By Fergal Parkinson, Co-founder and Director of TMT Analysis
Let me ask you to think for a moment about Tunbridge Wells.
It’s a large, well-heeled and attractive spa town in Kent, you may recall, synonymous with buttoned up social attitudes. It has goods schools and the best shops and restaurants for 20 miles in any direction. And it’s famous for its fictitious angry letter writer who signs himself as ‘Disgusted of Tunbridge Wells’.
Now, further imagine that everyone in Tunbridge Wells – every single person, adult or child, of whatever age or status – was a dedicated thief whose goal in life was to steal from others, no matter the consequence for its victims.
It’s pretty much unimaginable. isn’t it?
But that, in a sense, we learned recently, is what is actually happening right now.
A major police operation revealed that a total of 59,000 criminals had been paying subscriptions of between £150 and £5,000 to a website called iSpoof.cc to use technology that let them appear as though they were phoning victims from High Street banks and other major companies.
That number of criminals is the same as the population of Tunbridge Wells – hence using the town as my imaginary model.
It was a global operation involving multiple police forces including the FBI but on the basis of just their initial findings, police here in the UK are now contacting as many as 70,000 people resident here who they believe may have been defrauded in this way.
And the amounts stolen weren’t insignificant: the average loss was said to be £10,000 with one single victim losing £3 million.
At one stage, almost 20 people every minute of the day were being contacted by scammers hiding behind false identities using the site.
In total, 200,000 potential victims in the UK alone are thought to have been targeted, with many more across the world.
And this is just the fraud linked to one single rogue website – there are countless others out there. If iSpoof.cc had the same criminal population as Tunbridge Wells, there’s every chance there are other criminal networks equivalent to countless other towns too: Dorking, Penzance, Nantwich, who knows – maybe even a city or two.
The scale and prevalence of fraudsters in 2022 is a truly terrifying prospect.
So, what can you do to protect yourself?
Well – as we’ve had drilled into us so many times – you can follow the basic protocols to protect yourself. This means above all remembering that your bank will never ask you to reveal your PIN number so if someone asks for that they probably aren’t really your bank.
But I think you already knew that. I certainly hope you did.
Then there’s the second tier of personal protection measures – like varying your passwords across different sites and making sure your phone is securely locked.
But even these protocols don’t guarantee your online security when there are so many scams out there that life online can be a minefield.
It’s at this point that you’re into the realm of relying on the companies that you deal with to have proper procedures in place to guarantee the integrity of their own systems – and those of their individual customers.
And this is where you can find you are being invisibly shielded without even knowing it. Because quite simply: well-run companies use the most robust security systems and when you engage with those companies you can benefit from your association by being covered by their security halo as well as by your own sensible precautions.
Say, for example, that your online security had been compromised – a fraudster had obtained a duplicate Sim and installed it into a different handset to ‘become’ you online. The chances are that in this scenario you wouldn’t know a thing about it initially. The fraudsters won’t count on this situation lasting long however so they will try to maximise the value of their access to your personal data by milking it for as much as they can, as quickly as they can.
This means unusual behaviours – a noticeable change in how ‘you’ usually conduct yourself.
We’ve all had those text messages from our banks asking ‘was this you?’ or asking you to verify a transaction via an app approval or a one-time-password.
But there are also other ‘tells’ associated with fraud which the banks may not spot: when someone’s mobile number is suddenly carrying out transactions from a new handset, or from another country entirely. These warning signs can be spotted in a split second by security experts like us at TMT and others out there – and we will raise the alert.
And that means that, counterintuitive though it may sound initially, in many regards the more active you are online, the more complete your profile, the more transactions you carry out, the more companies and individuals you engage with, then the safer you are. Because not only will you yourself spot rogue activity more quickly but you are more likely to be covered more regularly by this kind of invisible screening.
By being confident and sensible online, you can let my imaginary Tunbridge Wells and its army of crooks look elsewhere for their victims.