Known attempts at fraud

Occasionally there will be attempts by scam artists to trick residents into giving or transferring them money, whether on the doorstep, over the telephone or via email.

Where we become aware of specific attempts that could affect our residents, we will update them here.

Suspicious email - August 2021

Plentific, who we work with to complete repairs, have made us aware that fraudulent emails (known as phishing emails) have been sent to some Notting Hill Genesis residents from Plentific’s support address (support@plentific.com).

We are not aware of any of our residents having been adversely affected by this incident. As a precaution, we have written to those we understand could have received the phishing email to warn them to be alert for suspicious emails.

The incident involves affected people receiving an email that falsely claims to be from Plentific. There are at least two versions of the email, but they both claim that Plentific is now using cryptocurrency and that the recipient should transfer an amount of cryptocurrency (Bitcoin or Ethereum) into specific Bitcoin or Ethereum wallets.

How we’ve responded

Plentific notified everyone for whom they hold email addresses about what had happened as soon as they became aware of the incident late on the evening of Monday 26 July. We understand that this might have included some Notting Hill Genesis residents.

We were notified of the incident on Tuesday 27 July and have been working since to understand who has been affected and to what extent. Now that we have more information, we have written to residents who we understand could have received the phishing email as a precaution and to warn them to be alert for suspicious emails.

Both the Information Commissioner’s Office and the Regulator for Social Housing have been informed of the incident.

Our relationship with Plentific

We have a contract with Plentific to provide repairs. That contract allows Plentific secure and encrypted access to information about our properties, including residents’ names addresses and contact details, so that operatives on their online platform can complete repairs on our behalf. The platform does not hold any financial information or passwords.

Individual tradespeople do not have access to our database, but are given names, addresses and contact details for specific residents once they’ve been contracted to complete a repair. This means that they can deal directly with residents rather than having to communicate via local officers, which generally means repairs can be completed more quickly.

Risks to residents

Based on the information we have so far, we don’t believe that data has been used to do anything other than send the phishing email to a sub-set of our residents. The Plentific platform does not contain financial information or passwords.

What to do if you’re concerned

The National Cyber Security Centre (NCSC) advises people to take the following steps if they’ve responded unwittingly to a suspicious email or other communication.

  • If you’ve been tricked into providing your banking details, contact your bank and let them know.
  • If you think your account has already been hacked (you may have received messages sent from your account that you don't recognise, or you may have been locked out of your account), refer to NCSC’s guidance on recovering a hacked account.
  • If you received the message on a work laptop or phone, contact your IT department and let them know. 
  • If you opened a link on your computer, or followed instructions to install software, open your antivirus (AV) software if you have it, and run a full scan. Allow your antivirus software to clean up any problems it finds. 
  • If you've given out your password, you should change the passwords on any of your accounts which use the same password.
  • If you've lost money, tell your bank and report it as a crime to Action Fraud. By doing this, you'll be helping the battle against criminal activity, and in the process prevent others becoming victims of cyber crime.

Vaccine passport scam - August 2021

We have been contacted by Action Fraud after hundreds of reports from members of the public about fake emails claiming to be from the NHS. They claim to provide you with a "digital passport" to prove you have been vaccinated against Covid-19 and link you to a genuine-looking website that steals personal or financial information.

These emails are fake and the NHS will never ask for your bank account or card details, or your PIN or banking details.

If you receive a call you believe to be fraudulent, hang up. If you are suspicious about an email, report it by forwarding the email to report@phishing.gov.uk. Suspicious texts can be forwarded free of charge to 7726.