The UK's fraud epidemic.

[Ian]

The UK is currently in the grip of a fraud and scam epidemic. In the past two months scammers have launched an avalanche of scams, and some of them are extremely difficult to identify as such.

One of the best sites for checking a scam email is this one.

Stick to the basic rules when receiving a worrying email:

1. Never, ever follow a link in an email. Ever.
2. Always ring your bank using the number on the back of your bank card. Never, ever ring using a number suggested to you in an email or by a caller claiming to be from your bank.

Some scams are particularly nasty.

Fraud tracker by month

Sadly, we live in a world and at a time when you cannot trust anyone without verifying they are who they claim they are.

Stay safe.

[Ian]

A quick search today revealed large amounts of money are being stolen by scammers from local Councils.

The latest example was Harlech Community Council in Gwynedd, who said it gave the money as an "advanced payment" to a man named Oluwafeni Odunuga for "consultative work". Worryingly, the council's clerk, Annwen Hughes, said: "This matter has been dealt with by the community council and will not be discussed further."

So Harlech ratepayers apparently will not be allowed by the council they elected to know the details.

In August 2021 north Lincolnshire Council (NLC) lost 49.000 pounds after falling victim to a "sophisticated" email scam, known as mandate fraud.

In the same month, North East Lincolnshire Council admitted it had been scammed out of ?22,000 in a similar scheme.

This is possibly only the tip of a larger iceberg. Councils often try to 'cover up' thefts or use terms such as 'hacked' to deflect responsibility from individuals.

It's extremely worrying that this lax approach to finance is still continuing, despite the wealth of knowledge we now have about how these scams work. Even more worrying is that we never seem to hear about the Government being 'hacked',

I do not know of a single instance of 'hacking' of anyone's account. 'Hacking' is a term which implies a level of skill to penetrate bank accounts. What these people do is not hacking; they find or steal laptops, tablets or 'phones and use the details they find on them. That isn't hacking. It's simply theft, (im)pure and simple.

To stay safe:

1. Never, ever respond to an email asking for money, for any reason, and especially if it seems to be from a close family relative or friend. Arrange to call them instead.

2. Never, ever believe anyone who approaches you in the street asking for money.  More urgently, never, ever believe anyone who emails you asking for money. even if it seems to be from your kids.

3. Set up your own version of 'Two Factor Authentication' for the kids. All it has to be is a simple question: a favourite colour, the last place you all went on holiday or something similar that only you and the child will know.

Finally, to repeat the first two tips:

4 Never, ever follow a link in an email. Ever.

5. Always ring your bank using the number on the back of your bank card. Never, ever ring using a number suggested to you in an email or by a caller claiming to be from your bank.

[SteveH]

10 of the UK's biggest scams this year, from DVLA to QR codes
Criminal tactics are becoming more sophisticated to keep up with the evolving digital landscape.

The UK has seen a rise in electronic payments, with methods like Apple Pay and contactless now more popular than cash, but criminals seeking our hard-earned money have upped their game. In 2022, merchant losses from eCommerce fraud hiked by 16 per cent, with the total 2o23 cost set to be above $48bn globally.

Authorised push payment (APP) fraud in the UK hit ?485.2 million last year, a type of scam that involves people being tricked into authorising a payment to a criminal. One of the best ways to protect your business and customers from attacks is by ensuring you have card payment security measures.

cont https://www.inyourarea.co.uk/news/10-of-the-uks-biggest-scams-this-year-from-dvla-to-qr-codes/

[SteveH]

'My business had ?1.6m stolen in 20 minutes'

The boss of a small business that had ?1.6m stolen in a matter of minutes through fraud has strongly criticised the response from the authorities.

An employee at Steve Wright's firm, Kent Brushes, was tricked into giving thieves access to the company account.

Mr Wright said the case had been handled "appallingly" by both his bank and Action Fraud.

It comes as a top law enforcement official calls for longer prison sentences for those convicted of fraud.

Adrian Searle, the director of the National Economic Crime Centre, said while the maximum sentence for fraud is currently 10 years, the average sentence is around two years and even in the most serious cases is still only four years.

cont https://www.bbc.co.uk/news/business-67149919

[Ian]

I can recommend, for those who might not know already, the BBC's suite of anti-fraud programmes each morning. 

Scam interceptors ,
Frontline Fightback,
Fraud Squad,
You've been scammed
and the excellent
RipOff Britain.

These are not only entertaining in their own right, but a fund of invaluable information about what NOT to do when getting a 'phone call out of the blue.

To reiterate:

Phone call out of the blue, even if they tell you they're fighting crime, the police or your bank's fraud department:

Tell them nothing. Do not follow any advice or suggestions, no matter how nice the person might seem.

And finally, never, ever, in any circumstances whatsoever download an app called Anydesk because that allows the person on the other end of the 'phone to hack all your private information, your bank, post office savings and all the private information on your 'phone or computer.

Think of a call out of the blue as an unexpected visitor. Treat it in the same way.

[Ian]

From Which? on the current intensification of scams (Christmas is coming!):

Seven ways to stay safe online

1. Pay attention to the green/grey padlock

This small icon is found in the address bar and tells you whether the traffic between you and the website is encrypted. If it is, that means information you send over the internet to the site, such as your password and your card details, are scrambled. That makes it very difficult for a hacker to view that information if they intercept it.

However...the padlock doesn't tell you anything at all about the honesty of the website operator. Fraudulent sites often have padlocks: it's not difficult to add a padlock to a website. All this means is that your personal data and payment details are being securely transmitted to the fraudster, and other cybercriminals can't get in on the act. Even if there's a padlock, you could still be scammed.

2. Does the website have any contact methods listed?

A 'contact us' box on its own isn't good enough, as you won't know whether it works until you actually need to use it. Expect to see clearly stated contact details, such as an email address, phone number and address.

Any website that fails to offer a contact method and information on its geographic location is breaching consumer contract regulations. Don't trust it with your money or personal information, as you won't be able to reach anyone if there's a problem with your purchase.

If an address is listed, you can search it on Google Earth
by selecting the magnifying glass symbol and entering the address into the search box that appears. If Google Earth can't find it, the address could be fake.

3. Check Companies House

If the website you're checking out has a UK company name and/or number stated anywhere, you can check it out on Companies House - the official register of UK companies. To search, go to Companies House and enter the purported company name or number into the search box.

Contd...

[Ian]

4. Read reviews

Online reviews of retailers on sites such as Trustpilot are an important weapon in your due diligence arsenal, but they come with a warning. Which? is campaigning to stop the scourge of fake reviews online, and it's vital to check whether a positive review seems legitimate.

We've found businesses manipulating review systems, misusing genuine review tools or even incentivising customers to leave good reviews in exchange for free products or vouchers.  Do many of the comments follow a strikingly similar format or are they mostly posted by reviewers with newly registered accounts? If so, they might be fake.


5. Looks are everything (in this case)

While genuine retailers usually design their websites with great care and expense in order to set themselves apart from competitors, fake sites are often thrown together quickly with cheesy stock images and dummy or stolen text, with other crucial site elements missing.

Don't just zero in on the product or service you're interested in. Instead, have a proper nose around the site. Are there lots of spelling mistakes, pages with 'lorem ipsum' dummy text, or generic images that don't relate to what's being sold? All these signs are red flags that you should think twice about before shopping on that website.

Does the site have a privacy policy? This is a legal requirement, and if a site won't tell you how it's using your data, it doesn't deserve your data. Equally, does it have a returns policy? A real company should tell you how and where to return a faulty item.


6. Are you staring at a copycat site?

Scammers like to pass themselves off as genuine retailers, as well as financial firms and government services. So-called 'clone sites' designed to copy the real deal commonly crop up in sponsored results on search engines, which sit at the top of the page. They also frequently advertise on social media sites.

7. Prices that are too good to be true

Browse a few well-known retailers and get a rough idea of what a particular item costs. If a little-known seller offers it at a jaw-dropping discount on the typical price, this should ring alarm bells. Ask yourself whether a major retailer, with its economies of scale, could be so vastly undercut by an unknown seller.

[Ian]

How to pay it safe

Generally speaking, if you're buying something that costs more than ?100 but less than ?30,000, a credit card is your best bet. That's because many credit card purchases benefit from legally binding protection under Section 75 of the Consumer Credit Act. In a nutshell, Section 75 makes your card provider jointly liable with the retailer for any breach of contract or misrepresentation.

If you pay ?1,000 for a laptop that never shows up, and your emails to the seller go unanswered, Section 75 offers you a different way of getting your money back. Paying by credit card can be a good way to cover yourself when buying big-ticket items such as tech, white goods and furniture.


Scam emails

Scams by email are currently roaring ahead, but there are some very simple ways to spot them.

1. Copy the address of the email using your mouse to highlight the details.
2. Paste the address into a blank page of your text app.
3. If it seems like gobbledygook, the sender is probably trying to scam you.

Take care, especially at this time of year.

[Ian]

Xmas frauds are becoming ubiquitous. Have a look at these...

[Ian]

More...

[SteveH]

When Bella Betterton fell victim to a recruitment scam and had ?3,000 stolen, she felt "attacked" and "distraught".

The 18-year-old had been contacted by scammers first via WhatsApp messages and then phone calls and thought she had taken part in a real job interview.

But the fraudsters tricked her card details out of her to steal the money.

New figures show the amount of money reported stolen via recruitment scam text and WhatsApp messages jumped from ?20,000 to nearly ?1m in the past year.

City of London Police say the number of people reporting these scams to Action Fraud increased more than eightfold.

But this may just be "the tip of the iceberg", according to City of London Police Temporary Commander Oliver Shaw, as this type of fraud is "hugely underreported".

cont https://www.bbc.co.uk/news/business-67945171

[SteveH]

How to avoid scam misery as 84-year-old has ?100k life savings stolen by fraudsters
Levi Winchester shares the details as we compile some tips to help you combat scammers

An 84-year-old retiree left 'demoralised' after being scammed out of his ?100,000 life savings has urged the public to stay vigilant. Paul Henderson had requested a new Visa card after somebody tried to use his account for a ?30 transaction.

Two weeks later, he received three calls from criminals posing as The Co-operative Bank fraud department. The ex-lecturer said in normal circumstances, he wouldn't answer this type of call (an out-of-area number) and 'just let it ring', but he thought that it had been genuine due to its timing.

cont ... https://www.inyourarea.co.uk/news/how-to-avoid-scam-misery-as-84-year-old-has-100k-life-savings-stolen-by-fraudsters/

[Ian]

5 email scams to watch out for

Scammers often use emails containing malicious links or phone numbers that ?phish? for your details. This continues to be a common tactic used to deceive victims, and lots of dodgy emails have been circulating this week.

For instance, people searching on Google for intel about a Pegasus spyware email has spiked in recent days. This scam attempts to blackmail you into handing over cash, usually in Bitcoin, to avoid them exposing personal images and videos of you.

With a quarter of people receiving suspicious emails every day, it can be challenging to distinguish between genuine emails and those created by fraudsters. Discover the five email scams that are currently circulating so you don't fall victim to them.

Email scams

ebay

An email impersonating eBay tells you that your purchase of an Apple iPad Pro costing around ?2000 has been confirmed.

It says that the order has been shipped and includes a number to contact immediately if ?you didn?t place this order?.

This is known as a vishing scam, where fraudsters either call you or get you to call a number while you?re on the phone they attempt to steal your personal information.

Typically, they?ll ask you to confirm some of your account details or, in some cases, scammers will tell you that your device has been compromised and get you to download remote access software. This will then enable the scammers to access to your device to 'help' you.

Pegasus spyware

Google Trends data shows that Google searches for a Pegasus spyware email have spiked in recent days.

The email is an example of a sextortion email, where scammers attempt to blackmail you into handing over cash, usually in Bitcoin, to stop them exposing personal images and videos of you.

The email it?s sent from appears as if it?s sent from your own email address and tells you that Pegasus is a spyware program which has been installed onto your device.

It goes on to say that the sender has access to ?your webcam, messengers, emails and call records? and has recorded intimate videos of yourself which they will send to your ?friends, family and co-workers in a few clicks?.

The scammer includes a link to their Bitcoin wallet and asks for thousands of dollars to delete all the images and videos they have of you. They also claim to be able to monitor all your activity.

This email is intended to incite panic, but there?s no need to worry. Hackers don?t have access to your device so you can safely disregard this email.

MetaMask scam

Interest in an email supposedly from cryptocurrency wallet MetaMask also spiked in recent days, according to Google Trends data.  The email, titled ?Immediate Action Required: Suspension Alert', tells you that you need to ?update your wallet? to comply with ?global regulations?.

It also says that you may not be able to access your wallet if this update isn?t performed before a specific date and includes a dodgy link to ?Update now?..

The email, titled ?Immediate Action Required: Suspension Alert', tells you that you need to ?update your wallet? to comply with ?global regulations?.

It also says that you may not be able to access your wallet if this update isn?t performed before a specific date and includes a dodgy link to ?Update now?.

MetaMask makes it clear that it will never send unsolicited emails as it doesn't hold personal information on its users, including names and email addresses.

MetaMask makes it clear that it will never send unsolicited emails as it doesn't hold personal information on its users, including names and email addresses.

Royal Mail impersonation

Scam messages impersonating postal services are always a popular phishing method amongst fraudsters and Google searches for emails sent from ?royalmail@royal-mail-infos.com? have recently spiked.

These emails tell you that there?s been an ?unsuccessful delivery attempt? of your parcel and that you need to pay a small fee for it to be redelivered.

A phishing link in the email will then lead you to a malicious website where your details will be stolen.

life insurance scam

Action Fraud, the UK's fraud reporting centre, recently reported receiving 800 reports of scam emails pretending to be from companies selling life insurance. These emails are sent from random email addresses and always include a phishing link.

They tell you that if you answer a few questions, you?ll receive quotes from various insurance providers. These emails are designed to steal your personal information.

[Ian]

This month's roundup of scams currently circulating.  It doesn't make for comfortable reading (to say the least) but it could save you a lot.

[Meleri]

I received a telephone call this morning from 01492594973 informing me there had been an attempt to take two payments out of my account but not which account. Then went on to ask me to press 1 for further assistance. I have had these calls before which turned out to be scams, but never from a local number which is worrying. On checking the number online all it's saying is it's a BT Landline located in Colwyn Bay. Has anyone else received one of these calls, or has anyone got a suggestion as to who I can report this too?