News forwarded from

Action Fraud, the UK’s national fraud reporting centre, has warned of three new “phishing” scams – two by email and one by letter – which can put passwords, bank account details and other personal information at risk.

This warning email contains

  • details of the crime prevention advice and notice of intended prosecution email scams 
  • content of letter scam supposedly from Lloyds Bank about unusual activity on your account


Two by email

1. The new crime prevention advice email scam purports to come [email protected] and contains the text “TO THE GENERAL PUBLIC Regards, Metropolitan Police Service.” The email includes an attachment titled ‘’.

This attachment contains malicious content (malware) which downloads the iSPY key logger to the victim’s device. This key logger records keystrokes, steals passwords stored in web browsers and Skype conversation records, takes pictures via webcam and stores the licence keys of software, such as Microsoft Office and Adobe Photoshop.

2. The notice of intended prosecution email scam purports to come from the Greater Manchester Police, with subject heading “Notice of Intended Prosecution” and “NIP - Notice Number” followed by a combination of letters and numbers. The text says the police intend to take proceedings against the driver of a motor vehicle, and gives details of the date and time, location of the speed camera, and vehicle speed.

A malicious link is hidden behind the “Check the photographic evidence” line in the email. This link delivers the GOZI/ISFP Banking Trojan malware, which steals online banking log-in details from victims.

One by letter

Lloyds customers have been warned to look out for fake bank letters (and no doubt the fraudsters will start sending them from other banks too). The letters are on what appears to be Lloyds headed paper, with the bank’s logo, address and signature from a customer service representative.
The letter tells recipients that there have been “unusual transactions” on their personal account and asks them to call a number highlighted in    bold to confirm they are genuine. When victims call the number, an automated welcome message is played and the caller is asked to enter their card number, account number and sort code followed by their date of birth and security numbers.