/ Money

Anyone can fall foul of a scam – and I’m proof of that

Phishing scam

One in 10 Which? members has been scammed in the past five years and with official figures showing that consumers lost a shocking £6.1bn to fraud in 2011, it’s clearly big business. I’ve found out the hard way.

I’ve worked at Which? for more than six years and I would say I’m pretty savvy when it comes to consumer issues. But that doesn’t mean I’m not susceptible to online scammers.

Indeed, only last week I found I’d become just another statistic in the world of the bank email phishing scam. Yes, I fell for the oldest trick in the book and my wallet was £240 lighter as a result.

Now, I know I shouldn’t respond to emails sent by my bank asking me to click on a link. And I know that when entering my personal details online I should make sure the site is secure (by checking it’s got a padlock sign in front of the web address). And, I also know that banks don’t ask you for these details via email. So, what went wrong? How was I so fooled so spectacularly?

Flurry of NatWest banking scams

Well, a number of coincidental events occurred to conspire against me that day. I’d tried to log in to my online NatWest account a few times and had entered the wrong password and PIN.

When I checked my emails I had one from my bank entitled: ‘Your account has been put on restricted status’. When I opened the email it went on to say that my online access had been ‘temporarily suspended’ and that this was due to ‘a number of incorrect log in attempts’.

As this happened to be true, I clicked on the link without thinking and began entering my online password and PIN. But then the alarm bells rang and before I’d entered all my details I promptly ceased what I was doing and closed down the page. But, it was too late.

£240 lost due to online phishing scam

That evening the fraudsters called NatWest pretending to be me, saying my card had been stolen and requested emergency cash. NatWest proceeded to give the scammers a PIN they could use in a cash machine whereupon they happily made a £240 dent in my bank balance.

When I filled up at the petrol station the following day I was told that my card was blocked (luckily I had just enough cash on me to pay for the fuel!). I contacted the bank and was informed that my account had been frozen.

After some further discussion, the fraudulent activity became clear. I was advised to make a claim for fraud, which to my surprise, has subsequently been turned down. I’m now in the process of appealing and do expect to have the money fully refunded.

Apart from the obvious financial loss my pride was also hugely dented. I felt really stupid especially as I work for Which?, and know about these things. Believe me, the irony is not lost on me. But it does just go to show that when your guard is down anyone can get scammed.

Have you been the victim of a scam? Did you report it and if so what response did you get?

Comments
Member

Very sorry to hear your experience. Something similar nearly happened to me once but I stopped short just in time – I noticed the address code in the lower bar of the e-mail page that appeared as I hovered over the link and I hesitated long enough to realise it was not correct. It is so easy to be taken in by an unfortuitous combination of circumstances. My ISP’s e-mail filtering system is now much more effective and such a message would not drop into my in-box but go into the junk folder. My bank now puts my residential postcode on any e-mails it sends me with information about services – this is a further safeguard. I once requested the bank to improve the language used in their official e-mails to make it less casual; I noticed that the scammers were having difficulty composing literate English messages so anything the banks did to employ correct grammar, punctuation and sentence structure would minimise the risk of impersonation. I think there has been some improvement in this regard but we still have to be exceptionally wary – there are some clever criminals out there.

Member

Maybe I don’t have complicated financial affairs but the only emails I can remember receiving from my bank have been to confirm appointments.

As John says, the standard of English betrays many scams. Most of those I have received are well known, with warnings on websites, but I have reported a few that are either new or not well publicised.

Amanda provides a good example of how, in certain circumstances, we can be less vigilant than usual. It does not surprise me that those who suffer frequent computer problems are easy to persuade that they have a problem with their computers and become victims of a scam.

I use NatWest online banking and had no idea what I would have done in Amanda’s position, where I could not log in. Having investigated, there is clear information on their website, but if that was not there I would phone the bank for advice, as I did when I was having a lot of trouble with a Halifax savings account.

Though I have never been victim of a scam, I think I have done something silly by placing a deposit on a car, which turned out to have been sold by another branch of a dealership. I cannot believe that I have been silly enough to have given a £300 deposit, via debit card, without getting something in writing. Normally I don’t have much sympathy with those who let themselves be cheated but I’m feeling rather humble at the moment.

Member
john mccolgan says:
14 July 2012

Not a scam as such (debatable) but certainly immoral business practice. As a disabled person my door entry system buzzed. The caller identified themselves as “wishing to discuss changes at the local BT exchange that may effect my service” Suspecting all was not well (distraction burglaries etc) I refused entry and told them to write to me. Unhappy with this I called the police who attended within 4 minutes. They detained the 2 people. It turns ot they were representing Talk Talk and trying to sell phone and broadband services. Although not ACTUALLY saying they were from BT they certainly gave me that impression, BEWARE of these sharp practces. I have written to Talk Talk to complain.

Member
jim says:
14 July 2012

This has just happened to me- The thing is i haven’t clicked any dodgy links or given out any info. In fact the card the fraud took place on is one I never use for withdrawing cash and don’t even know the pin of- It’s a joint account card just associated with housey direct debits and the occasional pizza delivery( no pin needed for that..) I only lost 60 pounds but both my cards have been cancelled and my online acount currently doesn’t work .

I’d really like to know the questions that are asked to verify the ID. Incidentally NATWEST flaged it up themselves (even though they gave the money…. dunno how that works) as they said the voice didn’t match my profile (I’m guessing foreign).

it’s not much money but it’s scarey- They said they’d refund the money, just got some forms to fill in. I also had the embarrassing experience at the petrol station!

Member

@amamda, Hands up all those who haven’t read my comments on the 26th June on https://conversation.which.co.uk/money/natwest-glitch-bank-account-meltdown-payment-problem-advice/

warning of Natwest phsihing emails. [That I’d cut and pasted from Action Frauds twitter feed, they’re definitely worth following as is your local Trading Standards]

And I’m sure I posted a warning on another convo when the RBS fiasco broke warning of it being a scammers paradise, but I can’t find that post 🙁

Member

The thing that annoys me about emails from legit companies is the fact that these days many companies outsource that stuff so when hovering your mouse over any links in the email they’ll point to a random collection of letters and out of principle I won’t click on them and in some cases have actually forwarded them onto the banks fraud email account warning of a fraudulent email. Is it really so difficult to have a routing page on the banks website which the email can point to [answer: no its not] that way people will clearly see the links going to the right address and therefore will hopefully never ever then click on a dummy address.

A fine example of what I’m referring to can be found in many Which Switch emails which were routed through prizewize dot nl when hovering your mouse over www dot whichbigswitch dot co dot uk or “personal page” .

Companies need to be trained to stop using scammer friendly methodologies.
Maybe Which? could start a campaign to tidy up emails like this. (starting with their own)

Member

Good point on outsourcing. I ignored three recent emails however saying my internet domain would be suspended unless confirmed as clicking on links in random emails where the email address does not co-relate to the entity they say they represent – in this case ICANN is always wise. Was not wise here!
My internet service provider who hosts my website/domain had not told customers that from about a year ago once a year you will receive an email from these people with the funny name which sounds very dodgy but unless you click on the link your whole website/business goes down! Wow. Emails I sent out for work were not received. Emails to me were not received. Thankfully on a Saturday my domain hosting company were around and got it all back up for me but the dodgy looking original emails I had never in 20 years had by email requring confirmation of domain name were absolutely genuine!

You can’t win, can you?

Member

Oh and I wouldn’t be surprised if there’s an O2 email scam doing the rounds at the moment either. Companies who fail to provide a reliable service just play into the hands of these fraudsters.