carry on reading you will see a whole load of characters and the domain name @groenseykerstraat-48.com NOT what I would expect from the genuine Currys.

If you receive any suspicious email, please forward to report@phishing.gov.uk

Scam WhatsApp message

A trusted contact has just alerted me to the following scam, they have kindly allowed me to use their screenshot.

The suspect number 07904 165574 has now been reported to www.who-called.co.uk

The potential victim receives a WhatsApp message from an unrecognised number in which the sender pretends to be known to the recipient.

The criminal makes an excuse that they have changed their mobile number and that this has caused a security issue which means they cannot make a payment, so the sender asks the recipient to make the payment now on their behalf and that they would be repaid in a couple of days time.

(Afterpay is an app that allows the user to make an online purchase by paying a small amount at the time, but then allows the balance to be spread over 6 weeks interest free)

WhatsApp message scam

Amazon Brushing Scam

The Norfolk Trading Standards is urging consumers to be wary of the Amazon ‘brushing’ scam, in which consumers receive products from Amazon that they did not order. Scammers use this method to make the transaction appear legitimate and avoid breaking Amazon’s rules and conditions for rating their own products. The scammers set up numerous fake accounts to buy their own products and then give themselves glowing reviews because the more reviews a product has, the more likely people are to buy the goods.

Victims are not charged for the items which suggests it is more profitable for the scammers to give away their products at the start as they will soon turn a profit thanks to their own (fake) reviews.  

But being involved in a brushing scam is not a good thing, despite the free goods that turn up at your door. It means that someone has gained access to your name, address and potentially other personal information. Depending on how they accessed your information they could hold a lot more of your personal information than you realise. 

People who receive packages they did not order should contact Amazon and change their online account passwords. Remember you can check whether your e-mail or telephone number have been subject to a data breach by visiting www.haveibeenpwned.com 

If a breach is revealed you should change your password for the account that has been breached. More advice about what to do and your consumer rights can be found in this article from Which? 

For advice about scams contact the Citizens Advice Consumer Helpline on 0808 223 1133.

Phishing email saying that your National Insurance number has been disabled

This email says that “GOV. UK has disabled a number of National Insurance Number due to numerous fraudulent activity reports in the era of BREXIT.” 
The fraudsters have tried to name every UK government department they can think of here (from “hmrc.co. uk” to “Jobcentre GOV. UK Plus”), and have even included the GOV.UK logo for good measure.

They then go on to say “a large number of National Insurance Numbers has been a target of identity theft in this period” and “you are now required to reactivate your NIN” (by clicking on the link (in bright red just in case you miss it)). Pretending they are acting in your interests is a common tactic of scammers.

Besides the grammar being incorrect in this email, to my knowledge it isn’t usual to shorten National Insurance number to NIN. Also, emails from government organisations tend to end in .gov.uk, definitely not hamanasu.jp, as here.
Remember, you will never be required to “reactivate” your National Insurance number. You can forward phishing emails to report@phishing.gov.uk.

Royal Mail scam text messages

The Cambridgeshire and Peterborough Against Scams Partnership, are warning us all of a scam text message purporting to be from Royal Mail.

Royal Mail scam text messages

National campaign #SecureYourAccounts

A national campaign has been launched by Action Fraud and Cyber Aware, to encourage us all to secure our online accounts with a strong, unique password and to enable two-factor authentication. Some people continue to use the same password for more than one online account, yet in the physical world, they would not use the same key for their car and their house locks. Online accounts, especially email and social media, contain a lot of valuable information that could lead to identity theft or a financial loss in some form.

Over this week, I shall be sending out graphics like the one below; feel free to post on social media or forward this email to friends and family.

national campaign on online fraud

Clone firm investment scam

The Financial Conduct Authority (FCA) issued a warning to the public as reports of ‘clone firm’ investment scams increased by 29%1 in April 2020 compared to March, when the UK went into its first lockdown. Action Fraud data reveals consumers reported losses of more than £78 million1 between January-December 2020. Throughout 2020, consumers reported average losses of £45,2421 each on average when investing with fraudsters imitating genuine investment firms. The data has been released as part of the FCA’s ScamSmart campaign, alongside advice to help investors avoid fake firms and protect their hard-earned cash.

The ongoing financial impact of Covid-19 may also make people more susceptible to these types of clone scams. 42%2 of investors say they are currently worried about their finances because of the pandemic. Over three quarters (77%)2 have or plan to invest within the next six months to improve their financial situation. 

However, the FCA highlights that even the most experienced investor could be at risk. Three quarters (75%)3 of investors said they felt confident they could spot a scam. However, 77%3 admitted they did not know or were unsure what a ‘clone investment firm’ was. 

Clone firms are fake firms set up by scammers using the name, address and ‘Firm Reference Number’ (FRN) of actual companies authorised by the FCA. Once set up, these fraudsters will then send sales materials linking to legitimate firms’ websites to dupe potential investors into thinking they are the real firm when they are not. 

The FCA is advising anyone considering an investment opportunity to check the Warning List of firms, which is updated daily, and not to deal with a firm not authorised by the FCA. The specific details, such as a telephone number and website address, can be verified on the FCA Register (register.fca.org.uk). The FCA also warns consumers to use the FCA Register’s phone number to contact an FCA authorised firm to be sure they are dealing with the genuine firm.

Even though two in five (38%)3 investors said they would check the company’s Firm Reference Number (FRN), checking this alone isn’t enough. Scammers will often copy FRN numbers and encourage victims to check the FCA Register to prove their legitimacy. 

Mark Steward, Executive Director of Enforcement and Market Oversight, FCA, said

“Clone investment scams can look real and sophisticated, but anyone can spot them by following our advice.” 

“Fraudsters use literature and websites that mirror those of legitimate firms, as well as encouraging investors to check the Firm Reference Number (FRN) on the FCA Register to sound as convincing as possible. Last year we issued alerts concerning over 1,100 firms, including clones, which has more than doubled since 2019, and we are working with the National Economic Crime Centre (NECC) and National Cyber Security Centre to take down clone sites when they are discovered.”

“If you’re considering an investment, visit the FCA Register to make sure the firm you’re dealing with is authorised. Check our Warning List of firms you should avoid, use the contact details on our FCA Register, not the details the firm gives you, and check for subtle differences to avoid ‘clone firm’ scams. And if you’re still unsure, call our consumer helpline for further information. When it comes to clones, I cannot emphasise enough how important it is to double-check every detail.” 

Cambridgeshire Police is a partner of the Cambridgeshire and Peterborough Against Scams Partnership (CAPASP); for more information and resources, visit www.cambridgeshire.gov.uk/against-scams