Pre-Christmas warnings - Bah Humbug!
The Information Security Office has you covered when it comes to Black Friday and Christmas Scams
Black Friday, Cyber Monday and Christmas are fast approaching, which also means cyber criminals are in their element. As technology evolves, so do the criminals. QR code scams are on the rise and AI is being used as the cyber criminals weapon of choice.
Cyber criminals prey on predictable human behaviour and weaponise trusted forms for communications - social media, websites, emails and text messages - to deceive you into giving them confidential information. Being deceived or "scammed" is not something to be embarrassed about.
Taking quick action such as contacting your bank, the company the email or text pretended it came from or contacting the Police, can stop the criminals.
QR code scams
What is it?
QR code scams have increased with over 400 reported this year and 1,200 investigated by Action Fraud since 2020.
QR code scams are when cyber criminals create their own code and cover a genuine one, usually in a public area, where the codes have to be used such as paying for parking.
How does it work?
You scan the QR code to pay for your car parking, you end up on genuine looking website where you think you're just paying for parking when in fact you're actually handing over personal information to the cyber criminal including your name, address, car registration details, and bank details.
What happens next?
In a recent scam, the cyber criminals covered a genuine QR code with a fake one in Thornaby Station’s car park, Teeside. The QR code took one 71-year-old victim to a fake website, allowing the cyber criminals to find out her payment and card information. The victim’s bank blocked a string of fraudulent transactions, but the criminals called her impersonating the bank and persuaded her they were real to get more information. With the extra details, they changed the victim’s address on her bank records and created a new online account. They then racked up £13,000 in debt under her name, including a £7,500 loan and multiple credit cards, the BBC reports.
AI scams
What is it?
The National Cyber Security Centre (NCSC) is warning consumers when shopping online during Black Friday and for
Christmas that cyber criminals are likely to use AI technology to produce more convincing scam emails, fake adverts, and bogus websites.
How does it work?
Previous scams could often be identified by features such as poor grammar or spelling, emails coming from unusual email addresses, or feature branding that doesn't match the company's branding where the email is purported to have come from. While AI might generate more polished communication in phishing attempts, the hallmarks of a scam remain very similar such as urgency, scarcity and using current events to make their scam seem more relevant.
What happens next?
Like with the QR code scams, the cyber criminal will send you an email linking to a dummy website. The wording used in the email, will encourage you to input your details in the website, such as name, address, bank details. These details will then be used in a similar way to the QR code criminals.
Parcel delivery scams
What is it?
It is when you receive texts or emails claiming to be from a delivery company to reschedule or pay additional delivery fees in an attempt to get people’s personal information or bank details. The Citizens Advice Bureau (CAB) estimates that almost half of people (49%) targeted by cyber criminals had been on the receiving end of a malicious parcel delivery scam, with the criminals attempting to get hold of personal information or bank details.
How does it work?
The cyber criminal will contact you by email or text purporting to be from a delivery company such as DPD, FedEx, Parcel Force, Amazon etc. The email will be from an address that doesn't look genuine and the text message will be from an unknown number. The branding may be similar to that of a genuine delivery company or it may look 'off'.
What happens next?
The criminal's hope is that you will click on the link and agree for a redelivery fee, which will include your name, address, phone number and bank details. The cyber criminal will then be able to take out loans in your name, make purchases online, and apply for credit cards.
Remember!
- Cyber attacks and scams can affect everyone
- Make sure to follow our advice on our pages, which covers email scams as well as guidance around AI.
- Taking quick action can stop the cyber criminals in their tracks and safeguard your data and peace of mind at the same time.
The Information Security Office wants to foster a zero-blame culture here at the University whilst also empowering its employees to be cyber aware. If you do become a victim of scam by cyber criminals whilst at work, please report the incident as soon as possible.
