Archives: Cybercrime Alerts

Cybercrime Alerts news and reviews

Police are investigating after a “significant and sustained cyber-attack” on the TalkTalk website, the UK company has confirmed.

The phone and broadband provider, which has over 4 million customers in the UK, said credit card and bank details could have been a accessed. A statement on its home page reads “Our website came under a significant and sustained cyber-attack on Wednesday 21st October. We’ve created a guide with more information about what’s happened.”

The Metropolitan Police Cyber Crime Unit is investigating the attack, which happened on Wednesday. It is the second time the company has been targeted by hackers this year.

Tristia Harrison, TalkTalk’s managing director said in a statement that a criminal investigation was launched on Thursday and was ongoing but there was a chance that names, addresses, dates of birth, email addresses and bank details had been accessed.

“We are very sorry to tell you that on Thursday 22nd October a criminal investigation was launched by the Metropolitan Police Cyber Crime Unit following a significant and sustained cyberattack on our website on Wednesday 21st October. The investigation is ongoing, but unfortunately there is a chance that some of the following data may have been accessed:

  • Names
  • Addresss
  • Dates of birth
  • Email addresses
  • Telephone numbers
  • TalkTalk account information
  • Credit card details and/or bank details

We are continuing to work with leading cyber crime specialists and the Metropolitan Police to establish exactly what happened and the extent of any information accessed.

We would like to reassure you that we take any threat to the security of our customers’ data very seriously. We constantly review and update our systems to make sure they are as secure as possible and we’re taking all the necessary steps to understand this incident and to protect as best we can against similar attacks in future. Unfortunately cyber criminals are becoming increasingly sophisticated and attacks against companies which do business online are becoming more frequent.

What we are doing

  • We are contacting all our customers straight away to let them know what has happened and we will keep you up to date as we learn more
  • We have taken all necessary measures to secure our website following the attack
  • Together with cybercrime experts, the security services and the police, we’re continuing to complete a thorough investigation
  • We’ve contacted the major banks, and they will be monitoring for any suspicious activity on our customers’ accounts
  • We have contacted the Information Commissioner’s Office

What you can do

  • Keep an eye on your accounts over the next few months. If you see anything unusual, please contact your bank and Action Fraud UK as soon as possible. Action Fraud is the UK’s national fraud and internet crime reporting centre, and they can be reached on 0300 123 2040or via actionfraud.police.uk
  • If you are contacted by anyone asking you for personal data or passwords (such as for your bank account), please take all steps to check the true identity of the organisation.
  • Check your credit report with the three main credit agencies: Call Credit, Experian and Equifax

Important notice

Please be aware, TalkTalk will NEVER call customers and ask you to provide bank details unless we have already had specific permission from you to do so.

TalkTalk will also NEVER

  • Ask for your bank details to process a refund. If you are ever due a refund from us, we would only be able to process this if your bank details are already registered on our systems.
  • Call you and ask you to download software onto your computer, unless you have previously contacted TalkTalk, discussed and agreed a call back for this to take place.
  • Send you emails asking you to provide your full password. We will only ever ask for two digits from it to protect your security.

We understand this will be concerning and frustrating, and we want to reassure you that we are continuing to take every action possible to keep your information safe.

Tristia Harrison
Managing Director (Consumer)
TalkTalk

22nd October 2015”

Please be aware of this phishing attack from an unknown sender “AStovell (at) ulohc.org”. This attack is trying to obtain your personal data in order to commit fraud. Note the senders address which does not appear to be on behalf of any legitimate organization and the threatening nature of the email. Do not reply and simply delete.

“Help Desk  

Scheduled Maintenance & Upgrade 

Your account is in the process of being upgraded to a newest Windows-based servers and an enhanced online email interface inline with internet infrastructure Maintenance. The new servers will provide better anti-spam and anti-virus functions, along with IMAP Support for mobile devices to enhance your usage. 

To ensure that your account is not disrupted but active during and after this upgrade, you are required to kindly confirm your account by stating the details below: 

* Domain\user name:

* Password: 

This will prompt the upgrade of your account. 

Failure to acknowledge the receipt of this notification, might result to a temporary deactivation of your account from our database. Your account shall remain active upon your confirmation of your login details. 

During this maintenance window, there may be periods of interruption to email services.  This will include sending and receiving email in Outlook, on webmail, and on mobile devices. Also, if you leave your Mailbox open during the maintenance period, you may be prompted to close and reopen. 

We appreciate your patience as this maintenance is performed and we do apologize for any inconveniences caused. 

Sincerely, 

Customer Care Team”

In a week long survey just completed by international research organization One Poll, for “Get Safe Online Week”, over one in five (21%) victims of a cybercrime believe they were specifically targeted by fraudsters and over a third (37%) had been left feeling vulnerable as a result. Only 38% of the victims believed that the incident was down to bad luck and over half (57%) think it’s becoming much easier to fall victim to an online crime.

It’s always personal

The Get Safe Online survey went on to show that over a quarter of victims (26%) had been scammed by phishing emails or ‘vishing’ phone calls. These are a much more targeted type of scam where the fraudster uses data about the victim pieced together from various sources such as social media and intercepted correspondence to sound convincing, and manipulates them into sharing confidential information linked to online accounts.

Other areas where victims were targeted include:

  • Fake tax rebate emails (13%)
  • Phone/tablet/laptop hacking (9%)
  • Identity theft (5%)
  • Cyber bullying or harassment (4%)
  • Personal images stolen via webcam hacking (1%).

The financial cost of a crime

41% of people who have been a victim of a cybercrime lost money with the average person losing £738. Men, however, are likely to lose significantly more, with the average loss being £839 compared to £617 for women. Shockingly, 8% stated they had lost in excess of £5,000.

Separate figures, prepared by the National Fraud Intelligence Bureau (NFIB) for Get Safe Online Week, give an indication to the sheer scale of online crime, with over £268 million lost nationwide to the top ten internet‐enabled frauds reported between 1st September 2014 and 31st August 2015. The £268 million number comes from reports of fraud to Action Fraud, calculated when the first contact to victims was via an online function.

Awareness of Cybercrime

However, as a significant number of internet‐enabled fraud cases still go unreported the true economic cost to the UK is likely to be significantly higher. According to the survey, almost one in five (19%) don’t bother reporting a cybercrime.

The survey also indicates that the public are more aware of the risk of cybercrime; 30% of those surveyed think they know more about online safety now compared to a year ago and a further 21% say they know more than they did two years ago.

High profile data breaches in the news have also made people more cautious about their behaviour online, with the majority (64%) of the public being more cautious about sharing their personal data with companies. However, women are much more cautious (69%) compared to just 60% of men. 23% claimed it was specifically the Carphone Warehouse breach, 22% said they were most worried following the rise in scams in the wake of the pension reforms earlier in the year, 18% cited the Apple iTunes email scam and 17% stated the Talk Talk, Sony and Ashley Madison data hacks respectively.

The survey was conducted on-line with 2000 respondents

 

 

The results for the British Crime Survey for the first time show that fraud and cybercrime are the most prevalent crimes committed against people in England and Wales.

The introduction of questions around fraud and cybercrime show the changing face of crime with offences enabled by use of the internet changing the nature of offending in the UK.

Criminals and organised crime groups no longer have to commit crime in person and often use the anonymity of the internet to commit crime.

According to Action Fraud, the importance of today’s statistics is underlined as crime in this area is hugely under reported as evidenced by the vast difference between the number of reports to Action Fraud (406,935 in 2014) and the millions evidenced in the British Crime Survey.

Victims are frequently defrauded and then reimbursed by financial institutions with neither party reporting the matter to Action Fraud or the police.

This hampers law enforcements ability to investigate, prosecute or prevent further crimes being committed against victims and prioritise it against other crime types.

The National Fraud Intelligence Bureau, part of the City of London Police, help to disrupt 4,000 websites, bank accounts and phone lines every month leading to the prevention of £369 million fraud last year.

But with the cost of fraud to the UK economy estimated at £30 billion more needs to be done and more resources are needed to assist law enforcement to help victims of crime and prevent further victimisation.

With half of all fraud and cybercrime committed against UK victims by criminals overseas investigation in this area is costly and labour intensive.

The police cannot solve this problem alone and the UK’s response needs to be a co-ordinated one and include the business community.

 

As reported by SAPOTek, there is an ongoing massive new phishing attack aimed at customers of several Portuguese banks. This manifests itself by emails requesting recipients to complete a form that links to fake websites.

Caixa Geral de Depósitos, Novo Banco and Montepio Geral are the names of banks used in the latest phishing attack aimed at Portuguese clients of banking institutions. There is some level of sophistication in the presentation but some messages have errors and are more basic.

E-mail messages are sent in large numbers to e-mail recipients, whether or not customers of these banks, requesting information and directing users to fake Web sites. These sites are well constructed, copying the sites of the actual banks. They ask for the user’s login and details to complete the authentication when banking transactions are made through the home banking pages.

As can be seen from the images this is a well-built scheme, with sites that are still active although the e-mails have been sent since yesterday. Samples of fraudulent pages can be seen here.

With user information and data such as, passwords, card, tax number and other information, attackers have access to all the necessary information to use the accounts of online users, and validate payment transactions, transfers and other services they want to accomplish.

All banking institutions have made repeated warnings that their clients do not respond to such e-mail messages that do not follow the links and not to disclose the data of accounts, passwords and card information matrix.

To identify this type of phishing is to be aware of small bank image and details and the type of language used. A link will open the site you will see that this does not have the right address, nor is it a secure site, using the https: // protocol.

Users are advised to check carefully messages received from the sender regarding content. Also it is important to use an updated antivirus, although in this case is deemed useless to filter this threat.

Phishing scams are part of one of the greatest threats of cyberattacks and in Portugal this is usually directed at large institutions, with many customers, such as EDP or banks, as well as the Tax Authority. Also last year the Judicial Police uncovered a scheme that had already managed to extort more than 70,000 euros from two victims.

This is a scam that is being sent to many business inviting you list your company in what is in fact a non-existent register. Attached to the email is a PDF document which you are invited to complete and return to the sender.  In the fine print you agree to pay a large amount of money in some cases up to £1000 per year. This is completely bogus and the best action is to ignore and delete.

The email from “register (at) ebr-register.net, subject “Business Register 2015/16 reads as follows:

“Hello

In order to have your company inserted in the EU Business Register for 2015/2016, please print, complete and submit the attached form (PDF file) to the following address:

EU BUSINESS REGISTER

P.O. BOX 34

3700 AA ZEIST

THE NETHERLANDS

Fax: +31 30 310 0126

You can also attach the completed form in a reply to this email.

Updating is free of charge!”

According to a UK report a cybercriminal who used malicious computer software to spy on people through their webcams has been added to the sex offenders register for seven years and has been given a 40 week suspended sentence.

Stefan Rigo, 33 hacked the computers of unsuspecting victims and watched them having sex through their webcams. He was arrested on November 2014 as part of an international operation targeting users of software designed to remotely take over, control and steal information from computers.

Rigo used his ex-girlfriend’s details to pay for and download the Blackshades malware, a tool which gives the user complete control over target computers, wherever they are in the world. The software can turn victims’ webcams on and off, access banking or other personal information, download new and potentially illegal content, and instruct the victim’s computer to help commit acts of criminality such as Distributed Denial of Service (DDoS) attacks.

When the National Crime Agency (NCA) examined Rigo’s computer equipment they found a series of images that involved people engaged in sexual acts over Skype or in front of their computers.

In September 2015, Rigo attended Leeds Magistrates Court and was found guilty of voyeurism offences.  He was sentenced to a 40 week suspended sentence, seven years on the sex offenders register, 200 hours of unpaid work and the forfeiture of all his computer equipment.

Comment

A useful tip is to cover your webcam on your notebook with a piece of tape when not in use. The second tip of course, is not to do anything in front of your webcam which you do not wish others to see.

Here is a classic phishing scam in the name of the CEO of Microsoft Corporation. The email came with a large signature of the CEO. The email  address is finance (at) ctplo.com which is not a Microsoft address. Note also the poor grammar in places and other mistakes. Basically the sender is trying to convince the receiver to disclose personal data, to order to remove money from the receiver’s bank account. Simply ignore and delete.

“MICROSOFT® CORPORATION

Cardinal Place
80-100 Victoria Street
London,SW1E 5JL
United Kingdom

Winning No: MSFT/5975/107/2015

Ticket No: MSFT/3081/039/2015
MICROSOFT YEARLY ANNIVERSARY WINNING NOTIFICATION

We wish to congratulate you on this note, for being part of our selected winners in our just concluded internal promotion draw this year, this promotion was set-up to encourage the active users of Microsoft products and its software services.

Hence we do believe with your winning prize, you will continue to be an active patronage to Microsoft products and its software services. Microsoft Corporation develops and markets software, services and hardware that deliver new opportunities, greater convenience and enhanced value to people’s lives. We ran an online e-mail beta draw which your email address won Nine Hundred and Fifty Thousand Great British Pounds Sterling (Ј950,000.00). We wish to formally announce to you that you have successfully passed the requirements, statutory obligations, verifications, validations and satisfactory report Test conducted for all online winners.

A winning check will be issued in your name by Microsoft Promotion Award; for the sum of Nine Hundred and Fifty Thousand Great British Pounds Sterling (Ј950,000.00) and also a certificate of prize claims will be sent alongside your winning check cashable at any bank.

You are advised to contact the assigned Microsoft Program Administrator/Coordinator with the following details to avoid unnecessary delay and complications:

VERIFICATION AND FUNDS RELEASE FORM

(1) Your Contact Address/Private Email Address:

(2) Your Tel/Fax Numbers:

(3) Your Nationality/Country:

(4) Your Full Name:

(5) Occupation/Company:

(6) Age/Gender:

(7) Ever Won An Online Lottery?

(8) Comments about Microsoft:
Philippa Snare

Chief Marketing Officer, Microsoft UK

E-mail: microsoftclaims006 (at) 163.com

Fax No: +44 8447 749 891
Microsoft values your right to privacy! Your information is 100% secured and will be used exclusively for the purpose of this award only.

The Microsoft Promotion Award Team has discovered a huge number of double claims due to winners informing close friends relatives and third parties about their winning and also sharing their pin numbers. As a result of this, these friends try to claim the lottery on behalf of the real winners. The Microsoft Promotion Award Team has reached a decision from its headquarters that any double claim discovered by the Lottery Board will result to the canceling of that particular winning, leading to a loss for both the double claimer and the real winner, as it is taken that the real winner was the informer to the double claimer about the lottery. So you are hereby strongly advised once more to keep your winnings strictly confidential until you claim your prize.

Congratulations from the Staffs & Members of the Microsoft interactive Lotteries Board Commission.

Yours faithfully,

Satya Nadella

CEO of Microsoft Corporation”.

Did you know that sometimes, the apps you use for your smartphone have access to your personal information and are capable of sharing it? Are you aware that your privacy can be invaded across the network board? That includes Twitter, Facebook, Instagram, LinkedIn, Google+ and more. The following article by Robert Siciliano an identity theft expert provides a way of tackling this problem.

And how can you tell which applications can do this? “MyPermissions” can tell you. Once you load this and do some setting up, you’ll see which apps on your device has access to your information.

For instance, it’s not just a matter of who can get your information, but how often and just what, such as your contact list, photos and more. The more apps you use, the more likely your personal information is getting “shared,” i.e., leaked into cyberspace without your knowledge.

MyPermissions will alert you when an application barges into your sensitive information. It will give you control over who gets access to your data.

Without MyPermissions, it’s like walking through a crowded area and dropping one copy after another of your driver’s license, bank statement, credit card and family contacts.

So let’s suppose you’d like to start with Facebook. You tell MyPermissions you’d like a scan. MyPermissions will use your FB account to look for external connections. You’ll have a dashboard to see who’s getting into your information and you’ll be directed in how to stop this.

Worried if MyPermissions will share your data? Don’t. It will never collect, store or use any of your private information.

A similar application is that of Online Privacy Shield (free from Google Play Store). It will tell you which of your apps are nosing around in your private files and what they’re getting. And you could control who gets what.

Instagram, Twitter, Facebook, LinkedIn, etc., all have different ways for terminating access to your privacy, so bear with that—don’t expect all to terminate with one simple click just because one particular service has a one-click termination.

Be prepared for a shock: Hundreds of apps may have access to your sensitive data. You’ll need to embrace and appreciate the time required to get all of this straightened out. But when all is said and done, you’ll be glad you took that time.

The following Phishing attack in the name of PayPal was received on 21 st September. The sender is trying to get people to reply and then will be taken to a website where you will be invited to disclose your personal details – simply delete without clicking through or replying.

The clues that this is a scam are as follows:

  • Email address is suspicious
  • Subject title is unlikely by using the word “Seriously”
  • “PayPal is spelt “PayPaI”
  • “Into” is spelt “in to”
  • “Users” is spelt “User”

The email reads as follows:

Noreply Service cominr-comin (at) wadas.onmicrosoft.com 

Subject: Seriously: Please Update Your Account 

Dear Customer, 

We emailed you a little while ago to ask for your help resolving an issue with your PayPaI account. Your account is still temporarily limited because we haven’t heard from you. 

To help us with this and to see what you can and can’t do with your account until the issue is resolved, log in to your account and go to the Resolution Center.

  • Sign in to your paypal account , update your account info
  • Please read the Policy Update carefully. It contains important legal information about when and how the changes to our User Agreement will become effective.
  • If you agree to the changes, you need to do anything as any updates will automatically come into effect. If you do not wish to accept the changes, we have also provided you with the steps you can take on the Policy Update page.

 Log In to PayPaI

 Yours sincerely,

PayPaI

 

Please do not reply to this email because we are not monitoring this inbox. To get in touch with us, log in to your account and click “Contact Us” at the bottom of any page. .

Consumer advisory: PayPal Pte Ltd, the Holder of the PayPal™ payment service stored value facility, 

does not require the approval of the Monetary Authority of Singapore. User are advised to read the terms and conditions carefully.

Copyright © 1999-2015 PayPaI Inc. All rights reserved”.