Here are some of the latest scams that we have spotted over recent weeks, but as usual, keep alert as there are plenty of others doing the rounds at the moment.
WhatsApp – OTP scam.
If you use WhatsApp, beware of direct messages from someone claiming to be from a community group that you may belong to. Fraudsters are contacting people, inviting them to an upcoming video call or focus group. They will say that they are sending you a one-time passcode (OTP) and need this code to add you to the group. In fact, what they are really doing is sending you a code in order to take over your account. Once they have control, they will lock you out and contact your friends, family and colleagues in order to defraud them, for example asking them to transfer money urgently as you are in trouble.
Never share a OTP with anyone, whether it comes from WhatsApp, your Bank, email provider, Amazon etc. A OTP is private to you and should never be shared with anyone. If someone is asking you for a OTP it will be someone trying to defraud you.
Just Died in an accident Facebook Scam
This scam started last year, but seems to be gaining traction again through messages appearing on facebook. Again, fraudsters are using your emotions to try and get you to click on a link. The message will say something like “Look who’s just died in an accident, so sad”. Of course you will want to know, but clicking on the link will only lead you to a fake login page in an attempt to get hold of your username and password.
Amazon Brushing Scam
Brushing scams occur when fraudsters send unsolicited packages from Amazon to publicly available names and addresses, for instance, those recently stolen in the Electoral Commission Data Breach. You may receive a cheap item from Amazon in the post, commonly a scarf that you did not order. Check first it was not a gift, then if you have an Amazon account, you should report it. You do not need to return the package and it is very likely that you have exposed any of your personal details or your Amazon account.
The fraudster will then write a review in your name in order to boost the rating or reputation of a company. This will then be used in turn to boost the sales of fake, counterfeit or unsafe products through Amazon.
Santander – Accept Updated Terms
A very authentic looking email is doing the rounds at the moment claiming to come from Santander saying that it has enhanced the online security of your account, but you need to make changes to your profile in order to activate these changes. This is just one example, but the names of reputable banks are regularly used in this type of phishing attack, not just Santander.
Obviously, the links on the email will take you to a fraudulent website in order to steal your banking login details. Unless you are sure where a link will take you to, never click on links in an email, whether it be from your bank, utilities company, online retailer etc. Login to the site in the usual way by going directly to it in your browser or mobile app.
Free Travel Cards
Fraudsters are trying to lure victims on social media with the promise of free train travel for a year. These dodgy Facebook ads claim Network Rail is giving away 150 travel cards, and all you need to do to get one is complete a survey and pay a small delivery fee.
Once you’ve completed the survey, you’ll be asked to play a game where you pick a box to ‘win’. Unsurprisingly, whichever box you click will be the winning one. You’ll then be taken to a page which asks for your name, address and bank details to make a payment of £3 to cover postage. If you enter your details, you’ll be giving them to scammers.
Again, this is just another example of the many phishing scams out there where fraudsters try and trick you into giving away your personal details. These scams can use any number of imaginative methods, such as giveaways, special offers, hard luck stories or updates / checking on your online account, such as in the Santander scam. They will nearly all have a sense of urgency. They aren’t trying to catch out everybody, they are trying to catch you off guard, so for example you may have to make an urgent train journey to visit family for example, so could be particularly interested in a free train pass and not wanting to miss you may just click through without thinking.
As a reminder you can find all of our previous email alerts and information on our website, https://spirecomputerhelp.wordpress.com/
Remember the A,B,C – Assume nothing , Believe nobody and Check everything
Take 5 to Stop Fraud – STOP | CHALLENGE | PROTECT
There are a number of ways you can report a scam:
· Forwarding suspicious emails to report@phishing.gov.uk
· Forward suspicious texts to Ofcom on 7726
· Contact Action Fraud by visiting actionfraud.police.uk or calling 0300 123 2040
· Contact Crimestoppers by visiting crimestoppers-uk.org
If you believe that you have become a victim of an online scam and would like some help, contact Victim Support by visiting victimsupport.org.uk
———————————————-
Getsafeonline.org has lots of advice about online safety at
https://www.getsafeonline.org
They also have a handy tool to check out whether a website is likely to be legitimate or fraudulent, at https://www.getsafeonline.org/checkawebsite/
———————————————-
If you would like to receive more information about scams into your email box, you can sign up to the National Action Fraud Alert scheme run by the City of London Police.
https://www.actionfraudalert.co.uk/
Or, you can sign up for Which? Scam Alerts …
https://act.which.co.uk/page/103781/data/1
Or sign up to West Sussex County Staying Safe Online E-newsletter …
https://www.westsussex.gov.uk/fire-emergencies-and-crime/crime-prevention/staying-safe-online/
Article by Liam Dasey. Liam is one of our volunteer Digital Champions, but he is also a volunteer Digital Ambassador for West Sussex County Council and Get Safe Online, helping raise awareness about online safety in the community.
