20/10/22
Welcome to the latest edition of the Scam Share bulletin.
Stay Scam Aware and please keep sharing any relevant information in this bulletin with friends and family.
Suspicious Text Messages
If you receive a suspicious text message you can forward it to 7726. The free-of-charge ‘7726’ service enables your provider to investigate and take action if malicious content is found.
Recently Reported Scams
Supermarket Voucher Scams
The Scam
Scammers continue to target those worried about rising food costs with social media adverts and emails offering the chance to win hundreds of pounds in supermarket vouchers.
In one recent example, an email purportedly from Tesco said that the recipient was being rewarded for their loyalty and asked them to click on a link to receive a £500 voucher.
Morrisons have this week also warned customers not to click on scam social media adverts which use their branding and offer a 'free' £80 voucher to use in the supermarket.
Similarly, Aldi have recently warned that scammers are setting up social media pages using their logo and offering customers the chance to win a £200 food voucher if they fill in their personal details.
The links in these emails and adverts usually lead to malicious websites with the supermarket's branding which are designed to gather your personal information and, in some cases, your bank details.
How to Avoid
If you receive unsolicited emails or texts offering prizes or deals, do not click on any links or open any attachments and never enter any personal or banking details;
Check the spelling and grammar in the message. Scam offers or giveaways often contain small mistakes and unusual wording;
Read the terms and conditions before taking part in any giveaway – many fraudulent prize draws or offers do not list basic terms and conditions such as deadline dates or details on how winners will receive their prize;
Before taking part in an offer or competition which is supposedly being run by a big brand, look at their official website or social media channels to see if it is genuine.
The Scam
Consumer body Which? have warned Amazon customers to be wary of text messages saying that an unusual login attempt has been detected. You are asked to click on a link to secure your account or 'terminate the session'.
Scammers typically use a sense of urgency to panic people into taking action - these messages suggest that if you don't click on the link, your Amazon account will be compromised.
The links lead to a legitimate-looking login page with Amazon branding where you are asked to enter your account details and to 'confirm your identity' by entering your date of birth, address, email and phone number.
How to Avoid
Amazon have confirmed that they will never ask for a customer’s password or personal information by text message or ask customers to make a payment outside of its website.
Amazon advise that if you receive a suspicious call, email or text claiming to be from them which asks for personal information, a payment, or offers a refund you don't expect, you should not give out any personal information.
Emails
There have been several reports of scam emails which appear to have been sent by the DVLA and say that the latest payment for your vehicle tax has failed or that your account information needs to be updated.
The messages often include a link to 'check your vehicle tax' or to 'make a payment' - they may say that if you have to do this to avoid 'vehicle tax suspension'.
These links usually lead to a fraudulent website using DVLA logos and branding where you are asked to enter personal and financial details.
Websites
This week there have also been reports of websites that offer to renew car tax. One man searched for car tax renewal online and clicked on the first result that popped up. The website offered the chance to make an initial payment of 50p and then £6 per month for three months.
He entered his bank details, but later found that a further payment of £7 was being taken every month for a 'status report' on his car. He has now stopped the payments.
The DVLA has warned that thousands of motorists have visited similar copycat websites that charge a premium for services you can get for free or at a much lower cost via official Government websites.
How to Avoid DVLA will never send emails that ask you to confirm your personal details or payment information via a link.
They never send texts about vehicle tax refunds. Tax refunds are generated automatically - you will not be asked to click on a link to claim a refund.
Be suspicious of any unexpected message which appears to be from a government agency or official organisation and tells you that you must provide your details or a payment within a certain time frame.
If you receive a similar email, do not click on any links or enter any personal information.
Before entering your details or making a payment to the DVLA, check that you are on the official website - the web address should end with GOV.UK
The Scam
This week, a couple were cold called by a man who offered to provide a quote for resurfacing their driveway.
The couple were about to go out, but told the man he could return later that day to discuss it further.
When they returned home, the man had already started work on the driveway.
He refused to leave and ended up bullying the couple into paying £1,000 to get rid of him.
The work wasn't completed and a large pile of tar was left in a neighbours garden.
How to Avoid
Don't deal with cold callers. Find traders who have been vetted through a national or local authority approved trader scheme.
Always take time to think before making a decision - don't agree to make any payments for goods or services on the spot. Do plenty of research and get at least 3 quotes and check 3 review sites before having any work carried out.
If a trader starts work on your property without being authorised and then demands payment, report them to Police Scotland.
Sign up for Neighbourhood Watch Scotland Alerts to stay up to date with what is going on in your community: www.neighbourhoodwatchscotland.co.uk
Find out More
Find traders in Scotland who have been vetted by Trading Standards:www.trustedtrader.scot
There have been further reports of 'two-step' scams using WhatsApp.
In the first instance, a scammer will pose as someone's family member or friend and ask them to transfer money to pay an urgent bill or invoice. They may ask for proof that the money has been transferred, in the form of a screenshot.
Once they have this screenshot, the scammer know which bank the person uses. They can then phone the person, posing as a member of staff from their bank, and tell them that their bank account has been compromised following the WhatsApp scam.
This can be very convincing and, in some cases, the scammer has gone on to encourage people to transfer large amounts of money to a 'safe account'.
How to Avoid
WhatsApp advise that you should STOP, THINK and CALL if you receive an unexpected message asking you to transfer money or purchase gift cards.
Verify that it really is your friend or family member by calling them directly, or asking them to share a voice note. Only consider the request once you are certain that it is from someone you know and trust.
Your bank will never cold call and ask you to move money to another account.
Be suspicious of any unexpected phone call or text message which appears to be from your bank, particularly from a 'fraud department', and asks you to act urgently to avoid losing money.
Never give any personal or banking details to a cold caller, even if they appear to know some of your details already. Don't follow instructions given in an automated call.
If you receive an unexpected call or message from your bank and are unsure if it is legitimate, hang up, clear the line and contact your bank using their official number (found on the back of your card, a statement or on their website)
This is Charity Fraud Awareness Week, an annual campaign that aims to highlight ways in which charities can protect themselves from fraud and cybercrime. A new survey by the Charity Commission has found that 12% of charities have experienced cybercrime in the last year.
The survey also found that the most common types of attacks experienced were phishing and impersonation (where others impersonate the organisation in emails or online).
Scottish charities have previously been warned by Police Scotland to be wary of fraudulent emails which appear to be from trusted suppliers or companies advising that their bank account details have changed. The recipient is asked to make changes to a direct debit, standing order or bank transfer mandate in order to direct future payments to a new bank account, which is often run by fraudsters.These requests often appear legitimate – as well as emails, fraudsters can send genuine-looking letters or make phone calls impersonating a genuine supplier.
How to Avoid
Confirm any requests for changes to payment details with the person or company who has supposedly sent them, using contact information that you know to be correct
Be suspicious of unexpected requests to change payment details or to provide your personal or company bank details: if in doubt, get a second opinion from a colleague or manager
Check bank statements regularly and report any suspicious transactions immediately to your bank.
If you think that your organisation may have fallen victim to a cyber attack, you can call the Scottish Business Resilience Centre's free incident response helpline for advice and assistance. The number is 01786 437 472.
App - short for 'application', refers to a software program for computers or other devices such as smartphones and tablets.
Malware - malicious software that is designed to damage or gain unauthorised access to a computer or other device.
Phishing - the practice of sending fraudulent emails which often appear to be from well-known organisations or companies and ask the recipient to provide personal information or to visit a particular website.
QR Code - a square barcode that a smartphone camera can scan and read to provide quick access to a website or app.
Ransomware - malware that makes data or systems unusable until the victim makes a payment.
Remote Access - the ability to access a computer or device from another location. Anyone with remote access to a device can access all files stored on it.
Smishing - the same as phishing, but carried out via SMS (text) messages rather than emails.
Software - the set of instructions and programs that tells a computer how to operate.
Virus - a computer program designed to infect and damage legitimate software.
Official Contacts
If you feel threatened or unsafe, contact Police Scotland on 101 or 999 in an emergency.
