Welcome to the latest edition of the Cyber Safe Threat Updates, a weekly series in which we bring attention to the latest cyber attacks, scams, frauds, and malware including Ransomware, to ensure you stay safe online.

Here are the most prominent threats which you should be aware of:


Surge in Online Ticket Scams: Warning for Football Fans as Number Doubles

Lloyds Bank has issued a significant warning to football enthusiasts in light of a staggering surge in online ticketing scams, revealing that such fraudulent activities have doubled during the 2022-23 season. With the eagerly anticipated start of the new Premier League season just around the corner, the bank has released alarming new data that sheds light on the concerning trend. On average, victims of these scams have lost around £154, prompting the bank to emphasise the need for heightened vigilance among fans seeking to purchase tickets.

The study found that 90% of these scams originate from popular social media platforms, including Facebook, Instagram, and Twitter. What’s particularly troubling is that individuals aged between 18 and 24 are the most vulnerable targets, and even supporters of prominent football clubs such as Manchester United and Liverpool are not immune to falling victim to these scams.

Unravelling the mechanics of these scams, fraudsters begin by crafting fake accounts on social media platforms and exploit these accounts to advertise tickets that do not exist. To entice unsuspecting victims, they frequently post images of the access they purport to sell, often stealing these images from genuine ticket listings elsewhere. Once a victim is persuaded of the sale’s authenticity, scammers then request payment through bank transfers—a payment method that offers minimal protection for buyers.

Following the transfer of funds, victims are frequently sent counterfeit tickets or, in some instances, left empty-handed as the scammers vanish. The ease with which these scams are orchestrated underscores the pressing need for increased awareness and precautionary measures among football fans.

Lloyds Bank offers a series of practical suggestions to combat these scams effectively. The bank recommends purchasing tickets directly from the official club or its authorised ticket partners whenever possible. Many clubs also maintain their official resale channels, which can be used if a match is sold out. When individuals are desperate for event tickets, the bank advises using credit cards, debit cards, or PayPal for payment to enjoy enhanced protection.

Fans are also cautioned against being lured by offers that seem too good to be true, as these are often hallmarks of fraudulent activities. Moreover, verifying the legitimacy of the contest organiser is crucial for those who participate in ticket-related competitions, as there have been reports of scammers creating fake competitions to extract personal information from unsuspecting participants.

In the unfortunate event that someone falls victim to a scam, Lloyds Bank recommends acting swiftly. The bank advises contacting one’s financial institution immediately using the number on the back of their card to report the scam. Additionally, individuals can report the scam to Action Fraud, the UK’s national reporting centre for cybercrime, or they can contact the police by dialling 101 if they reside in Scotland.

Ultimately, the surge in football ticket scams underscores the need for proactive measures and heightened awareness in an era when digital transactions have become increasingly prevalent, particularly within football fans’ vibrant and passionate community.

Source: https://bit.ly/45mTzfr

Shopper Alert: Copycat Websites Impersonating Joules Target Online Shoppers


A concerning surge of fraudulent activities has been observed as scammers masquerade as renowned clothing retailer Joules, exploiting Facebook advertisements for their deceptive schemes. These misleading ads redirect unsuspecting users to convincingly designed copycat websites, enticing them with substantial discounts on items. However, when individuals proceed to make purchases and enter their banking information, they inadvertently hand over their sensitive data to these scammers.

Unveiling the Mechanics of the Scam

Fraudulent ads on Facebook, falsely pledging discounts of up to 80% on Joules products, initiate this elaborate scam. Clicking on these ads directs users to imitation websites adorned with Joules branding, with multiple newly created sites identified in this fraudulent campaign. Among the deceptive URLs to be cautious of are:

Joulesuk.com

Joulesukmall.com

Joulesofficial.com

Joule-sale-shop

Joulessaleuk.com

Joulesofficial-uk.com

These counterfeit sites cunningly incorporate product images taken from Joules’ official website, exploiting the allure of heavily marked-down prices. For instance, an item priced at £44.95 on the official Joules website was falsely advertised for just £13.49 on one of these fraudulent platforms.

Crafty Tactics and Warning Signs

The scam websites employ psychological tactics, such as displaying ‘real-time’ notifications of high user activity and imminent purchases, to urge victims to make swift decisions. While legitimate retailers occasionally adopt similar tactics, these have also become a favoured strategy among fraudsters.

Joules has proactively warned its patrons about fraudulent ads and websites on its official Facebook page. The legitimate Joules website resides at www.joules.com. The scam sites have been reported to the National Cyber Security Centre (NCSC) for investigation.

Facebook’s Response and Protective Measures

The scam ads were reported to Facebook, which promptly removed them. A spokesperson for the social media giant emphasised the gravity of this issue, indicating that scammers employ sophisticated methods across various communication channels to defraud individuals.

To assist individuals in avoiding such scams, a set of guidelines for recognising fraudulent websites is provided: Validate the website’s authenticity by comparing it against the brand’s official social channels and legitimate URLs. Approach tempting or time-sensitive offers with caution, as these could be traps. Inaccurate spelling and grammar on the site may signal a scam. The absence of crucial information like contact details, privacy policy, terms and conditions, and an ‘about us’ section could imply fraudulent intent. Be cautious of payment requests via bank transfer, a preferred method among scammers due to its inadequate buyer protection.

Taking Action Against Scammers and Seeking Redress

If personal banking details have been shared on a dubious website, contacting the bank immediately using the number on the back of the card is paramount.

For payments made via debit card, potential recourse lies in chargeback claims. The chargeback mechanism applies for credit card transactions below £100, while Section 75 can be invoked for more significant transactions.

Users can dispute transactions via the app or website under PayPal Buyer Protection.

Individuals across scam websites are encouraged to report them to the NCSC. Furthermore, reporting scams to Action Fraud or contacting the police (dialling 101 in Scotland) can aid in curbing such fraudulent activities. As online shopping continues to evolve, consumers are urged to remain vigilant and informed to shield themselves from these insidious digital traps.

Source: https://bit.ly/3OwdGAX

Northern Ireland police data breach is second in weeks, force reveals


The Police Service of Northern Ireland (PSNI) is embroiled in a second data breach investigation. The organisation grapples with a significant security breach that exposed sensitive information about all 10,000 officers and staff. In this latest breach, the focus has shifted to stolen documents and a laptop, shedding light on the persistently escalating challenges posed by cyber threats. The pilfered documents reportedly include a spreadsheet containing the names of more than 200 active officers and staff members. These records were taken from a private vehicle on July 6th, in a concerning incident that unfolded in Newtownabbey, a region near Belfast.

Assistant Chief Constable Chris Todd, who holds the role of the PSNI’s senior information risk owner, expressed the organisation’s solemn commitment to address this breach with the utmost seriousness. He confirmed that immediate steps were taken to notify the concerned officers and staff about the incident, and an initial report has been filed with the office of the information commissioner, ensuring the relevant authorities are informed.

The gravity of this incident is compounded by the backdrop of the earlier breach, which came to light when confidential information was inadvertently disclosed due to a Freedom of Information (FOI) request. The breach exposed personal details such as surnames, initials, ranks or grades, work locations, and departments of all PSNI staff, though notably excluding private addresses. Northern Ireland’s Chief Constable Simon Byrne found himself compelled to truncate a family holiday to confront the ramifications of these twin breaches, highlighting the urgency and significance of the situation.

The data in question holds profound sensitivity within Northern Ireland, where police officers continue to be sporadically targeted by dissident groups in violent acts involving explosives and firearms. Despite the 1998 peace accord that ostensibly marked an end to the three-decade-long sectarian violence in the region, these incidents underscore the persistent security challenges faced by the authorities.

This wave of breaches has left even the family members of serving officers feeling the impact. In a poignant revelation, the wife of a Northern Ireland police officer disclosed to Sky News that she lives in constant fear following the initial breach, which exposed her husband’s details. In a candid interview with Sky’s senior Ireland correspondent, David Blevins, she disclosed how she learned about the inadvertent online exposure of the information, emphasising how the incident forced them to adjust their daily lives further to protect their personal and professional vulnerabilities. As the PSNI grapples with the aftermath of these data breaches, it faces an arduous journey of investigation, reflection, and, most crucially, fortifying its cybersecurity infrastructure.

Source: https://bit.ly/3YtSCQk

Contact Neuways to help your business become Cyber Safe

If you need any assistance with cyber security assistance, then please contact Neuways and we will help you where we can. Just get in touch with our team today.