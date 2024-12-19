Scam

The National Cyber Security Centre has released a warning to shoppers, urging them to stay vigilant for online scams this festive shopping period as figures reveal that Brits lost over £11.5 million to online criminals between November 2023 and January 2024.

With this in mind, John Clark, Product Manager at takepayments has provided some advice for bargain hunters on how to keep their financial information safe whilst shopping online: “Unfortunately phishing scams spike in popularity around high-profile promotional events, like Christmas sales. A common technique is fraudulent emails which claim to be from ecommerce retail giants, like Amazon. In fact, in 2023 Amazon was the most commonly impersonated eCommerce brand in phishing attacks. These phishing communications are often used to scare shoppers into thinking that their account isn’t eligible for certain deals – and to prevent it from happening, they must follow a fraudulent link that lures them into giving away their money.

Other scams include:

QR codes

Tableside service via QR codes became a staple of the customer experience during the COVID-19 pandemic, allowing people to order food, pay bills, or access information with a simple scan.

But as this technology became more widespread, scammers have found ways to exploit it.

‘Quishing’ — a phishing attack using QR codes — is on the rise, accounting for 11% of phishing emails. Fraudsters are creating fake QR codes that direct users to malicious websites. These scams often target places where QR code technology is used for convenience, such as restaurants or car parks, tricking people into providing their personal and financial details.

To make matters worse, over half (53%) of UK consumers have trouble spotting a malicious QR code.

The signs:

Inconsistent branding on QR codes – If the branding on a QR code doesn't match the branding of a business or appears amateurish, it can be a big red flag. Well-established companies typically maintain consistent branding across all platforms.

Suspicious elements on the code – If some visible anomalies or elements seem out of place — like stickers placed on top or evident alterations in the pattern — it could indicate that the code has been tampered with. Legitimate QR codes should have a clean, unobstructed design without any unusual additions.

Codes in unusual or random places – Think about the location and context of where a QR code is placed. It could be an unauthorised scam attempt if it randomly appears somewhere that doesn't seem logical, like an obscure corner of a room or slapped on a public space without any explanation. Real QR codes from businesses will be strategically placed to help the user. How to try and avoid this scam:

Check for Secure Socket Layer (SSL) certification – The website that a QR code directs a user to should always be SSL certified. You can spot a secure, SSL-certified site if the web address starts with “https://” and there is a padlock icon next to the URL.

Look for two-factor authentication – Also known as 3D Secure Authentication (3DS), two-factor authentication is a key security feature when making online payments. Secure sites that use 3DS will have a Visa Secure, MasterCard SecureCode, or American Express SafeKey logo on them.

Amazon Prime & other subscription scams

The European Commission has revealed that around 10% of EU consumers have been lured into signing up for an unwanted subscription before. Known as subscription scams or traps, scammers trick victims into signing up for cheap products or services sold by unfamiliar or misleading businesses — sometimes locking them into repeated payments without a clear way of halting them.

On the topic of unwanted e-commerce scams, online retail giant Amazon has been the centre of several fraudulent tactics over the last few years. Scammers have been sending illegitimate messages about customers' Prime Memberships or warning that their account is at risk of suspension or closure.

Victims are asked to ‘update’ their payment information, leading them to a fraudulent link that captures their details or prompts them to pay to reinstate their membership. In 2023, Amazon was the most commonly impersonated eCommerce brand in phishing attacks.

The signs:

Unwanted recurring payments — Payments appearing on bank statements for unfamiliar services could be linked to subscription traps that are hard to cancel.

Free trial offers with hidden charges — More often than not, deals that seem too good to be true usually are. Any offers that promise free trials could lure you to sign up for an unwanted subscription.

Communication asking for personal details – Unexpected emails or text messages stating something’s amiss with your Amazon account or membership should be approached with caution. It’s worth noting that the safest way to check on your account status is by logging on through the official Amazon website or app to check the Message Centre or by contacting Amazon’s official customer service helpline or live chat.How to try and avoid this scam:

Keep on top of your outgoing expenses — Regular reviews of bank statements to detect any unexpected or recurring charges can help flag potential subscription traps.

Never complete payment outside of the official Amazon website – Amazon will only ever ask for payment via its official website.

Do not disclose personal details by any other channels of communication – Amazon only requests personal data in the member account section of its official website.

Avoid clicking suspicious links – Never follow any links in suspicious emails or texts. Scammers can create fraudulent websites with an uncanny likeness to the official Amazon website, which they will try to direct victims to. If unsure whether you’re on the legitimate Amazon website, close your browser window and visit the website directly.

Parcel delivery scams

Online shopping sales made up one-quarter of all retail sales in the UK in 2024, and this is set to surge around busy periods like Black Friday and Christmas. This means that parcel delivery scams could become even more common.

They’re characterised by victims receiving a false text message or email claiming that a parcel delivery has been missed or is being held due to an unpaid fee. Victims are then prompted to click a link that leads to a fake website, where they’re asked to provide personal and payment details.

Scammers often impersonate well-known delivery services, such as Royal Mail, Evri, or other third-party couriers, making the messages seem legitimate. In 2023, almost half of people in the UK had been targeted with a parcel delivery scam.

The signs:

Unexpected delivery notifications — Receiving a message about a delivery that wasn’t expected or no prior notification was given could indicate a scam.

Requests for payment of a small fee — Scammers often claim that a package is being held until a small payment is made, typically under £5, to entice victims to act quickly without suspicion.

Links directing to unfamiliar websites — Clicking through to a website that doesn’t look like the official site of the delivery service could be a sign of a phishing attempt.

How to try and avoid this scam:

Review sender information — Checking the sender details and reviewing the website URL carefully before clicking on any links may help avoid falling for fake parcel notifications.

Track deliveries via the business’s official website — Verifying the status of any deliveries through official channels, rather than responding directly to unsolicited messages, can help reduce the risk of being scammed.