/ Technology

Scam watch: fraudsters hack email to pose as customer

email scams

A member discovered his email had been hacked by fraudsters who plundered his details and attempted to steal funds using his signature. When his investment company contacted him, he knew it was an email scam.

Member Andrew Williams told us:

‘My investments are managed by a London-based company. Recently it phoned me to check a suspicious email that appeared to be from me, requesting the transfer of a large sum of money to a German account.

‘I never sent the request. It was an email scam and my email account had been hacked.

‘The scammers stole an image of my signature from an email and had created settings that meant I never saw the fraudulent email, nor any replies.’

Our say on email scams:

It’s lucky that in this case, the investment company was suspicious of this email.

If the money had been transferred, then currently Mr Williams would have no legal right to get the money back from his bank. However, as the email was sent to his investment company, Mr Williams may have been able to claim it back by challenging the company, arguing that it had been negligent in its duties.

Should that have been unsuccessful, he could have escalated the matter to the Financial Ombudsman Service and then ultimately the courts (small claims track if the amount was less than £10,000).

Email scams will often involve conveyancing fraud, where a hacker poses as a solicitor and asks house buyers to transfer their deposit. Huge sums have been lost this way.

Another email scam sees individuals or businesses receiving fake invoices from someone pretending to be a builder or supplier with whom they’ve worked. If you receive a payment request via email, it’s wise to confirm with the payee by phone using a contact number obtained independently.

That applies even if you expect to receive an invoice, as that’s often when your guard is down and fraudsters take the opportunity to pounce.

There are some simple steps you can take to protect yourself against email scams. Change your password immediately if you ever fear it has been compromised. Avoid checking your emails on public wi-fi networks, and use two-factor authentication for extra security.

Always contact your bank if you lose money to a scam, and report it to Action Fraud (tel: 0300 123 2040).

Currently, the regulator is proposing that we introduce a reimbursement scheme for those who fall victim to bank transfer scams.

Comments

This comment was removed at the request of the user

Until a MP or MPs lose money through a scam nothing will quickly change Most do not seem to know much of what goes on in the real world Pressure groups must increase the pressure to get anything done that needs doing quickly Its months and months of debate then someone objects and it all has to start again

I have had 2 slightly disconcerting things happen in the last week. So the first one.

I went into Clarks and the boots I wanted were unavailable, so I ordered them in-store, paid for by credit card, to be delivered to my home. They sent me an order confirmation email.

As they didn’t fit well, I returned them.

I received a refund notification email from Clarks stating:
This email indicates that your order amount has been refunded successfully.

So you would think that was all sorted and I could just check my credit card statement to make sure the refund had gone through ok.

However, the following day I received a text from Clarks stating:
Hello from Clarks. We have received your recent return. In order for us to process your refund, please contact Clarks Customer Care on 01458899906. Many thanks.

It is not unusual for companies to have a range of phone numbers, but I cannot find anything on that number, only Clarks numbers ending in 1 or 4. A search directs you to an officecontactnumbers website and even mentions Clarks, but the number is not actually found on that page.

So I called the number thinking they were querying my request for a refund on the postage. When ordering in-store, there are only 2 options of receipt: deliver to store, or next day delivery to home for £5.95. As my order was over £50 and qualified for free delivery, the shop assistant deducted £5.95 from the price of the boots. I had included an explanatory letter requesting a refund of the full cost of the boots.

When I called, I was asked for my sort code and bank account number so they could process my refund. Apparently, Clarks don’t have my credit card details so they cannot refund me on the card I paid with.

They have my name, address, order number, phone number, email address, but don’t retain payment details?

This all just rang alarm bells with me.

I have opted for a cheque to be sent in the post.

This suggests to me, Alfa, that there is somebody within the Clarks company who has access to customer information derived through the sales activity and is misusing it to obtain access to bank accounts. If I were in your shoes [boots not being fit for the purpose] I would report this to Action Fraud – the UK’s national fraud and cyber crime reporting centre: https://actionfraud.police.uk/

You could be right John, although the phone call sounded perfectly plausible.

The Clarks website states for goods returned to store, you will receive a refund by the same method as you paid. It doesn’t say how you will get refunded for postal returns.

I think I will give their main number a call on Monday, as it has definitely left me with a funny feeling about it.

The second one:

I received an email out of the blue from Barclaycard stating my Barclaycard payment is now due.

It sort of looks genuine. It has my first name and card ending in the correct last 4 digits. However…..

There is a Pay your bill button.
Hovering over it, the address is http://email.barclaycard.co.uk/a/gobbledydook.

First thing, you would expect any financial transaction to go to a secure https address.

If the above address had been http://mickeymouse.barclaycard.co.uk/a/gobbledydook you would have known instantly the email was fake. Substituting email for mickeymouse gives validity to the address in the eye of the beholder. The gobbledygook part is not unusual, but I wish it wasn’t there.

Assuming the email is genuine, why on earth don’t companies use an address like:
https://www.barclaycard.co.uk/payments/…..

I have not clicked on any of the links, but I forwarded it to Barclaycard internet security a week ago and only got their standard instant reply that states:
Stay safe online
Whilst Barclays may contact you from time to time with useful information related to products and services which may be of benefit. We will never send you the following:
– Emails containing attachments
– Emails with links taking you directly to our Online Banking Log in pages.
– Emails requiring you to reply with personal information such as date of birth, pin numbers or other security details.
– Emails containing alleged transaction activity.
– Emails related to invoicing of accounts or to confirm sales through retail websites.

Hmmm…

If financial institutions want our trust, they have to do better than this.

I agree. The problem is aggravated by the inconsistency of many large companies who do routinely use derivates of their domain name such as “email.bbc.co.uk”, so it becomes difficult if not impossible for the average user to judge what is real and what is fake.

Just a quick glance at my email’s junk box reveals emails from “shop.bt.com” and “britannicaemail.com”, and these are – I believe – genuine sub-domains, so until all companies get their acts together what are we supposed to do?

I use SpamSieve to filter mail, and it’s pretty accurate, isolating almost all the potentially dodgy emails as they arrive, yet some are so convincing you often have to take a hard second look.

I cannot believe that e-mail is genuinely from Barclaycard, Alfa. Misspelling “gobbledygook” is a sure-fire giveaway and the other aberrations you mention support his.

I refuse to accept paperless billing for credit cards and this is a good example of why it is best avoided.

Now that breaking and entering, car theft, bank robberies, and other physical crimes are declining the criminal activity has penetrated inside companies. Despite apparently elaborate security systems and features it is possible for employees to act clandestinely and obtain customer information that can either be sold or misused. Almost any document can now be forged and presented on-line. Financial institutions change the formats of their on-line statements from time to time without informing their customers in advance so who is to know what is authentic? My policy used to be generally to trust things unless I could see they might be dodgy, but now it is necessary to distrust everything unless you can be sure it is genuine. And if that means making a few phone calls so be it [assuming the call-handling operation is entirely free of criminals, that is]. I often wonder how many temporary or casual operators are employed in financial call centres and how diligently they are checked and supervised.

🙂🙃🙂🙃🙂 LOL !!!

I might have known it would be you who noticed my deliberate spelling mistakes John.

I also refuse to go paperless where money is concerned.

I can verify your first paragraph Ian, as my e-mail address suddenly changed from (.com) to (.co.uk). I was completely unaware of this until a relative attempted to reply to an e-mail I sent him which was constantly refused. It was when he phoned me to question the reason why I could send messages to him but he was unable to reply to them when the changed address became apparent. My suspicions were then aroused as I had been receiving frequent calls offering to “fix the problem with my computer”.

I reported this to BT who advised me to change my computer password and make a point of doing this every 6 months, but it proved much more difficult to correct my e-mail address back to (.com). I have thankfully received no more suspicious calls offering to fix my computer since.

I realised you would have to make sure the link didn’t work, Alfa, in case anyone attempted to open it and got trapped. I didn’t open it. Some recipients receiving such a message might have forgotten that they too were on paper billing [for which credit card issuers make no charge] but opened it anyway. That is what scammers hope will happen and by using a lengthy URL hope people will not check it or notice its irregularity.

If in any doubt about any Email Delete it Do not even read it if you do not like your first view Deleted Email can be recovered back to your inbox easily Then check if it is real by other means Ways you know are genuine contact methods If informed it is genuine transfer it back to your inbox You can print any email to send to report it as dodgy Think carefully before opening any attachment that’s where viruses etc.usually are

The Clark’s story is an indication of how the fraudsters operate. For instance, when large sums of money are stolen from private bank accounts or the example of the investment company fraud, it is obvious that someone in the bank or investment company has passed on personal data to fraudsters. That is how money from the sale of property is diverted via solicitor’s offices to fraudulent bank accounts, someone in the solicitor’s office is perpetrating the fraud or colluding with it. The police cannot be bothered to investigate most of these fraudulent activities, a new and proactive force needs to be set up to deal with the massive amounts of attempted frauds. For instance, I run a translation company and for the past five years there has been a massive business in fake translators sending out fake c.v.s (sometimes stealing c.v.s of real translators) in order to hijack translation work and probably sell confidential details to third parties.

An update on Clarks.

My cheque refund arrived today so all good.

As I had divulged no bank details to them, I was willing to give them the benefit of the doubt and wait and see how I received my refund before taking it further.

But the experience did not fill me with confidence and companies need to handle our finances better.

No update on Barclaycard as they didn’t bother to reply.

This comment was removed at the request of the user

This comment was removed at the request of the user

Duncan that for that link. Looks like “johnsmith@gmail.com” has been “pwned” but my gmail accounts may be OK.

Now I’ll wait and see if there’s any resultant spam…