The Which? Investment Scam

Scammers are using the name Which? Magazine to make their scam messages about cyber currency investments seem genuine.

Which? Magazine are clear that they never send emails recommending people buy cybercurrency or any other ‘investment’.

Which? Magazine take these criminal activities very seriously and do everything they can to stop the criminals using the name Which? but it’s difficult to stop them all.

The scam messages typically also include the Which magazine logo and copyright message.

The fake messages use email addresses that are obviously not Which? magazine.

Typically they claim to be advertising ‘Which? Recommended Bonds’ and state that these have ‘been closely vetted by a member of our team’ , then there’s a link to click to see the rates on offer. The link is to a fake website made to look like Which? magazine, but it sends your details to the scammer and there are no bonds etc.

It also states that Which? Bond Rates is an Introducer Appointed Representative of Which? Financial Services Limited. That is untrue.

If you have any experiences with these scams do let me know, by email.

April 10, 2022

Stupidest Scam or Spam of the Week PayPal Fakes

More than four hundred million people now use PayPal for paying on line so scammers target those users with their phishing scams and fake websites.

Most scammers just copy a typical message from PayPal – use the correct layout, grammar, logo, safety messages etc.

But some are as dumb as dog dirt and send ridiculous messages that are obviously fake.

This latest scammer uses terrible grammar, nothing copied from a real PayPal email message and the text makes no sense.

The message is addressed to “USER”

“Your request is pending of your $805.78”.

“If you have not done this then reach us”.

“It will take 2-3 working days to reflect on your statement”.

“Item: HP Deskjet 2050S wifi inkje status: Pending”.

The top of the message says it’s from Pay-Pay and the bottom says its from Pay-Pal.

Both are incorrect as it’s a from a Gmail account which means it’s from a person (i.e. a scammer) not a business.

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

April 9, 2022

Time-Wasters Update

Todd Bowman claims to be the interim General manager at Harrisburg airport in Pennsylvania. He has an abandoned package weighing 110Kg stuffed with money and wants to share it with me. He will pay the United States Non Inspection Charges of $3,700 so I can claim the money and I get to keep 70%. Of course he doesn’t know my name and doesn’t really exist – just a scammer with little imagination trying to catch gullible people.

The lazy scammer’s message just says ‘Earn $10K in as little as 5 days”. There are ways to earn money quickly but they usually need either a lot of capital to invest or are criminal. No thanks.

Half a dozen emails arrived at the radio station with exactly the same contents – just sent to a different made-up email address. “RE: Dispatched PO Material on 06042022. Please note that we dispatched your order from our factory. Herewith is the final invoice packing list”. This scammer doesn’t seem to know the difference between a packing list and an invoice and of course doesn’t know the name of anyone at the radio station as no-one placed an order. The attached file tries to look like a PDF file but is in fact a BZ2 compressed file. Scammers do this to try to get around malware scammers – hoping they cannot read the compressed file. They are wrong.

A message from J. Kirinec tells me that he was looking for an old friend who resides in my country – of course he doesn’t know my name or which country I live in. He says he in charge of ‘medic’ and wants to hear from me if “you are so pleased with you”. Like many scam message it makes no sense and is intended to get a reply from a confused person asking for more information. Just a way for scammers to find the sort of people they want to scam.

Oh dear – an urgent message from the NatWest fraud team arrives – well actually a dozen of them, to different email addresses at the radio station. They all same the same thing – that an unknown computer has tried to access my account and I now must verify the account within 24 hours or it will be cancelled for security reasons. The Verify link actually goes to a website at broad-angry-single.glitch.me which is obviously not NatWest plus I don’t have a NatWest account.

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

April 8, 2022

The UK Online Safety Bill Makes Progress

https://www.gov.uk/government/news/world-first-online-safety-laws-introduced-in-pa

The UK Online Safety Bill marks a milestone in the fight for a new digital age which is safer for users and holds tech giants to account. It will protect children from harmful content such as pornography and limit people’s exposure to illegal content, while protecting freedom of speech.

At least that’s the intention, but these matters are very difficult to codify into law and the online world keeps changing at an ever faster pace.

Key points include:

It will require social media platforms, search engines and other apps and websites allowing people to post their own content to protect children, tackle illegal activity and uphold their stated terms and conditions.
The regulator Ofcom will have the power to fine companies failing to comply with the laws up to ten per cent of their annual global turnover, force them to improve their practices and block non-compliant sites.
Executives whose companies fail to cooperate with Ofcom’s information requests could now face prosecution or jail time within two months of the Bill becoming law, instead of two years as it was previously drafted.

The government significantly strengthened the Bill since it was first published in draft in May 2021. Changes since the draft Bill include:

Making sure all websites which publish or host pornography, including commercial sites, put robust checks in place to ensure users are 18 years old or over.
Adding new measures to clamp down on anonymous trolls to give people more control over who can contact them and what they see online.
Making companies proactively tackle the most harmful illegal content and criminal activity quicker.
Criminalising the sending of unsolicited sexual images to people using social media, known as cyber-flashing
Giving people the right to appeal if they feel their social media posts were removed unfairly
Preventing online scams, such as paid-for fraudulent adverts, investment fraud and romance scammers
Requiring pornography websites to verify their users’ ages

Any firm breaching the rules would face a fine of up to 10% of its turnover, while non-compliant websites could be blocked entirely.

If you have any experiences with these scams do let me know, by email.

April 7, 2022

Likely Loans

Likely Loans are a payday loan operation – part of Oakbrook Finance Ltd.

They typically charge 59.99% APR and to get people who will pay that they target those with poor credit ratings unable to get cheaper loans.

Internet reviews of Likely Loans seem split between those who love the quick access to funds e.g.

“Excellent service. Money within 24hrs and payments taken on regular dates”

and those who think the company are scammers and liars e.g.

“CON AVOID. WORST LOAN COMPANY EVER. RUINED MY CREDIT SCORE EVEN AFTER BEING A LOYAL PAY EXTRA CUSTOMER. HISTORY MEANS NOTHING ..AVOID”

Trustpilot shows 78% excellent reviews so they are pleasing some people.

Manoj Kumar Badale Is the longest serving director of Oakwood and is listed on 76 companies at Companies House – either active or dissolved companies. That’s quite a record and would worry some people.

Pay day loans may be a necessary evil for some people, but are better avoided if at all possible.

If you have any experiences with these scams do let me know, by email.

April 6, 2022

Data Breaches Facts

Hackers break into company computer systems and steal confidential information. i.e. they make copies of it for their own purposes.

The hackers might then ransom the data back to the owner or sell it to a competitor or sell it to other scammers or might make us of it in phishing scams i.e. to get more confidential information which they can then sell to fraudsters.

This is big business and usually it’s the customers of the hacked business that suffer.

We give our private and financial information to companies to do business with them but we expect they will do everything necessary to keep that data secure.

Many companies do have excellent data security but some fall short.

The cost to a company of a data breach can include:-

Creation of contact databases
Regulatory requirements
External experts
Postal costs
Communications set-ups
Audit services
Helpdesk
Legal expenditures
Reimbursement for customers
Cost of cleaning up data

Besides the material costs, there may be reputation damage.

Recent research shows:-

The average cost of a data breach is $3.86 million
The average global total cost per record stolen is $141 but there is huge variance across incidents.
Companies in South Africa and India have the highest chance of data breaches whereas companies in Germany and Canada have the lowest.
The mean time to identify and contain a breach is 280 days
The faster the breach is recognised, then generally the lower the total cost
The increasing use of mobile platforms is increasing the chances of data breaches.

For information on how to recognise a cyber-attack see

https://fightbackonline.org/index.php/business/102-do-you-know-if-your-business-has-been-cyber-attacked

[facts taken from 2020 Cost of Data Breach Study]

If you’ve enjoyed this post or found it useful then do share – click on the post title then scroll down to the social media share buttons.