Financial crime is estimated to cost the legitimate UK economy £6,000 every single second, which equates to an unbelievable £193bn per year. While fraud isn’t new – we’ve all had the suspicious emails and texts about orders we’ve never placed, although some of these are getting increasingly harder to spot – the pandemic has changed the way we live and this has created new opportunities for fraudsters. More people are going online for their shopping and banking needs and are relying on home deliveries, some people are feeling isolated and lonely and some are worried about money, which is why purchase fraud, romance fraud and investment fraud are so common in 2021.
We spoke to Sam Ryan and Mike Lea-Smith at Virgin Money to find out more about the most common types of fraud and for tips on how you can stay safe against scams.
Sam works to drive Virgin Money’s culture around cyber security and ensures informed decisions are being made about the way developments in this area affect Virgin Money. The ‘bad guys’ will always try to get one step ahead of the bank’s security, so it’s important to face the myriad of global cyber threats by focussing on the right security defences to protect the bank and its customers.
Mike’s job is to translate what is often perceived as complex subject in fraud into something simple, highlighting to both customers and colleagues the most common types of fraud witnessed by our organisation and how best to avoid falling victim to them. Mike provides specialised training sessions for individual teams across the organisation as well industry specific threat avoidance sessions for external clients, such as the NHS.
1. What are the main types of fraud people should be aware of?
Mike: The main types to look out for are:
- ‘Safe account’ fraud
- Where a criminal contacts you pretending to be from law enforcement (police or national crime agency) or your bank and tells you they are conducting an investigation and need you to move your money. The “safe” account is often held at a different bank.
- Investment fraud
- This is usually done via cloned websites, which are hard to detect and are mirror images of their genuine counterparts. Crypto assets have also featured heavily. These are not a regulated investment product (even in legitimate circumstances) and are flooded with rogue traders and fake crypto exchanges.
- Romance fraud
- People striking up fraudulent relationships with people through dating websites, Facebook, LinkedIn, even some online scrabble games.
- Purchase fraud
- Advertise goods that don’t exist and ask for direct bank transfers via fast payments to secure items such as puppies, cars and even advances for rental properties. It’s expected that given the continuing uncertainty around overseas summer holidays and a surge in demand criminals will capitalise on this more this year than they have ever before with people desperate to secure accommodation at home and abroad.
- ‘Impersonation’ fraud
- This means emails and messages impersonating trusted authorities and well-known brands. The most impersonated brand online at the moment is actually Microsoft, closely followed by PayPal, because their services are ubiquitous, but there’s also been fraud around the NHS, HMRC and other trusted organisations. Typically, the emails link to a fake log-in page and ask you to enter your username and password. Criminals will then use this to steal information or try the same password to access other things like your bank account (this is why you should never, ever recycle passwords!).
2. Why do you think fraud has risen so much in the past year?
Mike: The pandemic has distracted everyone over the last 18 months, and distraction is one of the key weapons for fraudsters. When you combine this with an influx of funds from the treasury via support schemes, such as furlough and bounce back loans, it’s easy to see why fraudsters have pounced to seize on this perfect storm.
Sam: The lockdowns have been hard for many people, making them more susceptible to scams. People who’ve experienced loneliness during lockdown have been more successfully targeted by romance scams, while many who’ve lost income or been more worried about finances have been lured by money-making schemes promising great returns.
3. Who is committing much of this fraud?
Sam: Everything from individuals to organised criminal groups (OCGs) and, sometimes, nation states. Cyber-crime is much easier to accomplish now: many cyber-attacks and scams can be automated with software, so there’s less need for technical skill. It’s a global issue - a lot of the money made from cyber-crime is used to fund other crime such as drugs, people trafficking and counterfeit goods.
4. What’s the difference between fraud and a scam?
Mike: The key difference is that a fraud can be with or without participation of the victim, whereas a scam more often involves the manipulation of the victim into doing something, like buying fake goods or sending money to safe account. Typically, with a fraud, victims are completely unaware they have been defrauded until their card stops working, or they notice an unusual debit from their account. With a scam, the victim is normally caught up in a fake call from their bank, an investment opportunity, or the purchase of goods from a fraudulent or fake seller. With a scam, there is a greater amount of involvement of the victim as the criminals will do their best to get the victim to process the transaction themselves.
5. How can I spot scams and avoid them?
Sam: It’s important to understand that everything, and I mean everything, can be faked. Whether it is websites, text messages or online ads and social media profiles, criminals have the tools to make their copycats look professional. Forming good security habits to keep your information safe is the best way to avoid trouble from the outset:
- Think twice about any message or call that’s unexpected, especially if it makes worrying claims. Criminals know that if they say someone has access to your account, for example, it’ll cause panic, which is when people are more susceptible.
- Don’t click links in emails or texts unless you’re sure they are genuine. Virgin Money’s emails will never link to pages that ask for passwords or account details. It’s a good general rule to go to the site from the search engine if you need to log into an account.
6. What are some of the cleverest scams you’ve seen recently?
Mike: Remote access scams. This is where you are contacted by someone claiming to represent a genuine company, often a telecoms or broadband provider. They will tell you there is a problem with your internet or that you’ve been hacked and to help resolve the issue they need to install a remote access piece of software such as TeamViewer. The criminal will then say they have fixed the issue and ask you to check everything is working or to check that a goodwill gesture payment has credited their account as a result of this technical issue. There will be some claim of a mistake around the supposed goodwill gesture payment that ends with the customer having to send money (to the scammer’s account).
Sam: Number spoofing is a big issue, where the caller ID is spoofed to look legitimate (from your bank, HMRC, someone you know and trust etc). This technique means the message drops into the same thread as genuine ones. Similar impersonation is possible with email. There are initiatives underway to find solutions to the number spoofing problem, but in the meantime it’s best to think twice about any message you didn’t expect or ask for.
7. What are the tell-tale signs of bank account fraud?
Mike: I’d watch out for the following as the main signs:
- Being rushed into doing something.
- Being told that your account is at risk or that you owe tax to HMRC.
- Being told that your internet or bank account has been hacked or is at risk.
- Being told to access your bank account.
- Being asked to read out codes sent via text message.
- Receiving a call or text from the bank you didn’t expect.
- Being pressured in to sending money.
- Receiving an electronic communication from either a personal or business contact providing a change of account details and requesting payment.
8. What should I do if I think I've been a victim of fraud? What are my rights and where can I go for help?
Mike: If you think or suspect you have been the victim of fraud, your absolute first point of contact should be your bank, as they are the only people who can stop any more activity and start the process of recovering your money. So, if you notice anything unusual about your account or activity, contact the bank immediately using the number of the back of your card. Following this, you should report the incident to Action Fraud Link opens in a new window. Customers in Scotland should report fraud to Police Scotland on 101.
It’s difficult to set out specific rights as this will depend on the type of fraud suffered. Each report of fraud is assessed on a case by case basis by a specialist who is trained specifically to investigate that type of fraud with the vast majority of cases being fully refunded.
9. What protection does Virgin Money offer to its customers?
Mike: We use industry-leading technology to protect our customers, colleagues and organisation, coupled with enhanced training across our colleague base to prevent financial crime. We have systems that conduct application fraud checks, monitor transactional activity, and even systems that monitor customer behavioural activity all geared towards keeping our customers’ money safe.
Sam: In the cyber space we monitor for web pages that are used in phishing scams. We act quickly to get these web pages removed, and encourage customers to report any they are aware of to us.
You can email us at firstname.lastname@example.org to report a phishing scam.
Mike’s top tips for how to protect yourself against fraud
- Remember, we live in an age where information about us is in the open, so we need to act with an awareness that people know more about us as individuals than ever before, most of which can be obtained with a few quick online searches.
- Never trust electronic communications, no matter how secure you think they are, when it comes to requests to make a payment or disclose sensitive information.
- Always be on guard when you receive a communication, even phone calls that you are not expecting, and hang up the moment you feel under pressure or sensitive information is requested.
- Never trust the caller ID or senders’ names on an SMS text, these are easily faked and can be very convincing.
- If someone calls you from the bank or other trusted organisation, hang up and call them back on a number you trust – genuine organisations will never mind you doing this.
- Avoid using unfamiliar retailers, especially those offering deals too good to be true.
- If buying items from eBay or similar platforms, never stray away from using the recommended payment platforms, and do not send money via FPS/BACS/Chaps to anyone in advance of seeing the goods in person.
- If you are investing, research the company thoroughly, visit the FCA website to check if they are regulated in the UK and for any warnings. You should do this every single time you are making an investment, even if it’s to a firm you have used previously.
- Do not invest in things you don’t understand. Crypto assets are not regulated and carry very little protection, they can be very volatile in price and are a favourite hunting ground for sophisticated and highly organised criminal groups so proceed with caution!