CYBER CRIME
By Barry Linton 42903890 Essex Police Volunteer, Fraud and Scams Protection team.
The Essex Police Prevent and Protect team have a number of work streams, such as modern slavery, human trafficking, drugs-cuckcooing etc; I am involved helping with cybercrime protection. It is chastening to report that serious organised crime gangs operate on all of these streams, one type of crime often funding another type. The crimes and scams reported on this page are not perpetrated by kids taking a chance, but by serious international and local gangs.
REMEMBER THE KEY WORKSHOP MESSAGES
Spotting Scam Emails
- Is there a personal name salutation, possibly with your account number, or does it merely say “Dear Customer” etc?
- Check the real sending email address, does it really come from the claimed sender?
- If you use a desktop or laptop, the sending email address is shown
- On a phone or tablet device tap on the claimed sender’s name
- Are you being asked to click a link?
- Are they generating an emotion, such as fear, excitement or curiosity as an encouragement to click?
- Is there a sense of urgency to comply?
- If an email or text, are there English spelling or grammatical errors?
If the answer to any one of these questions is Yes, THINK!
Scam phone calls or text messages
These have many of the factors as seen in emails. The calling number on your phone screen is very easy for criminals to spoof, most of the calls actually originate abroad.
When/If you do answer just listen…. SAY NOTHING. Sometimes an automated script starts as soon as you speak. In such cases close the call immediately.
If someone comes on the line listen carefully to their first words. Do they ask to speak to a named person or just go into their script? Butt in and ask who they wish to speak to. If they can’t give your name, close the call.
“We are BT, ‘You have a fault on your Device or Broadband Line’”
Always a scam. Never allow an unsolicited caller to have access to your device, even if they have given you a fictitious story that you have a fault and they can remotely fix it.
Impersonation Frauds
This is now a huge area of growth one of which is calls from "Your Bank".
If your bank, or any other purported authority calls you, such as HMRC and asks you to identify yourself so they can be sure they are talking to the right person YOU MUST SAY NO! and ask them to identify themselves to your complete satisfaction before continuing the conversation. If there is any hesitation on their part, close the call. It is always the caller's job to identify themselves not you. If they quote the Data Protection Act, close the call.
But there is now a new approach, if in doubt call 159. This number will securely put you though to your bank to query the call.
To quote Martin Lewis on Radio 4 recently-
"If someone calls you from your 'bank', and you're not sure it really is your bank, you don't have to go panicking around trying to find the number or dial the number they've given you - you just dial 159, I would give a slight warning...to be totally safe, it's always best to use another phone to dial 159."
Dangers of QR Codes
Quick Response ("QR") codes are everywhere now. See an advert in the paper and just use your phone on the QR code, and it saves all the bother of typing in all the website details. Well, QR codes can do a whole lot more than the simple bar codes you see on your grocery items. A QR code do can many of the things we do with our fingertip on our phones, and that can include changing your phone’s settings without you being aware. The dangers are specific to QR codes situated in a public place like a Car Parking Tariff Notice, or stuck on the corner of a restaurant table so you can immediately order and pay without waiting for anyone to come to your table. Scammers are now sticking identical looking QR codes over the top of the genuine QR code. These scam codes can direct your phone to a fraudulent website or even change your connection from being on 5G mobile (encrypted) data to a nearby Wi-Fi hot-spot set up on a nearby scammer's laptop. In that way the scammer ‘eavesdrops’ your transaction so you will get your parking time/meal order but they will also be able to see your full bank card details. These scams are now increasing in number and sophistication. So, take care when using QR codes. Check if they have been stuck on over another QR code.
Passwords
We have so many these days, sometimes you may need to share some passwords between different accounts. There is no reason why you should not write these down in a book. BUT that book should be well hidden and secured, and not left lying open near your laptop.
BUT ensure your Email password is unique and extremely secured, and must not be used for any other purposes. Scammers who get hold of your email password will log on and change your email password, thereby locking you out. They will then go to many of the accounts to may use under the Id of your email address. They will then use “password forgotten?” resets and change them, thereby locking you out of all your key websites. They have effectively taken over your life.
New Government Legislation
Whenever the Government announces some new legislation, the scammers will right there.
We had this with the Covid Vaccination roll-out (click here, pay the fee and book your session.)
The hardship allowance on your heating bills (Click here to give you bank details to receive the payment).
The new London ULEZ Charge for old cars. (A phoney TfL website created for motorists to pay their £12.50 daily fee) Unfortunately the victims of this scam were considered by the Mayors Office to have not aid the charge and received a £100 Fine.
Facebook "Easy Quizzes"
You may see these all the time on Facebook, shared many times and often sent to you by people you know who have done the quiz. Don’t touch them. At best they collect data about you that is sold on to marketing analytics companies. At worst it could be scammers hoping to find out your personal information and password reset clues. The name of your first school….etc.
ACTION FRAUD
If you are concerned about a potential scam, do not contact your local Police Station. Report it at www.actionfraud.police.uk or call 0300 123 2040. This service is run by City of London Police. Action Fraud pass collated reports out to local Police Forces. Once Covid-19 restrictions are mercifully over, locality.
If there is an urgent incident then call 999 or 101 (local force response).
FIND OUT IF YOUR INFORMATION HAS BEEN COMPROMOSED BY A CORPORATE HACK
Go to www.haveibeenpwned.com Enter your email address and you might see a list of potential hacks of companies you may have used, and the likely information taken. The website now allows you to enter your mobile phone number find out if that has been taken during a hack. It is a fairly technical report and can go back several years.
If you happen to see that your email Password has been hacked in recent times, I would recommend you change that email password asap.
And now for the problem....most u3a members I have met from all over the county do not realise they even have an email password! They assume it is the password, PIN or fingerprint used to get into their device, but it isn't that one. The email password is set up and stored inside the email reader/browser. When I was able to visit people's homes to sort out an email problem the correct email password was often to be found in a little book along with other important passwords, usually written down by a younger family member who set it up. So get them to make the change, do not try to do it yourself unless you really know your way around Settings.....and as said earlier keep your little book of passwords in a secure place not next to your computer!
LINKS TO IMPORTANT WEBSITES AND POLICE PUBLICATIONS
National Cyber Security Centre.