/ Health

Scam watch: Ehic scammers steal £135

Some dubious websites are charging people for free health cards and a Which? member fell into the trap. Have you been duped into paying for something which you’re actually entitled to for free?

Which? member Andrew Winterbotham told us:

‘An email told me that my European Health Insurance Card (Ehic) was due to expire, which was true. I clicked through and bought five cards for me and my family, costing £135. I forgot that Ehics are free.

‘The site emailed saying that my card had been declined. It rang me, and I paid by bank transfer. I then had to send a copy of my bank statement to prove I’d paid. Now I see I was duped, where can I turn?’

How to avoid getting scammed

These unofficial sites justify their rip-off charges by claiming to provide a ‘checking’ service that prevents application errors. This is unnecessary, as it’s easily done for free on NHS website ehic.org.uk.

A Department of Health and Social Care spokesperson said such sites are ‘totally unacceptable’, adding that it is working with search engines to crack down on them.

It’s concerning that the site now holds your card and account numbers, sort code and other sensitive data, so I asked about its data-retention policies and the ‘phishing’ type email it initially sent, but received no response.

We’d recommend notifying your bank about any data you gave, and ask it to be extra vigilant.

You can also complain to the Advertising Standards Authority and Information Commissioner’s Office, and report the site to Action Fraud. If you’ve paid by bank transfer, you’re unlikely to get your money back, but card payments are often protected.

Have you ever been duped into buying a product or service that you’re really entitled to for free?

Comments
Member

Many have been tricked into using commercial websites rather than the official website. We have discussed copycat websites in other Convos.

Yes we should be careful in how we use websites and look for GOV.UK websites rather than the first one that shows up in a web search.

I suggest that we need legislation to ban companies that offer alternatives to government services unless there is some obvious benefit to the consumer and that a company has been given a licence to provide the service. Even if a licence is granted the site should be required to display information such as:

Do you wish to apply for a FREE EHIC, with a link to: https://www.gov.uk/european-health-insurance-card
or do you wish to pay £**** for an EHIC (giving one or more benefits that have been confirmed as valid when the licence was issued)

I would also like to see legislation to allow this sort of website domain to be made inactive if it has not been licensed as outlined above.

Member

I do not see how we can license anything on a world wide web, any more than we can stop cold phone calls that emanate from overseas. However someone will hopefully suggest solutions.

Which? could perform a useful service by listing all official government sites that provide services to us. Maybe they do, I haven’t looked.

Where a website has been shown to act illegally and deliberately perhaps the credit card companies could withdraw their facility. This could include more than just fake or scam “official” sites – how about secondary ticket touts and those that sell fake, dangerous and poisonous products like Ama………

Member

Websites can and are removed if they are illegal. I have suggested that sites providing paid-for services as an alternative to government sites must be licensed. Then those that are not licensed could be taken down because they would be operating illegally.

We need solutions that help everyone and not just those who look at the Which? website. The person mentioned in the introduction was a Which? member.

Member

But these are not necessarily illegal if they purport to offer a “concierge” service. The post office offer, and charge for, a passport checking service. The very dubious bit is using a deceptive web address. Maybe there should also be a restriction on the way web addresses are given when they mimic official ones?

Member

I have suggested that sites that offer a an additional service could be licensed if considered to be in the public interest. I believe that websites with deceptive web addresses are already taken down.

Member

I get regular updates from ActionFraud – National Fraud & Cyber Crime Reporting Centre.

They work with Neighbourhood Watch in your area to keep you informed of the latest scams plus any dodgy goings-on in your area, how to handle situations, keeping safe and sometimes ask for help from the public.

Anyone can sign up for free here:
https://www.actionfraud.police.uk/signup

Perhaps in their next Weekly Scoop, Which? could suggest folks sign up to it, as it never ceases to amaze me how people can still get caught so easily.

Some recent subjects:
Fake Amazon Emails
Fake Argos Texts
Keeping your home safe
Keyless car theft
Courier Fraud

Member

Thanks alfa! I’ll pass on your suggestion. We work really closely with Action Fraud on Twitter, often retweeting their advice and suggesting people use their services.

Member

Thanks Alex.

Member

It’s good to see an example of how social media can be used to pass on important information. I feel this would be an easy and inexpensive way of informing the public of product recalls, and one that could be implemented now. I’m suggesting this as a complementary approach to product registration.

Member

A good link. I get these, alfa, under the auspices of our local police authority. Informative with sensible and useful advice.

Member
Patrick Taylor says:
22 July 2018

The story is a little thin. Can Which? explain why they have not named the site to avoid ? Who sent the email, and is a part of a widescale phishing operation, or is the sender privy to EHIC renewal data.

There is nothing in the article to suggest it was search engine originated problem.

The willingness of card-handling banks to deal with this operation indicates an area where consumer bodies perhaps ought to examine the ways this could be made more difficult.

Member

I wondered too. I presume that the website has been closed down.

It can be interesting to look at page caches if pages have been modified or web archives for historical information, but this depends on a website still being active and you know which one it is.

Member

Hi Patrick,

Good questions. This article is an abbreviated version of my Scam Watch column in Which? Magazine, which goes into more detail on how the scam worked.

It’s not clear whether the email was a generic attempt at phishing which simply got lucky, or whether Mr Winterbotham was targeted by someone who had actual renewal data.

I put this very question (along with others) to the site that emailed him but didn’t receive a response. For legal reasons this also meant we couldn’t name the site.

However there are hundreds of such ‘copycat’ sites out there and there’s no need to list them – the only link anyone needs is the one to the legitimate site, ehic.org.uk.

Member

The first thing that should be seen is your browser saying the website has got a dodgy certificate . IE- not in the official name of the website-out of date one and so forth . By the way for those thinking Which doesn’t travel far I see this convo is on a search web-page I have accessed. Check who is the host . Wavechange there are many dodgy websites still active I run into many and nobody has stopped them operating –yet.

Member

I was on The Telegraph website earlier today, when it turned into this nasty little screen…

It appeared to be a warning from MS Security Essentials on a website safety dot microsoft dot com

The screen seized up so the ends of the sentences are missing but:

Your system is infected with (3) viruses!
Your Windows 7 is infected with (3) viruses. This pre-scan has found traces of (2) malware and (1)p….
spyware
software.
Removing the (3) viruses is urgently required to prevent further system damage, loss of apps, photo…..
data. Traces of (1) phishing / spyware were found on your Windows 7 computer.
Therefore personal and bank information are at risk and might be stolen by cyber criminals.
1 minutes and 56 seconds remaining before permanent damage is done. Click on CONTINUE to do…
and get immediate help.

Then a pop-up entitled Message from webpage
⚠️ Warning!
Windows is infected with viruses and other harmful applications.
Viruses must be removed and system damage should be repaired.
It is necessary to perform virus removal immediately, please go ahead.
**When you leave this page, your Windows remains damaged and vulnerable**

🤔 ⁉️⁉️⁉️

I wonder how many people would panic and hit Continue? This is probably ransomeware involving expensive phone calls or paying to remove it.

Hopefully by disconnecting instantly from the internet and not hitting continue I am safe.🤞 I have done a full scan and checked everything out I can and seem to be okay. I hope Kaspersky would have stopped it installing if it had tried but surprised I didn’t get a warning.

Member

I have never needed to do more than quit and restart my browser when seeing that sort of message.

Member

You should be okay Alfa , your right its a “click on this for malware” website , if you didnt click you should be okay . Whats not okay is you weren’t warned and you have Kaspersky which I like , I take it its the full internet version not just the virus control version ? I dont have internet malware protection via a big company but my apps either block the website or give me a very big box warning , the same with Yandex which blocks as well as it has built in virus/ website/ server protection via “Pure ” ( trademark ). Not happy you weren’t warned Alfa at least the certificate should have been shown to be a scam. You need extra protection . I will check out Kaspersky and see what its internet protection does as there also “fly by malware ” – just VISIT a website and its got you.

Member

I have never had one of these before. I have wondered how people get into the position of having to pay to remove popups that demand money for removal.

Quite easily if it appears to come from Microsoft.

Member

The word fly or f1y is in the URL, I took a copy of the screen.

Kaspersky is Internet Security version.

Member

Popups can be removed but require in Windows going into the programming its the Trojans and other ransomware you have to watch out for as they take over your computer. When I had Win 7 Prof I was helped by a program called Everything as it showed programming Windows would hide from you /or a virus download at https://www.voidtools.com/ the website is okay , used it for a few years while I had Windows wont work in Arch LInux. It should have blocked the website then Alfa , something wrong ? MS takes over any non MS system on its own system including other malware companies stuff and can “interfere with it ” Kaspersky is also being crucified by the US government as “not safe ” because its Russian so I wonder if MS a friend of the NSA/ etc is “interfering ” with it ? its certainly not working right .

Member
DerekP says:
23 July 2018

alfa – thanks for posting this.

I stopped using Windows 7 for home use about 6 years ago, after similar circumstances tricked me into “authorizing” a virus onto my main PC.

I think these attacks are very common – some family members have also suffered from them on Windows 7 & 8 systems and, most times, ended up paying local computer shops to clean up and re-install Windows.

It was interesting to hear that, even though you had good security software, the attack’s “hurt & rescue” screen was able to appear.

Where I work, we all now use Windows 7 and we seem to have very good security, so problems like malware infection are rare (but many websites and some emails are routinely blocked). And, of course, ordinary users do not have “admin rights”.

For modest home uses, I don’t think there is much need to use Windows at home.
Over the last few years, I have set up some family members to use Linux rather than Windows.

Linux cannot fall prey to traditional Windows executable viruses, but it can be vulnerable to attacks within web browsers. So far, none of those has caused any serious damage.

Also, even if a Linux system does get corrupted, it usually only takes about 20 minutes to completely re-install the OS from scratch.

We also now have one Chromebook and it is an excellent tool for general internet surfing. I’m always surprised that Which? don’t recommend them more for this role.

Member

Yes I agree with Derek although (so far ) I have not been the subject to attacks on my browsers that Derek mentions but thats because of the apps protecting them , only Midori browser , which my system doesn’t like so I removed it . I agree with Chromebook its one reason MS is booting Windows into touch in future years and going fully “mobile ” . If you want a system like Win 7 but without the control of MS get Linux Mint , I have the 18.3 version on the boot menu but a new 19.1 version is just out and can be downloaded as an ISO and burnt to a disc or thumb drive then used to install it. As Derek says using Linux is much easier to work with , no battles about who is in charge –YOU are.

Member

Here is an image showing how realistic it looks. (Sorry you can’t see it Duncan):
.

Member

God Alfa – you know how to tease a man !

Member

I got one of those – on a Mac…

Member

I have seen the odd pop-up but I have had more threats by email containing links that are presumably dodgy. I just look at the preview pane rather than opening the email and then delete the message. None of the threats to damage my computer if I don’t act promptly have materialised.

A web search can produce dodgy links but I wonder how Alfa received a pop-up when looking at the Telegraph website.

Member

I wondered that also wavechange. I had the screen up and was typing a post in the Lobby at the time. I submitted that URL and typed out the one above in the image into Kaspersky to check them out but them both came out clean. There is a possibility that the characters are not as they appear so I could have typed them incorrectly. The screen had seized so I could do nothing with it including copying text.

Ian, Microsoft on a Mac? A bit of a giveaway. I don’t have MS Security Essentials, but I doubt if most users would know that.

Sorry Duncan, what imaging websites can you see?

Member

If the screen freezes the way of doing a screen capture is to use a camera or phone. That is what I did when my Mac laptop developed a major problem, to show to the guys in the Apple Store.

I’m not sure if I have had the screen freeze with a malicious pop-up. I just quit and restart the browser.

Member

I cant even see the link as my blockers block it Alfa —-so I am left wondering ??

Member

Restarting your computer, could trigger a nasty little bug, so you really ought to at least do a full scan.

I don’t know anything about Macs but the MS registry has ‘Run’ and ‘Run Once’ sections that something could be hiding in. You would hope internet security would pick this up but if you inadvertently agree to something………

With the introduction of GDPR, this could be more of a problem now every website keeps asking you to agree to their terms and conditions. I usually ignore them, but sometimes you have to accept them or leave.

Duncan, can you look at any imaging websites? You could do a temporary unblock.

Member

Probably a false negative, Duncan.

Member

The problem with images now Alfa is you need to scan them and also check them for spyware as well . Malware is now embedded into many images and that organisation that gives people the opportunity to move photos round the web has been hacked plenty of times , even their server tracks you and obtains your data thats why my blockers block it . Alfa please download Everything I gave you the link above that does what your second paragraph wont do it shows all the hidden data in the Registry AND you can click on it to access where it is and DELETE IT.

Member

Could be Ian but I trust my apps .

Member

Everything just looks like a search utility Duncan. Although it might identify leftover files, I can’t see it identifying malware.

Member

But Alfa you run right down the list and it shows all the digital data deposited into your computer , using that you locate the unusual or odd ones , check where they are by clicking on the data and checking out its purpose . Its not a malware remover Alfa . One virus control never gets all malware you need more than one download Malwarebytes only from the official website its a good free checker -66,000 Americans have viewed my recommendation on a US website –NO its not perfect but even the free version finds malware on Windows that some wont https://www.malwarebytes.com/ The only problem you would have with Everything is you need to recognise what is malware on your system it doesn’t tell you. But try out Malwarebytes it wont harm your computer

Member

I may be adrift for a while as I’ve just had a bit of good fortune (literally). I have received an email from a Mr Sebastian Matveikova, manager of Bank of Africa BOA Burkina Faso who discovered a fund of $18 600 000 and needed a partner to help him claim it. He found one and is now in S.Korea. The Almighty has approved his actions.

In return for the Almighty’s approval he agreed to set aside 10% ($1 860 000) to help motherless babies and widowers in my country. But to do this he needs a bank account to transfer the money into and someone to distribute just some of the money. I am the chosen one.

Can anyone send me a list of worthy recipients (very short please) so I can distribute just a little of the money. I will also donate some to Which? as a kind gesture.

Member

Just search for the text and you are likely to find other examples of the scam reported online.

Member

I didn’t know you were Nigerian malcolm , I post a URL to the Federal Trade Commission (FTC ) to show you what they do in America but NOT here , in particular if an AMERICAN loses money through the Nigerian Email Scam –as OFFICIALLY called by the US Federal Authorities, read down to where they direct you —- the local office of —–The SECRET SERVICE office –no mucking about in Donald country , try that here and they would probably arrest you for wasting their time -jail you- then behead you in the Tower . Remember I have been saying this for years , US “Agents ” visit those countries and put it on the line WE are Americans where are the scammers or we will sanction you . Guess who wins ? https://www.consumer.ftc.gov/articles/0002l-nigerian-email-scam

Member
Patrick Taylor says:
23 July 2018

1. Can we establish whether the EHIC scam was simply a lucky hit OR has some rogue accessed, or is accessing, the EHIC database. Over to you Which?.

2. The £135 payment involved some email responses which are a little concerning but also might provide clues such as the cardhandler. All of this though anticipates some regulatory body cares, as we have strong suspicions that they do not is it worthwhile consumer bodies looking at the detail and looking for pressure points to make authorities act.

3. On another tack I have for several years now suggested that Which? becomes a much more useful consumer service by basically becoming a safe place, a first port of call, to search before committing cash for passports, licenses etc., using an online pharmacy.

You cannot rely on Google and its commercial instincts, and Wikipedia can be unsafe, so why not a respected body funded by subscribers who will have the correct web address and also useful add on information if this is missing from the target site.

Member

Patrick, I also suggested a Which? repository for genuine official sites. I think you have often also suggested a WikiWhich? So much useful and valuable information is either scattered about or lost in the mists of time. I’d support Which? producing this online.

Member

Patrick you do know Which, like nearly all websites in the world has several versions of Google,at least 5 ? Secure –really secure means a server at least to the standard of online banking .

Member
Patrick Taylor says:
23 July 2018

Perhaps Duncan you should explain why Which? “has several versions of Google” as it really does not seem relevant to my suggestion that Which? is a resource with valid links.

Obviously locking content added by Which? with an alert for alteration attempts would seem a basic precaution. Given that there is no money involved I am not quite certain why online banking security standard is needed.

Member

I will rephrase that Patrick -Google has many “parts ” to it, you dont get tracked by on big giant tracker. Not all trackers are the same nowadays many different types exist , cookies are “old hat ” now although they are still used many sophisticated types of tracking are in operation and Google is the “King ” of them all. You would be hard put not to find Google on a website. Donald loves Google as its American read https://www.nbcnews.com/tech/tech-news/it-s-e-u-vs-u-s-google-middle-n893106 and scroll down for ENGLISH inventor -Richard Brownings jet turbine “Jet Man ” jet pack –prediction – will be bought by US conglomerate/ government and advertised as an AMERICAN macho male hero not an Englishman. We never learn sell cheap our design to the USA and get back- ???? – America First.

Member

There is a useful repository of official links on GOV.UK: https://www.gov.uk
Just search for EHIC etc.

There seems little point in duplicating information, and getting people into the discipline of searching for official information in one place could help avoid fraud.

Member

There are many more useful sites that Which? might list perhaps?

Member

I won’t argue about that. Which? already has a large number of articles on a variety of topics of consumer interest, presumably chosen on some criteria that we don’t know about. Of course more can be added. Keeping the present information and links up to date is I suspect a considerable undertaking. I wonder if resources might be better used to convince government of the need for an effective Trading Standards service. I’m fairly confident about searching for information and evaluating its likely quality rather than being spoon-fed with what someone believes to be decent information.

I do wish that some of our surveys focused on what we would like from Which? Equally, I don’t like reading reviews that look like sponsored advertising features for products or having links to Amazon or other websites. I’m perfectly capable of comparing prices on websites.

It would be good to have some opportunity to influence the priorities of the organisation.

Member

Have you thought of using the Which? Member Governance Committee?

Member

I’m sure I have made the suggestion there, Malcolm. I have not seen much evidence of our views being listened to.

I am very glad that product safety is a current campaign of Which? but despite a few of us banging on about the need for an effective Trading Standards that will support citizens I don’t see any indication that there will be any improvement.

Member

If Which? at least responded to the questions they are asked it would help, wouldn’t it wavechange. I have recently emailed Which? about two issues that bothered me that have not been responded to in Convos. To his credit, George has offered to raise these and other recent unanswered questions, but if I go back I have a lot of them and he is so helpful I don’t want to overburden him and the team.

If I continue to have enforced time on my hands I may well trawl back through the Convos and draw up a list then send it to Which?. Hopefully I’ll find better things to do because I remain unconvinced that Which? are that interested.

Product safety and consumer protection seem key priorities for Which?, and Trading Standards should be the key to unlock this. I do agree with the current campaign, on the basis that standards that should be observed are generally good but we have totally inadequate means of monitoring and enforcing them.

Member

I have been looking at a recent code of practice on recalls of consumer products.

“Where practical and proportionate and in accordance with data protection rules, producers and distributors should aim to keep records of customers and purchases.”

I think mandatory product registration would be useful but it does not surprise me that there seems to be no mention of this option. The statement above does not give me much hope that we will make progress.

On a positive note, the potential for using social media to inform people of recalls is mentioned. Nowadays there are many younger people who move from one rented property to another and could be difficult to inform of recalls.

Member

A variety of contributing organisations have, under the BEIS banner and with BSI’s help, developed the “Code of practice on consumer product safety-related recalls and other corrective actions” . This is issued as PAS 7100:2018.

It says, under 4.4.2.2 “Customer traceability” and the businesses required Product Safety Incident Plan that “Consumers should be asked for their consent to their contact details being recorded…………..making it clear that this is for use only in the event of need for contact arising in respect of product safety”

As I said earlier this PAS is presented as for “guidance and recommendations” and is neither mandatory for businesses not mandatory for consumers to register.

I presume that data protection laws need to be observed. However I would hope that, first, the requirements of this PAS will be made mandatory for all businesses (producers and distributors) involved in specified product groups and that, second, for those specified products purchasers must register their contact details. It may not be possible without a change in the law, and that may not be possible while are subject to EU control.

The problem I see is that reputable business will do all that the PAS requires, and other disreputable businesses will not. Perhaps, like fridge plastic backs, Which? could keep a list of all those businesses that do fulfil the PAS requirements, and note those that do not. Put the latter on a blacklist.

Member

Thank you for the kind words Malcolm. I’ve been reading the comments on this convo with interest and have asked Faye if we can get some answers together. There are also, as always, lots of good suggestions here, and I want to reassure you all that they are valued – Convo can be a big job with so much interesting insight and suggestions left by you all every day, but we are doing our best to make sure your voice is heard as high up the chain as possible 🙂

Member

I was checking out Duncan’s suggestion of Everything.

A review on pcmag first has a pop-up:
We tailor your experience and understand how you and other visitors use this website by using cookies and other technologies. This means we are able to keep this site free-of-charge to use.

Please click I Consent below to give us permission to do this and also to show adverts tailored to your interests and allow our third party partners to do the same.

What I find very concerning is how does this pop-up differ from the virus warning I gave above?

Okay, the wording. But scams have a habit of using words to make us believe in them.

By hitting I consent to tailoring my experience, I could just as easily have been consenting to malware. How are we supposed to know the difference?

I ignore most of these requests to agree to terms and conditions, but many sites will not let you continue unless you do agree to them. If you do try and read their T&Cs, they are such a minefield you are unlikely to understand them anyway.

Methinks GDPR needs a rethink. We should have been opted out by default not made to jump through hoops every site we visit.

Member

If you had went straight to Void tools on the link I provided above Alfa – no warning/ no big list of trackers and the website would tell you about it . I agree its so bad now this warning is everywhere and I now get – sorry you are not in our area of acceptance when trying to access some American internal newspapers. BUT – what if Brexit means coming out this agreement ? it will mean more data tracking but at least you wont be blocked from many American newspaper etc websites.

Member

I completely agree, Alfa. I hope that Which? will look at some of the examples of what we are being pressurised into agreeing to when using websites. I suspect that GDPR has been used as a way of gaining more information than before.

Member

GDPR has certainly provided a ‘justification’ for asking for a lot of information, much of which is not necessary for the purpose in hand. A handful of global companies are now masters of the world-wide web and we are but serfs under their domination. The principles and objectives of the GDPR are sensible but the bureaucrats have made a mountain out of it and instead of having more protection I feel it has worked against us. Little charities and voluntary groups have had to do a lot of compliance work but big corporations are using it to harvest vast volumes of personal data.