28 Jun, 2017 08:43 News

The Surrey and Sussex Cyber Crime Unit (CCU) arrested a 29 year old man and a 31 year old woman yesterday (Tuesday 25 June 2017), in Woking, on suspicion of fraud, as part of a multi-force operation.

The CCU executed the warrant and seized multiple items, as part of the operation in which four people have been arrested in total. The investigation is a result of a two year collaboration between Microsoft and City of London Police into the global problem of Computer Software Service Fraud (CSSF).

  • Worldwide losses thought to be in the hundreds of millions of pounds worldwide
  • Computer Software Service fraud is the number three reported crime to Action Fraud

Detective Inspector Rob Walker from the Surrey and Sussex Cyber Crime Unit said: “I am really pleased to work with the City of London Police and Microsoft to assist in combatting this crime, which affects so many people.

“Computer Software Service Fraud targets the vulnerable in our communities and I am determined to do all we can to bring those responsible to justice.

“By working with our partner forces and coordinating our policing response, we are able to effectively target these individuals and work towards tackling the growing threat of cyber crime. I would like to urge everyone to stay safe online and follow our prevention advice set out below.”

The arrests have come about as a result of work by the City of London Police and forensic and investigative services provided by Microsoft analysing tens of thousands of Action Fraud reports and working with other affected organisations, such as BT and TalkTalk to attempt to trace the source of the problem. This analysis and enquiries undertaken by the City of London Police have shown that many of the calls originate in India and that the worldwide losses from victims are thought to be in the hundreds of millions of pounds.

The collaboration with Microsoft was formed against a background of ongoing engagement with industry by the City of London Police to combat fraud in a diverse range of areas such as insurance and intellectual property.

For the financial year 2016/17, there were 34,504 Computer Software Service Fraud reports made to Action Fraud, the national fraud and cyber reporting centre, with attributed losses of £20,698,859. This accounts for 12% of all reports to Action Fraud, making it the third most reported fraud type. The average loss suffered by victims is £600 and the average age of victims is 62. Despite these losses the number of victims is thought to be much higher as analysis shows many fail to report.

Computer Software Service Fraud involves the victim being contacted and told that there is a problem with their computer and that, for a fee, the issue can be resolved. No fix actually occurs. Once the fraudster has access to the victim’s computer they can install software which could potentially be malicious. The victim is cold called the majority of times but recently there has been an increase in contact via a pop-up on the victim’s computer which then prompts them to phone the suspect.

The victim is persuaded to grant remote access to their computer and provide payment details. The fraudster then uses a variety of methods to obtain access to the victim’s bank account to extract large sums of money. The victim may also be contacted again later and are told they are due a refund and they are again asked for access to the account. The fraudster will use this opportunity to take more money.

The fraudster often claims to be calling from Microsoft, or other technology companies, in order to give them more credibility with the caller.

The two year collaboration came about due to the growth in reports of this crime to Action Fraud and Microsoft.

“Realising that you’ve fallen victim to a scam is a horrible experience for anyone. Not just the loss of money but also the feeling that you’ve been tricked and that your personal information has been stolen. Unfortunately, the names of reputable companies, like Microsoft, are often used by criminals to lull victims into a false sense of security. That’s why we partnered with the National Fraud Intelligence Bureau to track these people down and bring them to justice. It’s a collaboration which can cohesively combat and investigate computer service fraud. Today’s arrests are just the start.

We’d also like to reassure all users of Microsoft software that we will never cold call you out of the blue or use tech support pop ups on websites, Scammers can be extremely convincing, but if you think you have been contacted by them, please visit our website for guidance at https://www.microsoft.com/en-us/safety/online-privacy/avoid-phone-scams.aspx or get in touch with us directly through our contact page” – Hugh Milward, Director, Corporate, External and Legal Affairs, Microsoft UK

Commander Dave Clark, City of London Police and National Co-ordinator for Economic Crime said -
“These arrests are just the beginning of our work, making the best use of specialist skills and expertise from Microsoft, local police forces and international partners to tackle a crime that often targets the most vulnerable in our society.

Detective Superintendent Alan Veitch, of NERSOU, the North East Regional Special Operations Unit said: “We are determined to tackle online fraud, which we know affects many people across the UK.
“Tackling organised crime is a priority for us and we work together with other agencies to deal effectively with it by providing investigative and technical resources and doing all we can to safeguard victims.”

Advice to avoid Computer Software Service fraud

  • Computer firms do not make unsolicited phone calls to help you fix your computer. Fraudsters make these phone calls to try to steal from you and damage your computer with malware. Treat all unsolicited phone calls with scepticism and don’t give out any personal information.
  • Computer firms tend not to send out unsolicited communication about security updates, although they do send security software updates to subscribers of the security communications program. If in doubt, don’t open the email.
  • Microsoft does not request credit card information to validate copies of Windows. Microsoft does validate requests to download software from its website via its ‘Genuine Advantage Program’, but never asks for any personally identifying information, including credit card details.
  • The ‘Microsoft Lottery’ does not exist –so it’s not true if you’re told you’ve won.

For more advice, please see our Stay Safe Online page:

https://www.surrey.police.uk/advice/protect-yourself-and-others/staying-safe-online/