Fraud and scams
Royal Mail Scam
Victims receive an email claiming to be from Royal Mail. The subject header reads ‘Mail – lost / missing package’. The email asks the recipient to open an attachment to complete a document. This document contains malware.
Boiler Room Fraud
(or Investment Fraud) is the illegal and / or aggressive mis-selling of worthless, bogus or vastly overpriced stocks and shares.
Utility Bill Fraud
‘Cold-callers’ fraudulently offering discounted utility bills. Victims transfer their bill payment money to the caller’s account in order to receive the discount. The bill is paid by the criminal but later cancelled without the victim’s knowledge. The victim is unaware that the bill remains outstanding.
BUSINESS HIJACK AND IMPERSONATION
(CORPORATE IDENTITY FRAUD):
A fraudster impersonates a business (either a director or a key employee) to trick customers and suppliers into providing personal or sensitive information, which is used to defraud the business.
A fraudster submits false documents to Companies House to change the registered address of a business and / or appoint ‘rogue’ directors. Goods and services are then purchased on credit, sometimes through a reactivated dormant supplier account, but are never paid for.
CryptoLocker Ransomware - Targets all versions of Microsoft Windows. Once infected (usually by the victim opening an email attachment), CryptoLocker encrypts documents, photographs and spreadsheets then sends a ransom demand to decrypt the files.
A fake charity is created or an existing charity is compromised to play on a victim’s sympathy by asking them to make a donation to a worthy cause.
Targets the charities themselves, so approaches tend to be online. The fraudsters make applications for grants from other charities and funders.
Directory listing scam - A business receives a form offering free listing in a business directory. However, the small print states that by returning the form, the business is committing to an order and will pay for the ongoing entries in the directory.
Domain Renewal Notices - An invoice for the registration or renewal of a domain name is sent to a business. The domain name within the invoice may be similar to the business domain but with a different extension. The fraudster hopes the business does not spot the difference in domain name and pays the invoice.
Victims receive a phone call from someone claiming to be from the bank, the police or National Fraud Authority saying they have identified fraudulent transactions on their account. The caller advises that the bank card must be collected to protect the customer and assist in an investigation.
Pet Courier Scam
(Advanced fee fraud) - Victims see online adverts for the sale of pets on social networking sites. The pet is usually free but requires a courier. The fraudster asks for the transport costs to be paid in advance. The pet will not arrive.
Dial Through Fraud
Often achieved by dialling into a business’ internal telephone system and accessing their voicemail. They then set up a call divert to another number – usually an expensive, international destination.
Tech Support Phone Scams - The caller will offer to help solve computer problems or claim that software licensing is out-of-date. Once they have permission to access to the computer the fraudulent activity begins such as installing malware and directing the user to fraudulent websites.
Is the unauthorised use of a credit or debit card to purchase products or services in a non-face-to-face setting.
Fake social media profiles continue to grow. The opportunity to lure victims into a variety of online scams greatly increases if the fraudster can fool the victim into friending them on social media sites.
(Vishing) - Vishing is the criminal practice of using social engineering techniques over the telephone to gain access to private, personal and financial information. The fraudsters then attempt to ‘Phish’ financial information, which is then used to commit identity fraud.
Action Fraud Scam
Victims receive an email claiming to be from Action Fraud. The aim is to con previous fraud victims by claiming a suspect is in custody and a small payment (via Western Union) will ensure lost money is returned. Action Fraud will never ask for money from victims.
Malware which has infected approximately 1 million computers worldwide (15,000 UK computers). Gameover Zeus records key strokes, screen activity and activates webcams. The malware is spread by spam emails which appear to be from trusted organisations including HMRC and Companies House.
A new strain of malware has been discovered that encrypts data on Android smartphones and then demands payment to unlock it. Simplocker is a significantly weaker version of Cryptolocker, the widespread Microsoft Windows ransomware.
A padlock beside the web page Uniform Resource Locator (URL) represents a secure and encrypted web connection. A flaw in the software as discovered by cybercriminals, which left online transactions vulnerable during the time a website was under a cyber attack.
Software which can remotely control computers and webcams. The malware captures personal information, or takes photographs - which are then used for blackmail purposes.
HM Revenue & Customs (HMRC)
Tax credits claimants are being warned about phishing emails sent by fraudsters close to the renewal deadline
Visit www.hmrc.gov.uk/security for advice and forward suspicious emails to HMRC at email@example.com and then delete them
Procurement the process through which organisations buy goods and services. The process includes preparation and processing of a purchase as well as the end receipt and approval of payment. Employees must be trusted with certain procurement responsibilities, which can provide them with opportunities to commit fraud. Ensure only trusted employees have procurement responsibilities and all transactions are checked with another senior staff member.
When a victim is tricked into altering details of a direct debit, standing order or bank transfer mandate. The fraudster deceives the victim by claiming to be from a known supplier of the business.
Office Supply Fraud
Telemarketers trick employees into ordering and paying for stationery. The caller misleads an employee into believing an order for office supplies has already been placed. The business is then invoiced for unwanted stationery and expensive office supplies.
Genuine cheques are stolen, altered and presented or counterfeited and presented. Minimise the risk by ensuring blank spaces on cheques are crossed through with a pen; do not leave large spaces between words; if a new cheque book does not arrive as expected, contact the bank immediately; regularly check bank statements to keep track of cheque payments.
Fraudsters purchase goods and services online using stolen credit card details. When payments are accepted over the internet and processed, the business requests authorisation from the card issuer. However, this does not authenticate the customer as the genuine cardholder.
Justice.gov.uk Parking Fine Email
The email claims the victim’s vehicle was parked on someone’s property and they did not pay the parking charge. The email asks them to open an attachment which contains a virus.