There are endless scams, but they typically fall into a set of categories which determine how and who you can report them to.

Below is the information relating to the UK, but you will need to seek out the relevant contacts if you are in another country.

If you have transferred money to the scammer in the last 24 hours, tell the police immediately by calling 101 or report online at www.police.uk/pu/contact-the-police/report-a-crime-incident/.

Generally, the Police prefer non immediate scams to be reported to Action Fraud on 0300 123 2040 or online at https://reporting.actionfraud.police.uk

1.         Report an online scam

This is any scam that uses social media, email or websites.

To report a scam email – forward the message to [email protected].

You should report an online scam advert to the Advertising Standards Authority (ASA) at www.asa.org.uk/make-a-complaint/report-an-online-scam-ad.html

You can also report a scam advert to the website where you saw it.

If the scam involves financial services – cryptocurrency, investments, insurance or pensions, report it to the Financial Conduct Authority at  www.fca.org.uk/consumers/report-scam-unauthorised-firm

If you think you’ve been scammed into transferring your pension, contact your pension provider immediately. Then get in touch with The Pensions Advisory Service at www.pensionsadvisoryservice.org.uk/contacting-us

Identity Theft – contact the real company or person to let them know their name is being falsely used.

Any scam using the name HMRC should be reported to them at www.gov.uk/report-suspicious-emails-websites-phishing/report-hmrc-phishing-emails-texts-and-phone-call-scams

2.         Reporting an offline scam

This is usually postal or door-to-door scams and can include telephone and text message scams.

You can report these scams to Citizens Advice Bureau at

www.citizensadvice.org.uk/consumer/get-more-help/report-to-trading-standards/

Trading Standards gathers information about scams so they can take legal action against scammers.

3. Royal Mail

Royal Mail investigates postal scams. If you’ve received something in the post you think is a scam, download the scam mail report form at https://personal.help.royalmail.com/app/answers/detail/a_id/303

Then send the scam mail and the report to ‘Freepost Scam Mail’ or you can call Royal Mail and ask for a pre-paid envelope and the form. You can just email Royal Mail if appropriate.

Email: [email protected]
Telephone: 0800 011 3466

4 Action Fraud

Action Fraud collect scam reports and collate the data and where relevant give the information to the Police or other authorities to follow-up on criminal behaviour.

They can get the National Fraud Intelligence Bureau to investigate some scams. They’ll also give you a crime reference number, which can be helpful if you need to tell your bank you’ve been scammed.

It’s quickest to report a scam to Action Fraud online at www.actionfraud.police.uk/reporting-fraud-and-cyber-crime  but you can also report the scam by phone on 0300 123 2040

The UK government has assorted plans to do with beefing up cyber resilience as businesses and other organisations across the country increasingly come under attack from hackers.

The government’s creation of local centres for cyber resilience is progressing well.

The Cyber Resilience Centre for the South East (SECRC) is part of the national roll out of Cyber Resilience Centres in the UK which began in 2019.

Lead by Policing, and facilitated by Business Resilience International Management (BRIM), they say that they have followed a structured modular programme based on a highly successful model that had previously been established for over 9 years in Scotland.

They work in structured partnership with regional Policing, Academia, Businesses, Third and Public Sector organisations through a variety of ways:

1. Security Awareness Training

This is focused on those with little or no cyber security or technical knowledge

2. Corporate Internet Investigation

This service may be used to learn what is being said on the internet about an organisation, what information employees are releasing, or if there are any damaging news stories, social media posts or associations.

3. Individual Internet Investigation

These investigations gather information that can be used to support pre-employment checks, to manage potential threats to a Director of an organisation or their families, or to understand more about a specific person of interest.

4. Remote Vulnerability Assessment

These assessments focus on identifying weaknesses in the way your organisation connects to the internet. Service reporting will provide a plain language interpretation of the results and how any vulnerabilities might be used by an attacker, as well as simple instructions on how any vulnerabilities might be fixed.

5. Internal Vulnerability Assessment

The assessment will scan and review your internal networks and systems looking for weaknesses such as poorly maintained or designed systems, insecure Wi-Fi networks, insecure access controls, or opportunities to access and steal sensitive data.

6. Web App Vulnerability Assessment

This service assesses your website and web services for weaknesses. The service reporting will describe in plain language, what each weakness means to your business and the risks associated with each. Service reporting will include plans and guidance on how to fix those weaknesses.

7. Security Policy Review

This is a review of your current security policy, how it is written and how it is implemented.

8. Cyber Business Continuity Review

This service offers a review of your business continuity planning and the resilience of your organisation to cyber-attacks such as ransomware or when attackers take control of your core systems.

https://www.secrc.co.uk/contact-us  is the south east SERCR

There are equivalent centres in other regions of the country.

​If you have any experiences with this do let me know, by email.

New Strong Customer Authentication (SCA) regulations will add an extra layer of security at online checkout making it safer to shop online. This was proposed in 2019 and became law in the UK from September 2021.

As fraud levels in digital payments have risen in Europe, new regulations have followed. Strong Customer Authentication (SCA) has become a key piece of the EU’s Revised Payment Services Directive (PSD2) required by merchants.

PSD2 introduced the concept of Strong Customer Authentication (SCA). The idea is simple: 2 out of 3 elements need to be checked during authentication.

As a customer, this means asked to identify yourself by another means as well as the payment card details e.g. through a passcode sent to your smart phone.

This may become an annoying delay at times but it is to protect your accounts from criminals.

The goals of PSD2

• Make the European payments market more integrated and efficient
• Improve the level playing field for payment service providers (including new players)
• Make payments safer and more secure
• Protect consumers from fraud

Strong customer authentication demands multi-factor authentication on all payer-initiated payments including at least two of the below methods.

• Something you know g. pin or password
• Something you have g. phone or device
• Something you are e.g. facial scan or fingerprint

If you have any experiences with this new system do let me know, by email.

Microsoft’s Digital Crimes Unit (DCU) is an international team of technical, legal and business experts that has been fighting cybercrime to protect victims since 2008.

They use their expertise with online criminal networks to uncover evidence to pass onto the appropriate law enforcement agencies throughout the world. They can also disrupt the operational infrastructure used by cybercriminals, through civil legal actions and sometimes by technical means.

DCU has developed strong relationships with local and global law enforcement, security firms, researchers, NGOs and customers to drive scale and fight cybercrime. They also use the evidence they collect to help with the development of technical countermeasures to strengthen the security and safety of Microsoft’s products and services.

Areas of Focus

1. Tech Support Fraud. These scams are very common as the criminals involved operate this scam on an industrial scale. DCU use data analytics and direct customer complaints to investigate criminal networks engaged in tech support fraud.
2. Business Email Compromise (BEC). This is where criminals impersonate key people in an organisation e.g. the Finance Director to get an employee to transfer funds to the criminals. BEC is one of the most prolific and costly cybercrime attacks in the world today. According to a 2020 FBI report, BEC attacks were responsible for $1.8B in losses and represent more than 40% of all cybercrime losses.
3. In 2020, the DCU secured court orders to block malicious web applications targeting business organizations, directed the removal of 744,980 phishing URLs resulting in the closure of 3,546 malicious email accounts used to collect stolen customer credentials obtained through successful phishing attacks.
4. This is a wide area of criminal activity and DCU focus on identifying and disrupting these criminal activities.
5. DCU focus on payment systems and disruption of the criminal infrastructure behind these attacks.
6. Business Operations Integrity. This means supply chains and all systems infrastructure that can be attacked by criminals.

Keep up the good work DCU.

If you have any experiences with these scams do let me know, by email.