Pet – Fraud Alert – 04/07/2017

The National Fraud Intelligence Bureau (NFIB) and Action Fraud have recently noticed a rise in the reporting of pets, and in particular puppies and kittens, being advertised for sale via popular online auction websites. The fraudsters will place an advert of the pet for sale, often claiming that the pet is currently held somewhere less accessible or overseas. Upon agreement of a sale, the suspect will usually request an advance payment by money transfer or bank transfer. However, the pet does not materialise and the fraudster will subsequently ask for further advanced payments for courier charges, shipping fees and additional transportation costs. Even if further payments are made, the pet will still not materialise as it is likely to not exist.

Tips to staying safe when purchasing pets:

  • Stay within auction guidelines.
  • Be cautious if the seller initially requests payment via one method, but later claims that due to ‘issues with their account’ they will need to take the payment via an alternative method such as a bank transfer.
  • Consider conducting research on other information provided by the seller, for example a mobile phone number or email address used by the seller could alert you to any negative information associated with the number/email address online. 
  • Request details of the courier company being used and consider researching it.
  • Agree a suitable time to meet face-to-face to agree the purchase and to collect the pet. If the seller is reluctant to meet then it could be an indication that the pet does not exist.
  • A genuine seller should be keen to ensure that the pet is going to a caring and loving new home. If the seller does not express any interest in you and the pet’s new home, be wary.
  • If you think the purchase price is too good to be true then it probably is, especially if the pet is advertised as a pure-breed.
  • Do not be afraid to request copies of the pet’s inoculation history, breed paperwork and certification prior to agreeing a sale. If the seller is reluctant or unable to provide this information it could be an indication that either the pet does not exist or the pet has been illegally bred e.g. it originates from a ‘puppy farm’. A ‘puppy farm’ is a commercial dog breeding enterprise where the sole aim is to maximise profit for the least investment. Commercial dog breeders must be registered with their local authority and undergo regular inspections to ensure that the puppies are bred responsibly and are in turn fit and healthy. Illegally farmed puppies will often be kept in inadequate conditions and are more likely to suffer from ailments and illnesses associated with irresponsible breeding.
  • When thinking of buying a pet, consider buying them in person from rescue centres or from reputable breeders.
  • If you have been affected by this, or any other type of fraud, report it to Action Fraud by visiting  www.actionfraud.police.uk or by calling 0300 123 2040.

CIFAS External-Fraudscape report 2017

By Sandra Peaston  Assistant Director, Insight, Cifas

With almost one in every two crimes a fraud or cybercrime* there has never been a more urgent time for organisations to be alert to both the external and internal fraud threat.

In this report, for the first time ever, we have brought together frauds recorded by Cifas members to the National Fraud Database and the Internal Fraud Database into a single document: making Fraudscape the only publication providing analysis of internal and external fraud trends in the UK.

In 2016, we saw a 1.2% increase in overall fraud recorded to our databases. Identity fraud reached the highest levels ever recorded with almost 173,000 cases reported by our member organisations. Fraudsters continued to focus on online applications, with 88% of identity frauds being internet-enabled.

FOR FULL REPORT PLEASE CLICK ON LINK BELOW:

CIFAS External-Fraudscape report 2017

‘Petya’ ransomware attack strikes companies across Europe

A major cyber-attack has struck large multinational companies across Europe, with Ukraine’s government, banks, state power utility and Kiev’s airport and metro system particularly badly affected.

The attack on Tuesday caused serious disruption at firms including the advertising giant WPP, French construction materials company Saint-Gobain and Russian steel and oil firms Evraz and Rosneft.

The food giant Mondelez, legal firm DLA Piper and Danish shipping and transport giant AP Moller-Maersk also said their systems had been hit by the malware, the second large-scale cyber attack in as many months.

Full Story – The Guardian

Vehicle Online Shopping Fraud – 12/06/2017

Fraudsters have been advertising vehicles and machinery for sale on various selling platforms online. The victims, after communicating via email with the fraudster, will receive a bogus email which purports to be from an established escrow provider (a third party who will keep the payment until the buying and selling parties are both happy with the deal).

These emails are designed to persuade victims to pay upfront, via bank transfer, before visiting the seller to collect the goods. The emails also claim that the buyer (victim) has a cooling off period to reclaim the payment if they change their mind. This gives victims the false sense of security that their money is being looked after by this trustworthy third party, when in fact it is not and the money has gone straight to the fraudster.

Protect yourself:

  • When making a large purchase such as a new car or machinery, always meet the seller face to face first and ask to see the goods before transferring any money.
  • If you receive a suspicious email asking for payment, check for spelling, grammar, or any other errors, and check who sent the email. If in doubt, check feedback online by searching the associated phone numbers or email addresses of the seller.
  • Contact the third party the fraudsters are purporting to be using to make the transaction. They should be able to confirm whether the email you have received is legitimate or not.
  • False adverts often offer vehicles or machinery for sale well below market value to entice potential victims; always be cautious. If it looks too good to be true then it probably is.

If you have been affected by this, or any other type of fraud, report it to Action Fraud by visiting www.actionfraud.police.uk, or by calling 0300 123 2040.

Wedding Services Fraud – 05/06/2017

With the upcoming “Wedding Season”, and for those individuals who are considering making plans for next year and beyond, you should be aware of the potential risks of fraud involved. 

According to ‘bridesmagazine.co.uk’, in 2017 the average wedding cost spend is approximately £30,111.  This will be paid out to multiple vendors, including; photographers, caterers, reception venues and travel companies, to name a few.  Many of these services will require booking at least several months in advance and you may be obliged to pay a deposit or even the full balance at the time. 

Being aware of the potential risks and following the below prevention advice could minimise the likelihood of fraud:

Paying by Credit Card will provide you with protection under Section 75 of the Consumer Credit Act, for purchases above £100 and below £30,000. This means that even if a Company goes into liquidation before your big day, you could claim a refund through your Credit Card Company.

Social Media – Some Companies run their businesses entirely via social media sites, offering low cost services.  Whilst many are genuine, some may not be insured or may even be fraudulent. There are a few things you can do to protect yourself;

  •  Ensure you obtain a physical address and contact details for the vendor and verify this information.  Should you experience any problems, you will then be able to make a complaint to Trading Standards or consider pursuing via the Small Claims Court.
  • Ensure you obtain a contract before paying money for services.  Make certain you fully read and understand what you are signing and note the terms of cancellation.

Consider purchasing Wedding Insurance – Policies vary in cover and can be purchased up to two years in advance.  They can protect you from events that would not be covered under the Consumer Credit Act.

Complete research on each vendor, ensuring you are dealing with a bona fide person or company.  Explore the internet for reviews and ratings and ask the vendor to provide details of past clients you can speak to. You should do this even if using companies recommended by a trustworthy friend or source.

For services such as wedding photographers, beware of websites using fake images. Look for inconsistencies in style; Meet the photographer in person and ask to view sample albums. If you like an image from a wedding, ask to view the photographs taken of the whole event so you can see the overall quality.    

Remember, if something appears too good to be true, it probably is!

Smishing Fraud Alert – 26/05/2017

Smishing – the term used for SMS phishing – is an activity which enables criminals to steal victims’ money or identity, or both, as a result of a response to a text message. Smishing uses your mobile phone (either a smartphone or traditional non-internet connected handset) to manipulate innocent people into taking various actions which can lead to being defrauded.

The National Fraud Intelligence Bureau has received information that fraudsters are targeting victims via text message, purporting to be from their credit card provider, stating a transaction has been approved on their credit card.

The text message further states to confirm if the transaction is genuine by replying ‘Y’ for Yes or ‘N’ for No.

Through this method the fraudster would receive confirmation of the victim’s active telephone number and would be able to engage further by asking for the victim’s credit card details, CVV number (the three digits on the back of your bank card) and/or other personal information.

Protect yourself:

  • Always check the validity of the text message by contacting your credit card provider through the number provided at the back of the card or on the credit card/bank statement.
  • Beware of cold calls purporting to be from banks and/or credit card providers.
  • If the phone call from the bank seems suspicious, hang up the phone and wait for 10 minutes before calling the bank back. Again, refer to the number at the back of the card or on the bank statement in order to contact your bank.
  • If you have been a victim of fraud or cyber crime, please report it to Action Fraud at http://www.actionfraud.police.uk/ or alternatively by calling 0300 123 2040

Microsoft Tech-Support Scammers Using Wannacry Attack To Lure Victims – 23/05/2017

Action Fraud has received the first reports of Tech-Support scammers claiming to be from Microsoft who are taking advantage of the global WannaCry ransomware attack.

One victim fell for the scam after calling a ‘help’ number advertised on a pop up window. The window which wouldn’t close said the victim had been affected by WannaCry Ransomware.

The victim granted the fraudsters remote access to their PC after being convinced there wasn’t sufficient anti-virus protection. The fraudsters then installed Windows Malicious Software Removal Tool, which is actually free and took £320 as payment.

It is important to remember that Microsoft’s error and warning messages on your PC will never include a phone number.

Additionally Microsoft will never proactively reach out to you to provide unsolicited PC or technical support. Any communication they have with you must be initiated by you.

How to protect yourself

  • Don’t call numbers from pop-up messages.
  • Never allow remote access to your computer.
  • Always be wary of unsolicited calls. If you’re unsure of a caller’s identity, hang up.
  • Never divulge passwords or pin numbers.
  • Microsoft or someone on their behalf will never call you.

If you believe you have already been a victim

  • Get your computer checked for any additional programmes or software that may have been installed.
  • Contact your bank to stop any further payments being taken.

Report fraud and cyber crime to Actionfraud.police.uk

Ransomware Cyber Attacks

The ransomware cyber attack on Friday 12 May which affected the NHS and is believed to have affected other organisations globally by Wannacry or Wannacrypt malware, has been followed by a second attack on Tuesday 27th June: Technology experts said this second attack appeared consistent with ransomware described as an “updated variant” of a malware virus known as Petya or Petrwrap.

The City of London Police’s National Fraud Intelligence Bureau has issued an alert urging both individuals and businesses to follow protection advice immediately and in the coming days.

Ransomware is a form of malicious software (Malware) that enables cyber criminals to remotely lock down files on your computer or mobile device. Criminals will use ransomware to extort money from you (a ransom), before they restore access to your files. There are many ways that ransomware can infect your device, whether it be a link to a malicious website in an unsolicited email, or through a security vulnerability in a piece of software you use.

Key Protect messages for businesses to protect themselves from ransomware:

  • Install system and application updates on all devices as soon as they become available.
  • Install anti-virus software on all devices and keep it updated.
  • Create regular backups of your important files to a device that isn’t left connected to your network as any malware infection could spread to that too.

The National Cyber Security Centre’s technical guidance includes specific software patches to use that will prevent uninfected computers on your network from becoming infected with the “WannaCry” Ransomware: https://www.ncsc.gov.uk/guidance/ransomware-latest-ncsc-guidance

For additional in-depth technical guidance on how to protect your organisation from ransomware, details can be found here: https://www.ncsc.gov.uk/guidance/protecting-your-organisation-ransomware

Key Protect advice for individuals:

  • Install system and application updates on all devices as soon as they become available.
  • Install anti-virus software on all devices and keep it updated.
  • Create regular backups of your important files to a device (such as an external hard drive or memory stick) that isn’t left connected to your computer as any malware infection could spread to that too.
  • Only install apps from official app stores, such as Google’s Play Store, or Apple’s App Store as they offer better levels of protection than some 3rd party  stores. Jailbreaking, rooting, or disabling any of the default security features of your device will make it more susceptible to malware infections.

Phishing/smishing
Fraudsters may exploit this high profile incident and use it as part of phishing/smishing campaigns. We urge people to be cautious if they receive any unsolicited communications from the NHS. The protect advice for that is the following:

  • An email address can be spoofed. Don’t open attachments or click on the links within any unsolicited emails you receive, and never respond to emails that ask for your personal or financial details. 
  • The sender’s name and number in a text message can be spoofed, so even if the message appears to be from an organisation you know of, you should still exercise caution, particularly if the texts are asking you to click on a link or call a number.

Don’t disclose your personal or financial details during a cold call, and remember that the police and banks will never ring you and ask you to verify your PIN, withdraw your cash, or transfer your money to another “safe” account.

If you have been a victim of fraud or cyber crime, please report it to Action Fraud at http://www.actionfraud.police.uk/

How To Prevent Ransomware Attacks Like WannaCry

On Friday 12th May, more than 200,000 users became victims of the latest ransomware attack and this figure is likely to grow.

Email attachments and links to Dropbox are the most widely reported sources of attack – so even if you have the most secure network, you must make sure that your staff are fully trained to spot sophisticated phishing attempts to prevent an attack.

Please click on the link below to learn how to prevent ransomware attacks such as WannaCry and to fully protect your business.

How  to Prevent Ransomware Attacks