Want more insights?
Sign up to join our mailing list.
The UK consumer champion publication Which? has always commanded respect and popularity. And amid an on-going cost-of-living crisis it’s perhaps unsurprising that Which? is more revered than ever for its insight, advice and advocacy for ordinary people.
There’s one area amid all their wide-ranging good work where they’ve long been ahead of the curve – and that’s in warning the public about the fraud industry.
Which’s advice on how scams work and how to avoid them is invaluable to millions of people and undoubtedly reduces their vulnerability to being scammed. So when Which? publishes its annual list of ‘scams of the year’, it is perhaps the biggest warning system of its kind.
What I found most noteworthy about their latest list was how wide ranging it was. While the fraudsters’ goal always remains the same – deceiving people in order to get their money – their methodologies range from the technologically cutting-edge to the kind of manual scams that essentially predate the digital age entirely.
So, here’s my summary of Which’s findings:
This is a catch-all term for any scam where people are deceived into allowing money to be moved into and then out of their personal accounts – to allow gangsters to launder the proceeds of other crimes, typically drug dealing. This can be done in numerous ways. Until recently the targets tended to be almost exclusively young people who would be conned by being given a phoney backstory about easy investment opportunities or a lucrative employment opening.
Playing on victim’s own greed is, of course, a staple of con artists going back hundreds of years. But increasingly older people are being targeted too: Lloyds Bank has reported a significant increase in the number of over 40s hit by mule scams recently.
This is also an area where the victims of romance scams can be hit: persuaded to move money overseas supposedly to assist a new love interest in difficulty; in fact, they will be laundering cash for that person and, very often, enabling them to steal their own savings too. These criminals often favour crypto currencies for these transfers.
This really is a retro category: it goes back to the nineties but according to Which? is on the rise again. And, while most fraud has migrated to online over the last 25 years, these remain resolutely non-digital. But, say Which? it’s back in a big way: losses in this sector are said to have risen by 72% in 2022 – and the trend is still growing.
The criminals will clone your bank card and use a hidden camera at an ATM or payment point to watch you input the PIN that goes with it. Or even resort to that old trick of standing close behind you while you punch it in – hence the name ‘shoulder surfing’.
Also recorded in this category is the twin scam of credit and debit card theft based on stolen IDs – whereby the criminals will steal, or forge documents using their victim’s identity and then use them to apply for a new credit card or a new copy of a debit card linked to their victim’s account. Again, this retro sector is booming once again, up 86% year on year, Which? say.
If shoulder surfing is old fashioned, fake apps are quite the opposite: they are at the cutting edge of fraud. But they are going to become mainstream very quickly. The first mainstream coverage of the issue came a year ago, in early 2022, when a fake app called ‘2FA Authenticator’ was discovered on Google Play.
By the time it was detected and could be removed from the platform it had been downloaded more than 10,000 times. The rogue app had hitherto slipped under the radar because it not only looked completely legitimate but also functioned as it was advertised to – ie. it worked. But on the side, as well as providing that real authentication service, it was simultaneously working against the user by secretly disabling other security systems on their devices and installing malware that could harvest their banking login data.
The degree of sophistication at work in this case was frightening – and you can be absolutely sure that the fraudsters will be back with other fake apps in the same vein.
Perhaps the classic scam from the last ten years, this shows no sign of abating. This can come via a variety of media but the biggest two are from direct calls or SMS contacts purporting to be from the victim’s own bank, usually having spoof caller ID so that they very much appear to be genuine calls or messages to the receiver.
The more sophisticated versions of this will be targeted: they will have some of the victim’s details ready to add plausibility and credibility to the exchanges that follow. The cruder versions are simply from automated ‘robocalls’. These will contact victims with pre-recorded messages purporting to be alerting them to, say, a supposed problem like a suspicious payment on their account – and inviting them to press a number on their keypad to deal with it.
But however, the trap is set, the goal remains the same: victims are deceived into handing over sensitive data to enable electronic theft – or actually persuaded to move money themselves to supposedly protect it in a ‘safe’ account which of course then turns out to be exactly the opposite.
There are tens of thousands of these lurking on marketplace sites and the like. Typically, they are offering desirable supposedly-new top end consumer goods at significant discounts on standard prices. They’ll be sold via websites that look genuine to an initial quick scroll which have been bumped into the victim’s timeline via misleading advertising on social media or search engines.
Once a new victim is hooked, they will be convinced that they are making a regular transaction – at terms that are apparently advantageous to the buyer. The victim will be so keen to secure their bargain price that they will more readily agree to comply with these terms that typically involve paying by bank transfer rather than credit card or via PayPal’s ‘friends and family’ function rather than its regular channels. Both make it harder for victims to later recover lost cash when of course the item never comes.
Stick to trusted retailers wherever possible. Don’t download apps from just anywhere but stick to major suppliers like Apple or Google Play – though even then, as Which? have shown, you still need to be cautious.
And never trust links sent in SMS messages – seek out the link yourself separately to make sure it’s the right one. And never trust Caller ID on incoming calls: it can be a lie. And watch who’s watching you any time you use a PIN.
And all this leads me on to where we come in: at TMT we have access to the best data available from the global telecom networks.
This means we can see immediately if a number is genuine or not – or whether it has any connection to fraud at all. While our services are not generally available to individual consumers they are widely used by the better-run companies out there. So, when we say ‘stick with a trusted supplier’ that’s one of the main reasons for doing that: part of the service they’re supplying you with is the most secure environment possible.
So much fraud is routed via mobile phones, that if you know a number rings alarms, you can eliminate a huge proportion of risk just via one stroke.
CMO AND CO-FOUNDER
Sign up to join our mailing list.
Take a look at our latest white paper, Tackling Mobile Identity Fraud in Financial Services. Our our product experts are always on hand to answer any questions!