• +44 7503 218 152
  • ronna@xtrabyte.co.uk

Category >Scams

Amazon Brushing Scam

The Norfolk Trading Standards is urging consumers to be wary of the Amazon ‘brushing’ scam, in which consumers receive products from Amazon that they did not order. Scammers use this method to make the transaction appear legitimate and avoid breaking Amazon’s rules and conditions for rating their own products. The scammers set up numerous fake accounts to buy their own products and then give themselves glowing reviews because the more reviews a product has, the more likely people are to buy the goods.

Victims are not charged for the items which suggests it is more profitable for the scammers to give away their products at the start as they will soon turn a profit thanks to their own (fake) reviews.  

But being involved in a brushing scam is not a good thing, despite the free goods that turn up at your door. It means that someone has gained access to your name, address and potentially other personal information. Depending on how they accessed your information they could hold a lot more of your personal information than you realise. 

People who receive packages they did not order should contact Amazon and change their online account passwords. Remember you can check whether your e-mail or telephone number have been subject to a data breach by visiting www.haveibeenpwned.com 

If a breach is revealed you should change your password for the account that has been breached. More advice about what to do and your consumer rights can be found in this article from Which? 

For advice about scams contact the Citizens Advice Consumer Helpline on 0808 223 1133.

Phishing email saying that your National Insurance number has been disabled

This email says that “GOV. UK has disabled a number of National Insurance Number due to numerous fraudulent activity reports in the era of BREXIT.” 
The fraudsters have tried to name every UK government department they can think of here (from “hmrc.co. uk” to “Jobcentre GOV. UK Plus”), and have even included the GOV.UK logo for good measure.

They then go on to say “a large number of National Insurance Numbers has been a target of identity theft in this period” and “you are now required to reactivate your NIN” (by clicking on the link (in bright red just in case you miss it)). Pretending they are acting in your interests is a common tactic of scammers.

Besides the grammar being incorrect in this email, to my knowledge it isn’t usual to shorten National Insurance number to NIN. Also, emails from government organisations tend to end in .gov.uk, definitely not hamanasu.jp, as here.
Remember, you will never be required to “reactivate” your National Insurance number. You can forward phishing emails to report@phishing.gov.uk.

Royal Mail scam text messages

The Cambridgeshire and Peterborough Against Scams Partnership, are warning us all of a scam text message purporting to be from Royal Mail.

Royal Mail scam text messages

National campaign #SecureYourAccounts

A national campaign has been launched by Action Fraud and Cyber Aware, to encourage us all to secure our online accounts with a strong, unique password and to enable two-factor authentication. Some people continue to use the same password for more than one online account, yet in the physical world, they would not use the same key for their car and their house locks. Online accounts, especially email and social media, contain a lot of valuable information that could lead to identity theft or a financial loss in some form.

Over this week, I shall be sending out graphics like the one below; feel free to post on social media or forward this email to friends and family.

national campaign on online fraud

Clone firm investment scam

The Financial Conduct Authority (FCA) issued a warning to the public as reports of ‘clone firm’ investment scams increased by 29%1 in April 2020 compared to March, when the UK went into its first lockdown. Action Fraud data reveals consumers reported losses of more than £78 million1 between January-December 2020. Throughout 2020, consumers reported average losses of £45,2421 each on average when investing with fraudsters imitating genuine investment firms. The data has been released as part of the FCA’s ScamSmart campaign, alongside advice to help investors avoid fake firms and protect their hard-earned cash.

The ongoing financial impact of Covid-19 may also make people more susceptible to these types of clone scams. 42%2 of investors say they are currently worried about their finances because of the pandemic. Over three quarters (77%)2 have or plan to invest within the next six months to improve their financial situation. 

However, the FCA highlights that even the most experienced investor could be at risk. Three quarters (75%)3 of investors said they felt confident they could spot a scam. However, 77%3 admitted they did not know or were unsure what a ‘clone investment firm’ was. 

Clone firms are fake firms set up by scammers using the name, address and ‘Firm Reference Number’ (FRN) of actual companies authorised by the FCA. Once set up, these fraudsters will then send sales materials linking to legitimate firms’ websites to dupe potential investors into thinking they are the real firm when they are not. 

The FCA is advising anyone considering an investment opportunity to check the Warning List of firms, which is updated daily, and not to deal with a firm not authorised by the FCA. The specific details, such as a telephone number and website address, can be verified on the FCA Register (register.fca.org.uk). The FCA also warns consumers to use the FCA Register’s phone number to contact an FCA authorised firm to be sure they are dealing with the genuine firm.

Even though two in five (38%)3 investors said they would check the company’s Firm Reference Number (FRN), checking this alone isn’t enough. Scammers will often copy FRN numbers and encourage victims to check the FCA Register to prove their legitimacy. 

Mark Steward, Executive Director of Enforcement and Market Oversight, FCA, said

“Clone investment scams can look real and sophisticated, but anyone can spot them by following our advice.” 

“Fraudsters use literature and websites that mirror those of legitimate firms, as well as encouraging investors to check the Firm Reference Number (FRN) on the FCA Register to sound as convincing as possible. Last year we issued alerts concerning over 1,100 firms, including clones, which has more than doubled since 2019, and we are working with the National Economic Crime Centre (NECC) and National Cyber Security Centre to take down clone sites when they are discovered.”

“If you’re considering an investment, visit the FCA Register to make sure the firm you’re dealing with is authorised. Check our Warning List of firms you should avoid, use the contact details on our FCA Register, not the details the firm gives you, and check for subtle differences to avoid ‘clone firm’ scams. And if you’re still unsure, call our consumer helpline for further information. When it comes to clones, I cannot emphasise enough how important it is to double-check every detail.” 

Cambridgeshire Police is a partner of the Cambridgeshire and Peterborough Against Scams Partnership (CAPASP); for more information and resources, visit www.cambridgeshire.gov.uk/against-scams

Fake Uber Texts

Another smishing text, this time purporting to be from Uber (a platform connecting drivers and riders for transport journeys), has been reported by another Cambridgeshire resident.

The text was sent from a mobile telephone number and read ‘UBER: We have identified that you made an overpayment on your last trip. Please follow the link to process your refund https://refund-ref067(dot)com.’

As with the EE message above, this message is bogus and is just a ploy to trick you into inputting personal information or installing malware to your device.

Uber scam text message

As with the EE message above, this message is bogus and is just a ploy to trick you into inputting personal information or installing malware to your device.

Smishing messages are usually sent on a large scale to ensure that some of the recipients will be customers of the organisation. And in turn, the scammers may receive responses from a proportion of those customers who don’t spot that it’s a scam.

Many people receive messages purporting from companies that they do not deal with and will immediately recognise them to be fake. But where you are a customer of the company in question, it is not easy to know whether to ignore the message or whether you must act.

The simple advice is to never click on a link in a text message that you were not expecting. If you are a customer of the company in question and are not sure about the communication, always contact them using a number, e-mail address or chatbot you know to correct to find out if the message is genuine. Remember the link given in a text message might look like a genuine web address, but it is very easy for fraudsters to provide a link with a false identity in their communications.

Forward suspicious texts to 7726, free of charge. Please share to help others stay safe.

EE Smishing Scam

A Facebook user has kindly alerted the Police Fraud team to a smishing message he received purporting from EE. As the informant is a customer of EE he did the right thing. He contacted their customer services separately, using a number he knows to be correct, to check whether this was a genuine communication. EE confirmed it was not and is a scam.

Image of EE smishing text message

The text came from 07399 852738 and read ‘EE: we are unable to process your latest bill. To avoid restrictions, please update your billing information via https://www.eebilling-updated(dot)com.’

As with all smishing texts, this message is a trick to get the recipient to click on the link to give some personal information or to unknowingly install some malware (malicious software) on their device. Malware can give the scammer access to your device to steal your personal information for identity theft and steal from your online banking accounts.

Please warn all your contacts about smishing texts – they are widespread, come in many different guises and can be very convincing. Passing the message on could save someone from a lot of distress. Please forward all suspicious texts to 7726, free of charge.

NHS Vaccine Scam

An NHS related scam text message has been brought to the attention of the cybercrime department. There is no additional information at this time. We should all be aware and exercise caution that this and similar messages are being received across the county.

The text message below states that the recipient is entitled to a vaccine and to receive more information they should click on the link in blue. Once the link is clicked, the recipient will see the message ‘we need to prove ownership of address’. They are then asked to provide bank account, sort code and a full bank card number. The message is a SCAM!

For genuine COVID-19 related advice including vaccination information, visit www.gov.uk and www.nhs.uk.

For more advice about protection from scams visit:  https://www.cambridgeshire.gov.uk/residents/community-protection/against-scams-partnership

Courier Fraud – £10K Watch

What you are about to read has just been brought to the cybercrime department’s attention.

The victim of the crime receives a telephone call on their home phone. A male voice stated their name and was a fraud investigator for the Halifax. Later, the victim was called by someone referring to themselves as a Police Sergeant from the Scotland Yard Fraud Team to advise her that her bank card had been cloned and there had been a breach of security somewhere within a Cambridgeshire Halifax branch.

The victim was deceived into transferring money from their savings account to their current account and then purchasing a physical asset to protect her cash until the investigation concluded. They could then sell the asset and replace the funds into their account.

All the calls made to the victim were from a withheld number. The victim later made a payment of over £10k to purchase a single item, a watch.

On the same day of purchase, a caller at the door delivered the watch. A couple of hours later, another caller at the door collected the watch. The victim of this crime lost over £10K because they genuinely believed they were helping the police!

This is a textbook courier fraud that starts with a telephone call from the criminal pretending to be from the police or the bank or both. I appreciate that you may have heard me say this many times before. The police or the bank will never contact you to transfer money out of your accounts.

For more information about their work or if you would like to be a supporter, then visit https://www.cambridgeshire.gov.uk/residents/community-protection/against-scams-partnership.

Loan Fee Fraud

Loan fee fraud is when someone who is looking for a loan is asked to pay an upfront fee before receiving it. They pay the fee, but they never get the loan.

In December 2019, loan fee fraud was the third most queried scam to the Financial Conduct Authority. (www.fca.org.uk). The average fee relating to loan fee fraud reported to the FCA is approximately £220. Be alert to unsolicited emails, text messages, social media and adverts on websites promoting loans.

The following is an extract from the FCA website https://www.fca.org.uk/consumers/loan-fee-fraud

Spot the warning signs of loan fee fraud

  • You may have made several loan applications online and then been contacted out of the blue by text, email or phone and offered a loan.
  • You may be asked to make an upfront payment into a bank account, or transfer money via an unusual method, for example Western Union or iTunes vouchers.
  • The scammers may claim that the fee is refundable and will be used as a deposit, administrative fee, insurance or because of bad credit history.
  • You may be put under pressure to pay the fee quickly.
  • Once the first payment has been made, the scammer might contact you again to ask for more payments before they can give you the loan.
  • Even though you make the payments, you never receive the loan.

How to protect yourself

When applying for a loan, you should only deal with FCA-authorised firms. If you deal with an unauthorised firm, you won’t be covered by the Financial Ombudsman Service if things go wrong.

Check our Financial Services Register to see if we regulate the firm. Check that the firm’s contact details match the details the FS Register. Always use the FS Register’s contact details, rather than a direct line or email given to you. If there are no contact details on the FS Register, or the firm claims they are out of date, call our Consumer Helpline on 0800 111 6768.

Read more information on unauthorised firms and individuals and how to protect yourself from scams. If you believe you are a victim of fraud contact: Your bank and Action Fraud (www.actionfraud.police.uk)