Category: The Authorities

Amateur Detective Recovers Stolen Money

Gideon Roseman was scammed out of a lot of money. He had builders working on his home and fraudsters hacked in to the builder’s email system. They sent a message to Roseman purporting to the builder asking for a down payment to start work. Roseman paid £20,400 to what he though was the account of his builder.

The next day his wife Esther found an email from the builder warning his customers that his email had been hacked and Roseman realised his payment had gone to the hackers.

The builder had checked his emails and found messages to a number of customers demanding payment to a bank account he did not recognise.

Roseman said  “I wasn’t filled with optimism when I spoke to my bank, so I felt as though the only way I would get my money back is to take things into my own hands.”. He is a barrister so had a head start over most of us in dealing with the legal system.

He travelled to London the High Court to apply for the fraudster’s bank account to be frozen.

The judge agreed it appeared he had been the victim of fraud and granted the order.

Mr Roseman then contacted Santander’s court orders department and it froze the account.

He soon received another email from the fraudster asking for more money to “cover the VAT” on the work.

Mr Roseman played along and managed to obtain the sort codes and details of another two accounts — one at Barclays and another at Santander.

He then returned to the High Court to get these accounts frozen and the judge again approved his application.

The court ordered Barclays and Santander to release all contact details and bank statements for the frozen accounts and using these, Mr Roseman tracked down £5,655 in several Santander accounts connected to the fraudster and the bank agreed to return the money.

He also noticed the scammer had transferred around £5,000 to a haulage firm which repaid his money.

The bank accounts also revealed £9,150 was transferred out of the fraudster’s account more than 24 hours after Mr Roseman first reported the incident to Barclays.

Barclays denied any delay but later agreed to pay the remaining £9,150.

It added £200 compensation. This left £395 outstanding, which the builder took off his bill.

Mr Roseman said “Hopefully, I’ve shown that despite what the banks might say, it is possible to track down cash after it’s disappeared and get the money back.”

“My advice to scam victims is to act immediately. Call your bank, gather evidence and instruct a solicitor to get to court as quickly as you can to freeze the accounts.”

If you’ve enjoyed this post or found it useful then do share – click on the post title then scroll down to the social media share buttons.

The Royal Mail Deals with Scam Mail

Royal Mail say they take the issue of scam mail very seriously and are  coordinating an industry-wide response to tackle fraudulent mail at its source.

They have developed an industry-wide code of practice and invited all mail operators in the UK to sign-up. This code sets out how the industry can actively work together, and with law enforcement agencies, to tackle the scourge of scam mail.

The Code of Practice

Companies signing up to the code of practice will voluntarily commit to meeting the following obligations:

  1. Actively work together and with law enforcement agencies, to tackle the scourge of scam mail
  2. Proactively share intelligence of confirmed scam mailings and suspected scam mailings
  3. Terminate any mailing identified by law enforcement agencies as being used to attempt to scam the recipients
  4. Include anti-scam terms and conditions in contracts
  5. Forge closer ties with law enforcement agencies and the broader communications community to prevent scams through letters, electronic communications, telephone calls and other means
  6. Provide help and support for victims of scams by sharing information received in our enquiries with appropriate partners including the National Trading Standards Scams Team, law enforcement and other agencies.

What Can You Do?

If you think you or a family member are receiving scam mail, you can report it to Royal Mail by completing a form online and posting it to Royal Mail. https://personal.help.royalmail.com/app/answers/detail/a_id/303 and click on ‘completing an online form’).

The Freepost address is below where you can send the form along with the original envelope and any items of mail you have received that are relevant.

Alternatively, let them know your full name, address and a contact telephone number via the email or telephone options below and they will send you a form to complete together with a prepaid addressed envelope in which to return the form with examples of the scam mail received.

By post:              FREEPOST SCAM MAIL

By Email:            scam.mail@royalmail.com

By Telephone:    03456 113 413 (message service only)

As the largest deliverer of spam and scam letters, it was high time the Royal Mail did something to stop the flood of such items, especially to vulnerable people.

Let’s hope this permanently blocks a large chunk of the spam and scam items.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

The Hearing Clinic Fined £220,000

Claims Management Companies are the ones that make most of the cold calls – on behalf of their clients.

The Claims Management Regulator (part of the Ministry of Justice)  licenses firms and individuals to provide claims management services. It also has the power to take action when a regulated claims management business breaks the Conduct of Authorised Persons Rules.

The CMR received hundreds of complaints from recipients of calls from “The Hearing Clinic” about claims for noise induced hearing loss. Many complainants had previously subscribed to the “do not call” Telephone Preference Service, so the calls breached the Privacy and Electronic Communications Regulations 2003.

Having investigated, the Regulator imposed a £220,000 fine on Aurangzeb Iqbal, the owner of “The Hearing Clinic” and various other businesses including “Industrial Disease Services,” “Hedging Redress,” and “We Claim 4 U.”

Various conditions were also imposed which applied to all claims management services operated under Mr Iqbal’s Regulator licence.

These included having to inform the Regulator on the 5th of every month of each TPS complaint received over the previous month. Mr Iqbal also has to provide the Regulator with full details of all subcontractors he proposes to appoint, plus an explanation and evidence of how he proposes to monitor these suppliers to ensure their compliance.

In its press release, the Regulator reported that from a peak of 3367 in 2011 the number of claims management companies has now fallen to 1752, with 105 having their licences removed in 2014. Further investigations by the Regulator are apparently ongoing and could lead to more sanctions.

Richard Lloyd, from consumer watchdog Which? said: “Hopefully this is the start of a concerted crackdown by Regulators, using their new powers to send a clear message that nuisance calling won’t be tolerated. This company made millions of unwanted calls so we welcome the Claims Management Regulator baring its teeth.

“The size of this fine should make other firms think twice before bombarding people with cold calls. We also need to see senior executives held personally accountable if their company makes unlawful sales calls.”

To complain to the Regulator, go to  https://www.gov.uk/government/groups/claims-management-regulator

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

Disney Lawsuit Over Children’s Information

Amanda Rushing is suing The Walt Disney Company, Disney Electronic Content in a class action filed in California federal court.

She claims Disney is collecting personal information of children and tracking online behaviour and this is contrary to the law.

App developers can track children’s behaviour while they play online games with their mobile devices by obtaining critical pieces of data from the mobile devices, including ‘persistent identifiers,’ typically a unique number linked to a specific mobile device. . These persistent identifiers allow APP creators  to detect a child’s activity across multiple APPS and platforms on the internet and across different devices. This information is then sold to various third-parties who sell targeted online advertising.

The lawyer says that this is exactly the kind of practice the Children’s Online Privacy Protection Act was enacted to prevent. Under COPPA, app developers and any third-parties working with them can’t legally collect personal information about children who are under the age of 13 without verifiable consent from their parents.

“Disney has failed to safeguard children’s personal information and ensure that third-parties’ collection of data from children is lawful”.

Rushing says her daughter was tracked while using the princess pets app, but the suit claims dozens of other games also track their users, including Club Penguin Island, Star Wars: Puzzle Droids, Frozen Free Fall and Disney Emoji Blitz.

Disney says that they have a robust COPPA compliance program, and maintain strict data collection and use policies for Disney apps created for children and families.

As it turns out, Disney had consulted with three partners to insert advertising-specific software into Disney Princess Palace Pets and some of its other applications. This gathers pieces of data and help advertisers detect a user’s activity via persistent identifiers. These persistent identifiers to track someone across multiple devices and apps with the intention of serving targeted ads.

Given this track record, parents and children might want to think carefully about downloading any of Disney’s apps. – stick to watching the movies instead.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

U.S. Charges 14 Over $147 Million Scam

Federal prosecutors criminally charged 14 defendants with involvement in a $147 million stock manipulation scheme orchestrated in a New York boiler room, which swindled dozens of senior citizens and other investors.

Employees of My Street Research, based in Melville, New York, obtained shares at below-market prices from insiders of five public companies, and conducted wash trades and other manipulative trading to drive prices up, according to  acting U.S. Attorney Bridget Rohde.

My Street Research described itself as providing “unbiased stock research” and “top notch, detailed unbiased research.”

Prosecutors instead describe it as a boiler room operation that used high pressure sales tactics to inflate prices of shares which they or co-conspirators owned in a pump and dump operation – pumping up prices, then dumping stock on clients.

Victims were repeatedly pressured in cold calls and emails to buy shares and sign up for stock tips, and five defendants tried to launder $14.7 million of proceeds from the scheme, which ran from January 2014 to recently.

One such email, for the company Grilled Cheese Truck Inc, said “URGENT!!! MUST WATCH THIS LINK REGARDING THE ‘GRILLED CHEESE TRUCK'” and provided a link to a Fox Business Channel video titled “Soup Nazi Hits the Road with New Food Trucks”.

Prosecutors said the defendants Erik Matz, of Mt. Sinai, New York, and Ronald Hardy, of Port Jefferson, New York, managed the alleged boiler room My Street Research, which was previously called Dacona Financial, Power Traders Press and Trade Masters Co.

Other defendants include cold callers, people involved with stock research, and insiders or marketers affiliated with Grilled Cheese Truck, CES Synergies Inc, Hydrocarb Energy Corp, Intelligent Content Enterprises Inc and National Waste Management Holdings Inc, prosecutors said.

If you have any experiences with scammers, spammers or time-waster do let me know, by email.

Warning: Are You on a Sucker List

Scammers trade a list between themselves of people who have fallen for scams and it’s called a “sucker list”.

Sucker lists, which include names, addresses, phone numbers, and other information, are created, bought, and sold by scammers, spammers and some dishonest telemarketers. Scammers know that people who have been tricked once are easier to trick again. As a result, these people are flooded with letters, e-mails and phone calls about inheritances, lottery wins, health cures, investments etc.

In 2015, almost 200,000 people appeared on 13 different “suckers lists” that were seized by fraud investigators. Trading Standards said those listed were being sent mailshots inviting them to take part in lotteries, prize draws, competitions and special offers etc.

The average age of people on the list is 75. You can see how scammers target the elderly and vulnerable.

If you’ve ever been scammed, chances are your name could be on one.

How Do You Know if You’re on a Sucker List?

If you have been scammed online and get more scam messages and mail than others then chances are you are on a suckers list and there is no way to get off the list except by not responding to any scam messages for a long time. Evenetually they may lose interest in you.

How to Avoid Getting on a Sucker List:

Ensure you are registered on all mail and telemarketing opt-out or do-not-call lists.

The following article explains how to do register with the various preference services.

http://www.fightbackonline.org/index.php/fightback/17-how-to-fight-back/30-how-to-stop-spam-letters

Don’t reply to offers of money, miracle cures, competition wins etc. If you didn’t enter a competition then  you cannot have won one.

If you are truly being bombarded, consider changing your email address and/or phone number, and keep them confidential/unlisted.

In 2017, sucker’s lists held by National Trading Standards contained nearly 300,000 names.

If you’ve enjoyed this post or found it useful then do share – click on the post title then scroll down to the social media share buttons.

Anthem Agrees Huge Fine for Data Breach

Anthem Inc., is one of the largest U.S. health insurance companies and it has agreed to settle litigation, over hacking that happened in 2015, for a total of $115 million. The hack compromised  79 million people’s personal information.

Anthem said in February 2015 that an unknown hacker had accessed a database containing personal information, including names, birthdays, social security numbers, addresses, email addresses and employment and income information. The attack did not compromise credit card information or medical information, the company said.

Some of the money will be used to pay for two years of credit monitoring for people affected by the hack. Victims are believed to include current and former customers of Anthem and of other insurers affiliated with Anthem through the national Blue Cross Blue Shield Association.

“We are very satisfied that the settlement is a great result for those affected and look forward to working through the settlement approval process,” Andrew Friedman, a lawyer for the victims, said in a statement.

The Indianapolis-based company did not admit wrongdoing, and there was no evidence any compromised information was sold or used to commit fraud.

Companies do not want the bad publicity of a data breach so most do their best to protect against such events. But some don’t make enough effort and maybe this huge pay-out  will convince them that it’s cheaper to protect the data than it is to fight court cases.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

Starting a Small Claims Court Case

Before starting a small claims case in the courts, you should have made a serious attempt to resolve the problem or your case could be rejected for that reason.

But if that fails, then you need to know who the defendant is – you cannot start a court case without clearly identifying the defendant.  It also makes a great deal of sense to take legal advice before starting a case so you will have a legal opinion on whether you have a winnable case.

The next step is to gather all relevant evidence and if you believe you have a good case then go to the government website https://www.gov.uk/make-court-claim-for-money/overview

The fees involved are for example £100 – £170 for cases where the money in dispute is between £1,000 and £3,000, but the full list of fees is available from that page.

Start your case.

You can start a case on paper rather than online but the fees are higher and the process will take longer.

To use the online service you need to have a Government Gateway login and password. If you don’t have this then get it in advance as it will take days to receive the details in the post. Go to http://www.gateway.gov.uk/ to register.

Make sure you have a strong case before going down this route and make sure you have exhausted other simpler options first.

The steps involved are further outlined in the article http://fightbackonline.org/index.php/guidance/12-explanations/70-using-the-small-claims-court-to-sue-a-scammer

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Teenage Hacker Jailed

Adam Mudd has been jailed for two years for setting up a computer hacking business that caused chaos worldwide.

At 16 he created the Titanium Stresser program, which can be used to attack websites by flooding them with requests until the website crashes. This was used in more than 1.7m attacks on websites including Minecraft, Xbox Live and Microsoft.

He earned £400,000 in US dollars and bitcoins from selling the program to cybercriminals.

Mudd pleaded guilty and was sentenced at the Old Bailey. The judge, Michael Topolski QC, said the effect of Mudd’s crimes had wreaked havoc “from Greenland to New Zealand, from Russia to Chile”. He said that the sentence must have a “real element of deterrent” and refused to suspend the jail term. “I’m entirely satisfied that you knew full well and understood completely this was not a game for fun,” he told Mudd. “It was a serious money-making business and your software was doing exactly what you created it to do.”

The court heard that Mudd, who lived with his parents, had previously undiagnosed Asperger syndrome and was more interested in status in the online gaming community than the money.

Mudd admitted to security breaches against his college while he was studying computer science. The attacks on West Herts College crashed the network, cost about £2,000 to investigate and caused “incalculable” damage to productivity, the court heard.

On one occasion in 2014, the college hacking affected 70 other schools and colleges, including Cambridge, Essex and East Anglia universities as well as local councils.

There were more than 112,000 registered users of Mudd’s program who hacked about 666,000 IP addresses, of which more than 52,000 were in the UK.

He developed the distributed denial of service, or DDoS, software from his bedroom, and started selling it to criminals when he was at school aged 16.

At his sentencing hearing, the court heard the Titanium Stresser programme had 112,298 registered users.

One hacker can cause a great deal of damage intentionally or otherwise and there appears to be a community of hackers sharing knowledge and software.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

General Data Protection Regulation

The 1998 Data Protection Act was passed by Parliament to control the way information is handled and to give legal rights to people who have information stored about them.

Other European Union countries have passed similar laws and there is the complication that often data is held in more than one country.

The General Data Protection Regulation (GDPR)  comes into force in May 2018. It is an EU regulation and takes effect in the UK regardless of the BREXIT situation.

With so many businesses and services operating across borders, international consistency around data protection laws and rights is crucial both to businesses and organisations, and to individuals.

Who does the GDPR apply to?

The GDPR applies to processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.

It  does not apply to certain activities including processing covered by the Law Enforcement Directive, processing for national security purposes and processing carried out by individuals purely for personal/household activities.

It applies to ‘controllers’ and ‘processors’. The definitions are broadly the same as under the Data Protection Act (DPA) – i.e. the controller says how and why personal data is processed and the processor acts on the controller’s behalf. If you are currently subject to the DPA, it is likely that you will also be subject to the GDPR.

If you are a processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. You will have significantly more legal liability if you are responsible for a breach.

However, if you are a ‘controller’, there are still obligations where a ‘processor’ is involved – it places further obligations on you to ensure your contracts with processors comply with the GDPR.

Does the GDPR apply to Personal Data?

Like the DPA, the GDPR applies to ‘personal data’. However, the GDPR’s definition is more detailed and makes it clear that information such as an online identifier – e.g. an IP address – can be personal data. The more expansive definition provides for a wide range of personal identifiers to constitute personal data, reflecting changes in technology and the way organisations collect information about people.

For most organisations, keeping HR records, customer lists, or contact details etc., the change to the definition should make little practical difference. You can assume that if you hold information that falls within the scope of the DPA, it will also fall within the scope of the GDPR.

The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria.

 

Basically, if you are subject to the DPA then you need to plan to ensure compliance with the GDPR .

More information available at http://www.eugdpr.org/