We received an email this morning apparently from Vodafone advising us of “unusual activity” on our account.

Apart from the obvious problem (Scam Detectives don’t use Vodafone) you’ll see from the email below that it’s a bog standard “phishing” expedition.

Dear valuable customer,

We recently detected an unusual activity on your account. We will now place a hold
on your account until this issues have been resolved online by verify your identity a
as the authorized access holder.

You are strictly advised to match your information rightly to avoid
service suspension., click on

Log In to My account to restore your access.

Important: You will be asked to verify your personal details.

Vodafone Limited

* This e-mail has been sent for information purposes only, please do
not reply to this e-mail as it is routed to an unmonitored mailbox.

How can you tell it’s a phishing email?

1) It’s addressed to “Dear Valuable Customer” – Surely Vodafone knows your name?

2) It contains some very strange sentence structure – “We will now place a hold
on your account until this issues have been resolved online by verify your identity a
as the authorized access holder.” and “You are strictly advised to match your information rightly to avoid service suspension.” Either Vodafone have employed Yoda in their customer contact team, or it’s very badly written by a scammer without a decent grasp of English…

3) It threatens service suspension if the request is not complied with. (Commonly seen in more traditional phishing emails targeting online banking)

4) It contains a link to log in to your account (which actually goes to a domain not remotely connected with Vodafone – “http://ns2.compro.cz/online.vodafone.co.uk/dispatch/Portal/appmanager/vodafone/wrp.html”)

So, what would a scammer want with your mobile phone account?

Once they have access to your online account they can:

1) Change your delivery address and order additional handsets on your account to be delivered to a “drop” address anywhere in the country.
2) Access your online statements and bank details
3) Receive your bills to facilitate identity theft
4) Report your handset as lost and request a new SIM card, allowing them to make calls at your expense

All of this can cause you innumerable problems. At best, you’ll find yourself paying Vodafone for services you haven’t ordered. At worst, you could find that your identity is being used to apply for credit cards, loans and other financial products which could destroy your credit rating and take months to sort out.

If you’ve already clicked on the link and given over your details – Contact Vodafone Customer Services by dialling 191 from your handset (or 08700 700191 from a landline) and ask to speak to the fraud team.

If you’ve received the email but haven’t clicked the link yet – Just delete it. Now.

If you think that there might actually be a problem with your account, delete the email and call Vodafone Customer Services on 191 (from your handset) or 08700 700191 (from a landline) and speak to customer services. They’ll know if there’s a problem and will help you to resolve it.

Remember: NEVER click on links in emails from anyone with whom you have a financial relationship. Ever.

Caution has been urged by Security Experts over the increasing use of QR Codes on smartphones, claiming that they could become a likely target for hackers and malicious users actively seeking to steal your personal data.

The strange black squares that have been cropping up in increasing numbers in magazines and newspapers; on posters, tickets and websites are likely to become even more commonplace in 2012 with many companies utilising them in increasing numbers.

However, presuming they are harmless could be playing into the hands of cyber criminals.

According to a recent study around 50% of the 1,200 consumers surveyed interacted with a QR code when they saw one, with 21% then going on to share personal information.

Curiosity and information-gathering were the primary reasons for wanting to scan a code, and the promise of discounts and special offers seemed to be the most effective way to generate interest.

A QR matrix barcode can store alphanumeric characters in the form of text or URLs – all you need to “visualise” such a code is a smartphone with a camera and a QR reader application to scan it.
The code would typically direct you to a website, however, it can also promote online videos, send text messages and e-mails, or install and launch apps.

Fast, easy and very popular, QR codes are clearly a convenient way to stay informed anytime, anywhere. But the downside is that you often don’t know the content of a QR code until you scan it.

For this very reason you should take the same degree of care when scanning a QR code as you would when downloading an unknown file on the internet.

Cyber-attackers might use these codes to redirect you to malicious websites that ask you to download applications that may be infected with malware.
These, in turn, could:
Make your calendar, contacts and credit card information (if you shop or bank online using your smartphone) visible to cybercriminals.

Attempt to steal your Google or Facebook password – many apps are integrated with various social networks.

As a result, some users may enter their information without suspecting that it is being sent to an illegitimate source.

Track your location.

Install keylogging software.

Send an SMS to a premium number, racking up your phone bill.

“Jailbreak” a device and distribute additional malware.

Redirect users to malicious applications.

So if you care about your mobile security, you’d be wise to stay away from malicious QR codes!

One notable attack via QR code took place in Russia in 2011, and involved a Trojan disguised as a mobile app called Jimm. Once installed, “Jimm” started to send a series of expensive text messages (which cost £4 each), racking up unwanted charges.

This is just one of the ways malicious users can take advantage of these codes in order to gain control over a smartphone, so it goes without saying that users should take particular care of what they’re scanning and be aware of what they’re expecting to find.

So how can you spot and avoid malicious QR codes:

1. Educate children on the nature of QR codes – with many youngsters now sporting smartphones it could be all too tempting for them to scan these codes simply out of curiosity, which could leave them at risk of attacks similar to those described above. Better yet, installing a mobile security suite can help protect them against hidden threats, offering you significant peace of mind.

2. Use a mobile QR code-/barcode-scanning app that previews URLs. Avoid scanning suspicious codes and links that don’t seem to match the ads they’re incorporated in; also avoid shortened links.

3. Don’t scan QR codes in the form of stickers placed randomly on walls or billboards. QR codes can be generated by anybody and placed in public places with the intention of peaking an individual’s curiosity, and unless the message gets out there that these may not all be from legitimate sources, scammers will look to take advantage of this relatively new technology to further their own ends.

4. Be extra careful if your smartphone works on the Android mobile operating system. Android is an open platform, which means that its source code can be examined by criminals and exploited more easily when they find a weakness in, for example, the Android browser. That’s why most malicious apps transmitted via QR codes target the Android-based smartphones. So, make sure your Android browser is always up-to-date and only scan QR codes from trusted sources.

5. Be particularly wary of QR codes that are linked to monetary and transaction services – these direct links to money are typically prioritised by malicious third parties when choosing how and where to attack.

6. Consider installing a mobile security app.

So be careful out there folks; the world of technology is rapidly evolving, mostly for the better, but we must remain fully aware of possible misuses and abuses & apply our common sense whenever possible…

Norman Feiner, Managing Director – SimplyFone Ltd

(Idea for Blog, Source: Comms Business)

About SimplyFone Ltd

Simply-Fone was established to provide competitive telephone services to UK Businesses & Residential Clients…

For over 20 years we have been providing low-cost, innovative, cost-effective telephony solutions to residential and business customers in the UK and beyond.

Today, Simply-Fone is one of the fastest growing telecom companies in the UK and a recognised brand name with a loyal customer base and a wide range of reliable and competitive products on offer.

Our mission is to provide home and business users superb value but without compromising on quality.

We offer amongst the lowest phone rates and line rentals in the UK

Simply-Fone currently provide telecoms solutions to 1000′s of home & office users and are a UK leader in the provision of low-cost international call services from mobiles and landlines with 100,000′s of regular users.

Just a quick note to let you know about an email we received at Scam Detectives HQ this morning.

“Verified by Visa” works by requesting a password every time you use your Visa credit or debit card to make a payment online.

This phishing email tries to trick users into giving up both their card details and their “verified” password so they can bypass the system.

VISA would NEVER contact you in this way to ask you to change your password.

Delete the email immediately.

Which one is the Paypal phishing site?

Is it a) This one?

or b) This one?

Can’t tell?

That’s how good the latest round of Paypal phishing emails really are!

We keep saying it (and we ARE blue in the face) but NEVER click on a link in an email that looks like it came from ANY organisation with which you have a financial relationship.

By the way, picture a) is the phishing site. The ONLY way you’ll tell is to look at the URL, which in this case looks like this:

http://rrcs-71-43-28-234.se.biz.rr.com/login/webscr.htm?key=41ab4f76-b73d-4a75-a41bf2907cc6e9ff&action=1

Doesn’t look much like “www.Paypal.com” does it?

If you’re logging into your bank website, Paypal, Ebay, Facebook or ANY website that requires a login, go straight to the site by typing the URL into your browser. It’s the only way you’ll be sure you’re visiting the genuine site.

What do these three statements have in common?

1) Emails, text messages and websites might not be what they seem.
We will NEVER send you an email, text message or a link direct to a website asking you to enter your Internet Banking details.

2) We will always quote the last four digits of your account number or your Internet Banking user ID. By default this will be your main account (e.g. current account, savings account or credit card). We will also greet you personally using your Title and Surname. We will never use ‘Dear User’ or ‘Dear Valued Customer’.

3) Don’t be fooled. Halifax may email you or send you a text message from time to time, but this communication will never ask you to enter your Internet Banking details either through an email, text message or a website. For a quick way to tell if an email is genuine, check for your name at the top of the email. We know who you are so we’ll always greet you personally in an email, but fraudsters are unlikely to know your name.

They all come from Lloyds Banking Group websites advising on how you can avoid being taken in by “phishing” scams

So why is it that my good lady wife received this email yesterday inviting her to join the Lloyds Banking Group “Customer Advisory Community”?

It doesn’t address her by name
It doesn’t come from any email address associated with Lloyds Banking Group
It doesn’t identify itself as an email from the Lloyds Banking Group
It doesn’t include any verification data such as the last 4 digits of an account number

It does contain a link to a website which asks for intimate details of which of the Lloyds Banking Group banks you hold accounts with and asks for details of the products held

First Impressions
On first sight, I dismissed this as just another “phish”. However, I was curious when I found that the link did actually point at the domain it claimed, so I looked further. www.meandmymoney.co.uk is owned by the Lloyds Banking Group.

Why is Lloyds Banking Group totally disregarding it’s own security advice and sending emails like this to it’s customers?

**Update** A Lloyds TSB spokesperson blamed “human error” on the part of their marketing agency, telling us:

This email was inadvertently sent before it was finished, which is why it doesn’t contain any branding or a full explanation of what the Customer Advisory Panel is all about. We apologise for any inconvenience this may have caused to our customers. We fully encourage our customers not to click on links in emails that purport to come from their bank.”

**Update**

We don’t fully accept this explanation as even if the email had been correctly branded it would still have contained a link to a website that asked for very personal information that could be traced back to an individual user. It also doesn’t explain why an outside agency had access to the bank’s customer email database.

Unfortunately, they’re not the only ones doing stuff like this. Recently we criticised MBNA for sending out an email announcing the launch of their new website. You’ve guessed it, complete with links to log in to your account. You can read that report here

DON’T CLICK ON LINKS IN ANY EMAILS FROM YOUR BANK. EVER.

We received an unusual email today which is a twist on the usual “there’s a problem with your bank account” phishing attack.

This one targets online shopping accounts and will try and trick you into logging on to a fake web shop so the fraudsters can buy goods on your credit card.

The link in the email leads to a very plausible copy of the Littlewoods website:

The usual rule applies:

NEVER click on a link in an email that asks you to log into ANY online account, be it Twitter, Facebook, your bank or an online shop

Happy New Year, and let’s make 2011 a ripoff free year!

This has just arrived in our mailbox at Scam Detectives HQ:

Dear AdWords Advertiser,

For quality services and running your ads without any problems (Innactive account meaning Pausing your Ads) check your AdWords account regularly.

Check your AdWords account now. [link removed]

2010. Google is a trademark of Google Inc. All other company and product names may be trademarks of the respective companies with which they are associated. 1600 Amphitheatre Parkway Mountain View, CA 94043

Email Preferences: We sent you this email because you have indicated that you are willing to receive AdWords account performance suggestions. If you do not wish to receive emails of this nature in the future, please visit your account’s Communications Preferences page (https://adwords.google.com/select/EditCommunicationsPreferences – AdWordslogin required). Remove the check beside ‘Customized help and performance suggestions,’ and click ‘Save Changes.

Kudos to Firefox phishing and malware filter which immediately picked this up as a fake site. Entering your details into the site will result in the theft of your credit card details (and probably the hijacking of your adwords account too).

We repeat our usual advice – NEVER click on links in emails that purport to come from any organisation with whom you have a financial relationship.

Credit card issuer MBNA has today sent out emails to it’s customers launching it’s improved Card Services website.

We’re all for financial institutions keeping their clients up to date and encouraging them to use online services for convenience. That’s what the Internet is there for.

HOWEVER, the email flies in the face of the bank’s own security advice. On MBNA’s “Online Account Security” page users are advised:

When logging on to banking and membership websites, ensure that you type in the web address rather than by clicking on a link-especially in emails.

This is good advice and something that we fully endorse at Scam Detectives. So why does today’s email from the bank contain not one, not two, but three links encouraging users to log in to their account directly from the email?

A “Giant leap backwards”

The entire banking community, as well as online security websites like Scam Detectives, spend a lot of time, money and effort advising Internet users not to click on links in emails to log into their online accounts. Ever.

The reason for this is to help you to avoid “Phishing” scams, where scammers set up websites that look exactly like your bank or credit card issuer’s website to trick you into entering your security details and logging into their fake site so they can then gain access to your real account and steal your money.

In our opinion, this email campaign from MBNA represents a giant leap backwards in online security and we urge the bank to contact every customer that has been sent this email to apologise and reinforce the following advice:

NEVER click on links in emails that ask you to log into your online accounts.

Editor’s note:
When we first saw this email, we were convinced it was an elaborate phishing exercise as we were sure that MBNA wouldn’t be so careless as to include “log in” links in their email. However, a few simple checks showed that it was in fact genuine:
1) The email is hosted at customerservice.mbna.co.uk (a genuine MBNA domain)
2) The “Log In” links point to the genuine MBNA website

We have approached both MBNA and UK Payments Administration for comment and will update this post with their response.

User Interface specialist and creative lead on Mozilla’s Firefox browser Aza Raskin has outlined a brand new variant on “phishing” attacks which he has christened “Tabnapping”.

Traditionally, “Phishing” has relied upon convincing users to click on a link in an email to take them to a fake website such as their bank, credit card issuer or email account. Once the user logs in to the fake site, their details are transmitted to the fraudster and the account is immediately compromised. Public awareness of “phishing” emails is now relatively high and most people know not to click on links in emails appearing to come from such organisations.

“Tabnapping” relies on the user believing that it is impossible for the content of a tab to change while you’re not looking. You may click on a link in Twitter, Facebook or a “sponsored link” in Google which will load a genuine webpage that delivers the content it promises. If you then click away from that site, leaving it open in a “tab” whilst viewing another website, the content of the original tab will change to a fake log-in page impersonating one of the websites you visit most often, be that Facebook, Gmail, Hotmail or your online banking account. You then scan back through your tabs and believe you’ve left the site open and have been logged out, so you log back in again.

“memory is malleable and moldable and the user will most likely simply think they left a Gmail tab open. When they click back to the fake Gmail tab, they’ll see the standard Gmail login page, assume they’ve been logged out, and provide their credentials to log in. The attack preys on the perceived immutability of tabs.” said Raskin, explaining how the scam works

The biggest danger of this type of attack is that it can be targetted to the websites you actually visit, or even to the ones where a current login is open. Traditional “Phishing” emails often stumble at the first hurdle by impersonating organisations or banks that you’ve never had dealings with, so you instantly know that if you don’t bank with HSBC for example, it’s a scam. A “Tabnapping” website will allow scammers to specifically target your account by harvesting your browser history to check that you actually visit the site it will impersonate.

So, how can we avoid this type of “phishing” attack?

Whenever you log in to a website, regardless of whether you already have a tab open check the URL in the address bar to make sure you’re still on the genuine website. Check especially for the Https:// at the beginning and the secure padlock in the status bar. If the URL doesn’t look right, or there’s no padlock, close the tab, open a new one and enter the URL again.

Better still, make it a policy not to leave websites that require secure logins open in tabs. That way, you’ll know if a site that requires you to log in appears in a tab, you haven’t left it there and you’ve been “Tabnapped”

The adverts are everywhere – “Where there’s blame, there’s a claim”. If you’ve had an accident then you COULD be entitled to compensation, and there are lots of reputable claims management companies who can help you to get what’s due to you.

At Scam Detectives HQ we’re fortunate that we’ve never had a serious accident (touch wood). So we were confused when we received a text message that promised compensation for our recent accident.

FREEMSG: Our records indicate you may be entitled to 3750 pounds for the Accident you had. To claim for free reply with YES to this msg. To opt out text STOP.

This is simply a phishing scam to gain your security information and bank details. Replying to the text is likely to result in further emails asking for personal information which is likely to be misused.

NEVER respond to unsolicited text messages or emails of this nature. If you have a genuine claim for compensation, contact a reputable claims management firm or Personal Injury solicitor. You can find a solicitor in your area by visiting the Law Society’s Find a Solicitor page.

Even responding “STOP” to opt out of the messages will confirm to the scammers that your mobile number is live and result in you receiving more scam text messages.

You can report unsolicited text messages to telephone watchdog PhonePayPlus