Action Fraud, the national fraud and cybercrime reporting service, has launched a ticket fraud awareness campaign, warning people to be alert to fraudsters trying to catch out people planning for popular and sold-out events.
Last year more than 8,700 people reported they had been a victim ticket fraud, with a total of £6.7 million lost. This works out to an average loss of £772 per victim.
The warning comes ahead of the Glastonbury Festival ticket resale and before top summer events, such as Taylor Swift’s sell out Eras tour.
Pauline Smith, Head of Action Fraud, said:
“We all want to enjoy ticketed events this summer, but that doesn’t stop fraudsters from taking the fun out things we look forward to doing. Too many people are losing out to fraudulent activity or genuine looking phishing messages.
“Make sure you don’t get ticked off – recognise the signs of ticket fraud before getting caught out. Remember to be wary of unsolicited messages offering deals too good to be true.”
Of the reports made to Action Fraud last year, 34 per cent of reports (2,993) mentioned concert tickets, 29 per cent of reports (2,523) mentioned travel and 18 per cent of reports (1,561) mentioned sporting events.
Jonathan Brown, Chief Executive of Society of Ticket Agents and Retailers, said:
“Buying from a STAR member means you are buying from an authorised ticket supplier signed up to our strict code of practice. While we hope you never have to use it, this also gets you access to our approved Alternative Dispute Resolution service.
“There are so many great gigs and festivals happening throughout the UK this summer, but sadly there are fraudsters waiting to ride on the back of public excitement about those events by ripping-off ticket buyers. Consumers can avoid disappointment and loss by following Action Fraud’s advice about how to buy tickets safely and taking the right steps to protect themselves.”
How to protect yourself from ticket fraud:
Fraudsters often create fake ticket retail companies. Victims are lured in using social media or phishing emails with offers of the chance to buy tickets to a popular event, but instead give away their personal information or money, with no tickets received in return. Phishing messages often look real, but instead will either steal your information or divert to malicious websites which can infect your computer with malware.
If you feel at all suspicious, report the email to the Suspicious Email Reporting Service (SERS) at [email protected]. For more advice on how to stay secure online, please visit cyberaware.gov.uk.
Find out how to protect yourself from fraud: https://stopthinkfraud.campaign.gov.uk
If you live in England, Wales and Northern Ireland and have been a victim of fraud or cybercrime, report it at www.actionfraud.police.uk or by calling 0300 123 2040. In Scotland, victims of fraud and cybercrime should report to Police Scotland on 101.
]]>Pauline Smith, Head of Action Fraud, said:
“Anyone with a social media or email account can be a target for fraudsters or cyberattacks. It is important to take action to secure your accounts, as fraud becomes even harder to detect with technology on a global scale.
“Protect your information by ensuring your email and social media passwords are secure and different from all your other passwords. You can also set up 2-step verification for a layer of extra security. Remember, prevent the potential for fraud and hacking, never share your password or any 2-step verification code with anyone.”
In the reports made to Action Fraud, there were various different methods of hacking reported, including:
On-platform chain hacking
This is when a fraudster gains control of an account and begins to impersonate the legitimate owner. The goal is to convince people to reveal authentication codes that are sent to them via text. Many victims of this type of hacking believe it’s a friend messaging them, however the shared code was associated with their own account and the impersonator can now use it to access their account. Usually when an account is taken over, fraudsters monetise control of the account via the promotion of various fraudulent schemes, while impersonating the original account owner.
Leaked passwords and phishing
The other predominant method of hacking reported is leaked information used from data breaches, such as leaked passwords, or account details gained via phishing scams. This becomes prevalent as people often use the same password for multiple accounts, so a leaked password from one website can leave many of their online accounts vulnerable to hacking.
What can you do to avoid being a victim?
If you live in England, Wales and Northern Ireland and have been a victim of fraud or cybercrime, report it at www.actionfraud.police.uk or by calling 0300 123 2040. In Scotland, victims of fraud and cybercrime should report to Police Scotland on 101.
Suspicious emails should also be sent to SERS at [email protected].
Find out how to protect yourself from fraud: https://stopthinkfraud.campaign.gov.uk
]]>Last year, 6,640 reports of holiday fraud were made to Action Fraud and data shows July and August saw highest number of reports made, at 804 and 781 respectively.
Holiday makers lost a combined total of £ 12.3 million, meaning there was an average loss of £1,851 per victim.
Pauline Smith, Head of Action Fraud, said:
“As people think ahead to book their holidays, understandably everyone is increasingly on the lookout for the best deals. With the cost-of-living crisis squeezing our finances, it’s easy to forget to stay vigilant against fraudsters offering cheaper deals and great prices that are too good to be true.
“We want to avoid people losing their hard-earned money and help raise awareness of the signs of holiday fraud. Before booking any trips or signing up to any deals, do your research and check for ABTA and ATOL logos before clicking the confirmation button. Remember: stay alert online and be wise to fraudsters.”
Mark Tanzer, ABTA Chief Executive, said:
“Fraudsters are using increasingly sophisticated methods to target consumers, with a particular focus on destinations and times of year when demand is high and availability limited, as they know people will be looking for good deals. Victims will often only find out they have been defrauded just before they are due to travel, or even in a resort, when it can be very difficult to find a legitimate replacement leading to yet more cost and potential disappointment.
“One of the simplest ways to protect yourself when booking is to look for a company that is a member of ABTA when booking your holiday.”
Anna Bowles, Head of Consumers and Enforcement at the UK Civil Aviation Authority, which runs the ATOL financial protection scheme, said:
“Our research shows almost three in five of us are planning to go overseas this summer and expect to spend thousands of pounds on these trips. Before booking your trip abroad make sure you are doing everything you can to thwart fraudsters.
“Some protective measures include visiting the atol.org website to check your package trip is financially protected by ATOL, pay by credit card if you can, and take out travel insurance as soon as you book.”
Holiday makers are encouraged to take precautions and do their research online to ensure holidays are booked safely, without a hitch. Remember, don’t get caught out and lose out.
Top tips to help prevent falling victim to holiday fraud:
For further tips from ATOL and ABTA, visit https://www.atol.org/about-atol/how-to-check-for-protection/ or https://www.abta.com/tips-and-advice/planning-and-booking-a-holiday/how-avoid-travel-related-fraud.
If you think you’ve been a victim of fraud, contact your bank immediately and report it to Action Fraud online at actionfraud.police.uk or by calling 0300 123 2040. If you live in Scotland, call Police Scotland on 101.
]]>The victims describe receiving an email purporting to be from the NCA. The email states that the NCA has evidence that the recipient has accessed and viewed “child pornography” or other “illegal pornographic content”.
The emails demand that the recipient make contact within a specified deadline. If they do not, the email claims that a warrant will be issued for their arrest and that the recipient’s details will be added to the sex offenders register, quoting legislation in an effort to make the threat sound legitimate.
It is assessed that the intention of the email is to prompt the victim into initiating communication with the suspects so that personal information can be disclosed to be used for blackmail or to commit fraud. Unlike other emails which impersonate law enforcement, there is no up-front demand for money however, where victims have engaged with the suspects, they have demanded money at a later stage.
The use of such threatening language creates a significant and emotional impact upon the recipient. The time pressure that is applied encourages victims to panic and act without thinking, unknowingly exposing themselves to compromise and blackmail.
What you need to do
Every report counts
Within these reports, 4,092 victims reported being extorted for money, or having their accounts used to perpetrate fraud against the wider public. In one example, Action Fraud has received over a dozen reports in the last two months relating to hacked social media accounts being utilised to promote fake Taylor Swift tickets.
Members of the public are less likely to suspect it’s a scam if the tickets appear to be sold by someone who has lots of friends on their profile and posts dating back many years.
Pauline Smith, Head of Action Fraud, said:
“Social media applications are, without doubt, the most widely used in the world, which presents a huge opportunity for criminals. With millions of people using apps like social media every day, scammers have a wide pool of potential victims to target and they often try and gain access to people’s online profile as a way to defraud others.
“Keep your accounts secure and set up 2-step verification. Under no circumstances should you ever share your 2-step verification codes with anyone, and if you think something doesn’t seem right, report the message and block the sender within the app itself.
“To make your accounts even more secure, and to provide an extra layer of protection, we would recommend that your email and social media passwords should be strong and different to all your other passwords.”
In 49 per cent of cases reported to Action Fraud, there were two primary types of account takeovers:
On-platform takeovers
These occur entirely on the platform through the messaging element of the service. The suspect will trick a victim into sharing or altering crucial account details. Primarily this is done via the suspect already being in control of one of the victims’ friends accounts. The fraudster will then message the victim purporting to be their friend.
The victim, unaware of their friend’s account being hacked, will believe they are speaking with their friend. The criminal will then make a request to the new victim, such as help “securing” their account, voting in a competition or potentially offer the victim a financial opportunity. The fraudster says that this requires sharing with them a code sent to the victim’s phone, or taking a screenshot of a link sent to them.
Alternatively, the fraudster may ask a victim to change the email address on their account to claim a prize or follow a link the suspect has sent. Each of these actions, unknown to the victim, can provide the suspect with control of the account.
Email compromise and phishing
These types of account hacks often occur when victims have unwittingly divulged their login details to fake websites after having clicked on a link in an email they thought was genuine. Once a fraudster has access to a victim’s email account, they can use it to reset the password of any social media account associated with that email address.
Frequently, the suspect will have acquired the email due to weak security on the account, such as lack of 2-step verification, weak and re-used passwords, a leak of the victim’s email on the dark web, or the actual expiration and purchase of the victim’s custom web domain.
What can you do to avoid being a victim?
If you live in England, Wales and Northern Ireland and have been a victim of fraud or cybercrime, report it at www.actionfraud.police.uk or by calling 0300 123 2040. In Scotland, victims of fraud and cybercrime should report to Police Scotland on 101.
Suspicious emails should also be sent to SERS at [email protected].
]]>The article makes a number of inaccurate claims about a report made to Action Fraud following a social media account being hacked, including:
The journalist also did not use all of the information provided to them in response to the questions they asked Action Fraud, including that the person in this case was not told to write a letter.
The article also gives a misleading report on the overhaul to Action Fraud, which was always planned due to a natural end to current supplier contracts.
Action Fraud and the City of London Police feel it is important to make clear and to address the above as follows:
Action Fraud and the City of London Police find it disappointing that despite clear information being provided to the journalist both in writing and through conversations over the phone, the publication has continued to write a factually inaccurate news article.
]]>The Action Fraud National Economic Crime Victim Care Unit (NECVCU) supports victims of fraud and cybercrime and provides them with bespoke and specialist advice to help them better protect themselves from falling victim again in the future. Since its inception, it has engaged with 349,322 victims and prevented an estimated £2,882,616 being lost to fraud
The unit, which is run by the City of London Police (CoLP) as the national lead force for fraud, has engaged with and supported 113,356 victims of fraud and cyber crime in the last financial year (April 2022 – March 2023).
Assistant Commissioner Pete O’Doherty, from the City of London Police, said:
“Victims of fraud and cybercrime are at the very heart of the work that we do as national lead force for fraud and the NECVCU is an invaluable service which provides specialist advice and support to victims when they are often at their most vulnerable.
“The unit has supported and empowered thousands of victims to recover from their experience with fraud and cybercrime. Without support from the NECVCU, many victims would likely have fallen victim again.
“We are delighted that thanks to additional investment, the unit has now been rolled out to all forces across England and Wales. The unit will continue to work tirelessly to support victims and the NECVCU should be incredibly proud of everything it has achieved this year.”
The Action Fraud NECVCU aims to make victims of fraud feel safer and more confident, following contact from specially trained advocates, and also helps them to cope and recover from their experience of fraud.
The unit also aims to significantly reduce the likelihood of repeat victimisation, by providing prevention advice and support.
Through Home Office funding, the Action Fraud NECVCU has engaged with and supported 349,322 victims since 2018 (as of 25 July 2023) – with only 152 people being recorded as repeat victims of fraud and cybercrime.
The unit has also prevented 181 people becoming repeat victims, preventing an estimated £2,882,616 being lost to fraud. Since January 2021, the Action Fraud NECVCU has supported 108 victims to recover £2,965,062.
Security Minister Tom Tugendhat said:
“Fighting fraud is at the heart of our campaign to fight crime. The National Economic Crime Victim Care Unit delivers on our pioneering Fraud Strategy.
“Fraud doesn’t just lead to financial loss, it can destroy confidence and lead to severe stress. That’s why it’s so important that victims get the best possible care and support.”
The unit supports all 43 police forces with the level one service, with 38 of those forces signed up to the level two service.
The level one service provides appropriate support to less complex cases where there is no indication of vulnerability identified within the report. The level one team provides protect and crime prevention advice, as well as signposting to local support services. A referral pathway is also in place, so where vulnerability is identified following initial contact with the victim, the victim care team is able to pass these cases to level two service providers.
The level two service handles more complex and difficult cases, where an indication of vulnerability has been identified within the report. Reports are thoroughly reviewed by a dedicated team and passed to a team of victim care reviewers. This team will then contact victims to further assess their vulnerability and work with them to not only provide protect and crime prevention advice, but also link in with existing services, such as the NHS and social services, and help the victim to cope and recover from the fraud.
Pauline Smith, Director of Action Fraud, said:
“We understand that falling victim to fraud or cybercrime can have devastating consequences on victims, and not just financially. It can affect people’s mental health, confidence, relationships with family and friends and cause them to feel ashamed or embarrassed.
“I am incredibly proud of the excellent service the NECVCU provides to victims across the country and the feedback from victims really does highlight the importance of reporting to Action Fraud.”
James Thomson, Chair of the City of London Police Authority Board, said:
“Victims are at the heart of everything that the City of London Police do. They are the number one priority.
“Fraud is a malicious crime that targets all of us, but for some it can be life changing. Fraudsters do not discriminate and therefore it is important that those that are most vulnerable are identified, supported, and empowered.
“The National Economic Crime Victim Care Unit is an important function in making sure that people do not become victims again and with the aim being to make them feel safer.”
The unit’s work was recognised at the 2021 and 2022 Tackling Economic Crime Awards where it was shortlisted for Outstanding Team and Outstanding Policing Initiative.
The unit is also benefiting from a partnership between the City of London Police and Lloyds Banking Group which will see £7 million of proceeds of crime used to fund a series of fraud fighting and victim support programmes.
If you think you have been a victim of fraud, contact your bank immediately and report it to Action Fraud online at actionfraud.police.uk or by calling 0300 123 2040. Residents in Scotland should report fraud to Police Scotland on 101.
]]>The fraudster will then call the victim and say they are sending a one-time passcode which will allow them to join an upcoming video call for group members. The scammer then asks the victim to share this passcode with them so they can be “registered” for the video call. What’s really happening is that the scammer is asking for a registration code to register the victim’s WhatsApp account to a new device where they then “port” their WhatsApp profile over.
Once the fraudster has access to the victim’s WhatsApp account, they will enable two-step verification which makes it impossible for the victim to access their account. The scammer will then message other members of the group, or friends and family in the victim’s contacts, asking them to transfer money urgently as they are in desperate need of help.
Oliver Shaw, Detective Chief Superintendent and Head of Action Fraud and the National Fraud Intelligence Bureau (NFIB) said:
“WhatsApp continues to be a popular platform for community and religious groups, but sadly also for fraudsters. Here, the scammers rely on the goodwill of group members and their intrinsic desire to help others in distress.
“We urge people always to be wary when receiving contact via WhatsApp or other messaging platforms. This is particularly the case when being asked to provide account information – despite the fact that you may recognise the individual’s profile picture and / or name.
“Never share your account information with anyone, and if you think it’s a fraudulent approach, report the message and block the sender within WhatsApp. To make your account more secure, we advise setting up two-step verification to provide an extra layer of protection. This makes it increasingly more difficult for fraudsters to gain access to somebody else’s WhatsApp account”.
Analysis of Action Fraud reports indicate that victims targeted by this scam are often part of large WhatsApp community, alumni and academic, work groups, and religious groups (such as church or prayer groups).
What can you do to avoid being a victim?
Tap Settings > Account >Two-step verification > Enable.
If you have been a victim of fraud or cybercrime, report it at www.actionfraud.police.uk or by calling 0300 123 2040. In Scotland, victims of fraud and cybercrime should report to Police Scotland on 101.
]]>With the summer months seeing the highest levels for holiday fraud reports, Action Fraud has launched a national awareness campaign today to urge the public to think twice before booking a holiday, so consumers don’t get burnt before they are on the beach.
Pauline Smith, Head of Action Fraud, said:
“With summer only just around the corner, we enter a period where fraudsters ramp up efforts to catch out unsuspecting members of the public.
“Scammers prey on people wanting to find a good deal online – whether that’s cheap flights, great hotels close to the beach at discounted rates or package holidays that undercut well-known travel operators and brands, people are more than willing to snap up a deal which sometimes comes at a heavy cost.
“When booking a holiday here or abroad, it’s important to do your research before handing over any money and to double check any website. To avoid the wave of crime this summer we encourage people to stop, check and research before paying. If it sounds too good to be true – it most definitely is.”
Anna Bowles, Head of Consumers and Enforcement at the UK Civil Aviation Authority, which runs the ATOL financial protection scheme, said:
“Before booking any trip abroad it is always worth doing some homework before you part with any money to make sure you limit your risk of being impacted by fraud. Make sure you research the company you’re booking through – check reviews and ensure that your booking includes all the extras you’re expecting, such as baggage allowance and transfers.
“We also recommend some simple measures to financially protect your well-earned holiday, including using the atol.org website to check your trip is financially protected by ATOL, consider paying by credit card and taking out travel insurance as soon as you book. This will add extra layers of protection against anything going wrong with your booking.”
Data revealed that the top 10 hotspots of people being caught out by holiday fraud in the UK were as follows: London, West Midlands, Greater Manchester, Thames Valley, West Yorkshire, Hampshire, Essex, Sussex. Avon and Somerset and Kent.
Interestingly, People in their 20s and 40s who reported losses accounted for 44 per cent of all reports, further dispelling the myth that only older people are targeted by fraudsters.
Holiday fraud encompasses many different tactics employed by criminals to dupe unsuspecting members of the public. The most frequent frauds are clone comparison websites, airline websites and holiday websites.
At a quick glance it would appear you are on a trusted site, whereas in reality the URL has been changed. Here, victims assume they are on the genuine site and willingly hand over money at a great cost.
Fake confirmation emails or booking references are even sent, which has resulted in some cases of victims only realising they have fallen victim to fraud when they are at the airport to check in for their flight to be told that their booking does not exist.
An emerging trend is fraudsters using counterfeit Air Travel Organisers’ Licensing (ATOL) protect numbers on their fake webpage. All credible and trusted companies are provided with a number that shows the company has passed the regulatory checks by ATOL, with this number being unique to the website. Recently, fake websites have used duplicate or fabricated numbers which have been edited onto an ATOL logo.
ATOL recommends double checking all numbers on websites and with travel operators before handing over any money. If you do pay, use a credit card as this can offer greater protection should you lose your money.
Top tips to avoid falling victim to holiday fraud
For a full list of tips to avoid becoming a victim of fraud, please visit https://www.atol.org/about-atol/how-to-check-for-protection/ or https://www.abta.com/tips-and-advice/planning-and-booking-a-holiday/how-avoid-travel-related-fraud.
If you think you’ve been a victim of fraud, contact your bank immediately and report it to Action Fraud online at actionfraud.police.uk or by calling 0300 123 2040, or call Police Scotland on 101.
]]>Pauline Smith, Head of Action Fraud, said:
“Action Fraud has seen a rise in ticket fraud over the past twelve months, as criminals take advantage of people wanting to enjoy more live sport and music.
“We urge people to be wary of ticket sales from unknown websites or people they do not know. Criminals may offer deals on sold-out or exclusive events, however once you have parted with your money, the tickets are either fraudulent or never appear at all.
“Remember, if it sounds too good to be true, it probably is.”
The national awareness campaign, launched today (Monday 10 April 2023), comes after Action Fraud received 7,088 reports of ticket fraud in 2022, as the UK enjoyed the first full summer free of Covid-19 restrictions.
One of the worst-impacted months was July 2022, with 747 reported cases of fraud resulting in £957,887.23 of losses – an average of £1,282 per victim. The worst affected area for ticket fraud was London, with a recorded 1,887 cases in 2022, followed by Greater Manchester with 383 reports and West Midlands with 341.
Action Fraud is working with the Society of Ticket Agents and Retailers (STAR) to promote the safe and secure purchasing of tickets to summer events, and advises the public follow the appropriate precautionary measures.
Jonathan Brown, Chief Executive of Society of Ticket Agents and Retailers, said:
“Buying from a STAR member means you are buying from an authorised ticket supplier signed up to our strict code of practice. While we hope you never have to use it, this also gets you access to our approved Alternative Dispute Resolution service.
“The UK offers a world-beating array of fabulous events throughout the year. It’s vital that ticket buyers always keep their eyes open and take steps to protect themselves from unscrupulous ticket sellers that prey on their understandable excitement about attending some of the great events on offer.”
How to protect yourself from ticket fraud:
Criminals often use social media or scam emails to tempt potential victims into parting with personal information or money. These messages look real, but instead divert to malicious websites which can infect your computer with malware.
The message may appear genuine and from a company or individual that you recognise but do not usually receive communications from. If you feel at all suspicious, report the email to the Suspicious Email Reporting Service (SERS) at [email protected]. Your report will help us protect many more people from falling victim.
Action Fraud also advises that the public follow the Take Five to Stop Fraud campaign advice to keep themselves safe from fraud:
For more advice on how to stay secure online, please visit cyberaware.gov.uk.
If you have fallen victim to ticket fraud or any other scam, please report to Action Fraud at actionfraud.police.uk or by calling 0300 123 2040. In Scotland, you can report to Police Scotland on 101.
]]>