Tag Archives: phone scams

Phone Scams

Nearly 45 million received scam calls in three months

Almost 45 million people in the UK were targeted by scam text messages or phone calls over the summer, according to telecoms regulator Ofcom.

About half reported getting a scam call or text at least once a week.

A survey of 2,000 adults in September found that almost a million people had been misled by a message or a call which they received.

Text scams are most common among 16 to 34-year-olds, with two-thirds receiving one between June and August.

The elderly are more often targeted using their landlines, with 61% of those over 75 receiving a scam phone call, but all ages are at risk.

UK residents who believe they have been targeted, or are the victim of a scam, can report a text message by forwarding it to 7726 – the numbers on the keypad that have the letters for spam on them.

However, Ofcom found that 79% of mobile phone users were unaware of that service.

Scam calls should be reported to Action Fraud.

Lindsey Fussell, Ofcom’s networks and communications group director, urged the public not to reply to messages which do not seem quite right.

“Criminals who defraud people using phone and text scams can cause huge distress and financial harm to their victims, and their tactics are becoming increasingly sophisticated,” she said.

“Stay alert to any unsolicited contact. Put the phone down if you have any suspicion that it is a scam call, and don’t click on any links in text messages you’re unsure about.”

Why phone scams are so difficult to tackle

Many of us now refuse to answer telephone calls from an unknown number, for fear that it could be a scam.

And we dread receiving a text message, purportedly from our bank or a delivery firm, again due to concerns that it might be from fraudsters.

A recent report suggests that we are right to be cautious. In the 12 months to March 2021, phone call and text message fraud across England, Wales and Northern Ireland was up 83% from the previous year, according to consumer group Which?.

Which? analysed data from Action Fraud, the UK’s national reporting centre for fraud and cyber crime, and says this was the biggest rise across all types of fraudulent attacks.

It adds that the jump was fuelled by more people getting things delivered during the pandemic, which led to a corresponding huge rise in fake parcel delivery text notifications.

In these “smishing” attacks, fraudsters send a person a message, seemingly from a legitimate number, to claim that a small payment is needed before a package can be delivered. Then when you click on the link they try to steal your banking details.

Telecom firms and authorities faces difficulties

But how exactly are the fraudsters able to do this, and why is it so difficult for telecoms firms and authorities to tackle the problem?

Matthew Gribben, a cyber security expert, says that criminals are able to make it look like their phone call or text is coming from the real telephone number of a bank or delivery firm, due to continuing vulnerabilities in the UK (and other countries’) telephone network systems.

“There’s no way for the current UK phone network to guarantee 100% that the presentation number it is being told is the actual originating number – it has to take your word for it,” says Mr Gribben, who is a former consultant to GCHQ, the UK government intelligence agency.

Protocol’s problem

The core of the problem is a telephone identification protocol called SS7, which dates back to 1975. It is a little complicated, but bear with us.

SS7 tells the telephone network what number a user is calling or texting from, known as the “presentation number”. This is crucial so that calls can be connected from one to another. The problem is that fraudsters can steal a presentation number, and then link it to their own number.

The issue affects both landlines and mobile phones, with SS7 still central to the 2G and 3G parts of mobile phone networks that continue to carry our voice calls and text messages – even if you have a 5G-enabled handset.

One theory is that the vulnerabilities of SS7 cannot be fixed because the telecoms firms need to give national security agencies access to their networks, but Mr Gribben says GCHQ (Britain’s intelligence agency) can monitor communications without using SS7 loopholes.

The problem, he says, is that SS7 is still used in telecoms networks globally. And it needs to be replaced rather than patched up.

“SS7 was developed assuming there would always be legitimate activity [and] goodwill around the use of it,” explains Katia Gonzalez, head of fraud prevention and security at BICS, a Brussels-based telecoms firm that connects and protects mobile phone networks.

personal information stolen

“There’s too much legacy technology [reliant upon it] that we can’t move away from – we’re going to have these SS7 2G/3G networks for at least another 10 years.”

Jon France, head of industry security at the GSMA, the trade organisation that represents mobile network providers around the world, says that “a lot of these problems will disappear” after 5G networks have been fully rolled out. This will mean that SS7 – and 2G and 3G – can be totally replaced.

Ms Gonzalez agrees: “It took some time to understand these flaws, and how they were exploited. Now with 5G there will be security from [the centre] of it.”

However, Mr Gribben cautions that even when SS7 is replaced by something “entirely brand new and sparkling, there will still be other vulnerabilities [that fraudsters can exploit]”.

The GSMA says that telecoms firms are putting “a large amount of effort and investment” into tackling scams.

For its part, BICS is using artificial intelligence systems to try to detect and block incoming fraudulent calls and texts.

Ms Gonzalez adds the only way to prevent text message scams is to enable telecoms firms to use AI to scan texts for links to fake websites before they are sent. Yet privacy regulators are unlikely to ever agree to that.

So instead BICS is calling for “greater collaboration between telecoms firms and governments, better relations between countries, and more effort from the companies on sharing information on the latest vulnerabilities”.

When it comes to fraudulent telephone calls, there has been a big increase in so-called “robo-calling” – automated voice calls in recent years.

Call authentication systems do exist that can help stop them, and the UK’s telecommunications regulator Ofcom says it is consulting with the telecoms industry to see what can be implemented, and how soon.

“These criminal scams are becoming more sophisticated and tackling them requires efforts from a range of bodies,” says an Ofcom spokesman.

“We’re working closely with the police, industry and organisations such as NCSC [the National Cyber Security Centre] – which is responsible for cyber-security standards in the UK – to help tackle the problem.”

New protocols developed

An international standards body, the US-based Internet Engineering Task Force (IETF) has also developed new protocols to prevent robo-calling.

In a nod to James Bond, the system is called “Stir and Shaken”. US authorities have ordered mobile operators to implement the protocols by the end of 2021, but Ofcom says UK providers can’t do so until networks are sufficiently upgraded, by 2025.

As phone and text scams are not going away anytime soon, Amanda Finch, chief executive of professional body, Chartered Institute of Information Security, says: “There’s always more that telecoms firms could do”.

“But, security is a continually moving target… basically everyone has to be vigilant,” she adds.

Meanwhile, Robert Blumofe, chief technology officer of cloud security firm Akamai, says: “I don’t think there’s a world anytime soon where we can train people not to be fooled, so the solution has to include a way to block the response the text messages are trying to elicit.”

How to report online scams

How to report online attempts to steal your money

With scams spiking during lockdown, here are some of the ones to know about – and how to get support

Fresh warnings have been issued over a new scam that claims payment is required for a package to be delivered.

The latest con involves the victim receiving a text message from “Royal Mail”, claiming that a parcel is ready for delivery, but that an additional fee of £1.99 or £2.99 is required.

A link is shared for the recipient to click through and pay the alleged fee, only to be directed to a copycat website operated by fraudsters.

One victim revealed on social media in a tweet that went viral that such a con had left her “scammed out of every penny I had” after fraudsters telephoned her pretending to be her bank and asking her to move money around.

The Chartered Trading Standards Institute (CTSI) and Royal Mail have both warned that such messages are fraudulent, with the CTSI adding that such scams have surged over the past year.

“This delivery scam is yet another example of fraudsters attempting to make money out of the unsuspecting public,” said Katherine Hart from the CTSI.

“Due to the lockdowns, many millions of people rely on product deliveries, so scammers have focused their efforts on this theme.

“If you have any suspicions, contact Royal Mail to verify before you click any links or share details,” she added.

A spokesperson for Royal Mail said the service would only ever ask for payment by email or text message if a parcel had been sent to them from overseas and a customs payment was due.

“In such cases, we would also leave a grey card telling customers that there’s a Fee to Pay before we can release the item.”

But what other scams exist and what should you look out for? Here’s everything you need to know.

National Insurance

Action Fraud, the UK’s national reporting centre for fraud and cybercrime, is warning the public about a National Insurance scam after it received over 34,000 more calls last month compared with February 2020.

Victims have reported receiving an automated telephone call telling them their “National Insurance number has been compromised” and that they must “press one on their handset to be connected to the caller” in order to resolve the issue.

Once connected to the “caller”, victims are pressured into giving over their personal details in order to receive a new National Insurance number. In reality, they’ve been connected to a criminal who can now use their personal details to commit fraud.

Pauline Smith, head of Action Fraud, said: “We are asking the public to remain vigilant and be cautious of any automated calls they receive mentioning their National Insurance number becoming compromised.

“It’s important to remember if you’re contacted out the blue by someone asking for your personal or financial details, this could be a scam.

“Even confirming personal details, such as your email address, date of birth or mother’s maiden name, can be used by criminals to commit fraud. If you have any doubts about what is being asked of you, hang up the phone. No legitimate organisation will rush or pressure you.”

HMRC (tax scams)

With the end of the tax year approaching, scams relating to tax payments, bills and rebates are on the rise. Her Majesty’s Revenue & Customs (HMRC) received over 900,000 reports of HMRC scams in 2020, with more than half of these offering fake tax rebates.

Common scams include messages claiming you are owed a tax rebate, that you’ve missed an important deadline, or warning that you have an outstanding fee to pay. Scams exploiting the Covid-19 pandemic have also been reported, with people receiving texts stating that they are owed a “goodwill payment” due to the coronavirus. Others demand a £250 payment after individuals are accused of “breaching lockdown restrictions”.

HMRC has said that it will never send notifications by email about tax rebates or refunds and advise recipients not to open any attachments, click any links or share any personal or payment information. It adds that if you are unsure about the legitimacy of a message you receive by email, text message, WhatsApp, social media or telephone, you can forward the details to the National Cyber Security Council at phishing@hmrc.gov.uk.

Genuine emails from HMRC should all end in ‘gov.uk’ only. Any additional words, letters or numbers following this are likely to be fraudulent. Don’t click links contained in emails or messages claiming to be from HMRC – log in to your account, email or telephone them directly to be certain it’s safe.

You can also see examples of HMRC scams by following this government link.

Investment fraud

Fraud

Investment fraud occurs when you receive a cold call from someone claiming to offer you an opportunity to invest in a scheme, service or product that is actually worthless or doesn’t even exist. It’s also known as share sale fraud, hedge fund fraud, land banking fraud or bond fraud. The majority of investment frauds are run out of offices known as boiler rooms. Victims may also be offered “special discounts”, “insider info” or “exclusive” stock tips.

Boiler room operations often contact victims out of the blue and pressure them into making rushed decisions with no time to consider the nature of the investment. Callers often sound extremely knowledgeable and professional, and may produce polished-looking websites, certificates or brochures to “prove” their authenticity.

As well as never providing bank account details or sensitive information, never accept investment offers on the spot from cold callers. Instead, look at the Financial Conduct Authority’s ScamSmart warning list which acts as a barrier between unscrupulous scammers and you.

Sadly, boiler room operations tend to target people aged 65 and older, so it’s important to talk to older family members and vulnerable people to help them spot bogus callers.

Netflix

Action Fraud received over 400 reports in just one week from people reporting fake emails purporting to be from Netflix. The emails state that the recipient needs to “finish signing up” by clicking the link provided before they can use the online streaming service. Doing so, however, takes victims to phishing websites that steal your Netflix login, personal and financial information.

Netflix says that it will never ask you to enter personal information in a text or email. This includes credit or debit card numbers, bank account details and Netflix passwords. If you think your account has been compromised, Netflix advises you to contact it directly using the details on this page.

Romance fraud

Romance fraud occurs when a person you’ve met through an online dating website or app uses a fake profile to build a relationship and gain your trust before asking you for money or information to steal your identity.

Tell-tale signs include asking you lots of personal questions but disclosing very little about themselves; and exploiting your trust by inventing a reason to ask for your financial assistance, such as money to pay for a flight to visit you, or money for medical treatment for them or a family member. “Perfect” profile pictures can also be a giveaway and may have been stolen from a model or actor. Using the reverse image search tool on Google can help you find the original source of photos.

To avoid getting caught out by romance fraud, avoid revealing too many personal details when dating online, such as your date of birth or home address, which may result in your identity being stolen. Never send or receive money or share your bank details to someone you’ve met online, no matter how convincing their story is. And, if you’re online dating, choose a reputable site or app and use their messaging service, rather than switching to social media or texting, where messages can be deleted more easily.

According to Action Fraud, women are twice as likely to fall victim to romance fraud and investment fraud twice as men.

Paul Davis, retail fraud prevention director at Lloyds Bank, said: “Scammers do this for a living – they’re in it for the long game and will often spend a lot of time building up a ‘relationship’ and trust – they can invent convincing stories, waiting for the right moment to start tricking people into sending them money.

“If you’ve struck up a conversation or begun a relationship solely online and the discussion moves on to sending money, that’s the time to stop.”

Fraud recovery

As if being scammed once isn’t bad enough, data from the National Fraud Intelligence Bureau (NFIB) found that over £373 million was lost by repeat victims of fraud in the 2019/20 financial year, with the average victim losing £21,121. However, when someone reported at least one investment fraud, this figure jumped a staggering 300 per cent to £84,604.

A fraud recovery scam is when criminals contact victims pretending to be from their bank, a law enforcement agency, solicitors or “specialist recovery firm” claiming to be able to help them get their money back or compensation. Incredibly, this is often the same criminal targeting the victim again, or the victim’s personal details may have been sold on the dark web to other fraudsters. Scammers will usually ask for a fee for this “service” and may ask victims for their bank account details so they can “deposit” the recovered funds.

Mark Steward, executive director of enforcement and market oversight at the Financial Conduct Authority said: “Consumers should always be wary of cold calls and promises to recover funds lost to a scam, as these are often signs of an attempted recovery fraud taking place. If you’re under pressure to make a quick decision or a payment, there’s a very good chance you’re talking to a scammer.

“Be ScamSmart and check the FCA Register to make sure that the firm you are dealing with is authorised to perform the service they are providing for you, and use the contact details on the FCA Register.”

TV Licensing

While this particular scam was first identified by the NFIB in September 2018, scam emails purporting to be from TV Licensing resurfaced again in October 2020. Victims receive an email which states that there is a problem with their Direct Debit that needs addressing in order for them to continue watching TV legally at home.

Victims are then urged to click a link, which directs them to an authentic-looking website that prompts them to enter their home address and bank details, which are duly stolen by scammers.

TV Licensing say that in emails, it will include your name and part of your postcode, compared with scam emails which often just use your email address or “Dear customer”. All legitimate emails from TV Licensing come from donotreply@tvlicensing.co.uk (or donotreply@spp.tvlicensing.co.uk). If you think you’ve been a victim of a TV license scam, contact Action Fraud or email the government’s fraud service at report@phishing.gov.uk.

What can I do if I think I’ve been a victim of fraud?

If you think you’ve been a victim of fraud, you can contact Action Fraud for help and advice. You can also forward details of suspect scammer to the National Cyber Security Centre.

Phone Scams

Almost £13,000 scammed from Armagh and Tyrone victims

Two people were scammed out of almost £13,000 last weekend, the PSNI has said.

One of the victims had nearly £10,000 taken from their bank account after they gave their bank details over the phone, while the other lost £2,500.

Both of them were scammed by people claiming to be from BT within a day of each other.

The scams happened on Friday and Saturday in counties Armagh and Tyrone.

The second victim was kept on the phone for about three hours and persuaded to download software, which resulted in the victim being swindled out their money.

Scammers will use any tactic

Chief Superintendent Simon Walls has called on families to stay alert and for people not to give out financial details over the phone.

“I want to appeal to family members to do all they can to let their loved ones know, especially those who are older and vulnerable, never to give out any kind of financial details over the phone or to download software during a call unless they are 110% sure it is safe to do so,” he said.

“Scammers are creative and will do whatever they can to con people out of money. They don’t care who their victim is, they just want the money and will employ whatever tactic is necessary.”