Which?: Some banks leaving customers exposed to scammers

Some banks can and should be doing more to protect their customers from criminals trying to steal sensitive information, Which? research has found. 

With the last year seeing an increase in scams, many consumers will expect that the companies they deal with in their everyday lives are doing everything they can to protect them.

However, a new Which? investigation has found that some banks are failing to use all the tools available to them to combat scammers, leaving weaknesses in their security systems that scammers could exploit. 

The consumer champion looked into what protections banks were putting in place to protect their customers from receiving fraudulent emails, SMS messages and phone calls.

These so-called phishing attacks are worryingly common. Scammers send legitimate-looking messages that are designed to tempt people into divulging sensitive information, such as bank account details, usernames or passwords.

Phishing scams may try to imitate (or ‘spoof’) banks’ genuine email addresses or domains, sometimes by making slight changes – for instance, by changing ‘.co.uk’ to ‘.com’. 

Banks should be implementing a system that protects web addresses they own or use – known as ‘domain-based message authentication, reporting and conformance’ (DMARC) – to prevent spoofing attacks.

Banks can use DMARC to tell email providers how to handle the unauthorised use of their domains. 

The process of introducing DMARC is frequently done gradually: by initially setting records to ‘none’ (a monitoring phase where no action is taken if DMARC checks fail) before working towards ‘quarantine’ (which moves emails to junk/spam if they fail the checks) and ultimately, a policy of ‘reject’ (which blocks all emails that fail the checks). 

When Which? asked security experts at technology company 6point6 in April to check whether banks offered this protection, some banks were falling short. 

At the time of the investigation, the Bank of Ireland and Agricultural Mortgage Corporation – a wholly owned subsidiary of Lloyds Banking Group – had not yet introduced DMARC.

This could have allowed scammers to forge their email address and send messages that would appear indistinguishable from genuine ones from their bank. Both have since taken action to resolve this. 

The investigation also found that Nationwide, TSB and Virgin Money – nationwide.co.uk, tsb.co.uk and virginmoney.com, respectively – had not set their policies to ‘reject’ all emails that fail DMARC checks. TSB and Virgin Money told the consumer champion that they are working towards this. 

Nationwide said it has security features to protect against spoofing and will ‘look at ways to improve email security, including future enhancements to DMARC security.’ 

The investigation also uncovered that The Co-operative Bank, First Direct, Starling and Tesco Bank had no DMARC system in place for their alternative domains, but did for their primary domains.  

Although The Co-operative Bank has protected its ‘co-operativebank.co.uk’ email address, there are no DMARC records for ‘co-operative.co.uk’ and ‘coop.co.uk’ – two domains that are owned by The Co-operative Group, a separate company not associated with the bank – making them vulnerable to scammers who could pose as The Co-operative Bank using alternative email addresses. 

Since the investigation, Starling and Tesco Bank have now applied DMARC to alternative domains, starlingbank.co.uk and tescobank.co.uk, respectively.

First Direct and The Co-operative Bank told Which? they are reviewing the inclusion of their alternative domains – firstdirect.co.uk and co-operativebank.com – within their existing DMARC policies.

While banks are further ahead than other industries when it comes to implementing DMARC, Which? believes that it is often too hard for customers to tell the difference between a phishing email and genuine communication from banks due to inconsistent practices across the industry. 

This is particularly concerning amid a worrying culture of banks blaming victims for falling for scammers’ tricks, despite their heightened sophistication. This means people often face a lottery to get their money reimbursed under the industry’s voluntary bank transfer scams code.

Which? is calling for all banks to implement DMARC and configure it correctly, setting their policies to ‘reject’, meaning email providers should block any emails that fail these checks. 

Banks should also be clamping down on number spoofing, which involves scammers manipulating caller IDs to mimic the phone numbers of legitimate organisations. To tackle this, Ofcom worked with the banking industry body UK Finance to identify a list of ‘do not originate’ (DNO) numbers – numbers that are never used for outbound calls. 

Most banks had signed up to the scheme at the time of the investigation, apart from The Co-operative Bank and Nationwide – although both have since told Which? they plan to join.

Banks can also protect their SMS headers – the name or number a text message appears to come from – against spoofing by registering with the SMS SenderID Protection Registry run by the Mobile Ecosystem Forum. 

The consumer champion believes that if banks did not include weblinks or phone numbers in their official SMS communications – sensitive information that is prone to spoofing – consumers could feel more secure and be able to spot scams more easily. 

Which? is working on a best practice guide for businesses to help raise standards of SMS communications and bring greater consistency to how they protect consumers. 

Jenny Ross, Which? Money Editor, said: “It has never been harder for people to know whether they’re receiving genuine communications from their bank, or being tricked – so it is crucial that banks take every measure to protect their customers from these devastating scams. 

“These include implementing email scam protections properly and no longer putting phone numbers and links in messages, to ensure customers feel safe and can bank with confidence.”

Coalition urges Online Safety Bill to protect people from an avalanche of online scams

A coalition of organisations championing consumers, and representing civil society and business, have today joined forces to warn that the UK risks failing in its ambition to be the safest place in the world to be online unless it uses new laws to protect people from an avalanche of online scams.

In a joint letter to the Home Secretary and Digital Secretary, 17 organisations have urged the government to include online scams in its proposed Online Safety Bill – which could be announced in next week’s Queen’s Speech – so that consumers are better protected against the devastating financial and emotional harm caused by these crimes.

The organisations that have signed the letter include Which?, the Money and Mental Health Policy Institute, Carnegie UK Trust, UK Finance, the Personal Investment Management and Financial Advice Association (PIMFA), the City of London Corporation, City of London Police, The Investment Association, Association of British Insurers (ABI), MoneySavingExpert and Age UK.

From using social media to stay in touch with friends and family to using search engines to research potential investments at a time of record-low interest rates – the coronavirus crisis has meant people are spending more time online than ever before.

However, scams have escalated in the past 12 months, with Action Fraud figures showing that £1.7 billion was reportedly lost to scams in the last year. Many criminals have shifted their activity online. Action Fraud estimates that in the year to June 2020, 85% of all fraud was cyber-enabled.

The actual financial losses are likely to be much higher and do not capture the devastating emotional impact on victims. Research also shows that vulnerable people, including those experiencing mental health problems, are more at risk of falling victim to these crimes online. 

In their letter, the organisations write: Online platforms play a pivotal role in enabling criminals to reach and defraud internet users through the hosting, promotion and targeting of fake and fraudulent content on their sites, including adverts that they make significant profits from.

Yet platforms have very little legal responsibility for protecting their users, despite often being the best placed to tackle harmful content. 

“While we recognise there are initiatives being progressed by the Government designed to tackle aspects of online fraud, there is a growing risk that current plans for future regulatory frameworks are not taking a comprehensive approach to the threats faced by consumers and do not reflect the extent or urgency of the problem.

UK Finance figures show a 32 per cent increase in investment scam cases in 2020, which are often promoted through adverts on search engines and social media offering higher than average returns.

One victim of such a scam was Maria Teresa Jackson, 63, a teacher. Ms Jackson was tricked by an advert she saw on a social media site, featuring a fake news story with fabricated quotes from celebrity adventurer Bear Grylls, who supposedly told how he had become a millionaire by trading in Bitcoin. 

She clicked the button and put in her details and soon received a phone call from a “financial advisor” who showed her around a professional looking website, and was very knowledgeable about trading. Over time she was persuaded to transfer increasing amounts of money to the scammer.

It later became clear that the Bitcoin did not exist. Scammers stole nearly £120,000 and First Direct, her bank, has so far refunded her half that amount. 

She said: “I felt completely sick. I’m overall better now but often I get flashbacks of certain events and that upsets me a lot. I usually get them at night when I’m in bed and when that happens, it sets the tone for a bad night’s sleep.” 

A spokesperson for First Direct said: “We would like to offer our sincerest sympathies to Ms Jackson, and fully appreciate how the situation has impacted her. Sadly, there are unscrupulous individuals who carry out criminal activities without any regard for the effect this will have on their victims.

“Although we believe Ms Jackson could have exercised more caution and carried out further checks before making the payments, we could also have offered more effective fraud warnings. So on that basis we’ve refunded 50% of the payments made.”

A wide-ranging consensus has emerged across industry, regulators and consumer groups on the urgent need for action to tackle scams and the critical role that online platforms must take in doing more to protect their users. 

The coalition of groups is calling for online platforms to be given a legal responsibility to protect users from fake and fraudulent content on their sites that lead to scams. The government now has a perfect opportunity to deliver this in its proposed Online Safety Bill, which could be announced as part of next week’s Queen’s Speech on 11 May.

Anabel Hoult, CEO of Which?, said: “The biggest online platforms have some of the most sophisticated technology in the world, yet they are failing to use it to protect scam victims who are suffering devastating financial and emotional harm due to the flood of fake and fraudulent content posted online by criminals.

“The time for self-regulation is over, as clearly it has not worked. The case for including scams in the Online Safety Bill is overwhelming and the government must take the opportunity to act now. Online platforms must be given a legal responsibility to prevent, identify and remove fake and fraudulent content on their sites so that their users are better protected.”

Martin Lewis, Founder of the Money and Mental Health Policy Institute and MoneySavingExpert.com, said: “It beggars belief that the government’s Online Safety Bill could ignore the epidemic of scams that the UK faces – but that’s the plan. Scams don’t just steal people’s money, they can take their self-respect too and those with mental health problems are three times more likely to be affected.

“The policing of scams is critically underfunded, leaving criminals to get away with these frauds with impunity. The government has a chance to at least deny them the ‘oxygen of publicity’ by making big tech responsible for the scammers adverts it is paid to publish.

“I plead on bended knee for the government to take that opportunity, by putting scams in the Online Safety Bill. Failing to do so will betray its promise to create world-leading online protection and will leave vulnerable people defenceless against online crime in the midst of a global pandemic.”

David Postings, Chief Executive at UK Finance, said: “Fraud has a devastating emotional impact on victims and even when the victim is reimbursed, the stolen cash is used to fund serious organised crimes which damage our society, including terrorism, drug trafficking, and child sexual exploitation. 

“The banking and finance industry is tackling fraud on all fronts, but we can’t do it alone. We need other industries including the online platforms exploited by criminals to join the fight and take responsibility for criminal activity that is happening on their doorstep.

It’s not right that online giants are effectively profiting twice – once from criminals marketing scams on their platforms and again from organisations having to advertise fraud warnings to consumers.

“We are strongly calling on the government to take a major step forward by including economic crime in the upcoming Online Safety Bill and helping ensure tech giants take responsibility for their part in protecting consumers from the scourge of online fraud.”

William Perrin, Trustee at Carnegie UK Trust, said: “Our work at Carnegie UK Trust has set out the case for a systemic, statutory duty of care that would make online platforms take responsibility for the design and processes of their services to reduce online harm.

“This new research underlines the urgent need for action to protect consumers from harms such as online fraud and scams – and the Online Safety Bill is the way to do it. Both the City of London Police and the National Economic Crime Centre have told Parliament that their current powers are not enough to limit the spread of online fraud and scams.

“It is vital that the Government reconsider their inclusion in the Online Safety Bill.”

Liz Field, Chief Executive of PIMFA, commented: “The financial services industry has along with our partners been calling for financial harm to be included in the Online Safety Bill for some time.

“It is now vital that the Government takes action to provide better protection for consumers online by ensuring online search and social media firms take greater responsibility for what we, their customers, see on their platforms.

“The Online Safety Bill could provide a clear legal framework that would protect consumers from ever more sophisticated online fraud, largely perpetrated by organised criminals. PIMFA and our partners in this campaign continue to urge the Government to include financial harm in the Online Safety Bill.

“Doing so would save thousands of victims suffering enormous financial and mental distress and would be one of the best possible ways to disrupt organised crime.”

Watch out for doorstep scammers as lockdown ends, Which? warns

A Which? investigation has found that doorstep scammers are back in business after lockdown restrictions – and these ruthless fraudsters are using new coronavirus scams to target the most vulnerable. 

According to Action Fraud data, £18.7 million was lost to doorstep crime in 2020 alone. With many in-person scams believed to go unreported, the true figures could be even higher.

Doorstep scams can come in many forms. For example, fraudsters might offer building, gardening or home improvement services and then overcharge for or never complete the work. Fraudsters also often pose as salespeople or charity workers as a means of parting people from their hard-earned cash.

The number of reports to police for this type of fraud in April 2020 was 46 per cent lower than April 2019 as doorstep sellers were banned during the lockdown. However, by summer 2020, reports of doorstep scams had returned to pre-pandemic levels, with fewer restrictions stopping fraudsters from going out.

Which? research has found that scammers have exploited vulnerable people’s uncertainty and isolation during the lockdowns and used the pandemic as an opportunity to create new coronavirus frauds and recycle old scams.

A survey of 1,186 Which? members found that 16 per cent have received unsolicited visits from someone claiming to be a salesperson or charity worker since the start of the first lockdown.

9 per cent said that they felt the visitor was pressuring them into making a purchase or performing a certain action, such as donating.

Although Which? doesn’t know how many of these visits were scams, even genuine doorstep selling can leave consumers at a disadvantage. These unexpected visits can also be unnerving – especially for elderly or vulnerable people or if the salesperson is particularly pushy.

Which? member William Grayson, 81, lives alone in Weston-super-Mare, a 40 minute drive from his closest relatives.

William was visited at his home by two volunteers from a ‘Covid support group’ who offered to do shopping and errands for him while he was shielding. He gave the young couple £200 cash over two visits for food and home essentials but never got his shopping. He said: “Realising these people were out to get me made a dark time even darker for me to be honest.”

Which? has heard from other victims across the UK who have been targeted by fraudsters claiming to be from local NHS services offering fast-track testing and vaccines, collecting donations for fake charities and selling vitamin pills that ‘protect against’ Covid-19.

NHS services across England, Wales, Scotland and Northern Ireland continue to stress that all testing and vaccine services are free of charge, and nobody will ever turn up at someone’s home without warning. Those being vaccinated at home will likely be contacted in advance by their local NHS service, or regular district nurse, to arrange an appointment.

An increase in home improvement projects during lockdown provided scammers with new opportunities to rehash old scams.

Over a third (37%) of Which? members surveyed who had an unsolicited door knock said it was someone offering home improvement services.

When two landscapers turned up at Lucy’s, whose name has been changed, front door in Maidenhead last July, offering to tidy up her front garden, she didn’t think it was unusual that they’d asked for the money up front.

She explained: “They said they’d been working on my neighbour’s garden and thought mine looked like it could do with a bit of TLC. It was funny because I’d recently been admiring my neighbour’s new front garden.”

Lucy later found out they weren’t the same traders that had worked on her neighbour’s garden. She has since given up hope of getting any money back.

Unfortunately for Lucy, victims are unlikely to get their money back if they’ve handed over cash.

Cash transactions are also untraceable which makes the perpetrators harder to track down and bring to justice.

Which? advises consumers against buying from unsolicited doorstep sellers. This applies to anyone that calls by who isn’t expected, or who consumers haven’t made an appointment for, such as water or electric meter readings or gas engineers.

If there are any safety fears, police and Trading Standards advise calling 999. This also goes for particularly aggressive traders.

It is banned practice for a trader to refuse to leave your property if you’ve asked, although this may be justified under some circumstances, such as to enforce a contractual obligation.

Consumers should also sign up to Which?’s scam alert service in order to familiarise themselves with some of the latest tactics used by fraudsters, particularly given the explosion of scams since the coronavirus crisis.

Adam French, Which? Consumer Rights Expert, said: “It’s highly concerning that doorstep scammers are back in business and looking to exploit the pandemic in every way they can. We all need to be wary of anyone who knocks on our door unexpectedly.

“Adopting a blanket policy not to buy goods or services offered at the door is a sure-fire way to stop any would-be fraudsters in their tracks. However, if you do decide to purchase something at your door, you should ask the seller for their ID or call the company to verify their identity before making any payments.

“If you encounter a fraudster, you should report this to Action Fraud in England or call Policing Scotland on 101 in Scotland and if you have any safety fears, dial 999 immediately.”

Customers reminded to look out for tax credits renewals packs

HM Revenue and Customs (HMRC) is sending out about 2.5 million annual renewals packs to tax credits customers from this week. Customers should check their details in the renewal pack and report any change in circumstances to HMRC.

The packs will be sent out over the next six weeks and all customers should receive theirs by 4 June.

HMRC recognises that many tax credits customers will have been affected by the pandemic and may have earned less money than in previous years. It is important that customers check the details contained in their annual renewal pack are correct, including income details.

Renewing online is quick and easy. Customers can log into GOV.UK to check on the progress of their renewal, be reassured it is being processed and know when they will hear back from HMRC. Customers can also use the HMRC app on their smartphone to:

  • renew their tax credits
  • check their tax credits payments schedule, and
  • find out how much they have earned for the year

Tax credits help working families with targeted financial support, so it is important that people don’t miss out on money they are entitled to.

If there is a change in a customer’s circumstances that could affect their tax credits claims, they must report the changes to HMRC.

Circumstances that could affect tax credits payments include changes to:

·         living arrangements

·         childcare

·         working hours, or

·         income (increase or decrease)

Customers do not need to report any temporary falls in their working hours as a result of coronavirus. They will be treated as if they are working their normal hours until the Coronavirus Job Retention Scheme closes.

Criminals can take advantage of tax credits renewals to text, email or phone taxpayers offering ‘rebates’ or threatening them with arrest if they don’t pay bogus tax owed. Many scams mimic government messages to look authentic.

If someone contacts a customer claiming to be from HMRC, asks for bank or other personal details, threatens arrest or demands that they transfer money, it might be a scam.

Check GOV.UK for HMRC’s scams checklist, and to find out how to report tax scams and recognise genuine HMRC contact.

Customers can get help and information on renewing tax credits:

  • on GOV.UK: manage your tax credits
  • using our webchat service, by going to GOV.UK and searching ‘tax credits general enquiries’
  • by tweeting @HMRCcustomers or posting on HMRC’s Facebook page with general queries
  • by using the HMRC app, available via your phone’s app store
  • by calling the tax credits helpline: 0345 300 3900

Public warned to watch out for job ad scams as fraudsters capitalise on Covid-19 disruption

The Insurance Fraud Bureau (IFB) is warning members of the public to watch out for insurance scams that continue to exploit the financial loss people are facing as a result of the disruption of Covid-19.

Currently at least one insurance scam takes place each minute in the UK leaving victims devastated and costing honest consumers more than £3 billion each year. There are concerns the current economic climate could see this figure rise further.

The IFB which is at the heart of the UK’s fight against organised insurance fraud has identified several scams that the public should be aware of.

Delivery driver job ad scams

IFB Investigators have noticed more fraudsters are exploiting the state of the job market by using recruitment as a tool to phish for personal information and insurance details from job applicants.

Most notably, this has been seen with bogus delivery driver roles which are frequently being advertised on social media and some classified ad websites.

Job seekers will be told that their application has been successful and then asked to hand over their details, leaving them with their identities stolen and their insurance policy being used to help facilitate ‘Crash for Cash’ scams – often used to fabricate road traffic collisions.

With more people out of work due to the disruption of Covid-19 and a surge in demand for delivery services, job applicants should be extra cautious of any suspicious looking job ads.

Compensation scams

This is when a fraudster or unscrupulous firm contacts someone out of the blue to tell them they may be entitled to compensation.

If convinced, victims will hand over their personal details which can be used to steal their identity or bank funds, or they could be encouraged to take out a fraudulent insurance claim.

With record numbers out of work or losing money due to the disruption of Covid-19, these scammers may offer to recover financial losses incurred as a result of the pandemic.

‘Ghost Broker’ scams

A ‘Ghost Broker’ is a fraudster who poses as an insurance provider to sell unrealistically cheap fraudulent insurance deals, typically through social media and online ads.

These fraudsters are known for selling fake car insurance. However, with Covid-19 impacting so many people’s work and travel plans, ‘Ghost Brokers’ could also offer deals that claim to compensate further disruption.

Some ‘Ghost Broker’ fraudsters have also been found to be promoting deals that are exclusively for Key Workers.

‘Ghost Broker’ scams are rising. The IFB has seen its percentage of investigations into the issue double in recent years. Research also shows one in three 18-24 year-olds has seen a suspicious insurance advert on social media.

Ben Fletcher, Director of the IFB, said: “Insurance fraud thrives in times of financial hardship and the continued disruption of Covid-19 sadly keeps bringing opportunities for fraudsters to target those most vulnerable. From the elderly to key workers, we’ve seen them get targeted.

“It’s never been more important for the public to remain vigilant to the slew of scams out there. If anyone sees something that doesn’t look right, they should report it to the IFB’s confidential Cheatline straight away on 0800 422 0421.”

Evidence of an insurance scam can be reported to the IFB’s confidential and anonymous Cheatline (powered by Crimestoppers) on 0800 422 0421 or online.

The IFB uses information from Cheatline reports to work with insurers, the police and industry watchdogs to help fight fraud, keep people safe and keep consumer costs down.

More information on a wide range of common insurance scams can be found on the IFB’s Stop the Scams campaign page.

Cheatline insurance fraud video (17 seconds)

Ghost Broking insurance fraud video (34 seconds)

Compensation scams video (39 seconds)

About the IFB and impact of insurance fraud

Nearly one in 10 have fallen victim to scam adverts on social media or search engines

Platforms fail to adequately protect users, says Which?

Almost one in 10 people (9%) have fallen victim to online scam ads via social media sites or search engines as platforms fail to tackle a flood of bogus ads posted by fraudsters, new research from Which? reveals.

The consumer champion is calling for the government to give tech giants greater legal responsibility for preventing scam content from appearing on their sites, after hundreds of people shared their often distressing stories of falling victim to convincing purchase scams. 

A purchase scam is when a consumer is misled into paying in advance for goods that are never received or are not at all as described. They are increasingly common on popular websites and platforms with criminals creating fake websites and documents that seem genuine to trick their victims. 

With 43 million adult social media users in the UK, Which?’s research suggests that some 3.8 million people might have fallen victim to a scam from an advert that appeared on their social media feed. 

When Which? separately asked for victims of social media purchase scams to get in touch, its researchers heard from more than 200 people in just 48 hours. 

One victim, Christine, ordered a CBD oil product advertised on Facebook that had been  falsely ‘endorsed’ by Fern Britton and David Attenborough. She was promised a sample for £2.50, but £170 was later taken from her bank account. 

She told Which? the money was “more than my weekly pension and I’m so upset. It happened weeks ago but I can’t stop thinking about it”. Christine is worried she faces a fight on her hands to get her money back because she did receive a sample, although she doesn’t think it is genuine CBD oil.

Which? surveyed 2,000 members of the public, asking those who use social media and search engines about their experiences of adverts on these platforms. It found that nine per cent of social media users had fallen victim to a scam ad on social media feeds. The same proportion of search engine users also reported falling victim to a scam ad on those. 

It also revealed that six in 10 (64%) social media users and almost six in 10 (57%) search engine users said they were confident they could spot these scams. But previous Which? research has suggested this confidence is misplaced – which could create a perfect breeding ground for scams.  

Louise from Birmingham regularly shops at Ted Baker and started seeing convincing ads for what she thought was a Ted Baker Outlet store on Twitter over a couple of days. She visited the site linked to the advert and paid £75 for a discounted bag and shoes. 

She never received her order and is still waiting for her bank to decide whether it will refund her. The retailer’s Twitter account had already been suspended before Which? flagged it. “I will never, ever buy anything I’ve seen on a social media advert again,” she said.

Ryan, 24, thought he was buying a keyboard and mouse through a retailer advertising on Google’s shopping results. He paid £65 but ended up receiving a cheap iPhone case instead. “To get a refund I had to return the case to an address in China at a cost of £35, which is obviously ridiculous,” he said. 

Ryan paid with PayPal, which is still investigating. He said he didn’t report the advert to Google because he did not know how to. Which?’s researchers found that Google’s tool for reporting adverts in its search results involved filling in a long form which could put people off using it.

While the sums of money involved in these scams may appear small to some people, Which?’s investigation suggests that online ad scams are happening on an industrial scale. They also provide fraudsters with sensitive information about victims that could potentially be used to mount future attacks. 

Over the last 12 months, Action Fraud says that it has received 83,822 online shopping fraud reports, with reported losses reaching around £62.3 million over that period. 

Which? believes social media sites and search engines must be far more proactive in preventing scam ads from appearing on their platforms in the first place, particularly as people are more reliant on shopping and socialising online than ever this winter.

Platforms have launched initiatives to deal with scam adverts but many of them rely on users having to report these themselves. This leaves lots of people still exposed to scam ads and at risk of falling victim before they are reported and taken down.  

Which?’s investigations continue to expose the harms consumers face when shopping and socialising online. The consumer champion is calling for online platforms to be given greater legal responsibility to prevent scam content appearing on their platforms. The government has an ideal opportunity to deliver this in the upcoming online harms bill, but if it is not included, ministers must set out proposals for new laws to protect consumers from online scams.

Adam French, Consumer Rights Expert at Which?, said: “Our research suggests that online purchase scams are taking place on an industrial scale, with scam victims suffering significant financial and emotional harm when they are targeted by fraudsters.

“Despite being known for innovation, social media sites and search engines are lagging behind scammers, seemingly taking little responsibility for stopping misinformation and harmful content from reaching their users. 

“The government must step in and protect consumers by giving online platforms more legal responsibility to prevent scam content from appearing in the first place.”

Which?’s advice on what to do if you’ve been scammed by an online advert

  • It is possible to get your money back in many cases, although the process might be time consuming and inconvenient.
  • If you paid using a credit or debit card your money is covered by card protections. Ask your bank if you’re eligible to claim using chargeback or Section 75 of the Consumer Credit Act.
  • When you use PayPal, your money should be protected by its Buyer Protection policy. You can make a claim through your PayPal account. 
  • If you paid using a bank transfer, contact your bank as soon as possible and ask if it can help you. This kind of fraud on social media is on the rise, according to UK Finance.
  • Find out more about how to recover your money after a scam

How do I report a scam advert on social media or search engines?

Additional case study information

James, from Lancashire, spotted an advert on Facebook for a Little Tikes clearance sale. It linked to a website that was convincingly branded to look like the official Little Tikes website, so he paid £105 for a climbing frame.

But it never turned up, and the website has since disappeared. 

“It’s been so frustrating. It’s unbelievable scams can be so easily advertised on Facebook.” James said.

Fortunately his bank was “very helpful” and because he paid using a credit card, it refunded his money.

One victim in his 50s told Which? he’s been conned six times after buying products he’s seen advertised on social media, including shoes, toys and tools. He has lost around £200 in total.

Additional statistics from the market research

  • 73 per cent of social media users aged 18-34 said they were confident they could spot a scam, although Which? research earlier this year into scams on Facebook suggested this group may actually be more vulnerable to being scammed on social media.
  • 49 per cent of search engine users surveyed trust that the retailers that appear in their search engine’s results are safe from scams. Only 35 per cent of social media users say they trust the retailers that appear on their social media feed are safe from scams.
  • Which? has revealed its top tips to shop smartly this winter, warning deals that look too good to be true often are: https://www.which.co.uk/reviews/shopping/article/online-shopping/online-shopping-top-tips-to-stay-safe-and-save-money-aMgbs0Q4k6U4

Police warn of spoof HMRC calls

Police in Edinburgh have received reports of malicious calls being made purporting to be from Her Majesty’s Revenue & Customs (HMRC). Fraudsters are spoofing genuine HMRC phone numbers to deceive victims stating that as a result of non-payment of tax, they are liable for prosecution.

The fraudsters suggest victims can avoid this by arranging a payment to be made immediately.

In genuine cases, HMRC will initially make contact via letter and potentially follow up with a call later. HMRC will not discuss something you are not already aware of and will not demand immediate payment.

• Be cautious and listen to your instincts. Don’t be afraid to hang up.
• Legitimate organisations wouldn’t ask you to pay taxes, bills or fees using an iTunes gift card, or any other type of voucher.
• Know who you’re dealing with – if you are unsure or need help, talk to someone you know or get in touch with trading standards at Trading.Standards@edinburgh.gov.uk
• Don’t be rushed or pressured into making a decision.
• Always question unsolicited requests for your personal or financial information.

If you think you’ve been scammed report it via 101 and also contact your bank. As always, if you are in immediate danger call 999.

For further advice, call the Citizens Advice Consumer Helpline on 0808 223 1133 or visit our website http://ow.ly/hJnD50CcULF

For advice and guidance on suspicious emails or ‘phishing’ emails or text messages, please visit http://ow.ly/Uc2M50CcULE

Take advantage of the free online training at http://ow.ly/70ry50CcULD to learn more about different types of scams and how to protect yourself and others

Beware Covid insurance scams

Public urged to watch out for insurance claims scams exploiting financial losses caused by Covid-19 disruption

  • The Insurance Fraud Bureau (IFB), the City of London Police’s Insurance Fraud Enforcement Department (IFED) and the Association of British Insurers (ABI) are urging the public to be alert to Covid-19 insurance claims scams.
  • Experts are concerned there may be a rise in insurance claims scams that aim to exploit the financial losses individuals have suffered during the pandemic.
  • Nuisance scammers claiming “you may be entitled to compensation because of      covid-19 financial losses” could become the ‘new PPI’.

The Insurance Fraud Bureau (IFB) in partnership with City of London Police’s Insurance Fraud Enforcement Department (IFED) and the Association of British Insurers (ABI) are warning the public to be alert to a potential rise in insurance claims scams that offer to recover financial losses caused by the pandemic.

With big numbers of people across the UK taking an economic hit because of the disruption caused by Covid-19, there are concerns members of the public will be financially desperate and more susceptible to falling victim to insurance claims scams.

Fraudsters or unscrupulous claims management companies (CMCs) could cold call or message victims with unrealistic offers to help recover financial losses caused by the disruption of Covid-19.

Insurance claims scams could appear in the form of claims phishing, where a victim is told they are entitled to compensation and then asked to provide their personal and financial information in order to process a claim. The scammer can then use these details to steal their identity or attempt to gain access to funds from their bank account.

Another insurance claim scam tactic is claims farming, where a victim is told they are entitled to compensation and encouraged to make an insurance claim. Often there is no ground to claim so the person is manipulated into providing false or misleading information leaving them implicated in a criminal act of insurance fraud.

With several big-name firms now marketing legal services for those who have suffered financial loss due to the pandemic, there is an indication that insurance claims for Covid-19 disruption may become common practice.

Considering the possible audience reach of sophisticated fraud networks and existing unscrupulous CMCs, there is a worrying potential for a nuisance covid-19 insurance claims scam culture to emerge.

“With the pandemic causing so many people to lose out financially, scammers and unscrupulous companies could try to exploit the situation. Nuisance Covid-19 claims scams could become the new PPI. We encourage everyone to be vigilant and to report evidence of insurance fraud to the IFB’s confidential Cheatline”. – Stephen Dalton, Head of Intelligence and Investigations at the Insurance Fraud Bureau (IFB).

The IFB, IFED and the ABI which work in tandem to tackle insurance fraud, are urging the public to be alert to insurance claims scams and to take action to report suspicious activity: 

  • If contacted out of the blue, never provide personal or financial information.
  • Only make a claim directly through the insurance provider and only use the contact details provided at the point the policy was taken out.
  • If support is required to manage a claim, use a reputable FCA-registered (Financial Conduct Authority) company or SRA-regulated (Solicitors Regulation Authority) Solicitors firm.
  • Report any suspicions of insurance fraud to the IFB’s confidential Cheatline service.
  • Take steps to protect personal data from being stolen to help to prevent being targeted. Guidance can be found at the Information Commisioner’s Office.

“Criminals will use whatever means they can to try and exploit innocent members of the public and will have no qualms in using national tragedies, including COVID-19, to commit fraud. It is therefore vital that people remain vigilant to the threat that fraudsters pose and be wary of unsolicited calls, text messages or emails about COVID-19-related insurance claims and offers of compensation. If in doubt – do without! Report any suspicions to the IFB’s Cheatline.” – DCI Edelle Michaels, Head of City of London Police’s Insurance Fraud Enforcement Department (IFED).

“Scammers thrive in times of economic uncertainty and target the vulnerable. The key is to be on your guard – if someone approaches you out of the blue with an offer that seems too good to be true, then it probably is. If in any doubt, then walk away.” – Mark Allen, Manager of Fraud and Financial Crime at the Association of British Insurers (ABI).

Insurance fraud can be reported confidentially and anonymously to the IFB’s Cheatline via its phone service which is powered by CrimeStoppers on 0800 422 0421 or online at insurancefraudbureau.org/cheatline

Be vigilant against lockdown scams

Concerns have been raised over the emergence of new types of scams which try to take advantage of vulnerable households in Scotland during the Covid-19 lockdown.

Over 2,000 online fraud attempts have been identified and blocked in the past month, according to the UK’s National Cyber Security Centre, including fake online shops and websites which attempt to steal user data, and fraudulent adverts.

It is estimated that scams cost the UK economy up to £10bn each year with the average victim losing over £3,000.

In response, OFTEC, the registration body for off-grid heating, is helping to raise awareness of the types of scams taking place during the lockdown and how households in Scotland can protect themselves from unscrupulous activity.

These include:

  • Email scams. Be wary of any emails which say you can obtain a refund on taxes, heating bills or other expenses during the lockdown. Avoid clicking on links as they may contain viruses or direct you to fake websites which are designed to impersonate well-known organisations such as banks.
  • Social media scams. Adverts offering miracle coronavirus cures or treatments are fake and should be ignored or reported through the relevant social media platform. These adverts may occasionally be mistakenly shared by a friend or family member but this does not make them any more legitimate.
  • Telephone scams. With more people at home, there is an increased risk of telephone scams from criminals pretending to be calling from a bank, mortgage provider or utility company. If you receive an unexpected or suspicious call, do not share any financial or personal information and hang up immediately. If you have any concerns about a call you have received, contact your provider directly.
  • Door knocking scams. Unqualified individuals may impersonate heating technicians or other tradespeople. If your boiler needs essential work, use a qualified technician who is GasSafe (for mains gas) or OFTEC (for heating oil or solid fuel) registered and ensure they follow government guidelines on social distancing.

Malcolm Farrow from OFTEC, commented: “Since the lockdown was announced, communities across Scotland have come together to support each other during this uncertain and unsettling time. 

“Unfortunately, a small number of individuals have sought to take advantage of the current situation and target households through scams or other fraudulent activity.

“We all need to be on the lookout for suspicious calls, emails or visitors and regularly keep in virtual touch with vulnerable family, neighbours and friends to ensure they are not being harassed in any way.

“If you do need to have essential work undertaken in your home, always use a qualified professional. Check their ID badge upon arrival and ensure they follow the government’s advice on social distancing at all times.”

For more information and advice, visit www.oftec.org.

Organised crime seeks to exploit coronavirus

Criminals are exploiting the COVID-19 pandemic and playing on the fears of businesses and the public, Scotland’s Serious Organised Crime Taskforce has heard.

Organised crime groups are now focussing on targeting those most vulnerable at home and in the care sector, including:

  • a care home in the Forth Valley area was left without PPE after the supplier claimed they had not received the £10,000 payment, despite it being sent. A police investigation showed that the payment had been moved from the bank account it was paid into and they believe organised criminals were behind it
  • a number of reports of people knocking doors and offering to disinfect the householder’s driveway to rid it of any COVID-19 for a fee
  • businesses emailed by scammers urging them to click on an official-looking link for a £25,000 grant. The link leads to a fake ‘UK Government’-branded website asking for business and banking details
  • £10,000 fraud intercepted by Scottish Borders Council when an application for a business support grant was hacked by criminals who requested the redirection of the payment to a different bank account. Due to the checks in place the council were alert to the scam and the money was not paid out

Justice Secretary Humza Yousaf, chair of the Taskforce, said: “Organised crime groups are adept at taking advantage of any situation that presents itself. People are understandably concerned about their health, and that of their family, as well as concerned about their jobs.

“It is abhorrent, but not unexpected, that these groups are looking to exploit those fears and concerns. A business falling foul to one of these scams could be disastrous, especially if they are already struggling and could ultimately lead to them stopping trading.

“The Taskforce partners are unified in the approach to implement Scotland’s Serious Organised Crime Strategy, and agree on the need to ensure members of the public are made aware of the risks from criminal gangs, as well as how they can report suspicions safely to help law enforcement agencies to tackle such crimes and ultimately prevent them. It is important that we all do what we can to protect ourselves and our loved ones. I would encourage anyone that if they see something, say something.”

Fiona Richardson, Chief Officer at Trading Standards Scotland, said: “Throughout lockdown we have continued to receive information that shows that organised criminals remain active in our communities seeking to make money in whatever way they can, despite the ongoing crisis.

“We have seen instances of sales of fake Covid-19 testing kits and doorstep crime. At this difficult time please don’t rush into any purchases and be very wary of any unsolicited callers.”

Police Scotland Assistant Chief Constable Angela McLaren said: “During the current pandemic, we are seeing targeted attempts by fraudsters to adapt well-known techniques to include references to coronavirus, lockdown measures and PPE.

We remain vigilant to this and circulate alerts and preventative messages, not just those associated with COVID-19, where appropriate. We will persistently pursue those who set out to cause harm and misery to our communities and to make Scotland a hostile environment for those involved.

“It is important that everyone protects themselves and remains vigilant. Be aware that a telephone call, email or text may not be from the person or organisation it appears to come from.

“Never click on a link from an unsolicited email or text, and remember that the banks and the police will never ask you for personal banking information or ask you to move funds to a safe account.”

Further advice on how to avoid scammers.

Across the UK we are beginning to see evidence that fraudsters are increasingly targeting the public and organisations with emails, texts, telephone calls and WhatsApp messages offering advice and treatment for the coronavirus.

They are setting up fake websites selling products and offering ‘cures’ or testing kits. Scammers have also been setting up bogus websites asking for donations for victims or promoting awareness and prevention tips. Cold callers have been contacting organisations suggesting they must have specific measures in place by a certain deadline.

To help members of the public protect themselves from becoming a victim of fraud:

  • Be vigilant and on guard if someone turns up unexpectedly
  • Identity cards can be faked – phone the company to verify their identity
  • Never let people try to persuade you to let them into your home even if they are asking for or offering help – they may not be genuine. If someone is persistent, ask them to call at another time and arrange for a friend or family member to be with you
  • Don’t feel embarrassed – genuine callers expect you to be careful
  • Never provide any personal data such as your full name, address and date of birth – scammers can use this information to steal your identity
  • Don’t keep large amounts of money in your home
  • If in doubt, don’t answer the door.
  •  Never feel pressured into making a decision on the spot. Any legitimate trader/helper will be happy to return at a later date
  •  Never be afraid to say ‘No thank you’ and close the door
  •  Be sceptical if you receive an email, text or WhatsApp message about the Coronavirus, and never click on any attachments or links
  •  Don’t allow yourself to be pressured into donating money, and never make donations by cash or gift card, or send money through transfer agents such as Western Union or Moneygram
  •  Remember, it’s your home. There’s no reason why anyone should ever enter your home against your wishes. 

Who can help me?

To report a crime call 101 or in an emergency 999.

If you have concerns about a purchase that you have made, contact Advice Direct Scotland on 0808 164 6000. – www.advice.scot

Further information on dealing with scams and fraud is available from our partner sites, who can offer further information, support and advice: