Home / Feature / Small Business Feature
Feature

Scams to avoid in the UK

We’ve rounded up some of the biggest scams in the UK at the moment. Here's how to avoid being conned by cold callers, fake software and tickets, ransomware and plenty more.
Lewis Painter
By Lewis Painter
Senior Staff Writer, Tech Advisor SEP 20, 2017 12:32 am BST

Scams are a huge issue in the UK, especially now that you can be conned online and also by  ransomware.

So if you get a phone call from “Microsoft” or an email offering millions if you just hand over your bank details, you should be suspicious. Here, we’ve listed some of the most frequently used scams in the UK along with advice on how to avoid them. Sometimes it’s simply the knowledge of the scam that will put you in a strong position to avoid getting ripped off, but as you’ll see, you might benefit from our expert advice too.

Microsoft calling

One of the most common computer-related scams is the  Microsoft phone scam – don’t be a victim. Someone will phone you out of the blue and say they’re from Windows Customer Service. They’re not: Microsoft doesn’t cold call people like this. The latest twist, as reported by PC Advisor reader Beryl, is that they’ll say something along the lines of, “Your computer has been hacked and that the hackers are sending out emails all over the world saying you are a 76 year old widow and finding it hard to make ends meet.”

Most people don’t want this to happen and, as Beryl found out, they will attempt to convince you the call is genuine by telling you your name, address and phone number. After that you might be told to go to your computer and press Ctrl and the Windows sign together, and tell you they are going to take me to a unique reference number for your computer. 

The bottom line: it’s a scam. Hang up and don’t do anything on your PC. What they want is for you to unwittingly give them remote access so they can steal more details, hold your data to ransom and many other despicable things.

Fake software and games

Software no longer comes on CDs or DVDs. Everything is downloaded these days and all you need to ‘unlock’ it and use it is an activation code, often called a ‘product key’.

If you buy software directly from its maker (e.g. Microsoft) you won’t have a problem. But there are loads of websites which sell software keys, and many offer big discounts on the standard prices.

The old saying “if it sounds too good to be true, it probably is” applies here. Windows 10 costs £119.99 from Microsoft, so if you see it for £35 from an ebay or Amazon seller, it can seem like a bargain. But what you may end up with is a product key that’s already been used by someone else, meaning it’s invalid. 

This happened to PC Advisor reader, Keith. He bought Microsoft Visio from SoftElectronics.co.uk, but the key provided wasn’t accepted when he tried to activate the software. After several fruitless attempts to contact the seller, he sought support from Microsoft. It was then he discovered the key was already in use and he hadn’t saved any money at all: he’d actually lost over £100.

Don’t assume that just because a website looks genuine, has TrustPilot or “Trusted Partner” logos that it’s above board. Always buy software from trustworthy sites and if you buy from Amazon, ensure you’re buying from Amazon itself and not a marketplace seller.

Other software marketplaces have sprung up, such as G2A for game keys. The company itself doesn’t sell anything, but instead – just like ebay or Gumtree – allows buyers to find sellers with the product they want.

As you’ll see if you read the comments below our G2A article, there are lots of people who’ve spent money and received keys which don’t work.

Our advice is to buy games from reputable sites or platforms such as Steam or directly through your games console’s market place or – if you have Windows 10 – through the Windows Store.

Fake tickets

Fake tickets are an ever-present danger. Big events such as the Olympic Games are classic targets, and you may receive spam emails which try to sell you tickets.

You should be very cautious when purchasing any tickets online and make sure you buy from authorised resellers. That ticket that’s being sold for less than face value might be appealing, but chances are you might lose your money and get no ticket.

WhatsApp Gold

The latest WhatsApp scam being circulated among users is an exclusive invitation to upgrade to a premium version of the app, known as WhatsApp Gold. There is no such app.

“The invitation reads: “Hey Finally Secret Whatsapp golden version has been leaked, This version is used only by big celebrities. Now we can use it too.”

Click on the link in the invitation and you’ll more than likely end up with a malware infection. (See how to remove a virus from Android if you’ve already done so.)

Your Apple ID has expired

No it hasn’t, but that’s not what the hackers behind the latest iOS phishing scam would have you believe. Many people have reported receiving a text message purporting to be from AppleInc over the past week or so, claiming that their Apple ID is about to expire. 

The message text reads: “[Name] Your Apple ID is due to be expire today. Prevent this by confirming your Apple ID at [URL] – Apple Inc.”

There’s a link to click to renew their Apple ID. Guess what: don’t click it. It will tell you your Apple account is locked, then request you enter your details to gain access. And the phishers behind the scam will then sell on that information.

Phishing emails that know your address

A recent scam sees a phishing email land in would-be victims’ inboxes that suggests they have several hundred pounds outstanding on their debt to a particular company, such as British Millerain Co Ltd. Whoever sent the email knows their name, email address and, unusually, their postal address, so it seems legit, right? Nope.

In fact if you click on the link in the email it will download ransomware such as Cryptolocker to your PC. 

Dr Steven Murdoch, principal research fellow at the department of computer science at University College London, told BBC Radio 4’s You and Yours: “Most likely it was a retailer or other internet site that had been hacked into and the database stolen, it then could have been sold or passed through several different people and then eventually it got to the person who sent out these emails.”

Email addresses can be obtained rather easily, unfortunately, but can also be stolen in data breaches such as the Dixons Carphone hack.

It’s also possible for money to be stolen via your contactless card. Here’s how to protect it.

Contactless payments scam

Rumours have been spreading regarding a scam to do with contactless payment cards. They suggests that scammers (on the Underground, but technically it could be anywhere you might use a contactless card) are carrying handheld devices that scan the bank card sitting in your back pocket and charge £30 to them without your knowledge.

One slight problem with this scam: there have been no reported incidents. The scam would be almost impossible to carry out, the UK Cards Association told Tech Radar, and any fraud can be traced right back to the recipient account.

HMRC tax refund scam

Now that it’s possible to fill in your tax return online, fraudsters are taking advantage of people using shared computers – such as in offices and internet cafes – to steal their HMRC login details and change their tax returns. The scam usually involves manipulating the figures so that you’re owed money from HMRC and specifying a new bank account for the repayment. Naturally, that’s an account to which the criminals have access. HMRC recommends you don’t use a shared computer to file your tax return, and you keep your password and other login details safe and secure.

Another part of the scam involves ‘phishing’. The criminals will send you an email or text message telling you that you are owed a sum of money from HMRC as a tax rebate. It may sound genuine or tempting, but the website link will be fake and will try to get you to enter your login or other personal details which the scammers can then use to try to access your real account.

iOS Crash Report scam

The iOS Crash Report scam originated in the US around 9 months ago, and while it appeared to be exclusive to the states, it has started to appear on UK users’ devices. The scam appears in the form of a ‘crash report’ when using Safari, and informs users that their iOS has crashed and they should call a ‘toll free’ number for an immediate fix.

The full notification reads “Warning iOS Crash Report – Due to a third party application in your phone, iOS crashed. Contact support for an immediate fix” and lists a series of numbers for you to call, ‘1-800-480-4170’ in the US or ‘0800 279 6211’ or ‘0800 652 4895’ in the UK.

Once you call the number, you’re greeted by a ‘rep’ that informs you that third-party software on your device is stealing all your private information “right now”, and for a sum (which is somewhere between £30 and £50 usually) the rep will ‘install iOS’ and neutralise any threat. Of course, this is all a lie to get you to hand over your credit card information, and the high pressure situation means that many people won’t question what’s happening, and will happily hand over bank details.

Nobody is 100% sure as to how these ‘crash reports’ are appearing on users’ devices, as iOS devices are usually renowned for their levels of security. One popular theory is that it’s a result of website adverts being infected with malicious code which transforms them into the reports people are seeing on their devices.

There’s a simple way to get rid of this ‘crash report’ without needing to hand over your private details to scammers. Simply toggle on Airplane mode, force quit Safari, then head to Settings > Safari and tap “Clear History and Website Data”. Once your history and data has been cleared, disable Airplane mode and reopen Safari – the pop up should no longer appear. To avoid seeing it in future, you can go one step further by heading to Settings > Safari and make sure that “Block Pop-ups” is toggled on.

See also: iOS Crash Report scam.

Ransomware

There’s also a scam disguised in the form of an email from Royal Mail. There have been reports of emails from yourparcel@championmail.com and, more recently, RoyalMailParcelpacketinfo@championmailservice.com claiming to be Royal Mail, informing the recipient that the service is holding an item for them, and that a response to the email is required for the item to be redelivered.

The scam, aims to install ransomware on the victim’s computer, which will then encrypt their files. Whenever the victim tries to access an encrypted file, a popup window appears and requests payment, usually in Bitcoins, to decrypt the files. It adds another level of pressure as its also noted that the longer the victim waits to pay, the more money it’ll cost for the filed to be decrypted.

The initial sum is usually somewhere in the region of £300-360, but will soon rise to as much as £600-660 if not paid within a specific period of time.

To avoid being a victim of this scam, there are a handful of things you should know:

  • Royal Mail will never send an email asking for credit card information
  • Royal Mail will never ask customers to enter information on a page that isn’t a part of the official Royal Mail website
  • Royal Mail will never include attachments in emails
  • Never send sensitive, personal information or bank details by email
  • Never click on a link in an email if you’re unsure of it
  • Make sure you have a spam filter on your email account

For more, see What is ransomware?

Telephone bank scam

Another scam that’s rife in the UK at the moment is the telephone bank scam, which cost victims in the UK £23 million in 2014, according to Financial Fraud Action UK. The scam typically works when the criminal calls the victim and pretends to be representative from their bank. The ‘rep’ will then inform the victim that fraud has been detected on their bank account, and they have to act fast and transfer all their money into a “safe account” before they loose it all.

Some fraudsters have been known to spoof the telephone number on the victims’ caller ID to make it look like their banks official number, and they’ve also been known to make reference of genuine account information that’s obtained one way or another. These techniques help to dupe their victim and make the call seem more genuine.

But if a fraudster can spoof the caller ID and obtain genuine account information, how do we know that it’s a scam? The best advice we can give is to hang up and call your bank yourself – using a different phone, such as a mobile or neighbour’s landline – and enquire about the issues raised in the call. If fraud really has been detected in your account, an official bank representative will put you into contact with the right people and will (usually) reimburse you for any money taken. There’s no need to hand over details to a stranger over the phone who presents you with a high-risk, high-tension situation. Always question and be suspicious.

See also: How to spot a ‘Free iPhone’ scam

, Senior Staff Writer

Lewis Painter is a Senior Staff Writer at Tech Advisor. Our resident Apple expert, Lewis covers everything from iPhone to AirPods, plus a range of smartphones, tablets, laptops and gaming hardware. You'll also find him on the Tech Advisor YouTube channel.

Recent stories by Lewis Painter: