In November 2016, the UK government launched the new Cyber Security Strategy, of which a major plank was the creation of The National Cyber Security Centre (NCSC) as part of GCHQ and giving it a mandate to pursue the radical action required to better protect the UK's interests in cyberspace.
A key strand in this new approach is the NCSC's Active Cyber Defence (ACD) programme, which aspires to protect the majority of people in the UK from the majority of the harm, caused by the majority of the attacks, for the majority of the time. It is intended to tackle the high-volume commodity attacks that affect people's everyday lives, rather than the highly sophisticated and targeted attacks which are dealt with in other ways.
It consists of a number of interventions that perform a particular security service for public sector organisations.
This service works by requesting that hosting providers remove malicious content that is pretending to be related to UK government and also certain types of malicious content hosted in the UK. In 2017, the following results were achieved:-
· 18,067 unique phishing sites were removed across 2,929 attack groups that pretended to be a UK government brand, wherever in the world they were hosted.
· This reduced the median availability of a UK government- related phishing site from 42 hours to 10 hours.
· 121,479 unique phishing sites were removed across 20,763 attack groups physically hosted in the UK, regardless of who it was pretending to be.
· NCSC worked with 1,719 compromised sites in the UK that were being used to host 5,111 attacks, intended to compromise the people that visited them. As a consequence, the median availability of these compromises has been reduced from 525 hours to 39 hours.
· the month-by-month volume of each of these has fallen, suggesting that criminals are using the UK government brand less and hosting fewer of their malicious sites in UK infrastructure.
· NCSC notified email providers about 3,243 Advance Fee Fraud attacks, pretending to be related to UK government.
· NCSC have stopped several thousand mail servers being used to impersonate government domains and sending malware to people, in the expectation that the government link makes them more realistic.
· The volume of global phishing has gone up significantly (nearly 50%) over the last 18 months, but the share hosted in the UK has reduced from 5.5% to 2.9%.
DMARC helps email domain owners to control how their email is processed, making it harder for criminals to spoof messages to appear as though they come from a trusted address. Organisations that deploy DMARC properly can ensure that their addresses are not successfully used by criminals as part of their campaigns. NCSC are helping the public sector lead in deploying DMARC, including the prioritisation of 5,322 government domains for adoption in the first instance.
At the end of 2017, there are 555 (about 10%) government domains reporting to the Mail Check service.
Across the 555 public sector email domains reporting to Mail Check, we are seeing an average of 44.1 million messages a month which fail verification. Of those, an average of 4.5 million are not delivered to the end users. The peak in June saw 30.3 million spoofed messages not delivered to end users.
Web Check performs some simple tests on public sector websites to find security issues.
It provides clear and friendly reporting to the service owners, along with advice on how to fix the problems.
During 2017 Web Check performed 1,033,250 individual scans running 7,181,464 individual tests.
In that period, it found 2,178 issues relating to certificate management, 1 relating to HTTP implementation, 184 relating to out of date content management systems, 1,629 relating to TLS implementation, 76 relating to out of date server software and 40 other issues.
The Public Sector DNS service provides protective DNS services to public sector bodies that subscribe to it. It blocks access to known bad domains, where the block lists are derived from a combination of commercial, open source and NCSC threat feeds. It also performs analytics on the resolution data to find other security issues. The intent of the service is not just to block bad things, but to notify system owners so they can perform remediation.
At its peak in December 2017, the public sector DNS services was responding to 1.23 billion requests a week.
During that peak week, 273,329 requests were blocked.
Work is ongoing to make both source and destination address spoofing in IP space much harder and the consequent impact this could have on using UK infrastructure as part of a DDoS attack and traffic hijacking.
In summary, there is clear evidence that NCSC is doing what it was setup for and is making a big dent in the world of scams, phishing, data breaches and more.
Well done the NCSC in it’s first year.
https://www.ncsc.gov.uk/ for further information
Do Share this post on social media –click on the icons at the bottom of the article.
The Information Commissioner's Office (ICO) is the independent regulatory office dealing with the Data Protection Act 1998 and the Privacy and Electronic Communications Regulations 2003 across the UK plus several other related government acts.
The Office's mission is to "uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals"
The ICO can take action to change the behaviour of organisations and individuals that collect, use and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit. The ICO has the power to impose a monetary penalty of up to £500,000.
The ICO is very busy as more than 140,000 concerns about nuisance marketing were reported to the ICO in 2016 – about 370 a day
The ICO has issued more than £1m in fines to cold call crooks in 12 months with another £2m of fines in the pipeline. There is an upcoming law change which would allow ICO to fine not only nuisance call companies but the directors behind them.
1. Tell the caller you don’t want to receive marketing calls from them. If the organisation continues to call you can report your concerns to ICO
2. Register for free with the Telephone Preference Service, a list of people who have opted out of receiving live marketing calls. If you register with the TPS and continue to receive nuisance live marketing calls 28 days after registering, you can complain either directly to the TPS or report your concerns to ICO.
When prosecuted, some of the cold calling companies have deliberately gone into liquidation so they cannot pay the fine and the prosecution comes to a stop.
The ICO is fighting back against this action by working with other regulators such as the Insolvency Service and Claims Management Regulator.
The Insolvency Service disqualified Hassim Iqbal, the director of personal injury claims management company Check Point Claims, from being a director for failing to comply with regulations relating to its business. Blackburn-based Check Point Claims failed to pay an ICO fine of £250,000 for making 17.5 million nuisance calls.
The European Union’s General Data Protection Regulation (GDPR) is a new law which will apply in the UK from 25 May 2018. This will not be affected by the UK’s plans to leave the EU.
See www.fightbackonline.org/index.php/business/47-legal-changes-to-business-to-business-email-marketing for further information on GDPR.
The ICO has published detailed guidance for companies carrying out marketing – explaining their legal requirements under the Data Protection Act and the Privacy and Electronic Communications Regulations. The guidance covers the circumstances in which organisations are able to carry out marketing over the phone, by text, by email, by post or by fax.
The Privacy and Electronic Communications Regulations (PECR) sit alongside the Data Protection Act. They give people specific privacy rights in relation to electronic communications. There are specific rules on:
marketing calls, emails, texts and faxes;
cookies (and similar technologies);
keeping communications services secure; and
customer privacy as regards traffic and location data, itemised billing, line identification, and directory listings.
· 9,689 concerns were reported to the ICO in November 2017
· Hamilton Digital Solutions were fined £45,000 for sending over 150,000 spam texts.
· Enforcement notices
· Hamilton Digital Solutions were also issued with an enforcement notice, ordering them to stop illegal marketing or face legal action.
· 177 cases were under investigation
· 25 third party information notices issued (these notices compel communications service providers to give information to the ICO).
ICO rely on people reporting nuisance callers, so it’s important to report such problems.
To report a concern to the ICO telephone the helpline on 0303 123 1113 or go to ico.org.uk/concerns.
If you have any experiences with scammers, spammers or time-wasters do let me know – go to the About page then Contact Us.
Do you need an essay written for you – at school, at college or even as a PhD student?
There are hundreds of essay writing services on the Internet offering to write essays on any subject, to whatever standard you choose and as fast as you need.
Of course, the higher the standard and the faster you need the result then the more you have to pay.
An undergraduate assessment paper of 1 page guaranteed a 2.2 costs £13.77 within 10 days or up to £20.25 if needed within 3 hours.
A speech for High School use of 1 page delivered within a week costs £12.77
A PhD dissertation of 10000 words at first class level within one month costs £3,240
These sites clam to produced non plagiarised work i.e. they don’t copy anything - all of the content is original.
Some say this means the student shouldn’t be accused of cheating because the work is original, but of course it’s not written by the student which is the purpose after all.
You may consider this to be cheating or just ‘helping’. However, by presenting someone else's work as your own you would be in breach of the plagiarism policy at any university. The papers might pass an online plagiarism scan, but the tutor may recognise the style or typical content is significantly different to your usual work and if asked to reproduce the work in a classroom situation – that may be impossible.
1. These websites typically promise the results are plagiarism free (i.e. none of it is copied from someone else’s work), but there is obviously a big temptation for writers to make their lives easier by a little copying.
2. The websites state that the work is for example or research only and is not to be handed in to a tutor or any exam body or similar.
3. Essay writing services do not directly employ writers normally – they have a bank of freelance writers who can be called upon to deliver specific pieces of work. This gives them access to a wide range of writing talent but also makes them extremely dependent on the skills (and timekeeping etc.) of those freelance writers. They may contract to provide you with a piece of work to a set standard by an agreed deadline but it all depends on the freelance writer assigned to the task.
4. If the service fails to provide work to the agreed standard or deadline, there is little you can do beyond requesting a refund. You may only get a credit against another piece of work.
5. Generally the higher the price then the better and/or faster the work but that isn’t always true and some services give poor results (according to reviews) and trust that people won’t complain too much.
It is quite difficult to find real reviews of the essay writing services as many of them try to capture any searches looking for bad reviews. But there are genuine reviews on some sites e.g.
“What a disappointment and terrible experience.”
“This paper is without a doubt NOT college-level material! I asked them to revise the paper because of many errors that were very easy to recognize, and it did not even include some of the main points that I stated in the description of the assignment! Even after a revision, the paper was still not close to acceptable. Some of the many errors include: the first sentence did not even make sense, half of the paper was grammatically incorrect, it was in numerous different fonts, and the writer used bullets in the paper rather than writing it in essay format because they seemed to be too lazy to add to a body paragraph!”
“They did not even complete my assignment and the summaries I asked them to do? They basically copied and pasted excerpts directly from the articles and they had so many grammatical errors that I would have have to redo the assignment.”
“Terrible. Wasn’t completed on time. No direct quotes from research. Not in correct format. Messy disorganized. poor transitions and word choice. This paper is a sure "F" for me. What a waste of money. I even paid for a better writer. Never again.”
The Universities minister (till January 2018), Jo Johnson, said: “Essay mill websites threaten to undermine the high quality reputation of a UK degree.”
He asked student organisations and the institutions for guidance to help combat “contract plagiarism”, where tens of thousands of students are believed to be buying essays for hundreds of pounds a time.
The Quality Assurance Agency (QAA), believe there are now more than 100 essay mill websites in operation.
U.K. institutions develop their own plagiarism policies, but the QAA has recommended new laws to make it illegal to help students “commit acts of academic dishonesty for financial gain”, punishable with fines of up to £5,000.
The Irish government are working on new anti-cheating laws based on legislation introduced in New Zealand which makes it illegal to advertise or provide third-party assistance to cheat. It is suggested the UK could also look to those laws as examples.
If you do use an essay writing service for its correct purpose i.e. for examples or research, then do consider for example testing the service before committing a lot of money and do check online reviews where possible.
Some scammers set-up fake essay writing websites and send out scam emails linking back to those sites. They may believe that few customers will contact the Police even if no essays are delivered.
Do you have an opinion on this matter? Please comment in the box below.
There are huge numbers of apps available for your smart phone, with more appearing every day. Many are free, some start out as free but try to make you spend for an upgrade and some you have to pay for.
The quality of these apps is highly variable and the price may bear little no relation to the quality.
There are many very useful apps, lots of ones that are simply entertaining in some way, informative apps and so. But there are also bad apps – scam ones that promise something you want but fail to provide, ones that claim to be harmless but are Trojans and infect your device with malware or try to steal confidential information and some that are simply rubbish.
Why are these bad apps allowed?
When someone creates a new APP and uploads it to Android or APPLE, some checks are carried out but these are limited and the scam apps can get through or sometimes the original APP is harmless then updated by the author with added scam features. If you choose to download from a 3rd party site i.e. not from Google or APPLE then the chances of getting a bad app may be higher.
When you install a new APP it asks for permission to access various features and data in your phone.
You should check these and see if they make sense. E.g. a photo APP will need access to your pictures on the phone.
Many apps ask to check your location – largely so they can tell where people are that are downloading their APP.
But do be careful – if you download for example a flashlight APP and find it asks for permission to access your pictures and movies and to make calls then do not continue. apps should only ask for permissions that make sense based on the nature of the APP.
These are apps that are ‘just for fun’ and don’t actually do anything useful. E.g. X-RAY scanning which is obviously not possible any more than the old X-RAY spectacles that used to be advertised in magazines and newspapers to let you see through anything.
There are Lie Detector apps that fall into this category by giving random lie/truth responses.
As you might expect there is one called ‘The Most Useless APP ever’ and it is just that but at least it’s free.
These are apps that claim to do something useful but do not. Sadly, some people pay for them and maybe never realise they have been conned e.g.
Battery Extenders or Chargers
These claim to extend the life of your battery or recharge it without plugging in to the mains. Once installed, these may suggest you shake, rattle, or otherwise do exercise with your phone and it will be magically recharged. Nope – not possible.
Memory Boosting apps
Many people’s phones run out of memory due to too many games or pictures or movies etc. stored on the phone or maybe there is very little memory to start with and a few installed apps use it all. The idea of magically extending the memory without actually buying more memory was tried on PCs in the nineties and software claiming to double your RAM became popular. However it never worked on PCs and it doesn’t work on smart phones.
There are people who create malicious apps – ones that try to steal confidential information or take over your phone. These can be in any guise but are most commonly apps that promise something fantastic e.g. easy money making.
Even anti-virus apps can be dangerous. Research by RiskIQ showed that out of 4,292 active antivirus apps, 525 were potentially malware. 525 of those were in the Google Play store and the remainder in third-party app stores. Be very careful of anything you download for your smart phone that isn’t from GOOGLE or APPLE and with anti-virus apps - pick one of the major makers not a little known company.
There are numerous anti-virus apps that are believed to have no effect such as ANG Anti-virus which seems intended to be a copy of AVG Anti-virus but doesn’t function.
These are almost always a scam. The promise of easy money is very attractive to many people and scammers make use of this. Always ask yourself how the supplier can make money from what they offer. If they want you to fill in a few surveys then how can they possibly make enough from your entries to make profit themselves? The answer is “it’s not possible” in almost all cases.
Retailers can ask their own customers to fil in surveys at no cost. It is rare for a business to pay for a survey and then the people taking the survey would have to fit specific criteria e.g. for a car maker it might be that you have bought a new car in the last 12 -24 months.
If they want you to install apps in order to be paid then think carefully before agreeing.
There are endless poor quality apps available. This is often because the app maker does not have the time and resources to invest in making a quality app but it can just be a case of people dumping rubbish apps on the market and not caring.
There is a big demand for online dating and a large number of apps try to make this work. Some of the larger dating services do have very good apps and use the science they can but many are just cheaply created, have no science behind them and invent the numbers of users they claim.
The Ashley Madison debacle showed that while large numbers of men used the site, almost all of the supposed women users were faked by Ashley Madison employees. The men believed they were being contacted by real women but it was largely automated software they were talking to. The Ashly Madison small print did state that use of the site is purely for entertainment i.e. people shouldn’t complain if the person they are talking with is a fake.
Most dating apps have only tiny numbers of users, but they don’t tell you that.
Be careful downloading new apps – preferably only from Google or APPLE depending on your smart phone, do check reviews before downloading and do check any permissions asked for make sense.
If you have any experiences with bad apps do let me know – go to the About page then Contact Us.
You will have read about or heard about cyber currencies such as Bitcoin. There are constant adverts trying to get people to buy Bitcoins with promises of instant wealth. While it’s true that Bitcoin has gone up in value massively – it is extremely volatile so is dangerous as an investment. Also, the value only exists on computers and there have been break-ins at places where ‘bitcoin’s are stored on computer and large scale thefts have happened.
A UK based operation is creating PayperEx which is a new online market in cyber currencies.
It calls itself “The world's first alternative share market for cryptocurrencies and private companies based on blockchain technology”.
For the everyday currencies that we all use, banks hold records of how much we have (or owe) and so do other financial organisations, retailers and many others. They have ledger systems for keeping these records and audit trails to prove the figures are genuine. This is a very centralised way of keeping records and relies on the banks and other organisations who make a lot of money by managing this process.
Block chain is a method to allow de-centralised records that don’t need the involvement of banks or other financial organisations and hence transactions can be carried out at much lower charges. This is only possible with cyber currencies that use block chain.
When a digital transaction is carried out, it is grouped together in a block with other transactions that have occurred in the last 10 minutes, encrypted and sent out to the entire network. The transactions are validated by a process called “mining” which is not described in this article.
The way this distributed record works is by having a network of replicated databases that are synchronised across the Internet and can be seen by anyone in the network.
Some of these networks are private but others are open so anyone can see the records. They cannot see the confidential details of people making the transaction though. That is still private.
PayperEx say their goal is to give people from all over the world a fair, easy and affordable chance to enjoy the benefits of the share market by buying "Paypers" - share based units on cryptocurrencies and private companies.
Blockchain technology is used to make the network secure and transparent.
PAX Private Wallet is to be a peer-to-peer payments service that allows people to send and receive funds in a simple
The new coin is called PAX or PAX token and it is the only one used on the PayperEx network.
Each activity in the PayperEx network is performed using PAX, making the token an integral part of the network and the driver of its economy.
Paypers are shares based units on financial assets such as Bitcoin or a private company that will issue their shares in the network.
For every underlying asset, PayperEx will issued a limited quantity of Paypers.
Two types of Paypers will be issued: “BULL” and “BEAR”.
A "BULL Payper" for those who think that the price of the underlying asset will rise and a “BEAR Payper” is for those who think that the price of the underlying asset will fall.
For example, you believe that Bitcoin is going to rise, so you buy the “Bitcoin Bull Payper”. If Bitcoin does rise then you sell the Payper to another PayperEx participant and you have made a profit.
The Paypers – Paypers are shares based units. To trade on the PayperEx network, users need to buy Paypers, each instrument (e.g. Bitcoin, Ethereum, etc.) will have a limited amount of Paypers that will be issued.
PayperEx is a UK company, whose founders have more than 15 years of experience in the finance industry,
Will this new venture work?
We will see!
Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.
Social bots are used in social media networks to automatically generate messages including Tweets and posts, in order to advocate specific ideas, support campaigns, counter other social media postings and sometimes to pretend to be a person and attract followers etc.
Social bots appear to have played a significant role in the United States presidential election in 2016 but they have been in use since 2010.
Twitterbots are already well-known examples, but there are corresponding bots on Facebook and other social media networks.
Social bots are expected to play a growing role in elections and national votes unless legislation is enacted to restrict their impact.
A study by Oxford University says “Facebook and Twitter Bots Are Starting to Influence Our Politics” and this is a warning that the influence of social bots should can no longer be ignored.
The report from Oxford University looked at the effect that social media bots pretending to be real users online, had on the 2016 president election. Researchers aimed to determine whether the bots were actually able to affect the flow of information.
The finding was that bots did have a significant influence on digital communication during the 2016 U.S. election,.
Social bots are used "for spreading disinformation, political attacks and amplified perspectives," the study said. Research shows that politicians and campaigns have used bots in the United States and abroad in the past, allowing them to "manufacture consensus" and "democratize online propaganda" — meaning their views appear to be supported by a mass of real people.
These are social bots pretending to be real people and these are increasingly being used on social media to affect public opinion in many countries. These fake profiles are common in Russia, the US and Germany among other countries.
Jeremy Corbyn's election campaign in 2017 campaign was boosted by fake Twitter accounts, regardless of whether his people had any involvement in setting them up. They were churning out an average of 1,000 messages a day favouring Labour.
A study by the FT reported that during the BREXIT referendum campaign, "the 20 most prolific accounts … displayed indications of high levels of automation". This supported research last year, again from Oxford, that found that "on average 12.3% of traffic about UK politics is generated by highly automated accounts".
Bots with large numbers of followers are the ideal conduits for disinformation, sharing fake news within the echo chambers that have grown out of the content display logic of social media algorithms.
One in eight political stories shared on Twitter in the run-up to the general election is from a "junk news source", according to latest research.
The study found content about the Labour Party dominated traffic in the 2017 General Election.
Research was based on an analysis of political news links shared by UK users in the first week of May 2017
UK users shared one link from automated bot accounts promoting "junk" information for every four links to professionally produced news, according to the Oxford Internet Institute.
Of those shared, 53% linked to professional news and information sources, while 13% linked to junk news - stories that are misleading or conflate opinion and fact.
The rest of the sample included links to content created by politicians, experts and blogs.
The Guardian has run several stories claiming that Cambridge Analytics is “a shadowy global operation involving big data” that also made a difference in the U.K. Brexit vote.
The company claim they can persuade people to take a particular action by triggering psychological cues but the results are mixed and they have famous failures including when they backed Senator Ted Cruz to become Republican nominee and that didn’t happen.
There is little evidence that their support for Donald Trump’s campaign was helpful.
Trump’s Twitter following is estimated to be only 30 percent fake. That’s a lower percentage than, @barackobama — or The Washington Post. So you can see how widespread this problem has become.
Some people think that social bots are out of control and give too much power to those with the technology, but a lot may simply be good Marketing by these companies selling the technology.
It is very likely that the effects of social bots will grow as they become battlegrounds in major votes.
Maybe something has to be done about this.
Do you have an opinion on this matter? Please comment in the box below.
If you have been defrauded of money or assets and the Police do not prosecute, then you may consider a private prosecution – but it’s not easy.
The Police recommend that you report any fraud to Action Fraud, who collate the information and where relevant pass cases onto the appropriate Police Force.
The Police do not, however, have the resources to investigate every case.
If your case is successfully investigated it will be referred to the Crown Prosecution Service who will determine whether or not to prosecute. This may be in a Magistrate’s Court or in the Crown Court
If there is no criminal prosecution, you can consider a civil prosecution., which can result in a fine for the fraudster but not a custodial sentence or similar.
Anyone can bring a civil prosecution, but it can be expensive to pay for an investigation and prosecution so is usually only pursued in high value cases by people with significant financial assets.
Anyone contemplating a private prosecution should seek professional legal advice from a specialist solicitor or barrister.
As a fraud victim you may decide to seek compensation and recover assets by suing the fraudster (the defendant) in the civil courts. Breach of contract is the most common use for this.
A wide range of factors will influence the prospects of recovering your losses:
• whether the money, or the fraudster, is located overseas;
• the total number of claimants;
• the availability of the fraudster’s assets;
• the size of the total loss; and
• the willingness of law enforcement agencies to cooperate and share information with the claimant (particularly when a criminal case has already been pursued).
Many lawsuits result in out-of-court settlements. Those cases that do go to trial are dealt with by the County Court or High Court, where they are allocated to an appropriate ‘track’ according to their value and complexity.
You can check online whether or not you qualify for legal aid at https://www.gov.uk/check-legal-aid
It is likely that you will need to pay your own legal fees, investigation costs and out-of-pocket expenses (known as ‘disbursements’). But other funding options are sometimes available.
Some of your legal expenses may be covered by an existing insurance policy. Otherwise, it may be possible to buy ‘after the event’ insurance, with the premium paid up-front, before proceedings start.
If you are one of a number of victims affected by the same fraud, you might agree to share costs by acting collectively, in a class action.
If you pay for something using a UK-issued credit card and are defrauded, you might be able to recover your losses from the card provider.
Purchases between £100 and £30,000 made wholly or partially with a credit card are protected by Section 75 of the UK Consumer Credit Act 1974. This makes the card provider and the retailer jointly liable if something goes wrong.
As the cardholder, the most for which you will usually be liable is the first £50 of any unauthorised withdrawals or purchases (unless, for example, you have been grossly negligent such as not keeping your PIN secure).
Contact your credit card provider and give full details of what happened.
It is worth checking your insurance policies to see whether you are insured against fraud, theft and/or dishonesty.
This may be through a stand-alone policy – for example, for card protection (individuals) or employee dishonesty/fidelity (businesses) – or as part of a wider insurance product such as home contents, travel, or legal expenses.
You can sometimes buy insurance after a fraud has taken place. This is called ‘after the event’ insurance. You might need this kind of policy to help fund the costs of civil litigation, asset recovery and/or insolvency. Such policies do not really provide insurance against fraud loss, but against the high cost of trying to recover those losses through legal proceedings.
Civil actions require a lower standard of proof than criminal proceedings - they only need to establish the case on a balance of probabilities.
This information is provided by The Fraud Advisory Panel.
For further information go to https://www.fraudadvisorypanel.org/uk-victims/recovering-your-money
Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.
The consumer magazine “Which” has been going since time began.
They have always campaigned for changes to the law to help consumers and to stamp out bad practices and they have special legal powers to make this easier on behalf of all consumers.
Which? is a brand name used by the Consumers' Association - a registered charity, based in the United Kingdom. It exists to promote informed consumer choice in the purchase of goods and services by testing products, highlighting inferior products or services, raising awareness of consumer rights and offering independent advice. The association owns several businesses, including Which? Financial Services Limited (Which? Mortgage Advisers), Which? Legal Limited, and Which? Limited, which publishes the Which? magazine.
The Consumers' Association is the largest consumer organisation in the UK, with over 573,000 subscribers to its magazine.
The Consumers' Association has the power under The Enterprise Act of 2002 to take action on behalf of consumers, including the ability to bring a super-complaint to the Office of Fair Trading (OFT). A super-complaint can be made about any market that is not working properly for consumers. The OFT has 90 days in which to assess the complaint and decide what to do about it. It can reject the complaint in part or as a whole, it can launch a market investigation, take action under competition law or consumer law, or refer the market to the Competition Commission for further investigation.
Which? made its first super complaint about private dentistry in 2001.It later made complaints about care homes, the Northern Ireland banking sector and credit card interest calculation methods. In March 2011 it made a super complaint about unfair debit and credit card payment surcharges made by retailers.
In September 2016 Which? filed a super complaint against banks that routinely refuse to reimburse victims who have been scanned into transferring money into fraudsters’ accounts. Which? said banks should “shoulder more responsibility” for such fraud, much as they already reimburse customers who lose money through scams involving fraudulent account activity, or debit or credit cards.
According to official industry data, cases in the UK reported totalled 1,007,094 in the first half of 2016. Which? said: “Consumers can only protect themselves so far. People cannot be expected to detect complex scams pressuring them to transfer money immediately, or lookalike bills from their solicitor or builder” that are copied from genuine bills but have had the bank account number and sort code changed.”
Which? asked the financial regulator, to ensure banks better protect customers who are tricked into sending money to a fraudster. However, the regulator is not yet convinced that banks should be responsible for money lost to bank transfer scams.
Which? need more people to share their scams experiences with them and help put pressure on the regulator to deliver this change.
Go to https://campaigns.which.co.uk/scams-fraud-safeguard/ to add your name to the campaign.
Payment protection insurance (PPI) was usually sold with products that you need to make repayments on, like a loan, credit card or mortgage. It was designed to cover repayments in certain circumstances where you couldn’t make them yourself. These include if you were made redundant or couldn’t work due to an accident, illness, disability or death.
As many as 64 million PPI policies have been sold in the UK, mostly between 1990 and 2010.
But Which found that PPI was often mis-sold. More than £27bn has already been paid back to people who complained about the sale of PPI.
Which don’t think banks always treat their customers fairly and wants bankers to start putting customers first.
The public deserve better and banks should be publicly held to account for their customer service
Which? need your support to convince the regulators, government and banks to deliver better everyday banking
http://www.which.co.uk/campaigns/better-banks/ to add your name to the campaign.
Which? want to make Whirlpool do more to prevent faulty dryer fires
Some 750 fires have reportedly been linked to Whirlpool’s faulty tumble dryers. Despite beginning a repair programme, Whirlpool’s fire-risk dryers continue to pose a potential threat to people’s homes. Whirlpool’s seemingly slow, and Which? think inadequate, response has further highlighted problems with the current product safety system. Join them in challenging Whirlpool to sort this mess out quickly.
Go to https://campaigns.which.co.uk/challengingwhirlpool/ and add your name to the campaign.
Which? are working with the Government to take action on nuisance calls and text messages.
Which want to stop you from being bombarded by this menace.
Sign their petition and report your nuisance calls to keep up the pressure
Go to http://www.which.co.uk/campaigns/nuisance-calls-and-texts/ and add your name to the campaign.
If you have any experiences with scammers, spammers or time-wasters do let me know – go to the About page then Contact Us.
In the past, when almost everyone had to work physically hard to get enough food, obesity was not a major problem. But nowadays, many of us have sedentary lives, get little exercise and have access to a huge range of foods many of which are calorie dense, meaning you don’t have to eat much to get a lot of calories – chips, pasta, sweets, cake, biscuits etc. And we love this stuff, feeding ourselves on processed foods to save time or money or just because we prefer the mix of salt, fats and sugars the manufacturers often load into the products.
Obesity is very much a serious problem in the advanced countries and the weight-loss industry is enormous but not necessarily very effective.
In the USA from 1980 to 2000 obesity rates doubled. In 2001, the U.S. surgeon general announced that obesity had reached “epidemic” proportions. Now, around 37% of adults are classed as obese . In Europe the picture is little better with most countries having more than 20% obese and the UK the worst at 28%.
Diets, supplements etc. clearly help some people, but the problem of obesity continues and ever more fad diets and methods for weight loss keep appearing and sadly many are complete scams, perpetrated by people simply seeking to take advantage and make money for nothing.
The weight-loss industry is worth more than $100 billion worldwide.
Two of the most commonly used diet methods are the 5:2 diet and the Mediterranean diet which both have good scientific evidence to support them.
But, in theory, you can lose weight on pretty much any diet - as long as you eat fewer calories than your body consumes in your daily activity.
Many weight loss programmes are quite ridiculous and have no scientific evidence to back them, but people are taken in by Marketing, celebrity endorsements and quite frankly a lot of lies.
Most diets work by making us eliminate certain foods from our diet. Remove one food (or many foods), eat other foods, and you will lose weight. But stopping eating favourite foods is not easy and is difficult to maintain long-term.
Diet regimes where the weight loss is at a moderate rate and can be sustained for a long run stand far better chance of long term weight loss than any of the quick fix methods. But you can understand why people choose the quick fix rather than the long term slow approach.
The average on most successful short term diets is about 2 -3 pounds per week. The more fat you have to lose the quicker the process at least initially. It gets harder to lose the last few pounds than the first few.
Even weight loss of one pound per week over a year gives 52 pounds and that’s a lot of weight loss if you can avoid putting it back on again.
There are endless ridiculous diets on the market, including:-
· The wine and eggs diet
· The baby food diet
· The cookie diet (seriously, just cookies)
· The cigarette diet
· The tapeworm diet (yuk)
· The chocolate diet (I’d try that)
· The magnetic diet
Some examples of scams
Scammers like to pick unusual groups or places from which suddenly emerges a magical secret that can give rapid weight loss or increased brain capacity or a diabetes cure or banish cellulite or even a cure for Cancer.
One latest one is about how Grandpa Dan and Grandma Sylvia were flying home when Dan had a heart attack and the plane had to land in Germany where they were taught a unique 2 minute ritual that magically melts away belly fat.
So much so that Dan and Sylvia between them have lost 68 pounds of unwanted weight.
Another magic weight loss secret (this one is soup) that lets you lose up to 37 pounds in just 20 days. In reality, you’d have to have your mouth sewn shut to have any hope of achieving that speed of weight loss.
Here’s another one. Apparently, breakthrough research has discovered a fat burning ingredient in a common fruit and this can lead to 47 lbs weight loss in just 30 days. To get that rate of weight loss I assume they kidnap you, chuck you in a prison and completely starve you for the 30 days. I can do without that.
A diet is simply any fixed plan of eating and drinking designed to achieve weight loss or maintain a weight or in some cases to gain weight.
1. Atkins diet
The Atkins diet, focuses on controlling the levels of insulin in the body through a low-carbohydrate diet.
People on the Atkins diet avoid carbohydrates but can eat as much protein and fat as they like.
2. The Zone diet
The Zone diet aims for a nutritional balance of 40 percent carbohydrates, 30 percent fats, and 30 percent protein in each meal. The focus is also on controlling insulin levels, which may result in successful weight.
3. Ketogenic diet
The ketogenic diet has been used for decades as a treatment for epilepsy and is also being explored for other uses. It involves reducing carbohydrate intake and upping fat intake. It sounds contrary to common sense, but it claims to let the body burn fat as a fuel, rather than carbohydrates.
4. Vegetarian diet
Many people choose a vegetarian diet for ethical reasons, as well as health.
There are many varieties of vegetarian diet including lacto-vegetarian (includes milk products).
5. Vegan diet
A vegan does not eat anything that is animal-based, including eggs, dairy, and honey. Vegans do not usually adopt veganism just for health reasons, but also for environmental, ethical, and compassionate reasons.
6. Weight Watchers diet
Weight Watchers focuses on losing weight through diet, exercise, and a support network.
Dieters can join either physically and attend regular meetings, or online. In both cases, there is lots of support and education available for the dieter.
There are thousands of other diets available of course.
The FTC has provided a checklist, which is intended for advertisers but can also protect consumers from their own gullibility. Think twice before purchasing a product that promises any of the following:
· Weight loss of two pounds or more a week for a month or more without dieting or exercise.
· Substantial weight loss no matter what or how much you eat.
· Permanent weight loss even after you stop using the product.
· Blocking the absorption of fat or calories to enable you to lose substantial weight.
· Safely lets you lose more than three pounds per week for more than four weeks.
· Substantial weight loss for all users.
· Substantial weight loss by wearing a product on the body or rubbing it into the skin.
No doubt there will be a constant stream of ridiculous diets and fads for people to follow - celebrity diets, super-foods, supplements and any number of ‘magic’ ingredients to make dieting easier. Many will not work and some will be dangerous.
The successful dieters are most likely those with a very good reason to stick to a diet and those following the straightforward diets such as 5:2 and the Mediterranean diet and those going to Weight Watchers.
Maybe something that is magical in its effect on our weight will happen one day. But I’m not holding my breath waiting for it.
Do you have an opinion on this matter? Please comment in the box below.
Ransomware started around 2012 and is where your computer pops up a message saying that your files have been encrypted and you can only get them back if you pay a ransom.
Sometimes these messages are just what is called ‘scareware’ i.e. its an empty threat and if you don’t pay then nothing is lost. But the warning can also be real and you find your files have been encrypted and the chance of getting them unencrypted without paying the ransom is very slim.
Even if you do pay the ransom you may not get your files back.
Ransomware usually gets into your computer when you open an email attachment that contains the malicious code, disguised as a legitimate file. However, WannaCry can jump from one computer to another without the user doing anything.
The story of how WannaCry was so successful in propagating itself starts with the US government. The NSA discovered a vulnerability in Microsoft Windows but didn’t warn Microsoft. The company did later find the vulnerability and issued security patches to fix it. But not everyone keeps their Windows computers fully up to date with security patches.
The vulnerability was used in a piece of software called EternalBlue which was published on the Internet by a hacking group called Shadow Brokers. Many believe the software was created by the NSA for their own use.
The WannaCry ransomware attack started in May 2017, The ransomware demands users pay $300 worth of online currency Bitcoins to retrieve their files, but the price goes up if they don’t pay on time. Even paying the ransom does not ensure a decryption key will be made available.
A UK cybersecurity researcher (known by the Twitter handle @malwaretechblog) with the help of Darien Huss from security firm Proofpoint looked at the ransomware and discovered the name of a website which was being accessed by the ransomware. The website address hadn’t been registered by anyone so he bought the domain name. This was to track the progress of the Ransomware, but turned out to be a kill switch. Once there was a website at the domain name then Wannacry stopped spreading.
Back in March 2017, Microsoft issued security bulletin MS17-010, which explained the flaw in MS Windows and announced that patches had been released. Two months later when Wannacry hit, some organisations had not installed the security patches and hence their systems were vulnerable to the attack. The day after the attack started Microsoft issued emergency security patches for Windows 7 and Windows 8. Microsoft also later released patches for unsupported Windows XP and Windows Server 2003.
The way that Wannacry encrypted files meant that in some cases a decryption key could be generated. This method was posted on the Internet and a tool known as WannaKey was developed which could use this method on Windows XP computers.
WannaCry is estimated to have infected around 200,000 computers across 150 countries. According to Kaspersky Lab, the four most affected countries were Russia, Ukraine, India and Taiwan.
The strange thing about Wannacry is that it does not seem to have been designed to make money. It turned out later that the way Wannacry demands payment by Bitcoin does not give the fraudsters enough information to create decryption keys per organisation even if they wanted to.
Previously common ransomware such as J.Lockey made millions of dollars for its perpetrators. But Wannacry only collected around $140,000. Once victims knew they couldn’t get a decryption key – they stopped paying.
What was it all about?
Wannacry was rapidly spread across Europe and Asia and happened to hit the NHS very hard for a series of reasons including that they had old Windows 95 machines on their network and because their network has a huge number of computers attached to it.
The attack affected many National Health Service hospitals in England and Scotland, and up to 70,000 devices – including computers, MRI scanners, operating theatre equipment and more were affected in some cases.
On 12 May, some NHS services had to turn away non-critical emergencies. This was life threatening for some.
Linguistic analysis of the ransom notes indicated the authors were likely fluent in Chinese and proficient in English.
Cybersecurity companies Kaspersky Lab and Symantec have both said the code has some similarities with that previously used by the Lazarus Group (believed to have carried out the cyberattack on Sony Pictures in 2014 and a Bangladesh bank heist in 2016—and linked to North Korea). This could also be either simple re-use of code by another group or an attempt to shift blame. North Korea denies being responsible for the cyberattack.
Wannacry seems to be about disruption rather than collecting money.
Plus it has the ability to jump from one computer to another – this makes ransomware much more dangerous than the versions that simply demand a few hundred dollars.
It can be expected that there are people working hard to create a new ransomware with that jumping capability but looking to make a lot of money.
The problems at the NHS showed that such ransomware can endanger life.
Hopefully many people will have been woken up by what happened and realise they have to put in the funds to keep their systems fully up to date with security patches and put more effort into maintaining the confidentiality of their customers and staff as the next generation of ransomware may be designed to capture confidential data as well.
As to the people who just want to cause disruption or deny us access to data – we can probably expect more such attacks and with a variety of reasons behind them.
Keep your online security fully up to date.
Do you have an opinion on this matter? Please comment in the box below.
If you’ve been scammed, then you need to notify the Police and get a crime number as you will need that when reporting the crime to your insurance company and others.
Depending what happened, you may have insurance that covers the loss so it’s always worth checking.
If the Police do not prosecute the fraudsters, it can be possible to make a civil prosecution yourself in some circumstances, but you would need to take legal guidance on your case to see if that can be done.
Assuming you have lost money in the scam, then there are different ways to try to get your money back depending on how the money was paid.
If you've paid for goods or services with a credit card, you may be able to get your money back from the card provider.
Credit cards have the greatest protection, as you can make a claim against your card provider under Section 75 of the Consumer Credit Act (because it means the credit card company is liable for any breach of contract or misrepresentation by the seller). This only applies to purchases between £100 and £30,000.
If you used a debit card, you may be able to ask your bank to get your money back through the chargeback scheme.
Chargeback is part of Scheme Rules, which participating banks subscribe to.
It applies to all debit card transactions including goods costing less that £100.
There are no guarantees your bank will be able to recover the money through chargeback, but you can try this route.
Chargeback also applies to credit card transactions and is particularly useful where the goods cost less than £100.
If there is a transaction on your card you know nothing about, then you can make a claim from your card supplier as it is an “unauthorised transaction”.
If you hand over your card to have a specific amount debited from it e.g. to pay a restaurant bill, and then you find more money has been taken without your permission, or a sum has been taken by someone else, you can make a claim for this extra amount. Make sure you report the unauthorised transaction as soon as you become aware of it.
The Payment Services Regulations 2009 and the Banking Conduct of Business rules place obligations on banks and building societies to provide a refund in these circumstances if specific rules are met.
If you've been conned into transferring money into another bank account than you should contact your bank immediately, so they can try to recover the funds.
if somehow the bank has contributed to the fraud or if they've failed to try to recover the funds properly, you might have grounds to complain
If your bank doesn’t give you a refund, then you can escalate your complaint to the Financial Ombudsman Service (and do warn the bank)
You should also contact the police to get a crime number as this may be necessary for your claim.
Contact your bank immediately if there has been an unauthorised direct debit on your account or the amount of a direct debit is higher than you expected. These are sometimes setup by the fraudster to take small amounts of money regularly in the hope you wont notice.
If you’ve transferred money to a scammer using a money transfer service such as Western Union then it’s almost impossible to get your money back as it’s untraceable. It’s effectively the same as giving cash.
Money transfer services provide advice on how to avoid fraud and scams, so it’s a good idea to take note of it before using such a service.
If the scammer has taken payment for an item through PayPal and then hasn’t sent it to you, you may be covered by PayPal Buyer Protection. But do claim quickly.
In some cases scammers set up a fake PayPal payment form which actually just collects your bank details. In this case, you have no protection under the PayPal Buyer Protection Scheme as you didn’t use the genuine PayPal screen.
A scammer may pay through PayPal, take delivery of the order, and then claim that they didn't receive it and make a claim through PayPal Buyer Protection. If you’re caught by this scam you’ll probably want to make a claim under PayPal Seller Protection. PayPal will investigate what happened.
Paym, Pingit and other mobile services offer means to pay for goods and services using your mobile phone.
If there are any problems in payment then you need to contact the relevant shop, online retailer or whoever took the payment as soon as possible. Plus of course you notify the payment provider (Paym etc.)
If you are defrauded and made the payment by mobile phone then contact the payment provider.
If you have made an electronic payment but to the wrong account then talk to your bank immediately.
Improvements to industry procedures made in January 2016 make the process of attempting to get your money back more straightforward than previously but do act fast.
Be careful when making any payment and consider whether or not you would be covered in the event of fraud.
If you have any experiences with scammers, spammers or time-wasters do let me know – go to the About page then Contact Us.
There are innumerable financial scams – largely because of the attraction of large sums of money to the victims and for the fraudsters there’s the reality of taking money from people for nothing, largely by using their own greed against them.
Online fraud is a huge industry with countless victims and it’s getting worse.
UK statistics show:-
Financial fraud losses across payment cards, remote banking and cheques totalled £755 million in 2015, an increase of 26 per cent compared to 2014.
Card Fraud is split up as follows:-
· 70% is remote purchases – i.e. where stolen card details are used
· 13% is lost and stolen cards
· 2% is card not received i.e. the card is stolen in transit
· 8% is counterfeit cards
· 7% is card ID theft – the fraudster uses the person’s identity information to get their card details
We all need to be more aware then ever of these scams and how to avoid them.
The five most common online financial frauds in the UK are:-
The victims may receive telephone calls offering them an investment opportunity with very high returns (20% or 40% or more.). The scammer warns that the offer is only open while on the call so the victim has to make a fast choice or lost the opportunity. There may be a complicated story to explain why the offer is possible and cannot last. The scammer will want payment by bank transfer or via a money transfer business such as Western Union. The bank account would be emptied once the payment is received ad payment via money transfer cannot be tracked or reversed.
These are scams where the scammer pretends to be working for a trusted organisation such as a bank or electric company, local government, BT, Microsoft, and Google etc. Their aim is to get your details so they can access your online accounts, empty your bank account or use identity theft to pretend to be you and take out loans etc.
Since the government changed the law so that people could take out some or all of their pension pot before retirement, people over 55 have been bombarded by cold callers offering “wonderful” schemes that supposedly give the victim access to their funds and still protect their pension.
Some of these schemes are genuine but carry such heavy charges that they are a very bad deal for the victim and many are just fake – they are simply a way for scammers to get your money.
Buying a home is the largest money transaction most people ever make and this is why scammers love it.
If they can get into your emails or those of your solicitor then they monitor what’s going on and wait for the opportunity to create their own email claiming to be from the solicitors telling you which account to pay into.
It’s their account of course and the money will quickly transferred out and gone. This scam intercepts cash transferred as a home deposit to a solicitor in the lead up to exchange and completion.
There are numerous free offers, free trials etc. available for all sorts of products from cosmetics to foods.
To get the free items, you hand over your credit card details or bank details and you may get something free. But the scammers create a direct debit or recurring payment and you may not notice for a some time the money being drained from your account. Once you notice it’s difficult to get through to the company and get the payments stopped.
These are personal frauds but there are the very large scale frauds that happen such as these two examples.:-
Pyramid investment scheme worth £160 million was shut down after taking money from 162,000 people
Traffic Monsoon, run by Charles Scoville, claimed to make people money through online advertising ‘AdPacks’ but Scoville, an American “entrepreneur” has a history of similar schemes that collapse.
Emails about OneCoin claim this is the new cyber currency that has made more than 300 millionaires already. It is a claim of money from nowhere and the authorities in multiple countries are investigating the company.
OneCoin says it is a digital currency similar to bitcoin but with key differences such as it uses a centralized hub for exchange, storage and transaction logging. This difference has led some to claim that OneCoin isn’t a cyber currency at all.
It’s just a scam.