Telephone 07870 501003 or use our website contact facility

News & Updates

When it is Black Friday to be followed by Cyber Monday then it seems appropriate to share a few snippets about the Computer Misuse Act 1990 and 2018. As well as the Fraud Act 2006 computer crime and fraud in UK can also result in charges under this Act.

A simple summary guide follows:

The Computer Misuse Act applies to any digital operation with a significant link to the United Kingdom. This covers situations where a computer being targeted is in the UK; if the person responsible carried out the operation from the UK; if they used a server located in the UK; or if the resulting cyberattack caused damage within the country.

Section 1 of the Act criminalises ‘unauthorized access to computer material’.

Section 2 then addresses ‘unauthorized access with intent to commit, or facilitate commission of, further offences’. This is when the offender intends to commit more crimes, such as extortion or fraud, using the data they have accessed.

Section 3 of the Act then refers to unauthorized acts with the intent to impair the operation of a computer, either recklessly or intentionally. Again, this section relies on a crime under Section 1 having been established and adds further penalties if the offender/s meant to damage (such as through a virus) or alter the computer or computer system and its contents (such as through modifying, deleting data or introducing malware and spyware), or simply had this effect as a result of the unauthorised access.

A 2006 addition to the original Computer Misuse Act, specifically outlawed the making, supplying or obtaining articles for use in an offences under Section 1,2 and 3. This now addressed the issue of people using malware, viruses and other such tools developed by others, for the purposes of cybercrime.

Where the original 1990 Act had for the first time explicitly criminalised activities which damaged computers, in 2015, a further provision was added in relation to serious damage. This 2015 addition significantly increased the penalties for ‘unauthorised acts causing, or creating risk of, serious damage’.

Under the 2015 change, ‘serious damage’ extended beyond the digital world and referred to damage to people, the environment, and states. The remit of the Act now expanded to cover the possibility of cyber-terrorism and a state backed cyber attack. Crimes which are committed, and which fall within the remit of ‘serious damage’, can now result in a maximum sentence of life imprisonment.

All crimes under the Computer Misuse Act can result in a fine and potential imprisonment.

I've recently been delivering training on this and other legislation which prompted me to share. Feel free to to use our contact page to ask for more information and case summaries from convictions.

Stay safe and secure online. Let's be careful out there...
Refund fraud is easy.

Want to buy expensive Christmas presents but not got the money? How about you getting a quick refund on what you spent and yet also keep the presents?

You get your money back. You keep the presents. No-one comes after you. It is easy. Not talking £4 or £40, talking £2-£3k.

We merely take a commission in the region of 20% from your refund.

No refund then no payment to be made.

Speak to us first to identify the easiest targets and which companies can be exploited.

No this isn't a real advert from me. It is what fraudsters are offering as crime as a service to the public via the dark web and social media.

If you want to speak to us about which retailers are being targeted (most of the big ones) and see some evidence of how this fraud happens including a fraudsters manual for retail fraud then contact us.

Conditions: You must be in the fraud team of an online retailer.

Objective: Speak to us about how you can identify and mitigate this risk.

Do you conduct or need a fraud review?

We have conducted several detailed fraud review projects this year across insurance claims, banking, lending, retail and investigation.

Every client has taken on board our recommendations and improved what they do. Some start from a great place. We acknowledge that and help them to spot the gaps and maybe adjust priorities to particularly fit with the intelligence we gather on the fraudsters and their focus.

Others are working in the same way they did a decade ago. They have success but need to do more or do things differently.
However, we support the whole industry because collaboration, knowledge sharing and becoming the predator rather than the prey is what we need to stop the fraud epidemic we face,

If you want formal help, get in touch but the enemy is not fellow counter fraud providers, internal teams, or peers but the fraudsters themselves.

For that reason, we are happy to share some questions we ask when conducting a fraud review. A few clients have remarked that it was the questions I asked that won the business, rather than a slick pitch:

· Are the processes and procedures in place proportionate?
· Is there an effective balance between the use of technology and trained confident people?
· Are processes for detecting fraud documented and embedded within the wider operational process?
· Are the processes known and understood by the staff that operate them?
· Is the escalation process understood and owned by those using it?
· Are people trained to identify fraud?
· Is the data analysed to improve prevention, detection, and containment of fraud?
· Is the data accurate and inform the organisation of trends, threats and results beyond profit and loss?
· Is the fraud risk reported and accountable at board level?

Ask those questions in your organisation. If the answer is a resounding and confident yes, then well done.

If you cannot then your organisation has urgent work to do.

My fave feedback on a final report. One word ‘awesome’

Let’s be careful out there…Use our contact page to get more information about fraud, financial crime, AML and cyber risk reviews and assistance.
The first time I saw a fraud carried out by a person pretending to be a police officer was back in the 1980s. A smartly dressed middle aged man wearing a blazer over a blue shirt and black tie went around the shops in Sale persuading assistants to open their tills so he could inspect their £20 notes. A new note had been issued and was running alongside the old notes.

He told them the new notes were forged and seized them for evidence. He did give them a receipt though.

This week 3 people have been arrested where they allegedly used the phone and pretended they were the Met Police doing an investigation. They then asked the homeowner to assist them by buying a Rolex watch as evidence. The victims believed the watches were counterfeit and they would be compensated and we helping.

The watches were valued around £8,000 and collected by the fraudsters. There were several elderly victims.

There are sinister possibilities safety wise as well as fraud with physical police impersonation and photos were released by the Met of 2 men impersonating uniformed police officers and knocking on doors in Barking.

I attach a link to the Met's website in the hope these two men and others like them are caught and account for themselves.

Please share with those you know may be vulnerable

Let's be careful out there...and let's stay safe
We all worry about our children but what if you found out your 9-year-old child has credit debts of £15k, Owes HMRC/IRS 2 years back taxes on employment, and has a Bitcoin wallet, as well as Netflix and Amazon Accounts?

Not something that would cross your mind normally but…Child identity fraud is a thriving business for fraudsters particularly in the US and UK.

When we are registered as born, we are issued with a National Insurance Number and a birth certificate. The birth certificate is a matter of public record. We also tend to announce birth in newspapers or on social media.

Illicit trade in National Insurance numbers (or Social Security numbers in US) are very much part of Organised cyber-crime. A little research, a little forgery and a credible identity is created for a type of fraud which is far more common than most people think and perfect for synthetic manipulation to create a credible identity with matching passport and driving licence documents.

It is estimated that there are 1 million such identities in use in the US and by the process of extrapolation around 200,000 in the UK. It may be for used for false proof of ability to work in UK, housing, and benefits. All of which are fraud, but also more directly to deceive lenders, launder money and commit crime.

Not enough of us but many of us take steps to check our own identity has not been stolen and in business we do the same thing to ensure we know who we are dealing with.

I am sorry to say this but warning our children of the dangers of the internet and keeping an eye increasingly means we must be aware of this threat.

For perspective 200,000 children is the equivalent of 2 full Wembley Stadiums and a Manchester City home crowd (sorry I could not resist a football joke).

This is not a new phenomenon what is new is the volume and scale. More will be uncovered as children mature and are turned down for bank accounts and other things because their identity has been used fraudulently by someone else.

Here are some things you can look out for:
· Calls or letters to your child with offers that are not age appropriate
· Calls or letters about debts in your child’s name
· Pre-approved credit offers by email or post
· HMRC or IRS letters about tax codes

There again if your 9-year-old drives a Ferrari, has a yacht, and has a thriving business the above might just be them after all. Otherwise, don’t laugh it off, check it out.

2021 when the improbably became probable.
Two viewpoints that often conflict but should actually in my opinion be interdependent if we are going to succeed in making folks safer.

'...people forget to build fraud into products and ideas because they are convenient and are going to be big sellers...'

'...we in counter fraud and cybersecurity need to build convenience into fraud solutions...'

I make the points this weeks on 'The Infosec & OSINT Show' podcast hosted by Josh Amishav-Zlatin.

I also cover common frauds I see, how COVID impacted fraud and how shell companies and aged email addresses are being used by fraudsters.

There are other podcasts on the site from some folks whose work I admire too.