Archives: Cybercrime Alerts

The statistics just issued by the National Fraud Intelligence Bureau (NFIB) show the UK public lost £34 million to ‘romance’ fraudsters in 2014, a 33% increase in fraud cases in compared to 2013.

Get Safe Online and Action Fraud are urging people to be careful with not just your heart but also your safety, if you do online dating.

Please be aware of this phishing attack that has been circulating in the last few days. The sender is Dawes – Info (at) dangerousloves.com and  it is entitled “Congratulations”. It reads as follows: 

“Attention,

This is a personal email directed to you, I am Dave Dawes, My fiance and I won a Jackpot Lottery of 101 million pounds (101 million), and we have voluntarily decided to donate the sum of 1 million pounds (1 million) to you as part of our own charity project to improve the lot of 5 unknown lucky individuals all over the world plus close friends and family.

If you have received this email then you are one of the lucky recipients and all you have to do is to contact Barr.Eduardo with Code: BMTU1005 via email barr.edu (at) im.com so that he can send your details to the payout bank for fund disbursement.

You can verify this by visiting the web pages below.

….telegraph.co.uk/news/newstopics/howaboutthat/8820740/101m-lottery-jackpot-winners-Dave-and-Angela-Dawes-to-give-millions-to-friends-and-family.html

Good luck,

Dave Dawes.”

Comment

This is a dangerous phishing attack which has been around for two years, and it is based on the legitimate winners of the UK lottery a Mr and Mrs Dawes in 2012 who did give away some of their prize money. Using the url  of the Telegraph on-line news report of their winnings the scammer has included this in the above message giving the scam an air of legitimacy.

A resident in the Algarve reported to us the following email she received a few days ago. Curious she replied to the sender asking for more information. The email  (abbreviated) reads as follows:

Sender: motherofmarcey04@……………

Subject: I want to sent up a charitable foundation in your country

“I am Mrs. Anna Maria Picarelli from Italy and I am Married To MR ANDREW PICARELLI who worked with the ITALIAN EMBASSY in Togo West Africa before He died in the year 2006. I am happy to be associated with someone like you and I pray that God Almighty will give you the
strength and wisdom to carry out this noble task. I wish to use this opportunity to inform you that my proposal for you is about the sum of $10.5 million usd which was deposited in a bank by my late husband, Mr Andrew picarelli since the year 2006 before his death and until my husband’s death we were married for many years without any child and the doctors have confirmed to me that i will not live more than few months from now and this is why I have to take this bold step of donating the fund to you .
This fund is meant for the purpose of building Humanitarian Foundation,Orphanage Centers and for the Helping of Widows and the Less Privileged,HIV/AIDS Victims in the society . Before his death, we were both philanthropist and have been engaged in the building and establishment of humanitarian foundation around the world. So, if you are willing to receive the fund as has been specified above, you should use it for the building of orphanage Centers, Helping Widows and the less privileged in the society.

As soon as you receive the fund in your account, you are only required to take 20% out of the fund as a token gift for your efforts and other inconveniences and the remaining 80% you must be use for the purpose as I have explained to you above for the help of humanity and finally to fulfil the good wishes of my Late Husband. I am presently in a hospital where I have been undergoing Medical Treatment Of Cancer of the Lungs and please, I do not need any telephone conversation for now in respect of my Doctor’s advise and mores because of the presence of my husband’s relatives around me always even here in the hospital and I do not want them to know anything about the existence of this fund because I do not want my husband’s money to be misused without using it for the purpose he instructed me before his death.

So, to enable you receive the fund from the bank where it is presently deposited, you should contact my family lawyer, Barrister LAWSON L. GEORGE through his e-mail address: (georgemaitrelawson………gmail.com) or through his telephone number:00228-9732-8726 so that he will guide on how to receive the fund AND IF YOU HAVE ANY QUESTION,YOU CAN ASK HIM FOR HE KNOWS EVERYTHING ABOUT THIS FUND,WHY AM SAYING THIS IS BECAUSE OF MY BAD HEALTH CONDITION, and may God bless you as you do His will and PLEASE SEND YOUR PRIVATE TELEPHONE NUMBER TO MY LAWYER AS YOU ARE SENDING HIM MESSAGE SO THAT HE CAN CALL YOU.
Be prayerful”

Comment

Please note the poor grammar and spelling mistakes. This is a phishing attack designed to entice the receiver into providing personal details. This is likely to lead to theft of identity and possible fraud. If you receive this or others similar simply delete without replying.

A crook who used eBay to sell electronic devices that clone bank cards at cashpoints has been unmasked by The Mail on Sunday. 

Known as skimmers, the matchbox-size machines fit on to card slots to read unsuspecting bank customers’ private data, enabling criminals to clone their cards and steal cash in a widespread fraud that costs Britons many millions of pounds each year.

Despite being illegal under the Fraud Act 2006, dozens of skimmers have been sold in the UK for prices up to £765 on auction website eBay. Among the sellers according to the Daily Mail was Habibur Rahman, of East London.

Contacted by an undercover reporter about buying a skimmer, Rahman, 27, said: ‘[It’s] good money if ur patient and put the time in. It’s all about time.

‘I have some customers buy these on a regular basis. So they must be doing sumthing right. People who buy it they no what they are doing. It works just need to no the right places to get ur money [sic].’

Our reporter bought a panel used with a skimmer to disguise a pinhole camera that records a customer’s PIN. The item cost £65 and arrived in the post within days.

The Mail on Sunday traced his eBay seller address to a £300,000 three-bedroom terrace house in East Ham, London. There, a man whose photograph is on Facebook under the name Habibur Rahman claimed he had never heard of him.

When told about this report, he shouted: ‘Get off my property.’ Later that day the listings were taken off eBay.

An analysis of Rahman’s eBay account revealed he has been selling skimming devices for at least six months and has made 42 transactions.

Comment

Following the Safe Community Algarve Cybercrime Seminar at Tavira we received a report that these skimmers had been available on ebay. A check made at the time did not surface any.

Firstly to make it clear this does not involve a property in Portugal, BUT it could easily occur anywhere. 

A very interesting holiday letting scam was reported in the UK media recently which illustrates the extent that fraudsters will go to in such cases, as well as serving as an example of why it is so important to take all precautions when renting holiday homes on-line.

The family by the name of “Peggs” had used “Owners Direct” for years with no problem, so when they spotted a place in a pretty little town called Fiac, in France they emailed the property owner via the website.

A man called Hamish responded and, after corresponding by email, agreed to rent out the property in the first week of August. Hamish, emailing from a Hotmail account, asked if the money could be sent to his on-line Barclays bank account. The Peggs family thought it a little odd to ask for all the money at once but because they did not want to lose it, they paid £1650 into Hamish’s bank account and thought that was that.’

But in fact, the Peggs’ money had not been deposited into the property owner’s account at all. Yes, the property owner was called Hamish. But retired solicitor Hamish Porter had no idea the family were keen to rent his holiday home, let alone that he had allegedly been ‘paid’ for the privilege.

Internet hackers had intercepted the Peggs’ messages. It is believed they did this by sending owners like Hamish a fake enquiry from a potential renter – which looks just like a genuine Owners Direct enquiry. When the owner clicks on the link, it takes him not to the genuine Owners Direct page, but to a fraudulent duplicate webpage created by the hacker.

When the owner enters his details onto this fake page, he unwittingly gives the fraudster access to his email account. From then on, the scammer can pretend to be the owner, intercepting emails from would-be renters, replying, answering questions, sending out fake contracts and asking for payment directly into his own bank account – and deleting all evidence as they go.

At the end of this case after much debate Owners Direct refunded the Peggs family £700, but they ended up losing almost £1000.

Comment

It is believed that this is not an isolated case and Safe Communities Algarve has previously raised concerns over this subject and has provided advice to reduce the risk. This can be found at the following link: Those wishing to rent properties where money is transferred on line direct to the owner should take particular care and in accordance with the advice try and speak to the owner beforehand. Note: gmail and hotmail email address are easy to create and because little information is required it is sometimes impossible to establish who it belongs to. In Portugal it is illegal to let a property without having the required licence.

Alternatively a more reliable option is to go through a reputable well established property rental company, who take care of all the handling of money and the administration and where all the properties advertised are licensed. Details of reliable companies are on the Safe Communities Algarve Safe Service providers webpage as mentioned in the previous article.

A person posted the following on Facebook page here in the Algarve. This is useful information and advice provided by Action Fraud UK is at the foot of the page

“Many of you may be aware that there is a terrible scam operation going on in the UK. Sadly an elderly member of my own family has been directly affected by this and has been scammed for thousands of pounds.

My mother was called by a person claiming to be the fraud squad at Hammersmith police station. They then told her that they had a person in custody that had taken money fraudulently out of her bank account. The information so far has been sketchy but their MO is the same in most cases.

The statistics issued by the National Fraud Intelligence Bureau (NFIB) show the UK public lost £34 million to ‘romance’ fraudsters in 2014, a 33% increase in fraud cases in compared to 2013.

Get Safe Online and Action Fraud are urging people to be careful with not just your heart but also your safety, if you do online dating.

The figures reveal that online dating fraud in the UK is on the rise, with a 33% increase in fraud cases in 2014 compared to 2013 and costing the UK public £34 million compared to £24.5 million in the previous year.

There is also a significant rise in reported fraud cases from April 2014 to May 2014, suggesting that in the blissful wake of Valentine’s Day people may become more susceptible to romance scams, letting their heart rule their head.

The figures also demonstrate exactly how and where fraudsters are choosing to exploit their victims. 54% of fraud sufferers paid by money transfer (E.g. Money Gram or Western Union) narrowly shadowed by payments taken directly from bank accounts, which was the payment method used by 37% of victims.

Please see our article on Romance Fraud – Not to Night Darling for details on how to recognize fraudsters and take preventative action.

The following email scam is doing its rounds at present. This is typical of what are known as 419 (Nigeria) scams. Do not reply to this email if you receive it or pass on any information.

“Mrs. Debbie Anani.

56 Aviende Libertie

Cote d’Ivoire.

My Dear,

I am Mrs. Debbie Anani, from Cote d’Ivoire and it is my pleasure to contact you for a business venture which i and my child intend to establish with you.

I want to confide on you for the brighter future of my child in the hope that you can support and assist us in getting our inherited fund moved to your account for business investment according to your advice.

There is €4,800,000.00 (Four Million Eight Hundred Thousand Euros) which my late husband deposited in a Security Company here and declared it as family valuables before sudden death.

Now i and my little son have decided to invest this money in your country or anywhere safe enough for security and political reasons.

We want you to help us so that this money can be released from the Security Company and moved to you for a joint investment purposes over there for our common benefit.

If you can be of assistance to us we will be pleased to offer to you 10% of the total fund for your assistance in getting the fund released from the Security Company.

I await your soonest response.

Mrs. Debbie Anani”

On  20th February the judicial Police issued an alert following complaints concerning callers pretending to be from Microsoft

“Over the past few days, there has been, a massive malware distribution attempt, beginning with fraudulent phone calls using abusively the company name Microsoft. 

These phone calls, randomly directed, are from callers pretending to be officials from  Microsoft IT security department, speaking in English, stating they wish to resolve your personal computer problems. They give various pretexts, such as (i) infection by a virus; (Ii) the system needs to be updated; and that solving them requires the implementation of a series of instructions and commands, for which the employee is supposed offers to help. 

They add that the problem can be solved by paying for alleged updates of the Windows system through purchasing support packages and other assistance. To give credibility they ask details of victims’ credit cards and they use these details to to install malicious software, through which they can obtain confidential data, or even remotely access your computer and changing the settings. With this data, criminals come in possession of sufficient data to achieve fraudulent wire transfers on behalf of the victims, causing damage that can amount to thousands of euros 

The Judicial Police recommends :

• Do not respond to such contacts, since they are not made by Microsoft company
• Do not provide any kind of personal data;
• Do not give any information whereby they can interact with your computer system, otherwise this could could damage to equipment and personal data.

There have been a number of telephones calls received in the last few days from persons in the USA pretending to be from Microsoft.

They usually speak in an Indian accent stating that your computer has a problem that they offer to resolve over the phone. This may be along the lines that the computer has a problem with its operating system or with Windows.

One person received a call recently and she did not even have a computer!

Advice

Simply terminate the call. Do not pass on any information whatsoever, including your name. Its a phishing attack designed to entice you into passing on your personal details. Microsoft do not approach people using the phone about computer security issues.