Category: Uncategorized

John Lewis Mastercard Scam

This is Linda’s story.

I had a very plausible chap calling me yesterday saying he was from John Lewis Mastercard and that someone had requested a change to my default phone number. He was calling to check it was actually me.

I said that I hadn’t but he wanted to verify who I was, by asking the typical security questions you get from companies like John Lewis.

This worried me and I told him I wasn’t comfortable continuing the conversation.

He said that if I looked at the display number on the phone it would be the one on my credit card and it was.

Note: this doesn’t prove he is calling from that number as scammers use software to spoof the number i.e. make it look like he was calling from that number.

Anyway, I did stupidly tell him the colour of my credit card (standard security question) but then got suspicious and hung up. Needless to say when I contacted John Lewis on my landline they had not phoned me at all.

Apparently, the scammers can use even quite small pieces of information like that to their advantage. So I guess the lesson is never give any element of security information to anyone calling out of the blue. If it is your bank or credit card company they will not mind you phoning them back-preferably on a different phone to the one you were contacted on.

Stay safe!

Linda’s big tip: Do not call your bank or credit card lender from the same phone as the one you received the call on. ALWAYS use a different phone.

Well done Linda.

If you have any experiences with scammers, spammers or time-waster do let me know, by email.

Fightback Ninja Signature

Stupidest Spam of the Week Free ATM Card

A few weeks ago we published on the Fightback Ninja blog a post about endless scam messages offering free ATM cards with which anyone can withdraw tens of thousands of dollars from any ATM machine.

It is clearly preposterous and is a simple scam to get people to pay a small amount in the hopes of getting a large amount of money free. As you would expect, this is aimed at people who are thoughtless and probably those who are desperate.

Generally these scams die away and are replaced by some new scam theme or a rehash of an old scam theme.

The perpetrator of this scam seems determined to keep it alive and her latest ploy is to keep trying to post exhortations to people to get the free money cards as comments on the Fightback Ninja blog.

Obviously these are all trapped as spam and never show on the blog.

Here’s an extract of the desperation by the scammer.

“I want to testify about Dark Web blank ATM cards which can withdraw money from any ATM machines around the world. I was very poor before and have no job.

I saw so many testimony about how Dark Web hackers send them the ATM blank card and use it to collect money in any ATM machine and become rich.

I email them also and they sent me the blank ATM card. I have use it to get 90,000 dollars. withdraw the maximum of 5,000 USD daily. They is giving out the card just to help the poor.

Hack and take money directly from any ATM machine vault with the use of ATM programmed card which runs in automatic mode”.

We hope she is caught and punished for her criminal actions.

To enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

Time-Wasters Update

Do you want a $100 bill coated in 24 K gold – for free? Sounds too good to be true, because it is a scam of course. But that’s the message in a flood of emails – you have to give the scammer your name, email address and physical address to get the money. There is no money of course, gold plated or otherwise  – all you would get is your name and details added to the suckers list that is passed around between scammers, then you would be flooded with other scams. Golden money is a nice idea though.

An email from Amazon tells me my Prime account is due for resubscription but my credit card details are out of date and I must update them or face the loss of my Prime account. The email isn’t really from Amazon of course as I don’t have a Prime account. It’s from which is obviously not Amazon. If I clicked the link it would take me to a fake website made to look like Amazon and it’s job is to get people’s login and passwords as these sell for a high price.

Another email claiming we owe some business an amount of money. This one says she has tried repeatedly to get in touch with us and we have to pay up or she will start legal proceedings. However, there is no company name, just her title of book-keeper and she addresses us as Dear customer giving away that she has no idea who the email has gone to and has likely been sent to millions of email addresses.   A sad pathetic scammer.

Yet another HMRC grant offer arrives – fake of course. It has an attachment that the scammer wants you to open. No thanks – keep your malware. Strangely this email contains a reference “All content is licensed under Open Government Licence v3.0”. That licence does exist and lets people repeat a government message, but is not relevant in this case as the sender is a scammer not a media outlet informing people of something worthwhile.

Chen Susheng says he came across my name on Linkedin and has something very important to tell me – I just have to reply to his message to find out. It’s simple scam – just trying to find out which email owners are dumb enough to reply to an obviously fake message from someone they have never heard of. Do not reply to people you do not know.

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

Fightback Ninja Signature

Surrey Police Operation Signature

Operation Signature is the Surrey Police campaign to identify and support vulnerable victims of fraud.

Fraud is becoming more complex and deceptive, much of which is targeted at vulnerable and elderly people.

Statistics show that one in five people fall victim to fraud every year and nearly 50 per cent of all adults have been targeted by fraudsters. That shows how common theses scams and how many people fall for their tricks.

Key things to remember

  • Never send or give money to anyone you don’t know or trust.
  • Check people are who they say they are.
  • Don’t share your personal information.
  • Make decisions in your own time – do not be pressurised into a quick response
  • If in doubt phone a relative or a friend for advice.
  • Do not trust anyone who cold calls you about your bank account or a problem with your computer.

Under no circumstances would your bank or police request a card PIN or security details over the telephone, or arrange collection of your bank cards from your home.

Surrey Police have a process for recognising victims of all fraud as victims of crime and providing preventative measures to support and protect them from further targeting. This can include:

  • helping them to change their phone number to an ex-directory number
  • contacting family to suggest power of attorney
  • mail re-direction
  • offering them advice on call blocking devices
  • referring them to other support services

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

Email Delivery Failure Scams

I receive Mail Delivery Failure notices regularly for messages I did not send.

When you get mail from “MAILER-DAEMON” or “Mail Delivery Subsystem” with a subject like “Failed Delivery” or “Unable to Deliver” or “7 Rejected Attempts to Deliver Message” or similar, it means that an email you sent was undeliverable and has been “bounced” back to you.

These may be genuine messages, automatically generated by an error in sending on your email message, but they are often fake and that would indicate a serious problem with hackers and your email address.

If the message is genuine, the most likely reason for a failed delivery is that the email address you entered is invalid. Double-check the spelling of the address you entered or maybe the intended recipient has cancelled that email address.

There are two other main reasons why you might suddenly get a lot of email message delivery failure warnings:-

  1. Your computer has been infected by malware and is being used by criminals to send out mass spam messages without your knowledge. Check your Sent Mail folder to see if this has happened.
  2. A spammer is sending out messages that appear to be from your email address. This is called spoofing and is very common. An expert would see that the emails did not originate with you but most people receiving the messages will blame you and you may get some nasty replies from them.

Spammers send out vast numbers of mail messages, to random email addresses, and that typically means a high rate of failure and hence a lot of failure to deliver messages

If you receive a Mail Deliver Failure notice but have not sent the message, take these steps:-

  1. Change your account password to something more secure. Use a strong password that is easy for you to remember but difficult for other people to guess. (see for further information)
  2. Run a Virus Scan and remove any malware. Make sure your anti-virus is up to date.

There is little you can do to stop hackers faking messages to look like they came from your address, except for deleting the email address so you don’t get any return failure messages.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

Protect Your Online Identity after A Data Breach

If you are informed that your personal information has been compromised by a data breach at an organisation you have an account with then you need to take steps to protect your online identity quickly.

The message from that business will normally explain what data has been compromised and will make recommendations on what you should do. These may include:-

  • Change your password with that organisation immediately and make sure it is a strong password. (see for further information on strong passwords)
  • Alternatively, you may not trust that organisation again and choose to delete your account with them.
  • Review any other accounts at other places that use the same password – change them also immediately.
  • Again, if you find accounts you can do without – then delete them.
  • Monitor your bank and other financial accounts regularly and contact the relevant institution if you spot anything suspect.
  • Review your online security generally
    • Strong passwords
    • Only keep necessary accounts
    • Do not use shared passwords if possible
    • Monitor all financial transactions
  • Consider taking out an identity protection service. There are various types of these available so choose carefully which suits your needs the best

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature