‘Tis the season to be… on your guard against online scams

Is your inbox heaving with Black Friday offers? It seems that UK businesses have fully embraced the US retail tradition and everyone’s emails are awash with deals. Depending on your viewpoint it could be an annoying intrusion, or a welcome chance to pick up some bargains in the run up to Christmas.

Unfortunately, it’s not just legitimate businesses that have got in on the US tradition, fraudsters and scammers use the frenzied sales period to trick unsuspecting consumers. The number of reported purchase scams rose by a staggering 34 per cent immediately after Black Friday and Cyber Monday last year, according to Barclays Bank data, with an average of £1,072 lost to scammers. 1

Holden & Partners and your security

At Holden & Partners the security of your data is paramount. Our systems and processes have been independently assessed and we hold the government-backed Cyber Essentials accreditation as indicated by the blue and green tick.

While it is important to have our systems verified, we are mindful of a rise in the number of incidents of cyber fraud and the significant risk this poses to clients, specifically affecting email accounts and bank account details given the increase in clone phishing.

We would like to reiterate that if there were to be a change in our banking information, we will never notify you via email or text message. If you receive an email asking you to transfer money to a destination you have not used before when transferring to Holden & Partners, then please call your adviser.

The evolution of scams

Scammers use a variety of techniques to gain trust and defraud victims, from fraudulent retail businesses to pension and investment scams.

Scammers are using increasingly sophisticated methods to target and trick victims. One of the most common scams, called ‘phishing’, once involved emails telling potential victims they had won a contest to obtain bank details, now we are seeing messages anchored in current scenarios, like paying for Covid 19 vaccination certificates, or even accessing government assistance with fuel bills. Of course, the more believable the message, the more likely we are to fall victim.

As well as generic phishing scams, ‘spear phishing’ and ‘clone phishing’ emails are on the rise. These can be highly targeted and personalised to the intended victim to make them more believable. For example, scammers might intercept a string of messages between an individual and business and then clone the details, redirecting the intended victim’s actions, potentially tricking them into giving up information or taking action (like transferring money).

What to look out for

Often, scammers try and get hold of your personal information through emails or texts that look like they come from a legitimate source, like a large and well-known company, or a government department – or they might even appear to be from someone you know. The Financial Ombudsman Service has good guidelines on how to spot a scam:

  • Pay close attention to how you’ve been addressed in emails – scams may not contain your name in full, correctly or at all.
  • Where the email is coming from – at first glance, the name of the sender might look like a company you recognise, but double check the email address it’s been sent from. Scam messages won’t always be able to use real domains (like ‘info@companyname.com’) and instead will often use misspelled or random email addresses.
  • However, scammers can hack into email accounts and impersonate the business or individual using their actual email address. Fraudsters sometimes monitor communication styles to make correspondence believable. Make sure you check the sender is who you think it is – even if it joins an existing message thread you know to be authentic. Don’t be afraid to double-check and call the company directly on a number you trust.
  • Don’t click on a link if you think it’s suspicious – if the email talks about a problem with an account, go to the company or organisation website directly and log into your account to check. Don’t rely on the link provided if you’re suspicious.
  • Use secure websites – if you’re making an online purchase, check that the website is a secure one with a padlock icon in the web address bar and that it has https:// in the address bar. These aren’t always guarantees, but are a good starting point
  • Pop ups – messages online asking you to give out personal information unprompted can sometimes come up, so the best thing to do is close the window and not input any personal information. You can also activate ‘pop-up blockers’ on your web browser to help with this. 2

What if you have fallen victim to an attack?

If you think you might have fallen victim to an attack, then take action immediately. The National Cyber Security Centre has published these guidelines. 3

SituationAction
You've provided your banking detailsContact your bank and let them know.
You think your account has already been hackedYou may have received messages sent from your account that you don't recognise, or you may have been locked out of your account, refer to their guidance on recovering a hacked account.
You received the message on a work laptop or phoneContact your IT department and let them know.
You opened a link on your computer, or followed instructions to install softwareOpen your antivirus (AV) software if you have it, and run a full scan. Allow your antivirus software to clean up any problems it finds.
You've given out your passwordYou should change the passwords on any of your accounts which use the same password.
You've lost moneyTell your bank and report it as a crime to Action Fraud (for England, Wales and Northern Ireland) or Police Scotland (for Scotland).

Fighting back

The National Cyber Security Centre’s website also contains details on how to spot and report scams whether they are on email, text, web or phone call. By reporting scams, you can reduce the amount of scam communication you receive, as well as protecting others from cybercrime online

https://www.ncsc.gov.uk/collection/phishing-scams

Useful resources

There are some really useful websites with information on spotting and reporting scams

The Financial Conduct Authority runs a programme called ‘Scam Smart’ with information on how to stay safe when it comes to pensions and investments

https://www.fca.org.uk/scamsmart

This includes a warning list https://www.fca.org.uk/scamsmart/warning-list

The National Cyber Security Centre

If you are shopping online it is worth reading the NCSC guidance on avoiding scammers, with details on how to report anything that doesn’t look right https://www.ncsc.gov.uk/guidance/shopping-online-securely

The Financial Ombudsman Service

https://www.financial-ombudsman.org.uk/

Action Fraud

https://www.actionfraud.police.uk/

1 https://www.thisismoney.co.uk/money/beatthescammers/article-11431429/Black-Friday-scams-2022-look-tell-offer-legitimate.html
2 https://www.financial-ombudsman.org.uk/data-insight/insight/avoiding-fraud-and-scams
3 https://www.ncsc.gov.uk/collection/phishing-scams/what-to-do

Contact us

Whether it’s a question about your personal finances or how you can invest your wealth more ethically, we are here to help. Call us on 020 7812 1460, email info@holden-partners.co.uk or complete the form:

    Holden & Partners is a trading name of Peter R T Holden and Partners LLP and is authorised and regulated by the Financial Conduct Authority (446291), but not all of the products and services mentioned in this website may be so regulated. Click here to view Holden & Partners on the FCA register. All content © 2024 Holden & Partners.