Archives: Cybercrime Alerts

Cybercrime Alerts news and reviews

Warning over HMRC scam email that promises you a tax refund ahead of self-assessment deadline which is 31st January

Fraudsters have launched their latest effort to get people to give away their bank details by pretending to be from HMRC

HMRC has warned Brits not to fall for a new scam which claims they are entitled to a tax refund.

But scammers are trying to take advantage by sending a new batch of emails to people saying they’re entitled to a refund.

The email claims to be from “HMRC Office Gateway” and tells people to click a link which takes them to a “customer portal”, where they’ll be encouraged to enter their bank details in order to claim the refund.

But HMRC will never send information about refunds or rebates via email – or ask for your payment details either.

The address for the scam looks like it comes from “Hmrc.gov.uk” but when you expand the address it reveals a long line of seemingly random letters and numbers.

A spokesman for HMRC told the Sun Online that it was aware of the latest scam and just today has asked for 150 websites linked to scams to be taken down.

Technology will store a ‘template’ of your face and enable Facebook to work out if somebody is trying to impersonate you online

The social network has revealed how it is using facial recognition to uncover more images of you, even ones you don’t know about.

The technology will also enable Facebook to work out if somebody is trying to impersonate you online.

From 20th December, Facebook will notify you when it thinks it has spotted you in a picture or video that nobody has tagged you in.

To recognise whether or not you’re in a photo or video, the site says its facial recognition system will compare images with your profile pictures and other photos and videos you’re tagged in.

“Our technology analyzes the pixels in photos you’re already tagged in and generates a string of numbers we call a template. When photos and videos are uploaded to our systems, we compare those images to the template,” the company says.

“We always respect the privacy setting people select when posting a photo on Facebook (whether that’s friends, public or a custom audience), so you won’t receive a notification if you’re not in the audience,” the company says.

That means you won’t receive a tag suggestion notification if Facebook finds your face in a picture or video that’s private to the person who uploaded it.

The technology is also going to be used to detect when other people use photos of you as their own profile picture. Read more

Losses from “binary options” trading have risen from £6,200 in 2012 to £27m last year, an increase of 400,000%.

An online investment scam targeting people through social media has seen the amount of money lost by victims in the UK rise by 400,000% in six years.

Figures from Action Fraud show the amount lost to “binary options” trading increased from £6,200 in 2012, to £27m in 2017 alone, with the total currently standing at £61m.

Binary options, or fixed odds betting, are being used by fraudsters as part of a multi-billion pound industry which is believed to be co-ordinated by overseas criminals.

A binary option is where you can gamble on an outcome, usually something to go up or down, with the pay-off being a fixed amount or nothing at all.

One example would be to bet on whether the value of gold will be above or below a certain price and investors believe they can gain high returns on little amounts.

Consumer group Which? has described binary options scamming as “Britain’s biggest investment con”, with illegitimate companies targeting victims through pop up adverts online and cold-calling.

Binary options trading is currently regulated by the Gambling Commission but from January 2018 the Financial Conduct Authority will take over.

In other countries however, such as Israel and Canada, it has been banned completely.

Read more 

Plenty of child-friendly tech was expected to be in high demand this festive season, from iPhones and teddies to the new Xbox.

Almost half of parents who bought their children an internet-connected gadget for Christmas will not check who they are speaking to online, according to new research.

Barnardo’s estimates that four million online-enabled devices were bought for youngsters over the festive period.

However, the children’s charity found that just 55% of parents surveyed will monitor who they communicate with.

Plenty of child-friendly tech was expected to be in high demand in the run-up to Christmas, with new iphones models available from Apple and a new Xbox from Microsoft are among the  gadgets released just weeks before the festive season.

More than half of the devices bought – ranging from tablets to teddy bears – were bought for children aged 10 and under, but only 60% of parents plan on activating the maximum privacy settings designed to keep them safe.

Barnardo’s has urged parents to be cautious of devices that use Bluetooth, have speakers, microphones or cameras, and use GPS technology or request personal information during the set-up process.

Even Fisher Price has come under scrutiny as their Smart Toy Bear could potentially allow hackers to compile a database of all children using the toy.

Not only that, but the accompanying app also had a flaw that allowed hackers to find out the names, birthdates and even genders of the children using the toys.

In 2015, a cyberattack on toymaker VTech released the personal data of 6.4 million children.

Prevention advice can be downloaded here

With 2018 just around the corner, SplashData  (password management) is out with a fresh list highlighting some of the most commonly used — and thus least secure — passwords of 2017. Not surprisingly, the list is filled with a good number of the usual suspects, including “123456” and “Password,” two perennial classics.

The full list was tabulated after looking at more than 5 million passwords that surfaced over the past 12 months during various leaks. And while many of the passwords are familiar, there are some new entries worth noting, including “starwars” and “whatever.”

The top 10 worst passwords of 2017 are as follows:

  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. 12345
  6. 123456789
  7. letmein
  8. 1234567
  9. football
  10. iloveyou

Remember that for many social networks, the magic combination is User ID and Password. Guess what…many sites allow you to type your email as your User ID. If a hacker gets your email address, they already have HALF the magic combination and now just have to figure out your password. If its one of the above the likelihood is that your account will be hacked.

At typical Nigerian scam asking people to contact her. A most unlikely story and an attempt to obtain your personal details. Note poor grammar. Do not reply.

Compliment of the Day.

Despite all effort to move out the Investment funds from my Bank it was very Difficult for us and we have series of meeting with my Bankers about this matter regarding the best Options to adopt but all effort was abortive.

Today , My Financial Consultant have finally resolved with the Bank and they have agreed to move the funds through Private Secured Unlimited Master Card which will be Issued in your Company name and you can start making withdrawals amounting between 10,000 (Euro) Daily from any Bank ATM/POS Machines and you can also transfer 300,000 (Euro) Weekly using this Private Secured Unlimited Master Card .

For me this is the best Option for us to move the Investments funds to your Country because everything about the Private Secured Unlimited Master Card will be Issued in your name .

Thanks and Best Regards

Dr.(Mrs)Linda Johnson”

Email:lindajohnsonsconsultant (at) gmail.com

The following phishing scam is current doing its rounds. The sender in this case is Google Inc <qc (at) sifg.co.kr, which is  based in South Korea and certainly nothing to do with Google. Simply ignore and certainly do not reply or provide any of the information requested.

“GOOGLE INC

Belgravia House

76 Buckingham Palace Road

London SW1W 9TQ,

United Kingdom.

 

Winning No: GUK/493/798/2017

Ticket No: GUK/605/88/2017

GOOGLE ANNUAL PROMOTION

 

We wish to congratulate you on this note, for being part of our selected winners in our just concluded internal promotion draw this year, this promotion was set-up to encourage the active users of the Google search engine and the Google ancillary services.

Hence we do believe with your winning prize, you will continue to be an active patronage to the Google search engine and services. Google is now the biggest search engine worldwide and in an effort to make sure that it remains the most widely used search engine, we ran an online e-mail beta draw which your email address won Nine Hundred and Fifty Thousand Great British Pounds Sterling (?950,000.00). We wish to formally announce to you that you have successfully passed the requirements, statutory obligations, verifications, validations and satisfactory report Test conducted for all online winners.

A winning check will be issued in your name by Google Promotion Award; for the sum of Nine Hundred and Fifty Thousand Great British Pounds Sterling (?950,000.00) and also a certificate of prize claims will be sent alongside your winning check cashable at any bank.

You are advised to contact the assigned Google Program Administrator/Coordinator with the following details to avoid unnecessary delay and complications:

 

VERIFICATION AND FUNDS RELEASE FORM

(1) Your Contact Address/Private Email Address

(2) Your Tel/Fax Numbers

(3) Your Nationality/Country

(4) Your Full Name

(5) Occupation/Company

(6) Age/Gender

(7) Ever Won An Online Lottery?

(8) Comments about Google

Over the past week there has been an upsurge in reports of travel companies identities being compromised and used for crime.

Businesses in the travel industry, particularly, the renting of properties should undertake a web-search regularly to pick up any bogus copycat operations, using your name. Ways to reduce the risk to YOUR BUSINESS

  1. Set up Google Alerts https://www.google.co.uk/alerts to monitor the brand terms and membership/ATOL numbers,
  2. If possible convert Contact Details, Terms and Conditions, Cookies, and Privacy Information to images so that it is harder for criminals to copy them and change the name, telephone number or email address when cloning a website,
  3. Establish a routine of checking all web searches for brands that they own to pick up copycats,
  4. Obtain an SSL certificate so that they have the padlock and https in the URL as criminals tend not to bother with that when copying sites, and
  5. Register for the free DNS and DMARC from GCA to make it harder for the criminals to spoof legitimate sites.

https://www.globalcyberalliance.org/initiative/internet-immunity-protecting-users-and-networks-via-dns.html

https://dmarc.globalcyberalliance.org.

 

 

Action Fraud UK have noticed that Fraudsters have been setting up fake adverts on social media (including Facebook, Instagram and WhatsApp) and job browsing websites to dupe people into believing they are recruiting for prospective models.

Once a victim shows interest in the modelling jobs, fraudsters contact victims on the false promise of a career and ask them to come in for a test photo shoot.

The fraud is then carried out in two ways;

  1. Fraudsters pressurise victims into sending an upfront fee to book a slot for the test shoot. Once they have received the upfront fee, the victim will never hear from the fraudsters again, or
  2. Fraudsters will take the advance fee that the victim sends for a photo shoot and arrange a photo shoot with the victim. After the photo shoot, the fraudsters will contact the victim after a few days and convince them that their shoot was successful and offer them a job as a model. The victim will then be asked to sign a contract and pay another upfront fee, usually to secure the modelling contract.

In August 2017, 49 victims lost an average of £1,448 each to this type of advance fraud

Fraudsters also targeting parents

Fraudsters are also creating fake adverts for supposed modelling opportunities for children which do not exist. Fraudsters will inform parents or guardians that a potential career in modelling awaits their child. This tactic convinces the parent or guardian to sign up their child and send an advance fee.

The suspects will also convince the victim that in order to become a model, they will need to have a portfolio. The fraudsters will recommend a number of packages and stress that if a package is not paid for in advance, the process of becoming a model cannot continue.

Over a two year period (September 2015 – August 2017), an average of 28 reports of advance fee modelling frauds were reported to Action Fraud UK. In August 2017 alone, there were 49 reports of this fraud type were received and may continue to rise. The total loss in August 2017 alone was over £71,000.

Tips for staying safe:

  • Carry out your own research prior to paying any type of advance or upfront fee.
  • Be wary if you are asked to pay for a portfolio, as many legitimate agencies will cover that cost.
  • Don’t give your bank account details or sensitive information to anyone without carrying out your own research on the relevant agency.
  • If you have been affected by this, or any other type of fraud, report it to police

The UK Office of National Statistics has compiled a list of the ten most common cyber-crimes in the UK, with number of cases reported in the year to June 2016.

For those expats living in Portugal this may have some relevance, especially for those who have UK bank accounts and/or financial connections, such as pension schemes etc

  1. Bank account fraud – 2,356,000

Criminals trick their way to get account details. For example: “Phishing” emails contain links or attachments that either take you to a website that looks like your bank’s, or install malware on your system. A 2015 report by Verizon into data breach investigations has shown that 23pc of people open phishing emails.

  1. Non-investment fraud – 1,028,000

AKA Ponzi schemes. Examples include penny stocks, pension liberation, and investment in commodities, such as wine or art, that later prove worthless

  1. Computer virus – 1,340,000

Unauthorised software damages or takes control of your machine. For example: “Ransomware” encrypts your files and pictures then demands a payment to restore your access to it

  1. Hacking – 681,000

Criminals exploit security weaknesses to illegally access other machines or networks. They steal sensitive data or subvert machines for their own purposes, such as sending spam or launching other cyber attacks

  1. Advance fee fraud – 117,000

The victim is promised access to a great deal of money in return for a smaller upfront payment. For example, the classic “Nigerian Prince” email scam

  1. Other fraud – 116,000

One example is “solicito’s scams”, where a solicitor’s website is hacked, then clients asked to divert large payments into the criminals’ bank accounts.

  1. Harassment and stalking – 18,826

Threats, abuse and online bullying – what’s commonly been termed “ trolling” on social media

  1. Obscene publications – 6,292

Pornography that meets the definition of the Obscene Publications Act, thus generally involving some form of physical abuse

  1. Child sexual offences – 4,184

Assault, grooming, indecent communication, coercing a child to witness a sex act. These crimes maybe being under reported.

  1. Blackmail – 2,028

This includes threats to publish intimate photographs on-line