If you believe that you have been a victim of a fraud or scam you can report it online at: http://www.actionfraud.police.uk/report_fraud or by telephone on: 0300 123
Pet - Fraud Alert 04/07/2017
The National Fraud Intelligence Bureau (NFIB) and Action Fraud have recently noticed a rise in the reporting of pets, and in particular puppies and kittens, being advertised for sale via popular online auction websites. The fraudsters will place an advert of the pet for sale, often claiming that the pet is currently held somewhere less accessible or overseas. Upon agreement of a sale, the suspect will usually request an advance payment by money transfer or bank transfer. However, the pet does not materialise and the fraudster will subsequently ask for further advanced payments for courier charges, shipping fees and additional transportation costs. Even if further payments are made, the pet will still not materialise as it is likely to not exist.
Tips to staying safe when purchasing pets:
- Stay within auction guidelines.
- Be cautious if the seller initially requests payment via one method, but later claims that due to ‘issues with their account’ they will need to take the payment via an alternative method such as a bank transfer.
- Consider conducting research on other information provided by the seller, for example a mobile phone number or email address used by the seller could alert you to any negative information associated with the number/email address online.
- Request details of the courier company being used and consider researching it.
- Agree a suitable time to meet face-to-face to agree the purchase and to collect the pet. If the seller is reluctant to meet then it could be an indication that the pet does not exist.
- A genuine seller should be keen to ensure that the pet is going to a caring and loving new home. If the seller does not express any interest in you and the pet’s new home, be wary.
- If you think the purchase price is too good to be true then it probably is, especially if the pet is advertised as a pure-breed.
- Do not be afraid to request copies of the pet’s inoculation history, breed paperwork and certification prior to agreeing a sale. If the seller is reluctant or unable to provide this information it could be an indication that either the pet does not exist or the pet has been illegally bred e.g. it originates from a ‘puppy farm’. A ‘puppy farm’ is a commercial dog breeding enterprise where the sole aim is to maximise profit for the least investment. Commercial dog breeders must be registered with their local authority and undergo regular inspections to ensure that the puppies are bred responsibly and are in turn fit and healthy. Illegally farmed puppies will often be kept in inadequate conditions and are more likely to suffer from ailments and illnesses associated with irresponsible breeding.
- When thinking of buying a pet, consider buying them in person from rescue centres or from reputable breeders.
- If you have been affected by this, or any other type of fraud, report it to Action Fraud by visiting www.actionfraud.police.uk or by calling 0300 123 2040.
Vehicle Online Shopping Fraud 12/06/2017
Fraudsters have been advertising vehicles and machinery for sale on various selling platforms online. The victims, after communicating via email with the fraudster, will receive a bogus email which purports to be from an established escrow provider (a third party who will keep the payment until the buying and selling parties are both happy with the deal).
These emails are designed to persuade victims to pay upfront, via bank transfer, before visiting the seller to collect the goods. The emails also claim that the buyer (victim) has a cooling off period to reclaim the payment if they change their mind. This gives victims the false sense of security that their money is being looked after by this trustworthy third party, when in fact it is not and the money has gone straight to the fraudster.
- When making a large purchase such as a new car or machinery, always meet the seller face to face first and ask to see the goods before transferring any money.
- If you receive a suspicious email asking for payment, check for spelling, grammar, or any other errors, and check who sent the email. If in doubt, check feedback online by searching the associated phone numbers or email addresses of the seller.
- Contact the third party the fraudsters are purporting to be using to make the transaction. They should be able to confirm whether the email you have received is legitimate or not.
- False adverts often offer vehicles or machinery for sale well below market value to entice potential victims; always be cautious. If it looks too good to be true then it probably is.
If you have been affected by this, or any other type of fraud, report it to Action Fraud by visiting www.actionfraud.police.uk, or by calling 0300 123 2040.
Wedding Services Fraud 05/06/2017
|With the upcoming “Wedding Season”, and for those individuals who are considering making plans for next year and beyond, you should be aware of the potential risks of fraud involved.
According to ‘bridesmagazine.co.uk’, in 2017 the average wedding cost spend is approximately £30,111. This will be paid out to multiple vendors, including; photographers, caterers, reception venues and travel companies, to name a few. Many of these services will require booking at least several months in advance and you may be obliged to pay a deposit or even the full balance at the time.
Being aware of the potential risks and following the below prevention advice could minimise the likelihood of fraud:
Paying by Credit Card will provide you with protection under Section 75 of the Consumer Credit Act, for purchases above £100 and below £30,000. This means that even if a Company goes into liquidation before your big day, you could claim a refund through your Credit Card Company.
Social Media - Some Companies run their businesses entirely via social media sites, offering low cost services. Whilst many are genuine, some may not be insured or may even be fraudulent. There are a few things you can do to protect yourself;
- Ensure you obtain a physical address and contact details for the vendor and verify this information. Should you experience any problems, you will then be able to make a complaint to Trading Standards or consider pursuing via the Small Claims Court.
- Ensure you obtain a contract before paying money for services. Make certain you fully read and understand what you are signing and note the terms of cancellation.
Consider purchasing Wedding Insurance - Policies vary in cover and can be purchased up to two years in advance. They can protect you from events that would not be covered under the Consumer Credit Act.
Complete research on each vendor, ensuring you are dealing with a bona fide person or company. Explore the internet for reviews and ratings and ask the vendor to provide details of past clients you can speak to. You should do this even if using companies recommended by a trustworthy friend or source.
For services such as wedding photographers, beware of websites using fake images. Look for inconsistencies in style; Meet the photographer in person and ask to view sample albums. If you like an image from a wedding, ask to view the photographs taken of the whole event so you can see the overall quality.
Remember, if something appears too good to be true, it probably is!
Smishing Fraud Alert 26/5/17
Smishing – the term used for SMS phishing – is an activity which enables criminals to steal victims’ money or identity, or both, as a result of a response to a text message. Smishing uses your mobile phone (either a smartphone or traditional non-internet connected handset) to manipulate innocent people into taking various actions which can lead to being defrauded.
The National Fraud Intelligence Bureau has received information that fraudsters are targeting victims via text message, purporting to be from their credit card provider, stating a transaction has been approved on their credit card.
The text message further states to confirm if the transaction is genuine by replying ‘Y’ for Yes or ‘N’ for No.
Through this method the fraudster would receive confirmation of the victim’s active telephone number and would be able to engage further by asking for the victim’s credit card details, CVV number (the three digits on the back of your bank card) and/or other personal information.
- Always check the validity of the text message by contacting your credit card provider through the number provided at the back of the card or on the credit card/bank statement.
- Beware of cold calls purporting to be from banks and/or credit card providers.
- If the phone call from the bank seems suspicious, hang up the phone and wait for 10 minutes before calling the bank back. Again, refer to the number at the back of the card or on the bank statement in order to contact your bank.
- If you have been a victim of fraud or cyber crime, please report it to Action Fraud at http://www.actionfraudpolice.uk/ or alternatively by calling 0300 123 2040
Microsoft Tech-Support Scammers Using Wannacry Attack To Lure Victims 23/05/2017
Action Fraud has received the first reports of Tech-Support scammers claiming to be from Microsoft who are taking advantage of the global WannaCry ransomwareattack.
One victim fell for the scam after calling a ‘help’ number advertised on a pop up window. The window which wouldn’t close said the victim had been affected by WannaCry Ransomware.
The victim granted the fraudsters remote access to their PC after being convinced there wasn’t sufficient anti-virus protection. The fraudsters then installed Windows Malicious Software Removal Tool, which is actually free and took £320 as payment.
It is important to remember that Microsoft’s error and warning messages on your PC will never include a phone number.
Additionally Microsoft will never proactively reach out to you to provide unsolicited PC or technical support. Any communication they have with you must be initiated by you.
How to protect yourself
- Don't call numbers from pop-up messages.
- Never allow remote access to your computer.
- Always be wary of unsolicited calls. If you’re unsure of a caller’s identity, hang up.
- Never divulge passwords or pin numbers.
- Microsoft or someone on their behalf will never call you.
If you believe you have already been a victim
- Get your computer checked for any additional programmes or software that may have been installed.
- Contact your bank to stop any further payments being taken.
Ransomware Cyber Attack 14/05/2017
Following the ransomware cyber attack on Friday 12 May which affected the NHS and is believed to have affected other organisations globally, the City of London Police’s National Fraud Intelligence Bureau has issued an alert urging both individuals and businesses to follow protection advice immediately and in the coming days.
Ransomware is a form of malicious software (Malware) that enables cyber criminals to remotely lock down files on your computer or mobile device. Criminals will use ransomware to extort money from you (a ransom), before they restore access to your files. There are many ways that ransomware can infect your device, whether it be a link to a malicious website in an unsolicited email, or through a security vulnerability in a piece of software you use.
Key Protect messages for businesses to protect themselves from ransomware:
- Install system and application updates on all devices as soon as they become available.
- Install anti-virus software on all devices and keep it updated.
- Create regular backups of your important files to a device that isn’t left connected to your network as any malware infection could spread to that too.
The National Cyber Security Centre’s technical guidance includes specific software patches to use that will prevent uninfected computers on your network from becoming infected with the “WannaCry” Ransomware: https://www.ncsc.gov.uk/guidance/ransomware-latest-ncsc-guidance
For additional in-depth technical guidance on how to protect your organisation from ransomware, details can be found here: https://www.ncsc.gov.uk/guidance/protecting-your-organisation-ransomware
Key Protect advice for individuals:
- Install system and application updates on all devices as soon as they become available.
- Install anti-virus software on all devices and keep it updated.
- Create regular backups of your important files to a device (such as an external hard drive or memory stick) that isn’t left connected to your computer as any malware infection could spread to that too.
- Only install apps from official app stores, such as Google’s Play Store, or Apple’s App Store as they offer better levels of protection than some 3rd party stores. Jailbreaking, rooting, or disabling any of the default security features of your device will make it more susceptible to malware infections.
Fraudsters may exploit this high profile incident and use it as part of phishing/smishing campaigns. We urge people to be cautious if they receive any unsolicited communications from the NHS. The protect advice for that is the following:
- An email address can be spoofed. Don’t open attachments or click on the links within any unsolicited emails you receive, and never respond to emails that ask for your personal or financial details.
- The sender’s name and number in a text message can be spoofed, so even if the message appears to be from an organisation you know of, you should still exercise caution, particularly if the texts are asking you to click on a link or call a number.
Don’t disclose your personal or financial details during a cold call, and remember that the police and banks will never ring you and ask you to verify your PIN, withdraw your cash, or transfer your money to another “safe” account.
If you have been a victim of fraud or cyber crime, please report it to Action Fraud at http://www.actionfraud.police.uk/
Wonga Data Breach 13/04/17
Wonga has confirmed a data breach where up to 250,000 accounts have been compromised. The incident is now being investigated by the police and has been reported to the Financial Conduct Authority.
Wonga has updated their website with further information and confirmed that they are contacting all those affected and are taking steps to protect them, but there are also some things you can do to keep your information secure.
Here’s what you can do to make yourself safer:
If any of your financial details were compromised, notify your bank or card company as soon as possible. Review your financial statements regularly for any unusual activity.
Criminals can use personal data obtained from a data breach to commit identity fraud. Consider using credit reference agencies, such as Experian or Equifax, to regularly monitor your credit file for unusual activity.
Be suspicious of any unsolicited calls, emails or texts, even if it appears to be from a company you know of. Don’t open the attachments or click on links within unsolicited emails, and never disclose any personal or financial details during a cold call.
If you have been a victim of fraud or cyber crime, please report it to us: http://www.actionfraud.police.uk/report_fraud
Law Abiding Citizen Alert 04/04/17
|Message sent by
|Action Fraud (Action Fraud, Administrator, National
Fraudsters are sending out a high volume of phishing emails to personal and business email addresses, pretending to come from various email addresses, which have been compromised.
The subject line contains the recipient’s name, and the main body of text is as below:
I am disturbing you for a very serious reason. Although we are not familiar, but I have significant amount of individual info concerning you. The thing is that, most likely mistakenly, the data of your account has been emailed to me.
For instance, your address is:
[real home address]
I am a law-abiding citizen, so I decided to personal data may have been hacked. I attached the file – [surname].dot that I received, that you could explore what info has become obtainable for scammers. File password is – 2811
The emails include an attachment – a ‘.dot’ file usually titled with the recipient’s name.
This attachment is thought to contain the Banking Trojan Ursniff/Gozi, hidden within an image in the document. The Ursniff Banking Trojan attempts to obtain sensitive data from victims, such as banking credentials and passwords. The data is subsequently used by criminals for monetary gain.
|Having up-to-date virus protection is essential; however it will not always prevent your device(s) from becoming infected.
Please consider the following actions:
- Don’t click on links or open any attachments you receive in unsolicited emails or SMS messages: Remember that fraudsters can ‘spoof’ an email address to make it look like one used by someone you trust. If you are unsure, check the email header to identify the true source of communication (you can find out how by searching the internet for relevant advice for your email provider).
- Do not enable macros in downloads; enabling macros will allow Trojan/malware to be installed onto your device.
- Always install software updates as soon as they become available. Whether you are updating the operating system or an application, the update will often include fixes for critical security vulnerabilities.
- Create regular backups of your important files to an external hard drive, memory stick or online storage provider. It is important that the device you back up to is not connected to your computer as any malware infection could spread to that as well.
- If you think your bank details have been compromised, you should contact your bank immediately.
Payment Diversion Alert 23/01/2017
Payment diversion alert
Fraudsters are emailing members of the public who are expecting to make a payment for property repairs. The fraudsters will purport to be a tradesman who has recently completed work at the property and use a similar email address to that of the genuine tradesman. They will ask for funds to be transferred via bank transfer. Once payment is made the victims of the scam soon realise they have been deceived when the genuine tradesman requests payment for their services.
- Always check the email address is exactly the same as previous correspondence with the genuine contact.
- For any request of payment via email verify the validity of the request with a phone call to the person who carried out the work.
- Check the email for spelling and grammar as these signs can indicate that the email is not genuine.
- Payments via bank transfer offer no financial protection; consider using alternative methods such as a credit card or PayPal which offer protection and an avenue for recompense.
Fake Amazon Emails Claim You Have Placed An Order 05/01/2017
Action Fraud has received several reports from victims who have been sent convincing looking emails claiming to be from Amazon. The spoofed emails from “email@example.com” claim recipients have made an order online and mimic an automatic customer email notification.
The scam email claims recipients have ordered an expensive vintage chandelier. Other reported examples include: Bose stereos, iPhone’s and luxury watches.
The emails cleverly state that if recipients haven’t authorised the transaction they can click on the help centre link to receive a full refund. The link leads to an authentic-looking website, which asks victims to confirm their name, address, and bank card information.
Amazon says that suspicious e-mails will often contain:
- Links to websites that look like Amazon.co.uk, but aren't Amazon.co.uk.
- Attachments or prompts to install software on your computer.
- Typos or grammatical errors.
- Forged (or spoofed) e-mail addresses to make it look like the e-mail is coming from Amazon.co.uk.
Amazon will never ask for personal information to be supplied by e-mail.
You can read more about identifying suspicious emails claiming to be from Amazon by visiting https://www.amazon.co.uk/gp/help/customer/display.html?nodeId=201489210
To report a fraud or cyber crime, call us on 0300 123 2040.