A range of elaborate scams have driven the UK’s fraud epidemic to new heights, with consumers losing thousands of pounds to fraudsters.
Among the most convincing scam of the year so far is pig butchering, according to consumer body Which?.
These scams get their name because the fraudster "fattens up" the victim by forming a romantic connection before executing the investment part of the scam.
The scammer and victim typically meet on a dating site and the victim is "love-bombed" over a period of weeks by someone who appears to take a great interest in their life.
The scammer will often encourage their victim to move from the dating platform to a private messaging service, thus removing them from any protections the dating site might offer.
When the victim is sufficiently groomed, the scammer claims they have been having success investing — typically in property or cryptocurrency — and they offer to invest some of the victim’s money.
If the victim agrees, they are sometimes shown a crypto trading platform controlled by the scammers, and encouraged to sign up and begin depositing funds.
One UK victim, a former Somerset police officer, lost £107,000 to such a scam, believing she was investing in retirement apartments in Cyprus.
To avoid the scam, look out for signs of "love-bombing" — where someone seeks to quickly obtain affection and attention by "bombing" with gifts, compliments, and affection — attempts to move onto a private messaging platform, reluctance to meet in person and requests for money or a concerted effort to get the person to "invest".
For those in an online relationship, it is worth checking in with a friend or a member of your family on how it is going, sometimes other people can help to spot warning signs and inconsistencies when we are too caught up in the moment.
Fake missing person appeals
There has been a spate of viral fake posts in community social media pages worldwide about missing children or elderly people.
People are asked to share these Facebook posts more widely. Which?’s experts know they are fake because you can find near-identical posts in community pages all over the world, simply with the location changed. Search "Robert Spall dementia" on Facebook and you will find the same post in pages for California, USA and Bogota, Colombia.
Comments are invariably turned off on the posts to avoid people pointing out the inconsistencies. After the post has gained a large number of likes, the contents are edited into something completely different, such as a straightforward investment scam. The large number of likes and shares that stay on the post will then lend credibility to the fraud. This scam relies on responsible citizens liking and sharing posts in an attempt to help — which they do, in large numbers.
While missing person posts can of course be genuine, it can be difficult to tell. To avoid perpetuating a scam or unwittingly participating in stalking or harassment, people are best off only sharing official posts, such as those posted by police forces or the Missing People charity (missingpeople.org.uk).
Some regional police forces have warned that you should never like or share a post that has the comments turned off.
This scam starts with people getting a money request from a genuine PayPal (PYPL) email address — firstname.lastname@example.org. This might seem above board, but scammers are exploiting PayPal’s service to send out fake payment requests, often for high-value items, or posing as HMRC to demand "overdue" tax payments.
In some versions of the scam, the fake invoice states the victim’s PayPal account has been compromised and urges them to call a phoney fraud hotline.
Which? has found it is easy to replicate scam emails from a genuine PayPal address. Which?’s request claimed to be from HMRC and threatened the recipient with arrest if they did not pay. Acting as the recipient, Which? researchers were then able to pay the invoice without creating a PayPal account and without encountering any on-screen warnings about fraud.
Consumers should never pay PayPal invoices they do not recognise, or call phone numbers in those invoices. Think about how to independently verify what is being asked. If the message claims to be from HMRC, contact the tax office via gov.uk. If the message claims PayPal has been hacked, contact its customer services at paypal.com/uk/smarthelp/contact-us.
Fake app alert
With 96% of UK mobile users downloading apps from the Apple App Store (AAPL) or Google Play (GOOG), you would probably assume that these stores are safe places to be, and that the apps on these platforms can be trusted. Unfortunately, that is not always the case.
The stores do screen apps before they upload them, but that does not always stop malicious ones slipping through the net. These can install malware on phones, steal data and perpetuate scams.
Last year, online security firm Praedo discovered a so-called security app on Google Play. Calling itself 2FA Authenticator, it actually stole users’ banking information — and had been installed more than 10,000 times before it was discovered.
In 2022, Facebook’s parent company, Meta (META), found 400 Android and iOS apps stealing users’ Facebook login details. App stores do take steps to crack down on the problem, but this is an ever-present threat.
When installing an app, click on the developer’s name and check what other apps it is made to see if these seem legitimate. Check reviews, but remember positive ones can be faked. Read the negative ones, too. The app will likely ask users for permissions: to use the camera, for example. These need to be relevant and proportionate to the functions of the app — an app that only needs a rough location should not ask for a precise one.