SlideShare a Scribd company logo

November 2016 monthly threat update

Eddie Hirst MSc MSyl
Eddie Hirst MSc MSyl

#watchout #scam #OnlineShopping #UndeliveredItems #SocialMedia #Hacking #HMRCTextHack #banktransfers #Italy #Germany

Government & Nonprofit
1 of 7
Download to read offline
NOT PROTECTIVELY MARKED 1 | P a g e Monthly Fraud Threat Update September - November 2016 Copyright © City of London Police 2016 NFIB Disclaimer: While every effort is made to ensure the accuracy of the information or material contained in this Alert, it is provided in good faith on the basis that the Commissioner, the City of London Police and its police officers and staff accept no responsibility for the veracity or accuracy of the information or material provided and accept no liability for any loss, damage, cost or expense of whatever kind arising directly or indirectly from or in connection with the use by any person, whomsoever, of any information or material herein. The quality of the information and material contained in this document is only as good as the information and materials supplied to the City of London Police. Should you or your police force hold information, which corroborates, enhances or matches or contradicts or casts doubt upon any content published in this Alert, please contact the City of London Police NFIB by return. Any use of the information or other material contained in this document by you signifies agreement by you to these conditions.
NOT PROTECTIVELY MARKED 2 | P a g e Key Judgements: Impact on Individuals:  Vishing calls  Account takeovers  Binary Options  Trading Software  Job application fraud  Dating Fraud Victim Loan  Smart Phone – ‘Lost Mode’ Hack  Armada Collective: DDoS & Extortion Hacking Group Impact on Enterprise:  Distribution Fraud Cross Cutting Themes:  Online Shopping – contact outside of the platform  Online Shopping – Undelivered Items  Delivery of Empty Boxes  Social Media Hacking  NHS Tax Reclaim  HMRC Text Hack  Increase in bank transfers to Italy and Germany
NOT PROTECTIVELY MARKED 3 | P a g e Introduction This monthly threat update will provide an overview of the trends affecting individuals and enterprise as reported to Action Fraud. This report incorporates an assessment of information received during the period 1st August – 31st October 2016. We welcome your feedback so that we can shape future reports to your needs. Banking & Corporate Fraud Account Takeovers (August 2016) Bank customers have been contacted by fraudsters via text message. The message asked the customers to dial 0345 956 9685 in order to reset their telephone banking details as there had been a technical issue with their account, which had caused their account to be blocked. If the customers dial that number and follow the instructions, their details are captured by the fraudsters. Subsequently this enables the fraudsters to call the bank pretending to be the genuine customer and carry out transactions. Distribution Fraud (October 2016) A UK supply business is contacted via email by the fraudster purporting to be from an establishment/company requesting a quote for goods to be provided on a credit basis. If this is approved the order is made and items are subsequently delivered to serviced offices or warehouses all over the UK from where they would be dispatched elsewhere; sometimes to privately rented storage locations as reports have also been received from companies that have been storing items for the fraudsters and have not been paid. Suspects will use email addresses very similar to that of a legitimate establishment’s address, just adding a digit, or an ‘m’ instead of ‘nn’. In addition, any mobile telephone numbers given are likely to be VOIP (often starting with 070) and therefore hard to trace. Investment Fraud Binary Options (August 2016) Binary Options fraud continues to be a problem, with one victim losing over £520,000 this month. No money is ever recovered and it is believed that the trades never take place. The fraudulent companies purport to be based in the UK (mainly London), however it is believed that they have no physical presence here. In one report the victim was advised by staff at the binary options company what to say to bank staff in order to secure a loan (i.e. how much they earned/what the money was for) that was then transferred to the suspect company. Trading Software (September 2016) Suspects persuade the victim to purchase trading software for a small fee, in the form of a DVD which installs programmes on a desktop purporting to be linked to the London stock market. The promotional campaign offers a quick win within a 6 or 12 month period and if the victim encounters a loss, they are promised a full refund for their total outlay, paid via bank transfer. Victims find that they do not win and they cannot re-claim the money promised. This is a similar method to binary options fraud.
NOT PROTECTIVELY MARKED 4 | P a g e Mass Marketing Fraud Job Application Fraud (August 2016) The NFIB has received reports relating to job application fraud. This is the re-emergence of a trend noted in April 2016. Victims are contacted and told that they have a job and that they need to pay a fee for related vetting / training for their employment. The victim pays the fee and the job does not exist. The NFIB issued an alert for this in May 2016. Dating Fraud Victim Loan (September 2016) The suspect(s) uses their relationship with the victim to obtain their personal and financial details and then applies for a loan in the victim’s name. The suspect then uses a variety of stories to convince the victim that the money which has appeared in their bank account has come from the suspect and it needs to be transferred to the account of a UK based company (mainly involved in recycling textiles and pharmaceuticals). Vishing Calls (October 2016) The NFIB has seen reports where victims receive a call purporting to be from a media broadcasting company stating that a refund was due to the victim, possibly linked to their ‘viewing card’. The victim later receives a call purporting to be from their bank saying that there has been unusual activity on their account and asks for sensitive details. This ‘verification call’ from the bank may be repeated to obtain more details. Ultimately the aim of the suspect appears to be convincing the victim to transfer their money to a temporary ‘safe’ account that the suspect nominates. Volume Fraud Social Media Hacking (August 2016) The NFIB have identified reports where fraudsters are targeting social media account users, by hacking their accounts then messaging the social media account user’s friends, asking them to accept a PayPal credit on their behalf. Those who agree to accept the credit are then asked to transfer the amount to another account controlled by the suspect. Later the credit is disputed as goods were not delivered and refunded by PayPal, leaving the account holder with a financial loss. NHS Tax Reclaim (September 2016) The suspects advertised to NHS staff stating that they can claim a tax rebate from HMRC, which is a legitimate claim. The victims pass over all of their identity documents and give permission for the company to request the rebate on their behalf. The company claims the rebate from HMRC and receive the entire amount, purporting to only take a fee before passing the remaining amount to the victim. This does not happen and the company keeps the entirety of the tax rebate. Online Shopping – Contact Outside of the Platform (October 2016) Victims order through an online shopping platform, only for the order to be cancelled by the suspect company and a spoofed email is sent requesting an international bank transfer to Italy and Germany. It was also identified that victims have been asked to purchase goods by paying with Gift cards. The ordered items are not delivered. Online Shopping – Undelivered Items (October 2016) Victims attempting to purchase goods online pay through normal services and then receive notification of delivery. The delivery has been signed for by an unknown individual. In many instances the victim has reported that they were in at the time of delivery but did not receive any knock on the door or the victim had other items delivered but some were missing and had been signed for by an unknown individual. Online shopping companies have requested that the victims report the instances to police but have refused to provide refunds as the goods had been signed for.
NOT PROTECTIVELY MARKED 5 | P a g e Delivery of Empty Boxes (October 2016) The victims order an item online or have an item ordered for them by the suspect. The victim ordering an item will receive a box with items which is not what they ordered. In one instance, the victim was ordering a TV and received a catalogue. For a seller, the suspect purchases the item and then purports that there was something wrong with the item and requests a refund. The item is sent back to the seller but the item returned is not what was ordered. In many instances the victim who has received an empty box or incorrect items does not receive a replacement. Cyber Smart Phone ‘Lost Mode’ Hack (August 2016) The NFIB has seen an increase in reports that smart phone users are being locked out of their handsets, which are being remotely placed in ‘Lost Mode’. A ransom requests appears, usually displayed in Russian, and provides Gmail addresses to contact about the ransom (usually the equivalent of £15 - £40). Armada Collective: DDoS & Extortion Hacking Group (September 2016) A number of reports have been received whereby victims have been sent emails stating that if they do not pay a fee (normally 1btc / £454 begin with and rising to 20btc’s / £10,000) their business will be targeted with a DDoS attack. Open source information suggests that no business has actually been taken offline by the Armada Collective – instead it appears they use the threat of the DDoS attack as a type of protection racket with victims paying the extortion fee. Copycat extortionists are believed to be emailing businesses claiming to be the Armada Collective in addition to this. HMRC Text Hack (September 2016) Victims receive a text message stating they are due a tax rebate – the text contains a link to a website requesting personal banking information. Some victims receive a pre-recorded voice call from someone claiming to be from HMRC asking them to call back. It is not known if the texts and pre-recorded messages are linked. Money Laundering The Rise of Financial Technology (FinTech) Companies (September 2016) The rise of FinTech companies and the implementation of the Payment Account Directive (PAD) will have an impact on economic crime as a whole. In order to boost competition within the UK, the financial services regulator has relaxed rules and cut red tape for new financial institutions, making it easier to become a bank. Whilst it has taken some time for applications to be approved by the ‘New Bank Start-up Unit’, new financial institutions are now entering the market. They are all trying to compete and take market share away from the well-established financial services that currently exist, by exploiting new technologies and appealing to a new generation of mobile customers that never enter a physical branch.
NOT PROTECTIVELY MARKED 6 | P a g e Payment Account Directive (PAD) The PAD was implemented in the UK on 18th September 2016. The aim was to improve transparency and comparability of fee information for payment accounts (including current accounts), help people to switch accounts and ensure every EU resident has access to a basic bank account. The PAD has also enabled the opening of UK basic bank accounts without needing a UK residency, leaving financial services without the ability to perform sufficient identification, verification, Know Your Customer (KYC) and Anti-Money Laundering (AML) checks. The PAD has also removed the ability to close an account on the ‘suspicion’ of financial crime. It states that only one basic bank account can be opened, but there is nothing in place to monitor or manage this. The opening of UK bank accounts from a country in European Economic Area without sufficient due diligence could result in an increase in fraudsters or money launderers using these accounts for criminal purposes. Glossary of Terms Ransomware This is a form of malware that attacks your computer, locking you out and demanding payment in the form of a ‘fine’ to have it unlocked. The warning page distributed by the fraudsters, typically uses logos from both the Metropolitan Police and the Police Central Crime e-Crime Unit (PCEU) to make it look more like an official warning notice. Spoofing Fraudsters typically clone the telephone number of the organisation they want to impersonate and then make it appear on the victim’s caller ID display when they telephone them on a landline. The fraudsters will then gain the person’s trust by highlighting the number to them, claiming that this is proof of their identity, before trying to defraud them in various ways. DDoS Attack Distributed Denial of Service (DDoC) attack is where multiple compromised or infected systems flood a targeted system – usually a system of web services. This is often to bring down an organisation’s website. DDoS with Extortion The same as the above, however the suspect will normally email the victim to advise that an attack in about to begin and to prevent the attack the victim needs to pay a sum of money.
NOT PROTECTIVELY MARKED 7 | P a g e Handling Instructions This report may be circulated in accordance with the protective security marking shown below and caveats included within the report. The information contained in this report is supplied by the City of London Police in confidence and may not be shared other than with the agreed readership/handling code without prior reference to the City of London Police. Onward disclosure without prior authority may be unlawful, for example, under the Data Protection Act 1998. The cover sheets must not be detached from the report to which they refer. Protective Marking: NOT PROTECTIVELY MARKED FOIA Exemption: NO Suitable for Publication Scheme: NO Version: FINAL Storage File Location: Purpose: Provide an overview of key themes affecting individuals and enterprise. The information contained within this report has been based upon content within Action Fraud reports which have not been verified as true and accurate accounts. Owner: NFIB Author: Analyst Review By: Senior Analyst, 88071e

Recommended

ID Theft Prevention
ID Theft PreventionID Theft Prevention
ID Theft PreventionOremDPS
 
RDrew Identity Theft -- What to Do
RDrew Identity Theft -- What to DoRDrew Identity Theft -- What to Do
RDrew Identity Theft -- What to Do
Ron Drew
 
New Utility Scam: Alert from David Lerner Associates
New Utility Scam: Alert from David Lerner AssociatesNew Utility Scam: Alert from David Lerner Associates
New Utility Scam: Alert from David Lerner Associates
David Lerner Associates
 
DONCEAP - May - About Identity Theft
DONCEAP - May - About Identity TheftDONCEAP - May - About Identity Theft
DONCEAP - May - About Identity Theft
Norfolk Naval Shipyard
 
Academic Certificates
Academic CertificatesAcademic Certificates
Academic CertificatesMahmud TH Khan
 
Engaging Content Marketing: A Strategy You Can Stick To
Engaging Content Marketing: A Strategy You Can Stick ToEngaging Content Marketing: A Strategy You Can Stick To
Engaging Content Marketing: A Strategy You Can Stick To
Marketo
 
Android
AndroidAndroid
Android
Srikrishna k
 
Christmas presentation 16 dec 2012 @12am
Christmas presentation 16 dec 2012 @12amChristmas presentation 16 dec 2012 @12am
Christmas presentation 16 dec 2012 @12amAngie Choong
 

Recommended

ID Theft Prevention
ID Theft PreventionID Theft Prevention
ID Theft PreventionOremDPS
 
RDrew Identity Theft -- What to Do
RDrew Identity Theft -- What to DoRDrew Identity Theft -- What to Do
RDrew Identity Theft -- What to Do
Ron Drew
 
New Utility Scam: Alert from David Lerner Associates
New Utility Scam: Alert from David Lerner AssociatesNew Utility Scam: Alert from David Lerner Associates
New Utility Scam: Alert from David Lerner Associates
David Lerner Associates
 
DONCEAP - May - About Identity Theft
DONCEAP - May - About Identity TheftDONCEAP - May - About Identity Theft
DONCEAP - May - About Identity Theft
Norfolk Naval Shipyard
 
Academic Certificates
Academic CertificatesAcademic Certificates
Academic CertificatesMahmud TH Khan
 
Engaging Content Marketing: A Strategy You Can Stick To
Engaging Content Marketing: A Strategy You Can Stick ToEngaging Content Marketing: A Strategy You Can Stick To
Engaging Content Marketing: A Strategy You Can Stick To
Marketo
 
Android
AndroidAndroid
Android
Srikrishna k
 
Christmas presentation 16 dec 2012 @12am
Christmas presentation 16 dec 2012 @12amChristmas presentation 16 dec 2012 @12am
Christmas presentation 16 dec 2012 @12amAngie Choong
 
Key Takeaways from #FlipMyFunnel
Key Takeaways from #FlipMyFunnelKey Takeaways from #FlipMyFunnel
Key Takeaways from #FlipMyFunnel
#FlipMyFunnel
 
Discapacidad intelectual
Discapacidad intelectualDiscapacidad intelectual
Discapacidad intelectual
enayda mamani
 
Alliance boots
Alliance boots Alliance boots
Alliance boots
lisset147809
 
Resumen enayda ing
Resumen enayda ingResumen enayda ing
Resumen enayda ing
enayda mamani
 
Print is Not Dead: The Power of Multi-Channel Marketing
Print is Not Dead: The Power of Multi-Channel MarketingPrint is Not Dead: The Power of Multi-Channel Marketing
Print is Not Dead: The Power of Multi-Channel Marketing
Marketo
 
TECRM 20 Presentation
TECRM 20 PresentationTECRM 20 Presentation
TECRM 20 PresentationAhmed Salman
 
Seminario empreendedorismo
Seminario empreendedorismoSeminario empreendedorismo
Seminario empreendedorismo
Ezio Oliveira
 
Selling Content to the C-Suite: You Have to Find Your Window
Selling Content to the C-Suite: You Have to Find Your WindowSelling Content to the C-Suite: You Have to Find Your Window
Selling Content to the C-Suite: You Have to Find Your Window
Uberflip
 
How to Test and Optimize Your Lead Nurturing Strategy
How to Test and Optimize Your Lead Nurturing StrategyHow to Test and Optimize Your Lead Nurturing Strategy
How to Test and Optimize Your Lead Nurturing Strategy
Marketo
 
docker build with Ansible
docker build with Ansibledocker build with Ansible
docker build with Ansible
Bas Meijer
 
'Scalable Logging and Analytics with LogStash'
'Scalable Logging and Analytics with LogStash''Scalable Logging and Analytics with LogStash'
'Scalable Logging and Analytics with LogStash'
Cloud Elements
 
ApacheCon-Flume-Kafka-2016
ApacheCon-Flume-Kafka-2016ApacheCon-Flume-Kafka-2016
ApacheCon-Flume-Kafka-2016Jayesh Thakrar
 
Introduction to design pattern
Introduction to design patternIntroduction to design pattern
Introduction to design pattern
Reza Rahimy
 
5 vital PROCESSES & TOOLS for our STARTUP
5 vital PROCESSES & TOOLS for our STARTUP5 vital PROCESSES & TOOLS for our STARTUP
5 vital PROCESSES & TOOLS for our STARTUP
Floown
 
Armour Intelligence: Actionable Intelligence explained
Armour Intelligence: Actionable Intelligence explainedArmour Intelligence: Actionable Intelligence explained
Armour Intelligence: Actionable Intelligence explained
Helena Martin
 
Identity Theft: Protecting & Restoring Your Good Name
Identity Theft: Protecting & Restoring Your Good NameIdentity Theft: Protecting & Restoring Your Good Name
Identity Theft: Protecting & Restoring Your Good Name
Springboard
 
Identity Theft Prevention
Identity Theft PreventionIdentity Theft Prevention
Identity Theft Prevention
Springboard
 
Identity Theft
Identity Theft Identity Theft
Identity Theft
Jonathon Much, ChFC®, AIF®
 
Louise hunt.com-faceless fraudsters 5 helpful tips (1)
Louise hunt.com-faceless fraudsters 5 helpful tips (1)Louise hunt.com-faceless fraudsters 5 helpful tips (1)
Louise hunt.com-faceless fraudsters 5 helpful tips (1)
Louise Hunt
 
Holiday Season Fraud Forecast
Holiday Season Fraud ForecastHoliday Season Fraud Forecast
Holiday Season Fraud Forecast
Zachary Shaw
 
How to Protect your SIN
How to Protect your SINHow to Protect your SIN
How to Protect your SIN
EmilyMoar
 
Resolving Consumer Identity Theft for Foster Youth 2013 Edition
Resolving Consumer Identity Theft for Foster Youth 2013 EditionResolving Consumer Identity Theft for Foster Youth 2013 Edition
Resolving Consumer Identity Theft for Foster Youth 2013 Edition
- Mark - Fullbright
 

More Related Content

Viewers also liked

Key Takeaways from #FlipMyFunnel
Key Takeaways from #FlipMyFunnelKey Takeaways from #FlipMyFunnel
Key Takeaways from #FlipMyFunnel
#FlipMyFunnel
 
Discapacidad intelectual
Discapacidad intelectualDiscapacidad intelectual
Discapacidad intelectual
enayda mamani
 
Alliance boots
Alliance boots Alliance boots
Alliance boots
lisset147809
 
Resumen enayda ing
Resumen enayda ingResumen enayda ing
Resumen enayda ing
enayda mamani
 
Print is Not Dead: The Power of Multi-Channel Marketing
Print is Not Dead: The Power of Multi-Channel MarketingPrint is Not Dead: The Power of Multi-Channel Marketing
Print is Not Dead: The Power of Multi-Channel Marketing
Marketo
 
TECRM 20 Presentation
TECRM 20 PresentationTECRM 20 Presentation
TECRM 20 PresentationAhmed Salman
 
Seminario empreendedorismo
Seminario empreendedorismoSeminario empreendedorismo
Seminario empreendedorismo
Ezio Oliveira
 
Selling Content to the C-Suite: You Have to Find Your Window
Selling Content to the C-Suite: You Have to Find Your WindowSelling Content to the C-Suite: You Have to Find Your Window
Selling Content to the C-Suite: You Have to Find Your Window
Uberflip
 
How to Test and Optimize Your Lead Nurturing Strategy
How to Test and Optimize Your Lead Nurturing StrategyHow to Test and Optimize Your Lead Nurturing Strategy
How to Test and Optimize Your Lead Nurturing Strategy
Marketo
 
docker build with Ansible
docker build with Ansibledocker build with Ansible
docker build with Ansible
Bas Meijer
 
'Scalable Logging and Analytics with LogStash'
'Scalable Logging and Analytics with LogStash''Scalable Logging and Analytics with LogStash'
'Scalable Logging and Analytics with LogStash'
Cloud Elements
 
ApacheCon-Flume-Kafka-2016
ApacheCon-Flume-Kafka-2016ApacheCon-Flume-Kafka-2016
ApacheCon-Flume-Kafka-2016Jayesh Thakrar
 
Introduction to design pattern
Introduction to design patternIntroduction to design pattern
Introduction to design pattern
Reza Rahimy
 
5 vital PROCESSES & TOOLS for our STARTUP
5 vital PROCESSES & TOOLS for our STARTUP5 vital PROCESSES & TOOLS for our STARTUP
5 vital PROCESSES & TOOLS for our STARTUP
Floown
 

Viewers also liked (14)

Key Takeaways from #FlipMyFunnel
Key Takeaways from #FlipMyFunnelKey Takeaways from #FlipMyFunnel
Key Takeaways from #FlipMyFunnel
 
Discapacidad intelectual
Discapacidad intelectualDiscapacidad intelectual
Discapacidad intelectual
 
Alliance boots
Alliance boots Alliance boots
Alliance boots
 
Resumen enayda ing
Resumen enayda ingResumen enayda ing
Resumen enayda ing
 
Print is Not Dead: The Power of Multi-Channel Marketing
Print is Not Dead: The Power of Multi-Channel MarketingPrint is Not Dead: The Power of Multi-Channel Marketing
Print is Not Dead: The Power of Multi-Channel Marketing
 
TECRM 20 Presentation
TECRM 20 PresentationTECRM 20 Presentation
TECRM 20 Presentation
 
Seminario empreendedorismo
Seminario empreendedorismoSeminario empreendedorismo
Seminario empreendedorismo
 
Selling Content to the C-Suite: You Have to Find Your Window
Selling Content to the C-Suite: You Have to Find Your WindowSelling Content to the C-Suite: You Have to Find Your Window
Selling Content to the C-Suite: You Have to Find Your Window
 
How to Test and Optimize Your Lead Nurturing Strategy
How to Test and Optimize Your Lead Nurturing StrategyHow to Test and Optimize Your Lead Nurturing Strategy
How to Test and Optimize Your Lead Nurturing Strategy
 
docker build with Ansible
docker build with Ansibledocker build with Ansible
docker build with Ansible
 
'Scalable Logging and Analytics with LogStash'
'Scalable Logging and Analytics with LogStash''Scalable Logging and Analytics with LogStash'
'Scalable Logging and Analytics with LogStash'
 
ApacheCon-Flume-Kafka-2016
ApacheCon-Flume-Kafka-2016ApacheCon-Flume-Kafka-2016
ApacheCon-Flume-Kafka-2016
 
Introduction to design pattern
Introduction to design patternIntroduction to design pattern
Introduction to design pattern
 
5 vital PROCESSES & TOOLS for our STARTUP
5 vital PROCESSES & TOOLS for our STARTUP5 vital PROCESSES & TOOLS for our STARTUP
5 vital PROCESSES & TOOLS for our STARTUP
 

Similar to November 2016 monthly threat update

Armour Intelligence: Actionable Intelligence explained
Armour Intelligence: Actionable Intelligence explainedArmour Intelligence: Actionable Intelligence explained
Armour Intelligence: Actionable Intelligence explained
Helena Martin
 
Identity Theft: Protecting & Restoring Your Good Name
Identity Theft: Protecting & Restoring Your Good NameIdentity Theft: Protecting & Restoring Your Good Name
Identity Theft: Protecting & Restoring Your Good Name
Springboard
 
Identity Theft Prevention
Identity Theft PreventionIdentity Theft Prevention
Identity Theft Prevention
Springboard
 
Identity Theft
Identity Theft Identity Theft
Identity Theft
Jonathon Much, ChFC®, AIF®
 
Louise hunt.com-faceless fraudsters 5 helpful tips (1)
Louise hunt.com-faceless fraudsters 5 helpful tips (1)Louise hunt.com-faceless fraudsters 5 helpful tips (1)
Louise hunt.com-faceless fraudsters 5 helpful tips (1)
Louise Hunt
 
Holiday Season Fraud Forecast
Holiday Season Fraud ForecastHoliday Season Fraud Forecast
Holiday Season Fraud Forecast
Zachary Shaw
 
How to Protect your SIN
How to Protect your SINHow to Protect your SIN
How to Protect your SIN
EmilyMoar
 
Resolving Consumer Identity Theft for Foster Youth 2013 Edition
Resolving Consumer Identity Theft for Foster Youth 2013 EditionResolving Consumer Identity Theft for Foster Youth 2013 Edition
Resolving Consumer Identity Theft for Foster Youth 2013 Edition
- Mark - Fullbright
 
Fraudulent bank wiring
Fraudulent bank wiringFraudulent bank wiring
Fraudulent bank wiring
GM CENTURY 21 AllPoints Reatly Connecticut
 
Training for Bank Employees
Training for Bank EmployeesTraining for Bank Employees
Training for Bank Employees
- Mark - Fullbright
 
cian A lottery scam
cian A lottery scamcian A lottery scam
cian A lottery scam
pussyclaat
 
Special Report for Retail Businesses on IDENTITY THEFT - ca
Special Report for Retail Businesses on IDENTITY THEFT - caSpecial Report for Retail Businesses on IDENTITY THEFT - ca
Special Report for Retail Businesses on IDENTITY THEFT - ca
- Mark - Fullbright
 
Training for Child Court Appointed Advocates
Training for Child Court Appointed AdvocatesTraining for Child Court Appointed Advocates
Training for Child Court Appointed Advocates
- Mark - Fullbright
 
(2nd edition) tellows magazine
(2nd edition) tellows magazine(2nd edition) tellows magazine
(2nd edition) tellows magazine
tellows
 
Medical Identity Theft Response Checklist for Consumers
Medical Identity Theft Response Checklist for ConsumersMedical Identity Theft Response Checklist for Consumers
Medical Identity Theft Response Checklist for Consumers
- Mark - Fullbright
 
Identity Theft and Phishing - Canadian Resource Centre for Victims
Identity Theft and Phishing - Canadian Resource Centre for VictimsIdentity Theft and Phishing - Canadian Resource Centre for Victims
Identity Theft and Phishing - Canadian Resource Centre for Victims
- Mark - Fullbright
 
BBB Market Monitor: August 2018
BBB Market Monitor: August 2018BBB Market Monitor: August 2018
BBB Market Monitor: August 2018
Better Business Bureau Serving Greater Cleveland
 
25 Internet Crimes
25 Internet Crimes25 Internet Crimes
25 Internet Crimes
Daily 10 Minutes
 
Running head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1 .docx
Running head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1 .docxRunning head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1 .docx
Running head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1 .docx
wlynn1
 

Similar to November 2016 monthly threat update (20)

Armour Intelligence: Actionable Intelligence explained
Armour Intelligence: Actionable Intelligence explainedArmour Intelligence: Actionable Intelligence explained
Armour Intelligence: Actionable Intelligence explained
 
Identity Theft: Protecting & Restoring Your Good Name
Identity Theft: Protecting & Restoring Your Good NameIdentity Theft: Protecting & Restoring Your Good Name
Identity Theft: Protecting & Restoring Your Good Name
 
Identity Theft Prevention
Identity Theft PreventionIdentity Theft Prevention
Identity Theft Prevention
 
Identity Theft
Identity Theft Identity Theft
Identity Theft
 
Louise hunt.com-faceless fraudsters 5 helpful tips (1)
Louise hunt.com-faceless fraudsters 5 helpful tips (1)Louise hunt.com-faceless fraudsters 5 helpful tips (1)
Louise hunt.com-faceless fraudsters 5 helpful tips (1)
 
Holiday Season Fraud Forecast
Holiday Season Fraud ForecastHoliday Season Fraud Forecast
Holiday Season Fraud Forecast
 
How to Protect your SIN
How to Protect your SINHow to Protect your SIN
How to Protect your SIN
 
Resolving Consumer Identity Theft for Foster Youth 2013 Edition
Resolving Consumer Identity Theft for Foster Youth 2013 EditionResolving Consumer Identity Theft for Foster Youth 2013 Edition
Resolving Consumer Identity Theft for Foster Youth 2013 Edition
 
Fraudulent bank wiring
Fraudulent bank wiringFraudulent bank wiring
Fraudulent bank wiring
 
Training for Bank Employees
Training for Bank EmployeesTraining for Bank Employees
Training for Bank Employees
 
cian A lottery scam
cian A lottery scamcian A lottery scam
cian A lottery scam
 
Special Report for Retail Businesses on IDENTITY THEFT - ca
Special Report for Retail Businesses on IDENTITY THEFT - caSpecial Report for Retail Businesses on IDENTITY THEFT - ca
Special Report for Retail Businesses on IDENTITY THEFT - ca
 
Training for Child Court Appointed Advocates
Training for Child Court Appointed AdvocatesTraining for Child Court Appointed Advocates
Training for Child Court Appointed Advocates
 
(2nd edition) tellows magazine
(2nd edition) tellows magazine(2nd edition) tellows magazine
(2nd edition) tellows magazine
 
Medical Identity Theft Response Checklist for Consumers
Medical Identity Theft Response Checklist for ConsumersMedical Identity Theft Response Checklist for Consumers
Medical Identity Theft Response Checklist for Consumers
 
Identity Theft and Phishing - Canadian Resource Centre for Victims
Identity Theft and Phishing - Canadian Resource Centre for VictimsIdentity Theft and Phishing - Canadian Resource Centre for Victims
Identity Theft and Phishing - Canadian Resource Centre for Victims
 
Identity Theft
Identity TheftIdentity Theft
Identity Theft
 
BBB Market Monitor: August 2018
BBB Market Monitor: August 2018BBB Market Monitor: August 2018
BBB Market Monitor: August 2018
 
25 Internet Crimes
25 Internet Crimes25 Internet Crimes
25 Internet Crimes
 
Running head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1 .docx
Running head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1 .docxRunning head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1 .docx
Running head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1 .docx
 

More from Eddie Hirst MSc MSyl

'The Fastest 50'
'The Fastest 50' 'The Fastest 50'
'The Fastest 50'
Eddie Hirst MSc MSyl
 
Rehene security aquisition
Rehene security aquisitionRehene security aquisition
Rehene security aquisition
Eddie Hirst MSc MSyl
 
Little book of cyber scams
Little book of cyber scamsLittle book of cyber scams
Little book of cyber scams
Eddie Hirst MSc MSyl
 
Guidance for enhancing security posture #counter #terrorism
Guidance for enhancing security posture #counter #terrorismGuidance for enhancing security posture #counter #terrorism
Guidance for enhancing security posture #counter #terrorism
Eddie Hirst MSc MSyl
 
How to shop online safely
How to shop online safelyHow to shop online safely
How to shop online safely
Eddie Hirst MSc MSyl
 
Greater manchester police phishing email alert
Greater manchester police phishing email alertGreater manchester police phishing email alert
Greater manchester police phishing email alert
Eddie Hirst MSc MSyl
 
144 buying lone_worker_service
144 buying lone_worker_service144 buying lone_worker_service
144 buying lone_worker_service
Eddie Hirst MSc MSyl
 
Terrorist tools, firearms, Counter Terrorism Awareness Week 14' #StaySafe
Terrorist tools, firearms, Counter Terrorism Awareness Week 14' #StaySafeTerrorist tools, firearms, Counter Terrorism Awareness Week 14' #StaySafe
Terrorist tools, firearms, Counter Terrorism Awareness Week 14' #StaySafe
Eddie Hirst MSc MSyl
 

More from Eddie Hirst MSc MSyl (8)

'The Fastest 50'
'The Fastest 50' 'The Fastest 50'
'The Fastest 50'
 
Rehene security aquisition
Rehene security aquisitionRehene security aquisition
Rehene security aquisition
 
Little book of cyber scams
Little book of cyber scamsLittle book of cyber scams
Little book of cyber scams
 
Guidance for enhancing security posture #counter #terrorism
Guidance for enhancing security posture #counter #terrorismGuidance for enhancing security posture #counter #terrorism
Guidance for enhancing security posture #counter #terrorism
 
How to shop online safely
How to shop online safelyHow to shop online safely
How to shop online safely
 
Greater manchester police phishing email alert
Greater manchester police phishing email alertGreater manchester police phishing email alert
Greater manchester police phishing email alert
 
144 buying lone_worker_service
144 buying lone_worker_service144 buying lone_worker_service
144 buying lone_worker_service
 
Terrorist tools, firearms, Counter Terrorism Awareness Week 14' #StaySafe
Terrorist tools, firearms, Counter Terrorism Awareness Week 14' #StaySafeTerrorist tools, firearms, Counter Terrorism Awareness Week 14' #StaySafe
Terrorist tools, firearms, Counter Terrorism Awareness Week 14' #StaySafe
 

Recently uploaded

如何办理(uoit毕业证书)加拿大安大略理工大学毕业证文凭证书录取通知原版一模一样
如何办理(uoit毕业证书)加拿大安大略理工大学毕业证文凭证书录取通知原版一模一样如何办理(uoit毕业证书)加拿大安大略理工大学毕业证文凭证书录取通知原版一模一样
如何办理(uoit毕业证书)加拿大安大略理工大学毕业证文凭证书录取通知原版一模一样
850fcj96
 
Get Government Grants and Assistance Program
Get Government Grants and Assistance ProgramGet Government Grants and Assistance Program
Get Government Grants and Assistance Program
Get Government Grants
 
2024: The FAR - Federal Acquisition Regulations, Part 38
2024: The FAR - Federal Acquisition Regulations, Part 382024: The FAR - Federal Acquisition Regulations, Part 38
2024: The FAR - Federal Acquisition Regulations, Part 38
JSchaus & Associates
 
Russian anarchist and anti-war movement in the third year of full-scale war
Russian anarchist and anti-war movement in the third year of full-scale warRussian anarchist and anti-war movement in the third year of full-scale war
Russian anarchist and anti-war movement in the third year of full-scale war
Antti Rautiainen
 
一比一原版(Adelaide毕业证)阿德莱德大学毕业证成绩单
一比一原版(Adelaide毕业证)阿德莱德大学毕业证成绩单一比一原版(Adelaide毕业证)阿德莱德大学毕业证成绩单
一比一原版(Adelaide毕业证)阿德莱德大学毕业证成绩单
ehbuaw
 
2024: The FAR - Federal Acquisition Regulations, Part 37
2024: The FAR - Federal Acquisition Regulations, Part 372024: The FAR - Federal Acquisition Regulations, Part 37
2024: The FAR - Federal Acquisition Regulations, Part 37
JSchaus & Associates
 
Effects of Extreme Temperatures From Climate Change on the Medicare Populatio...
Effects of Extreme Temperatures From Climate Change on the Medicare Populatio...Effects of Extreme Temperatures From Climate Change on the Medicare Populatio...
Effects of Extreme Temperatures From Climate Change on the Medicare Populatio...
Congressional Budget Office
 
State crafting: Changes and challenges for managing the public finances
State crafting: Changes and challenges for managing the public financesState crafting: Changes and challenges for managing the public finances
State crafting: Changes and challenges for managing the public finances
ResolutionFoundation
 
The Role of a Process Server in real estate
The Role of a Process Server in real estateThe Role of a Process Server in real estate
The Role of a Process Server in real estate
oklahomajudicialproc1
 
Uniform Guidance 3.0 - The New 2 CFR 200
Uniform Guidance 3.0 - The New 2 CFR 200Uniform Guidance 3.0 - The New 2 CFR 200
Uniform Guidance 3.0 - The New 2 CFR 200
GrantManagementInsti
 
Transit-Oriented Development Study Working Group Meeting
Transit-Oriented Development Study Working Group MeetingTransit-Oriented Development Study Working Group Meeting
Transit-Oriented Development Study Working Group Meeting
Cuyahoga County Planning Commission
 
快速制作(ocad毕业证书)加拿大安大略艺术设计学院毕业证本科学历雅思成绩单原版一模一样
快速制作(ocad毕业证书)加拿大安大略艺术设计学院毕业证本科学历雅思成绩单原版一模一样快速制作(ocad毕业证书)加拿大安大略艺术设计学院毕业证本科学历雅思成绩单原版一模一样
快速制作(ocad毕业证书)加拿大安大略艺术设计学院毕业证本科学历雅思成绩单原版一模一样
850fcj96
 
PNRR MADRID GREENTECH FOR BROWN NETWORKS NETWORKS MUR_MUSA_TEBALDI.pdf
PNRR MADRID GREENTECH FOR BROWN NETWORKS NETWORKS MUR_MUSA_TEBALDI.pdfPNRR MADRID GREENTECH FOR BROWN NETWORKS NETWORKS MUR_MUSA_TEBALDI.pdf
PNRR MADRID GREENTECH FOR BROWN NETWORKS NETWORKS MUR_MUSA_TEBALDI.pdf
ClaudioTebaldi2
 
MHM Roundtable Slide Deck WHA Side-event May 28 2024.pptx
MHM Roundtable Slide Deck WHA Side-event May 28 2024.pptxMHM Roundtable Slide Deck WHA Side-event May 28 2024.pptx
MHM Roundtable Slide Deck WHA Side-event May 28 2024.pptx
ILC- UK
 
ZGB - The Role of Generative AI in Government transformation.pdf
ZGB - The Role of Generative AI in Government transformation.pdfZGB - The Role of Generative AI in Government transformation.pdf
ZGB - The Role of Generative AI in Government transformation.pdf
Saeed Al Dhaheri
 
NHAI_Under_Implementation_01-05-2024.pdf
NHAI_Under_Implementation_01-05-2024.pdfNHAI_Under_Implementation_01-05-2024.pdf
NHAI_Under_Implementation_01-05-2024.pdf
AjayVejendla3
 
Understanding the Challenges of Street Children
Understanding the Challenges of Street ChildrenUnderstanding the Challenges of Street Children
Understanding the Challenges of Street Children
SERUDS INDIA
 
2024: The FAR - Federal Acquisition Regulations, Part 36
2024: The FAR - Federal Acquisition Regulations, Part 362024: The FAR - Federal Acquisition Regulations, Part 36
2024: The FAR - Federal Acquisition Regulations, Part 36
JSchaus & Associates
 
Donate to charity during this holiday season
Donate to charity during this holiday seasonDonate to charity during this holiday season
Donate to charity during this holiday season
SERUDS INDIA
 
PD-1602-as-amended-by-RA-9287-Anti-Illegal-Gambling-Law.pptx
PD-1602-as-amended-by-RA-9287-Anti-Illegal-Gambling-Law.pptxPD-1602-as-amended-by-RA-9287-Anti-Illegal-Gambling-Law.pptx
PD-1602-as-amended-by-RA-9287-Anti-Illegal-Gambling-Law.pptx
RIDPRO11
 

Recently uploaded (20)

如何办理(uoit毕业证书)加拿大安大略理工大学毕业证文凭证书录取通知原版一模一样
如何办理(uoit毕业证书)加拿大安大略理工大学毕业证文凭证书录取通知原版一模一样如何办理(uoit毕业证书)加拿大安大略理工大学毕业证文凭证书录取通知原版一模一样
如何办理(uoit毕业证书)加拿大安大略理工大学毕业证文凭证书录取通知原版一模一样
 
Get Government Grants and Assistance Program
Get Government Grants and Assistance ProgramGet Government Grants and Assistance Program
Get Government Grants and Assistance Program
 
2024: The FAR - Federal Acquisition Regulations, Part 38
2024: The FAR - Federal Acquisition Regulations, Part 382024: The FAR - Federal Acquisition Regulations, Part 38
2024: The FAR - Federal Acquisition Regulations, Part 38
 
Russian anarchist and anti-war movement in the third year of full-scale war
Russian anarchist and anti-war movement in the third year of full-scale warRussian anarchist and anti-war movement in the third year of full-scale war
Russian anarchist and anti-war movement in the third year of full-scale war
 
一比一原版(Adelaide毕业证)阿德莱德大学毕业证成绩单
一比一原版(Adelaide毕业证)阿德莱德大学毕业证成绩单一比一原版(Adelaide毕业证)阿德莱德大学毕业证成绩单
一比一原版(Adelaide毕业证)阿德莱德大学毕业证成绩单
 
2024: The FAR - Federal Acquisition Regulations, Part 37
2024: The FAR - Federal Acquisition Regulations, Part 372024: The FAR - Federal Acquisition Regulations, Part 37
2024: The FAR - Federal Acquisition Regulations, Part 37
 
Effects of Extreme Temperatures From Climate Change on the Medicare Populatio...
Effects of Extreme Temperatures From Climate Change on the Medicare Populatio...Effects of Extreme Temperatures From Climate Change on the Medicare Populatio...
Effects of Extreme Temperatures From Climate Change on the Medicare Populatio...
 
State crafting: Changes and challenges for managing the public finances
State crafting: Changes and challenges for managing the public financesState crafting: Changes and challenges for managing the public finances
State crafting: Changes and challenges for managing the public finances
 
The Role of a Process Server in real estate
The Role of a Process Server in real estateThe Role of a Process Server in real estate
The Role of a Process Server in real estate
 
Uniform Guidance 3.0 - The New 2 CFR 200
Uniform Guidance 3.0 - The New 2 CFR 200Uniform Guidance 3.0 - The New 2 CFR 200
Uniform Guidance 3.0 - The New 2 CFR 200
 
Transit-Oriented Development Study Working Group Meeting
Transit-Oriented Development Study Working Group MeetingTransit-Oriented Development Study Working Group Meeting
Transit-Oriented Development Study Working Group Meeting
 
快速制作(ocad毕业证书)加拿大安大略艺术设计学院毕业证本科学历雅思成绩单原版一模一样
快速制作(ocad毕业证书)加拿大安大略艺术设计学院毕业证本科学历雅思成绩单原版一模一样快速制作(ocad毕业证书)加拿大安大略艺术设计学院毕业证本科学历雅思成绩单原版一模一样
快速制作(ocad毕业证书)加拿大安大略艺术设计学院毕业证本科学历雅思成绩单原版一模一样
 
PNRR MADRID GREENTECH FOR BROWN NETWORKS NETWORKS MUR_MUSA_TEBALDI.pdf
PNRR MADRID GREENTECH FOR BROWN NETWORKS NETWORKS MUR_MUSA_TEBALDI.pdfPNRR MADRID GREENTECH FOR BROWN NETWORKS NETWORKS MUR_MUSA_TEBALDI.pdf
PNRR MADRID GREENTECH FOR BROWN NETWORKS NETWORKS MUR_MUSA_TEBALDI.pdf
 
MHM Roundtable Slide Deck WHA Side-event May 28 2024.pptx
MHM Roundtable Slide Deck WHA Side-event May 28 2024.pptxMHM Roundtable Slide Deck WHA Side-event May 28 2024.pptx
MHM Roundtable Slide Deck WHA Side-event May 28 2024.pptx
 
ZGB - The Role of Generative AI in Government transformation.pdf
ZGB - The Role of Generative AI in Government transformation.pdfZGB - The Role of Generative AI in Government transformation.pdf
ZGB - The Role of Generative AI in Government transformation.pdf
 
NHAI_Under_Implementation_01-05-2024.pdf
NHAI_Under_Implementation_01-05-2024.pdfNHAI_Under_Implementation_01-05-2024.pdf
NHAI_Under_Implementation_01-05-2024.pdf
 
Understanding the Challenges of Street Children
Understanding the Challenges of Street ChildrenUnderstanding the Challenges of Street Children
Understanding the Challenges of Street Children
 
2024: The FAR - Federal Acquisition Regulations, Part 36
2024: The FAR - Federal Acquisition Regulations, Part 362024: The FAR - Federal Acquisition Regulations, Part 36
2024: The FAR - Federal Acquisition Regulations, Part 36
 
Donate to charity during this holiday season
Donate to charity during this holiday seasonDonate to charity during this holiday season
Donate to charity during this holiday season
 
PD-1602-as-amended-by-RA-9287-Anti-Illegal-Gambling-Law.pptx
PD-1602-as-amended-by-RA-9287-Anti-Illegal-Gambling-Law.pptxPD-1602-as-amended-by-RA-9287-Anti-Illegal-Gambling-Law.pptx
PD-1602-as-amended-by-RA-9287-Anti-Illegal-Gambling-Law.pptx
 

November 2016 monthly threat update

  • 1. NOT PROTECTIVELY MARKED 1 | P a g e Monthly Fraud Threat Update September - November 2016 Copyright © City of London Police 2016 NFIB Disclaimer: While every effort is made to ensure the accuracy of the information or material contained in this Alert, it is provided in good faith on the basis that the Commissioner, the City of London Police and its police officers and staff accept no responsibility for the veracity or accuracy of the information or material provided and accept no liability for any loss, damage, cost or expense of whatever kind arising directly or indirectly from or in connection with the use by any person, whomsoever, of any information or material herein. The quality of the information and material contained in this document is only as good as the information and materials supplied to the City of London Police. Should you or your police force hold information, which corroborates, enhances or matches or contradicts or casts doubt upon any content published in this Alert, please contact the City of London Police NFIB by return. Any use of the information or other material contained in this document by you signifies agreement by you to these conditions.
  • 2. NOT PROTECTIVELY MARKED 2 | P a g e Key Judgements: Impact on Individuals:  Vishing calls  Account takeovers  Binary Options  Trading Software  Job application fraud  Dating Fraud Victim Loan  Smart Phone – ‘Lost Mode’ Hack  Armada Collective: DDoS & Extortion Hacking Group Impact on Enterprise:  Distribution Fraud Cross Cutting Themes:  Online Shopping – contact outside of the platform  Online Shopping – Undelivered Items  Delivery of Empty Boxes  Social Media Hacking  NHS Tax Reclaim  HMRC Text Hack  Increase in bank transfers to Italy and Germany
  • 3. NOT PROTECTIVELY MARKED 3 | P a g e Introduction This monthly threat update will provide an overview of the trends affecting individuals and enterprise as reported to Action Fraud. This report incorporates an assessment of information received during the period 1st August – 31st October 2016. We welcome your feedback so that we can shape future reports to your needs. Banking & Corporate Fraud Account Takeovers (August 2016) Bank customers have been contacted by fraudsters via text message. The message asked the customers to dial 0345 956 9685 in order to reset their telephone banking details as there had been a technical issue with their account, which had caused their account to be blocked. If the customers dial that number and follow the instructions, their details are captured by the fraudsters. Subsequently this enables the fraudsters to call the bank pretending to be the genuine customer and carry out transactions. Distribution Fraud (October 2016) A UK supply business is contacted via email by the fraudster purporting to be from an establishment/company requesting a quote for goods to be provided on a credit basis. If this is approved the order is made and items are subsequently delivered to serviced offices or warehouses all over the UK from where they would be dispatched elsewhere; sometimes to privately rented storage locations as reports have also been received from companies that have been storing items for the fraudsters and have not been paid. Suspects will use email addresses very similar to that of a legitimate establishment’s address, just adding a digit, or an ‘m’ instead of ‘nn’. In addition, any mobile telephone numbers given are likely to be VOIP (often starting with 070) and therefore hard to trace. Investment Fraud Binary Options (August 2016) Binary Options fraud continues to be a problem, with one victim losing over £520,000 this month. No money is ever recovered and it is believed that the trades never take place. The fraudulent companies purport to be based in the UK (mainly London), however it is believed that they have no physical presence here. In one report the victim was advised by staff at the binary options company what to say to bank staff in order to secure a loan (i.e. how much they earned/what the money was for) that was then transferred to the suspect company. Trading Software (September 2016) Suspects persuade the victim to purchase trading software for a small fee, in the form of a DVD which installs programmes on a desktop purporting to be linked to the London stock market. The promotional campaign offers a quick win within a 6 or 12 month period and if the victim encounters a loss, they are promised a full refund for their total outlay, paid via bank transfer. Victims find that they do not win and they cannot re-claim the money promised. This is a similar method to binary options fraud.
  • 4. NOT PROTECTIVELY MARKED 4 | P a g e Mass Marketing Fraud Job Application Fraud (August 2016) The NFIB has received reports relating to job application fraud. This is the re-emergence of a trend noted in April 2016. Victims are contacted and told that they have a job and that they need to pay a fee for related vetting / training for their employment. The victim pays the fee and the job does not exist. The NFIB issued an alert for this in May 2016. Dating Fraud Victim Loan (September 2016) The suspect(s) uses their relationship with the victim to obtain their personal and financial details and then applies for a loan in the victim’s name. The suspect then uses a variety of stories to convince the victim that the money which has appeared in their bank account has come from the suspect and it needs to be transferred to the account of a UK based company (mainly involved in recycling textiles and pharmaceuticals). Vishing Calls (October 2016) The NFIB has seen reports where victims receive a call purporting to be from a media broadcasting company stating that a refund was due to the victim, possibly linked to their ‘viewing card’. The victim later receives a call purporting to be from their bank saying that there has been unusual activity on their account and asks for sensitive details. This ‘verification call’ from the bank may be repeated to obtain more details. Ultimately the aim of the suspect appears to be convincing the victim to transfer their money to a temporary ‘safe’ account that the suspect nominates. Volume Fraud Social Media Hacking (August 2016) The NFIB have identified reports where fraudsters are targeting social media account users, by hacking their accounts then messaging the social media account user’s friends, asking them to accept a PayPal credit on their behalf. Those who agree to accept the credit are then asked to transfer the amount to another account controlled by the suspect. Later the credit is disputed as goods were not delivered and refunded by PayPal, leaving the account holder with a financial loss. NHS Tax Reclaim (September 2016) The suspects advertised to NHS staff stating that they can claim a tax rebate from HMRC, which is a legitimate claim. The victims pass over all of their identity documents and give permission for the company to request the rebate on their behalf. The company claims the rebate from HMRC and receive the entire amount, purporting to only take a fee before passing the remaining amount to the victim. This does not happen and the company keeps the entirety of the tax rebate. Online Shopping – Contact Outside of the Platform (October 2016) Victims order through an online shopping platform, only for the order to be cancelled by the suspect company and a spoofed email is sent requesting an international bank transfer to Italy and Germany. It was also identified that victims have been asked to purchase goods by paying with Gift cards. The ordered items are not delivered. Online Shopping – Undelivered Items (October 2016) Victims attempting to purchase goods online pay through normal services and then receive notification of delivery. The delivery has been signed for by an unknown individual. In many instances the victim has reported that they were in at the time of delivery but did not receive any knock on the door or the victim had other items delivered but some were missing and had been signed for by an unknown individual. Online shopping companies have requested that the victims report the instances to police but have refused to provide refunds as the goods had been signed for.
  • 5. NOT PROTECTIVELY MARKED 5 | P a g e Delivery of Empty Boxes (October 2016) The victims order an item online or have an item ordered for them by the suspect. The victim ordering an item will receive a box with items which is not what they ordered. In one instance, the victim was ordering a TV and received a catalogue. For a seller, the suspect purchases the item and then purports that there was something wrong with the item and requests a refund. The item is sent back to the seller but the item returned is not what was ordered. In many instances the victim who has received an empty box or incorrect items does not receive a replacement. Cyber Smart Phone ‘Lost Mode’ Hack (August 2016) The NFIB has seen an increase in reports that smart phone users are being locked out of their handsets, which are being remotely placed in ‘Lost Mode’. A ransom requests appears, usually displayed in Russian, and provides Gmail addresses to contact about the ransom (usually the equivalent of £15 - £40). Armada Collective: DDoS & Extortion Hacking Group (September 2016) A number of reports have been received whereby victims have been sent emails stating that if they do not pay a fee (normally 1btc / £454 begin with and rising to 20btc’s / £10,000) their business will be targeted with a DDoS attack. Open source information suggests that no business has actually been taken offline by the Armada Collective – instead it appears they use the threat of the DDoS attack as a type of protection racket with victims paying the extortion fee. Copycat extortionists are believed to be emailing businesses claiming to be the Armada Collective in addition to this. HMRC Text Hack (September 2016) Victims receive a text message stating they are due a tax rebate – the text contains a link to a website requesting personal banking information. Some victims receive a pre-recorded voice call from someone claiming to be from HMRC asking them to call back. It is not known if the texts and pre-recorded messages are linked. Money Laundering The Rise of Financial Technology (FinTech) Companies (September 2016) The rise of FinTech companies and the implementation of the Payment Account Directive (PAD) will have an impact on economic crime as a whole. In order to boost competition within the UK, the financial services regulator has relaxed rules and cut red tape for new financial institutions, making it easier to become a bank. Whilst it has taken some time for applications to be approved by the ‘New Bank Start-up Unit’, new financial institutions are now entering the market. They are all trying to compete and take market share away from the well-established financial services that currently exist, by exploiting new technologies and appealing to a new generation of mobile customers that never enter a physical branch.
  • 6. NOT PROTECTIVELY MARKED 6 | P a g e Payment Account Directive (PAD) The PAD was implemented in the UK on 18th September 2016. The aim was to improve transparency and comparability of fee information for payment accounts (including current accounts), help people to switch accounts and ensure every EU resident has access to a basic bank account. The PAD has also enabled the opening of UK basic bank accounts without needing a UK residency, leaving financial services without the ability to perform sufficient identification, verification, Know Your Customer (KYC) and Anti-Money Laundering (AML) checks. The PAD has also removed the ability to close an account on the ‘suspicion’ of financial crime. It states that only one basic bank account can be opened, but there is nothing in place to monitor or manage this. The opening of UK bank accounts from a country in European Economic Area without sufficient due diligence could result in an increase in fraudsters or money launderers using these accounts for criminal purposes. Glossary of Terms Ransomware This is a form of malware that attacks your computer, locking you out and demanding payment in the form of a ‘fine’ to have it unlocked. The warning page distributed by the fraudsters, typically uses logos from both the Metropolitan Police and the Police Central Crime e-Crime Unit (PCEU) to make it look more like an official warning notice. Spoofing Fraudsters typically clone the telephone number of the organisation they want to impersonate and then make it appear on the victim’s caller ID display when they telephone them on a landline. The fraudsters will then gain the person’s trust by highlighting the number to them, claiming that this is proof of their identity, before trying to defraud them in various ways. DDoS Attack Distributed Denial of Service (DDoC) attack is where multiple compromised or infected systems flood a targeted system – usually a system of web services. This is often to bring down an organisation’s website. DDoS with Extortion The same as the above, however the suspect will normally email the victim to advise that an attack in about to begin and to prevent the attack the victim needs to pay a sum of money.
  • 7. NOT PROTECTIVELY MARKED 7 | P a g e Handling Instructions This report may be circulated in accordance with the protective security marking shown below and caveats included within the report. The information contained in this report is supplied by the City of London Police in confidence and may not be shared other than with the agreed readership/handling code without prior reference to the City of London Police. Onward disclosure without prior authority may be unlawful, for example, under the Data Protection Act 1998. The cover sheets must not be detached from the report to which they refer. Protective Marking: NOT PROTECTIVELY MARKED FOIA Exemption: NO Suitable for Publication Scheme: NO Version: FINAL Storage File Location: Purpose: Provide an overview of key themes affecting individuals and enterprise. The information contained within this report has been based upon content within Action Fraud reports which have not been verified as true and accurate accounts. Owner: NFIB Author: Analyst Review By: Senior Analyst, 88071e