Royal Mail text message scam
Hackers are infecting Android phones by sending text messages that claim Royal Mail tried but failed to deliver a package to your house.
The message tells you to click a link to download what looks like Royal Mail’s app, but it actually installs the FakeSpy malware on your phone.
This shows two messages — one asking for permission to intercept and read every SMS text message you receive, and the other to ignore battery optimisation features, allowing it to work while the screen is off and the phone locked. It appears to be legitimate because it sends you to the ofﬁcial Royal Mail website.
Once you’ve given these permissions, it steals data from your device, including messages, phone numbers, and details from banking apps. It also sends itself to devices owned by people on your contacts list
Royal Mail will only contact you when a business has paid it to deliver items through Royal Mail Tracked or Royal Mail Special Delivery, or when a member of the public sends a trackable item using ‘Click 8: Drop’.
If the postman fails to deliver a package to you he will pop a card, giving the reason, through your letterbox, but not send you a message, visit Royal Mail’s site for a current list of scams to avoid.
I don't know if the following supposed telephone conversation is true but this is how scammers work and vulnerable people will fall for it. BE AWARE:
"Good morning, I'm calling from the NHS track and trace service. According to our system, you are likely to have been in close proximity to someone who has tested positive for COVID-19. This means that you now need to self isolate for 7 days and take a COVID-19 test."
'OK. Can you tell me who that person was?'
"I'm not able to tell you that. That is confidential information but you do need to be tested within the next 72 hours. So can I have your address so that we can send a kit to you?"
'Ok (gives address)'
"Thank you - and I just need a payment card number so that we can finalise this and send the kit to you,"
'Sorry - a payment card? I though this was all free?'
"No - I'm afraid not. There is a one-off fee of £50 for the kit, and test results. Could you read off the long card number for me, please, when you're ready."
'No - that's not right. This is part of the NHS so there's no charge.'
"I'm afraid there is. Can you give me the card number please - this is very important, and there are penalties for not complying."
Puts phone down.
Scammers taking advantage of NHS contact-traving app being tested on the Isle of Wight.
"Scammers are sending text messages that try to trick people into thinking they have been in contact with someone who has tested positive for Coronavirus.
The message contains a link to a fake website that asks for personal details.
Fraudsters can use this information to gain access to steal money from victims‘ bank accounts.
It looks genuine because it appears to come from an official who is working on the NHS’s contact tracing app currently being tested on the Isle of Wight.
The public were warned about the scam by the Chartered Trading Standards Institute (CTSI), which said it was further evidence that fraudsters are modifying their tactics to exploit changes in the response to the pandemic.
The fake message reads: “Someone who came in contact with you tested positive or has shown symptoms for Covid—19 & recommends you self-isolate/get tested”.
Action Fraud has reported that since March criminals have stolen more than £2m in Coronavirus scams.
Experts fear this could increase once the contact-tracing app is released throughout the country."
The 'scammers' are busy as usual, recent ones are from HMRC for a tax refund, HMRC don't get in touch with you in this way.
I am warned my netflix account is suspended, I don't have a netflix account but it is a worry if you do have an account with the supposed sender of the email, if in doubt log in to your account on their official site to see if it is a genuine request.
You can read advice about scams in the 'beware of scams' section in the NCC Bulletin: Your Life.
This is a genuine email, the links for the Microsoft Services Agreement, Microsoft Privacy and FAQ take you to a genuine Microsoft site.
The email is for information only and doesn't ask you for your Microsoft account details, the only requirement is that you read the terms and decide on the following question:
Microsoft Services Agreement
How do I accept these terms?
By using or accessing our products or services on or after 30 August 2019, you are agreeing to the updated Microsoft Services Agreement. If you do not agree, you can choose to discontinue using the products and services, and close your Microsoft account before 30 August 2019.
No doubt scammers will take advantage of these changes and send out emails that ask you to click on a link and update your Microsoft account, this will be a scam.
Follow this link: Take 5 -To stop fraud (taken from the National U3A newsletter for March 2019), there is also a link to the U3A National newsletter archives on the General news page.
I have had an email from Amazon telling saying my recent order couldn't be processed and to click on a link to confirm the order, the link wasn't to the Amazon website, if in doubt and you do have an account with Amazon log in to your account in the usual way and check your orders there.
Read about the 'phishing' scam on the BT phishing page.
The TV licence scam continues, my TV licence has expired (again), the latest one demands £17.... £17 ???.... seems reasonable.
A new twist on the TV licencing scam, they now tell me that the direct debit I made for TV licencing (which I didn't) failed and will I please try again, if the free TV licence for over 75's ceases in 2020 I can see this type of scam escalating.
HMRC scams continue to come and as it is nearing the end of the financial year we can expect reminders, demands and, if you are lucky, even a rebate from HMRC which makes these scams seem genuine, remember that HMRC will never contact you by email, only by letter, or, by telephone following a letter.
Advice from Gareth Lloyd, head of digital security at HMRC: "HMRC never contacts customers who are due a tax refund via email - we always send a letter through the post. If you receive an email claiming to be from HMRC which offers a tax rebate, please forward it to firstname.lastname@example.org and then delete it permanently."
Phishing, smishing, vishing, what's that all about? the RBS exposes all types of banking scams on this site: Banking Scams
Has your email address or password been compromised? find out on this site: haveibeenpwned good advice is to change your password(s) regularly. You can also check which websites or companies have been 'hacked'.
A BBC reporter was targeted by the 'sextortion scammers' see the report here: https://www.bbc.co.uk/news/av/stories-46323625/what-happened-when-sextortion-scammers-targeted-a-bbc-trending-reporter
Scams, hoaxes, by email and ‘phone, are getting more frequent and sophisticated every day,
I have had two emails claiming there is a problem with my TV licence direct debit and the licence will be revoked if I don’t set up a new direct debit account, sorry hoaxer, I have a free TV licence, but it can be worrying if you do pay for your TV licence.
Several times I have had an automated ‘phone call purportedly from my internet service provider saying there is a problem with my broadband connection and to press ‘1’ to speak to an engineer, this one will re-direct YOUR ‘phone to an expensive call number and you wait in silence while your ‘phone bill mounts up.
I think we are all aware of the Microsoft windows problem ‘phone calls.
I am accused of watching porn on my laptop, evidence of which they have recorded via my laptop camera and the evidence will be forwarded to the appropriate authority if I don’t pay up.
There are warrants out for my arrest for not paying my tax bill unless I click on a link and pay a certain amount, why don’t they just arrest me instead of warning me and giving me a chance to skip the country? The reverse of this fraud is that you are owed a refund and to claim it by clicking on a link, no doubt to get your bank details and wipe out your account.
All scams aimed at getting your personal details and passwords.
HMRC and Banks don’t operate in this way or ask you for details on the 'phone or by email, HMRC will ‘phone you about a problem but only after a letter has been sent to you. Microsoft Windows users can hover their cursor over a link without clicking on it and a window will pop up showing the true address of the website you are being re-directed to, does it look anything like the website it is supposedly from?
If in doubt do nowt as we say up here in the frozen North, (my friends dahn Sarf really believe that) check with your Bank, ISP, HMRC or other firms via their official ‘phone number or website.
If you have a scam you want to share with others feel free to send me the details via the little bird on my Computer & IT page.
17/11/18 update: I have just read about a new 'Name Check' Security.
A new system to check the name of people you're sending money to will begin next Summer,in a bid to reduce fraud. Currently, when you make a payment online, only the account number and sort code are verified, not the recipient's name. Under the new 'Confirmation of payee' service banks will have to check that the name you enter matches that on the recipient's account. I thought they already did that.
20/11/18 One of our members sent me this message: Thought you might like the telephone number for the HMRC scam. It is 01618 505157 just had the call so 1471'd it.
|How to Avoid and Report Internet 'Scams' and 'Phishing'|
|These three websites will help you to recognise and report scams - they contain other useful links too.|
|Reporting a scam: Report a scam|
|How to avoid a scam: Avoid and Report Internet Scams|
|The Citizens Advice website: Spotting a Scam|
Three useful publications from the Metropolitan Police that could help you to be safe online:
Little Book of Big Scams.
The latest edition of a booklet published by the Metropolitan Police about how to protect yourself against conmen/women in all their various guises and what to do if you find you have been scammed. Click the following link to open - Little book of BIG scams
FALCON -Fraud And Linked Crime ONline.
A new booklet from the Metropolitan Police abut Cybercrime,
Click the following link to open - Little Book Of Cyberscams
A new leaflet from the Metropolitan Police on how to protect yourself online, click this link: Little Leaflet of Cyber Mistakes to read the leaflet.
You can check if a firm is authorised by the Financial Conduct Authority on its register at: fca.org.uk/register