We’ve been made aware that fraudsters are sending out fake text messages offering a COVID-19 vaccine in an attempt to steal personal and financial information.
The text offers a link to an extremely convincing fake NHS website where people are asked to input their bank details to register for a vaccine.
The scam message reads: “We have identified that you are eligible to apply for your vaccine” and then prompts you to click on a link for further information or to ‘apply’ for the vaccine.
Cold callers are also asking people to pay for the vaccine over the phone.
Please remember that there’s NO CHARGE for the vaccine.
Major organisations like The Edinburgh Health and Social Care Partnership will NEVER send unsolicited emails or texts asking for banking details.
If you receive a text or email that asks you to click on a link or for you to provide information, such as your name, credit card or bank details, IT’S A SCAM.
You should never give out personal details to organisations or people before verifying their credentials first, even if the message appears to be genuine.
The Insurance Fraud Bureau (IFB) is warning members of the public to watch out for insurance scams that continue to exploit the financial loss people are facing as a result of the disruption of Covid-19.
Currently at least one insurance scam takes place each minute in the UK leaving victims devastated and costing honest consumers more than £3 billion each year. There are concerns the current economic climate could see this figure rise further.
The IFB which is at the heart of the UK’s fight against organised insurance fraud has identified several scams that the public should be aware of.
Delivery driver job ad scams
IFB Investigators have noticed more fraudsters are exploiting the state of the job market by using recruitment as a tool to phish for personal information and insurance details from job applicants.
Most notably, this has been seen with bogus delivery driver roles which are frequently being advertised on social media and some classified ad websites.
Job seekers will be told that their application has been successful and then asked to hand over their details, leaving them with their identities stolen and their insurance policy being used to help facilitate ‘Crash for Cash’ scams – often used to fabricate road traffic collisions.
With more people out of work due to the disruption of Covid-19 and a surge in demand for delivery services, job applicants should be extra cautious of any suspicious looking job ads.
Compensation scams
This is when a fraudster or unscrupulous firm contacts someone out of the blue to tell them they may be entitled to compensation.
If convinced, victims will hand over their personal details which can be used to steal their identity or bank funds, or they could be encouraged to take out a fraudulent insurance claim.
With record numbers out of work or losing money due to the disruption of Covid-19, these scammers may offer to recover financial losses incurred as a result of the pandemic.
‘Ghost Broker’ scams
A ‘Ghost Broker’ is a fraudster who poses as an insurance provider to sell unrealistically cheap fraudulent insurance deals, typically through social media and online ads.
Some ‘Ghost Broker’ fraudsters have also been found to be promoting deals that are exclusively for Key Workers.
‘Ghost Broker’ scams are rising. The IFB has seen its percentage of investigations into the issue double in recent years. Research also shows one in three 18-24 year-olds has seen a suspicious insurance advert on social media.
Ben Fletcher, Director of the IFB, said:“Insurance fraud thrives in times of financial hardship and the continued disruption of Covid-19 sadly keeps bringing opportunities for fraudsters to target those most vulnerable. From the elderly to key workers, we’ve seen them get targeted.
“It’s never been more important for the public to remain vigilant to the slew of scams out there. If anyone sees something that doesn’t look right, they should report it to the IFB’s confidential Cheatline straight away on 0800 422 0421.”
Evidence of an insurance scam can be reported to the IFB’s confidential and anonymous Cheatline (powered by Crimestoppers) on 0800 422 0421 or online.
The IFB uses information from Cheatline reports to work with insurers, the police and industry watchdogs to help fight fraud, keep people safe and keep consumer costs down.
More information on a wide range of common insurance scams can be found on the IFB’s Stop the Scams campaign page.
Police Scotland is running a major campaign to help people protect themselves from fraud – which has become one of the most commonly experienced crimes in the country.
Cases of criminals exploiting vulnerable and unsuspecting people and persuading them to part with money or personal information are continuing to rise.
During the six-week campaign, in partnership with Take Five to Stop Fraud, officers will also warn that criminals are becoming more sophisticated and convincing in their methods, and taking advantage of advances in technology.
Latest Scottish Government figures show that in 2019-20, fraud increased by 23% and since 2010-11 has gone up by 33%.
In the last year (April 2019- March 2020) there were 11,939 crimes of fraud recorded in Scotland – including many committed online, as criminals use the internet more and more to target victims. An increase of 2,264 crimes the previous year.
Throughout the campaign members of the public and businesses will be encouraged to follow straightforward and impartial advice – Stop, Challenge and Protect – aimed at reducing the chances of becoming a victim of financial fraud. This includes online fraud, email deception as well as phone-based and social media scams.
Essential information will be advertised on social media, digital screens as well as on Spotify.
Deputy Chief Constable Malcolm Graham said: “Fraud, in any form, is a despicable and cowardly crime with, often anonymous criminals targeting the most vulnerable people in our communities. We know these faceless crooks will take any opportunity to exploit any situation to their own nefarious advantage.
“We are well aware that fraud continues to rise and want to take the opportunity to warn the public and businesses take a few steps to protect themselves and remain vigilant.
“Our advice is clear and the public should be aware that a telephone call, email or text may not be from the person or organisation it appears to come from. Never click on a link from an unsolicited email or text, and remember that banks, police or other legitimate organisations will never ask you for personal banking information or ask you to move funds to a different account.
“With people spending more and more of their time in the cyber and digital space and the growth of the internet has seen otherwise traditional crimes, such as fraud, being carried out online. Our ambitious Cyber Strategy, published in September, sets a clear direction for how we will tackle the threat, risk and harm from digitally-enabled crimes including fraud.”
Cabinet Secretary for Justice Humza Yousaf said: “While levels of crime including those involving robbery, housebreaking and theft have fallen over the last decade, reported cases of fraud have risen by a third over the same period, at a time when we have all increased our use of online and mobile technologies.
“During 2020 we have seen unscrupulous individuals using the lockdown and on-going restrictions as an opportunity to target some of our most vulnerable citizens and exploit businesses. Such criminal behaviour is absolutely abhorrent and the Scottish Government is working with police and other partners to pursue those who cause harm and misery to our communities and to support people to stay safe.
“As we enter the festive season, I welcome Police Scotland’s timely campaign urging people to ‘stop, challenge and protect’ in order to help households, businesses and communities to keep themselves safe and secure this Christmas and into 2021. In addition anyone can sign up to receive trusted alerts and advice from Neighbourhood Watch Scotland on a range of safety and security issues targeted to their local area.”
Katy Worobec, Managing Director of Economic Crime at UK Finance said: “The banking and finance industry is committed to protecting customers from scams and is working closely with law enforcement and others to target the criminal gangs responsible, with almost £7 in £10 of fraud prevented in the first half of this year.
“Criminals are experts at impersonating people, organisations and the police. Particularly with the impact of Covid-19 and an increasingly digitised society, criminals are ruthlessly adapting their methods to target consumers online, via social media and over the phone.
“These scams are often sophisticated and well-researched: we encourage customers to be wary of unsolicited calls, emails, or text messages and avoid clicking in links in any unexpected correspondence.
“We would urge people to follow the advice of the Take Five to Stop Fraud campaign to keep themselves safe from fraud. Always take a moment to stop and think before parting with your money or information, and don’t let a criminal rush or panic you into making a decision that you’ll later come to regret.”
Deputy Chief Constable Graham added: “Sadly, during the current pandemic when people have been at home, the occurrence of fraud has also risen. Our management information showed that fraud increased by 45% in the first six months of 2020-21 compared to the same period last year.
“Police Scotland is absolutely committed to working with a wide range of partners to pursue anyone who sets out to cause harm and misery in our communities and make Scotland a hostile environment for them to operate.
“We remain vigilant and I would urge the public to do the same to reduce the risk of becoming a victim.”
New research reveals that nearly half (49%) of UK adults have not installed or didn’t know whether their mobile phone has security software. So keeping personal data safe from hackers has never been more important.
In the wrong hands, stolen data can be used by hackers for illegal activity such as applying for loans or credit cards under a victim’s name, or bank accounts being accessed and money withdrawn.
To help keep data safe, leading insurance provider, Insurance2go, shares five ways mobile phone users can help to protect personal data stored on their device.
Be cautious of public Wi-Fi
Using public Wi-Fi is great for those who have a low data allowance, or are running out of mobile data. However, public networks often don’t provide a secure connection, making it easy for hackers to use them to access personal data.
Hackers targeting public Wi-Fi hotspots are able to use what is known as a ‘man-in-the-middle’ attack, which is when a hacker intercepts financial information, passwords and log-in information through a public network.
Always avoid using mobile banking apps or making online purchases whilst logged onto a public Wi-Fi network. For those who do need to use public Wi-Fi, use a Virtual Private Network (VPN) app. A VPN can protect data from getting into the wrong hands by encrypting online data and keeping personal information secure when using a public Wi-Fi connection.
Turn off ‘sharing’ settings when not in use
Smartphone features that share a location should be used with caution and always turned off when not in use. Features such as Bluetooth, Wi-Fi, location services, mobile data and Near Field Communication (NFC) are susceptible to hacking, especially Bluetooth location services as they transmit a device’s location and presence.
Hackers can easily get hold of personal information and data through features that mark a phone as ‘visible’, so always make sure to disable such features when they are not needed.
Only download legitimate apps
Downloading illegitimate apps is another way to open your personal data up to hackers. Often, apps hosted on some websites or third-party app stores can contain malware and can access data once downloaded. It’s recommended that users only download apps from the official app stores, so App Store for iOS users, Google Play for Android users or the AppGallery for Huawei owners.
Be wary of app permissions
When an app is first downloaded, it often asks for ‘permission’ to access certain features or information held on a mobile phone. From the camera roll, to your speaker, location or phone contact list, apps can ask for a range of permissions in order for certain functions to work.
Be cautious of what information an app is requesting access to and question whether the app actually needs that information. For example, a photo editing app doesn’t need contact list information in order to function correctly, so take the time to properly think about whether or not that information is needed.
Viral video app, TikTok, recently came under fire for security issues in the US, with reports claiming that the Pentagon warned U.S. military personnel in January to delete TikTok from their phones and India, last month, banned Tik-Tok amongst other apps, over security and privacy concerns so it’s always important to review what permissions are being asked for by an app.
Avoid using auto-login
Whilst it’s recommended to have a variety of passwords for online accounts rather than the same password, auto-login gives hackers easy access to personal data by simply opening up an app or webpage. For those likely to forget multiple passwords, note them down in a secure, password protected note on a phone, or in a notebook that is kept secure and stored away.
And it’s not just using your mobile phone that can open your personal data up to hackers. What happens if your mobile phone is lost or stolen? Insurance2go shares some useful tips for people who might find themselves in this scenario and want to keep their personal data safe:
Firstly, report the phone as missing to the network provider, who can suspend or disconnect the service to the phone. This can help stop any authorised use of the phone if it falls into the wrong hands.
If the mobile phone is known to be stolen, inform the police who will be able to provide a crime number, which can be used if the user needs to inform an insurance provider.
Most smartphones now have a built in ‘kill switch’, which can allow a user to remotely deactivate a device if it’s lost or stolen. In order to work, the feature needs to be enabled. For iPhone users, the ‘Activation Lock’ can be enabled within the‘Find My’ app to help keep data safe. Firstly, go to the‘Find My’app > Tap thedevices tab and choose which device is lost or stolen, then tap Activate under ‘Mark as Lost’and follow the prompts on screen. Android users can enable the kill switch with ‘Find My Device’. Go to Settings >Google>Security, then turn on ‘Remotely locate this device’and ‘Allow remote lock and erase’.
Finally, immediately change passwords for any accounts or apps that can be accessed on the mobile phone. Prioritise any important accounts first, such as online banking and other associated accounts.
Richard Gray, Head of Marketing and Digital, at Insurance2go said: “Our mobile phones are home to lots of stored data and without correctly protecting your personal information, it could easily land in the wrong hands.
“‘SIM-jacking’ is a common method where hackers are able to use stolen data to obtain a Porting Authorisation Code (PAC). This can then be used to switch the victim’s phone number to another phone on another network, helping them gain access to a range of personal data and information, often including banking details.
“Protecting data stored on a mobile phone is extremely important. Hackers are often creating new ways to get a hold of our data, so we hope that by sharing our tips, we can help people avoid getting caught out by fraudsters.”
A fraudster may call pretending to be from the victim’s bank advising of suspicious activity and thereafter induces the victim to hang up the telephone and call the number on the back of their bank card.
In these cases the fraudster stays on the line pretending to be a representative of the bank, then instructs the victim to transfer money into a ‘safe account’.
Fraudsters are cunning, creative and often very convincing.
Your bank will never ask you to transfer money into another account. If you receive a phone call, apparently from your bank, under the above circumstances, call into your local branch or phone your bank using a different telephone.
Social media users are seriously underestimating their chances of falling victim to online fraud and suffering devastating emotional and financial consequences because tech giants are not doing enough to warn and protect them, Which? is warning.
The consumer champion’s latest research using an online community of Facebook users showed that a majority were lulled into a false sense of security by the platform’s social nature. They mistakenly assumed they could spot fraud and that the company’s systems would protect them effectively.
However Which? found a third of participants did not know that fake products might be advertised on the site – putting them at risk of falling victim to purchase scams. A quarter did not spot an investment scam advert with a fake endorsement from a celebrity.
If this was to be replicated across Facebook’s user base of 44 million Britons, huge numbers of users could potentially be at risk from fraudsters who lure in victims with fake accounts, posts and paid-for ads on the site.
The financial consequences for those tricked by these fraudsters as well as those who post scam adverts on websites and search engines like Google can be devastating.
Which? has heard from many victims of these types of scams – including a man who lost almost £100,000 after clicking on an online investment advert featuring fake endorsements from MoneySavingExpert’s Martin Lewis and Deborah Meaden from BBC show Dragons’ Den.
The emotional consequences are equally serious. Scam victims told Which? that it had shaken their confidence in themselves and their ability to trust other people. A woman who lost £30,000 to an investment scam which featured prominently on Google said she still feels shame and despair 15 months on from her ordeal, adding: “It breaks you as a person.”
Which? is calling on the Department for Digital, Culture, Media and Sport (DCMS) to act now and include online scams in the upcoming Online Harms Bill so that consumers are protected from this huge and growing problem.
Which? carried out in-depth research with an online community of Facebook users over 10 days, and also conducted a nationally representative online survey including 1,700 Facebook users, as part of its new policy report ‘Connecting the world to fraudsters? Protecting social media users from scams’.
The research found that older social media users are often more concerned about scams, and perceived as being at greater risk by their fellow users. But the findings suggested that younger people may actually be more susceptible to scams as they are more persuadable and more likely to take risks, such as taking part in online shopping and quizzes used by some fraudsters.
Knowledge among users of what Facebook does to protect people from becoming a victim of a scam was low, although users assumed Facebook did have systems and processes in place. However, when details of Facebook’s actual systems and processes were explained, users were sceptical about their effectiveness and questioned whether they are sufficient.
Just three in 10 (30%) respondents to Which?’s online survey of Facebook users said they were aware of the scam ad reporting tool introduced by the site in 2019. Only a third of these, 10 per cent overall, said they had used the tool themselves.
Which?’s research was conducted with a focus on Facebook due to its size and influence in the social media landscape. However, the consumer champion believes that the findings and implications of this research can be reasonably extended to apply to other similar social networking sites and online platforms.
The amount of money lost to fraud every year is huge. In the year to June 2020, Action Fraud received 822,276 fraud reports, and the value of losses from reported incidents was £2.3 billion. Action Fraud estimates that 85 per cent of all fraud in the year to June 2020 was carried out digitally.
Which? spoke to one man, retired and in his seventies, who lost almost £100,000 to a Bitcoin scam, which started in February 2019, by a company called Fibonetix. He had seen an online advert which had fake endorsements from celebrities including MoneySavingExpert’s Martin Lewis and businesswoman Deborah Meaden.
The man, who preferred to remain anonymous, told Which?: “Being scammed in this way was utterly devastating. I think about it virtually every day and it’s really affected my confidence, my ability to make decisions and has ultimately changed the person that I am. Fortunately I have been able to get through it with the support of my family.”
Another victim, a sound engineer in her forties, was searching for investment advice on Google and ended up filling in contact details with a firm that seemed legitimate. Receiving a phone call a few days later she then ended up falling victim to an incredibly sophisticated scam, which took place over several weeks, and lost £30,000. Her case is currently being investigated by the Financial Ombudsman Service.
She says the experience has impacted her mental and physical health and that “it’s been really traumatic. At the time it felt like no one cared or wanted to discuss my case with me. It breaks you as a human being and leaves you scared of the outside world.”
Despite it happening 15 months ago she says: “It’s still hard to trust yourself and others. Often people think these things only happen to older people and it takes a long time to not feel like an idiot. There’s a lot of shame and despair which hasn’t gone away and I’m still awaiting closure to this day.”
Which? is calling for online platforms, including social media sites, to be given greater responsibility to prevent scam content appearing on their platforms.
The government has a perfect opportunity to deliver this in the upcoming online harms bill, and if not ministers must set out their proposals for further legislative action to effectively protect consumers from online scams.
Rocio Concha, Director of Policy and Advocacy at Which?, said:“The financial and emotional toll of scams can be devastating and it is clear that social media firms such as Facebook are failing to step up and properly protect users from fraudsters on their sites.
“The time for serious action on online scams is now. If the government doesn’t grasp the opportunity to deliver this in the upcoming online harms bill, it must urgently come forward with new proposals to stem the growing tide of sophisticated scams by criminals online.”
Public urged to watch out for insurance claims scams exploiting financial losses caused by Covid-19 disruption
The Insurance Fraud Bureau (IFB), the City of London Police’s Insurance Fraud Enforcement Department (IFED) and the Association of British Insurers (ABI) are urging the public to be alert to Covid-19 insurance claims scams.
Experts are concerned there may be a rise in insurance claims scams that aim to exploit the financial losses individuals have suffered during the pandemic.
Nuisance scammers claiming “you may be entitled to compensation because of covid-19 financial losses” could become the ‘new PPI’.
The Insurance Fraud Bureau (IFB) in partnership with City of London Police’s Insurance Fraud Enforcement Department (IFED) and the Association of British Insurers (ABI) are warning the public to be alert to a potential rise in insurance claims scams that offer to recover financial losses caused by the pandemic.
With big numbers of people across the UK taking an economic hit because of the disruption caused by Covid-19, there are concerns members of the public will be financially desperate and more susceptible to falling victim to insurance claims scams.
Fraudsters or unscrupulous claims management companies (CMCs) could cold call or message victims with unrealistic offers to help recover financial losses caused by the disruption of Covid-19.
Insurance claims scams could appear in the form of claims phishing, where a victim is told they are entitled to compensation and then asked to provide their personal and financial information in order to process a claim. The scammer can then use these details to steal their identity or attempt to gain access to funds from their bank account.
Another insurance claim scam tactic is claims farming, where a victim is told they are entitled to compensation and encouraged to make an insurance claim. Often there is no ground to claim so the person is manipulated into providing false or misleading information leaving them implicated in a criminal act of insurance fraud.
With several big-name firms now marketing legal services for those who have suffered financial loss due to the pandemic, there is an indication that insurance claims for Covid-19 disruption may become common practice.
Considering the possible audience reach of sophisticated fraud networks and existing unscrupulous CMCs, there is a worrying potential for a nuisance covid-19 insurance claims scam culture to emerge.
“With the pandemic causing so many people to lose out financially, scammers and unscrupulous companies could try to exploit the situation. Nuisance Covid-19 claims scams could become the new PPI. We encourage everyone to be vigilant and to report evidence of insurance fraud to the IFB’s confidential Cheatline”. – Stephen Dalton, Head of Intelligence and Investigations at the Insurance Fraud Bureau (IFB).
The IFB, IFED and the ABI which work in tandem to tackle insurance fraud, are urging the public to be alert to insurance claims scams and to take action to report suspicious activity:
If contacted out of the blue, never provide personal or financial information.
Only make a claim directly through the insurance provider and only use the contact details provided at the point the policy was taken out.
If support is required to manage a claim, use a reputable FCA-registered (Financial Conduct Authority) company or SRA-regulated (Solicitors Regulation Authority) Solicitors firm.
Report any suspicions of insurance fraud to the IFB’s confidential Cheatline service.
Take steps to protect personal data from being stolen to help to prevent being targeted. Guidance can be found at the Information Commisioner’s Office.
“Criminals will use whatever means they can to try and exploit innocent members of the public and will have no qualms in using national tragedies, including COVID-19, to commit fraud. It is therefore vital that people remain vigilant to the threat that fraudsters pose and be wary of unsolicited calls, text messages or emails about COVID-19-related insurance claims and offers of compensation. If in doubt – do without! Report any suspicions to the IFB’s Cheatline.” – DCI Edelle Michaels, Head of City of London Police’s Insurance Fraud Enforcement Department (IFED).
“Scammers thrive in times of economic uncertainty and target the vulnerable. The key is to be on your guard – if someone approaches you out of the blue with an offer that seems too good to be true, then it probably is. If in any doubt, then walk away.” – Mark Allen, Manager of Fraud and Financial Crime at the Association of British Insurers (ABI).
Insurance fraud can be reported confidentially and anonymously to the IFB’s Cheatline via its phone service which is powered by CrimeStoppers on 0800 422 0421 or online at insurancefraudbureau.org/cheatline
Concerns have been raised over the emergence of new types of scams which try to take advantage of vulnerable households in Scotland during the Covid-19 lockdown.
Over 2,000 online fraud attempts have been identified and blocked in the past month, according to the UK’s National Cyber Security Centre, including fake online shops and websites which attempt to steal user data, and fraudulent adverts.
It is estimated that scams cost the UK economy up to £10bn each year with the average victim losing over £3,000.
In response, OFTEC, the registration body for off-grid heating, is helping to raise awareness of the types of scams taking place during the lockdown and how households in Scotland can protect themselves from unscrupulous activity.
These include:
Email scams. Be wary of any emails which say you can obtain a refund on taxes, heating bills or other expenses during the lockdown. Avoid clicking on links as they may contain viruses or direct you to fake websites which are designed to impersonate well-known organisations such as banks.
Social media scams. Adverts offering miracle coronavirus cures or treatments are fake and should be ignored or reported through the relevant social media platform. These adverts may occasionally be mistakenly shared by a friend or family member but this does not make them any more legitimate.
Telephone scams. With more people at home, there is an increased risk of telephone scams from criminals pretending to be calling from a bank, mortgage provider or utility company. If you receive an unexpected or suspicious call, do not share any financial or personal information and hang up immediately. If you have any concerns about a call you have received, contact your provider directly.
Door knocking scams. Unqualified individuals may impersonate heating technicians or other tradespeople. If your boiler needs essential work, use a qualified technician who is GasSafe (for mains gas) or OFTEC (for heating oil or solid fuel) registered and ensure they follow government guidelines on social distancing.
Malcolm Farrow from OFTEC, commented: “Since the lockdown was announced, communities across Scotland have come together to support each other during this uncertain and unsettling time.
“Unfortunately, a small number of individuals have sought to take advantage of the current situation and target households through scams or other fraudulent activity.
“We all need to be on the lookout for suspicious calls, emails or visitors and regularly keep in virtual touch with vulnerable family, neighbours and friends to ensure they are not being harassed in any way.
“If you do need to have essential work undertaken in your home, always use a qualified professional. Check their ID badge upon arrival and ensure they follow the government’s advice on social distancing at all times.”
For more information and advice, visit www.oftec.org.
Social media websites are fuelling the fire of the UK’s fraud crisis by failing to clamp down on scammers selling people’s personal details through their platforms, a new Which? Money investigation reveals.
The consumer champion discovered 50 scam profiles, pages and groups across Facebook, Twitter and Instagram with clear evidence of blatant criminal activity.
This included advertising stolen identities, credit card details, compromised Netflix and Uber Eats accounts and even fake passports made to order. All were found easily by searching simple, barely disguised slang terms for fraud.
With fraud cases rising by a fifth in the last year and losses to coronavirus-related scams already reaching £2 million, Which? is concerned that the results of its investigation – carried out before the outbreak took hold in the UK – highlight how lax measures to prevent the trade of personal and financial information on these platforms could be exploited by criminals looking to take advantage of the crisis.
Tthe investigation uncovered an alarming post on one illicit Facebook group, detailing the full identity of a man in Yorkshire. His full name, date of birth, address and mobile number were all listed alongside complete financial information including his credit card number, CVV number and expiry date, sort code and the name of his bank.
The post had already been up for four months when it was spotted by Which?, and the details were even being given away for free, potentially as a tactic designed to prove the seller’s credentials for future deals.
Using the open electoral roll, a researcher was able to establish that the victim had lived at the address listed in the Facebook post at least as recently as 2018, along with individuals whose names and ages implied they were his wife and adult children – demonstrating how easy it would be for a scammer to exploit the details available in the Facebook post.
Meanwhile, one fraudster on Twitter offered full credit card details of someone with a ‘£13k+ balance’ for £100, or three sets of card details for £200. Another offered a phoney passport for £3,000, which could have potentially been used as proof of ID to open bank accounts and credit cards.
Twitter’s algorithm also made it all too easy to find criminal ID sellers. After searching for and viewing such accounts, the site suggested following ones offering similar services through its “who to follow” section.
In addition, Which? found Instagram users sharing price lists detailing how much it would cost to acquire full identities, as well as ‘fraud bibles’. These comprehensive how-to guides for novice hackers and scammers explain how to create fake identities and use stolen card details.
All 50 of the groups, pages and profiles were reported to their respective social media platforms via their in-site reporting tools.
Shockingly, Facebook initially refused to remove the post containing the clearly stolen details of the Yorkshire man, on the basis that it ‘doesn’t go against one of our specific community standards’.
When Which? requested a review of the decision through the reporting tool, the post was removed, but the hacker group it was posted on remained up.
While Facebook also removed a few other isolated posts that Which? reported, when a researcher checked six days later, it had allowed every page and group to remain. Instagram and Twitter had not removed any content at all.
It was only when the content was presented to the platforms’ media representatives that it was ultimately all taken down.
Which? believes it is unacceptable for social media platforms to take such a lackadaisical attitude to the fraudulent activity taking place on their sites.
With proposed regulation of illegal and harmful content on social media platforms – such as the criminal activity exposed in this investigation – a long way from being introduced, the consumer champion is calling for the sites to take much more responsibility and be proactive in removing such content and blocking criminals.
Jenny Ross, Which? Money Editor, said: “It’s astonishing that social media sites make it so easy for criminals to trade people’s personal and financial information, particularly as fraud is such a prevalent crime that can have devastating consequences.
“Social media firms must take much stronger action to prevent their sites becoming a safe haven for scammers, and should work with the financial industry and police to address serious flaws with their platforms.
Facebook, which also owns Instagram, said: “Fraudulent activity is not tolerated on our platforms, and we have removed the groups and profiles flagged to us by Which? Money for violating our policies.
“We continue to invest in people and technology to identify and remove fraudulent content, and we urge people to report any suspicious content to us so we can take action.”
Twitter said: “It is against our rules to use scam tactics on Twitter to obtain money or private financial information.
“Where we identify violations of our rules, we take robust enforcement action. We’re constantly adapting to bad actors’ evolving methods, and will continue to iterate and improve upon our policies as the industry evolves.”
Thousands of people could be conned if they don’t pay attention, says leading tax and advisory firm Blick Rothenberg.
Fiona Fernie, a partner at the firm said: “Within hours of the Government’s Coronavirus Job Retention Scheme (CJRS) there was significant activity by cybercriminals trying to cash in on the scheme.
“These were in the form of emails that purported to come from the Government and suggested that HMRC needed bank account details into which the grant should be paid.
“The wording most commonly used to-date is:
‘Dear customer, we wrote to you last week to help you prepare to make a claim through the Coronavirus Job Retention Scheme. We are now writing to tell you how to access the COVID-19 relief. You will need to tell us which UK bank account you want the grant to be paid into, in order to ensure funds are paid as quickly as possible to you’.
Fiona added: “Most scams focus on obtaining the banking details of the recipient either by suggesting they can claim some kind of financial benefit from following the instructions in the correspondence, (for example a tax refund to help protect themselves from the Coronavirus outbreak, a goodwill payment from HMRC or a large sum of money in return for a set-up payment), or that they have a ‘fine’ to pay as a result of some misdemeanour: such as leaving the house more than once a day during lock down.
“The most frequent forms of communication are emails and text messages purporting to come from Government or HMRC officials and are designed to lure the recipient into precipitate action before thinking carefully about the substance of the message.
“People should be aware that neither HMRC specifically nor Government more widely communicates with individuals either by email or by text, unless you have signed up to the relevant protocol with them. Certainly, payments that can be claimed by taxpayers or fines that can be imposed are not dealt with in this way.”
Fiona warned: “The communications are designed to look entirely legitimate and as well as using official logos, fraudsters change the ‘display name’ on their email address to only show the name of the body they purport to represent. They are very clever.
“It is imperative to treat any email or text apparently received from an official body with extreme caution – if you are taken in it could be a very costly mistake.
“WhatsApp or social media messages are also used by cybercriminals and should be treated with similar caution.”
So, what should you do if you receive one of these messages?
Fiona lists below some of the things that you can do to protect yourself:
Do not reply to these emails, texts, WhatsApp or social media messages
Do not call the phone number listed in an email or text
Do not click on any links or open any attachments in emails
Do not provide any personal or financial details
If in doubt about whether an email or text is genuine, click on/hover over the ‘display name’ email address from which you have received the email. This will show you the full details of the sender and will make it clear whether the email is from a genuine Government or HMRC source
If you are in doubt about the source of one of these messages which appears to be from HMRC, forward it to them. You can do this via email at phishing@hmrc.gov.uk or via text at 60599 (network charges apply) and then delete it.
Fiona said: “In addition, the National Cyber Security Centre (NCSC) has recently launched a reporting service urging the public to forward any questionable emails to report@phishing.gov.uk. The NCSC’s automated scanning system then checks them, and immediately shuts down and removes criminal sites.
“However, there are other scams which are even less easy to spot, and which are designed to play on the other major anxiety caused by the Coronavirus pandemic – protecting our health.
“Of the over 2,000 online coronavirus scams which have been removed over the last month by the NCSC, almost 500 were fake online shops selling personal protective equipment items such as gloves and face masks which either never arrive or do not meet the required standards. Some of the sites also distribute malware which damages the computer systems of those who visit the sites.
“Even charities are at risk: some have been contacted by fraudsters claiming to be from an organisation able to provide helpful information such as a list of ‘at risk’ elderly people in the community who may require support from the charity. The recipient is then directed to click on a link leading to a fake website or a request to make a cryptocurrency (such as Bitcoin) payment, to enable the release of the information.”
Fiona said: “The messages are not confined to scams allegedly coming from this Government; one received yesterday by a colleague purported to come from the National Crime Investigation Center, USA which is part of the FBI – it was another scam.”
Dear Scam victim,
This is National Crime Investigation Center USA.
In our investigations from banks on International and National Funds Transfer (INFT) protocols in the past 10 years from all banks worldwide. We have come across your contact details and records with one of these Banks. In view of the carried investigations, we have contacted you confidentially for vital information toward your transaction with this bank. It was clear that the bank have delayed your payment thereby looking for a means to divert your fund to different individual account not belonging to you.
However, all bank officials who mishandled your transaction has been duly sacked and management dissolved and dismissed from bank work as a result of this attempt. Upon our investigation conclusion, we found out that your transaction was legitimate and for this reason, a compensation amount of $3,150,567.00 (Three million one hundred and fifty thousand, five hundred and sixty seven dollars) has been allocated to you for immediate payment through our accredited bank, Federal Reserve Escrow.
Kindly contact the compensation paying officer with the below details.
Fiona said: “Sadly, there are always those who are happy to exploit the problems of others to their own advantage. Despite the many pressures we are all under in these difficult and unprecedented times: we must be vigilant so that we do not become their victims.”
