The Card and Payment Crime Unit

The Dedicated Card and Payment Crime Unit (DCPCU) is a proactive operational Police unit with a national remit. It was formed in 2002 in partnership between UK Finance, the City of London Police and the Metropolitan Police.

Their brief is to investigate, target and, where appropriate, arrest and seek successful prosecution of offenders responsible for card, cheque and payment fraud crimes.

In the first half of 2020 the unit disrupted seven organised crime groups, made 70 arrests and secured 30 convictions. Through close collaboration with banks, the telecoms industry and other law enforcement agencies, the unit prevented an estimated £12.5 million of fraud and seized or blocked over £2 million in assets. Also, their partnership with social media platforms led to the identification of accounts that featured posts relating to payment crime and saw more than 500 social media accounts linked to fraudulent activity taken down.

The DCPCU is comprised of officers from the City of London Police and Metropolitan Police as well as banking industry fraud investigators and support staff from UK Finance. It carried out enforcement activity against individuals seeking to use Covid-19 as an opportunity to target victims, executing 25 warrants between March and June 2020.

The DCPCU say they continue to work closely with UK Finance and its members from across the payment industry to tackling the constantly evolving challenges of fraud.

DCPCU recommend that Consumers follow the advice of the Take Five to Stop Fraud campaign to stay safe from fraud, and always question any uninvited approaches to transfer money or give away personal details in case they are a scam.

https://fightback.ninja/take-five-stop-fraud/

If you have any experiences with these scams do let me know, by email.

July 26, 2021

Amazon Brand Protection

Amazon is the biggest retailer on the planet and most of their sales are not actually Amazon products but sold on behalf of other businesses using the Amazon platform and Amazon is a huge target for all sorts of scams and other types of fraud.

Amazon Brand Registry Program

This is Amazon’s way to tie brand owners more closely into Amazon and give them extra functions and services to protect and build on their brand. It is particularly useful if a product maker has multiple retailers selling their products online.

Amazon Describes The Benefits As :

It helps a brand to have control over their product listings
It ensures that the information given about a product is accurate
It helps to increase product sales
It helps protect the brand
It enhances the brand content
It helps improve efficiency
It helps to list the products without UPCs or EANs
It eases the listing of products
It helps create different product variations
It eliminates bad listings
It comes with enhanced customer support
It offers enhanced image search to match any fake logo(s) or product(s) through images

Who Qualifies to Use the Brand Register?

Sellers who sell their products under their brand name
Sellers who are manufacturers
Sellers who are actually private label brand owners
Sellers who produce white label products
Sellers who are actually distributors and who have the authority to own a trademark’s content in Amazon

If you have any experiences with these scams do let me know, by email.

July 25, 2021

Stupidest Spam of the Week Support Grants

There have been endless Coronavirus scams and many have focussed on government grants, income replacement schemes etc. Some are messages that make little attempt to look realistic but some scammers have gone to great lengths to make their messages appear genuine.

This latest set is just a copy of previous scam messages and is obviously fake.

Instead of showing my email address as the recipient it shows ‘no-reply’.

It claims to be from the government and that they have determined I am eligible for a grant, but the sender doesn’t know my name.

Part way through the explanation the grant turns into a tax refund which is totally different from a grant.

The message says I need my driving licence and passport in order to claim online – if I am already identified and eligible for a grant then there would be no need for such documents, especially to have both which would be pointless except to a scammer seeking ID information to sell to other scammers to use in identity theft.

The link to click which supposedly is to the HMRC web site is actually to alive-11cn.net which is clearly not the government.

Finally, the email threatens that any wrong input will be criminally pursued which is an odd phrase and certainly not used by government. And that ‘delibrate’ wrongness is not allowed. A curious misspelling in a world where everyone has a spell checker.

All fake of course, trying to steal from people affected by the pandemic.

To enter your email address and click on the subscribe button on top right to keep up to date with new posts.

July 24, 2021

Time-Wasters Update

There are endless scam emails offering magic remedies to achieve weight loss with no effort. ‘Red |Wine and Fat Loss’ is the title of another one. Supposedly you add a supplement to your glass of wine each evening and your metabolism speeds up resulting in huge weight loss and no hunger or cravings. Obviously complete rubbish.

Some scammers are very professional but many are just total idiots. The email is titled ‘Request from the website’ so it is pretending to be from the radio station website. The email senders address is dorris @ [the radio station] so someone has gone to the trouble of spoofing the sender address. The message is trying to sell swim shorts that change colour when wet, but the scammer has forgotten to add a link to click and replying to the email would simply send a message to a non-existent email address at the radio station. She’s not going to get rich on this scam unless she realises her mistake.

Calvin Harris tells me that “We would like to hire your professional experience and want to inform you that we urgently interested in working with you on a temporary (contract) basis. Get back to us for details on compensation”. He has no idea who I am so is obviously scammer just trying to find out if the email address is active.

An email from Candace Petterfill says she’s interested in a job and I just have to click a link to read her c.v. No thanks – is likely to be a link to a malware site. The message specifies a password for the c.v. which is so you cannot scan the document for malware without opening it first, using the password. Her message also contains multiple 16 digit numbers for which there is no obvious reason – too long to be phone numbers. A dangerous email, to be ignored.

Occasionally at the radio station we get emails from people wanting us to add links to their site from ours, and in return get a reciprocal link. These are only a good idea if the business you’re going to link to is safe and reputable and is some way complementary to your own business. Adding random links to unrelated businesses is a bad practice and can result in a lower place on search engine results.

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

July 23, 2021

The Lazarus Heist

In 2016 North Korean hackers planned a $1bn raid on Bangladesh’s national bank and almost succeeded. It was only down to luck that all but $81m of the transfers were halted.

The hackers prepared meticulously for months, gained access to the systems then waited for months for the exact right moment that would give them the longest window of opportunity.

This was at the start of a weekend, at a holiday time giving them a clear 5 days starting in Bangladesh, then the Fed in New York then the Philippines where much of the money was intended to end up.

They carried out their plan meticulously, but bad luck got in the way.

They had created a number of fake accounts at a bank branch in Jupiter street in Manila but Jupiter was the name of an Iranian ship and that raised red flags in New York and all but $101 million of the transactions were temporarily blocked for investigation.
$20m was to be transferred to a Sri Lankan charity called the Shalika Foundation but the name was misspelt and the transaction blocked
$81 reached a hotel and Casino in the Philippines to be laundered but much was lost in the process

The group got away with around $34 million of the $1 Billion they targeted.

Analysis of the digital fingerprints of the theft point to the government of North Korea, to a group of hackers known as the Lazarus Group.

These are the people believed to have spread the Wannacry ransomware that devastated the NHS in 2017 and also various large organisations around the world.

For more detailed information see https://www.bbc.com/news/stories-57520169

If you have any experiences with these scams do let me know, by email.

July 22, 2021

Is Ledger Wallet Safe

This is about the storage of cyber currency – these things only exist in the digital world so how do you store them?

Normally that is through an online ‘wallet’ where you store the access keys to your currency and those are the only evidence you have of ownership. If the keys are stolen then your cyber currency is also gone.

Most people store the keys on their computer, but some prefer something more secure and choose a hardware wallet e.g. a USB drive with specialised software.

Ledger Nano S claims to be The world’s most popular hardware wallet for cryptocurrency.

Data Breach

Ledger suffered a data breach in 2020 and confidential information on 272,00 customers was released by the hackers.

The hackers included the customers home addresses which puts them at risk of physical attack as some had substantial holdings in cyber currency on their ledger devices.

Phishing Attempts

Ledger users are frequently the targets of phishing attempts. Many scammers go to great lengths to duplicate the ledger website and Ledger email messages. They try to get the users 24 word recovery phrase which would let them take over the account and hence steal the crypto currency.

Fake Wallets

Following the data breach in 2020, some scammers have created fake Ledger Nano wallets and are sending them out to the list of customers they have from the breach.

These fake wallets look similar to the real ones and have tricked people into ‘upgrading’ free of charge to the latest version. Sadly, these fake wallets steal the private keys needed to take the cyber currency.