New pension regulations came into force on 30 November 2021. The new regulations permit Trustees to block or suspend a suspicious-looking pension transfer if they believe that the transfer could be to a scheme that is fraudulent.
These new regulations could prove to be the most significant development in preventing pension scams.
Paul Higgins of Pension Justice, a law firm that has helped recover millions of pounds in mis-sold pensions, says: “I am delighted that the Government has brought in this new rule, and I hope that this will prevent pension scams taking place so that pension investors will not lose their life savings.
“Unfortunately, there are still hundreds of thousands of people who have previously taken their money out of pensions and handed over their life savings after being badly advised to invest in worthless, unregulated investments like carbon credits, ethical forestry, storage pods, to name but a few”.
One of Pension Justice’s clients, Mrs F from Burnley, lost her entire life savings worth over £157,000 after being persuaded by an “advisor” from Asset Management Advisory Services (AMASS) Ltd (t/a AMASS Europe) to transfer her pensions into a SIPP and “invest” in an EPS Portfolio with Avalon.
The advisor paid themselves £3,842.10 in commission and then arranged to “invest” Mrs F’s £149,000.00 in what turned out to be unregulated funds promising unrealistically high returns.
The investments subsequently failed, and Mrs F lost her entire life savings. It then transpired that the advisor and their company had minimal authorisation from the Financial Conduct Authority and were not authorised to provide advice on pensions and investments.
Pension Justice took up the case with the FSCS (Financial Services Compensation Scheme) and recovered compensation of £85,000.00 on behalf of their client which was the maximum payable under the scheme.
Paul says: “One of Mrs F’s pensions was a gold-plated defined benefit scheme pension with Proctor and Gamble. Under the new rules Proctor and Gamble could have prevented the transfer from taking place and, in which case, Mrs F would not have lost her life savings.
“Unfortunately, we know that there are still hundreds of thousands of pension investors who have lost all their pensions and are facing a miserable retirement with little or no money apart from their state pensions. Some are even being forced to carry on working way past retirement age”.
Paul and his team at Pension Justice have managed to recover sums up to £189,591.37 for his clients, many of whom have been scammed by cold callers and told that they could “double their money” or are promised potentially incredible returns if they transfer their hard-earned pension pots.
Christmas is nearly with us, but it is not only the goose getting fat! Scammers, are ready, able, and keen to target the pubic, say leading tax and advisory firm Blick Rothenberg.
Fiona Fernie, a partner at the firm, said: “Christmas and the January sales may be ‘the most wonderful time of the year’, but they are also a time of mixed emotions, the desire to buy presents for friends and family, and anxiety about being able to pay the bills. Scammers are just waiting to take advantage.
“Scamming is a huge issue, which we all need to recognise and take action to mitigate.
“The increase in on-line shopping during the pandemic has provided scammers with an extra opportunity to obtain credit card details. People have had their online accounts hacked enabling their credit cards to be used which has caused a great deal of distress.”
Fiona said: “There is also increasing evidence of people receiving emails purporting to be from major retailers such as the supermarkets, saying that the individual has been selected to receive some sort of reward for customer loyalty if they just key in their bank details.
“Such emails play on concerns about the cost of Christmas and can look very much like the real thing, so it pays to be vigilant.”
She added: “It is always sensible to pay for items online using a credit card rather than a debit card and to check statements carefully each month. Any item which you do not recognise should be reported to the credit card company immediately for investigation.
“In addition, anybody who receives an email or SMS message suggesting that they are due a reward or owe money should take some basic precautions:
Use passphrases with a combination of upper- and lower-case letters, numbers, and symbols when online shopping.
Use different phrases for different online accounts.
Ensure that two-stage authentication is triggered on all credit cards and online bank accounts – preferably this will include sending a passcode to your mobile phone as well as using the appropriate passphrase.
Click on/hover over the “display name” email address from which you have received any email which offers you a reward. This will show you the full details of the sender and will help to determine whether the email is likely to be from a legitimate source. For example, I am currently receiving emails purporting to be from Amazon and Aldi but sent from websites and email addresses that are clearly not them.
If this happens to you:
Do not reply to the emails or SMSs;
Do not call the phone number listed in an SMS;
Do not click on any links or open any attachments in emails;
Do not visit websites detailed in the messages;
Do not provide personal or financial details.”
Fiona said: “The problem does not stop with the order process either.
“I have heard of several examples of deliveries being made to the doorstep but disappearing before individuals could take them in, so it is clearly sensible to have a reciprocal agreement with neighbours for taking in parcels when the intended recipient is not at home.
“Don’t let scammers or opportunists spoil your Christmas!”
As HM Revenue and Customs (HMRC) prepares to issue emails and SMS to Self Assessment customers, the department is reminding them to be on their guard after nearly 800,000 tax-related scams were reported in the last year.
Fraudsters use Self Assessment to try and steal money or personal information from unsuspecting individuals. In the last year alone, HMRC has received nearly 360,000 bogus tax rebate referrals.
The Self Assessment deadline is 31 January 2022 and customers may expect to hear from HMRC at this time of year. More than 4 million emails and SMS will be issued this week to Self Assessment customers pointing them to guidance and support, prompting them to think about how they intend to pay their tax bill, and to seek support if they are unable to pay in full by 31 January.
However, the department is also warning customers to not be taken in by malicious emails, phone calls or texts, thinking that these are genuine HMRC communications referring to their Self Assessment tax return.
Myrtle Lloyd, HMRC’s Director General for Customer Services, said: “Never let yourself be rushed. If someone contacts you saying they’re from HMRC, wanting you to urgently transfer money or give personal information, be on your guard.
“HMRC will also never ring up threatening arrest. Only criminals do that.
“Scams come in many forms. Some threaten immediate arrest for tax evasion, others offer a tax rebate. Contacts like these should set alarm bells ringing, so if you are in any doubt whether the email, phone call or text is genuine, you can check the ‘HMRC scams’ advice on GOV.UK and find out how to report them to us.”
Criminals use emails, phone calls and text messages to try and dupe individuals, and often mimic government messages to make them appear authentic. They want to trick their victims into handing over money or personal or financial information.
Customers can report suspicious phone calls using a form on GOV.UK; customers can also forward suspicious emails claiming to be from HMRC to phishing@hmrc.gov.uk and texts to 60599.
HMRC has a dedicated team working on cyber and phone crimes. They use innovative technologies to prevent misleading and malicious communications from ever reaching the customer.
Since 2017 these technical controls have prevented 500 million emails from reaching HMRC’s customers. More recently, new controls have prevented 90% of the most convincing SMS messages from reaching the public and controls have been applied to prevent spoofing of most HMRC helpline numbers.
HMRC is also reminding Self Assessment customers to double check websites and online forms before using them to complete their 2020/21 tax return.
People can be taken in by misleading websites designed to make them pay for help in submitting tax returns or charging to connect them to HMRC phone lines.
Customers who are in any doubt about whether a website is genuine should visit GOV.UK for more information about Self Assessment and use the free signposted tax return forms.
HM Revenue and Customs (HMRC) is reminding Self Assessment customers that today, on Sunday 24 October, they have ONE WEEK LEFT to submit paper tax returns and 100 days to go for online tax returns.
The Self Assessment tax return deadlines for 2020/21 tax year are 31 October 2021 for paper returns and 31 January 2022 if customers complete their tax return online.
More than 10.7 million customers completed a tax return by 31 January 2021, of those 96% submitted it online. Completing it online is the quickest method and with around 100 days to go, customers have plenty of time to get it done.
Even if customers submit their completed tax return now, they do not have to pay any tax owed until 31 January 2022. Anyone who is worried about how to pay their bill can access support on GOV.UK. Various payment options include:
· Paying through a customers’ tax code (PAYE customers only)
· Payment on Account
· Setting up an online monthly payment plan (self-serve Time to Pay)
· Pay by debit or corporate credit card
· Pay at a bank or building society
Visit GOV.UK for a full list of payment options and the eligibility criteria. Customers should contact HMRC if they have concerns about paying their bill.
Myrtle Lloyd, HMRC’s Director General for Customer Services, said: “There are 100 days left to complete your tax return, but you don’t have to wait for the 31 January deadline. Why not do it now and get it out of the way? Visit GOV.UK and search ‘self assessment’ to find out more.”
· Other COVID-19 grants and support payments such as self-isolation payments, local authority grants and those for the Eat Out to Help Out scheme
The £500 one-off payment for working households receiving tax credits should not be reported in Self Assessment.
HMRC urges everyone to be alert if they are contacted out of the blue by someone asking for money or personal information. HMRC sees high numbers of fraudsters emailing, calling or texting people claiming to be from the department.
If in doubt, HMRC advises not to reply directly to anything suspicious, but to contact them straight away and to search GOV.UK for ‘HMRC scams’.
The UK reports losses of around £204.5M over the past 12 months due to personal, digitally driven crimes
Almost 23,000 cases of fraudulent activity relating to plastic cards and online bank accounts have been logged since September last year
Alarmingly, 49% of Brits don’t know if their smartphone has security software installed, or have none at all
Following last week’s Twitch data leaks on 4chan, a new study reveals that the UK’s public has lost as much as £204.5 million to personal, digitally driven crimes in the past 12 months. Additionally, as many as 26 million British adults – 49% of residents over the age of 16 – report either not knowing whether their smartphone has security software installed, or having none at all.
App development company Bacancy Technology analysed statistics drawn from the National Fraud Intelligence Bureau (NFIB), focusing on crimes more likely to befall members of the public – such as dating scams, personal and social media hacking, computer viruses and banking app fraud.
In total the UK has filed a total of 60,297 reports of criminal activity dating back to September of last year, culminating in a total loss of £204.5M to the personal finances of British citizens.
Across the selected categories, cyber-assisted crimes involving cheque, plastic card and online bank accounts have seen the highest number of incidents, at 22,981 reported cases, with an overall personal financial loss of £102.3M – an average of £4,451 per case.
Social media and email hacking ranks second highest in the list in terms of the number of reported incidents, standing at 12,225 reports over the last 12 months. However, the high volume of cases is offset by an average loss per case of £204 – amassing to an overall financial loss of a lesser £2.5M.
With Dating scams, it’s the opposite. A smaller number of reported cases (9,388 over 12 months) has resulted in Brits taking financial losses of £97,600,000 – with each individual case costing over £10,000 on average.
Ranking fourth and fifth on the list are reported crimes surrounding computer viruses/malware and personal hacking – which relates to hacked devices, rather than accounts. Despite a large number of reported incidents over the past 12 months (7,893 and 6,649 respectively), each of these crimes have resulted in smaller average losses per case, with figures under £100.
Top 5 personal digital crimes – UK, over 12 months (Oct 20 – Oct ’21)
Type of crime
Number of reported crimes
Reported financial loss (in GBP)
Average loss per case
Cheque, Plastic Card & Online Bank Accounts
22,981
£102,300,000
£4,451
Hacking – Social Media & email
12,225
£2,500,000
£204
Dating Scams
9,388
£97,600,000
£10,396
Computer Virus/Malware/Spyware
7,893
£348,400
£44
Hacking – Personal
5,649
£511,900
£90
Despite the variety of security apps readily available on both the Apple and Android stores, around 26 million Brits – a total of 49% – may be at risk.
Further data drawn from an ONS survey shows that one in three Brits (32%) are unaware of whether their smartphones have security software installed, while almost one in five (17%, or nine million adults) reported not having security software of any kind – leaving them open to potential cyber-crime and fraudulent activity.
Do you have security software installed on your smartphone?
All
16-24
25-34
35-44
45-54
55-64
65+
Automatically installed/provided with operating system
40
39
46
36
44
37
38
Installed/subscribed
11
8
9
14
13
12
11
Do not have smartphone security
17
27
18
19
15
9
11
Don’t know
32
26
27
31
29
42
41
Commenting on the findings, a spokesperson for Bacancy Technology said: “Recent events in the news have highlighted the importance of maintaining security over our personal data and finances.
“Even so, it seems that while the British public are aware of the potential dangers of online activities, many are failing to take steps to adequately protect themselves and their loved ones. Digital security is of the utmost importance, and everyone with a smart device should take necessary precautions to ensure their safety.”
This research was conducted by app development company Bacancy Technology, an exclusive hub of top software developers, UI/UX designers, QA experts and more, offering development services aimed at the creation of high-end, enviable applications.
University students taking part-time jobs are at increased risk of falling victim to scams, HM Revenue and Customs (HMRC) is warning.
Higher numbers of students going to university this year means more young people may choose to take on part-time work. Being new to interacting with HMRC and unfamiliar with genuine contact from the department could make them vulnerable to scams.
In the past year almost 1 million people reported scams to HMRC.
Nearly half of all tax scams offer fake tax refunds, which HMRC does not offer by SMS or email. The criminals involved are usually trying to steal money or personal information to sell on to others. HMRC is a familiar brand, which scammers abuse to add credibility to their scams.
Links or files in emails or texts can also download dangerous software onto a computer or phone. This can then gather personal data or lock the recipient’s machine until they pay a ransom.
Between April and May this year, 18 to 24-year olds reported more than 5,000 phone scams to HMRC.
Mike Fell, Head of Cyber Security Operations at HMRC, said: “Most students won’t have paid tax before, and so could easily be duped by scam texts, emails or calls either offering a ‘refund’ or demanding unpaid tax.
“Students, who will have had little or no interaction with the tax system might be tricked into clicking on links in such emails or texts.
“Our advice is to be wary if you are contacted out of the blue by someone asking for money or personal information. We see high numbers of fraudsters contacting people claiming to be from HMRC. If in doubt, our advice is – do not reply directly to anything suspicious, but contact HMRC through GOV.UK straight away and search GOV.UK for ‘HMRC scams’.”
· responded to 998,485referrals of suspicious contact from the public. Nearly 440,730 of these offered bogus tax rebates
· worked with the telecoms industry and Ofcom to remove 2,020phone numbers being used to commit HMRC-related phone scams
· responded to 413,527 reports of phone scams in total, an increase of 92% on the previous year. In April last year we received reports of only 425 phone scams. In August 2021 this had risen to 3,269
· reported 12,705 malicious web pages for takedown
· detected 463 COVID-19-related financial scams since March 2020, most by text message
· asked Internet Service Providers to take down 443 COVID-19-related scam web pages.
By June this year, more than 680,000 students had applied to university, and over 900,000 held part time jobs during the 2020-21 academic year.
HMRC’s advice is:
Stop:
· Take a moment to think before parting with your money or information.
· Don’t give out private information or reply to text messages, and don’t download attachments or click on links in texts or emails you weren’t expecting.
· Do not trust caller ID on phones. Numbers can be spoofed.
Challenge:
· It’s ok to reject, refuse or ignore any requests – only criminals will try to rush or panic you.
The IFB is warning new drivers to watch out for a rising scam known as ‘Ghost Broking’ which involves bogus car insurance deals being sold on social media, as it could cost them their first car.
The warning comes as hundreds of thousands of learners get set to pass their driving tests as they catch up from the disruption caused by Covid-19.
The Driver & Vehicle Standards Agency (DVSA) also provides comment.
Statistics and campaign content can be found in the notes to newsroom.
The Insurance Fraud Bureau (IFB) is urging new drivers to watch out for bogus car insurance deals being promoted on social media, as hundreds of thousands of learners* get set to pass their tests following a year of disruption caused by Covid-19.
Fake car insurance sales known as ‘Ghost Broking’ is a growing scam which involves fraudsters pretending to be Insurance Brokers in order to sell unrealistically cheap and completely fake policies, often to younger drivers via Facebook and Instagram.
With a large influx of new drivers on the horizon following confirmation from the Driver & Vehicle Standards Agency (DVSA) that driving test centres face an unprecedented challenge to reduce waiting times left by the pandemic, the IFB is warning new motorists to be vigilant to bogus car insurance deals on social media as it could cost them their first car.
Stephen Dalton, Head of Intelligence and Investigations at the IFB, said: “The last thing new drivers need right now is to risk losing their car for no insurance because they’ve been duped by a scammer on social media.
“Drivers must carry out basic checks to make sure they’re buying car insurance through a trusted provider, or they’ll be making a very expensive mistake.
“I encourage anyone who’s seen evidence of an insurance scam to report it to the IFB’s confidential Cheatline online or on 0800 422 0421.”
Mark Magee, Head of Driver Policy at the DVSA, said: “DVSA’s priority is to help everyone through a lifetime of safe driving.
“As well as ensuring you have the skills, knowledge and understanding attitude to drive safely, having valid insurance is of the utmost importance when you drive on your own.
“Check to make sure insurance brokers are genuine before parting with your money.”
Learner drivers in a driving school are typically covered by their instructor’s insurance policy, until they pass their test and need to take out motor insurance for their first car. With a rush of new drivers approaching and with so many people facing financial hardship, the IFB is concerned it will provide fertile ground for ‘Ghost Broker’ scammers.
Fraudsters often tempt younger people with their bogus car insurance deals by promoting unrealistically cheap prices up front, despite the fact insurance is meant to be priced based on the risk of the individual. They often then encourage contact with them through popular end-to-end encrypted messaging software such as WhatsApp.
The IFB which is a not-for-profit organisation that works with the police to crackdown on organised insurance scams has seen its investigations into ‘Ghost Broking’ double since 2016, and the scam has remained prevalent throughout the pandemic.
IFB investigations have found cash-strapped young drivers forking out hundreds of pounds for car insurance that in reality is worth no more than a photoshopped piece of paper. In some cases scammers also use stolen personal information to take out policies which are then doctored before being sold on to customers.
Driving without valid insurance is easily detected by police. Uninsured drivers can have their vehicle instantly seized and are likely to receive six licence points. They can also face court where they might receive an unlimited fine and a driving ban. Furthermore, an uninsured driving conviction will show on records and can affect job prospects.
If a collision is caused by the uninsured driver they may also be liable for covering the costs which can run into the thousands.
Avoiding fake car insurance deals
New drivers are urged to avoid deals on social media or messaging apps and to only purchase car insurance through reputable sellers.
Which? is calling for greater protections for devastated victims of romance fraud, as new analysis from the consumer champion shows a dramatic spike in cases during the pandemic.
Dating without meeting in person has become the new normal in the last year, giving fraudsters new opportunities to take advantage of online daters.
Which? analysis of Action Fraud data shows romance fraud was up by 40 per cent in the year to April 2021, with over 7,500 reported scams.
Reported losses reached £73.9 million during this period but the true figure is likely to be much higher as many victims are too embarrassed or upset to tell the authorities.
Romance scams are a sophisticated type of fraud – with scammers preying on the emotional vulnerability of the victim and building trust with them before asking for money. Fraudsters often claim that they need the money to travel to the UK to build a life together.
Andrew (not his real name) was exchanging messages with a potential love interest on dating website ‘Older Dating Online’ in November 2019. After weeks of emails and telephone calls, plans were made to meet for the first time.
As the woman was supposedly based in Russia, she asked for £650 to obtain a passport. This was quickly followed by more requests – £3,000 to prove to Russian authorities that she had sufficient cash to visit the UK and funds to cover medical expenses for her father who had Covid-19.
In many cases, scammers are likely to be gangs of organised criminals looking to part people from their hard-earned cash.
He said: “I became suspicious and contacted my bank to report the scam, but the money couldn’t be recovered. I haven’t dated at all since the scam. I am not one who exudes confidence in that area and with Covid-19 rearing its ugly head, more traditional ways have not been possible.
“I didn’t report what happened on the website. Likely at the time for the reason I guessed it was my fault for being taken in, not their fault for being in existence.”
David, 65, (not his real name) was also cheated out of nearly £4,000 after meeting someone on Twitter. This scammer posed as a young woman, but David later discovered he was messaging a man in Nigeria.
David thought the money he sent was to pay for a flight ticket and a visa for her to come to the UK to live, marry him and settle down as a family. He said: “After I found out the truth, I was heartbroken and very upset.
“My emotions were all over the place finding it difficult to accept that I had been taken in. This is such a cruel thing to do to an elderly pensioner who wanted love but instead got fleeced by this evil corrupt man who has no shame in what he did to me and no doubt has done to many others.”
Twitter has since permanently suspended the scammer’s profile.
When online dating, consumers should always be on high alert for fraudsters using stolen photos – even in video calls.
One Which? member reported via the consumer champion’s Scam Watch inbox that she had a strange video call with someone she later discovered was using stolen video footage. She said: “How they did it I have no idea because I discovered those pictures were of a plastic surgeon in the USA. It worries me that some women will fall for it.”
To find out whether a photo is fake, consumers can use TinEye or Google Image Search to do a reverse image search. This tracks where else on the internet this photo exists to see if it could be a stock or stolen image.
The consumer champion’s findings raise serious questions about the legal responsibilities of online platforms and online sites to protect their users from fake and fraudulent content and potential scams.
The contingent reimbursement model code, in place since May 2019 and signed by the majority of banks, makes clear that victims of bank transfer scams should be reimbursed for their losses when they are not at fault.
Victims who, like Andrew, are convinced to transfer funds to non-UK accounts will not be covered by the code. Only transfers between UK accounts can benefit from the limited protection offered by the code. Under this code, 38% of all losses were returned to romance fraud victims in 2020, up from 6% in the six months before the code was introduced.
However, Which? is concerned that banks are applying the code inconsistently. While some firms reimburse the majority of APP fraud victims, others only reimburse around one in 10 – meaning that many victims face a lottery when it comes to getting their money back.
Customers in need of support when trying to recoup their losses often face a grilling over their actions from banks, compounding the devastating emotional impact of their ordeal.
The consumer champion is calling for the Payment Systems Regulator and government to establish mandatory standards of consumer protection to protect victims from the current unfair and inconsistent approach by industry. Banks should also be made to regularly publish their reimbursement rates to improve transparency.
Adam French, Which? Consumer Rights Expert, said: “Romance scams are particularly devastating for victims, who may be vulnerable when they are targeted by fraudsters – and it is very worrying to see such a huge rise in these scams as criminals look to exploit the pandemic.
“Where appropriate, banks and payment providers should be following the code they signed up to and reimbursing victims of scams that use sophisticated psychological tactics to trick victims into handing over their cash. Anyone who is struggling to get their money back from their bank should report this to the Financial Ombudsman Service to review their case.
“The voluntary code on scams has led to a reimbursement lottery for victims. It should be replaced with mandatory standards for protection and reimbursement and strong enforcement for firms that don’t follow the rules.”
Some banks can and should be doing more to protect their customers from criminals trying to steal sensitive information, Which? research has found.
With the last year seeing an increase in scams, many consumers will expect that the companies they deal with in their everyday lives are doing everything they can to protect them.
However, a new Which? investigation has found that some banks are failing to use all the tools available to them to combat scammers, leaving weaknesses in their security systems that scammers could exploit.
The consumer champion looked into what protections banks were putting in place to protect their customers from receiving fraudulent emails, SMS messages and phone calls.
These so-called phishing attacks are worryingly common. Scammers send legitimate-looking messages that are designed to tempt people into divulging sensitive information, such as bank account details, usernames or passwords.
Phishing scams may try to imitate (or ‘spoof’) banks’ genuine email addresses or domains, sometimes by making slight changes – for instance, by changing ‘.co.uk’ to ‘.com’.
Banks should be implementing a system that protects web addresses they own or use – known as ‘domain-based message authentication, reporting and conformance’ (DMARC) – to prevent spoofing attacks.
Banks can use DMARC to tell email providers how to handle the unauthorised use of their domains.
The process of introducing DMARC is frequently done gradually: by initially setting records to ‘none’ (a monitoring phase where no action is taken if DMARC checks fail) before working towards ‘quarantine’ (which moves emails to junk/spam if they fail the checks) and ultimately, a policy of ‘reject’ (which blocks all emails that fail the checks).
When Which? asked security experts at technology company 6point6 in April to check whether banks offered this protection, some banks were falling short.
At the time of the investigation, the Bank of Ireland and Agricultural Mortgage Corporation – a wholly owned subsidiary of Lloyds Banking Group – had not yet introduced DMARC.
This could have allowed scammers to forge their email address and send messages that would appear indistinguishable from genuine ones from their bank. Both have since taken action to resolve this.
The investigation also found that Nationwide, TSB and Virgin Money – nationwide.co.uk, tsb.co.uk and virginmoney.com, respectively – had not set their policies to ‘reject’ all emails that fail DMARC checks. TSB and Virgin Money told the consumer champion that they are working towards this.
Nationwide said it has security features to protect against spoofing and will ‘look at ways to improve email security, including future enhancements to DMARC security.’
The investigation also uncovered that The Co-operative Bank, First Direct, Starling and Tesco Bank had no DMARC system in place for their alternative domains, but did for their primary domains.
Although The Co-operative Bank has protected its ‘co-operativebank.co.uk’ email address, there are no DMARC records for ‘co-operative.co.uk’ and ‘coop.co.uk’ – two domains that are owned by The Co-operative Group, a separate company not associated with the bank – making them vulnerable to scammers who could pose as The Co-operative Bank using alternative email addresses.
Since the investigation, Starling and Tesco Bank have now applied DMARC to alternative domains, starlingbank.co.uk and tescobank.co.uk, respectively.
First Direct and The Co-operative Bank told Which? they are reviewing the inclusion of their alternative domains – firstdirect.co.uk and co-operativebank.com – within their existing DMARC policies.
While banks are further ahead than other industries when it comes to implementing DMARC, Which? believes that it is often too hard for customers to tell the difference between a phishing email and genuine communication from banks due to inconsistent practices across the industry.
This is particularly concerning amid a worrying culture of banks blaming victims for falling for scammers’ tricks, despite their heightened sophistication. This means people often face a lottery to get their money reimbursed under the industry’s voluntary bank transfer scams code.
Which? is calling for all banks to implement DMARC and configure it correctly, setting their policies to ‘reject’, meaning email providers should block any emails that fail these checks.
Banks should also be clamping down on number spoofing, which involves scammers manipulating caller IDs to mimic the phone numbers of legitimate organisations. To tackle this, Ofcom worked with the banking industry body UK Finance to identify a list of ‘do not originate’ (DNO) numbers – numbers that are never used for outbound calls.
Most banks had signed up to the scheme at the time of the investigation, apart from The Co-operative Bank and Nationwide – although both have since told Which? they plan to join.
Banks can also protect their SMS headers – the name or number a text message appears to come from – against spoofing by registering with the SMS SenderID Protection Registry run by the Mobile Ecosystem Forum.
The consumer champion believes that if banks did not include weblinks or phone numbers in their official SMS communications – sensitive information that is prone to spoofing – consumers could feel more secure and be able to spot scams more easily.
Which? is working on a best practice guide for businesses to help raise standards of SMS communications and bring greater consistency to how they protect consumers.
Jenny Ross, Which? Money Editor, said: “It has never been harder for people to know whether they’re receiving genuine communications from their bank, or being tricked – so it is crucial that banks take every measure to protect their customers from these devastating scams.
“These include implementing email scam protections properly and no longer putting phone numbers and links in messages, to ensure customers feel safe and can bank with confidence.”
A coalition of organisations championing consumers, and representing civil society and business, have today joined forces to warn that the UK risks failing in its ambition to be the safest place in the world to be online unless it uses new laws to protect people from an avalanche of online scams.
In a joint letter to the Home Secretary and Digital Secretary, 17 organisations have urged the government to include online scams in its proposed Online Safety Bill – which could be announced in next week’s Queen’s Speech – so that consumers are better protected against the devastating financial and emotional harm caused by these crimes.
The organisations that have signed the letter include Which?, the Money and Mental Health Policy Institute, Carnegie UK Trust, UK Finance, the Personal Investment Management and Financial Advice Association (PIMFA), the City of London Corporation, City of London Police, The Investment Association, Association of British Insurers (ABI), MoneySavingExpert and Age UK.
From using social media to stay in touch with friends and family to using search engines to research potential investments at a time of record-low interest rates – the coronavirus crisis has meant people are spending more time online than ever before.
However, scams have escalated in the past 12 months, with Action Fraud figures showing that £1.7 billion was reportedly lost to scams in the last year. Many criminals have shifted their activity online. Action Fraud estimates that in the year to June 2020, 85% of all fraud was cyber-enabled.
The actual financial losses are likely to be much higher and do not capture the devastating emotional impact on victims. Research also shows that vulnerable people, including those experiencing mental health problems, are more at risk of falling victim to these crimes online.
In their letter, the organisations write: “Online platforms play a pivotal role in enabling criminals to reach and defraud internet users through the hosting, promotion and targeting of fake and fraudulent content on their sites, including adverts that they make significant profits from.
“Yet platforms have very little legal responsibility for protecting their users, despite often being the best placed to tackle harmful content.
“While we recognise there are initiatives being progressed by the Government designed to tackle aspects of online fraud, there is a growing risk that current plans for future regulatory frameworks are not taking a comprehensive approach to the threats faced by consumers and do not reflect the extent or urgency of the problem.”
UK Finance figures show a 32 per cent increase in investment scam cases in 2020, which are often promoted through adverts on search engines and social media offering higher than average returns.
One victim of such a scam was Maria Teresa Jackson, 63, a teacher. Ms Jackson was tricked by an advert she saw on a social media site, featuring a fake news story with fabricated quotes from celebrity adventurer Bear Grylls, who supposedly told how he had become a millionaire by trading in Bitcoin.
She clicked the button and put in her details and soon received a phone call from a “financial advisor” who showed her around a professional looking website, and was very knowledgeable about trading. Over time she was persuaded to transfer increasing amounts of money to the scammer.
It later became clear that the Bitcoin did not exist. Scammers stole nearly £120,000 and First Direct, her bank, has so far refunded her half that amount.
She said: “I felt completely sick. I’m overall better now but often I get flashbacks of certain events and that upsets me a lot. I usually get them at night when I’m in bed and when that happens, it sets the tone for a bad night’s sleep.”
A spokesperson for First Direct said:“We would like to offer our sincerest sympathies to Ms Jackson, and fully appreciate how the situation has impacted her. Sadly, there are unscrupulous individuals who carry out criminal activities without any regard for the effect this will have on their victims.
“Although we believe Ms Jackson could have exercised more caution and carried out further checks before making the payments, we could also have offered more effective fraud warnings. So on that basis we’ve refunded 50% of the payments made.”
A wide-ranging consensus has emerged across industry, regulators and consumer groups on the urgent need for action to tackle scams and the critical role that online platforms must take in doing more to protect their users.
The coalition of groups is calling for online platforms to be given a legal responsibility to protect users from fake and fraudulent content on their sites that lead to scams. The government now has a perfect opportunity to deliver this in its proposed Online Safety Bill, which could be announced as part of next week’s Queen’s Speech on 11 May.
Anabel Hoult, CEO of Which?, said: “The biggest online platforms have some of the most sophisticated technology in the world, yet they are failing to use it to protect scam victims who are suffering devastating financial and emotional harm due to the flood of fake and fraudulent content posted online by criminals.
“The time for self-regulation is over, as clearly it has not worked. The case for including scams in the Online Safety Bill is overwhelming and the government must take the opportunity to act now. Online platforms must be given a legal responsibility to prevent, identify and remove fake and fraudulent content on their sites so that their users are better protected.”
Martin Lewis, Founder of the Money and Mental Health Policy Institute and MoneySavingExpert.com, said:“It beggars belief that the government’s Online Safety Bill could ignore the epidemic of scams that the UK faces – but that’s the plan. Scams don’t just steal people’s money, they can take their self-respect too and those with mental health problems are three times more likely to be affected.
“The policing of scams is critically underfunded, leaving criminals to get away with these frauds with impunity. The government has a chance to at least deny them the ‘oxygen of publicity’ by making big tech responsible for the scammers adverts it is paid to publish.
“I plead on bended knee for the government to take that opportunity, by putting scams in the Online Safety Bill. Failing to do so will betray its promise to create world-leading online protection and will leave vulnerable people defenceless against online crime in the midst of a global pandemic.”
David Postings, Chief Executive at UK Finance, said: “Fraud has a devastating emotional impact on victims and even when the victim is reimbursed, the stolen cash is used to fund serious organised crimes which damage our society, including terrorism, drug trafficking, and child sexual exploitation.
“The banking and finance industry is tackling fraud on all fronts, but we can’t do it alone. We need other industries including the online platforms exploited by criminals to join the fight and take responsibility for criminal activity that is happening on their doorstep.
It’s not right that online giants are effectively profiting twice – once from criminals marketing scams on their platforms and again from organisations having to advertise fraud warnings to consumers.
“We are strongly calling on the government to take a major step forward by including economic crime in the upcoming Online Safety Bill and helping ensure tech giants take responsibility for their part in protecting consumers from the scourge of online fraud.”
William Perrin, Trustee at Carnegie UK Trust, said:“Our work at Carnegie UK Trust has set out the case for a systemic, statutory duty of care that would make online platforms take responsibility for the design and processes of their services to reduce online harm.
“This new research underlines the urgent need for action to protect consumers from harms such as online fraud and scams – and the Online Safety Bill is the way to do it. Both the City of London Police and the National Economic Crime Centre have told Parliament that their current powers are not enough to limit the spread of online fraud and scams.
“It is vital that the Government reconsider their inclusion in the Online Safety Bill.”
Liz Field, Chief Executive of PIMFA, commented:“The financial services industry has along with our partners been calling for financial harm to be included in the Online Safety Bill for some time.
“It is now vital that the Government takes action to provide better protection for consumers online by ensuring online search and social media firms take greater responsibility for what we, their customers, see on their platforms.
“The Online Safety Bill could provide a clear legal framework that would protect consumers from ever more sophisticated online fraud, largely perpetrated by organised criminals. PIMFA and our partners in this campaign continue to urge the Government to include financial harm in the Online Safety Bill.
“Doing so would save thousands of victims suffering enormous financial and mental distress and would be one of the best possible ways to disrupt organised crime.”
