Category: The Authorities

How to Report a Scam

There are endless scams, but they typically fall into a set of categories which determine how and who you can report them to.

Below is the information relating to the UK, but you will need to seek out the relevant contacts if you are in another country.

If you have transferred money to the scammer in the last 24 hours, tell the police immediately by calling 101 or report online at www.police.uk/pu/contact-the-police/report-a-crime-incident/.

Generally, the Police prefer non immediate scams to be reported to Action Fraud on 0300 123 2040 or online at https://reporting.actionfraud.police.uk

1.         Report an online scam

This is any scam that uses social media, email or websites.

To report a scam email – forward the message to [email protected].

You should report an online scam advert to the Advertising Standards Authority (ASA) at www.asa.org.uk/make-a-complaint/report-an-online-scam-ad.html

You can also report a scam advert to the website where you saw it.

If the scam involves financial services – cryptocurrency, investments, insurance or pensions, report it to the Financial Conduct Authority at  www.fca.org.uk/consumers/report-scam-unauthorised-firm

If you think you’ve been scammed into transferring your pension, contact your pension provider immediately. Then get in touch with The Pensions Advisory Service at www.pensionsadvisoryservice.org.uk/contacting-us

Identity Theft – contact the real company or person to let them know their name is being falsely used.

Any scam using the name HMRC should be reported to them at www.gov.uk/report-suspicious-emails-websites-phishing/report-hmrc-phishing-emails-texts-and-phone-call-scams

2.         Reporting an offline scam

This is usually postal or door-to-door scams and can include telephone and text message scams.

You can report these scams to Citizens Advice Bureau at

www.citizensadvice.org.uk/consumer/get-more-help/report-to-trading-standards/

Trading Standards gathers information about scams so they can take legal action against scammers.

3. Royal Mail

Royal Mail investigates postal scams. If you’ve received something in the post you think is a scam, download the scam mail report form at https://personal.help.royalmail.com/app/answers/detail/a_id/303

Then send the scam mail and the report to ‘Freepost Scam Mail’ or you can call Royal Mail and ask for a pre-paid envelope and the form. You can just email Royal Mail if appropriate.

Email: [email protected]
Telephone: 0800 011 3466

4 Action Fraud

Action Fraud collect scam reports and collate the data and where relevant give the information to the Police or other authorities to follow-up on criminal behaviour.

They can get the National Fraud Intelligence Bureau to investigate some scams. They’ll also give you a crime reference number, which can be helpful if you need to tell your bank you’ve been scammed.

It’s quickest to report a scam to Action Fraud online at www.actionfraud.police.uk/reporting-fraud-and-cyber-crime  but you can also report the scam by phone on 0300 123 2040

Fightback Ninja Signature

HMRC Warning of Tax Threat Calls

Scammers target vulnerable and elderly in cold call tax voucher fraud, warns HM Revenue and Customs (HMRC).

HMRC say that scammers call the victims and impersonate an HMRC member of staff.

“They tell them that they owe large amounts of tax which they can only pay off through digital vouchers and gift cards, including those used for Apple’s iTunes Store”.

Victims are then told to go to a local shop, buy these vouchers and then read out the redemption code to the scammer who has kept them on the phone the whole time.

The conmen then sell on the codes or purchase high-value products, at the victim’s expense. The scammers use vouchers because they are easy to sell on and hard to trace once used. The idea that HMRC demand people pay by vouchers is quite ludicrous and should show the caller to be a scammer.

HMRC says the scammers frequently use intimidation to get what they want, threatening to seize the victim’s property or involve the police.

The vast majority of the victims are aged over 65 and of those who fell for the scam, the financial loss averaged £1,150 each.

As these scammers often prey on vulnerable people. HMRC urge people with elderly relatives to warn them about this scam and remind them that they should never trust anyone who phones them out of the blue and demands they pay a tax bill.

If you suspect that you or a vulnerable or elderly relative has been the victim of this scam or a similar one, you should report it immediately to Action Fraud on 0300 123 2040.

 Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

Government Cyber Resilience Centres

The UK government has assorted plans to do with beefing up cyber resilience as businesses and other organisations across the country increasingly come under attack from hackers.

The government’s creation of local centres for cyber resilience is progressing well.

The Cyber Resilience Centre for the South East (SECRC) is part of the national roll out of Cyber Resilience Centres in the UK which began in 2019.

Lead by Policing, and facilitated by Business Resilience International Management (BRIM), they say that they have followed a structured modular programme based on a highly successful model that had previously been established for over 9 years in Scotland.

They work in structured partnership with regional Policing, Academia, Businesses, Third and Public Sector organisations through a variety of ways:

  1. Security Awareness Training

This is focused on those with little or no cyber security or technical knowledge

  1. Corporate Internet Investigation

This service may be used to learn what is being said on the internet about an organisation, what information employees are releasing, or if there are any damaging news stories, social media posts or associations.

  1. Individual Internet Investigation

These investigations gather information that can be used to support pre-employment checks, to manage potential threats to a Director of an organisation or their families, or to understand more about a specific person of interest.

  1. Remote Vulnerability Assessment

These assessments focus on identifying weaknesses in the way your organisation connects to the internet. Service reporting will provide a plain language interpretation of the results and how any vulnerabilities might be used by an attacker, as well as simple instructions on how any vulnerabilities might be fixed.

  1. Internal Vulnerability Assessment

The assessment will scan and review your internal networks and systems looking for weaknesses such as poorly maintained or designed systems, insecure Wi-Fi networks, insecure access controls, or opportunities to access and steal sensitive data.

  1. Web App Vulnerability Assessment

This service assesses your website and web services for weaknesses. The service reporting will describe in plain language, what each weakness means to your business and the risks associated with each. Service reporting will include plans and guidance on how to fix those weaknesses.

  1. Security Policy Review

This is a review of your current security policy, how it is written and how it is implemented.

  1. Cyber Business Continuity Review

This service offers a review of your business continuity planning and the resilience of your organisation to cyber-attacks such as ransomware or when attackers take control of your core systems.

https://www.secrc.co.uk/contact-us  is the south east SERCR

There are equivalent centres in other regions of the country.

If you have any experiences with this do let me know, by email.

Fightback Ninja Signature

Strong Customer Authentication

New Strong Customer Authentication (SCA) regulations will add an extra layer of security at online checkout making it safer to shop online. This was proposed in 2019 and became law in the UK from September 2021.

As fraud levels in digital payments have risen in Europe, new regulations have followed. Strong Customer Authentication (SCA) has become a key piece of the EU’s Revised Payment Services Directive (PSD2) required by merchants.

PSD2 introduced the concept of Strong Customer Authentication (SCA). The idea is simple: 2 out of 3 elements need to be checked during authentication.

As a customer, this means asked to identify yourself by another means as well as the payment card details e.g. through a passcode sent to your smart phone.

This may become an annoying delay at times but it is to protect your accounts from criminals.

The goals of PSD2

  • Make the European payments market more integrated and efficient
  • Improve the level playing field for payment service providers (including new players)
  • Make payments safer and more secure
  • Protect consumers from fraud

Strong customer authentication demands multi-factor authentication on all payer-initiated payments including at least two of the below methods.

  • Something you know g. pin or password
  • Something you have g. phone or device
  • Something you are e.g. facial scan or fingerprint

If you have any experiences with this new system do let me know, by email.

Fightback Ninja Signature

Microsoft Digital Crimes Unit

Microsoft’s Digital Crimes Unit (DCU) is an international team of technical, legal and business experts that has been fighting cybercrime to protect victims since 2008.

They use their expertise with online criminal networks to uncover evidence to pass onto the appropriate law enforcement agencies throughout the world. They can also disrupt the operational infrastructure used by cybercriminals, through civil legal actions and sometimes by technical means.

DCU has developed strong relationships with local and global law enforcement, security firms, researchers, NGOs and customers to drive scale and fight cybercrime. They also use the evidence they collect to help with the development of technical countermeasures to strengthen the security and safety of Microsoft’s products and services.

Areas of Focus

  1. Tech Support Fraud. These scams are very common as the criminals involved operate this scam on an industrial scale. DCU use data analytics and direct customer complaints to investigate criminal networks engaged in tech support fraud.
  2. Business Email Compromise (BEC). This is where criminals impersonate key people in an organisation e.g. the Finance Director to get an employee to transfer funds to the criminals. BEC is one of the most prolific and costly cybercrime attacks in the world today. According to a 2020 FBI report, BEC attacks were responsible for $1.8B in losses and represent more than 40% of all cybercrime losses.
  3. In 2020, the DCU secured court orders to block malicious web applications targeting business organizations, directed the removal of 744,980 phishing URLs resulting in the closure of 3,546 malicious email accounts used to collect stolen customer credentials obtained through successful phishing attacks.
  4. This is a wide area of criminal activity and DCU focus on identifying and disrupting these criminal activities.
  5. DCU focus on payment systems and disruption of the criminal infrastructure behind these attacks.
  6. Business Operations Integrity. This means supply chains and all systems infrastructure that can be attacked by criminals.

Keep up the good work DCU.

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature

The Effects of Covid on Cyber Security

A recent government survey looks at the effects of the Covid pandemic on companies and charities as they deal with lockdowns, increased online activity and increased levels of cyber attacks and scams.

https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2021/cyber-security-breaches-survey-2021

Some Key Points:

85% of businesses and 80% of charities say COVID-19 has made no change to the importance they place on cyber security although some organisations have increased their investment in IT and cyber security in response to the pandemic. Many organisations adopted new security solutions, including cloud security and multi-factor authentication, or more use of Virtual Private Networks (VPNs).

Changes in Working Practice

Many organisations explained that COVID-19 and the ensuing move to home working initiated substantial changes in their digital infrastructure. This included issuing laptops or tablets to staff, setting up VPNs or using cloud systems and had to quickly approve new software.

The COVID-19 pandemic has made cyber security harder for many organisations, for reasons including:

  • Direct security and user monitoring have become harder in organisations where staff are working remotely.
  • Upgrading hardware, software and systems has also become more difficult. With staff working at home, there are more endpoints for organisations to keep track of.
  • The pandemic had stretched resources and led to competing priorities in IT and cyber security teams.

As the UK emerges from the COVID-19 pandemic, organisations might also consider what more

they can do to manage cyber security risks in a “blended” working environment (i.e. where staff

are regularly working both in offices and at home)

Se the survey for full details at https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2021/cyber-security-breaches-survey-2021

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature