Action Fraud

ActionFraud is the UK’s national fraud and internet crime reporting centre.

They provide a central point of contact for information about fraud and financially motivated internet crime.

Click here to download a leaflet about Action Fraud

Caller ID Spoofing

ACTION FRAUD on Caller ID “Spoofing”

The scam “cold Callers” have a new and significant weapon in their armoury.  It’s a disturbing development which enables a scam caller to realistically claim to be a bank security official alerting the victim that there is evidence of tampering with their bank account.
Not entirely convinced, a victim challenged the caller for an ID and was able to convince the victim that they were an authentic bank official (in this case Santander).     When asked by the victim “How do I know you are the bank security official ?” –   the caller asked for the victim’s mobile no. and said he’d call back with evidence. With this next call he was able to display on the Caller ID the same phone no that was on the victim’s Santander Bank Card.
The victim still had doubts but was persuaded  by this and the confident handling (a quiet Scottish accent who knew the name of the victim and readily volunteered his own name). The victim then followed instructions to transfer funds to a new Sort Code and Account no. supplied by the fake “bank official”.

In all, some £50,000 was speedily transferred out of the victim’s account. The victim, having some later qualms too late, called Santander and established that the named person was not a member of their staff. The incident is still being investigated by the police and Santander has not undertaken to compensate fully for the recovery of the lost funds.

Help protect yourself from this kind of fraud take precautions as follows :

  • Your bank will never discuss this kind of transaction over the phone.  
  • Before you commit to transferring any funds as requested, you should make a separate call to your known phone number contact with the bank to confirm the authenticity of the caller.  
  • When you do this, firstly ensure that your phone line is clear of the caller (i.e. that you have a proper dialling tone) or use another phone / mobile to ensure you are making proper contact with your bank.

Remember, if you have any doubts about the caller’s authenticity, break off phone contact and carry out your own checks as recommended above.

Click Here to view Caller ID Number Spoofing  Action Fraud Leaflet

Vehicle Online Shopping Fraud

Fraudsters have been advertising vehicles and machinery for sale on various selling platforms online. The victims, after communicating via email with the fraudster, will receive a bogus email which purports to be from an established escrow provider (a third party who will keep the payment until the buying and selling parties are both happy with the deal).

These emails are designed to persuade victims to pay upfront, via bank transfer, before visiting the seller to collect the goods. The emails also claim that the buyer (victim) has a cooling off period to reclaim the payment if they change their mind. This gives victims the false sense of security that their money is being looked after by this trustworthy third party, when in fact it is not and the money has gone straight to the fraudster.

Protect yourself:

  • When making a large purchase such as a new car or machinery, always meet the seller face to face first and ask to see the goods before transferring any money.
  • If you receive a suspicious email asking for payment, check for spelling, grammar, or any other errors, and check who sent the email. If in doubt, check feedback online by searching the associated phone numbers or email addresses of the seller.
  • Contact the third party the fraudsters are purporting to be using to make the transaction. They should be able to confirm whether the email you have received is legitimate or not.
  • False adverts often offer vehicles or machinery for sale well below market value to entice potential victims; always be cautious. If it looks too good to be true then it probably is.

If you have been affected by this, or any other type of fraud, report it to Action Fraud by visiting www.actionfraud.police.uk, or by calling 0300 123 2040.

Smishing by Text

Smishing – the term used for SMS phishing – is an activity which enables criminals to steal victims’ money or identity, or both, as a result of a response to a text message. Smishing uses your mobile phone (either a smartphone or traditional non-internet connected handset) to manipulate innocent people into taking various actions which can lead to being defrauded.
 
The National Fraud Intelligence Bureau has received information that fraudsters are targeting victims via text message, purporting to be from their credit card provider, stating a transaction has been approved on their credit card.
 
The text message further states to confirm if the transaction is genuine by replying ‘Y’ for Yes or ‘N’ for No. 
 
Through this method the fraudster would receive confirmation of the victim’s active telephone number and would be able to engage further by asking for the victim’s credit card details, CVV number (the three digits on the back of your bank card) and/or other personal information.
 
Protect yourself:

  • Always check the validity of the text message by contacting your credit card provider through the number provided at the back of the card or on the credit card/bank statement.
  • Beware of cold calls purporting to be from banks and/or credit card providers.
  • If the phone call from the bank seems suspicious, hang up the phone and wait for 10 minutes before calling the bank back. Again, refer to the number at the back of the card or on the bank statement in order to contact your bank.
  • If you have been a victim of fraud or cyber crime, please report it to Action Fraud at http://www.actionfraud.police.uk/ or alternatively by calling 0300 123 2040

    Scams and Ransomware

    Action Fraud has received the first reports of Tech-Support scammers claiming to be from Microsoft who are taking advantage of the global WannaCry ransomware attack.

    One victim fell for the scam after calling a ‘help’ number advertised on a pop up window. The window which wouldn’t close said the victim had been affected by WannaCry Ransomware.

    The victim granted the fraudsters remote access to their PC after being convinced there wasn’t sufficient anti-virus protection. The fraudsters then installed Windows Malicious Software Removal Tool, which is actually free and took £320 as payment.

    It is important to remember that Microsoft’s error and warning messages on your PC will never include a phone number.

    Additionally Microsoft will never proactively reach out to you to provide unsolicited PC or technical support. Any communication they have with you must be initiated by you.

    How to protect yourself

    • Don't call numbers from pop-up messages.
    • Never allow remote access to your computer.
    • Always be wary of unsolicited calls. If you’re unsure of a caller’s identity, hang up.
    • Never divulge passwords or pin numbers.
    • Microsoft or someone on their behalf will never call you.

    If you believe you have already been a victim

    • Get your computer checked for any additional programmes or software that may have been installed.
    • Contact your bank to stop any further payments being taken.


    Report fraud and cyber crime to Actionfraud.police.uk

    Ransomware Cyber Attack

    Following the ransomware cyber attack on Friday 12 May which affected the NHS and is believed to have affected other organisations globally, the City of London Police’s National Fraud Intelligence Bureau has issued an alert urging both individuals and businesses to follow protection advice immediately and in the coming days.
     
    Ransomware is a form of malicious software (Malware) that enables cyber criminals to remotely lock down files on your computer or mobile device. Criminals will use ransomware to extort money from you (a ransom), before they restore access to your files. There are many ways that ransomware can infect your device, whether it be a link to a malicious website in an unsolicited email, or through a security vulnerability in a piece of software you use.
     
    Key Protect messages for businesses and individuals to protect themselves from ransomware:

    • Install system and application updates on all devices as soon as they become available.
    • Install anti-virus software on all devices and keep it updated.
    • Create regular backups of your important files to a device that isn’t left connected to your network as any malware infection could spread to that too.

     

    Read more: Ransomware Cyber Attack