Fake DPD messages lead to over £200,000 in losses since June

Action Fraud has warned the public to stay alert after victims report losing £242,000 to criminals pushing fake DPD emails and texts.

In November 2020 alone, the Suspicious Email Reporting Service (SERS) received 5,478 reports of suspicious DPD emails (a 655% increase compared to October). The fraudulent messages claiming to originate from DPD state that a package was unable to be delivered followed by instructions on how to rearrange a delivery with a link to a malicious website that requests a small fee for the rearrangement. If the payment is made, the victim will then receive a phone call from malicious actors claiming to be from their bank, informing them about alleged suspicious activity on their account. The individual is then told that their bank details may be compromised and thus should transfer their money into a ‘safe alternative’ account to prevent further loss. Unfortunately, this in reality means that the victim has unknowingly transferred their money into an account that is under the control of the criminal.

In other instances, criminals have obtained enough personal detail and security information during phone calls with unsuspecting individuals to enable them to take out a loan under the name of the victim and transfer the money into an account under their control.
'WeLeakInfo' Site: UK Police Arrest 21 Alleged Users

Authorities have stated that the now seized 'WeLeakInfo' site sold access to 12 billion personal records including information such as names, usernames, passwords, email addresses and phone numbers to criminals who could purchase a subscription to the site for as little as $2 per day.

The NCA have stated that 21 individuals in the UK have been arrested on suspicion of purchasing information from the site. Of those 21 arrested - all men aged between 18-38 - nine were detained on suspicion of Computer Misuse Act offences, nine for Fraud offences and three are under investigation for both.

A further 69 individuals in England, Wales and Northern Ireland aged between 16-40 were visited by Cyber Prevent officers, warning them of their potentially criminal activity. 60 of those were served with cease and desist notices.

The NCA and UK policing’s Cyber Choices programme aims to prevent young people inadvertently slipping into cyber crime and divert them to more positive pathways in tech.
Buying and selling second-hand devices

Following the festive season, it is not uncommon to see a rise in the selling of second-hand devices due to people buying or being gifted newer devices for Christmas.

While buying or selling second hand phones, tablets, laptops or computers can be a budget and environmentally friendly way to upgrade or get rid of your own devices, it is important to do so safely. The National Cyber Security Centre have released brand new guidelines on how to do so.

Buying a second-hand device

Choosing the right device for you: 

While individuals don't always need to spend excess money and buy the latest model of a device, in order to stay safe, it is recommended that you avoid devices that are no longer (or soon to be) supported by the manufacturer. Devices, such as smart phones, that are not supported by its manufacturer will not receive updates that are meant to improve its performance and features. More importantly, unsupported devices will not receive security updates from the manufacturer which can make the device vulnerable to malicious actors and malware.

Before you use your new second-hand device 

After you receive your used device, it is best practice to perform a factory reset, this will reset the device and delete all of the previous owners data and ensure that the device is in the best state for you to begin using it.

Selling a second-hand device

Before erasing your data

It is vital to delete all your personal data from a device you are selling. Before you do, ensure that you have backed up versions of all data you wish to keep and make sure you know all of the login details of the services that you would usually need to access on that device (i.e. online banking).

Erasing your data

Many of our devices, especially smart phones, often contain a plethora of sensitive personal data such as work documents, financial and personal information. Therefore, it is vital to ensure that before we give up these devices, we delete all personal data so that it does not unintentionally fall into the hands of a criminal.

The best way to ensure that all of the devices content is erased is by performing a factory reset. This process will remove all data from the device messages, contacts, photographs, browsing history, WiFi codes, passwords, and any apps installed.

How you perform such a reset differs depending on your device, but instructions on how to do so can most often be found on the manufacturers website.
Vigilance urged following COVID-19 vaccine scams.
Capcom releases new update on ransomware attack.
Billions in Bitcoin residing in inaccessible wallets.
Sports clubs gather for summit on cyber security.
Bitdefender, a Romanian security firm, have released a free tool that that can help victims of ‘Darkside’ ransomware recover their encrypted files without paying the demanded ransom.
Ubiquiti: Change Your Password, Enable 2FA

Cloud-enabled IoT (Internet of Things) device vendor, Ubiquiti, are urging customers to change their passwords and enable multi-factor authentication after an incident in which a third party cloud provider may have exposed customer information and credentials used to remotely manage Ubiquiti equipment.
Top Penetration Testing Toolkits Abused by Cybercriminals

Malware creators have been utilising open-source security tools commonly used by organisations. Malicious actors and hackers can alter these tools as use them as a means of deploying and spreading malware onto compromised networks.
Chinese start-up leaked 400GB of scraped data exposing 200+ million Facebook, Instagram and LinkedIn users

Up-and-coming Chinese social media management company ‘Socialarks’ has been subject to a large scale data leak exposing over 400GB of personal data.

Socialarks unsecured ElasticSearch database contained sensitive personally identifiable information from at least 214 million social media users ranging from Facebook, LinkedIn and Instagram. According to the Safety Detectives, Socialarks ElasticSearch server was publicly exposed without password protection or encryption.
What can we offer you?
Get in Touch
Click here to subscribe to the Cyber Crime Sentinel Newsletter!
If you think you may have been the victim of fraud or cybercrime and incurred a financial loss or have been hacked as a result of responding to a phishing message, you should report this to Action Fraud 

Spotted a suspicious email? If you have received an email which you’re not quite sure about, forward it to the Suspicious Email Reporting Service (SERS):

Alternatively you can call 0300 123 2040
to report and obtain advice about fraud or cyber crime

Our lives are relying on technology more every day. Join us each week for your bitesize cybersecurity podcast. In this increasingly technical world we deliver non-technical cyber news, and identify the current threats we’re facing.
Registration for the CyberFirst Girls Competition 2021 is now open

The NCSC are working hard to get more girls interested in a career in cyber security. The CyberFirst Girls Competition provides a fun but challenging environment to inspire the next generation of young women to consider a career in cyber security.

The competition is a team event, with each one made up of 4 female students from Year 8 in England and Wales, Year 9 in Northern Ireland and S2 in Scotland.



The WMCRC work with local Universities and Police forces in Staffordshire, West Midlands, West Mercia and Warwickshire to provide you access to the latest information on emerging cyber threats, criminal trends and best practice to protect your business.
Apple Podcast
Copyright © 2021 West Midlands Regional Cyber Crime Unit, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp