Archives: Cybercrime Alerts

Cybercrime Alerts news and reviews

Action Fraud UK  has received several reports from victims who have been sent convincing looking emails claiming to be from Amazon.

The spoofed emails from “service@amazon.co.uk” claim recipients have made an order online and mimic an automatic customer email notification.

In one example below, the scam email claims recipients have ordered an expensive vintage chandelier. Other reported examples include; Bose stereos, iPhone’s, cameras and luxury watches.

The emails cleverly state that if recipients haven’t authorised the transaction they can click on the help centre link to receive a full refund.

The link leads to an authentic-looking website, which asks victims to confirm their name, address, and bank card information.

One victim reported entering his Nationwide banking details and later found out £750 had been stolen from his account. After the victim notified Nationwide they cancelled the card and refunded the money in full.

Amazon says that suspicious e-mails will often contain:

  • Links to websites that look like Amazon.co.uk, but aren’t Amazon.co.uk.
  • Attachments or prompts to install software on your computer.
  • Typos or grammatical errors.
  • Forged (or spoofed) e-mail addresses to make it look like the e-mail is coming from Amazon.co.uk.

Amazon will never ask for personal information to be supplied by e-mail.

Yahoo said on Wednesday it had discovered another major cyberattack, saying data from more than 1bn user accounts was compromised in August 2013, making it the largest such breach in history.

Yahoo said the stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers.

The number of affected accounts was double the number implicated in a 2014 breach that the internet company disclosed in September 2016 and blamed on hackers working on behalf of a government.

“An unauthorised party” broke into the accounts, Yahoo said in a statement posted on its website. The company believes the hacks are connected and that the breaches are “state-sponsored”.

Yahoo said this case “is likely distinct from the incident the company disclosed on September 22, 2016”.

Verizon, which is in the process of buying Yahoo for $4.8bn (£3.8bn), said of the 2013 hack: “We will review the impact of this new development before reaching any final conclusions.”

The breach disclosed in September had already threatened to derail the deal or result in a reduction in the sale price.

Yahoo is notifying all the users affected and asking them to change their passwords and security questions.

Action Fraud is warning people to watch out for fraud on the Facebook Marketplace after receiving reports from victims who have tried to purchase items and never received them.

Facebook’s Marketplace lets you buy and sell items with people in your community for free. All you have to do to access the Marketplace is tap on the shop icon at the bottom of the Facebook app and start searching.

Unlike rival websites such as eBay there is no secure payment facility such as PayPal or feedback systems in place, which means it is up to buyers and sellers to agree on prices and payment methods.

Caution advised

People using the Marketplace should exercise caution as it is easy for fraudsters to post pictures of items for sale that either do not exist or are counterfeit.

In all the cases reported to Action Fraud, fraudsters have been offering items for sale and demanding that payment is made by bank transfer. When victims ask if payment can be made through PayPal, a variety of excuses are given as to why they cannot.

Victims have reported transferring money directly into fraudster’s bank account for gaming consoles, iPhone’s, iPad’s, trainers and even rare Pokemon trading cards.

Items never received

In one report a buyer tried to purchase an iPad Air listed for sale and after agreeing a price with the seller decided to go ahead with the purchase.

When the buyer asked to meet the seller in person they were given an excuse as to why they couldn’t meet. The seller then suggested if the item could be sent by recorded delivery with payment by bank transfer instead of cash.

The buyer then transferred £105 to the fraudster’s bank account. The victim never received the iPad and the fraudster blocked their messages.

How to protect yourself

  • If someone’s message or profile looks suspicious, trust your instincts and walk away.
  • Never transfer money directly into a sellers account without viewing the item in person first.
  • When purchasing smaller items, do the exchange in a public place such a local police station.
  • Use an online payment option such as PayPal, which helps to protect you.
  • If it sounds too good to be true, it probably is.

Lloyds Bank customers should be on the lookout for a new sophisticated fraud that involves fraudsters sending fake bank letters.

The convincing letters being sent are a replica template from Lloyds and include their logo, address and signature from a customer service representative.

The letter tells recipients that there have been some “unusual transactions” on their personal account and asks them to call a number highlighted in bold to confirm they are genuine.

Automated messages harvesting details

When victims call the number, an automated welcome message is played and the caller is asked to enter their card number, account number and sort code followed by their date of birth.

Victims are then instructed to enter the first and last digit of their security number.

The fraud was spotted by the Daily Telegraph who was alerted to it by a reader who had three identical letters sent to an office address.

On separate occasions the Daily Telegraph ran some tests using fake details and were passed to fraudsters who claimed to be from a Lloyds contact centre. The bank has confirmed that the phone number and letters are fake.

Sophisticated phishing

The letters are essentially a sophisticated phishing attempt and serves as a warning to consumers to question written correspondence from their banks.

If you are ever suspicious about correspondence from your bank you should call the customer serviced number on the back of their card.

Via Verde has warned people of fraudulent emails to motorway users, which appeared to have been sent by the Autoridade Tributária (Tax Authority) (TA), requesting the payment of toll debts.

In a statement, Via Verde reports that emails of undetermined origin have the appearance of having been sent by the AT with the subject Via Verde Portugal, requesting toll payment through a link that refers to a page on the Internet. The page then requests personal data and bank cards, to make the requested payment.
“Via Verde Portugal states that these are fraudulent messages, totally foreign to this company, and which can compromise the privacy and security of customers and harm their interests,” he adds.

Via Verde Portugal warns not to reply to these emails that require the payment of alleged amounts owed, namely filling in the fields requested.

The company also states that it will react legally, in accordance with Portuguese law, in order to guarantee its interests and those of its clients.

Action Fraud UK report that the UK public and small businesses are today being urged to start making every day safer as the latest online crime figures from Get Safe Online and Action Fraud reveal that a staggering £10.9 billion* was lost to the UK economy as a result of fraud, including cybercrime, in 2015/16.

That equates to approximately £210 per person over the age of 16 living in the UK**, but represents only reported fraud and cybercrime to Action Fraud.

However, a specially commissioned survey to mark Get Safe Online Day (18 October), reveals that this number is likely to be much greater, with respondents who had been a victim of online crime alone losing an average of £523 each – this being more than the average weekly earnings figure for the UK which currently stands at £505. In addition, 39% of people who said they’d been victims of online crime said they hadn’t reported the incident – this meaning that the overall amount of money lost by the UK could in fact be even more.

In addition, a quarter of (25%) the UK public said that they had a limited understanding of the risks they face when going online, but nine in 10 (89%) said they were somewhat or very concerned about their online safety and security. 89% also felt online crime was as damaging or more damaging than physical crime.

The victims of cybercriminals

The research found a worrying gap in people’s understanding of what constitutes an online crime – 86% said they had not been targeted by cybercriminals in the past 12 months. But, 68% of people in the UK have been targeted in a variety of ways:

  • 53% received fraudulent emails or messages which have attempted to direct them to websites where their personal information could have been stolen, including bank details, user names and passwords.
  • Over a quarter (28%) reported being contacted by someone who was trying to trick them into giving away personal information.
  • 10% had their email or social media accounts hacked.
  • 3% had been victims of ransomware, a fast-growing means of online extortion.
  • Of those who said they had been a victim of cybercrime, over a third (38%) said they felt that the matter was too trivial to report. Worryingly, over a third of people (37%) also said that they felt there was nothing that could be done.

Poor online safety habits

Action Fraud UK add that, many Britons are still not taking the basic steps to keep themselves safe online with as many as 43% saying that they use the same password for multiple online accounts. In fact, even when a company warns people to change their password after a breach – three in 10 have been contacted to do so – 12% said they did not follow the advice. The survey found that people use an average 9 passwords across devices and accounts.

The research also showed that respondents only update their security software every 8½ months and two in 10 (19%) do not update their device operating systems at all. When it comes to taking care of personal information, nearly a quarter (23%) said they never update their privacy settings on social media, with 58% saying they did not know how to. Additionally, nearly a third (29%) don’t back up their documents and photographs at all.

Very recently we learned of a new massive phishing attack targeting clients of several Portuguese banks. The request is for personal information and the recipient is requested to fill in a form which is either an attachment or a link.

There are several types of financial fraud, one of the most recurrent is sending emails, from an unknown entity with clear intentions that are fraudulent, impersonating a credit institution.

Traditionally, these emails induce the consumer / receiver using a link directing you to a web page, which is similar to the bank, but in reality is nothing more than a fake page.

On this page the bank customer is requested to enter or confirm sensitive information such as personal data, passwords, bank account numbers, coordinates of the matrix card and other confidential information, usually with the argument that it is necessary to regulate / update the data.

Subsequently these data are used by the fraudsters to make transfers or purchases on behalf of bank customers.

It is not the procedure of banks to ask customers to submit personal data by email. Banks use increasingly sophisticated forms of validation in their own websites.

Advice is as follows:

Protect your computer with antivirus, antispyware and firewall active;

  • Not open and delete any messages received from unknown origin and / or doubtful. For questions about its origin, open the window and type the full address of the site without clicking on the link provided;
  • Always use for transactions website address begins with HTPPS, since the “s” stands for safety;
  • Never give out passwords or all codes from your coordinates card in your online banking service, NIB or other personal data;
  • Please note the language used in email because usually the ones that are fraudulent have language and grammar mistakes.

Digital fingerprints – “hashes” – of child sexual abuse images are a revolutionary step for victims

Internet giant Microsoft has teamed up with the Internet Watch Foundation (IWF) UK to create a revolutionary system that stops the upload, storage and sharing of “potentially millions” of child sexual abuse images on the internet.

Called the IWF Image Hash List, a ‘hash’ is a unique code that’s generated from the data in an image, like a digital fingerprint. The Image Hash List is a list of these individual codes (digital fingerprints) of known images of child sexual abuse.

By using the Image Hash List on their systems, internet companies across the globe will be able to stop the upload, sharing and storage of these hideous images.

Key facts:

125,583 images of confirmed child sexual abuse have been hashed and added to the IWF Image Hash List

Every four minutes our analysts create a new hash

67% of the hashes are category A or B – the rape or sexual torture of children

3,040 of the hashes were assessed as babies and toddlers – two years old, or younger

IWF CEO Susie Hargreaves OBE says: “We’ve been working on the technology to make the Image Hash List a reality for some time. Microsoft provided a cloud-based solution to allow companies all over the world to use our hash list with minimal fuss and no expense to those who want to protect their customers, their brands and do the right thing for victims of sexual abuse.

“Now our Image Hash List, coupled with Microsoft’s Cloud technology is an absolute game-changer. The service is unparalleled globally.”

IWF analysts have already created huge number of hashes; to date the list stands at 125,583.

Susie continues: “Every eight minutes our analysts identify a new webpage showing a child being sexually abused. We always ensure that image is taken down. But in the past it could be uploaded again, and again. This was incredibly frustrating for us and dreadfully sad for those victims. Now our new technology allows us, and any company which uses the Image Hash List, to hunt out those abusive images, meaning internet companies can completely stamp out copies, stop the sharing, and even stop the image being uploaded in the first place.

“This is a major breakthrough. Each and every one of these images is the painful record of a child being sexually abused. Their suffering is very real. These victims have the right to know someone is fighting this important battle.”

Be care of this phishing attack aimed at those who manage websites. Simply delete as it is trying to obtain your personal details. It is a scam.

It reads as follows:

“Sender:  Bob Xu<bob (at) chinaregistry.cn> <chinaregistry138 (at) aliyun.com>

Subject: (It’s very urgent, please transfer this email to your CEO. Thanks)

We are the domain registration and solution center in China. On Oct 17, 2016, we received an application from Kesheng Holdings Ltd requested “name of your website” as their internet keyword and China (CN) domain names (XXX.cn, XXXl.com.cn, XXX.net.cn, XXXl.org.cn).

But after checking it, we find this name conflict with your company name or trademark. In order to deal with this matter better, it’s necessary to send email to you and confirm whether your company have connection with this Chinese company or not?

 

Best Regards,

Bob Xu | Service & Operations Manager

China Registry (Head Office) | 6012, Xingdi Building, No. 1698 Yishan Road, Shanghai 201103, China

Tel: +86-2161918696 | Fax: +86-2161918697  | Mob: +86-13816428671

Email: bob (at) chinaregistry.cn”

Details including names, passwords, email addresses, phone numbers and security questions were taken from the company’s network in late 2014

Hackers stole the personal data associated with at least 500m Yahoo accounts, the Sunnyvale, California-based company confirmed today.

Details including names, passwords, email addresses, phone numbers and security questions were taken from the company’s network in late 2014 by what was believed to be a state-sponsored hacking group.

The company is investigating the breach with law enforcement but currently believes that credit card or bank details were not included in the stolen data.

“The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected,” said the company in a statement.

Nevertheless, the news may jeopardise the $4.8bn sale of Yahoo’s core business to Verizon, announced in July.

Cyberwar is not coming to the US – it’s already here

Yahoo is notifying users who may have been affected and says that anyone who has not changed their Yahoo passwords since 2014 should do so. The company has also invalidated affected users’ security questions so that they can’t be used to access accounts.

“Yahoo encourages users to review their online accounts for suspicious activity and to change their password and security questions and answers for any other accounts on which they use the same or similar information used for their Yahoo account,” said the company.

Users should be very wary of any emails purporting to come from Yahoo, particularly if they prompt the users to click any links, download any attachments or give out any personal information.

 

Yahoo announced it was investigating a data breach earlier this summer but at the time thought just 200m user accounts were affected.

“Yahoo may very well be facing an existential crisis,” said Corey Williams, from identity management software company Centrify. “Already besieged by business execution issues and enduring a fire sale to Verizon, this may be the straw that breaks the camel’s back.”

US Senator Mark Warner, who has worked in the technology industry and often speaks on tech issues, described the seriousness of the breach as “huge”.

“While its scale puts it among the largest on record, I am perhaps most troubled by news that this breach occurred in 2014, and yet the public is only learning details of it today,” he said, urging Congress to create a data breach notification standard to ensure consumers find out sooner if their data has been compromised.

Security researcher Kurt Baumgartner from Kaspersky Lab also criticised Yahoo for its slow response to the attack but said it was not unexpected. “It’s unfortunate that when we are talking about this organization, a massive breach doesn’t come as a big surprise,” he said.

“The company has demonstrated that it isn’t quick to implement best practices and available security technologies, such as the delay in encrypting IM communications, implementing https for its web properties and more. These types of breaches highlight why all companies, need to be cybersecurity leaders, not followers.”