Scammers try to take advantage of human politeness. Utilizing critical thinking and slowing down conversations with someone who claims to be an authority like a government agency or bank could be what prevents us from making a financial mistake. Today’s guest is Giles Mason. Giles is the Director of Campaigns at UK Finance. He is responsible for planning and delivering the organization’s communication activities to promote campaigns on behalf of the banking and finance industry.
“Victims of fraud often say that after they’ve hung up the phone or replied to the text message or email they could tell something wasn’t quite right.” - Giles Mason Share on XShow Notes:
- [0:50] – Giles shares his background and current role at UK Finance.
- [2:36] – In 2016, UK Finance launched Take Five to Stop Fraud.
- [4:03] – Many victims of fraud often think after they’ve responded to a scammer that they could tell that something wasn’t quite right.
- [5:36] – The biggest trend at the moment is purchase scams.
- [6:16] – The type of scam that normally sees the greatest fraud is impersonation scams.
- [9:08] – Scams that banks see are typically payment scams through their bank account.
- [10:10] – Once a payment is made, most of the time there’s nothing you can do about it. Banks will do what they can, but it’s not always possible.
- [12:38] – There are even scams that involve purchasing a home which are terrible because of the sheer amount of money involved.
- [14:04] – Hang up and call the number you know for certain is your bank.
- [17:13] – As humans, we want to be supportive and respect perceived authority.
- [18:38] – Scammers typically won’t have a good reaction to you saying that you will call the number you know, which is a sign that they are not who they say they are.
- [21:10] – Young people are more willing to share information about a scam.
- [23:35] – While Giles has not fallen victim to a scam, he has had multiple attempts.
- [25:41] – Giles describes some of the trends in scamming.
- [27:48] – Stop, challenge, and protect.
Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.
Links and Resources:
- Podcast Web Page
- Facebook Page
- whatismyipaddress.com
- Easy Prey on Instagram
- Easy Prey on Twitter
- Easy Prey on LinkedIn
- Easy Prey on YouTube
- Easy Prey on Pinterest
- Take Five to Stop Fraud Home Page
Transcript:
Giles, thank you so much for coming on the Easy Prey Podcast today.
You're welcome. It's great to be here.
Can you give myself and the audience a little background about who you are and what you do?
Absolutely. My name is Giles. I am the Director of Campaigns here at UK Finance. UK Finance is the trade body for the banking and finance industry here in the UK. We've got around 300 members across the banking and finance world, some high street banks, and a broader range of different finance providers as well. One of the campaigns that we run on behalf of the industry is called Take Five To Stop Fraud. We're all about trying to help protect people from fraud and scams.
How did you get into the field? Was that something that you have longed to do since your youth, or was it just the natural progression of your career?
A bit of a natural progression. I've worked in communications for a number of years. It's definitely a real passion in terms of the fraud awareness campaign because it's something which is really helping people in their day-to-day lives. Every person that we can help prevent being a victim of fraud is a great thing.
We know the huge financial and emotional impact that fraud can have on people. Of course, that's not forgetting the fact that the stolen money is in the hands of criminals as well. We're stopping that money going on to fund other serious crimes, too. It's a very worthwhile thing to do so. It's something I'm really proud of as well.
I'm super on board with that mission. Anything that I can do to help someone from losing their life savings is a really good day for me.
Absolutely.
Let's talk about the anti-fraud campaign. What is it? When did you guys start? Let's get into the nitty gritty on it.
Take Five To Stop Fraud first launched back in 2016. It was really in response to a rise in fraud and scams here in the UK, particularly what we call authorized push payment fraud. That's where the customer is being tricked by the criminal, essentially, to send a payment themselves, to go into their online banking and transfer money over to, obviously, what they don't realize is, in fact, the criminal.
As any response to that rise, we launched the campaign to give people straightforward, simple, impartial advice on how to stay safe. It's evolved over the years since 2016. The core message of the campaign is very much around getting people to stop and think.
We've spoken to people who've been victims of fraud. Afterwards, sometimes they think, “You know what? The second I hung up that phone,” replied to that text messages or email, they thought, “something wasn't quite right.” It's after the event. They've already been ensnared by the criminal. What we really want to do is get people to stop.
As soon as they get asked about that potential and ask for information, ask for money, to stop, think, and go, “Actually, you know what? This doesn't quite feel right.” And then empower them to have the ability to challenge and say, “Actually, I'm not going to give you that piece of information. I'm not going to send you that money. I don't know who you are. I want to make myself sure, before I do anything, that you are actually the genuine organization that you're claiming to be from.”
I love that. What’s the current messaging around the fraud itself? What's the current trigger? Is it tax refunds? Is it the tech support scams where, “We've accidentally sent you too much money. Can you send us money back?” What's the current trend there?
In terms of the number of cases, the biggest one is what we call purchase scams. This is often where the customer is tricked really into buying something, which simply doesn't exist. -Giles Mason Share on XIn terms of the number of cases, the biggest one is what we call purchase scams. This is often where the customer is tricked really into buying something, which simply doesn't exist. That can be a whole range of things, whether that's something advertised. Usually, these start online, often on social media, and something is being advertised for sale.
It simply is bogus. Whether that's electronics, any high, in-demand products, that can be holidays, things like tickets for sold-out gigs, those things where there's a real demand for them.
The criminals go there to advertise that this service is good, this product, and then get the details where the money needs to be sent. Customer makes the payment, and then obviously, unfortunately, nothing actually ever, ever arrives. In terms of numbers of cases, purchase scams make up a good half of all types of authorized push payment scams. Generally, the losses in those cases are smaller.
Where we see the biggest losses is often in what we call impersonation scams and investment scams. An impersonation scam is where the criminal pretends to be someone they're not, really. -Giles Mason Share on XWhere we see the biggest losses is often in what we call impersonation scams and investment scams. An impersonation scam is where the criminal pretends to be someone they're not, really. That might be the bank, the customers in a bank. It might be the police, for example.
It might be a delivery scam, and we saw a lot of that during Covid. We've locked down a lot of people doing their online shopping. A lot of people are getting stuff delivered to their homes and fake text messages from a delivery company saying, “Oh, sorry we missed you,” or, “You're due on delivery, but there's an outstanding payment to be made on it. You’ve just got to click on this link, provide a few details, and we'll get that parcel straight to you.”
We just don't understand what people don't necessarily can't quite remember what it is they bought or expecting a parcel anyway that's coming through. That's something we see a lot of.
And investment scams, where the criminals are trying to persuade people into investing in bogus investments, really. That could be anything from cryptocurrency scams, which I'm sure you hear a lot of. It could be gold. It could be fine wines. It can be anything, really.
They're basically trying to say, “Oh, we'll get you a huge return. We can make you quick money here. Just invest in this.” There's always some element of pressure. “You've got to invest now. This deal is only available today. It's a special deal for you. Invest now.” Sadly, that can trick people into parting with their money.
Yeah. Those are the ones that particularly make me sad when people have invested large amounts of their retirement or taking a second mortgage on their house in order to participate in these investment scams.
Absolutely. Often, some of these scams can last over a long period of time. Romance scams, we see where that takes over a number of months. The criminal is grooming their victim, really. They're making them feel that they really are in that relationship, and bit by bit trying to persuade them into transferring sometimes smaller sums of money to start with, and then larger and larger sums.
Eventually, it comes down to the line and saying, “Oh, I'm coming over to the UK. You just need to pay for that flight.” You hear stories of people waiting at the airport for somebody that never arrived. And it's only then that they realized that it's a scam.
Yeah, it's awful. When it comes to the payment scam, are these usually tempted to transfer through the bank account, or is it through peer-to-peer payment apps?
The types of scams that our members see, banks and others, is generally through authorized push payments, is through their bank account. It's usually a payment made either via online banking, mobile banking, or sometimes over the telephone, but through their bank account. We do also see a lot of fraud still occurring on cards as well, often in what we call unauthorized fraud, where the criminal has stolen the card details and goes on to buy something online, for example, with stolen card details.
I'm going to make the assumption. I'm US-centric, so I think on the basis of the US laws and processes. In the UK, is it basically similar to the US in that when you do a push transaction, it's effectively the same as giving somebody cash and that you don't have the ability to reverse the transaction at a later date?
Exactly. Once the payment is made, there isn't a button to undo that. Obviously, if somebody realizes that they've sent money in a scam, they're contacting a bank straight away, and the bank will always do everything they can to trace the stolen funds, put a freeze on that, and get it back to the customer.
Obviously, money often moves very, very quickly. The criminal doesn't simply move it from account A to B. It’s on from B to C, D, E, and more and more very quickly to try and cash out as quickly as possible to turn over stolen money as fast as possible. You're right, it is often through that bank-to-bank transfer.
Yeah. I was just talking with somebody this past week who had gotten one of those. Their finance person had gotten the email saying, “Hey, can you change my bank account for payments? No rush. Just whatever you can do it. The next time you send a payment, just send it to that account.”
They turned out to be really, really lucky in that no payment was sent to that account for three months. When it came time for having a payment, he's like, “Hey, I didn't get the payment.” She's like, “Well, I sent it to this account.” He's like, “I don't have an account at that bank.”
They turned out to be really fortunate that the receiving bank had already shut down the account for fraud. They're like, “Yeah, you'll get your money back. It's just going to take some time to work its way back through the system.” But like you said, those accounts often get shut down relatively quickly.
Absolutely. We see the same exactly. We call it invoice, mandate fraud, and those examples, for businesses. We have business payments where exactly the fraudster impersonates the supplier, phones up and say, “I need to change my payment details.”
We also see it for consumers, too, often sometimes with house purchases, for example. Somehow the criminals managed to infiltrate a lawyer's email system, for example, to say, “I've changed my bank account details. You need to transfer the money for the house purchase here.”
Obviously, those are huge sums of money involved there. The same thing. Sometimes the first tip someone notices when they speak to their solicitor and realize that, “I sent you the money.” “Why is it not there?” And they realize what's happened.
That's awful. You talked about the second point being challenging the person that you're dealing with. What does that look like? And what are you coaching people to do there?
The idea behind that very much is empowering people to say it's OK to refuse, ignore, and reject requests, really. I think that's very much as the British nature is to be very helpful and polite. We don't like saying no. If someone asks for information, the natural way is to try and help them and say yes. I think there's something in that British psyche about reversing that and thinking, actually, it's OK to say no. It’s OK to stop.
That rejecting, refusing, ignoring. If there's a phone call from somebody saying, “I'm calling from your bank. We've spotted something suspicious on your account. We just want to take you through some security questions.” If it is generally your bank, they'll be happy if you say, “I'm not sure that's correct. I'm going to hang up, and I'm going to phone you back on a number that I know to be accurate.” The number on the back of your bank card, the one on their official website, for example. Only a criminal there is going to be pressurizing you to say, “No, no. You've got to stay on the line. You've got to do this now.”
Other genuine organizations will be the same. It does feel a bit awkward. If I get a call out of the blue from somebody and then they say, “Well, I'll just have to take you through security,” it does feel awkward. You feel quite polite saying, “Sorry, you find me. I'm not sure why I'm suddenly going to start revealing personal information about myself.”
Once you've done it once or twice, it feels more natural. Generally, they're always happy to say, “It's OK. We know that you might not want to be able to give me that information now.” You check out the number yourself, call them back, and then you can deal with them. You're sure that you are dealing with what they say they are.
I definitely had both of those experiences where someone called claiming to be from a bank. I'm like, “Well, I don't know who you are. Can you give me your extension number, and I'll call you back?” “No, we need to deal with this right now.”
I'm like, “No.” Then I'm at the other side where the person is like, “Yep. I perfectly understand. I'm at extension. Go ahead. Call the number on the back of your card. Call the number on your statement. That's the right thing to do.” I'm like, “OK.”
Then you think, “Well, that sounds like a genuine organization.” That's the right answer. I've had scam calls myself from HMRC in the UK, which is the tax office here. I got a call claiming that there's a warrant out for my arrest, and I've got to pay an outstanding tax bill on the phone there and then.
I knew it was a scam, but I thought I'll keep them on the line for as long as possible because if they're not going to defraud me, then at least I'm stopping them trying to attack somebody else.
There were various things they tried to make me do. I had to go to different websites and check the number they were phoning from. I knew that that could be spoofed. But still, they said, “Oh, look at the number that we're phoning you from. That's the number on this court website.” Then they tried to get me to download various different banking apps and things to transfer the money.
They always had a reason as to why you had to do these slightly strange things. The script that they had, obviously, had built in the fact that you might get some pushback from the person. -Giles Mason Share on XThey always had a reason as to why you had to do these slightly strange things. The script that they had, obviously, had built in the fact that you might get some pushback from the person. Ultimately, the aim was to trying to get me to transfer money. In 40 minutes, they were disappointed that I finally refused to do so.
That's pretty good. I have a hard time keeping anyone on the phone for more than about five or 10 minutes before they get frustrated with me.
I think most of them thought that I was definitely going to be transferring them something. I managed to keep them engaged for a decent amount of time.
It is interesting. I don't think it's just in the UK. I think just as humans, we're wired to want to be supportive. We want to respect perceived authority. We don't want to be the stone on the road, the thorn in someone's side. It's just easier to go along than to question someone, challenge somebody, and ask questions.
It feels unnatural to say no. But actually, the criminal is trying to prey on that, really, and to take advantage of people's naturally trusting instincts. The key thing is to step back from that and to stop. -Giles Mason Share on XExactly. It feels unnatural to say no. But actually, the criminal is trying to prey on that, really, and to take advantage of people's naturally trusting instincts. The key thing is to step back from that and to stop. When you are asked for information to stop and think, “Actually, that's not right,” and then push back and you don't say, “I'm not going to give you that information. I'm not going to transfer that money. I'm not sure that you are who you say you are, and I'm not going to do that.”
I've had that conversation where when you challenge them, they get mad and start screaming and yelling. I'm like, “Well, you definitely don't work for the bank because you would have been fired.”
Absolutely. I've been sworn out sometimes by an investment scammer who didn't like that I wouldn't sign up to their service. I'm pretty sure as soon as you say that no, genuine organizations would allow their staff to start swearing at their customers.
Yes. I think the third point was protect.
Absolutely. The last step, really, is if a customer does think or somebody does think that they've fallen victim to a scam or lost money in a scam, to contact their bank straightaway. Firstly, because as I talked about earlier, the bank, the earlier you can speak to them, they can hopefully try and recover some of those stolen funds, but also protect your account as well for any other potential fraud.
It's not just about if you have already transferred money, it's also about giving away information too, because that information can be really powerful for the criminal to attempt to get into your account as well. And then report it to a service in the UK called Action Fraud. The police has their central reporting point for fraud in the UK. That helps them build the picture of fraud, what's going on and go after those criminals.
Do you find that most of the fraud is originating from outside of the UK?
It's not necessarily from outside of the UK, but most of it definitely originated online. Roughly 70% or so of authorized push payment scams start out online. That may then move into a different sphere, whether it moves on to the telephone or others, but the starting point is online and on social media in particular, as well.
Got you. Do you see any particular demographics of individuals that are being targeted more than others and that we often talk about? I think the normal narrative is that the elderly are more likely to become victims of fraud, but there seems to be some pushback on that reasoning these days. Actually, millennials and Gen X are just as likely to fall for fraud than the seniors.
Yeah, I think fraud can happen to anybody, unfortunately. It sometimes slightly depends on the type of fraud as to who might be slightly more susceptible to that particular type. Investment scams may be slightly older people with more money to invest, for example.
What we do see, though, is that often, those younger age groups are more willing to share information. We see that, often, young people are more confident or think they can spot scams, which potentially put them at risk of being overconfident, but also naturally more used to sharing information online about themselves. Again, that can put them at risk sharing up that personal information.
We see that, often, young people are more confident or think they can spot scams, which potentially put them at risk of being overconfident, but also naturally more used to sharing information online about themselves. -Giles Mason Share on XIt can be that younger age group, as you say, that can be susceptible from that point of view, but very much we see fraud unfortunately impacting all age groups. There isn't a particular target for the criminal. They're indiscriminate, really. They'll try to get to anybody that they can try and get money out of.
I guess if you're selling fake tickets to some band, it'll target the same demographics the band targets regardless.
Exactly that, yeah.
Sometimes I get the perspective that younger people are more likely to fall for those payment scams, because they're used to doing online transactions. People my age are used to, if someone has borrowed money from you, you give it back to them in cash. You're not just using the peer-to-peer payment apps. It's less common the older that you get.
I think that's probably right. Yes. Using different online marketplaces and things like that, which are potentially more susceptible to scams and those purchase scams. That can definitely be a danger there for younger people.
Got you. As part of doing the podcast, I often ask my guests if they've been a victim of a scam, or if they have a family member that's been a victim of a scam, because I know that there's so much fear about, “Oh, my gosh. An embarrassment of being fallen for a scam.” I really try to de-stigmatize that having happened. I've fallen for a scam or two in my life, and I'm willing to admit that. Not everybody has. Have you fallen for a scam, or had a family member fall for a scam?
Thankfully, so far, no, I haven't, but I certainly have had numerous scam approaches. The phone calls I talked about earlier from the tax office pretending there was a warrant out for my arrest. I regularly get scam messages, offers of supposed employment from various organizations, which clearly don't really exist offering really high amounts of money per day for a job and all I need to do is give my details and away I go.
I thankfully haven't as yet, but I certainly do get approached quite regularly, as I'm sure many people do, whether that's text messages, emails, phone calls. I think there's regular communication from potential criminals.
I think everybody is getting poked at by fraud on a regular basis. Whether we realize it or not, it's constantly ongoing.
Absolutely.
Do you see any trends that are concerning you as to where the fraud attempts are going?
Probably the key bit is the fact that more and more is taking place online, really. That's the place where the fraud we see originates. I think as people recently use the online for normal parts of their day-to-day life, then that naturally means that there's more chance there for criminals. I think that's probably the thing we see in the broadest sense.
There are always different types of scams that are emerging in different changing methods that the criminals are using. One quite common recent in the UK is what we call the mom-and-dad scam. That is where the criminal is sending somebody a message claiming that they're their son or daughter, really.
It's a message saying, “Oh, my phone's broken. Here’s my new number. Don't try to call because it's not working yet for some reason. Please, can you send me some cash because I need to pay for the new phone?” These are the claims that they're making as to why they need to get money. Unfortunately, again, that is having some effect here in the UK.
Yeah, that's definitely been going around in the US for a while. Here, it seems to be targeting grandparents more than parents. The scammers will change their tactics. When one scam stops working, they just switch to a different tool in the tool belt. They'll always take advantage of whatever the latest news is, whatever the latest trends are.
Not that there's going to be a Beatles concert. But if there's a popular concert—Adele is coming to town—they’ll target people with that and do whatever they can. Or natural disasters. They try to leverage on that. It's just awful, everything that's going after.
If people want to find out more about the fraud campaign and read in more details, where can people go for that?
Our website is takefive-stopfraud.org.uk. That's got lots of different advice on different types of scams and how to protect yourself. We've got some quizzes on there as well so you can test your scam-spotting skills to see how you fare on that front as well. That's the best place to go for advice on how to stay safe.
Awesome. Any parting wisdom before we wrap up today?
I think the key thing is, I think I've mentioned already, but stop, challenge, protect. If you take that moment to stop and think whenever asked for your personal information or money, I think that's a really good way of just having to protect yourself from fraud and scam. Stopping and thinking, I think those are the two key things.
If you take that moment to stop and think whenever asked for your personal information or money, I think that's a really good way of just having to protect yourself from fraud and scam. -Giles Mason Share on XCritical thinking is a great thing to teach people, whether it's about scams or about other stuff. I love encouraging people to think critically.
Absolutely.
Giles, thank you so much for coming on the Easy Prey Podcast today.
Welcome. Thank you so much for having me.