There is concern that victims of previous Computer Software Service Fraud (CSSF) are being re-targeted for “owed money”. The National Fraud Intelligence Bureau (NFIB) reports that CSSF scammers are returning to contact previous victims, requesting that they pay money owed for a fake malware protection service they had provided. Alternatively, the fraudster will ask for a new subscription fee in return for protection from a new threat. The victims that have made payments to the fraudsters have done so via credit/debit card payments. In some instances threatening and aggressive language has been used against victims, as part of the attempt to coerce them into sending money.
Computer Software Service Fraud involves the victim being contacted, told that there is a problem with their computer, and that for a fee this issue can be resolved. The aim of the fraudster at this point is usually to gain remote access to the victim’s computer and, subsequently, access to their online banking account. No fix actually occurs. The victims will often be cold-called or will receive a pop-up on their computer, prompting them to phone the suspect.
Since the beginning of this year (2018), the total loss for repeat victims of CSSF has been reported as £16,712.85. The National Fraud Intelligence Bureau has noticed an increase in such reports since the beginning of May.
• If you receive such an unsolicited call or pop-up, do not make a payment. Always ensure you know who you are talking to. If in doubt, hang up immediately.
Do not allow remote access to your computer.
Don’t be rushed or pressured into making a decision. Under no circumstances would a genuine bank, or another trusted organisation, force you to make a financial transaction on the spot; they would never ask you to transfer money into another account for fraud reasons. Remember to stop and take time to carefully consider your actions.
Listen to your instincts. If something feels wrong then it is usually right to question it. Criminals may lull you into a false sense of security when you are out and about or rely on your defences being down when you’re in the comfort of your own home. They may appear trustworthy, but they may not be who they claim to be.
These fake text messages purport to be from EE and claim that you haven’t paid a bill. The link in the message leads to a phishing website designed to steal your EE account login details, as well as personal & financial information.
Don’t be tricked into giving a fraudster access to your personal or financial details.
Never automatically click on a link or attachment in an unexpected email or text.
The National Fraud Intelligence Bureau has identified an increasing number of reports submitted to Action Fraud from the public concerning courier fraud.
Fraudsters are contacting victims by telephone and purporting to be a police officer or bank official. To substantiate this claim, the caller might be able to confirm some easily obtainable basic details about the victim such as their full name and address. They may also offer a telephone number for the victim to call to check that they are genuine; this number is not genuine and simply redirects to the fraudster who pretends to be a different person. After some trust has been established, the fraudster will then, for example, suggest;
- Some money has been removed from a victim’s bank account and staff at their local bank branch are responsible.
- Suspects have already been arrested but the “police” need money for evidence.
- A business such as a jewellers or currency exchange is operating fraudulently and they require assistance to help secure evidence.
Victims are then asked to cooperate in an investigation by attending their bank and withdrawing money, withdrawing foreign currency from an exchange or purchasing an expensive item to hand over to a courier for examination who will also be a fraudster. Again, to reassure the victim, a safe word might be communicated to the victim so the courier appears genuine.
At the time of handover, unsuspecting victims are promised the money they’ve handed over or spent will be reimbursed but in reality there is no further contact and the money is never seen again.
Your bank or the police will never:
- Phone and ask you for your PIN or full banking password.
- Ask you to withdraw money to hand over to them for safe-keeping, or send someone to your home to collect cash, PIN, cards or cheque books if you are a victim of fraud.
Don’t assume an email or phone call is authentic Just because someone knows your basic details (such as your name and address or even your mother’s maiden name), it doesn’t mean they are genuine. Be mindful of who you trust – criminals may try and trick you into their confidence by telling you that you’ve been a victim of fraud
Stay in control
If something feels wrong then it is usually right to question it. Have the confidence to refuse unusual requests for personal or financial information.
There has been a sharp rise in fraudsters sending out fake text messages (smishing) and phishing emails claiming to be from TSB. The increase in the number of reports corresponds with the timing of TSB’s computer system update, which resulted in 1.9 million users being locked out of their accounts. Opportunistic fraudsters are using TSB’s system issue to target people with this type of fraud.
Since the start of May there have been 321 phishing reports of TSB phishing made to Action Fraud. This is an increase of 970% on the previous month. In the same reporting period, there have been 51 reports of cybercrime to Action Fraud which mention TSB – an increase of 112% on the previous month.
Fraudsters are commonly using text messages as a way to defraud unsuspecting victims out of money. Known as smishing, this involves the victim receiving a text message purporting to be from TSB. The message requests that the recipient clicks onto a website link that leads to a phishing website designed to steal online banking details.
Although text messages are currently the most common delivery method, similar communications have been reported with fraudsters using email and telephone to defraud individuals.
In several cases, people have lost vast sums of money, with one victim losing £3,890 after initially receiving a text message claiming to be from TSB. Fraudsters used specialist software which changed the sender ID on the message so that it looked like it was from TSB. This added the spoofed text to an existing TSB message thread on the victim’s phone.
The victim clicked on the link within the text message and entered their personal information. Armed with this information, the fraudsters then called the victim back and persuaded them to hand over their banking authentication code from their mobile phone. The fraudsters then moved all of the victim’s savings to a current account and paid a suspicious company.
Don’t assume an email or text is authentic:
Always question uninvited approaches in case it’s a scam. Phone numbers and email addresses can be spoofed, so always contact the company directly via a known email or phone number (such as the one on the back of your bank card).
Clicking on links/files
Don’t be tricked into giving a fraudster access to your personal or financial details. Never automatically click on a link in an unexpected text or email. Remember, a genuine bank will never contact you out of the blue to ask for your full PIN or password.
Every Report Matters. If you have been a victim of fraud or cyber crime, report it to us online or by calling 0300 123 2040.
Visit Take Five and Cyber Aware for more information about how to protect yourself online.