scams – Page 3 – The NEN – North Edinburgh News

Scam HMRC phone call reports drop by 97%

Reports of scam HMRC phone calls have fallen by 97% over the last 12 months, latest HM Revenue and Customs (HMRC) figures show, which display a downward trend in reports overall throughout the past year.

Reports of scammers impersonating HMRC in phone calls peaked at 79,477 in March 2021 and fell to just 2,491 in December 2021.

The fall in scam call reports to HMRC has also been seen elsewhere with an 92% drop in phishing email reports and a 97% drop in scam text reports over the last year.

These significant results are testament to some of the work of teams across HMRC in tackling these attempts to defraud people, including dedicated customer protection teams and helplines, tools to refer scams, and use of innovative technologies. It also signals that the public is more aware of cyber criminals and the methods they use to trick people, in part thanks to HMRC’s awareness raising efforts, meaning fewer members of the public have been the subject of scammers and attempts to steal their money.

All of HMRC’s work to protect the public and make people aware of scams and the advice available on GOV.UK, has helped move HMRC from third most phished brand globally to outside the top 100.

Mike Fell, HMRC’s Head of Cyber Security Operations, said: “We work incredibly hard to protect the public from these criminals who ruin lives by stealing from people. It’s great news that fewer people are receiving and reporting these attempted frauds, but it is still important they continue to report suspicious contact to us. We will continue to do everything we can to protect the public from these cynical attempts to impersonate HMRC to steal from people.

“Our advice is – never let yourself be rushed. If someone contacts you saying they are from HMRC, wanting you to urgently transfer money or give personal information, be on your guard. HMRC will never ring up threatening arrest, only criminals do that. Contacts like these should set alarm bells ringing, so take your time and check HMRC scams advice on GOV.UK.”

Some HMRC-themed scams originate abroad. HMRC works closely with national and international law enforcement agencies to combat scams, including collaboration with India as a key international partner in tackling the organised crime groups that run these scams.

Work by the Indian authorities last year resulted in multiple arrests and the closure of criminal call centre operations. In June 2021, 51 people were arrested at two call centres in Delhi, India, that were dedicated to facilitating HMRC scams.

HMRC has a dedicated Customer Protection team working on cyber and phone crime around the clock, closing down scams and sharing intelligence with law enforcement agencies. HMRC also deploys innovative technologies to prevent misleading and malicious communications that impersonate its genuine e-mail channels, from ever reaching the public. Since 2017 these technical controls have allowed HMRC to prevent 500 million bogus emails reaching customers.

More recently, new controls have prevented 90% of the most convincing text messages from reaching the public and joint working with industry partners has prevented the spoofing of most of HMRC’s helpline numbers.

In the last year, HMRC has responded to 670,793 referrals of suspicious contact from the public, with 283,157 of these cases offering bogus tax rebates. Others threaten arrest for tax evasion or offer fake financial support.

As part of HMRC’s action to combat voice scams, the department has set up a direct referral route on GOV.UK where people can report HMRC-related telephone phishing.

HMRC also works with the telecoms industry to remove phone numbers being used to commit HMRC-related phone scams. In December 2021, four phone numbers being used to commit HMRC-related phone scams were removed, which is likely to have prevented hundreds of scam calls being made.

HMRC uses a range of modern methods when communicating with its customers. Criminals will often then try to duplicate those methods to take advantage of people. HMRC is doing everything it can to stay one step ahead of the criminals to keep its customers and their information safe.

Search ‘scams’ on GOV.UK for information on how to recognise genuine HMRC contact and how to avoid scams. Forward suspicious texts claiming to be from HMRC to 60599 and emails to phishing@hmrc.gov.uk. Report tax scam phone calls on GOV.UK.

Retirement misery still looms for thousands, despite reforms

New pension regulations came into force on 30 November 2021. The new regulations permit Trustees to block or suspend a suspicious-looking pension transfer if they believe that the transfer could be to a scheme that is fraudulent.

These new regulations could prove to be the most significant development in preventing pension scams.

Paul Higgins of Pension Justice, a law firm that has helped recover millions of pounds in mis-sold pensions, says: “I am delighted that the Government has brought in this new rule, and I hope that this will prevent pension scams taking place so that pension investors will not lose their life savings.

“Unfortunately, there are still hundreds of thousands of people who have previously taken their money out of pensions and handed over their life savings after being badly advised to invest in worthless, unregulated investments like carbon credits, ethical forestry, storage pods, to name but a few”.

One of Pension Justice’s clients, Mrs F from Burnley, lost her entire life savings worth over £157,000 after being persuaded by an “advisor” from Asset Management Advisory Services (AMASS) Ltd (t/a AMASS Europe) to transfer her pensions into a SIPP and “invest” in an EPS Portfolio with Avalon.

The advisor paid themselves £3,842.10 in commission and then arranged to “invest” Mrs F’s £149,000.00 in what turned out to be unregulated funds promising unrealistically high returns.

The investments subsequently failed, and Mrs F lost her entire life savings. It then transpired that the advisor and their company had minimal authorisation from the Financial Conduct Authority and were not authorised to provide advice on pensions and investments.

Pension Justice took up the case with the FSCS (Financial Services Compensation Scheme) and recovered compensation of £85,000.00 on behalf of their client which was the maximum payable under the scheme.

Paul says: “One of Mrs F’s pensions was a gold-plated defined benefit scheme pension with Proctor and Gamble. Under the new rules Proctor and Gamble could have prevented the transfer from taking place and, in which case, Mrs F would not have lost her life savings.

“Unfortunately, we know that there are still hundreds of thousands of pension investors who have lost all their pensions and are facing a miserable retirement with little or no money apart from their state pensions. Some are even being forced to carry on working way past retirement age”.

Paul and his team at Pension Justice have managed to recover sums up to £189,591.37 for his clients, many of whom have been scammed by cold callers and told that they could “double their money” or are promised potentially incredible returns if they transfer their hard-earned pension pots.

Scammers will use Christmas and the New Year to target the public

Christmas is nearly with us, but it is not only the goose getting fat! Scammers, are ready, able, and keen to target the pubic, say leading tax and advisory firm Blick Rothenberg.

Fiona Fernie, a partner at the firm, said: “Christmas and the January sales may be ‘the most wonderful time of the year’, but they are also a time of mixed emotions, the desire to buy presents for friends and family, and anxiety about being able to pay the bills. Scammers are just waiting to take advantage.

“Scamming is a huge issue, which we all need to recognise and take action to mitigate.

“The increase in on-line shopping during the pandemic has provided scammers with an extra opportunity to obtain credit card details. People have had their online accounts hacked enabling their credit cards to be used which has caused a great deal of distress.”

Fiona said: “There is also increasing evidence of people receiving emails purporting to be from major retailers such as the supermarkets, saying that the individual has been selected to receive some sort of reward for customer loyalty if they just key in their bank details.

“Such emails play on concerns about the cost of Christmas and can look very much like the real thing, so it pays to be vigilant.”

She added: “It is always sensible to pay for items online using a credit card rather than a debit card and to check statements carefully each month. Any item which you do not recognise should be reported to the credit card company immediately for investigation.

“In addition, anybody who receives an email or SMS message suggesting that they are due a reward or owe money should take some basic precautions:

Use passphrases with a combination of upper- and lower-case letters, numbers, and symbols when online shopping.
Use different phrases for different online accounts.
Ensure that two-stage authentication is triggered on all credit cards and online bank accounts – preferably this will include sending a passcode to your mobile phone as well as using the appropriate passphrase.
Click on/hover over the “display name” email address from which you have received any email which offers you a reward. This will show you the full details of the sender and will help to determine whether the email is likely to be from a legitimate source. For example, I am currently receiving emails purporting to be from Amazon and Aldi but sent from websites and email addresses that are clearly not them.

If this happens to you:

Do not reply to the emails or SMSs;
Do not call the phone number listed in an SMS;
Do not click on any links or open any attachments in emails;
Do not visit websites detailed in the messages;
Do not provide personal or financial details.”

Fiona said: “The problem does not stop with the order process either.

“I have heard of several examples of deliveries being made to the doorstep but disappearing before individuals could take them in, so it is clearly sensible to have a reciprocal agreement with neighbours for taking in parcels when the intended recipient is not at home.

“Don’t let scammers or opportunists spoil your Christmas!”

HMRC warns customers about Self Assessment tricksters

As HM Revenue and Customs (HMRC) prepares to issue emails and SMS to Self Assessment customers, the department is reminding them to be on their guard after nearly 800,000 tax-related scams were reported in the last year.

Fraudsters use Self Assessment to try and steal money or personal information from unsuspecting individuals. In the last year alone, HMRC has received nearly 360,000 bogus tax rebate referrals.

The Self Assessment deadline is 31 January 2022 and customers may expect to hear from HMRC at this time of year. More than 4 million emails and SMS will be issued this week to Self Assessment customers pointing them to guidance and support, prompting them to think about how they intend to pay their tax bill, and to seek support if they are unable to pay in full by 31 January.

However, the department is also warning customers to not be taken in by malicious emails, phone calls or texts, thinking that these are genuine HMRC communications referring to their Self Assessment tax return.

Myrtle Lloyd, HMRC’s Director General for Customer Services, said: “Never let yourself be rushed. If someone contacts you saying they’re from HMRC, wanting you to urgently transfer money or give personal information, be on your guard.

“HMRC will also never ring up threatening arrest. Only criminals do that.

“Scams come in many forms. Some threaten immediate arrest for tax evasion, others offer a tax rebate. Contacts like these should set alarm bells ringing, so if you are in any doubt whether the email, phone call or text is genuine, you can check the ‘HMRC scams’ advice on GOV.UK and find out how to report them to us.”

Criminals use emails, phone calls and text messages to try and dupe individuals, and often mimic government messages to make them appear authentic. They want to trick their victims into handing over money or personal or financial information.

Customers can report suspicious phone calls using a form on GOV.UK; customers can also forward suspicious emails claiming to be from HMRC to phishing@hmrc.gov.uk and texts to 60599.

HMRC has a dedicated team working on cyber and phone crimes. They use innovative technologies to prevent misleading and malicious communications from ever reaching the customer.

Since 2017 these technical controls have prevented 500 million emails from reaching HMRC’s customers. More recently, new controls have prevented 90% of the most convincing SMS messages from reaching the public and controls have been applied to prevent spoofing of most HMRC helpline numbers.

HMRC is also reminding Self Assessment customers to double check websites and online forms before using them to complete their 2020/21 tax return.

People can be taken in by misleading websites designed to make them pay for help in submitting tax returns or charging to connect them to HMRC phone lines.

Customers who are in any doubt about whether a website is genuine should visit GOV.UK for more information about Self Assessment and use the free signposted tax return forms.

HMRC: Self Assessment deadline countdown begins

HM Revenue and Customs (HMRC) is reminding Self Assessment customers that today, on Sunday 24 October, they have ONE WEEK LEFT to submit paper tax returns and 100 days to go for online tax returns.

The Self Assessment tax return deadlines for 2020/21 tax year are 31 October 2021 for paper returns and 31 January 2022 if customers complete their tax return online.

More than 10.7 million customers completed a tax return by 31 January 2021, of those 96% submitted it online. Completing it online is the quickest method and with around 100 days to go, customers have plenty of time to get it done.

Even if customers submit their completed tax return now, they do not have to pay any tax owed until 31 January 2022. Anyone who is worried about how to pay their bill can access support on GOV.UK. Various payment options include:

· Paying through a customers’ tax code (PAYE customers only)

· Payment on Account

· Setting up an online monthly payment plan (self-serve Time to Pay)

· Pay by debit or corporate credit card

· Pay at a bank or building society

Visit GOV.UK for a full list of payment options and the eligibility criteria. Customers should contact HMRC if they have concerns about paying their bill.

Myrtle Lloyd, HMRC’s Director General for Customer Services, said: “There are 100 days left to complete your tax return, but you don’t have to wait for the 31 January deadline. Why not do it now and get it out of the way? Visit GOV.UK and search ‘self assessment’ to find out more.”

The 2020/21 tax return covers earnings and payments during the pandemic. Customers will need to declare if they received any grants or payments from the COVID-19 support schemes up to 5 April 2021 on their Self Assessment, as these are taxable, including:

· Self-Employment Income Support Scheme (SEISS)

· Coronavirus Job Retention Scheme (CJRS)

· Other COVID-19 grants and support payments such as self-isolation payments, local authority grants and those for the Eat Out to Help Out scheme

The £500 one-off payment for working households receiving tax credits should not be reported in Self Assessment.

HMRC urges everyone to be alert if they are contacted out of the blue by someone asking for money or personal information. HMRC sees high numbers of fraudsters emailing, calling or texting people claiming to be from the department.

If in doubt, HMRC advises not to reply directly to anything suspicious, but to contact them straight away and to search GOV.UK for ‘HMRC scams’.

Heartbreaking: Britons lose £204.5 million to dating scams, hacking and more in past 12 months

The UK reports losses of around £204.5M over the past 12 months due to personal, digitally driven crimes
Almost 23,000 cases of fraudulent activity relating to plastic cards and online bank accounts have been logged since September last year
Alarmingly, 49% of Brits don’t know if their smartphone has security software installed, or have none at all

Following last week’s Twitch data leaks on 4chan, a new study reveals that the UK’s public has lost as much as £204.5 million to personal, digitally driven crimes in the past 12 months. Additionally, as many as 26 million British adults – 49% of residents over the age of 16 – report either not knowing whether their smartphone has security software installed, or having none at all.

App development company Bacancy Technology analysed statistics drawn from the National Fraud Intelligence Bureau (NFIB), focusing on crimes more likely to befall members of the public – such as dating scams, personal and social media hacking, computer viruses and banking app fraud.

In total the UK has filed a total of 60,297 reports of criminal activity dating back to September of last year, culminating in a total loss of £204.5M to the personal finances of British citizens.

Across the selected categories, cyber-assisted crimes involving cheque, plastic card and online bank accounts have seen the highest number of incidents, at 22,981 reported cases, with an overall personal financial loss of £102.3M – an average of £4,451 per case.

Social media and email hacking ranks second highest in the list in terms of the number of reported incidents, standing at 12,225 reports over the last 12 months. However, the high volume of cases is offset by an average loss per case of £204 – amassing to an overall financial loss of a lesser £2.5M.

With Dating scams, it’s the opposite. A smaller number of reported cases (9,388 over 12 months) has resulted in Brits taking financial losses of £97,600,000 – with each individual case costing over £10,000 on average.

Ranking fourth and fifth on the list are reported crimes surrounding computer viruses/malware and personal hacking – which relates to hacked devices, rather than accounts. Despite a large number of reported incidents over the past 12 months (7,893 and 6,649 respectively), each of these crimes have resulted in smaller average losses per case, with figures under £100.

Top 5 personal digital crimes – UK, over 12 months (Oct 20 – Oct ’21)

Type of crime	Number of reported crimes	Reported financial loss (in GBP)	Average loss per case
Cheque, Plastic Card & Online Bank Accounts	22,981	£102,300,000	£4,451
Hacking – Social Media & email	12,225	£2,500,000	£204
Dating Scams	9,388	£97,600,000	£10,396
Computer Virus/Malware/Spyware	7,893	£348,400	£44
Hacking – Personal	5,649	£511,900	£90

Despite the variety of security apps readily available on both the Apple and Android stores, around 26 million Brits – a total of 49% – may be at risk.

Further data drawn from an ONS survey shows that one in three Brits (32%) are unaware of whether their smartphones have security software installed, while almost one in five (17%, or nine million adults) reported not having security software of any kind – leaving them open to potential cyber-crime and fraudulent activity.

Do you have security software installed on your smartphone?

	All	16-24	25-34	35-44	45-54	55-64	65+
Automatically installed/provided with operating system	40	39	46	36	44	37	38
Installed/subscribed	11	8	9	14	13	12	11
Do not have smartphone security	17	27	18	19	15	9	11
Don’t know	32	26	27	31	29	42	41

Commenting on the findings, a spokesperson for Bacancy Technology said: “Recent events in the news have highlighted the importance of maintaining security over our personal data and finances.

“Even so, it seems that while the British public are aware of the potential dangers of online activities, many are failing to take steps to adequately protect themselves and their loved ones. Digital security is of the utmost importance, and everyone with a smart device should take necessary precautions to ensure their safety.”

This research was conducted by app development company Bacancy Technology, an exclusive hub of top software developers, UI/UX designers, QA experts and more, offering development services aimed at the creation of high-end, enviable applications.

HMRC warns students of scams

University students taking part-time jobs are at increased risk of falling victim to scams, HM Revenue and Customs (HMRC) is warning.

Higher numbers of students going to university this year means more young people may choose to take on part-time work. Being new to interacting with HMRC and unfamiliar with genuine contact from the department could make them vulnerable to scams.

In the past year almost 1 million people reported scams to HMRC.

Nearly half of all tax scams offer fake tax refunds, which HMRC does not offer by SMS or email. The criminals involved are usually trying to steal money or personal information to sell on to others. HMRC is a familiar brand, which scammers abuse to add credibility to their scams.

Links or files in emails or texts can also download dangerous software onto a computer or phone. This can then gather personal data or lock the recipient’s machine until they pay a ransom.

Between April and May this year, 18 to 24-year olds reported more than 5,000 phone scams to HMRC.

Mike Fell, Head of Cyber Security Operations at HMRC, said: “Most students won’t have paid tax before, and so could easily be duped by scam texts, emails or calls either offering a ‘refund’ or demanding unpaid tax.

“Students, who will have had little or no interaction with the tax system might be tricked into clicking on links in such emails or texts.

“Our advice is to be wary if you are contacted out of the blue by someone asking for money or personal information. We see high numbers of fraudsters contacting people claiming to be from HMRC. If in doubt, our advice is – do not reply directly to anything suspicious, but contact HMRC through GOV.UK straight away and search GOV.UK for ‘HMRC scams’.”

In the last year (September 2020 – August 2021) HMRC has:

· responded to 998,485referrals of suspicious contact from the public. Nearly 440,730 of these offered bogus tax rebates

· worked with the telecoms industry and Ofcom to remove 2,020 phone numbers being used to commit HMRC-related phone scams

· responded to 413,527 reports of phone scams in total, an increase of 92% on the previous year. In April last year we received reports of only 425 phone scams. In August 2021 this had risen to 3,269

· reported 12,705 malicious web pages for takedown

· detected 463 COVID-19-related financial scams since March 2020, most by text message

· asked Internet Service Providers to take down 443 COVID-19-related scam web pages.

By June this year, more than 680,000 students had applied to university, and over 900,000 held part time jobs during the 2020-21 academic year.

HMRC’s advice is:

Stop:

· Take a moment to think before parting with your money or information.

· Don’t give out private information or reply to text messages, and don’t download attachments or click on links in texts or emails you weren’t expecting.

· Do not trust caller ID on phones. Numbers can be spoofed.

Challenge:

· It’s ok to reject, refuse or ignore any requests – only criminals will try to rush or panic you.

· Search ‘scams’ on GOV.UK for information on how to recognise genuine HMRC contact and how to avoid and report scams.

Protect:

· Forward suspicious emails claiming to be from HMRC to phishing@hmrc.gov.uk and texts to 60599. Report scam phone calls on GOV.UK.

· Contact your bank immediately if you think you’ve fallen victim to a scam, and report it to Action Fraud (in Scotland, contact the police on 101).

Data about student university applications can be found here.

Data on part-time student employment can be found here.

Follow the National Cyber Security Centre’s steps on keeping secure online at CyberAware.gov.uk.

Follow HMRC’s Press Office on Twitter @HMRCpressoffice

New drivers urged to avoid car insurance scams on social media

The IFB is warning new drivers to watch out for a rising scam known as ‘Ghost Broking’ which involves bogus car insurance deals being sold on social media, as it could cost them their first car.
The warning comes as hundreds of thousands of learners get set to pass their driving tests as they catch up from the disruption caused by Covid-19.
The Driver & Vehicle Standards Agency (DVSA) also provides comment.
Statistics and campaign content can be found in the notes to newsroom.

The Insurance Fraud Bureau (IFB) is urging new drivers to watch out for bogus car insurance deals being promoted on social media, as hundreds of thousands of learners* get set to pass their tests following a year of disruption caused by Covid-19.

Fake car insurance sales known as ‘Ghost Broking’ is a growing scam which involves fraudsters pretending to be Insurance Brokers in order to sell unrealistically cheap and completely fake policies, often to younger drivers via Facebook and Instagram.

With a large influx of new drivers on the horizon following confirmation from the Driver & Vehicle Standards Agency (DVSA) that driving test centres face an unprecedented challenge to reduce waiting times left by the pandemic, the IFB is warning new motorists to be vigilant to bogus car insurance deals on social media as it could cost them their first car.

Stephen Dalton, Head of Intelligence and Investigations at the IFB, said: “The last thing new drivers need right now is to risk losing their car for no insurance because they’ve been duped by a scammer on social media.

“Drivers must carry out basic checks to make sure they’re buying car insurance through a trusted provider, or they’ll be making a very expensive mistake.

“I encourage anyone who’s seen evidence of an insurance scam to report it to the IFB’s confidential Cheatline online or on 0800 422 0421.”

Mark Magee, Head of Driver Policy at the DVSA, said: “DVSA’s priority is to help everyone through a lifetime of safe driving.

“As well as ensuring you have the skills, knowledge and understanding attitude to drive safely, having valid insurance is of the utmost importance when you drive on your own.

“Check to make sure insurance brokers are genuine before parting with your money.”

Learner drivers in a driving school are typically covered by their instructor’s insurance policy, until they pass their test and need to take out motor insurance for their first car. With a rush of new drivers approaching and with so many people facing financial hardship, the IFB is concerned it will provide fertile ground for ‘Ghost Broker’ scammers.

Fraudsters often tempt younger people with their bogus car insurance deals by promoting unrealistically cheap prices up front, despite the fact insurance is meant to be priced based on the risk of the individual. They often then encourage contact with them through popular end-to-end encrypted messaging software such as WhatsApp.

The IFB which is a not-for-profit organisation that works with the police to crackdown on organised insurance scams has seen its investigations into ‘Ghost Broking’ double since 2016, and the scam has remained prevalent throughout the pandemic.

IFB investigations have found cash-strapped young drivers forking out hundreds of pounds for car insurance that in reality is worth no more than a photoshopped piece of paper. In some cases scammers also use stolen personal information to take out policies which are then doctored before being sold on to customers.

Driving without valid insurance is easily detected by police. Uninsured drivers can have their vehicle instantly seized and are likely to receive six licence points. They can also face court where they might receive an unlimited fine and a driving ban. Furthermore, an uninsured driving conviction will show on records and can affect job prospects.

If a collision is caused by the uninsured driver they may also be liable for covering the costs which can run into the thousands.

Avoiding fake car insurance deals

New drivers are urged to avoid deals on social media or messaging apps and to only purchase car insurance through reputable sellers.

If buying through an Insurance Broker they should check the seller is registered with the British Insurance brokers’ Association (BIBA).
If buying directly through an insurer they should appear as a registered member of the Motor Insurers’ Bureau (MIB).
Checks can also be made to see Insurance Advisors are registered with the Financial Conduct Authority (FCA).

Anyone with evidence of an insurance scam can contact the IFB’s Cheatline which is quick, easy and confidential to use.

The Cheatline can be contacted online or via phoneline (powered by Crimestoppers) on 0800 422 0421.

Looking for Love? Romance fraud has soared by 40% during the pandemic, Which? warns

Which? is calling for greater protections for devastated victims of romance fraud, as new analysis from the consumer champion shows a dramatic spike in cases during the pandemic.

Dating without meeting in person has become the new normal in the last year, giving fraudsters new opportunities to take advantage of online daters.

Which? analysis of Action Fraud data shows romance fraud was up by 40 per cent in the year to April 2021, with over 7,500 reported scams.

Reported losses reached £73.9 million during this period but the true figure is likely to be much higher as many victims are too embarrassed or upset to tell the authorities.

Romance scams are a sophisticated type of fraud – with scammers preying on the emotional vulnerability of the victim and building trust with them before asking for money. Fraudsters often claim that they need the money to travel to the UK to build a life together.

Andrew (not his real name) was exchanging messages with a potential love interest on dating website ‘Older Dating Online’ in November 2019. After weeks of emails and telephone calls, plans were made to meet for the first time.

As the woman was supposedly based in Russia, she asked for £650 to obtain a passport. This was quickly followed by more requests – £3,000 to prove to Russian authorities that she had sufficient cash to visit the UK and funds to cover medical expenses for her father who had Covid-19.

In many cases, scammers are likely to be gangs of organised criminals looking to part people from their hard-earned cash.

He said: “I became suspicious and contacted my bank to report the scam, but the money couldn’t be recovered. I haven’t dated at all since the scam. I am not one who exudes confidence in that area and with Covid-19 rearing its ugly head, more traditional ways have not been possible.

“I didn’t report what happened on the website. Likely at the time for the reason I guessed it was my fault for being taken in, not their fault for being in existence.”

David, 65, (not his real name) was also cheated out of nearly £4,000 after meeting someone on Twitter. This scammer posed as a young woman, but David later discovered he was messaging a man in Nigeria.

David thought the money he sent was to pay for a flight ticket and a visa for her to come to the UK to live, marry him and settle down as a family. He said: “After I found out the truth, I was heartbroken and very upset.

“My emotions were all over the place finding it difficult to accept that I had been taken in. This is such a cruel thing to do to an elderly pensioner who wanted love but instead got fleeced by this evil corrupt man who has no shame in what he did to me and no doubt has done to many others.”

Twitter has since permanently suspended the scammer’s profile.

When online dating, consumers should always be on high alert for fraudsters using stolen photos – even in video calls.

One Which? member reported via the consumer champion’s Scam Watch inbox that she had a strange video call with someone she later discovered was using stolen video footage. She said: “How they did it I have no idea because I discovered those pictures were of a plastic surgeon in the USA. It worries me that some women will fall for it.”

To find out whether a photo is fake, consumers can use TinEye or Google Image Search to do a reverse image search. This tracks where else on the internet this photo exists to see if it could be a stock or stolen image.

The consumer champion’s findings raise serious questions about the legal responsibilities of online platforms and online sites to protect their users from fake and fraudulent content and potential scams.

The contingent reimbursement model code, in place since May 2019 and signed by the majority of banks, makes clear that victims of bank transfer scams should be reimbursed for their losses when they are not at fault.

Victims who, like Andrew, are convinced to transfer funds to non-UK accounts will not be covered by the code. Only transfers between UK accounts can benefit from the limited protection offered by the code. Under this code, 38% of all losses were returned to romance fraud victims in 2020, up from 6% in the six months before the code was introduced.

However, Which? is concerned that banks are applying the code inconsistently. While some firms reimburse the majority of APP fraud victims, others only reimburse around one in 10 – meaning that many victims face a lottery when it comes to getting their money back.

Customers in need of support when trying to recoup their losses often face a grilling over their actions from banks, compounding the devastating emotional impact of their ordeal.

The consumer champion is calling for the Payment Systems Regulator and government to establish mandatory standards of consumer protection to protect victims from the current unfair and inconsistent approach by industry. Banks should also be made to regularly publish their reimbursement rates to improve transparency.

Adam French, Which? Consumer Rights Expert, said: “Romance scams are particularly devastating for victims, who may be vulnerable when they are targeted by fraudsters – and it is very worrying to see such a huge rise in these scams as criminals look to exploit the pandemic.

“Where appropriate, banks and payment providers should be following the code they signed up to and reimbursing victims of scams that use sophisticated psychological tactics to trick victims into handing over their cash. Anyone who is struggling to get their money back from their bank should report this to the Financial Ombudsman Service to review their case.

“The voluntary code on scams has led to a reimbursement lottery for victims. It should be replaced with mandatory standards for protection and reimbursement and strong enforcement for firms that don’t follow the rules.”

Which?: Some banks leaving customers exposed to scammers

Some banks can and should be doing more to protect their customers from criminals trying to steal sensitive information, Which? research has found.

With the last year seeing an increase in scams, many consumers will expect that the companies they deal with in their everyday lives are doing everything they can to protect them.

However, a new Which? investigation has found that some banks are failing to use all the tools available to them to combat scammers, leaving weaknesses in their security systems that scammers could exploit.

The consumer champion looked into what protections banks were putting in place to protect their customers from receiving fraudulent emails, SMS messages and phone calls.

These so-called phishing attacks are worryingly common. Scammers send legitimate-looking messages that are designed to tempt people into divulging sensitive information, such as bank account details, usernames or passwords.

Phishing scams may try to imitate (or ‘spoof’) banks’ genuine email addresses or domains, sometimes by making slight changes – for instance, by changing ‘.co.uk’ to ‘.com’.

Banks should be implementing a system that protects web addresses they own or use – known as ‘domain-based message authentication, reporting and conformance’ (DMARC) – to prevent spoofing attacks.

Banks can use DMARC to tell email providers how to handle the unauthorised use of their domains.

The process of introducing DMARC is frequently done gradually: by initially setting records to ‘none’ (a monitoring phase where no action is taken if DMARC checks fail) before working towards ‘quarantine’ (which moves emails to junk/spam if they fail the checks) and ultimately, a policy of ‘reject’ (which blocks all emails that fail the checks).

When Which? asked security experts at technology company 6point6 in April to check whether banks offered this protection, some banks were falling short.

At the time of the investigation, the Bank of Ireland and Agricultural Mortgage Corporation – a wholly owned subsidiary of Lloyds Banking Group – had not yet introduced DMARC.

This could have allowed scammers to forge their email address and send messages that would appear indistinguishable from genuine ones from their bank. Both have since taken action to resolve this.

The investigation also found that Nationwide, TSB and Virgin Money – nationwide.co.uk, tsb.co.uk and virginmoney.com, respectively – had not set their policies to ‘reject’ all emails that fail DMARC checks. TSB and Virgin Money told the consumer champion that they are working towards this.

Nationwide said it has security features to protect against spoofing and will ‘look at ways to improve email security, including future enhancements to DMARC security.’

The investigation also uncovered that The Co-operative Bank, First Direct, Starling and Tesco Bank had no DMARC system in place for their alternative domains, but did for their primary domains.

Although The Co-operative Bank has protected its ‘co-operativebank.co.uk’ email address, there are no DMARC records for ‘co-operative.co.uk’ and ‘coop.co.uk’ – two domains that are owned by The Co-operative Group, a separate company not associated with the bank – making them vulnerable to scammers who could pose as The Co-operative Bank using alternative email addresses.

Since the investigation, Starling and Tesco Bank have now applied DMARC to alternative domains, starlingbank.co.uk and tescobank.co.uk, respectively.

First Direct and The Co-operative Bank told Which? they are reviewing the inclusion of their alternative domains – firstdirect.co.uk and co-operativebank.com – within their existing DMARC policies.

While banks are further ahead than other industries when it comes to implementing DMARC, Which? believes that it is often too hard for customers to tell the difference between a phishing email and genuine communication from banks due to inconsistent practices across the industry.

This is particularly concerning amid a worrying culture of banks blaming victims for falling for scammers’ tricks, despite their heightened sophistication. This means people often face a lottery to get their money reimbursed under the industry’s voluntary bank transfer scams code.

Which? is calling for all banks to implement DMARC and configure it correctly, setting their policies to ‘reject’, meaning email providers should block any emails that fail these checks.

Banks should also be clamping down on number spoofing, which involves scammers manipulating caller IDs to mimic the phone numbers of legitimate organisations. To tackle this, Ofcom worked with the banking industry body UK Finance to identify a list of ‘do not originate’ (DNO) numbers – numbers that are never used for outbound calls.

Most banks had signed up to the scheme at the time of the investigation, apart from The Co-operative Bank and Nationwide – although both have since told Which? they plan to join.

Banks can also protect their SMS headers – the name or number a text message appears to come from – against spoofing by registering with the SMS SenderID Protection Registry run by the Mobile Ecosystem Forum.

The consumer champion believes that if banks did not include weblinks or phone numbers in their official SMS communications – sensitive information that is prone to spoofing – consumers could feel more secure and be able to spot scams more easily.

Which? is working on a best practice guide for businesses to help raise standards of SMS communications and bring greater consistency to how they protect consumers.

Jenny Ross, Which? Money Editor, said: “It has never been harder for people to know whether they’re receiving genuine communications from their bank, or being tricked – so it is crucial that banks take every measure to protect their customers from these devastating scams.

“These include implementing email scam protections properly and no longer putting phone numbers and links in messages, to ensure customers feel safe and can bank with confidence.”