What are the threats?
It is hard to keep up with the fraudsters as they constantly develop new scams. Here are the most frequently seen types of scam for you to look out for:
Impersonation scams
Fraudsters may impersonate established companies, institutions (such as the Police) or government officials to create an illusion of legitimacy and gain your trust. These impersonators can get in touch by cold calling, creating fake websites or sending an email from a web domain with a slightly different address to its real version. For example, they may use hbsc.co.uk instead of hsbc.co.uk or barc1ays.co.uk instead of barclays.co.uk.
When these fraudsters have gained your trust, they may ask you to transfer money or hand over information which is subsequently used to commit fraud.
More sophisticated impersonators have been known to turn up at a victim’s house in Police uniform, or use the marketing material of a firm they are impersonating.
Look out for the following:
- A phone call which puts you under pressure to respond quickly.
- Poor grammar and spelling mistakes on a website or email.
- A link in an email which directs you to a dummy site - the digital equivalent of a fake shop front. It may look legitimate, but it will have fewer functions than usual.
- A website which immediately asks for your contact information. The fraudster can then use this to cold call you.
- Being asked not to discuss the episode with family, friends or known employees of the organisation they claim to represent.
Investment scams
If an investment opportunity seems too good to be true, it probably is. This type of fraud targets victims through cold calls, unsolicited texts and emails offering investment products that are either unregulated or do not exist at all.
Look out for the following:
- Cold calls, text messages, website adverts or door-to-door salesmen offering investment opportunities.
- Being offered a ‘guaranteed return’ on a ‘risk-free’ investment.
- A ‘time-limited’ investment opportunity, so you ‘have to hurry, otherwise, you’ll miss out’.
- Being asked not to discuss the episode with family, friends or known employees of the organisation they claim to represent.
Phishing, vishing and smishing
Fraudsters may use psychological manipulation to trick victims into giving up information which is later used in identity fraud. This may involve the creation of a false but plausible story, such as a phone call reporting suspicious activity on your account, or reference to a high-profile incident in the news (such as the British Airways data theft).
These scammers tend to ask for excessive information that would never normally be needed in that situation, such as passwords and personal details. The caller may start pressuring you to give up the information if you don’t immediately do so.
There are different terms for this type of fraud according to the different channels used. Phishing means the fraudster has got in touch over email, vishing is a phone call and smishing is through text message.
Look out for the following:
- Cold calls, text messages, letters or emails which may relate to suspicious activity on your account or refer to a high-profile incident.
- Grammatical and spelling errors in the correspondence.
- Being asked questions which may appear innocuous in isolation, such as providing your date of birth, address, usernames or email address.
- Being asked to confirm your password.
- Being asked not to discuss the episode with family, friends or known employees of the organisation they claim to represent.
Pension liberation scams
Since the pension rules were relaxed in 2015, fraudsters have been offering victims fake services such as free pension reviews, pension loans, or cash up front.
Look out for the following:
- Cold calls, text messages, website adverts or door-to-door salesman offering investment opportunities or legal loopholes.
- Being offered ‘risk-free’ or ‘guaranteed’ returns.
- Receiving paperwork delivered by courier that requires an immediate signature.
- Being offered proposals which suggest you invest in a single asset, rather than a diversified portfolio.
- Claims that your pension can be accessed before age 55.
- Any suggestion that your money is transferred overseas.
Malware and ransomware
Fraudsters use malware (also known as viruses, worms, and trojans) to hijack computers and steal personal information, bank details or passwords. Fraudsters trick you into installing malware on your computer by sending a link or attachment which will take over your computer on opening.
Ransomware works in a similar way, except it locks your computer and demands payment for you to regain access.
Look out for the following:
- Cold calls from individuals purporting to work for software or technology companies, saying they have identified a fault or issue with your computer.
- Emails from unknown senders that contain links to unrecognised websites, or have files attached to download.
- Pop-up adverts which offer prizes, giveaways or even malware warnings.
- If you receive an email which contains links, hover your mouse over them (without clicking). Does the address that appears match what you would expect for the company supposedly sending the email?
Steps to consider if at all suspicious
- Always try to verify the identity of the caller. If you do receive a cold call, do not return it using the number they provide. Try to find another phone number for the company or institution (ie via FCA register) and use that number to check the legitimacy of the service or product on offer.
- Refer to the Financial Conduct Authority’s (FCA) register to establish whether the company contacting you has any ‘cloned firm’ warnings in place. The register will also list a telephone number and website for you to establish whether the approach you received is genuine.
- Seek the advice of an FCA-authorised adviser who will be able to verify the offer, particularly in relation to a defined benefit scheme. For further guidance on pensions, visit the Government’s Pension Wise website.
Preventative measures
- Never share any personal details with a company or individual you can’t validate and never be rushed into making a decision, especially a financial transaction.
- Keep your antivirus and malware scanning software up to date and install a pop-up blocker.
- If a third party ever asks you to confirm your details, ask them to confirm what they already hold on file for you (or ask them to provide the first part of an address or date of birth).
- Try to keep your computer and mobile devices locked when you’re not using them.
- Install a pop-up blocker on your computer and keep all antivirus and malware-scanning software on your mobile devices and computer up to date. Software releases are often described as service and functionality improvements, but they should also correct bugs and weaknesses.
- Make sure that you can always see a padlock on your browser address bar when using the internet as this means you are a using a secure network. Using an unsecured network may allow fraudsters to steal any information you share with the website, regardless of how up to date your applications and scanning software are.
- Passwords should be unique, strong and changed frequently. Where possible, make them a unique mix of letters, numbers and characters. Never share a password in full, even to a trusted source (such as the organisation the password relates to).
- Emails you receive should be treated with caution, particularly if they are unsolicited, and personal information should never be disclosed. Also be wary of slightly unusual emails from people you do know as their email account may have been hacked.
Action Fraud, the UK’s national reporting centre for fraud and cybercrime, has categorised every type of fraud into an alphabetical list, available here: Action Fraud A - Z of Fraud.