/ Money, Technology

Companies must do more to safeguard us from scams

Scams campaign logo

With online scams becoming ever more sophisticated and one case being reported every minute, are businesses doing enough to safeguard us from scams?

I wasn’t born with an iPhone in my hand, but I suppose I would be classed as a ‘Millennial’. I now bank online; I communicate mainly through email and text message; and nearly all my purchases are made online. But this isn’t just the ‘Millennial’ way. We’re all increasingly moving in this direction.

And it’s great – I can sit back, cup of tea in hand and pay my monthly bills. Or even make that last-minute purchase as I dash to work at the tap of an app. Buy with one click, payment details saved, delivered to my door in 24 hours. It’s easy, quick and fits in around my life.

But the online romance has hit a major bump in the road.

Scam attempt every six seconds

Our latest research, in a representative survey of the UK population, found that six in ten people say they’ve been targeted by an online scam in the last year. In fact, it’s estimated that a scam is attempted every six seconds. By the time you’ve finished reading this post, approximately 33 scams will have been attempted.

The most common scams include phishing emails purporting to be from their banks, phishing messages seeking money for services and bogus computer support.

John was hit by a banking scam:

‘I noticed a £1,800 transaction on my bank account and immediately reported it. The bank’s fraud team sent me two texts confirming my money had been refunded and a new debit card was on its way. I then received another text from the same number saying I needed to call the fraud team about more activity on my account. I called and spoke to a very professional sounding person. I was even asked the same security questions my bank had asked a few days earlier.’

£53,000 was then taken from John’s bank account. And although we’re pleased to say that John eventually got his money back, it’s a chilling example of just how clever and believable scams can be.

Safeguard us from scams

Although I was confident, I now worry that I’ve been naïve to trust companies to properly secure their services and protect me from online fraud. I’m not the only one – half of the people in our survey said they don’t use certain online products, services or apps for fear of being targeted by scammers.

In response, the government has established a Joint Fraud Taskforce to look at tackling financial fraud. But we think it can go further.


We’ve today launched our ‘Safeguard us from Scams’ campaign, where we’re calling on the government to investigate how seriously companies take their responsibility to protect customers from scams.

We all hear about the risks. Maybe we know someone who’s fallen victim or someone else who got lucky and smelled a rat just in time. We can and often do take sensible steps to protect ourselves – but when even the savviest of people can be scammed, it’s important that the government and businesses take their responsibilities seriously too. It’s time for them to step up and safeguard us all from scams.​

Our scams roadshow is taking our campaign around the country. Visit one of our locations to share your stories of fraud and get free advice on how to safeguard yourself from scams.

Comments

It would help if there was a “scam” email address where we could forward suspect texts and emails to so as we didn’t need to open them.

Many organisations list an email address to which you can forward suspect emails that appear to have been sent in their name. You do not (and must not) open any links or attachments.

This comment was removed at the request of the user

Bryan Diss says:
10 August 2016

I would never answer emails from any of the companies you used as senders of “suspected scam” emails as I avoid all of them, particularly eBay, Natwest and Barclays! I would only answer an Amazon email if I had an order “on” with them. My Bank only emails me to say there is a message for me on secure on-line Banking. This is the way to be safe on-line.

David Kingdon says:
11 August 2016

Got caught by a company – UKEhic for European Health Insurance – load of fraudsters.

500+ investors scammed by UK Company Ecohouse out of £21,000,000 after their funds were released illegitimately by dubious solicitors Sanders & Co. of Stourbridge (now in liquidation) recently learnt that Sanders & Co. PII insurer, Elite Insurance decided in a private adjudication not to indemnify Ecohouse creditors claims that were being brought by PWC against Sanders & Co. Elite refuse to answer questions regarding why the claim was refused. They charged a heavy additional fee to cover Sanders & Co. to provide escrow services, but then reneged on their agreement.

Apparently the Solicitors Regulation Authority has alleged that no legal service was provided (which is simply not true), and that has given Elite Insurance the “Get out” clause they required. It appears that after creditors of Ecohouse did the decent thing by reporting the dubious solicitors to the regulator, the regulator has effectively stabbed them in the back by compromising their insurance claim, which was far more important to them than the SRA bringing some half hearted action against the solicitors concerned. The SRA failed to bring the director of Ecohouse to account back in 2012 when his former law firm was shut down by HMRC for failing to pay ~£200,000 in tax & NI (as reported in Private Eye). Prior to that the director had taken a loan from the company for ~£290,000 ! The law firms creditors were owed ~£1,500,000, but got nothing. For the SRA to fail to prosecute the director / solicitor previously is the most horrendous regulatory failure by the SRA, and as a consequence over 500 more people have suffered at the hand of that same director’s dishonesty. This time the director will face a disciplinary tribunal, but that won’t bring investors funds back , Grrrr !

When is HM Government going to intervene and challenge insurance regulators, so that large insurance companies can’t hold private meetings in total secrecy, renege on agreements, and leave victims of solicitor crime / negligence without compensation ?

When is HM Government going to de-throne the inept, ineffectual SRA from their pedestal and replace them with an effective independent regulator, that is motivated to help victims of solicitor crime, as opposed to a bunch of bureaucratic self regulating solicitors who are completely biased towards their own kind and unsympathetic towards victim’s of solicitor crime, and their need for fair recompense ?

I hope Which is able to challenge HM Government on such matters.

The SRA is an ineffectual organisation when it comes to shady people setting up in business as conveyancers for example. (they have to have a license, but that does not stop them from employing people who are not qualified to carry out the conveyancing to do the bulk of the work).

I have tried reporting a crime to Staffordshire police using the telephone and the 101 service nearly 10 times. I have tried Emailing them as well. Absolutely no response – other from a pcso who emailed me back, but when I tried ringing him, all I was allowed to do was leave a message and guess what no response. I want a crime number for a theft but there will be none. This means that the crime technically does not exist. No wonder those crime figures are down. Is this policy to provide a communication service that doesn’t work and hence avoid the recording of crime.

My husband recently received a telephone call on his mobile telling him he had won a holiday in a holiday apartment in the US. The catch was that he had to pay the air fare, plus it turned out to be a time share seller. He has no idea where they got his number from and thinks it was from someone he knows who had filled out a survey and put my husband’s telephone number on it (make sure your friends and relatives don’t do tricks like this!).

There are also dubious solicitors being used on the elderly for equity release products. I know this because I have experienced it. The government agency for equity release is too lax and the so called specialist advisors only advise about their own products. Additionally, they limit the products they offer you to sell you the ones with the highest interest. It is starting to be a big scam/rip off of the elderly as the advisors are keen to get their commission. My deal fell through because the dubious solicitor (nowhere to be found/seen) was using very young women (aged about 18-25) as ‘office assistants’ to undertake conveyancing for this specialist area of lending to the elderly. Turns out they are just a shady firm of ‘conveyancers’ employing only one licensed conveyancer and the rest of the staff are ‘office assistants’ (lowly paid I expect). So, they did not complete the deal by the product expiry date (35 days) and added on two more days to complete without authority from the lender, who then did not forward the funds as they had not agreed to the extension! We found ourselves having to find fees of around £3000 (some of which would be paid for by the lender had the deal completed) and having to search for legal advice! Elderly people don’t want to be put through this, (some with health problems) but the government is wanting/promoting equity release to the elderly so that people are less reliant on the state when they are older. It is all a big scam and some very elderly people (like my aunt of 90) who are in vulnerable groups could end up in a financial mess. (I intend to write to Which about our horrible experience).

Equity Release is a minefield. Peony – I hope you will write to Which? about your horrible experience. It has been a long time [four years next week] since there was a Which? Conversation on the subject [Is equity release worth the gamble? – 26/09/2016].

There is a Which? explanatory guide to Equity Release. The link I am inserting here might not appear until it has been approved but it can also be found in the previous Conversation : http://www.which.co.uk/money/retirement/guides/equity-release-explained/equity-release-is-it-right-for-you/

I was not aware that the government was promoting equity release. I thought it was recognising that a lot of people were interested in it and were cautioning people to take great care and think through all the implications before committing to it. The rise in property values, together with the recently introduced access to pension pots, have placed it in the spotlight. Equity Release is not new – it has been available for years, normally through reputable and well-established insurance companies through ‘lifetime mortgages’ and ‘home reversion’ schemes. As you say, other operators have climbed on the band-wagon now and are hoping for rich pickings on the basis of low valuations.

People should do a lot of research before entering into any arrangements. An independent financial adviser will be able to give unbiased advice across a range of schemes from different companies but their advice will not be free, although bearing in mind the value of the assets and yields at stake it is worth paying for the best and most comprehensive advice. There is a lot of advice available through the internet but any from a commercial organisation will be given only from their point of view. The bigger life assurance companies and friendly societies should be fairer than most, however, but the information they give still needs to be considered very carefully to make sure it is the right way to proceed.

It should be noted that the Equity Release Council is an industry organisation which represents the providers, qualified financial advisors, lawyers, intermediaries and surveyors who work in the equity release sector. It lays down standards for its members, but membership is not compulsory, it is not an official regulator, and it is not affiliated to or approved by the government. It does issue information and advice brochures, though, that might be worth consulting [accessible from its website].

Many people who are interested in Equity Release might be able to achieve acceptable results by their own resources and without losing control of their principal asset. By downsizing, or by relocating to an area with lower property values, some people could release almost as much as they would get from a commercial scheme and still have a major capital asset under their control. Obviously some people need to turn their latent property value into cash in order to fund continuing care in their own home in which case they really do need a good scheme and a highly professional service. I would recommend anyone seeking Equity Release to discuss it thoroughly within their family but I can understand why some might not wish to do that so in those circumstances the quality of advice is paramount.

The date I included in the first paragraph above should have read “26/09/2012”.

Regarding your fake/real email quiz. The best advice you can give is NOT to follow any links given in emails. That way, the question of whether or not the email is fake doesn’t even arise. Some fakes are very good and with address cloaking are impossible to tell from real ones.
Instead, if you have an email from (for instance) Barclays, just search “Barclays” in your search engine and find their site that way. You can then search within their website for the information or pages you require. It adds almost no time and reduces the risk to almost zero.

Also need better error checking on electronic transfers (BACS). I believe, from a past experience, that the system does not generally check that the account number matches the name of the account holder. So if you make a mistake in the account number the money could go to a different account. A few digits encoded from the main account number and appended to it may be a simple self error checking mechanism against mistakes.

One has to provide a life history, proof of income and ID, sign in blood to open a bank account? Why isn’t scammed money traced??

I am sure many organisations have kept quiet about many of the hacks they have been attacked with and our personal nfo is now in the dark side being flogged off to those nice over seas fraudsters. Yahoo was attacked how many years ago and only just told their millions of past and present customers??!! They keep quiet because of the huge costs sorting the issues out, adverse PR ref their weak security and systems shortcomings and get let off in the way of punitive fines as our Government is to soft with data protection.
Good at making the rules up but totally useless at policing it and kicking butt when it fails.

This comment was removed at the request of the user

I never got help from my credit card when I got scammed by scam company, they keep referring to the fraud company terms and conditions !! Am confused!

My new bank account is now with a bank that requires a 2-stage process to set up any new payee online (they straight way send a code to my phone which I have to return online before the new payee is confirmed and paid) but do all banks even bother yet with this basic safety process?

That confirms that you are who you say you are but does not guarantee the authenticity of the account you are paying into.

If Banks take more care in obtaining correct details from applicants who start up an account so as to be sure of identity the relevant authorities would be better able to prosecute perpetrators of fraudulant activities

Ask Eric says:
23 September 2016

Its very simple really. Banks: STOP using emails and texts – and use technology that is 1,000,000’s years old.
Its called : Human Speech recognition. Its amazing really… everyone YOU know well knows its you as soon as you speak to them. Banks should try this. Its absolutely AMAZING . Better than ANY high tech fraud detection
SO – if you need to verify its genuine – just call your local bank manager. He or she will instantly know its you .. you speak to them about recent events etc things only you and them will know … Just one problem though … the banks have closed many local branches… and don’t employ many people anymore that know YOU …
And so … they like others have fallen into the BIG trap of sleep walking into Technology –
AND so it follows – banks are ENTIRELY responsible for all fraudulent transactions !!!

Banks only interested in their Bonuses &not the customers security.

I cannot see why people keep suggesting that banks need to look behind every payment instruction and wonder whether the customer provided the right account and sort-code numbers. If there is an account with that number at the bank with that sort-code, and the name matches within the normal tolerances, then the bank’s duty is to transfer that money as instructed. That is protecting the customer’s security. Since this is all done automatically and often outside banking hours the responsibility lies with the customer to get the details right. The alternative is to send a cheque; we know that the banks would welcome the demise of the cheque, and many customers are also in favour and manage without them, but there is no doubt the on-line payment transfer system is incredibly popular as being quick and easy – the two properties that criminals were quick to latch onto for exploiting the victims of these scams. Unless the bank has made a mistake I can’t see why they should compensate the customer; there might be a better case for compensating the payee who did not get their money, although that wouldn’t stop this crime either.

This problem starts with the customer doing something wrong, making a mistake or responding to a fraudster. We should not forget who has initial responsibility and they need to recognise that operating their account requires diligence in ensuring they use the right information when asking their bank to execute their instruction.

Moneybox (Radio 4) looked at this problem today and did not see an immediate solution. One I suggest may be to use an account name as a third verification; but it seems to me this must be a unique name (no variances allowed) for it to be workable. but this could only work in certain frauds.

We all benefit (I suppose) from the Data Protection Act but this does seem to inhibit cross-disclosure of information between banks and police (I suppose a bit like doctors keeping your medical information confidential). Maybe we need to tamper with this to improve an awareness of fraudsters. Is the EU imposing this on member states though?

The banks cannot be responsible for and have to pay every fraud and scam invented. That’s simply unreasonable. Surely the questions are: how did the fraudster know there was a transaction between the customer and the supplier and how did they get a copy of an invoice they could alter? If the customers’ or suppliers’ emails have been hacked, that is not the bank’s fault. Remember, if the banks are forced to pay out on these scams, then we will all end up paying in increased bank charges, etc. Banks are not charities, they are commercial businesses. Which says the banks “have the technology to be able to spot and stop unusual activity”. Are they expected to stop and check every bank transfer? These are likely to be fairly rare events. It’s not like a credit or debit card where spending patterns can be monitored over time.

The easiest scam is reverse billing to your mobile phone.
This is where scammers charge you to receive text messages. Your mobile provider hands the money over to them and adds it to your bill.
The mobile companies such as Three / BT will do little to help.
No one here wants to fund criminals or worse but that is what is being allowed to happen by Ofcom. Check your bill and phone for these text messages. Even if they say free message.
The scammers ‘subscribe’ you into their ‘service’ and you phone company hands them your money.
Check your parents phones and your kids too.
Don’t let your hard earned cash be used by terrorist and criminals.

Having recently lost £14000 pounds through having money taken from my bank account through fraud and nearly £9000 taken in a day alone without the bank notifying me of suspicions activity occurring on my account through no fault of my own. Banks have a duty towards their customers to protect their savings otherwise what is the point you might as well just leave it on the table at home.