• +44 7503 218 152
  • ronna@xtrabyte.co.uk

Category >Scams

Fake online reviews

National Trading Standards (NTS) are warning the public that criminals are using fake online reviews to sell poor quality goods and services.
It has become a common practice for a lot of people to seek reviews prior to making a purchase, but how do we know whether the reviews we read are genuine?
The following guidance is from NTS:
• Timing and spacing – check for multiple similar reviews that have been uploaded within a few minutes or hours.
• Check the reviewer’s activity – if an account has been activated recently or has only reviewed a narrow range of products/services, it could indicate suspicious activity.
• Vague language – legitimate reviews will often be personal and specific to the individual’s experience. A fake is more likely to be vague, using generic words and phrases such as ‘amazing’, ‘awesome’ and ‘buy this product’.
• Check contact details – if a reviewer is happy to be contacted with questions, and is responsive, it’s a good sign they’re legitimate.
• Use a browser plug-in – they use artificial intelligence to analyse reviews, identify suspicious activity and suggest better alternatives. Examples are Fakespot and ReviewMeta.
• Look beyond the star rating – whilst a star rating of 4.5 or 5 can be a good quality indicator, be sure to look at the reviews too.
For further information and advice visit Online shoppers buy 80 million ‘disappointing’ items based on rave reviews – National Trading Standards

Scam WhatsApp message

A trusted contact has just alerted me to the following scam, they have kindly allowed me to use their screenshot.

The suspect number 07904 165574 has now been reported to www.who-called.co.uk

The potential victim receives a WhatsApp message from an unrecognised number in which the sender pretends to be known to the recipient.

The criminal makes an excuse that they have changed their mobile number and that this has caused a security issue which means they cannot make a payment, so the sender asks the recipient to make the payment now on their behalf and that they would be repaid in a couple of days time.

(Afterpay is an app that allows the user to make an online purchase by paying a small amount at the time, but then allows the balance to be spread over 6 weeks interest free)

WhatsApp message scam

Royal Mail scam text messages

The Cambridgeshire and Peterborough Against Scams Partnership, are warning us all of a scam text message purporting to be from Royal Mail.

Royal Mail scam text messages

Facebook Market Place and PayPal payment Fraud

If you buy from Facebook Marketplace or any other online Marketplace using PayPal, please be aware of the following:


The victim contacted the seller of a games console advertised on Facebook Marketplace at £150.

The suspect replied with an excuse that he was not local for the next month, so he would have to post it. (RED FLAG – This would avoid a meeting)

The suspect then sent his PayPal reference to the victim.

The victim accessed his PayPal account and sent the suspect the £150.

The victim then receives a message from the suspect stating that the funds were on hold, so he won’t send the item out until the funds have cleared.

The suspect then said he’ll issue a refund, which he did.

The suspect then asked the victim to resend the funds using PayPal. This time not using the ‘Goods and Services’ option but instead, opting for ‘Friends and Family’ and gave a different PayPal reference. (RED FLAG – NEVER pay for goods or services using the PayPal Friends and Family option, your purchase will NOT be protected, see Key Message below)

The victim sends £150 using the PayPal Friends and Family option instead of Goods and Services.

The following day, the victim contacts the suspect for tracking details of the games console.

The suspect initially did not reply but later stated that he was busy and subsequently closed or blocked his Facebook profile to the victim and stopped communicating.

The victim contacts PayPal, but because they made the payment for a computer games console using the Friends and Family option, they were not covered by PayPal Purchase Protection.

Key Message

With PayPal, there are two payment options, Goods and Services and Friends and Family.

Although PayPal offers purchase protection, there are strict limitations on when you are entitled to protection.If you are buying goods using PayPal on Facebook Marketplace or any online marketplace, and the seller is not a Family or a real friend, then always use the Goods and Services option.

If a seller asks you to pay using PayPal Friends and Family and makes any excuse about PayPal fees, you will not be covered by Purchase Protection. So, if you don’t receive the goods, or they are faulty, not what you ordered, counterfeit etc., it is unlikely you will get your money back when you contact PayPal.

Friends and Family is a payment option to friends and family, use it only to send money as a gift or for money owed, NOT to pay for goods and services. Be alert to any seller asking you to pay them using PayPal Friends and Family.

Use a credit card as part of your PayPal account and not a debit card. Credit cards afford more consumer protection if payments are disputed. With PayPal, there are two payment options, Goods and Services and Friends and Family. Although PayPal offers purchase protection, there are strict limitations on when you are entitled to protection.

If you are buying goods using PayPal on Facebook Marketplace or any online marketplace, and the seller is not family or a real friend, always use the Goods and Services option. Use a credit card as part of your PayPal account and not a debit card. Credit cards afford more consumer protection if payments are disputed.

Fake Penalty Charge email

Below provides details of yet another attempt by criminals to steal our money and private information.

If you receive such an email please report to www.actionfraud.police.uk and copy me in.

Compromised Facebook Accounts

Compromised Facebook accounts used to lure victims into PayPal scam

Attached here is an important scam alert from the City of London Police, National Fraud Intelligence Bureau.

Should the content of the document raise any questions or issues, then please contact Mr Nigel Sutton 8517, Cyber Protect Officer.

Please consider forwarding to family and friends and any appropriate community group.

Fraud and Cyber Security

What is phishing and how does it work?

You wouldn’t let a thief enter your home, but what if the thief was masquerading as someone familiar, such as a postman, and tricked you into opening the door? Phishing works in a similar way – criminals use legitimate-looking messages and websites to trick people into opening the doors to their personal data, giving up logins, passwords or even payment details. That information can then be used to commit fraud and cyber crime.

How big is the problem?

Phishing attacks are a common security challenge that both individuals and businesses across the UK face on a regular basis.
The National Cyber Security Centre’s Suspicious Email Reporting Service (SERS) received over 1.7M reports from the public between April and August 2020, with the most commonly faked brands being TV Licensing, HMRC and GOV.UK.

How can you protect yourself from phishing scams?

Many of the phishing scams that get reported to us have one thing in common, they started with a message out of the blue. Whether it’s an email asking you to “verify” account information, or a text message claiming to be from your bank, the goal of a phishing attack is usually the same – to trick you into revealing personal and financial information.
Criminals are experts at impersonation and they’re constantly getting better at creating fake emails and texts that look like the real thing. Here’s some simple advice you can follow when it comes to dealing with phishing scams:

1 – Remember, your bank, or any other official organisation, won’t ask you to share personal information over email or text. If you need to check that it’s a genuine message, call them directly. Don’t use the numbers/emails in the email, but visit the official website instead.

2 – If you have received an email which you’re not quite sure about, forward it to the Suspicious Email Reporting Service (SERS):
report@phishing.gov.uk. If it turns out to be a malicious, your report will help other people from falling victim to it.

3 – Received a text message you’re not quite sure about? Maybe it’s asking you to “verify” personal or financial details, such as a banking password? You can report suspicious text messages by forwarding them to 7726.

4 – If you’ve lost money or provided personal information as a result of a phishing email, notify your bank immediately and report it to

Action Fraud: www.actionfraud.police.uk

For more simple tips on how to protect yourself online, visit: www.actionfraud.police.uk/cybercrime

The QR code

You may already have seen or used the QR (Quick Response) code like the one above, but since pandemic measures have been relaxed, the QR code is being seen more often especially in pubs and restaurants.

So what is the QR code? It is simply a shortcut to a webpage, just like the link or shortcut we are used to in an email or other electronic messages.

To read the QR code, simply point your phone camera at it and your smart phone will read it and tell your phone browser to display the webpage it relates to, it is that simple. (There are also QR code reading apps available)

People like shortcuts, and criminals know we do.

Although the use of the QR code has benefits just like the link or shortcut in an email, it could be exploited by cyber criminals so I just want you to know how, and then you can make your own mind up whether to scan or not.

The image below was taken in a shopping centre the QR code is printed on a professional looking 5 foot high banner outside the shop. Because the banner looks high quality and is in a secure shopping centre with cameras and security, it unlikely that it had been placed there by a criminal. (Not guaranteed of course, but on balance I would scan it but not provide any personal information)

Another example of when I would consider scanning a QR code, would be when I have entered a restaurant or pub, and on the table is a guide to ordering food and drinks. The laminated sheet gives me the choice of downloading an app from Google Play or the App Store, or I can scan the QR code.

If however, I was in public and I read a poster with a QR code on it advertising a service or product, I will be far more cautious of scanning it because it is in a far less secure environment which a criminal could exploit. How? It is technically possible for the criminal to create their own QR code, print it and place it over the original QR code on the poster, they then create a fake website and have it hosted on the internet. If this QR code is scanned by a third party then their device will display a fake website deceiving the user to submit private information to the criminal. Exactly how phishing emails work.

So, if you are going to scan a QR code, just assure yourself that the QR code you are scanning is genuine, does the poster look genuine? Is it printed to a high commercial standard? Can you tell if there is another layer of paper over the QR code that suggests the poster has been tampered with? If in doubt, don’t scan it, and if you want to find out more about what the poster is advertising, consider using your browser on your device.

The good news, I am yet to read a crime report that suggests anyone in the UK has been caught out in such a way, could this change in the future?

Being aware of the tactics used by cyber criminals to steal our data and money, helps us to defend ourselves and families.

If you have any questions or concerns involving QR codes, then please contact:
Mr Nigel Sutton 8517
Cyber Protect Officer
Serious & Organised Crime (Intelligence and Specialist Crime Department)
Ext: 01480 422773