Fraudsters don’t always ask for your money. Emails that are designed to look as though they’re from a ‘household name’ are becoming common. For example, fraudsters using a ‘household name’ are sending emails with a false promise of a refund if they are provided with a person’s bank account details. These ‘household names’ include H M Revenue & Customs, energy suppliers, high street banks and other well-known organizations. Recipients of these emails are being told that they are due refunds – and to claim these refunds they should click on a link and have their bank details ready, so that the refund can be deposited electronically. Recipients of these messages should always look for any grammatical errors, (common) and anything else that looks suspicious. Don’t click on any links. If in doubt, make separate independent enquiries.
Any suspicious emails should be reported to Action Fraud (actionfraud.police.uk) or contact Citizens Advice on 03454040506. To learn more about scams visit web site friendsagainstscams.org.uk
Fraud is a multi-billion-pound "industry" which affects people from all walks of life.
From our perspective, millions of older people are believed to have been targeted by scammers and this is likely to be an under-estimate of the real numbers. Unfortunately, the ones most likely to fall victim to fraud are those who live alone with no one to look out for them, or who have dementia.
So, what is a scam?
A scam is a deliberate attempt to obtain information from you, to obtain your personal details - and your money. Stealing personal details such as your date of birth, address, passwords, account numbers, and national insurance number is known I/D fraud, and these details are the route to your bank and credit card accounts.
Scammers use all kinds of methods to gain your confidence, including posing as bank or tax officials or even police officers. Scams are perpetrated by individuals and by organized gangs and contact can be by post, text, email or by home visits.
In the same way that buildings and houses have addresses, so do web pages. They have a unique address to help people locate them, known as URL's (URL stands for Uniform Resource Location)
Always check the URL of the site you’re on when online shopping – scam sites can often look genuine. Always look out for extra full stops and dashes. Scammers will target you with a professional looking advert, and then send you through to a copycat website. Don’t feel rushed into a purchase – be sure to stop and think before you buy and ensure the website you’re ordering from is legitimate. Not using a "link" but instead finding the website yourself would be a good place to start.
And the golden rule is - if something sounds too good to be true it usually is !!
Also note:- we are advised that the prime time for scams is midweek and in the afternoon
********************
Scam of the month March 2025
There is a new phishing scam called ‘Astaroth’ that is targeting Gmail, Yahoo, AOL, O365, and 3rd-Party Logins that acts as a man-in-the-middle, capturing login credentials, tokens, and session cookies in real time, effectively bypassing MFA (Multi Factor Authentication).
How Astaroth Works
In a nutshell – Astaroth intercepts MFA codes and passes them to scammer.
The attack begins when victims click a phishing URL, which redirects them to a malicious server operating as a reverse proxy. This server mirrors the target domain’s appearance and functionality while relaying traffic between the victim and the legitimate login page. With SSL certificates issued for the phishing domain, victims see no security warnings and believe they are on the real site.
Astaroth forwards user requests to the legitimate service while stealthily intercepting responses and sensitive data.
Because MFA is always involved (e.g., via SMS codes, authenticator apps, or push notifications), Astaroth automatically captures the entry of the MFA token in real time. It also ensures that any token entered by the victim is intercepted immediately
The final step involves capturing session cookies, which are issued by the legitimate server after successful authentication. Astaroth intercepts and delivers them to the attacker, who can inject them into their browser using manual header modifications or tools. This bypasses MFA entirely – no further credentials are needed, as the session is already authenticated.
How to protect against Astaroth
Please be vigilant and check links within emails, even if they appear to be from a legitimate source as their email account may have been compromised.
If you are usure about an email or link, do not open any attachments or click on any links.
If you use any Authority devices do not click on any links or attachments within personal email.