Beware the fake Royal Mail message that could cost you THOUSANDS
Emmeline Hartley is smart and tech-savvy. But last week the actress, 28, unwittingly became the face of Britain’s fraud epidemic.
On March 21, she tweeted how she had been ‘scammed out of every penny’ in a sophisticated con involving a fake Royal Mail text and a ‘spoof’ call from Barclays.
Her message has since been shared 14,500 times and Emmeline says she has received hundreds of messages from people who have fallen foul of the same scam and are struggling to get refunds from their banks.
Scam text: The message purporting to be from Royal Mail that is thought to have been sent to millions of phones across the country
It’s thought the texts have been sent to millions of phones across the UK in recent weeks – and is perhaps the worst example yet of a costly year that has seen fraud victims lose a record £479 million.
On Monday, Graeme Biggar, the top fraud investigator at the National Crime Agency, said scammers were ‘finding it too easy’ to bombard the public with millions of fake texts, emails and phone calls.
Today, a Money Mail investigation reveals how cyber criminals are evading detection by using cheap Chinese technology to beat flimsy barriers put up by banks, telecoms firms and regulators…
Duped out of £1,000
Emmeline first received a text purporting to be from Royal Mail asking her to pay a £2.99 ‘postage fee’.
It was the day before her birthday and she was expecting deliveries, so she clicked on the link in the text. This took her to a fake Royal Mail website where she entered her details and made the payment.
Two days later she received a call, seemingly from a Barclays number. The caller, who spoke with a London accent, claimed to be from the bank’s fraud unit.
He knew the details of her accounts and said she had given away her bank details to scammers on the fake Royal Mail website.
He told her to transfer all the cash she had – around £1,000 – to a ‘safe account’, which she did.
Duped: Actress Emmeline Hartley lost £1,000 in the Royal Mail text scam
Emmeline, who lives in Birmingham, only realised it was a scam when the fraudster tried to get her to transfer her overdraft, but by then it was too late.
‘I broke down on the phone, I was crying and calling him a liar,’ she says.
She has since been refunded by Barclays. But other victims are still struggling to get their money back.
Experts say fraudsters are preying on the confusion faced by online shoppers following Brexit, with many being asked to pay extra customs fees and VAT charges.
It is not known how many people have fallen foul of this particular fraud.
It led to a convincing phone call, apparently from the number shown on his bank card, which told him to move the money. His bank is investigating.
David Hickson, of the fair telecoms campaign, says scammers have already adapted and only need to change one digit to avoid being blocked.
He says the only way to stop them is for banks, telecoms firms and other businesses to pledge never to contact customers by phone unless requested.
Ofcom hopes authentication technology will be rolled out in the next few years to stamp out ‘spoofing’.
Scam texts are harder to stop, but most major mobile providers will apply an ‘SMS filter’, which can block scams by recognising suspicious patterns, such as many messages being sent from a single source in a short space of time.
Mr Smith says it would be much easier to track fraudsters if pay-as-you-go Sim cards came with identity checks – or if mobile providers imposed a realistic cap on texts to stop mass scams.
But he believes the real problem is that fraud is not being taken seriously enough.
Scams are cheap
Fake websites used by scammers to collect personal details or payments are also too easy to set up. Scammers are able to buy fake web addresses for just £25 a year.
Postoffice-myfees.com – one of the sites behind the Royal Mail scam – was hosted by U.S. tech firm Namecheap.
Once victims enter their details into the websites, the fraudsters can access and use the details to win trust during the follow-up ‘spoof’ call.
Namecheap has been accused of not doing enough to tackle fraud on its platform.
Last March, Facebook filed an ongoing lawsuit against the firm alleging it had refused to co-operate with an investigation into dozens of malicious sites.
Matt Russell, chief cloud officer at Namecheap, says the firm ‘shut down all domains and websites’ engaged in the Royal Mail scam as soon as it emerged.
He says Namecheap is stopping websites registering similar domain names.
Barclays says: ‘No genuine bank would message you to transfer money to a ‘safe account’. Ignore anyone who asks you to do this.’
A Royal Mail spokesman says: ‘In cases where customers need to pay a surcharge for an underpaid item, we’d let them know by leaving a grey Fee To Pay card. We would not request payment by email or text.’