Fraud Scams etc

Fraud, it’s big news at the moment and seemingly, far too many people are falling for it hook line and sinker.

Almost exclusively, most of the fraud or scams that present to me, are by phone. I can literally go weeks without any scam texts and then like a couple of weeks back, I was getting 2 or 3 scam texts a day, mostly parcel delivery and banking scams. So my immediate action, is to just block the number and delete. My Wife and I now always make a joke everytime one of us gets one of these scam parcel delivery texts, both egging each other to click on the link.

Scam phone calls. Very often, the phone will just ring 3 or 5 times and then ring off, no voicemail, no follow up text. There was one exception a couple of weeks back, I actually had a voicemail left, a rather robotic voice threatening me with bailiffs and a Court appearance. It was almost laughable listening to it!

I have Silence unkown callers activated on my iphone, so I just get a notification that there’s a missed call. I then block them, simples, done. I also have an Android phone which unfortunately, doesn’t have the silence unknown callers feature. Some calls Google recognises as known scam numbers and the number doesn’t get through anyway, but mostly, my phone will ring and I just ignore, block and delete.

I guess one of the biggest problems is, lots of people just cannot ignore a telephone call, and this is clearly a big problem for many. Answer it, and all of a sudden, it’s your bank, or someone claiming to be from your bank and then financial pain ensues. I just take the view that none of my banks will attempt to call me by telephone, and even if they did, I wouldn’t answer the phone anyway. They all have my email address or they can leave a voicemail or a text and from there, I will then evaluate and if necessary make immediate contact completely independently from any said message.

Let’s be clear, scammers, fraudsters, whatever name we give them, are little more than pathetic scumbags who leech off the vulnerable and those genuinely caught in an off guard moment. But in any case, anyone who gets a telephone call advising them to deposit their entire bank account somewhere else, should be thinking to themselves ‘Is this normal?’ I don’t care if someone on the other end of a phone tells me to check the telephone number on the back of my bank card matches what’s on their caller display because undoubtedly, it will be spoofed anyway.

So to sum up from my own position, if your number isn’t in my contacts list, you get ignored and blocked.

How do contributors here deal with different types of fraud activity however it presents itself?

I deal with this type of thing at work. In my experience, everyone is susceptible to these types of scams. If the scammer catches someone in the wrong mood - tired, upset about something, etc. - then they’re half way there. Scam emails and texts always contain some kind of call to action, and usually there’s money involved, or they use emotion or create a sense of urgency.

The main advice I give people is not to act quickly. Think about the message you’ve received, speak to colleagues or friends (depending on the circumstances) to get their opinions and don’t respond straight away. Often, just leaving some time to let things sink in is enough for your brain to come up with the rational conclusion that it’s a scam attempt.

It’s very difficult to teach people to be critical thinkers. In short, never respond quickly and always get someone else’s opinion.

Nine years ago, I was a victim of identity theft. I’m naturally suspicious anyway and I check my bank accounts every day. I discovered several 1pence withdrawals from my then Lloyds account and I immediately twigged something was wrong. It turned out someone had attempted to take out several loans in my name, two of which were successful.

Upshot was, I immediately reported the whole incident to ActionFraud, got a case number. The two companies affected by the theft of money taken out in my name absolved me of any liability because I was fully able to prove it wasn’t me. With one of them, I asked for the bank account and sort code of the account they had paid the money into. Of course they were not forthcoming, especially as I’d approached the whole fraud forensically from the outset.

In the end, I lost nothing, even the few pennies pinched from my account were returned. I’ve not had any issues since and it never once affected my credit rating.

Most people think they are immune from these scams. And most are right. Not always, though.

Carlisle ex-police officer ‘devastated’ by £3k Royal Mail scam Carlisle ex-police officer 'devastated' by £3k Royal Mail scam - BBC News

I saw a similar story a few weeks back involving an ‘ex police officer’, which indeed he was, but the gentleman concerned was in his late seventies I think and he had been in the police service in the 1960’s. A lot has happened from the 60’s to the 2020’s.

If anyone falls for this sort of scam, I fear for their ability to generally function as a human being!

image1284×825 97 KB

That’s certainly one of the worst attempts I’ve seen! The frightening ones are those that are almost impossible to tell apart from a genuine RM text. And it doesn’t help that companies like Royal Mail use daft, scammy looking short URLs for their genuine communication. I think that companies should get one domain and stick to it. How the hell are technologically vulnerable customers supposed to figure out that something like ryml.me is genuine but royalmailgb.app is fake (I’d have guessed, if I had to choose, that the second one was legit, but in fact the latter has been previously used for these types of scams).

I posted this screenshot on the thread about this over on the Monzo forum, but I’ll add it here as well because it’s so stupid… Here is a Tweet from Royal Mail warning about a scam that was doing the rounds, with a call to action to view more details at their super sketchy looking short URL

C928A721-E804-48D8-AE0C-978D36B774FB828×236 86.2 KB

Just lately, anything I’ve ordered where delivery is effected by Royal Mail, the Royal Mail app has notified me about the impending delivery. I appreciate that’s all very well and good for tracked items, but I know when I’ve ordered something and so the scam texts sent to my phone never fazed me because I knew they were BS.

All that aside, it’s fact that Royal Mail will post a card through the door if there’s a genuine missed delivery. I haven’t come across a single incident yet whereby I’ve missed a delivery and had a fake Royal Mail card shoved through my door directing me to a fake Royal Mail delivery office.

There is a school of thought that says that some of these scams are deliberately dumbed down, because they only want the dumbest of the dumb to apply and give them their details. See also “Nigerian 419” scams

I know it’s slightly tangential to the topic, but I try to keep an eye on this sort of thing by monitoring my credit reports from the main three CRAs and, once a year, sending a Subject Access Request (which is free) to CIFAS, National Hunter and Synectics Solutions SIRA which are the big anti-fraud agencies.

They basically return to you data on all the applications made under your name within the past year. Obviously, if one of them wasn’t you then it’s a red flag to investigate with the financial institution concerned.

Also I do check all my account transactions regularly, and watch where I use my cards. I like to use a credit card online or Cuvre, if I want to spend from my debit cards, as that way I can lock the card.

Yeah, from my CyberSec background and I’m sure it doesn’t take a degree to work this out: users are the most vulnerable point of any system

So naturally, you want to pick the most gullible users and then exploit them. Nigerian Prince scams are definitely written poorly on purpose to avoid anyone with more than several brain cells from coming into the picture, because they just waste time.

Whenever somebody says this, I think of this advert. Don’t ask me why, I remember odd things!

Prudent, I remember when my mum used to have one of those “phone cradles” for the car. She never used the phone anywhere else, either!

Fraud stuffs probably deserves its own thread, but as great as it is to help inform people of scams I don’t much appreciate how they try to shift the onus onto them. In this situation, you’d be protecting the bank from fraud, not yourself.

In that advert, and many like them, Barclays use the phrase protect yourself from fraud. But as I understand it, in that example, is it not the bank being defrauded here? They swindle you into handing over your details, fair enough, but they’ve not taken any money from you. They would then need to use that information to defraud the bank.

I’m probably reading too much into the semantics of fraud here, but the distinction matters, I think, when it comes to your ability to get your money back.

Technically, yes, but the idea of the ad was to highlight one example to prove “how easy it is to get defrauded and the need to constantly be on your guard” rather than do a kind of case study on one specific aspect of fraud.

You are right, of course, that an investigation would unearth that recording and the employee in question would be quickly exposed following an internal investigation. They would be fired, the customer would be refunded, Barclays would pay up as the customer hadn’t done anything wrong.

However, there is still an argument that even though you hadn’t caused the fraud by going along with it, you could save yourself time, energy and stress by having prevented it (not that you would be expected to or denied compensation for having failed to prevent it) so even where the bank pays up, it is better for you as a customer for it to never have happened

In the specific case, it looked like the call centre employee was already (legitimately) logged in to the customer’s account, and wanted the whole passcode as this was required to authorise actions on the account. They would do whatever the customer had asked, end the call, then stay on their account and transfer the money themselves (to probably a stolen account) via the telephone banking backend. They would then authorise said transfer with the security code they’d just obtained.

I’ve said it a few times but it amazes me how sophisticated it all is now.

Years ago when it was “ello, I am calling from your bank counter. Please give me your address postcode and bank number” it was “No, go away” type thing. It was obvious it was a scam, granted some people did fall victim to it, but it was easiest to spot for most people.

But nowadays when we’re actually more aware of the fraud, when they are getting an active card check done, so that they can call and ask you about that

“Who can possibly know I’ve just had an active card check? Me and my bank”

So I can understand why people are believing it at that stage. Then you check the number on your card matches because they’ve spoofed it. That’s two points that make it seem credible.

What I can get around is the “We’ve made you a new account and need you to transfer the money” or in the case of Monzo, forwarding on the login details.

But stress and panic makes people do funny things.

I think what the advert is trying to point out, is that even those among us who think we are immune to this type of scam, cos we’re too switched on, could fall for something as simple as that.

Truth be known though, a scammer would need a lot more than just four digits from your secret word, but Barclays are planting the seed of thought, so it gets a from me.

Probably time to create that thread now

That, above all things, explains so much behaviour that seems questionable later.

@Mathew , @Graham - any chance you can split the scam posts out of this thread and in to a separate one please as, like others, I feel it is worthy of its own thread, and has little (or nothing) to do with current thread theme .

Absolutely, and that is really the crux of it.

The scams these days all create a false sense of urgency in hopes of short-circuiting the customer’s anti-fraud thinking, basically by creating some situation which induces panic in the customer. It’s all the more insidious and cruel. As you say, it starts with elaborate groundwork in order to create some veneer of credibility. However, eventually it will go downhill into something which quite obviously isn’t right, like installing TeamViewer or sending money to a “safe account”.

I agree that’s what it is.

But they probably could perpetuate a fraudulent transfer if they were willing to use their own employee details to do so, the only line of defence would be the security code to my knowledge?