Archives: Cybercrime Alerts

Cybercrime Alerts news and reviews

On line dating fraud in the UK cost victims a heart- breaking £27 million last year, according to the latest stats from the City of London Police’s National Fraud Intelligence Bureau.

Over 2,700 online dating related crimes were reported to UK’s Action Fraud over 12 months with the average loss standing at £10,000. However, the actual number of crimes is thought to be considerably higher, with victims not reporting them owing to embarrassment.

Almost two thirds (62%) of all victims are aged between 40-69 accounting for £16 million of the total losses. People aged between 50 and 59 are the most likely victims accounting for a quarter of all frauds and losing just over £6 million.

Almost two thirds (64%) of all romance scams originated on dating sites, followed by social media (25%) and 10% via email. Only 2% of reported dating frauds originated via contact made on dating apps.

The key advice from the NFIB, to follow which will help you stay safe includes never sending funds to someone you have never met. If you’re in two minds always consult with a trusted friend or family member who will be able to view the situation objectively and provide another opinion on the situation.

“It is also very important that if you think you are being targeted or have been a victim of dating fraud to report it. Sharing this information will help identify and track down these heartless criminals who have absolutely no regard for people’s emotional or financial well-being”.

Tell-tale signs your online date may be a fraudster:

  • They want to communicate with you through instant messaging and texts, rather than through the dating website or chat room where you met.
  • They ask you lots of questions about yourself, but don’t tell you much about themselves.
  • They don’t answer basic questions about where they live and work.
  • Their profile picture is too perfect – for example they look like an actor or Miss World titleholder.

They start asking you to send them money using a number of different scenarios such as:

  • Claiming to be military personnel based overseas who require funds for flights home or early discharge from the forces
  • Citing medical related issues they need money for such as a sudden need for surgery, either for the fraudster or the fraudster’s family member
  • They’ve arranged to visit you but need money to pay travel costs

Yes it that time of year again. How nice to receive a romantic wish from a secret admirer; but that admirer may want to remain secret for a very good reason – it’s your money he/she is in love with not you!  Here are some scams to look out for.

Emails that link to a supposed online greeting card or Valentine’s Day website that attempt to download malware onto your PC. One website shows a number of heart icons and invites victims to click one for a message. That click triggers the download.

If you get a Valentine’s Day email from someone you don’t know, don’t follow the link. If you do know the sender, email them back before you follow the link to check that they sent the card. Not very romantic, we know, but safe!

Instant messages inviting you to become involved in a romantic online chat. This includes the infamous “Flirt-bot,” an automated chat program that works with instant messaging sites, trying to get victims to provide details about themselves, then taking them to a website page that requests a credit card number supposedly as proof that the person is over 18.

This is blatant phishing.

Another phishing trick comes as an email warning that the gift or flowers you ordered can’t be delivered because of a problem with your credit card. It then directs you to a spoof site where you have to re-enter your credit card details.

Although this seems a bit hit or miss for the crooks, just by the law of averages, some of these emails end up in the inboxes of people who really did order gifts or flowers online and are fooled into thinking the message is real.

Happy Valentines Day

The National Fraud Intelligence Bureau’s (NFIB) proactive intelligence team in the UK are warning that victims are being contacted electronically by fraudsters claiming to be from the UK’s Home Office offering them a National ID Card for Commonwealth Citizenship.
Fraudsters are selling the “British Commonwealth National cards” to victims for around £150 – £300. The Home Office have said that no such scheme exists and the card “does not prevent an illegal migrant from being removed from the UK”.
If you receive an unexpected email, telephone call or letter from someone who claims to be from the Home Office, it may be a scam. They will never contact you to ask for money or your personal details.
You should always get your information from official websites. The Official UK government website always has ‘.gov.uk’ at the end of their website address.
Other Home Office scams to be aware of can be found here.
  • Websites that offer jobs in the UK that do not exist. If you apply for one, they tell you that you have the job and ask you to pay visa and work permit fees.
  • People who target applicants for UK work visas. They ask you to pay a deposit as proof that you have enough funds to support you in the UK until you receive your first salary.
  • Calls from people who claim they work for the Home Office and tell you there is a serious problem with your visa.
  • Agents who tell you they can get you a visa using forged documents. The Home Office can easily spot a fake and they will refuse your application if you use them.
  • Agents who say they can speed up the process of getting a visa. They cannot.
  • People outside the UK who pretend to be visa officers and offer to meet you somewhere. Legitimate visa officers will only meet you at their offices and will never contact you to ask for money
  • Fake websites designed to look like official ones for the UK government or its official visa enquiry services. The fake website may look slightly different with an alternative layout or misspelt words.

 

Fraudsters are sending out virus infected emails that claim a package has been seized by HM Revenue & Customs upon arrival into the United Kingdom.
The official looking scam emails claiming to be from Royal Mail contain a link to document which will install malicious software on your computer designed to steal credentials like account names, email addresses and passwords etc. An example email reads:
“Title: Your parcel has been seized
Royal Mail is sorry to inform you that a package addressed to you was seized by HM Revenue & Customs upon arrival into the United Kingdom.
A close inspection deemed your items as counterfeit and the manufacturers have been notified. If your items are declared genuine then they will be returned back to you with the appropriate custom charges.
You may have been a victim of counterfeit merchandise and the RM Group UK will notify you on how to get your money back. Please review the attached PDF document for more information. 
Document (RM7002137GB).Zip
Please accept our apologies for any inconvenience this may have caused.
The help the spread of the virus, the emails also says: “you will need to have access to a computer to download and open the Zip file”.
Comment
If you receive one of these emails, do not click on any links or download any attachments
Advice from Royal Mail on scam emails and how they contact you. The Royal Mail will never –
  • Send an email asking for credit card numbers or other personal or confidential information.
  • Ask customers to enter information on a page that isn’t part of the Royal Mail website.
  • Include attachments unless the email was solicited by customer e.g. customer has contacted Royal Mail with an enquiry or has signed up for updates from Royal Mail.

Royal Mail have also stressed that they do not receive a person’s email address as part of any home shopping experience.

If you receive an email from a William Frank with a similar or the same message as the following then it is a scam. The senders address is “barr.williams40frank (at) gmail.com”. and the suubject is “I wait to hear from you soon”.

This has been in circulation for over a year and is current doing its rounds. The message is sometimes from a different email address or in the name of “Sir Ralph Rentals” using the same UK address.

Advice: Do not respond as the originator is simply trying to obtain as much personal data about you, to steal your money.

“I AM WILLIAM FRANK FROM THE UK. A GROUP OF RESEARCHER WILL BE COMING FOR A TEN DAY RESEARCH WORK ON A TOPIC “TOURISM AND RURAL DEVELOPMENT”AND WE WILL BE NEEDING THE FOLLOWING IN YOUR FACILITY.

(1) NO OF GUEST : 4 PEOPLE

(2) NO OF ROOMS : 4 SINGLE OR 2 DOUBLE ROOMS.

(3) NO OF DAYS : 10 DAYS

(4) BREAKFAST EACH FOR 4 PEOPLE DAILY

(5) ARRIVAL DATE: 15TH FEBRUARY 2016

(6) DEPARTURE DATE: 25TH FEBRUARY 2016

EMAIL ME  THE GRAND TOTAL COST OF 4 SINGLE OR 2 DOUBLE ROOMS FOR 4 PEOPLES IN I0 NIGHTS, AS WELL AS REQUIRED TAXES IF ANY ENDEAVOR TO  CONVERT THE TOTAL COST IN  EURO CURRENCY.

I WAIT TO HEAR FROM YOU SOON.

NB: YOU CAN SUGGEST AN ALTERNATIVE DATE IF YOU ARE FULLY BOOKED WITHIN THIS PERIOD FOR THEIR CONSIDERATION.

KIND REGARDS,

WILLIAM FRANK”

Beware the following email originating from John Liu <chinaregistry177 (at) aliyun.com address individually to you. It is a scam trying to get you to part with your money. The website at the end of the message does not exist.

Subject: CN Domain and keyword

“(It’s very urgent, please transfer this email to your CEO. Thanks)

We are the domain name registration service company in China. On Dec 30, 2015, we received an application from Huaxun Holdings Ltd requested “XXXXXX” (name removed) as their internet keyword and China (CN) domain names. But after checking it, we find this name conflict with your company name or trademark. In order to deal with this matter better, it’s necessary to send email to you and confirm whether this company is your distributor or business partner in China?

Kind regards

John Liu
General Manager
China Registry (Headquarters)
8052, Douhai Building, No. 59 Baolian Road,
Shanghai, China
Tel: +86 21 6191 8696
Mobile: +86 138 1642 8671
Fax: +86 21 6191 8697
Web: www  .chinaregistry.com.cn
Email: john (at) chinaregistry.com.cn

 

Comment and Advice

The unsolicited email you receive is from a Chinese domain registrar (could be a certified registrar, agent, affiliate or private person). In the email they explain that a supposed company (try to Google the name) is interested in some available domain names (typically .hk, .cn, .tw), which correspond with your brand name. In only a few days the other party will register these domains, unless you secure them first. The domain registrar can even send you an email from the interested third party (it comes from a hotmail address) claiming that they want to register your domain names, and they are only waiting for approval from Mr. Jim or whatever his name is.

There is a similar domain name: www  . chinaregistry.org.cn. In trying to connect to this my anti virus protection gave the following message so beware:

“When we visited this site, we found it may be designed to trick you into submitting your financial or personal information to online scammers. This is a serious security threat which could lead to identity theft, financial losses or unauthorized use of your personal information”.

It can be very expensive if you fall for it.  Just ignore it.

Phishing attack aimed at “cpanels” on websites

An email is being circulated by “hackers” attempting to gain access to the cpanel on your website which as you know controls the use and functioning of your website. Access to this by hackers could have disastrous results. It accompanied by a cpanel logo and reads:

“Our records indicate that your   website domain name and hosting have exceeded your Disk Space Usage and file Uploading. To avoid service interruption click here to update your portal”

The email is address personally to your email linked to your website. The sender is ” info1 (at) cpanel.com” and the subject is “Your website domain name and hosting”. If you click on the “click here” tab you will be taken through to a FAKE cpanel page which looks like your “cpanel” page, where you will be invited to enter your user name and password.

DO NOT on any account do this and it will simply be recorded by hackers who will gain access to your account. If you do enter your details then immediately contact your hosting company and change all your passwords. If you have any doubts concerning your disc storage space then access your cpanel by the normal means and check.

 

It was reported on 17th December that police in the UK have received multiple reports from people who have been defrauded after paying for winter holiday accommodation on RightSki.com and ChaletHunter.com.

According to the UK’s National Fraud Intelligence Bureau (NFIB) RightSki.com and ChaletHunter.com were set up by fraudsters using fake details and false information.

The NFIB are proactively taking steps to suspend the websites and virtual phone numbers used by these fraudsters and are warning consumers that they may continue this activity and use alternative websites. Fraudsters can easily set up new pages with different names very quickly. Victims lost over £60k in total so far

Over a dozen victims who made reports so far state to have lost approximately £60,000 in total with the majority paying by bank transfer, where unfortunately, once money has left an account – little can be done to retrieve this.

The NFIB is also urging any victims who have not yet reported to come forward and report to Police.

Note: A check of the two websites shows that RightSki.com has closed but ChaletHunter.com still exists.

Action Fraud UK recommends the following advice regarding the booking of holidays on-line

  • Stay safe online:  Check the web address is legitimate and has not been altered by slight changes to a domain name – such as going from .co.uk to .org
  • Do your research: Don’t just rely on one review – do a thorough online search to check the company’s credentials. If a company is defrauding people there is a good chance that consumers will post details of their experiences, and warnings about the company.
  • Look for the logo: Check whether the company is a member of a recognised trade body such as ABTA. You can verify membership of ABTA online, at www.abta.com
  • Pay safe: Never pay directly into an owner’s bank account. Paying by direct bank transfer is like paying by cash – the money cannot be traced and is not refundable. Where possible, pay by credit card, (or a debit card that offers protection).
  • Check paperwork: You should study receipts, invoices and terms and conditions, and be very wary of any companies that don’t provide any at all.
  • Use your instincts: Be wary of advertisements showing accommodation at substantially lower prices than the competition.

People often ask how their bank account could be hacked into. The following is one way, which is prevalent this time of the year.  Mobile phone and laptop users are warned over the risky practice of checking bank balances or entering any personal details while using public WIFI because hackers could steal their details.

During the busy Christmas spending season more people than usual are expected to log-on to find out how much money is in their accounts while out shopping.

And free wifi is more readily available than ever before with restaurants, airports, coffee shops, hotels, and high street stores all offering the service to customers.

But data sent to your bank and other companies while using these networks can easily be intercepted by criminals to forge your identity or raid the money from your account.

The so-called ‘man-in-the-middle attacks’ are a form of digital eavesdropping where a fraudster can see the information you are sending to your bank – and vice versa – through the network.

The fraudster may be able intercept any transactions and can also access personal data that can be used for future frauds.

Or if you were to fill out an online form or make an application while using public wifi the information could also be potentially stolen and used to clone your identity.

Jacqueline Dewey, managing director of Consumer Markets, at credit reference agency Noddle, based in the UK said: “Never input your personal details while using a free or public Wi-Fi connection as someone could be watching everything you are typing and viewing over the internet connection.

“In fact, it’s a good idea to avoid using open Wi-Fi connections if you can help it.”

Experts said Christmas season raises the opportunity for cyber criminals to lure in more victims with a variety of targeted scams and frauds and are urging people to be extra vigilant at this time.

Black Friday and Cyber Monday are consumer shopping events offering deals, bargains, and coupons.  Cyber Monday occurs the Monday after the American Thanksgiving holiday, and has become “one of the biggest online shopping days of the year.”

Consumers are expected to spend $105 billion in online shopping this year, and while Cyber Monday offers convenience, it is also a prime opportunity for malicious actors to commit cybercrimes including installing malware, stealing financial or credit card information, committing identity theft, and obtaining passwords, data, or other sensitive information.

On Cyber Monday, follow these tips to protect yourself:

  • Type in retail website URLs directly rather than clicking on advertisements.
  • Shop on reputable websites and use encrypted, secure HTTPS sites if entering credit card information.
  • Password-protect all online retail accounts.  Do not store credit card information on these sites.
  • Use credit cards rather than debit cards to protect your accounts and to limit liability for potential fraudulent activity.
  • Avoid spam or phishing emails with “too good to be true” deals or offers.
  • Be careful when shopping with mobile devices.  Use reputable apps and avoid entering sensitive or financial information when using public Wi-Fi hotspots.
  • Update antivirus software on home computers.