Scam watch: dodgy construction website demands extortionate fees

Not all third-party sites advertising in search engine results are fraudulent, but you do need to be cautious. Here’s how a member of the public was caught out.

A member of the public needed a Construction Skills Certification Scheme (CSCS) card to work on building sites.

They found what they thought was the official CSCS provider after a search online and filled out a form to book a Health, Safety and Environment test.

Someone called in response and asked a few ‘security questions’. They gave him their name, address, date of birth and National Insurance number. He then asked for their credit card number for the test, which would cost £250.

They knew this figure was wrong and ended the call – the standard card fee is £36 and the test is £21.

Following the call, they were rightly concerned they may have handed personal details to a fraudster.

Guide: what to do if you’ve handed bank details to a scammer

Search engine advertising

CSCS cards can be obtained through the official website cscs.uk.com, after booking and successfully completing the Health, Safety and Environment test through official channels.

Unfortunately, the member of the public instead found one of the many third-party CSCS sites that advertise in search engine results.

They’re not all fraudulent, although this one certainly charged an eyebrow-raising premium, with unclear justification.

Those seeking a new profession should be wary of such dodgy tactics.

What to do if you’ve been caught out

If this happens to you, contact your bank and credit providers as it may be able to increase their monitoring of your account.

Guide: how to get your money back after a scam

Check account statements and your credit report regularly for any unrecognised activity.

You could also Consider Cifas Protective Registration (cifas.org.uk). At £25 for two years’ cover, it ensures banks, credit firms and insurers do extra checks when receiving applications in your name.

Have you ever been caught out by a website claiming to be something it’s not? Did you arrive there via search engine advertising?

</p> <section> <h2><strong style="color: #000000; background-color: transparent;">Scam alerts delivered directly to your inbox</strong></h2> <p><span style="color: #000000; background-color: transparent;">Which? cuts through the noise to find the facts. From dodgy coronavirus phishing emails to phoney automated HMRC calls, we’ve heard them all. </span></p> <p><span style="color: #000000; background-color: transparent;">Our emails will alert you to scams doing the rounds, and provide practical advice to help keep you one step ahead of the fraudsters.</span></p> </section> <section> <h2> <h2><strong style="color: #000000; background-color: transparent;">Thank you for signing up to our scam alert service</strong></h2> </h2> <p><strong>We’ll be in touch soon. Don’t forget, you can unsubscribe at any time.</strong></p> <p><span style="color: #000000;">Our </span><a href="https://conversation.which.co.uk/?s=scams&cat=0" target="_blank" style="color: #000000;" rel="noopener noreferrer">community site</a><span style="color: #000000;"> is a place for Which? experts to give the insider view of the burning consumer issues of the day – including scams. You have the opportunity to ask the experts a question, and talk to others about their experience dodging fraudsters. </span></p> </section> <p> </p> <p> </p> <p> </p> <p> </p> <p> </p> <p> </p> <p> </p> <p> </p> <p>

wavechange says:

9 September 2020

From Faye’s introduction: “Following the call, they were rightly concerned they may have handed personal details to a fraudster.”

On Which? Conversation there have been numerous other examples of people realising they have made a mistake when it is too late. I would like to see a statutory delay period before online or phone transactions are actioned unless the account holder is prepared to take the risk. Obviously this would not apply in some circumstances, for example when goods are purchased and taken away.

NFH says:

This story sounds no different from fake EHIC and ESTA web sites. No doubt there will soon similarly be fake ETIAS web sites too, particularly when ETIAS requires British citizens to pay to enter most EU countries with effect from 2022.

John Ward says:

This example went wrong because the registration information was collected via a telephone call instead of through an encrypted enquiry form.

I can understand why the person’s NI number is required for this particular form of registration but people should never give their NI number together with their other details unless it is a secure process. I don’t give my credit card details over the phone unless the company uses an encrypted phone key system, nor in a letter or on a printed form.

A further point is that people must look for the official site in the search engine results – it will not necessarily be at the head of the list. Even the CITB [Construction Industry Training Board] website which advises enquirers to use the official CSCS website in order to apply for their certification card contains typographical errors casting doubt on its authenticity.

For several reasons, organisations have had to simplify their website titles, format and presentation which does make it easier to mimic them.

John, what is an “encrypted phone key system“? Do you mean entering the number by entering the number on your phone’s keypad during the call? If so, this is not encrypted, but uses standard tones that anyone listening to the call can easily interpret.

NFH – I must admit I was not entirely sure of the system but I have used a keypad-activated process with a reputable company and been assured that an employee handling the call cannot interpret the details. I tend to enter the long number on my credit card at a fairly high speed and should be surprised if someone on the end of the line could keep up with me if they were translating the tones [if they were able to hear them] into numbers.

I supposed in truth there is no really secure way of making a credit card payment without the risk of the data getting into the wrong hands.

Michael says:

10 September 2020

Please don’t think that scammers will be unable to interpret tones into numbers, if you enter them quickly. They will record the call and translate at their leisure.

Yes, Michael I appreciate that, but if I am in dialogue with an executive of a reputable company I consider the chances of the line being tapped coincidentally are fairly low. As I implied previously, there is always some risk in dealing with money without person-to-person contact and even then there could be a dishonest person involved.

Is there a more secure way of paying a £10,000 bill? I think the new method for making bank transfers between current accounts using three factor authentication [where the payee’ account name as given by the payer is checked as well as the account number and receiving bank sort code to ensure it all reconciles] is a big step forward. I have used it several times recently – not for really big sums – and, although it takes a bit longer, I felt it was a good process. There is much more risk in paying large sums with a credit card; not a risk that the payment will be diverted but that the card data will be captured and misused.

kenneth raine says:

11 September 2020

Received through post yesterday, from aria resorts, Filey Yorkshire, not saying it’s a scam, but valuations, for what look like pre-fab shacks, might be worth a look from Which Mag.

Help

Scam watch: dodgy construction website demands extortionate fees

Search engine advertising

What to do if you’ve been caught out

Search

Latest discussions

Take our community survey

Vote in our poll

Search engine advertising

What to do if you’ve been caught out

Search

Latest discussions

Take our community survey

Vote in our poll

Join the debate

Related discussions