Resorting to this

There was no coincidence in the timing (again) of a number of social media posts I woke up to today, the so-called “Freedom Day”. The hot weather here in the UK has seen hundreds of thousands of Brits head to the beach as the “staycation” as taken over from the “vacation”. Many prospective holiday makers will not risk booking an overseas trip just yet whilst the destinations list remains so fluid in terms of restrictions going out and coming back in. So most of us will stay right here in the beautiful British Isles.

With restrictions being eased, then bookings at some of the most popular locations have understandably gone through the roof. One of the most popular family destinations is Center Parcs, who have a number of parks across the UK, with plenty of outdoor activities for all as well as restaurants and their spa facilities. Such is the demand for accommodation in their parks that it is often hard to find any free spaces. But fear not because they are offering a free break for four people, plus spending money and all travel paid. And it couldn’t be easier to enter the competition – just share the competition page on Facebook, comment and like it. Who wouldn’t enter that with it being so easy.

Except we all know that because it is too easy there should be a red flag being frantically waved in our heads. Let’s take a look at what can be found on Facebook.

Picture 1 is a genuine Center Parcs UK post – a news story about a location for a new site being found in West Sussex. There isn’t a call to action, the spelling and grammar are spot on, the logo is correct, the name of the company is also correct and they have been verified with the blue tick.

Picture 2 is the first attempt at trying to pretend to be Center Parcs. As you can see they have made a terrible attempt at spelling the company name plus there is some poor grammar in the text. Picture 3 is better, at least the name is correct but the logo isn’t. The pictures are taken direct from the Center Parcs website.

Irrespective if they are genuine-looking, why would Center Parcs have any reason or motivation to give away such a prize? They are turning people away such is the demand for staycations. Why would they need you to “Like”, “Share” and “Comment” on the post?

Because this is all about collecting as much personal data from social media users as possible which can be used or sold on at a later date. When I first saw the “competition” on Facebook, over 33,000 had shared it, even more had liked it. Who is to say that a significant percentage may be contacted because they have “won” the holiday? What is the next step? An admin fee payable, which requires bank details to be shared?

I know the last 18 months have been tough on us all, and the thought of a holiday is incredibly tempting which is why we all need to be extra vigilant and really think before we are tempted to act. If you see similar offers, take a step back and ask “what’s in it for them”? Big brands rarely give away anything so cheaply, yet thousands of social media users will.

Day 12 of avoiding Christmas scams – Social Media scams

Where do you start with scams on Social Media? You don’t have to look far on Social Media to find some sponsored ads or messages that are designed to hoodwink people and drive financial gain into the hands of the fraudsters and scam artists.

One common ploy used by scam artists is to pretend to represent a well-known brand who are desperate to give away stock or sell it off at cut price.

One instance we saw frequently during lockdown in 2020 was Facebook groups set up using the Argos brand. A typical example can be seen on the left where the brand is claiming to be giving away 50 damaged expensive items in exchange for sharing the post and liking the page. What harm is there in that?

Naturally, if you do that then the fraudsters will contact you to say you are one of the lucky 50 and they just need a few more details from you…oh, and the delivery fee. Naturally, by the time people realise they have been scammed, the Facebook pages no longer exist.

They can easily add credibility to their posts and pages by buying likes and even comments from companies that offer a story. The scam looks a lot more genuine if people are adding comments saying they have their items and they work perfectly.

There’s a number of warning signs that posts like the one on the left are not genuine. Firstly, the spelling and grammar is poor – “Returned” not “returned”, “Curved” not “curved”, “for a numerous reasons”, “fulling working” and “aloud” rather than “allowed”.

And then there is the fact as to why a major retailer such as Argos would be simply giving away stock – why wouldn’t they do that through their shops in the first place if they did had such items? My main issue with the photo used (the top one) is that worrying crack running along the floor to the left of the TVs rather than the damaged stock.

Unfortunately, it is far too easy for the scammers to set up these pages, cause damage and then move onto the next scam. Whilst the social media networks need to up their game in detecting and stopping brands being abused, social media users also need to heed the warning signs and stop simply handing over personal and financial details so willingly. If there is not demand, there will be no supply.

And that’s it for our 12 Days of Christmas Scams for another year. Let’s hope that in a year’s time we will be living and working in happier times and these posts can tell stories of how consumers have beaten the scammers and not vice-versa.

Day 11 of avoiding Christmas scams – Fake COVID-19 fines

And so here we are again. Welcome to National Lockdown part 3. Nobody wants to be here but we all have to play our part to ensure that one day, hopefully in the not too distant future, we can return to some kind of normality.

When Prime Minister Boris Johnson announced the latest measures being put in place to try to stop the accelerating spread of the COVID-19 virus, he once again said that people should stay at home, only leaving for a small number of reasons, similar to the restrictions placed on us earlier in the year.

Back then text messages started to be received informing the recipients that they had transgressed the rules on leaving the house and would face a fine. The messages contained a URL that appeared to be genuine – http://www.gov.uk is the website for all Governmental matters, but the URL didn’t take you to the genuine website, rather one that had been made to look like the genuine one.

By suggesting the fines were small amounts, people, in theory, would be more likely to pay them, assuming they had indeed breached the regulations. Thousands of these texts were sent and I would imagine more than a handful of people were duped into paying the fine.

Now with lockdown part 3 in place you can be assured these texts will start to be received far and wide.

If you do receive one of these the only thing you should do it delete it straight away.

Day 10 of avoiding Christmas scams – The perfect handbag?

Stuck for a present idea for a new and dear one? Thankfully, this email just arrived into my inbox just in time and as my wife never fails to remind me, a women can never have enough handbags. And this seems such a bargain, 85% off a Michael Kors handbag too!

Michael Kors is a well-known designer and would be included in the luxury folder if we were categorising fashion and apparel. Because of this, the products such as handbags are seen as aspirational, a tick in the box for the brand holder, but also a nightmare when it comes to protecting intellectual property.

This short post can not do justice to the murky world of luxury item counterfeiting but it can give a few pointers for things to look out for.

In this instance the heading of the email deliberately avoids using the brand name, using “MK” instead. It uses words such as “cheap” and “discount” which would grab the eye of a bargain hunter, but would very rarely be used by luxury brand owners who want to keep the air of respectability and exclusivity about their product.

The email itself has a call to action to visit the “official online store” which is resolving to a domain name that was registered in November 2020. On that website there is a section called “About Us”, which is blank. It also has phrases such as “thanks alot!” and “We are doing Factory Outlet via internet”

Michael Kors official websites (michaelkors.com and .co.uk) tone and lexicon reflects their brand. They have copy editors who review the language and do not use phrases like those above.

Don’t be part of the problem with counterfeiting by buying fakes. Be part of the solution and if you do see any emails like this, report it to the brand direct for them to action (in this case, details on how to report counterfeit items to Michael Kors can be found here).

If it looks too good to be true, it probably is.

Day 9 of avoiding Christmas scams – Holidays that are just too good to be true

Long gone are the days when we would go into our High Street travel agents, pick up some brochures and hope that the glossy pictures really did reflect reality. Word of mouth was often the only way we had to validate our choice before we went anywhere which is why so many people went back to the same place year after year.

Then came the Internet and we were able to use tools like Google Maps to make sure our hotel room wasn’t overlooking a building site, TripAdvisor to give us some honest (and others not so) reviews of other’s stays and general searches online would reveal some of the “hidden” extras that may ruin a holiday.

But what if you could create all of the above yourself and give the impression that your holiday home is perfect, even though it doesn’t exist? Fraudsters are skilled in using digital marketing and SEO just like genuine brands are just as we saw in the case of the Grand Pearl Hotel in Manchester back in 2019.

The scammers built a genuine-looking website, added some fake online reviews and used SEO and Social Media advertising to drive interest and booking for the 5-star hotel in the centre of Manchester. Except it didn’t really exist. The address, whilst genuine, was actually the Midland Hotel, with the pictures used on the website taken from various other hotel websites from around the world. You can read all about this luxury hotel here.

The cost of registering the domain name is less than $10, setting up a website a few $ more and thus the return on investment for the fraudsters is one booking from an innocent traveller, taken in by the fake reviews and description.

The moral here is to double check any hotels before you book. Using a hotel booking website such as Booking.com or Hotels.com is a safer option if you are not sure – they do not list fake hotels on their websites and the guest reviews are vetted.

Day 8 of avoiding Christmas scams – Fake Football shirts

With global fan bases running into the millions, replica shirts provide a lucrative revenue line for the major football clubs. It isn’t the club that benefits – the manufacturer sees a good percentage of the revenue and the shirt sponsor gets more and more exposure.

The biggest clubs in the world will sell millions of shirts every year – according to Statista, Manchester United sold 3.25m in 2018 alone, a number that will increase year on year despite the price of replica shirts continuing to rise. And that is at the heart of the issue of counterfeit football shirts. The higher the price for the real deal, the greater the demand for the fake. It doesn’t take a Professor of Economics to work that one out – the theory of substitute goods has already defined that. But there is a catch 22 situation whereby the manufacturing costs of the shirts continues to rise because of the additional features that are included to prevent counterfeiting, thus driving the demand for the fake items up as less and less people can afford the real deal.

The counter argument is for another day. Instead, the warning is there that cheap does not mean authentic. Naturally, as the seasons come to an end, clubs will look at discounting their current stock to make way for the new, shiny designs for the following season, but it should always set an alarm bell ringing if you see adverts, especially on Social Media for current replica shirts at really low prices, especially if you are seeing the same ad various times with different websites selling them, as in the above examples.

Fraudsters know how to push the right buttons. They know that children for instance will want the latest shirt of their favourite team and they also know the financial pressure on us all at this time of the year. So the cost of advertising on Social Media is a mere drop in the ocean compared to the potential return on investment in selling shirts, which it is highly likely will never arrive.

If it looks too good to be true, it probably is.

Day 7 of avoiding Christmas scams – Tax Refund scams

“In this world, nothing can be said to be certain, except death and taxes” was a famous quote from one of the Founding Fathers of the United States of America, Benjamin Franklin. And whilst none of us will ever be heard uttering the phrase “I don’t pay enough tax”, we often will say that we think we are paying too much tax.

The bad news is that fraudsters know that too and will target their nefarious campaigns on that matter, offering tax rebates to everyone who will read their email. This isn’t a new issue but the phishing attempts have become more sophisticated as the years have passed. We all want to believe that the Government is benevolent and that in such tough economic times they are looking out for us all.

Sit down as I have some bad news to share.

You almost certainly haven’t got a tax refund, or at least not one for thousands of pounds. And if you are owned any cash, HMRC won’t be emailing you in this way.

If you honestly think you are owned this amount of tax then I would suggest employing the services of a reputable accountant who can relatively quickly ascertain if you are due a refund.

Two of the twelve deadly sins are greed and avarice – the fraudsters are trying to hit those buttons with such messages, hoping that you will click on the link and either stealthy download malware onto your machine or give away personal and financial information that they can use for their own financial gain.

There’s a whole host of grammatical and spelling mistakes that should raise flags if you do think the government does owe you big time.

Day 6 of avoiding Christmas scams – Fake lottery win notifications

Some people will tell you that they play the lottery to help good causes, but in truth, those who do dabble do so to win money. Big money. It doesn’t take an economic genius to explain that as the value of the top prize of a lottery increases, the more people will buy tickets.

The marketing slogan used by Camelot in the early days of the UK’s National Lottery was “You’ve got to be in it to win it” which is the key to avoiding being scammed by fake lottery notifications like the one on the left.

Whilst we all want to believe that someone, somewhere will one day secure our financial future, winning a lottery that you never entered is not the way to do it.

The url in the email is genuine – it is the website that is used by all US State lotteries to publish their results, and the winning numbers on the 15th July 2020 were indeed as listed. That’s the bit that gives this “legitimacy” in the loosest sense of the world.

But to claim the cash you need to contact the Commercial Bank of Dubai (except the email address they use is nationalbankofgreece@gmail.com) and give them your bank details, naturally, so they can send you the prize.

The spelling and grammar in the email is appalling and if the fact you’ve won the lottery in a draw you never bought a ticket for isn’t enough, then a quick read of the text should be enough to convince you it isn’t the real deal.

Whilst most of us wouldn’t be fooled, there may be some people who are curious enough to think this could be genuine and hand over their details. Don’t let avarice rule your sensibility.

Day 5 of avoiding Christmas scams – Fake investment opportunities

“Psst. I have a red hot stock tip for you”. Would you listen if someone you just met in a pub (remember them?) sided up to you and whispered that in your ear? Most of us wouldn’t but some may listen and be taken in by the stranger who is obviously looking for a fast buck. You only have to stop and think for a moment and ask yourself why would a stranger share such information with you. After all, the less people who know about any tips, whether it is a stock, a horse or the multitude of random events you can now bet on, the better the potential returns are.

Investment scams have been part of our lives for centuries. The South Sea Company scam from the 18th century saw hundreds of people lose their savings whilst more recently, the Madoff Ponzi scheme hit the rich and poor and is reported to be the biggest individual scam of all time.

Most of the scams that have resulted in significant losses for individuals and organisations have a high level of sophistication and preparation. The scam has to be convincing to get a return on investment for them, often funding a lavish lifestyle such as Madoff’s.

But that doesn’t mean that less sophisticated scams don’t work. On the contrary, if they never worked then the scammers would have packed up and gone onto another fraud.

The email on the left is one such example. It is a terrible example mind, which is poorly written (and even with the original holding text in Latin still there) but someone, somewhere may just click on “Fill Out Form” or email Keith Franklin back.

The scammers only need one person to click on the link or submit their personal details to get a return on their investment in the email phishing attack.

If you are ever approached by anyone in a pub (when we can go back to them!) then take their advice with a word of caution. If you receive an email like the one above, put it in your spam/junk folder.

Day 4 of avoiding Christmas scams – Companies House scams

Gone are the days when the administrative side of running a business was a bureaucratic mess of red tape and paperwork. The digitalisation of services has made it much easier to set up and manage the administration of a limited company. The centralised register of all limited companies created in the UK and the officers that run or own them is Companies House.

The online database is incredibly useful to find out information about an organisation, who its directors are and detail on their filing history.

Unfortunately, the Companies House branding is also commonly used in attempts to defraud organisations, as the example to the left shows. The call to action here is to follow the “here” URL which will take you to a website asking for details about the organisation that aren’t publicly available so that they can be used for further scams.

The suggestion of having to download a document (an Excel workbook) is also a major flag here – any document downloaded can also include nefarious payloads such as malware or ransomware.

There are a number of red flags in this email that tell you it is a scam attempt:

  1. It is not personalised in any way
  2. The sent from address is not a ‘.gov.uk’ domain name
  3. It uses unusual phrases such as “sharp practice”
  4. The grammar is poor – no space after Excel for instance or the use of a semi-colon in the second paragraph rather than a full-stop.
  5. No department would ever call itself “Compliance and Targeting Investigations and Enforcement Services Insolvency Service” – can you imagine that on a business card?
  6. The only way to contact them is by post, to an address which is incorrect – Cannon House is real but is based in THE Priory and a slightly different postcode.

For many start-ups who have never dealt with organisations such as Companies House or HMRC before, they may be fooled into believing this is genuine and will follow the request. For the fraudsters their return on investment is often one or two people scammed and whilst they can still scam someone, they will carry on.