Warnings of email and bank scams - Fri 16 Dec 2016
This has come from a trusted source, namely Sandy Adirondack, today:
Important email/letter scam warnings
I am sending this in an email, rather than putting it on my website where fewer people will see it.
Action Fraud, the UK’s national fraud reporting centre, has warned of three new “phishing” scams – two by email and one by letter – which can put passwords, bank account details and other personal information at risk. Charities may already have received a warning about the email scams from the Charity Commission earlier this week – but the risk applies to all organisations whether charities or not, as well as businesses and individuals. So please publicise as widely as possible, and feel free to forward this email.
If you think your organisation or workplace, or you as an individual, have been affected by any phishing scam or other type of fraud, it should be reported to Action Fraud on 0300 123 2040 or at www.actionfraud.police.uk. To be kept up to date with Action Fraud alerts, sign up at http://tinyurl.com/nwg66xb.
The two new email scams are below – but there are hundreds of others, so stay vigilant, and ensure everyone who deals with emails in your organisation, workplace or home knows the risks. The very first thing my techie son told me when I first got email about 20 years ago was, “Do not ever, ever, ever, under any circumstances whatsoever, click on any link in an email or open any attachment unless you are 1000% certain who it is from and what the link or attachment is! No matter how legitimate it looks!!” (Actually, I’m not sure emails could have attachments back them, so he may have added that bit later.) Over the years I have contacted dozens of people – including my mother, my brother and even the techie son(!) – to confirm that an email that looks like it is from them, but only says something vague like “Thought you would be interested in this”, is actually from them. In each case it was – but you can’t be too careful.
The new crime prevention advice email scam purports to come firstname.lastname@example.org and contains the text “TO THE GENERAL PUBLIC See attached document to read more about crime prevention advice. Regards, Metropolitan Police Service.”
The email includes an attachment titled ‘11212527.zip’. This attachment contains malicious content (malware) which downloads the iSPY key logger to the victim’s device. This key logger records keystrokes, steals passwords stored in web browsers and Skype conversation records, takes pictures via webcam and stores the licence keys of software, such as Microsoft Office and Adobe Photoshop.
The notice of intended prosecution email purports to come from the Greater Manchester Police, with subject heading “Notice of Intended Prosecution” and “NIP - Notice Number” followed by a combination of letters and numbers. The text says the police intend to take proceedings against the driver of a motor vehicle, and gives details of the date and time, location of the speed camera, and vehicle speed.
It is believed that a malicious link is hidden behind the “Check the photographic evidence” line in the email. This link delivers the GOZI/ISFP Banking Trojan malware, which steals online banking log-in details from victims.
I received one of these emails a couple of days ago, but since my car has never been driven in Greater Manchester, I knew it had not been caught by a speed camera there. However, if the email had been from the Metropolitan Police, I might well have fallen victim. I share my car with a friend who lives nearby in London, so I may well have unthinkingly clicked “Check the photographic evidence” before confronting him about speeding in my car ….
These basic principles are adapted from the Charity Commission’s news release on 13 December about the email scams, at http://tinyurl.com/z83tmnw.
Ensure software has up-to-date virus protection. This will not always prevent you from becoming infected, but it’s a whole lot safer than not having it.
Do not click on links or open any attachments you receive in unsolicited emails or SMS messages - fraudsters can “spoof’ an email address to make it look like it’s from a trusted source.
Always install software updates as soon as they become available, as the update will often include fixes for critical security vulnerabilities.
If your current software does not offer an anti-spyware function, consider installing software which does, as this can detect key loggers.
Undertake regular backups of your important files to an external hard drive, memory stick or online storage provider. However, it’s important that the device you back up to is not left connected to your computer, as a malware infection could spread to that device too.
If you suspect your bank or debit/credit card details have been accessed, contact your bank or card provider immediately.
The Commission also recommends that if you are unsure about who an email is from, you should check the email header to identify the true source of communication, and says you can learn how to locate the headers at https://mxtoolbox.com/Public/Content/EmailHeaders/. However, these instructions are intended for finding headers that you are then going to send on to Action Fraud or an internet service provider, so they can identify the account the email was sent from. The headers can be set up to make it look like the email is from the proper person, so the fact that the headers say it is from your mum or techie son does not necessarily mean it is. Unless you know exactly how to interpret the email headers, I do not recommend you trust the headers to show the email is legitimate.
The Action Fraud website (details in second paragraph at top of this message) includes masses of information about preventing, identifying and dealing with scams and more types of fraud than you could imagine.
The Information Commissioner’s Office has guidance on online safety (of all types, not only in relation to scams) at https://ico.org.uk/for-the-public/online/social-networking). There’s also a new blog on ransomware attacks, where a host computer is infected and files are encrypted, then a demand is made for payment to get a decryption key (though here is no guarantee the attacker will release the key. This blog was posted yesterday (15 December) and is at http://tinyurl.com/gqodxz6.
Lloyds customers have been warned to look out for fake bank letters (and no doubt the fraudsters will start sending them from other banks too). The letters are on what appears to be Lloyds headed paper, with the bank’s logo, address and signature from a customer service representative. The letter tells recipients that there have been “unusual transactions” on their personal account and asks them to call a number highlighted in bold to confirm they are genuine. When victims call the number, an automated welcome message is played and the caller is asked to enter their card number, account number and sort code followed by their date of birth. Victims are then instructed to enter the first and last digit of their security number.
This fraud was spotted by the Daily Telegraph who was alerted to it by a reader. On separate occasions the Daily Telegraph ran tests using fake details, and was passed to fraudsters who claimed to be from a Lloyds contact centre. The bank has confirmed that the phone number and letters are fake.
Action Fraud says the letters serve as a warning to question written correspondence from a bank or credit card company, and in case of any doubt to ring the customer service number on the back of their credit/debit card or most recent statement.
Fraudsters in person
And a warning that if within the next few days you see anyone dressed in a red suit with white fur on a roof muttering Ho ho ho, dial 999 immediately. Rather than who you think it is, it might be a burglar trying to get in through your chimney. (But if he’s riding a sleigh with reindeer, it’s probably safe to assume he’s who you think he is.)
And on that seasonal note, Happy holidays!