Protecting yourself and your business from online scams should always be a top priority. Here’s how to sort the fact from the fiction.
Debbie Shields | Communications Manager
According to figures published by the BBC late last year, internet scam artists are tricking their victims out of more than £3 million every single day, with fraud cases rising by 16% in the first half of 2024.
Nobody is immune to fraud, although a recent international report found that people aged 35-44 were most likely to fall victim. Furthermore, younger people were more likely (20%) to be a victim of fraud than the 65+ cohort (18%).
But what does online fraud actually look like? And how can we recognise the signs?
Common types of fraud
There are so many different types of scams that it’s impossible to list them all here, so we’ve just listed a few of the most common types, as well as one type of scam that is growing in sophistication with the advent of AI.
Authorised push payment (APP) fraud
Authorised push payment (APP) fraud is one of the fastest growing scams of recent years. It involves a fraudster tricking their victim into willingly transferring money to a bank account they control by posing as a legitimate organisation or individual. They might pose as a service provider, an investment manager, a romantic partner or even a friend or family member.
This is a type of scam that has sadly come to our attention of late, with our certified businesses reporting that they have received fraudulent emails purporting to be from NICEIC. These emails will usually request payment of their assessment fee or other costs, claiming that our bank account details have changed.
How to spot it:
Telephone scams
The UK has Europe’s highest rate of fraudulent calls at 9.3%, with scammers impersonating a wide range of individuals and companies. Common examples involve:
How to spot it:
Telephone scams can be quite difficult to spot, with fraudsters using increasingly sophisticated technology to trick their victims into believing they’re the real deal. So, here are a few things to bear in mind to ensure you avoid losing money to telephone scams.
Deepfake scams
The rise of AI has given rise to a whole new type of fraud in recent years. Deepfake technology enables criminals to convincingly impersonate people’s voices and appearance, thereby tricking their victims into believing that they are speaking with somebody they know and trust. Only last year, a Hong Kong employee was convinced to send £20 million to criminals, believing he was on a video call with senior staff at engineering firm Arup.
Whilst this kind of trickery isn’t yet a day-to-day occurrence, the possibilities for the future are quite scary indeed.
How to spot it:
How to spot a genuine communication from NICEIC
Any official communication you receive from NICEIC will come from one of these email domains:
Any other email domain should be treated with suspicion. Do not trust domains such as @internet.ru or @vk.com – these are not from NICEIC.
A few last tips:
Nobody is immune to fraud, although a recent international report found that people aged 35-44 were most likely to fall victim. Furthermore, younger people were more likely (20%) to be a victim of fraud than the 65+ cohort (18%).
But what does online fraud actually look like? And how can we recognise the signs?
Common types of fraud
There are so many different types of scams that it’s impossible to list them all here, so we’ve just listed a few of the most common types, as well as one type of scam that is growing in sophistication with the advent of AI.
Authorised push payment (APP) fraud
Authorised push payment (APP) fraud is one of the fastest growing scams of recent years. It involves a fraudster tricking their victim into willingly transferring money to a bank account they control by posing as a legitimate organisation or individual. They might pose as a service provider, an investment manager, a romantic partner or even a friend or family member.
This is a type of scam that has sadly come to our attention of late, with our certified businesses reporting that they have received fraudulent emails purporting to be from NICEIC. These emails will usually request payment of their assessment fee or other costs, claiming that our bank account details have changed.
How to spot it:
- Does the communication come from an email address or mobile number you recognise? If not, be on your guard and check with the individual or company to ensure the communication is legitimate. Don’t do this by replying directly to an email or calling a number listed in the communication – get the contact details by visiting the company’s official website.
- Does the communication request you to pay into a different bank account than normal? Companies very rarely change their payment details and, if they do, they won’t notify you in an email or text! Always check with an independently verified source that the payment details you have are correct.
- Is there a sense of urgency? This is a common scamming technique, as panic prevents us from thinking logically about these kinds of situations. Always take the time to consult with somebody you trust before acting.
Phishing scams
Similarly to APP fraud, phishing communications usually purport to be from a legitimate company and are usually designed to imitate that company’s branding. Instead of getting you to make a payment directly, however, a phishing scam will try to trick you into revealing sensitive information (such as passwords, bank account details and one-time passcodes) so that they can steal money from you or sell on your information.
They will often try to get you to click on a dodgy link or respond with personal information.
How to spot it:
- Are there spelling and/or terminology mistakes you wouldn’t usually expect from this sender? Scam communications are more likely to contain mistakes or use terminology that you might not normally expect from that organisation. For example, NICEIC will never refer to your certification as a ‘membership’. Don’t rely on this to spot a scam, though – AI tools like ChatGPT have made it much easier for scammers to write professional sounding emails.
- Does the communication use a generic greeting where you would expect it to be personalised? Openers like “Dear valued customer” or “Dear sir or madam” can be a red flag if you usually receive communications personalised with your name and/or other details.
- Does it encourage you to share sensitive information by clicking on a link or calling a number? Legitimate organisations will very rarely ask you to update your personal information or share bank details or one-time passwords via email, so be on your guard and if in doubt, contact the organisation separately to check.
Telephone scams
The UK has Europe’s highest rate of fraudulent calls at 9.3%, with scammers impersonating a wide range of individuals and companies. Common examples involve:
- Tech support scams, where the fraudster claims that your computer has a virus and requests money to fix the issue or asks for remote access to your PC.
- Lottery or prize scams, where victims are told they have won a prize but must make a payment or hand over personal details in order to claim it.
- HMRC scams, which may (for example) trick victims into believing they are owed a tax rebate and ask them to supply their bank details so they can receive the windfall.
- Investment scams, where the scammer will convince their victim to put their money into a phoney investment opportunity (usually promising higher-than-usual or guaranteed returns).
How to spot it:
Telephone scams can be quite difficult to spot, with fraudsters using increasingly sophisticated technology to trick their victims into believing they’re the real deal. So, here are a few things to bear in mind to ensure you avoid losing money to telephone scams.
- Watch out for phone number spoofing – scammers can actually screen the call to make it seem like it’s coming from the company’s legitimate phone number. It’s always best to hang up the phone and call the company back using a number listed on their official website.
- Don’t call back on the same phone – some scammers have access to technology that keeps your phone line open even after you’ve hung up. So, if you’ve received a call on your landline, hang up and call back on your mobile – otherwise you could be reconnected to the fraudsters without even realising it.
- Register with the Telephone Preference Service (TPS) – this stops legitimate companies from cold-calling you, so you’ll know it’s a scam if you get a cold call after registering.
Deepfake scams
The rise of AI has given rise to a whole new type of fraud in recent years. Deepfake technology enables criminals to convincingly impersonate people’s voices and appearance, thereby tricking their victims into believing that they are speaking with somebody they know and trust. Only last year, a Hong Kong employee was convinced to send £20 million to criminals, believing he was on a video call with senior staff at engineering firm Arup.
Whilst this kind of trickery isn’t yet a day-to-day occurrence, the possibilities for the future are quite scary indeed.
How to spot it:
- Uneven quality, glitches or other inconsistencies – background distortions, blurring, glitchy movements and a disconnect between the person’s speech and their lip movements can all be signs of a deepfake. However, with AI growing ever more sophisticated, this can’t always be relied on.
- Is the person saying things or using mannerisms they wouldn’t usually? If a deepfake is impersonating someone you know, think critically – are they saying things that aren’t like them? Do their mannerisms feel off or unusual.
- Are there any other signs of a scam? For example, instilling a sense of urgency, requesting a payment or asking for sensitive information? Even if you can’t trust your eyes, trust your emotions and proceed with caution if a conversation is making you feel uneasy.
How to spot a genuine communication from NICEIC
Any official communication you receive from NICEIC will come from one of these email domains:
- @niceic.com
- @certsure.com
- @e-certsure.com
- @service.e-certsure.com
Any other email domain should be treated with suspicion. Do not trust domains such as @internet.ru or @vk.com – these are not from NICEIC.
A few last tips:
- We will never refer to your certification as a ‘membership’.
- We have not updated our banking details or methods of receiving payments.
