Investigation: Phishing Messages EMERGENCY RESPONSE UNIT
Transcript of Investigation: Phishing Messages EMERGENCY RESPONSE UNIT
Date: Investigation: Investigation into phishing emails, messages and phone calls Officers carrying out investigation:
Incident
Number
Type of
Communication
Official sounding
source
Sense of urgency
in expected
response
Implied threat Makes the
recipient feel
anxious
Makes the
recipient feel
curious, hopeful
or excited
Offers something
that seems too
good to be true
Asks for personal
details
Encourages the
recipient to click
on a link
Asks the recipient
to download a file
Investigation: Phishing MessagesCYBER CRIME
EMERGENCY RESPONSE UNIT
Thank you for shopping with Arizona. Your new iPhone has
been dispatched and payment for £1020 will be taken from your account today. If you do not
recognise this purchase, please get in touch with us immediately
on 09898976567
We can see from your gaming accounts that you have built up a debt of £250. Please follow this link immediately to pay this off. Failure to do so will result in an additional fine, taking your total
debt to £1000Debt Repayment
Answer the following general knowledge question to be in with a chance to win a brand new 40
inch Smart TV:Which of Santa’s reindeer had a
red nose?Text 0947584748 with your full
name, address and answer NOW! Competition ends at midnight.
This is an automated text message from your phone
provider. We have been unable to collect payment for your
phone this month. Please click on the link below to pay your bill.
Your service will be terminated with immediate effect if you do not respond straight away. Link
Hello am I speaking to Ben Barton? Hi, I’m phoning on behalf of PC Products. We are in the process of providing all pupils across the country with the latest iPad model to help with learning at home. You may have heard that the government want to better support young people and their education? This roll out of equipment is the first part of a phased plan to get all pupils access to technology to help them make best use of learning resources at home. Would you be interested in joining this scheme? All we are asking at the moment is that you provide us with some proof of your name, age and address. We will send you a web link, just click on that to access a page where you can give us your details and we’ll get that new iPad out to you by the end of the week. It’s been a pleasure talking to you.
Hello, I’m calling from Microsoft. We have detected a problem with your computer. Have you noticed it running a bit slower recently? Can you start up your computer and follow my instructions so that we can remedy this for you.
Context:
The recipient did think
that her computer had
been running a bit
slower and was keen to
get this sorted.
Good morning am I speaking to Mr Smith? Hello, I’m PC Dixon from Halway Police Station. We’ve been informed of some unusual activity on your bank account by someone in your area. You need to call 08988546747 urgently to change your bank details to prevent any large withdrawals from your account.
Hello, I’m calling from Arizona. We have been made aware of some fraudulent activity on our site which has resulted in a number of our customers paying for expensive items that they haven’t purchased. We would like to reimburse you immediately, could you give us these bank details so that your money can be returned to you?
Inbox
Contacts
Trash
From:
To:
Exit
Dear Customer
You are the lucky winner of our latest prize draw! Congratulations!As a valued customer of Great Deals Done, you are automatically entered into our fantastic prize draw each month and this month your name was pulled from the hat!Click on the link below to collect your prize, worth £899 :
Kind regards,The Great Deals Done Team
Prize Draw
Great Deals DoneWINNER!
Context:
The recipient had never
shopped with Great
Deals Done as far as
they were aware but
they weren’t completely
sure.
Inbox
Contacts
Trash
From:
To:
Exit
Dear Customer
We regret to inform you that a vulnerability has been identified in the Gamers Unit mobile application that allow an attacker torecord calls and videos you have made from your device without your knowledge.We have created a website for all members to verify if their videos and calls have been recorded and subsequently made public.To perform the verification, please use the following link:
This website will be available for 12 hours.Big Fish Little Fish Games Company
Big Fish Little Fish Games Company
Video and Call Verification
Inbox
Contacts
Trash
From:
To:
Exit
Hello,We have been unable to take this month’s payment for your Notflix account. Please update your payment details:
If payment is not received within 2 hours, your account will be suspended from midnight tonight.
If you need help, please visit the Help Centre or contact us now on 01343679347
Notflix Account Team
NOTFLIXYour account is about to be suspended
UPDATE ACCOUNT NOW
Hello,This is an urgunt notice regardings email [email protected]. Your email is reported for sending spam email to your contacts. In order to protect your contacts from further attack we ask you to download the following to your computer, this willdisable further problems:
Failure to download this program will result in permanent disablement of your account.
Sincerely,Microsift
Inbox
Contacts
Trash
From:
To:
Exit
EMAILS UNDER SCAM INVESTIGATIONurgent
Your account is about to be suspended
Download
Dear Customer,Thank you for your purchase from Tiny Toy Shop.The attached information will give you a special code to enter onto our website: www.tinytoyshop.co.ukWe hope you enjoy the free gift!
SincerelyThe Toy Team
Inbox
Contacts
Trash
From:
To:
Exit
tinytoyshop.co.uk
Tiny Toy Shop
www.a2ss4rend9987aperprxd
Secret code
Context:
The recipient noticed
something strange
when he hovered his
cursor over the link…
Post Investigation Team Meeting
Teams to feedback on what they discovered about each of our chief suspects
• Was there any evidence of criminal activity?
• What clues were you able to pick up on?
• What should our next steps be to combat these crimes?
• What tactics were the criminals using?