Covid-19 Passport Scam

This is a new Covid scam.

The email title calls the message an “Official Notification – NHS COVID-Pass – GOV.CO.UK | COVID_19 Vaccination-Passport | Your GOVnhsoffice.co.uk order of “UK CVD19”

It offers the recipient the opportunity to get a Covid-19 passport which really means a certificate to prove the recipient is vaccinated against Covid-19 and is currently Covid-19 negative.

The government do not send out such emails and private companies are not allowed to offer this.

Most of the message is text copied from various websites about how this is needed to open up travel again.

There is a big green ACCEPT button and a big red REJECT button.

Both of which go to the same link which is at a Japanese domain name that is nothing to do with the UK government.

Scammers often target major problems in the world and have no interest in helping anyone but themselves.

Delete any such messages.

If you have any experiences with these scams do let me know, by email.

October 17, 2021

Stupidest Spam of the Week Fat Burning Coffee

There are endless magic ingredients offered by scammers that supposedly create weight loss – normally without any effort or exercise or even restricting your diet.

Clearly these are all lies, invented by scammers to get your money and/or personal details.

This latest one has the title ‘The death of black coffee’.

It involves a ‘weird trick’ which is common for many of these scams.

It claims that one tiny tweak to your morning coffee puts your body into fat burning mode all day and it takes less than ten seconds.

There are nice photos of hot coffee drinks.

So, this trick is supposed to ‘ignite your metabolism’. No doctor or responsible person would describe a real product using that phrase. Anything that did ‘ignite your metabolism’ would be extremely dangerous as it would mean pushing your body temperature up significantly.

There is a link to click to get the ten second trick.

Never never click on such links in unsolicited emails as it encourages these criminals and you can only lose.

To enter your email address and click on the subscribe button on top right to keep up to date with new posts.

October 16, 2021

Time-Wasters Update

Mr. Phillip Smith claims to be a research assistant for a pharmaceutical company in Spain. He says he has a business proposal to discuss with me, but he doesn’t know my name and his return email address is ps34910036354190811 @ gmail and that is such an obvious scammer address. It would be crazy to reply to such a dumb email.

A text message from Lloyds bank tells me that a new person has been added to my account and if it wasn’t me then I need to click the link to stop this. The link is to lloydbank-beneficary.com which is not Lloyds bank – just a criminal. Check carefully before clicking a link in a text message.

Yet another fake bank message. This one claims to be from Santander warning me that my account needs my contact details updated. The message was sent to a fake email address at the radio station, invented by a scammer who apparently sells made-up email addresses. The email is from santasecurity26.com which is amusing but it’s certainly not Santander.

Commonly, scam emails claim you owe them money and you must download the attached invoice. This latest one has a twist – the message claims I have sent them a remittance for £453.79 but they are not sure what it’s for so I need to get in touch and clarify the situation. The message includes an 0800 freephone number. The message includes one deliberate misspelling as many of these messages do, trying to evade spam filters. “remiattacne” is not the expected way to spell “remittance”. I wont be calling that number or replying to the email message.

Justice Mora sends us a ‘friendly reminder’ that payment is due on an invoice. The email has lots of fake details and says the payment is due after 45 days but also shows a due date that is 32 days after the order was placed. So this scammer either copied the details from another scammer’s emails or is unable to count. The email claims the invoice is for $0007.25 and is for solar panels. That’s some very cheap solar panels. It’s all just lies of course – entirely made up by the scammer.

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

October 15, 2021

Microsoft Digital Crimes Unit

Microsoft’s Digital Crimes Unit (DCU) is an international team of technical, legal and business experts that has been fighting cybercrime to protect victims since 2008.

They use their expertise with online criminal networks to uncover evidence to pass onto the appropriate law enforcement agencies throughout the world. They can also disrupt the operational infrastructure used by cybercriminals, through civil legal actions and sometimes by technical means.

DCU has developed strong relationships with local and global law enforcement, security firms, researchers, NGOs and customers to drive scale and fight cybercrime. They also use the evidence they collect to help with the development of technical countermeasures to strengthen the security and safety of Microsoft’s products and services.

Areas of Focus

Tech Support Fraud. These scams are very common as the criminals involved operate this scam on an industrial scale. DCU use data analytics and direct customer complaints to investigate criminal networks engaged in tech support fraud.
Business Email Compromise (BEC). This is where criminals impersonate key people in an organisation e.g. the Finance Director to get an employee to transfer funds to the criminals. BEC is one of the most prolific and costly cybercrime attacks in the world today. According to a 2020 FBI report, BEC attacks were responsible for $1.8B in losses and represent more than 40% of all cybercrime losses.
In 2020, the DCU secured court orders to block malicious web applications targeting business organizations, directed the removal of 744,980 phishing URLs resulting in the closure of 3,546 malicious email accounts used to collect stolen customer credentials obtained through successful phishing attacks.
This is a wide area of criminal activity and DCU focus on identifying and disrupting these criminal activities.
DCU focus on payment systems and disruption of the criminal infrastructure behind these attacks.
Business Operations Integrity. This means supply chains and all systems infrastructure that can be attacked by criminals.

Keep up the good work DCU.

If you have any experiences with these scams do let me know, by email.

October 14, 2021

Easy To Guess Passwords

Most people have realised that they need to have passwords and pin numbers that can’t be easily guessed – don’t use your birthday or year of birth or the dog’s name or a common word etc.

But latest reports show there are still many people with passwords or pin numbers that are very easy to guess.

28% of people in a recent survey had a password that is in the top 20 most common ones and hence could be guessed very easily.

If they can be easily guessed they you could be hacked and lose money and more.

If your pin number is on the list below then change it urgently.

1234
1111
0000
1212
7777
1004
2000
4444
2222
6969

If you password is ”password” or “123456” or “12345678” then change it urgently.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

October 13, 2021

Ransomware Pay or Not Pay

Ransomware is software designed to block access to your computer device or system by encrypting files and demanding a payment for the unlock key.

This malware typically gets into your device or system through a phishing email or can be through a weakness in your software protection.

Once in, the malware encrypts everything it can find and then issues a warning that payment must be made (usually in Bitcoin) in order to get the decryption key necessary to restore your files.

Businesses and individuals with proper backups and security can usually get around the temporary inconvenience caused by the attack but for many it be a disaster and they have to choose whether to get in an expert to try to recover the systems or to pay the ransom and hope the criminals hand over the decryption key.

Statistics on how many people choose to pay the ransom are hard to find and vary from a few percent to more than half.

The general principle on ransom is to not pay as that would encourage the criminals to keep using the tactic.

There are cases where people chose to pay, only to receive a following larger demand and were never able to get the key.

In other case, people pay and do get the unlock key.

So, it can be a tricky choice – pay and hope to get the key or refuse and cope with the damage caused.

There is no certain answer to this problem, except protect your devices and systems so you never have to make the choice

If you have any experiences with these scams do let me know, by email.