Just too good to be true…again

We’ve all seen the giveaways on Social Media – whether they are free meals, free holidays, free technology and free cars and we’ve all reacted in the same way, ignoring them. Or have we? Has one particular offer ticked all the boxes and we’ve been tempted?

That’s not a surprise – the amount of personal information available to advertisers on some social media networks means that adds are incredibly targeted today. We can see that in action when you click on a link for a product and then it seems our timeline is awash with similar offers – as we can see from the examples below with these five different ads for the same items that appeared on my timeline within a few days – the legitimacy of the websites hasn’t been verified but that’s another story for another day. This is why social media advertising is an effective solution for many brands – the complex engagement algorithms ensure that we see, frequently, ads for products we like or at least appear to.

The more outlandish the giveaway, the smaller the number of people who engage. However, with over one billion active Social Media users, even a 1% engagement is a million people, all willingly giving away personal (and in extreme cases, financial) data that can be used by advertisers, or worse, sold onto scammers who have more nefarious intentions.

The modus operandi of many of these giveaways is the same. “Like our post, share it with your friends and click on this link so we know where to send the prize”. There is no prize, there is no giveaway. At the best, you will be sharing that personal data, at the worst, by following the link you could infect your machines will all sorts of malicious scripts and programmes that could seriously damage your wealth. The page may look authentic – correct logo, even some branding, but it is so easy to set up as the template of the pages is that of the social media network. People believe that if it is on Facebook/Instagram/Twitter then it must be real. Whilst the networks do their best to remove content that infringes on intellectual property, they often have to work reactively, and that means some damage will be done.

One recent example involved the car manufacturer Toyota, as reported in this article, with the promise of a new car for one lucky person, to commemorate the brand’s 80th birthday. Except their birthday was nearly four years ago and all someone has done is repurposed their marketing from 2017 to make it seem like a new giveaway. That is how easy it is to create these scams. The return on investment for those behind the fake giveaways is minute – personal information is very valuable to rogue parties and so it only needs a handful of people to engage with an ad for the scammers to be in profit.

It isn’t just expensive items that are given away though. One recent example, prior to the return to pubs and restaurants in the UK promised a free meal at a popular chain just for liking/sharing and submitting a few details. With over 50 million Brits unable to eat or drink out since Christmas, the pent up demand to return to something normal was such that no bar or restaurant would need to offer freebies to get people back!

It is unlikely that we will see less of these ads or giveaways, despite our vigilance, which is why we all have a part to play. As Social Media users we can report any ad that ticks the boxes of being suspicious so their abuse teams can investigate; as brand holders we can use monitoring solutions that detect the use of brand names in social media adverts and campaigns and can take action accordingly. But it is important we do something. The ads may have poor spelling, terrible grammar, use misleading pictures and clearly infringe on intellectual property to an extent that they are laughable, but unless we do something they will continue to get more sophisticated and dupe more people.

Building the future one block at a time

Over the last few weeks I’ve taken online classes to try to understand the concept of Blockchain and how it can be used by organisations to create new business models and applications. My interest was peaked by the whole NFT craze within the NBA world (“Top Shots”) and how scarcity and authenticity were managed through a blockchain application.

I have to say I was one of those who scratched my head to understand not just what blockchain technology was, but what the value was for organisations to create business models and applications using the blockchain. The course, delivered by the University of California, Berkeley, helped me fill in some of the blanks I had in my knowledge as well as giving me an understanding as to why organisations are looking at ways to implement blockchain-based solutions to help increase their protection, and ultimately, their customers, protection against fraud and cyber security issues.

It was quite coincidental that during the final parts of my studies there was an interesting new use case in the technology press that ticked a lot of the boxes about brand and risk protection, two usage cases of interest for me.

The United Arab Emirates has launched a new blockchain-based platform called UAE Trade Connect, that at its heart will prevent a number of fraud-based activities in the financial world, including money laundering, bribery and the effects/impact of Business Email Continuity scams (BECs).

The blockchain platform has been developed by Etisalat, the biggest name in the telecoms world in the United Arab Emirates along with a number of major banks and at its heart will ensure that all transactions between the banks are stored in a secure, audited and verified way on the distributed ledger-based blockchain. The advantage of using blockchain technology for the network is that it provides that unequivocal, independent verification of each transaction whilst retaining the sensitive information of each party.

Zulqarnain Javaid, CEO, UAE Trade Connect said, “The announcement is a milestone moment in the financial sector in UAE. Technological advancements are presenting innovative solutions to historic problems and enabling the sector to power forward. The solution is aligned with the UAE government’s vision to bring futuristic technologies like blockchain and will be yet another enabler for economic growth.”

In terms of how it works, each of the seven banks has their own blockchain node within the Etisalat cloud. The banks share a transaction (invoices, funds transfers or settlements) using a fingerprint (called a hash lock) of the data – which means they can’t see the client or the transaction details from another bank.

From a point of view of ensuring complete transparency and auditability, the blockchain solution ticks all the boxes. There are some limitations with blockchain technology within the finance world, such as transaction speed. Due to blockchain being a distributed system, its transaction processing power depends on the computational power of the machines on the network. In comparison to Visa’s 1,700 transactions per second, blockchain can process around 4.6 transactions per second on average. Not too much of an issue if the transactions are settlement payments but if they are for financial market transactions where milliseconds matter, it could be a concern.

In a few years time I am sure blockchain-based solutions will be all around us and they will be considered an integral part of how the technically interact with each other, organisations and the digital world around us. But today, solutions like UAE Trade Connect are relatively unique in terms of brand and risk protection but certainly one that other industries will be looking at closely.

Bad maths – when 401 = 40

Unfortunately, it is rare that online fraudsters are caught, let alone prosecuted which is why the news that one such criminal was arrested and brought to justice is something to note. The case in question didn’t rely on technology or high levels of complex deception, but it underline that often the simplest attempts at scams often yield the biggest results.

In April 2021 in the case heard in front of the Southern District of New York court, the Department of Justice won their case against a Nigerian man, living in Atlanta for conspiracy to commit wire fraud. The guilty party was fined $2.7m and imprisoned for 40 months for his scheme based on Business Email Compromise (BEC), a particular form of 401 scams that target firms to send money to genuine looking third parties.

The defendant worked with a number of other individuals, all of whom targeted large organisations, both in the US and overseas, trying to trick them to pay bogus invoices. The court proceedings outlined the nature of the fraud as follows:

“The group perpetrated a fraudulent BEC scheme through which they deceived dozens of victims, both foreign and domestic, into wiring millions of dollars to bank accounts controlled by the syndicate. The fraud was perpetrated by sending victims “spoofed” emails, which purported to be from counterparties whom the victims knew and trusted, and which contained wiring instructions fraudulently directing the victims to send funds to accounts that were in fact controlled by the defendants and others involved in the scheme.”

In order words, the group gained knowledge of who some of the suppliers of services were to their victims, set up bank accounts in those organisations names and then sent fake invoices to the companies being targeted. Once of the companies defrauded was an intergovernmental organisation headquartered in New York who lost nearly $200,000.

Over the course of a two year period, 35 known organisations were defrauded out of almost $2.7m using a relatively rudimentary approach before they were caught by the FBI.

We are beginning to be accustomed to fraud and cyber attacks at an every growing level of sophistication, which is great. Staff are being educated to see the signs of BEC attacks, social engineering and malware attempts, but sometimes, as this case proves, we also need to ensure that basic procedures on the sign off of invoices and payments are checked and checked again. Many organisations will use specialised payment systems that will ensure any authorised invoices to be paid will only go to the bank details held on file rather than on the invoice, but that shouldn’t stop any organisation just erring on the side of caution if something doesn’t look right.

The sheer AUDAcity of scammers

Two weeks ago auDA, the organization that has responsibility over the Australian ccTLD, .au, implemented a new set of rules on ownership of its domain names. Whilst the changes have been controversial within Australia, it has also led to an increased threat from scammers who have been exploiting the implementation of new rules by demanding the sharing of personal information from registrants.

From the 12th April, all new registrants of .AU domain names, and those renewing existing registrations need to comply with a number of registration criteria, designed to protect Intellectual Property holders. Whilst the sentiments behind this are good, those hell-bent on causing issues are utilising the new rules to try to attempt to hoodwink unsuspecting domain name owners.

The new rules state that to be eligible to hold any name in the .au ccTLD you must first meet the Australian Presence requirement. For organisations, this means being able to meet the Australian Presence requirement by holding an Australian trademark (including a pending application) that appears on the Australian IP database.

Prior to the 12th April, the domain name could be “closely and substantially connected” to the trademark registered, which gave organisations the opportunity to register misspellings and domains with subtle differences, providing additional protection against Typosquatting. The new rules state that domain names now need to be an exact match of the registered trademark (there is some leeway in the use of punctuation and common adjuncts). If an organisation isn’t able to provide the necessary trademark registration then it will lose their domain name.

For some registrations proof of Australian presence or citizenship is necessary, which has led to auDA, issuing another warning about the rise in malicious activities from scammers who have been contacting existing registrants and asking for copies of identification such as passports and drivers licences. The nefarious actions were first seen back in January, with very authentic and official looking emails asking registrants for this information.

Whilst the domain names themselves didn’t appear to be under threat, the fraudsters would use the personal, and in many cases, confidential information from the IDs to either resell or to assist in fraudulent activity themselves, such as applying for loans, bank accounts and other financial instruments.

The changes will impact brand holders in a number of ways. They may now need to look at alternatives as to how they hold and register their .au domain names if they are based outside of Australia as well as potential additional brand protection measures to cover typographic registrations. On the flip side, restricting registrations just to exact trademark records means additional costs for any cyber criminals looking to exploit the IP of a brand as they would need to also consider a trademark registration as well as the domain name.

For more details of the change, please go to auDA’s information page here.

How brands need to remain socially responsible after the Covid-19 pandemic

In many areas of the world the mass vaccination programme is gathering pace and the impact on the return to a near-normal life is becoming closer day by day. Whilst the positive news of the roll-out of mass vaccinating as well as falling infections rates made headline news, the increase in scams, brand infringements and cyber-attacks hasn’t been far from the surface.

As the lockdown restrictions are lifted slowly for many of us, those who have been hell-bent on exploiting the situation have doubled down on their efforts, shifting tactics from the fear of infection and how to prevent it, to take advantage of the remote lifestyles that we have had to experience. The restrictions placed on society in general has led to a boom in the digital economy as consumers have been driven online.

With so much fear, uncertainty and doubt being spread about the COVID-19 pandemic, many consumers have taken to the Internet to look for testing kits, medicines and of course, vaccines. In the UK today, where the vaccination programme is about to start focusing on the most populous age groups, there is a pent-up demand for the vaccine and that has led to a rise in fake vaccination scams.

Whilst most consumers know that a vaccine is available and being rolled out, some that aren’t in the current, or near future target groups. However, for those who are desperate for a return to a near-normal life or in the hope that concepts like vaccination passports will fast-track access to travel or even sporting and hospitality events, there is still a danger that they will fall foul to the numerous attempts by fraudsters, impersonating health authorities or even the vaccine manufacturers themselves. Scammers and counterfeiters give consumers hope, albeit false, that they have the answers and many have been taken in by this.

Some brand holders, such as Philip Morris International have been waging a war against the detection of illicit and counterfeit goods, albeit in their own industry, for many years. The bootlegging and counterfeiting of tobacco has been a major issue for PMI for over 150 years and they have developed a wealth of experience not only in the detection of products that harm their brand and their customers, but also in working with law enforcement agencies. During the last six months they have been lending their experience, knowledge and know how to other organisations who have been more directly impacted.

Last September in an interview with World Trademark Review, Philip Morris International’s (PMI) Director of Illicit Trade Prevention, Kristin Reif, spoke at length about the changing threat landscape they have seen and how PMI and others have strengthened their Corporate Social Responsibility outreach to protect customers.

“What we saw at the outset of the pandemic was that, true to form, criminals were quickly taking advantage and flooding the market with counterfeit, fraudulent and inferior goods – everything from face masks to gloves to therapeutics. We have a core competency in fighting illicit trade, so it seemed natural for us to get involved. When we looked at our skill sets and competencies, it was clear that we have subject matter expertise in brand integrity so why wouldn’t we try to assist in this area?” said Reif in his interview with WTR.

PMI have been working with organisations such as major pharmaceutical companies, using their resources to develop strategies that both inform customers of the dangers of buying counterfeit and the impact it has on wider society. They view their work as part of their corporate social responsibility, something that extends past just monitoring for counterfeit tobacco.

PMI are not alone in their work. Organisations of all sizes continue to invest in anti-counterfeit programmes, protecting their intellectual property, reputation and ultimately their clients from the harm caused by fraud and scams. However, some firms either choose to ignore the threats associated with their brand or are completely unaware of the dangers. The Covid-19 pandemic is a compelling event for us all – a chance to reset and refocus our social focus.

However, we all have a part to play in the solution. Consumer education cannot be underestimated in a time of fake news, fake advertising and fake products being pushed in front of our collective eyes. Brand holders need to ensure they are doing their part too, monitoring for infringements that could damage consumer confidence as well as harming their reputation. Social responsibility means all of us being part of a solution rather than adding to the problems that the pandemic has caused.

In a (super) league of their own

The news this week has been dominated by one story – the creation of the European Super League. The reaction from football fans, non-football fans, business leaders and politicians has underlined the magnitude of the situation, with everyone having an opinion on the rights and wrongs of the news and its impact on football in general.

It it relatively clear this wasn’t a decision that was made in the past few days, or even in the last week. There are twelve football clubs from England, Italy and Spain involved, plus a US financial backer. Add in legal teams, branding consultants and other entities and it becomes clear this would have been in the planning for some time.

The European Super League is a new brand, launched as the organisation that will (at the time of writing) oversee the competition which will (probably) start at some point in the future. When the news started to leak out on Sunday evening, there was a lack of any concrete information available online, but come the morning of Monday 19th April, there was a press release and a website ready, complete with its own domain name.

Any organisation, which is planning on launching a new brand, needs to take a number of steps to ensure they have understood the digital landscape and that they are not either infringing on someone else’s Intellectual Property or that they can protect their new brand/business name as quickly as possible. There is always a danger of a leak, as with the European Super League, which could lead to domain name speculators trying to make a quick buck by registering potentially infringing domain names. Whilst there is always a legal course of action open to recover infringing registrations, in many instances the costs could be prohibitive to a new entity.

The other issue is time – dealing with IP infringements or negotiating the purchase of digital assets takes time which could in turn lead to delays while recovering or purchasing (at a huge premium) the required domain names or worse registering a whole new set of domains and trademarks.

It is therefore essential to have a brand launch strategy, one that encompasses the necessary steps to obtain the intellectual property before and general launch, or potential leaks. In the case of the European Super League it seems the organisation were thinking ahead, purchasing the domain name on the secondary market six months ago as the following information shows.

A brand launch strategy needs to encompass domain names, trademarks, copyrights and now, more than ever, social media handles. Interestingly, the Twitter handle “TheSuperLeague” was registered back in September but as yet has not tweeted nor does it have any followers or information in its bio, a similar situation to the Facebook Group name.

On the domain name side, thesuperleague.net was registered on Sunday (via GoDaddy) whilst there are existing domain names and websites in use relating to Rugby League’s Super League (such as superleague.co.uk) which could cause some confusion.

Any organisation or brand that is considering creating a new entity should have a brand launch strategy in place. This should include:

  • An understanding of what the brand name translates to both in common language but also when you push the words together – for instance Powergen Italia looks fine written like that but remove the space in between the two words and it is a different story.
  • Does the brand name have alternative meanings?
  • What is the budget for acquiring the assets?
  • What digital assets are available and what could be purchased at low cost?
  • What trademarks already exist for the brand, where and in which classes?

Naturally, the ongoing success and reputation of any new brand needs to be underpinned by a brand monitoring and protection programme which is able to frequently, if not constantly, monitor for any infringing registrations of domain names, trademarks or social media handles as well as the content associated with them. Based on the outcry at the proposed European Super League that may be a very busy job indeed at the moment.

Pop Quiz

“The name of your first pet + your mother’s maiden name is your stripper name”

I’m sure we have all seen similar questions on Social Media that are designed “just for a laugh” and when we read some of the responses they can be quite amusing. But they are also very revealing. Too revealing in all honesty.

Mother’s maiden name is a frequent question that is part of identification and verification used by many banks and institutions that keep our personal and financial information secure. Whilst we may feel the question is harmless, if a criminal is trying to build a profile of someone, then it is another piece in the jigsaw. Questions about people’s first cars, favourite teachers and best holidays can easily be neatly packaged into something that looks fun on Social Media but is designed to gather valuable information.

Whilst “Speedy McGraw” may mean nothing to anyone else, to a criminal it is two pieces of valuable information they can use in the future not just to try to trick you into revealing more information by pretending to be from a bank or other official institute that needs to urgently discuss important matters with you, but can be very valuable to resell onto more hardened criminals whose intentions are certainly not whimsical.

A large number of people seem to think because someone is asking a question on Social Media then their identity and intentions are known and well meaning. Few of us would respond to a random email asking such questions as “Can I just ask what is your Mother’s maiden name?” nor would we give that information to a stranger who approached us in the street, but on Social Media, as part of a “bit of fun” then many people share away.

For those who are active on Social Media, it is important to ensure your have the right levels of privacy on your profiles and limit who can see that information. Is it really necessary to have your full date of birth on there for instance? All your family members? First School? Pet Names? And so on. Cyber criminals can build profiles in a matter of minutes for some people and then put in place sophisticated attacks that can be devasting.

We all have a part to play in keeping ourselves and those around us safe – a good starting point is just to think what you are sharing and who with.

Daisy May – April 2021, Milton Keynes

How the Theory of Marginal Gains is creating a fraudsters paradise

I’m a firm believer in the power of marginal gains. The Marginal Gains Theory is concerned with small incremental improvements in any process, which, when added together, make a significant improvement. The challenge is always to break something down into small enough increments that they are easily achievable and measurable.

Another way to look at marginal gains is to measure actions by return on investments – if I invest my time/resources/cash into something, then will the return increase based on the the level of investment. For most of us, we make decisions like this multiple times a day. Should I have that extra sausage for breakfast? Should I go a bit above the speed limit to get home quicker? Should I spend an additional hour in the pub? All of these decisions potentially have marginal gains for us but the question we need to ask ourselves is whether the return, whether that is a reward or a penalty, is worth it.

If you look closely at any attempted fraud or robbery, whether physically or virtually, there is a trade off for the perpetrators of risk versus reward. The risk of getting caught or the risk of investing in a scheme more often than not far outweighs the potential reward, which can be substantial in some cases. However, the greater the risk of detection and punishment does deter the vast majority of people from committing crime. Likewise, most frauds and robberies are easy to spot and whilst the vast majority of attempts are foiled, either by the authorities or by our own knowledge, the return on investment for some is relatively small and that is why fraudsters will still attempt to create outlandish scams, knowing that a small number of people tricked gives them the reward they need.

However, there is a growing trend of people falling victim to scams that start with a legitimate looking request for a small amount of money, that soon escalates into something far more sinister and damaging. Using the surge in home deliveries as their modus operandi, scammers have been sending text messages to people informing them that they need to pay a small fee, usually less than £2, to have an item delivered. The small amount and the impression it comes from the Royal Mail (the URLs used in the message tend to feature the words “Royal Mail”) have the message believable, as too does the page whereby the receiver is asked to enter their details. But, this is a scam that does not just want your £2.

The BBC reported a story last week of a former Police Officer who received such a message and believing it to be genuine, followed the link and paid the small fee. That then opened him up to a whole multi-level scam that eventually resulted in him losing thousands of pounds. His story is not uncommon – just a few weeks ago a respected, experienced current affairs journalist and TV/Radio presenter tweeted an image of a text she had received, asking her followers if it was genuine such is the believability of the scam.

For the fraudsters behind the scams, they are looking at playing on our Marginal Gains – it surely isn’t a scam as they “only” want £1.25/£1.99/£2.50 – the risk of it being a fraud to the receiver of the text is low, or so it seems, whilst the reward is that they get the parcel or item that may have been waiting for.

The Royal Mail do not send text messages asking for payment in this way. If an item needs additional postage they will deliver a card detailing how someone can make the additional payments. Likewise, you can always check the domain name used in the URL to see when it was registered and who to. A recent text I received showed the domain name registered on the same day as the text was sent and registered to an individual in China. If in you are in any doubt on the legitimacy of any message you have received, check with Royal Mail themselves and make sure that you do not become another marginal gain for the fraudsters.

Swimming in the illegal stream

You can never watch enough sport. Well, at least that’s one of my mantras which probably isn’t shared by the three females who I live with. Since lockdown started a year ago, the amount of sport, especially football, available to watch on TV has increased significantly. With football fans being locked out of stadiums for most of that period, the increase in the number of matches that are streamed have been important for supporters, clubs, advertisers and broadcasters. In some aspects the pandemic has led to a win/win situation for those involved in sports broadcasting. But has the amount of readily available streams of live sport had an impact on digital piracy?

Virtually all of the English Premier League games have been shown via subscription-based channels – Sky Sports, BT Sports and Amazon Prime are the rights holders , and an announcement this week stated that every remaining game, or at least until fans can return to stadiums, will be shown live, whilst the BBC will show live Women’s Super League football on a weekly basis. Further down the leagues and fans have been able access a variety of OTT services and club broadcasts.

There’s no doubt it has been successful. If I look at my own club, Lewes, who play in the 7th tier of Men’s football and the 2nd tier of the Women’s game, we have been able to stream our live games to viewers in over 30 countries and bring in valuable revenue on a donation basis. Other clubs, such as tier 5 Bromley have brought in professional broadcast services that costs thousands of pounds per game to produce a full match day show including instant replays and post-match interviews.

Everyone is happy, right? Unfortunately, no. The issue of digital piracy has evolved over the years and whilst our enforced lockdown may have impacted many things in our every day life, it hasn’t appeared to have dampened the demand for illegal streams.

With the number of people now connected to the digital world across the globe exceeding 4.5 billion people, based on active usage in July 2020, or approximately 59% of the world’s population. The digital evolution continues at a pace, driven by the falling cost of mobile internet access and increase in demand for Social Media websites and apps that connect people around the world.

This increased demand for content from global users has been evident in the sports industry where legitimate access to games, matches and events had driven commercial broadcast models. A clear example of this can be seen from the values of the TV rights for the English Premier League which were first negotiated back in 1992 at £191 million for a four season term to the current deal which runs until the end of the 2022 and is worth a staggering £5 billion.

Consequently, the UK broadcast rights holders, such as Amazon, Sky Sports and BT Sports, have put in place commercial models so that they will see a return on their investment. And herein lies the Catch 22 situation. The broadcasters need to innovate to add value to acquire and retain subscribers through new technology or the quality of the experts in the studio and consequently that increases their costs to deliver which means they have to increase the subscription costs. The higher the cost to the consumer, the more likely they will be to search for cheaper options, which leads them to illegal streaming services.

To stop these illegal broadcast channels, the rights holders need to first detect the streams and that is something that has to happen in the moment. The English Premier League removed or blocked over 210,000 live streams in the 2018/19 season, putting pressure on ISPs to block access to servers that are distributing the illegal streams. Whilst the EPL can demonstrate some success which included prosecutions against a number of individuals who were responsible for a large-scale network supplying illicit streaming devices in the UK, it is just the tip of the iceberg. The individuals behind this illegal streaming network were convicted for the common law offence of conspiracy to defraud and received jail sentences totalling 17 years, hopefully a deterrent to others.

Unfortunately, it is still far too easy for non-subscribers to access the live games being transmitted. Many will be via the “grey” market – overseas TV channels that are legitimately showing the games but are intercepted by UK satellite receiving equipment and are then broadcast in pubs and clubs, or via in Covid-19 times, online channels, which is still in breach of the law in the United Kingdom.

We tend to think that illegal streaming is a problem associated with films or TV shows but studies carried out by organisations such as the Intellectual Property Office (IPO) suggest that approximately 25% of all Internet bandwidth is used for streaming illegal content, with this digital piracy costing the global economy more than $50 billion per annum.

To take the Premier League example again, the collective rights holders including Sky, BT Sports and Amazon made their decision to bid for the rights based on a return on investment model that included increasing the number of subscribers and thus their revenue per viewer. If they do not see this increase in revenue due to the amount of illegal streaming and downloads, they will potentially incur losses from the coverage they make and thus could reconsider their position when the next bidding window opens. Without the investment in the rights, the Premier League and thus the clubs will see a significant reduction in income. No TV deal means no global superstars gracing our pitches. Without the superstars, commercial partnerships will decline as global brands find alternative markets and icons for their millions. Just like the hyper-inflation of the players’ wages has driven up the value of the product (in this case the TV rights deal), consumers who are priced out devalue the product by accessing illegal content.

It isn’t just the economic harm that illegal streaming causes. In a report issued by the Office of National Statistics in 2019 they found that over 3 million Internet users who had streamed content illegally had seen their devices infected, over 1 million had been subsequently hacked and almost a million had been a victim of theft. Those numbers alone should be a deterrent to anyone buying a illegal streaming device or visiting websites that have links to unauthorised content. Malware, spyware and other digital nasties do not normally announce themselves to those who have inadvertently downloaded them onto their machines (ransomware excepted) – the cost of removing them ad repairing the damage they can wreak far outweighs the subscription fee to access events through legitimate channels.

Removing links to websites that are hosting illegally streams requires the co-ordination of the rights holder, the social media platform that has allowed users to share the links, and the website where the content is being streamed from. Quite a task for something happening live and in real time. Sporting events aren’t like the latest blockbuster movies – their interest reduces as soon as the event is over. Being able to monitor social media for infringing content is possible – having the enforcement team is the harder part. The role that the broadcast rights holders is also key. They have to do everything they can to protect their investment.

In a world where the consumption of media in the moment in a mobile environment is the norm rather than the exception, digital piracy detection and ultimately deletion is a major challenge for the broadcast holders. Whilst many other industries have seen their revenue models decimated by digital piracy, the sports industry have to content with the nature of consumption of their product (“in the moment”) in finding solutions, a challenge that technology alone can solve. The question is when and at what cost.

Why Vishing is on the rise

We’ve become used to getting email-based scams for some time. The original 419 email scams, so-called because the offence is detailed in section 419 of the Nigerian legal code, are on the most part very easy to spot these days as they follow the same modus operandi. Rich widow of a dictator, dying philanthropist, benevolent banker – the stories haven’t changed over the years – they are fanciful, each to verify and simply too good to be true. However, fraud through email scams, “phishing” continues to rise. What has changed is the sophistication of the emails, the detail that the fraudsters go into to create their traps for innocent victims. However, it hasn’t just been the growth in phishing that has been worrying the authorities.

A new generation of smart phone users now favour message-based communication such as WhatsApp, SnapChat, Direct Messaging via Instagram and texting rather than using email. That has seem the fraudsters adapt their approach and targets, where sophistication is significantly less. Whereas emails needs to look authentic, using HTML-based email templates, branding and styles, text-based messaging does not. As long as the call to action, normally a URL to click, has the respective keywords in somewhere, then people will believe it.

The last year has seen a massive increase in the number of these text-based scams, known as “smishing”, with fraudsters looking to take advantage of our home-bound situations such as deliveries as well as Covid-related situations such as testing and access to the vaccines. Examples of URLs include royalmail.parcel-ref212.com, lloyds-confirm-account.com and halifax.secure-personal-login.com where a well-known brand is included in the domain name string to make the URL look authentic.

One more recent, high profile scam, has focused on requesting a small amount, in many cases £2 or less, for postage on a parcel that is due for delivery. By asking for such a small amount, potential victims believe it is a genuine request – most of us have increased our online shopping and have pending deliveries. What harm does paying such a small amount cause? Actually, at the most extreme end of cases, almost everything you own as this story proves.

However, one of the main consequences of interacting with any smishing attempts is that it verifies that the mobile number is valid. Criminals buy mobile numbers in bulk on the dark web and send out these fraud attempts en-masse. However, any “live” number becomes more valuable to be sold on to other scammers which is why you should never engage with any text messages that you may receive, whether that is by following the call to action via the URL or replying to the text message.

Once fraudsters have a live mobile number then they can take their attempts to defraud to the next level, “vishing”, which is defined as the fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as bank details and credit card numbers.

Vishing scams play on fear. Whilst phishing and smishing tend to play on victim confusion, such as using typosquatted domain names within a URL, or revealing username and passwords on a convincing fake website, vishing attempts to scare victims into acting. A common example, one that I received myself just a few days ago went along the lines of an automated voice telling me:

“Your National Insurance number has been used in a financial fraud on the border of North Wales. Press 1 now to speak to a fraud investigator to confirm that it wasn’t you. Failure to press 1 now will result in an arrest warrant being issued and you being summoned to court to face serious criminal charges”

Not nice. Similar calls will use the subject of tax fraud, bank fraud or that your car has been involved in a hit and run. The call to action is always the same though – “Press x to speak to an operative/agent/police/investigator now”. By pressing the key, the call is transferred to a real life operative who will then go through a script to to try to get you to reveal personal and financial details that they will claim is to verify your identity “so that you won’t be charged/arrested” but in reality, as with the case highlighted in the BBC report, will be used to defraud victims to the maximum extend.

Whilst some may be tempted to play along with the fraudsters, attempting to engage with them for sport, the best course of action is to hang up on the numbers and block them on your phone, although in most instances they will be using unregistered SIM cards that will be destroyed or never used again. You can also report the numbers to the mobile network providers by sending details of the number used to 7726.

Technology means that vishing attempts will become more sophisticated over time, just like phishing emails have progressed from the original 419-style attempts. Whilst they will become more believable over time it is vital that we all need to take a few seconds if we do receive a suspicious call and if it doesn’t feel right then ignore it.