WelcomeDumfries and Galloway Neighbourhood Watch Information pages
Blog
Links
Blog
RSS
Vishing ALERT
10/24/2018 9:30:25 AM

Vishing ALERT

 

Text Box: Vishing: The fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as bank details or credit card numbers.
Oxford Dictionaries 
It is reported that there has been a noticeable increase in vishing frauds against the elderly. Below is a list of recent vishing fraud incidents in Scotland.

 

1. The victim is contacted by landline or mobile knowing basic details about who they are and who they bank with. The fraudster uses spoofing so the caller phone number matches numbers used by the banks. The fraudster introduces themselves as an employee of the bank and claim there has been suspicious expenditure on their accounts. They convince the victim that they must move their money to ‘safe accounts’ set up for them. The victim thereafter logs into their online banking and transfers all their money into their own current account. From there they are provided with a list of mule accounts and instructed to send the funds to these accounts. Fraudster states the victim will receive new bank cards in the post. 

2. Contact with victim as above. Fraudster then states that bank staff in the victim’s local branch are responsible for intercepting people’s money and stealing it. To catch them the fraudster requires the victim to attend the local branch and make transfers to ‘safe accounts’. By doing so they claim they will see the flow of the funds and be able to identify which staff member is responsible. The victim is schooled in how to answer any questions if challenged by bank staff. The following have been used recently:

  • They are sorting out their financial affairs
  • The money is for their Grandchildren
  • The money is for building contractors

It is reinforced that they must not trust anyone in the branch. Fraudsters also warn victims that it is a criminal offence to tell anyone about the contents of the phone calls.

The victim is also told to describe what they are wearing as the fraudster will be monitoring live CCTV footage of within the branch. On occasions they have been told to keep an open line on their mobile phone so the fraudster can monitor what is being said.

Victims have also been told they will receive a four figure sum for assisting with this investigation. On several occasions they have then followed up with calls pretending to be Police Officers. They have used the genuine name of a financial investigator within the police (who has previously made various media releases available on open source).

The successful levels of social engineering can be demonstrated in the following two very recent examples:

  • A recent vishing fraud resulted in an elderly female attending at a local Bank on three occasions in one afternoon. On each occasion the fraudster even insisted she took taxis and not the bus. In total £36,000 was transferred over the three visits. The victim was only challenged once but provided the answer that the money was for her Grandchildren. The victim thereafter believed a fictitious Police Officer would be attending to take a statement causing a delay in any reporting.
  • An elderly male was victim of social engineering over a three week period from fraudsters purporting to be from a specific Bank and the FCA. This resulted in him cashing out his investments into Bank accounts. Thereafter he was instructed to attend another Bank branch which wasn’t his local branch. The male was specifically told to go to this other branch with the reason being that Bank staff in his local branch rotate the branches they work in. The male made an international transfer to Dubai of £600,500. He was schooled to lie to Bank staff if he had been challenged.

3. The victim receives a text message on their smart phone claiming to be from PayPal stating their account has been compromised and they have 36 hours to login and fix this. There is a fraudulent internet link on the text message. Victim clicks this link and is taken to a fake PayPal page where they ultimately unwittingly provide the fraudsters with their PayPal details.

The victim is later called using spoofing technology. The fraudster claims to be from a Fraud Team of their bank and question fictitious spending at Argos (or similar). The fraudster thereafter states the victim’s account has been compromised via PayPal and they must move their money to a safe account. The victim thereafter is talked through how to do this via online banking. At this stage, the fraudster may have gained remote viewing access to the victim’s computer via spyware. The fraudster may go through direct debits and recent expenditure on the victim’s account. The victims bank account names on their online banking app had also been changed to ‘locked’ or ‘closed’, further suggesting remote access.

 

Advice

Requests to move money:
A genuine bank or organisation will never contact you out of the blue to ask for your PIN, full password or to move money to another account. Only give out your personal or financial details to use a service that you have given your consent to, that you trust and that you are expecting to be contacted by.

Clicking on links/files:
Don’t be tricked into giving a fraudster access to your personal or financial details. Never automatically click on a link in an unexpected email or text.

Personal information:
Always question uninvited approaches in case it’s a scam. Instead, contact the company directly using a known email or phone number.

Don’t assume an email or phone call is authentic
Just because someone knows your basic details (such as your name and address or even your mother’s maiden name), it doesn’t mean they are genuine. Be mindful of who you trust – criminals may try and trick you into their confidence by telling you that you’ve been a victim of fraud. Criminals often use this to draw you into the conversation, to scare you into acting and revealing security details. Remember, criminals can also make any telephone number appear on your phone handset so even if you recognise it or it seems authentic, do not use it as verification they are genuine.

Don’t be rushed or pressured into making a decision
Under no circumstances would a genuine bank or some other trusted organisation force you to make a financial transaction on the spot; they would never ask you to transfer money into another account for fraud reasons. Remember to stop and take time to carefully consider your actions. A genuine bank or some other trusted organisation won’t rush you or mind waiting if you want time to think.

Listen to your instincts
If something feels wrong then it is usually right to question it.  Criminals may lull you into a false sense of security when you are out and about or rely on your defences being down when you’re in the comfort of your own home. They may appear trustworthy, but they may not be who they claim to be.

Stay in control
Have the confidence to refuse unusual requests for personal or financial information. It’s easy to feel embarrassed when faced with unexpected or complex conversations. But it’s okay to stop the discussion if you do not feel in control of it.

If you’ve taken all these steps and still feel uncomfortable or unsure about what you’re being asked, never hesitate to contact your bank or financial service provider on a number you trust, such as the one listed on their website or on the back of your payment card

Further advice to protect yourself from cyber scams can be found at “The Little Book of Cyber Scams” http://www.scotland.police.uk/assets/pdf/174967/the-little-book-of-cyber-scams?view=Standard

 

Other useful sites for advice include:

www.takefive-stopfraud.org.uk

www.getsafeonline.org

If you have been a victim of such a fraud or have information regarding such a fraud please contact Police Scotland on 101 or Crimestoppers on 0800 555 111

NCSC deals with 1,100 cyber attacks
10/19/2018 9:38:33 AM

The following has been circulated on behalf of the National Cyber Security Centre via the Scottish Government Cyber Resilience Team.

NCSC deals with 1,100 cyber attacks in first two years

 

On its second anniversary, the NCSC has revealed it has defended the UK from an average of more than 10 attacks per week

  • National Cyber Security Centre (NCSC) handled more than 10 attacks per week in first two years
  • NCSC believes hostile nation states behind majority of cyber incidents
  • Active Cyber Defence reduces UK’s share of visible global phishing attacks by more than half
  • NCSC’s flagship conference CYBERUK to be held in Glasgow in 2019

The National Cyber Security Centre (NCSC) has defended the UK from an average of more than 10 attacks per week, it has been revealed on their second anniversary.

The NCSC, a part of GCHQ, has now published its second annual review which highlights the sustained threat from hostile state actors and cyber criminals.

 

Since it became fully operational in 2016, the NCSC’s cyber security front line has helped to support with 1,167 cyber incidents – including 557 in the last 12 months. The report reveals the majority of attacks against the UK are carried out by hostile nation states.

 

The Annual Review gives unprecedented detail about the tactics used by the NCSC’s Incident Management team, who work behind the scenes to co-ordinate defences to support UK victims when attacks do get through.

For the first time, the NCSC is giving a glimpse into the work against the ongoing cyber threat in a podcast, “Behind the scenes of an incident”, which features interviews with a range of staff who defend the UK from cyber attacks.

 

The NCSC takes a proactive approach to securing the UK’s online defences. The pioneering Active Cyber Defence (ACD) initiative aims to protect the UK from high-volume commodity attacks that affect people’s everyday lives.

Since its launch, Active Cyber Defence (ACD) has reduced the UK’s share of visible global phishing attacks by more than half; from 5.3% to 2.4%. Between September 2017 and August 2018, the service has removed 138,398 phishing sites hosted in the UK.

 

Links to the key products on NCSC website are below:

 

Full report: https://www.ncsc.gov.uk/news/annual-review-2018

Press notice: https://www.ncsc.gov.uk/news/ncsc-deals-1100-cyber-attacks-first-two-years

Podcast: https://www.ncsc.gov.uk/incidents-podcast

Micro-site with digital version of report: https://www.ncsc.gov.uk/annual-review-2018

New Phishing scam
10/12/2018 6:29:16 PM
Here you can type the beginning of your post. It will be displayed on the main page of the blog.
TV LICENSING REFUND SCAM
10/10/2018 9:31:52 AM

TV LICENSING REFUND SCAM

Police have noted an increase in fake TV licensing refund scams. The email usually states that the refund cannot be processed due to “invalid account details”. Always question unsolicited requests for your personal or financial information in case it’s a scam. Never automatically click on a link in an unexpected email or text.

- Check the email contains your name – TV licensing will always include your name in any emails they send you.

- Check the email subject line - anything along the lines of "Action required", "Security Alert", "System Upgrade", "There is a secure message waiting for you", and so on, should be treated as suspect.

- Check the email address - does the email address look like one that TV Licensing use? For example donotreply@tvlicensing.co.uk. Look closely as often the address may be similar.

- Check for a change in style - often the scammers will take the real emails and amend them. Look out for changes in the wording used, especially if it seems too casual or familiar.

- Check for spelling and grammar - are there any spelling mistakes, missing full stops or other grammatical errors?

- Check the links go to the TV Licensing website - hover over the links in the email to see their destination and check the web address carefully. If you are not sure, go directly to the TV Licensing website.

- Never provide details by email - TV licensing will never ask you to reply to an email and provide bank details or personal information.

Doorstep Crime
10/10/2018 9:28:32 AM

DOORSTEP CRIME #whosatthedoor

Rogue traders usually cold-call, claiming to be workers offering to sell services, make repairs or carry out work on your house, garden or driveway. In reality they charge inflated prices for shoddy or unnecessary work.

We DO NOT recommend dealing with cold-callers for property maintenance and home repairs.

PHONE SCAM
10/5/2018 3:09:00 PM

POLICE WARNING – PHONE SCAM - DUMFRIES AND GALLOWAY

Officers in Dumfries and Galloway are warning members of the public to be on their guard against a telephone scam where victims are being contacted by fraudsters claiming to be from either their bank or from Police Scotland.

So far 2 people in the Newton Stewart and Stewartry area have contacted police after being duped by fraudsters into moving money from their account to another one provided to them by the scammer. On each occasion the caller claims there has been fraudulent activity on their account but that it may be a bank employee that is involved so not to go to the bank or the police about it.

The first call involved a 76 year old man who has now lost a four figure sum of money to the criminals.

The other was picked up by the bank before the victim lost out.
Enquiries are ongoing in relation to these incidents but officers are keen to make members of the public aware of these circumstances.

Constable Tom Dingwall, Castle Douglas Police Station, said:
“We are highlighting this scam so that people are aware of it. If you think you are receiving any suspicious calls, just hang up on the person. Unfortunately, those committing this type of fraud are quite innovative and use words and phrases which are likely to hook their victim. Our advice is, do not give out any personal information or bank details over the phone and always, stop, think and check with a friend, relative or neighbour before taking any action.”

Any victims of such crimes, or anyone with any concerns can contact their local police station via 101.

For further advice for keeping safe, please visit the personal safety page of our website, http://ow.ly/IwgD30m7aOe

6 items total

WelcomeDumfries and Galloway Neighbourhood Watch Information pagesBlogLinks