/ Community, Scams

Live event: ask our experts about scams – 2pm 8/7/21

Our experts were live on Which? Conversation on 8 July 2021 answering your questions. Check the comments for their responses.

We kicked off the first in a series of live Which? Conversation events with a Q&A on scams – we were live from 2pm – 3pm on 8 July 2021 in the comments.

📄 Live scams Q&A

🗓 2pm Thursday 8 July 2021

     

We were joined by Which? experts Lauren Merryweather (scams investigations and research) and Michael Tomlinson (Which? Money Helpline). They’ve both answered as many questions as they could in the comments below..

‘Scams’ of course, is a broad area, so we were specifically calling for your questions around:

🗨 The huge rise in text message scams in the past year

🗨 How fraudsters are attempting to take advantage of the pandemic

🗨 Action you can take to spot and avoid scams

🗨 How brands can help: what should/shouldn’t they be doing?

Check the comments for the answers.

Your scams questions answered

Click or tap on each question to expand or collapse each question.

❓ I keep getting text messages from mobile numbers that say I owe return postage on a parcel. Are these scams?

From @lmerryweather

These are likely to be fake texts and you can ignore them. It’s a scam that’s been going round for quite a while now: https://www.which.co.uk/news/2021/06/three-in-five-people-have-received-a-scam-delivery-text-in-the-last-year/

The best way to stay safe from text message scams is to avoid clicking on links in texts. There’s some more advice on how to spot scam texts here: https://www.which.co.uk/consumer-rights/advice/how-to-spot-a-messaging-scam-at2fR9B2E85g

❓ I got a call from a mobile number to say I’m being frauded by Amazon

From @gmartin:

…[this] sounds very similar to the Amazon Prime scam we’ve covered here: https://conversation.which.co.uk/money/amazon-prime-renewal-scam-phone-call/

Amazon’s popularity makes it an attractive target for scammers to impersonate. We’d advise that you check your Amazon account order history to make sure there aren’t any purchases you don’t recognise. You can also turn on two-factor authentication on the account for increased security:

https://computing.which.co.uk/hc/en-gb/articles/360000243980-What-is-two-factor-authentication-and-should-you-use-it-

Thanks to Jean for asking this question.

❓ How do ‘ghost brokers’ operate?

Thanks to @malcolm-r for this question:

”How do ‘ghost brokers’ operate?
Fraudsters lure victims in with the offer of cheaper insurance premiums, usually via social media or by word-of-mouth. These individuals or groups pose as middlemen for well-known insurance companies, claiming they can offer you legitimate car insurance at a significantly cheaper price.

This type of fraud is typically carried out either by forging insurance documents, falsifying your details to bring the price down, or by taking out a genuine policy for you but cancelling it soon after.

Often, the victim is not aware that they have been scammed until they are involved in an accident and try to claim on the policy. 

I wonder how many people have been tricked in this way. Many will not know, as they point out, until they need to make a claim.

@mtomlinson shared this response

Thank you very much for this and how encouraging to see such an informative and valuable service being delivered by your neighbourhood group. Interestingly, the Which? Money magazine published an article about ghost broking in March 2020 and I have copied a link here which takes you to the digital version, from Which? News:

https://www.which.co.uk/news/2020/03/car-insurance-fraud-are-scammers-taking-you-for-a-ride/

❓ Why is Facebook allowing scammers to carry on doing what they’re doing? Why can’t social media, phone companies and network providers block these at their source?

Thanks to June Parsons and Gary Greaves for these questions

From Lauren Merryweather:

We agree, there needs to be a more proactive approach towards stopping scammers operating on Facebook. We’re hoping social media sites could be made to take greater responsibility for what’s being posted on their platforms soon when the government’s Online Safety Bill has been finalised.

Read more and share your thoughts about why scams must be included in the Online Safety Bill

❓ I’ve been receiving emails from an unknown company I’ve never dealt with. I suspect they’re a scam, what can I do about it?

Thanks to Eric Strudwick for this question:

I have recently been receiving emails from no-reply-ncbcardalerts@jncb.com

They contain details about card payment transactions. I have never had any dealings with this company and assumed that its some kind of scam.

I guess that there is also a possibility that someone has cloned my identity.

How can I check?

The answer, from Michael Tomlinson:

Yes I would very much agree with you that certainly seems like a scam email. Many scams do seem to originate from ‘out of the blue’ contact – the telephone call, text or email we were not expecting. Certainly we should all avoid clicking on any links in these emails, as this is designed to harvest our personal data and account information.

Best practice is to simply delete these emails, but you can also forward them to the National Cyber Security Centre who have the authority to shut down and websites linked to them:

report@phishing.gov.uk

Many thanks.

Read our Consumer Rights Guide on how to spot a fake email

❓ It’s difficult to determine which emails from my bank are genuine and which are scams. What is Which? doing to address this issue?

Thanks to @beryl for this question, which prompted a good discussion with others, as well as to @alfa, who shared a similar question as well as her discovery of more information from her bank

Browsing recently through emails purporting to come from my bank, it was difficult to determine which were genuine and which were scams. For example, one email was a reminder that I had not paid the minimum amount on my credit card account and was threatened with hefty overdraft charges if I didn’t pay. As I don’t bank online and always pay my credit card balance in full and in time, I assumed this was a scam.

My question is, are we reaching a critical stage where technological advantages are being overshadowed and outstripped by the scammers to the point where people, including myself, are reluctant to open and reply to any email they receive from their bank? What would be the future outcome if this were the case for more and more people and what action can Which? take to prevent this predictable eventuality?

Which? scam expert @chiara-cavaglieri couldn’t join us on the day, but was able to provide an answer in advance:

It is a sad state of affairs that we can’t always trust that an email or a phone call is genuine – scammers are using cheap tech to spoof the phone numbers and email addresses of legitimate companies. But, banks can do more to protect you – and Which? will continue to put pressure on them to do so.

For example, they can stop scammers forging their email addresses using something called DMARC (more on this here https://www.which.co.uk/news/2021/06/banks-missing-vital-protection-against-email-scams-warns-which/) and they can protect their customer facing phone numbers using the DNO database (https://www.which.co.uk/news/2021/06/is-your-bank-protecting-you-from-number-spoofing-scams/).

Customers can do their bit too – vote with your feet if your provider isn’t doing everything it can.

❓ Is it worth reporting well-known scams? Can I just ignore scams that have been well publicised?

Thanks to @wavechange for this question:

I realise that it is worthwhile reporting suspected scams but is there any point in reporting well known ones? For example, it seems pointless to report that I have had an automated call to say that my subscription to Amazon Prime has been renewed at a cost of £79.99.

Can I just ignore a scam that has been reasonably well publicised?

From Michael Tomlinson:

There’s certainly no obligation to report this to, presumably you mean, Action Fraud. The scam you refer to seems to have gone out to most of us – I’ve certainly had this Amazon cold call on more than one occasion. So it’s really our decision if we wish to spend time filling out the reporting tool on the Action Fraud website. It is useful to submit information as it does at least provide Action Fraud with data, which potentially can be used for investigations or to be able to publicise warnings to the public. But yes, I do accept that there have been numerous warnings about this particular scam already. Many thanks.

Even if scams are well known, it’s very helpful to report them to us here at Which? using our Scam Sharer tool. This helps us keep track of what scams are currently affecting people, and to help spread the word on how to protect yourself further.

Comments
Jeff hooper says:
1 July 2021

I keep getting text messages from mobile numbers that say I owe return postage on a parcel. Different numbers and they point me to a link. I havent responded but I have rung the number and it cuts off straight away.

“I have rung the number and it cuts off straight away”

The scammers are making use of technology supplied by their comms provider/ISP that allows presentation on caller display of an alternative number to the one actually initiating the call/leaving the message. Most are pseudo random and invalid, but watch out for compound scams where a number might be presented leading to a premium number.

These are likely to be fake texts and you can ignore them. It’s a scam that’s been going round for quite a while now: https://www.which.co.uk/news/2021/06/three-in-five-people-have-received-a-scam-delivery-text-in-the-last-year/

The best way to stay safe from text message scams is to avoid clicking on links in texts. There’s some more advice on how to spot scam texts here: https://www.which.co.uk/consumer-rights/advice/how-to-spot-a-messaging-scam-at2fR9B2E85g

Alan Evans says:
1 July 2021

All you need to know I. These times there are no such thing as a free lunch”or if it sounds to good to be true then it is.ive had the lot from inland revenue to the package to be delivered” I’d love someone to try and get my money of me I’m tighter than a vice “

Ive been signed up to Which Scams emails for almost a year. From what I’ve read in that time there’s been no mention of the sorts of scam i was a victim of a yeasr ago which were I had previously invested money in unregulated services, the companies involved either went bankrupt or the funds were closed, and over the last year I’d been contacted by other parties about getting my investments back. Happy to share further details of my experiences.

Hi Keith, we’d be interested to find out more about this. Please feel free to email us on scamwatch@which.co.uk.

Don Wilkinson says:
1 July 2021

Scams are illegal – whatever their origin. i.e. the scammers have broken the law – they may be (often are) foreign, but where a scam can be identified as UK origin there seems to be very little enthusiasm among our police forces for pursuing these b******s and locking them up. Rather, relying on tech companies to do their work for them – comment anyone?

“where a scam can be identified as UK origin there seems to be very little enthusiasm among our police forces for pursuing these b******s and locking them up”
Sadly, even if a scam originates in the UK, if it goes out of the UK and back in (and it inevitably often does via a country where we have no reciprocal agreement to exchange information pursuing criminals), the trails end up cold. You can understand why that disheartens the forces. Some tech companies have capability to stop this, but in so doing they would be cutting a major revenue stream and the prices we’d have to pay for, eg, broadband would skyrocket if they did.

An invidious situation.

Hey Don, you might find this interesting. I came across it a week ago when the news broke. It shows a scammer arrested from Manchester was after police found a laptop and other devices inside a hotel room. It’s astonishing how people dedicate so much time into scamming others out of money, sad really.

https://www.cheshire-live.co.uk/news/local-news/police-raid-hotel-room-arrest-20860404

I’d like to know why companies are not doing more to help prevent scammers impersonating them in the first instance. For example we all know about the BT Openreach Scam where the scammers will try to convince you that your computer is sending them suspicious errors and warnings to the servers, surely if BT wrote to every customer and told them from now on if we need to contact you we will always tell you your account number followed by your name we could put an end to this problem over night. A scammer is unlikely to have that information and therefore the person receiving the call can hang up immediately. In fact I’ve been doing this myself recently by telling the scammers a new BT ruling means they have to give me the above details at the start of each conversation, the scammers don’t have an answer for that and usually hang up. Lots of companies could adopt this practice and no doubt save many more people from being scammed. Even a television advert alerting people to this new method of contact could help spread the word more quickly.

“surely if BT wrote to every customer and told them from now on if we need to contact you we will always tell you your account number followed by your name we could put an end to this problem over night. “
In principle yes. However, there is a chicken and egg scenario – if a caller from BT were to blurt out this detail to whoever answers the phone at an account holder’s address without first verifying that they are speaking with the account holder by going through their security protocol, they would breach GDPR. A compromise would be a “code word” and letters from it -chosen at random – each way (ie as the security, the instigator of the call announces two letters from the customer’s code word – and only if the customer recognises them in their correct place does he disclose two back at positions requested by the caller.

Gavin says:
1 July 2021

I’d like to know what successes businesses, particularly banks have had in catching scammers. We get many warnings about scams but nothing about scammers getting caught and prosecuted. Why not? Do businesses pursue them? What happens when they get tracked down? Why aren’t they named and shamed? Or are the successes so few that businesses prefer to remain silent and put the responsibility on the customer avoiding getting caught out.

Some scammers do indeed get caught and even sent to prison. Just watch some of the Jim Browning videos on YouTube.

Hi Gavin, on the occasions these scammers are caught they do face arrest and criminal charges. There were two higher profile cases this year:

https://www.cps.gov.uk/cps/news/covid-19-fraudster-jailed-mass-cyber-scam
https://www.bbc.co.uk/news/uk-england-57226704

Businesses would not readily admit to being the focus of a scam. It would be bad for business. Banks now have most of their staff working from home. Are we to believe they are all honest trustworthy employees who would not participate in providing information to help a scammer.

jean says:
1 July 2021

i got a women phoning me to say i am being frauded from amazon the number is 07891605689

“i got a women phoning me to say i am being frauded from amazon the number is 07891605689”

A scam in itself. I trust you ignored and did not divulge any detail.

Hi Jean, that sounds very similar to the Amazon Prime scam we’ve covered here:

https://conversation.which.co.uk/money/amazon-prime-renewal-scam-phone-call/

Amazon’s popularity makes it an attractive target for scammers to impersonate. We’d advise that you check your Amazon account order history to make sure there aren’t any purchases you don’t recognise. You can also turn on two-factor authentication on the account for increased security:

https://computing.which.co.uk/hc/en-gb/articles/360000243980-What-is-two-factor-authentication-and-should-you-use-it-

I would like to ask if which and the government can get together and send out a small checklist to the elderly and vulnerable who do not have the internet ?

Hi Suzanne. It’s a lovely idea. We’ve had discussions here in the past over how we can reach people offline – I’ll be sure to raise it again to see if we can do more.

This is quite a difficult issue for Which? to deal with. It can warn of new threats, it can report scams that have caused loss and it can look at the reaction of banks and businesses to these scams. What it can’t do is to suggest ways in which scammers can be caught or stopped since this is a matter for law enforcement and cyber security. This makes Which? somewhat toothless in its response and coverage. My question is whether Which? corresponds with banks and businesses about their security, and those that impersonate them, and what replies they receive back. Does Which? have any positive suggestions to give to these organisations that might help them in this battle? What does Which? know about the forces aligned against these scammers and is there any published data of success rates versus scams currently running?

Hi Vynor. The below response is from Chiara Cavaglieri (https://conversation.which.co.uk/members/chiara-cavaglieri/) who couldn’t join us today but is one of our scams/fraud experts:

Every year we ask external experts to assess bank security and we engage with every bank tested to encourage them to make improvements. For example, we called for multi-factor authentication for many years (now a requirement for banks under PSD2). More recently, we decided to mark banks down if they include phone numbers in text messages to customers (because we know scammers copy these texts to trick users into calling them instead). Several banks have since committed to removing numbers from SMS comms so that customers can more easily spot fakes. If you’re looking for data on action against scammers, UK Finance is your best bet – in 2020 banks stopped £1.6bn in unauthorised fraud, equivalent to £6.73 in every £10 of attempted fraud being stopped. The Banking Protocol also stopped £45.3m of fraud and led to 200 arrests in 2020.

Thanks for that Chiara, It’s pity that such detail is not published more widely. The fight goes on. If 200 were arrested last year, that means that there are considerably more joining the scam trade than we are taking out -but, it is a start. I’m glad that you find that your “engagement” is two way, and I hope that this increases.

H Harvey says:
1 July 2021

I got a fake text from DPD saying I had a missed delivery. I was expecting a delivery and foolishly submitted my name address telephone number and, unbelievably, my DOB. I realised it was a scam on next page but had already submitted these details. How worried should I be? Identity theft? And is there any action I can take now?

I got a fake text to say that they try to deliver a parcel and They could’t as I wasn’t @ home.
I knew it was a lie as that day, I wasn’t feeling well and was home the whole day. So I put it in scam as I wasn’t expecting any parcel.
It’s getting a massage that I have won $100,000.00 USA lotery draw. I never bought the ticket in USA and havn’t been to USA for nearly 4 years.

There’s no need to worry too much, the risk of identity theft from these scams is low, but there are a few things to watch out for. Fraudsters often use personal details they’ve stolen this way to target the same people with impersonation scams. A common one is where they call you pretending to be your bank, warning you that your account has been compromised. They then try to persuade you into transferring all your money into a ‘safe’ account. Don’t trust anyone who calls you out of the blue claiming to be your bank, a utility provider or from the government, even if they know your name, address and other details.

If you’re worried about identity theft, you can always keep an eye on your credit file for any unusual accounts that have been opened in your name. You might also notice you receive more scam texts for a while. Avoiding clicking on links in texts is the best way to avoid scam texts.

Phone number spoofing should not be possible. No apps allowed to achieve it and technical fixes to prevent it at all.

“Phone number spoofing should not be possible. No apps allowed to achieve it and technical fixes to prevent it at all.”

Would that that were the case. Legitimate use of such techniques has to remain (eg being able to “spoof” a switchboard address or an 0800 number from a direct line). And as I said elsewhere on scams, by providing this facility, comms companies get a huge revenue stream, and therefore have little incentive to cut that off (which would inevitably happen if they rigorously identified scammers at the early stage – and then us consumers would be forking out much more for basic services. Perhaps hefty fines or director imprisonment punishments are in order when communications providers have effectively aided and abetted criminal activity by allowing this use of technology when appropriate due diligence at contract stage (with the scammers) would have identified their true purpose, when not only would the contract not have gone ahead, but there could have been a possible sting set up.

I am 78 yrs old. I love playing with scamers. While they are talking to me, they can’t be scamming anyone else. They almost ALL have Indian accents. Typical conversation: “I am talking to you from BT; your telephone line is being used illegally”. Me: “Can you answer a security question; where are you speaking from?” (Replies with an address in London.) “Is that north or south of the river Thames?”; “I can’t see through the window; there are buildings in the way” !!!; “OK, an easier question you must know; what is your nearest underground station?” – ‘phone is put down. Another retort to some scammers “Do you know that I am 78 years old?”; “No”; “And do you know what that means?”; “No”; “It means I wasn’t born yesterday !” (I put down ‘phone). But my favourite response to obvious scams, especially women, is to lead them on, then suddenly say: “How do you sleep at night, knowing your life is devoted to stealing money off people old enough to be your grandfather?”. Usually I am cut off immediately. Always, after these scams, I block the number on my BT ‘phone, because I often get repeated calls from the same scam, presumably from automatic calling machines. I do the same with the many “silent calls” I get. I used to get many unwanted calls a week; with my ‘phone block, they have reduced to less than one a week. I use Norton Anti-virus, which protects my computer with VPN by making it anonymous; and I refuse to use on-line banking. So far safe !

Most scams involve money being transferred to a false bank account. Why are the banks who receive the money not held to be liable in any way. It could be argued that banks are colluding with scammers by not being rigorous enough when accounts are set up. They are involved in the laundering of fraudulently obtained money If the receiving banks were to be held liable – or even just partly liable, for money received into false accounts in their bank than maybe they would be more vigilant about new accounts

B Patel says:
1 July 2021

In reality anyone can get scammed as the following link demonstrates, it begs belief how Barclays can transfer £700,000 and say the couple did it willingly – it just goes to show whatever questions Barclays asked before executing the transfers were not good enough. So, personally I think banks should be liable for anyone who is scammed – they simply are not able to keep our money safe. Recently Nat West Bank have introduced customer controlled transfer limits – no doubt this couple could have been saved if these methods were thought through by the banks many years ago !

https://www.bbc.co.uk/news/uk-england-gloucestershire-55712418

As the scammers say they are from an organisation and more often from a bank. Why cant there be a regulation or a rule right across the board that means a bank or other organisation is never allowed to approach ANY customer with a request for personal details. Cut this off at the source and make it known with big advertising that No bank WILL EVER ASK FOR MONEY OR PERSONAL DETAILS. Make it illegal to do so and the scammers will have lost a large part of their arsenal. A large promotional campaign will be cheaper than keep paying out for scams. And lets face it, its because of this ambiguity in the first place. Take that away and you start winning the war.

Best way I think is to ask them to pt in writing any thing that they want to no or offer you.if they are a scammer they won’t,but if they do they will give you details I. Writing that you can check up on.dont do anything without,something in writing,from them.if they are genuine they won’t mind you asking.

My local Neighbourhood Alert is sending this warning around currently, although it is not a new scam
………..
”How do ‘ghost brokers’ operate?
Fraudsters lure victims in with the offer of cheaper insurance premiums, usually via social media or by word-of-mouth. These individuals or groups pose as middlemen for well-known insurance companies, claiming they can offer you legitimate car insurance at a significantly cheaper price.

This type of fraud is typically carried out either by forging insurance documents, falsifying your details to bring the price down, or by taking out a genuine policy for you but cancelling it soon after.

Often, the victim is not aware that they have been scammed until they are involved in an accident and try to claim on the policy.

I wonder how many people have been tricked in this way. Many will not know, as they point out, until they need to make a claim.

Thank you very much for this and how encouraging to see such an informative and valuable service being delivered by your neighbourhood group. Interestingly, the Which? Money magazine published an article about ghost broking in March 2020 and I have copied a link here which takes you to the digital version, from Which? News:

https://www.which.co.uk/news/2020/03/car-insurance-fraud-are-scammers-taking-you-for-a-ride/

Kingsburn Wind Energy is a legitimate company based near Inverness. In November 2020 I was interested in purchasing a £12,000 two-year investment bond from the company. I made extensive investigations into the company and was satisfied that the bond offer was genuine. I was directed to a bank account at Starling Bank and the bank confirmed that the account belonged to Kingsburn Wind Energy. I then purchased the bond and transferred £12,000 from my bank (Halifax) to Starling Bank. In May 2021 I discovered that fraudsters had opened the Starling bank account using the name Kingsburn Wind Energy and my investment had disappeared.
Halifax has rejected my request for reimbursement. It seems to me that Starling Bank was either conspiring with the fraudsters or was grossly negligent in allowing the fraudsters to use the name of a legitimate company when opening their bank account. Should I complain to Starling Bank and then to the Ombudsman if necessary?

So this infact was a fake investment and therefore sadly a scam. Yes there seems to be a lot of investment scams at the moment as we have received numerous calls to the Which? Money Helpline about them. As you said the money was paid via bank transfer, this would be classed as an Authorised Push Payment scam (APP).

Firstly, can I ask if you have made a complaint to the Halifax Complaints department about the decision to not refund you? If not, this is advisable. Making it a formal complaint means that they will have a maximum of 8 weeks to investigate this situation and then issue you with a full response. If they stand by their decision to not refund you, then I would strongly recommend taking the complaint to the Financial Ombudsman Services. It seems to me that you conducted appropriate verification checks and whilst there is always a high risk with an unregulated investment like this, a scam is different altogether.

Our Which? Consumer Rights website has a template letter you could use to send to Halifax Complaints:

https://www.which.co.uk/consumer-rights/letter/letter-to-complain-to-your-bank-about-app-fraud-under-code-aH3vh9g0GHl6

I also think making a formal complaint to Starling is worth trying. The same procedure applies in that you can then take it to the Financial Ombudsman.

I keep getting called from 0204 5246007,
I’ve searched it and it says it’s a scam call ? Never answered it, but they call 3-4 times a day!!

Hi Emma. As you say, the number does appear to have been given a number of negative reports based on Google search results. Personally I’d continue to ignore it and look to block the number if you can.

I have on average 2 a day to my mobile phone where it may be Amazon, HMRC, microsoft router , National insurance , UK benefits, internet usage and some silent Autobot types , i installed true caller as it was recommended by a colleague but still get pestered by all these press 1 persistent people, any suggestions