Protect yourself from fraud
Learn how you can identify and report some common types.
What does fraud look like?
There are many types of fraud and it can be difficult to know how to spot them if you’ve never heard of them before. Fraud can happen at any time and can happen in numerous ways, take a look through our examples to understand some of the most common schemes:
What’s a boiler room scam?
Most investment frauds usually involve criminals contacting people out of the blue and convincing them to invest in schemes or products that are worthless or do not exist. Once the criminals have received payment, they cease contact with the victim. This type of fraud is commonly known as a boiler room scam.
Jessie receives a call
The caller claims to be a colleague of Jessie’s financial adviser. Jessie has never heard of this person before, but it sounds like it could be important.
The caller says they have a great opportunity
A small company is about to be acquired by a tech giant and they have £10,000 worth of shares for Jessie to buy. The investment is guaranteed to triple in value in less than two months.
Jessie says they will discuss with their partner
The caller pressures Jessie to decide. They claim that the stocks will have to be sold to someone else who can act quicker.
Jessie doesnt want to miss out and buys the shares
The caller sends a link that looks like their Jessie’s financial adviser’s website. They enter their bank details and transfer the funds.
After two days, Jessie suspects they’ve been scammed
Jessie calls their financial adviser, as the caller didn’t leave any contact information and discovers that the caller doesn’t work for the advice firm. They’ve been the victim of fraud.
How could Jessie have spotted this was a boiler room scam?
All financial firms in the UK are regulated by the Financial Conduct Authority (FCA) and are obliged to act in a certain way. Knowing these facts, Jessie could have spotted this scam before sending any money.
Misrepresenting an opportunity to a customer
When the caller guaranteed Jessie a return, they misrepresented an investment opportunity. An investment is never risk free.
Proper market conduct standards
The investment offer was using insider knowledge for personal gains. This is something a regulated firm should never do.
High pressure tactics
The caller put pressure on Jessie to make a decision urgently. Regulated firms must pay due regard to a customer’s interests and treat them fairly.
What is Identity theft?
Identity theft is a type of fraud that occurs when criminals use a person’s details to pose as them for financial gain. If you are a target of identity theft, there is a chance that fraudsters can use your identity to open or access financial accounts, place orders in your name, obtain further personal information, and more.
Elizabeth sets up an online account
Elizabeth decides to use the same passwords she has used for lots of other websites.
Elizabeth logs into her online account on an unsecured hotspot
While travelling, Elizabeth decides to connect to an insecure hotspot. Although the connection says insecure, Elizabeth doesn’t think it would be a risk.
Elizabeth has been targeted by hackers
Hackers have positioned themselves between Elizabeth and the connection she is using, allowing them to gather her data. Elizabeth becomes are victim of hacking.
Elizabeth’s passwords have been compromised
A few days later, Elizabeth receives a notification to say that one password she uses for a website has been compromised. However, Elizabeth doesn’t take the time to check if she uses that password for other websites.
Elizabeth realised too late
Criminals have logged into some of Elizabeth’s accounts, taken her details, and slowly transferred funds into lots of different accounts. Elizabeth is scammed out of £25,000.
How could Elizabeth have spotted this was identity theft?
Waited until she had a secure connection
You can never guarantee that public WiFi is a secure connection. If you can, wait until you are home.
Make her passwords unique or use a password manager
Passwords can sometimes be stolen from websites and used to try and log in to common online shops. Keep your passwords unique to avoid this and use a password manager so you don’t have to remember them all.
Update her passwords and bank details if compromised
When a company alerts you of compromised data, you should always check to see if those details are used elsewhere and update them to prevent people using them maliciously.
What is impersonation fraud?
Impersonation fraud is where you have been convinced to provide personal or financial details by someone claiming to be an organisation. Impersonation fraud can take the form of phone calls, texts, phishing emails or fake websites, as they attempt to replicate details of an organisation.
Michael receives an email from a trusted company with a time sensitive offer
He clicks the link in the email to quickly act on the offer, which encourages him to make an investment today as stocks are rising.
Michael provides sensitive bank details in an online form
The website looks exactly how it did when he last visited a couple of months ago. However, the form looks a little different, but he decides its nothing to worry about as it still looks official.
Michael notices odd activity on his bank statement
A month after his purchase, he notices lots of small and random looking transactions on his statement adding up to over £1000. He alerts his bank and gets a new bank card.
Michael was a victim of impersonation fraud
The website was fake and sold his card details to lots of different people who used them to purchase online goods. It takes Michael six weeks to get the money back.
How could Michael have spotted this was impersonation fraud?
Secure connection and validated address
Always check for the padlock symbol in the address bar before giving any sensitive information.
Use a credit card or virtual debit card for unfamiliar merchants
If you have doubts about a merchant, but are still going to pay them, you can use a credit card or virtual debit card, as these can give you more protection if something does go wrong.
Email address was hidden and sent to undisclosed recipients
When phishing emails are sent to thousands of people, you will often see “undisclosed recipients”. Contact Octopus if you have concerns about one of our emails.
What does Octopus do to keep customers safe?
Verify account owners before making payments
We take steps to verify the ownership of any account to which we are asked to make payment. This may mean we ask for further information or evidence before making payment.
We appreciate this may be inconvenient, but believe it is important in order to protect our customers from fraud. We do not make payments to third parties.
We never sell data to third parties without consent
We do not sell or share your personal information or data to any other organisation or individual.
Any broad statistics and customer profiling information with third parties will be anonymised, so you will not be identifiable from that data.
Keeping yourself safe
Be careful before clicking links
While links in emails or texts from family or friends may be fine, don’t click on any link or open attachments in unsolicited emails or in texts you weren’t expecting.
Create a strong password
Mix numbers, letters, and other symbols.
Avoid remote access
Don’t let someone you don’t know have access to your computer, especially remotely over the phone.
Action Fraud is the UK’s national reporting centre for fraud and cybercrime where you should report fraud if you have been scammed, defrauded or experienced cyber crime in England, Wales and Northern Ireland.
Take Five (To Stop Fraud)
Take Five is a national campaign that offers straight-forward and impartial advice to help everyone protect themselves from preventable financial fraud.
The National Cyber Security Alliance
The NCSA builds strong public/private partnerships to create and implement broad-reaching education and awareness efforts to empower users with the information they need to keep their systems and their sensitive information safe and secure online and encourage a culture of cybersecurity.
¹ Action fraud: https://www.actionfraud.police.uk/a-z-of-fraud/boiler-room-fraud
² Action fraud: https://www.actionfraud.police.uk/news/identity-fraud-reaches-record-levels