North Wales Community Alert

[SteveH]

Don’t give a fraudster a Christmas present. Treat unexpected emails, texts, phone calls and posts over the festive period with caution. If in doubt, call the person or organisation they claim to be from, on a number you know to be correct to double check that it was actually them who contacted you.

Protect new or pre-owned phones, tablets & computers with a unique password/passcode and internet security apps/software. Also remember to set them up to update and backup automatically, and only download apps from your official app store.

Learn more about keeping yourself and your family safe online this Christmas here - www.getsafeonline.org/safeonlinechristmas

#NWPCyberSafe #SafeChristmas
Message Sent By
Dewi Owen
(North Wales Police, Cyber Crime Officer, North Wales)

[SteveH]

Over the festive period last year, almost £5 million was lost to gift card fraud.
If someone asks you to buy gift cards to send on to them or to pay for something, it is quite likely that you are the target of a scam.

Watch out for unsolicited callers claiming that you need to purchase gift cards in order to pay a fine or bill or to claim a prize for example. Also be very cautious if friends or family contact you to ask you to purchase gift cards on their behalf – it’s likely that their online account has been hacked and you’ll be sending the gift cards to a cybercriminal or online scammer.

Please take the time to make sure that your friends and family are all aware that this type of gift card fraud is a favourite with scammers and Cybercriminals. Make sure that they know that someone asking for gift cards should always be treated with caution.........



Cyber Criminals are using QR technology to scam victims. They create their own malicious QR codes designed to trick people into sharing their banking or personal information. Victims are tricked into believing that they are navigating to legitimate sites.

🎄 Last festive season, over £764,000 was lost to QR fraud.

Stay safe this Christmas— stop and think before clicking a link or scanning a QR code. If you receive an email with a QR code use caution - it could be a scam.

If unsure - open the website address that you need to visit in a fresh browser rather than navigating there via the QR code. This will help to keep your data safe.

Read about how someone fell victim to fraudsters in railway station QR code scam here - https://www.bbc.co.uk/news/uk-england-tees-67335952

#NWPCyberSafe #12Frauds
Message Sent By
Dewi Owen
(North Wales Police, Cyber Crime Officer, North Wales)

[SteveH]

Action Fraud have received over 4,800 reports about FAKE emails claiming that diesel car users are eligible for thousands of pounds in compensation.

The emails instruct recipients to share their personal information via links provided in the email, in order to check if they are eligible for the compensation. The links in the email lead to malicious websites that are designed to steal personal and financial information.

If you have any doubts about a message, contact the organisation directly. Don't use the numbers or address in the message - use the details from their official website. Your bank (or any other official source) will never ask you to supply personal information via email.

Spotted a suspicious email? Forward it to the Suspicious Email Reporting Service (SERS) - report@phishing.gov.uk
#NWPCyberSafe
Message Sent By
Dewi Owen
(North Wales Police, Cyber Crime Officer, North Wales)


 

[SteveH]

✉️Most malware is delivered by email. Always be suspicious of links and attachments in unsolicited emails.

✅Where possible please report suspicious emails by forwarding them to: report@phishing.gov.uk.

 ℹ️ Your reports help the National Cyber Security Centre to remove emails and websites used to perpetrate fraud. As of November 2024 202,761 scams had been removed across 368,477 URL’s.

Learn more about how to spot and report scam emails, texts, websites and calls and adverts here - Phishing: Spot and report scam emails, texts, websites and... - NCSC.GOV.UK.............. https://www.ncsc.gov.uk/collection/phishing-scams

#NWPCyberSafe
Message Sent By
Dewi Owen
(North Wales Police, Cyber Crime Officer, North Wales)

[SteveH]

Those using the platform Booking.com to book their holidays or accommodation are being warned they could be targeted with emails or messages requesting payments from hotels who have had their account taken over by fraudsters. Between June 2023 and September 2024, Action Fraud received 532 reports from individuals, with a total of £370,000 lost.

Insight from Action Fraud reports suggests the individuals were defrauded after receiving unexpected messages and emails from a Booking.com account belonging to a hotel they had a reservation with, which had been taken over by a criminal. Using this account, the criminals send in-app messages, emails, and WhatsApp messages to customers, deceiving them into making payment and/or requesting credit card details.

The specific account takeovers are likely to be the result of a targeted phishing attack against the hotel or accommodation provider, and not Booking.com’s backend system or infrastructure.

Adam Mercer, Deputy Head of Action Fraud, said:

“With more than 500 reports made to Action Fraud, those who have booked a holiday on the Booking.com platform should stay alert to any unexpected emails or messages from a hotel using the Booking.com platform, as their account could have been taken over by a criminal.

“If you receive an unexpected request from a hotel’s account you booked with using Booking.com, asking for bank details or credit card details, it could be a fraudster trying to trick you into parting ways with your money. Contact Booking.com or the organisation directly if you’re unsure.

“Remember to report any suspicious emails by forwarding it to report@phishing.gov.uk, or if you receive a fraudulent text message, you can forward it to 7726.”

How can you protect yourself?
Booking.com and Action Fraud are providing the following advice on how to spot signs of fraud and protect your Booking.com account:

No legitimate Booking.com transaction will ever require a customer to provide their credit card details by phone, email, or text message (including WhatsApp).
Sometimes a hotel provider will manage their own payment and may reach out to request payment information, like credit card details – before providing any information, always verify the authenticity of communication between yourself and the hotel’s account.
If you receive any urgent payment requests that require immediate attention, like a booking cancellation, immediately reach out to the Booking.com Customer Service team via the details on the official Booking.com website and/or app to confirm.
Any payment requests that do not match the information in the original booking confirmation should also be double checked and confirmed with Booking.com Customer Service before proceeding.
Any messages purporting to be from Booking.com that contain instructions to follow links and/or open/download files should be treated with caution.
If you have any doubts about a message, contact Booking.com directly. Don’t use the numbers or address in the suspicious message and use the details from their official website.
For more information about how to protect your Booking.com account, please visit: Safety Tips for Travellers | Booking.com

If you receive any suspicious emails or text messages, report them by forwarding emails to: report@phishing.gov.uk, or texts to 7726.

Find out how to protect yourself from fraud: https://stopthinkfraud.campaign.gov.uk

If you’ve lost money or provided financial information as a result of any phishing scam, notify your bank immediately and report it to Action Fraud at  https://www.actionfraud.police.uk/report-phishing or by calling 0300 123 2040. In Scotland, call Police Scotland on 101.
 
Message Sent By
Action Fraud
(Action Fraud, Administrator, National)

[SteveH]

🚨Watch out for FAKE emails alleging to be from Boots offering a free Medicare kit. They are designed to steal your personal and financial information.

Action Fraud have received over 740 reports about these emails that claim that the recipient has won a free prize, such as a Medicare Kit. The links in the emails lead to malicious websites that are designed to steal personal and financial information.

📨If you receive a suspicious email, report it by forwarding the email to: report@phishing.gov.uk.

 #NWPCyberSafe
Message Sent By
Dewi Owen
(North Wales Police, Cyber Crime Officer, North Wales)

[SteveH]

Two scam warnings this morning........

QR codes are everywhere now: from restaurant menus to public transport timetables and car parks.

Unfortunately, this normalization of scanning QR codes is being taken advantage of, presenting a new cybersecurity threat called Quishing (QR code phishing). Rather than link to the legitimate website that you believe you’re navigating to, the fraudulent code will load a page that attempts to steal financial information or attempt to infect your device with malware.

Criminals often stick their own fraudulent QR code over the original QR code in places like car parks. Members of the public scan the QR code believing that it will take them to the parking company’s website where they can pay for their parking, however the criminal’s QR code takes them to a fake website that looks very similar the parking company’s website allowing the criminal to steal the innocent victim’s card details and money.

There are a few effective steps you can take to protect yourself from quishing:

-Look at the physical QR code you're scanning. Has a fake QR code sticker been stuck over the original sticker? If it may have been tampered with, stay clear.

-Don't scan random QR codes in public.
-Use the default QR code scanner that comes with your device. QR scanners from app stores have a poor track record for security and privacy.
-Verify the address a QR is trying to send you to before opening the link.

-When possible, avoid using QRs to pay, especially if the payment link leads to an unknown address. Keep in mind too, that fake websites often use similar sounding names to official ones, so check the spelling!

Please share to make as many people as possible aware.
 
#NWPCyberSafe
Message Sent By
Dewi Owen
(North Wales Police, Cyber Crime Officer, North Wales)




Protect yourself from Holiday fraud: don’t let fraudsters trip you up this summer.
People looking to snap up online holiday deals ahead of the summer are being warned to stay extra alert and do their research before booking their getaways, as new data reveals victims lost a total of over £11 million to holiday fraud last year.

Action Fraud, the national fraud and cybercrime reporting service, has launched a holiday fraud campaign, urging the public who are looking to snap up their next holiday deals online to look out for suspiciously enticing offers online, including on social media, and do their research before booking their getaways.

New data shows there were 6,066 reports of holiday fraud made to Action Fraud last year, with July recorded as the highest month of reporting with 647 reports.

Holiday makers lost a combined total of £11,183,957 in 2024, which is comparatively less than the £12.3 million lost in 2023. Despite, the drop in reported loss, the average loss per victim remains at similar levels, with £1,851 the average in 2023 and £1,844 in 2024.

What can you do to protect yourself from holiday fraud?

Check the travel company is legitimate: about to book a holiday? Do some research first to check that the company is legitimate, especially if you haven’t used them before. Use consumer websites, or reviews from people (or organisations) that you trust.
Look for the logos: look for the ABTA, ABTOT or ATOL logos on the company’s website. If you’re unsure, you can use the links below to verify membership:
ABTA - https://www.abta.com
ABTOT - https://www.abtot.com/abtot-members-directory/
ATOL - https://www.atol.org
Use a credit card to pay: use a credit card for payments (if you have one). Many of these protect online purchases as part of the Consumer Credit Act.

Only provide required details at checkout: when making your payment, only fill in the mandatory details (often marked with an asterisk) such as your address. Unless you think you’ll become a regular customer, don't create an account for the store.
Keep your accounts secure: create a strong and unique password for your email. If 2-step verification is available, always enable it.
Watch out for suspicious links: whether it’s in an email or social media post, be wary of promotions for unbelievably good holiday offers. If you receive a suspicious email, report it by forwarding it to: report@phishing.gov.uk
Find out how to protect yourself from fraud:  https://stopthinkfraud.campaign.gov.uk

If you’ve lost money or provided your financial information to someone, notify your bank immediately and report it to Action Fraud at actionfraud.police.uk or by calling 0300 123 2040. In Scotland, call Police Scotland on 101.
 
Message Sent By
Paloma Esteve Campos
(Action Fraud, Campaigns Manager, England & Wales)

[SteveH]

Home Security

[SteveH]

We have been contacted by a business in North Wales who were reporting a fraud. They’ve fallen victim to a phishing email where the scammers pretended to be the HMRC.

Being in business, receiving an email from the HMRC is the sort of thing that can happen anytime. In this instance, the victim was duped into providing six months worth of bank statements, along with other material that the scammer can use to commit further crime. This sort of fraud highlights the power of social engineering and how convincing scammers can appear - after clicking on the link, the website looked exactly like the HMRC portal.

Always check the actual email address that the email has been sent from and visit the official website rather than clicking on links in any unexpected emails or text messages.

NWPCyberSafe
Message Sent By
Dewi Owen
(North Wales Police, Cyber Crime Officer, North Wales)

fake copy below

[SteveH]

Don’t let scammers ruin your trip. Holiday fraud affected over 6,000 travellers last year costing them over £11 million in total.

✅ Take the time to research the company you’re dealing with. A simple online search can help you avoid unpleasant surprises later.

💳 Be cautious with bank transfer requests. If possible, pay using a credit card. Most major credit card providers offer protection for online purchases.

🛫 Suspicious about a holiday deal? 🔎 Check for ABTtravel or ATOL protected trusted logos on the company’s website.

🌊 Protect yourself when browsing for your next holiday online.  🔒Make sure your email password is strong and unique. 🔐 Also enable two-step verification where possible to further protect your details.

🙅‍♀️ Only share the necessary details when completing online transactions. Avoid oversharing personal information and only provide payment details when required. 📲 Keep your data secure.

🎣 Be cautious of suspicious links promising tempting holiday deals online or on social media.

🔗 Find out more here 👉 https://www.actionfraud.police.uk/holidayfraud

#NWPCyberSafe #StopHolidayFraud
Message Sent By
Dewi Owen
(North Wales Police, Cyber Crime Officer, North Wales)

[SteveH]

There has been a report of over 20 fake QR codes that have been placed on the parking meters across the Promenade in Llandudno.

This scam is becoming increasingly common.

The British Parking Association have ask for members of the public to join their #ParkAware campaign. They have set up a dedicated website to give you advice on the types of parking scams and how to avoid them.

Please click the link below for more information about the campaign and how to avoid various types of Parking Fraud.

https://www.britishparking.co.uk/protect-yourself-from-fraud

Message Sent By
PCSO Dan Dougherty
(North Wales Police, PCSO - We Don't Buy Crime, Forcewide)

Yesterday, North Wales Police were informed by staff at Conwy County Council that they have discovered 20+ additional fraudulent QR code stickers on their parking meters since the weekend. These stickers once scanned are leading to a fake website that for all intents and purposes look legitimate. The victim is therefore entering their bank card information to pay for their parking, which the offenders then use to go on a spending spree.

Denbighshire Council have had a similar spate and published a Facebook post to warn about these yesterday. Read their post here: https://www.facebook.com/share/1AGS5jKu69/

North Wales Police are working closely in conjunction with the affected County Councils to assist and to further progress the investigations. Any persons who have fallen foul of this scam typology are encouraged to contact North Wales Police to report the matter.

It is very possible that other areas of North Wales will also be targeted by the offenders, particularly as it gets busier into the spring and summer. Please share this information with your family, friends and neighbours to make sure that they don’t get caught out.
#NWPCyberSafe

[SteveH]

Data shows that there was a rise in social media and email account hacking reported in 2024, with a total of 35,434 reports made to Action Fraud, compared to 22,530 reports made in 2023 with nearly £1 million lost to hackers last year.

The most common motives for social media hacking were either investment fraud, ticket fraud or theft of the targeted account for extortion.

To protect your accounts you need to -

✅ Enable 2-Step Verification on each online account you have – this adds an extra layer of security to your accounts and will help prove your identity when logging in and stop fraudsters from stealing or accessing your valuable information. It can be turned on in a matter of minutes – time well spent to keep the fraudsters out.

✅ Secure your social media and email accounts by ensuring each password is strong and uses three random words. Remember to never share your passwords with anyone else.

Find out more about how to take these steps here – https://www.ncsc.gov.uk/cyberaware/home

#NWPCyberSafe
Message Sent By
Dewi Owen
(North Wales Police, Cyber Crime Officer, North Wales)

[Ian]

Secure your social media and email accounts by ensuring each password is strong and uses three random words.

I've been waiting for this recommendation for some years. Although the use of three random words was recommended more than 20 years ago, many inadequate web designers have been suggested absurdly over-complicated strings of characters for at least that time and millions have been lost as a consequence.

About twenty years ago, mathematicians calculated using three random words produced one of the strongest passwords to crack.  From our own NCSC:

"enforcing complexity requirements is a poor defence against guessing attacks. Our minds struggle to remember random character strings, so we use predictable patterns (such as replacing the letter ‘o’ with a zero) to meet the required 'complexity' criteria.

Of course, attackers are familiar with these strategies and use this knowledge to
optimise their attacks. Counter-intuitively, the enforcement of these complexity
requirements results in the creation of more predictable passwords. Faced with
making yet another password with specific requirements, users fall back on
variations of something they already know and use, falsely believing it to be
strong because it satisfies password strength meters (and is accepted by online
services)."

The article is well worth reading in full, as it demolishes the idea of complex passwords, and promotes the concept of the 'three unconnected words' as the ultimate security - at least until all our machines and online connections are equipped with optical and face recognition. As they say "Three random words' power is in its usability, because security that's not usable doesn't work."

[SteveH]

I am careful about putting personal information in our bins, re identity theft etc. I noticed recently that my chemist prescription deliveries have your name, address and date of birth on a printed label on the paper bag, not ideal, but necessary for double checking that they are going to the right person, so be aware in the future.......... and by complete coincidence ...........

North Wales Police have recently seen an increase in reports of incidents where compromised personal information has been utilised to apply for such things as credit applications, loans, new bank accounts or insurance.

Please see the attached checklist which relates to identity theft that will raise awareness and provide advice on what do when identity theft has occurred and how to prevent it from happening again.....

check list  https://members.northwalescommunityalert.co.uk/AlertMessage/Attachment/155EAFFC0AC88E7D4377EAB2456C78F0

Message Sent By
Dewi Owen
(North Wales Police, Cyber Crime Officer, North Wales)



 

[Hugo]

Man charged after keyless car thefts at coastal towns across North Wales
Incidents have taken place in Prestatyn, Rhyl, Abergele, Penrhyn Bay, Llandudno and Llandudno Junction




https://www.dailypost.co.uk/news/north-wales-news/man-charged-after-keyless-car-31263472