Vishing ALERT

It is reported that there has been a noticeable increase in vishing frauds against the elderly. Below is a list of recent vishing fraud incidents in Scotland.

1. The victim is contacted by landline or mobile knowing basic details about who they are and who they bank with. The fraudster uses spoofing so the caller phone number matches numbers used by the banks. The fraudster introduces themselves as an employee of the bank and claim there has been suspicious expenditure on their accounts. They convince the victim that they must move their money to ‘safe accounts’ set up for them. The victim thereafter logs into their online banking and transfers all their money into their own current account. From there they are provided with a list of mule accounts and instructed to send the funds to these accounts. Fraudster states the victim will receive new bank cards in the post. 

2. Contact with victim as above. Fraudster then states that bank staff in the victim’s local branch are responsible for intercepting people’s money and stealing it. To catch them the fraudster requires the victim to attend the local branch and make transfers to ‘safe accounts’. By doing so they claim they will see the flow of the funds and be able to identify which staff member is responsible. The victim is schooled in how to answer any questions if challenged by bank staff. The following have been used recently:

• They are sorting out their financial affairs
• The money is for their Grandchildren
• The money is for building contractors

It is reinforced that they must not trust anyone in the branch. Fraudsters also warn victims that it is a criminal offence to tell anyone about the contents of the phone calls.

The victim is also told to describe what they are wearing as the fraudster will be monitoring live CCTV footage of within the branch. On occasions they have been told to keep an open line on their mobile phone so the fraudster can monitor what is being said.

Victims have also been told they will receive a four figure sum for assisting with this investigation. On several occasions they have then followed up with calls pretending to be Police Officers. They have used the genuine name of a financial investigator within the police (who has previously made various media releases available on open source).

The successful levels of social engineering can be demonstrated in the following two very recent examples:

• A recent vishing fraud resulted in an elderly female attending at a local Bank on three occasions in one afternoon. On each occasion the fraudster even insisted she took taxis and not the bus. In total £36,000 was transferred over the three visits. The victim was only challenged once but provided the answer that the money was for her Grandchildren. The victim thereafter believed a fictitious Police Officer would be attending to take a statement causing a delay in any reporting.
• An elderly male was victim of social engineering over a three week period from fraudsters purporting to be from a specific Bank and the FCA. This resulted in him cashing out his investments into Bank accounts. Thereafter he was instructed to attend another Bank branch which wasn’t his local branch. The male was specifically told to go to this other branch with the reason being that Bank staff in his local branch rotate the branches they work in. The male made an international transfer to Dubai of £600,500. He was schooled to lie to Bank staff if he had been challenged.

3. The victim receives a text message on their smart phone claiming to be from PayPal stating their account has been compromised and they have 36 hours to login and fix this. There is a fraudulent internet link on the text message. Victim clicks this link and is taken to a fake PayPal page where they ultimately unwittingly provide the fraudsters with their PayPal details.

The victim is later called using spoofing technology. The fraudster claims to be from a Fraud Team of their bank and question fictitious spending at Argos (or similar). The fraudster thereafter states the victim’s account has been compromised via PayPal and they must move their money to a safe account. The victim thereafter is talked through how to do this via online banking. At this stage, the fraudster may have gained remote viewing access to the victim’s computer via spyware. The fraudster may go through direct debits and recent expenditure on the victim’s account. The victims bank account names on their online banking app had also been changed to ‘locked’ or ‘closed’, further suggesting remote access.

Advice

Requests to move money:
A genuine bank or organisation will never contact you out of the blue to ask for your PIN, full password or to move money to another account. Only give out your personal or financial details to use a service that you have given your consent to, that you trust and that you are expecting to be contacted by.

Clicking on links/files:
Don’t be tricked into giving a fraudster access to your personal or financial details. Never automatically click on a link in an unexpected email or text.

Personal information:
Always question uninvited approaches in case it’s a scam. Instead, contact the company directly using a known email or phone number.

Don’t assume an email or phone call is authentic
Just because someone knows your basic details (such as your name and address or even your mother’s maiden name), it doesn’t mean they are genuine. Be mindful of who you trust – criminals may try and trick you into their confidence by telling you that you’ve been a victim of fraud. Criminals often use this to draw you into the conversation, to scare you into acting and revealing security details. Remember, criminals can also make any telephone number appear on your phone handset so even if you recognise it or it seems authentic, do not use it as verification they are genuine.

Don’t be rushed or pressured into making a decision
Under no circumstances would a genuine bank or some other trusted organisation force you to make a financial transaction on the spot; they would never ask you to transfer money into another account for fraud reasons. Remember to stop and take time to carefully consider your actions. A genuine bank or some other trusted organisation won’t rush you or mind waiting if you want time to think.

Listen to your instincts
If something feels wrong then it is usually right to question it.  Criminals may lull you into a false sense of security when you are out and about or rely on your defences being down when you’re in the comfort of your own home. They may appear trustworthy, but they may not be who they claim to be.

Stay in control
Have the confidence to refuse unusual requests for personal or financial information. It’s easy to feel embarrassed when faced with unexpected or complex conversations. But it’s okay to stop the discussion if you do not feel in control of it.

If you’ve taken all these steps and still feel uncomfortable or unsure about what you’re being asked, never hesitate to contact your bank or financial service provider on a number you trust, such as the one listed on their website or on the back of your payment card

Further advice to protect yourself from cyber scams can be found at “The Little Book of Cyber Scams” http://www.scotland.police.uk/assets/pdf/174967/the-little-book-of-cyber-scams?view=Standard

Other useful sites for advice include:

www.takefive-stopfraud.org.uk

www.getsafeonline.org

If you have been a victim of such a fraud or have information regarding such a fraud please contact Police Scotland on 101 or Crimestoppers on 0800 555 111

TV LICENSING REFUND SCAM

Police have noted an increase in fake TV licensing refund scams. The email usually states that the refund cannot be processed due to “invalid account details”. Always question unsolicited requests for your personal or financial information in case it’s a scam. Never automatically click on a link in an unexpected email or text.

- Check the email contains your name – TV licensing will always include your name in any emails they send you.

Security Warning – SCAMS

Following a recent increase in specific reports from NWS members across Scotland of apparent SCAM attempts from cold callers purporting to be from BT / BT Openreach and attempting to gain personal details and remote access to home computers we are highlighting the following:

These callers suggest there is an issue with the line / internet connectivity or that the service may be withdrawn due to non-payment. The fraudsters then attempt to gain remote access to the computer by asking you to perform certain commands on the computer or they may ask you to make payments over the phone by providing personal information.

These fraudsters may also “spoof” the number they are calling from so that if you dial 1471 you might see a fictitious number that masks the real destination number. They may also offer a call back number to confirm legitimacy of their call and then answer as if you calling BT.

Advice:

• Be suspicious of cold callers relating to security or computer problems even if the caller claims to be from a recognised company
• If unsure, end the conversation. Call the alleged company later using number from official website or literature.
• Don’t give out personal information on the phone to someone you don’t know
• Don’t follow any instruction to type anything into a computer, install software, visit a website or click on a link
• Seek advice from friends or family
• Don’t agree to sign up for anything, give someone your home address, bank or credit card details and under no circumstances let the caller take control of your computer. (This gives them full control of your computer and ultimately access to your personal information)
• If you use a shared computer – be security conscious. Remember, each time you exit your account you should sign out completely by clicking the log off (sign out) link. This means any user following you won’t be able to access your account
• BT offer a network service that deals with nuisance and unwanted calls and provides customers the control to block such calls called BT Call Protect
• There are other call blocker products available such as True Call etc.
• If you have been a victim or suspect you have been a victim of a SCAM contact Action Fraud at www.actionfraud.police.uk or call 0300 123 2040 or call on Police Scotland on 101

Cyber Security Advice

The following advice was recently published in the finance section of a National newspaper. It lists 6 important points worthy of highlighting:

1. Be vigilant. It is a chore but checking your bank statements regularly is essential. Call the bank if unsure about a transaction. Also use a credit checking agency for a one-off free check to ensure no one is using your personal information to set up loans. Agencies include Experian, Equifax and Callcredit.
2. Stay safe with anti-virus software. Although it can be free, consider paying approximately £40 a year for security covering a variety of gadgets. Do not be tempted by “pop-up windows” offering security – these can be a scam. Accept security software updates as they provide ongoing protection.
3. Use a strong password for any online accounts. Picture imaging can help for codes but also consider password manager software.
4. Do not share personal information. Social media may be fun but it is a great place for fraudsters to obtain your private details – photos, birthdays,holidays – that when pieced together can compromise your financial security
5. Be wary of public wi-fi. Fruadsters can hack into it – often offered in cafes or train – to see what you are doing on your laptop or smartphone. Be wary of making payments or accessing bank details when unsure of a connection. Some fraudsters even mimic public wi-fi to get your details.
6. Do not trust websites without first checking the suffix. Fraudsters can steal details and money through bogus websites. They may look official but the final letters often give a clue with regards to authentication. Some fraudulent sites have used ‘co.com’ suffix when the real one is ‘co.uk’. The prefix is worth checking out too. An ‘https’ prefix shows a website that is more secure than one that starts with just ‘http’. The code ‘https’ stands for ‘hypertext transfer protocol secure’

Pension scams

Following an increase in this specific Scam, Action Fraud have posted the following advice.

Pension scammers promise to convert pension funds into cash before retirement, or in some cases they may suggest people can take more than 25% of their pension pot as cash. Pension fraudsters promise to convert pension benefits into cash before age 55.

Criminals are believed to be fraudulently exploiting the pension liberation process in a number of ways. These include failing to advise members of the tax implications of receiving cash from their pension; failing to advise members of the full extent of fees to be paid in relation to any onward investment; falsely representing anticipated levels of returns when  investments are either non – existent or incapable of providing such a return.

The scammers have a variety of tricks to catch you out. They may: 

• claim that you can access your pension pot before age 55 
• approach you out of the blue over the phone, via text message or in person door-to-door 
• entice you with upfront cash 
• offer a free ‘pension review’ or try to lure you in with so-called ‘one-off’ investment opportunities.

Check the facts before you make an irreversible decision. A lifetime’s savings can be lost in a moment.

The Pensions Regulator’s five steps to avoid becoming a victim of a pension scam:

• Cold called about your pension - just hang up!
• Check the credentials of the company and any advisers – who should be registered with the Financial Conduct Authority.
• Ask for a statement showing how your pension will be paid at retirement, and question who will look after your money until then.
• Speak to an adviser that is not associated with the deal you’ve been offered, for unbiased advice.
• Never be rushed into agreeing to a pension transfer.

For more information about pension scams visit The Pensions Regulator website. 

Before you sign anything call The Pensions Advisory Service on 0300 123 1047

The HM Revenue & Customs website highlights the tax consequences of pension liberation to individuals.

If you have been a victim of this type of fraud, report it to Action Fraud by calling us on 0300 123 2040 or by using our online reporting tool.

Adult Support and Protection Campaign - “Seen Something? Say Something”

• Adult harm can take many forms from neglect, physical, psychological, sexual or financial exploitation.
• Adults particularly at risk of harm are those who may not be able to look after themselves through factors such as personal circumstances, physical or learning disability, age or illness and infirmity.
• Act on your suspicions or instincts if you think an adult is being harmed, neglected or exploited.
• It only takes an email or an anonymous phone call to your local social work department to report it, and they will investigate it sensitively
• For advice and support visit :

www.actagainstharm.org

The National Fraud Intelligence Bureau has identified an increasing number of reports submitted to Action Fraud from the public concerning courier fraud.
 

Fraudsters are contacting victims by telephone and purporting to be a police officer or bank official. To substantiate this claim, the caller might be able to confirm some easily obtainable basic details about the victim such as their full name and address. They may also offer a telephone number for the victim to call to check that they are genuine; this number is not genuine and simply redirects to the fraudster who pretends to be a different person. After some trust has been established, the fraudster will then, for example, suggest;
 

- Some money has been removed from a victim’s bank account and staff at their local bank branch are responsible.

- Suspects have already been arrested but the “police” need money for evidence.

- A business such as a jewellers or currency exchange is operating fraudulently and they require assistance to help secure evidence.

Victims are then asked to cooperate in an investigation by attending their bank and withdrawing money, withdrawing foreign currency from an exchange or purchasing an expensive item to hand over to a courier for examination who will also be a fraudster. Again, to reassure the victim, a safe word might be communicated to the victim so the courier appears genuine.
 

At the time of handover, unsuspecting victims are promised the money they’ve handed over or spent will be reimbursed but in reality there is no further contact and the money is never seen again.

Protect Yourself

Your bank or the police will never:

- Phone and ask you for your PIN or full banking password.

- Ask you to withdraw money to hand over to them for safe-keeping, or send someone to your home to collect cash, PIN, cards or cheque books if you are a victim of fraud.

Don’t assume an email or phone call is authentic
Just because someone knows your basic details (such as your name and address or even your mother’s maiden name), it doesn’t mean they are genuine. Be mindful of who you trust – criminals may try and trick you into their confidence by telling you that you’ve been a victim of fraud
 

Stay in control

If something feels wrong then it is usually right to question it. Have the confidence to refuse unusual requests for personal or financial information.

For more information about how to protect yourself online visit

www.cyberaware.gov.uk  and www.takefive.stopfraud.org.uk