Follow Up Calls Computer Software Service Fraud

There is concern that victims of previous Computer Software Service Fraud (CSSF) are being re-targeted for “owed money”. The National Fraud Intelligence Bureau (NFIB) reports that CSSF scammers are returning to contact previous victims, requesting that they pay money owed for a fake malware protection service they had provided. Alternatively, the fraudster will ask for a new subscription fee in return for protection from a new threat. The victims that have made payments to the fraudsters have done so via credit/debit card payments. In some instances threatening and aggressive language has been used against victims, as part of the attempt to coerce them into sending money.

Computer Software Service Fraud involves the victim being contacted, told that there is a problem with their computer, and that for a fee this issue can be resolved. The aim of the fraudster at this point is usually to gain remote access to the victim’s computer and, subsequently, access to their online banking account. No fix actually occurs. The victims will often be cold-called or will receive a pop-up on their computer, prompting them to phone the suspect.

Since the beginning of this year (2018), the total loss for repeat victims of CSSF has been reported as £16,712.85. The National Fraud Intelligence Bureau has noticed an increase in such reports since the beginning of May.

 Protect Yourself

• If you receive such an unsolicited call or pop-up, do not make a payment. Always ensure you know who you are talking to. If in doubt, hang up immediately.

• Do not allow remote access to your computer.

• Don’t be rushed or pressured into making a decision. Under no circumstances would a genuine bank, or another trusted organisation, force you to make a financial transaction on the spot; they would never ask you to transfer money into another account for fraud reasons. Remember to stop and take time to carefully consider your actions.

• Listen to your instincts. If something feels wrong then it is usually right to question it.  Criminals may lull you into a false sense of security when you are out and about or rely on your defences being down when you’re in the comfort of your own home. They may appear trustworthy, but they may not be who they claim to be.

For more information about how to protect yourself online, visitwww.cyberaware.gov.uk and takefive-stopfraud.org.uk

If you have been a victim of fraud or cybercrime, report it to us atActionfraud.police.uk, or by calling 0300 123 2040.

Watch Out For These Fake Texts About Your Ee Bill

These fake text messages purport to be from EE and claim that you haven’t paid a bill. The link in the message leads to a phishing website designed to steal your EE account login details, as well as personal & financial information.

Don’t be tricked into giving a fraudster access to your personal or financial details. Never automatically click on a link or attachment in an unexpected email or text.

For more information on how to stay secure online, visit www.cyberaware.gov.uk

Courier Fraud

The National Fraud Intelligence Bureau has identified an increasing number of reports submitted to Action Fraud from the public concerning courier fraud.

 
Fraudsters are contacting victims by telephone and purporting to be a police officer or bank official. To substantiate this claim, the caller might be able to confirm some easily obtainable basic details about the victim such as their full name and address. They may also offer a telephone number for the victim to call to check that they are genuine; this number is not genuine and simply redirects to the fraudster who pretends to be a different person. After some trust has been established, the fraudster will then, for example, suggest; 
– Some money has been removed from a victim’s bank account and staff at their local bank branch are responsible.

– Suspects have already been arrested but the “police” need money for evidence.

– A business such as a jewellers or currency exchange is operating fraudulently and they require assistance to help secure evidence.

Victims are then asked to cooperate in an investigation by attending their bank and withdrawing money, withdrawing foreign currency from an exchange or purchasing an expensive item to hand over to a courier for examination who will also be a fraudster. Again, to reassure the victim, a safe word might be communicated to the victim so the courier appears genuine. 
At the time of handover, unsuspecting victims are promised the money they’ve handed over or spent will be reimbursed but in reality there is no further contact and the money is never seen again.

Protect Yourself

Your bank or the police will never:

– Phone and ask you for your PIN or full banking password.

– Ask you to withdraw money to hand over to them for safe-keeping, or send someone to your home to collect cash, PIN, cards or cheque books if you are a victim of fraud.

Don’t assume an email or phone call is authentic
Just because someone knows your basic details (such as your name and address or even your mother’s maiden name), it doesn’t mean they are genuine. Be mindful of who you trust – criminals may try and trick you into their confidence by telling you that you’ve been a victim of fraud 

Stay in control

If something feels wrong then it is usually right to question it. Have the confidence to refuse unusual requests for personal or financial information.

For more information about how to protect yourself online visit

www.cyberaware.gov.uk  and www.takefive.stopfraud.org.uk  

More than £3 million lost to ticket fraud in one year prompts a warning from Action Fraud

  • Between 1 April 2017 and 31 March 2018, Action Fraud received 6,486 reports of ticket fraud.
  • In the same period, the total reported losses to victims were £3,344,835; an average of £568 per victim.
  • With lots of music concerts and sporting events taking place in summer, it is an opportunity for fraudsters to take advantage of unsuspecting fans.

How is this happening?

Earlier this year, Action Fraud warned football fans planning to travel to the World Cup to be cautious when buying tickets or accommodation because the event is likely to be targeted by fraudsters looking to take advantage of unsuspecting fans.

Action Fraud saw a spike in reporting in June 2017, in which 1,072 reports were made. This suggests that fraudsters are taking advantage of people during the peak season for ticketed events.

Fraudsters will pose as a website or agent for a music concert or festival, a sporting contest such as the World Cup, or a live comedian or performer. Victims will purchase tickets that either don’t arrive or turn out to be fake.

How can I protect myself?

  • Only buy tickets from the venue’s box office, the promoter, an official agent or a well-known and reputable ticket exchange site.
  • Should you choose to buy tickets from an individual (for example via an online auction site or social media), you should pay using a secure payment service. Avoid making payments through bank transfer or money transfer services, as the payment may not be recoverable.
  • Paying for your tickets by credit card will offer increased protection over other payments methods, such as debit card, cash, or money transfer services.

In April 2017, Action Fraud showed just how easy it is to be tricked into buying fake tickets online through a series of Facebook flash advertising, in which more than 1,500 people tried to purchase music tickets from ‘Surfed Arts’, our fake ticket sales website.

Following over 550 complaints made to Action Fraud which were later disseminated to Essex Police, two men were convicted last month of a ticket fraud involving over 309 victims who were conned out of high profile sporting tickets.

Spot the signs

  • Check the contact details of the site you’re buying the tickets from. There should be a landline phone number and a full postal address. Avoid using the site if there is only a PO box address and mobile phone number, as it could be difficult to get in touch after you buy tickets. PO box addresses and mobile phone numbers are easy to change and difficult to trace.
  • Fraudsters create fake websites with URLs similar to that of a genuine site, so double check the web address to make sure you’re on the correct website. Any webpages you enter personal or financial details into should start with ‘https’ and display a locked padlock icon in the address bar.
  • Is the vendor a member of Society of Ticket Agents and Retailers (STAR)? If they are, you’re buying from a company that has signed up to their strict governing standards. STAR also offers a service to help customers with outstanding complaints.

Director of Action Fraud, Pauline Smith, said:

“Criminals are taking advantage of people’s desire to buy tickets for popular concerts and sporting events, which are often sold out. This is why it’s so important that people are vigilant and aware that there are fraudsters all over the globe trying to make money out of innocent victims.

“To avoid disappointment, always buy tickets from an official event organiser or website and if you are tempted to buy from a secondary ticket source, always research the company or the person online before making the purchase.

“If you think you have been a victim of ticket fraud, report it to Action Fraud.

HMRC has saved the public over £2.4M by stopping fraudsters

HM Revenue & Customs (HMRC) has saved the public over £2.4m by taking down websites that trick people into calling premium rate phone numbers for services that HMRC provide for free.

Fraudsters had been creating replica versions of HMRC’s website and directing the public to call premium rate numbers advertised on them. These numbers were simply call forwarding services that connect callers to HMRC, but at a significant price.

HMRC said that specific tactics and costs on each website varied, but the maximum cost of a call was £3.60 a minute, capped at £36 per call. HMRC’s own 0300 numbers are mostly free or charged at the national landline rate.

HMRC successfully challenged the ownership of these fraudulent websites and had them taken down. Analysis has shown that had HMRC not taken this action then the public would have lost over £2.4 million.

Scams Awareness Month

This announcement from HMRC comes at the start of Scams Awareness Month organised by Citizens Advice which is running throughout June.

Here at Action Fraud we see a variety of HMRC scams, including fraudsters using spoofed calls, voicemails and text messages in order to dupe victims of their money.

HMRC scam emails are also the most reported type of phishing attempt reported to us.

Treasury Minister, Mel Stride MP the Financial Secretary to the Treasury said: “We know that HMRC is the most spoofed government brand as criminals try to take advantage of the fact that everyone has some involvement with the tax authority. In this particular case, scammers try to dupe the public into paying large sums for services that are available for free or low cost.”

“This is a brazen con, charging premium rates whilst simply redirecting calls to the real HMRC numbers that are available at low or no cost. It is a testament to the hard work of HMRC that they have prevented criminals extracting £2.4m from the public.”

“The public should go direct to gov.uk to obtain genuine HMRC contact numbers. These will not be premium rate numbers. People should be alert for sponsored adverts, websites charging for government services which would be expected to be free and those with disclaimers denying association with HMRC or government.”

Read more on the HMRC Gov.uk website.

Please note: North East Fraud Forum is not responsible for the content on external websites.

Lords, Bernard Hogan-Howe visited the region today

Former Metropolitan Police Commissioner and member of the House of Lords, Bernard Hogan-Howe visited the region today to deliver a personal insight of time as the most senior police officer in the UK and the significant challenges he faced and the success he brought to the role. Supported by BHP Law, Clive Owen LLP, Towergate BIB and NEFF.

Tsb Port Out Alert – 26/05/2018

There has been an increase in reports made in May by TSB customers relating to “port-out” fraud. Fraudsters are number porting a victim’s telephone number to a SIM card under their control and then using the number to access the victim’s bank accounts.

The increase in the number of reports corresponds with the timing of TSB’s computer system update, which resulted in 1.9 million users being locked out of their accounts. Opportunistic fraudsters are using TSB’s system issue to target individuals, which follows the increase in phishing and smishing communications also targeting TSB customers this month. Victims’ bank account and personal details including their phone number are collected by the fraudster, providing them with the information to execute the fraud.

Number porting is a genuine service provided by telecommunication companies. It allows customers to keep their existing phone number and transfer it to a new SIM card. The existing network provider sends the customer a Port Authorisation Code (PAC), that when presented to the new provider allows the number to be transferred across. This service can, however, be abused by fraudsters.

To gain control of the victim’s phone number, fraudsters convince the victim’s mobile phone network provider to swap their number on to a SIM card in the fraudster’s control. Once the fraudster has control of the number they are able to intercept the victims’ text messages, allowing them to use services linked to the victim’s phone number. This can include requesting an online banking password reset or access to any two factor authentication services.

Victims have reported large losses as a result of this fraud. One victim initially dismissed text messages received from their network provider containing a PAC number. Two days later£6,000 was removed from the victim’s TSB current account. The victim subsequently contacted their phone provider and was informed that someone contacted the provider purporting to be the victim and had cancelled their contract and transferred their number to a new SIM. This action allowed the banking fraud to take place.

Protect Yourself:

PAC Code notifications

If you receive an unsolicited notification about a PAC Code request, contact your network provider immediately to terminate the request. Also notify your bank about your phone number being compromised.

Clicking on links/files:

Don’t be tricked into giving a fraudster access to your personal or financial details. Never automatically click on a link in an unexpected email or text. Remember, criminals can spoof the phone numbers and email addresses of companies you know and trust, such as your bank.

Requests to move money:

A genuine bank or organisation will never contact you out of the blue to ask for your PIN, full password or to move money to another account.

Port-out Fraud versus SIM Swapping

Port-out fraud is often incorrectly referred to as SIM swap fraud. SIM swap fraud works in a similar fashion, however, instead of porting the victim’s number to a new network provider, the fraudster impersonates the victim and requests a new SIM card for their account. Once they have access to the new sim, they have access to the number.

TV Providers Discount Fraud

The National Fraud Intelligence Bureau (NFIB) have noticed an increase in Action Fraud reports where fraudsters are offering a discount on Television service provider subscriptions. Fraudsters are cold-calling victims, purporting to be from a Television (TV) provider offering a discount on their monthly subscription. Victims have been told the following: their subscription needs to be renewed; that part or all, of the TV equipment has expired and they are due an upgrade on the equipment/subscription. In order to falsely process the discount, the fraudster asks victims to confirm or provide their bank account details. The scammers may also request the victim’s identification documents, such as scanned copies of passports.

The fraudsters are using the following telephone numbers: “08447111444”, “02035190197” and “08001514141”. The fraudster’s voices are reported to sound feminine and have an Asian accent.

Later victims make enquiries and then discover that their TV service provider did not call them and that the fraudster has made transactions using the victim’s bank account details. 

This type of fraud is nationwide. Since the beginning of this year (2018), there have been 300 Action Fraud Reports relating to this fraud. From the reports received, victims aged over 66 seem to be the most targeted.

What you need to do

• Don’t assume a phone call or email is authentic: Just because someone knows your basic details (such as your name and address or even your mother’s maiden name), it doesn’t mean they are genuine. Criminals can exploit the names of well-known companies in order to make their scams appear genuine.

• Don’t be rushed or pressured into making a decision: a genuine company won’t force you to make a financial decisions on the spot. Always be wary if you’re pressured to purchase a product or service quickly, and don’t hesitate to question uninvited approaches in case it’s a scam.

• Stay in control: Have the confidence to refuse unusual requests for personal or financial information. Always contact the company yourself using a known email or phone number, such as the one written on a bank statement or bill.

Visit Take Five (takefive-stopfraud.org.uk/advice/) and Cyber Aware (cyberaware.gov.uk) for more information about how to protect yourself online.

FIFA 2018 World Cup Alert

The 2018 FIFA World Cup will take place from 14th June – 15th July 2018. The worldwide demand for match tickets, flight tickets, and somewhere to stay throughout the competition is expected to be significant. Those planning to travel should exercise caution when considering the purchase of tickets or accommodation because the event is highly likely to be targeted by fraudsters looking to take advantage of unsuspecting fans.

Fraudsters will likely be posing as;

– Official World Cup ticket vendors or private individuals attempting to sell on a match ticket via online marketplace.

– A fraudulent website or operator offering non-existent flights or other transport to host cities.

– An accommodation booking service, hotel or operator, offering seemingly convenient accommodation in one of the host cities for the duration of the game.

– Lottery or competition organisers claiming that you’ve won a prize or cash related to the tournament.

 Action Fraud received over six hundred reports and intelligence submissions in relation to the previous World Cup so it’s vital that football fans exercise caution when considering a purchase or making a transaction.

Protect yourself: 

  • Listen to your instincts: If something feels wrong then it is usually right to question it. Fraudsters will use the promise of steep discounts to lure you into handing over your money or revealing personal/financial details.
  • Clicking on links/files: Don’t be tricked into giving a fraudster access to your personal or financial details, and never automatically click on a link in an unexpected email or text.
  • Visit the Action Fraud website and take a look at their Ticket Fraud, Holiday Fraud and Lottery Fraud advice pages before making any decisions or bookings.
  • For useful advice and information on the World Cup please visit the Government Guidance Pages: https://www.gov.uk/guidance/be-on-the-ball-world-cup-2018