/ Technology

Scam watch: fraudsters hack email to pose as customer

email scams

A member discovered his email had been hacked by fraudsters who plundered his details and attempted to steal funds using his signature. When his investment company contacted him, he knew it was an email scam.

Member Andrew Williams told us:

‘My investments are managed by a London-based company. Recently it phoned me to check a suspicious email that appeared to be from me, requesting the transfer of a large sum of money to a German account.

‘I never sent the request. It was an email scam and my email account had been hacked.

‘The scammers stole an image of my signature from an email and had created settings that meant I never saw the fraudulent email, nor any replies.’

Our say on email scams:

It’s lucky that in this case, the investment company was suspicious of this email.

If the money had been transferred, then currently Mr Williams would have no legal right to get the money back from his bank. However, as the email was sent to his investment company, Mr Williams may have been able to claim it back by challenging the company, arguing that it had been negligent in its duties.

Should that have been unsuccessful, he could have escalated the matter to the Financial Ombudsman Service and then ultimately the courts (small claims track if the amount was less than £10,000).

Email scams will often involve conveyancing fraud, where a hacker poses as a solicitor and asks house buyers to transfer their deposit. Huge sums have been lost this way.

Another email scam sees individuals or businesses receiving fake invoices from someone pretending to be a builder or supplier with whom they’ve worked. If you receive a payment request via email, it’s wise to confirm with the payee by phone using a contact number obtained independently.

That applies even if you expect to receive an invoice, as that’s often when your guard is down and fraudsters take the opportunity to pounce.

There are some simple steps you can take to protect yourself against email scams. Change your password immediately if you ever fear it has been compromised. Avoid checking your emails on public wi-fi networks, and use two-factor authentication for extra security.

Always contact your bank if you lose money to a scam, and report it to Action Fraud (tel: 0300 123 2040).

Currently, the regulator is proposing that we introduce a reimbursement scheme for those who fall victim to bank transfer scams.


All the advice given by Which in the intruction to this convo is good advise but when comparing the help on UK government websites and that given to American citizens on the FBI.GOV website there is a distinct lack of informational DIRECT help in this country. There already have been posts on Which relating to this subject by in the past day or two a very irate one about a large financial loss on property in Spain , Now you may say but thats not email scamming but what I am getting at is that the person concerned lost a very large sum of money and got no real help from the very authorities we keep on getting told to contact. leaving him justifiably very irate . He spent a whole lot of time going through UK+Spains official channels , all the right moves to UK departments that supposedly stop this thing ,with no result . Basically they wouldn’t peruse it and put up barriers , no wonder the UK public are unhappy with the administrative qualities here and the lack of drive to investigate sighting cost and manpower etc . Now compare that with the FBI + the FTC , there is no comparison . Direct access to help direct action deep investigative methods on cases like this involving all branches of US government security and they “get their man” . new US laws just out to strengthen the laws on scamming even quoting the Congressional identity numbers involved , very comprehensive . page after page of direct help , no long drawn out cases of – its too much for us or we cant help you . Scamming is a jailing offence there $16,000 fine and jail . i HAD multiple options of different types of fraud to choose from as well as being able on the SAME website to start an FBI investigation . You know sometimes I wish I was an American citizen and thats coming from somebody highly critical of US policy overseas. I have actually been left amazed, and slightly shocked at the help given directly by the US government to its people yet here its NGO,s and powerless “authorities ” That I , if I was a US citizen could directly start a FBI investigation by just using FBI.GOV would sure make me proud , in that respect to be American. The website also gave good general advice on avoiding all types of computer scams/ viruses etc What is the biggest problem for HMG + business is the public’s perceived lack of confidence in the ability to protect us from the very thing that they want us to do- go completely online using the web/internet and thats why the US , no fools, know that their prosperity is linked to the internet and take its protection seriously.

bishbut says:
19 November 2017

Until a MP or MPs lose money through a scam nothing will quickly change Most do not seem to know much of what goes on in the real world Pressure groups must increase the pressure to get anything done that needs doing quickly Its months and months of debate then someone objects and it all has to start again

I have had 2 slightly disconcerting things happen in the last week. So the first one.

I went into Clarks and the boots I wanted were unavailable, so I ordered them in-store, paid for by credit card, to be delivered to my home. They sent me an order confirmation email.

As they didn’t fit well, I returned them.

I received a refund notification email from Clarks stating:
This email indicates that your order amount has been refunded successfully.

So you would think that was all sorted and I could just check my credit card statement to make sure the refund had gone through ok.

However, the following day I received a text from Clarks stating:
Hello from Clarks. We have received your recent return. In order for us to process your refund, please contact Clarks Customer Care on 01458899906. Many thanks.

It is not unusual for companies to have a range of phone numbers, but I cannot find anything on that number, only Clarks numbers ending in 1 or 4. A search directs you to an officecontactnumbers website and even mentions Clarks, but the number is not actually found on that page.

So I called the number thinking they were querying my request for a refund on the postage. When ordering in-store, there are only 2 options of receipt: deliver to store, or next day delivery to home for £5.95. As my order was over £50 and qualified for free delivery, the shop assistant deducted £5.95 from the price of the boots. I had included an explanatory letter requesting a refund of the full cost of the boots.

When I called, I was asked for my sort code and bank account number so they could process my refund. Apparently, Clarks don’t have my credit card details so they cannot refund me on the card I paid with.

They have my name, address, order number, phone number, email address, but don’t retain payment details?

This all just rang alarm bells with me.

I have opted for a cheque to be sent in the post.

This suggests to me, Alfa, that there is somebody within the Clarks company who has access to customer information derived through the sales activity and is misusing it to obtain access to bank accounts. If I were in your shoes [boots not being fit for the purpose] I would report this to Action Fraud – the UK’s national fraud and cyber crime reporting centre: https://actionfraud.police.uk/

You could be right John, although the phone call sounded perfectly plausible.

The Clarks website states for goods returned to store, you will receive a refund by the same method as you paid. It doesn’t say how you will get refunded for postal returns.

I think I will give their main number a call on Monday, as it has definitely left me with a funny feeling about it.

The second one:

I received an email out of the blue from Barclaycard stating my Barclaycard payment is now due.

It sort of looks genuine. It has my first name and card ending in the correct last 4 digits. However…..

There is a Pay your bill button.
Hovering over it, the address is http://email.barclaycard.co.uk/a/gobbledydook.

First thing, you would expect any financial transaction to go to a secure https address.

If the above address had been http://mickeymouse.barclaycard.co.uk/a/gobbledydook you would have known instantly the email was fake. Substituting email for mickeymouse gives validity to the address in the eye of the beholder. The gobbledygook part is not unusual, but I wish it wasn’t there.

Assuming the email is genuine, why on earth don’t companies use an address like:

I have not clicked on any of the links, but I forwarded it to Barclaycard internet security a week ago and only got their standard instant reply that states:
Stay safe online
Whilst Barclays may contact you from time to time with useful information related to products and services which may be of benefit. We will never send you the following:
– Emails containing attachments
– Emails with links taking you directly to our Online Banking Log in pages.
– Emails requiring you to reply with personal information such as date of birth, pin numbers or other security details.
– Emails containing alleged transaction activity.
– Emails related to invoicing of accounts or to confirm sales through retail websites.


If financial institutions want our trust, they have to do better than this.

I agree. The problem is aggravated by the inconsistency of many large companies who do routinely use derivates of their domain name such as “email.bbc.co.uk”, so it becomes difficult if not impossible for the average user to judge what is real and what is fake.

Just a quick glance at my email’s junk box reveals emails from “shop.bt.com” and “britannicaemail.com”, and these are – I believe – genuine sub-domains, so until all companies get their acts together what are we supposed to do?

I use SpamSieve to filter mail, and it’s pretty accurate, isolating almost all the potentially dodgy emails as they arrive, yet some are so convincing you often have to take a hard second look.

I cannot believe that e-mail is genuinely from Barclaycard, Alfa. Misspelling “gobbledygook” is a sure-fire giveaway and the other aberrations you mention support his.

I refuse to accept paperless billing for credit cards and this is a good example of why it is best avoided.

Now that breaking and entering, car theft, bank robberies, and other physical crimes are declining the criminal activity has penetrated inside companies. Despite apparently elaborate security systems and features it is possible for employees to act clandestinely and obtain customer information that can either be sold or misused. Almost any document can now be forged and presented on-line. Financial institutions change the formats of their on-line statements from time to time without informing their customers in advance so who is to know what is authentic? My policy used to be generally to trust things unless I could see they might be dodgy, but now it is necessary to distrust everything unless you can be sure it is genuine. And if that means making a few phone calls so be it [assuming the call-handling operation is entirely free of criminals, that is]. I often wonder how many temporary or casual operators are employed in financial call centres and how diligently they are checked and supervised.

🙂🙃🙂🙃🙂 LOL !!!

I might have known it would be you who noticed my deliberate spelling mistakes John.

I also refuse to go paperless where money is concerned.

I can verify your first paragraph Ian, as my e-mail address suddenly changed from (.com) to (.co.uk). I was completely unaware of this until a relative attempted to reply to an e-mail I sent him which was constantly refused. It was when he phoned me to question the reason why I could send messages to him but he was unable to reply to them when the changed address became apparent. My suspicions were then aroused as I had been receiving frequent calls offering to “fix the problem with my computer”.

I reported this to BT who advised me to change my computer password and make a point of doing this every 6 months, but it proved much more difficult to correct my e-mail address back to (.com). I have thankfully received no more suspicious calls offering to fix my computer since.

I realised you would have to make sure the link didn’t work, Alfa, in case anyone attempted to open it and got trapped. I didn’t open it. Some recipients receiving such a message might have forgotten that they too were on paper billing [for which credit card issuers make no charge] but opened it anyway. That is what scammers hope will happen and by using a lengthy URL hope people will not check it or notice its irregularity.

bishbut says:
20 November 2017

If in any doubt about any Email Delete it Do not even read it if you do not like your first view Deleted Email can be recovered back to your inbox easily Then check if it is real by other means Ways you know are genuine contact methods If informed it is genuine transfer it back to your inbox You can print any email to send to report it as dodgy Think carefully before opening any attachment that’s where viruses etc.usually are

Josephine Bacon says:
21 November 2017

The Clark’s story is an indication of how the fraudsters operate. For instance, when large sums of money are stolen from private bank accounts or the example of the investment company fraud, it is obvious that someone in the bank or investment company has passed on personal data to fraudsters. That is how money from the sale of property is diverted via solicitor’s offices to fraudulent bank accounts, someone in the solicitor’s office is perpetrating the fraud or colluding with it. The police cannot be bothered to investigate most of these fraudulent activities, a new and proactive force needs to be set up to deal with the massive amounts of attempted frauds. For instance, I run a translation company and for the past five years there has been a massive business in fake translators sending out fake c.v.s (sometimes stealing c.v.s of real translators) in order to hijack translation work and probably sell confidential details to third parties.

An update on Clarks.

My cheque refund arrived today so all good.

As I had divulged no bank details to them, I was willing to give them the benefit of the doubt and wait and see how I received my refund before taking it further.

But the experience did not fill me with confidence and companies need to handle our finances better.

No update on Barclaycard as they didn’t bother to reply.

I have been informed that the latest scam phone hack freezes -Chrome-Firefox and Brave browsers . you are asked to phone a scam telephone number to a well known American tech company , it gets you supplying your data to them then they invade your computer and scoop it up for profit . I wont go into tech detail unless asked.

Hundreds of millions of passwords have been stolen and appeared on the dark web , this happened a while back I was notified of a new password checker (USA) but its a prescription app but I did visit the big free one just to make sure its still there . It is and it will check Worldwide if your email password has been hacked for those that are not aware of this free app its available at https://haveibeenpwned.com/ I have checked the website out and its free from malware .

Duncan that for that link. Looks like “johnsmith@gmail.com” has been “pwned” but my gmail accounts may be OK.

Now I’ll wait and see if there’s any resultant spam…