Scam updateΒ 1

Just a quick update to my previous story: Stumbling across a scam & a system inadequate to fight cybercrime


The initial story and has been generating a fair amount of noise on Twitter and that noise seems to be paying off! πŸŽ‰ πŸŽ‰ πŸŽ‰ πŸŽ‰

Yesterday I received a direct message from the NCSC (National Cyber Security Centre) on Twitter letting me know that they had seen the article and were looking into things. They then passed on the details to the City of London Police, or more specifically the Nation Fraud Intelligence Bureau who’s job it is to investigate fraud.

I have been told that anything that passed through Action Fraud usually ends up with the NFIB, and that Action Fraud is pretty much just a call centre sorting reports.

I had a call with NFIB today, and the gentleman I spoke to was very apologetic about the situation, but also mentioned the strain that we all know the Police are under. He also tells me that a new Action Fraud website is in the works, and that it should make reporting a lot easier in the future. I was also thanked for the effort I have gone to in trying to stop this, which is nice!

But what about the scam that is ongoing? Well, I was provided with a direct email to NFIB where I could send a proper report, including the evidence I had collected such as code and logs etc. I spent my lunch writing up another report (I’m getting good at it now πŸ˜†) and hit send.

The bloody thing bounced! The bounce email says it has been blocked. Let’s not jump to any conclusions. I may have noted the email down wrong.

I don’t have any other way of directly getting in contact with NFIB again so I have messaged the NSCS on Twitter for help. Hopefully they’ll reply tomorrow and we can sort this once and for all!


On Monday, before I had any contact from the Police, I decided it was time to deploy a counter measure. Monday was a particularly bad day for new victims, and I thought it was time to do something.

I have written a program that checks the victim log files every 10 minutes, looks for new victims, and anonymously emails them a warning. So far it has sent 45 emails, 44 of which have been opened and read.

In the email I explain they had fallen for a scam and that they should contact their bank immediately. I also provided a link to a news article about the scam in question. Only eight people have clicked this link so it seems they might be learning their lesson!

Hopefully these emails will prevent any money being taken.

I also created a small microsite showing the number of victims in realtime. The purpose of building this site was t0 help generate more noise and get noticed. Now that the Police are involved again it might not be needed, but regardless I will keep it up while the scam is still active.

If anything it might help apply pressure so we can get this sorted quickly. It has already taken far too long.

Fortunately it has been an unusually quite day today, and we have only had 3 new victims. Maybe the scammer has run out of numbers to text!