Authorized push payment (APP) scams
According to trade body UK Finance, there were 57,549 reported cases of APP fraud in just the first half of 2019 – a rise of 69% year on year. Total monetary losses of reported cases reached £207.5 million. There is no knowing how many cases go unreported.
What is an authorized push payment (APP) scam?
An authorized push payment scam is when a criminal tricks you into transferring money into an account controlled by them by making you believe they are a genuine organization such as a bank, a utility company or even the police. This tactic is known as social engineering and criminals are continuously developing and adapting their techniques in order to trick consumers into handing over personal details or transferring money.
Although banks are starting to introduce various defenses in order to try and prevent these types of scams from happening, there haven’t been any signs yet to show them slowing down.
How to protect yourself from APP scams
Never transfer money to somebody who has contacted you out of the blue. If they are claiming to be a company that you have actually done business with before, find the contact details on their official website or look up details from when you’ve had dealings with them in the past and contact them directly.
Check through the email for any urgent or threatening language. Genuine companies will usually be polite and not pressure you.
Remember that your bank will never ask for your details or for you to move money over the phone.
What are investment scams?
Investment scams involve criminals convincing you to move money into a fictitious fund to pay for an investment.
They will promise very high returns and ensure that your money is safe, although the investment is entirely fake. You may be cold-called by the scammer, or they may entice you with an advert on social media. Investment products offered are usually gold, diamonds, expensive wine, property and, more recently, cryptocurrencies.
In the first half of 2019, losses that resulted from investment scams equaled £43.4 million, and this was an increase of 108% year on year.
With scammers adapting their techniques to lure in victims; now creating full websites, social media adverts and even sending out official-looking paperwork, it looks like investment scams will be another big one for 2020.
How to protect yourself from investment scams
Be very wary of any unsolicited contact, such as cold calls or phishing emails, relating to investment opportunities. Genuine regulated investment companies do not cold call customers.
Check with the Financial Conduct Authority that the company is regulated by them. You can do this by checking their financial services register online. If an investment company is FCA regulated then you and your money will have some protection.
Apply a little common sense- if an investment opportunity sounds too good to be true, then it probably is. Any investment that promises a very high rate of return in a very short space of time is very likely to be a scam.
What is invoice fraud?
Invoice scams are when a criminal intercepts a legitimate invoice payment and convinces the victim to redirect the money to their account. This is often done through email hacking and interception.
Where the scammer is targeting a business, they will often pose as one of their regular suppliers – details of which they would have obtained by looking at the business’ emails. They will often target the email account of an employee who deals with payments for the business as they will often be the ones communicating with suppliers.
When the scammer chooses to target an individual, they will look through their emails and try to find a tradesperson they are due to make a payment to or one they have made payments to in the past. This may be a builder or an electrician, but in a worst-case scenario, it could be a solicitor who they’re about to transfer their house deposit to.
The scammer will duplicate that person’s email address and send you an email saying that their bank details have changed so the pending invoice payment needs to be redirected. Alternatively, they may say that the last payment didn’t come through and you need to try it again.
Most cases of invoice fraud relate to non-personal and business accounts as the monetary amounts are often larger, therefore more attractive to criminals.
In the first half of 2019, losses stood at £55.9 million, a 63% increase year on year.
How to protect yourself from invoice fraud
As this type of fraud mostly occurs through email hacking, your email account is the first thing to protect. Make sure you change your password regularly and it is always something complex and difficult to guess.
If you receive an email from someone you have done business with before asking you to change the bank details you have on record for them, contact somebody you know from the company directly and ask if this is legitimate. Don’t reply to the email you have been sent.
If you are making a payment to an account for the first time, send a small amount first and then contact them to make sure the payment has come through. Then send the rest once you have been given confirmation.
SIM-swapping fraud is when a criminal manages to convince your mobile network provider, by impersonating you over the phone, that you want to switch your phone number to another company. Alternatively, they may claim that the device has been lost or stolen, therefore they need a new SIM card.
They are able to bypass security questions as they would have already collected a lot of your personal data before attempting the scam – this is usually through companies who have had a data breach, or by hacking into your email and/or social media accounts. If you have your social media accounts set to public, they may be able to get the information they need just by looking at your profiles, not necessarily by having to hack into your accounts.
Once they have successfully pulled off the switch, they will be able to benefit from everything that having your phone number provides including making and receiving phone calls and sending and receiving SMS messages.
The criminal will also receive any two-factor authentication or one-time passcode texts meaning they will be able to log-in to your personal accounts and perform online banking transactions without you being notified.
According to an article in The Telegraph at the end of November 2019, police data shows that £9.1 million has been lost to SIM-swapping scams over the last five years. The number of reported cases is rising dramatically every year with no signs of slowing down. How to protect yourself from SIM-swapping fraud
It’s very important to limit the amount of personal information you put online, and especially on social media. This is how criminals are able to collect enough data to pull off this scam. It’s also important to be vigilant towards phishing emails, texts and cold calls as this is another method criminals use to steal your information.
Enable two-factor authentication on all of your online accounts that enable it. To protect yourself from SIM-swap scams, use your email address for the one-time passcode to be sent to instead of your phone number. This way, when someone tries to log-in to one of your accounts, you will be notified by email instead of by text so the scammer won’t receive the code even if they have your phone number.
Remote access fraud
This type of fraud occurs when a fraudster cold calls you and explains that they are from a tech support company and there is something wrong with your computer or internet connection. This scam is often targeted towards people who are likely to have less of an understanding of modern technology, for example, the elderly.
The scammer will usually ask you to download a piece of software that allows them remote access of your computer – ‘Team Viewer’ is often used as it’s a well-known and trusted program. Once you have downloaded it and connected it to the scammer, they can see and control your computer screen.
They will then download (or tell you to download) a piece of software that they insist is needed to sort out the supposed problem. This piece of software is likely to spread viruses and malware onto your computer.
This could be a piece of ransomware that locks you out of your computer so they can demand payment for them to unlock it again. Alternatively, they could install what’s known as a Trojan Horse which disguises itself as a legitimate piece of software but actually allows to the scammer to spy on you so they steal your sensitive data and passwords for online accounts. It can also allow the criminal ‘back-door’ access to your computer so they can come back later.
How to protect yourself from remote access fraud
Never let anybody have remote access to your computer, no matter who they say they are. If you have any doubts as to whether the call is genuine, hang up and contact the company they are claiming to be directly. Be careful though as the scammer may have created a fake website or cloned a genuine one.
Never give out any personal details or banking information over the phone unless you have initiated the call and you have got the number from a trusted source.
Make sure your computer is always kept up to date with anti-virus and anti-malware software to protect it from any potential infections.