Tesco Bank Fined for Data Breach

Tesco Bank was fined £16.4m by the City watchdog over a cyber-attack it suffered that netted cyber criminals £2.26m.

The Financial Conduct Authority (FCA) said deficiencies at the bank had left account holders vulnerable to the incident. The bank had received a specific warning that was not properly addressed until the attack had started and the response was “too little, too late”.

This is the first time the FCA has issued a fine for a cyber-related incident.

Tesco Bank said that since the incident in November 2016 it had “significantly enhanced” security measures, and apologised to customers.

Mark Steward, executive director of enforcement and market oversight at the FCA, said the fine “reflects the fact that the FCA has no tolerance for banks that fail to protect customers from foreseeable risks”. Banks must ensure resilience against such crime reducing the risk of a cyber attack occurring in the first place, not only reacting to an attack.

Tesco Bank said the cyber attack in 2016 did not involve the theft or loss of any customers’ data but led to 34 transactions where funds were debited from customers’ accounts, and other customers having normal service disrupted.

The bank’s chief executive Gerry Mallon said: “We are very sorry for the impact that this fraud attack had on our customers.”

Banks and other financial institutions must learn that it’s cheaper to build proper protection that wait for a catastrophe to happen.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

November 12, 2018

The Foreign Lottery Insurance Scam

This is a variant on the usual foreign lottery winnings scam.

In this set of messages, you are reported to have won 750,000 Euros on the STAATS AWARD International Program as your email address has been chosen as a winner.

There’s lots of meaningless details about the award, reference numbers etc. then it asks for your details.

This is the typical information that is highly saleable to other scammers: – full name, telephone number, country, age, occupation etc.

The variant in this message is that it goes on to explain that unless you are a Dutch resident, you will need to pay a winnings insurance and notarization fee before collecting your winnings.

So, the scammer wants your personal details to sell plus a commission payment for the non-existent winnings.

If you didn’t enter the lottery then you cannot possibly have won it and any legal Lottery does not charge people to collect their winnings.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

November 11, 2018

Stupidest Scam or Spam of the Week – confused scammer

An email arrived from a confused scammer.

It claims to be from SUPPORT and the email address is palsoft @technetium.be

So that should be a computer support scam of some kind.

However the title is ‘I started last Sunday and I’m already down 2 sizes’ which seems to be a weight reduction scam.

Then it turns into a notification message warning that “You have 6 notifications”

It has a date at the bottom which is very rare on such scam messages as scammers normally re-use the message texts repeatedly and dates can be a give-away. The date is a Tuesday so if the person started a diet and dropped 2 dress sizes in 2 days – that’s even faster than absolute starvation.

This scammer is clearly very confused or as dumb as a turnip.

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

November 10, 2018

Time-Wasters Update

“Fat Melting Elixir”. Drop 37 pounds in 20 days. This is all possible with a soup detox so the email claims. The soup trains your hormones to burn more fat as you get older while eating as much as you want. Sad pathetic lies from a sad pathetic scammer.

An Act Now alert from Nat West. My account has been suspended as it may have been accessed from a previously unrecognised location. I don’t have a Nat West account so it doesn’t bother me.

A confidential fax sent to my email address. Nope – just a fraudster trying to get me to open an attached file. No thanks.

Greg Lawrence says he is an SEO consultant i.e. expert in getting websites to the top of Google searches. He lists a whole set of problems with my website and wants to help me to get to the top of those searches. But his list includes:-

Low online presence for many keywords. True but irrelevant. It’s not worth concentrating on every possible keyword.
Stumpy image optimisation – Don’t know what a stumpy image is and couldn’t care less.
Deprived website – does that mean my website had a deprived upbringing? Or is it a misspelling maybe?
Inappropriate social media campaign – this moron is desperate to put anything down as a problem but simply stringing words together to make meaningless sentences won’t convince anyone with a more brain cells than an amoeba.

The sender is a loser who thinks he can make money from people who know even less than he does.

Good day says Mauro, who thinks my resume is very attractive and has a vacant position in his company that is ideal for me. Apparently, it can be part-time or full-time and pays up to $7,000 per month. There is no company, and no jobs, just a chancer trying to steal from people genuinely looking for job opportunities.

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

November 9, 2018

Fraud Investigation

There are many private investigators, fraud protection businesses, cyber-crime specialists etc. who may be able to help if you are the victim of a fraud. This is usually only for business fraud as few individuals have the resources to employ professionals in this field.

One such specialist business is Requite Solutions. Their website is at www.requitesolutions.com/

Requite say they are cybercrime, fraud prevention and investigation specialists – a London based consultancy service operating globally.

They employ senior fraud detectives, cybercrime investigators, and former armed surveillance operatives who have years of experience tackling cybercrime, money laundering, organised, and business crime.

They provide high quality penetration testing by CREST certified penetration testers. Our teams of experts work manually to find more of the issues that matter.

Asset Tracing & Recovery, Investigation, Hackers,Financial Investigation, Suspect profiling, Evidential packages, Recovery, Dispute resolution.

Requite Say businesses should choose them because of the following:-

Criminals are exploiting the advances in technology. Every day both large and small organisations are falling victim to fraud and cyber attacks. If you have experienced fraud or a cyber attack, then you will understand the frustration, stress, and panic that often ensues.

We will gather crucial evidence, trace assets, absorb your stress, and assist with achieving a positive outcome through recovery of assets and/or prosecution.

Staff at your company are often the first line of defence and the importance of training, and continuing education is essential. We can deliver this training in a clear and concise manner.

Ensuring that you are adequately protected against fraud and cyber-attacks is paramount. Failures to address any impending threats could damage your brand and reputation and may result in significant financial losses that are not always recoverable.

If you have any experiences with scammers, spammers or time-waster do let me know, by email.

November 8, 2018

Amazon Fake Reviews

Amazon is the biggest eCommerce operation the world has ever seen with sales of $178 billion in 2017.

One of Amazon’s biggest sales promoters is the use of customer reviews.

If you’re going to buy something on Amazon but want to know what other people think of the product or service then you check the customer reviews and almost always they are genuine.

Amazon spend a lot of time and money ferreting out fake reviews and stopping any businesses that use or promote fake reviews and they say that more than 99% of reviews on its sites are authentic.

That doesn’t stop criminals and idiots trying to find ways around the rules of course.

Recently, organisations have been using Facebook to advertise free Amazon products in return for reviews.

The customer buys the item and is promised a full refund once they have posted a stellar review on Amazon.

It is against Facebook rules for their users to promote fake reviews, but as we all know, Facebook have trouble actually policing content on their platform.

One such Facebook group is “Amazon free product deals between reviewer and seller [UK only]” which is a closed group and describes its purpose as:-

We help Amazon UK sellers to boost up rankings via getting reviews through our gradually building reliable members.

To become a member, you need to commit to review the product with 5* within 5 days of “order”. If this is not done, you would be banned and would miss out from brilliant discounts offered!

That’s clear – you need to give top rating reviews or you are banned from the group.

That’s not how people expect customer reviews to work.

Stop cheating – as we all lose out from that.

If you do check Amazon reviews – make sure to read several and don’t be taken in by the first one your read.

If you’ve enjoyed this post or found it useful then do share – click on the post title then scroll down to the social media share buttons.

November 7, 2018

Financial Loss Due to Fraud

Source: Crime Survey for England and Wales. Office of National Statistics. 2017 data.

Cost	Fraud Involving Financial Loss (%)	Cumulative Loss (%)
Less than £20	9.0	9.0
£20 – £99	30.0	39.0
£100 – £249	18.8	57.9
£250 – £499	14.5	72.3
£500 – £999	10.9	83.2
£1000 – £2,499	9.6	92.8
£2,500 – £4,999	4.2	97.0
£5,000 – £9,999	1.7	98.7
£10,000 – £19,999	0.8	99.4
£20,000 and above	0.6	100.0

You can see from the figures that there were modest losses (less than £100) for 39 % of victims, but at the other extreme, some people lost more than £20,000.

The higher losses are most commonly from frauds involving house purchase and investment fraud.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

November 5, 2018

Action Fraud Scam Calls

The scam typically goes like this:-

The victim receives a cold-call from a fraudster claiming to work for Action Fraud.
When the call is answered, an automated system asks the responder to “press 1 if they have made a report to Action Fraud.”
When the responder presses 1, they are transferred to a fraudster.
The victim is informed that their computer has been hacked and their bank account has been accessed without permission and money taken.
The scammer may ask some simple questions to build trust e.g. are the lights on your router flashing? Do you have credit cards? Do you have more computers in the house?
The scammer may ask the victim to run some programmes on their PC and use the results on screen to ‘prove’ that the computer has been compromised.
The scammer asks for access to the computer and ask the victim to install remote control software to make it possible for the scammer to take control.
Once they can control the computer the scammer can search for financial and personal information an if possible access the victim’s bank account.
Victims discover later on that money has been stolen from their account or maybe days later that someone is spending on their credit card etc.

What Can You Do?

Even if the caller is knows details such as your name or address, don’t give out any personal or financial information during a cold call.

Don’t give a caller remote access to your computer, don’t go to a website they give you and don’t install software they recommend or supply.

Action Fraud does not use an automated machine to speak to victims of fraud, so if you receive a suspicious call, hang up immediately.

If you think your bank or payment card details have been compromised, or if you believe you have been defrauded, contact your bank immediately.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

November 4, 2018

Stupidest Scam or Spam of the Week – Diabetes Cure

“The Real Cause for Diabetes Found” is the title of the email from Mabel.

But, the causes of Diabetes are well known.

Diabetes Type I is genetic and there is currently no cure available. Diabetes type II is failure in the production of insulin to manage sugar levels in the blood, tends to get worse with age and is exacerbated by obesity and poor diet. The cure for type II diabetes is exercise, better diet and weight loss.

But this moron scammer offers a drink whereby all types of diabetes are cured in 2 days.

No chance of that being real. This is just her imagination and greed for others people’s money.

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

November 3, 2018

Time-Wasters Update

An email from Western Union tells me they have a money transfer waiting for me and I just need to tell them my full name, contact address, telephone number, country, passport number etc. to receive that money. This is a standard phishing scam – just after my personal details which can be sold to other scammers. The message is from Mr. Goodluck James. The only good luck is for the scammers if anyone replies.

Travis Stork claims that his wife lost over 50 pounds and she credits it to one fat flushing food exactly one hour before bed. You can lose 14 pounds in 10 days just by adding this to your diet – one hour before bedtime. No. The only thing you would accomplish is furnishing this scammer with your money. Magic diets with no effort NEVER work, especially ones where you can apparently eat anything else you want.

Another message from Yahoo saying my account will be closed if I do not verify my account immediately. Just the usual phishing message – in this case from lateliertana @yahoo.fr which is a Yahoo France personal email address, not from Yahoo itself.

Steve warns that we should never exercise more than 90 minutes per week. That would make life difficult for marathon runners, tennis players and a lot more people but then Steve is presumably a moron for sending out such drivel.

An email that shows lots of other people’s email addresses that have also received the message and only contains a link but no attempt to describe what it is for. The email is from stitchedup22 so at least this scammer has a sense of humour.

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.