Scam watch: Ehic scammers steal £135

Websites can and are removed if they are illegal. I have suggested that sites providing paid-for services as an alternative to government sites must be licensed. Then those that are not licensed could be taken down because they would be operating illegally.

We need solutions that help everyone and not just those who look at the Which? website. The person mentioned in the introduction was a Which? member.

But these are not necessarily illegal if they purport to offer a “concierge” service. The post office offer, and charge for, a passport checking service. The very dubious bit is using a deceptive web address. Maybe there should also be a restriction on the way web addresses are given when they mimic official ones?

I have suggested that sites that offer a an additional service could be licensed if considered to be in the public interest. I believe that websites with deceptive web addresses are already taken down.

Thanks Alex.

It’s good to see an example of how social media can be used to pass on important information. I feel this would be an easy and inexpensive way of informing the public of product recalls, and one that could be implemented now. I’m suggesting this as a complementary approach to product registration.

I wondered too. I presume that the website has been closed down.

It can be interesting to look at page caches if pages have been modified or web archives for historical information, but this depends on a website still being active and you know which one it is.

I have never needed to do more than quit and restart my browser when seeing that sort of message.

This comment was removed at the request of the user

I have never had one of these before. I have wondered how people get into the position of having to pay to remove popups that demand money for removal.

Quite easily if it appears to come from Microsoft.

The word fly or f1y is in the URL, I took a copy of the screen.

Kaspersky is Internet Security version.

This comment was removed at the request of the user

alfa – thanks for posting this.

I stopped using Windows 7 for home use about 6 years ago, after similar circumstances tricked me into “authorizing” a virus onto my main PC.

I think these attacks are very common – some family members have also suffered from them on Windows 7 & 8 systems and, most times, ended up paying local computer shops to clean up and re-install Windows.

It was interesting to hear that, even though you had good security software, the attack’s “hurt & rescue” screen was able to appear.

Where I work, we all now use Windows 7 and we seem to have very good security, so problems like malware infection are rare (but many websites and some emails are routinely blocked). And, of course, ordinary users do not have “admin rights”.

For modest home uses, I don’t think there is much need to use Windows at home.
Over the last few years, I have set up some family members to use Linux rather than Windows.

Linux cannot fall prey to traditional Windows executable viruses, but it can be vulnerable to attacks within web browsers. So far, none of those has caused any serious damage.

Also, even if a Linux system does get corrupted, it usually only takes about 20 minutes to completely re-install the OS from scratch.

We also now have one Chromebook and it is an excellent tool for general internet surfing. I’m always surprised that Which? don’t recommend them more for this role.

This comment was removed at the request of the user

Here is an image showing how realistic it looks. (Sorry you can’t see it Duncan):
.

This comment was removed at the request of the user

I got one of those – on a Mac…

I have seen the odd pop-up but I have had more threats by email containing links that are presumably dodgy. I just look at the preview pane rather than opening the email and then delete the message. None of the threats to damage my computer if I don’t act promptly have materialised.

A web search can produce dodgy links but I wonder how Alfa received a pop-up when looking at the Telegraph website.

I wondered that also wavechange. I had the screen up and was typing a post in the Lobby at the time. I submitted that URL and typed out the one above in the image into Kaspersky to check them out but them both came out clean. There is a possibility that the characters are not as they appear so I could have typed them incorrectly. The screen had seized so I could do nothing with it including copying text.

Ian, Microsoft on a Mac? A bit of a giveaway. I don’t have MS Security Essentials, but I doubt if most users would know that.

Sorry Duncan, what imaging websites can you see?

If the screen freezes the way of doing a screen capture is to use a camera or phone. That is what I did when my Mac laptop developed a major problem, to show to the guys in the Apple Store.

I’m not sure if I have had the screen freeze with a malicious pop-up. I just quit and restart the browser.

This comment was removed at the request of the user

Restarting your computer, could trigger a nasty little bug, so you really ought to at least do a full scan.

I don’t know anything about Macs but the MS registry has ‘Run’ and ‘Run Once’ sections that something could be hiding in. You would hope internet security would pick this up but if you inadvertently agree to something………

With the introduction of GDPR, this could be more of a problem now every website keeps asking you to agree to their terms and conditions. I usually ignore them, but sometimes you have to accept them or leave.

Duncan, can you look at any imaging websites? You could do a temporary unblock.

Probably a false negative, Duncan.

This comment was removed at the request of the user

This comment was removed at the request of the user

Everything just looks like a search utility Duncan. Although it might identify leftover files, I can’t see it identifying malware.

This comment was removed at the request of the user

Just search for the text and you are likely to find other examples of the scam reported online.

This comment was removed at the request of the user

This comment was removed at the request of the user

Perhaps Duncan you should explain why Which? “has several versions of Google” as it really does not seem relevant to my suggestion that Which? is a resource with valid links.

Obviously locking content added by Which? with an alert for alteration attempts would seem a basic precaution. Given that there is no money involved I am not quite certain why online banking security standard is needed.

This comment was removed at the request of the user

There is a useful repository of official links on GOV.UK: https://www.gov.uk
Just search for EHIC etc.

There seems little point in duplicating information, and getting people into the discipline of searching for official information in one place could help avoid fraud.

There are many more useful sites that Which? might list perhaps?

I won’t argue about that. Which? already has a large number of articles on a variety of topics of consumer interest, presumably chosen on some criteria that we don’t know about. Of course more can be added. Keeping the present information and links up to date is I suspect a considerable undertaking. I wonder if resources might be better used to convince government of the need for an effective Trading Standards service. I’m fairly confident about searching for information and evaluating its likely quality rather than being spoon-fed with what someone believes to be decent information.

I do wish that some of our surveys focused on what we would like from Which? Equally, I don’t like reading reviews that look like sponsored advertising features for products or having links to Amazon or other websites. I’m perfectly capable of comparing prices on websites.

It would be good to have some opportunity to influence the priorities of the organisation.

Have you thought of using the Which? Member Governance Committee?

I’m sure I have made the suggestion there, Malcolm. I have not seen much evidence of our views being listened to.

I am very glad that product safety is a current campaign of Which? but despite a few of us banging on about the need for an effective Trading Standards that will support citizens I don’t see any indication that there will be any improvement.

If Which? at least responded to the questions they are asked it would help, wouldn’t it wavechange. I have recently emailed Which? about two issues that bothered me that have not been responded to in Convos. To his credit, George has offered to raise these and other recent unanswered questions, but if I go back I have a lot of them and he is so helpful I don’t want to overburden him and the team.

If I continue to have enforced time on my hands I may well trawl back through the Convos and draw up a list then send it to Which?. Hopefully I’ll find better things to do because I remain unconvinced that Which? are that interested.

Product safety and consumer protection seem key priorities for Which?, and Trading Standards should be the key to unlock this. I do agree with the current campaign, on the basis that standards that should be observed are generally good but we have totally inadequate means of monitoring and enforcing them.

I have been looking at a recent code of practice on recalls of consumer products.

“Where practical and proportionate and in accordance with data protection rules, producers and distributors should aim to keep records of customers and purchases.”

I think mandatory product registration would be useful but it does not surprise me that there seems to be no mention of this option. The statement above does not give me much hope that we will make progress.

On a positive note, the potential for using social media to inform people of recalls is mentioned. Nowadays there are many younger people who move from one rented property to another and could be difficult to inform of recalls.

A variety of contributing organisations have, under the BEIS banner and with BSI’s help, developed the “Code of practice on consumer product safety-related recalls and other corrective actions” . This is issued as PAS 7100:2018.

It says, under 4.4.2.2 “Customer traceability” and the businesses required Product Safety Incident Plan that “Consumers should be asked for their consent to their contact details being recorded…………..making it clear that this is for use only in the event of need for contact arising in respect of product safety”

As I said earlier this PAS is presented as for “guidance and recommendations” and is neither mandatory for businesses not mandatory for consumers to register.

I presume that data protection laws need to be observed. However I would hope that, first, the requirements of this PAS will be made mandatory for all businesses (producers and distributors) involved in specified product groups and that, second, for those specified products purchasers must register their contact details. It may not be possible without a change in the law, and that may not be possible while are subject to EU control.

The problem I see is that reputable business will do all that the PAS requires, and other disreputable businesses will not. Perhaps, like fridge plastic backs, Which? could keep a list of all those businesses that do fulfil the PAS requirements, and note those that do not. Put the latter on a blacklist.

This comment was removed at the request of the user

I completely agree, Alfa. I hope that Which? will look at some of the examples of what we are being pressurised into agreeing to when using websites. I suspect that GDPR has been used as a way of gaining more information than before.

GDPR has certainly provided a ‘justification’ for asking for a lot of information, much of which is not necessary for the purpose in hand. A handful of global companies are now masters of the world-wide web and we are but serfs under their domination. The principles and objectives of the GDPR are sensible but the bureaucrats have made a mountain out of it and instead of having more protection I feel it has worked against us. Little charities and voluntary groups have had to do a lot of compliance work but big corporations are using it to harvest vast volumes of personal data.