/ Scams

Why scams must be included in the Online Safety Bill

The tech giants are not doing enough to stop lives being devastated by fraud. We’re demanding the government includes scams in the Online Safety Bill.

Update: 20/07/2021

We’ve today rejoined a coalition of consumer groups and industry bodies, including UK Finance and Martin Lewis and MoneySavingExpert, to renew our call for the government to include paid for online adverts within the scope of the Online Safety Bill ahead of pre-legislative scrutiny.

This follows recent Which? analysis of Action Fraud figures that found a devastating surge in scams during the pandemic, as fraudsters exploit the shift to online shopping.

Action Fraud figures, show in the year to April 2021, 413,553 instances of fraud were reported – an increase of a third (33%) on the previous 12 months. More than £2.3 billion was lost by victims as a result, causing huge financial and mental distress.

To date, the government has indicated that online advertising will be dealt with through a separate review of advertising regulations which is only in its infancy. Our joint statement:

“As a coalition of consumer groups, charities and industry bodies, our united view is that the government’s current approach to tackling online fraud is flawed. It will likely lead to complex and muddled regulations, and far worse consumer outcomes than an Online Safety Bill with a comprehensive approach to online fraud.

While we welcome the recent inclusion in the Bill of fraud carried out through user generated content and fake profiles on social media websites, there is still a long way to go. Failing to include online advertising in the Bill leaves too much room for criminals to exploit online systems.

This view is backed by the FCA, Bank of England, City of London Police, Work and Pensions Committee and Treasury Committee, who have all commented that the scope of the Online Safety Bill should be expanded to include fraud carried out via online advertising.

We do agree with the government that the impact of these frauds is often devastating, not just financially but also emotionally. That’s why we urge ministers to reconsider their current plan, and make sure the Bill protects as many consumers as possible from the full extent of the devastation caused by scams.”

Full list of 13 organisations that have signed the statement:
📄 Age UK
📄 The Association of British Insurers
📄 Carnegie UK Trust
📄 Innovate Finance
📄 The Investment Association
📄 Money and Mental Health Policy Institute
📄 MoneySavingExpert
📄 Personal Investment Management & Financial Advice Association (PIMFA)
📄 B&CE Ltd, provider of the People’s Pension
📄 TheCityUK
📄 UK Finance
📄 Victim Support
📄 Which?

Update: 11/05/2021

Following today’s Queen’s Speech, it’s right that the government is giving the major online platforms we interact with every day a legal responsibility to protect their users. However in order to truly stamp out criminal content and activity online, the government must make it clear that scams are within the scope of the forthcoming Online Safety Bill.

Online scams have a devastating financial and emotional impact on victims – and too often platforms like Facebook and Google are leaving their users worryingly exposed to criminals operating on their sites. 

The current approach of self-regulation is not fit for purpose. The case for including scams in the Online Safety Bill is overwhelming, with industry, regulators and consumer groups all calling for urgent action to tackle online scams and for platforms to better protect their users from fraudsters.

Our open letter: 07/05/2021

We’ve joined forces with a coalition of organisations championing consumers, and representing civil society and business, to warn that the UK risks failing in its ambition to be the safest place in the world to be online unless it uses new laws to protect people from an avalanche of online scams.

This is our open letter sent to the Home Secretary and DCMS Secretary:

Scams and the Online Safety Bill: 05 May 2021

Dear Home Secretary and Secretary of State,

We are writing to you regarding the forthcoming Online Safety Bill. We urge the Government to expand the scope of this vital legislation to include fake and fraudulent content that leads to scams. This would better protect people against the devastating financial and emotional harm caused by these crimes.

As a group of organisations representing consumers, civil society and several sectors of the economy, including banking and financial services, we recognise how essential online services have become in people’s daily lives as a result of changes in the past year.

There are now more people spending more time online and the benefits of this are significant. We are determined that people can continue to make the most of this shift and fundamental to this will be ensuring their safety online.

Yet there is a problem because the existing laws and regulations designed to protect consumers in the online world have failed to keep pace with criminals in this modern arena. This is particularly the case in relation to scams, where fraudsters are increasingly taking advantage of online platforms to target victims.

Online platforms play a pivotal role in enabling criminals to reach and defraud internet users through the hosting, promotion and targeting of fake and fraudulent content on their sites, including adverts that they make significant profits from. Yet platforms have very little legal responsibility for protecting their users, despite often being the best placed to tackle harmful content.

3.7 million incidents of fraud

To illustrate the size of this problem, ONS data shows there were 3.7 million incidents of fraud between March 2019 and March 2020, making it the crime that adults are most likely to fall victim to in the UK, while Action Fraud figures show £1.7 billion was lost to scams in the last year.

UK Finance data shows that across scam types, there has been a significant rise in cases over the past year, with criminals adapting to target victims online.

As an example, there was a 32% increase in investment scam cases in 2020, which are often promoted through adverts on search engines offering higher than average returns, and a 38% increase in cases of romance scams, driven by the rise in online dating during the pandemic.

These figures are likely a significant underestimate of the true value and do not take into account the fact that even when the victim is reimbursed, criminals still retain illegal proceeds, reinvesting them in further organised illegal activity, causing wider societal harm. Nor do they capture the equally devastating emotional impact that scams have on victims.

Even if people are able to get their money back after falling victim, they can still experience significant emotional harm. Four in ten (42%) Money and Mental Health Research Community respondents who had fallen victim to an online scam felt that they had experienced a major negative impact on their mental health. Vulnerable people, including those experiencing mental health problems, are also more at risk of falling victim to these crimes.

Action against fake and fraudulent content

Across industry, regulators and consumer groups, there is now wide-ranging consensus on the urgent need for action to tackle scams and the critical role that online platforms must take in protecting users from the harm caused by fake and fraudulent content.

We believe that fake and fraudulent content that leads to scams must be included in scope of the proposed Online Safety Bill. This would require online platforms to identify, remove and prevent fake and fraudulent content from being hosted on their sites, putting in place incentives for platforms to work together with the telecoms, banking and finance sectors to tackle economic crime.

While we recognise there are initiatives being progressed by the Government designed to tackle aspects of online fraud, there is a growing risk that current plans for future regulatory frameworks are not taking a comprehensive approach to the threats faced by consumers and do not reflect the extent or urgency of the problem.

We remain committed to working with the Government on this vital issue, toward our shared ambition for the UK to be the safest place in the world to be online, so that people and businesses continue to benefit from the shift to digital.

Copies of this letter go to the Minister for Digital and Culture, the Minister of State at the Home Office, the Minister for Pensions and Financial Inclusion, the Economic Secretary to the Treasury and the Minister for Patient Safety, Suicide Prevention and Mental Health.

Yours sincerely,

Download the letter in full

Add your voice

We don’t believe the big tech companies are doing enough to protect their users against fake and fraudulent content on their platforms. How do you feel about the ease with which this content can be hosted on their sites? And what would you like to see these companies do to finally put a stop to this? 

What would you want to say to the government about online scams? What actions should it take?

Let us know in the comments.

Dr Gill Gregory says:
13 May 2021

I have had many scam calls in the past week. I did not respond to any of them or give them any bank details etc. but someone had accessed my bank account. The Co-op, my bank, were alerted straightaway and rang me, so nothing was lost. For the past year I’ve had more scam calls than in the time since the internet became our primary means of communication. I would urge the government to take a stand on internet fraud, by creating – perhaps with other countries – an independent body, to oversee the operations of Facebook etc. I feel we need international, impartial highly focussed monitoring & policing of the internet. People are losing lifetime savings overnight and they are not getting enough support from the internet monopolies.

Andreea says:
13 May 2021

Unfortunately I was also the victim of online scams. The way the scamwrs reached to my bank account as well as my heart was a Romantic Scam , with the purpose of gaining my trust and as soon as that was obtained it was followed by an Investment Scam. It is true that it leaves deep emotional, psychological and financial damage. The scamers work in well organised , smart networks and they come at you like the peace before the storm. When the storm reaches you, you don’t even understand what has hit you. It is terrible. I hope I will eventually manage to get my money back, working with the bank and Action Fraud to deal with the situation…. but it’s kinda long winded and many signs just kinda tell you it’s a lost cause. But I won’t be quiet and I will not give up. This was honesty the most horrible event that has happen in my adult life.

Wendy Howie says:
13 May 2021

I agree with many of the issues that have been raised I have been scared before and again recently have received calls saying that my national insurance number was being hacked and they were trying to get me to give them my details, which I did not! I reported it to government website but only received a response that they had received my email. Since then had another call same concerns. So now I don’t answer my phone if I do not know who is calling me, this is very stressful as no one is helping and it is becoming a daily occurrence. We need a way of improving the efficiency of reporting cyber crime and prevent the high traffic of scams from criminals that get away with this crime daily

I have had the same one Wendy and as I had been scammed previoul six months prior, and it appeared on my landline this time. I now don’t answer my phone unless I recognise the number. I have a list of “safe” numbers and check every time. It is a tedious job but it saves a lot of trouble. I am still upset that I have to take all these precautions.

I have had to change bank cards about 6 times in the last 4 months or so. I am a pensioner – disabled by spinal
injury and order everything online.

Fortunately between the bank and I, we have foiled all attempts so far – but the most dangerous one that happened several times, before we realised it, was a very innocent text advising a short-postage fee on the Royal Mail site; simply requesting a £2.99 postage fee for delivery of an item. I had no problem with this as it seemed so legitimate – until, amongst my daily deliveries, I never received any letters or deliveries saying postage had been added and paid… on the labels.

The only strange thing to me was that one usually gets asked for either the long card number and back CVV/CVC or the account number and sort code – but usually
never both – yet this Royal Mail site requested both !! That was very unusual !! I lost 2 x £2.99 payments. And had to change cards twice for that, never mind endless other huge amounts of thousands attempted.

I keep my current account empty and only transfer cash as I need it – but of course they may have access to all accounts once onto your banking app !!! Which I have also had – (ie. this lady from “my Bank”, who already had all my details) said she needed me to “confirm a wrong payment reflecting online” in my banking app., by accepting it, before she could remove it !!! She was into my banking app. I saw her there, online…

I declined the payment and she said no, I must accept it for her to make it fraudulent ! Then she said she would send me an OTP to ensure my safety. She did but I said – let me rather call you back… !

She said I‘d never get her and would hold for ages, At that point I declined the call-back and the payment attempt. And called Banking Fraud !

Next I got a Royal Mail card requesting payment of £46. odd – I didn’t pay it. The Bank says these Royal Mail scams are coming in like confetti at the moment ! They try a small amount first – then hit you for thousands !!!

I hope this helps someone else !

Another scam I an finding more and more is via PayPal – whom I trusted to back it’s payers and not arbitrary sellers !!! However, this is not happening and so many sellers are all over the internet as scammers – with no contacts – but you only find out AFTER the purchase has been made and weeks later nothing arrives !!!

I can go on and on ! And why do we need to give takeaways out bsnk details ??? There should be a safety lock on these payments as well !!!

Good Luck everyone & be very careful !!!

Thank goodness my bank is on the ball; but constantly having to change cards is a real pain ! Some countries issue a card in 24/7 – I wait a week at least !!!

Thanks for the warnings. I wonder if the bank should have offered to change your account number to be sure that you are not in risk in the future.

I myself have written to parliament about telephone scams they seem to use VPN when calling so they carnt be tracked although many legitimate companies use this so do scammers so why not have users of vpn be registered i am sure in this era of technology telephone companies can stop non registered companies using our networks

Jeremy harding says:
13 May 2021

If the government fails to act over this it may well regret it come the next election-online and telephone fraud is far too big to ignore.

Anne McKillop says:
13 May 2021

Yes I agree with the above. I regularly receive calls purporting to be from Amazon or BT mainly. Some are automated and some are not. In the case of automated calls you usually have to speak before it launches so avoiding speaking is one way to stay safe. However, it is far from ideal – it is both dangerous and a serious invasion of privacy.

I suggest that the approach proposed is aiming at the wrong target. In my view user education is more important than legislation requiring on-line platforms to protect their users. The work that Which and others are doing in this direction is valuable and welcome, but insufficient.
Scamming, like any other criminal activity, is a perpetual race between the good guys and the bad guys: close off one source of revenue and another will be opened up. Getting information about new scams (and other unwelcome activity) in front of users quickly and effectively so that people can protect themselves will be faster and more effective than regulation, legislation, and law enforcement. Informing people about the risks, and about how to stay safe on line, is urgent and essential. It is in this direction that our efforts should be focused.

I disagree. The Home office needs to go much further than Which? is suggesting. Action must be taken to trap and prosecute the criminals. Right now there seems to be little risk to the scammer. It needs to be very risky for a scammer who might be put off by a very long jail sentence but in any case should be out of circulation for a long time anyway.

Prison sentences have to be commensurate with the offence and with murder as the paramount crime other sentences have to fit in relative to their societal impact. There is abundant evidence to suggest that much of the scamming is originating overseas and that the perpetrators cannot easily be identified.

I agree that more must be done and that the law enforcement agencies need to rise to the increasing incidence of these offence. At present our police forces are not set up in sufficient strength and intellectual resources to combat cyber crime in all its guises and I would suggest that a new national specialist detection and enforcement organisation should be created which would be office-based and with a different culture to the regular operational activity.

The scamming crimes require a Bletchley Park-type of operation to penetrate the criminal networks, capture their data, identify the origins of the scams, disrupt and suppress their activities, render them futile, block their access to stolen funds, and use the regular police forces to arrest the perpetrators.

The special investigation operation would need a different form of training and skill set, not need to carry weapons and whizz around in fast cars, and use science and the latest technology to achieve their aims in cooperation with overseas agencies to mutual benefit. This should ensure reciprocation and a sharing of intelligence. The City of London police force could possibly be the nucleus of this but it has in the past been tarnished by cultural problems, an insular attitude and institutionalised corruption. That might all be behind it now but a new broom with a clean sweep in a new establishment might be justified.

Dave P says:
13 May 2021

Part of the problem with telephone scams seems to be the ability of potential criminals to mask the true phone number they are calling from (including the country code) and make a different number appear on the potential victims caller display etc. Surely there must be a potential solution that could be implemented by ALL of the telephone companies to prevent this from being done????

A Spinks says:
13 May 2021

On the phone if i dont know the number i never answer it
Don,t tweet have not got an account
So i do try to be aware and report any suspicious emails to a help line

Peter O'Donnell says:
13 May 2021

I had a telephone call from a lady speaking perfect Welsh, telling me that she was from the welsh health authority and if I required to hear the message in English I was to press button two, foolishly on the spur of the moment I pressed two, the line went dead. On checking the phone number I realised it was a scam, anyone tell me what their next move might be so I can be on my guard

14 May 2021

I get at least 2 phone scams a day….One a familiar indian voice the other a recorded zombie
I have been scammed 3 years ago and let someone into my computer……But luckily although 88 I had the sense to turn off my computer and my wifi.
Today I had a scam by email saying I had an outstanding bill at lidl….Never been there dont even know where they are !!!
Luckily I still have my wits…Never press a button they tell you to !

[Moderator: we’ve converted this comment into sentence case. Please don’t type in all caps unless you’re intending to shout. For more information see the Community guidelines]

I think another way that folk’s personal info might be getting nicked is through wifi systems which are not sufficiently secured. In which case someone can cruise around outside your home in a van looking for unsecured wifi signals which they can hack, and this DOES happen, so beware. Always make sure your wifi, if you use such a thing, is THOROUGHLY secured with a really complex password, preferably without any proper words, or names, or obvious or well known number combinations, etc. but instead a complex selection of upper and lower case letters, and numbers, and symbols etc. and make it long too, at least 10 characters and write it down on a card and keep it locked away when it’s not in use, but don’t store it anywhere on your device or anywhere online, that’s asking for trouble. And other devices like a wireless mouse for instance can possibly be hacked too, so if you really value your privacy don’t use such a device, I don’t, and I don’t use wifi either, no chance!

You might want to read this Crusader, it is a few years old now, but probably so are most routers:

David Warren says:
14 May 2021

DW writes:
Although I am supposed to be shielded from phone scams, I still receive them – about a couple of times a week. With one, which purported to be from my bank, I felt doubtful and told the woman that I would check the bank. And when she told me that they would not be able to help, only the organisation that she belonged to to, I knew she was lying, told her so, and rang off. I then rang the bank and they confirmed that no money had been taken from my account.

Margaret Draycott says:
14 May 2021

I think the government should do what is legally available to them to stop all these scams. We are regularly getting phone calls about HMRC etc needless to say we just put the phone down. Had the one about the post office but again didn’t respond. Time our government protected us.

David Warren says:
14 May 2021

I agree with the contributors’ comments and I wish you the best of luck in persuading the government to take the problem more seriously.

I would like to offer a view that I don’t think has been proposed previously in this conversation. I agree we need improvements to the services provided by ISPs, mobile and landline phone operators to plug loopholes such as the VPN ploy mentioned by others. Such things are appropriate for legislation and therefore for the government to address. However, all legitimate organisations should be challenged to stop sending communications which normalise practices that can be usurped by scammers. Two examples are emails that contain links to URLs that differ from the company one, and phone calls that ask security questions.

The regular email from Which contains links of the form http://click.mail.which.co.uk/ so I have confidence they are legitimate. However, an email from JohnLewisFinance invites me to logon at http://post.spmailtechno.com/f/a/, so encouraging me to regard unfamiliar URLs as normal. I only pick on this example as the email was recent at the time of writing, but the company are far from the only miscreants. Phone calls which ask security questions to confirm they are speaking to the right person might be legitimate, but again, encourages me to regard this type of behaviour as acceptable.

I think legislation on this might be difficult, but Which could start a campaign for a Code of Conduct.

We now have a True Call blocker on our landline. This was installed about 4 years ago and overall it works well. When I look at the dashboard I’m shocked at the number of calls it has blocked.
The target now seems to be my mobile. In the last 4 weeks I’ve had 4 scam texts from ‘Royal Mail’ one from a bank I don’t have an account with, plus another from an unknown number that has detected suspicious activity on my account!
I know these are scam texts but don’t understand how to forward them on to correct number. I contacted my mobile provider but couldn’t understand what he told me to do.
At nearly 80, and with a husband who has dementia to care for, I am concerned that I might slip up during a stressful time.
It’s more than time these scammers were caught.

It’s a sad state of affairs, but we can no longer regard the ‘phone as a safe instrument to stay in contact with the outside world, or engage in friendly chat with family and friends, but more of an appliance for phoning out in the event of an emergency, or some other urgent situation. Anything else has to be considered as suspicious and dealt with as such every time it rings, as there may be someone on the other end who is out to rob you, not only of your hard earned cash, but also of your emotional stability, your honour and integrity and your faith and trust in human nature.

The situation is only going to become worse until the tech giants begin to utilise the knowledge and technological resources available to them, to cleanse and flush out a corrupt system that we are paying good money for and which is blighting the lives of so many of its users.

Until every private phone is updated with a blocking facility, the scamming will continue, with a focus on the vulnerable and the elderly who they perceive as easy meat to devour at their next nauseating sacrificial feast.

Patricai says:
15 May 2021

I have several calls a day from various scammers Like other people I now check the number before I answer the call

It is hard if you are expecting a call from a loved one who is dong shopping for you and you have to check all the time to see if it the correct person

Likw other people I have seeral calls saying someone was trying to take money from my account and pres a number I just put the phone down#

Have you noticed we ar all over 80 They think we are gaga. Luckily the majority of us are aOK but i often dread that I may get dementia
Good luck everyone Keep your wits about you