How brands need to remain socially responsible after the Covid-19 pandemic

In many areas of the world the mass vaccination programme is gathering pace and the impact on the return to a near-normal life is becoming closer day by day. Whilst the positive news of the roll-out of mass vaccinating as well as falling infections rates made headline news, the increase in scams, brand infringements and cyber-attacks hasn’t been far from the surface.

As the lockdown restrictions are lifted slowly for many of us, those who have been hell-bent on exploiting the situation have doubled down on their efforts, shifting tactics from the fear of infection and how to prevent it, to take advantage of the remote lifestyles that we have had to experience. The restrictions placed on society in general has led to a boom in the digital economy as consumers have been driven online.

With so much fear, uncertainty and doubt being spread about the COVID-19 pandemic, many consumers have taken to the Internet to look for testing kits, medicines and of course, vaccines. In the UK today, where the vaccination programme is about to start focusing on the most populous age groups, there is a pent-up demand for the vaccine and that has led to a rise in fake vaccination scams.

Whilst most consumers know that a vaccine is available and being rolled out, some that aren’t in the current, or near future target groups. However, for those who are desperate for a return to a near-normal life or in the hope that concepts like vaccination passports will fast-track access to travel or even sporting and hospitality events, there is still a danger that they will fall foul to the numerous attempts by fraudsters, impersonating health authorities or even the vaccine manufacturers themselves. Scammers and counterfeiters give consumers hope, albeit false, that they have the answers and many have been taken in by this.

Some brand holders, such as Philip Morris International have been waging a war against the detection of illicit and counterfeit goods, albeit in their own industry, for many years. The bootlegging and counterfeiting of tobacco has been a major issue for PMI for over 150 years and they have developed a wealth of experience not only in the detection of products that harm their brand and their customers, but also in working with law enforcement agencies. During the last six months they have been lending their experience, knowledge and know how to other organisations who have been more directly impacted.

Last September in an interview with World Trademark Review, Philip Morris International’s (PMI) Director of Illicit Trade Prevention, Kristin Reif, spoke at length about the changing threat landscape they have seen and how PMI and others have strengthened their Corporate Social Responsibility outreach to protect customers.

“What we saw at the outset of the pandemic was that, true to form, criminals were quickly taking advantage and flooding the market with counterfeit, fraudulent and inferior goods – everything from face masks to gloves to therapeutics. We have a core competency in fighting illicit trade, so it seemed natural for us to get involved. When we looked at our skill sets and competencies, it was clear that we have subject matter expertise in brand integrity so why wouldn’t we try to assist in this area?” said Reif in his interview with WTR.

PMI have been working with organisations such as major pharmaceutical companies, using their resources to develop strategies that both inform customers of the dangers of buying counterfeit and the impact it has on wider society. They view their work as part of their corporate social responsibility, something that extends past just monitoring for counterfeit tobacco.

PMI are not alone in their work. Organisations of all sizes continue to invest in anti-counterfeit programmes, protecting their intellectual property, reputation and ultimately their clients from the harm caused by fraud and scams. However, some firms either choose to ignore the threats associated with their brand or are completely unaware of the dangers. The Covid-19 pandemic is a compelling event for us all – a chance to reset and refocus our social focus.

However, we all have a part to play in the solution. Consumer education cannot be underestimated in a time of fake news, fake advertising and fake products being pushed in front of our collective eyes. Brand holders need to ensure they are doing their part too, monitoring for infringements that could damage consumer confidence as well as harming their reputation. Social responsibility means all of us being part of a solution rather than adding to the problems that the pandemic has caused.

Pop Quiz

“The name of your first pet + your mother’s maiden name is your stripper name”

I’m sure we have all seen similar questions on Social Media that are designed “just for a laugh” and when we read some of the responses they can be quite amusing. But they are also very revealing. Too revealing in all honesty.

Mother’s maiden name is a frequent question that is part of identification and verification used by many banks and institutions that keep our personal and financial information secure. Whilst we may feel the question is harmless, if a criminal is trying to build a profile of someone, then it is another piece in the jigsaw. Questions about people’s first cars, favourite teachers and best holidays can easily be neatly packaged into something that looks fun on Social Media but is designed to gather valuable information.

Whilst “Speedy McGraw” may mean nothing to anyone else, to a criminal it is two pieces of valuable information they can use in the future not just to try to trick you into revealing more information by pretending to be from a bank or other official institute that needs to urgently discuss important matters with you, but can be very valuable to resell onto more hardened criminals whose intentions are certainly not whimsical.

A large number of people seem to think because someone is asking a question on Social Media then their identity and intentions are known and well meaning. Few of us would respond to a random email asking such questions as “Can I just ask what is your Mother’s maiden name?” nor would we give that information to a stranger who approached us in the street, but on Social Media, as part of a “bit of fun” then many people share away.

For those who are active on Social Media, it is important to ensure your have the right levels of privacy on your profiles and limit who can see that information. Is it really necessary to have your full date of birth on there for instance? All your family members? First School? Pet Names? And so on. Cyber criminals can build profiles in a matter of minutes for some people and then put in place sophisticated attacks that can be devasting.

We all have a part to play in keeping ourselves and those around us safe – a good starting point is just to think what you are sharing and who with.

Daisy May – April 2021, Milton Keynes

How the Theory of Marginal Gains is creating a fraudsters paradise

I’m a firm believer in the power of marginal gains. The Marginal Gains Theory is concerned with small incremental improvements in any process, which, when added together, make a significant improvement. The challenge is always to break something down into small enough increments that they are easily achievable and measurable.

Another way to look at marginal gains is to measure actions by return on investments – if I invest my time/resources/cash into something, then will the return increase based on the the level of investment. For most of us, we make decisions like this multiple times a day. Should I have that extra sausage for breakfast? Should I go a bit above the speed limit to get home quicker? Should I spend an additional hour in the pub? All of these decisions potentially have marginal gains for us but the question we need to ask ourselves is whether the return, whether that is a reward or a penalty, is worth it.

If you look closely at any attempted fraud or robbery, whether physically or virtually, there is a trade off for the perpetrators of risk versus reward. The risk of getting caught or the risk of investing in a scheme more often than not far outweighs the potential reward, which can be substantial in some cases. However, the greater the risk of detection and punishment does deter the vast majority of people from committing crime. Likewise, most frauds and robberies are easy to spot and whilst the vast majority of attempts are foiled, either by the authorities or by our own knowledge, the return on investment for some is relatively small and that is why fraudsters will still attempt to create outlandish scams, knowing that a small number of people tricked gives them the reward they need.

However, there is a growing trend of people falling victim to scams that start with a legitimate looking request for a small amount of money, that soon escalates into something far more sinister and damaging. Using the surge in home deliveries as their modus operandi, scammers have been sending text messages to people informing them that they need to pay a small fee, usually less than £2, to have an item delivered. The small amount and the impression it comes from the Royal Mail (the URLs used in the message tend to feature the words “Royal Mail”) have the message believable, as too does the page whereby the receiver is asked to enter their details. But, this is a scam that does not just want your £2.

The BBC reported a story last week of a former Police Officer who received such a message and believing it to be genuine, followed the link and paid the small fee. That then opened him up to a whole multi-level scam that eventually resulted in him losing thousands of pounds. His story is not uncommon – just a few weeks ago a respected, experienced current affairs journalist and TV/Radio presenter tweeted an image of a text she had received, asking her followers if it was genuine such is the believability of the scam.

For the fraudsters behind the scams, they are looking at playing on our Marginal Gains – it surely isn’t a scam as they “only” want £1.25/£1.99/£2.50 – the risk of it being a fraud to the receiver of the text is low, or so it seems, whilst the reward is that they get the parcel or item that may have been waiting for.

The Royal Mail do not send text messages asking for payment in this way. If an item needs additional postage they will deliver a card detailing how someone can make the additional payments. Likewise, you can always check the domain name used in the URL to see when it was registered and who to. A recent text I received showed the domain name registered on the same day as the text was sent and registered to an individual in China. If in you are in any doubt on the legitimacy of any message you have received, check with Royal Mail themselves and make sure that you do not become another marginal gain for the fraudsters.

Why Vishing is on the rise

We’ve become used to getting email-based scams for some time. The original 419 email scams, so-called because the offence is detailed in section 419 of the Nigerian legal code, are on the most part very easy to spot these days as they follow the same modus operandi. Rich widow of a dictator, dying philanthropist, benevolent banker – the stories haven’t changed over the years – they are fanciful, each to verify and simply too good to be true. However, fraud through email scams, “phishing” continues to rise. What has changed is the sophistication of the emails, the detail that the fraudsters go into to create their traps for innocent victims. However, it hasn’t just been the growth in phishing that has been worrying the authorities.

A new generation of smart phone users now favour message-based communication such as WhatsApp, SnapChat, Direct Messaging via Instagram and texting rather than using email. That has seem the fraudsters adapt their approach and targets, where sophistication is significantly less. Whereas emails needs to look authentic, using HTML-based email templates, branding and styles, text-based messaging does not. As long as the call to action, normally a URL to click, has the respective keywords in somewhere, then people will believe it.

The last year has seen a massive increase in the number of these text-based scams, known as “smishing”, with fraudsters looking to take advantage of our home-bound situations such as deliveries as well as Covid-related situations such as testing and access to the vaccines. Examples of URLs include royalmail.parcel-ref212.com, lloyds-confirm-account.com and halifax.secure-personal-login.com where a well-known brand is included in the domain name string to make the URL look authentic.

One more recent, high profile scam, has focused on requesting a small amount, in many cases £2 or less, for postage on a parcel that is due for delivery. By asking for such a small amount, potential victims believe it is a genuine request – most of us have increased our online shopping and have pending deliveries. What harm does paying such a small amount cause? Actually, at the most extreme end of cases, almost everything you own as this story proves.

However, one of the main consequences of interacting with any smishing attempts is that it verifies that the mobile number is valid. Criminals buy mobile numbers in bulk on the dark web and send out these fraud attempts en-masse. However, any “live” number becomes more valuable to be sold on to other scammers which is why you should never engage with any text messages that you may receive, whether that is by following the call to action via the URL or replying to the text message.

Once fraudsters have a live mobile number then they can take their attempts to defraud to the next level, “vishing”, which is defined as the fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as bank details and credit card numbers.

Vishing scams play on fear. Whilst phishing and smishing tend to play on victim confusion, such as using typosquatted domain names within a URL, or revealing username and passwords on a convincing fake website, vishing attempts to scare victims into acting. A common example, one that I received myself just a few days ago went along the lines of an automated voice telling me:

“Your National Insurance number has been used in a financial fraud on the border of North Wales. Press 1 now to speak to a fraud investigator to confirm that it wasn’t you. Failure to press 1 now will result in an arrest warrant being issued and you being summoned to court to face serious criminal charges”

Not nice. Similar calls will use the subject of tax fraud, bank fraud or that your car has been involved in a hit and run. The call to action is always the same though – “Press x to speak to an operative/agent/police/investigator now”. By pressing the key, the call is transferred to a real life operative who will then go through a script to to try to get you to reveal personal and financial details that they will claim is to verify your identity “so that you won’t be charged/arrested” but in reality, as with the case highlighted in the BBC report, will be used to defraud victims to the maximum extend.

Whilst some may be tempted to play along with the fraudsters, attempting to engage with them for sport, the best course of action is to hang up on the numbers and block them on your phone, although in most instances they will be using unregistered SIM cards that will be destroyed or never used again. You can also report the numbers to the mobile network providers by sending details of the number used to 7726.

Technology means that vishing attempts will become more sophisticated over time, just like phishing emails have progressed from the original 419-style attempts. Whilst they will become more believable over time it is vital that we all need to take a few seconds if we do receive a suspicious call and if it doesn’t feel right then ignore it.

Banking on your good nature

As we become more a-tuned to potential phishing attempts, the fraudsters up their game to try and catch us out and profit from our sense of security. More and more banks are now putting fraud prevention measures in place, which are being used against them by the cyber criminals.

This is a real text, received by someone in my family in early March. The number it has been sent from has been spoofed so that it appears to have come from the short code number used by TSB Bank.

What makes this scam relatively effective is that TSB are one of the banks that send message alerts to clients when they use their cards abroad. So by sending these texts, they are alerting customers to a potential fraud, when in reality, they are attempting to defraud.

For many TSB customers familiar with these texts (and assuming that they are not abroad at the moment, which in most instances would be against lockdown regulations), receiving such a message would cause concern.

The first action many people would take is to call the number. After all, we are warned about clicking on links and following strange URLs. But a phone number isn’t an issue, right? Unfortunately, in this case it is a major issue. Whilst the second telephone number is a genuine number for TSB Bank, the first one most certainly isn’t. At least not anymore.

Back in the day it was a valid number for the bank – if you search for the telephone number you will find some Tweets from the bank advising customers to use that number. But that was back in 2013. Today, the bank uses 03459 758 758 but the 08459 number is still being used for fraudulent purchases.

If you do receive similar messages from a bank who you happen to use and it does appear strange then contact them using telephone numbers from their website and not within the text message.

Fliking raising its ugly head again

Back in 2016, the growing issue of fake reviews being offered for sale became a major concern for market place websites, who vowed to clamp down on the unethical, and in many places, illegal practice. Fliking” (fake liking) became a trend that was an issue not only for the market places but the brand holders and consumers.

Fliking (Fl-ike-ing) is my word for this practice. Meaning to solicit or buy social media likes, tweets or positive reviews….or simply fraud. Paying someone to say something that could be untrue can be classed as misleading, false advertising or fraudulent.

Despite the efforts from the major marketplaces, the issue still exists as highlighted in a new report by Which? The consumer group found 10 websites selling fake reviews from £5 each and incentivising positive reviews in exchange for payment or free products.

Just over two years ago, another Which? report highlighted the issue of fake reviews and how they were being used to trick consumers. Eighteen months ago they updated that report, sharing the truth that very little had changed. Unfortunately, as their most recent report shows, the unethical practice is still happening on the major marketplaces today.

Because our relationships with brands and marketplaces changed so much over the last year thanks to enforced restrictions and lockdown we face. We now rely on online shopping more so than ever and, more importantly, have had to adapt to communicating with others through technology rather than in person. That has led to a rise in people seeking reviews and opinions before they make purchases. Social media expert Erik Qualmann found in a study that over 90% of shoppers are influenced by Social Media and trust peer recommendations over adverts. In Which? survey of more than 2,000 UK adults in 2018, 97% use online customer reviews when researching a product. The Competition and Markets Authority (CMA) estimates that over £23 billion per annum of UK consumer spending is influenced by online customer reviews.

So why is this an issue? Fake reviews leads to consumers buying products that may be poor quality, or may not even exist at all. The more positive reviews a product gets, the higher ranked it may appear on some market place sites, and thus starts a Catch22 situation. Consumers could end up buying products that are sub-standard or even dangerous based on the fake reviews. Any brand holder will tell you that one of the keys to a successful Social Media strategy is getting your message in front of the right people at the right time. Whilst they will use social media or peer review sites to great effect, so too do the fraudsters.

The Which? report found that these weren’t small organisations who were offering the fake reviews. One of the businesses they researched had more than 700,000 reviewers on their books, who are offered incentives such as payments, free or discounted products and the opportunity to take part in loyalties schemes.

The big market place sites such as Amazon go to great lengths to try to spot and stop fake reviews but with so many products offered on one of the world’s biggest websites it is an ongoing, uphill battle. We, as consumers need to play our part in the fight against this unethical and illegal practice. We need to be on the lookout for some tell-tale signs that could reveal products that have fake reviews. These could include:

  • Too many 5-star, positive reviews – Be cautious of products that aren’t household names that have a plethora of overly positive reviews, especially if they have been added in a short period of time. Even great products will have some 3 or 4 star reviews.
  • Copycat reviews – Look for common language in reviews which could suggest that they are template reviews.
  • Look for verified purchases – On many websites actual product purchasers who submit a review are annotated as being “verified”. Whilst this isn’t a fool-proof method of identification, fake reviewers do not tend to buy the products in the first place.
  • Check the reviewers profile – If you are unsure about a review, look at the reviewers profile and see what other products they have been reviewing. Few people will spend all day adding reviews unless they are being incentivised to do so.
  • If it looks too good to be true – The final test is the most basic. If a review doesn’t sit right with you, pass on by.

It is an unfortunate byproduct of our thirst for a bargain and our reliance on online marketplace websites that fraudsters continue to find ways to cause brand holders and consumers issues. Fliking is another example of how criminals have adapted their behaviours to take advantage of the current economic situation, one which consumers need to be aware of and prepared to take an additional step to ensure that they stay safe and secure when shopping online.

Help, someone has hacked by email!

The number of attempts to phish someone by good old fashioned email continues to rise. Why? Because more often than not there is little or no cost in sending emails to an acquired distribution list and you only need one or two people hooked to make a profit.

Phishing attempts come in various forms – ranging from the “Deposed prince who needs your help to move millions out of his country” to “the opportunity to queue-jump the COVID-19 vaccination priority list”. Many will be undone by poor spelling and grammar, whilst others will be professionally designed and look genuine.

But often the giveaway is the senders address. Whilst the sender may appear genuine in your email client, the actual sending address often reveals, very quickly, that it is a scam. For instance, the sender may appear as “HMRC”, “NHS” or “First Direct” but when you click on the name it appears as coming from a gmail or yahoo email account, a sure giveaway that it isn’t genuine.

Wearing my hat as Chairman of Lewes FC, my contact details appear on a number of publicly accessible website and directories. That means I get a lot of spam and contacts from all sorts of organisations. But I also get phishing emails, also known as Business Continuity Email fraud, regularly sent from myself to myself asking for money “for a transfer” or the more popular one these days, Amazon gift cards for sponsors. I know I shouldn’t but I often keep a conversation going with them, asking why they need them now, why in dollars and who the sponsors are, all the while sending the emails from an account that clearly states who I am. To the fraudsters they don’t care – they think they have hooked me and just want their ill-gotten gains.

Whilst we need to all be vigilant in not being fooled by these attacks, what happens if the sending address does appear to be genuine? This is the danger of spoofed email addresses. Email spoofing is creation of an email header that appears to be from one party but has actually been sent by a third party. Because core email protocols do not have a built-in method of authenticating that the sender is who they say they are, it is commonplace for spam and phishing emails to use spoofing to trick the recipient into believing it is genuine.

Even if domain names are registered and in use by brand holders, they can be spoofed because of the way most email systems are set up. To stop their intellectual property being used in such a way, brand holders can take measures to prevent their domain names being spoofed. Barracuda Networks are one of the experts in this field and have provided the following advice:

Since the email protocol SMTP (Simple Mail Transfer Protocol) lacks authentication, it has historically been easy to spoof a sender address. As a result, most email providers have become experts at detecting and alerting users to spam, rather than rejecting it altogether. But several frameworks have been developed to allow authentication of incoming messages:

SPF (Sender Policy Framework): This checks whether a certain IP is authorized to send mail from a given domain. SPF may lead to false positives, and still requires the receiving server to do the work of checking an SPF record, and validating the email sender.

DKIM (Domain Key Identified Mail): This method uses a pair of cryptographic keys that are used to sign outgoing messages, and validate incoming messages. However, because DKIM is only used to sign specific pieces of a message, the message can be forwarded without breaking the validity of the signature. This is technique is referred to as a “replay attack”.

DMARC (Domain-Based Message Authentication, Reporting, and Conformance): This method gives a sender the option to let the receiver know whether its email is protected by SPF or DKIM, and what actions to take when dealing with mail that fails authentication. DMARC is not yet widely used.

Even if brands have defensively registered a domain name it should be protected against spoofing as these are often used by fraudsters in the knowledge that it may be less likely to be detected by the firm itself.

Most corporate-focused registrars offer these email security measures. With revenues and reputations at stake, why wouldn’t any brand want to take as many preventative measures as possible to protect both?

Bad Influence(r)

We’ve written before about the increase in investment scams that are being reported to the authorities during lockdown, especially those that have their roots in Social media. Taking one particular platform as an example, Action Fraud, the UK’s Police National Reporting Centre for fraud and online crime, have been a huge increase in cases related to Instagram, with monthly financial losses attributed to scams that originate on the popular network hitting almost £200,000 a month.

The presence of genuine influencers, people who have built a reputation for their knowledge and expertise on a specific topic, on social media has led to a significant rise in copycat individuals, who will use the same approach and tactics to give the impression that they are “in favour” of particular brands and so garner authenticity for what they are promoting, either directly or indirectly.

Influencers make regular posts about that topic on their preferred social media channels and generate large followings of enthusiastic, engaged people who are influenced by the products or services the are talking about. Consequently, brands benefit because the influencers are trendsetters and reach audiences in ways that they often can’t.

For a platform such as Instagram it is all about the image, or images. A picture can tell a thousand words and because of the amount of time the current millennials, now becoming the latest generation with disposable income, spend on Social Media, most big brands will have a strategy not only for how to build their audience online but also how to use influencers.

Sometimes the line is blurred between who is a real influencer and whether they are officially endorsing a product. That is one of the reasons behind the increase in reported fraud – savvy social media users become too trusting over time.

One particular case, reported last week by the BBC underlines the issues that the Social Media platforms face, where a 24 year old lost the best part of £17,000 having been approached by someone he followed on Instagram, offering him an investment opportunity.

“I was following this guy on Instagram and he always posts with his car, a rose gold Maserati, saying that he’s rich and self-made and really young, he’s only 21,” the victim said. The approach was to invest in a similar foreign exchange trading scheme that had made him so much money. He started off with a £1,000 investment and initially made some money before investing significantly more and slowly seeing it disappear, unable to withdraw his funds as part of the scam.

New investment schemes including those featuring digital currencies such as Bitcoin and Ethereum have become very popular because of the significant gains that can be made in a short-term. However, the risk of high losses also exists in such volatile markets. Nevertheless, the issue in this case wasn’t the unpredictability of the financial assets but the scheme it was invested in.

Despite the fact the instigator of the investment offer potentially owning such a unique car, he has disappeared and so has the victims case.

“There’s no place for fraudulent or inauthentic behaviour on Instagram. We have a safety and security team of 35,000 people working to keep our platforms safe and we block millions of inauthentic accounts every day,” a Facebook company spokesperson said.

The warning is clear from Facebook. “People are sucked in and want to believe it and want that lifestyle, especially these days, with young people struggling to get jobs. You definitely see more people looking at different and newer ways to make more money. We have a safety and security team of 35,000 people working to keep our platforms safe and we block millions of inauthentic accounts every day.”

Now more than ever it is important we keep our wits about us when we are using Social Media. It is far too easy for fraudsters to create a believable persona with pictures of glamorous lifestyles in luxurious destinations that can be used to hoodwink others. Always take any offers with a pinch of salt and do your own research, remembering if it looks too good to be true, it probably is.

Fake vaccine emails giving people the needle

In the ongoing war against the fraudsters who continue to stoop to the lowest levels in exploiting the COVID-19 pandemic, there is no surprise that the vaccine is now being used as the hook to catch innocent victims. Emails similar to the one below are being sent in the latest attempt by scammers hoping to play on the fear, uncertainty and doubt that the pandemic has caused.

Action Fraud has received more than 1,000 reports of emails being received, with most including a call to action to confirm the appointment, which takes you to another website where personal and financial details are requested, an example of which can be seen on the left hand side. If you choose to ‘decline’ the invite then you will still be asked for your personal details so that you can be “removed from the list”.

The NHS do not charge for any of the vaccines and most people will receive an invitation for their first appointment by post, although some areas where local Medical Centres will send text or emails to those who have registered for such services.

Whilst you will be asked to bring ID with you to any appointment for the vaccine, there will never be a case where you have to submit this beforehand.

Unfortunately, technology has made it really easy for fraudsters to set up these scams. However, apart from the warning signs of the contact asking for personal and financial information, you can do some simple checks yourself to check the validity of any email or text you receive.

In the above instance, the domain name that resolves after following the link in the email is not registered to the NHS – it was in fact registered just a few days ago and the registrant details are hidden behind a privacy service run out of Panama. You only need to ask yourself whether a public body such as the NHS would choose to register a domain name like that to flag this may be a scam. Likewise, check the SENT FROM address in the email – not just the name of the sender, but clicking on that should reveal the sender’s details (although not always) which is often a gmail or hotmail address.

Whilst many of the emails will lack the look of authenticity, such as the example to the right, many others will be crafted to look almost identical to genuine messages that the NHS would normally send out. There may be some clues that all is not what it seems based on poor spelling and grammar (in the example to the right you can see the line “It then goes on to say” which wouldn’t be a sentenced used in the genuine email) but others may not be as badly written or edited.

Unfortunately, these attempted scams will just grow in number over the next few months whilst the vaccine is rolled out and we all need to play our part in being vigilant and not giving the fraudsters the opportunity to illicitly gain from their nefarious activity.

Do I not Like that?

Last week we looked at the increasing trend on Social Media for scammers to use multiple domain names for the same adverts. But that isn’t the only approach that those who want to steal our personal and financial information use. Let’s look this week at how the bad actors play on our incessant need to grab a bargain.

But first we need to make a very important, clear statement. Despite what you may see, it is very rare for major brands to give away something in exchange for a like, share, comment or retweet. It doesn’t matter how benevolent they may seem, you need to ask yourself one simple question before you engage. Why?

In our COVID-driven, recession-fuelled need for a bargain, we often leave sense at the door when it comes to giving away our personal and financial details online. There is a belief that if there is a logo in an advert it is genuine. Social Media wouldn’t let anyone pretending to be someone else advertise on their network after all, right?

Wrong. Fraudsters use exactly the same methods to win “customers” as genuine brands, whether that is via SEO, email marketing, cold calling and extensive use of social media. Many platforms allow advertisers, whether they have good intentions or not, to target their adverts to have the most impact or return on investment. They use a strategy to grab attention, create interest and then watch their offers grow as unassuming social media users share the information among their networks, creating multi-layers of opportunity from one initial, low cost, advert.

Let’s take the advert below as an example. For those who aren’t aware, Argos is an established High Street brand in the UK that sells a wide range of goods through their stores. You can go online, choose the products you want and either have them delivered or collect in store. However, they would never choose to advertise in this way.

For starters, let us ignore the poor grammar and spelling but concentrate on the offer. Argos has 50 “Curved” TVs. The picture shows they are Samsung TVs. Why not say that for a start? Perhaps because the word Samsung would be picked up by the Social Media platform as a brand name and be more likely to be scrutinised.

Secondly, why would Argos be prepared to give them away. What is stopping them selling them? If there was little damage, why wouldn’t they sell them as such? Retailers also have insurance that covers for stock damage which for 50 TVs would be worth a few thousand pounds.

Third. Why do you think the only criteria is to share and like the post? Because by liking and sharing it give authenticity to the offer. If 2,000 people like something it doesn’t sound fishy at all. They have 50 to give away and so it becomes very easy to choose 50 (or almost certainly more than 50) at random from the likes to give the TV’s away to. Except they aren’t giving them away totally for free. In scams like this you will be asked to pay a delivery or an admin/insurance/warranty fee – maybe something small like £50 but if 100 people are all doing the same, there is a nice profit from a small ad at minimal cost. Naturally, there isn’t any TV and once the money has been paid, the “brand” will disappear.

Looking at the advert itself is enough to surely make you realise all is not well. The spelling (aloud rather than allowed, fulling instead of fully) and the grammar (capital R in Returned, TV’s rather than TVs) would not pass inspection with any brands who were advertising on or off line, whilst there is no branding in the photos that would back up this was a genuine offer.

Major brands do not offer goods and services this way. Whilst we may want to believe it is true and the general altruistic values they may have, there is no value for them in doing this.

The more people that do engage, like and share, the more the fraudsters will continue with their nefarious campaigns. We all have a part to play in this. Always question why a brand may be offering such deals, bargains or the like and remember, if it looks too good to be true, it probably is!