Scams: The summer pandemic

Citizens Advice recently reported that over 40 million people have been targeted by scammers during the cost-of-living crisis.

Our research reveals that despite spending more time than ever online, Brits are failing to take basic security steps, leaving themselves exposed to scams.

Rightly research, conducted among over two thousand adults across the UK, found that almost half of Brits (48%) have fallen victim to a scam or come close, with over a third (37%) losing money as a result. In London, these figures are even starker, with nearly two-thirds (64%) having experienced a scam or having come close. Younger people are particularly vulnerable to scams with 42% of 18–34-year-olds, and the same proportion of 35–44-year-olds having previously fallen victim, despite both these groups indexing in confidence that they are safe from online harm.

With that in mind, we thought it would be a good opportunity to highlight some of the new scams doing the rounds.

1. Latest Amazon Scams

Amazon scams continue to appear. One recent example is where, scammers masquerade as a member of the Amazon Customer Support Team, supposedly getting in touch to inform the victim of a cancelled order. Here the message invited the individual to open an email attachment, which was dressed up as an invoice, but in fact, contained dropper malware capable of setting the stage for several secondary attacks.

In another email campaign, recipients were prompted to update their Amazon payment information. The link provided led to a page that closely resembles the legitimate Amazon website but is built to harvest any information entered by the victim.

The advice for shoppers hoping to avoid these kinds of scams over Amazon Prime Day is to protect their devices with leading antivirus software and to pay close attention to oddities in the emails they receive (e.g., spelling and grammar mistakes, abnormal sender address etc.) that might betray a scam.

Another sensible precaution would be to navigate directly to known Amazon domains when making purchases, account changes and the like, even if an email message looks entirely legitimate.

2. Cost of Living Scams

Be warned, quite a few cost-of-living scams are doing the rounds as fraudsters try to take advantage of people trying to save money or make a bit extra and cope with rising costs. The crisis is also a breeding ground for scammers and fraudsters looking for ways to exploit the financially vulnerable.

One is the fake insurance scams where motorists may be tempted by supposedly cheap insurance deals - particularly young drivers, who often pay more for their insurance and may be inexperienced at buying cover.

But insurance giant Aviva has warned people to watch out for offers from unsolicited or unusual sources - particularly if it's via social media or word of mouth.

'Ghost brokers' pretend to be genuine brokers offering car insurance. Policies are bought through legitimate companies but using false information which is then doctored and sold on - it's often only when someone claims that they realise the policy isn't valid.

People can check a broker's status on the Financial Conduct Authority or British Insurance Brokers' Association websites or contact insurers directly.

The other big one doing the rounds is the holiday scam. Holidaymakers may be looking to cut their costs on getaways, but it's worth remembering that Action Fraud figures show victims of holiday and travel-related fraud lose £1,868 on average. Action Fraud suggests people check whether firms are members of ABTA - look for any slight changes to the website you are viewing, such as the domain name going from.co.uk to .org - and do a thorough online search for reviews to see if anyone else has had problems with the company.

3. Natwest customer's bank card scam

NatWest is warning people to watch out for scammers as the bank prepares to change all its debit cards. The bank has written to its customers to say that it is changing its debit cards from Visa to Mastercard which shouldn't have a big impact on its own. However, fraudsters thrive on changes like these. Although this won't affect their accounts, it could be the perfect breeding ground for scammers, it has warned. In a letter to customers, NatWest said: "Scammers like it when people get new cards, so always look out for unexpected phone calls, texts or emails from anyone claiming to be from the bank."

4. New Facebook scams

Last year, Facebook Marketplace passed one billion global users. In so doing, it's become a giant in the consumer-to-consumer space, allowing individual Facebook users to buy from and sell to each other seamlessly. It's free and simple to use, as most people already have a Facebook account. It allows users to search for listings from their local area, making pick-up much easier. And because people can view sellers' profiles, they feel more assured of safety and security on the site. Unfortunately, this is often a false sense of security.

Facebook Marketplace is often used to leverage fraud, potentially on other platforms. In one example, the scammer agrees to buy an item. But then after taking the conversation onto a non-monitored platform like WhatsApp, they ask the seller to authenticate themselves with a verification code. The code sent to the seller's phone is a two-factor authentication code sent by Google Voice and initiated by the fraudster. Now they can create an account using the seller's phone number, which can be used in other scams. With more information still, they could attempt to open other accounts in your name or access existing ones.

Likewise, watch out on Facebook Marketplace for fake products. Designer clothes, perfume, jewellery, and cosmetics are particularly common targets for counterfeiting. Like defective item scams, it's difficult to ascertain whether they're genuine or not just from a small photo. Everyone's looking for a bargain. But when offers seem too good to be true, they usually are.

5. New DVLA scams

The DVLA has issued a warning to motorists about new scams that could empty their bank accounts.They include:

• The ‘DVLA vehicle tax refund’ scam – a scam text that warns people about an outstanding vehicle-tax refund and usually includes the amount you're supposedly owed, and a link. By entering your bank or card details, you've played into the scammers' hands.
• The ‘DVLA is trying to contact you’. In this scam text, people are told that the DVLA has been trying to contact them and that action is required, along with a link.

6. Post and delivery scams are on the rise again

Watch out for delivery scams – they are on the rise again. There are a variety of text messages doing the rounds designed to harvest your personal and financial information. Scams that arrive by SMS are also called ‘smishing’ attacks.

Text messages include:

• Scam 1: A text message states there is a package that needs to be rescheduled and asks you to press on a 'bit.ly' link. The link takes you to a scam site asking for payment. Do not click on this link.
• Scam 2. A text message saying a parcel is waiting for delivery. Please confirm the settlement of 2.99 (GBP) via a link. Do not click on this link.
• Scam 3. A text message saying a parcel is ready for collection. A link takes you to a fake website (royal-mail.cloud) where you'll be asked to make a payment.

7. Ukraine love scam

Romance scammers can make easy money exploiting people looking for love, but in this newly observed campaign linked to the Ukraine war, they are playing on deeper emotions.

Currently, there is an online dating scam that is exploiting its victims with the promise of romantic connections and even relationships with women in war-torn Ukraine. Subject lines vary but are known to include ‘Enjoy dating hot Ukrainian singles’; ‘Ukrainian beauties for love and more’; ‘New private message from your Ukrainian girl’, and so on.

Targets who fall for this, click the links in the spam emails and are redirected to insecure dating platforms that solicit personal information including birthdates, gender and dating preferences. Then, they’re redirected to another online dating platform where they can start interacting with women. However, this doesn't come for free, with packages running into the hundreds of dollars for the ability to send emails, chat, and unlock profile pictures.

8. WhatsApp Scam – family member asking for money

A dad recently revealed how he was nearly conned out of thousands by a very convincing WhatsApp scam – and avoided being fleeced – because of punctuation mistakes. The scammers were posing as his son and trying to convince Dad to send financial aid. 'Dad, I planned to make a payment today but as you can see, I won't be able to do that myself,' the scammers wrote in a WhatsApp message. But he quickly realised that it wasn't his son sending the messages. 'My son is an English teacher, so the lack of grammar and full-stops alerted me'. Always double-check the authenticity of such requests with family members directly through some other means such as a phone call.

9. Summer Festival scams

With the music festival season in full flow, there has recently been an 'explosion' of festival fraud as scammers prey on music fans. Festival and concert ticket scams have soared six hundred percent this year, as criminals lure fans with fake ads and prey on those planning for a summer with no coronavirus restrictions.

Experts warned that football matches and concerts were most likely to feature in fake ads on social media, where tickets were already sold out. The most in-demand events are those which are easiest for scammers to impersonate, as fans are desperate for tickets. Victims are losing hundreds of pounds to these types of scams, particularly when buying tickets for friends or family, where losses can easily run into the thousands. Avoid buying tickets sold on sites like Facebook Marketplace, and other free online listings and always stick to reputable ticket sellers. Watch out for prices that seem too good to be true.

10. You're the new Prime Minister

A new phishing scam has been circulating on people's phones telling them they have landed a job in the Prime Minister's cabinet. Unbelievable, but you don’t have to accept to get caught.

The text reads: "Congratulations! You are now part of the UK Prime Minister's cabinet. Please respond with your location and a car will collect you momentarily. Reply 'STOP' if you wish to decline."

Experts warn that the average person may be able to identify this is a scam, but it tricks users by inviting them to reply to it even if they aren't interested. By replying ‘STOP’, users could be giving hackers access to personal information like email addresses, phone contacts, locations or even credit/debit card information.

While these types of scams might seem obvious to some of us, it was reported that £2.3 billion was lost to tricks like the above in 2021, showing that not everyone in the UK is technically savvy enough to spot the fakes.

Act now to be safe online

So, with these ever-increasing scams doing the rounds, how can you best stay safe online. Here are five quick things you can do:

1. Many people, as many as 82%, reuse passwords on multiple sites. DON'T! You are much safer to use different passwords for each site. To help, use a ‘Password Manager’ app for added security.
2. Clean up your data footprint by deleting your data from those that don't need it. Rightly Protect allows you to request data deletions to as many companies as you like for a single click and for free
3. Keep your software up to date. Old and outdated software is vulnerable to hackers and cybercriminals as updates keep you safe from exploitable holes in your programmes or system. Having reliable security in place is especially important as the release of software update notes often reveal the patched-up exploitable entry points to the public.
4. Always remember to log out: Logging out of a computer is very important because there is a risk with not logging out. One of the factors is using a public computer, this is where anyone can use a public computer when someone is still logged in to an account and can mess with that person's work.
5. Beware of phishing attacks. Phishing is a type of social attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of a ransom attack or the revealing of sensitive information. An attack can have devastating results. For individuals, this includes unauthorised purchases, the stealing of funds, or identity theft.