Fraud is the biggest threat to our personal finances.
Some £11 billion of fraud was committed in the last year – £210 for every person over age 16. Fraudsters, using the twin forces of slippery spiel and wizardry of the internet, currently hold the upper hand, stealing money indiscriminately from victims.
In a four-page special report, The Mail on Sunday explains how you can protect your finances from fraudsters and cyber criminals.
Warning: Alison Havercroft’s father was defrauded after being cold-called
DAD LOST £20,000…WHAT THEY DID TO HIM WAS AWFUL
Alison Havercroft recently discovered her elderly father was defrauded out of more than £20,000 after being persuaded to buy bogus shares and land in Bulgaria.
Her father Gordon was cold-called and persuaded to invest via a company called Chelsea Management Group – a name the sham company probably hoped victims would confuse with the legitimate and regulated broker Chelsea Financial Services.
Its ‘employees’ tried to swindle a further £100,000 from Gordon, at which point he became suspicious and contacted the police and his bank. Neither could help recover the money lost.
The scam dates back to 2006 but only came to Alison’s attention last month. While visiting her parents she handled a call on Gordon’s behalf from a company offering to buy the worthless shares from a decade ago – itself another fraud.
Alison, 59, who lives in Chalfont St Peter in Buckinghamshire with her husband and son, says: ‘That was the first I heard about the shares.’
She asked the company to send further details, which it refused to do but followed up with emails and calls. After learning more about her father’s original investment, and researching the latest company to call, she realised it was a scam.
Alison says: ‘These terrible people prey on the elderly. How they operate is disgusting. People need to be sceptical.’
The scams: The fraudsters promote unbeatable investment opportunities and claim to work for a company with a proven track record and high calibre credentials.
The scams centre on the sale of shares, land, precious gems, wine and art that are either worthless or non-existent.
Often the fraudsters cold-call victims and build a rapport over several weeks or months – backed by a legitimate-looking website and convincing marketing literature.
Eventually, the hard sell comes and victims are put under pressure to get involved or lose out on the chance of high returns from a winning investment.
Once money is handed over, the criminals often come back to say the investment is performing well but more money is needed to inflate returns further.
But once every penny is squeezed from investors, the fraudsters disappear with the money, stop responding to calls, or simply declare the investment has failed.
According to City regulator the Financial Conduct Authority, victims of such investment fraud lost an average £32,000 last year.
How to avoid them: The regulator is urging investors to better research companies they trust with their money.
Its ScamSmart campaign aims to protect those most at risk of investment fraud – the over-55s.
The latest phase of this campaign, to be rolled out this week, concentrates on the need for The watchdog’s research shows more than half of over-55s who invest in financial products do so alone without any input from family or friends. This is despite the fact that a fifth of people over 55 have been targeted by an investment scam in the last three years, rising to a third of over-75s.
Tony Neate, fraud expert and chief executive of Get Safe Online, says: ‘Get someone else involved. You need a third party perspective because cold-callers are so convincing. Someone else might identify a clue to a scam, such as a company based in a different place to where it claims to be calling from, it having no landline contact number on its website or no physical address.
Outraged: TV’s Nick Hewer is backing ScamSmart
‘If someone is claiming to work for a company that handles millions of pounds worth of investments they should be operating out of a real property and registered address.’
Check the regulator’s warning list to find out whether an investment could be a scam. Visit scamsmart.fca.org.uk. It is common for fake companies to mimic the names and websites of genuine firms with only slight differences. So match names and business contact details carefully if using the financial services register to check a firm. Visit register.fca.org.uk.
TV presenter Nick Hewer, who is supporting the ScamSmart campaign, says: ‘I am outraged at the persistent threat investment scams pose on society, especially those over 55 who are the prime target. The amount of money being lost by victims is worrying. If you are contacted by someone offering an investment out of the blue, just put the phone down.’
The scams: Your account may be hacked into and money withdrawn – as was the case for 9,000 customers of Tesco Bank last month. Alternatively, your debit card could be cloned at a dodgy cashpoint with a camera, or ‘shoulder surfer’ standing behind you in the queue, watching you enter your PIN.
Whichever route fraudsters take, the outcome is the same – money is stolen from your bank account. But it is important to know the methods used.
One of the biggest threats comes from phishing, vishing and smishing – the buzzwords for scam emails, calls and mobile text messages.
With emails and texts, clicking or tapping on any suggested links you think are from your bank can lead you to an unsafe webpage that asks for personal details. These can be used to gain access to your account or can download ‘malware’ on to your device – computer software allowing criminals to ‘read’ log-in details when you access an account.
Lawbreakers who call will spin a story about security problems with your account, take you through official-sounding steps to confirm your identity and protect your money, but will ultimately convince you to surrender a password or transfer money to a ‘safe account’.
Even if the name of your bank appears on your mobile screen during an incoming call, you cannot trust the caller is genuine.
This is because of ‘telephone spoofing’. Criminals use internet software so the number showing up on screen looks to be from your bank. This instils trust from the outset and means you are more likely to comply with a caller’s requests.
How to avoid them: The way people make payments from their accounts will soon undergo the biggest change in 60 years.
Panic: Personal Finance Editor Jeff Prestridge received a demand from ‘HRMC’, below
THIS THREAT FRIGHTENED ME (AND IT’S MY JOB TO WARN ABOUT THEM)
Writing warning articles about fraudsters sending emails in the hope of persuading you to part with details allowing them to empty your bank account is something we do for a living. ‘Ignore them,’ we cry. ‘Don’t open them.’
But when I recently received one of these so-called phishing emails, I was panicked. Could this be a genuine email from Revenue & Customs? It was a request for unpaid VAT of £19,923.14.
Although I have never had the need to be VAT registered, I was flummoxed on several fronts. First, the email had managed to get through the company’s stiff security measures designed to block fraudsters. It was the first one I had received in a long time. Secondly, I was frightened by the threat that failure to act on the email would result in the £19,923.14 being taken from my bank account in three days’ time. Money I don’t have. This Christmas would have been cancelled – and many more to come.
In sheer panic, I foolishly opened the email attachment – and shut it straight away.
I then began to spot discrepancies in the email. For example, HM Revenue & Customs was referred to as HRMC, not HMRC.
The language used was rather staccato, indicating that it might have been constructed by fraudsters operating from abroad. A phone call to Revenue & Customs confirmed my suspicions. It said it would never ask customers to open an attachment as the email wanted me to do.
It also said it would never put a figure in an email detailing how much someone owed in tax. All emails it sends cannot be replied to and are sent from firstname.lastname@example.org.
On Friday, Revenue & Customers said it was slowly winning the war against the phishing criminals. Some 14,000 fraudulent websites have been taken down this year while more than eight million phishing emails have been blocked in the last year. It urged anyone in receipt of a suspicious email purporting to be from Revenue & Customs to forward it to: email@example.com. For details on online safety, visit getsafeonline.org.
Thankfully, the company’s IT experts confirmed no bug had entered my computer. But never again will I be momentarily fooled. I will merely hit delete.
Regulators, banks and consumer groups are proposing a new safeguard called ‘confirmation of payee’. People who send payments to another account will be forced to double-check a recipient’s details, including their name rather than just account number and sort code, before any money is transferred. The timeline for introducing this – and a ‘request to pay’ feature allowing customers to approve direct debit payments before money leaves their account – stretches to 2020. For better protection now, check bank statements for suspicious transactions so you can act quickly if anything is amiss. Shred any personal information sent by post.
There is little you can do if a hacker has broken into your account – which can happen regardless of whether you bank online or not. Your information is stored digitally even if you do not transact that way.
If the bank is responsible for a hack-attack you will be refunded. But you are more vulnerable if you lose money to one of the ‘ishing’ methods – phishing, vishing and smishing. Never trust that an email or text claiming to be from your bank is genuine without checking and do not click or tap on any links. Open a new window on your internet browser and carefully type the real website address for your bank and log in to your account this way.
If someone on the phone is claiming to be from your bank, think twice. Do not agree to transfer money and do not share any passwords or debit card PINs. Your bank will never ask for a PIN or for you to transfer money to a ‘safe’ account. Neate says: ‘Use strong passwords and different ones for each account, install security software on your computer and update apps on your smartphones.’
The scams: Since new pension freedom rules in April last year – allowing the over-55s greater access to their retirement funds – fraudsters have been handed fresh opportunities to swindle millions of pounds from pensioners.
Scammers start their cash trawl with convincing cold-calls, texts and emails, often supported by realistic websites and brochures – all making tempting offers from ‘free pension reviews’ or ‘healthchecks’ to ‘pension loans up front’ and investments with high returns or cashback.
The smooth sales patter often involves a warning that investors should act fast not to miss out. Sometimes they arrange for courier firms to pick up completed pension transfer forms.
Pension firm Phoenix, which has prevented £30 million of fraud being committed on customers over the past four years, says fraudsters use a box of tricks to tempt potential victims.
FOUR KEY MESSAGES TO STOP READERS FALLING INTO A TRAP
T – TELL
Fighting fraud will only ever be successful if you spread the word – warn your family and friends by discussing and highlighting common frauds. If you have lost money to a scam, tell Action Fraud too. Run by the City of London Police, it collects information to help build an overall picture of fraud in the UK, which it can use to better inform the public. And let your bank know as soon as possible in case it can help recover money from a criminal’s account.
R – RESEARCH
Never be put under pressure to invest, transfer or withdraw money quickly and without consideration. Research investment opportunities and companies that offer them using reputable advisers and the internet. Stop to think what a caller is asking of you too – and take the time to consider whether a legitimate firm or bank would ask for those details.
Seek advice from all sources – family, friends, experts and the internet. Ask questions of the caller too. For advice contact Action Fraud on 0300 123 2040 or visit actionfraud.police.uk
P – PROTECT
Keep computers up to date with anti-virus software and update smartphone apps. Try not to reveal too much personal information on social media – such as birthdays and a home address. And the best way to protect your money if called out of the blue about banking security or investment deals is to hang up and make checks. Find a wealth of useful information from official websites getsafeonline.org and cyberaware. gov.uk.
These include preying on fears about low interest rates, the importance of diversifying portfolios, not trusting the big banks and unpredictable stock markets creating ‘high’ demand for alternative investments.
Schemes used to lure the unsuspecting include investments in hotel developments in Cape Verde, forests in Costa Rica, betting on Australian corn futures and dubious green energy projects. Other exotic offerings feature fine wine, storage pods, burial plots, truffles, syndicate betting on football matches and even German listed buildings. They all have in common high charges, no regulatory protection – and little or no chance of an investor being able to cash in the investment.
In many cases the underlying investments are next to worthless or do not even exist. To rub salt into the wound, any transfer made from an existing pension may be unauthorised and result in a tax charge of up to 55 per cent on money that later disappears.
Some fraudsters pass themselves off as working for official organisations, such as Pension Wise. The problem has become so severe – with 250 million cold-calls a year – that the Government has now announced a ban on pension cold-calling.
But this will take months to put in place, giving conmen a window of opportunity to make hay before the legislation bites. Philip Kline, of Phoenix, says: ‘We expect scam text messages and emails to increase following the ban.’
Darren Cooke, director of Red Circle Financial Planning, was behind a petition that encouraged the Government to end the cold-calling scourge. He says: ‘The Government claims £20 million a year is lost in pension scams, but I say add a nought to that figure and you are closer to the truth.’
Duped: Joanna Coull was told she was owed a refund
MoS HELPS VICTIM JOANNA AFTER BROADBAND CONMAN TRICKED HER INTO PAYING OUT £7,800
When Joanna Coull finally got her broadband to work after three weeks without it, she was relieved if still a little angry. As a financial adviser, the internet and email are essential tools in communicating with clients.
When she was then told she would be compensated for all the inconvenience she had suffered, she mellowed somewhat.
But Joanna, who lives near Taunton in Somerset, was about to fall victim to a scam costing her £7,800.
Only after The Mail on Sunday’s intervention last week did Joanna’s bank agree to refund her the money she had lost.
The fraud’s beginnings go back to last month when Joanna’s broadband stopped working. She reported this to Utility Warehouse which arranged for someone from BT to visit to sort out the problem.
Utility Warehouse’s selling point to customers is that it will arrange all their utility suppliers – gas, electricity, telecoms and broadband – thereby cutting out the hassle of shopping around.
The first BT engineer that came left bemused. A week later, a second one discovered a fault on the line and seemed to have resolved the problem.
A week later someone saying they were from BT – the same person who had called Joanna on the day of the second appointment confirming she would be at home – rang stating he needed to test the speed of her internet.
Joanna obliged. She was directed to a BT wholesale broadband performance test website where she was told her internet speed could be monitored. By logging into something called ‘TeamViewer’, the person on the phone was also able to look at the speed test.
Next morning, the same person rang again and another test was conducted. In doing this Joanna was directed to a page indicating she was eligible for a Utility Warehouse refund of £173.
The caller then directed her to what she thought was Utility Warehouse’s home page and a link called ‘claim a refund’ (no such link is on the official home page).
The caller indicated that the compensation could already be in her bank account. Clicking through to her NatWest account via what she thought was an official Utility Warehouse page, she discovered that £9,000 of compensation had been credited – not £173.
The caller said there had been a ‘huge mistake’ and that he would lose his job if the overpayment was not returned.
She was asked to refund £7,800 which she did.
When Joanna checked her account soon after, the £7,800 had been taken but the £9,000 credit was nowhere to be seen – the bank statement she had initially seen had been doctored. She had been robbed of £7,800.
After The Mail on Sunday requested the bank to investigate, it refunded the £7,800 as a ‘gesture of goodwill’.
Utility Warehouse said it was ‘sorry’ about Joanna’s ‘distressing experience’.
It said it was not to blame and that her data must have been accessed from BT Openreach. It added: ‘We have raised this case with TalkTalk, our wholesale broadband provider, and BT Openreach as a matter of priority so that they can identify the criminals who carried out this scam.
‘We note the telephone number from which Ms Coull was called is marked as “dangerous” on number checking website: http://who-called.co.uk/Number/02032390763. So it appears this has happened to other customers on the BT network.’ Joanna says: ‘This has been a nightmare experience. I know other people have not been so lucky.
‘I am so grateful for the intervention of The Mail on Sunday and to NatWest for coming up trumps.
‘It is so important that no one else goes through what I did. I had no idea that when I opened up TeamViewer on my computer I would ultimately be giving fraudsters access to my bank account.
‘As I went into my online banking through NatWest’s security process, I assumed my account was secure. It wasn’t. These fraudsters are so sophisticated. They copied my account details and made fraudulent entries making me believe that £9,000 had been deposited in my account.
‘What I have learnt is that you should never transfer large sums of money without checking with your bank.’
See BT’s warning at: home.bt.com/lifestyle/money/money-tips/beware-the-new-breed-of-computer-takeover-scams-11364015789542.
How to avoid them: Key terms to set alarm bells ringing include:
PENSION UNLOCKING – If someone calls out of the blue promising to help you ‘unlock’ your pot before the age of 55 it will be a scam.
QROPS – Qualifying Recognised Overseas Pension Schemes. These can be legitimate schemes set up to transfer pension money overseas, such as when someone retires abroad. But increasingly they are used to swindle pension savers out of their money. Darren Cooke says: ‘Walk away if you see any mention of this type of pension, particularly if the firm is based in Portugal, the Cayman Islands, Malta, Gibraltar and the Isle of Man.’
SSAS – Small Self Administrated Schemes. There has been a sharp rise in scammers attempting to switch people’s pensions into fraudulent single member SSAS plans, a type of pension that allows a greater choice of investment.
The sales pitch is that savers can get ‘cashback’ or a ‘non-repayable loan’ but this is an unauthorised payment that will attract a tax charge.
If you have any doubts about the authenticity of a caller contact The Pensions Advisory Service at pensionsadvisoryservice.org.uk or Pension Wise at pensionwise.gov.uk.
Also contact your pension provider, especially if you have triggered a transfer but have changed your mind – it may be possible to stop it.
Pension decisions are vital to get right. Consider contacting a professional financial adviser with pension experience. Find one through unbiased.co.uk, vouchedfor.co.uk or thepfs.org.
The Personal Finance Society has launched a campaign involving its 36,000 members taking a leading role in stamping out fraud. Keith Richards, chief executive, says: ‘Personal finance professionals are better placed to spot scams so we are asking members to spend 15 minutes each month to help identify and report potential scams.’
If you think you have fallen victim call Action Fraud on 0300 123 2040.