Which? is warning consumers about the most convincing scams that have been targeting consumers so far in 2023 so they can take steps to protect themselves.
The government recently published its three-year strategy to tackle the UK’s fraud epidemic, which now represents two in five of all reported crime incidents and is easily the most reported of any crime.
A range of sophisticated scams have been circulating and Which? is encouraging concerned consumers to visit its website for advice in relation to scams, including how to get money back when they fall victim.
‘Pig butchering’ scams have been given their name by fraudsters because they ‘fatten up’ the victim by forming a romantic connection before executing the investment part of the scam. The scammer and victim typically meet on a dating site and the victim is ‘love-bombed’ over a period of weeks by someone who appears to take a great interest in their life. The scammer will often encourage their victim to move from the dating platform to a private messaging service, thus removing them from any protections the dating site might offer.
When the victim is sufficiently groomed, the scammer claims they have been having success investing – typically in property or cryptocurrency – and they offer to invest some of the victim’s money. If the victim consents, they are sometimes shown a crypto trading platform controlled by the scammers, and encouraged to sign up and begin depositing funds. One UK victim, a former Somerset police officer, lost £107k to such a scam, believing she was investing in retirement apartments in Cyprus.
To avoid the scam, look out for signs of ‘love-bombing’, attempts to move onto a private messaging platform, reluctance to meet in person and requests for money or a concerted effort to get the person to ‘invest’. For those in an online relationship, it is worth checking in with a friend or a member of your family on how it is going, sometimes other people can help to spot warning signs and inconsistencies when we are too caught up in the moment.
Fake missing person appeals
There has been a spate of viral fake posts in community pages worldwide about missing children or elderly people. People are asked to share these Facebook posts more widely. Which?’s experts know they are fake because you can find near-identical posts in community pages all over the world, simply with the location changed. Search ‘Robert Spall dementia’ on Facebook and you will find the same post in pages for California, USA and Bogota, Colombia.
Comments are invariably turned off on the posts to avoid people pointing out the inconsistencies. After the post has gained a large number of likes, the contents are edited into something completely different, such as a straightforward investment scam. The large number of likes and shares that stay on the post will then lend credibility to the fraud. This despicable scam relies on responsible citizens liking and sharing posts in an attempt to help – which they do, in large numbers.
While missing person posts can of course be genuine, it can be difficult to tell. To avoid perpetuating a scam or unwittingly participating in stalking or harassment, people are best off only sharing official posts, such as those posted by police forces or the Missing People charity (missingpeople.org.uk). Some regional police forces have warned that you should never like or share a post that has the comments turned off.
This scam starts with people getting a ‘money request’ from a genuine PayPal email address – email@example.com. This might seem above board, but scammers are exploiting PayPal’s service to send out fake payment requests, often for high-value items, or posing as HMRC to demand ‘overdue’ tax payments. In some versions of the scam, the fake invoice states the victim’s PayPal account has been compromised and urges them to call a phoney fraud hotline.
Which? has found it is frighteningly easy to replicate scam emails from a genuine PayPal address. Which?’s request claimed to be from HMRC and threatened the recipient with arrest if they did not pay. Acting as the recipient, Which? researchers were then able to pay the invoice without creating a PayPal account and without encountering any on-screen warnings about fraud.
Consumers should never pay PayPal invoices they do not recognise, or call phone numbers in those invoices. Think about how to independently verify what is being asked. If the message claims to be from HMRC, contact the tax office via gov.uk. If the message claims PayPal has been hacked, contact its Customer Services at paypal.com/uk/smarthelp/
Fake app alert
With 96% of UK mobile users downloading apps from the Apple App Store or Google Play, you would probably assume that these stores are safe places to be, and that the apps on these platforms can be trusted. Unfortunately, that is not always the case. The stores do screen apps before they upload them, but that does not always stop malicious ones slipping through the net. These can install malware on phones, steal data and perpetuate scams.
Last year, online security firm Praedo discovered a so-called security app on Google Play. Calling itself 2FA Authenticator, it actually stole users’ banking information – and had been installed more than 10,000 times before it was discovered. In 2022, Facebook’s parent company, Meta, found 400 Android and iOS apps stealing users’ Facebook login details. App stores do take steps to crack down on the problem, but this is an ever-present threat.
When installing an app, click on the developer’s name and check what other apps it is made to see if these seem legitimate. Check reviews, but remember positive ones can be faked. Read the negative ones, too. The app will likely ask users for permissions: to use the camera, for example. These need to be relevant and proportionate to the functions of the app – an app that only needs a rough location should not ask for a precise one.
As part of its Get Answers campaign, which aims to bring the consumer champion’s free expert advice to more people than ever before, Which? is highlighting the everyday life questions its experts can help to answer.
For anyone who has fallen victim to fraud, Which? is encouraging them to get answers on how to get their money back after a scam.
Lisa Barber, Which? Tech Editor, said:
“It’s appalling that 2023 has seen scammers continuing to thrive, as a new wave of convincing scams bombards consumers from every direction. The sad theme of all these scams is that tech platforms – whether social media, app stores or payment services – don’t always keep you safe.
“Consumers can help protect themselves from scams by accessing the wide range of free, expert advice on Which?’s website, from signing up to our scam alerts service to getting answers on how to get their money back if they do fall victim to fraud.
“Responsibility should not fall solely on the shoulders of consumers. Tech platforms and the government need to up their game and better prevent scammers reaching potential victims.”
Notes to editors
Which? video – How to get your money back from a scam can be watched here. It is also embargoed until 00.01 Monday 22nd May.
Which? advice – How to get your money back after a scam
People can sign up to the Which? scam alert service here
Which?’s Get Answers campaign
Which?’s ‘Get Answers’ brand campaign showcases the breadth and depth of free, accessible and expert advice offered by Which?.
On Wednesday the consumer champion’s ‘Home of Answers’ activity goes live in London, with fly poster QR codes spread around the city allowing people to get answers to life’s everyday questions in an accessible way. TV presenter Laura Whitmore will be helping members of the public to interact with several special QR codes – including a giant parking ticket at a London parking fine hotspot, a jigsaw-themed QR code on the South Bank pointing to advice for family days out, a ‘living’ QR code made of real moss on the way to the Chelsea Flower Show, and a UV QR code in Old Street giving night owls advice on how to sleep better.
Further activity includes a ‘Home of Answers’ day in Manchester on 31st May, in which a billboard will be brought to life with real-life experts sitting behind windows within the hoarding, ready to get answers for passers-by on key issues of the day, from saving money, to travel tips or even avoiding scams.
Right of replies
Which? shared its findings with PayPal, which said it has a ‘zero-tolerance policy’ on fraud attempts, and its teams work ‘tirelessly’ to protect customers, adding: ‘We are aware of this phishing scam, and encourage customers to always be vigilant online and to contact Customer Service directly if they suspect they are a target of a scam.’
PayPal added that it’s currently introducing fraud warnings to invoices and money requests.
Google told Which? it removed the 2FA app from Play and banned the developer. It also said: ‘All the apps identified in the report are no longer available on Google Play. Users are protected by Google Play Protect, which blocks these apps on Android.’
Apple said that of the 400 apps, only 45 were on iOS; it has since removed these from the App Store and the developer accounts were terminated.
Which? is the UK’s consumer champion, here to make life simpler, fairer and safer for everyone. Our research gets to the heart of consumer issues, our advice is impartial, and our rigorous product tests lead to expert recommendations. We’re the independent consumer voice that influences politicians and lawmakers, investigates, holds businesses to account and makes change happen. As an organisation we’re not for profit and all for making consumers more powerful.The information in this press release is for editorial use by journalists and media outlets only. Any business seeking to reproduce information in this release should contact the Which? Endorsement Scheme team at firstname.lastname@example.org.