Action Fraud, the UK’s Cybercrime reporting centre, has warned that fake TV licence payment scam emails have generated 5,247 complaints between 1st October and the end of December, with 1,983 complaints in December alone.
According to Action Fraud, the highly convincing scam involves sending people emails that use headlines such as “correct your licensing information” or “your TV licence expires today”. In some cases, the email title and contents suggest that the recipient is eligible for a TV Licensing refund. On opening the email, recipients are encouraged to click on a link to a fake version of the TV Licensing website.
When the victim visits the fake site, they are asked for their personal payment details – account number, sort code, and card verification value (CVV) code.
There have also been reports that victims who have submitted personal details to the fraudsters via the website are contacted a week or two later by the fraudsters who claim to be from the fraud department of the victim’s bank, claim that the victim’s bank account has been compromised, and ask the victim to transfer their money to a new, so-called ‘safe account’.
Some media reports put the amount of cash stolen by fraudsters using this scam in the region of £230,000+.
Official TV Licensing Never Email Customers Unprompted
The spate of fraudulent emails has prompted the real TV Licensing authority to confirm that they never email customers unprompted to ask for personal or payment details or to inform customers of eligibility to any refunds.
Real Glitch Last Year
Some of us may remember that a real security risk involving the genuine TV licensing website was identified back in September 2018 when an Infosec blogger noticed that Google Chrome was flagging the TV Licensing website as insecure. The blogger estimated that as many as 130,000 people may have been affected by the breach. TV Licensing then notified customers who accessed its website between 29th August and 5th September 2018 that their personal details may have been stolen but maintains that there was a very small risk of the information having been accessed.
What Does This Mean For Your Business?
This latest scam is one of many convincing scams that use phishing to steal payment details and other personal information. Phishing is one of the most popular cybercrime methods.
Action Fraud advice for avoiding falling victim to this scam includes:
If you think that you may have fallen victim to this scam, the advice is to report it to Action Fraud by calling 0300 123 2040 or report it through the website here: https://www.actionfraud.police.uk/report-phishing.
Ways to help protect your company against the threat of phishing attacks include education and training of staff to help them spot and deal with phishing, and even using phishing attack simulator tools (such as ‘Attack Simulator’ in Office 365) to help sharpen your organisation’s defences.