Warning over fraudsters using computer virus scam
Police have issued a warning over fraudsters who are hacking into private computers to raid bank accounts or to trick victims into paying to remove fake viruses.
More than 150 people in Essex have fallen victim to the scam in the past two months and more than £60,000 has been stolen.
The tricksters contact their victims by telephone, claiming to be ‘computer software tech support’ experts from well-known companies such as Microsoft.
They claim to have detected a fault on the victim’s home computer and say they can fix the fault by being given remote access control of the device.
In some cases they download a file which they claim is a virus checker and which shows the victim how the computer has allegedly been affected. They then say they will charge a fee of £100 for the ‘work’ but then remove up to £400 from the victim’s bank account.
Other fraudsters have used remote access to infiltrate the victim’s online banking accounts and transfer funds to accounts that then cannot be traced.
DI Lee Morton of the Kent and Essex Serious Economic Crime Unit, said: "The fraudsters claim to be from a variety of computer service companies and say they are from software tech support.
"If remote access is not granted fraudsters may become aggressive. But once given access they will either load a fake virus on to the computer then give the impression that they have removed it, or they will gain access to bank accounts.
"The problem is that these crimes are not detected for weeks or months when the money taken as a fee or money taken from bank accounts actually shows on bank statements.
"However, computer firms warn that they never make unsolicited phone calls to request personal or financial information, or to fix your computer.
"If you receive one of these cold calls treat it with scepticism and don’t give out any personal information. The best advice is to hang up straight away.
"If you think your computer has been infiltrated, change your personal passwords and speak to your bank and ask them to change your online account passwords. If you are not sure about checking the computer and changing passwords always use a reputable firm to carry out the work.”
Anyone who has lost money to a scam like this should report it to Action Fraud, the National Fraud & Cyber Crime Reporting Centre, on 0300 123 2040.
Holiday booking fraud
Findings from a report by the National Fraud Intelligence Bureau reveal the scale of the crime and expose common tactics used by fraudsters.
The most common types relate to:
Holiday accommodation – According to the report almost a third (30%) of holiday fraud victims in 2013 were scammed by the fraudulent advertisement of holiday villas and apartments, with some arriving at their destination to discover they had nowhere to stay.
Airline tickets – where a customer believes they are booking a flight and receives a fake ticket or pays for a ticket that never turns up. This is the most second most common type of booking fraud, accounting for 21% of holiday booking fraud reported to the police in 2013. Average losses are more than £1000 per victim, with flights to West Africa a particular target.
Package holidays – particularly group, sports and religious packages.
A YouGov poll for ABTA back in 2013 revealed that one in ten consumers (9%) do nothing to research their travel company, such as checking if it is a member of a trade association such as ABTA (which has a code of conduct in place to protect consumers), asking friends and family for recommendations, or running a web search.
ABTA, the NFIB and Get Safe Online have published advice on how to avoid becoming a victim of holiday booking fraud – and on how victims should go about reporting it, including the top tips below:
Do your research
Don’t just rely on one review, do a thorough online search to ensure the company’s credentials. If a company is defrauding people there is a good chance that consumers will post details of their experiences, and warnings about the company, online.
Look for the logo
Check whether the company is a member of a recognised trade body such as ABTA. You can verify membership of ABTA online, at www.abta.com
Stay safe online
Check the web address is legitimate and has not been altered by slight changes to a domain name – such as going from .co.uk to .org
Never pay directly into an owner's bank account. Paying by direct bank transfer is like paying by cash – the money cannot be traced and is not refundable. Where possible, pay by credit card, (or a debit card that offers protection).
You should study receipts, invoices and terms and conditions, and beware of any companies that don’t provide any at all.
Use your instincts
If something sounds too good to be true, it probably is.
Report it – victims should contact Action Fraud on 0300 123 2040 or via www.actionfraud.police.uk
The National Fraud Intelligence Bureau Proactive Intelligence Team has identified that courier fraudsters are identifying themselves to victims on the telephone as Detective Constable Martin BENTON of New Scotland Yard Fraud Department.
No such person exists at the Metropolitan Police.
If you receive a call from someone claiming to be this individual, terminate the call immediately.
- Your bank will never send a courier to your home
- Your bank and the police will never collect your bank card
- Your bank and the police will never ask for your PIN
- If you receive one of these calls end it immediately
If you have been affected by this, or any other scam, report it to Action Fraud by calling 0300 123 2040, or visiting www.actionfraud.police.uk
If you have handed over any details to the fraudster, call your bank and cancel your cards immediately.
If you want to call your bank, then do it from another telephone.
Royal Mail Cyber-Crime Threat
A scam email is currently being sent to victims fraudulently claiming to be from the Royal Mail. The attachment on this email is known to infect the victim’s computer with CryptoLocker ransomware.
One of two email types have been received by the victims, both stating that the Royal Mail are holding an item for the victim and that a response to the email is required to arrange for the item to be resent/collected.
Email Type 1: Email states that they are holding a letter and there will be a £5 per day charge if the letter is not collected. It then instructs the victim to click on a link to get the letter resent. From here the ransomware infects the victims system.
Email Type 2: Email states that a parcel could not be delivered and that it is waiting for collection. A link on the email is provided for further information. The link takes the victim to a page that appears to be part of the Royal Mail website where victims are requested to enter a code (believed to have been in the original email). Once the code has been entered the victim is instructed to download an application, this application downloads the ransomware.
The ransomware encrypts files on the victim’s system and a window appears requesting a payment, to be made in Bitcoins, to decrypt the files. There is further incentive for early payment as the ransom states that the cost of decrypting the files will increase the longer the fine is outstanding.
The victim is asked to pay around £300-£360 initially, rising to £600-£660 if not paid within a period of time.
The victims of this fraud, although primarily individuals, does also include a number of businesses.
Take the following steps to reduce the potential for falling victim to this type of malware:
- Look at who the email is addressed to; is it generic or specifically addressed?
- Look at the quality of the images included on the email. Are they of sufficient high quality that they could come from Royal Mail?
- Do not open attachments from unsolicited emails regardless of who they are from.
- Do not click on the link supplied. Instead, go to the relevant website and log in from there.
- Check the address of any email received to see if it appears legitimate.
- Additional information regarding Royal Mail online security can be found at:
Insider business cyber attacks
The manipulation of business networks and servers by disgruntled or former employees has resulted in individuals using their access to destroy data, steal proprietary software, obtain customer information, purchase unauthorized goods and services using customer accounts, and gain a competitive edge at a new company. The theft of proprietary nformation in many of these incidents was facilitated through the use of cloud storage Web sites, like Dropbox, and personal e-mail accounts.
In many cases, dismissed employees had continued access to the computer networks through the installation of unauthorised remote desktop protocol software. The installation of this software occurred prior to leaving the company.
Disgruntled or former employees can also extort their employer for financial gain by modifying and restricting access to company Web sites, disabling content management system functions, and conducting distributed denial of service attacks.
- Conduct a regular review of employee access and terminate any account that individuals do not need to perform their daily job responsibilities.
- Terminate all accounts associated with an employee or contractor immediately upon dismissal.
- Change administrative passwords to servers and networks following the release of IT personnel.
- Avoid using shared usernames and passwords for remote desktop protocol.
- Do not use the same login and password for multiple platforms, servers, or networks.
- Ensure third party service companies providing e-mail or customer support know that an employee has been terminated.
- Restrict Internet access on corporate computers to cloud storage websites.
- Do not allow employees to download unauthorized remote login applications on corporate computers.
- Maintain daily backups of all computer networks and servers.
- Require employees change passwords to corporate accounts regularly (in many instances, default passwords are provided by IT staff and are never changed).
Email malware alert
The National Fraud Intelligence Bureau (NFIB) has recently recieved a high volume of reports about emails containing a piece of malware purporting to be an invoice or details of a transaction which has taken place.
This alert is disseminated because the specific wording of the email is new and convincing. It contains details of a fake order which appears to have been sent by a legitmate company (the email address of this companies is “spoofed”).
The payment method is always described as having taken place by credit card, with details of a fake transaction number.
The email will state that you can find more detailed information on the purchase in the attached file, many people fall victim to opening the attachment because they can not remember placing an order and wish to find out more. Opening this attachment may infect your computer with a virus.
The telephone numbers being provided at the bottom of the email are not genuine and are often connected to people that have no knowledge of the email or that their number is being used.
An example of this is email is detailed below:
Thank you for using our services!
Your order #1190618185 will be shipped on 30.08.2014.
Date: August 27, 2014. 03:36pm
Payment method: Credit card
Transaction number: 43000F36A771
Please find the detailed information on your purchase in the attached file (order_2014-08-27_14-56-37_1190618185.zip)
Sales Department ******
The NFIB advises people to take the following steps to reduce the potential for falling victim to this type of virus:
- Do not click on any attachments or links within emails unless you are sure that you know who has sent them.
- If you have not recently made an order with the company specified in the email do not open the attachment.
- Check the legitimacy of the email with the company that have supposedly sent it – it is a good idea to find a telephone number for them independently from the email as the phone number provided may be fake or go straight to the suspect.
- Ensure you have up-to-date anti-virus software and perform regular scans.
- If you have opened the attachment be extra vigilant when logging on to online banking and consider having your machine checked by an expert.
- If you think you have been a victim of this type of email you should report it to Action Fraud, the UK’s national fraud and cyber crime reporting centre.
If you do make a report please provide as much detail as you can about the email and any effects it has had on your computer. Additionally if your Anti-Virus software detects any issues in relation to this email please provide us with the details.