Category: Cybersecurity

Fraud scams continue to plaque the general public and though they keep evolving they also remain the same in many instances. It is always important to stay aware of the types of scams out there to avoid falling victim to these fraudsters.

The following scams are quite common and knowing what to look out for allows you to stay safe.

Scam 1 – WhatsApp “Family Emergency Scam”

How it works

“Mom/Dad, I lost my phone, and this is my new number”

“Hi Mum, I dropped my phone and its broken this is my new number till I get my phone fixed.”

• The fraudster targets victims by messaging them through WhatsApp.
• This kind of message has variations of “this is an emergency and I need your assistance” .
• The message usually involves the fraudster impersonating a close acquaintance or family member with a request to send money, either to them or on their behalf.
• The reason behind the request often involves the fraudster stating that they can’t gain access to their own funds, they have a bill they aren’t able to afford or there is a current emergency that they need help with.
• The perpetrators usually pretend to be in a hurry, hoping the urgency will entice their victims to act immediately.
• More advanced fraudsters may target victims at specific times of day to enhance the urgency i.e. late evening just before banks close or on a Friday afternoon.
• The urgency will put stress on the victim and encourage them to make rash decisions they may not usually take under normal circumstances.

How to spot this type of scam

• In most cases, the phone number used to commit WhatsApp fraud is unknown, but will use a familiar profile picture, convincing the victim that they are communicating with a friend or family member.
• Criminals can easily copy a photo from other social media platforms, such as Facebook or Instagram.
• The fraudster creates a sense of urgency and pressures you to pay quickly.
• HOWEVER, fraudsters can also continue the scam over an extended period of time if they think they will eventually convince the person to pay them an amount.
• The fraudster may reference the change of phone number but quickly talks about needing assistance.
• Their message may include poor English but that is not always the case!
• The fraudster does not want to be called, always communicates through messages and finds excuses for not being able to take a call.
• The fraudster asks for money to be transferred to an unknown account often stating it belongs to a friend or someone they owe money to etc.

What to do?

• DO NOT PANIC or respond immediately.
• ALWAYS contact the person on the number you know, to confirm they are not really in an emergency.
• Do not engage with the fraudsters if at all possible.
• Report the number to Action Fraud UK, it assists them to determine numbers that belong to fraud syndicates.
• If you have got to a stage where the person has provided bank details, report those details to Action Fraud UK to enable investigations related to fraudulent accounts.
• If you have made a payment, immediately inform your bank.

• We (or any bank) will never ask for your full password
• We (any other bank or the police) will never contact you out of the blue to ask for your PIN, or to move money to another account
• Just because someone knows some of your personal information doesn’t mean they’re legitimate
• Contact your bank immediately if you think you’ve fallen for a scam and report it to Action Fraud
• Always call your bank back on the usual and trusted telephone number, such as the one on the back of your bank card. This is also true for anyone that contacts you out of the blue from an unfamiliar number claiming to be someone you trust.

Scam 2 – Interception fraud

How it works

• Interception fraud is when criminals steal information such as email usernames and passwords allowing them to hack personal or business email accounts.
• Email interception can happen in a number of ways including phishing, spoofing, phone cloning or hacking or putting malicious software (such as key loggers) onto a computer.
• The main purpose of the interception is to impersonate a legitimate person/business.
• It is common for this method to be used to change bank details contained in a legitimate invoice, so money is sent to a fraudster’s account.

How to spot this type of fraud

• A change in email address. In most instances the fraudulent address has a single letter difference to the legitimate address, which is not easy to spot – for example a slight spelling difference in the name using “a” instead of “o”. In rare instances the email domain name differs completely.
• Beneficiary details within the invoice have changed (if you have paid this beneficiary before).
• Spelling mistakes within the invoice, sometimes this is overt, but at other times this is not as obvious.
• The fraudster may create a sense of emergency to put the victim under increased stress
• The bank might reject the first payment – the fraudster then typically asks you to make the payment into a different account. The amount of the payment might be the same, or different.

What to do?

• Before making payments to invoices sent by email, contact the company on their publicly available phone number to confirm the bank details provided in the invoice.
• Check that bank details match previous details if you have paid the person/business in the past. Question them if the details have changed. There are times when it is a legitimate change.
• Check the email address and domain for errors.
• Consider the type of account you are making the payment to – for example the account details might belong to an individual, but you are making a payment to an organisation
• If a payment has been made to one of these accounts and it does not appear to be legitimate contact your bank immediately.

In both these types of scam, the fraudsters trick a person into making the payment. They will often withdraw funds immediately after it is received making it almost impossible to recover the funds paid.

What would you do if a loved one needs money in an emergency?

It’s 8pm and you have just sat down to relax for the evening when your mobile phone buzzes. You have received a text message and you don’t recognise the number. It reads:

“Hi Mum. Help! I broke my phone last night and this is my new number while my phone is being fixed. Message me when you see this.’’

In a panic you ask how you can help and they respond.

“I can’t do my banking on this new phone and I have to make an urgent payment. If I send you the details can you pay it for me now and I’ll pay you back later? Xx”

Fraudsters can be an opportunistic bunch, however, these types of scams, as many are, can be very sophisticated. Criminals will spend many hours researching their victim. They can begin simply with attempts to get you to divulge some personal and/or financial information, such as in the example above where they know the potential victim is a mother. This information can be used to help them impersonate someone you trust and pressure you into doing something without thinking it through. Their ultimate goal is to steal your money.

By impersonating someone you trust, fraudsters try to pull you in to a conversation. After all, at this point, how would you know it’s not genuine? There are a few red flags in the above example. Firstly, the message is from an unfamiliar number, secondly there is a request for money and thirdly there is a sense of urgency.

It is important never to be panicked or rushed into doing something you normally wouldn’t do. You should never give out personal information or make a payment unless you are 100 percent sure it is genuine.

According to a survey by UK Finance’s Take Five to Stop Fraud campaign, those under the age of 35 are more likely to have been targeted with an impersonation scam and been swayed to provide personal or financial information. Alarmingly, less than half the people surveyed, across all age groups, said that they always take steps to check if an organisation or person is genuine when they are asked for personal information out of the blue.

During the first half of 2021, criminals stole a total of £753.9 million through fraud, an increase of 30 percent compared to the first half of 2020. The advanced security systems used by banks prevented a further £736 million from being taken.

The COVID-19 pandemic brought an evolution in fraud as face-to-face was halted and we were forced online. New digital scams were developed for targeting victims. The latest figures released by UK Finance show that despite the efforts of the finance industry the scale of the problem is still growing.

What many scams have in common is that criminals use online platforms, including fraudulent online advertising using social media, search engines and fake websites to convince you they are genuine. For example, you could see a too good to be true online offer for a holiday abroad. After following the link or using a search engine to locate the company online, you are presented with a professional looking website that fills you with confidence that it is all above board. The reality is, unfortunately, the online advert and website are scams to get you to transfer money to the fraudster’s account.

Follow this simple rule: If it looks too good to be true, chances are it is.

To combat things of this nature, the UK government is looking to introduce a bill to establish a new regulatory regime to address harmful content online.

The Online Safety Bill has five objectives:

• to increase user safety online.
• to preserve and enhance freedom of speech online.
• to improve law enforcement’s ability to tackle illegal content online.
• to improve users’ ability to keep themselves safe online.
• to improve society’s understanding of emerging social harms.

In the near future, UK organisations providing user-to-user and search services, where users are able to post their own content, interact with other users, or search engines, will have to follow new rules in order to protect their users. The bill will require platforms to put in place “proportionate systems and processes to prevent fraudulent adverts being published or hosted on their service. This will tackle the harmful scam advertisements that can have a devastating effect on their victims.” This includes those linked with investment and romance scams. These organisations will also be required to remove illegal material, particularly material relating to terrorism and child abuse, and private messenger platforms will need to take steps to protect their users.

The Online Safety Bill is an opportunity to ensure greater protection against financial fraud and make online platforms a safer place. Organisations failing to comply could find themselves with large fines.

Going back to the original question “What would you do if a loved one needs money in an emergency?” You should stop and think, could this be a fraud attempt? And then make sure that it is legitimate before parting with any personal information or money.

Below are five top tips to help avoid falling for a fraud attempt.

• We (or any bank) will never ask for your full password
• We (any other bank or the police) will never contact you out of the blue to ask for your PIN, or to move money to another account
• Just because someone knows some of your personal information doesn’t mean they’re legitimate
• Contact your bank immediately if you think you’ve fallen for a scam and report it to Action Fraud
• Always call your bank back on the usual and trusted telephone number, such as the one on the back of your bank card. This is also true for anyone that contacts you out of the blue from an unfamiliar number claiming to be someone you trust.

• Bonus tipShort on time? Go online! Remember that if you inadvertently give out your debit card details to a fraudster it can be quicker to cancel your card online or via mobile app.