Take Five Stop Fraud

https://takefive-stopfraud.org.uk

Financial Fraud Action UK is part of UK Finance and is responsible for leading the collective fight against financial fraud on behalf of the UK payments industry. The membership includes banks, credit, debit and charge card issuers, and card payment acquirers in the UK.

They provide a forum for members to work together on non-competitive issues relating to financial fraud. The  primary function is to facilitate collaborative activity between industry participants and with other partners committed to fighting fraud.

Financial fraud losses in the UK totalled £768.8 million in 2016. FFA UK and Her Majesty’s Government believe  encouraging people to take a moment to stop and think can make a difference.

Many people may already know the dos and don’ts of financial fraud- that no-one should ever ask them for their PIN or full password, or ever make them feel pressured into moving money to a ‘safe account’. But, it can be easy to forget this when in a hurry.

After all, trusting people on their word is something everyone tends to do instinctively. If someone says they’re from your bank or a trusted organisation, why wouldn’t you believe them?

Take Five is a national awareness campaign led by FFA UK backed by the Government and delivered with and through a range of partners in the UK payments industry, financial services firms, law enforcement agencies and others.

It urges you to stop and consider whether the situation is genuine – to stop and think if what you’re being told really makes sense.

What FFA UK does

  • Sponsor the Dedicated Card and Payments Crime Unit, an operational police unit, with a national remit.
  • Manage the Industry Strategic Threat Management Process, which provides an up-to-the-minute picture of the threat landscape.
  • Deliver UK-wide awareness campaigns to inform customers about threats and how to stay safe.
  • Manage intelligence-sharing through the industry fraud intelligence hub (Financial Fraud Bureau) and the Fraud Intelligence Sharing System (FISS) which feeds intelligence to police and other agencies in support of law enforcement activity.
  • Inform commentators and policy-makers through a press office and public affairs function.
  • Provide expert security assessments of new technology, as well as the impact of new legislation and regulation.
  • Publish the official fraud losses for the UK payments industry, as well as acting as the definitive source of industry fraud statistics and data.

All of this sounds useful in the fight against fraud.

Take care.

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

Fightback Ninja Signature

The Danger of Online Wish Lists

Christmas is a time when some people make wish lists online and these can be fun but they can inadvertently give away a lot of information to scammers.

Amazon maintains wish lists so in theory other people can buy gifts for you that you do want rather than having to figure out what you might want. Amazon has three levels of privacy – Public, Shared or Private.  Choosing Public lets anyone see the list, Private means just you and shared is where you can choose who gets to see the list.

Allowing this information to be public should be harmless, but people who are trying to steal your identity can use this information to get critical details about you.

Michelle Black works with Hope 4 USA in Ft. Mill. She spends several hours a day helping people recover from ID theft, which is one of the fastest growing crimes.

Black says “A scammer can log into these public websites, public wish lists. From there they might have such information as your city and state, your date of birth, your children’s names and perhaps their dates of birth and they can use that to start putting together the pieces of the puzzle they need to fully steal your identity.”

The thieves then create a fake website by making it look like Amazon or the online wish list company.

They  tell you someone has purchased an item on your list and all you have to do is login to confirm the mailing address.

And if you click on that link and login, the scammer has the information needed to access your account and maybe even for identity theft.

Make sure any online wish list or gift registry is set to Private.

If you’ve enjoyed this post or found it useful then do share – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

How Does Social Engineering Work for Scammers?

In this context, social engineering means to manipulate someone into doing what you want e.g. to type in login and password on a fake website so the scammer gets that information.

So, ‘social engineering’ is the methods used to trick people into doing what the scammers want.

It could be a phishing email asking you to urgently login in to your internet banking account or to call a support number as your computer has been infected with malware or a request from a company executive to urgently transfer money.

Generally, we prefer to trust people so if someone calls saying they are from your bank and they know your name and account – it’s easy to believe rather than to question everything. Maybe you answer their security questions and that gives them the details they need to access your account. It can be as simple and quick as that.

An Example Credit Card Payment Scam

A company selling telecom services receives an email from a possible new customer:

Hello,

This is Bill, I have just moved into the area and I need a new phone line.

Do you accept payment by credit card?

What information do you need in order to quote for the work?

Thanks

Bill

After a reply from the Telecoms Company confirming they do accept credit cards, , Bill’s next email sets up the conditions of the scam.

He’s in hospital waiting on an operation.  Lots of description to make it clear he cannot take phone calls or speak to anyone and very much needs help. He describes what he wants fitted in each room and then describes the removal company that is helping him to move while he’s in hospital and they can let the telecoms company in to do a survey if needed.

The purpose of this is to set-up the Telecoms company to accept an over payment by credit card from Bill then pay the removals company, as they cannot accept credit card payment and Bill can’t pay them any other way while in hospital.

This story is complicated and relies on the kindness of the Telecoms company to take the money and pass it on but also on their desire for business.

The telecoms company agrees, takes the credit card payment and then pays the removals company as per the instructions.  For example taking £1,000 for their work up front and £2,000 to pay to the removals company.

It all sounds quite safe, but then comes the sting.

The card was stolen but not cancelled straightaway and when the credit card company do cancel it then will claim the £3,000 back from the Telecoms Company who will end up out of pocket for the work they’ve done but also for the £2,000 paid to the removals company which was a fake operation.

That’s the credit card over payment scam

There are countless similar stories designed to get the punter to accept an over payment and it never ends well for the punter.

The stories are sometimes rough and have spelling and grammatical mistakes – to elicit sympathy for the scammer and at other times the stories have been polished by repeated use.

NEVER accept an over payment.

Do you have an opinion on this matter? Please comment in the box below.

Fightback Ninja Signature

Mumsnet Fights Back Against Online Fraud

A recent survey by Mumsnet showed that nearly half surveyed are worried about becoming a victim of fraud and ninety percent are not confident they can identify criminal tactics like vishing (making phone calls claiming to be from a reputable company but really seeking confidential information) and smishing (same as vishing but by text message).

More than a third of mums say they are approached up to SIX TIMES PER WEEK by individuals trying to get personal information from them. These approaches are by telephone, email and text messages.

To help tackle the problem, Mumsnet and the “Take Five to Stop Fraud” campaign – a national campaign that offers advice to help consumers prevent financial fraud – have teamed up to help parents confidently challenge criminals out to obtain personal information.

Well Known Scams

Here are some examples of well-known​ ​ ​scams you should be aware of (according to Mumsnet):-

  1. An email from HMRC offering a refund
  2. A call from your bank about fraud asking you to move your money to a safe account
  3. An email from a foreign prince offering untold riches if money is transferred to them now
  4. A message from WhatsApp asking you to input financial information in order to continue to use the service
  5. A call from a broadband provider to say the internet connection is running slow and their engineer can ‘fix’ the problem by taking control of your computer
  6. An email from Amazon asking you to disclose personal information to reactivate your account
  7. A text message offering money off at a supermarket if a link in the message is clicked on
  8. A call from a builder or contractor asking for money to be paid directly to a new bank account
  9. An email from your utility provider offering a refund
  10. A student loans company email stating loans have been suspended due to incomplete student information

Take the time to stop and think before handing over personal information and certainly before paying online for anything.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

Trojan Horse Emails

“Trojan Horse” email is named after the famous huge wooden horse left by the Greeks outside the city of Troy. When taken inside, at night soldiers climbed out of the inside compartments of the horse and opened the city gates leading to its downfall.

A Trojan horse email is one that looks harmless but contains a malicious hidden payload.

They usually offer the promise of something you might be interested in—an attachment

containing a joke, a photograph, or a warning about something important..

When opened, the attachment may do any or all of the following:

  • give a hacker access to your files
  • install software that records your keystrokes and sends the results to an attacker, allowing a hacker to find your passwords and other confidential information
  • install software that monitors your online transactions and activities looking for confidential information

Trojan Horse emails commonly claim to be e-postcards or jokes or something else funny or a news item but they can be anything.

Make sure you have up to date anti-virus and anti-malware installed on all computers

Never click on a link in an email unless you are sure it’s safe.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature

PAX Cyber Coins

Digital currencies  (or cryto currencies)  are big business with BitCoin leading the way and a lot of people have made big money from BitCoin. There are some who lost a lot of course as the price can be highly volatile.

There is a new sort of cyber currency called PAX coins. It’s really a means of betting on other cyber currencies and companies on the PayperEx market but scam emails are circulating about PAX that give a deliberately simplified and misleading view on PAX.

Refer to https://fightbackonline.org/index.php/guidance/12-explanations/92-payperex-exchange-and-pax-cyber-coins for further information on PayperEx and PAX coins.

The scam emails claim ”Finally PAX is here! A True and very special digital coin”

“If you bought 100 dollars where the Bitcoin on that day seven years ago it will be worth 73 million dollars”

And so it goes on linking the past of Bitcoin with the future of PAX, but of course there is no connection or correlation.

PAX coins cannot be bought as such, only traded on PayperEx and the value depends on the value of the items that the PAX coins represent.

Trading on PayperEx is very new and it may be legitimate, but the risks are huge and these emails are just scammers looking for easy money.

Do you have an opinion on this matter? Please comment in the box below.

Fightback Ninja Signature