We’d all like to think we could spot a scam a mile off, right?
Well, some scams are a little less obvious…
At times like this when some people are vulnerable, and with everything that’s going on, you’d like to think that fraudsters are less active. Unfortunately they never rest, and as a result neither do we.
We care about what you care about and we’ll help you protect what you hold dear. We’ve put together some information to keep you up to date with what you need to know to stay safe.
How to know who you're dealing with
Here's what to look out for
When you take out a policy or make a claim with LV=, we have to ask questions, take personal information and sometimes, process a payment.
To help you stay vigilant, here’s how you can be sure you’re talking to LV=, and some red flags to watch out for:
- We’ll never ask for your payment card PIN when processing any payment. When we speak to you, we’ll tell you we’re calling from LV= Insurance. We’ll never say we’re calling “on behalf of LV=”.
- If you’re unsure who you’re talking to, ask them to repeat where they’re calling from
- We’ll never appoint a claims management company (CMC) to look after your motor claim
- We’ll never send you an email or text you a link asking you to pay for something or asking you to change or verify your personal details
- We won’t ever call you from an overseas number
- We won’t ask you to reset any passwords via an email link
- We’ll never ask you to pay a fee for our services. You only need to pay the premium for your policy and any excess if you make a claim
- We’ll never ask you to pay us by a direct bank transfer
- LV= does not sell your information. If you’re told, “we got your details from your insurance company”, this is false. The only time this would occur is if one our suppliers needed to get in touch and we’ve told you to expect their call
- If you make a claim, we’ll never send people to your home without first telling you who they are and what they need to do
- When verifying your identity on the phone, we’ll never ask for your bank details, the bank you use or any account numbers
- LV= will never ask you for sensitive information such as your race, sexuality or gender to verify your identity. We only ever need to know information like your name, address and date of birth or car registration number
- We’ll never instruct a solicitor or other legal representative to act on your behalf unless we've told you first and explained why we’re doing it
- We won’t send you a letter or email that starts Dear Sir/Madam. If you’re a customer, we’ll know your name and use it on every correspondence
- We’ll never phone you to ask you for your policy or claim number. We’ll only ask for it if you call us so we can find your details
- If we need your bank details so we can pay your claim or send a refund, we’ll call you or message you asking you to call us. We’ll take the details over the phone, never by text or email
- We’ll never ask for your 16 digit bank card number if we’re making a payment to you
- Any calls or voicemails from us will always come from a human. We do not use any robotic recordings for any of our messages
- Following a motor accident claim, LV= will never tell you we need to wait for an admission of liability from the other insurer before we settle your claim
If you’re ever in doubt that you’re talking to someone from LV=, it’s best to hang up and check your documents for the correct number, or head to our contact us page.
Scams to look out for
As tempting as it is to hop on the Crypto investment wave at the moment, it's really important you stay wary of scams.
For example, we’ve been made aware of an email fraud campaign in which fraudsters are swindling victims out of bitcoin by tempting them with a substantial amount of tax-free cryptocurrency.
They’re offering access to hundreds of thousands of pounds worth of cryptocurrency from an already established account on the platform. The only condition to cash out is that the victim must first deposit some bitcoin into their account on the platform. As soon as a victim logs in, they're asked to change the password and add a recovery phone number.
Victims also get an automated call to complete the "security" procedure, tempted by the promise of a considerable amount of cryptocurrency. But in order to actually extract the cash, the victim first needs to deposit some Bitcoin to the platform, which is the point of the scheme.
Crypto assets have become particularly popular over the past 18 months, with over 12,000 crypto assets and 400 exchanges available. And with this ever-increasing popularity, Crypto has becomes a key lure for criminals to attract people’s investment. In this example, the perpetrators have created a sophisticated method – they not only send a phishing email, but they also send the victim to a fake site which seems legitimate due to the multi-factor authentication.
We've been told that there were over 400 reports in just two days of the scam. Victims are reporting losses of up to £200,000 each after following links on AOL, MSN, Yahoo and Facebook. In many cases, the fake adverts are convincingly designed to look like pages from the BBC or Mirror websites. Action Fraud have reported that fraudsters are using fake news stories, fake websites and fake celebrity endorsements to promote bitcoin investment scams. The links in the emails lead to websites that are designed to steal your personal and financial information.
Make sure you do your research before investing or using an unregulated exchange and only use well known and trusted sources.
- Holiday bookings
We're all super excited to get travelling again. But holiday bookings are susceptible to scams. We’ve been told about scams involving fake caravans and motorhomes for sale and luxury apartment rentals, as criminals take advantage of our uncertainty around COVID-19 travel restrictions and cancellations.
Scammers have become very good at faking ads, texts, websites and emails from trusted companies like airlines, travel agencies and banks, and some will even call you to discuss their ‘offers’. The prices are low and seem attractive, but as often is the case, sometimes these offers are too good to be true.
Do your research before buying a holiday home or a break away online or over the phone. Do a direct search for the company’s website or call them using a legitimate contact number to discuss the offer. If it’s for a new caravan or motorhome, ask them to show it to you over a video call if you can’t see them in person. Use a secure payment method like PayPal or a credit card, and avoid paying by direct bank transfer.
Fake ‘Competitions’ on Social Media
We’re aware that there is still a problem with ‘competitions’ on social media platforms offering you the chance to win a luxury lodge or holiday apartment. If it seems too good to be true, it probably is. The intention is to get you to like, share and comment on the post which can then open up opportunities to gather more of your personal information that will then be used in fraudulent activity.
NHS COVID-19 vaccine passport scam sent to holidaymakers
The Chartered Trading Standards Institute (CTSI) has been made aware of a phoney email clad in NHS branding, informing the recipient that they can apply for a digital vaccine passport. The message claims that the so-called “Coronavirus Digital Passport” proves that you have been vaccinated against COVID-19 and “, allowing you to travel safely and freely around the world without having to self-isolate. The email message links to a website built to look like an official NHS platform that asks the recipient to provide personal details, which could be used to commit identity fraud.
Buyers may be left with insurance that doesn’t provide adequate cover or even no insurance at all, and may also have their personal details sold on for fraudulent means in the process.
If you’re contacted via social media with an offer of reduced insurance or another service, you should contact the company allegedly offering the deal directly and double check the details of any schemes they may be offering to NHS workers.
LV= is investigating five scam HMRC reimbursement emails posing to be from LV= claims correspondence. The emails include a genuine LV= claim reference.
The aim is for the email recipient to click the links and add personal data to help process their ‘refund’. All the emails have the same elements:
A claim number in the LV= format
They are from email addresses with the domain ‘.jp’
All feature the same transaction numbers and reimbursement amount
They have all been sent to @hotmail.co.uk email addresses
If you receive an email like this, it is not related to LV=. We’re investigating the matter. We want to reassure you that your data is safe and we’ve not passed your details to anyone who is not directly related to your policy or a claim that you might have had. Please DO NOT respond to the email and DO NOT click any links. Delete the email or forward it to us at [email protected].
We’re also aware of a very similar email telling people they are due a Council Tax refund. They claim to be from the Department of Work and Pensions and try to gather your personal information. If you’re unsure about an email you’ve received, call your local Council Tax office and DO NOT enter any personal information via any links within the email.
The latest scam campaign focuses on self-employed professionals who may be receiving assistance through the government’s Self-Employment Income Support Scheme. You receive a text messages about your eligibility for a tax refund. Clicking the link in the text takes you to a very realistic page with full HMRC branding and asks for your personal details and your government gateway log-in details to calculate your supposed refund. After calculating the fake refund amount, it asks you for your bank details so they can send the money, but it also asks for your passport number for ‘verification’ purposes.
The HMRC will never contact you by text to tell you about any refund that you’re due. If you are unsure, contact the HMRC directly using a trusted telephone number.
Homeworking WebEx and Zoom scam emails
With many of us working from home and having virtual meetings via WebEx or Zoom, fraudsters have been targeting some users by sending genuine looking emails that contain harmful links. Some ask the user to sign in via a link or they will lose access to the platform, while others pose as Zoom notifications that take the user to a fake Microsoft login page with the name of the user’s organization and "Zoom" above the sign-in location. The purpose is to obtain personal, financial information and homeworker login details.
There are also fake links to install Zoom that can download harmful malware on your computer. Only download the system from a legitimate source.
If you receive emails like this, test the platform to check it’s working correctly and contact your IT department for advice.
Office 365 Phishing Attacks Use Fake Zoom Suspension Alerts
Microsoft Office 365 users are being targeted by a new phishing campaign using fake Zoom notifications warning you that your Zoom account has been suspended. The end goal is to steal Office 365 logins. This new scam has been sent to over 50,000 mailboxes. Do not click the links within this email as they’re malicious and will ask for your credentials. Your information is then most likely to be used to facilitate identity theft and schemes such as Business Email Compromise (BEC) attacks. The emails are signed off with "Happy Zooming!" at the end of the email.
Scammers targeting homeworkers via Zoom
Zoom has become an integral part of our lives, allowing us to socialise with our friends at the drop of a hat. Unfortunately, cyber criminals are taking advantage of this.
You may receive a scam email claiming to be from “Zoom Mail” tells you that a “Zoom voicemail” has been received and you should call a number to get the message. The number is a premium rate number and charges £6 a minute plus the standard network rate.
Another email then comes through pretending to be a Zoom conference call invitation and asks you to click a link to “review invitation”. The link then leads to a fake login page, which asks you to put in your username and password, sending the information to fraudsters.
Zoom phishing attacks remain very prevalent due to the huge number of people now using the platform, so be very cautious and only click links in these emails if you’re 100% sure they’re genuinely from Zoom.
Fake Google Chrome Android app
A new Android malware that impersonates the Google Chrome app has spread to hundreds of thousands of people. It starts with a text message that asks you to take action so that a parcel can be delivered to you. This may be referred to as a “custom fee”. If you click the link a message comes up asking you to update the Google Chrome app. After the supposed “update” victims are asked to pay a small fee which enables the attacker to harvest credit-card details. The fake Chrome app is used as a propagation method and once installed, it sends more than 2,000 SMS messages per week from infected devices.
Mobile Phone Upgrade Scam
We’ve also been told about a scam where consumers are being cold called by people impersonating their mobile phone provider.
Victims are offered early upgrades or even new contracts at significant discounts. Once customers have been convinced that the deals are genuine and agree to proceed, the fraudster then asks for their online mobile account credentials, including log-ins, address and bank account details.
The fraudster then places orders with genuine companies on behalf of the victims, but they’ll select a different handset to the one requested and have it shipped to the customer’s address.
Upon receipt, fraudsters assure victims that this has been an error and instructs them to ‘return’ the handset to a different address not affiliated to the mobile company. These addresses are usually residential.
After intercepting the ‘returned’ handsets, the fraudsters cut all contact, leaving victims with no phone and liable for an entire new contract taken out in their name.
The NFIB have received over 300 reports of this fraud with reported losses in excess of £86,000
If you’re unsure that the person calling you is an official representative of the company they claim to be from, hang up and do not reveal any personal information.
Only contact your mobile network provider on a number you know to be correct. For example, 191 for Vodafone customers, 150 for EE customers, 333 for Three customers, 202 for O2 customers, 4455 for Tesco Mobile, 789 for Virgin Mobile and 150 for Sky Mobile.
If you receive a device that you did not order or expect, contact the genuine sender immediately. The details for this will be within the parcel. And remember, NEVER post a device directly to an address. All genuine Mobile Network Operators would send out a jiffy bag for you to return without you incurring additional cost.
Warning about scam calls from “matching” mobile phone numbers
The National Fraud Intelligence Bureau (NFIB) is warning the public to be vigilant of scam calls that appear to be coming from numbers similar to their own. Commonly, the first seven digits (07nnnnn) match the victim’s own number. The calls impersonate well-known government organisations or law enforcement agencies, and will ask the recipient of the call to “press 1” to speak with an advisor, or police officer, about unpaid fines or police warrants.
Action Fraud received 2,110 scam call reports where the caller’s number matched the first seven digits of the victim’s own phone number. Of these, 1,426 (68 per cent) referred to HMRC or National Insurance.
SOVA: New Android Banking Trojan
A mix of banking applications, cryptocurrency wallets, and shopping apps from the U.S. and Spain are the target of a newly discovered Android trojan that enables attackers to extract personal details from infected devices, including banking credentials, and open the door for on-device fraud.
Dubbed S.O.V.A., it comes with features that steal credentials and session cookies through web overlay attacks, log keystrokes, hide notifications, and manipulate other aspects of your phone or tablet. It can deploy ransomware, and even intercept two-factor authentication codes.
Although this trojan has predominantly targeted apps in the US and Spain, the UK is highlighted as the second most targeted area. It’s a real threat to mobile banking, and since almost all of us rely on these services nowadays, the door is open for widespread abuse.
Only download app to your device from trusted sources such as the Google Play Store or the Apple App Store, and to only download apps from trusted developers.
We’re also aware that some people have received emails “about the job”. The email has an attachment pretending to be an application form or a CV. The attachment is usually a Microsoft Excel file, and when opened it asks the person to ‘Enable Content’. It then downloads dangerous malware to the person’s computer, which then looks for passwords and other private financial information.
If you suspect a job you’re interested in is too good to be true, or that the website where the position is advertised is not the genuine company website, search for the real company website instead. Most will have a recruitment section. Alternatively, call their recruitment office or Human Resources team. If you find the position is fake, make sure you tell the company so they can investigate.
While we may occasionally use a recruitment agency to advertise vacancies we have available at LV=, we’ll always share details of all our positions on our careers website.
Do not send your bank details or a copy of a statement by clicking on any link in an email. Your child’s school will have all of the details you’ll need relating to any free school meals your child may be eligible for, and can offer advice on how to apply.
Only buy tickets from the venue’s box office, official promoter or agent, or a well-known and reputable ticket site, and avoid paying for tickets by bank transfer, especially if buying from a source you’re not familiar with. Credit card or payment services such as PayPal offer greater protection against fraud. Be cautious with unsolicited emails, texts or adverts offering unbelievably good deals on tickets. If it sounds too good to be true, it probably is. You can also check if the ticket vendor is a member of STAR. If they are, the company has signed up to their strict governing standards.
Phishing attack targets employees as they return to the office
Many of us are ecstatic about getting back to the office and seeing our friends and colleagues live in the flesh. However, as people start returning to work, fraudulent activity targeting workers is going up.
We’ve been told about a phishing campaign aimed at gathering login credentials from employees by posing as the Chief Information Officer (CIO). The message pretends to provide information about changes to business operations the company is making due to COVID-19. The email appears to have been sent from a source within your company, giving the company’s logo in the header, as well as being signed spoofing the CIO. By pretending to be an executive, the fraudster sends a fake newsletter or communication explaining the new precautions and changes to the business. The intention is to steal company and personal credentials, they include a link to a fake Microsoft SharePoint page with two documents that outline new business operations. Upon clicking on the documents, victims get a login page that asks them to provide login details to access the files.
If you are in any doubt that a communication is legitimate, check with your manager and do not enter your login details.
Fax/Scan Phishing Attacks Jump Nearly 500% as Workers Return to the Office
According to new data, January through April of this year saw just over 53,000 phishing emails using a request for the recipient to review a fake fax or scan, complete with a malicious link. This represents around 13,000 emails using this kind of theming per month. In May alone, that number spiked to 65,000, a 500% increase, just as many businesses began issuing “return to work” orders to their employees.
We’ve also been made aware of a group trying to steal VPN details from homeworking employees. It begins with a series of phone calls to a homeworker who works for a targeted organisation. The phishers tell you they’re calling from your IT department to help sort out issues with the company’s VPN. The goal is to convince you either to divulge your credentials over the phone or to input them manually in a website set up by the attackers. The employees have often been targeted via their social media pages, particularly when they’ve added details of who they work for and what they do.
The websites used for this scam often use your company’s name plus: VPN, ticket, employee, or portal. This group involves at least two perpetrators: One who is social engineering the target over the phone, and another takes the credentials.
Be suspicious of unsolicited phone calls or messages. If you receive a vishing call, note down the telephone number as well as the website domain. Review and limit the amount of personal information you post on social network sites about the company you work for and what you do for them.
Never give personal or bank details to a person on your doorstep unless you are 100 per cent sure they’re genuine.
LV= doesn’t use door-to-door salespeople. The best way to buy one of our insurance products is through LV.com or from one of our reputable insurance brokers. If you need to make a home insurance claim or we need to inspect your car, we may need to send a tradesperson to help, but we’ll make sure you know who they are, what they plan to do and when to expect them.
The FCA will send emails from addresses ending in @fca.org.uk and @fcanewsletters.org.uk, but be aware that fraudsters can clone these email addresses to make their emails seem genuine. If you receive an email like this, search for the genuine FCA website and contact them before completing any forms with your personal information.
Social media notifications used to steal credentials
We’ve been made aware that scammers have been using Instagram, Facebook, and Twitter to steal personal details. With so many passwords to remember, people often use the same one across various platforms. Some people use the same passwords on their personal accounts and their work applications, which can be very dangerous.
If a scammer manages to get a password, they’re often able to use it on multiple applications. They get your password by sending you an email claiming to be from Instagram, Facebook, and Twitter, usually saying your account will be suspended if you don’t click the link to add your details. The link is fake and only exists to get your login details.
Social media websites will never send emails threatening suspension of services that contain links.
Make sure you keep separate passwords for work and personal applications. Use a reputable password manager to support this.
Compromised Facebook accounts used to lure victims into PayPal scam
We’ve been told about a new scam where a person has received messages through Facebook Messenger from a friend or family member asking if they can use their PayPal account to receive money from the sale of an item on EBay, most often a camera. The message usually says that they’ve sold a camera but can’t process the payment. They ask you to take payment via your PayPal account and then transfer it into their bank account before then transferring it via bank transfer into the ‘friends’ account which is actually an account controlled by the fraudster.
If the victim agrees, the payment is transferred into their PayPal account but, after the money is transferred out, the initial transaction is reversed leaving the account in negative balance. Multiple reports have also been received from victims stating that their Facebook Messenger accounts have been hacked and that these fraudulent messages have been sent to all their contacts.
Avoid becoming a victim of this scam by verify any financial requests. Be very wary of unusual messages asking for help with financial transactions. Even if the message appears to be from someone you know and trust. Call or text them and ask if they sent the message. Never respond to any requests to send money, or have money transferred through your account, by someone you don’t know and trust. You can protect your important online accounts by using a strong separate password and, where available, turn on two- factor authentication (2FA). Never use your username as a password.
If you’ve made a payment and been caught by this scam, tell your bank and PayPal, as soon as possible. They’ll help you prevent any further losses and you may even get the money back. You should also monitor your bank statements regularly for any unusual payments.
Be wary of any unsolicited emails and text messages about grants and refunds etc and report them to the Suspicious Email Reporting Service by emailing [email protected].
We all rely heavily on the internet to browse and shop for items these days. Everything from food to clothes to holidays is conveniently available. But online shopping comes with a range of risks if you're not careful. Here are some current issues to look out for:
Scammers Pose as Meal-Kit Services to Steal Customer Data
Fraudsters are sending doctored text messages to people that look like they’re legitimate correspondence from popular brands such as HelloFresh and Gousto. There are many versions of the phishing texts. Some are received through SMS, others through WhatsApp. Some ask customers to rate their experience to enter a prize. The messages look very convincing while others are easy to spot and riddled with spelling mistakes. “Your Gousto box is now delivered,” the phishing message read. “Enjoy the reoipej! Rate delivesy and enter wrize diaw at ‘URL’.” The goal is to drive users to a site controlled by the attackers and trick them into entering their personal data.
We all turned to food delivery services significantly during the pandemic, and fraudsters have taken advantage of this by impersonating the most popular brands in phishing attacks.
Look out for spelling mistakes in any messages you receive. Check the address that the message came from. Is it from the same sender as your usual messages? If you’re unsure, delete the message, go to the brands website, look for details there and use the ‘contact us’ button to contact them.
New Amazon Email Takes a Phishing/Vishing Approach to Steal Credit Card Information
Receiving a bogus email pretending to be from Amazon is old news. We’ve seen countless impersonation emails over the last year alone. But this latest email-based attack tells the tale of a phishing email that becomes a vishing (voice phishing) attack to trick potential victims into giving up personal details.
Victims receive a realistic-looking Amazon email stating the recipient ordered a 77” TV. There’s a “View or Manage Order” button, but it’s nothing but an image with no URL linked to it so it won’t work. You’ll then see a message stating “If you did not place this order, please contact us at XXX-XXX-XXXX.” This is where the phishing attack becomes a vishing attack. When the victim calls the phone number (which is redirected to a disposable Google Voice number), a live person answers the call pretending to be from Amazon. They ask the victim for the order number, their name, and then verify credit card details before they cut the call short on purpose and block the victim’s number.
Fake Gumtree website being used to steal bank details
Fraudsters are targeting consumers using fake Gumtree websites that are used to steal bank details. The scam works by criminals pretending to be genuine buyers messaging sellers on the Gumtree online advert board. They pretend to be interested in buying an item without viewing it, ask for it to be posted, then claim to have paid by sending a link to the seller. This link takes the seller to a fake, Gumtree-branded website that asks for their bank details before the buyer's cash can change hands. This is completely fraudulent, as Gumtree does not have any function to make payments. But since most of us probably don’t know that, it’s really easy to be taken in by the apparent legitimacy of it.
Finally, we’ve been warned of a gadget company that claims to offer heavily discounted and hard to find items. They only accept payment by direct bank transfer, which may leave the buyer without protection and makes it incredibly difficult to get a refund.
Shop online safely. Buy from legitimate sources that you trust, question offers that seem too good to be true and use a credit card or debit card that protects your purchases and cover you for fraud, or use PayPal which also has buyer protection. Large courier companies like Yodel, Hermes, DPD and DHL have their own apps where you’re able to track your parcels safely. They can all be downloaded from their official websites or from your app store. Find out more about how to shop online safely with our handy guide.
Also, be careful when receiving your parcels. We’ve been told that some courier companies have been impersonated in text messages and emails, telling you that a parcel will soon be delivered. The text or email contains a link for you to track your parcel or arrange a redelivery. The message will often say “Hey, here’s how to track your parcel” The link takes you to a legitimate looking spoofed website where you’re asked to enter your personal information.