These phishing scams are as old as the internet, yet people still fall for them every day.
The wonder of the internet is that sending hundreds of thousands, if not millions, of messages – spamming – is so cheap that it provides scam merchants with the biggest bang for the few cents they spend.
Fight back - latest on scams
The second wonder of the internet is why anyone takes any notice of what they must know by now is obvious nonsense. Why does anyone fall
for tricks which are so old they have been around the block time after time? Especially when they have been the subject of warnings online, on television, in newspapers and magazines, in mailings from financial companies and just about anywhere else you can think of.
And the third wonder is the huge amount a fraudster can make if only one in 100,000 responds.
So I write this with an air of "I know I should not have to write about this for the millionth time but if someone is doing this then it is likely there will be a victim, possibly for big money."
Phishing - the scam that won't die
The "This" is phishing - attempts by scamsters to get hold of your personal details by pretending to be your bank and claiming a security breech. Of course, they have no idea where you might bank. As a result lots of people are told that someone has their secret passwords with Barclays or Lloyds or whatever and they must contact the bank immediately or their account will be frozen or lost, even though they have never dealt with the banks in question. It's been around for years so surely everyone is aware and no one bothers to phish any more?
Wrong. This week, I received an email headed "Errors were detected on your account (Fix Now)". And it came from PayPal. Or at least that is what it said – the sender was "firstname.lastname@example.org but don't try it at home because it has nothing to do with the real PayPal.
Subject: Errors Were Detected On Your Account (fix now)
Date: Tue, 12 Feb 2013 05:04:16 -0500
Dear Valued Customer,
PayPal security team is sending you this notification message because we seem to be having errors in the proper verification of your account. This might be due to one of the following reasons:
*A recent Change in your Account Details
*An Internal error within our servers
CLICK HERE to rectify these Errors.
PayPal Online Security Team.
So I clicked on the link to rectify these Errors – although I could do nothing about the errors in the grammar and erroneous use of capitals in the message itself.
But whatever the errors were, all I got was a form to fill in. And guess what? They want to know just about everything about me other than my great-grandfather's birthplace (which I don't know anyway).
Had I filled it in, I would have handed over my credit card details - including that three figure code on the back - so they could have spent whatever they could get away with. Credit card companies are much better these days at spotting unusual transactions – so a big purchase of something easy to sell (such as high street store vouchers) or easy to cash in (such as some airline tickets) gets picked up.
But such protection is never guaranteed – nothing can be 100% secure.
Playing the odds
This is phishing. PayPal says it would never communicate in this way but at first glance it looks convincing. Now I don't have an account with PayPal. As far as possible I do not send many payments through it – I think the last time was about three or four years ago. I find it easier to pay with my credit or debit card directly.
But the phishers are more likely to catch the unwary with PayPal than by using HSBC or NatWest. It's a simple question of odds. More people
online have or have previously had some relationship with PayPal than with HSBC or NatWest or any other high street bank. In any case, the banks are really fast at removing phishing sites.
There's another organisation that is even more prominent than PayPal and far more in our minds especially at this time of year. So expect
a number of emails claiming to be from HMRC offering a tax rebate (usually around £280) in return for financial details to its "secure" site.
This seasonal activity is based on the recent 31st January deadline for tax returns, the end of the tax year on 5th April, and the interest in tax from next month's Budget.
Phishing folk seem stupid if you spot them – and yes, to forestall comments, I know it is obvious. But they will convince someone, maybe a vulnerable person, and they will get some money from this. So warn those you know both about the false PayPal and those phoney HMRC
emails that will come. HMRC has a warning about this on its website – but the problem with all such alerts is that you have to find them
before the scam merchants find you.
Thousands are still caught each month, their identities stolen and their accounts (plus credit cards) cleaned out.
- 1. Login detail theft
<span style="font-size: 10pt; line-height: 12pt;">More than 12 million pieces of personal information were illegally traded online by identity fraudsters in the first quarter of 2012 alone, according to data from Experian </span><span class="s1" style="font-size: 10pt; line-height: 12pt;"><a href="http://www.creditexpert.co.uk/">CreditExpert</a> </span><span style="font-size: 10pt; line-height: 12pt;">- outstripping the entire of 2010.</span></p>
The vast majority (90%) of this illegally traded information is password and log in combinations - a result of the spiralling number of online accounts many of us now have. Research shows the average Brit uses around five different passwords online, but with an average of 26 different accounts each – this is nowhere near enough protection.</p>
"Using a different password for each account will minimise risks, but if password information is stolen from a website, all accounts using the same details will be compromised, and this information can spread among fraudsters rapidly," warns Peter Turner, managing director at Experian Consumer Services in the UK and Ireland.</p>
Step up your account protection with this <a href="http://money.aol.co.uk/2012/10/01/how-to-protect-your-pins-and-passwords/"><span class="s1">guide to choosing a secure password</span></a>.</p>
- 2. Flexible friend fraud
<span style="font-size: 10pt; line-height: 12pt;">Credit and store cards continue to prove particularly attractive to fraudsters and 2012 year has seen 73% surge in the takeover of plastic card accounts by criminals with nearly one quarter of all identity frauds, and 36% of all account takeovers, taking place on these cards.</span></p>
Richard Hurley, communications manager at CIFAS explains the threat: "Whether it is through using an innocent party's details to open a new account in the victim's name, or hijacking the victim's details and taking over existing accounts, the modern fraudster will continue to pay specific attention to credit and store card accounts as an easy way of obtaining funds and goods, while leaving someone else to pick up the bill."</p>
Be vigilant with your cards and follow our tips to <a href="http://money.aol.co.uk/2011/11/25/how-to-shop-safely-online/"><span class="s1">protect your plastic through safe online shopping</span></a>.</p>
- 3. PPI scam
<span style="font-size: 10pt; line-height: 12pt;">As if the mis-selling of payment protection insurance (PPI) wasn't scandal enough, 2012 has seen fraudsters preying on PPI victims. Consumers have received phone calls from someone who knows their name, announcing that they have won their PPI claim. The caller may also know the lender's name and an estimate of the loan amount.</span></p>
<span style="font-size: 10pt; line-height: 12pt;">However, the caller will then request a payment from the consumer in order to receive their compensation. This should signal warning bells, but many innocent victims have fallen for the scam and parted with money only for the bogus firm to disappear with their cash, and of course the compensation that never existed.</span></p>
Consumers should be wary of all cold calls, particularly those that request cash upfront. There is no need to pay to make a claim for mis-sold PPI – you can claim direct to your bank for free and receive free advice from debt charities like Citizens Advice and the Consumer Credit Counselling Service.</p>
<span style="font-size: 10pt; line-height: 12pt;">If you do choose to take on the assistance of a claims management firm – never agree to an upfront payment. Reputable firms will only request payment for their services once you have received your compensation from your lender either by cheque or by payment into your bank account.</span></p>
- 5. Online banking fraud
<span style="font-size: 10pt; line-height: 12pt;">Phishing – when an unsolicited email arrives in your inbox requesting details to your personal accounts – continues to rise, leading to a surge in online banking fraud. Online banking fraud losses totaled £21.6 million during January to June 2012, according to CIFAS - a 28% increase on the 2011 half-year figure.</span></p>
The emails trick customers into visiting fake banking websites – often made to look startlingly similar to the real thing - and disclosing their online banking login details. Online banking customers are also being tricked into divulging their bank login details and passwords over the phone to someone they believe is from their bank but is actually a fraudster.</p>
The key point to remember is that banks will never contact you by phone or email and ask you to disclose your details, so always beware correspondence of this nature. Consumers should also be cautious of emails purporting to be from government bodies such as HMRC, or other financial accounts, such as Paypal.</p>
- 6. London 2012 Olympic scams
<span style="font-size: 10pt; line-height: 12pt;">There were over 50 different scams known to the 2012 Olympic Committee, with fraudsters cashing in on the good-natured spirit of the Games and nationwide scramble for tickets. The vast majority of scams took the form of phishing emails – purporting bogus job offers; prize draws; lottery wins and complimentary tickets – all with the sole purpose of duping consumers into sharing personal details or parting with cash in order to claim prizes.</span></p>
Official tickets for the London 2012 Games were only available for purchase through the London 2012 website and appointed ticketing partners, so any other sources were offering fake or non-existent tickets. As for competition prizes and lottery wins – consumers should remember that it is impossible to win a competition or draw that you did not knowingly enter and that if a prize seems too be good to be true, it probably is.</p>
- 7. Caps on cover
<p>Insurance is an incredibly complex area of personal finance and different forms of cover are riddled with different hitches that make it crucial to read the small print. Failure to do so could lead you to pay for a product you would be never be able to claim upon, or unknowingly do something that invalidates your claim.</p>
<p>Always buy the right level of cover for your needs and pay close attention to any exclusions in the policy wording. For example, many travel insurance policies for winter sports won't pay out for treatment of injuries incurred while under the influence of alcohol.</p>
- 7. Charity donation fraud
<span style="font-size: 10pt; line-height: 12pt;">Surely the lowest of the low, charity donation fraud – when fake charities play on our sympathy by requesting donations to a worthy cause – is on the rise. Donation requests come in the form of unsolicited emails; phone calls; house visits or being approached in a public place. In many cases, donation requests are linked to a high-profile event, such as Hurricane Sandy that wreaked havoc across America last month.</span></p>
Either the charity that the fraudster has asked you to donate to doesn't exist, or they are misusing the name of a genuine, often well-known, charity and pocketing your money.</p>
<span style="font-size: 10pt; line-height: 12pt;">Don't let fraud risks put you off donating – just make the necessary checks to ensure your money is going to the intended cause. Genuine charities are registered with the Charity Commission and print their registration details on all documentation, collection bags and envelopes, so check these details exist and if in doubt, contact the Charity Commission to confirm that they are authentic. Call the helpline on 0845 300 0218 or check the online charity register by visiting </span><a href="http://www.charity-commission.gov.uk/" style="font-size: 10pt; line-height: 12pt;"><span class="s1">charity-commission.gov.uk</span></a><span style="font-size: 10pt; line-height: 12pt;">.</span></p>
- 8. Cash claw fraud
<span style="font-size: 10pt; line-height: 12pt;">Cases of cash machine fraud, where a device is used to trap money inside the ATM machine, have increased more than 15-fold in London in the past three months. Reported incidents have risen from 150 across the UK in May, to 2,500 in London alone in August, according to figures from Link and London's Dedicated Cheque and Plastic Crime Unit (DCPCU).</span></p>
Criminals insert a device called a cash claw behind the guard on the cash drawer of an ATM. The device is undetectable to the public, who use the machine as normal until their cash fails to eject.</p>
"The machine goes out of service and then the criminal comes along, forces open the drawer using a pair of pliers or a screwdriver, forces the device out of the cash machine, bringing the customer's money with it," explains Detective Chief Inspector Dave Carter, head of the DCPCU.</p>
Customers are advised to immediately report any banknotes undelivered from cash machines.</p>
- 9. Land banking
<span style="font-size: 10pt; line-height: 12pt;">Rogue property developers selling land that they claim has great investment value, when there is little or no chance of it ever being developed, are on the rise again this year. Investigations have lead to a number of convictions in 2012, yet consumers are warned to be remain wary of this big money scam.</span></p>
Land banking involves plots of land offered for sale, often online, with the promise of sizable returns when planning permission is approved for housing or other development. Yet often the land is located in areas protected from development by planning law.</p>
<span style="font-size: 10pt; line-height: 12pt;">The companies involved soon disappear with investors' money and as the firms are not protected by the Financial Services Authority, their funds are not covered by the Financial Services Compensation Scheme.</span></p>
- 10. Asda/Tesco voucher scam
<span style="font-size: 10pt; line-height: 12pt;">In October, PhonepayPlus (the UK's premium rate telephone regulator) fined two firms a total of £450,000 for running a series of voucher scams on Facebook.</span></p>
The scams, which claimed to offer free vouchers and supermarket gift cards for Tesco and <span class="s1"><a href="http://www.asda.co.uk/">Asda</a></span><span style="font-size: 10pt; line-height: 12pt;">, resulted in members of the public signing-up for expensive premium-rate phone services.</span></p>
The scams relied on Facebook users innocently sharing or liking the voucher promotions on their status, which included the promise of a voucher worth up to £250 for major retailers. After clicking on the promotion consumers were duped into participating in premium rate competitions, which involved questions sent to their phone at a cost of £5 each.</p>