Archives: Cybercrime Alerts

Fraudsters are contacting the elderly and vulnerable claiming to be from HM Revenue & Customs.

Victims are being told they have arrest warrants, outstanding debts or unpaid taxes in their name.

The fraudsters are asking victims to purchase iTunes gift cards as payment.

There are a variety of methods being used including calls, texts and voicemails.

Action Fraud is warning people once again of scammers contacting victims claiming to be from HM Revenue & Customs (HMRC) that trick people into paying bogus debts and taxes using iTunes gift cards.

Victims are being contacted in a variety of methods by fraudsters claiming to be from HMRC and are being told they owe an outstanding debt. In most cases they ask for payment in iTunes gift card voucher codes.

Fraudsters like iTunes gift cards to collect money from victims because they can be easily redeemed and easily sold on. The scammers don’t need the physical card to redeem the value and instead get victims to read out the serial code on the back over the phone.

Methods fraudsters use:

Spoofed calls: Fraudsters cold call victims using a spoofed number and convince them that they owe unpaid tax to HMRC.

Voicemails: Fraudsters leave victims automated voicemails saying that they owe HMRC unpaid taxes. When victims call back on the number provided, they are told that there is a warrant out in their name and if they don’t pay, the police will arrest them

Text messages: They may also use text messages that ask victims to urgently call back on the number provided. When victims call back, they are told that there is a case being built against them for an outstanding debt and they must pay immediately.

How to protect yourself: 

• HMRC will never use texts to tell you about a tax rebate or penalty or ever ask for payment in this way.
• Telephone numbers and text messages can easily be spoofed. You should never trust the number you see on your telephones display.
• If you receive a suspicious cold call, end it immediately.

In the wake of the Manchester attack on Monday evening, the Greater Manchester Police is warning people to be cautious of online fundraising pages as it has emerged that fraudulent pages are being set up which request donations to support the families of the victims.

Spot the signs

Fraudulent fundraising websites often use topical events, such as a terror incident or natural disaster, to make it look like their charity has been created only recently in response, while the website may also be badly written or have spelling mistakes.

When you go to a donation page, fraudsters can record your credit or bank account details, so if you are unsure, seek further advice before donating any money.

If you do wish to donate to a recommended appeal, GMP is advising people to visit the official Just Giving page set up by the Manchester Evening News in partnership with the British Red Cross

In an interest article by Justin Fier of Security Week, he states; “The recent WannaCry ransomware outbreak is yet another wake-up call. Humans alone can no longer be expected to manually respond to brazen, fast-spreading cyber-attacks that strike without warning and routinely bypass porous network borders. The early indicators of the attack were evident, but it spread too quickly for human security teams to react before it spread across the world like wildfire.

 

Read the full article here.

Some Banco Santander Totta customers, as well as non-customers are currently receiving emails purportedly being sent on behalf of the bank. The alert was given a few days ago. One of the senders addresses is; santandertottapt7217030 (at) mail.sapo.pt another one is santandertotta42 (at) novobanco.pt.

These are Phishing scams to get you to disclose your banking details. If you receive such an email, do not click on the link. If in doubt, contact the bank BUT not on the contacts provided in the email.

With the subject “SantanderTotta – Important Notice”, the email tells the customer to click on a link to authorize a banking operation. Another with the subject “ Alerta de Segurança SantanderTotta #C17217030”  tells the recipient to click on a link to update€859 details failure of which will incur a fine of €85

As at 12th May 2017 it believed that there are more than 75,000 recorded attacks of the WannaCry ransomware virus in at least 74 countries. Wanna Cryptor, also known as WannaCry , is believed to use the Ethernal Blue exploit, which was originally developed by the US National Security Agency to attack computers running Microsoft Windows operating systems. Security experts link the attack to vulnerabilities released by “The Shadow Brokers”, who recently dumped hacking tools stolen from NSA.

The huge cyberattack leveraging hacking tools brought disruption to Britain’s health system on Friday 12^th May security researchers said.

United Kingdom

Hospitals and doctors’ surgeries in parts of England were forced to turn away patients and cancel appointments after they were infected with the “ransomware”, which scrambled data on computers and demanded payments of $300 to $600 to restore access. People in affected areas were being advised to seek medical care only in emergencies.

“We are experiencing a major IT disruption and there are delays at all of our hospitals,” said the Barts Health group, which manages major London hospitals. Routine appointments had been cancelled and ambulances were being diverted to neighbouring hospitals.

Spain

Telecommunications giant Telefonica in Spain was among many targets in Spain, though it said the attack was limited to some computers on an internal network and had not affected clients or services.

As a result, Spain’s Computer Emergency Response Team CCN-CERT, posted an alert on their site about a massive ransomware attack affecting several Spanish organizations. The alert recommends the installation of updates in the Microsoft March 2017 Security Bulletin as a means of stopping the spread of the attack. See below.

The National Health Service (NHS) in the U.K. also issued an alert and confirmed infections at 16 medical institutions. We have confirmed additional infections in several additional countries, including Russia, Ukraine, and India.

Portugal

A spokeswoman for Portugal Telecom said: “We were the target of an attack, like what is happening in all of Europe, a large scale-attack, but none of our services was affected.”

Ransomware is malicious software that infects machines, locks them by encrypting data and then extorts money to let users back in. A Telefonica spokesman said a window appeared on screens of infected computers that demanded payment with the digital currency bitcoin in order to regain access to files.

Rich Barger, director of threat research at U.S.-based security research company Splunk, said: “This is one of the largest global ransomware attacks the cyber community has ever seen.”

Ransomware is a program that gets into your computer, either by clicking on the wrong thing or downloading the wrong thing, and then it holds something you need to ransom.

In the case of WannaCry, the program encrypts your files and demands payment in bitcoin in order to regain access.

Security experts warn there is no guarantee that access will be granted after payment. Some ransomware that encrypts files ups the stakes after a few days, demanding more money and threatening to delete files altogether.

There are different variants of what happens: Other forms of ransomware execute programs that can lock your computer entirely, only showing a message to make payment in order to log in again. There are some that create pop-ups that are difficult or impossible to close, rendering the machine difficult or impossible to use.

British based cyber researcher Chris Doman of AlienVault said the ransomware “looks to be targeting a wide range of countries”, with initial evidence of infections in at least two dozen nations according to experts from three security firms.

The broad based ransomware attack has appeared in at least eight Asian nations, a dozen countries in Europe, Turkey and the United Arab Emirates and Argentina and appears to be sweeping around the globe, researchers said.

How to prevent and what to do if infected

Patch ALL Windows machines in your environment immediately. The EternalBlue vulnerability was patched by Microsoft back in March as part of MS17-010.

2 – Maintain up-to-date backups of files and regularly verify that the backups can be restored.

3- Ransomware attacks target shared network drives and cloud backups. This scenario makes it hard to retrieve the information in case of a ransomware attack. Therefore, do not rely on backup only – you must consider a protection mechanism.

4 – Ransomware is often delivered through the exact same channels as other types of malware: spear-phishing and malicious drive-by. Educate users to obtain from clicking on suspicious links, downloading email attachment and downloading software from dodgy resources.

5 – Install a ransomware detection and prevention tool. Small businesses and individuals should install Cybereason RansomFree. It is a free ransomware protection tool for PCs running Windows 7, 8, 10 and Windows Servers running 2008 R2 and 2012 R2. Download RansomFree here: https://ransomfree.cybereason.com

Removal of virus

Use a special tool such as that developed by How to Remove Guide 

 

The Judicial Police is investigating four cases in the country and trying to determine if there is an adult market behind the dealers of the game.

The evidence in the four cases of adolescents, who were hospitalized after self-mutilation in meeting challenges of the Blue Whale game are being gathered by the PJ sections of Setúbal, Portalegre, Faro and Porto, in contact with the inspectors of the National Computer Crime Unit (Unc3t). The objective is “to collect evidence and monitor this at the National Computer Crime Unit,” Carlos Cabreiro, director of UNC3T,

The Judiciary will try to follow the track of the game curators to see if there are Portuguese involved or if the orders come from within the country.

“The Whale game reminds us of a process of radicalization, it is pure manipulation, it reminds us of paedophiles on the internet who collect images of children, are abnormal individuals who take this information in a way of setting tasks they call challenges, with threats, “says Carlos Cabreiro. He said that “there may be an adult market here to take advantage of this in some way.” And the healers of the game are clearly interested in the whole media wave around it. “It is intended that the dissemination be massive for adolescents and young adults to join.

The Judiciary Police is “very worried” about the spread of the game on the Internet, especially when yesterday was the fourth victim of the challenges of the Blue Whale in Portugal: a 15-year-old girl from Porto, who is hospitalized in the Hospital de S. John on Tuesday night with injuries to his arm and chest.

 

This Facebook game looks harmless, but could pose a security risk to our online security

Comparing lists on social media of the top 10 concerts you first attended seems a harmless enough pastime.

However the first gig you went to is often one of the security questions which banks and other organisations ask when setting up an account – and revealing that information online, even in an innocent online post, could make you more vulnerable to hackers.

http://www.bbc.com/news/uk-39791875

 

On 27^th April a young woman threw herself from an overpass over the railway line and was injured. PSP, who was aware of two other cases, has given advice to parents. PLEASE SHARE THIS.

Participating in a game called the “Blue Whale” is believed to be the origin of this incident that which took place at Algarve railway line in the Ferreiras area of ​​Albufeira.

The young woman, who was injured, was trying to meet the challenges posed by the administrators of an online game , originating in Russia, which is worrying the authorities of several countries because, in addition to inciting acts of self-mutilation. The eventual aim is for the player to commit suicide and the target audience is almost always teenagers weakened by problems such as depression and isolation.

Please read more with contact details for persons who may be vulnerable for this sort of game

According to the fire department commander, the young woman threw herself from the bridge that crosses the railway line in Ferreiras and “suffered multiple injuries in the lower limbs”, being hospitalized in Faro.

“In the hospital the victim said she was under great pressure and that she threw himself out of the bridge in a state of despair,” he told PÚBLICO António Coelho, relating this situation to the game “Blue Whale”.

Recently an attempted suicide took place in Spain linked to this game. In Brazil, the phenomenon took on more dramatic proportions, with news of several dozen suicides committed by adolescents in at least eight states in the context of participation in the game.

Known as the Blue Whale, the game includes 50 levels of difficulty, the last of which is the suicide of its players. The tasks that your often-adolescent players are challenged to perform start with relatively innocuous things like listening to a particular song or video submitted by the administrators, or curators, of the game.

The Blue Whale reportedly targets players between 10 and 14 year old, pushing them into completing a list of pained daily tasks such as waking up in the middle of the night, cutting shapes into their skin or contemplating death.

As the game progresses over several week, participants reach a final task – committing suicide.

The game that has been spreading online among teens has led to warnings from police across Europe and Russia, Central Asia and North and South America.

The Blue Whale began in Russia on VKontakte – the national equivalent to Facebook – and Russian police have been investigating the relationship between this and suicides over a few months involving about 130 teenagers. More recently, in Colombia, police have detected that some 3200 youths with Facebook profiles have participated in the game.

Telephone help and support services for suicide in Portugal and Europe

SOS – National Relief Service
112

SOS Voz Amiga
(between 16 and 24h00)
21 354 45 45
91 280 26 69
96 352 46 60

SOS Phone Friend
239 72 10 10

Friendship Phone
22 832 35 35

Listen – Voice of Support – Gaia
22 550 60 70

SOS Student
(8:00 a.m. to 1:00 a.m. )
808 200 204

Voices of Friends of Hope
(20h00 to 23h00)
22 208 07 07

Beware an email with the subject of “DHL Shipment Notification”: 1860915879 or another number, pretending to come from DHL Customer Support <support@dhl.com, which was received by a resident in the Algarve today.

It states that “as DHL were unable to deliver to your home you should download the attached receipt and take it to your local post office who have the parcel for collection.

Fraudsters are stealing large sums of money from victim’s bank accounts by taking control of their mobile phones and intercepting calls/texts messages sent by banks. 

Fraudsters are once again gathering as much information as possible on victims and using a method we have warned the public about in the past called SIM splitting to gain access to people’s bank accounts.

A recently “This is Money” investigation that one victim from London lost £22,300 when fraudsters raided their Santander accounts using this method. Another two victims had £19,500 drained from their Santander accounts after criminals intercepted the bank’s text messages.

How this fraud works?

Step 1: Fraudsters initially harvest as much as they can about an individual. This includes; intercepting their post, searching public information on social media/search engines, tricking them into installing malware or buying information from Organised Crime Groups.

Step 2: Armed with this information, the fraudsters will call the victim’s mobile phone provider and tell them that the handset has been lost, stolen or damaged. Provided they can answer basic security questions, the old SIM is cancelled and a new one is activated. The fraudster may also ask for all calls/texts to be diverted to a new phone.

Step 3: The first the victim will know of a problem is when their mobile stops working. This can seem innocent at first and some people may just think it is a signal problem.

Step 4: Fraudsters then hack into victim’s online banking and open a parallel business account. Since the new business account is already in an existing customer’s name, there are fewer security checks.

Step 5: The fraudsters then start to transfer money to accounts in their control. The banks will either call or text to confirm that payments being sent are genuine. The fraudsters will pretend to be the victim and insist that payments are pushed through.

How to protect yourself against this type of fraud

• Always make sure you have suitable anti-virus software installed and keep it up to date.
• Always consider what you are downloading – do not open files or click on links from unknown sources.
• If you discover a virus on your computer, disconnect from the internet immediately and ask a specialist for advice.
• When creating a password, try not to use the same password for more than one account. This will prevent further accounts being taken over if one has been compromised.
• Create a strong password by choosing three random words. Numbers and symbols can still be used if needed.
• Try not to post information on social media such as your birth date, your first pet, or school as these are normally included in security questions to reset your password.