/ Technology

Have you ever been hit by an online scam?

Question marks on web browser

There are many reasons to be thankful for the existence of the internet. Without Tim Berners-Lee’s creation there would be no BBC iPlayer, no Google and… no place to share cat photos. But what about all the scams?

As the web has matured to accommodate 1.2bn Facebook accounts and £68.2bn in online UK spending, there are more and more dangers to be aware of.

You need to be careful who you’re giving your bank account details to, where you share your personal data and what websites to hide from prying eyes.

Your cybercrime comments

There were an estimated 12.5 million victims of cybercrime in the UK last year, costing the economy £1.8bn. And many of those who’ve been scammed have shared their experiences here on Which? Convo. Mose told us how he’s been unlucky:

‘In less than ten years I’ve had my credit card used three times. The last time was only a couple of months ago. I’m always careful online, I have good antivirus, good firewall, all passwords are very secure, I don’t keep cookies and all my software and games are legit. I have come to the conclusion that one can only be so safe. Maybe I’ve just been unlucky.’

Dyfnwal discovered his personal data online:

‘Recently, by Googling my mobile number, I discovered my full card details published in a text file that had been “dumped” from a Russian web site.’

Ask your online security questions

We’ve got lots of guides on our Consumer Rights website to help protect yourself online, from phishing emails to all sorts of sophisticated online scams. But sometimes you need a personal touch, which is why we’ve invited Tony Neate, CEO of Get Safe Online, to answer your burning security questions on next week’s Which? Technology podcast.

A government-funded security service to help protect internet-connected devices from malicious attack, Get Safe Online is perfectly placed to offer some sound internet-related advice to set your mind at ease.

Got a question for Get Safe Online, such as ‘how to safely send money online’ or ‘how to protect your passwords’? Just ask it in the comments section below and we’ll do our best to answer as many as possible when the podcast airs on 8 October.


My bank asks me to use Rapport software for transactions, but does not insist on this. I find that Rapport really slows down my Mac, which used to be a problem with anti-virus software. Rapport can be switched on and off, but this requires a restart – which takes time.

If it was really important for customers to use Rapport, it seems likely that the bank would make it mandatory or say that it would not cover fraudulent transactions.

The Get Safe Online website mentions Rapport but does not comment on whether it is essential to use it.

My bank asks me to use Rapport, but I’ve not noticed any performance issues on my PC.

What I have noticed it that my ISP seems to be doing a good job on shielding me from dodgy emails, think I’ve only had 1 in the last year and I don’t think it was a scam one either, but I don’t know that for sure as I deleted without opening it.

I’ve also have noticed is the number of ads that appear on facebook that are clearly scams has shot up. Just type Tesco in the search bar and I can almost 100% guarantee that 3 out of the top 8 listed are scams sites(pages). The real Tesco has finally got a verified symbol ( not sure if it was one of my messages suggesting they did that that resulted in them getting it ).

Some people seem to get on better than others with Rapport, but the effect on performance is well documented. I think I will use an older laptop (with up-to-date software) and Rapport to do my banking and online shopping, and avoid having Rapport on the laptop I use regularly.

I have OpenDNS configured, which filters known bad sites, then I have antivirus and antimalware software, I also have Malwarebytes installed (which blocks a steady trickle of wrong ‘uns), HitmanPro to give a second opinion, and I have Web Of Trust and AdBlock Plus installed in Google Chrome, my preferred browser.

I never re-use passwords between sites, I change passwords regularly and keep them in a password safe (KeePass). For some sites I use separate email addresses, which is easy as I have my own domain.

I always view email in text mode first, check all links and SSL certificates and never click on links purporting to be from PayPal or my bank – I go to the website and look at the message box there. When I was an email administrator, over 99% of all inbound mail was spam, it’s still the most common vector for scams.

Despite this, I have had two or three malware exploits make their way onto my PCs at home. I have no idea how the less paranoid manage to avoid sending their cash to Nigera or Russia, the sheer volume of scams is breathtaking.

At least as consumers we rarely face the issue of zero day exploits. I got his by Sasser on day zero, over 100 infected systems within 20 minutes. It took 36 hours of continuous effort to eliminate it.

What bothers me is the Computer, Soft ware companies are rendering 10 year old computers obsolete & one is not informed before one buys. Recently there was an email from Apple saying specifications not able to download then when investigated Apple Care [ no HQ ] wanted credit card details .Having RepaIrers Insurers running Customer Services as in Currys PC World is bound to cause trouble.Rip off.

There are design faults sometimes caused by security & passwords blocking . My Shopping Carts do not show what ordered .Things have never been the same since technicians, to assist , accessed it remotely.

Are you sure that was a legit customer service rep? It sounds suspiciously like some of the “tech support” scams.

Duncan says:
4 October 2013

A good way to cut down on spam is to filter all mail through a spamfilter site – I’ve used Spamcop.net for years, and it works just fine (in association with a personalised email address). The Mac automatically filters out the stuff that spamcop lets though, so a spam in my inbox is, if not a rarity, certainly unusual!

Yes, I used spamcop for ages as well, but actually most of the big providers now have decent filters. No filter is 100% effective, though, which is why it’s really important to learn the telltale signs and check twice before putting any personal information into any site.

ukbobboy says:
11 October 2013

A month or so ago I was looking into Rapport, with the idea of installing it on my PC, and found that there actually were no independent test done on this software, in fact Trusteer ( the makers of Rapport) has gone out of it’s way to ensure that any one that wants to test their software must do so under Trusteer’s own rules and testing procedures.

This I find very strange.

Also, I have heard that Rapport is nothing more than “Snake Oil” because none of it’s claims have ever been substantiated and that everything it pushes is nothing more than propaganda.

Finally, I came across this seminar posted on YouTube and although two years old it seems to be the only non-tainted view on Rapport available.


UK Bob

PS I would like to see Which? test this software and let us know whether or not this is just vapourware.

Jeff Richardson says:
16 May 2014

I have ordered half-a-dozen items from the USA over the past eighteen months, from various vendors, both businesses and from private sellers. Each time, after about two weeks, just at the time when I was hoping the goods would arrive, I have received an E-mail purporting to come from USPS and containing an attachment.
The first time this happened, in December 2012, I read the message and opened the file; and promptly lost my Windows XP machine to a virus.
I have ignored all subsequent such messages and now, having ceased to order from the USA (because of the VAT and the surcharge levied by ParcelForce) I have received no more of these messages since. There seemed, to me, to be a definite link between my Orders and the malicious messages.

Over the last few weeks I have received a number of email receipts for items I have not purchased, some of these from online companies such as Apple (iTunes) and Paypal and others from companies such as New Look that I have never purchased items from. Despite getting notifications of receipts for payments no corresponding transactions have appeared in my bank statement. Checking my details on Paypal shows that I don’t have a valid payment card registered with them.

If someone has hacked my email account or found out my email address and is using this without any corresponding bank info I am not sure what they would gain. Some (but not all) of the email receipts include embedded links for me to cancel the purchase so these may be fishing emails. I have up to date security software on all my devices.

I’m reluctant to abandon my email address if my financial details are secure but concerned about what is happening. Does anyone have any similar experience or advice about what I should do?

This comment was removed at the request of the user

I. like many I’m sure, have had occasional emails like this with an attachment, usually pdf, purporting to be an invoice, or a link. I presume they are just the usual random emails like the other junk I get. The answer is, if you don’t know for sure who the email is from, delete it. Never click on a link or attachment unless you are 100% certain of the sender and that their email address (in the “from:” header) is genuine. Best to play safe.

If you are not sure whether it is relevant to you, find the actual email address of the company (not the one on their email, find it independently on the web) and ask them if they have contacted you, or phone them.

Eileen, if you’re using FF you should type


in the address bar. Search for


and set it to


That will safeguard you from a nasty scam that could cause you problems. Otherwise, with the cases you’ve quoted, simply follow Malcolm and Duncan’s advice.