Peter Tomlinson | 3 Dec 18:25 2011
Picon

Reporting scam emails to Met Police

For some time the Met Police have been inviting the forwarding of scam 
emails to National Fraud Authority <email@...>. I
have 
just now sent them one, having not sent any for a while. PlusNet (which 
I use for sending, but I receive by clicking through to another ISP that 
hosts my incoming email service) has been very actively blocking 
reporting of them when Cloudmark has already picked up and banned the 
URL of the malevolent web site that the body of the email sends you to - 
but today one got through to actionfraud, and I got the response copied 
below:

    Thank you for your email.

    Reporting scam emails has changed and we are no longer taking emails
    through email@...

    If you would like to report a scam email, a fraud or need guidance
    on fraud and how to protect yourself, please go to
    www.actionfraud.org.uk. Action Fraud is the UK's national fraud
    reporting centre.

    To report a crime that is not fraud related please contact your
    local police. Police force contact details can be found at
    www.police.org.uk.

    To make an anonymous crime report please phone Action Fraud on 0300
    123 2040.

The email from actionfraud suggests that you can report a scam email on 
their web site, but my reading of their web site process is that they 
(Continue reading)

Chris Salter | 4 Dec 04:10 2011

Re: Reporting scam emails to Met Police

On 03/12/2011 17:25, Peter Tomlinson wrote:

[snip for the purposes of this reply only]

> I wonder why the change has occurred and how we are combating scammers
> now (but the answers may be something that should not be posted on a
> list such as this one).

For the narrower scam category of 'Phishing', a reporting facility that 
can be mentioned here is the APWG (Anti-Phishing Working Group).

http://www.apwg.org/

--

-- 
Chris Salter
http://www.originalthinktank.org.uk/
http://www.post-polio.org.uk/

Peter Sommer | 4 Dec 08:45 2011

Re: Reporting scam emails to Met Police

The cyber security strategy document published on 25 November shows the 
longer term aims of the NCSP:

4.33 In parallel we are taking action to make sure that it is simple and 
straightforward for members of the public to report cyber crimes. Of 
course this should include being able to do so online.
4.34 Over half of all police forces already provide a facility for the 
public to report crime online, though these range from basic systems for 
certain crime types to fully integrated crime reporting tools. We will 
support forces to move to full online crime reporting by helping them 
identify good practice.
4.35 People are already encouraged to report fraud, including cyber 
fraud, through the internet, using the Action Fraud tool. We will make 
it easier for people to do this by improving its accessibility and 
functionality. Crime reports can currently take up to 30 minutes to 
complete online. We will aim to reduce that time by a half.
4.36 As well as allowing the police to follow up directly on individual 
crimes, better reporting will help build our intelligence picture 
through the National Fraud Intelligence Bureau, improving the targeting 
of enforcement resources and feeding into crime prevention advice.

These are, of course,ambitions...

Peter Sommer

On 03/12/2011 17:25, Peter Tomlinson wrote:
> For some time the Met Police have been inviting the forwarding of scam 
> emails to National Fraud Authority <email@...>. I
have 
> just now sent them one, having not sent any for a while. PlusNet 
(Continue reading)

Peter Tomlinson | 4 Dec 15:15 2011
Picon

Re: Reporting scam emails to Met Police

Thanks, Peter. I had read only the summary of that document.

But of course what I'm looking for (and I think we had it for a few 
months) is pro-active action to block access to the phishing sites. 
Although I had read somewhere that such access really needs to be 
blocked within an hour of the messages starting to be sent to us targets...

However, in PlusNet's hands, Cloudmark is being used to inspect all 
outgoing mail, without knowing if it is malicious or an honest attempt 
to combat criminality.

Is the mere act of sending a phishing or other scam email a criminal 
offence? If so, we ought to be able to report it through actionfraud, 
but it appears that they don't want that.

Peter

On 04/12/2011 07:45, Peter Sommer wrote:
> The cyber security strategy document published on 25 November shows 
> the longer term aims of the NCSP:
>
> 4.33 In parallel we are taking action to make sure that it is simple 
> and straightforward for members of the public to report cyber crimes. 
> Of course this should include being able to do so online.
> 4.34 Over half of all police forces already provide a facility for the 
> public to report crime online, though these range from basic systems 
> for certain crime types to fully integrated crime reporting tools. We 
> will support forces to move to full online crime reporting by helping 
> them identify good practice.
> 4.35 People are already encouraged to report fraud, including cyber 
(Continue reading)

Chris Salter | 4 Dec 17:06 2011

Re: Reporting scam emails to Met Police

On 04/12/2011 14:15, Peter Tomlinson wrote:
> Thanks, Peter. I had read only the summary of that document.
>
> But of course what I'm looking for (and I think we had it for a few
> months) is pro-active action to block access to the phishing sites.
> Although I had read somewhere that such access really needs to be
> blocked within an hour of the messages starting to be sent to us
> targets...
>
> However, in PlusNet's hands, Cloudmark is being used to inspect all
> outgoing mail, without knowing if it is malicious or an honest
> attempt to combat criminality.
>
> Is the mere act of sending a phishing or other scam email a criminal
>  offence? If so, we ought to be able to report it through
> actionfraud, but it appears that they don't want that.

I would have thought Phishing is a global issue requiring global
cooperation to combat it. The APWG appears to be a global response as
can be seen from its list of members and research partners.

http://www.apwg.org/sponsors.html#sponsors

Scanning down the list you will find APACS (The UK Payments Association)
and its public information site, Bank Safe Online.

http://www.ukpayments.org.uk/

http://www.banksafeonline.org.uk/

(Continue reading)

Peter Sommer | 4 Dec 17:33 2011

Re: Reporting scam emails to Met Police

On 04/12/2011 14:15, Peter Tomlinson wrote:
> Is the mere act of sending a phishing or other scam email a criminal 
> offence? If so, we ought to be able to report it through actionfraud, 
> but it appears that they don't want that.

Fraud Act, 2006, s 2:  "fraud by false representation"

Part of the problem at the moment that PCeCU, SOCA e-crime and the City 
of London Police all claim jurisdiction over these offences - it is this 
confusion that the new government strategy is supposed to overcome.  
However all that is being said is that there will be a consolidation,  
not how it will be achieved.

Peter Sommer

Roland Perry | 4 Dec 17:45 2011

Re: Reporting scam emails to Met Police

In article <4EDBA0CA.8050307@...>, Peter Sommer 
<peter@...> writes
>> Is the mere act of sending a phishing or other scam email a criminal 
>>offence? If so, we ought to be able to report it through actionfraud, 
>>but it appears that they don't want that.
>
>Fraud Act, 2006, s 2:  "fraud by false representation"
>
>Part of the problem at the moment that PCeCU, SOCA e-crime and the City 
>of London Police all claim jurisdiction over these offences - it is 
>this confusion that the new government strategy is supposed to 
>overcome.

Surely they all could have jurisdiction, but they might be contending 
for who is the "lead authority".

>However all that is being said is that there will be a consolidation, 
>not how it will be achieved.

It's worth considering reinstating the function of the NHTCU, being both 
an adviser to local forces, but also investigating the whole range of 
issues (not just the "serious" ones).
--

-- 
Roland Perry

Ian Mason | 4 Dec 17:47 2011
Picon

Re: Reporting scam emails to Met Police


On 4 Dec 2011, at 14:15, Peter Tomlinson wrote:

> Is the mere act of sending a phishing or other scam email a criminal  
> offence? If so, we ought to be able to report it through  
> actionfraud, but it appears that they don't want that.

Under English law all attempts at committing criminal offences are  
themselves criminal offences. Collectively with conspiracy to commit  
and incitement to commit, these are known as inchoate offences. It is  
highly likely that a court would regard the sending of an email, with  
intent to commit fraud, as reaching the standard necessary to commit a  
criminal attempt, even if the substantive offence of fraud never  
actually occurs.

Ian

Peter Sommer | 4 Dec 18:09 2011

Re: Reporting scam emails to Met Police

True, but s 2 Fraud Act obviates the need to go the inchoate route, the 
email's false representation is the offence:

Fraud by false representation
(1)A person is in breach of this section if he—
(a)dishonestly makes a false representation, and
(b)intends, by making the representation—
(i)to make a gain for himself or another, or
(ii)to cause loss to another or to expose another to a risk of loss.
(2)A representation is false if—
(a)it is untrue or misleading, and
(b)the person making it knows that it is, or might be, untrue or misleading.
(3)“Representation” means any representation as to fact or law, 
including a representation as to the state of mind of—
(a)the person making the representation, or
(b)any other person.
(4)A representation may be express or implied.
(5)For the purposes of this section a representation may be regarded as 
made if it (or anything implying it) is submitted in any form to any 
system or device designed to receive, convey or respond to 
communications (with or without human intervention).

On 04/12/2011 16:47, Ian Mason wrote:
> Under English law all attempts at committing criminal offences are 
> themselves criminal offences. Collectively with conspiracy to commit 
> and incitement to commit, these are known as inchoate offences. It is 
> highly likely that a court would regard the sending of an email, with 
> intent to commit fraud, as reaching the standard necessary to commit a 
> criminal attempt, even if the substantive offence of fraud never 
> actually occurs. 
(Continue reading)

Clive D.W. Feather | 4 Dec 18:15 2011

Re: Reporting scam emails to Met Police

Peter Sommer said:
> Fraud by false representation
> (1)A person is in breach of this section if he?
> (a)dishonestly makes a false representation, and
> (b)intends, by making the representation?
> (i)to make a gain for himself or another, or
> (ii)to cause loss to another or to expose another to a risk of loss.

Note that you need to show real loss, not just damage to reputation or
something like that:

5.
(1)The references to gain and loss in sections 2 to 4 are to be read in
accordance with this section.
(2)"Gain" and "loss" -
(a)extend only to gain or loss in money or other property;
(b)include any such gain or loss whether temporary or permanent;
and "property" means any property whether real or personal (including
things in action and other intangible property).
(3)"Gain" includes a gain by keeping what one has, as well as a gain by
getting what one does not have.
(4)"Loss" includes a loss by not getting what one might get, as well as a
loss by parting with what one has.

--

-- 
Clive D.W. Feather          | If you lie to the compiler,
Email: clive@...     | it will get its revenge.
Web: http://www.davros.org  |   - Henry Spencer
Mobile: +44 7973 377646

(Continue reading)


Gmane