The Impact of Phishing Scams

Phishing scams are where the scammer sends you an email or a text or calls you, claiming to be from the government, the local council, the phone company or your Internet provider, a major retailer etc. aiming to get your confidential information such as login and password details or credit card details etc.

These scams are extremely common with many people receiving numerous such emails or messages each day. Some organisations get hundreds of these scam messages every day and the Internet providers block billions of these messages every day.

For organisations, blocking these messages takes time and resources, but if the criminals get the data they seek, the damage can be long lasting.

A survey of large organisations suggested the cost of such activity averages around $2 million for a 10,000 person company and is attributed as follows:-

Business impact through loss of proprietary information (41%)
Loss of productivity (35%)
Other wider effects (16%)
Damage to reputation (8%)

Prevention is generally easier and cheaper than disaster recovery activities so make sure your organisation has the right systems protection in place and train staff on how to recognise phishing threats.

If you have any experiences with these scams do let me know, by email.

October 18, 2021

Covid-19 Passport Scam

This is a new Covid scam.

The email title calls the message an “Official Notification – NHS COVID-Pass – GOV.CO.UK | COVID_19 Vaccination-Passport | Your GOVnhsoffice.co.uk order of “UK CVD19”

It offers the recipient the opportunity to get a Covid-19 passport which really means a certificate to prove the recipient is vaccinated against Covid-19 and is currently Covid-19 negative.

The government do not send out such emails and private companies are not allowed to offer this.

Most of the message is text copied from various websites about how this is needed to open up travel again.

There is a big green ACCEPT button and a big red REJECT button.

Both of which go to the same link which is at a Japanese domain name that is nothing to do with the UK government.

Scammers often target major problems in the world and have no interest in helping anyone but themselves.

Delete any such messages.

If you have any experiences with these scams do let me know, by email.

October 17, 2021

Stupidest Spam of the Week Fat Burning Coffee

There are endless magic ingredients offered by scammers that supposedly create weight loss – normally without any effort or exercise or even restricting your diet.

Clearly these are all lies, invented by scammers to get your money and/or personal details.

This latest one has the title ‘The death of black coffee’.

It involves a ‘weird trick’ which is common for many of these scams.

It claims that one tiny tweak to your morning coffee puts your body into fat burning mode all day and it takes less than ten seconds.

There are nice photos of hot coffee drinks.

So, this trick is supposed to ‘ignite your metabolism’. No doctor or responsible person would describe a real product using that phrase. Anything that did ‘ignite your metabolism’ would be extremely dangerous as it would mean pushing your body temperature up significantly.

There is a link to click to get the ten second trick.

Never never click on such links in unsolicited emails as it encourages these criminals and you can only lose.

To enter your email address and click on the subscribe button on top right to keep up to date with new posts.

October 16, 2021

Time-Wasters Update

Mr. Phillip Smith claims to be a research assistant for a pharmaceutical company in Spain. He says he has a business proposal to discuss with me, but he doesn’t know my name and his return email address is ps34910036354190811 @ gmail and that is such an obvious scammer address. It would be crazy to reply to such a dumb email.

A text message from Lloyds bank tells me that a new person has been added to my account and if it wasn’t me then I need to click the link to stop this. The link is to lloydbank-beneficary.com which is not Lloyds bank – just a criminal. Check carefully before clicking a link in a text message.

Yet another fake bank message. This one claims to be from Santander warning me that my account needs my contact details updated. The message was sent to a fake email address at the radio station, invented by a scammer who apparently sells made-up email addresses. The email is from santasecurity26.com which is amusing but it’s certainly not Santander.

Commonly, scam emails claim you owe them money and you must download the attached invoice. This latest one has a twist – the message claims I have sent them a remittance for £453.79 but they are not sure what it’s for so I need to get in touch and clarify the situation. The message includes an 0800 freephone number. The message includes one deliberate misspelling as many of these messages do, trying to evade spam filters. “remiattacne” is not the expected way to spell “remittance”. I wont be calling that number or replying to the email message.

Justice Mora sends us a ‘friendly reminder’ that payment is due on an invoice. The email has lots of fake details and says the payment is due after 45 days but also shows a due date that is 32 days after the order was placed. So this scammer either copied the details from another scammer’s emails or is unable to count. The email claims the invoice is for $0007.25 and is for solar panels. That’s some very cheap solar panels. It’s all just lies of course – entirely made up by the scammer.

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

October 15, 2021

Microsoft Digital Crimes Unit

Microsoft’s Digital Crimes Unit (DCU) is an international team of technical, legal and business experts that has been fighting cybercrime to protect victims since 2008.

They use their expertise with online criminal networks to uncover evidence to pass onto the appropriate law enforcement agencies throughout the world. They can also disrupt the operational infrastructure used by cybercriminals, through civil legal actions and sometimes by technical means.

DCU has developed strong relationships with local and global law enforcement, security firms, researchers, NGOs and customers to drive scale and fight cybercrime. They also use the evidence they collect to help with the development of technical countermeasures to strengthen the security and safety of Microsoft’s products and services.

Areas of Focus

Tech Support Fraud. These scams are very common as the criminals involved operate this scam on an industrial scale. DCU use data analytics and direct customer complaints to investigate criminal networks engaged in tech support fraud.
Business Email Compromise (BEC). This is where criminals impersonate key people in an organisation e.g. the Finance Director to get an employee to transfer funds to the criminals. BEC is one of the most prolific and costly cybercrime attacks in the world today. According to a 2020 FBI report, BEC attacks were responsible for $1.8B in losses and represent more than 40% of all cybercrime losses.
In 2020, the DCU secured court orders to block malicious web applications targeting business organizations, directed the removal of 744,980 phishing URLs resulting in the closure of 3,546 malicious email accounts used to collect stolen customer credentials obtained through successful phishing attacks.
This is a wide area of criminal activity and DCU focus on identifying and disrupting these criminal activities.
DCU focus on payment systems and disruption of the criminal infrastructure behind these attacks.
Business Operations Integrity. This means supply chains and all systems infrastructure that can be attacked by criminals.

Keep up the good work DCU.

If you have any experiences with these scams do let me know, by email.

October 14, 2021

Easy To Guess Passwords

Most people have realised that they need to have passwords and pin numbers that can’t be easily guessed – don’t use your birthday or year of birth or the dog’s name or a common word etc.

But latest reports show there are still many people with passwords or pin numbers that are very easy to guess.

28% of people in a recent survey had a password that is in the top 20 most common ones and hence could be guessed very easily.

If they can be easily guessed they you could be hacked and lose money and more.

If your pin number is on the list below then change it urgently.