Here's some 'Timely' advice from Neighbourhood Watch about 'ONLINE SHOPPING'  (Allen Roochove, NCC Techno Buddy 17.11.23)

------------------------------------

Inactive Google Account Policy

(If you use Gmail then this is well worth reading - Allen Roochove, NCC Techno Buddy 27.08.23) 

A Google Account gives you Google-wide access to most Google products, such as Google Ads, Gmail, and YouTube, using the same username and password.

An inactive Google Account is an account that has not been used within a 2-year period. Google reserves the right to delete an inactive Google Account and its activity and data if you are inactive across Google for at least two years.

Google also reserves the right to delete data in a product if you are inactive in that product for at least two years. This is determined based on each product's inactivity policies.

How Google defines activity

A Google Account that is in use is considered active. Activity might include these actions you take when you sign in or while you're signed in to your Google Account:

• Reading or sending an email
• Using Google Drive
• Watching a YouTube video
• Sharing a photo
• Downloading an app
• Using Google Search
• Using Sign in with Google to sign in to a third-party app or service

Google Account activity is demonstrated by account and not by device. You can take actions on any surface where you're signed in to your Google Account, for example, on your phone.

If you have more than one Google Account set up on your device, you'll want to make sure each account is used within a 2-year period.

What happens when your Google Account is inactive

When your Google Account has not been used within a 2-year period, your Google Account, that is then deemed inactive, and all of its content and data may be deleted. Before this happens, Google will give you an opportunity to take an action in your account by:

• Sending email notifications to your Google Account
• Sending notifications to your recovery email, if any exists

Google products reserve the right to delete your data when your account has not been used within that product for a 2-year period.

December 1, 2023 is the earliest a Google Account will be deleted due to this policy. 

For further information, just click this link   https://support.google.com/accounts/answer/12418290?hl=en#zippy=  

----------------------------------------

 Ticket Fraud

(Received from Neighbour Alert - Allen Roochove, NCC Techno Buddy 24.04.23) 

If you are planning on buying tickets to an event this summer, take time to read Get Safe Online's advice on purchasing tickets online safely.  The link below link provides the latest advice listed on our website:

https://www.getsafeonline.org/ticketfraud/?utm_source=nw&utm_medium=email 

Whether it's cricket, tennis or a concert, however desperate you are, don't buy tickets from anyone apart from official vendors, the box office or reputable fan reseller sites.

With best wishes,

'The Get Safe Online' team

------------------------------------

Don't plug your phone into a free charging station, warns FBI

(Received from Malwarebytes Newsletter' and well worth a read - Allen Roochove, NCC Techno Buddy 17.04.23) 

April 12, 2023 by Pieter Arntz

In a recent tweet, the FBI office in Denver warned consumers against using free public charging stations, stating that criminals have managed to hijack public chargers with the objective of infecting devices with malware or other software that can give hackers access to your phone, tablet or computer.

"Avoid using free charging stations in airports, hotels or shopping centers. Bad actors have figured out ways to use public USB ports to introduce malware and monitoring software onto devices. Carry your own charger and USB cord and use an electrical outlet instead."

When asked, the FBI's Denver field office said the message was meant as an advisory, and that there was no specific case that prompted it. The method the FBI is referring to is often referred to as "juice jacking."

Imagine that the battery of your phone is dying and you're nowhere near a power outlet, would you connect your phone to any old USB port? A juice jacking attack uses a charging port or infected cable to exfiltrate data from the connected device or upload malware onto it. The term was first used by Brian Krebs in 2011 after a proof of concept was conducted at DEF CON by Wall of Sheep. When users plugged their phones into a free charging station, a message appeared on the kiosk screen saying:

"You should not trust public kiosks with your smart phone. Information can be retrieved or downloaded without your consent. Luckily for you, this station has taken the ethical route and your data is safe. Enjoy the free charge!"

While there are no known, recent cases of juice jacking, it's best to be aware of potential cyberattacks—you never know what will trigger the transformation of the hypothetical to the real. To avoid inadvertently infecting your mobile device while charging your phone in public, learn more about how these attacks could happen and what you can do to prevent them.

How would juice jacking work?

As you may have noticed, when you charge your phone through the USB port of your computer or laptop, you are also able to move files back and forth between the two systems. That's because a USB port is not simply a power socket. A regular USB connector has five pins, where only one is needed to charge the receiving end. Two of the others are used by default for data transfers.

USB connection table courtesy of Sunrom

Unless you have made changes in your settings, the data transfer mode is disabled by default, except on devices running older Android versions. The connection is only visible on the end that provides the power, which in the case of juice jacking is typically not the device owner. That means, any time a user connects to a USB port for a charge, they could also be opening up a pathway to move data between devices, with the following consequences:

• Data theft: during the charge, data is stolen from the connected device.
• Malware installation: as soon as the connection is established, malware is dropped on the connected device. The malware remains on the device until it is detected and removed by the user.

Data theft

In the first type of juice-jacking attack, cybercriminals could steal any and all data from mobile devices connected to charging stations through their USB ports. But there's no hoodie-wearing hacker sitting behind the controls of the kiosk, so how would they get all your data from your phone to the charging station to their own servers? And if you charge for only a couple minutes, does that save you from losing everything?

Make no mistake, data theft can be fully automated. A cybercriminal could breach an unsecured kiosk using malware, then steal the information from connected devices. There are crawlers that can search your phone for personally identifiable information (PII), account credentials, banking-related or credit card data in seconds. There are also many malicious apps that can clone all of one phone's data to another phone, using a Windows or Mac computer as a middleman. So, if that's what hiding on the other end of the USB port, an attacker could get all they need to impersonate you.

Cybercriminals are not necessarily targeting specific, high-profile users for data theft, either—though a threat actor would be extremely happy (and lucky) to fool a potential executive or government target into using a rigged charging station. However, the chances of that happening are rather slim. Instead, hackers know that our mobile devices store a lot of PII, which can be sold on the dark web for profit or re-used in social engineering campaigns.

Malware installation

The second type of juice-jacking attack would involve installing malware onto a user's device through the same USB connection. This time, data theft isn't always the end goal, though it often takes place in the service of other criminal activities. If threat actors were to steal data through malware installed on a mobile device, it wouldn't happen upon USB connection but instead take place over time. This way, hackers could gather more and varied data, such as GPS locations, purchases made, social media interactions, photos, call logs, and other ongoing processes.

There are many categories of malware that cybercriminals could install through juice jacking, including adware, cryptominers, ransomware, spyware, or Trojans. In fact, Android malware nowadays is as versatile as malware aimed at Windows systems. While cryptominers mine a mobile phone's CPU/GPU for cryptocurrency and drain its battery, ransomware freezes devices or encrypts files for ransom. Spyware allows for long-term monitoring and tracking of a target, and Trojans can hide in the background and serve up any number of other infections at will.

Many of today's malware families are designed to hide from sight, so it's possible users could be infected for a long time and not know it. Symptoms of a mobile phone infection include a quickly-draining battery life, random icons appearing on your screen of apps you didn't download, advertisements popping up in browsers or notification centers, or an unusually large cell phone bill. But sometimes infections leave no trace at all, which means prevention is all the more important.

How to avoid juice jacking

The first and most obvious way to avoid juice jacking is to stay away from public charging stations or portable wall chargers. Don't let the panic of an almost drained battery get the best of you. I'm probably showing my age here, but I can keep going without my phone for hours. I'd rather not see the latest kitty meme if it means compromising the data on my phone.

If you feel going through a part of your life without a phone is crazy talk and a battery charge is necessary to get you through the next leg of your travels, using a good old-fashioned AC socket (plug and outlet) will do the trick. No data transfer can take place while you charge—though it may be hard to find an empty outlet. While traveling, make sure you have the correct adapter for the various power outlet systems along your route. Note there are 15 major types of electrical outlet plugs in use today around the globe.

Other non-USB options include external batteries, wireless charging stations, and power banks, which are devices that can be charged to hold enough power for several recharges of your phone. Depending on the type and brand of power bank, they can hold between two and eight full charges. Power banks with a high capacity are known to cost more than US$100, but offer the option to charge multiple devices without having to look for a suitable power outlet.

If you still want the option to connect via USB, USB condoms are adaptors that allow the power transfer but don't connect the data transfer pins. You can attach them to your charging cable as an "always on" protection. Using such a USB data blocker or "juice-jack defender" as they are sometimes called will always prevent accidental data exchange when your device is plugged into another device with a USB cable. This makes it a welcome travel companion, and will only set you back US$10–$20.

Checking your phones' USB preference settings may help, but it's not a foolproof solution. There have been cases where data transfers took place despite the "no data transfer" setting.

Finally, avoid using any charging cables and power banks that seem to be left behind. You can compare this trick to the "lost USB stick" in the parking lot. You know you shouldn't connect those to your computer, right? Consider any random technology left behind as suspect. Your phone will thank you for it.

(Received from Malwarebytes Newsletter' - Allen Roochove, NCC Techno Buddy 17.04.23)

STOP, HANG UP, CALL 159 

New banking phone service for suspicious calls

At the end of September 2021, Stop Scams UK (www.stopscamsuk.org.uk) launched 159, a memorable short-code phone service that connects the vast majority of UK banking customers safely and securely with their bank when they receive an unexpected or suspicious call about a financial matter.

This breaks the scam 'journey' at the critical moment when you are at most risk of being manipulated into making a payment. So, even if scammers can make contact with you, that link will be broken by your call to 159, before any information is shared, any payment is made, and any harm is done.

How it works: 'Stop, Hang Up, CALL 159'

If you think someone is trying to trick you into handing over money or personal details.

Stop, hang up and call 159 to speak directly to your bank.

In the first half of this year criminal gangs stole over £245m by pretending to be your bank or another service provider.

159 is the memorable, secure number that connects you directly to your bank if you think you might be being scammed.

159 works in the same way as 101 for the police or 111 for the NHS. It's the number you can trust to get you through to your bank, every time.

Since 2014 UK Telecommunications Operators have significantly reduced the 'call clearing delay time' to under two seconds, meaning calling 159 will always be a route back to safety.

159 will never call you. Only a fraudster will object to you calling 159.

Stop Scams UK's vision for the future

Over 180,000 calls have now been made to 159, and they have ambitious plans to invest in the service further over the coming months.

They plan to integrate a new Intelligent Voice Response (IVR) system to route calls. This will streamline the calling process, provide a better service to users, and allow Stop Scams UK to support a wider number of banking destinations.

They intend to work with participating members to identify opportunities to integrate 159 with other aspects of their services. This could mean a customer identifying their bank to the IVR on a 159 call could in turn automatically trigger a push alert from their online banking app.

Stop Scams UK is also working towards making 159 a universal number offered by all telephone providers, similar to 101, 111 or 999.

Who can use 159?
The cost of calling 159 will vary according to your phone provider. In many cases this will be the same as a national rate call. Please ask your provider for details.

The banks that currently use 159 are:

Barclays   Co-operative Bank   First Direct   HSBC

Lloyds (including Halifax and Bank of Scotland)        

Metro Bank   Nationwide Building Society

NatWest (including Royal Bank of Scotland and Ulster Bank)     Santander         Starling Bank         TSB

The telephone companies involved in 159 are:

BT (including EE and PlusNet)    Gamma    O2 (including giffgaff)    Sky    TalkTalk    Three   Virgin Media   Vodafone

(Received from Neighbourhood Alert - Allen Roochove, NCC Techno Buddy 24.01.23)

What is phishing, and how does it work?

You wouldn't let a thief enter your home, but what if the thief was masquerading as someone familiar, such as a postman, and tricked you into opening the door? Phishing works in a similar way - criminals impersonate trusted organisations by creating legitimate-looking messages and websites in order to trick people into opening the doors to their personal information. Once criminals have this information, it can be used to perpetrate fraud and cyber crimes against you, or in your name.

How big is the problem?

Phishing attacks are a common problem faced by both individuals and businesses on a daily basis.

As of 31st May 2022, the National Cyber Security Centre's Suspicious Email Reporting Service (SERS) has received over 12mn reports from the public, and has removed over 83,000 scams and 153,000 malicious websites. The most impersonated organisations in phishing emails reported last year were the NHS, HMRC and GOV.UK.

Most phone providers are part of a scheme that allows customers to report suspicious text messages for free by forwarding it to 7726. When a text is reported to 7726, the provider can investigate the origin of the text and arrange to block or ban the sender, if it's found to be malicious. As of May 2022, 13,000 scams have been removed as a result of suspicious text messages reported using the 7726 service.

How can you protect yourself from phishing scams?

Most of the phishing scams reported to us have one thing in common, they started with an unexpected email or text message. Whether it's an email asking you to "verify" your bank account details, or a text message claiming you've been in close contact with someone that's got COVID, the goal of a phishing attack is usually the same - to trick you into revealing personal and financial information.

Here's some simple advice you can follow when it comes to dealing with phishing scams:

1 - If you have any doubts about a message, contact the organisation directly.

Don't use the numbers or address in the message - use the details from their official website. Remember, your bank (or any other official source) will never ask you to supply personal information via email.

2 - If you think an email could be a scam, you can report it by forwarding the email to: report@phishing.gov.uk. Send us emails that feel suspicious, even if you're not certain they're a scam - we can check.

3 - Most phone providers are part of a scheme that allows customers to report suspicious text messages for free by forwarding it to 7726. If you forward a text to 7726, your provider can investigate the origin of the text and arrange to block or ban the sender, if it's found to be malicious.

4 - If you've lost money or provided personal information as a result of a phishing scam, notify your bank immediately and report it to Action Fraud: www.actionfraud.police.uk 

For more advice on how to protect yourself online, visit:  https://www.ncsc.gov.uk/cyberaware/home 

(Received  from Neighbourhood Alert - Allen Roochove, NCC Techno Buddy 29.07.22) 

(Received today, 18.07.22, from Neighbourhood Alert - Allen Roochove)

The National Fraud Intelligence Bureau (NFIB) is warning the public about the continued increase in reports about scams where victims are targeted on WhatsApp by criminals pretending to be someone they know - typically their children.

Between 3rd February 2022 and 21st June 2022, there have been a total of 1235 reports made to Action Fraud linked to this scam, with total reported losses exceeding £1.5mn.

Criminals will usually begin the conversation with "Hello Mum" or "Hello Dad" and will say that they are texting from a new mobile number as their phone was lost or damaged. They will then ask for money to purchase a new one, or claim that they need money urgently to pay a bill

The criminal will provide bank details for the payment to be made to, with some coming back with further demands for money.

Detective Chief Inspector Craig Mullish, from the City of London Police, said:

"If you receive a message like this from a friend or family member, don't send any money until you've had a chance to call them and confirm their identity. Taking a moment to stop and think before parting with your money or information could keep you safe."

How to protect yourself:

16th April 2022

£150 ENERGY REBATE SCAM

Criminals are attempting to capitalise on the scheme by posing as government representatives over the phone, says the Local Government Association (LGA). Scammers are cold-calling people and asking for bank details in order for them to receive the government's £150 energy rebate, councils have warned.

REMEMBER - Banks will NEVER ask for personal details over the phone.

Nigel Minnis (Techno Buddy 19.01.22)

19th January 2022

Banks issue urgent warning to customers about 'new device registered' scam

Banks have issued an urgent warning to customers about a new scam doing the rounds.

Fake texts claiming to be from NatWest stating 'a new device has been registered with your account' are currently circulating.

The texts state 'a new device has been registered' and provide a link to follow.

Clicking the link on the message will send recipients through to a website that has nothing to do with the bank.

Some internet browsers may issue a warning the website is not legitimate.

The text is quite convincing - NatWest is named as the sender, and the message doesn't contain any glaring mistakes.

The scammer's goal is to get a victim to part with sensitive information, such as card numbers and online banking access codes.

But with the messages appearing admissible, what do you need to look out for?

Protecting yourself from fake texts

NatWest shared their top five tips for when you receive a text message asking you to follow a link:

1. Never give your Online Banking PIN, password, card reader codes or mobile app codes to anyone via text.

2. Do not phone the number included in the message, criminals on the other end might persuade you to give away personal information. You will always find the correct number on the official bank website.

3. Real NatWest text messages may contain links to our websites, but, like our emails, never link to pages that ask for any online banking or full card details.

4. If you have already clicked on a suspicious link, we advise you to run a scan with your antivirus software to check your device for any malicious software.

5. Make sure you have the latest anti-virus software on your device as it helps keep your device secure.

What to do if you are a victim of a fake text

If you believe you may have been the victim of a scam like this, let the bank know via its legitimate channels immediately  

Nigel Minnis (Techno Buddy 19.01.22)  

23rd November '21

"BEWARE" - £15M lost to online shopping scams last Christmas 

This is a message we received via Cheshire Police Alert. This information has been sent on behalf of Action Fraud (NFIB)

New data from Action Fraud, the national reporting centre for fraud and cyber crime, reveals that 28,049 shoppers were conned out of their money when shopping online over the Christmas period last year - an increase of almost two thirds (61 per cent) when compared to the same period in the previous year.

Ahead of Black Friday and Cyber Monday, Action Fraud is warning the public to take extra care when shopping online as reports of online shopping fraud have continued to surge. Here are some simple tips to help you and your family enjoy a secure online shopping experience this festive season.

Where to shop
Buying from an online store you haven't used before? Carry out some research first, or ask a friend or family member if they've used the site and about their experiences before completing the purchase.
Your information
Only create an account if necessary or to save you effort if you're going to use that site a lot in the future. Be cautious if the website asks you for details that are not required for your purchase, such as your mother's maiden name or the name of your primary school.
Payment method
When it's time to pay for your items, check there's a 'closed padlock' icon in the browser's address bar. Use a credit card when shopping online, if you have one. Most major credit card providers protect online purchases.
Phishing
Some of the messages you receive about amazing offers may contain links to fake websites. If you're unsure about a link, don't use it - go separately to the website.  Report suspicious emails you receive by forwarding them to report@phishing.gov.uk  Report suspicious text messages by forwarding them to: 7726.

Email accounts:
Make sure that your really important accounts (such as your email account or online shopping accounts) are protected by strong passwords that you don't use anywhere else

If things go wrong

If you've lost money to an online shopping scam, tell your bank and report it as a crime to Action Fraud - 0300 123 2040 - https://www.actionfraud.police.uk/   (for England, Wales and Northern Ireland) or Police Scotland https://www.scotland.police.uk/ (for Scotland). By doing this, you'll be helping to prevent others becoming victims of cyber crime.

For more of the government's latest advice on how to stay secure online, visit the Cyber Aware website: https://www.ncsc.gov.uk/cyberaware

(Allen Roochove, NCC 'Techno' Buddy 23.11.21)

12th November '21

This is a message sent via Cheshire Police Alert. This information has been sent on behalf of Action Fraud (NFIB)

23M people used 123456 as a password

Whether it's your Facebook, Amazon, or Netflix account, the explosion in popularity of online apps and services means more and more of us have to remember an increasingly long list of passwords.

Unfortunately, some of us cope with this challenge by resorting to practices that leave our data, devices and money at risk - by using the same password across multiple accounts, or by creating simple passwords that could easily be guessed by hackers. Bad password practice is more prevalent than you might think - the UK's National Cyber Security Centre carried out analysis of passwords leaked in data breaches and found that more than 23 million users worldwide used 123456 as a password. 

https://www.ncsc.gov.uk/news/most-hacked-passwords-revealed-as-uk-cyber-survey-exposes-gaps-in-online-security  

Here are some top tips that will make your life easier and your online accounts more secure:

1: Creating memorable passwords
A good way to create strong, memorable passwords is by using 3 random words. But remember, don't use words that can be guessed (like your pet's name). You can include numbers and symbols if you need to. For example, "RedPantsTree4!"

2: Saving passwords in your browser
Saving your password in your browser means letting your web browser (such as Chrome, Safari or Edge) remember your password for you.
This can help:

• make sure you do not lose or forget your passwords
• protect you against some cyber crime, such as fake websites

It is safer than using weak passwords, or using the same password in more than one place.

3: Email account passwords
If a hacker gets into your email account, they could:

• reset your other online account passwords
• access personal information you have saved about yourself or your business

Your email password should be strong and different to all your other passwords. This will make it harder to crack or guess.

6th November '21

For some unknown reason, around lunchtime, my daughter's mobile phone was not connecting - she lives in another part of the country.   We regularly 'WhatsApp' each other.   I tried calling her but didn't connect

Shortly after this I received a text message from a number I didn't recognise, and the message said,

Apparently from my Daughter?       - Dad, my other phone crashed.  But this is my temporary number (07810675909) 👍📲    You can save this one.  Message me if you've seen this

Me               -  Got it, what happened to the other one, hope it hasn't caught a virus, in particular Covid 😁 xxx

Daughter     - 🤣🤣🤣 Do you have a moment?!  Or are you busy right now?  My microphone is broken on this temporary device 😪💝

Me                - What number shall I ring?

Daughter     - I can't call, tomorrow I have my old number back

Me                 - I'll try your landline

Daughter     - I'm not home

Me                 - Is there any number I can call you on?

Daughter     - Noo

Me                  - Drat, what a pain 😌 - but at least you can text me 😎👍

Daughter     - I'm ashamed to ask you this.  Because of my new temporary phone, I can't access my banking app.... I've called the bank, and they temporarily disabled my account because I switched to my new number.    But I have an invoice I really need to pay today, is it maybe possible you can do the payment for me?

ALARM BELLS START  RINGING LOUD & CLEAR - "I've called the bank ........"    But I thought the phone was out of use/ broken etc etc etc !!!!!

Me                - Of course, just give me the details

Daughter     - Raymond Kisolokele                                                                                                        Sort code: 23-75-24                                                                                                                       Account Number: 11770303                                                                                                   Reference: KB01024                                                                                                                    Amount: £858.84

Me                  - I need to check that this message really did come from you so give me a call when you find a phone. Once I hear from you, I'll go ahead and pay the bill, okay?

Daughter     - Dad are you serious?

Me                   - Oh yes, I'm deadly serious, so before I part with £858.85 I must make sure this is really from you. Call me either on my landline or on my mobile

And from that moment on I no longer received 'WhatsApp' messages from my Daughter's 'new number'

Whilst all of this was going on, I kept trying to contact my daughter but without success
Eventually we made contact and I told her about what had happened
She was shocked and told me it clearly was a scam and how relieved she was that I hadn't paid it.  

She then went on to tell me about a huge pile of logs that had been delivered outside her house - but that's another story ......... 😎

However, they can also be bogus

Therefore, if you ever get such a message, before you actually go ahead and send/ transfer any money, make sure you actually speak to the friend or relative so that you know it's genuine.

In this particular scenario I would have also asked "My Daughter" a question which only she would know the answer, for example, 'What was the name of Aunty Matilda's favourite chicken?' just to double-check it really is my Daughter that I'm speaking to!

11th October '21

Sensible advice received from the Coventry Building Society

Common scams - how to recognise and avoid them

Scammers are always finding new ways to trick us out of our money - they even used coronavirus to scare us into buying fake tests and protective equipment. The best way to stay safe is to be aware of the scams and the tactics fraudsters use, below are some of their latest scams.

Investment scams

While interest rates remain low, investment scams are becoming even more common. Unfortunately, any investment that promises a high return with very little risk is probably a scam. You could even invest in something that doesn't exist and lose all your money. Be especially cautious if the contact in uninvited, and it's through a cold call, email or letter you didn't expect.

Cryptocurrency investment scams

This is where criminals persuade people to invest in a cryptocurrency, using websites that show fake investments and big profits. Often they'll disappear once you've invested your money. Cryptocurrency is unregulated, so if something goes wrong, no one can help you get your money back.

Ask yourself if it sounds too good to be true, don't make a decision quickly, and take professional financial advice if you're unsure or worried.

Account takeovers

Just a few personal details could be enough for a scammer to take over your online bank, building society or credit card account and start making fraudulent payments - with your money. Criminals could use phishing, malicious Wi-Fi or malware to steal your details, so don't click links in unexpected emails or open their attachments, and don't give out confidential information over the phone.

Change your online passwords regularly and use a unique one for each of your online accounts. Be careful with your social media - lock down your security settings so that no one can find your email address, phone number or date of birth.

27th September '21

Received from 'NEIGHBOURHOOD ALERT'' 

Cold Callers Offering To Clean Driveways In Little Neston

Police have received reports of males cold calling at homes in Little Neston offering to clean driveways for amounts of up to £450.

The males have been described as having Irish accents and having a blue van and a white van, both with Irish number plates.
Police advise not to accept offers of work from unknown trades persons, as not all are genuine.
They will often quote a price and then come back with a "special offer" for a quick sale.
Never agree to work if you are put under pressure, and contact Trading Standards if in any doubt (0808 223 1133).

Message Sent By Linda Conway (Cheshire Police, Ellesmere Port LPU, Little Neston and Burton PCSO)

7th August '21  

Received from 'Action Fraud'  www.actionfraud.police.uk  

            "Alert" - Vaccine Passport Scams

'Action Fraud' has received over 700 reports from members of the public about fake emails purporting to be from the NHS. 

The emails claim to be able to provide people with a "digital passport" that "proves you have been vaccinated against COVID-19". These emails are fake, and the links within them lead to genuine-looking websites that steal your personal and financial information.