/ Money, Technology

Companies must do more to safeguard us from scams

Scams campaign logo

With online scams becoming ever more sophisticated and one case being reported every minute, are businesses doing enough to safeguard us from scams?

I wasn’t born with an iPhone in my hand, but I suppose I would be classed as a ‘Millennial’. I now bank online; I communicate mainly through email and text message; and nearly all my purchases are made online. But this isn’t just the ‘Millennial’ way. We’re all increasingly moving in this direction.

And it’s great – I can sit back, cup of tea in hand and pay my monthly bills. Or even make that last-minute purchase as I dash to work at the tap of an app. Buy with one click, payment details saved, delivered to my door in 24 hours. It’s easy, quick and fits in around my life.

But the online romance has hit a major bump in the road.

Scam attempt every six seconds

Our latest research, in a representative survey of the UK population, found that six in ten people say they’ve been targeted by an online scam in the last year. In fact, it’s estimated that a scam is attempted every six seconds. By the time you’ve finished reading this post, approximately 33 scams will have been attempted.

The most common scams include phishing emails purporting to be from their banks, phishing messages seeking money for services and bogus computer support.

John was hit by a banking scam:

‘I noticed a £1,800 transaction on my bank account and immediately reported it. The bank’s fraud team sent me two texts confirming my money had been refunded and a new debit card was on its way. I then received another text from the same number saying I needed to call the fraud team about more activity on my account. I called and spoke to a very professional sounding person. I was even asked the same security questions my bank had asked a few days earlier.’

£53,000 was then taken from John’s bank account. And although we’re pleased to say that John eventually got his money back, it’s a chilling example of just how clever and believable scams can be.

Safeguard us from scams

Although I was confident, I now worry that I’ve been naïve to trust companies to properly secure their services and protect me from online fraud. I’m not the only one – half of the people in our survey said they don’t use certain online products, services or apps for fear of being targeted by scammers.

In response, the government has established a Joint Fraud Taskforce to look at tackling financial fraud. But we think it can go further.

We’ve today launched our ‘Safeguard us from Scams’ campaign, where we’re calling on the government to investigate how seriously companies take their responsibility to protect customers from scams.

We all hear about the risks. Maybe we know someone who’s fallen victim or someone else who got lucky and smelled a rat just in time. We can and often do take sensible steps to protect ourselves – but when even the savviest of people can be scammed, it’s important that the government and businesses take their responsibilities seriously too. It’s time for them to step up and safeguard us all from scams.​

Our scams roadshow is taking our campaign around the country. Visit one of our locations to share your stories of fraud and get free advice on how to safeguard yourself from scams.


I do agree that companies have been lax and not only in the UK. However I am not clear from this Conversation what Which? is proposing to change matters.

Swingeing fines is one method however in the industry it is generally accepted that the defences against frauds and infiltration are being overwhelmed by the number of weaknesses already in place in existing commercially used software.

I think, given Snowden, every intelligent person should now realise that everything is hackable and realise that security is actually illusory. That more people are not currently hacked is down to luck and to the fact that the skilled hackers aim at the biggest targets – currently. The $80m dollars stolen from Bangladesh’s Central Bank shows that even in what might one thing was totally safe environment the hackers can operate.

A fundamental problem is that as we are all aware Which? and others campaigned for faster and easier Bank payments to be made. Once this was introduced the amount of fraud losses went up by 122% in the following year as it was now much harder to call a halt to frauds. Australia is due this year to take the same step we took in 2007 and they anticipate frauds will increase also.

Humans are likely to continue to act like humans and it seems increasingly obvious that the introduction of easy and fast money and emails actually is very beneficial to those intent on fraud by social engineering or software tricks. Is there a danger that in expediting everything we are forgetting how vulnerable people are.

The initiative is good if it aims to expose current scams to the public so that they can react to them accordingly. I did score 6/6 in the (fairly easy) quiz (smug) but I quite understand some responding to an email or a phone call, particularly if the caller is a “professional sounding person” like John’s above. Of course they are like;y to be “professional” – confidence tricksters rely on this persona.

I hope that the anti-scam advice is properly publicised – on TV in the soap breaks would seem likely to reach the most people. However I am a little concerned at the inference that “business” is being held somewhat responsible. If they do have poor security or leak information then they will be. If they don’t have appropriate access controls to accounts for example, then yes. But there are limits to what anyone can do to defeat professionals, when they cannot anticipate what the next scam might be.

And what about look alike driving licence sites, passport sites, and so on; these are not down to business (unless you can prevent this on the internet by blocking dodgy sites). Someone mentioned genuine sites providing a password, but that I suspect would be east to circumvent.

As far as “Johns” story above goes, which is being used in a petition: “Please sign the petition if you think businesses should do more to protect customers like John from scams and fraud.” However, why is business implied to be the villain in John’s fraud? I’d need detail of exactly what happened to see if his bank was solely or partly to blame and, as is often the case with petitions, the information we need to react logically rather than emotively is missing..

However, the more information we get, the better. I have posted elsewhere that my local police force regularly sends warnings by email about the latest scams. that is really useful, and easy to forward to family and friends. Maybe a national update service of this kind would keep people more aware.

I am disappointed the roadshow is not stopping at my local village. 🙁


Well done Google -not.

Frederick P. Burns says:
4 May 2016

Insurance companies un-necessarilly asking so called security questions when purchasing thier products proved to be the fraudsters key to the credit card scams that i have been the victim of.

Angie says:
4 May 2016

I have received an awfull lot of scams just lately & I am not sure why they have been wide spread from offering me a loan to offering me money so say for nothing ie heritance to a share of a large amount of money that a bank manager has just for me, I suppose I am luckily because I just delete these offers as my Dad always told me you never het something for nothing

Martin Marks says:
4 May 2016

Reference your scam quiz, last question – what have HMRC got to do with a council tax refund? Surely that’s a council matter? Another scam?

Quite right Martin. That’s one of the giveaways. We got this scam website shut down, and asked HMRC for advice. Here it is: https://conversation.which.co.uk/home-energy/council-tax-hmrc-scam-govuk/

HMRC told us that council issues are handled by each council itself and not centrally by HMRC. So if you are contacted by anyone purporting to be from HMRC about your council tax, you should smell a rat.

HMRC told us that a text or email from them will never:

Notify you of a tax rebate.
Offer you a repayment.
Request personal information such as full address, postcode, Unique Taxpayer Reference or bank account details.
Give a non HMRC personal email address to send a response to.
Ask for financial information such as specific figures or tax computations, unless you’ve given prior consent and you’ve formally accepted the risks.
Send attachments, unless you’ve given prior consent and you’ve formally accepted the risks.
Provide a link to a secure log-in page or a form asking for information – instead you’ll be asked to log on to your online account.

We are constantly being warned by TV Advertising that Banks never ask for personal details over the phone. It really does pay to heed such information.

Andrew says:
4 May 2016

Surely scams only exist because the originators can scoop up money. If the banks identified the account into which the ilicit money passes, that account could be closed down and the owners of it could be traced and brought to justice.

Myles Dexter says:
4 May 2016

The scams that are only to evident on this where anything goes in the free trade free raid American inspired Devil’s island of ours. What we can expect, when the dark corporations (mostly American) of the business world, do not want to operate where there are rules (or red tape they like to call it!) to obey, who are assisted by our so called democratically elected western governments, who are only there to feather their own nests and further the the wants of big companies in their greedy world of capitalism.

Joe Dalton says:
4 May 2016

It isn’t just the indiscrimate way in which they target vulnerable people, stealing money from those who sometimes can ill afford it but the distress and anxiety caused. It could easily lead some into severe depression.

Tony says:
4 May 2016

Yes more should be done, or simply be more robust with what is already in place!!!!
I received an email from Sainsburys thanking me for changing online security details. I hadn’t so did exactly what the email advised and called them (first checking phone number was genuine).
I was put through to the fraud team where I was assured it was a glitch and my details were secure.
A few days later grocery deliveries were being made and deducted from my bank account.
To finalise , the bank quickly confirmed fraudulent activity and did all necessary to replace monies and set up new cards etc.
During this time , Furious with Sainsburys that they had in fact allowed this to happen I obviously called them again where the fraud team now confirmed that my account had been accessed but offered no apology or explanation.
An email through the complaints procedure got no response at all.

I have never experienced anything so vile as I have the last few years. The fact I got scammed by a bogus computer company seems so so erelevant any more. The after effects of what/who ever the hell, gains ,financial or other etc etc etc,, has actually caused is evil!! The lack of every single body you could contact to help , advise or a simply acknowledge that you even exist is damn right bloody shamefull. I’m discussed by the way this has all come about Greedy, greedy lying con artists all of them.. How dare you treat any person on gods earth and sleep at night I’ll never no!!

A bogus tax refund . A friend received an apparently genuine notification from HMRC indicating an overpayment of £200 plus . The Revenue will NEVER contact a taxpayer by this method regarding refunds.

Thank you for sharing Norman. Good advice, which we also expand on here: https://conversation.which.co.uk/home-energy/council-tax-hmrc-scam-govuk/

I have had a lot of scam emails lately, offering me a tax rebate, and the latest one says despite several reminders my payment of $1388.23 is now overdue and if not paid within six days legal action will take place, can these not be stopped, some poor person might worry about this

I have an elderly relative with mild dementia who lives on his own. Brought up in an age when if someone phoned with a message, why would you not believe them ? I really worry about vulnerable people like him – he could so easily fall victim. Fortunately he no longer uses the computer, but his telephone is a lifeline. He is kind and generous, and gives loads of money to charity – forgetting he’s done it already, he does it again. Charities are one thing, but his vulnerability to scams keeps me awake at night.

i had online fraud they took money taken from my current account and put into an account i did not use the fraudsters then used a card that that i believe had been stolen and transferred 2000.00 the then took out 300.00 before i noticed the bank stopped the card and told me they would replace my cards which i have waited two weeks for only to be told they have left

It’s about time the government stopped sitting on the fence about these scams and did something serious to protect the public, they were elected to serve!
The scammers have absolutely no deterrent and whilst this continues, they are taking innocent people to the cleaners. I say anyone caught doing these scams should face the death penalty, not slapped on the wrists and told not to be so naughty in the future.
The internet is a lifeline to many millions of people, if we are not careful, it will collapse in a heap through fear of being scammed!

George Kerr says:
4 May 2016

Just suspect everyone and everything on-line – do some checking using Google and never believe that incoming phone calls are from who they say they are. Ring off and then after a few minutes phone the known correct number for the service e.g. your bank etc. Never open email when you don’t recognise the source. Better still use a front end Mail tool like Mailwasher which allows you to look at your mail before you even download it to your PC.

Simple solution, when anyone, whose voice you do not recognise phones……..say. Sorry, not interested. And put the phone down. If we wish to speak to someone, we phone them, at a time of our choosing.

Trisha says:
4 May 2016

A lot of these scams are done over the phone, so what are the phone companies doing to stop these people? It should not be possible for them to set up numbers that charge you exhorbitant sums, or fake numbers so that you can’t trace them.