This Christmas, sales of netbooks, laptops and tablets are set to outstrip sales of conventional PCs. The increased use of portable devices is providing scammers with a perfect opportunity to target users of public Wi-Fi networks in cafes, bars, airports and train stations. A common scam is to set up an open wireless access point that is designed to look like an official hotspot such as ‘BTOpenzone’, the cybercriminals then monitor all of the traffic coming through their access point, hoovering up any sensitive details they can.

If you are connecting to a Wi-Fi network, be especially careful that you select the correct network and do not allow your device to automatically find and log into nearby Wi-Fi hotspots.

Let us know if you believe you have fallen victim to this type of scam. Get in touch at support@garlik.com if you believe that your personal information may have been compromised, we can help!

Stay safe & stay aware

A compromised Facebook account not only leaves your own personal details as risk but also provides cyber criminals with insight into all of your friends’ personal details and activity. It’s therefore important to realise that if one of Facebook friends appears to have had their account hacked, that this could impact directly on you. Access to a Facebook account can provide an online criminal with numerous avenues to gain data and carry out fraudulent activities such as:

• Data mining for mobile phone numbers on account profiles;
• Collecting personal and private information to be used for phishing attempts such as the ‘Grandma Scam’ (in which a fraudster contacts older citizens pretending to be their grandchild in desperate need of money to help them out of a tricky situation);
• Using photos and other profile data to create fake profiles, tricking people into accepting friend requests so as to collect yet more data;
• Installing rogue Facebook applications so as to send spam and scam links to all of the friends on the account;
• Monitor status updates of friends to know where they are and when they are not at home.

Advice

It is all very well your friend notifying you that their Facebook account has been compromised, but this also puts you and your details at risk. You should pay careful attention to everyone on your friends list, if you see any name changes of suspicious activity, immediately perform the following actions to protect your personal information:

• If a Facebook friend’s account is sending out strange messages which look like spam and/or contain links, try to notify them of the situation by alternative contact details (email address, phone number), so they can take action to reclaim their account and mitigate the damage. Do not click on any links posted from their account! If you cannot contact the friend consider blocking or un-friending them;
• If the name changes on one of your friends’ Facebook accounts it might be worth looking into. Perhaps they genuinely prefer the name ‘Max Power’ but it could be a sign that the account is no longer under their control. As above, try to verify that it is in fact still your friend, if you cannot then you should block or un-friend this person;
• Report any fake profiles to Facebook – Do this by navigating to the offending profile, and clicking on the settings menu (the icon looks like a gear/cog) near the top right corner and click on ‘Report/Block’.

Let us know if you have fallen victim to this type of scam. Get in touch at support@garlik.com if you believe that your personal information may have been compromised, we can help!

Stay safe & stay aware

The Sun has revealed that millions of Xbox users have been hit by a phishing scam by cyber criminals. “In one phishing con, crooks sent emails to players directing them to bogus websites offering free Microsoft points that can be used to buy games.”

Users were then prompted to enter details that provided criminals with access to their online accounts and credit card information. Small amounts were taken over several weeks that were undetected by millions of users. “The average loss to gamers in 35 countries hit by the scam is around £100, but many lost £200.”

Advice
If you believe you have been a victim of this or a similar scam, we would advise that you use our online email checker to detect whether your email address has been compromised.

We would also advise that you immediately change the passwords to all of the online services you use. We advise that you use separate passwords for each site so if one is compromised, the fraudsters will not have access to all of your online accounts. There are free online password managers that can help you manage your passwords.

Cybercriminals often build well-known & trusted brands into scams in their attempts to trick computer users into giving money or divulging sensitive information.

We recently had a customer call us in relation to a telephone call from “Microsoft Tech Support”; they had identified that our customer had a virus on their PC and that they may have noticed that their computer had “slowed-down” and he was “experiencing unwanted pop-ups” when using the internet. Sure enough our customer had noticed that his PC had slowed down a bit and he was indeed experiencing many unwanted pop-ups.

It’s a pretty good numbers game for the scammers to gain the trust of the not-so-tech-savvy users, after all PCs do tend to slow down gradually over time & we all know how annoying those constant pop-ups can be whilst you are browsing the internet!

This scam has been doing the rounds for some time, however they it does still seem to be catching out many PC users. Microsoft state that they “will never send unsolicited e-mails or make unsolicited phone calls to request personal or financial information or fix your computer”.

Other Microsoft scams

• During activation of Microsoft Windows, a pop-up appears saying: “Microsoft requires credit card information to validate your copy of Windows”

Microsoft say: “At no time during the validation process do we request your credit card information.”

• E-mail messages claiming to be from Microsoft with attached security updates

Microsoft say: “Legitimate communications do not include software updates as attachments. We never attach software updates to our security communications. Rather, we refer customers to our website for complete information about the software update or security incident.”

• “You have won the Microsoft Lottery”

No, there isn’t a Microsoft Lottery.

Advice

If you are contacted from a company offering you a service or advice about a ‘problem’ they have been made aware of, you should take some time to research the company before providing them with any personal information or payment. For example, the Microsoft website states that; “ If you receive an unsolicited e-mail message or phone call that purports to be from Microsoft and requests that you send personal information or click links, delete the e-mail or hang up the phone.”

Some fraudsters will claim they are a limited company, if do, they should be registered with Companies House, the official government register of companies. If the offer is to buy or sell shares, they must be registered with Financial Services Authority (FSA) so it will be worth checking with these institutions.
Remember to only open emails and texts, or click on links from trusted sources. If you receive emails or text from an untrusted source, instantly delete them. To give yourself maximum protection from Malware ensure that you are regularly receiving Windows OS system updates and you have a valid anti virus software on your PC devices. If you are worried that you have opened an email like this, then run both a virus scan and check for updates in Windows updates.

If you have been a victim

You should also report similar emails to Action Fraud who provide a central point of contact for information about fraud. If you have received similar scams regarding Microsoft, you should report it to reportphishing@antiphishing.org.

We would also recommend that you visit the CIFAS website. “CIFAS Protective Registration is a service that enables individuals to seek protection against possible impersonation attempts when they have good reason to believe that their details might be used by a fraudster.”

Pop-up Blockers

Did you know your internet browser can block most of those annoying pop-ups? Some pop-ups will contain content that may lead you to untrusted sites that could put your computer and your personal details at risk. We would advise that you have a pop up blocker enabled to prevent the chance of online fraud.

Stay safe & stay aware

Facebook has announced that they will be adding two more password tools to its site in an attempt to boost security after growing concerns about the social networks privacy and security issues.

The two new features, Trusted Friends and App Passwords should become available to users in upcoming weeks.

Trusted Friends is a new tool to help users in case they get locked out of their account, Facebook’s security blog states; “you can now select three to five trusted friends who can help you if you ever have issues accessing you account”. “If you forgot your password and need to login but can’t access your email account, you can rely on your friends to help you get back in. We will send codes to the friends you have selected and they can pass along that information to you”

App Passwords is currently a feature in testing that will allow users to use app passwords for logging into third party applications. “Simply go to your Account Settings, then the Security tab, and finally to the App Passwords section”. It will enable users to “generate a password that you won’t need to remember, just enter it along with you email when logging into an application”.

Advice

Facebook users must be careful whom they chose to share their Trusted Friends codes with.

When you can’t log in, Facebook will send codes to 5 of the friends you selected. You will have to communicate with them in some way to gain the codes, however, you only have to enter 3 of the 5 codes. The only fault in this process that we can detect is that if one of the 5 friends asks for 2 of the codes from your other trusted friends they will be able to gain access to your account. It is therefore essential that you carefully choose your trusted friends and keep them to yourself.

Recent police statistics show that robberies involving knives has risen from 13,994 in the twelve months running up to June of last year to 14,980 in the following twelve months. This 7 per cent increase is being credited at the increase of smartphones such as Samsung Galaxy’s, iPhones and BlackBerry’s. The Association of Chief Police Officers (ACPO) suggests that the demand for personal data stored on the smartphones is partly to blame for the cause of the increase.

Jon Murphy – Merseyside chief constable states that; “The increase in robbery and robbery with knives is a cause for concern. We believe this is in part driven by demand for mobile phone handsets, which can fetch more than double their worth on the black market abroad.”
Smartphones now hold a variety of data other than just the owner’s contacts; files, internet history, email addresses, bank account passwords as well as other files and personal details can all be stored on the phones. The age and model of the phones are not important to ID thieves; however, the stored information makes them extremely valuable on the black market in Africa, China and Europe.

Our advice

• If you own a smartphone, ensure that you have a PIN or security passcode enabled. So, if the unfortunate event does occur, and your phone is stolen, the fraudster will not easily be able to gain access to your personal information;
• There are applications available for smartphones, i.e. MobileMe for iPhone that will allow you to remotely lock, wipe or locate your phone if required. (However, you should also look in to backing-up the data on your phone, you will be grateful you did if you do ever have to wipe your phone!);
• We would also recommend not selecting “keep me logged in” options for web services or apps. So, if your phone is stolen, the fraudster would not have instant access to your accounts. There are applications available to help you keep track of passwords such as KeePass or LastPass, which mean you will only ever have to remember a single password (remember though, that you should definitely not check the option to “remain logged in” or “remember my password” for a password manager!);
• We would also advise that you avoid storing sensitive information on your smartphone in notes or texts.

If you have been a victim of a similar crime

Please ensure that you report it to the police. There are also websites such as victim support who will help deal with the after effects.

We would also advise that you visit the CIFAS website. “CIFAS Protective Registration is a service that enables individuals to seek protection against possible impersonation attempts when they have good reason to believe that their details might be used by a fraudster.”

Stay Safe & Stay Aware

We reported earlier this week that research by CIFAS shows that 7% of the UK population have been victims of Identity Fraud. This week, HM Revenue & Customs (HMRC) has announced that six million taxpayers are eligible for on average, a £300 tax rebate. Internet fraudsters have seen this as a perfect opportunity to send out emails claiming to be HMRC and trick taxpayers into giving away their personal & financial details.

HMRC state that almost 24,000 phishing emails were reported in August alone, an increase of nearly 300 per cent compared to the same month last year. HMRC state that they “will never send notifications of a tax rebate by email, or ask you to disclose personal or payment information by email.”

Examples of known HMRC phishing emails can be found here.

What to do if you have received a suspicious HMRC email

If you do receive similar emails, ensure that you take the following actions:
• Do not click on any links included in the email;
• Check for HMRC related scam examples;
• Forward it to phishing@hmrc.gsi.gov.uk;
• Run anti-virus software to check for infections;
• Do not visit the website contained within the email or disclose any personal or payment information.

HMRC are currently helping to successfully shut down around 100 fraudulent sites per month. It is therefore essential that similar emails are reported.

What to do if you have already given your personal information

If you have already given any of your personal information, for example your HMRC User ID, password or National Insurance number, you should forward brief details to security.custcon@hmrc.gsi.gov.uk

We would also recommend that you visit the CIFAS website. “CIFAS Protective Registration is a service that enables individuals to seek protection against possible impersonation attempts when they have good reason to believe that their details might be used by a fraudster.”

The National Identity Fraud Prevention Week, launched by leading organizations such as the Metropolitan Police & CIFAS, runs from the 17th to the 23rd of October. Its aim is to alert consumers and businesses to the threat of identity fraud at home and at work.

Research carried out by Fellows, a sponsor of the campaign shows that 7% of the UK population have been victims of identity fraud, equating to over 4 million people. The average cost of these incidents to each victim is £1,190, but some individuals have lost up to £9,000.

Statistics from CIFAS, the UK’s Fraud Prevention Service, reported that the number of identity fraud cases declared to the authorities in the UK continues to rise, with over 80,000 reported in the UK so far this year.

The National Fraud Intelligence Bureau advice recently posted a fraud alert which highlights some main points of how to stay protected:
• Don’t get involved with or respond to unsolicited communication – email, telephone, letters;
• Never provide any personal/sensitive information as a result of emails or cold calls;
• If you ever do, run an Internet check on company names, telephone numbers, email address, etc.;
• When receiving correspondence from the police always check the email address finishes ‘police.uk’.

A guide of tips of how Individuals and businesses can prevent ID Fraud can be found here.

ID Fraud Victims

If you have been a victim of Fraud you should firstly contact Action Fraud. This is a service run by the National Fraud Authority – the government agency that helps to co-ordinate the fight against fraud in the UK.

We would also suggest CIFAS Protective registration. CIFAS is a service that enables individuals to seek protection against possible impersonation attempts when they have good reason to believe that their details might be used by a fraudster.

Stay safe & stay aware.

Tomorrow is the day that millions of Mac fans have been waiting for; Apple are due to reveal their plans for the latest version of the iPhone. No clues have been provided from Apple as to whether this will mean a re-vamped iPhone 4 or a completely redesigned iPhone 5.

However, this hasn’t stopped cybercriminals from taking advantage of the opportunity to use the hype as a platform for phishing emails containing malware.

Journalist Abram Wagenaar was the first to tweet an example of an image of a very professional looking email advertising the iPhone 5. Note that the sender’s address is actually disguised as “news@apple.com”:

The emails contain links to malicious sites that contain Windows malware. At the moment Mac users do not seem to have been targeted but this could easily change.

Our advice; if you receive similar looking emails from an untrusted source, instantly delete them. Remember, only open emails from trusted sources and never click on links that look suspicious. To give yourself maximum protection from Malware ensure that you are regularly receiving Windows OS system updates and you have a valid anti virus software on your PC devices. If you are worried that you have opened an email like this, then run both a virus scan and check for updates in Windows updates.

Recent research shows that more than 200,000 people in Britain have been victims of online romance fraud. Investigations by the Serious Organised Crime Agency (SOCA) state that victim’s losses range from £50 to £240,000 and ‘the agency had learned of 730 crimes over the past 15 months, totaling £8m in losses’.

Sky News also state in their recent article: “The majority of burglars are using social media websites to help target victims and plan their crimes, a survey suggests. Three quarters of convicted burglars questioned said sites including Google Street View now play a big part in their planning. A similar amount said Twitter and Facebook – where users ‘check in’ to locations – are also being used by criminals.”

How the scams work

SOCA said in a statement, “Romance fraudsters target people who use Internet dating, social web sites and newspaper personal columns. By feigning romantic interest romance fraudsters first secure their victims’ trust then exploit the relationship to steal personal information and money, leaving their victims financially and emotionally devastated.”

Similarly, burglars communicate and befriend users of social networking sites, enabling them to see posts and ‘check ins’ of their whereabouts.

How to spot a scam

SOCA has put together a list of tell tale signs for people to look out for if they suspect their online friend may be someone else, some common ways to spot a fraudster are:

• An excuse as to why they cannot meet up or speak in person. Common excuses include long distance jobs such as a soldier or a nurse.
• Having only one picture is a give away, this could simply be a picture they found off the Internet and if they are refusing to send another, it is likely because they do not have one.

Our advice

Colin Woodcock of SOCA said, “It is crucial that nobody sends money to someone they meet online, and haven’t got to know well and in person.”

Always be cautious when using social media and networking sites. Ensure that you are familiar with the person you are befriending and that they are indeed who they say they are.