As soon as you let yourself through the front door you know something is wrong. His normally blaring TV is unusually silent. You call out and you hear his sobs down the hallway. You enter the lounge and find him sitting in his usual chair, dressed in hat and coat, body trembling and tears rolling down his face. This is George, 72 years old, a former chef and living alone after his wife died several years ago. You usually visit him 3 times a week and look forward to it, for George likes a laugh and he is one of your clients who always puts a smile on your face. Thirty minutes later, a cup of tea and a biscuit in his trembling hands, George’s tears have turned to anger and he begins to tell you how he has been tricked into parting with £1150, a substantial dent in his dwindling life savings.
George recounts to you how he received a telephone call from a lady who identified herself as a member of HM Revenue & Customs and telling him that he owed a substantial amount of tax. The woman told him that the only way to pay off his debt was by purchasing digital gift cards, such as Amazon and iTunes vouchers. George tells you that at one point he had even questioned what the lady was telling him and asked her if he could send a cheque instead. Her response was to tell him that if he didn’t pay off the debt immediately, the HMRC would have no alternative, other than to send bailiffs to seize his property. Clearly embarrassed George tells you that he was confused and scared, feeling it was best to comply with the woman’s request. He describes how he went to the local retail park and purchased the gift cards, returned home, where the same woman had called back at the exact time, she said she would. The woman then instructed him to read out the redemption codes on the gift cards. George tells you that the worse thing about the whole thing is that he had a feeling it was not right and it didn’t take long afterwards to realise he had been conned.
Whilst you are full of sympathy and support for George, at the back of your mind you struggle with why he might have fallen for what appears to you to be quite an unbelievable con. For George’s sake you keep your thoughts to yourself but secretly you think, why would anyone believe the HMRC would want to be paid in Amazon vouchers. However as difficult as this is to believe, according to the UK’s national fraud reporting centre, from the start of 2016 until August 2017, over 1,500 people had fallen victim to this particular audacious scam, pretty much all of them elderly and vulnerable like George.
You phone HMRC on George’s behalf, really to confirm what you both know already, it’s a scam. The genuine HMRC officer tells you that this is a very common telephone fraud and by now the criminals have either sold on or used the redemption codes to purchase luxury goods. They advise you to call the police but say there is little chance of tracing the scammer. George is one of an estimated 5 million plus people a year who fall victim to scams. His £1150 has just been swallowed up in a crime that globally sees victims lose an estimated £3.24 trillion a year, with UK losses estimated to be £110bn (individuals and organisations). You resolve yourself to tell all your other clients that they need to be on the look-out for fraudsters, but exactly what should you tell them? Where do you get the information you need to improve your own knowledge and inform others? How do you become ‘scam aware’?
The world of fraud is complex and ever evolving. The internet is filled with hundreds of web pages that describe the various frauds in great detail, offering advice on how a person can protect themselves. The web is undoubtedly the best resource to identify a new scam doing the rounds or one that is being recycled (they often are). If you were to receive an email pertaining to be from HMIC and requesting money, the chances that someone has already highlighted the scam on the web. However, this article is about signposting you to five great resources that are non-complicated, informative and fairly easy on the eye. They will hopefully assist you in keeping the people you care for, safe from some seriously devious and evil people. Those resources are:
- The ‘Action Fraud’ website.
- The Little Book of Big Scams.
- Consumer website – Which
- Age UK – Avoiding Scams guide
- The ‘Get Safe Online’ website
But first a few facts…….
According Action Fraud, the UK’s national fraud and cybercrime reporting centre, “Fraud is when trickery is used to gain a dishonest advantage, which is often financial, over another person. Basically, a plan (con or scam) by a criminal(s) to trick a person out of their money or property.
Action Fraud describe Cyber-crime as “any criminal act dealing with computers and networks.”
There is much data produced each year on the impact of fraud in the UK, but the stats are mainly gathered from the financial institutions. They therefore do not accurately reflect the real number and cost that scams have on the economy and more importantly the individual. For example, it is virtually impossible to say how many people in the UK fall victim to postal and doorstep fraud, where many of these cases will undoubtedly go unreported to the police. Lord Toby Harris, chair of National Trading Standards has been quoted as saying that it is believed that only 5% of scams are reported. To give you some idea of the impact of fraud in the UK, below are some of the statistics from 2018 produced by the institution UK Finance, which is the collective voice for the banking and finance industry. The data is taken from their report ‘Fraud, The Facts 2019’.
- Fraud losses on UK-issued cards totalled £671.4 million.
- Online fraud against UK retailers totalled an estimated £265.1 million.
- Lost and stolen card fraud totalled £95.1 million.
- Bank account takeover fraud totalled and estimated £17.9 million.
- Card ID theft cost £47.3 million, with the number of cases increasing by 119% compared to the previous year.
- Cheque fraud was estimated to have cost £20.6 million.
This is just the tip of the iceberg and the report covers many other areas of loss relevant to the banking world. What about cybercrime? Well it is estimated that over £200,000 a day is lost by victims to this every growing online threat. Action Fraud report that between April and September 2018, £34.6 million was stolen from UK victims, an increase of 24% over the previous six months. In that same period more than 5,000 people had their social media and email accounts hacked, with a loss of 14.8m. It is thought that between 60% and 70% of fraud is now cyber related.
There are literally hundreds of different scams available to those who practice this type of criminality. Scamming is constantly evolving and criminals will regularly adapt their methods to enhance their chances of success. However, broadly speaking, scams fall into five general categories – the Big 5.
What are the Big 5?
Phone scams are where a fraudster calls (known as ‘vishing’) or texts (known as ‘smishing’) a potential victim with the aim of trying to trick them into parting with money, personal information or bank details. There are a variety of methods, but the most common is where the fraudster poses as a member of a recognisable and trusted organisation e.g. a major retailer, bank, government agency, police officer, utility company. The victim might be told that they have been a victim of fraud, or there is an issue with the security of their bank account, credit card, pension fund or password. It can be anything, but whatever the subterfuge the scammer will ask for personal or financial details so that they can sort out the issue. Popular phone scams include:
- hang-up scam – where the scammer calls and informs the victim that they need to transfer money or give bank details. They inform the victim that they should phone their bank to verify that the call is genuine. They pretend to hang up while the victim calls their bank and speaks to someone ‘official’. In fact, the scammer hasn’t disconnected the first call, has instead stayed on the line and the victim is still speaking with the original scammer, now acting as the bank official.
- premium rate call scam – the victim receives a missed call from a number similar to a mobile number. When the victim tries to call the number back, the engaged tone is played and the call does not connect. However, the number is a premium rate number and the victim is charged a high rate for making the call. Some of the numbers used are: 070, 076, 084, 087.
There is little difference between phone and postal scams, other than the method of delivery - a letter, brochure or document sent with the aim of obtaining money through deception. One of the difficulties for a potential victim is how to spot the difference between junk mails, legitimate offers and scam mail. Most scam mail has one sole target, to get the victim to send out money or personal details of themselves. Many postal scams often invite the person receiving the post to call a specific telephone number. Like telephone scams, postal fraud can come in many forms:
- fake lottery and prize draw scams – where the scammer will send a letter informing a potential victim, they have won a cash prize, often asking for a cash investment (or personal details) so that the ‘prize’ can be released.
- missed arrears scam – fake red-letter bills requesting that the recipient pay the bill immediately over the phone using a debit/credit card.
- fake debt letters – intimidating bogus letters, purporting to be from a debt collecting agency and claiming the recipient owes money and threatening legal action if the bill is not paid (over the phone, by sending cash or a cheque).
- get rich schemes – an attractive letter inviting the recipient to invest small sums in ‘zero risk’ schemes with the promise of generous profits. Clever fraudsters may even pay out a small initial sum to entice the victim to part with larger amounts of cash.
Of the Big 5, online fraud is the biggie. There are hundreds of different online frauds and many are just electronic versions of those postal and telephone scams. However, the internet widely extends both the variety of scams and the methods of delivery. It adds into the mix an assortment of other factors - social media, instant messaging, emails, phishing, malware and fake websites/apps, all at the disposal of the cyber-criminal. Some common methods and scams are:
- Fake websites – malicious online links can direct a victim to fake websites, designed to imitate legitimate web pages. Links can be embedded in social media posts, instant messaging and the old favourite - emails. Many of these copycat web pages are cleverly constructed to the finest detail in order to deceive potential victims, including replicating government websites. Others can be quite basic, but still have the ability to trick visitors to the site into parting with personal and financial details. The term ‘pharming’ is used to describe where scammers redirect traffic from a legitimate site to the fake site.
- Phishing – is where cybercriminals send emails or create websites designed to steal money. They do this by installing malicious software onto the victim’s computer to obtain personal information. This is usually achieved by tricking the victim into clicking on a link, either on an email or on a fake website which then downloads the malicious software. Emails will often appear to be from legitimate sources e.g. Royal Mail, NHS Amazon, and contain a fake storyline prompting the user to click the link.
- Malware – is malicious software designed to make its way into the victim’s device and either damage the device or steal information. There are several types of malware which cause different problems on a person’s device. Whilst malware is generally associated with desktop computers, this view is misleading and increasingly malware is aimed at mobile devices, normally in the form of malicious apps.
- Ransomware – is a form of malicious software (malware) that is planted into the victim’s computer that allows the attacker to encrypt the person’s files. The cyber-criminal then contacts the victim and demands a fee in return for decrypting the compromised files.
- Romance scams and sextortion – occurs when a stranger befriends a person on either a social networking or dating website. They charm the victim into believing that there is the opportunity for a romantic/sexual relationship. They then start asking for money (also personal information), often playing on the emotions and providing the victim with some sort of hard luck story. For those long-distance ‘relationships’ the scammer may ask for money so that they can travel to meet the victim. Sextortion is where a victim is lured into sharing intimate photos or video of themselves. The criminal will then threaten to release/post the images unless the victim provides payment.
- Counterfeit goods – usually bogus websites claiming to sell legitimate goods, which are in fact fake. Counterfeit goods can also be sold via social media and legitimate marketplace websites. Two of the most prevalent types of goods, are counterfeit medicines and cosmetic products. Even where medicines are legitimate and sourced from an online pharmacy, the company might be trading outside the law.
Identity fraud is using a stolen identity to obtain goods or services by deception. A person’s identity can be stolen in numerous ways, including:
- accessing online personal information from social media or unsecure online accounts
- intercepting post
- rummaging through a person’s rubbish for personal details such as bank statements
- physical theft of identity documents e.g. driving licence or credit a bank cards (identity thieves will also buy these items from other thieves/handlers of stolen goods).
Identity thieves may also use the identities of people who are deceased. Stealing a person’s information provides criminals with lots of opportunities. Just some of the things a fraudster can use a victim’s identity details for are:
- open a bank account or take over an existing account (and withdraw the victims funds)
- use a victim’s credit card or obtain new cards
- make false claims on insurance
- fraudulently purchase good
- take out a mobile phone contract
- obtain genuine documents, such as passports and driving licences in victim’s name
The victim will often only become aware that their identity has been stolen when they receive a bill, demand or a visit from debt collectors.
Doorstep fraud involves the scammer attending a person’s home with the aim of conning them out of their money or property. Scammers are skilled at chatting, often initially presenting as charming and helpful, but then turning on the pressure, becoming pushy and intimidating when trying to sell their ‘product’. Scams might involve taking money (often a down payment) at the time, or getting the victim to enter into a contract. Some of these scammers will use the opportunity to commit distraction (artifice) burglaries. This is where they pretend to be an official such as a police officer, utility engineer, to con their way into the home and stealing property. Common doorstep methods are:
- Rogue traders – presenting at a person’s doorstep and informing them that they have identified that the person’s home is in need of some type of work, often urgent and something the victim cannot check themselves, e.g. a leaky roof, loose guttering. They pressurise the victim, often frightening them into believing that their home is dangerous and if they don’t have it repaired immediately it is going to cost a huge amount of money. Their aim is to persuade the victim into having the ‘work’ done there and then, which they then charge a huge amount of money for. The ‘problem’ will almost certainly be fictious and the scammer will pretend to ‘fix’ the problem, then take the money and run.
- Bogus officials – come in all shapes and sizes and often sporting a uniform or official looking identification: police officers, council workers/officials, meter readers, highway maintenance, gas and electric engineers. Regardless of the façade, the aim is to obtain money, personal or financial information from the victim. As mentioned above, some may present as bogus officials to trick their way into the home and steal (burglary).
- Strangers seeking assistance – a cold calling stranger who will present as friendly, but will portray themselves as a victim of some poor misfortune. Again, the main reason here might well be to trick their way into the home with the intention of stealing whilst the victim is distracted.
Some of our Do’s and Don’ts
- Do – keep your personal details secure. This includes: bills, bank statements and other financial documents – invest in a shredder and obliterate everything. Passwords and pin numbers – if you can’t memorise them, then store them in a safe place that is not accessible to anyone but you.
- Do – ask callers claiming to be from certain companies, to verify their identity. Often when you contact a company, one of their security checks is for you to confirm a piece of private information known only to the account holder e.g. your monthly payments. Use the same method and ask the caller to give you a piece of information they should know about you. If they can’t answer this question, be on your guard.
- Do – remove your details from the public phone directory.
- Do – opt out of the ‘open’ voters which is available to buy. Ask to go onto the ‘full’ register which is only used for official purposes.
- Do – always hang up on rogue calls or robocalls (recorded sales pitches). Don’t be tempted to call back or follow the online instructions. It will cost you money and usually leads to an increase in calls.
- Do – always go through your bank and other statements to identify any charges you do not recognise.
- Do – question why that bank statement or new credit card you ordered hasn’t arrived. If it doesn’t turn up then inform your bank or card company straight away.
- Do – always report lost or stolen cards to your bank or card company immediately.
- Do – ensure you always shield your PIN when using an ATM or paying for goods on a card machine.
- Do – be wary of post or emails claiming you I have won a prize, that you have not claimed a prize, or announcing you are a guaranteed winner. There will always be a catch.
- Do – ask yourself why you are being offered a free trial. If you are tempted by the offer and think it is sound, then research the company, their reviews and cancellation policy.
- Do – take your time when writing out cheques. Ensure you use a good ballpoint pen with indelible ink. Make sure you score a line through unused spaces. Our advice would be to try and stay away from cheques in the first place. Other methods of payment are more secure. If you do use a chequebook then ensure you keep it in a safe and secure place.
- Do be suspicious of anyone turning up at your door uninvited. Do always ask them to provide you with identification. Confirm they are genuine by calling the company before you allow them access. Don’t rely on any number the caller provides you, but instead source the company number yourself. If in any doubt, don’t let them in.
- Do – be highly suspicious of any caller who won’t provide identity or detailed contact details.
- Do – use approved trader schemes. Some local authorities have their own approved trader lists, whilst there are other well-known online sites which feature approved and reviewed traders. Also consider sourcing a trader who has been recommended by family or friends.
- Don’t – throw personal or financial information out with the rubbish. Shred anything personal, even parts of the junk mail with your name and address on.
- Don’t – don’t rely on any numbers given by the caller when calling back to verify their identity. Source the organisations phone number yourself e.g. from the official website or a bill/statement.
- Don’t – disclose personal details over the phone unless you are entirely sure you know who you are talking to and trust why the need the information e.g. date of birth, address, mother’s maiden name, national insurance number, passport number, bank, credit/debit cards details or other financial details.
- Don’t – ever disclose any of the following bank details over the phone, or send them out in an email or letter: full password, online login details, 4-digit card PIN. Please note, ordinarily you should never give out the CVC number (3 numbers) on the rear of your credit/debit card, unless making a purchase from a trusted site on the web, or a company over the phone.
- Don’t – ever trust any ‘company’ that contacts you out of the blue.
- Don’t – ever return a missed call from a premium number or one you do not recognise. Invest in an answerphone. If the call is that important, then someone will leave a message. You can identify premium numbers with a quick internet search on the number or prefix.
- Don’t – call an organisation/company back straightaway when confirming identity, unless using a different phone. If not using an alternative phone then wait at least 5 to 10 minutes before calling. This will prevent the scammer from keeping the line open.
- Don’t – ever respond to junk mail or letters stating you have won a prize. If you like entering competitions, you should know whether correspondence might be genuine.
- Don’t – ever respond to post that advertises get rich schemes, promising high returns for an initial low investment. There is no such thing as an offer of a lifetime. Ask yourself, “why would a complete stranger want to make me rich”? If you want to invest your money, take advice from a financial advisor.
- Don’t – automatically believe any mail that tells you that you owe money. Ask yourself whether you actually do or are likely to owe money. Remember, when checking, ensure you source the contact details independently of the letter and from an official source.
- Don’t – ever let anyone into your home that you are not 100% comfortable with, even if you feel pressurised into doing so. If in doubt then call the police via the 101 (non-emergency) or 999 (emergency) systems. Tell the person, this is what you are going to do.
- Don’t – be tempted to hire a cold call trader. It will be very rare for a genuine trader to go knocking on doors, particularly those that are any good, for they should already have a steady stream of work. If they are knocking on your door uninvited, they are likely to be rogue traders.
- Don’t – let anyone rush you into any decision. If they are trying to hurry you into committing to the ‘deal’, then they should not be trusted. Take your time and think through what they are offering. If necessary, tell them that you will take several days to make a decision.
- Don’t’ ever pay a ‘cold call’ trader an upfront cash payment.
- Don’t – ever allow a caller to persuade you to allow them to accompany you to the cash machine to withdraw money.
Some of our online Do’s and Don’ts
- Do – check your privacy and security settings on your internet browser, email and social media accounts. Ensure your email accounts are set up to block spam.
- Do – ensure your wi-fi network is protected with a password.
- Do – avoid using public computers or wi-fi hotspots to log into your bank or when entering personal details into your devices. Anything you send over a public wi-fi network can be intercepted.
- Do – invest in anti-virus software. Ensure your software, firewalls and operating systems are up to date and your content is backed up. Run regular virus scans on your devices.
- Do – review how much personal information you have put out on the web or social media. Do you really need to tell everyone so much detail about yourself?
- Do – always use passwords/password locks to keep your devices secure. Use biometrics (fingerprints) locks if possible.
- Do – take caution when accepting someone as a ‘friend’ on social media. Do you really know them? Are they really a friend, or just a friend of a friend of a friend. Someone you will rarely see personally? Do you want to share your posts/life with them?
- Do – take care what photographs you share. An image can tell a scammer a lot about you.
- Do – make sure you only use authorised mobile phone apps. There are a lot of dodgy apps out there, which will offload some very nasty viruses. Only ever download apps from official stores e.g. Apple App Store, Google Play Store.
- Do – check your mobile call and data usage. Check for any texts, calls or data usage you don’t recognise.
- Do – take care when shopping online. Ensure that the site is secure before you enter personal and payment information. Secure websites start with https and you should see the padlock symbol in your browser window.
- Do – take care when purchasing certain goods online e.g. medication. There are a lot of counterfeit goods on the market so make sure you source them from a reputable supplier.
- Do – be wary of emails from friends/associates and organisations that don’t look or feel right. Ensure you contact the source in another way, before responding to the email.
- Do – be wary of those unexpected calls informing you that you have a problem with your computer and requesting that you give the caller remote access so the ‘issue’ can be fixed.
- Don’t – use the same password for every website/profile/account you sign up for. Make your passwords random, relevant to you, but not about you e.g. don’t use dates of birth, family names, favourite football team etc. Ensure you use a combination of lower and upper-case letters, numbers and symbols. Change passwords regularly and don’t share them with anyone.
- Don’t – ever click on unknown links (or pop-ups) embedded within emails, (text/instant) messages or social media posts unless you are completely satisfied that you trust the source. Beware of emails from trusted organisations. There are a lot of fake websites and emails out there.
- Don’t – accept invitations from people you don’t know on social media sites. Consider carefully who you want to see your posts/photographs and comments. A survey in October last year revealed that the average person in the UK has more than 500 online friends, but only five of those are considered to be trusted and close friends.
You may notice that the person you care for is:
- is being secretive. They may attempt to conceal from you that ‘new friend’, the ‘big win’ or ‘can’t lose investment’. There may be a number of reasons for their secrecy. They may have been groomed e.g. if you tell anyone the contract will be terminated; or threatened that if they tell then the authorities will become involved. Remember, the person you care for may not recognise that they have been or are a victim of crime.
- not themselves and has become quiet and withdrawn. They may seem anxious and distressed.
- receiving an unusually large amount of mail.
- receiving an unusually high volume of phone calls.
- is unsure or confused about where they put important documents.
- has visits or has been befriended by a stranger(s).
- receiving lots of goods that they don’t need.
- suddenly missing or has a lack of money. Look for any evidence of large cash withdrawals, payments or unusual activities on their financial statements. Whilst cash withdrawals might be substantial, also be aware of those little but often amounts that cannot be accounted for.
- having unnecessary work carried out on their home.
- talking about their new ‘friend’.
- talking about the big win/prize or windfall they are about to get.
Action Fraud is the UK’s national reporting centre for fraud and cybercrime where you should report fraud if you have been scammed, defrauded or experienced cyber-crime in England, Wales and Northern Ireland. They provide a central point of contact for information about fraud and financially motivated internet crime. The service is run by the City of London Police working alongside the National Fraud Intelligence Bureau who are responsible for assessment of the reports and to ensure that your fraud reports reach the right place.
Victims and their carers can report fraud and cyber-crime using Action Fraud’s online reporting portal.
The service is available 24/7 and also directs victims to help and support services. For those that don’t like online reporting, you can also report by calling 0300 123 2040. That service is available – Monday to Friday 8am – 8pm. Once you have reported the fraud you will receive a police crime reference number. The crime will then be assessed by the National Fraud Intelligence Bureau, who will then determine what agency/police force will take responsibility for the investigation.
Whilst you can report fraud and cyber-crime online, Action Fraud also provide a host of other services and information. This includes the A-Z of frauds where you will find the different types of fraud broken down into various useful headings e.g. pension, telecoms, charity frauds. They also have pages on victim support, advice on prevention and useful organisations. You can also register for Action Fraud Alert which will allow you to receive regular updates from Action Fraud about emerging crime types which are current and may be relevant to you.
Produced by the Metropolitan Police Service, this is the best book around on scams and frauds, and we are not saying that because we are biased. This is packed full of information, not only on the common frauds mentioned in our article above, but it also covers:
- wi-fi hotspots
- online shopping and auction sites
- computer software fraud
- recruitment fraud
- holiday fraud
- ticketing fraud
- courier fraud
The consumer group Which has fabulous resources and information available to help keep people safe from scams. Their resources include guides on scams aimed at older people, including doorstep, phone and postal scam; and advice on consumer rights. They also have a Trusted Traders search engine, plus links and advice on how to prevent unwarranted mail and nuisance calls.
4. Age UK information guide Avoiding Scams– a smart way to protect yourself.
This is an easy to read 33-page guide covering the following scams:
- email and online
- identity theft
- investment and pension
Get Safe Online is a website offering factual and easy-to-understand information on online safety. It provides practical advice on how to protect your online presence, your computers and mobile devices. As well as detailing the various frauds, it also feeds in the latest news, tips and stories from around the world. The subject tabs at the top of the site opens up into an array of different topics allowing you to quickly identify what subject you wish to view. Get Safe Online is a public / private sector partnership supported by HM Government and leading organisations in banking, retail, internet security and other sectors.
Lastly, whilst not aimed at the individual, The Little Book of Cyber Scams’ may be of some use. This is the follow up to the Little Book of Big Scams. We haven’t included it in our recommended five valuable resources because it has been specifically designed to offer advice on how to stay in the cyber world, for Small and Medium businesses. Whilst much of it is pitched at those with a good knowledge of cyber matters, it does provide a deeper insight into topics like: hacking, malware and wi-fi hotspots.