Dorset Alert – Neighbourhood Information

 

image003

Gillingham Rural SNT
Gillingham Police Station
School Road
Gillingham SP8 4QR

 

Telephone:101
Email Contact : gillinghamruralsnt@dorset.pnn.police.co.uk

How To Stay Safe On Social Media – Part Two  23/07/2019 14:41:30 [279288]

Dorset Police Cyber Protect Officer Chris Conroy takes another look at how social media can be used against us – and what we can do to protect ourselves.

Hello! Chris here again, with part two of the six ways in which social media can be used against us.

Just to refresh your memories, last time we covered my brush with a fairly incompetent cyber criminal, how details can be skimmed from our profiles, how scammers try to befriend us, and how social media can be used to distribute malware.

This time round, we’ll take a look at three more ways people can get their hands on our information… even information we thought was gone forever… So, without further ado, let’s jump back in with number four. 4) Malicious apps: You may remember 2018’s Cambridge Analytica scandal.
It rocked Facebook and, for a very short amount of time, made people more aware of how their data could be misused. The issue stemmed from information being collected by apps and games within Facebook, and used to target users with adverts and information relating to political issues. This is one borderline legitimate way in which our information can be taken. After all, with the Cambridge Analytica case, the information was taken from apps which the user had given permission to access and use their data. Admittedly, it might not have been very transparent, but there are some much worse offenders out there. Have you ever seen those apps that let you see who has blocked you on Instagram? Or one that lets you see which Twitter accounts follow you back? If you’ve ever used one of those applications, you may well have given an unknown third party complete access to your data. Apps which offer enhanced features – ones not typically available within the social media platform’s own app or website – are quite likely to be fraudulent. These apps make promises of unlocking “hidden features” in order to hook unsuspecting victims, and misuse the permissions we give them to rifle through our personal data. Solution: Be careful when installing third party applications. Take a look at reviews and comments from other users. If an application, or an app developer, doesn’t look particularly trustworthy, assume it is not. On installation, the app will ask for certain permissions to be granted. Check these thoroughly, and ask yourself why it needs each permission. If it seems like it’s overstepping the mark with what it wants access to, do not grant it. The same goes for mobile apps too. We’ve seen examples where a torch app on a mobile phone wanted access to text messages. It’s been quite some time, and we still haven’t been able to think of a good reason why the app would need that! 5) Compromised friends: Have you ever been tagged in one of those posts where your friend seems keen to let you know about a really good deal on Ray-Bans? Or the one that’s doing the rounds at the moment, about a miracle weight loss product? It’s usually pretty clear when a friend has had their account compromised, and it’s often because they’ve clicked on a dodgy link or something along those lines. However, this isn’t always the case. Phishing emails often play a part in taking over a social media account. This then gives the scammer the ability to interact with their victims as if they are one of their trusted friends, colleagues of family members. A common practice is to reach out to friends and family to ask for money. It could be that they claim their PayPal account is locked, and they need help with a purchase. It could be that they are in a spot of bother on holiday, and need some money to get home. You can see how this could be effective. After all, no one wants to leave a friend or family member in a bad situation. The problem being, of course, that the money ends up in the scammer’s pocket. Don’t forget, as I can attest, it’s not just hacked accounts we need to be mindful of. It’s very easy to clone a Facebook account and send messages in someone else’s name. Solution: Take the time to think about any messages you receive, particularly if they are uncharacteristic. If your friend doesn’t usually ask to borrow money, but have just popped up doing exactly that, it could be a sign that something is amiss. Try to verify any requests through a different medium, for example through a text message or a phone call. It may be that the friend has absolutely no idea what you’re talking about, which is a clear indication that their account has been hacked. Do not immediately trust any links you receive, even if they come from a trusted contact, particularly if it relates to an offer that’s ‘too good to be true”. If you suspect an account may have been cloned, check your messages / contacts. This generally affects things like Facebook Messenger, where you don’t have to be in a person’s friends list to message them. If an account appears in your contacts twice, there’s a strong chance it’s been cloned. You can report cloned accounts directly to Facebook in their apps or on the website. 6) Deleted information: In the immortal words of C Montgomery Burns, of The Simpsons fame… “Don’t forget, you’re here forever.” If you post something online you can delete it, you can edit it, you can do whatever you want, but sometimes it will still be there. Somewhere. Things you think are long gone may actually be quite easy to retrieve so, if you post anything particularly sensitive, don’t assume the “delete” button will save the day! Solution: We’re going to loop back to the advice we gave for number one here. Think about what you post. Don’t post anything you wouldn’t want a stranger to see! And remember… once you click “post”, it’s out of your hands. And there you have it. Six ways in which social media can be used against us. This list is by no means exhaustive, of course, but covers some of the key issues. Bear these things in mind when you’re out there in cyber space, and you’ll find it a much safer place. If you want to ensure you’re as safe as possible, make sure you use long, strong, secure and unique passwords for your social media accounts. This will help prevent someone guessing their way in to your account. Visit CyberAware.gov.uk for some password advice. Once you’ve got your passwords in order, make sure you turn on Two Factor Authentication. This acts as a safety net. Even if someone gets your password, they can’t get into your account. Find out more about Two Factor Authentication, including how to activate it, at www.turnon2fa.com. All this talk of social media has reminded me… we’re on Facebook (www.facebook.com/dorsetpolicecybercrime) and Twitter (www.twitter.com/dp_cybercrime) too! We try to post timely updates and warnings about ongoing scams, and things you might want to be aware of, so head on over and give us a like. And, as ever, if you’re part of a community group or business, feel free to get in touch. I’m always on hand for cyber security talks, so drop me an email at cybercrimeprevention@dorset.pnn.police.uk to find out more. Until next time, stay safe out there. Chris

Message Sent By PCC Communications (Dorset Police and Crime Commissioner, Communications and Engagement, Dorset)

How To Stay Safe On Social Media – Part One 11/06/2019 16:31:54 [273615]

This month, Dorset Police Cyber Protect Officer Chris Conroy looks into how social media can be used against us – and what we can do to protect ourselves.

It was my birthday a few days ago. 32. Not a big birthday, admittedly, but that didn’t stop the stream of notifications from my friends and family. I got some really lovely messages on my Facebook, some mildly offensive ones, and a whole load of two word “happy birthday” posts. Among all the noise, however, one message stood out.
It was a simple “Hello. How are you doing today?” and it came from a family member.
That in itself, of course, isn’t that strange. Sure, it’s not a conventional “happy birthday”, but we’ll let that slide.

It was what came next that threw me.

“I’m just wondering if you heard about the good news going on. It’s all about the PCH program.”

It goes on… Apparently, the PCH program have randomly selected me, as well as my family member, and I am in line to receive $90,000! Well, happy birthday to me!

But, of course, something isn’t quite right. The language he’s using. The prize being in dollars. The fact there are now two accounts in his name in my messages… It becomes pretty clear their account has been cloned. Their name, their profile picture, their basic details… everything had been taken in order to set up a fake account.

That account was made for one purpose. To defraud everyone in that family member’s list of friends out of their hard earned cash.

Thankfully, your friendly neighbourhood Cyber Protect Officer didn’t fall for it.But what if the fraudster had targeted someone else? Someone a little more trusting, or a little less cyber aware?

Cybercriminals can be incredibly convincing, and it’s easy to see how some people fall victim. Especially when the messages appear to be coming from a trusted contact.

So I thought I’d take the time to put together a brief summary of the ways hackers and scammers use our social media profiles against us.

Fear not! It might make for pretty bleak reading, but there are tips along the way to make social media as safe as possible!

Here we go…
1) Harvesting details from our profiles. Have you ever taken the time to consider what you’re putting on your social media profiles?

Sometimes the hackers don’t have to hack at all. Sometimes we hand our information over on a silver platter. Some people are surprisingly liberal with what they share on social media, with dates of birth, addresses and phone numbers being quite common.
If people share too much data, scammers can piece things together to stand a reasonably good chance of impersonating someone.
Another thing to consider is your password. I’d like to think everyone is using long, strong, complex passwords, but the reality is most are probably still using some combination of a name (a child, pet, or place for example) and the year they were born.
Can people figure those details out from your posts? All those puppy pictures and birthday messages could be giving away more than you thought. Solution: Think about what you’re sharing. If you wouldn’t share it with a stranger, don’t share it on social media. Take the time to check your privacy settings. Setting your account to private means only approved contacts or friends can see what you post, meaning you’re safe from prying eyes.

2) Fake friends: You’ve got your profile set to private, and no one but trusted friends and family can see what you’re posting. Excellent!
This, however, is a relatively small barrier for a scammer to overcome if you don’t pay attention to your friend requests. I’ve lost count of the times I’ve received friend requests from people around the world. Maybe I’ve prematurely shut the door on some wonderful friendships. More likely though, I’ve just avoided the start of a sextortion scam, or blocked someone from snooping on my profile. Sextortion – for those who aren’t aware – is a particularly nasty scam that can have devastating consequences. It relies on a victim accepting a friend request and getting into conversation with their attacker. The attacker pretends to be an attractive young male or female, and builds up a rapport with their victim. As the trust builds, the scammer tries to convince the victim to remove their clothes in front of their webcam, or more. Then the scammer strikes. They tell their victim they’ve recorded everything, and a demand is made for a sum of money, with the threat of posting the video online if they don’t pay. The ramifications can be huge, with responses ranging from mild embarrassment and financial loss to suicide. Solution: Do not accept friend requests from people you don’t know and trust, and be guarded with what information you share with strangers. Do not allow anyone to pressure you into doing something you’re not comfortable with. If you are unfortunate enough to fall victim to a sextortion scam, we do not recommend paying. There is no guarantee the scammer won’t come back and demand more money. Call the police in confidence on 101, and we can help.

3) Phising and Malware: Phishing is something we more commonly associate with emails.
Badly worded messages promising payouts from a Nigerian General, refunds due from HMRC, or mysterious purchases made on our Amazon accounts, for instance. However, cybercriminals have cottoned on to the fact that social media is a veritable goldmine of potential victims.
All a phishing attack needs to guarantee success is enough victims to target. Eventually, they’ll find someone who will fall for their scam. There are many ways a phishing link can be delivered.
On a Facebook newsfeed, a direct message, a post on your wall… the possibilities are endless. One particular example that sticks in our minds was delivered through a Facebook competition in which users were encouraged to like and share a post for their chance to win an £85 gift voucher for a major supermarket chain. On doing this, the users were sent a message containing a link supposedly taking them to a site from which they could download their gift voucher.
But clicking this link actually took them to a website that tried to install malicious software on their computer. Solution: Be careful where you click. Take the time to check the source of any link you stumble upon, particularly if it’s offering something that seems too good to be true.
A quick pro tip – if you hover your mouse over any link or button in an email or website, the true address should be displayed in the bottom corner of your screen. If the link claims to be from a reputable company, but the true address looks wildly different, it’s probably a scam. A quick point about the “like and share” competitions on Facebook – genuine companies often use these to grow their online presence. Don’t assume they are all fake. However, at the same time, don’t assume they’re all real! Before you like and share, click into the page. Have a look around and see if it looks genuine.
The “About” section of any Facebook page will tell you how old the page is, and whether it has been called something different in the past. We’ve seen scam pages change their name from that of a reputable jewelry store to that of a reputable pizza company, which should be a big red flag.
Also, think about how plausible the prize is. Why would a supermarket just give away gift vouchers? Add up all the likes, shares, and potential winners, and they’d be out of pocket by millions! There you have it.
Part one of the six ways social media can be used against us. If you found it interesting, come back next month to find out how criminals take control of our friend’s accounts, how apps can syphon off your data, and how things live on in cyber space, even after being deleted.
In the meantime, if you want to ensure you’re as safe as possible, make sure you use long, strong, secure and unique passwords for your social media accounts.
This will help prevent someone guessing their way into your account. Once your passwords are in order, make sure you turn on Two Factor Authentication. This acts as a safety net. Even if someone gets your password, they can’t get in to your account.
Don’t forget, if you represent a business or community group, you can get in touch to arrange a free, impartial cyber security presentation. Email us at cybercrimeprevention@dorset.pnn.police.uk

Message Sent By PCC Communications (Dorset Police and Crime Commissioner, Communications and Engagement, Dorset)

 

Courier Fraud Alert – 04/06/2019 10:29:15 [272526]

 

Courier Fraud, Bogus Police and Bank Officials Alert What you need to know Individuals have been receiving phone calls from people claiming to be a police officer or banking official The suspect will say either:

  • There has been fraudulent activity at the victims’ bank and the staff at the bank are involved, the victim is then asked to withdraw money to either keep it safe or assist the police with their investigation
  • A business such as a jewellers or currency exchange is fraudulent and they require the victims’ assistance to help secure evidence by purchasing jewellery or exchange a large amount of currency to hand over to the police
  • The victims’ card has been compromised and used to purchase goods by a suspect, the victim is requested to withdraw their money to keep it safe or hand over their bank card to the police

What you need to do ​​​​​​​Your bank or the police will never: Occasionally the victim will be told to dial a non-emergency extension of ‘161’ to receive confirmation of the individual’s bogus identity, the bogus official will advise the victim to lie about the reason for the withdrawal or purchase if challenged by staff, as the staff member is involved in the fraud A courier attends the victim’s home address to collect the goods the same day Often the victim is given a code word for the courier as a way of authentication

  • Phone and ask you for your PIN or full banking password
  • Ask you to withdraw money to hand over to them for safe-keeping
  • Ask you to transfer money out of your account
  • Send someone to your home to collect cash, PINs, cards to cheque books
Message Sent By Action Fraud (Action Fraud, Administrator, National)
 

 Banks Refund Scam Victims – But Remember To Stay Safe From Fraudsters28/05/2019 15:44:29 [271767]

 

My name is Chris Conroy, and I am the Cyber Protect Officer for Dorset Police. It’s my job to make sure the people of Dorset are best placed to defend themselves against cyber crime. You’ll usually find me out and about delivering presentations to community groups and businesses around the county, or over on our social media pages, giving useful tips on how to stay safe online. However, today you find me here, writing my first guest blog for the Police and Crime Commissioner. And what better way to start it than by bringing you some good news? Last year, a whopping £354 million was lost to what’s known as “authorised push payment fraud”. This isn’t the good news, obviously… that’s coming shortly. These are scams in which customers are tricked into actually making a payment, rather than the money simply being stolen. Historically, banks would only pay out if they were clearly at fault. As such, only £83 million was recovered, meaning the UK public lost £251 million. This week, however, marks a turning point for victims of fraud, as a new voluntary code takes effect. From now, payment providers who are signed up to the voluntary code will judge each case against a set of criteria to determine whether a customer should be reimbursed after falling for a scam, and anyone who has taken reasonable care, or has any element of vulnerability, is much more likely to receive a refund of the lost money. Eight major banks, covering 17 brands, have committed to implementing the code with immediate effect. They are: • Barclays • HSBC (including First Direct and M&S Bank) • Lloyds (including Halifax, Bank of Scotland and Intelligent Finance) • Metro Bank • Nationwide • RBS (including NatWest and Ulster Bank) • Santander (including Cahoot and Carter Allen) • Starling Bank TSB have taken this one step further, and state that they guarantee a refund for anyone who is an innocent victim of fraud. Pretty good, right? It’s really encouraging to see banks stepping up and helping victims of fraud, but it is worth pointing out that the code does not apply in cases where victims have been “grossly negligent”. At this time, it’s not entirely clear what constitutes gross negligence, so it seems as good a time as any to remind people how to avoid falling victim in the first place. First and foremost, stop and think. A common tactic used by fraudsters is to use social engineering techniques to get you to act against your better judgement. A bank won’t pressure you to act fast, or apply time limits to anything. If you feel you are being rushed to hand over information, stop. Do not let anybody make you do something you don’t entirely understand, or aren’t comfortable doing. It’s worth remembering that your bank will not contact you out of the blue to ask for sensitive information like your PIN or password. Nor will they ask you to move money into a new account. Take care with emails. If you receive an unsolicited email, be wary of clicking any links or attachments. “Phishing” emails are a common tactic used to gather sensitive information from victims. Always question uninvited approaches asking for personal details, in case it’s a scam. If you receive an unexpected message from your bank, or a company, consider calling them directly using a telephone number you know and trust, rather than by calling a number in an email or text message. For more tips like these, take the time to check out the Take Five to Stop Fraud campaign. There, you will find helpful advice and resources to help you stay safe from fraud, as well as helping to educate friends and family. For further advice about all things cyber crime, head on over to www.dorset.police.uk/cybercrime. And if you are part of a community group, or a local business, feel free to get in touch to arrange a cyber crime prevention talk! I’m available daytime, evenings and weekends, and it’s completely free of charge. Get in touch at cybercrimeprevention@dorset.pnn.police.uk. I hope to hear from you soon! Until next time, thanks for reading. Chris
Message Sent By PCC Communications (Dorset Police and Crime Commissioner, Communications and Engagement, Dorset)

 

Fake Talktalk Emails –  24/05/2019 12:52:17 [271447]

 

PLAIN TEXT: Watch out for these FAKE TalkTalk emails about a refund Action Fraud has received over 100 reports this week about fake emails purporting to be from TalkTalk. The emails state that the recipient’s TalkTalk account is in credit and that they’re owed a refund. The links in the emails lead to malicious websites. Don’t click on the links or attachments in suspicious emails, and never respond to messages that ask for your personal or financial details.  
Message Sent By Action Fraud (Action Fraud, Administrator, National)

 

330K Saved From The Hands Of Fraudsters Thanks To New Partnership21/05/2019 16:45:52 [271070]

 

A new partnership between local banks and Dorset Police has prevented over £330,000 getting into the hands of fraudsters in the first four months of this year.  The scheme, known as the ‘banking protocol’; trains bank staff to spot when someone is about to fall victim to a scam and try to prevent them from withdrawing cash or transferring money to a fraudster, with an immediate police response to the bank.  Dorset Police responded to 34 calls between January and April this year where £331,682 of potential victims’ money could have been handed over to fraudsters. The average age of those people targeted was 75 years old, with 56 per cent being men.   The oldest person to have been targeted was a 96-year-old man from Bournemouth who was visited by a fraudster in his home, known as ‘Mike’. The victim was asked to give the fraudster £2,000 in order to receive £12,000 in return.  Upon visiting the bank on his own to withdraw the money, staff raised the alarm with Dorset Police and the transaction was prevented.  In another incident, a woman in her late 80s from Dorset was targeted when fraudsters claiming to be from BT, called to say her internet had been hacked and they needed to access her computer remotely. Once accessed, the victim was told not to tell anyone about it as the fraudsters were from the ‘Against Crime Agency’ and were trying to catch the hackers targeting her computer.  The fraudsters claimed they needed her help and said they had placed £10,000 into her current account to trace the hackers. It later transpired that the additional £10,000 in her current account had been transferred from her ISA account, without her knowing. Fraudsters then asked her to transfer £8,000 into an overseas account, which was blocked as a result of the banking protocol.  The victim said: “You never realise how easily you can be drawn into a scam. Even when the police were there in the bank trying to prevent the transaction, I continued to lie about the situation and told the story the fraudsters had given me.  “When I got home and thought about what I was doing, I took a chance on ignoring the hackers and called the police back to explain everything.  “The support I received from Dorset Police was superb. The police officer was gentle, reassuring and comforting and didn’t blame me for my actions. Fortunately, I only lost a small amount of money through a Western Union transfer, rather than the thousands they were trying to get out of me.  “Although you may be concerned about a message that has come through on your computer, don’t believe anybody about anything. Always report to the police if you think you could be being scammed.” Inspector Phil Swanton, responsible for fraud investigation within Dorset Police, said: “We recognise this type of criminality has a significant impact on victims. “With fraudsters hiding behind computer screens around the world, bringing offenders to justice is incredibly challenging and therefore we’re doing all we can to prevent these offences happening in the first place.  “The banking protocol is a great example of partnership working between the major banks and Dorset Police to protect our residents.” Katy Worobec, Managing Director of Economic Crime, UK Finance, said: “This rapid response scheme is giving bank staff the tools they need to protect vulnerable customers from scams, while helping local police catch fraudsters and bring them to justice. “The banking industry will keep taking action on all fronts to combat fraud, working closely with our partners in law enforcement to crack down on the criminal gangs responsible.”
Message Sent By Kristian Ward (Communications Officer, Communications and Engagement, Dorset Police)