Chepstow

CG Latest Scams

Scams - Remember Scammers are Clever and Persuasive

NHS Track and TraceThis is FREE so if anyone phones you up and tries to make you pay it is a SCAM
On-line Pet FraudSee below
NHS Donations Apparently from the Government - it isn't!
Covid-19Tax refunds, World Health Organisation, Covod-19 cures, TV licence Refunds, Finse for leaving your house, All SCAMS.
Impersonation ScamsBank (no such thing as a Safe Account), HMRC (Income Tax people)
Computer TechnicianBroadband, BT, Microsoft etc wanting access to computer or offering to clean it up. It's a SCAM. NEVER give remote access to anyone.
Links in emails etc Don’t click on them unless you are CERTAIN about them. They may download a virus which may give them access to your computer and everything you do on it. If in doubt don't click on them.
Bank TransfersAre dangerous - you will never get your money back and the Scammers have your Bank details
Bank Details Don't give Bank details to anyone you do not know.
PasswordsNEVER give out passwords. NEVER EVER

Scams from our Members

  • See the Computer Group article about Scams on page 28 of the Magazine December 2020
  • Your credit card account recently moved to Jaja and we're pleased to let you know that we've sent you your new Jaja Visa Credit Card. You may have even already received it! This email looked so professional and genuine and asked you to register online with other links and telephone numbers. Looking on the internet some Credit Cards (Post Office?) nay be moving to Jaja and it is a genuine company. Be aware if you get similar emails. Don't click on any links.
  • An email purporting to be from DPD – the second one in 2 days. It’s clearly a scam and invites you to pay £1 for redelivery of your parcel for which they want you to key in credit card details. These emails are easy to spot in you look in the ‘To’ field as mine was sent to me and 499 other people (all for the same parcel!) The poor sentence construction and grammar is also a give-away but someone expecting a parcel (many people will be coming up to Christmas) and reading it in a hurry might just think it was genuine.
  • Received new bank card yesterday from Santander which I thought a bit strange as there still 9 months on my current one. It wasn't a contactless one either like my current card. Had all the info on letter from Santander about how to activate it etc. As it wasn't contactless its not much use to me so I went into Bank today to ask them to change it and they informed me that they hadn't sent out the card and good job I went in. If I had activated it I would of lost all my money and savings. Major fraud squad now involved. People say to me I am too suspicious of people and things. Good job I am.
  • Email from 'Hotmail Support': Dear Customer, We are closing all old versions of our mailbox as from December 8th 2020. Please follow the link below to update your account: UPDATE YOUR ACCOUNT [link deleted]. NOTE: You only have 48hours access after receiving this notice to this link so that we can help you protect your account. Hotmail won't be responsible for loss of your email messages if ignored. Thank You. Hotmail Support

General Advice

  • If anyone Cold Calls you just put the phone down.. You don't have to be polite. You don't have to listen to them. The longer you are on the phone to them the greater the chance you will be taken in by them.
  • If anyone asks for sensitive information such as bank details and passwords. Don’t tell anyone your passwords. Don’t give Cold Callers your Bank Details.
  • If you are asked to transfer money to a 'Safe Account'. There is no such thing as a 'Safe Account'
  • If they say: Don’t tell anyone else. This is definitely a scam!
  • If someone phones you up claiming to be a Police Officer, Bank Official, from HMRC, from Microsoft etc. Don’t believe them! A genuine official will allow you to phone back.
  • If they say they can phone back to a given number do not use that phone! because they can keep the line open and you will simply be going straight back to them.
  • Don’t give anyone your Bank details over the phone unless you are certain you know who they are.
  • Never give anyone your passwords.

Reporting Scams

  • Report to your Bank first and quickly
  • Action Fraud 0300 123 2040
  • See the screenshot at the side of the page - from Jackie.
  • Friendsagainstscams.org.uk
  • Cyber Aware homepage at - https://www.ncsc.gov.uk/cyberaware/home

Miscellaneous Points

  • Only 5% reported and 53% are over 55
  • Difficult to get money back
  • Victim scam circle: if you are scammed once you are likely to be scammed aghain.
  • Initial contacts are helpful, nice, charming hen they turn negative, aggressive, threatening
  • Always ring back someone on another phone or ring someone else from your own phone
  • If you are Scammed don’t feel embarrassed report it
  • Be careful about phone calls, emails, texts from unknown or even know organisations.
  • Poor Grammar or Spelling - probably a Scam
  • TAKE 5 Think about it. If in doubt DON’T. ASK someone else.

Bewware of online pet fraud! On-line criminals are posting fake pet adverts on social media. When securing a deposit for the pet, the seller uses the COVID-19 outbreak as a reason why the buyer cannot see the animal first, or pick it up. After the initial payment, more funds are requested such as insurance cover, vaccinations and delivery of the pet.

  • Always research the seller
  • Avoid paying by bank transfer – (this is the preferred payment method by criminals as it offers little protection)
  • The RSPCA say that anyone who is concerned about a breeder or seller should contact their local council and RSPCA on 0300 1234 999

New Cyber Aware Web Page
The National Cyber Security Centre have created a new webpage with advice on how to help stay secure online, including these 6 Cyber Aware tips -

  • Create a separate password for your email
  • Create a strong password using three random words
  • Save your passwords in your browser
  • Turn on two-factor authentication
  • Update your devices
  • Turn on backup

Ransomware Scams
Ransomware is a piece of malicious software that can encrypt and lock your online device.
Criminals can distribute Ransomware via fake emails and text messages hoping that the person receiving the message will open a web link or attachment in the message and download the malicious software to their device.
When your device is locked by Ransomware there is a ransom message displayed asking you to make a payment in order to recover access to your device, but there is no guarantee that you will regain access.
Create regular backups of your most important files (such as photographs and documents) to a secure and separate location to help keep your data safe. If you choose to backup your data to a USB memory stick or external hard drive, ensure the device is disconnected after the backup has finished to reduce the risk of malicious software spreading to your copy.

If you receive a phone call 📞offering to clean up your computer, this is a common scam. Hang up the call immediately, do not give the caller your personal information ✋

Always be aware when receiving messages out of the blue. Do not click on web links or attachments in messages, or use any contact details contained within them. Verify using your own trusted method

For further advice on Ransomware and creating backups of your data, see the National Cyber Security Centre (NCSC) UK government website.

ACCOUNT SCHEDULE FOR CLOSING! Received from one of our U3A members. Four emails in one day!
Dear user ID (email address follows)
Request to disable your email has been received, and this request will be processed shortly. if you fail to upgrade to our new latest version within 24 hrs of receiving this automated mail. Please kindly take a minute and click the upgrade at your left to upgrade your E-mail..... Note: This upgrade is required immediately after receiving this message......
Thanks .
Your Maintenance team. © Microsoft 2020.

This was followed by:
Dear user ID
We notice you have been ignoring the Microsoft updating, and security email that we have been sending to you. if you still want to maintain and keep your account secure kindly check you junk folder or spam folder for Microsoft verification link that will be sent you shortly ....
Thanks .
Your Maintenance team, © Microsoft 2020.
THIS ALL RUBBISH. DO NOT CLICK ON THE LINK OR YOU WILL DOWNLOAD SOFTWARE GIVING THE SCAMMERS ACCESS TO YOUR COMPUTER

The Fake ‘SKY TV’ Scam
Householders are being contacted by phone with a pre-recorded message. The scam initially succeeds by getting the recipient to ‘press 1 to speak to an operator’. DON'T DO THIS- JUST DISCONNECT. If you press '1' you will be connected to a fake SKY TV agent who offers deals in exchange for the caller’s personal and financial details. This operator may also try to persuade the resident into download software to their device (usually named Team Viewer) which will then give the criminal full access.
This is also used for fake Visa, Amazon Prime and HMRC tax refund messages.

From another Member - this is a very abbreviated version
Hey I know your Password Your PC has been infected by my Malware RAT and I now have full control over your PC and all your accounts and passwords.
You have to pay $900 for me to remove this.
I will give you two days to transfer this cash.

From another member: Supposedly from HMRC
Phone call 1: This is to inform you that HMRC is filing a lawsuit against you. Press 1 to speak to a case officer.

Phone Call 2: This call is to inform you that there is a serious lawsuit filed against your name. The issue at hand is very time sensitive. The very second you receive this call you must phone me back on this number ......... .
It goes on and finishes with: 'Goodbye and have a blessed day'.
IGNORE BOTH OF THEM - HMRC JUST DON'T DO THIS

Summary of a Talk to Monthly Meeting by Cyber CSO from Gwent Police
Scams can happen to the best of us, but knowing a little about how these crimes work can help protect yourself and your family. Most common scams follow a similar pattern. There will be a sense of urgency in the email, text, letter or phone call. For example:

  • Fake Amazon Prime calls are being reported stating that ‘you have subscribed to Amazon Prime, press 1 to speak to an operator’.
  • Or your bank has contacted you to say ‘there has been suspicious activity on your account and your money needs to be moved to a safe account.’'
  • You could even receive an email or text stating that ‘your payment details have expired’ or to ‘thank you for your purchase’, with an attachment or web link.

Each of these methods try to obtain your information. Clicking on the web link or attachment may download malicious software to your device which could record what you type.
If you are looking to verify any message, always use your own trusted method.

Cyber security can be compared to home security, in the sense that although not infallible, it can be greatly improved by taking simple steps. By creating strong online passwords, you can reduce the risk of criminals gaining access.

But what makes a strong password?

  • The National Cyber Security Centre recommend a method called ‘3 random words’. By placing 3 random words together, you can make a password long and memorable. Some logins require a capital letter, number and a special character but you can add these if necessary - Octopuslemonradiator3!
  • As a guide you can also test passwords using - www.howsecureismypassword.com

This gives an indication of how long it could take for specialised software to decode your password.

  • The NCSC also recommend that email accounts are secured with a completely separate password to any other account. This is because these accounts often hold valuable information and have access to the others.
  • If you find that you have too many passwords to remember, you can use a piece of software called a Password Manager. These managers can store all of your passwords and have many other useful utilities. The software is encrypted and can be used across multiple devices. The only password you will ever need to remember is your password manager’s password.

You may now be thinking that this seems risky recording all your passwords in one place, but many password managers and online accounts support an extra piece of security called ‘2FA’ or Two Factor Authentication. 2FA is a second check before you can login. This could be your fingerprint, facial recognition, a special USB device or a text message or code that is generated to your mobile phone.

Other ways to improve your cyber security include:

  • Updating your software.
  • Backup your important data.
  • Avoid using public Wi-Fi to transfer sensitive information.
  • Being careful clicking on web links or attachments.

For further advice see our Police Twitter account @GPCyberCrime
https://twitter.com/GPCyberCrime

Natalie Evans (Cyber CSO, Gwent Police)