This time of the year is a busy one for cyber criminals looking to make a quick buck off people shopping for loved ones.
With Black Friday and Christmas around the corner, consumers are being warned of web links to fraudulent websites posing as legitimate retailers.
These sites, set up to harvest victims’ payment details, are being advertised on platforms such as Facebook and Google.
Often the ads aren’t taken down until they are reported and investigated, giving con artists a window of opportunity to make their money.
And it’s so easy to set up a company and website without having to show any ID that the scammers can simply repeat the process over and over again.
This form of racket has seen a substantial rise over the past six months, along with people being tricked into signing up to fake cryptocurrency exchanges.
Con artists have also been gathering enough information from people’s social media to pose as relatives asking for money, while holding a coherent conversation about the family.
They have also been setting up fake customer support accounts for well known retailers, tricking people into parting with their hard earned cash on online forums.
As criminals get better and better at looking the part online, Rory Innes, founder of the UK-wide Cyber Helpline, says telling shoppers to remain vigilant isn’t enough.
He tells Metro.co.uk: ‘Right now we say the onus is on the user to spot a scam and they should be able to pay attention, take the time and decipher whether this is a scam or not.
‘Okay ten years ago when it was a “prince of Nigeria” offering a billion pounds that was probably okay, you could say to someone “look be sensible”. I think that advice is no longer a viable option, it’s become too sophisticated.
‘To really decipher whether a website is legitimate you have to look at Companies House, you have to look at the DNS records – the average user is not going to do that and can’t do that.
‘I think we’re past the point where the advice is just “you should be more careful”.
Some more advice from the Cyber Helpline
• Some people are lonely at Christmas – this presents a good opportunity for romance scams and sextortion attacks.
• Lots of people have money concerns before and after Christmas – a good opportunity for investment scams and fake loans.
• Everyone is shopping – peak time for fake shopping sites, shopping fraud and fake communications from couriers/shops etc. This is likely to be exaggerated this year with a likely shortage of stock in shops.
• High emotions – family get togethers and an emotional time can lead to breakups, fights and domestic violence. We often see spikes around online harassment and cyberstalking and revenge porn around this time.
• Families communicating with each other online – people are expecting to click on online christmas cards, emails etc. Good time to imitate messages from loved ones and deliver something malicious.
• New devices and young people online – lots of people will get new technology at Christmas and lots of young people will get their first devices. These devices need set up securely and new users need some education around staying safe online.
‘We have to look at collective action from how you set up a company to how you buy a domain name to how you can operate these things. We need a better solution for all of it.’
Mr Innes, whose team provides free help for victims of cyber crime and online harm, says there has been an rise in fake social media pages impersonating a business’s customer service team.
‘If somebody’s on Reddit or Facebook saying “I’m looking for a cheap bike” or whatever, some fake bike shop or Amazon support person will message them directly.’
‘They’ll share what looks like a legitimate link that takes the user to a fake website where they hand over their payment details. I would say we’re seeing that much more in the last six months.’
Mr Innes says scammers are also posing as financial advisers or representatives of cryptocurrency exchanges.
If someone famous were to tweet about cryptocurrencies, they might take the opportunity to jump into the comments section and offer someone a deal.
‘What you’re seeing is people thinking they’re getting a tip but really it’s just a team of scammers trawling the comments and using the credibility of the original post to get past that first barrier of suspicion,’ Mr Innes adds.
The Cyber Helpline CEO says his team have noticed much more ‘malicious advertising’ linking to impostor websites tricking people into buying fake products.
He adds: ‘Again, they’re getting past that legitimacy test – if it’s an advert on Google or and advert it must be legit, right?
‘They’ll eventually be reported and taken down, but only after a period of time. It’s pretty easy to set up an account on Google Ads.
‘You can register a company on Companies House for £10, get an account up and running and then get some adverts out, and until the point enough people say this is malicious, there’s this window of opportunity.
‘Once that gets stopped you just create another company through Companies House, create another Google Ads account then off you go and do the same thing.’
‘There is more due diligence that has to be done in certain industries and more controls could be put in place for advertising.’
‘Part of the problem is it’s too easy to create a business in the UK. You don’t actually have to give any ID to create a company in Companies House. It’s absolute madness, from a scam point of view but also from a tax position.
Virtual currency scams have gotten so big over the past six months, Mr Innes says people are even being tricked into investing by con men using dating apps.
They are linked to fake exchanges, given a login, can see a fake balance and even get an ‘account manager’ texting them once a month to see how they are doing.
‘For a period of time you think you’re getting amazing returns because you’re watching your balance go up and up and up,’ says Mr Innes.
But when people try to take their money out, they’re often told something along the lines of ‘you need to pay these taxes to get your money’, he adds.
When they do that, they’re told ‘something has changed, you have to pay this’, an it keeps going on and on.
The Cyber Helpline has also picked up on a relatively new scam which sees someone posing as as a family member, and texting a victim saying ‘my phone’s broken, I’m now using this number’.
‘They’ve built up enough information from social media to have a rough conversation with you about other people in the family, “how is Lisa?” for example,’ says Mr Innes.
‘Eventually they’ll say “actually I’m struggling with something at the minute, could you send me £200?” It’s usually the mum or dad interestingly.’
‘We’ve started to see that spring up quite a bit. Cyber criminals investing much more into sourcing these victims, rather than just spraying and hoping to get someone – they’re now targeting much better.
In lieu of any substantial legal changes, Mr Innes says there’s not much his team can do other than offer the same advice: ‘Don’t be rushed, trust your gut, be careful and look through everything thoroughly’.
He adds: ‘It’s hard for me because I really want to get that advice out on these basic concepts, but I think now we’re starting to fiddle while the world burns.
‘We’re asking the general public to be cybersecurity investigators every time they get a communication, an advert, a picture on social media. End users need to be protected, they shouldn’t be a line of defence.’
A Facebook company spokesperson told Metro.co.uk: ‘Facebook is dedicating significant resources to tackle the industry-wide issue of online scams by working to detect scam ads on our apps, block advertisers and, in some cases, take them to court.
‘While no enforcement is perfect, we continue to invest in new technologies and methods to protect our users from this kind of content.
‘We have also donated £3million to Citizens Advice to deliver a UK Scam Action Programme to both raise awareness of online scams and help victims.’
A Government spokesperson added: ‘We will not tolerate criminals lining their pockets at the expense of law-abiding citizens, and are deeply concerned about the devastating impact fraud can have on victims.
‘We are giving an extra £63million to police so they can crack down on fraud and recruiting specialist fraud officers as part of our commitment to bring in 20,000 new officers.
‘Earlier this year, we set out our plan on how we will go further to tackle this issue together with industry, regulators, consumer groups and law enforcement.’
Metro.co.uk has contacted Google for comment.
Get in touch with our news team by emailing us at firstname.lastname@example.org.
For more stories like this, check our news page.
Source: Read Full Article