How to spot a fraud

On moving to Heacham, I gave up my previous career as an international counter-intelligence operative, working out of a smoke-filled basement somewhere in Westminster.

Hello, I’m calling from BT. We’ve noticed some unusual activity on your line and we’d like to help you resolve the issue now.

Which of those two paragraphs do you think is more likely to be true?

I’d guess the majority of readers would have chosen the second, but those who know me will obviously have opted for the first and they would have been correct (although the truth will have to remain a secret between me and Sir Richard Dearlove).

Quite simply, BT would never ring you to tell you about an internet problem, unless you had rung them first. Nor would Sky, TalkTalk, Plusnet or any of the other major internet service providers.

Before the world came crashing about our ears, I had two appointments in succession where customers had been fooled into clicking something they shouldn’t: one a substantial financial fraud, the other a website designed to look like an official government site but charging a fee for something that would be free if you visited the correct site.

So this month’s article starts a series on how to avoid cons: visiting a dodgy website, clicking on a link in an email, or falling for a convincing phone call and putting yourself at risk.

Let’s start with a few definitions, so that we’re all on the same page:

Browser – a program you use to access the internet:

Chrome, Edge, Firefox, Internet Explorer (RIP).

Search Engine – a service you visit using your browser to find a specific item. Examples include Google, Bing, Yahoo and DuckDuckGo.

Mobile phones can do things slightly differently, blurring the lines between the two, but those are the basics.

Google has a search engine called, er, Google. Microsoft has a search engine called Bing. I often find customers get confused because you can use Chrome (Google’s browser) to access Bing (Microsoft’s search engine). And in Microsoft’s Edge you can search using Google…

Anyway…

When you search for a website, the results are presented to you in order of relevance, so the higher up the list, the more it matches what you’re looking for. What you see depends on your previous history, the browser you use, you privacy settings and more.

As an example, when you renew a driving licence, you might well go to Google to find the correct place. I did just that, and came up with this:




Anything strike you as odd there? Notice that little word Ad, hiding in plain sight? Depending on the program you use (Chrome, Edge, Firefox), it might look different but it tells you that the website isn’t there on merit, they’ve paid to be at the top.

I tried the same search using a number of different browsers and search engines and got varying results, from no ads to four, with names like applyukdrivinglicence.co.uk, licenceapply.co.uk and applydvladrivinglicence.co.uk

Now I wouldn’t for one minute say that any of these were dodgy companies set up to trap the unwary: I’m sure they all guide you through the renewal process for a very reasonable fee on top of any charges the DVLA raise. But the real DVLA site www.gov.uk/renew-driving-licence costs nothing to access, and charges only the government-mandated fees with nothing on top, so be careful.

My simple rule is, never click on a link that says ‘Ad’.

How to decipher a website address

Next month, God willing, we’ll look at spotting scam emails but let’s take a general look at how a web address (also known as the URL) breaks down. Here’s a straightforward one:

https://www.bbc.co.uk/news/business-52184229

Let’s focus on a few points. Every web address begins http:// or https:// so we can ignore that bit. That leaves:

www.bbc.co.uk/news/business-52184229

The internet uses the forward-slash symbol / to separate pages from website names (think Moby Dick / Page 4). So everything after the first / is just the page within the website. That means, to see if a site is genuine, we can ignore the first / and everything after

By ditching news/business-52184229 we’re left with www.bbc.co.uk/ which I’m sure you’ll recognise as a legitimate address.

Naturally, there’s a slight complication. Sometimes you’ll hear the phrase ‘domain name’ bandied about. Sticking with the BBC, their domain name is bbc.co.uk. But it’s also possible to have a sub-domain. This is a separate area but crucially still part of the main website. An example is

news.bbc.co.uk

If you type that into a browser, it will take you to bbc.co.uk/news, part of the BBC website.

The important point is, a sub-domain will only ever be separated from the main domain by a full stop, so

news.bbc.co.uk

is a legitimate part of the BBC but

news-bbc.co.uk

is not. It might exist as a website but that hyphen means it’s not part of the BBC.

Some unscrupulous companies might include letters hinting at legitimacy like, off the top of my head, applydvladrivinglicence.co.uk including the letters dvla. Not that I would for one minute suggest that applydvladrivinglicence.co.uk was an unscrupulous company. Not at all.

But any official government agency will tend to end in gov.uk, such as hmrc.gov.uk and if the site you’ve clicked on doesn’t, it probably isn’t what you think it is.

Next month, we’ll look at some real examples of not-dodgy-at-all websites that I’ve received but, in the meantime, keep safe, keep well and be nice to each other.

This entry was posted in Uncategorized. Bookmark the permalink. Both comments and trackbacks are currently closed.