Phishing is the name given to the practice of sending emails at random, which claim to come from a reputable company such as your bank. The emails attempt to trick people into disclosing sensitive information at a bogus website ‘phishing site’ operated by fraudsters. These emails usually claim that it is necessary to “update” or “verify” your customer account information and they urge you to click on a link in the email which takes you to a phishing site. Sometimes the email won’t contain a link; instead the recipient is asked to provide information on an form attached to the email. Any information entered on the phishing site or form will be used by the criminals for their own fraudulent purposes.
Who is the email from?
Phishing emails look like they come from a real email address from a reputable organisation such as a bank. However, it is relatively simple to create a fake entry in the “From:” box, so it should not be viewed as a guarantee that it has come from the person or organisation that it says it did. In this section we have used the example ‘MyBank’, but the phishing email could easily be manipulated to appear to come from any high street bank or well-known company. Who is the email for?
The emails are sent out at random to bulk email address lists. The fraudsters will almost certainly not know your name or anything else about you, and will address you in vague terms like “Dear Valued Customer”. Take a closer look at the email, does it look “phishy”?
Does the email:
- Address you in vague terms, such as “Dear Sir or Madam”?
- Ask for personal information, such as your online banking login details?
- Ask you to click on a link in the email or download an attachment?
- Come from an organisation you don’t normally deal with?
- Contain odd ‘sp3lling’, have poor grammar or use ‘CaPiTals’ in strange places (phishing emails do this in an attempt to avoid spam filter software)?
If the answer is yes to more than one of these questions, the chances are that you’ve received a phishing email.
In this example phishing email (above) you are asked to click on a link and confirm your data.
You should never log in to your online bank account having clicked on a link in an email. If you want to log in to your online bank account, you should open your internet browser and type the bank’s web address in yourself. Hover (but don’t click) your mouse pointer over the link, it should show you the real web address, as shown in the box below.
Be very cautious if it looks nothing like the genuine company’s web address. If you are still unsure whether an email request claiming to be from your bank is genuine or not, contact your bank on an advertised phone number.
Where’s that link going to? Don’t be fooled into thinking that just because the link uses your bank’s name that it is genuine. It’s possible to disguise the real destination of a link in an email. It may look like it is taking you to your bank’s website but, in reality, you could be directed to a fraudster’s bogus site.
Remember: You should never log in to your online bank account having clicked on a link in an email. If you visit a website after clicking on a link from an email, there are many ways of disguising the true location of a fake web site in the address bar. The site address may start with the genuine site’s domain name, but that is no guarantee that it points to the real site. Other tricks include using numerical addresses, registering a similar address (such as www.mybank-verify.com), or even inserting a false address bar into the browser window. Many of the links from these pages may actually go to the genuine web site, but don’t be fooled. Instead of displaying a completely fake website, the fraudsters may load the genuine website in the main browser window and then place their own fake pop-up window over the top of it. Displayed like this, you can see the address bar of the real website in the background, although any information you type into the pop-up window will be collected by the fraudsters for their own usage.
To access your online banking account, type the address into a new window yourself. The address of your genuine bank site will start “https” and will include a small padlock in the bottom of the browser window. If you receive a suspicious email, please inform your bank as directed on their web site and forward the email to our report a scam email address.
- Banks will never email you to request that you “confirm” or “update” your password or any personal information by clicking on a link and visiting a website.
- Treat all unsolicited emails with caution and never click on links from such emails and enter any personal information.
- To log-on to internet banking, open your web browser and type the address in yourself.
- If in doubt about the validity of an email, or if you think that you may have disclosed information to a fraudulent site, contact your bank immediately on an advertised number.
Vishing is when fraudsters make voice calls posing as someone from a bank or building society, the police or another legitimate organisation such as a telephone or internet provider. They may already have your name and address but will ask you to confirm these and your date of birth. They will then ask you other questions in an attempt to obtain financial information such as bank account details, PIN or password, or credit or debit card details. They will often say there has been an unexpected spend or security issue with your account so they need you to provide extra details.
Some fraudsters will say they need to collect your card to stop the fraud and will send a courier to your house to pick it up. They will probably ask for your PIN and may ask for your cheque book. They will then spend as much money as possible until your real bank contacts you about the sudden spending. If the fraudsters are pretending to phone from your internet provider, they may ask for your computer password, or ask to take over your machine remotely and install spyware that will collect your account details the next time you make an online purchase.
Remember NEVER give anyone your PIN or passwords in full!
Malware is an abbreviation of ‘malicious software’. It is a programme or computer virus that is installed without your knowledge or consent. There are many varieties of malware, but most are designed to spy on you, fool you, collect personal information or damage your computer. The most common type of malware is a ‘Trojan’, that can be installed on your computer without you realising. It is usually designed to steal sensitive information from your computer and perform unauthorised actions. For example:
- Launch pop-up windows in front of your genuine online banking page that look like they’re your bank’s website, but trick you into making a payment to someone else’s account.
- Insert extra fields, not normally found on your online banking website, to get your details.
- Record the words and numbers you type when you use your computer keyboard to get your online bank account login information.
- Watch you using your webcam, hoping to catch you in a compromising position so they have blackmail material they can use against you, or material they can sell to others.
- Stop you accessing your files until you pay a ransom or install a ‘fix’.
- How does a computer get infected?
The most common ways to become infected with malware are through visiting explicit websites, clicking on malicious links in spam emails and illegal file sharing e.g. downloading pirated movies or music. Malware emails can come as almost any kind of message, so you need to be suspicious of all emails you weren’t expecting from people you don’t know. The emails usually try to get you to click on a link by alarming you (e.g. “your card will be charged”), or by tempting you with some dramatic information (e.g. “new sighting of Loch Ness monster” or intriguing you (e.g. “someone has sent you a private message”). Websites that install malware may look completely normal, although sometimes a program will launch unexpectedly, or you may notice a lot of activity on your internet connection as the files are downloaded. The malicious code can be hidden behind even the plainest looking page and downloaded with other non-malicious software packages.
How do I protect my hardware from malware?
- Install anti-virus, anti-spyware and browser security software, keep it up-to-date and run regular security scans.
- Install and learn how to use a personal firewall. For extra protection, use hardware firewalls.
- Install the latest operating system and web browser security updates, also known as patches or updates.
- Treat all unsolicited emails (especially those from unknown senders) with caution and never click on links in these emails.
- Be very cautious when you download executable files (.exe) or zip files (.zip) from the internet or via email.
- Research the website or sender to make sure it’s from a trusted source.
- Read email messages in plain text for increased protection.
- Take notice of any alerts and warnings you receive from your browser and anti-virus products.
What should do I if I suspect I have malware?
If you think your computer has malware, try to remove it using anti-virus software, or seek the support from your computer or software supplier. If you have used any online banking services recently, contact your bank so they protect your accounts from fraud.
‘Money mules’ or ‘money transfer agents’ are recruited by criminals to help move stolen money around i.e. launder the proceeds of financial fraud. Many of the criminals carrying out financial fraud are located abroad, so they need someone based in the UK to send the stolen money overseas. The money mule receives money into their bank account and then transfers most of it to another account, or sends it directly to the criminal using a wire transfer service.
The money mule is allowed to keep a small percentage of the money paid into their account. The fraudsters pretend they are offering legitimate jobs with advertisements for ‘UK representatives’ or ‘agents’. They may offer the job for a short period of time and say it is to avoid high transaction charges or local taxes. They will advertise in newspapers or on the internet. The adverts may have poor English or they may have copied a genuine website’s content and have a similar web address to make the job seem authentic. They often target vulnerable people, such as migrant workers, students and low-income earners, who may be tempted by this easy way to make extra cash. Although it sounds like an easy way to make money, any ‘wages’ you get from working as a money mule will be removed from your account by your bank as soon as they find out they are the proceeds of fraud.
Money mules are the easiest part of the chain for the police to track down and you will become involved in their investigation. Your bank account will be closed down and details of the activity shared with other banks, making it hard for you to open up another bank account in future. Even if you have nothing to do with the actual extraction of funds from another person’s account, by allowing your account to be used to receive and transfer such stolen funds, you will be acting illegally. Ignorance is no excuse. Innocent victims of the money mule job offer can face a criminal conviction of up to 10 years’ in prison!
NEVER allow someone else – particular people you don’t know – to use your bank account!
Fraudulent business opportunities promise you the chance to earn extra income or become financially independent, by setting up your own business or taking on extra work.
The opportunity usually says you can choose when you work and how much you work so you can fit it round other responsibilities.
Often they offer you the chance to earn a lot of money in a short space of time. The work could involve filling envelopes, assembling products or selling goods or services through your own website. However, any products or services you are asked to sell are worthless and you won’t be able to sell them. You will be asked to pay money up front to register with the scheme, buy customer leads, set up your website, buy products to sell on, or receive an instruction manual on how to run your business.
If you’re asked to assemble goods or fill envelopes, the fraudsters will find fault with your work and use it as a reason for not paying you. Many of these schemes are straightforward pyramid schemes, where you will only earn money by introducing other people to it. For example: by selling them copies of the instruction manual. They are frequently advertised online, in spam emails, in newspapers or magazines, or they may appear as a leaflet or letter through your door. Remember: if it sounds too good to be true, it probably is!
Investment fraud comes in a wide-variety of schemes, including these commonly used ones: Shares, Investments and Boiler Room Scams Bogus stockbrokers, usually based overseas, telephone their victims to pressurise them into buying shares that promise high returns, but they are either worthless or do not exist.
The stockbroker will sound professional, have an impressive job title, credible website and their business may well seem legitimate at first glance. They will claim to have lots of relevant experience, years of making successful investments, and inside knowledge of the investment area they are trying to sell you shares in. They will use technical jargon that they hope will confuse but impress you. They will back up their claims with faked research reports. They may also promise to continue to send you free investment research, ‘secret’ stock tips, and special discounted investment opportunities. They will lead you to believe that you will have an on-going relationship with them as your stockbroker. They tend to target high-income earners and/or people of retirement age who have received a lump sum of money for their retirement. They also target people who have recently suffered the death of a close family member and who may be in a vulnerable emotional state. People who have recently lost a parent are targeted most as there is likely to be an inheritance to be received/invested/fraudulently stolen.
The fraudsters may give you false share certificates and other documents to make the investments seem credible. As with many fraudulent schemes, you’re likely to be encouraged to keep your investment secret to ensure you receive maximum returns. This allows the fraudsters to get away with their scheme for a longer. Particularly bold fraudsters may ask you to introduce them to other people you know who may have money to invest. Once the fraudsters have squeezed whatever money they can from you, your family and friends, they quickly disappear. The shares they leave you with are either worthless, not really yours or do not exist. Share sale frauds tend to start with a telephone call out of the blue. Using hard-sell techniques, the fraudsters try to pressure you into making rushed decisions, giving you no time to consider the nature of the investment. Always be suspicious of anyone pressurising you into making a purchase or investment!
If you have been a victim of investment fraud, you are now more likely to be targeted by other fraudsters as fraudsters sometimes share or sell details of people they’ve successfully targeted. They may approach you again with a different scheme and ‘stockbroker’ but the tactics and result will be the same. Victims of investment fraud may be approached by people claiming to be from a fraud recovery agency, or acting as lawyers or police officers offering to help you trace and recover the money you lost. They ask for a fee for the investigation but never attempt to get you your money back. Goods Sold as Investments Fraudsters may offer high-value goods such as diamonds, gold, gemstones, art, antiques, fine wine, and shares. They will tell you that these goods make excellent and guaranteed investments. They will promise you that the goods can be sold on easily for a much higher price, offering a return on your investment that is much more attractive than a conventional investment. The promised return may be in the form of income, interest or profit. In reality, the investment offered is over-priced, very high risk and difficult to sell on. Remember: if it sounds too good to be true, it probably is too good to be true!
Property investment fraud can happen in a variety of ways. Usually you are offered the opportunity to buy properties at a discount. Often these properties are abroad and not yet built. They may be in an undeveloped area that the fraudsters will claim is the next big tourist destination. They may tell you of all the hotels opening in the area and show you glossy holiday brochures. They will tell you if you get in early and pay for the property before is built, it will be worth so much more in a year or two. They may even say you’ll make enough money in a few years to buy more properties. They will encourage you to invest as much as you possibly can because it is such a good opportunity. Some people have invested all of their life-savings because these schemes can seem very convincing. But you may find out that the land you’ve bought is either agricultural, derelict, or unsuitable for development. It may have had planning permission refused.
The builders and the fraudsters will disappear and you may lose all the money you invested. Alternatively, fraudsters may offer to train you to become a property millionaire. They will offer a free presentation where they persuade you to hand over money for a seminar or course promising to teach you all the tricks of how to make money dealing in property.
The seminar or course may be of little use or never materialise. Another variation is buy-to-let fraud, where companies offer to source, renovate and manage properties, claiming good returns from rental income. In practice, the properties are in undesirable areas, near-derelict and the tenants non-existent. Alternatively, you may be sold a buy-to-let holiday home on the promise that it will make you a guaranteed extra income, but in practise the rent you can charge the holiday-makers is less than the running costs of the property.
Pyramid schemes reward people for getting others to join a business that offers a non-existent or worthless product. The fraudster advertises the opportunity to make large profits for little or no risk. You pay a fee to enter the scheme and are paid a percentage for each new member you can persuade to join. New members are then told to recruit others to keep the chain going.
Your money is not actually invested in any product. Instead, it’s passed up the chain to those who started the scheme. Because pyramid schemes are unauthorised and make nothing of value, you’re very unlikely to recover your investment. The fraudster at the top of the pyramid will collect most of the profits while those who joined later will lose out.
Legitimate trading schemes rely on valuable goods and services, while illegal pyramid schemes focus simply on recruiting more and more members, each of whom pay a joining fee. Frequently using hard-sell techniques, the investors in the pyramid scheme pressurise you into joining, telling you that you’re stupid to miss out on a discount or the income you could get from investing early.
Fraudsters aim to make their business seem legitimate. This will often use technical jargon, impressive job titles and mock websites to look credible. If you have any suspicions about a scheme’s authenticity, investigate the company’s status and contact details, research their background and people who work for them.
You may receive an email, phone call, letter or pop-up when you’re visiting a website telling you that you’ve won a ‘free’ holiday. To claim your prize, you may be told you need to attend a presentation, usually at an expensive hotel. The presentation is deliberately long, during which time you may be offered free champagne or wine. You’ll be told that you have to stay until the end of the presentation to claim your prize, by which time the organisers hope the alcohol will have worked its magic on your mood and critical thinking abilities. There will be glossy and convincing brochures and you’ll be made to feel as if you’ve been specially selected to join an exclusive holiday club offering top-class accommodation all over the world. They will show you tempting photos of places you could stay and make it sound like an incredible offer. At the end of the evening you will be pressurised into signing a contract to join a holiday club to claim your free holiday. Whether you sign or not, you’ll later discover that your ‘free’ holiday isn’t free. Instead, you will be asked to pay for flights, service fees, cleaning fees and other add-ons, which will add up to be quite expensive.
If you join the holiday club, you may also discover when you attempt to book a holiday, that destinations are neither guaranteed, nor available when you want them. The beautiful destinations in the presentation may never be available and your choices may be limited to less attractive places and more basic accommodation. You’ll discover that what you were told during the sales pitch and presentation is very different to what the contract stipulates. You may even find yourself locked into expensive annual fees and charges. Always read the small print and never sign a contract after a long evening of free alcohol!
Timeshare fraud involves similar tactics, sometimes offering you the chance to become a property millionaire from buying a share in a property that you can use or rent out for a certain number of weeks every year. Usually, you’re promised an expensive gift if you stay until the end of the presentation. Sometimes, the property involved may not exist or it may fall well below the standards described in the presentation or in the seller’s glossy brochures.
You may think you’ve met your perfect partner, but they might not be who they say they are. In dating scams, you are approached by someone on an internet dating website or chat room, often claiming to be from overseas or a part of the country far away from you. They show an interest in you and seem to say all the right things. Gradually, you develop a long-distance relationship through emails, instant messaging, texting and phone calls. As the relationship develops, your exchanges become more intimate. The person you have fallen for will probably send you photographs, give you a pet name and ask you for naked photos. They may ask you to perform sexual acts in front of a webcam, particularly if you are female. Once the fraudsters are confident that you have enough sympathy and desire for them, they will tell you about a problem they are experiencing and ask you to help out by sending money. For example:
- They’ve arranged to visit you but need money to pay travel costs, visa costs etc.
- They’ve paid for a plane ticket which is then stolen and can’t afford a replacement
- A family member or someone else they are responsible for is ill and they need money for medical treatment.
At first this may sound genuine, but you have probably been in contact with several members of a criminal gang. Once you send them money, the fraudsters will keep coming back with more reasons as to why you need to send them money. If you have sent them revealing pictures or films, the fraudsters will threaten.
Fraudsters contact you via email or letter to tell you you’ve won a large sum of money in an international lottery, sweepstake or other prize draw. Spanish, Canadian and Australian lotteries are among the most common scams. To claim your winnings you are asked to contact someone at the lottery company. You are warned to keep your good luck a secret and, if you don’t respond quickly, you won’t be able to claim your winnings. Either the lottery doesn’t exist or the fraudsters use the name of a genuine lottery, but aren’t anything to do with the genuine lottery. There is no prize money. If you respond to the fraudster, you’ll be asked to:
- Supply personal information and copies of official documents, such as your passport, to prove your identity. The fraudsters will then use this information to steal your identity.
- Pay various taxes, legal fees, banking fees etc. so that they can release your non-existent winnings.
Each time you make a payment, the fraudsters will come up with a reason why your winnings can’t be paid out unless you make another payment. They’ll also give you reasons why the fees can’t be taken out of your winnings and have to be paid up front.
The fraudsters may also ask for your bank details, saying they will pay your winnings directly into your bank account. But if you hand over your bank details, the fraudsters will use them to empty your account. Remember: when you’ve won a prize, you should not have to pay to receive it!
Fraudsters use a range of techniques and scams to get hold of your personal and financial details, but what do they do once they have these details?
They can do a lot, but these are the most common things:
- Identity theft where fraudsters pretend to be you in order to purchase goods, obtain official documents (like passports or driving licenses) and start bank accounts, credit cards, loans, mobile phone contracts and benefit claims in your name.
- Card not present fraud – the most common type of fraud in the UK – where fraudsters use your card details to buy things over the internet, by phone, fax or post i.e. using payment mechanisms where they don’t need to hand over a physical card.
- Lost or stolen card fraud where the fraudsters use your card to buy goods before you report the card missing.
- Counterfeit card fraud, or skimming, can involve a fake card, or a valid card that’s been altered. Most cases involve skimming, when the data on your card’s magnetic strip is electronically copied on to another card without your knowledge. Skimming commonly occurs at retail outlets – particularly bars, restaurants and petrol stations – and at cash machines that have been illegally fitted with a skimming device. The stolen data is then used to create counterfeit cards.
- Mail non-receipt fraud where fraudsters steal your new credit or debit card before you receive it by intercepting your post, which can be easy done if you have a communal letterbox in a block of flats or a student hall of residence.
- Cheque fraud is where the fraudsters use a fake, stolen or altered cheque to get cash or pay for services, or write a cheque that won’t clear because there isn’t enough money in their account.
- Online shopping fraud where buyers don’t receive their goods, or the goods are not as described, or sellers do not receive payment, or sellers steal the buyer’s payment details and identity.
- Data hacks where fraudsters hack into a merchant’s database to steal payment details that are stored on their servers.
- Health scams offering miracle cures that don’t work or fake drugs that aren’t what they claim to be and may be dangerous to your health.
- Clairvoyants and psychics that claim to have seen something terrible or wonderful in your future, but demand money to tell you more, change your luck, give you the lottery numbers or to relieve a curse.
- Charity donation fraud where the collector keeps the donations, collects for a fake charity or steals your payment details when you make online donations.
- Premium rate telephone competitions that are very expensive to enter – these aren’t fraud, but they are scams!