If you’re a big fan of eBay, then be aware that there’s a scam doing the rounds, which you won’t be a fan of, at all! As usual, the aim of the scam is to get at your personal details, and to distribute all manner of malware.
Security crew, Check Point, notified everyone of this flaw, who say that you could be in a world of trouble if you get hit by it. Basically, the scam works like this - the scam artist sets up an eBay shop, complete with listings with a bunch of products that have malicious code in them.
A pop-up message tricks you into opening the page, and gets you to download an app that looks like an official eBay thing offering a one-off 25% discount, when obviously, it gives you no such thing at all. That’s because it is a scam, if you drifted off half way through all this.
Oded Vanunu, Security Research Group Manager at Check Point, said: “The eBay attack flow provides cybercriminals with a very easy way to target users: sending a link to a very attractive product to execute the attack. The main threat is spreading malware and stealing private information.”
“Another threat is that an attacker could have an alternate login option pop up via Gmail or Facebook and hijack the user’s account.”
eBay, at the time of writing, haven’t managed to lock this scam down, so stay vigilant! And here’s a video of the scam, so you know what you’re looking for.
Keep ‘em peeled.
Are you a customer of JustEat? Well, there’s a scam doing the rounds, masquerading as the food shovelling app. Some customers have been sent a dodgy text claiming to come from the company.
It offers recipients a cash incentive to complete a survey, which directs you to a fake JustEat page, which asks you to provide your card details. Obviously, you shouldn’t give them that info.
The company say that they “would never send an email or text message to customers asking for personal and financial details. We urge recipients of this text message not to enter their account or personal details on the login page provided and to delete the message immediately.”
It looks like this
Here’s what the fake login page and survey pages look like:
If you have received this text, let JustEat now at firstname.lastname@example.org. If you have responded to this scam message, then you need to get in touch with your bank, immediately.
Stay vigilant, pizza lovers.
People who use WhatsApp are being targeted with a phishing attack, which obviously, you should keep an eye on.
Basically, you get an email which looks like it is from WhatsApp, often with something saying ‘you have obtained a voice notification’, or ‘an audio memo was missed’, or something along those lines. If you look at the ‘from’ email address, you’ll see it doesn’t come from WhatsApp at all.
Subject lines end with a set of random nonsense like “xgod” or “Ydkpda”, and basically, you should delete the email as soon as you get it. Have nothing to do with it at all. If you do open it, you’ll find that you’ll get a Zip file and, when that is opened, it unleashes hell on your computer.
Not only that, it’ll give hackers access to your computer and all your lovely private and sensitive information.
“Cybercriminals are becoming more and more like marketers – trying to use creative subject lines to have unsuspecting emails be clicked and opened to spread malware,” said Fatih Orhan, Director of Technology for Comodo and the Comodo Antispam Labs.
With over 900 million people using WhatsApp, there’s a lot of people who need to be vigilant with this. Of course, Bitterwallet readers are too smart to fall for such a thing, but this is worth showing to the less savvy who you know.
However, with boozing, always comes a warning. Obviously, you’re all drinking responsibly (stop laughing), but you need to keep an eye out for fake alcoholic drinks. Apparently, hundreds of thousands of litres’ worth of dodgy, counterfeit alcohol is on sale in Britain.
These drinks often contain lethal chemicals, such as chloroform and isopropanol (you find that in anti-freeze), and a lot of these drinks have been destroyed recently. The Local Government Association (LGA) say that drinking bootleg booze could lead to permanent blindness, kidney and liver problems, and might even kill you.
So what do you do to try and spot this lethal hooch? Well, the easiest thing to do is sniff your drink. Basically, if you have a glass of something that smells like nail varnish, don’t drink it. Also, check yourself if you’re about to buy some unusually cheap alcohol. Of course, if the label is on wonky, has spelling mistakes, or something doesn’t seem right about it, steer clear.
The LGA’s Simon Blackburn said: “Everyone likes a bargain, especially at this time of year, but drinking cheap, fake alcohol could seriously harm your health and even kill you, so people should avoid it at all costs.”
“Some shopkeepers clearly have questions to answer about how these items arrive on their shelves. They need to think twice about stocking these products as we will always seek to prosecute irresponsible traders.”
The actual figure, which some would like to be higher no doubt, was £1.14m, which is triple from the year prior, according to the Information Commissioner’s Office (ICO).
If you’re interested, the new rules basically lowered the threshold to issue a fine to those who are guilty of making annoying cold calls. The threshold was dropped, so that the ICO only have to prove that calls are causing a “nuisance”, where previously, they have to prove calls were causing “serious damage and distress.”
“Nuisance marketing calls frustrate people,” said the ICO’s enforcement manager, Andy Curry. “The law is clear around what is allowed, and we’ve been clear that we will fine companies who don’t follow the law. That will continue in 2016. We’ve got 90 ongoing investigations and a million pounds’ worth of fines in the pipeline.”
If you’re after a breakdown, the ICO issued £400,000′s worth of penalties for nuisance texts, £575,000 for nuisance phone calls, and one company – Pharmacy 2U – were fined £130,000, after they were found guilty of selling customer records for marketing.
Also, the Telegraph Media Group (yes, the same people who publish The Daily Telegraph) got a fine of £30,000 for sending out a marketing email on the day of the general election, where they endorsed the Conservative Party.
Unsurprisingly, PPI claims were responsible for the largest portion of complaints, followed by accident claims.
The pensioner who was conned out of £23,000 with a cash machine scam, has got some good news this Christmas - Natwest have repaid the full amount to him.
The video, which you can see below, shows one man distracted the 93 year old, while the other does the dastardly deed. Lincolnshire Police referred to the incident as a “despicable and callous theft”.
NatWest said: “Unfortunately our customer fell victim to a callous distraction technique whilst using an ATM. We have refunded all the money to the customer and continue to do everything we can to help the police identify the criminals.”
DI Simon Bromiley, heading up the investigation, said: “What is quite clear from our inquiries so far is that these three men were very well organised in their deception and very selective about their victim. They watched the gentleman as he came into the bank and then carried out this despicable and callous theft.”
Anyone with information is asked to call police on 101.
People making plans for a winter break need to be careful of scam websites that are swindling people out of money. These fake websites have already cadged £60,000 from people according to the folks at Action Fraud.
Those who have booked holiday accommodation through RightSki.com and ChaletHunter.com have been defrauded, which is particularly galling at this time of year (irritating all year round, but y’know, Christmas is more of a mither).
The National Fraud Intelligence Bureau says that these two websites have been set up by people using false information, and their aim was to get holidaymakers to make a bank transfer to them to book their break, and then make off with it.
Obviously, like all scams, once the money has left your bank account, it is incredibly difficult to get it back.
The NFIB trying to suspend suspicious websites and phone numbers, but scamsters can very easily set up new sites, so you need to stay vigilant. Also, if you’ve got a bad feeling about a site or service, you can report it to be investigated too (click here).
If you’re not using a reputable company, or something feels fishy, then check the spelling on the site. If you’re making a payment, then you need to look out for the URL, which should begin with https, or there should be a padlock icon on it.
It is also worth doing a Google search for the company name, as that’ll bring up any bad reviews or recommendations of what to avoid when making a booking or paying money to anyone.
You may have seen a voucher, offering 40% off at Aldi doing the rounds, but the retailer says that it is a scam and should be avoided. They have explicitly said that this voucher can’t be redeemed in any of its UK stores.
They’ve also pointed out that you shouldn’t give away any personal details when trying to get the voucher, or take part in the competition that is linked to this discount.
It looks like this.
Aldi are now investigating the suspicious coupon.
As you can see from the image above, there’s something fishy about it – the font on the date is irregular, with the ’5′ in the ’15′ being different to the other numbers. That sets alarm bells off immediately. And of course, anyone who asked for personal details for a coupon like this, is bound to be up to something, especially if it isn’t coming straight from the supermarket themselves.
A post on Aldi’s Facebook page reads: “We have been notified that there is a hoax 40% off Aldi voucher being circulated online. Please be aware that this post is fraudulent and cannot be redeemed in our stores.”
“We strongly advise that you do not complete any personal details or enter the competition that is running as part of claiming the voucher. This is currently being fully investigated. Thank you, Aldi UK”
They also tweeted: “ALERT: We are aware that there is a hoax 40% off Aldi voucher being circulated. This post is fraudulent and cannot be redeemed in store. We strongly advise you not to enter any personal details on this website. This is currently being fully investigated. Thank you, Aldi UK”
So now you know. If you see one, avoid.
Don’t buy counterfeit toys this Christmas. Generally, that’s a good rule to live by all year round, because knock-off toys usually look bad, and break easily, and it isn’t worth the earache off the kids.
However, there’s more to be concerned about – a number of fakes have been seized and after tests, it was shown that some of them have dangerous levels of chemicals in them, linked to asthma, cancer, and even infertility. A batch of knock-offs based on Disney’s Maleficent characters were found to contain 18 times the legal limit of phthalates.
National Trading Standards officers have prevented around 2.6 million unsafe or non-compliant items from entering the country, but of course, some still get through.
Robert Chantry-Price, of the Chartered Trading Standards Institute, said: “It is frightening to think that large quantities of phthalates are still being used in children’s toys, especially when it can cause such serious long-term consequences to a person’s health.”
“Phthalates are carcinogenic, mutagenic and can cause reproductive problems but, despite legislation to the contrary, significant amounts of these substances can be found in a wide range of toys and childcare products.”
If you want to avoid these products, the answer is pretty simple; you should buy toys from reputable retailers, and if it seems remarkably cheap, then be suspicious. Keep an eye on the packaging, and look for boxes that have the distributor’s details on it, and the CE mark.
Over at HUKD, there’s been some furrowed brows over a company called CombatZones.co.uk. They’ve been selling video games, and the prices have been too good to be true. The latter, obviously, rang alarm bells and a number of people have given them the swerve.
However, some people have bought things with them, and it looks like they won’t be getting their purchases any time soon.
For starters, the website is, at the time of press, offline. One person said: ”Do not order goods from this website. The support email address bounces back, and searches on Google for games website, does not bring up any results. Not legit company.”
With orders vanishing into the ether, especially before Christmas, this could be a lot of mither for some. Looking at the cache of the page, it looks like most orders were completed with PayPal, which is something at least, because you can get a refund easily through them.
PayPal’s ‘Buyer Protection’ says: “If an eligible item that you’ve bought online doesn’t arrive, or doesn’t match the seller’s description, our Buyer Protection will reimburse you for the full amount of the item plus postage and packaging costs. Buyer Protection covers all your online purchases, on eBay or on any other website, when you use PayPal.”
Make sure you open your dispute with PayPal as soon as possible, so you don’t miss the window. Do it within 180 days of the purchase. To get a refund, log in to your PayPal account, and see this page.
It looks like CombatZones won’t be fulfilling orders, but if that changes, we’ll update this page. Good luck getting a refund if you’ve been stung.
This fine comes in a week when the Information Commissioners Office (ICO) are throwing fines at all sorts of spam-pests, totalling £250,000. The £80k was served to Birmingham-based UKMS Money Solutions Ltd, and of course, they were dealing in nuisance PPI messages. The company failed to check that the people they were messaging had agreed to receive marketing text messages.
The ICO are getting in touch with 1,000 of these spam-vendors, to ask them what they’re doing to comply with UK laws. If it turns out they’ve failed to go through proper procedures, there’s going to be more fines doing the rounds.
ICO enforcement manager, Andy Curry, said: “UKMS relied on their data suppliers’ word that the people on the lists had agreed to be contacted. That’s simply not good enough. UKMS should have known that the responsibility to ensure they had the right consent to send messages to people rests with them.”
There’s a lot of calls for tougher action against these sorts of companies, because at the moment, they can dodge penalties by simply closing down their business and then re-opening on the same day under a different business name. It really is a farce. One of the things that is being spoken about, is that, instead of fining companies, you fine directors who are responsible.
The ICO would also like to see an increase in the maximum fine possible. Currently it stands at £500,000, which is clearly not enough of a deterrent.
Online takeaway service JUST-EAT have today issued an email letting their subscribers know that there is currently a scam email circulating purporting to be offering £10 takeaway credit when the recipient completes a quick survey.
To be fair, the emails do look pretty genuine until you get to the part asking you to confirm your personal credentials.
JUST-EAT have said:
Dear JUST EAT Customer,
The online security of our customers is really important to JUST EAT.
We will never ask you to enter your JUST EAT account details or any personal information via email. And we don’t store payment information or card details anywhere in our systems.
Some customers are receiving particularly sophisticated scam emails. These emails look like they come from JUST EAT and ask you to enter personal and JUST EAT account details.
Unfortunately, email scams are all too common on the internet. We encourage you to remain vigilant online, frequently change your passwords and make sure your passwords are robust.
If you have any questions you can contact JUST-EAT at email@example.com.
There’s a new scam knocking about, which sees people being asked for money from one of their bosses. Now, most people don’t like their bosses and would think unprintable things if they asked them for money… but we’re still going to give you all a warning about it.
Basically, there’s emails doing the rounds which are fake, coming from your gaffer’s email address, telling them to transfer cash.
The Financial Fraud Action UK (FFA UK) said this particular scam has spiked in the past couple of weeks, and a number of small/medium-sized businesses in the UK have lost between £10,000 and £20,000 as a result.
What happens is, staff will get an email from what appears to be senior management, where they ask for money for a pressing matter, like the need to secure a contract. Any money transferred goes straight in the pocket of the fraudsters.
“While an urgent request from the boss might naturally prompt a swift response, it should in fact be a warning sign of a potential scam,” said Katy Worobec, director of FFA UK.
There’s a host of advice being doled about about this scam, but Bitterwallet has the only advice you really need – don’t lend your boss any money if they ask for it in an email. If they do, ring them up and ask them about it (or tell them to piss off).
The biggest online pharmacy in the UK has been slapped with a £130,000 fine after they sold patients’ personal data to scammers. Those scam artists then targeted people who are vulnerable and sick, which is just great.
Pharmacy2U (P2U) was hauled in by the Information Commissioner’s Office (ICO) after it was discovered that they’d been giving names and contact details for people who had bought prescriptions and remedies from their site, through their Alchemy Direct Media company. It turns out they’d illegally sold the personal data of more than 21,000 NHS patients and P2U customers.
You’re supposed to get people’s permission before you sell their personal data – they did not.
It might be an idea to run a quality control over who you’re selling it to, which this lot clearly didn’t do, as one of the companies that bought the data were lottery fraudsters, who then went after pensioners with chronic health conditions.
Over 100,000 customer details were advertised for sale on the database, which actually broke people down into categories, such as detailing which people had Parkinson’s disease, or which ones were over 70.
ICO deputy commissioner David Smith said: “Patient confidentiality is drummed into pharmacists. It is inconceivable that a business in this sector could believe these actions were acceptable. Put simply, a reputable company has made a serious error of judgement, and today faces the consequences of that. It should send out a clear message to other companies that the customer data they hold is not theirs to do with as they wish.”
“Once people’s personal information has been sold on once in this way, we often see it then gets sold on again and again. People are left wondering why so many companies are contacting them and how they come to be in receipt of their details.”
“Patient confidentiality is drummed into pharmacists. It is inconceivable that a business in this sector could believe these actions were acceptable”
Daniel Lee, managing director of P2U, said: “This is a regrettable incident for which we sincerely apologise. While we are grateful that the ICO recognises that our breach was not deliberate, we appreciate this was a serious matter. As soon as the issue was brought to our attention, we stopped the trial selling of customer data and made sure that the information that had been passed on was securely destroyed. We have also confirmed that we will no longer sell customer data.”
“We take our responsibilities to the public very seriously and want to reassure our customers that no medical information, email addresses or telephone numbers were sold. Only names and postal addresses were given, for one-time use.”
This scam involves council tax, where people are getting cold-called about the chance that you might be in the wrong band for council tax and that the company ringing you, will sort it out for you, for a price. Naturally, if you need a refund on your council tax, you can query it for free yourself, and your local authority should sort the rest out.
The scam asks for your bank details, and £65 to cover admin costs and the processing of the refund itself. This is a nonsense and you should tell these companies where they can stick it. Once you’ve hung up on them, you should then report the company to Action Fraud, which you can do by clicking here. Or, if you’d prefer to ring someone, call 0300 123 2040.
If you do have a problem with your council tax band, and want to make a challenge, then you can do it completely free of charge by getting in touch with your local Valuation Office Agency (VOA). The website can be found here, or you can ring 03000 501501 (England) or 03000 505505 (Wales).