/ Money, Technology

Companies must do more to safeguard us from scams

Scams campaign logo

With online scams becoming ever more sophisticated and one case being reported every minute, are businesses doing enough to safeguard us from scams?

I wasn’t born with an iPhone in my hand, but I suppose I would be classed as a ‘Millennial’. I now bank online; I communicate mainly through email and text message; and nearly all my purchases are made online. But this isn’t just the ‘Millennial’ way. We’re all increasingly moving in this direction.

And it’s great – I can sit back, cup of tea in hand and pay my monthly bills. Or even make that last-minute purchase as I dash to work at the tap of an app. Buy with one click, payment details saved, delivered to my door in 24 hours. It’s easy, quick and fits in around my life.

But the online romance has hit a major bump in the road.

Scam attempt every six seconds

Our latest research, in a representative survey of the UK population, found that six in ten people say they’ve been targeted by an online scam in the last year. In fact, it’s estimated that a scam is attempted every six seconds. By the time you’ve finished reading this post, approximately 33 scams will have been attempted.

The most common scams include phishing emails purporting to be from their banks, phishing messages seeking money for services and bogus computer support.

John was hit by a banking scam:

‘I noticed a £1,800 transaction on my bank account and immediately reported it. The bank’s fraud team sent me two texts confirming my money had been refunded and a new debit card was on its way. I then received another text from the same number saying I needed to call the fraud team about more activity on my account. I called and spoke to a very professional sounding person. I was even asked the same security questions my bank had asked a few days earlier.’

£53,000 was then taken from John’s bank account. And although we’re pleased to say that John eventually got his money back, it’s a chilling example of just how clever and believable scams can be.

Safeguard us from scams

Although I was confident, I now worry that I’ve been naïve to trust companies to properly secure their services and protect me from online fraud. I’m not the only one – half of the people in our survey said they don’t use certain online products, services or apps for fear of being targeted by scammers.

In response, the government has established a Joint Fraud Taskforce to look at tackling financial fraud. But we think it can go further.

We’ve today launched our ‘Safeguard us from Scams’ campaign, where we’re calling on the government to investigate how seriously companies take their responsibility to protect customers from scams.

We all hear about the risks. Maybe we know someone who’s fallen victim or someone else who got lucky and smelled a rat just in time. We can and often do take sensible steps to protect ourselves – but when even the savviest of people can be scammed, it’s important that the government and businesses take their responsibilities seriously too. It’s time for them to step up and safeguard us all from scams.​

Our scams roadshow is taking our campaign around the country. Visit one of our locations to share your stories of fraud and get free advice on how to safeguard yourself from scams.


The police display absolutely no interest in investigating or preventing this crime that costs the country £1 Billion each year. Which? itself should do more to help combat this menace. I signed up for TalkTalk as a result of a Which? campaign for cheaper broadband. Following the leak of data late last year I receive scam calls from fraudsters, claiming to be TalkTalk employees, at least twice a week. TalkTalk assured me that my details had not been leaked however the scammers not only know my name, address, postcode and telephone number but also my TalkTalk account Number!!!. Of three friends with TalkTalk two have the same problem, including the scammers knowing their account number. This suggests the leak is on a far greater scale to that thus far revealed. It does not require Sherlock Holmes or Met chief Bernard Hogan-Howe (who prefers to blame the victims) to deduce how these details were obtained.

This comment was removed at the request of the user

As a retired lawyer I am disappointed at the sentences handed out by the judiciary but I believe their hands have been tied behind their backs by Parliament or those who work in it. There is no openess in our culture now and we are all blinded by what we are told. There seems to be no wish to deal with scams and everything
else that is wrong today.

I share your concerns, Peggy, although I don’t think prolonged incarceration is the cure for criminality. I get disappointed by the community service orders that are handed out which seem to be insufficiently demanding of the offenders, are sometimes an insult to the victims of the crimes, and for which there seems to be no reporting or accountability mechanism. I don’t know enough about how community service is devised and organised, or what the guidelines say should occur, or what the outcomes need to be so that the ‘community’ can appreciate that a benefit has been delivered. I think a lot more light needs to be shed on this aspect of the criminal justice system.

A further thought . . . If the police hold community service in contempt [which they may or may not – I don’t know] it will make them less inclined to wish to investigate those crimes that attract such penalties. In my judgment, leaving it entirely to the police to decide which crimes should be dealt with exhaustively has its risks [domestic violence and sexual abuse being two such instances].

This comment was removed at the request of the user

Just been scammed for the third time since Christmas. Something has to be done soon!!

E. Walker says:
4 June 2016

I wont talk to any cold callers at all. It seems the safest way to me. I don’t give out my address or telephone number either because you don’t know who you are talking to. The same applies to e-mails I look to see who actually sent them and mostly if Im not expecting it it is usually a scam of some sort and they are blocked.

Sonny says:
4 June 2016

The police should put in extra efforts to find these scammers because every year they ruin the life of many poor and vulnerable people and families. The scammers should be put away in a rigorous prison for life or at least for very long time i.e. 15 to 20 years without any possibility of early release . The courts must not show any mercy on these scammers because they do not show any mercy to the people they are defrauding.

Don’t give out your details. And you can’t get scammed ..it’s that simple.

The police should do more to track scammers but David Cameron and the Conservatives (who are supposed to be the party of law and order) has cut the number of police and prisons and prison officers in the UK allowing this type of crime to thrive. never give out personal details to strangers.

This comment was removed at the request of the user

I son’t know how new this scam is, but it has just been circulated by our regional police. This one might well fool the intelligent people to whom it is directed.

“A new phishing campaign which has hit students of UK universities claims that the student has been awarded an educational grant by the Department for Education. The email purports to have come from the finance department of the student’s university and tricks the recipient into clicking on a link contained in the message to provide personal and banking details.!

Yes Malcom – I could see a lot of people falling for that: it’s a very cunning scam because it seems so plausible. I hope all the universities are sending warnings to their students about this.

Although I’m retired I still use my university email account and other services. Students and staff were warned about this scam on 1 June.

Beware of callers from 0808 exchange pretending to be Microsoft who want to make your PC more secure.
I have been unable to block these calls but how many people have fallen for this and had their computer hacked. The public should be made more aware of these callers and we should be able to block these as well, as unwanted calls from traders and marketers.

This comment was removed at the request of the user

I think you need to clarify just what you want businesses to do about phishing. Bear in mind that the phishing emails don’t come from the affected businesses, so they can only educate users not to respond to them.

Though, if there is an area in which all Webmasters can improve their track record, it’s in preventing email address harvesting. If the hackers cannot get hold of your email address, then they cannot spam or phish you. In which case, problem solved.

Address harvesting arises from two main sources; massive data breaches at online services (not necessarily the same services that get phished using the collected addresses) and people who refuse to acknowledge the stupidity of posting their own or other peoples’ email addresses on public webpages. If we could get both of those sources of personal information leakage under control, we could greatly reduce the phishing problem.

Maybe a government initiative to get webpages carrying unprotected and robot-harvestable email addresses taken down until this is fixed, and a requirement for sites which have suffered a major data breach to carry a big red warning banner for a month afterwards, stating that this site may be insecure? That would certainly motivate them into stopping the personal info leaks.

Just an idea. Stopping the problem at source is always better than an Elastoplast fix.

I would agree with you apart from the action to prevent e-mail addresses being shown deliberately. Two reasons.
1. Spam trapping or baiting rogue sites
2. If I have an address specifically that Which readers can contact me on to discuss Which? offerings. However this could apply to any blog or forum where someone is seeking to raise awareness. Say like Sashay Rodoy and OEMRLS. If email addresses are suppressed from publication then we have a problem.

The casual use of email addresses should be banned unless the provider actually completes an acknowledgement that they realise what the fall-out may be.

Ian – For years I have put email addresses on websites as images, so they cannot automatically be harvested. It means that anyone who wants to send an email has to type in the address rather than use a clickable link. I cannot remember where I read the advice to do this, but it has worked very well for me.

Pressure and attacking language from the following number – 01818894555 –

Insisting there was a fault in my computer and I was required to switch it on to have the fault rectified.

Nasty and repetitive calls ensued when I said no. Put what you are saying in writing to me I kept repeating and put phone down. Another call five minutes later saying it was important the fault was rectified as soon as possible. . . . .

This comment was removed at the request of the user

if unsolicited contact was made illegal, there would be NO telephone scams.
if companies had to write to customers, they would be made accountable.
if the Data Protection Act had any teeth it might not behave like a quango.
too much is happening without accountability. companies are profit driven, do you think they have morals? if they did, scams like this wouldn’t be happening.
I was scammed by my own bank. how? they accessed my data and used it to ring me from a managers mobile, without his permission, they admitted their errors in these calls and then would not discuss them ( as they were not made from their number) the bank then claimed against me in court while knowing they did this to me. they scammed me by admitting in the calls that they caused the situation with the errors they made and leading me to believe that they were working to correct their errors. I was truly scammed by them. I recorded the calls and intend following this up somehow. I did win a harrasment claim against them though.
the Data Protection Act is being constantly used against customers to the profitable advantage of the companies processing that data. it is near impossible to access our own data. sometimes having to make many different data requests to different parties in order to try and get some access or control over what is being used or processed. we always have to pay for access to our own data.
it is obvious to me that a huge amount of scams can be avoided if companies were banned completely from making unsolicited calls. if you look at the term unsolicited calls from a different angle, it is clear that they are actually soliciting for money ( or profit) and I thought that was illegal. a quick scan of the net shows that this is a worldwide problem with the vulnerable being the victims. lives are being destroyed. how is it still allowed to go on?

This comment was removed at the request of the user

Mark Mapstone says:
30 June 2016

One of the most common scams is where companies use anti-scam schemes just to sell their products. Does this ring any bells Which? I bet you won’t publish this.

Hello thank you for sharing your comment on scams. ​We’re campaigning on this issue ​because there is a​
need to better protect consumers from the proliferation of scams by raising awareness and calling for change to current laws and protections. If you have specific concerns or examples that you’d like to share with us can you please send them through to me at conversation.comments@which.co.uk

I am an old lady and lately have been plagued by calls that ay that I am entitled to compensation after a car accident. I ask what my vehicle reg is and they cannot provide it. Also I ask for the company they represent and it is always Direct Line. The English language they use is appalling. After I have asked relevant questions they ring off. I have checked with 1471 and have dialled the number to see who was calling but the quoted 1471 was unobtainable. I am on the telephone preference service, but this is not a deterrent. Any help from anyone how I can stop this (not to technical please as I am a bit of a technophobe) This appears to stem from the time I applied online for a new credit card.

This comment was removed at the request of the user

margaret brown says:
22 July 2016

I have an answering machine and if no one leaves a message they dont really want to talk to ME so I do not answer my landline at all my Family and Friends will always text me first so I know when to pick up.

william says:
23 July 2016

I agree, buy a call blocker. If you know the person calling, you can add the name and number to an ‘ALLOWED’ list.

It is an unintended consequence of the government’s law about displaying numbers. I have to block each call now instead of simply barring all calls where the number is withheld. The callers have an unlimited number of numbers at their disposal so blocking these is not effective any more.
How did I receive a cold call on my voicemail when the phone did not ring? Is this a new ploy?

This comment was removed at the request of the user

How do I know this isn’t a scam?

This comment was removed at the request of the user