It’s one of those gut-wrenching moments. You’ve clicked a link in an email, responded to a text, taken a seemingly innocuous phone call, made a quick payment and felt a sense of relief to have fixed a problem or paid a debt. Then a thought creeps in: could that have been a scam?
Digital fraud is becoming ever more pervasive. Once, criminals targeted vulnerable, often older people who were less likely to be technologically savvy; scams weren’t especially sophisticated, they were just cruel – a violating, embarrassing, sometimes life-shattering experience. Now, they are on the rise and becoming so hard to spot that any of us could find ourselves falling for one. Data from Barclays show that people aged 21-30 are now the most likely group to fall victim to a scam, despite the perception it won’t happen to them.
In the UK, £1.3 billion was lost to online fraudsters alone last year. Losses from authorised push payment fraud, where a victim is persuaded to transfer money to a fraudster, were in the region of £50 million back in 2014 – by 2020, they were at £480 million, and last year £600 million was lost to this sort of scam inBritain.
Scammers have become “psychological experts”, banks warn, toying with the emotions of their victims. Their use of technology has become more elaborate, too. Gone are the days of the shoddily written email begging for money to be wired to Nigeria – now, scammers use spoofing techniques to make it seem as if you’re really getting a call from your bank.
How, then, are you supposed to protect yourself? We take you through some of the most common scams, and what to do if it happens to you.
The ‘Hi Mum’ Whatsapp message
A message appears: “Hi Mum, my phone broke, this is my new number. You can save it and delete the old one.” There might be the odd emoji to really draw you in and make it more genuine. Still, it might seem strange.
“Is that you, Sophie?”, you reply, unwittingly giving the scammer your child’s name. “Yeah it’s Soph.”
Then a few minutes later: “Mum, I’m so sorry to ask, but I’ve got a bit of a problem. I need to pay for something and my banking app isn’t working on my new phone. Is there any chance you could pay it, and I’ll transfer the money to you asap?”
You transfer the money your child urgently needs, not realising you havebeen duped. It could take two or three more requests for it to dawn on you – it might not even be until you next speak to your offspring that you realise it was a scam.
Marion Ellis’s mother almost fell victim to the “Hi Mum” scam eight weeks ago when she received a message seeming to come from her daughter asking for £800. “She was adamant that it had come from me,” recalls Ellis. “I said: ‘Why? How could it?’ She said,‘Well it was just a really polite message.’ ”
The “tone of it” was enough to convince Ellis’s mother. It was only when her bank called to check she wanted to make the payment that the scammer was stopped. “They said: ‘Have you paid this person before?’ and asked her to call me.”
It is a prime example of a scammer preying on yourclose relationships in order to get money out of you. “In these situations, scammers try to play on your emotions and your instinct to try to help someone you care about,” says Ross Martin, head of digital safety at Barclays.
A message purporting to be from the Covid app was doing the rounds last year (see Judy Lomax’s story, opposite), as was a Royal Mail scam that claimed payment was required for an undelivered package.
These scams rely on you reacting tothe “urgency” in the message, saysRichard Emery, a bank fraud expert with independent consultancy 4Keys International who helps victims win back money.
“Very few genuine payments need to be made within the next 10 minutes,” he points out. “Do not allow yourself to be rushed into making apayment without speaking directly to the person concerned.”
How to keep yourself safe
A major red flag should be any request to make a payment to a new account. When it comes to messages that are apparently from a family member or friend, Emery suggests that you consider asking a niche question to verify if the person texting you is who they say they are. You could ask how the dog is, for example – when you know that your son doesn’t have a dog.
The bank impersonators
Impersonation fraud is on the rise. In 2021, there were 29,406 cases in the UK, up 39 per cent from the previous year. Some £137.3 million was lost to scammers – around £37 million more than in 2020.
These scams often begin with a phone call, with the caller claiming that there has been fraudulent activity on the victim’s account and they will need to transfer their money elsewhere in order to protect it. They can be very believable, with the call seeming to come from the bank’s own fraud line number and an authoritative voice on the other end of the phone using all the right jargon.
Lauren Frost’s 59-year-old mother-in-law was scammed out of her savings by someone impersonating her bank’s fraud team. He told her that her account had been compromised and someone was trying to transfer money. He made her pass security questions, sent her text messages that seemed to be from the bank while she was on the call to prove he wasn’t a scammer, and had her Google the telephone number to verify it was their fraud line.
“He even said to her, ‘If you’re still not happy, you can put the phone down and call me back.’ She thought, well, he wouldn’t say that if he was a scammer,” says Frost, a social media consultant. “He said, ‘You need to move your money because they’re trying to get it out of your account and it clears at 5pm.’ ”
She was then coached through transferring her savings in multiple transactions into a new account in her name. She lost £30,000, and would have lost more had there not been a daily limit on the amount she could transfer.
She only realised she had been defrauded out of her savings when she called her daughter-in-law.
“She said, ‘I was nearly scammed today but luckily this guy Darren [from the bank] called and saved me.’ ”
She is yet to get a penny back from Barclays and has been told that the bank is having trouble “tracking down the money”.
“She says looking back it seems so obvious,” says Frost, “but at the time, she was so panicked that someone was trying to steal her savings, and they seemed so authentic that she just believed them.”
She is by no means alone. “It’s rare that I have seen somebody become the victim of fraud when there hasn’t been significant manipulation by the fraudster – manipulation or false representation,” says fraud expert Richard Emery.
Telephone companies need to be forced to ban “unauthorised spoofing of phone numbers”, says Emery. “A fraudster can get a piece of software that sits on their iPhone that allows them to transmit any phone number they want thatwill then display as such on caller ID on your phone.”
How to keep yourself safe
Remember that your bank will never ask you to transfer money to a safe account or contact you to ask for your PIN or password. If you have been contacted by someone purporting to be from your bank and want to check the call is genuine, put the phone down and call the fraud line listed on the bank’s website – even if it looks the same as the one that just rang you.
Banking trade body UK Finance, which produces the annual fraud report (AFR), says you should never give anyone remote access to your computer following a cold call or unsolicited text. It recommends you forward suspicious emails to national regulator the Financial Conduct Authority at report@phishing.gov.uk and suspected scam texts to your mobile network provider on 7726. “If a scam text claims to be from your bank, you should also report it to them.”
The solicitor’s email
Imagine making the largest transfer you have ever made – tens if not hundreds of thousands of pounds worth of deposit for a new home – only to find that it has disappeared into the ether. It’s enough to make you feel ill.
Richard Emery regularly helps people win back money they have lost infake housing transactions. A recent client was due to transfer £450,000 to their solicitors. The day before completion, they received an email from their “solicitor” with the payment details. “The bank then proceeded to allow them to transfer £450,000.” Except the email wasn’t from their solicitor and the cash was transferred to an account controlled by a criminal.
It is known as conveyancing fraud, or an invoice and mandate scam. Fraudsters find a client who is in the process of buying and then hack the emails of the buyer, solicitor or some other trusted individual involved in the sale. A scammer will then watch and wait until a transaction is about to happen and create a spoof email address that appears to be the same as the solicitor’s (“cloned” email addresses often include extra full stops or hyphens in the name that are not immediately spotted). They will then message you from this email pretending to be the solicitor and advise that funds be transferred to their account.
Emails are still used for other forms of fraud too (though the messages of old, where someone would pretend to be an exiled prince promising the victim a share of money in return for a small up-front payment – a con known as a Nigerian 419 – are, if not less common, then less believable). Nowadays it might be a relatively slick email purporting to be from a firm about an unpaid fee.
“If you click on the link, you will almost certainly be asked for your debit card details, which is exactly what you would expect to give,” says Emery. “However, on the next page, they will also ask you to validate your identity and details by disclosing the name, sort code and account number on your bank account.
“We do give our bank details to people because people are going to pay us. But it is the combination of the whole lot [that is the problem]. Because they now know who you bank with.”
Fraudsters can use that information to then phone you and pretend to be from your bank, getting you into a second round of being scammed.
How to keep yourself safe
The AFR recommends you always confirm any bank account details directly with the company “either on the telephone or in person” before you make a payment or transfer any cash. If you are making a payment to an account for the first time, transfer a small sum first, then check with the firm using verified contact details that the payment has been received. Call your bank straightaway if you think you may have fallen for a scam.
The bad investment
The annual fraud report (AFR) from UK Finance shows that investment scams rose by nearly 50 per cent between 2020 and 2021, with £171.7 million lost to investment fraudsters last year. In fact, investment scams accounted for the largest proportion of losses of all types of authorised push payment scams in 2021.
Criminals often use cold calling tactics to make a victim think they need to act quickly or risk missing out on an opportunity. Dr Pete Brooks, chief behavioural scientist at Barclays, says taking your time can protect you from these fraudsters, who will be trying to pressure you to act fast. Investing should be a “very measured activity”, he says.
How to keep yourself safe
The AFR recommends that people becautious when presented with any opportunity marketed as “exclusive”, or any that pressurise you to“act quickly”. They also point out that most cryptocurrencies are not regulated by the Financial Conduct Authority (FCA) which means they are not protected by the UK’s Financial Services Compensation Scheme, so if you invest in crypto that turns out to be fraudulent, you may not be able to get your money back. You can check the FCA’s register for regulated investment firms. You can also check if an investment or pension opportunity you have been offered could potentially be a scam by taking theFCA’s ScamSmart test.
The romance scam
Romance scams accounted for less than 2 per cent of the total number of authorised push payment scam cases last year, but while they are not as common as other frauds, they are among the most emotionally damaging.
Payment service providers were able to return just 41 per cent of losses incurred in 2021, often because the payments were made over an extended period, meaning the criminal had moved the money by the time the scam was reported.
Millions watched Netflix’s The Tinder Swindler, which documented the story of Simon Leviev, who used the dating app to connect with people who he then manipulated into financially supporting his lavish lifestyle.
How to keep yourself safe
Research the person you are talking to on online dating sites. Upload their picture into a search engine and check that it isn’t associated with another name. Be alert to inconsistencies – spelling and grammar mistakes when they have described themselves as university educated, for example – and don’t meet them until you are confident they are who they say they are. And don’t send money to someone you have never met in person.
The internet fake
Purchase scams, where someone buys a product online that never arrives, are 15 times more common among 21-30 year-olds than over-70s. Social media sites are filled with fake ads promoting products that will never arrive. One friend in his 30s bought his girlfriend a sale-price designer dress. When his parcel arrived, he was handed a package the size of his hand with the word “dress” written on it. Inside? A piece of string.
Leah Borromeo, a London-based writer and filmmaker, says her partner twice tried to buy designer trainers online and was duped on both occasions. The first order was made on a convincing looking Veja website. “We never got the Vejas but some very fake Tom Ford sunglasses arrived in the mail,” she says.
The second was a pair of Nikes. “We got the shoes but the workmanship was a bit off. We took them to Nike Town [store on Oxford Street] where they said they were some of the best fakes they had seen.”
How to keep yourself safe
Be suspicious of any offers or prices that look too good to be true. Always use the secure payment method recommended by reputable online retailers and auction websites, and be wary of requests to pay by bank transfer. If you are buying an item made by a major brand, find a list of authorised sellers on their official website.
The victims
“It all began with a text from the NHS”
Judy Lomax, 82, is an author from West Sussex, a mother of four and a grandmother of 10.
I clicked through and was asked to pay £4.99 to renew the pass. I was surprised, but didn’t think too much of it. I gave my sort code and account number, as well as the three digit security code on my card.
Later that day, I was called by a manwho announced himself as Clive Graham, calling from HSBC’s fraud department. He asked if I’d had an NHS text and told me it was a scam and that as I’d given my account details, my account was compromised. While on the phone, I received texts from HSBC which appeared to corroborate that I was in the midst of a fraud emergency.
Each time I expressed doubt, another text would appear to reassure me, to “prove” his identity. “Judith Lomax you are currently speaking to Clive Graham from fraud operations please ask your dedicated investigator to confirm OTP:DHY788F.”
He told me I was a victim of a wider scam and the bank was now subject to an internal inquiry, for which he would need my help. He appeared to have access to my current account and told me I’d need to transfer money from my savings account to my current account, then make “dummy payments” to another account. This, he said, would help the bank trace the scammers. It might sound preposterous, but he was extremely convincing.
After each “dummy payment” a text would arrive to confirm it had been reversed and was being sent back to my account. He told me he would call the following morning, which he did and we went through the process again.
There were more dummy transfers, about which I was hesitant. I no longer wanted to participate in the investigation, but he was insistent and became quite aggressive at times. The act he was putting on was quite astonishing. At one point he even got me to do some acting too, getting me to call my “scammers” and get the name of the person I was talking to. He called back constantly throughout the day. By now I was regretting ever agreeing to help his investigation.
In his final call, he told me an arrest was imminent and that I might be visited by the police. The bank, he said, would like to offer me £250 for my contribution. When I heard nothing the next morning, I knew I had been a victim of a scam. I had lost £37,000.
I’ve since had around £3,000 back from the bank, but I don’t know that I’ll get any more. I never thought I could be manipulated in this way. I am so angry to think I could have fallen for it, but also that someone could be so cruel.
I consider myself to be sharp and savvy, and more technologically advanced than many of my contemporaries. I’m in the lucky position of not being left destitute by what happened, but if it happened to me, it could happen to others far worse off.
“I’m quite tech savvy – this has never happened to me before”
Harry Locke, 24, is aPR executive from London.
I had made a restaurant reservation, so when I got a call purportedly from someone at the restaurant who had allmy booking details, I didn’t think anything of it. They said they needed to pay me back my £20 deposit.
The voice on the phone was a young-ish man who was very friendly. I should have flagged it in my mind, but he sounded so genuine, so I went along with it. What I didn’t know was that the restaurant’s database of contacts had been hacked.
I gave him my card details – everything except the security code – and hesaid the deposit would be refundedand confirmed by email. Then he hung up.
Twenty minutes later, I got a phone call from someone who called themselves Sarah from Lloyds Bank. She started by saying: “We think you may have had some fraudulent activity on your account.” I instantly knew it hadbeen the restaurant reservation, soI was on high alert.
She was really friendly and seemed normal, but it got sketchier as we carried on talking. Then she said I had to carry out a “security check”, which involved reading out a code that would be texted to me. At this point, alarm bells should have been ringing – especially as she had called from a mobile number – but I was panicked and so Icomplied.
What had happened is the male caller had used my card details to make a payment of £369, and the woman caller pretending to be my bank duped me into authorising that purchase bygetting me to reveal the one-time-password [that the firm he had made the payment to had] texted to me.
She said she would cancel my card and the call cut out. I couldn’t get backthrough when I called the same number, and so knew that was part ofthe scam as well. Luckily, my bank cottoned on; when I called Lloyds directly, they were able to reverse the payment and I got the money back.
Interview by Abigail Buchanan
Have you been a victim of fraud? Let us know in the comments below
