• +44 7503 218 152
  • ronna@xtrabyte.co.uk

Category >Scams

NHS Vaccine Scam

An NHS related scam text message has been brought to the attention of the cybercrime department. There is no additional information at this time. We should all be aware and exercise caution that this and similar messages are being received across the county.

The text message below states that the recipient is entitled to a vaccine and to receive more information they should click on the link in blue. Once the link is clicked, the recipient will see the message ‘we need to prove ownership of address’. They are then asked to provide bank account, sort code and a full bank card number. The message is a SCAM!

For genuine COVID-19 related advice including vaccination information, visit www.gov.uk and www.nhs.uk.

For more advice about protection from scams visit:  https://www.cambridgeshire.gov.uk/residents/community-protection/against-scams-partnership

Courier Fraud – £10K Watch

What you are about to read has just been brought to the attention of the cybercrime department.

The victim of the crime receives a telephone call on their home phone.
A male voice states their name and that they were a fraud investigator for the Halifax. Later, the victim was called by someone referring to themselves as a Police Sergeant from the Scotland Yard Fraud Team to advise her that her bank card had been cloned and there had been a breach of security somewhere within a Cambridgeshire Halifax branch.
The victim was deceived into transferring money from their savings account to their current account and then purchasing a physical asset to protect her cash until such time the investigation had concluded. They could then sell the asset and replace the funds into their account.

All the calls made to the victim were from a withheld number. The victim later made a payment of over £10k to purchase a single item, a watch.
On the same day of purchase, a caller at the door delivered the watch.
A couple of hours later, another caller at the door collected the watch.

The victim of this crime lost over £10K because they genuinely believed they were helping the police!

This is a text book courier fraud that starts with a telephone call from the criminal pretending to be from the police or the bank or both. I appreciate that you may have heard me say this many times before. The police or the bank will never contact you to transfer money out of your accounts.

For more information about their work or if you would like to be a supporter, then visit: https://www.cambridgeshire.gov.uk/residents/community-protection/against-scams-partnership

Loan Fee Fraud

Loan fee fraud is when someone who is looking for a loan is asked to pay an upfront fee before receiving it. They pay the fee, but they never get the loan.

In December 2019, loan fee fraud was the third most queried scam to the Financial Conduct Authority. (www.fca.org.uk). The average fee relating to loan fee fraud reported to the FCA is approximately £220. Be alert to unsolicited emails, text messages, social media and adverts on websites promoting loans.

The following is an extract from the FCA website https://www.fca.org.uk/consumers/loan-fee-fraud

Spot the warning signs of loan fee fraud

  • You may have made several loan applications online and then been contacted out of the blue by text, email or phone and offered a loan.
  • You may be asked to make an upfront payment into a bank account, or transfer money via an unusual method, for example Western Union or iTunes vouchers.
  • The scammers may claim that the fee is refundable and will be used as a deposit, administrative fee, insurance or because of bad credit history.
  • You may be put under pressure to pay the fee quickly.
  • Once the first payment has been made, the scammer might contact you again to ask for more payments before they can give you the loan.
  • Even though you make the payments, you never receive the loan.

How to protect yourself

When applying for a loan, you should only deal with FCA-authorised firms. If you deal with an unauthorised firm, you won’t be covered by the Financial Ombudsman Service if things go wrong.

Check our Financial Services Register to see if we regulate the firm. Check that the firm’s contact details match the details the FS Register. Always use the FS Register’s contact details, rather than a direct line or email given to you. If there are no contact details on the FS Register, or the firm claims they are out of date, call our Consumer Helpline on 0800 111 6768.

Read more information on unauthorised firms and individuals and how to protect yourself from scams. If you believe you are a victim of fraud contact: Your bank and Action Fraud (www.actionfraud.police.uk)

Facebook Market Place and PayPal payment Fraud

If you buy from Facebook Marketplace or any other online Marketplace using PayPal, please be aware of the following:


The victim contacted the seller of a games console advertised on Facebook Marketplace at £150.

The suspect replied with an excuse that he was not local for the next month, so he would have to post it. (RED FLAG – This would avoid a meeting)

The suspect then sent his PayPal reference to the victim.

The victim accessed his PayPal account and sent the suspect the £150.

The victim then receives a message from the suspect stating that the funds were on hold, so he won’t send the item out until the funds have cleared.

The suspect then said he’ll issue a refund, which he did.

The suspect then asked the victim to resend the funds using PayPal. This time not using the ‘Goods and Services’ option but instead, opting for ‘Friends and Family’ and gave a different PayPal reference. (RED FLAG – NEVER pay for goods or services using the PayPal Friends and Family option, your purchase will NOT be protected, see Key Message below)

The victim sends £150 using the PayPal Friends and Family option instead of Goods and Services.

The following day, the victim contacts the suspect for tracking details of the games console.

The suspect initially did not reply but later stated that he was busy and subsequently closed or blocked his Facebook profile to the victim and stopped communicating.

The victim contacts PayPal, but because they made the payment for a computer games console using the Friends and Family option, they were not covered by PayPal Purchase Protection.

Key Message

With PayPal, there are two payment options, Goods and Services and Friends and Family.

Although PayPal offers purchase protection, there are strict limitations on when you are entitled to protection.If you are buying goods using PayPal on Facebook Marketplace or any online marketplace, and the seller is not a Family or a real friend, then always use the Goods and Services option.

If a seller asks you to pay using PayPal Friends and Family and makes any excuse about PayPal fees, you will not be covered by Purchase Protection. So, if you don’t receive the goods, or they are faulty, not what you ordered, counterfeit etc., it is unlikely you will get your money back when you contact PayPal.

Friends and Family is a payment option to friends and family, use it only to send money as a gift or for money owed, NOT to pay for goods and services. Be alert to any seller asking you to pay them using PayPal Friends and Family.

Use a credit card as part of your PayPal account and not a debit card. Credit cards afford more consumer protection if payments are disputed. With PayPal, there are two payment options, Goods and Services and Friends and Family. Although PayPal offers purchase protection, there are strict limitations on when you are entitled to protection.

If you are buying goods using PayPal on Facebook Marketplace or any online marketplace, and the seller is not family or a real friend, always use the Goods and Services option. Use a credit card as part of your PayPal account and not a debit card. Credit cards afford more consumer protection if payments are disputed.

Romance and Dating Fraud

All this week, Cambridgeshire Police will be supporting a national campaign involving all the UK police services and some of the companies providing dating services. The campaign is to help raise the awareness of online romance/dating fraud and provide advice on how to stay safe online.

Romance, or dating fraud, occurs when a relationship is formed online, but the profile of the perfect partner you think you’ve met, is fake.
The scammer makes you believe you’re in a loving relationship spanning weeks, or perhaps months to gain your trust. However, the end goal is always a much more sinister one, with criminals after money or personal information.

Between August 2019 and August 2020, Action Fraud received over 400 reports a month from victims of romance fraud in the UK. Losses reported by victims during this time totalled £66,335,239, equating to an average loss of just over £10,000 per victim.

During June, July and August 2020, romance fraud reports jumped to more than 600 per month, indicating people may have met, and begun talking to, romance fraudsters during the national lockdown caused by the coronavirus outbreak.

It has a devastating emotional and financial impact on the victim, who often feel foolish for falling for the lies once they realise what’s happened. It may then have an impact on people deciding not to report such instances. Still, it’s vital to understand criminals are experts at impersonating people; they spend hours researching individuals for their scams.

Criminals from across the world use common dating apps to create fake accounts using images they copied from the internet. They use persuasive language to groom and control their victim, coercing them into parting with large sums of money or personal information.

During the week-long campaign, many dating apps will be running additional fraud protection advice throughout October to help raise awareness. The campaign will show signs to look out as they use more advanced technology to keep users safe. There are simple steps you can take to help keep yourself safe and several warning signs to look out for:

  • if someone you’re talking to declares their love quite quickly, with talk of making significant commitments like marriage or buying a house together, be wary and don’t give away too many personal details;
  • they claim to work overseas, perhaps in the military or medical profession, often painting a picture of themselves as being heroic, but also gives a credible reason for an international dialling code or poor internet connection. A lot of fraudsters are not based in the UK;
  • if they’re reluctant to meet in person, or even video chat and quickly want to move off onto other messaging platforms, which have better encryption, meaning evidence of your conversations are harder to find. Stay on the site’s messaging service until you’ve met someone or you’re sure they are who they say they are;
  • if they ask for financial help, it’s likely to be for something urgent and emotive, to trick you into feeling sorry for them and want to help. If you’re asked for money or are suspicious their photos aren’t theirs, most platforms have a reporting tool – which will help to protect others. They may ask you to buy gift cards, Amazon, iTunes and alike, a scratch of the back of the card and send them the code.
  • they tell you to keep your relationship quiet and insist you don’t tell your friends and family about them. This is because someone close to you is likely to question this person’s motives, as they’ve not been emotionally involved. They’re an excellent place to start if you’re unsure of someone’s motives and will give you their honest opinion, don’t shut them out or isolate yourself.

The top five platforms where victims reported first interacting with the criminal committing romance fraud were Facebook, Plenty of Fish, Instagram, Tinder and Match.com.

A technical tip, on any online image, you can do what is called a reverse image search. For example, on a profile, you could save the image of the person you are communicating with and then upload it to Google images or to a website called Tin Eye (others are available). It may return a search result that shows you where the image has featured on another website. Remember, just because the search result reveals no matches, it does not mean the profile picture is genuine. Criminals know of this feature, and so they manipulate images using software, or they use images that do not feature anywhere else on the internet.

For more information about protecting yourself, family or friends visit; www.actionfraud.police.uk or www.getsafeonline.org or read the advice on the dating app or website.

As always, please contact me with any non-urgent fraud or internet-related question.

Mr Nigel Sutton 8517
Cyber Protect Officer
Serious & Organised Crime (Intelligence and Specialist Crime Department)
Ext: 01480 422773

Fake Penalty Charge email

Below provides details of yet another attempt by criminals to steal our money and private information.

If you receive such an email please report to www.actionfraud.police.uk and copy me in.

Male claiming to be from MI5 and Cambridgeshire Police

A slightly unusual attempted scam telephone call to tell you about, this time the caller claimed to be from the UK’s Security Service MI5.
Interestingly, the intended victim later checked the telephone number displayed on their caller ID with the MI5 website, and the number matched.

The male caller then claimed he was in fact a Police Officer in Peterborough but was working with the MI5 agency. 

The conversation is not clear from this point but it appears that the caller tried to get the recipient to go to their bank and withdraw some money and made reference to a National Insurance number, the caller then said that if they could not get to the bank then an alternative payment would be gift vouchers. 

I have checked the MI5 website and there are only two contact numbers listed, 999 for an emergency and 0800 789 321 which is for the Anti-Terrorist Hotline. The following is a screenshot from the MI5 website, and suggests MI5 are well aware that their organisation is being used in similar scams:

Please note: If you receive a call from M15, it will not come from any the numbers listed below. Please treat any calls received from these numbers with caution. and do not divulge any personal information or banking details.

So, please remember, do not trust the number displayed on your caller ID because it can be spoofed/made to look genuine. Treat the number displayed with caution until such time you can be confident the caller is genuine, and that is not easy if you don’t recognise the voice because if you can’t, they could be anyone.

Any request for gift vouchers as a payment method suggests the call is a scam.

Any non-urgent questions or concerns relating to fraud and cyber crime please contact me.

Kind regards,

Mr Nigel Sutton 8517
Cyber Protect Officer
Serious & Organised Crime (Intelligence and Specialist Crime Department)
Ext: 01480 422773
Cambridgeshire Constabulary
Hinchingbrooke Park,
Huntingdon, PE29 6NP

Working together to deliver an inclusive and professional policing service with: Fairness, Integrity, Diligence and Impartiality.

Compromised Facebook Accounts

Compromised Facebook accounts used to lure victims into PayPal scam

Attached here is an important scam alert from the City of London Police, National Fraud Intelligence Bureau.

Should the content of the document raise any questions or issues, then please contact Mr Nigel Sutton 8517, Cyber Protect Officer.

Please consider forwarding to family and friends and any appropriate community group.

Cambridgeshire Police Fraud Alert

Yesterday we received a report of an attempted scam, in which the caller was pretending to be a Police Sergeant within Cambridgeshire Police.
Below is an overview from the report itself, fortunately no money was lost in this instance.
Please remember, Cambridgeshire Police or any police service or bank will not call you and ask you to read out your bank card details or provide your bank account information. This and variations thereof are a scam.

STOP – CHALLENGE – REPORT www.take5-stopfraud.org
Just because the caller knows your name or some other information, this does not make them genuine. Criminals steal data and use it to appear genuine.
For further information on courier fraud visit: https://www.actionfraud.police.uk/a-z-of-fraud/courier-fraud

The call was something similar to below

At #### today someone rang me on my land line. The number he rang from was withheld.  He checked my name and my address and then said he was ringing from Cambridgeshire Police.  When pressed he said his name was Sergeant Smith.
What he said was that at 09:00 am this morning, Cambridgeshire Police had arrested a Sharon Saunders who was using a visa debit card in my name. 

Feeling severe doubt, I said I’d check my purse.  An action which seemed to me to be risk free, so I did and told him all my cards were present and correct.  At which point he said, “What colour is that card?”.  I made disbelieving noises, at which point he abruptly ended the call.

This could have ended very differently with the caller giving out card details etc.

Just remember to take your time, stop and think and remember a bank or the Police will never ask you to give these details over the phone.

Fraud and Cyber Security

What is phishing and how does it work?

You wouldn’t let a thief enter your home, but what if the thief was masquerading as someone familiar, such as a postman, and tricked you into opening the door? Phishing works in a similar way – criminals use legitimate-looking messages and websites to trick people into opening the doors to their personal data, giving up logins, passwords or even payment details. That information can then be used to commit fraud and cyber crime.

How big is the problem?

Phishing attacks are a common security challenge that both individuals and businesses across the UK face on a regular basis.
The National Cyber Security Centre’s Suspicious Email Reporting Service (SERS) received over 1.7M reports from the public between April and August 2020, with the most commonly faked brands being TV Licensing, HMRC and GOV.UK.

How can you protect yourself from phishing scams?

Many of the phishing scams that get reported to us have one thing in common, they started with a message out of the blue. Whether it’s an email asking you to “verify” account information, or a text message claiming to be from your bank, the goal of a phishing attack is usually the same – to trick you into revealing personal and financial information.
Criminals are experts at impersonation and they’re constantly getting better at creating fake emails and texts that look like the real thing. Here’s some simple advice you can follow when it comes to dealing with phishing scams:

1 – Remember, your bank, or any other official organisation, won’t ask you to share personal information over email or text. If you need to check that it’s a genuine message, call them directly. Don’t use the numbers/emails in the email, but visit the official website instead.

2 – If you have received an email which you’re not quite sure about, forward it to the Suspicious Email Reporting Service (SERS):
report@phishing.gov.uk. If it turns out to be a malicious, your report will help other people from falling victim to it.

3 – Received a text message you’re not quite sure about? Maybe it’s asking you to “verify” personal or financial details, such as a banking password? You can report suspicious text messages by forwarding them to 7726.

4 – If you’ve lost money or provided personal information as a result of a phishing email, notify your bank immediately and report it to

Action Fraud: www.actionfraud.police.uk

For more simple tips on how to protect yourself online, visit: www.actionfraud.police.uk/cybercrime