Eight arrests in Royal Mail text scam investigation

Eight men suspected to have been involved in a widespread smishing campaign have been arrested, the campaign involved malicious text messages being sent  scammers impersonating the Royal Mail and requesting a fee in order to retrieve a parcel. The City of London and Metropolitan Police have stated that the suspects were arrested in Coventry, London, Essex, Birmingham and Colchester.

The individual arrested from London is facing charges of false representation, possession of articles for use in fraud and possession of criminal property (money laundering) while the other suspects have been released but remain under investigation.

West Midland Businesses urged to sign up to new cyber-security scheme

West Midland businesses are being encouraged to register to a new cyber security scheme called Police Cyber Alarm - a government funded system that is designed to monitor the traffic of a member’s connection to the internet to detect and regularly report any suspected malicious activity.

Detective Sergeant from Warwickshire’s Police Cyber Crime Unit, Martin Metcalfe, stated that ‘the more businesses that sign up for this scheme, the better picture we’ll get of cyber threats in the county and the better able we are to protect the wider business community.’

For more information please visit

Air India: At least 4.5 million people's data exposed following IT system hack

Popular airline, Air India, has been hit by a ‘sophisticated’ cyber attack that resulted in the personal data of at least 4.5 million people being exposed. The sensitive data breached in the attack included the names, payment details and passport information of customers from as far back as 10 years ago.
CyberSprinters: Game and activities

The NCSC has launched an educational online cyber security game and resources aimed at 7 to 11 year olds. The online game sees players become a ‘cybersprinter’ who is racing against its own depleting battery power. Users can win battery power by correctly answering questions about cyber security but face losing it if they bump into ‘cybervillains’.

To play the game and access the resource packs visit:

New figures reveal victims lost over £63m to investment fraud scams on social media

The use of social media by criminals is helping to buck the trend for typical #investment fraud victims, with under 30s being most affected. Be #ScamSmart and visit before investing.

How to Tell a Job Offer from an ID Theft Trap
Securing your WhatsApp Account

For many, Facebook owned messaging service WhatsApp is the primary means of communication between friends, family and for some even work colleagues and clients. We probably all know someone who's reported that their WhatsApp account has been taken over by a malicious actor, so it is therefore crucial that steps are taken to secure your accounts and protect your personal data.
Step 1: Set up Two-Factor Authentication

Two-Factor Authentication (2FA) provides an extra layer of protection by implementing a secondary authentication factor in order for users to verify their identity. To enable 2FA on WhatsApp open the WhatsApp app go to settings > account > two step authentication and enable. You will then need to set up a 6 digit PIN that you will need to input if/when you re-register your phone number with a WhatsApp account.
It is recommended that you also add an email address, as this will allow you to recover your account if you lose your pin.

Step 2: Enable Biometrics
If your device is equipped with biometric security features consider utilising them as an additional safeguarding measure to protect your account. WhatsApp allows you to enable biometrics by going to settings > account > privacy > fingerprint lock.
This aids in protecting your account from being accessed by malicious actors who physically get hold of your device, even if the device itself is unlocked.
Step 3: Check and Understand the Encryption Settings

Most WhatsApp users are aware of its handy built in end-to-end encryption; however, it is less known that each chat has a bespoke security code used to verify the end-to-end encryption of your chats. If you are sharing sensitive or private information over WhatsApp, it is best practice to ensure that the encryption is working as it should.

You can do this by opening the chat you wish to check, tapping on the name of the contact and pressing ‘Encryption’. This will allow you to view the 60-digit number and QR code unique to you and the individual you are contacting with. To verify that encryption you can either scan the QR code (if a green tick appears the codes match), or if you are not physically near the individual, iPhones and Android devices allow you to share the security code via means such as SMS or email, which allows you and the person you are contacting to visually compare the 60 digit number. If the codes/numbers match then the encryption is working as it should, if they do not match then it is likely that you are scanning the code of a different phone number or contact.

It is important to note that the security codes that are visible for you to verify are not encryption keys.

Further reading and sources:
Yes, Windows 10 Has Ransomware Protection: Here’s How To Turn It On

With ransomware continuing to be on the rise, it is increasingly important that businesses and end users alike implement steps in order to build their cyber resilience. Many Microsoft users are unaware that Windows 10 offers built in ransomware protection that can be easily enabled by searching ‘ransomware protection’ into the Cortana search bar.  From that, you will then be able to turn on ‘Controlled Folder Access’ allowing you to protect your important files.

Google Patches 32 Vulnerabilities With Release of Chrome 91

Google has announced the release of Chrome 91 that will address 21 vulnerabilities that were uncovered by third party researchers. The most critical of these bugs was the CVE-2021-30521 flaw, a heap overflow in auto-fill, the discovery of which resulted in the researcher being paid a $20,000 bug bounty for their findings.
Cybercriminals Exploiting API Keys to Steal Cryptocurrency

Malicious actors are exploiting cryptocurrency exchange API in order to steal funds from victims. Exposed API keys allow cybercriminals to withdraw cryptocurrency from individuals without the relevant permissions and withdrawal rights. According to CyberNews researchers, over $1,000,000 worth of cryptocurrency is stored in exchanges with exposed API and the selling of stolen API keys is also becoming increasingly popular on hacker forums.
Malware exploited macOS zero-day flaw to secretly take screenshots. Update to Big Sur 11.4 now

A substantial vulnerability has recently been uncovered in MacOS machines that allows malicious actors to side-step built in privacy systems. According to researchers at Jamf, the malware targets applications where a Mac user has granted screenshotting permissions such as Skype or Zoom.  Once installed, the malware will then inject malicious code into these otherwise harmless apps so that screenshots can be taken of the users screen without their permission. Mac users are being urged to update their operating system urgently to rectify the bug.

What can we offer you?
Click here to subscribe to the Cyber Crime Sentinel Newsletter!
Get in Touch

SME Inputs 

Join our monthly online webinars aimed specifically at Small and Medium-sized Enterprises to discover what cyber threats could potentially impact your business and get the latest advice and cyber awareness training for all staff. To register visit:

Cyber Security Awareness Webinars: Schools and Education

Join our online webinar aimed at schools and educational organisations and discover how cyber attacks and ransomware are being used to target them. Get the latest advice and cyber awareness training for all staff.

Please note: All participants are screened before being invited to the event. Please use your corporate email address when registering.

Cyber Choices: Virtual School and Education Events

Join our online webinars aimed at schools and educational organisations for advice and support on how we can help young people make informed cyber choices and use their cyber skills in a legal way.

Please note: All participants are screened before being invited to the event. Please use your corporate school email address when registering.

UK Education and Childcare Sector Alert and Resources

The National Cyber Security Centre has released the following guidance to schools - Cyber Security for Schools.  This page houses free resources for everyone working with schools. The education sector has recently been affected by a number of cyber incidents. 

Alert: Further targeted ransomware attacks on the UK education sector by cyber criminals

Support for UK education sector after growth in cyber attacks

New NCSC guidance aimed at the UK Early Years education and Childcare sector
The new guidance, produced in association with key stakeholders in the Early Years sector, will help organisations protect the growing amounts of sensitive information held on children and their families, from both accidental damage or from online criminals.

Get in touch with us if your school or organisation would like support with staff training. 

If you think you may have been the victim of fraud or cybercrime and incurred a financial loss or have been hacked as a result of responding to a phishing message, you should report this to Action Fraud 

Spotted a suspicious email? If you have received an email which you’re not quite sure about, forward it to the Suspicious Email Reporting Service (SERS):

Alternatively you can call 0300 123 2040
to report and obtain advice about fraud or cyber crime
Our lives are relying on technology more every day. Join us each week for your bitesize cybersecurity podcast. In this increasingly technical world we deliver non-technical cyber news, and identify the current threats we’re facing.

Our colleagues in the West Midlands Police Economic Crime Unit also produce cyber and fraud focused business newsletters. If you wish to subscribe to their newsletter, please e-mail  - 


The WMCRC work with local Universities and Police forces in Staffordshire, West Midlands, West Mercia and Warwickshire to provide you access to the latest information on emerging cyber threats, criminal trends and best practice to protect your business.
Apple Podcast
Copyright © 2021 West Midlands Regional Cyber Crime Unit, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp