Cyber Safe Warwickshire – A TV licence phishing scam has driven over 5,000 complaints

A phishing scam using TV licence renewal as bait has been circulating email inboxes around the UK, driving 5,057 complaints according to Action Fraud.

The email, which tricks people into opening it with headings about licence expiry and incorrect information, leads victims through to a page where they’re required to enter their account number, sort code and card verification number – everything needed for scammers to steal money from innocent victims.

In some cases, the page asks for more information that could be used for identity theft or future social engineering, including a name, date of birth, address, phone number, email address and mother’s maiden name.

The emails themselves look worryingly convincing, and headlines like “correct your licensing information” and “your TV licence expires today” feel suitably formal, too. A spokesperson for TV Licencing was quite clear, however: “TV Licensing will never email customers, unprompted, to ask for bank details, personal information or tell you that you may be entitled to a refund.”

TV Licencing’s phishing section of its FAQ has been updated with details of the latest scam, and it’s unequivocal in its instructions: “If you receive a similar email message, please delete it. If you have already clicked the link, do not enter or submit any information.

This isn’t the first time the TV licence has been used as the bait in a phishing campaign. Back in 2017, Action Fraud heard from more than 200 people who have received fake emails promising them a rebate on their licence fee, if they just entered their bank details. Suffice it to say that those that did found themselves losing money, rather than gaining it.

TV Licensing will never:

  • email you to tell you that you’re entitled to a refund.
  • ask you to pay additional money for our services, e.g. when you’re buying a licence or changing your details.

If you do fall victim to an online shopping scam, report what happened to Action Fraud online or via 0300 123 2040.

If you have fallen victim to a local trader, contact Warwickshire Trading Standards, via Citizens Advice Consumer Service on 03454 040 506.

You can also receive support from Warwickshire Victim Support, on 01926 682 693, following any cyber crime.

 

https://www.itpro.co.uk/phishing/32666/tv-licence-phishing-scam

Source: Cyber Safe Warwickshire – A TV licence phishing scam has driven over 5,000 complaints

Common fraud threats

Being aware of common threats, knowing how they work and what to look out for can help to protect you against falling victim to fraud.

Here are some of the common techniques fraudsters attempt to use to trick you into giving away your personal information, banking details or even access to your computer.

Scam emails, texts or social media messages (Also known as Phishing and Malware)

Fraudsters send fake messages which appear to be authentic and from legitimate organisations.

Scam telephone calls (Vishing)

Fraudsters may phone you out of the blue and claim to be from the bank, police, or other reputable organisations, in an attempt to obtain your personal information and banking details.

 Investment scams

Investment scams or get rich quick scams happen when fraudsters pose as pushy salespeople and trick you into putting your money into a fake investment.

 

 

Pension scams

Pension scams happen when fraudsters pose as pension advisors and trick you into releasing your pension early or transferring your money into bogus investments that are guaranteed to grow in value and make you lavish returns.

Romance Fraud Scams

Online dating can be a wonderful way to get to know someone and find love, but it’s also a common way for fraudsters to scam you.

 

Invoice re-direction scams

Invoice re-direction scams can result in losses that run into hundreds of thousands of pounds. It happens when a fraudster tricks a business into changing bank account payee details for a known supplier.

DHL Express ‘Parcel Arrival Notification’ Malware Email

Parcel Delivery Malware Email

This email, which purports to be from DHL Express,  is supposedly a pre-arrival notification for a parcel that has been delivered to your local post office. The email instructs you to click a link to download and print a receipt that you can submit when picking up the parcel. However, the email is not from DHL and clicking the link does not download a parcel delivery receipt. Instead, the link opens a website that harbours malware. Once on the bogus website, you will be instructed to click a “download” button. If you do so, malware may be delivered to your computer. The exact nature of this malware may vary.

This type of attack is often used to distribute ransomware.  Once installed, ransomware can lock all the files on your computer and then demand that you pay a fee to online criminals to receive an unlock code. In other cases, the malware may be designed to steal sensitive information such as banking passwords from the infected computer. In recent years, fake parcel delivery notification emails have been repeatedly used by criminals to distribute various types of malware. Be cautious of any email that claims that you must click a link or open an attached file to view details about a supposed parcel delivery.

An example of the malware email:

From: DHL EXPRESS
Subject: Parcel arrival notification 
Hi [email address],
This is a pre-arrival notification of your parcel to our local post office
Kindly Print/Download your DHL-AWD reciept to be submitted during pick-up.
Print/Download DHL-AWD reciept here
Kindly endeavour to be accurate as possible to reduce time of clearance and recipient confirmation.
Please add our email to your contact to guarantee inbox delivery. | 2018 DHL Express | Customer Service |

‘LinkedIn Update’ Phishing Scam Email

If you use LinkedIn, keep an eye out for an email that claims you must click a link to update your account. The email, which has the subject “LinkedIn Update” claims that LinkedIn is updating its “Services Agreement and Privacy.

The message warns that your account will be deactivated if you do not click the link and update your account. However, LinkedIn did not send the email and your account will not be deactivated if you don’t click the link. Instead, the email is a phishing scam that is designed to steal your LinkedIn account login details. If you click the link, you will be taken to a fraudulent website that has been built to emulate the real LinkedIn login page. Once on the fake site, you will be asked to enter your account email address and password to log in. After entering your details, you’ll see a message claiming that you’ve successfully completed the supposed update.

Online criminals can now use the information you provided to hijack your LinkedIn account. Once they have gained access to your account, the criminals can use it to send spam, scam, and malware messages to your LinkedIn contacts in your name.  They may also gather more of your personal information from your account and use it to pose as you and attempt to steal your identity. LinkedIn users are regularly targeted in such phishing scams.

LinkedIn has information about phishing scams and how to report them on its website.

Nasty Scam Mail Costing Warwickshire Residents Thousands

Nasty scam mail containing false promises of good luck and riches are being targeted by Warwickshire County Council’s Trading Standards Service this July as part of Scams Awareness Month 2017.

Warwickshire Trading Standards are aware of many scam mail victims, some of whom have lost thousands to bogus clairvoyants and scam lotteries.

One elderly Leamington Spa resident was sending money to so many scam mail fraudsters that she couldn’t afford to pay her utility bills and fell in to debt. She was constantly promised big prize pay-outs, but this was really a ruse to sell her cheap ornaments and other products she didn’t really want or need. Another Leamington resident paid out over £12,000 in the course of a year and was sending between £500 and £1000 each month to receive her ‘prizes’. She had received scam letters from the USA and Australia, telling her she had won large prizes in lotteries and prize draws.

A man from Rugby who had savings of over £20,000 found himself in debt after sending money to postal scam fraudsters who had promised that he had won cars, lotteries and other prizes, despite the fact that he had never entered any competitions!

A South Warwickshire resident paid out over £1000 is a single month to postal fraudsters who she believed were her ‘friends’. She was told she had won a large sum of money, but instead, the fraudsters were actually selling her huge quantities of vitamin pills. In a similar case another resident was reported to have been bombarded with prize draw letters claiming she had won £133,683.64. She sent money to receive her prize, but in reality, this simply paid for some cakes and biscuits, no ‘winnings’ ever materialised.

At another residents property, Trading Standards Officers recovered over 29 bags of scam mail and in North Warwickshire a postal scam victim was regularly  sending £20 notes in the post to ‘claim a prize’ and had revealed his bank account and card numbers to fraudsters.

Warwickshire County Councillor Howard Roberts, Portfolio Holder for Community Safety said:

“We’ve all seen them, envelopes stamped ‘Euro Lottery Winner’, ‘Official Government Award’ or ‘Good Luck Inside’ and most of us will immediately consign them to the recycling bin.  Unfortunately though some people do respond, sending money, cheques and in some cases their bank account numbers and PINS. These people are then drawn in to the scam, paying out ever more money in the hope of receiving a pay-out that will never come.”

“In Warwickshire, our Trading Standards Officers are working locally with Royal Mail postal workers and nationally with the National Scams Team to identify and support these victims, intercepting their letters and returning their money.”

Most postal scams rely upon the recipient believing they have won a lottery prize or are entitled to a gift or Government pay-out, in return for an ‘administration fee’. In reality, the cash prize or pay-out never materialises and the ‘gift’ is usually worth considerably less than the cost of receiving it. Some postal scams, particularly those sent by bogus clairvoyants are more sinister, frightening recipients into paying out for ‘lucky charms’ to avoid receiving bad luck, which it is claimed, might endanger themselves or their families.

The names and addresses of those who respond regularly to scam mail are shared or sold on, leading to victims to being bombarded with even more bogus post.

Across the UK reports of scams and frauds have risen by 8% this year to an estimated 3.6 million cases. UK residents are believed to lose over £10 billion to frauds and scams each year.

How to Protect Yourself and Your Loved Ones from Scam Mail

  • Always ignore letters with offers that sound too good to be true, they probably are.
  • Be wary of letters that tell you to keep things a secret or instruct you to act quickly
  • Never provide bank details to people you don’t know and don’t share personal details or official documents
  • You can’t win a competition you didn’t enter
  • Never send money to receive a prize or Government pay out
  • Receiving large amounts of post or items such as cheap jewellery or ‘lucky’ objects can suggest the person is a postal scam victim. Keep an eye on friends and family.
  • Fraudsters buy names and addresses from marketing companies. Don’t divulge your personal details in marketing surveys, questionnaires, competitions and prize draws at home, online or in the street.
  • Make sure your details are not added to the ‘Edited Electoral Register’ (sold for marketing purposes)
  • Stay up to date with the latest local scam warnings. Sign up to the free Trading Standards email alert service at: warwickshire.gov.uk/scams or follow us on Twitter: https://twitter.com/WarksTSS

Make a consumer complaint

The Citizens Advice Consumer Service provides free, confidential and impartial advice on consumer issues. Call the Citizens Advice Consumer helpline on 03454 04 05 06 (English language).

“Google Docs” Worm Ransacks Gmail Users’ Contact Lists – What You Need to Know

What’s happened?
You may well be one of the millions of internet users who received a dangerous email offering to share a Google Docs file with you.

If you made the mistake of clicking on the link, you could start a process that could potentially result in your email archive and contact lists being slurped up in strangers and the same dangerous message being forwarded to everyone in your address book.

Source: “Google Docs” Worm Ransacks Gmail Users’ Contact Lists – What You Need to Know

Email scammers turn their sights on youth football teams | Money | The Guardian

Treasurers of community groups and small charities have been warned to be extremely wary after a youth football club was conned out of more than £28,000 by fraudsters using a fake email scam.

Source: Email scammers turn their sights on youth football teams | Money | The Guardian

Beware of Mystery or Secret Shopper Opportunity Phishing Email Scams

Online users, be aware of mystery or secret shopper email messages like the one below, which claim that the recipients have mystery or secret shopping assignments in their areas and are asked to participate. The email messages are fraudulent, therefore, recipients of the same email messages should not respond to them with their personal information or any other information that is requested by the senders. The fake email messages are being sent by scammers / cybercriminals.

Source: Beware of Mystery or Secret Shopper Opportunity Phishing Email Scams

David’s story | Victim Support

 

When an old friend contacted David through a dating website asking to borrow money to return to the UK, he was happy to help. They got chatting and it wasn’t long before Kerry* had asked him to send £500 towards a plane ticket she urgently needed to buy.

Unfortunately, Kerry wasn’t who she said she was. She was, in fact, a fraudster, who went to great lengths to deceive David; sending copies of immigration papers, a passport and plane ticket.

Source: David’s story | Victim Support

Five Scams That Won’t Make You Laugh on April Fool’s Day

If there’s one day of the year when everyone has their guard up, it’s April Fool’s Day. After all, who can put their hand up and say that they have never been duped by an April Fool’s trick? Some of the classic April Fool’s stunts have gone down in history, such as the BBC’s news report from 1957 showing the annual spaghetti harvest in Switzerland.

Simpler times, you say? Well, 50 years later the BBC pulled a similar stunt – getting Monty Python’s Terry Jones to star in a short documentary revealing the phenomenon of flying penguins. And, like the spaghetti hanging from the branches of trees in southern Switzerland, some people believed it. They believed it because the BBC is a trusted source of information. If some nutter had sat next to you on the bus and tried to convince you that penguins could fly or that you could send a Gmail by making the motion of licking a stamp you probably wouldn’t believe them.

Source: Five Scams That Won’t Make You Laugh on April Fool’s Day