How to protect your browser from Unicode domain phishing attacks

 𝖨𝗍’𝗌 𝖾𝖺𝗌𝗒 𝗍𝗈 𝖻𝖾 𝗍𝗋𝗂𝖼𝗄𝖾𝖽 𝖻𝗒 𝖺 𝖴𝗇𝗂𝖼𝗈𝖽𝖾 𝖴𝖱𝖫.
Author: Graham Cluley

Published February 22, 2018 6:11 pm in Phishing, Vulnerability, Web Browsers 8

Do you trust а

Of course you do! So, do you feel okay about visiting the website at https://www.а


The URL I’ve linked to isn’t the real Apple technology company that makes shiny iPhones, Homepods, and iMacs. Instead, it’s a Unicode domain which
rather than using the conventional ASCII characters that make up the vast majority of websites you’re likely to visit – contains foreign characters.

So the “а” of а is actually a Cyrillic “а” (U+0430) rather than the ASCII character “a” (U+0061).

What’s that? You couldn’t tell the difference? No, neither can I. And, as we’ve described before, that’s a problem that phishers and online crooks are only too happy to take advantage of in their pursuit of your passwords and other sensitive information. You see, it’s not just “а” and “a” that can be mixed up. There are countless ways in which bad guys can take advantage of the many Unicode characters that look remarkably similar to common ASCII characters. Which means that you and I are at risk of visiting a site believing it to be legitimate, when in fact it’s designed to scam us in what is known as an IDN Homograph attack.

Browsers are beginning to get better at warning users when they visit a site with an internationalized domain name (IDN), with some now displaying the URL in the browser bar in its Punycode form. That means you might spot you’re visiting xn– rather than the real But human nature means that we will more-often-than-not fail to check the browser bar, and not notice that we’re not on the website we intended. For that reason, I strongly recommend that you get some help.

There are a range of browser extensions and plugins that can warn you when you visit a website with an internationalized domain name. Having tried a few solutions, my preference is for a browser add-on called IDN Safe.IDN Safe not only warns you that you are visiting a URL with an internationalized domain name, but it also *blocks* the webpage (which is far more likely to grab your attention!).

Of course, if you *did* want to visit that URL it would be a nuisance if you were now being blocked from reaching it. So, IDN Safe includes a whitelist feature to allow you to visit specific sites that you decide are legitimate.

IDN Safe isn’t for everyone. In particular, if you are – say – Chinese and in the habit of visiting websites that take advantage of internationalized domain names you may find it a ruddy nuisance. But, for most of us, I think it’s a sensible addition to our security toolbox – and may stop you from being phished or scammed one day.

Furthermore, Firefox users may benefit from making a change to their browser settings which will force the Punycode version of the URL to be displayed in their browser bar.

Warwickshire Special Constables are commended for their commitment to the public

Warwickshire Police Special Constables have been commended by senior officers and the Warwickshire Police and Crime Commissioner for their significant commitment to protecting people from harm.

Since April 2017, the Special Constabulary have worked around 36,000 hours.  To put that into some perspective, that is nearly 4 years’ collective service in the space of just nine months.

Chief Supt Alex Franklin-Smith who oversees the Special Constabulary in Warwickshire said: “Currently 200 officers give their own time as part of the Special Constabulary in Warwickshire.  The dedication and selflessness of these officers cannot be underestimated. I would like to take this opportunity to thank each and every Special Constable for their precious free time utilised for the betterment of their communities and for their sense of duty protecting people from harm. The non-police experiences they bring to the role and to the service are a valuable resource that cannot be undervalued and people living in Warwickshire are safer as a result of their individual contributions.

Warwickshire Police and Crime Commissioner Philip Seccombe said: “I’m delighted to see the hard word and dedication that our Special Constabulary is able to deliver to communities across Warwickshire.  I know from my involvement with the Army Reserve how valuable the voluntary ethos can be, so the growth of the Special Constabulary in this way is something I very much welcome.  It helps bring in a different mix of skills and experience, while at the same time allowing the volunteers to give something back to their community. The additional opportunities now being offered to work in more specialised areas of policing is also helping to bring in the kind of expertise from industry that can help to address the changing nature of crime. “It’s clear we have a very good core of dedicated volunteers in our Special Constabulary and I hope to continue to see it grow to supplement the excellent work being carried out by our regular police officers, PCSOs and police staff.”

Volunteers make a huge contribution to the safety and well-being of our communities and the importance of the Special Constabulary as a valuable addition to the regular police cannot be underestimated.

Warwickshire Special Constabulary Chief Officer Graham Bell said: “I am extremely honoured to lead such a dedicated team of volunteer police officers and particularly proud of the contribution that Special Constables make every day to protecting people from harm across Warwickshire. Specials are fully warranted volunteer Police Officers who are recruited from across the county, creating the crucial link between police and the communities by taking an active part in the way their communities are policed and helping to cut crime and the fear of crime.”

Special Constables volunteer anything from 16 hours to well over 100 hours per month at a time that suits them, conducting high visibility patrols and operations independently from and alongside regular officers. We also have officers attached to specialist teams such as our Roads Policing team, patrolling the strategic roads and motorway network and our rural crime team who are tasked and active in our rural areas deterring criminality, providing reassurance and delivering crime prevention advice. Increasingly we are looking for people to join us and bring their specialist skills to policing in areas such as financial investigation and cyber-crime.

Special constables begin their career by attending initial basic training at our training centres where they learn about the law, their powers, preparation of evidence for court, dealing with crime and managing confrontation. Officers also complete their Officer Safety Training which covers emergency first aid, a national fitness test, techniques for using their equipment and much more. This training takes place during weekends and in the evenings. Following training, officers are attested by a magistrate and are then deployed to work on a response team to put their new knowledge into practice. Special Constables then undertake a period of supervised patrol typically for 12 – 18 months with a Special or Regular tutor whilst gathering evidence in a portfolio to gain independent patrol status which is a milestone in every officers career.

As the Special Constable’s policing experience increases, officers will work on specific Specials’ led operations and events, as well as providing support to regular police officers. There are opportunities for promotion within the Police Specials, which has its own rank structure.

Whilst the role is not salaried, Specials do get reimbursed for out of pocket expenses and are provided with a uniform, training and equipment.  Specials can be any height, don’t need specific qualifications, just honesty, integrity and a positive approach.

Anyone who is interested in becoming a special, should visit

Phishing, vishing and smishing

What are they?

Phishing:    the fraudulent practice of sending emails purporting to be from reputable companies to induce individuals to reveal personal information, such as passwords and credit card numbers.

Vishing: the fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies to induce individuals to reveal personal information, such as bank details and credit card numbers.

Smishing: is a type of phishing attack where mobile phone users receive text messages purporting to be from reputable companies containing a Web site hyperlink, which, if clicked would download a Trojan horse to the mobile phone.


Any contact like this is designed to convince you to hand over valuable personal details or your money or download something that infects your computer. The three terms are all plays on the word ‘fishing’, in that the fraudsters fish for potential victims by sending emails, social media messages or text messages or making phone calls with urgent messages in the hope of persuading someone to visit the bogus website.

Protect yourself

  • Don’t assume anyone who’s sent you an email or text message – or has called your phone or left you a voicemail message – is who they say they are.
  • If a phone call or voicemail, email or text message asks you to make a payment, log in to an online account or offers you a deal, be cautious. Real banks never email you for passwords or any other sensitive information by clicking on a link and visiting a website. If you get a call from someone who claims to be from your bank, don’t give away any personal details.
  • Make sure your spam filter is on your emails. If you find a suspicious email, mark it as spam and delete it to keep out similar emails in future.
  • If in doubt, check it’s genuine by asking the company itself. Never call numbers or follow links provided in suspicious emails; find the official website or customer support number using a separate browser and search engine.

Spot the signs

  • Their spelling, grammar, graphic design or image quality is poor quality. They may use odd ‘spe11lings’ or ‘cApiTals’ in the email subject to fool your spam filter.
  • If they know your email address but not your name, it’ll begin with something like ‘To our valued customer’, or ‘Dear…’ followed by your email address.
  • The website or email address doesn’t look right; authentic website addresses are usually short and don’t use irrelevant words or phrases. Businesses and organisations don’t use web-based addresses such as Gmail or Yahoo.
  • Money’s been taken from your account, or there are withdrawals or purchases on your bank statement that you don’t remember making.

How it happens

Phishing, vishing and smishing are done in many ways. In the end, the aim is always to trick you into thinking you’re giving up personal information or making payments with someone you can trust, such as your bank, a government agency or a business or brand name.

The fraudsters will use your details to steal your identity, or simply take the money you’ve paid and break all contact.


You may find a website pretending to be a well-known company, organisation or service. The aim of these websites is to convince you that you’re using a real online service so that you hand over your personal or banking details or send money.


Phishing emails encourage you to visit the bogus websites. They usually come with an important-sounding excuse for you to act on the email, such as telling you your bank details have been compromised, or claim they’re from a business or agency and you’re entitled to a refund, rebate, reward or discount.

The email tells you to follow a link to enter crucial information such as login details, personal information, bank account details or anything else that can be used to defraud you.

Alternatively, the phishing email may try to encourage you to download an attachment. The email claims it’s something useful, such as a coupon to be used for a discount, a form to fill in to claim a tax rebate, or a piece of software to add security to your phone or computer. In reality, it’s a virus that infects your phone or computer with malware, which is designed to steal any personal or banking details you’ve saved or hold your device to ransom to get you to pay a fee.

Social media

Facebook, Twitter and other social media channels are also used to direct you to a spoof website. Fraudsters create accounts that have similar usernames and profile pictures to official accounts to trick you into thinking you’re dealing with someone you can trust.

Official accounts are ‘verified’ – they come with a checkmark icon next to their name, meaning they’ve proved themselves as the official company to the social media channel.


Some fraudsters will call your landline or mobile, pretending to be from your bank, building society, a government agency or someone you do business with. This is known as vishing (voice + fishing).

Alternatively, they’ll send you a text message that asks you to reply with your personal or banking details, or to call or text a premium-rate number they have created to run up a large bill. This is called smishing (SMS + fishing).

How to report it

Report it to actionfraud online or call 0300 123 2040.

Phone Scammers Asking For iTunes Gift Cards as Payment

Phone scammers are a devious bunch and they use a variety of tactics to trick vulnerable people into giving them money and personal information.

Often, phone scammers will attempt to panic a victim into paying by claiming that the victim owes money for taxes, fines, utility bills, or other unexpected fees. The scammers may be very threatening and may even claim that the victim will be arrested and jailed if payment is not made.

In other cases, the scammers may claim that the victim has won a lottery or is eligible for a tax refund or a large cash grant from a government agency or other organisation. But, the scammers will claim that the victim must pay various fees upfront before the funds can be sent to them.

In many cases, the scammers demand that the victim provide credit card details to make the supposed payments. Alternatively, they may instruct the victim to go out and purchase a pre-paid debit card and then call back with the card details.

And, increasingly, scammers are insisting that victims provide iTunes Gift Card codes as a means of payment.

Here’s how the iTunes Gift Card scams generally play out:

1: The victim gets a call from a scammer who invents a cover story like those mentioned above and warns that the victim must make an immediate payment or face dire consequences.

2: The scammer insists that the victim pays with iTunes Gift Cards and instructs him or her to hang up, go out and buy some of the cards at the nearest retail outlet, and then call back.

3: When the victim calls back, the scammer will ask for the 16-digit code on the back of the iTunes cards.

4: The scammer can then use the card code to purchase goods and services on the iTunes Store, App Store, iBooks Store, or for an Apple Music membership.

Scammers are using this method because iTunes Gift Card purchases cannot be easily traced back to offenders. If victims pay using the cards, it will usually be impossible for them to get their money back.

Keep in mind that iTunes Gift Cards can ONLY be used to purchase goods and services on the iTunes Store, App Store, iBooks Store, or for an Apple Music membership.

Any call that wants you to pay a supposed debt or fine using an iTunes card is certain to be a scam.  No legitimate entity will ever ask that you make a payment using iTunes Gift Cards.  If you receive such a call, just hang up.

Apple has published information about these scams on its website.

Note that scammers may sometimes demand that people pay with other types of store gift cards as well as iTunes cards.


People familiar with computers and the Internet may find it difficult to understand how anyone could fall for a scam that demanded payment via iTunes Gift Cards.

But, keep in mind that there are still many people who do not have a computer at home and have only a rudimentary knowledge of the Internet and online payment systems.

They will no doubt have seen displays of iTunes Gift Cards in various stores without having any real understanding of what the cards are actually for. So, a clever phone scammer may be able to easily convince them that the iTunes cards are a new and safe way to make payments over the phone.

If you have less tech-savvy relatives, friends, or neighbours who you think may be vulnerable to such scams you may want to take a few minutes to bring them up to speed.

How to remove Mac viruses & malware for free – Macworld UK

Mac malware is rare, but it does exist. Here’s how to remove Mac viruses for free if you’re one of the unlucky few, plus how to avoid getting infected in the first place

Worried you have some kind of malware or virus on your Mac? Here’s some help to figure out what’s going on and, if necessary, clean up the damage – all for free.

It’s often said that Apple products don’t get malware or viruses. While this is still true of devices based on iOS – such as the iPhone or iPad – it’s not 100 percent true when it comes to Macs nowadays. There have been a few notable malware and virus reports in recent years, although a big difference compared to Microsoft Windows is that there’s never been a Mac malware epidemic. In fact, since the release of OS X (now called macOS), a tiny fraction of the total number of Macs in the world have ever been infected.

This doesn’t mean Macs haven’t come under the spotlight for malware and virus creators. There are lots of nasty people out there who see Macs – and their users – as prime targets, and in this article we show how to stay safe and avoid or get rid of the malware and viruses they try to dump on your Mac. (We also recommend you read our best Mac security tips and our roundup of the best Mac antivirus apps.)

Note that to an extent we are going to be mixing and matching the terms malware and virus but they are actually separate concepts. Malware tends to take the form of apps that pretend to do one thing, but actually do something nefarious, such as steal data. Viruses are small discrete bits of code that get on to your system somehow and are designed to be invisible. Of course, within these two definitions there are also other types such as ransomware.

Symptoms and diagnosis

Every now and again malware or a virus does get make it through into the wild, where there’s at least a risk of infection, so a basic knowledge of security is good for any Mac users.

Here are just some of the symptoms of malware or viruses you might watch out for:

  • Your Mac suddenly becomes sluggish or laggy in everyday use, as if there’s some software running in the background chewing up resources;
  • You find there’s a new toolbar in your browser that you didn’t install. Typically these toolbars claim to make it easier to search or shop;
  • You find any web searches are unexpectedly redirected away from your usual search engine to some site you’ve never heard of (or the results appear in a page that’s faked up to look like your usual search engine);
  • All web pages are overlaid with adverts – even those where you don’t expect to see adverts, such as Wikipedia;
  • Going to your favourite sites doesn’t always work, as if something is randomly redirecting you to spam advertising pages;
  • Advertising windows pop up on your desktop, seemingly unconnected with any browsing you’re doing or any program that’s running.

If you get any of these symptoms then don’t panic: they don’t necessarily mean you have a malware or virus infection on your Mac. There’s a thousand reasons why a Mac right run slowly, for example.

Additionally, some legitimate apps have unfortunately begun to add their own occasional popups for other of their products (although some people still refer to these apps as adware/malware, and refuse to have them on their system).

Here’s one thing you definitely shouldn’t do if you think your Mac is infected: don’t Google a description of the problem and install the first thing you find that claims to be able to fix things. Sadly, a lot of software that claims to be able to fix Macs is in fact malware itself, or is simply fake and designed only to make you part with money. The crooks behind this software manipulate Google’s search results so they appear at the top, and their apps can look incredibly convincing and professional.

How to remove Mac viruses & malware for free: MacDefender

Fake antivirus apps like MacDefender, which hit the headlines a few years ago, might look the part but are actually malware in disguise

How malware gets on to your computer

Typically malware or viruses get on to your computer in a handful of ways, as listed below. You can help diagnose whether you might have an actual infection by seeing if you’ve undertaken any of these steps recently:

Malicious software

As mentioned earlier, the malware looks like legitimate software, such as a virus scanner that you download in panic after believing yourself to be infected. Check for independent reviews of apps or ask for personal recommendations from others to avoid downloading this kind of thing.

This kind of malware might be downloaded by you, or it might arrive via email, or perhaps even arrive via an instant message.

Fake files

Sometimes malware or viruses might be disguised as an image file, word processing or PDF document that you open either without realising what it is, or out of curiosity to see what it is – perhaps upon finding a strange new file on your desktop, for example. (Today’s top tip: DO NOT open files that suddenly appear unless you know what they are!)

The malware creator’s technique here is simply to give the malware a fake file extension. Most of us can see straight through this, but it’s surprising how effective an attack vector this can be.

Malware-loaded legitimate files

The malware gets on to your system via a flaw or security hole in your browser or other software, such as your word processor or PDF viewer; in this case an otherwise ordinary document or webpage you open contains hidden malware that then runs without you realising, or opens a hole in your system for further exploitation.

Fake updates or system tools

The malware looks like a legitimate update. Typically this is offered via a fake warning dialog box while you’re browsing. Fake updates for the Adobe Flash Player browser plugin, or fake antivirus/system optimisation apps, are a particularly popular vector of attack.

How to remove Mac viruses & malware for free: Fake update

Fake updates like this can look pretty convincing but only want to deliver malware on to your computer!

Fake technical help

You’re phoned out of the blue from Apple or Microsoft, and they tell you that they believe your computer is infected, so walk you through some steps to undo the damage – while all the time putting in place their own malware, of course.

Built-in protection

For several years now Apple has included invisible background protection against malware and viruses, as follows:

File Quarantine/Gatekeeper

If you try to open an app you’ve downloaded – no matter how you got it – then you’ll get a warning telling you where the file has come from, and you’re told when you downloaded it. You will then have to specifically choose to open the file (with the exception of apps you download via the Mac App Store, which are always trusted because they’re supplied direct from Apple).

If an app isn’t digitally signed by its creator, which requires a signature supplied by Apple, then you will be blocked from opening it. (Here’s how to open a Mac app from an unidentified developer, but be cautious.)

Linked into File Quarantine is a scanner that, when you first open files you’ve downloaded, checks them for known malware or viruses. If any is found then you’re told the file is infected or damaged, and the only option you’ll have is to move it to the Trash.

Xprotect in particular has been very effective at halting the spread of Mac malware before it can even get started, and is yet another reason why malware or virus infections on a Mac are rare. Xprotect will even block older versions of legitimate software, such as Java or the Flash plugin, that have subsequently proven to be vulnerable to malware attack.

How to remove Mac viruses & malware for free: Xprotect

macOS’s Xprotect system gives a warning when you download malware that it knows about, and tells you exactly what to do.

Cleaning up a malware or virus infection

Think your Mac is infected by malware of a virus? Try these top ten steps to clean things up:

1. No more passwords

From this point forward don’t type any passwords or login details in case a hidden keylogger is running. This is a very common component within malware.

Beware that many keylogger-based malware or viruses also periodically secretly take screenshots, so be careful not to expose any passwords by copying and pasting from a document, for example, or by clicking the Show Password box that sometimes appears within dialog boxes.

2. Keep (mostly) offline

As much as possible from this point onwards you should try and turn off your internet connection by either clicking the Wi-Fi icon in the menu back and selecting Turn Wi-Fi Off, or disconnecting the Ethernet cable if you’re using a wired network.

If possible, keep your internet connection turned off until you’re sure the infection has been cleaned up. This will prevent any more of your data being sent to a malware server. (If you need to download cleanup tools then this obviously might not be possible.)

3. Activity Monitor

If you know for sure you’ve installed some malware – such as a dodgy update or app that pretends to be something else – then make a note of its name, and then quit out of that app by tapping Cmd + Q, or clicking Quit in the menu.

Open Activity Monitor, which you’ll find within the Utilities folder of the Applications list. Use the search field at the top right to search for the app’s name. You might find that it’s actually still running, despite the fact you quit it, so select it in the list and click the X icon at the top left of the toolbar and select Force Quit.

However, most malware authors are wise to this and will obfuscate their code so that it uses non-obvious names, which makes it almost impossible to uncover this way.

4. Shut down and restore

If you can, immediately shut down your Mac and restore from a recent backup, such as one made with Time Machine. (For alternatives to Time Machine, take a look at our roundup of the best backup software & services for Mac.) Obviously, this backup should be from a time before you believe your computer became infected.

After restoring the backup, be careful when rebooting not to plug in any removable storage such as USB sticks you had plugged in earlier when your computer was infected, or to open the same dodgy email, file or app. (Scan removable storage devices via an antivirus app on a Windows computer to remove the Mac malware – even though it’s Mac malware, it will still be spotted by antivirus apps running on other platforms.)

5. Bitdefender

If you can’t restore from a backup, open the Mac App Store and download the free-of-charge Bitdefender Virus Scanner. (If you are willing to spend a little cash then the paid-for version of BitDefender is worth consideration, as are the top picks in our roundup of the best Mac antivirus apps.)

Once it’s downloaded and installed, open the app and click the Update Definitions button, then once that’s completed click the Deep Scan button. Follow the instructions to allow the app full access to your Mac’s hard disk.

6. Credit-card details

If you believe your Mac was infected after opening a particular file or app, obviously you should delete that file permanently by putting it into the Trash, and then emptying the Trash.

If you handed over money at any point for the malware – such as if you paid for what appeared to be a legitimate antivirus app, for example – then contact your credit card company or bank immediately and explain the situation. This is less about getting a refund, although that might be possible. It’s more about ensuring your credit card details aren’t used anywhere else.

7. Clear cache

Again, assuming that you haven’t been able to restore from a backup and have had to scan your Mac using Bitdefender, you should also clear your browser’s cache.

In Safari this can be done by clicking Safari > Clear History, and then selecting All History from the dropdown list. Then click the Clear History button.

In Google Chrome this can be done by clicking Chrome > Clear Browsing Data, then in the Time Range dropdown box selecting All Time. Then click Clear Data.

8. Empty the Download folder

Drag the whole lot to the Trash, and then empty the Trash.

9. Change passwords

Once you’re sure the infection has been cleaned up, change all your passwords. That’s right, we really do mean all of them – including those for websites, cloud services, apps, and so on.

Inform your bank or financial institutions of the infection and seek their advice on how to proceed. Often at the very least they make a note on your account for operatives to be extra vigilant should anybody try to access in future but they may issue you with new details.

10. Reinstall macOS

Sometimes the only way to be sure you’re clean of an infection is to entirely reinstall macOS and your apps from scratch after wiping the hard disk.

Source: How to remove Mac viruses & malware for free – Macworld UK

Martin Lewis slams new Facebook Messenger scam using his name and picture – what to watch out for founder Martin Lewis has said he’s “sickened” by a new scam which tries to trick victims using his name and profile picture on Facebook Messenger.

The worrying new con, which involves the trickster pretending to be Martin and privately messaging people, is the latest disturbing twist in the trend of fakers using Martin’s reputation to try and fool victims into signing up for things such as binary trading scams, or dodgy investments.

Update 7pm Tue 13 Feb. We’re pleased to hear that Facebook has now disabled the account in question for violating its policies. It says: “Fraudulent or misleading activity is not allowed on Facebook and we’re constantly working to detect and shut it down using a combination of automated and manual systems.” However we’re continuing to warn users in case it happens again – let us know if you spot a scam at

See our Fake Martin Lewis Ads guide for a list of scams we’ve seen and what to watch out for.

Martin: ‘This isn’t me – please help me spread the message’

Martin said: “I’m sickened that yet again people are trying to take my good name and reputation and con vulnerable people.

“I don’t use private messages with anybody. Please help me spread the word that this is not me, these people should not be trusted, they are liars and possibly thieves and nobody should have anything to do with them or engage with them in anyway.

“While we have reported this to Facebook I don’t have much faith in its mechanisms to deal with this, and so we have to rely on spreading the message among each other.”

‘No, you’re not Martin’: how the scam unfolded

We were quickly alerted to this latest scam by some savvy MoneySavers, who saw through the con. Here are some of the messages they received:

To be clear, this WASN’T a message from the real Martin, he doesn’t use private messages on Facebook and the messages are completely bogus.

Here’s how to report a message to Facebook

You can report and block dodgy messages you receive in Facebook, but how you do it depends on whether you’re using Facebook itself or its Messenger app:

  • To report a message on Facebook… open the conversation you want to report and click the settings icon, then click ‘report’ and a message will pop up saying you can fill out a full report in the Help Centre. Afterwards you can open the message, click settings and click ‘block’.
  • To report a message on Messenger… you can report a conversation by filling out this form. To block messages, open the conversation, click on the person’s name at the top and then ‘block’.

What are we doing about it?

Unfortunately we get many reports about firms and individuals either impersonating or claiming fake endorsements from Martin and and leeching off the hard-earned trust people have in us.

We have reported this latest scam to Facebook, the Financial Conduct Authority and Action Fraud, and are continuing to warn people as quickly as possible about any new tricks such as this one.

We regularly update the Fake Martin Lewis Ads guide with examples of scams we’ve seen. If you spot a scam using Martin’s name or image, please email our news team.

Source: Martin Lewis slams new Facebook Messenger scam using his name and picture – what to watch out for

Report unauthorised Gypsy and Traveller encampments – Warwickshire County Council – Residents

There is a consistent, county wide approach to managing Unauthorised Encampments within Warwickshire. This approach aims to ensure that the local communities and the travelling communities are treated fairly.

An unauthorised encampment is a site where Gypsy and Traveller, or other unauthorised campers, camp on land they do not own and do not have permission to use.

Next steps

We will need to identify the owner of the land.

If an unauthorised encampment is on County or Highway land, one of our officers would go out to visit the encampment to obtain some basic information before further action is taken.

Based on the information given by the Gypsy and Traveller a decision will be made as to whether the encampment should be allowed to remain for an agreed period and whether to take legal action.

Unauthorised encampments will not be tolerated where:

  • The occupants are known to have previously disregarded the site rules within the county;
  • The encampment is creating a hazard to road safety;
  • There is a danger to public or personal safety or the environment;
  • The encampment is creating an intolerable impact on the employment, use or habitation of adjoining or nearby property;
  • The encampment is too large for its location;
  • The land is needed for use by the Lead Authority or the general public;
  • There has been advice from the Police which suggests that alleged criminal activity is taking place.

Over 700,000 bad apps removed from Google Play store in 2017 – Naked Security

There were a number of stories last year about malicious apps, or those with massive security holes, making their way to Android phones via the Google Play store.

It seems like those high profile stories were just the tip of the iceberg. In an announcement earlier this week, Google said that last year alone it removed 700,000 ‘bad apps’ and stopped 100,000 bad app developers from sharing their apps on the Google Play store. If the app number sounds high, it is: It’s a 70% jump from 2016.

Google classifies ‘bad apps’ as those that have inappropriate content (like pornography), install malware on target operating systems or steal data, or are copycats of other legitimate apps.

Last August, Google rolled out Google Play Protect to stop the ever-increasing number of malicious apps from popping up in Play. Play Protect uses machine learning to continuously figure out what kinds of behaviors bad apps adapt, to try and spot them in the wild.

We reported on a number of the bad apps in the Android ecosystem last year: Some of them installed malware with malicious, persistent pop-up ads, other apps used malware like SonicSpy to steal private data from their users, others went even further and behaved like ransomware on the phone, holding data hostage. These apps often impersonated legitimate, popular apps like WhatsApp and Pokemon GO to convince unwitting users to download and install them, which is why copycat apps aren’t just an intellectual property issue.

What to do?

  • Stick to Google Play. In the post, Google writes that 99% of apps with abusive content were discovered and removed before anyone even downloaded them. Although that still leaves 7,000 bad apps that got through last year, it’s still safest to download apps from the Google Play store than to go rogue and download apps elsewhere online. Many alternative markets are little more than a free-for-all where app creators can upload anything they want, and frequently do.
  • Consider using an Android anti-virus. By blocking the install of malicious and unwanted apps, you’ll be protected even if something slips through the cracks and into the Play store.
  • Avoid apps with a low reputation. If no one knows anything about a new app yet, don’t install it on a work phone, because your IT department won’t thank you if something goes wrong.
  • Patch early, patch often. When buying a new phone model, check the vendor’s attitude to updates and the speed that patches arrive. Why not put “faster, more effective patching” on your list of desirable features.

Source: Over 700,000 bad apps removed from Google Play store in 2017 – Naked Security

Ghost broker scam: Police warn thousands of motorists may have fake car insurance

Men in their 20s are most likely to be targeted by ‘ghost brokers’ who often contact victims on Facebook or Instagram.

Thousands of motorists may be victims of 'ghost brokers'

Thousands of motorists could be unwittingly driving without insurance because of fraudsters known as “ghost brokers” selling fake policies, police have warned.

Detectives received more than 850 reports of the scam in the last three years, with victims losing an estimated total of £631,000, according to City of London officers. But the force said the actual number of victims could be much higher as drivers are often unaware their policy is invalid.

Tactics used by “ghost brokers” include taking out a genuine insurance policy before quickly cancelling it and claiming the refund plus the victim’s money. They also forge insurance documents or falsify a driver’s details to bring the price down, police said.

Men aged in their 20s are most likely to be targeted, with “ghost brokers” often contacting victims on social media including Facebook, Instagram, Snapchat and WhatsApp.

WhatsApp and Facebook messenger icons are seen on an iPhone

They also advertise on student websites or money-saving forums, university notice boards and marketplace websites and may sell insurance policies in pubs, clubs or bars, newsagents and car repair shops.

A national campaign has now been launched to warn drivers to be wary of heavily discounted policies on the internet or cheap insurance prices they are offered directly. Some victims only realise they do not have genuine cover when they are stopped by police or try to make an insurance claim after an accident, detectives said.

Police have taken action in 417 cases linked to “ghost broking” in the last three years, including one man who set up 133 fake policies and another man who earned £59,000 from the scam.

Drivers without valid car insurance are breaking the law and face punishments including fines, points on their driving licence and having their vehicles seized.

Source: Ghost broker scam: Police warn thousands of motorists may have fake car insurance