Category: Guidance

Legal Path to Recover Stolen Money

This is a series of steps for attempting to recover money stolen by fraudsters.


It has been created by Barrister  Gideon Roseman following his skirmish with fraudsters. You can read about that at

  1. Immediately phone your bank and ask to speak with the fraud team

Explain what has happened and demand they immediately contact the fraudster’s bank, i.e.  the bank you transferred your money to.

  1. Immediately contact a solicitor or barrister who can accept instructions directly from members of the public (or alternatively you can attempt to do this yourself). Ask them to immediately make an application to freeze the fraudster’s bank account and any other bank account that the fraudster has with their bank. The application should include a request for an order that the fraudster’s bank provides the following information:
  • all contact details (mobile phone, home phone, email address, residential address etc.) for all signatories to the fraudster’s bank account and any other bank account held in the fraudster’s name or any other signatory to this bank account that is held at the bank
  • all bank statements for the fraudster’s bank account and any other bank account to which the fraudster or any other signatory has with the bank in question for a period of 6 months; and
  • the current balance of all bank accounts with the bank that is in the fraudster’s or any other signatory’s name.
  1. Once you get hold of the court order, this will need to be immediately emailed to the fraudster’s banks’ ‘court orders’ team who can process it. You can ask your bank for this email address.
  2. As soon as you receive the information from the fraudster’s bank, consider the following points:

(i) has your money been transferred or paid to any recognisable company you can contact, such as a known retailer

(ii) if you can identify a company that has received your money, you can then contact this company, explain what has happened and request they either cancel the transaction made by the fraudster or request them to hold onto the money they have received and

(iii) has the money been transferred to other bank accounts.

  1. If your money has been transferred out of the fraudster’s bank account and into another bank account, you have the option of returning to court and making an application for the information set out above and repeating the process set out above.
  2. When you have received the fraudster’s bank account statements, try to work out the dates and times of the transfers out of their accounts. Your bank will be under a duty to contact the fraudster’s bankers, who will then freeze the fraudster’s account.

If your bank has failed to act within a reasonable period of time after you have notified them of the fraud, which has enabled the fraudster to transfer your money without a trace, it is likely that your bank will have breached their duty and will have to compensate you.

Good luck.

If you have any experiences with scammers, spammers or time-waster do let me know, by email.

Fightback Ninja Signature

Understanding Website Cookies

Almost every website you visit asks you to accept cookies, and typically we just click yes rather than taking the time to read exactly what the cookies are being used for.

Cookies are tiny files containing a small amount of data about the browsing in progress. These cookies are either stored in memory or on your computer’s disk.

Types of Cookies

There are session cookies which enable a website to remember each page accessed and your login. These disappear when you leave the website.

There are persistent cookies which remember user preferences and allow you to access websites without having to login again

Then there are 3rd party cookies and these are basically tracking your browsing for the purposes of advertising and marketing.

Advertising and Tracking

In most cases, cookies are useful. It would be annoying of a website asked you to login again each time you clicked onto a new page on the same website. Plus you do want that shopping trolley to remember what you’ve added when you looking for something new to add.

However, many companies, spammers and scammers use 3rd party cookies to track your activities.

If you prefer adverts that are tailored to your tastes then you might agree to 3rd party cookies but if you hate the idea of being tracked so avidly then you may want to deny such cookies.

By the way, in 2011 the EU decided that cookies were potentially a privacy problem and mandated that website owners obtain visitors’ permissions. This means the very annoying question ‘do you accept cookies’ on most website you visit.

  1. Should you accept a cookie request?

Session and persistent cookies help the browsing experience but it’s those 3rd party cookies that are the annoying and potentially intrusive ones.

Tips for protecting your privacy

Don’t automatically accept every cookie. You could even try to deny all cookies and see if it has adverse consequences, such as wasting time to fill in your personal details on a shopping site.

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature

The Most Common Christmas Scams

It’s Nearly Christmas.

The festive season is a busy time of year for scammers of all kinds as people buy presents, food for visitors, decorations, more food and drink than usual and much more.

Pre and post Christmas discount sales are likely to push the market into overdrive even with Coronavirus still around.

Fake Online Shops

Scammers set up fake website shops offering whatever products are most popular. They usually copy the sales text and pictures from genuine websites to make their site look real, but if you buy then you’re unlikely to get anything and you will lose the money. Often they will also sell your credit card details to other scammers.

Always make sure you‘re on a genuine company website before buying anything.


Christmas brings lots of e-cards – likely to be even more than usual in Coronavirus days. Fake notifications for e-cards are a common means by which scammers trick you into clicking on a link that can lead to malware being installed on your computer without your knowledge.

Even if the card appears to come from a reputable organisation such as Hallmark – be very careful.

To be sure, if a card is genuine,. You need to go to the apparent sender’s website e.g. and see if there is a card waiting for you.

If there’s no card waiting for you, the email you got was sent by a scammer.

Phishing Scams

These are very common and take many forms – the essential part of a phishing scam is to get you to provide your login and password for some reason and once the scammer has that information they can take control of that account and any others where you use the same login and password.

Unsolicited emails that tell you to click a link are always dodgy – so be careful.

If the message tells you there is a problem of some kind e.g. your account has been compromised or that you have won a prize then contact the relevant organisation directly – not via information in the message.

Never click a link in an unsolicited message until you are sure it is safe.

Charity Scams.

Many charities are struggling this year as lock downs have reduced their fund raising dramatically and they need all of the help they can get. However, scammers continue to invent fake charities or use the names of genuine charities and keep the money for themselves.

They may claim celebrity endorsement or official recognition or anything to make themselves believable.

If you want to donate to charity then donate in person or go to the correct website directly – do not click on links in messages.

If you’ve enjoyed this post or found it useful then do share – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

Are Christmas Hampers Worth It?

Emails are turning up offering Christmas Hampers and of course TV adverts and you see them in the supermarkets and department stores.

There has been a lot of publicity in recent years about how the contents of a typical store hamper can be bought much cheaper separately so it’s more difficult than previously for the big supermarkets in particular to get away with exorbitant prices.

Money Supermarket looked at a Waitrose Cracker Hamper and found

– Italia Collezione Prosecco Brut 750ml ( £11.99)
– Buiteman Parmigiano Reggiano Biscuits 75g ( £11.51)
– Linden Lady Handmade Luxury Chocolates x 15 ( £6.99)
– Linden Lady Handmade Toasted Coconut Marshmallows 125g ( £3.49)
– Maxwell & Franks Christmas Pudding with Cider 454g ( £3.74)
– The Original Cake Company Round Top Iced Fruit Cake

– 6 Waitrose All Butter Mince Pies ( £2.50)

Total cost bought separately £59.09 or £100 as a Waitrose hamper. That was in 2013 and things have improved since then.

Bargain supermarket Aldi got into hampers a few years ago and theirs sell from £29.99 to £99.99.

Bargain supermarket Lidl don’t ye do Christmas hampers.

The makers of hampers point out that you also get the hamper and the benefit of someone having chosen the items and packed them for you. However, the actual hamper baskets are quite cheap on Amazon so you can make your own.

The days of huge sales of hampers at Christmas seems to have gone, especially since the largest of the monthly savings hamper clubs Farepak went bust 4 years ago.

Are Hampers worth the money?

If you’re buying as a gift for someone then maybe it makes sense to pay significantly more than the value of the contents. But if you’re buying for your family – then It depends on

how much you like the actual hamper box it comes in and how much you like someone picking the items on your behalf.

Basically it’s usually much cheaper to buy the items separately and if you want a hamper basket to put them in then buy one on Amazon or eBay and fill it yourself.

Don’t be taken in by the emails – check the cost of the contents for yourself.

Aldi £30 hamper contains £27 worth of goods plus the gift box.

Aldi £100 hamper contains £83 worth of contents plus the hamper basket

Do leave a comment on this post – click on the post title then scroll down to leave your comment

Fightback Ninja Signature

How Accidental Data Leaks Happen

It’s easy to assume that all data breaches are the result of criminal activity, but that’s far from true.

A study of data from 2016/17 showed that 92% of security data incidents and 84% of confirmed data breaches were due to accidents or mistakes.

Here are the most common problems leading to leaks of data:

1. Expired Security Certificates

These certificates are an essential component in protecting systems and Equifax found out the hard way in 2017 when hackers accessed huge amounts of confidential data through an expired certificate. This data included 143 million records exposed containing names, addresses, dates of birth, Social Security numbers, and driver license numbers.

The data was stolen by hackers who exposed a vulnerability in Equifax’s web servers. If the relevant security certificates had been updated as they should have been – the hackers couldn’t have used that way in.

2. Unsecured Third Party Vendors

Many websites and complex systems are a mix of the owner’s software plus a variety of third party plugins, addons and linked external services. As in any other part of life – the weakest link determines the safety level of the whole system. If the 3rd parties aren’t adequately secured then the whole system becomes vulnerable.

3. Poor Email Security

Most hackers still gain access through phishing – that is sending out emails that attract people to respond in some way that gives the hackers the information they need to access systems. Maybe it’s through a fake quiz that requires a login and password or an offer of a gift token etc.

Or could just be that people haven’t learned the need to use passwords that are unguessable and not to write them down by their desk.

A company named Nightfall protects systems data and they have created the following article to explain in more detail how accidental data leaks can happen:

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature

Protect Email Addresses on Websites

To build up lists of email addresses that can be sold to spammers and scammers, hackers run software that scans websites and looks for email addresses.

This is called email harvesting and is done on a huge scale.

The hackers typically scan websites, mailing lists, internet forums, social media platforms and anywhere else they can find email addresses online.

The characteristic format for an email address is so it is simple for email harvesters to read web pages and look for the @ symbol as it seldom occurs anywhere on webpages except in an email address.

The harvesters can also check for unusual variations on that theme e.g. User[at] or User[AT]domain[DOT]com

How to Protect Email Addresses

There are a series of steps you can take to protect any email addresses on your website from being harvested. These range from the simple to seriously complex and which method you should use depends on how much of a problem you have with harvesting.

Method 1 – Replacing the email address with a picture showing the email address

Method 2 – Separate the Email Address From the Website

The email address can be in a redirect statement

Method 3 – Mask the Email Address

This can be done by using HTML encoding e.g. using @ replaces the @ sign.

All characters can be encoded in this manner which makes the address difficult for the harvesters to find.

Method 4 – Use Javascript

The address can be divided into several parts that are dynamically composed by the browser when the website is called up.

Method 5 – Use a Captcha

A CAPTCHA is a type of challenge–response test you can add to a website page to ensure it is being read by a person not by software.

These have become very common on many websites so most people are used to them now.

Method 6 – Use a Contact Form

Instead of posting an e-mail address on a web page, create a contact form. This can capture more information in a structured manner from the user and lets you hide the email address in a separate script file.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature