Archives: Cybercrime Alerts

Spam emails are at their lowest level for 12 years suggesting that Cyber criminals are looking at new ways to target victims, according to an article published in the UK’s Daily Telegraph.

Less than half of emails scanned last month by the security company Symantec were junk, the lowest position since 2003.

The company said that legal action again criminal networks that distribute spam had had an impact on cutting its frequency.

However the fall has continued with a rise in malware – hostile software designed to damage a computer – the company’s monthly threat report found. Ben Nahorney of Symantec said “This increase in activity lends more evidence to the idea that, with the continued drops in email-based malicious activities, attackers are simply moving to other areas of the threat landscape”.

Last month 49.7% of the billions of emails monitored by Symantec were spam messages.

The downward trend has continued since the report was compiled. Of the 25 billion messages monitored by the firm on Tuesday, only 46.4 were spam.

The drop was a result of action against botnets, networks of hijacked computers through which spam is often sent, the report said. British police officers have helped break seven such networks in the last 10 months.

European network providers have also joined together to share information, botnet activity to limit their effectiveness.

Symantec said other formerly popular scams, such as phishing for passwords and email with malware attached, also showed a decline in June. But it warned of a rise in the amount of malware being produced. Some 57.6 million pieces of malware were seen in June, almost double the level of April.

Millions of people in the UK are failing to take basic steps like redirecting post or updating firewalls to protect their identities from criminals, a new survey shows.

The results have been published as the City of London Police and partners launch the ‘Not With My Name’ campaign to target the growing threat of identity crime in the UK.

One in four UK adults – 12.275 million people – is believed to have fallen victim to identity crime losing on average £1200 each, with total losses to the UK adult population estimated to be £3.3 billion*.

The campaign will urge people to protect their personal information by creating safe passwords, protecting internet devices, rejecting unsolicited phone calls and emails, and safely storing and disposing of mail. Worryingly, today’s survey shows that many people are not taking these steps:

• Online security – 1 in 3 (34%) do not regularly update their firewall or antivirus software;
• Social media –1 in 3 (35%) do not limit the amount of information they share on social media;
• Safe disposal of documents – 1 in 3 (31%) of people do not shred letters before throwing them away.

Two thirds of people (71%) do not regularly redirect their post for at least six months when they move house, leaving them vulnerable to bank statements or other mail being intercepted by fraudsters.

There are also age differences. For example, 95% of those aged 65 and over report cutting up old credit and debit cards, compared to just 66% of 18-24 year-olds. Similarly, 83% per cent of those aged 65 and over report shredding letters, compared to just 45% of 18-24 year-olds

Identity crime is growing in the UK and protecting personal information is essential to combating the threat. In the first quarter of 2015 there was a 27% increase in identity fraud. The average age of a victim of ID fraud is 46, with men being 1.7 times more likely than women to have their identity stolen.

Victims often find that money has been removed from their bank or their account has been taken over, a fraudulent passport or driving license has been created in their name, or loans, mortgages and mobile phone contracts have been set-up using their identity.

Identity crime is distressing for victims and takes an average 200 hours of a person or businesses’ time to resolve. The rise is also concerning because the proceeds are often used to fund further criminal activity.

City of London Police Commander Steve Head, who is the Police National Coordinator for Economic Crime, said: “Identity crime is a serious issue for the country, with some reports suggesting that as many as one in four adults may have been a victim at some time, with the potential costs to our economy running into billions of pounds. People across the UK are having their personal information stolen online or even over the phone and often unknowingly. These identities are then used by criminals to commit further criminality, to evade detection from law enforcement and to help launder the proceeds of crime. To really get to grips with identity crime it requires all of us to come together and share advice and best practice on how to most effectively protect our personal information.

The tips to protect yourself from identity fraud are:

• Tip 1: Be careful who you give your personal information to and how
• Tip 2: Make it as difficult as possible to crack your personal passwords
• Tip 3: Always destroy or securely store personal documents
• Tip 4: Don’t respond to unsolicited phone calls or emails
• Tip 5: Protect your personal devices

Please be aware of this scam that was circulated on 28th June 2015 in the Algarve and possibly beyond. The persons whose name the email is from, had her computer hacked into and the email address book compromised on 27th June.

The following email has been sent by the hacker puportedly from Gracy Biss to a unknown number of people. As a result one person in the central Algarve gave her bank instructions this morning to transfer €1000 to the hackers address through Western Union, believing it to be Gracy Biss, who it is not. Safe Communities Portugal was informed of this by the victim and advised not to send the money as it is a scam. If anyone receives this please Do Not reply. I have been asked by Liliana Moreira the daughter in law of Gracy Biss to inform people and clients of her company to email Liliana Moreira at lilianaraquelmoreira@gmail.com  so the company can update its records.

I am very grateful to Gracy and Liliana and the potential victim for giving us permission to share this quickly.

The Scam is as follows

Subject: “Help Requested………….Gracy Biss

Sorry to bother you with this, I took a urgent visit to Ukraine to see my sick cousin who is suffering from a critical Uterine fibroid and must undergo a hysterectomy surgery to save her life. The news of her illness arrived to me as an emergency, she’s going through a lot of pain at the moment and she needs family support to keep her going.

The doctors have advised that it is necessary that the tumor is operated soon to avoid any complications. I hope you understand my plight and pardon me.The estimate for the Hysterectomy surgery is $9,000. I have already spent approx. $6,000 cash towards her treatment so am wondering if you can assist me with 2,800 an of $3,000 to make the necessary arrangement for the surgery to be carried out.Your help and support will give her a chance to live normal life once again. I will surely pay you back as soon as I return. I will appreciate whatever you can help me with. Kindly let me know if you can be of help so I can send you my money gram details since I cannot operate my bank account from here.

Regards.

Gracy, Ricardo & Liliana Biss”

A joint investigation team (JIT) consisting of investigators and judicial authorities from six different European countries, supported by Europol and Eurojust, has taken down a major cybercriminal group during a coordinated action in Ukraine. With on-the-spot support from Europol, Austrian and Belgian law enforcement and judicial authorities, the action in Ukraine on 18 and 19 June resulted in the arrest of five suspects, eight house searches in four different cities, and the seizure of computer equipment and other devices for further forensic examination.

The aim of this JIT was to target high-level cybercriminals and their accomplices who are suspected of developing, exploiting and distributing Zeus and SpyEye malware – two well-known banking Trojans – as well as channelling and cashing-out the proceeds of their crimes. The cybercriminals used malware to attack online banking systems in Europe and beyond, adapting their sophisticated banking Trojans over time to defeat the security measures implemented by the banks. Each cybercriminal had their speciality and the group was involved in creating malware, infecting machines, harvesting bank credentials and laundering the money through so-called money mule networks.

On the digital underground forums, they actively traded stolen credentials, compromised bank account information and malware, while selling their hacking ‘services’ and looking for new cooperation partners in other cybercriminal activities. This was a very active criminal group that worked in countries across all continents, infecting tens of thousands of users’ computers with banking Trojans, and subsequently targeted many major banks. The damage produced by the group is estimated to be at least EUR 2 million.

The recent action was part of the wider investigation that was launched in 2013 by the JIT members (Austria, Belgium, Finland, the Netherlands, Norway and the United Kingdom), and facilitated by Europol and Eurojust Last week’s results brings the total number of arrests in this operation to 60 – 34 who were captured as part of a ‘money mule’ operation run by Dutch law enforcement authorities.

Europol has provided crucial support to the investigation since 2013 including handling and analysis of terabytes of data, and thousands of files in the Europol Malware Analysis System; handling of thousands sensitive operational messages; production of intelligence analysis reports; forensic examination of devices; organisation of operational meetings and bi-monthly international conference calls. The enormous amount of data that was collected and processed during the investigation will now be used to trace the cybercriminals still at large. Both Eurojust and Europol provided funding for the joint investigation team.

Several action days took place during the course of the long-running investigation, which resulted in significant operational successes in Belgium, Estonia, Finland, Latvia, the Netherlands and Ukraine. Such results were possible thanks to intense cooperation between the JIT and law enforcement and judicial partners in Estonia, Latvia, Germany, Moldova, Poland, Ukraine and the US.

Action Fraud UK has reported that in this month (June 2015) alone they have received 533 reports of ticket fraud relating to gigs, concerts and sporting events.

Of the 533 reports, 228 mentioned a company called Circle Tickets which has recently ceased trading online. Circle Tickets was advertising tickets for Taylor Swift, Fleetwood Mac and Ed Sheeran. The 228 reports are with the National Fraud Intelligence Bureau for analysis and assessment.

Statistics from NFIB show that 33% of crime reports related to ticket fraud in 2014 happened in the months May, June and July. This is largely due to the number of UK festivals and high-profile concerts taking place during these months.

Get Safe Online has recently joined forces with the NFIB and Gumtree to warn you to be careful of ticket fraud at this time of year.

Get Safe Online recommend the following tips to make sure you protect yourself

• Buy tickets only from the venue box office, promoter, official agent or reputable ticket exchange sites.
• Remember that paying by credit card offers greater protection than with other methods in terms of fraud, guarantees and non-delivery.
• Double check all details of your ticket purchase before confirming payment.

• Do not reply to unsolicited emails from sellers you don’t recognise.

Before entering payment card details on a website, ensure that the link is secure, in three ways:

1. There should be a padlock symbol in the browser window frame, which appears when you attempt to log in or register. Be sure that the padlock is not on the page itself … this will probably indicate a fraudulent site.
2. The web address should begin with ‘https://’. The ‘s’ stands for ‘secure’.
3. If using the latest version of your browser, the address bar or the name of the site owner will turn green.

Further protection advice

1. Ensure any third-party payment services (such as WorldPay) are secure before you make your payment.
2. Safeguard and remember the password you have chosen for the extra verification services used on some websites, such as Verified by Visa.
3. In the event that you choose to buy tickets from an individual (for example on eBay), never transfer the money directly into their bank account but use a secure payment site such as PayPal, where money is transferred between two electronic accounts.
4. Check sellers’ privacy policy and returns policy.
5. Always log out of sites into which you have logged in or registered details. Simply closing your browser is not enough to ensure privacy.
6. Keep receipts.

This a fairly typical lottery scam received on 27th June 2015. The subject is “Coca-Cola Promotion sent by nibm-agent (at) foxmail.com. This is a Phishing attack seeking to get you to divulge your personal information, with the aim of removing money from your accounts. If you have not entered a lottery then of course you will not be winner – so ignore. Do not reply, or click on the link – simply delete.

“Dear Lucky Winner,

This is to inform you that your Email Address have won you a prize of 500,000.00(Five Hundred Thousand Euros) from our 100 Years Journey Lottery Promo which is organized by Coca Cola Company in appreciating and compensating all our esteemed customers and the general public.

Please note that no ticket was sold or any online lotto was organised in respect to this notification but we simply employ the expertise of our microsoft experts to extract from millions of email addresses from the internet by using the synchronise database selection system and your email address was selected along with others, which automatically enters you as one of the 5 lucky winners.

Please note that this year special promo is a journey of 100 years of consistency and quality,as we celebrate our success we give back to the society and our numerous customers around the globe and for verification see our website for details..(http://  www.     cocacola.es.).

Please on this note you are advise to kindly contact Mr.Ivan.Gonzales our claims/disbursement manager through this email address (pay_coke01 (at) foxmail.com) and send to him your full details and this secret code (C.COLA.555/2015/ES),which you must not reveal to anyone as cases of double claims will be nullified.

1.Name:…………………

2.Address:………………

3.Country/State:……….

4.Mobile No:…………….

5.Occupation:…………..

Please contact as a matter of urgency the claims/disbursement manager with your full details for payment processing to commence.

NOTE:THIS WINNING EMAIL ALERT AND THE SECRET CODE IS YOUR PROVE TO CLAIM YOUR CASH BENEFIT AS THERE IS NO ANY OTHER INFORMATIONS PUBLISHED IN THE INTERNET TO AVOID FRAUDSTERS FROM HIJACKING THIS GOOD-WILL VENTURE.

Sincerely Yours,

Mr.Ivan.Gonzales

Claims Manager.

(Foreign Claims Dept).

Web site:http://www.cocacola.es.

The information in this email is confidential and intended solely for the recipient,and is legally protected.The use of this information by anyone other than the recipient is prohibited.Disclosure,Copying,Distribution of this information to third parties is not allowed.

Coca-cola is not liable for the improper and incomplete transmission of the contents of a sent email or for any delay in its receipt.

This footnote also indicates that the contents of this email have been scanned by a current virus/scam scanner for the presence of computer virus/scam.

Similar to the last post, this is another Malware attacking using an email with an attached Zip file being circulated at present in Portugal. This maybe more tempting if you have recently used local toll roads! Simply delete – do not reply or open attachment.

“Notice to Appear,

You have not paid for driving on a toll road.

You are kindly asked to service your debt in the shortest time possible.

The invoice is attached to this email.

Yours faithfully,

Lester Richard,

E-ZPass Manager”.

Please be aware of this email doing its rounds at present. There is a Zip file attachment. If you click on this it may infect your computer through Malware. Simply delete.

“Notice to Appear,

You have to appear in the Court on the June 30.

Please, prepare all the documents relating to the case and bring them to Court on the specified date.

Note: If you do not come, the case will be heard in your absence.

You can review complete details of the Court Notice in the attachment.

Kind regards,

Jeffrey Conley,

District Clerk”

British couple cancelled hundreds of bookings for ‘phantom’ luxury Marbella villas and kept hundreds of thousands of pounds after claiming their firm had gone bust

According to a report in the UK’s Daily Mail Newspaper dated 13^th June, a couple allegedly defrauded British holidaymakers of hundreds of thousands of pounds after advertising ‘phantom’ luxury Marbella villas on rental website Owners Direct.

Spanish police are investigating the British husband and wife Mark and Michelle Stafford, who live in the Costa del Sol, after they were accused of scamming hen and stag parties and families by taking payments for fake properties.

The Staffords allegedly targeted large groups by offering luxury Marbella villas with infinity pools, private chefs and hot tubs. But just before the groups were due to arrive, the couple contacted them saying their company had ceased trading and there was no accommodation for them.

In fact, the company – Rainbow Villas Realty – has never even been registered in Spain, yet the Staffords were able to post listings on Owners Direct and take payments.

Email they sent to clients

‘HI xxx,

We are really sorry but there is no easy way for us to break this news to you ….

Due to unforseen circumstances the company Rainbow Villas has ceased trading with immediate effect and your holiday accommodation in Marbella is cancelled. There is no accommodation in Marbella for your group and no alternative accommodation available through Rainbow Villas.

Please do not travel to Marbella expecting to have accommodation provided as there is none available through Rainbow Villas. May we advise you claim for reimbursement through your travel insurance company.’ 

The Daily Mail report added that they allegedly advertised properties which they didn’t own over the summer – sometimes double, triple and quadruple-booking them – before sending the last-minute cancellations.

Many were genuine villas owned by people who had never even met the couple, who gave the properties fake names and used photos from real estate agencies to advertise them. Others were villas the couple had rented from owners who had allegedly ended their agreements with them because of unpaid household bills and rent.

Some groups said Michelle Stafford, 56, a former auctioneer, told them that her husband Mark, 50, a former nightclub bouncer, was dying of cancer. But former friends of the couple say this is not true.

It is not clear how many holidaymakers have been affected by the alleged scam and over what period, but the couple are thought to have made hundreds of thousands of pounds. A Facebook page called ‘Rainbow Villa Scam’ last night had 525 members, the majority of whom paid about £5,000 per group for the alleged fake bookings.

Read the full article here.

Comment

Please see our advise concerning the safe booking of villas on-line.

This is a Phishing scam received by a resident in the Algarve on 8th June 2015, offering a high (too good to be true) investment requesting an urgent reply. Do not reply and simply delete the email. The sender is attempting to obtain your personal details in an attempt to commit fraud.

“Dear Friend,

RE: Funds Investment and Management Placement of $23 Million.

We solicit for a private investor who wants to invest his funds in 8 years -term business venture in your country/company under your supervision with his image undisclosed.

You will be required to;

[1]. Receive the funds and earn 20%.

[2]. Invest 80% and Manage the investment to earn commission on profit .

My client is willing to negotiate Management sharing percentage after your acceptance. We expect to hear from you urgently as this is a high priority Investment Placement and kindly send your telephone number to enhance communication via email:robert.lucas59@yahoo.com.hk

Thank you for your understanding.

Sincerely Yours,

Robert Lucas”