This fine comes in a week when the Information Commissioners Office (ICO) are throwing fines at all sorts of spam-pests, totalling £250,000. The £80k was served to Birmingham-based UKMS Money Solutions Ltd, and of course, they were dealing in nuisance PPI messages. The company failed to check that the people they were messaging had agreed to receive marketing text messages.
The ICO are getting in touch with 1,000 of these spam-vendors, to ask them what they’re doing to comply with UK laws. If it turns out they’ve failed to go through proper procedures, there’s going to be more fines doing the rounds.
ICO enforcement manager, Andy Curry, said: “UKMS relied on their data suppliers’ word that the people on the lists had agreed to be contacted. That’s simply not good enough. UKMS should have known that the responsibility to ensure they had the right consent to send messages to people rests with them.”
There’s a lot of calls for tougher action against these sorts of companies, because at the moment, they can dodge penalties by simply closing down their business and then re-opening on the same day under a different business name. It really is a farce. One of the things that is being spoken about, is that, instead of fining companies, you fine directors who are responsible.
The ICO would also like to see an increase in the maximum fine possible. Currently it stands at £500,000, which is clearly not enough of a deterrent.
Online takeaway service JUST-EAT have today issued an email letting their subscribers know that there is currently a scam email circulating purporting to be offering £10 takeaway credit when the recipient completes a quick survey.
To be fair, the emails do look pretty genuine until you get to the part asking you to confirm your personal credentials.
JUST-EAT have said:
Dear JUST EAT Customer,
The online security of our customers is really important to JUST EAT.
We will never ask you to enter your JUST EAT account details or any personal information via email. And we don’t store payment information or card details anywhere in our systems.
Some customers are receiving particularly sophisticated scam emails. These emails look like they come from JUST EAT and ask you to enter personal and JUST EAT account details.
Unfortunately, email scams are all too common on the internet. We encourage you to remain vigilant online, frequently change your passwords and make sure your passwords are robust.
If you have any questions you can contact JUST-EAT at firstname.lastname@example.org.
There’s a new scam knocking about, which sees people being asked for money from one of their bosses. Now, most people don’t like their bosses and would think unprintable things if they asked them for money… but we’re still going to give you all a warning about it.
Basically, there’s emails doing the rounds which are fake, coming from your gaffer’s email address, telling them to transfer cash.
The Financial Fraud Action UK (FFA UK) said this particular scam has spiked in the past couple of weeks, and a number of small/medium-sized businesses in the UK have lost between £10,000 and £20,000 as a result.
What happens is, staff will get an email from what appears to be senior management, where they ask for money for a pressing matter, like the need to secure a contract. Any money transferred goes straight in the pocket of the fraudsters.
“While an urgent request from the boss might naturally prompt a swift response, it should in fact be a warning sign of a potential scam,” said Katy Worobec, director of FFA UK.
There’s a host of advice being doled about about this scam, but Bitterwallet has the only advice you really need – don’t lend your boss any money if they ask for it in an email. If they do, ring them up and ask them about it (or tell them to piss off).
The biggest online pharmacy in the UK has been slapped with a £130,000 fine after they sold patients’ personal data to scammers. Those scam artists then targeted people who are vulnerable and sick, which is just great.
Pharmacy2U (P2U) was hauled in by the Information Commissioner’s Office (ICO) after it was discovered that they’d been giving names and contact details for people who had bought prescriptions and remedies from their site, through their Alchemy Direct Media company. It turns out they’d illegally sold the personal data of more than 21,000 NHS patients and P2U customers.
You’re supposed to get people’s permission before you sell their personal data – they did not.
It might be an idea to run a quality control over who you’re selling it to, which this lot clearly didn’t do, as one of the companies that bought the data were lottery fraudsters, who then went after pensioners with chronic health conditions.
Over 100,000 customer details were advertised for sale on the database, which actually broke people down into categories, such as detailing which people had Parkinson’s disease, or which ones were over 70.
ICO deputy commissioner David Smith said: “Patient confidentiality is drummed into pharmacists. It is inconceivable that a business in this sector could believe these actions were acceptable. Put simply, a reputable company has made a serious error of judgement, and today faces the consequences of that. It should send out a clear message to other companies that the customer data they hold is not theirs to do with as they wish.”
“Once people’s personal information has been sold on once in this way, we often see it then gets sold on again and again. People are left wondering why so many companies are contacting them and how they come to be in receipt of their details.”
“Patient confidentiality is drummed into pharmacists. It is inconceivable that a business in this sector could believe these actions were acceptable”
Daniel Lee, managing director of P2U, said: “This is a regrettable incident for which we sincerely apologise. While we are grateful that the ICO recognises that our breach was not deliberate, we appreciate this was a serious matter. As soon as the issue was brought to our attention, we stopped the trial selling of customer data and made sure that the information that had been passed on was securely destroyed. We have also confirmed that we will no longer sell customer data.”
“We take our responsibilities to the public very seriously and want to reassure our customers that no medical information, email addresses or telephone numbers were sold. Only names and postal addresses were given, for one-time use.”
This scam involves council tax, where people are getting cold-called about the chance that you might be in the wrong band for council tax and that the company ringing you, will sort it out for you, for a price. Naturally, if you need a refund on your council tax, you can query it for free yourself, and your local authority should sort the rest out.
The scam asks for your bank details, and £65 to cover admin costs and the processing of the refund itself. This is a nonsense and you should tell these companies where they can stick it. Once you’ve hung up on them, you should then report the company to Action Fraud, which you can do by clicking here. Or, if you’d prefer to ring someone, call 0300 123 2040.
If you do have a problem with your council tax band, and want to make a challenge, then you can do it completely free of charge by getting in touch with your local Valuation Office Agency (VOA). The website can be found here, or you can ring 03000 501501 (England) or 03000 505505 (Wales).
The PPI scandal hasn’t even been sorted out, and we’re already looking at the next one to contend with. If you’re planning on making a PPI claim, do hurry up though – and here’s advice on how to do it.
Anyway, it looks like the next massive financial mis-selling scandal is going to concern pensions.
“These reforms have been in operation for six months now: long enough for the scammers to get going, working on defrauding people out of their life savings,” said Frank Field, chair of the Commons’ Work and Pensions Committee.
Some pensioners are already being hit with massive fees when they start using the freedoms they’ve now got with their pension, and there’s a lot to consider regarding the new rules on pensions. With all this to think about, Field said that the government need to start giving data – and fast – on how the reforms are working out for people, and fix any problems that have already arisen.
One of the big gripes is that, while the pensions now give people the right to take their savings as cash, advice needs to be given to any person who has not considered the long-term implications for later years, and make them aware of tax charges and the like.
“Good quality, co-ordinated and accessible guidance and advice will be the best tools to ensure people make the best, informed decisions about their retirement savings, and protect them from scammers,” said Field, adding: “We have seen all too clearly, too many times, what happens when financial information is not properly provided and regulated. We literally cannot afford another financial mis-selling scandal.”
Now, the government are doing something about this, and have set up the Pensions Wise service, which gives you a session over the phone, offering guidance and information about your pension and what you can do with the new rules. Sadly, it seems like there’s not many people using the service (so hop to it if you’re reading this – go and make the most of it) and pension companies should be doing more to point people toward it.
The National Crime Agency (NCA) are looking into a huge security breach which is affecting UK banks, warning people to make sure they’re being vigilant against viruses and the like. Investigators have noted that hackers have been using a virus called Dridex, which is harvesting online bank details, which of course, are then used to steal your money.
The NCA think that £20 million has gone missing because of this, which is not to be sniffed at. It seems to be mostly business accounts falling foul of this, but the NCA warn that members of the public may have been victims of the malware attack.
Seemingly legit emails are the source of this, which are opening up the malware on your devices, and the NCA think thousands of computers in the UK are affected.
The National Cyber Crime Unit (NCCU) head of ops, Mike Hulett, said: “This is a particularly virulent form of malware and we have been working with our international law enforcement partners, as well as key partners from industry, to mitigate the damage it causes. Our investigation is ongoing and we expect further arrests to be made.”
If you think you’ve had money taken through scams like the Dridex malware push, then you need to contact Action Fraud and of course, tell your bank.
Make sure you anti-virus software is up-to-date, and if you want the best protection, you can have a look at this good list of freebies over at HUKD by clicking here. You should keep your phone protected too, and we’ve got a round-up of the best anti-virus protection for your mobile, here.
A report by the National Trading Standards (NTS), shows that the number of scammers claiming to be from the Telephone Preference Service (TPS) is on the up, and they’re making cold calls in a bid to swindle you out of money, for call blocking devices that don’t do anything.
Louise Baxter, from the NTS scams team, said: “This is a sad and cynical scam that targets people who are actively trying to protect themselves or vulnerable relatives. Please remember that the TPS never cold calls and its service is always free.”
The report states that scammers are using subscriptions to get money, so people are drawn in with a free trial, but ultimately, signed up to costly regular payments which are nigh-on impossible to stop. There’s also energy scams doing the rounds, where people are fraudulently selling solar panels.
The NTS teams, according to the report, have stopped £252m worth of loss to consumers and businesses in the last year, and prevented over 2.5 million unsafe or non-compliant goods from entering the market. That said, mail scams have still cost victims more than £13m, and around 200,000 people are now included on what have been called ‘sucker lists’, which are circulated by ne’er-do-wells.
NTS chairman Lord Toby Harris said: “We face a growing threat from criminals that set out to target consumers – including some of the most vulnerable people in society – and honest businesses. And it’s not just money they take from innocent people.
“Many victims feel they have lost their dignity, their self-confidence, their sense of security. For small businesses, entire livelihoods may be lost and this, in turn, damages the economy.”
“I am hopeful that in publishing this report more people will be inspired to take steps to protect themselves, and vulnerable loved ones. I’d also remind people to report anything suspicious to the Citizen’s Advice consumer helpline on 03454 04 05 06.”
Gambling and cheating goes hand-in-hand, doesn’t it? AND THAT’S JUST THE BOOKIES EH? We’re kidding of course, should any jumpy lawyers be reading. We don’t want to have to write articles with thumb-screws on either.
Anyway, those who like playing online poker should be aware that there’s some malware doing the rounds that allows other players to see your cards. People who are getting stung by this are those who have downloaded something like an app, from a site that isn’t official or legit.
Really. People need to stop doing that. It is the source of far too many problems.
This particular malware allows a ne’er-do-well to track your ID, so they can follow you around and whoop you every time you play.
PokerStars and Full Tilt Poker users are at risk of being cheated out of money, and the malware is called Win32/Spy.Odlanor, or just Odlanor. Robert Lipovsky, Eset malware researcher, says: “In other cases, the spyware is installed through various poker-related programs”
As ever, to combat this, you need to make sure your anti-virus software is up-to-date, and get rid of any malicious files with it.
There’s a vulnerability in the service which is allowing hackers to trick people into executing snide code for them. It is called the ’MaliciousCard’ vulnerability, and basically, it is executed by sending a vCard contact card which contains malicious code to your account.
This is according to security firm Check Point, and they say that, once the code has been opened up, it starts to distribute bots, ransomware, and a whole bunch of other malware nonsense.
WhatsApp have been told about this, and they have issued an update which should fix the bug. If you’re running WhatsApp Web v0.1.4481 (or later), you’re fine.
This news follows the fact that WhatsApp have said that they have just reached 900 million monthly active users, which is not too shabby. Of course, the company is owned by Facebook so it won’t be long before everyone starts wishing everyone involved at the service were dead in a grisly manner.
If being single isn’t tough enough, all the baddies on the internet are going after their dating profiles. AshleyMadison was the big profile hack, complete with leaks, and now, Match.com has been compromised as well.
A security alert was issued by an outfit called Malwarebytes, and they noted that the dating site was hacked and has spilled data all over the place. A hackers version of a money shot, if you like.
Malwarebytes said the site has fallen victim to malvertising, which looks to swindle the lonely out of their hard earned money. It is thought that there’s 5.5 million users at risk from this attack, which happens to be based on the Bedep trojan for those of you who know about this sort of thing. In plain English, it means that ne’er-do-wells can get at a load of private info and start trying to cadge money from you.
“The cost per thousand impressions for the booby trapped ad was only 36c, which is nothing compared to how much infected computers can bring in terms of revenues. For instance, CryptoWall demands $500 per victim,” said Jerome Segura, senior security researcher at Malwarebytes.
“We alerted Match.com and the related advertisers, but the malvertising campaign is still ongoing via other routes.”
A spokesperson for Match.com told The Inquirer: “We take the security of our members very seriously indeed. We are currently investigating this alleged issue.”
Even though Apple’s iOS is well regarded for its robust security, it isn’t completely without the risk of some swine causing bother with it. If you jailbreak a phone, you do away with all that lovely security so you can get full control of your gadget.
With that, malware is being installed via third-party iOS apps onto jailbroken iPhones, which has resulted in what is being described as “the largest known Apple account theft caused by malware.”
The malware is called KeyRaider, and has stolen around 225,000 iOS users’ Apple account credentials, purchasing receipts, certificates and private keys according to the security firm, Palo Alto Networks and Chinese iPhone developers Weiptech.
And now, for a lot of jargon.
“The malware hooks system processes through MobileSubstrate, and steals Apple account usernames, passwords and device GUID by intercepting iTunes traffic on the device. KeyRaider steals Apple push notification service certificates and private keys, steals and shares App Store purchasing information, and disables local and remote unlocking functionalities on iPhones and iPads,” the Palo Alto Networks wrote in a blog post.
So what’s happening, in plain English? Around 225,000 accounts are thought to be affected, and some people have said that their accounts are showing abnormal purchasing history. Others have said that their phones are being held for ransom by people who are best described as ‘not-rights’.
If you don’t have a jailbroken iPhone, iPad or iPod, then you don’t need to do anything at all. You’re golden. Those with affected jailbroken phones reside in countries including the UK, France, Germany, Australia, Russia, Japan, America, Canada, Israel, Italy, Spain, Singapore, and South Korea.
You can read all of Palo Alto Networks findings and check out their tool which will help you to check if your device has been affected and some other helpful bits… click here.
Like all big events, scamsters are swarming around the Rugby World Cup. An investigation by Which!!! has uncovered rip-off deals for those trying to get to Twickenham, where money is stumped up, but tickets don’t arrive.
One of the sites that has been singled out is GetSporting.com, who appear to be offering tickets for games that have sold out. They seem to have hundreds of tickets, including every England match and the final, but do they have the tickets?
Which!!! say: “We’ve found one website – GetSporting.com – offering deals that may be too good to be true, selling tickets for sold out matches like England v Australia and England v Wales. It appears consumers are unlikely to receive tickets or could even receive fake ones.”
GetSporting.com seems to have an infinite supply of tickets for England’s opener against Fiji on September 18th, and the site isn’t keen on telling you where your seat in the stadium will be, or what the face value of the ticket is. If you’re reselling tickets for an event, by law, you have to disclose both of these things – so keep an eye out for that.
Which!!! continued: “Its payment methods have also given us cause for concern. It’s offering a discount for people who pay for their tickets through wire transfer but this method of payment means it’s almost impossible to get your money back if something goes wrong.”
The ubiquitous Richard Lloyd from Which!!! says: “With fans trying to get last minute tickets to Rugby World Cup 2015, it’s an ideal time for ticket scammers to try to make a fast buck.”
“We expect the authorities to take swift action against dodgy sites and we advise people to keep their wits about them. If an offer looks too good to be true, it probably is.”
You need to install updates on your browser at once, because there’s an exploit in it that wants to steal your data and has been turning up on websites and causing havoc.
Right away, go to Help, then hit ‘About Firefox’, then press the ‘Check for Updates’ button, to ensure you’ve got the latest version of the browser.
In a blog, Mozilla say the exploit makes use of a weakness in Firefox’s PDF viewer. The bug basically gets into your Windows computer and searches through your files looking for passwords from a host of popular FTP apps, as well as any text files with ‘pass’ or ‘access’ in the name. It will then, you suspect, send all that information to people who you really don’t want to be having that sort of information.
Even if you’re on a Mac and using Firefox, it’d be a good idea to do an update, as there’s no good reason why the baddies aren’t going after you too. So hurry up. Update your Firefox. Do it now!