/ Scams

Why scams must be included in the Online Safety Bill

The tech giants are not doing enough to stop lives being devastated by fraud. We’re demanding the government includes scams in the Online Safety Bill.

Update: 20/07/2021

We’ve today rejoined a coalition of consumer groups and industry bodies, including UK Finance and Martin Lewis and MoneySavingExpert, to renew our call for the government to include paid for online adverts within the scope of the Online Safety Bill ahead of pre-legislative scrutiny.

This follows recent Which? analysis of Action Fraud figures that found a devastating surge in scams during the pandemic, as fraudsters exploit the shift to online shopping.

Action Fraud figures, show in the year to April 2021, 413,553 instances of fraud were reported – an increase of a third (33%) on the previous 12 months. More than £2.3 billion was lost by victims as a result, causing huge financial and mental distress.

To date, the government has indicated that online advertising will be dealt with through a separate review of advertising regulations which is only in its infancy. Our joint statement:

“As a coalition of consumer groups, charities and industry bodies, our united view is that the government’s current approach to tackling online fraud is flawed. It will likely lead to complex and muddled regulations, and far worse consumer outcomes than an Online Safety Bill with a comprehensive approach to online fraud.

While we welcome the recent inclusion in the Bill of fraud carried out through user generated content and fake profiles on social media websites, there is still a long way to go. Failing to include online advertising in the Bill leaves too much room for criminals to exploit online systems.

This view is backed by the FCA, Bank of England, City of London Police, Work and Pensions Committee and Treasury Committee, who have all commented that the scope of the Online Safety Bill should be expanded to include fraud carried out via online advertising.

We do agree with the government that the impact of these frauds is often devastating, not just financially but also emotionally. That’s why we urge ministers to reconsider their current plan, and make sure the Bill protects as many consumers as possible from the full extent of the devastation caused by scams.”

Full list of 13 organisations that have signed the statement:
📄 Age UK
📄 The Association of British Insurers
📄 Carnegie UK Trust
📄 Innovate Finance
📄 The Investment Association
📄 Money and Mental Health Policy Institute
📄 MoneySavingExpert
📄 Personal Investment Management & Financial Advice Association (PIMFA)
📄 B&CE Ltd, provider of the People’s Pension
📄 TheCityUK
📄 UK Finance
📄 Victim Support
📄 Which?

Update: 11/05/2021

Following today’s Queen’s Speech, it’s right that the government is giving the major online platforms we interact with every day a legal responsibility to protect their users. However in order to truly stamp out criminal content and activity online, the government must make it clear that scams are within the scope of the forthcoming Online Safety Bill.

Online scams have a devastating financial and emotional impact on victims – and too often platforms like Facebook and Google are leaving their users worryingly exposed to criminals operating on their sites. 

The current approach of self-regulation is not fit for purpose. The case for including scams in the Online Safety Bill is overwhelming, with industry, regulators and consumer groups all calling for urgent action to tackle online scams and for platforms to better protect their users from fraudsters.

Our open letter: 07/05/2021

We’ve joined forces with a coalition of organisations championing consumers, and representing civil society and business, to warn that the UK risks failing in its ambition to be the safest place in the world to be online unless it uses new laws to protect people from an avalanche of online scams.

This is our open letter sent to the Home Secretary and DCMS Secretary:

Scams and the Online Safety Bill: 05 May 2021

Dear Home Secretary and Secretary of State,

We are writing to you regarding the forthcoming Online Safety Bill. We urge the Government to expand the scope of this vital legislation to include fake and fraudulent content that leads to scams. This would better protect people against the devastating financial and emotional harm caused by these crimes.

As a group of organisations representing consumers, civil society and several sectors of the economy, including banking and financial services, we recognise how essential online services have become in people’s daily lives as a result of changes in the past year.

There are now more people spending more time online and the benefits of this are significant. We are determined that people can continue to make the most of this shift and fundamental to this will be ensuring their safety online.

Yet there is a problem because the existing laws and regulations designed to protect consumers in the online world have failed to keep pace with criminals in this modern arena. This is particularly the case in relation to scams, where fraudsters are increasingly taking advantage of online platforms to target victims.

Online platforms play a pivotal role in enabling criminals to reach and defraud internet users through the hosting, promotion and targeting of fake and fraudulent content on their sites, including adverts that they make significant profits from. Yet platforms have very little legal responsibility for protecting their users, despite often being the best placed to tackle harmful content.

3.7 million incidents of fraud

To illustrate the size of this problem, ONS data shows there were 3.7 million incidents of fraud between March 2019 and March 2020, making it the crime that adults are most likely to fall victim to in the UK, while Action Fraud figures show £1.7 billion was lost to scams in the last year.

UK Finance data shows that across scam types, there has been a significant rise in cases over the past year, with criminals adapting to target victims online.

As an example, there was a 32% increase in investment scam cases in 2020, which are often promoted through adverts on search engines offering higher than average returns, and a 38% increase in cases of romance scams, driven by the rise in online dating during the pandemic.

These figures are likely a significant underestimate of the true value and do not take into account the fact that even when the victim is reimbursed, criminals still retain illegal proceeds, reinvesting them in further organised illegal activity, causing wider societal harm. Nor do they capture the equally devastating emotional impact that scams have on victims.

Even if people are able to get their money back after falling victim, they can still experience significant emotional harm. Four in ten (42%) Money and Mental Health Research Community respondents who had fallen victim to an online scam felt that they had experienced a major negative impact on their mental health. Vulnerable people, including those experiencing mental health problems, are also more at risk of falling victim to these crimes.

Action against fake and fraudulent content

Across industry, regulators and consumer groups, there is now wide-ranging consensus on the urgent need for action to tackle scams and the critical role that online platforms must take in protecting users from the harm caused by fake and fraudulent content.

We believe that fake and fraudulent content that leads to scams must be included in scope of the proposed Online Safety Bill. This would require online platforms to identify, remove and prevent fake and fraudulent content from being hosted on their sites, putting in place incentives for platforms to work together with the telecoms, banking and finance sectors to tackle economic crime.

While we recognise there are initiatives being progressed by the Government designed to tackle aspects of online fraud, there is a growing risk that current plans for future regulatory frameworks are not taking a comprehensive approach to the threats faced by consumers and do not reflect the extent or urgency of the problem.

We remain committed to working with the Government on this vital issue, toward our shared ambition for the UK to be the safest place in the world to be online, so that people and businesses continue to benefit from the shift to digital.

Copies of this letter go to the Minister for Digital and Culture, the Minister of State at the Home Office, the Minister for Pensions and Financial Inclusion, the Economic Secretary to the Treasury and the Minister for Patient Safety, Suicide Prevention and Mental Health.

Yours sincerely,

Download the letter in full

Add your voice

We don’t believe the big tech companies are doing enough to protect their users against fake and fraudulent content on their platforms. How do you feel about the ease with which this content can be hosted on their sites? And what would you like to see these companies do to finally put a stop to this? 

What would you want to say to the government about online scams? What actions should it take?

Let us know in the comments.

Malcolm Macmillan says:
26 February 2022

Dear Nadine Dorries, by definition a scam is a scam and therefore more or less guaranteed to be illegal.

So by not tackling scams, you will be condoning them. By definition.

Frankly, media don’t give a damn, not unless you hurt them!

Sue Goodridge says:
15 March 2022

Scam Ads need to be added to the Bill so that we can all feel safe when using the internet . These scammers need to be caught before they do more damage to peoples lives’

Scam Ads need to be banned to avoid more people being deceived by them anf falling victim to these criminals

M. Crisp says:
27 February 2022

If the companies which host scam adverts – even unknowingly – were made liable for the damages these scams cause, they’d pretty soon get their butts in gear and do a whole lot more to catch the scammers a whole lot quicker!

I agree, but I would make the banks that provide services for scammers jointly liable. Until stolen money is returned to scam victims, crime will remain profitable and will not go away. I have to have insurance before I drive a car so that if I injure anyone or damage their property they can be reimbursed. It has been said that the companies that host scam adverts and their banks would not be aware that their services would be used illegally. I do not know if I’m going to injure someone but I still have to have insurance.

Should individuals, then, have insurance against being scammed? (Incidentally, car drivers have an obligation to drive responsibly).

If there are practical ways that those who host adverts and banks that operate accounts can know in advance that they are dealing with scammers then they should be held liable. What are those ways?

But, if they do due diligence and cannot reasonably know this then they cannot be held legally liable, only used as sources of ex gratia payments.

We should focus attention on how these organisations can fail by negligence to identify potentially fraud accounts, or if having discovered an account is fraudulent fail to deal with it quickly. Simply looking to them as a source of cash if they are not negligent is unfair. Just as some expect the Consumer Rights Act to be fair to both consumer and retailer, so we should be fair to other organisations

Consumers need to be continually warned about scams. I have suggested earlier that a regular warning that ads on social media might be fake (and products on market places might be dangerous) could keep people aware of the problems and might cause the hosts to take some action.

I do not agree, Malcolm. Consumers need protection and I have outlined what could be done to protect us. You are ignoring the fact that business is making money from illegal activities such as hosting scams and providing account services. Stolen money should be returned to scam victims, otherwise scams will continue and escalate.

The Consumer Rights Act is legislation in place to afford protection to both business and the consumer.

While it might not be practical to expect the banks to be able to foresee fraudulent activity by one of their customers, it is reasonable to expect banks to exercise a high degree of diligence before opening accounts and to monitor closely any that show signs of frequent inflows and outflows but not much sign of regular commercial or personal account activity.

Once fraudulent activity has occurred and been reported to the authorities the banks involved in the transaction should be notified immediately so they can take steps to recover the money and stop future transactions, and all UK banks should be required to put a block on transfers to and from those accounts until investigations are complete.

Perhaps there need to be standards of due diligence to which all banks must conform so that specified checks are performed, enquiries carried out, and tests applied. The evidence of such due diligence should be maintained and be open to production in the event of a criminal investigation. Maybe something along these lines is already undertaken but if so it does not seem to bearing much fruit because the problem is proliferating.

All the money captured by scammers must be finding its way initially into a UK-regulated bank. I find it hard to accept that there is no way in which the destination of victims’ payments cannot be identified and the money trapped. I appreciate that the funds might be withdrawn rapidly and transferred elsewhere, possibly outside the UK, but it should nevertheless be possible to trace the route and dismantle it.

It is possible that the banks’ internal auditors have a conflict of interest in monitoring or investigating these transactions and that a new supervisory regime should be set up — at the banks’ collective expense — under the auspices of the Prudential Regulatory Authority, the Financial Conduct Authority or the City of London police in order to exercise due rigour that would lead (a) to the prosecution of offenders, and (b) the prevention of further such crimes.

It has been suggested that the Online Safety Bill might not be the right place to put the legislation required for this harmful form of offence, and that such a law duplicates other long-standing anti-fraud legislation so is unnecessary. In the absence of any other immediate opportunity to crack down on this problem I think urgent action is required and, with a bill going through Parliament at this moment, the government should act now. The parliamentary counsel are capable of drafting the bill in such a way that any conflict or inconsistency with other statutes is ironed out and any loopholes are closed.

However this is tackled we need to see action that will protect consumers. The government cannot just rely on expecting us all to protect ourselves. Many of us are doing this anyway and one of my friends who is a Which? subscriber periodically sends warnings about scams issued by Which? A group of us had one from him today.

You are ignoring the fact that business is making money from illegal activities such as hosting scams and providing account services.“. Nonsense. I am most certainly not.

What I am looking at is where responsibility lies, as you will see if you read my comments carefully.

I am also looking at the grounds for negligence to be examined. Simply saying that because someone has lost money to fraud makes someone else responsible to refund it is no argunent if that “someone” has not been negligent.

Simply saying “something must be done” is fine to join the list of all of us who want fraud stopped. But the hard work lies in proposing the workable mechanisms that will achieve that.

As I said earlier, the Consumer Rights Act is designed to be fair to both consumer and retailer. It does not assume the consumer is always right and must be recompensed. I believe the same approach is necessary in this case.

The recent announcement from Nadine Dorries “that the Government has listened to calls to strengthen new online safety laws and are announcing new measures to put greater power in the hands of social media users themselves”, suggests to me the Government are placing greater emphasis on consumers helping themselves, rather than holding the social media giants accountable.

It’s worrying but I hope that there will be legislation to afford consumers the protection they deserve.

Here is recent news that suggests that the government is supportive of social media taking action to prevent misuse of users’ accounts: “Social networks should let people hide posts and messages from accounts without a verified owner, the government has proposed.” https://www.bbc.co.uk/news/technology-60525228

While this proposal is welcome, and would reduce anonymous trolling [because social media users would be able to block calls from unverified accounts], I fear it does not get to the root of the problem which is a form of criminal harassment and hate crime.

This would be a tactical measure rather than a strategic response to this appalling problem. It won’t stop trolling [and the behavioural deficiency that prompts it] from occurring, it just means that there will be a mechanism, determined by the social media organisation, that allows users to be unaware of it. Other people receiving the same trolling message might still see it and I am sure that harm will continue to be done.

The law needs to purge people of their evil thoughts and actions, not allow their vile attitudes to fester out of sight but no doubt communicated around their own sympathetic fraternity for their own gratification.

Although changes in legislation are welcome, I remain concerned what measures will be in place to police and enforce and whether these measures will be sufficient. It does leave me wondering whether the proposed changes are nothing more than to satisfy the demands of consumers.

Although existing Agencies work tirelessly to tackle various breaches of Legislation, it is clear the UK have inadequate resources. Unless measures are put in place to enforce these proposed changes, I can see this becoming nothing more than an unproductive exercise.

To some extent I share your concerns, Wingman, but having laws in place does have value and probably does deter some bad people from doing bad things. Unfortunately, as we all know, criminals are not pathologically law-abiding, so there needs to be a fall-back position that enables detection and prosecution, especially where mental or physical harm has actually occurred. At the moment, it appears that anonymous social media users can get away with on-line abuse and harassment with impunity; inadequate in scope though I believe the proposed measure is, it puts down a marker and would establish a sanction for malign behaviour so that the perpetrators would get little satisfaction from the harm they cause and, hopefully, stop doing it.

I, like no doubt everyone (apart from the criminals) want to see the harm that the current proposed bill addresses stopped. If, in addition, the specific problem of “fake and fraudulent” activity can be included, without diluting the effectiveness of the bill, then all to the good.

However, as far as I know, (I may be wrong), to be effective legislation must be soundly based to be able to hold the perpetrators to account. Here, we are not directly targeting the criminals but those who aid their activities by giving them space on social media and other online platforms. The aim is to penalise those platforms. As I see it, simply finding a criminal site is insufficient; there has to be shown to be an intent to host the site, evidence that the host should or could have known the site was likely to be criminal, or did not remove a site that was found to be criminal promptly.

Much as it irks me to see this kind of activity continuing, causing harm to people, the response has to be properly constructed to be effective.

Completely agree John Ward and lets hope any changes will serve as a deterrent to those doing bad things.

100% in agreement malcolmr, changes to Legislation are welcome, but greater consideration must be given to enforcement to ensure compliance.

Likewise wavechange, we all deserve to go about our business free from risk and hope these proposed changes are the foundation to a safer online experience.

”Social networks should let people hide posts and messages from accounts without a verified owner, the government has proposed.”. Perhaps it would be better if the default was that all unverified accounts were blocked, unless people choose to unblock them. They would then be at risk, but responsible for their decision.

Wingman wrote: “We all deserve to go about our business free from risk and hope these proposed changes are the foundation to a safer online experience.” I hope so, but it will take more than enforcement of existing law to make this happen. As pointed out in the introduction we have failed to keep up with criminal activity.

Although I welcome what has been proposed I cannot see a solution unless stolen money is recovered from scammers’ bank accounts.

Maybe we should have a database of “verified” bank accounts that are known to be, or declared to be, operated legitimately. If someone tries to send money to one that is not verified they should be given an appropriate warning, including the advice that if they continue with the transaction they do so at their own risk. A little like Confirmation of Payee.

I support that Malcolmr and it would be a good starting point, however, many payments are processed through obscure third party payment processors and encouraging these to ensure accounts are legitimate is much more difficult.

As highlighted in a previous post, I am aware of payment processors who continue to process payments for rogue businesses even though they have been advised the business is a rogue operator.

If accounts were reported as “safe” and proved not to be, then the responsibility would be placed on the payment processor to refund. Would that not deal with the problem? Or do we also need an accredited list of payment processors?

It becomes much more complicated when payments are processed through a payment processor rather than directly through a bank.

Often the consumer will not know which payment processor was used. Even if a consumer does know who the payment processor was and contacts them, quite often they will decline a refund unless they receive an instruction from the seller. Because sellers are generating significant income for the payment processors they are reluctant to issue refunds.

In circumstances where a seller has supplied goods that are counterfeit, of an inferior quality to that advertised, do not meet safety standards or are not as described, the payment processor would direct the consumer back to the seller to complain and request a refund.

Where a debit Card or credit Card has been used to buy goods, the payment processor does have to process the transaction with the consumers bank, so a consumer could approach their bank and request a ‘charge back’ when a Debit Card was used, but this can often be a slow process.

Susan Brant says:
11 March 2022

This seems such an academic statement/question. Why should normal people, or even naive individuals be engulfed in scams by unscrupulous con men or women. Its a degrading feeling and in many cases an expensive one – stop them, protect the little people who are getting duped.

So many points being made on here, all of which are valid, shows that technology has brought a minefield of problems that the average person would not even begin to think about. The law and the internet is a whole new ballgame as many legal processes can be difficult to apply to the many misuses that the internet has spawned. The fact that the problem is global with perpetrators and victims rarely in the same continent never mind country can make any action taken fruitless. Someone is going to have a mammoth task of trying to get around the global implications of punishing the villains with the myriad ways they find to scam, harass, sell useless products etc. and worst of all, use your personal details as yet another product to be marketed all without permission just for starters.
I have noticed some websites are not even letting you opt out of cookies, others using the new ploy calling it ‘legitimate interest’ code for we are opting you back in and of course giving so many things to go through you might give in or miss one or two opt outs. All this is illegal but not being stopped.
As this will be an ongoing process, provision will need to be made for frequent revision because as technology advances so too will ways of misusing it.