Action Fraud Alert – Online Marketplace Fraud Advice For Sellers

Action Fraud has received several reports indicating that sellers of items on online marketplace websites are falling victim to fraud by bogus buyers. Typically, the bogus buyers contact the seller wanting to purchase the item for sale and advise they will be sending the requested amount via PayPal or other electronic payment method. The seller then receives a fake, but official looking email stating they have been paid more than the asking price and to send the difference back to the buyer’s bank account. In reality, no money has ever been sent to the seller; the bogus buyer has spoofed an email and purported to be an online payment company. All contact is then severed with the seller.

It is important to remember that selling anything could make you a target to these fraudsters however the NFIB has identified that those offering sofas, large furniture and homeware are particularly vulnerable.

Protection Advice

• Don’t assume an email or phone call is authentic. Remember criminals can imitate any email address. Stay in control. Always use a trusted payment method online, such as Paypal, and have the confidence to refuse unusual requests for payment like bank transfers.

• Don’t be rushed or pressured into making a decision. Always verify that you have received payment from the buyer before completing a sale.

• Listen to your instincts. Criminals will try and make unusual behaviour, like overpaying, seem like a genuine mistake.

Visit Take Five (takefive-stopfraud.org.uk/advice/) and Cyber Aware (cyberaware.gov.uk) for more information about how to protect yourself online.

If you have been affected by this, or any other type of fraud, report it to Action Fraud by visiting www.actionfraud.police.uk or by calling 0300 123 2040.

NFIB Alert – False Telephone Preference Service Calls

False claims of Telephone Preference Service:

Fraudsters are cold-calling victims, falsely stating that they are calling from one of the well-known UK telecommunication service providers. They call victims claiming to provide a ‘Telephone Preference Service’ – an enhanced call-barring service, which includes barring international call centres.

The fraudsters ask victims to confirm/provide their bank account details, informing them that there is a one-off charge for the service. Victims instead see monthly debits deducted from their accounts, which they have not authorised. The fraudsters often target elderly victims.

In all instances, direct debits are set up without following proper procedure. The victim is not sent written confirmation of the direct debit instruction, which is supposed to be sent within three days.

On occasions when victims attempted to call back, the telephone number provided by the fraudster was either unable to be reached or the victim’s direct debit cancellation request was refused.

During 2017, there were 493 Action Fraud Reports relating to this fraud.

Protect yourself:

There is only one Telephone Preference Service (TPS). The TPS is the only official UK ‘do-not-call’ register for opting out of live telesales calls. It is FREE to sign-up to the register. TPS never charge for registration. You can register for this service at http://www.tpsonline.org.uk.
You will receive postal confirmation of genuine direct debits. If you notice unauthorised payments leaving your account, you should contact your bank promptly.
Always be wary of providing personal information, or confirming that personal information the caller already claims to hold is correct. Always be certain that you know who you talking to. If in doubt hang up immediately.
If you have been affected by this, or any other type of fraud, report it to Action Fraud by visiting www.actionfraud.police.uk or by calling 0300 123 2040.

How To Protect Your Email Against Criminals

Chief Executive Officer (CEO) Fraud – Schools Targeted

The National Fraud Intelligence Bureau (NFIB) has seen an increase in recent weeks in the volume of CEO Fraud reports whereby schools are the targeted victim. This has resulted in substantial financial losses for several schools that have fallen victim to this type of fraud.

A school is targeted by a fraudster who purports to be the Head Teacher / Principal. The fraudster contacts a member of staff with responsibility for authorising financial transfers and requests for a one off, often urgent, bank transfer to be made. The amounts requested have been between £8,000 and £10,000. 
Contact is made by email and from a spoofed / similar email address to the one the Head Teacher / Principal would use.

PROTECTION / PREVENTION ADVICE

  • Ensure that you have robust processes in place to verify and corroborate all requests to change any supplier or payment details. Get in touch with the supplier (or internal colleague) directly, using contact details you know to be correct, to confirm that a request you have received is legitimate.
  • All employees should be aware of these procedures and encouraged to challenge requests they think may be suspicious, particularly urgent sounding requests from senior employees.
  • Sensitive information you post publicly, or dispose of incorrectly, can be used by fraudsters to perpetrate fraud against you. The more information they have about you, the more convincingly they can purport to be one of your legitimate suppliers or employees. Always shred confidential documents before throwing them away.
  • Email addresses can be spoofed to appear as though an email is from someone you know. If an email is unexpected or unusual, then don’t click on the links or open the attachments. Staff should not be allowed to check emails or use the internet with administrator accounts.
  • If you have been affected by this, or any other type of fraud, report it to Action Fraud by calling 0300 123 2040, or visitingwww.actionfraud.police.uk.

Flight Ticket Fraud Alert

Fraudsters are attempting to entice victims who are looking for cheap flights abroad.

Victims have reported booking tickets via websites or a “popular” ticket broker, only to discover that after payment via bank transfer or electronic wire transfer, the tickets/booking references received are counterfeit. In some cases, all communications between the company or broker and the victim have been severed.

Fraudsters are targeting individuals who are seeking to travel to African nations and the Middle East, particularly those wishing to travel in time for popular public and religious holidays.

Prevention Advice:

  • Pay safe: Be cautious if you’re asked to pay directly into a private individual’s bank account. Paying by direct bank transfer is like paying by cash – the money is very difficult to trace and is not refundable. Wherever possible, pay by credit card or a debit card.
  • Conduct research on any company you’re considering purchasing tickets from; for example, are there any negative reviews or forum posts by previous customers online? Don’t just rely on one review – do a thorough online search to check the company’s credentials.
  • Check any company website thoroughly; does it look professional? Are there any spelling mistakes or irregularities? There should be a valid landline phone number and a full postal address so that the company can be contacted. Avoid using the site if there is only a PO Box address and mobile phone number, as it could be difficult to get in touch after you buy tickets. PO Box addresses and mobile phone numbers are easy to change and difficult to trace.
  • Be aware that purchasing tickets from a third party, particularly when initial contact has been made via a social media platform can be incredibly risky.
  • If tickets to your intended destination appear cheaper than any other vendor, always consider this; if it looks too good to be true, it probably is!
  • Look for the logo: Check whether the company is a member of a recognised trade body such as ABTA or ATOL. You can verify membership of ABTA online, atwww.abta.com.
  • If you have been affected by this, or any other type of fraud, report it to Action Fraud by calling 0300 123 2040, or visiting www.actionfraud.police.uk.

Cost of car insurance fraud to victims revealed in new police campaign

  •  City of London Police’s Insurance Fraud Enforcement Department launches campaign to raise awareness of fraudsters selling fake car insurance and warn motorists to ‘Steer Clear of Fraud’
  • Over 850 reports of ghost broking have been reported to Action Fraud in last three years, with reported losses from individuals and organisations totalling £631,000
  • Individual victims of ghost brokers lose on average £769
  • Ghost brokers typically target men in their 20s, using social media

The City of London Police’s Insurance Fraud Enforcement Department (IFED) has launched a national awareness campaign today (Monday 5 February 2018) to warn motorists about the dangers of buying fake car insurance from fraudsters, also known as ‘ghost brokers’, who are potentially leaving thousands of unsuspecting victims driving without insurance.

Extent of the problem

From November 2014 to October 2017, Action Fraud received more than 850 reports linked to ghost broking, with reported losses for both individuals and organisations totalling £631,000. On average, each individual victim lost £769 from this type of fraud

Of these reports, 417 resulted in action being taken against the offenders by IFED following their investigations into ghost broking over the past three years, which included a man who set up 133 fake policiesa teenage ghost broker who was sentenced to jail and a man who made £59,000 from ghost broking.

However, it is thought that the true number of ghost broking victims may be much higher than this figure, as some motorists may be driving on the roads right now unaware that their policy is fraudulent. It is only when they are stopped by police or attempt to make a claim will they find out that they don’t have genuine cover.

This leads police to believe that ghost broking is actually being under reported each year due to the way ghost brokers deceive motorists into thinking they have legitimate insurance, when in fact it’s worthless.

What is ghost broking?

Ghost broking is the name given to a tactic used by fraudsters who sell fraudulent car insurance by a number of different methods. They typically carry out the fraud by one of three ways: they will either forge insurance documents, falsify the driver’s details to bring the price down or take out a genuine policy, before cancelling it soon after and claiming the refund plus the victim’s money.

It is a legal obligation to have valid car insurance and without it victims will experience the severe harm caused by ghost broking, including:

  • Points on their driving licence
  • Vehicle seizure and possible destruction of it
  • A fixed penalty notice
  • Costs to retrieve impounded vehicle
  • Liable for claims costs if involved in an accident

This is on top of the money motorists will have lost buying the invalid car insurance and the money they will have to spend to then buy a legitimate insurance policy.

IFED analysis into the ghost broking reports reveals that men aged 20-29 are most likely to get targeted and that the most common method ghost brokers will use to make initial contact with people is through social media, particularly Facebook and Instagram. Other contact methods include adverts in newspapers and magazines, cold calls and being introduced, either directly or by friends, family members or work colleagues.

Stay safe when buying car insurance

In light of these worrying figures, IFED is encouraging drivers to be wary of heavily discounted prices on the internet or cheap prices they’re offered directly for car insurance, as they may well be ghost brokers.

IFED is issuing the following advice and tips to help drivers avoid falling victim to ghost brokers:

• Trust your instincts – if an offer looks too good to be true, then it probably is.
• Ghost brokers often advertise on student websites or money-saving forums, university notice boards and marketplace websites. They may also try to sell insurance policies in pubs, clubs or bars, newsagents and car repair shops.
• Be wary of ghost brokers using only mobile phone or email as a way of contact. Ghost brokers have even been reported using messaging apps, including WhatsApp, Snapchat and Facebook. Fraudsters don’t want to be traced after they’ve taken your money.
• If you are not sure about the broker, check on the Financial Conduct Authority or the British Insurance Brokers’ Association website for a full list of all authorised insurance brokers.
• You can also contact the insurance company directly to verify the broker’s details.
• You can check to see if your car is legitimately insured on the Motor Insurance Database website.

Detective Chief Inspector Andy Fyfe, Head of the City of London Police’s Insurance Fraud Enforcement Department, said:

“Ghost brokers trick unsuspecting victims with offers of heavily discounted car insurance, leaving them with a policy that isn’t worth the paper it’s written on and open to the severe harm that comes with driving without valid insurance. Being able to drive is vital for a lot people, whether it be to get to work or pick up their children from school or nursery, so if they fall victim to a ghost broker it could not only impact on them financially but also seriously affect their day to day life and make things very difficult.

“As well as the personal harm experienced by victims, ghost brokers also cause financial harm to the insurance industry, driving up the cost of insurance premiums for all motorists.

“While an offer of cheap car insurance may seem tempting, falling victim to ghost broking will end up costing you far more in the long run – both in terms of money and your licence.”

Phantom Debt Fraud Alert – January 2018

Phantom Debt Fraud 
Action Fraud has recently experienced an increase in the number of calls to members of the public by fraudsters requesting payments for a “phantom” debt. The fraud involves being cold-called by someone purporting to be a debt collector, bailiff or other type of enforcement agent. The fraudster may claim to be working under instruction of a court, business or other body and suggest they are recovering funds for a non-existent debt.

The fraudsters are requesting payment, sometimes by bank transfer and if refused, they threaten to visit homes or workplaces in order to recover the supposed debt that is owed. In some cases, the victim is also threatened with arrest. From the reports Action Fraud has received, this type of fraud is presently occurring throughout the UK.

It is important to recognise that there are key differences between the various entities who seek to settle debts or outstanding fees in England and Wales. These differences range from the type of debt they will enforce to the legal powers they possess. To learn more, please take a look at some of the helpful information and links on the Step Change Debt Charity website; https://www.stepchange.org/debt-info/debt-collection/bailiffs-and-debt-collectors-differences.aspx 

Protect Yourself
  • Make vigorous checks if you ever get a cold call. Bailiffs for example, should always be able to provide you with a case number and warrant number, along with their name and the court they are calling from; make a note of all details provided to you.
  • If you receive a visit from a bailiff, they must always identify themselves as a Court Bailiff at the earliest possible opportunity. Ask to see their identity card which they must carry to prove who they are, this card shows their photograph and identity number. They will also carry the physical warrant showing the debt and endorsed with a court seal.
  • If you work for a business and receive a call or visit, be sure to speak with your manager or business owner first. Never pay the debts yourself on behalf of the business you work for; some fraudsters have suggested employees make payment suggesting they can then be reimbursed by their employer when in reality the debt is non-existent.
  • Exercise caution believing someone is genuine because you’ve found something on the internet; fraudsters could easily create fake online profiles to make you believe them.
  • Double check with the court, company or public body they claim to work for to confirm whether the call is legitimate; if you use a landline make sure you hear the dialling tone prior to dialling as the caller could still be on the line and you could potentially speak to the fraudster(s) to confirm the non-existent debt. Also be sure to independently search for a telephone number to call; never use a number provided by the caller without carrying out your own research.
  • Do not feel rushed or intimidated to make a decision based on a phone call. Take five and listen to your instincts.
  • If you know you have a debt, keep in regular contact with your creditor and be sure to establish the debt type at the earliest opportunity if you are not aware. This will help you to understand who might be in contact with you regarding any repayments or arrears.
You can report suspicious calls like these to Action Fraud by visitingwww.actionfaud.police.uk or by calling 0300 123 2040.

Email Frauds – Information Request

TV production company Rumpus Media and are currently looking into various email scams. And are looking to collect as many examples of scam emails as possible to get an overview of how this particular area works.

Please see poster for contact details.

 

Businesses Report All-time High Levels of Fraud, Cyber and Security Incidents in 2017

Fraud, cyber, and security risks are at an all-time high, according to senior corporate executives surveyed worldwide for the 2017/18 Kroll Annual Global Fraud & Risk Report.

The proportion of executives reporting that their companies fell victim to at least one instance of fraud over the past 12 months increased to 84%, from 82% in the previous survey. Levels of reported fraud have steadily risen every year since 2012, when the reported occurrence was just 61%.

An even greater percentage of executives surveyed (86%) said their companies had experienced a cyber incident or information theft, loss, or attack over the past 12 months, slightly up from 85% in 2016. Seven in 10 respondents (70%) reported the occurrence of at least one security incident during the past year, compared to 68% in the previous survey.

The report reveals that respondents are experiencing a heightened sense of vulnerability to fraud, cyber, and security risks, with information-related risks now being the area of greatest concern. As criminals and other threat actors continue to find new ways to monetize confidential data, including personal data, data assets are becoming increasingly valuable and attractive targets.

For the first time in the report’s 10-year history, information theft, loss, or attack was the most prevalent type of fraud experienced, cited by 29% of respondents, up 5 percentage points from the previous year. This edged out theft of physical assets or stock, long the most common type of organizational loss, which this year was the second most frequently cited incident (27%).

Cyber attacks represent one of the most persistent threats to confidential information. The reported level of occurrence for every type of cyber incident included in the survey increased in the last 12 months.

Nearly four in 10 (36%) executives surveyed said their companies had been impacted by a virus or worm attack, an increase of 3 percentage points year-over-year. One in three (33%) said they had suffered an email-based phishing attack (up 7 percentage points from the last report), 27% had suffered a data breach, and 25% were affected by data deletion. Beyond digital threats, information was highly susceptible to loss through other means: 29% of executives surveyed said equipment with sensitive data was stolen, while 27% said equipment was “lost.”

Physical theft or loss of intellectual property (IP) was by far the most prevalent type of security incident. Of those executives whose company experienced a security incident this past year, 41% said their organizations fell victim to IP theft or loss.

Top three types of incidents reported by survey respondents (by category)
FraudCyberSecurity
1.Information theft, loss, or attack (29%)Virus/worm attack (36%)Physical theft or loss of intellectual property (41%)
2.Theft of physical assets or stock (27%)Email-based phishing attack (33%)Environmental risk (including damage caused by natural disasters such as hurricanes, tornadoes, floods, earthquakes, etc.) (28%)
3.Management conflict of interest (26%)Data breach resulting in loss of customer or employee data, IP/trade secrets/R&D (27%)Workplace violence (23%)

 

Jason Smolanoff, Senior Managing Director and Global Cyber Security Practice Leader for Kroll, said: “In a digitized world with growing levels of data creation, collection, and reliance for businesses, information assets have become increasingly valuable and exposed to threats. Exacerbating the challenge of safeguarding data is that criminals and other threat actors are continually developing new ways to monetize confidential information, including personal data. People instinctively think about data being targeted by cyber attacks, but not all threats to information are confined to the digital realm. There is a convergence between physical and digital threats, with issues arising from equipment with sensitive data being stolen or lost, for example, or employees with access to highly sensitive information accidentally or intentionally causing a breach.”

In addition to reporting extremely high incidence levels, respondents indicated that the repercussions of fraud, cyber, and security events were costly and wide-ranging, affecting employees, customers, as well as the organization’s reputation and bottom line.

Employee privacy, safety, or morale was negatively affected by incidents according to 82% of respondents whose companies had experienced fraud, 81% of those that reported a cyber incident, and 80% of executives whose companies endured a security event.

Approximately three quarters of respondents stated that customers had been negatively impacted by all three risk factors – 76% by a fraud incident, 74% by a cyber incident, and 74% by a security incident. Almost two-thirds said that the impacted company’s reputation had suffered due to a fraud (65%), cyber (67%), or security (66%) incident.

Businesses suffered significant economic damage from fraud, with nearly one in four respondents (23%) reporting losses of 7% or more of company revenues, an extremely worrisome increase from the prior year when only 3% of respondents reported this magnitude of financial impact.

The report further reveals mounting concerns among surveyed executives about their companies’ potential exposure to fraud, cyber, and security risks.

In particular, information-related risks overwhelmingly represent the top worries for respondents across every risk category – fraud, cyber, and security.  Almost six in 10 (57%) respondents believe their companies are highly or somewhat vulnerable to information theft, loss, or attack, up 6 percentage points from the previous survey.

With reported cyber incidents at an all-time high and perpetrators seeming to develop new methods of attack virtually every day, at least half of all executives surveyed are apprehensive about every type of cyber incident identified in the survey – with almost two-thirds (62%) especially wary of a virus or worm attack.

The proportion of respondents who said they feel highly or somewhat vulnerable to physical security threats also grew over the last year. According to the report, 63% of respondents stated their companies could be particularly prone to physical theft or loss of IP, the greatest single concern.

Insiders and ex-employees continue to pose the greatest threat to companies around the world. Respondents revealed that fraud, cyber, and security incidents are often inside jobs perpetrated by members of management or current, former, or temporary/freelance employees.

Of those reporting a fraud incident, 81% cited one or more insiders as perpetrators; likewise, 58% of respondents who reported a cyber incident and 71% of those who experienced a security incident primarily identified insiders as the perpetrators.

Junior employees were the most commonly named perpetrators of fraud incidents (39%) and former employees were cited most frequently for security incidents (37%). However, for respondents who had experienced a cyber incident in the last 12 months, a random cyber-criminal or threat actor was the single most commonly named perpetrator (34%).

Nearly all anti-fraud measures mentioned in the survey were widely adopted by more than 70% of respondents, with information controls the most widely implemented anti-fraud measure at 78%.

Reflecting the high levels of vulnerability reported by respondents to cyber intrusions, the top three cyber risk mitigation measures that executives expect their companies to implement in the next 12 months all address the problem of intrusions: i.e., intrusion detection systems that are device-based (57%), endpoint threat monitoring tools (55%), and intrusion detection systems that are network-based (54%).

Cybersecurity is also rapidly becoming a board governance mandate as the anticipated likelihood of an incident grows, compounded by increasing regulatory pressures and the costly reputational risks associated with data privacy and data loss events. The report said that 46% of respondents currently involve the board of directors in the formulation of cybersecurity policies and procedures, but another 40% plan to do so in the next 12 months.

Did you enjoy this article? Click here to subscribe to Security Magazine.

Finance industry, police and trading standards unite to tackle fraud

  • Ground-breaking rapid response scheme – the Banking Protocol – means branch staff can alert police and Trading Standards to suspected frauds taking place
  • Scheme rolling out nationwide with more than £9 million of potential fraud stopped in first year
  • The Banking Protocol has led to 101 arrests in 12 months since launch

A ground-breaking fraud prevention scheme aimed at identifying and protecting potential fraud victims when they visit a bank or building society branch has stopped more than £9 million being passed to criminals in its first year of operation, figures from UK Finance show.

The Banking Protocol, developed as a partnership between the finance industry, police and Trading Standards, enables bank staff to contact police if they suspect a customer is in the process of being scammed, with an immediate priority response to the branch. So far, the scheme has led to 101 arrests being made nationally.

The Banking Protocol was first launched last October with a pilot in London, before a national rollout began in May. The scheme is now in place in 43 police forces across the country, with all remaining forces across the UK committed to introducing it.

In the 12 months since the pilot launch until the end of October 2017, the Banking Protocol has prevented £9.1 million of fraud, with individual customers protected from losing sums ranging from £99 up to £212,000. Police have responded to a total of 1,262 Banking Protocol calls.

Katy Worobec, Managing Director of Economic Crime at UK Finance, said:

“Fraud can have a devastating effect on some of the most susceptible people in society and it’s by working together with law enforcement, and others, that we can make a real difference when it matters most. The Banking Protocol is a great example of this collaboration in action protecting people from becoming victims. The finance industry is determined to crack down on fraud and is taking action on all fronts – the Protocol is an important weapon in our armoury.”

Lord Toby Harris, Chair, National Trading Standards said:

“The National Trading Standards Scams Team has been integral to the implementation of the Banking Protocol and I am pleased to see that it is already having a real impact. This example of partnership working is key to tackling criminal activity in a world where criminals are constantly innovating and finding new ways to convince consumers of their legitimacy.

“National Trading Standards is committed to tackling criminal activity and protecting consumers from fraud but we all have a role to play. If you suspect you or someone you know is being defrauded then please contact the Citizens Advice Consumer Helpline on 03454 04 05 06.”

Commander David Clark, City of London Police, said:

“The Banking Protocol illustrates another step forward in protecting citizens across the UK, where partnerships between Policing and private sector are key to design out opportunities for unscrupulous fraudsters. I applaud the initial success of the scheme and support it going forwards.”

UK Finance has led the development and implementation of the Banking Protocol with support from the National Trading Standards Scam team and the Joint Fraud Taskforce. As well as stopping frauds taking place, the scheme ensures a consistent response to potential victims and gives them extra support to prevent them becoming a victim in the future. The Post Office is also part of the Protocol.