British consumers were scammed into a record £ 479million last year, according to banking organization UK Finance, with a 5% annual increase in money lost by customers that unintentionally sanction payments to criminals.
This included a 94 percent increase in ‘identity theft scams’ where criminals posing as trusted organizations, including the NHS and Royal Mail, swindled customers out of nearly £ 97million.
However, police figures show that of the more than 350,000 frauds reported to Action Fraud’s national helpline last year – with an estimated cost of £ 2.1bn – only 5,101 breaches resulted in to prosecutions, down nearly 34% from the court count the year before.
“We need to arrest more people. We need to prosecute more gangs. Criminals need to think twice before sending these messages because they know they could be arrested, ”Biggar said. “We need to recognize the effect this activity is starting to have on the country. It reduces confidence in our digital economy.
“The point is, we don’t have enough law enforcement people dealing with fraud. That’s over 30% of reported crimes, but less than 1% of police and law enforcement agencies are dedicated to it. These numbers must change. ”
The NCA and its partners, including National Cyber Security (NCSC), have been successful, with more than 36,000 separate scams removed from 71,000 web pages. Hundreds of UK phone numbers implicated in scams have been closed over the past six months, a source said.
“We also need to get better with the tech industry and the phone companies to try to block this activity,” Biggar said. “Of course, it would be great if we could find better ways to stop it at the source.
“I think as we work on ways to disrupt, it’s really important that the public can spot the calls and texts that are coming in. For a while, this will certainly be more and more a part of modern life. the country and the world are on the move, it is really important that we are more aware of that – now. ”
Revealed: Scammers Buy Fake Web Addresses From US Tech Firm
When the text message is flashing, the wording is almost always the same. ‘Royal Mail: Your package has a shipping charge of £ 2.99’, the message read, with a link to the website for ‘pay this now’. “Your package will be returned if the charges are not paid. ”
This is a scam attempt that has reportedly been sent to millions of phones across the UK in recent weeks. The Royal Mail scam is the only latest – scammers have posed as other trusted organizations during the pandemic, including the NHS, Halifax Bank and HMRC. Many victims unhappy enough to click on the bogus links ended up handing over their savings.
But responsible cybercriminals don’t lure victims to a remote corner of the dark web, as you might expect. Instead, a Telegraph investigation found that Royal Mail scammers were buying their fake web addresses from a large US tech company before paying the same company – Namecheap.com – to host their bogus websites.
Namecheap charges around £ 25 per year to host each website, with a domain name costing around £ 7 depending on its extension, like .com or .co.uk. The company claims that it removes all websites confirmed to be a scam and cancels or refunds any payments.
An instant scan last week revealed that Namecheap appeared to host more than 200 sites used by scammers to pretend to be Royal Mail and steal bank details. Criminals have bought domain names such as ‘royalmailbill’ or ‘royalmail-redirect.me’ which appear legitimate, faked with the Royal Mail branding and an invitation to ‘re-deliver payment’.
Once someone enters their contact details on the Namecheap site, the information is sent directly to the gang. Later, perhaps the next day, the victim will receive a phone call – apparently from his bank – telling him that there has been unauthorized access and asking him to transfer his money to a new account. The money is never seen again.
“We need all the providers hosting these sites to do more”
Namecheap, based in Phoenix, Arizona, is one of the largest domain name providers in the world. Mr Biggar confirmed that UK investigators were in regular contact with the company to try to remove the fraudulent pages, but with varying success.
“It is absolutely true that Namecheap can do more. We need all the providers hosting these sites to do more, ”he told The Telegraph. “We ask them to go through them very quickly, but their responses can be sporadic. Sometimes fast, sometimes slower. ”
Mr Biggar’s biggest frustration, however, is that Namecheap cannot or will not provide information that could lead the UK authorities to their careers.
“These companies just don’t seem to know who their customers are,” he said. “Over the years, banks have gotten better at knowing who their customers are by doing the right kinds of checks. We would like organizations like Namecheap to do more on their own. Or even Google. If they have done their due diligence, they could provide us with more useful information. ”
Namecheap has already drawn attention in the United States to the number of fraudsters apparently using its services to lure victims.
Last March, Facebook took legal action against Namecheap, claiming the company had refused to cooperate with an investigation of dozens of malicious sites, while in the same month Letitia James, the New York attorney general, wrote a open letter to six domain name companies. including Namecheap, urging them to redouble their efforts to keep scammers away from their platforms.
But Namecheap founder and CEO Richard Kirkendall wrote online earlier this month that he was hesitant to use automated tools to find impostor websites because “false positives hurt too many innocent customers.”
“We have lost $ 8 million over the past five years to tackle this problem,” Kirkendall said on Twitter. “We are not the Gestapo. We are not going to spy on and invade the privacy of all of our customers in advance. Add to that, tens of thousands of domains are registered with us every day. Less than 1% of users turn out to be abusive. ”