Lloyds Bank fake email “FW: Incoming BACs Documents”

Just received the email below – proporting to be from Lloyds Bank – looks genuine enough but clearly it is just another phishing email looking to grab some details off you or drop some malware or Virus on your PC. If you receive this email – delete it. Do not click on the PDF link in the email

If you have already done so – contact me and I can clean your PC for you. If you don’t have a decent anti-virus – I can help you there too as I resell BitDefender GravityZone – one of the best on the market.

Look out for Office 365 Phishing email

I received this email this morning (below) which looks genuine enough at the first glance – however – hover over the ‘rectify issue’ button and you get taken off to some bizarre phishing site were you to click the link – be aware and don’t fall for these emails – if in doubt ask somebody in the know or simply hover over the button to display the destination ( this one went to http://fatebegins.com/localization/customize/index.php – clearly not a Microsoft site!

Beware new WhatsApp Scam

A scam text message has been doing the rounds stating that WhatsApp is about to start charging people to use the service. It is not true.

The text message invites people to click on a link and pay 99p for a lifetime subscription to the service because their current subscription has come to an end.

However, it is a scam and anyone who receives it should delete it immediately, do not click in the link and certainly don’t hand over your bank details.

If you have clicked the link then you’re probably wise to run antivirus software.

When it was launched, WhatsApp did charge 99p after the first year but that was later scrapped.

It was not immediately clear where the scammers had got people’s telephone numbers from.

Google Phishing Scam : Beware new scam targeting Googlemail

A huge scam is sweeping the web and anyone with a Gmail account may be vulnerable.


A huge scam is sweeping the web and anyone with a Gmail account may be vulnerable. Huge numbers of people may have been compromised by the phishing scam that allows hackers to take over people’s email accounts. It’s not clear who is running the quickly spreading scam or why. But it gives people access to people’s most personal details and information, and so the damage may be massive.

The scam works by sending users an innocent looking Google Doc link, which appears to have come from someone you might know. But if it’s clicked then it will give over access to your Gmail account — and turn it into a tool for spreading the hack further.
As such, experts have advised people to only click on Google Doc links they are absolutely sure about. If you have already clicked on such a link, or may have done, inform your workplace IT staff as the account may have been compromised. The hack doesn’t only appear to be affecting Gmail accounts but a range of corporate and business ones that use Google’s email service too.

If you think you may have clicked on it, you should head to Google’s My Account page. Head to the permissions option and remove the “Google Doc” app, which appears the same as any other.
You’ll be able to tell if it is the malicious app if it has a recent authorisation time. That app has full access to a person’s Google account as well as being able to send emails that appear to be from them, making the attack especially dangerous. The email itself comes addressed to hhhhhhhhhhhhhhhh@mailinator.com — which is the only way to know that the email is malicious. They otherwise look completely legitimate, including the account in the “from” field.

Facebook Hoax

If you get a Facebook message with the follwing text

Tell all contacts from your list not to accept a video called the “Sonia disowns Rahul “. It is a virus that formats your mobile. Beware it is very dangerous. They announced it today on the radio.

Do not share it as it is a hoax. It will not format your mobile and you probably won’t ever be sent the so called video


Phishing email that knows your address

Something you need to be aware of, posted on the BBC ( http://www.bbc.co.uk/news/technology-35977227 )


A new type of phishing email that includes the recipient’s home address has been received by thousands of people, the BBC has learned.
Members of the BBC Radio 4’s You and Yours team were among those who received the scam emails, claiming they owed hundreds of pounds to UK firms.
The firms involved have been inundated with phone calls from worried members of the public.
One security expert warned clicking on the link would install malware. You and Yours reporter Shari Vahl was one of the first on the team to receive an email. “The email has good spelling and grammar and my exact home address…when I say exact I mean, not the way my address is written by those autofill sections on web pages, but the way I write my address. “My tummy did a bit of a somersault when I read that, because I wondered who on earth I could owe £800 to and what was about to land on my doormat.” She quickly realised it was a scam and did not click on the link. “Then, a couple of minutes later, You and Yours producer Jon Douglas piped up as he’d received one and then another colleague said he’d received one too, but to his home email address,” she added.
The You and Yours team decided to contact the companies that were listed in the emails as being owed money.
A spokesman for British Millerain Co Ltd, a waxed cotton fabric manufacturer, told the programme that the firm “had more than 150 calls from people who don’t owe us money”.

And a spokeswoman for Manchester shelving firm Greenoaks said: “My colleague took a call from an elderly gentleman and he was very distressed because his wife had had one of these emails.”

Dr Steven Murdoch, principal research fellow at the department of computer science at University College London, told You and Yours: “Most likely it was a retailer or other internet site that had been hacked into and the database stolen, it then could have been sold or passed through several different people and then eventually it got to the person who sent out these emails.” He said that the email bore the hallmark of previous phishing attempts from gangs in Eastern Europe and Russia. He said that clicking on the link would install malware such as Cryptolocker, which is a form of ransomware that will encrypt files on Windows-based computers and then demand a fee to unlock them.
Anyone receiving such an email is advised to delete it and report it to the national fraud and cybercrime reporting centre Action Fraud.

Facebook to alert you of impersonation accounts

Apparently Facebook is testing a ‘troll detection’ engine that will scan its billions of users for accounts which appear to be impersonating others, and flag up imitations. According to Mashable it has been in development since November but is now live for 75 percent of the world.

Antigone Davis, the social network’s head of global safety, said impersonation alerts were intended to minimise the harassment of women on the platform. “It’s a real point of concern for some women in certain regions of the world where it [impersonation] may have certain cultural or social ramifications,” Davis said.

When the new feature detects a user with the same name and profile picture as another, the new tool will send an alert to the suspected target. Mashable reports that the alert will ask the person to confirm the impersonation by using personal information. The process is automated but profiles that are flagged as fake will be reviewed by Facebook staffers.

Impersonation of another user is outlawed because it falls under the company’s controversial ‘real names’ policy. Since its launch the company has insisted that users provide their real names, rather than a pseudonym or other names a person may use to ensure they are not easily found on the site. “We require people to provide the name they use in real life; that way, you always know who you’re connecting with,” Facebook’s policy page on the issue says.

However, after a coalition of human rights and privacy groups complained that the name policy “exposes its users to danger, disrespects the identities of its users, and curtails free speech,” Facebook introduced new tools to make verification easier. In December Mark Zuckerbrerg’s company started testing a tool, in the US, that allows those required to prove their identity to say if they have a “special circumstance”.

The UK is also moving to make it easier for authorities to prosecute trolls who use fake profiles online. The move from the Crown Prosecution Service aims to clampdown on those that post “damaging or embarrassing” material.

As well as the impersonation feature Facebook is also reportedly testing new ways for people to report nonconsensual intimate images — commonly referred to as revenge porn — that are posted to the site.

Facebook is apparently testing a new way of reporting nudity; when someone reports an inappropriate photo they will have the ability to identify themselves as the person in the photo. Facebook will then review the images as standard, but Mashable reports that when this happens it will provide links to support groups and potential legal options.

Recently WIRED reported on the cases of several users who had sensitive photos posted to Facebook. The issue, which is a growing one across all social media platforms, was described by legal experts as having “no silver bullet”.

Mary Anne Franks, Law professor, University of Miami School of Law, said that as a society we need to change laws, technology and culture.

This article was published on www.wired.comhttp://bit.ly/1MlPnCR )

Beware Crypto Ransomware

Last week one of our staff opened a zip attachment that squirmed it’s way through the mail filters. Boom – queue a host of fileservers with files infected by cryptoware – it encrypts your files and renames them to the extension .locky – you can pay to have them unlocked! Nice – luckily I found the offending machines, re-imaged them and deleted all files and restored from backup. Problem solved – well apart from blocking zip attachments (probably something I should have done ages ago!)

Here’s so more info, found on Neowin.net

We already know that ransomware has become a growing threat to users around the world. Last week, Mac users saw their first such attack on Apple’s operating system. By encrypting a user’s local files and holding them ransom for payment in the hundreds of dollars, the perpetrators have become increasingly sophisticated in their methods to extract money. The software is so difficult to deal with that the FBI advises people and businesses to just pay up to unlock their files.

Now, according to Trend Micro, the past 24 hours have seen a rash of new crypto-ransomware spreading through popular websites. The attack, dubbed Angler Exploit Kit, is taking advantage of vulnerabilities in Adobe Flash and Microsoft Silverlight, among others, to feed the malware through compromised ad networks.

Malwarebytes is reporting that the “malvertising” is hitting the BBC, MSN, nfl.com, The New York Times, my.xfinity.com and many others in the form of clickable banners. The anti-malware company provided lots of detail around the exploit, reporting a number of suspicious domains through which the ads are apparently served. Google’s ad network carried trackmytraffic[.]biz, while the AOL, Rubicon and AppNexus ad networks carried talk915[.]pw as well. Other suspicious domains include brentsmedia[.]com, evangmedia[.]com and shangjiamedia[.]com.

According to a blog post by SpiderLabs at Trustwave, as reported by Ars Technica, the team inspected a JSON-based file and wrote the following:

If the code doesn’t find any of these programs, it continues with the flow and appends an iframe to the body of the html that leads to Angler EK [exploit kit] landing page. Upon successful exploitation, Angler infects the poor victim with both the Bedep trojan and the TeslaCrypt ransomware–double the trouble. Google’s ad network was compromised in this attack, according to MalwareBytes. Last year, Google reported to have made progress in filtering ad injectors and malicious sources across the ad networks it manages. However, it would appear that the ad network still has work to do.

Credit John Devon – neowin.net

Phone Scams

I’ve just been speaking to one of my clients who had a scam phone call from Dell – luckily she was wise enough not to let him onto her PC. However this is something that everyone needs to be aware of. They are getting a lot smarter now and it’s not just the simple ‘we’re from Microsoft and you have a virus’ call any more.

I found this interesting article on http://www.esecurityplanet.com/ which highlights and describes the scammer’s activities. Worth a read.


Phone Scams Getting More Sophisticated

Even folks who know better can fall for sophisticated phone scams that leverage personal information.
Posted May 05, 2015 Share
By Rod Simmons, BeyondTrust

I was talking to a friend who is a pretty technical guy, and he told me about a call he got from someone posing as Dell technical support. Normally he would hang up on this type of call, but he had a couple minutes to kill and decided to toy with the caller. A few minutes into the call and his jaw almost hit the floor, because the caller knew too much information to be a classic “you have a virus” scam.

What made this call different was that the scammer offered to prove he was from Dell technical support. He was able to share the date of his last technical support call and details about what the call was for — and surprisingly all the information was accurate. If that was not enough, they read to him his Service Tag Number and Express Service Code. All my friend could think was, “How do they know all of this?”

Sophisticated Scam

My friend realized this was not the normal scam call stating “this is Microsoft technical support.” Companies like Microsoft and Dell never initiate support calls with their customers, so whoever was on the other end must have been using compromised information.

Now that my friend started the game with this scammer, he needed to run it to the end. He wanted to see what they wanted him to do. They walked him through looking at his system event log and said if he saw warnings or errors this was an indication his system was infected. After laughing, my friend unmuted himself and asked, “What should we do next? How many files are infected?”

Again, the scammer walked him through running commands and had him run prompt type inf virus location, which he knew would only open the INF folder. The scammer then explained that those were all the virus files he needed to delete. Trying to keep his composure and not burst into laughter, my friend again poked and said, “How do you recommend we remove the virus?”

It was at this point they tried to really infect his system. They tried to get him, from the run dialog, to type in a URL excluding the http://. This is when he started resisting their suggestions and the scammer pulled in a manager to try and convince him this would clean up the problem. He asked why the location was not a dell.com domain and they tried to assure him that this was a local computer task, similar to opening an event viewer and the folder with the virus files. At this point, he hung up.

This scam would get the vast majority of people because of the level of sophistication and personal information they revealed in order to win trust. Not to mention, they had a second person that was ready to act like a manager to try and move the scam along. I believe most of my colleagues and friends, not in the security space, would have fallen for these tactics.

This is not a story about Dell; it’s a story about stolen information. There are 80-plus million current and former Anthem customers that could fall victim to sophisticated scams based on someone using stolen information to engineer a plausible story and gain enough trust to access their data. Most people, when presented with enough identifying information from a caller, will assume the caller is legitimate.

5 Rules for Handling a Scam Call
Following are five rules I tell my friends to follow when they receive unsolicited calls by anyone purporting to be a company representative. Companies should share these rules with their employees, as well.

– Get the caller’s name and extension number and call them back, but DO NOT call the number the caller provides. Call the number on the company website, assuming this is a company with which you have a relationship.

– If you get a first and last name, try to look the caller up on LinkedIn. See if he has a profile and a history at the company he claims to be calling from.

– Treat every call as if it is a scam by asking probing questions that may or may not be true so you can gauge their response. Try to trip them up by providing false information. Remember Terminator 2: Judgment Day when the second terminator pretended to be Janelle but did not realize they provided the wrong name for the family dog.

– Ask them to call you back in five minutes. Use Google or Bing and search to see if there is any information on a scam like the one you feel could be happening. For example, a search for Dell Support Data Breach returned this article.

– Finally, listen to your inner voice and don’t be afraid to hang up.

Rod Simmons is product group manager, Privilege Identity Management, for BeyondTrust, a provider of privileged account management and vulnerability management software.