Latest news with #Cybercriminals
The Sun
21-07-2025
- The Sun
Holiday warning over easy passport and boarding pass mistakes that could land you with a hefty bill worth £1,000s
HOLIDAYMAKERS are being warned that simple mistakes with passports or boarding passes could end up costing thousands of pounds. Experts say losing your passport or throwing away your boarding pass could leave you unable to travel or stuck with surprise bills. 1 Another key blunder includes saving a scanned copy of your passports on your digital devices. Cybercriminals are targeting travel documents, with stolen passports, boarding passes, and hotel bookings being sold for thousands on the dark web. Research from NordVPN and Saily has uncovered thousands of stolen travel details being traded online, putting Brits at risk of identity theft and financial scams. Verified UK passports are among the most valuable, selling for over £4,000 if they're valid and uncompromised. When passports are recorded as missing or stolen and invalidated, the risk of fraud is reduced, but such documents can still slip past some companies with more relaxed reviewing procedures. Even older, invalid passports can fetch up to £8 and may still slip through lax security checks. Boarding passes and airline loyalty accounts are also hot commodities, with criminals using them to steal frequent flyer miles or access personal information. Hackers have also targeted hotel bookings made through popular platforms like selling reservations at steep £200 discounts or claiming refunds to their own accounts. Cybercriminals use malware to scan devices for sensitive files like passport scans, hack email accounts to retrieve travel documents, or exploit data breaches at airlines and travel agencies. Physical mistakes, such as leaving boarding passes behind at airports or sharing passport scans on insecure cloud folders, can also make travellers easy targets. Marijus Briedis, chief technology officer at NordVPN, said: "The best way you can protect yourself against these types of fraud is to ensure that all of your devices are kept updated with antivirus software and make sure that anything related to your holiday booking is saved in a secure place. "If you have been asked by your travel agent to send over a copy of your passport, don't be afraid to ask them what they do with that scan once your booking has been completed. "Take precautions in the airport too, and don't leave boarding passes in public places, as even these have enough information to put you at risk of identity fraud." Ultimately, to stay safe, travellers should secure their documents and avoid discarding boarding passes or sharing passport scans carelessly. was contacted for comment. How to report scams If you think you have been a victim of a scam, you should report it as soon as possible. There is no guarantee you'll get your money back, but banks will often compensate you if you can show you did not know the money would leave your account. You can forward scam emails to report@ If you notice a website that doesn't look quite right, you can also report it to the National Cyber Security Centre by visiting You should also contact your provider and report it to Action Fraud, which will give you a crime reference number. You can do this online by visiting or by calling 0300 123 2040. If you're in Scotland, report a scam through Advice Direct Scotland online by visiting You can also report scams to Police Scotland on 101. If you need further help, contact Citizens Advice Scams Action by visiting or calling 0808 223 1133. Action Fraud's advice on holiday fraud THINIKNG about booking a holiday this year? Follow our top tips to avoid falling victim to holiday fraud DO YOUR RESEARCH: Before committing and booking your dream holiday, make sure that you do a thorough online search to ensure the company is credible. PAY SAFELY: If you have a credit card, use it when shopping online. Most major credit card providers protect online purchases. LOOK FOR LOGOS: Check if a travel company is an ABTA, the Travel Association, member or an ATOL holder. Look for the ABTA logo on the company's website. If you have any doubts, you can verify their membership of ABTA online on their website. If you're booking a flight as part of a package holiday and want to find out more information about ATOL protection, visit the ATOL website. STAY SAFE ONLINE: Use three random words to create a strong email password that's different from all your other passwords. If two-step verification is available, always enable it. WATCH FOR SUSPICIOUS MESSAGES: Be cautious of unexpected emails or messages offering unrealistic holiday deals. If you receive a suspicious email, report it by forwarding it to: report@ PROTECT PERSONAL INFORMATION: Only fill in the mandatory details on a website when making a purchase. If possible, don't create an account for the online store when making your payment. BOOK WITH CONFIDENCE: Be sceptical of unrealistic holiday deals. If they sound too good to be true, they probably are. Exercise caution and research before making a purchase.
Khaleej Times
13-07-2025
- Khaleej Times
UAE authorities warn of email scams using fake invoices to steal money, banking details
Cybercriminals today are more sophisticated than ever. They're not just relying on various fraud schemes — such as scam calls, deceptive text messages, phishing links, or impersonation scams — they're now exploiting system vulnerabilities to gain full control over victims' computers and steal financial and personal data. UAE authorities are warning residents about a rising scam involving fake emails disguised as legitimate invoices from well-known companies such as McAfee Security and PayPal. These deceptive emails claim that charges — often around $399 (Dh1,400) or $599 (Dh2,200) — have already been made and will soon appear on the recipient's account. To cancel the supposed transaction, recipients are urged to act quickly, typically within 24 hours. Panicked by the false charges, victims are instructed to call a US-based phone number provided in the email. Once on the call, scammers guide them through a series of steps that grant remote access to their computers — allowing the criminals to steal sensitive personal and financial information such as banking details, credit card information, and other sensitive financial data, all without the victim's knowledge. This surge in PC-based scams follows a crackdown on phone-based fraud. Last year, Dubai Police arrested 494 individual s in 406 phone fraud cases targeting banking customers. Fraudsters in these cases used phone calls, emails, SMS, and social media links to deceive victims and access their accounts. Meanwhile, Sharjah Police stepped up cybercrime monitoring. A CID official confirmed that proactive measures, including public awareness campaigns, are in place to combat these scams. In a recent operation, they arrested two men who defrauded victims of over Dh3 million by accessing 173 bank accounts across the UAE. Authorities stress that reputable companies will never ask customers to grant remote PC access, send invoices from personal email accounts, or share private phone numbers for cancellations or transactions. They urge the public to avoid engaging with unsolicited emails. Close call Um Mazin, a government employee, narrowly avoided falling victim to one of these scams. She received an email from a sender named Jarred with an attachment that was an invoice from McAfee Security. The document claimed that her PC antivirus subscription had been renewed automatically. Since her antivirus had indeed expired, she assumed she had mistakenly authorised the renewal and called the customer service number provided in the email. A man answered and instructed her to open her PC, navigate to the Start menu, and access Quick Assist. He then gave her a code to enter. Just before pressing 'Enter,' she noticed a warning message stating that whoever received the code would gain full control over her system and data. Realising the potential scam, she deleted the code and confronted the caller, demanding to know his true intentions. The scammer immediately hung up. She then reported the incident to the police. Employee loses thousands However, not everyone was as fortunate. Ahmed Adam, an employee at a private company, received an email that appeared to come from PayPal. It included a receipt for a purchase from a company called 'Based-Coin Inc.' for $335.99 (Dh1,200). The email warned that the amount would be charged to his account within 24 hours unless he called the provided US number to cancel the transaction. Worried, Ahmed made the call. The person on the other end assured him the transaction could be reversed but asked for his credit card details to initiate the process. Trusting the caller, Ahmed shared the information — only to discover soon after that Dh3,666 had been withdrawn from his account. Acting quickly, he used his bank's mobile app to block the card and prevent any further transactions. He then reported the incident to the police, who confirmed that a cybercrime investigation was underway to track down those responsible. How to report fraud Colonel Dr Khalid Aref Al Sheikh, director of the Anti-Economic Crimes Department, highlighted the efficiency of the authorities in such scams. For residents who suspect they may have fallen victim to a scam, they are strongly urged to report the incident immediately. Here's how to do it: Ministry of Interior (MoI) eCrime Portal: The MoI has launched the eCrimes platform, allowing individuals to report cybercrimes online. This service is accessible through the MoI UAE app, available on Google Play, App Store, and AppGallery. Dubai Police eCrime Website: Residents can report cybercrimes directly through Dubai Police dedicated eCrime portal at This platform is designed for reporting online fraud, hacking, blackmail, and other cyber-related offences. Al Ameen Service: For confidential reporting, Dubai Police offers the Al Ameen service. You can contact them at 800-4888 within the UAE or +971-800-4888 outside the UAE. More information is available at Abu Dhabi Police Aman Service: Abu Dhabi Police provides Aman service for reporting incidents related to harassment or safety. You can reach them by calling 800-2626 or by sending an SMS to 800-2828. Sharjah Police Najeed Service: Residents in Sharjah can report suspicious activities through the Najeed service by calling 800-151 or by sending an SMS to 7999. Federal Public Prosecution My Safe Society App: The Federal Public Prosecution has launched the 'My Safe Society' app, enabling users to report cybercrimes. The app is available on iTunes and Google Play. General emergency Police hotline: For immediate assistance or to report any crime, you can call the general police emergency number at 999.
Forbes
21-06-2025
- Forbes
Why Using Airport Wi-Fi May Be More Dangerous Than Ever
Your Wi-Fi connection may not be safe. Here's what to do about it. getty Is the public Wi-Fi network at JFK International Airport safe? That's what one of Vivian Au's customers wanted to know recently. The network in question was called JFK-Free-WiFi, and it did a peculiar thing when her client tried to log on: It asked for her birthdate. It was not safe, says Au, a consultant who specializes in corporate technology and security. "Real airport networks never do that," she says. But at a time when it feels like it should be safe to use a public Wi-Fi network at the airport, it's getting harder to tell safe from dangerous. Experts say airports have upgraded the security on their public networks. At the same time, scammers have gotten smarter about stealing personal information from unsuspecting users. "Airport Wi-Fi can be convenient for accessing apps and services to pass the time before a flight," says Gary Orenstein, chief customer officer of Bitwarden, a password management service. "At the same time, these networks are also known to be a honeypot for bad actors. If a network is compromised, cybercriminals can exploit the risk to extract sensitive information from connected devices." The most high-profile case happened last year in Western Australia, where a man was arrested for allegedly establishing fake free Wi-Fi access points, which mimicked legitimate networks. These access points, which operated a lot like the bogus JFK-Free-WiFi access point, captured personal data from unsuspecting victims who mistakenly connected to them, according to police. How hackers steal your information through a public Wi-Fi network What do the bad guys do with the data they steal? It's more like, what don't they do, according to Orenstein. Cybercriminals may intercept credit card or banking data shared over unencrypted networks and connections. Attackers may use unsecured public networks to plant ads on legitimate websites, redirecting users to malicious sites and exploiting trackers embedded on previously visited pages. Hackers might encourage users to download malware-infected files or fraudulent apps disguised as helpful tools for connecting to airport Wi-Fi. Criminals can also steal personal data and other private details, potentially aiding entry into critical consumer accounts. Police alleged the Australian hacker used a portable wireless access device to create "evil twin" free Wi-Fi networks, which he used at multiple locations to lure unsuspecting users into believing they were legitimate services. In other words, while it may feel safe to use an airport Wi-Fi network, it's still fraught with danger. 'Airports are prime targets for cybercriminals looking to steal information, identities, and money," says Tomas Stamulis, chief security officer at Surfshark. "Unfortunately, information security isn't a top priority for many organizations, airports included. Despite advances in Wi-Fi technology, adoption of stronger security systems is slow, leaving travelers exposed to data breaches and fraud." Why do people think airport Wi-Fi networks are safe now? Early airport Wi-Fi networks were open and lacked even basic security, say experts. Today, airports have advanced WPA3 encryption, a series of security protocols that protect your password and the devices on the network. And, apart from the incident in Australia, there have been few recent reports of network breaches that have resulted in a loss of data. So is it safe to use an airport Wi-Fi network with your computer or phone? "Airports have indeed improved their Wi-Fi security," says Rafay Baloch, CEO of REDSECLABS, a cybersecurity company specializing in security consulting, training, and other cybersecurity services. "But the system is still not foolproof." Baloch says it's convenient to be able to connect to the internet while you're transiting through an airport terminal. "But all public networks are insecure," he warns. "There are many hackers who set up fake Wi-Fi networks with names that are very similar to the real ones to catch people's attention. Once connected, the attackers can launch different attacks to sniff out important information from the users." How do you know if an airport Wi-Fi network is safe? There are a few ways you can find out if an airport Wi-Fi network is safe — or at least safer . Is the name suspicious? Hackers are not grammarians. So some networks will have telltale signs that they're bogus, like typos. Never connect to a network called "DULLES_Offficial_Free_Wfi," for example. You're just asking for trouble. Does it use encryption? After connecting, make sure the website you're visiting uses "https" in the URL and has a padlock symbol. "This means the connection is encrypted and your data is protected," says Gyan Chawdhary, CEO of Kontra, a security training platform. Does it ask for private information? Remember, hackers are trying to harvest personal information, so they'll ask for things like your birthday or your email credentials. They may even brazenly ask for your credit card information. A truly free airport Wi-Fi network will not ask for any of that information. Did the airport advertise it? Often, airports will display the name of the official access point on the screens. "You can also double-check the network name with the airport personnel," says Marcelo Barros, the global director of Hacker Rangers, a security awareness training firm. But ultimately, none of these strategies is foolproof, according to experts. "If you need to get online at the airport, it's safer and more reliable to use your cell phone's data plan," says Craig Steele, director of Digital Skills Education, a company that offers courses that help regular people stay safe online. "That way, you're connecting directly to your carrier instead of relying on public Wi-Fi. When I'm traveling I'd always use that first, rather than connecting to a public Wi-Fi network." So will you use the airport Wi-Fi network this summer? Bottom line: Airport wireless networks aren't entirely safe, even the official ones. But will that stop you from using them? Nah. A recent report by Norton suggests 60 percent of users have logged on to a public network in the past year, and that trend shows no sign of abating. Matthew Hicks, an associate professor of computer science at Virginia Tech, says it depends what you do on the network. "At one extreme, it is safe enough to check the latest sports scores, weather, or stock market on an updated device," he says. "At the other extreme, it is risky to perform financial transactions, or work with other sensitive data in the cloud, using a device that hasn't been updated in years, for an eight-hour layover." The thing is, even if you stay off the airport network, can you guarantee that your kids will? And who knows what kind of malware they'll download or what kind of data they'll give up between watching videos and texting their friends? Fact is, even though airport Wi-Fi looks safe and feels safe, it might not be. But that probably won't stop you from using it.
CNET
13-05-2025
- CNET
Why You Should Report Fraud to the FTC and FBI
When we write about fraud or identity theft at CNET, we regularly advise victims to contact the Federal Trade Commission or the FBI's Internet Crime Complaint Center to share their experience. However, suppose you didn't lose money or give up any personal identifiable information, like your Social Security number. In that case, you might not think it's necessary to take this step -- but you should. Only 38% of fraud reports received by the FTC in 2024 involved monetary losses. Fraud reports help the FTC and FBI inform and educate the public about popular scams and aid local and federal authorities in catching criminals. If you do fall victim to a scam, there are other steps you can take, including signing up for identity theft protection, freezing your credit reports or reaching out to your bank or credit card company to recover stolen funds. But don't forget to let the FTC and FBI know. Here's why. Why should you report fraud? When you report fraud, you're being a good samaritan -- and you may help reduce the chances of a specific scam hurting someone else. Both the FTC and the FBI's IC3 division study trends and update the public about popular swindles orchestrated by cybercriminals using information provided by everyday Americans. Some popular scams the agencies have warned about in recent months include toll road scams, fake USPS texts and criminals impersonating government agencies. "The more information the FTC and IC3 receive, the better statistics they can get and use to alert consumers," said Chelsea Binns, a certified fraud examiner and associate professor at CUNY John Jay College of Criminal Justice. The FTC and IC3 also release annual reports detailing trends from the previous year using submitted complaints. Data is broken down by age, state, the frequency of specific crimes and dollars lost to each fraud type. Both agencies allow consumers to receive email alerts about popular scams year-round. To sign up for FTC alerts, click here. You can sign up for IC3 alerts here. The FTC and IC3 also work with law enforcement to help catch cybercriminals. When you file a report with the FTC, it's added to its Consumer Sentinel database, which 2,800 federal, state, and local law enforcement partners across the country can access. Trained IC3 analysts similarly review and research complaints and pass along information to authorities. "This is how they can potentially build cases against fraudsters," Binns said. How do I report fraud to the FTC and FBI? You can report fraud-related scams to the FTC at Cyber-related crimes should also be reported to IC3 at Combined, these agencies received over 3.4 million complaints last year. Keep in mind that it's unlikely that you'll hear from the FTC or IC3 after you file a report -- despite your complaint being used to corroborate information or inform trends. If someone posing as a government official reaches out to you and demands money, offers you a prize or threatens to arrest you, it's a scam. If you're a victim of identity theft, a specific category of fraud, you can report your case to the FTC at or by calling 1-877-438-4338. The FTC will lay out steps to recover your identity based on the information you provide. Each of these steps, such as calling bill collectors and contacting bank fraud departments, can be time-consuming and may cost you money, especially if you have a lawyer handle it for you. If you have an identity theft protection service with white glove restoration services, this checklist can be completed for you. Can I get my money back after falling for a scam? Typically, unauthorized debit and credit card purchases are easier to reverse. If you send money to scammers yourself (like in a gold bar scam), getting your money back is more difficult. You should contact your bank as soon as possible so they can hopefully cancel a transaction. In cases where cryptocurrency is involved, payments are pretty much irreversible. Depending on the type of fraud you endured, you'll want to take basic steps like changing your password, enrolling in two-factor authentication and turning on alerts for purchases made on your credit and debit cards. You should also consider deleting saved payment info from websites, Binns said. In the weeks and months after falling victim to fraud, it's essential to be on guard against any stranger who contacts you promising to get your money back. "What will happen is the original fraudster will come to you posing as an organization or service that is going to help you recover the funds you've lost," she said. "And, in turn, it'll just be another scam."
