We’d all like to think we could spot a scam a mile off, right?
Well, some scams are a little less obvious…
At times like this when some people are vulnerable, and with everything that’s going on, you’d like to think that fraudsters are less active. Unfortunately they never rest, and as a result neither do we.
We care about what you care about and we’ll help you protect what you hold dear. We’ve put together some information to keep you up to date with what you need to know to stay safe.
How to know who you're dealing with
Here's what to look out for
When you take out a policy or make a claim with LV=, we have to ask questions, take personal information and sometimes, process a payment.
To help you stay vigilant, here’s how you can be sure you’re talking to LV=, and some red flags to watch out for:
- We’ll never ask for your payment card PIN when processing any payment. When we speak to you, we’ll tell you we’re calling from LV= Insurance. We’ll never say we’re calling “on behalf of LV=”.
- If you’re unsure who you’re talking to, ask them to repeat where they’re calling from
- We’ll never appoint a claims management company (CMC) to look after your motor claim
- We’ll never send you an email or text you a link asking you to pay for something or asking you to change or verify your personal details
- We won’t ever call you from an overseas number
- We won’t ask you to reset any passwords via an email link
- We’ll never ask you to pay a fee for our services. You only need to pay the premium for your policy and any excess if you make a claim
- We’ll never ask you to pay us by a direct bank transfer
- LV= does not sell your information. If you’re told, “we got your details from your insurance company”, this is false. The only time this would occur is if one our suppliers needed to get in touch and we’ve told you to expect their call
- If you make a claim, we’ll never send people to your home without first telling you who they are and what they need to do
- When verifying your identity on the phone, we’ll never ask for your bank details, the bank you use or any account numbers
- LV= will never ask you for sensitive information such as your race, sexuality or gender to verify your identity. We only ever need to know information like your name, address and date of birth or car registration number
- We’ll never instruct a solicitor or other legal representative to act on your behalf unless we've told you first and explained why we’re doing it
- We won’t send you a letter or email that starts Dear Sir/Madam. If you’re a customer, we’ll know your name and use it on every correspondence
- We’ll never phone you to ask you for your policy or claim number. We’ll only ask for it if you call us so we can find your details
- If we need your bank details so we can pay your claim or send a refund, we’ll call you or message you asking you to call us. We’ll take the details over the phone, never by text or email
- We’ll never ask for your 16 digit bank card number if we’re making a payment to you
- Any calls or voicemails from us will always come from a human. We do not use any robotic recordings for any of our messages
- Following a motor accident claim, LV= will never tell you we need to wait for an admission of liability from the other insurer before we settle your claim
If you’re ever in doubt that you’re talking to someone from LV=, it’s best to hang up and check your documents for the correct number, or head to our contact us page.
Scams to look out for
- NHS COVID-19 cold calls
We’ve been made aware that people are receiving cold calls about the COVID vaccine, with scammers asking people to pay for it over the phone. Victims receive an automated call or ‘robocall’ telling them that they’ve been identified for accelerated eligibility of the vaccine. The victims called the number given during the call are put through to someone claiming to work for the NHS on behalf of Astra Zeneca. After confirming some basic details, the victim was asked to pay a fee of £50 for the vaccine and that the interval between shots would be 12 days.
All approved vaccines currently available in the UK are free of charge. You will NOT be asked for pay for your vaccine. There is no queue jumping and you cannot pay to get ahead of the vaccine program. You will be invited by the NHS to have your vaccine and can book this online.
- COVID-19 vaccine bonds
Scammers are targeting savers with fake Covid-19 ‘vaccine bonds’, claiming they’re backed by Pfizer. They’re using online and email advertising which claim that a person’s money will be invested in Covid-19 "vaccine bonds". The adverts claim that US bank Citigroup will invest their money in drug company Pfizer, which manufactures one of the three coronavirus vaccines approved for use in the UK. Investors are persuaded to hand over personal data including their telephone number, and to upload a copy of their passport or driving licence for "anti-money laundering" purposes. The one-year fixed-rate bonds promise a return of 4.2% for people with a minimum of £10,000 to invest.
No such bond exists and as a result people have had their personal information stolen which may then be used to commit other crimes.
- COVID-19 home testing team
There is also a scam which tries to make people believe that they have been in contact with someone who is infected with COVID-19, and text messages telling members of the public that a “COVID Home Testing Team” will visit them at their home.
If you receive text messages or emails of this nature that look to be from your business, contact your manager or HR department. For other messages, you can call the NHS for advice or find the latest information on the NHS website. Your local GP surgery can also offer advice. If anyone asks you for money to pay for a test over the phone, hang up. COVID-19 tests are free on the NHS.
- Online training courses
Scammers have been using training courses designed to offer people all they information they need to know about COVID-19, as a way of getting your personal information, also known as phishing.
As lockdown lifts and people start to return to work, everyone is looking for information to make sure they know what they need to do. This scam uses 'online training programs’ that claim to be compulsory for you to comply with the necessary regulations. The scam specifically targets MS Office 365 users, and sends a fraudulent link for you to register for the course. The link redirects users and asks for them to input their credentials which are then used for fraudulent means.
All COVID-19 information is available on official NHS and Government websites. Talk to your employer and DO NOT add your personal details to any site claiming to offer official compliance training courses, unless you are 100% sure they are legitimate.
If you're unsure who you are dealing with only visit legitimate trusted Bitcoin sites
- Brexit ID Scam
We're aware of a number of reports of a text scam themed around Brexit, which reads: “We need to verify your identity to keep up with EU standards". The message then instructs the recipient that "to avoid restrictions" they must visit a website to upload their personal details. The text is part of a phishing scam attempting to use Brexit as a cover for stealing personal information.
- Unpaid tax warning
Scammers are contacting people to tell them that following Brexit they have unpaid taxes and that they must pay before new rulings come in to place. If you believe that you do need to pay some tax, please contact the tax office directly via a legitimate trusted source.
- Brexit company investment scam
Fraudsters are making contact with people, usually through email, to tell them about a Get-rich-quick scheme and disclosing information about a company that is going to become very successful because of Brexit. The scheme is fake and fraudsters are stealing peoples money. Only invest in schemes via legitimate and trusted sources.
- Invalid passport following Brexit
A new scam has been highlighted, in which criminals tell people that their passport will no longer be valid because of Brexit. They are asked to pay a fee or even send a copy of their passport in an attempt to gain a valid post Brexit passport.
As yet passport have not changed. If you need to make sure that your passport is valid or would like to read the latest information please go to the passport section of the Gov website.
- Holiday bookings
We’ve been told about scams involving fake caravans and motorhomes for sale and luxury apartment rentals, as criminals take advantage of our uncertainty around COVID-19 travel restrictions and cancellations.
Scammers have become very good at faking ads, texts, websites and emails from trusted companies like airlines, travel agencies and banks, and some will even call you to discuss their ‘offers’. The prices are low and seem attractive, but as often is the case, sometimes these offers are too good to be true.
Do your research before buying a holiday home or a break away online or over the phone. Do a direct search for the company’s website or call them using a legitimate contact number to discuss the offer. If it’s for a new caravan or motorhome, ask them to show it to you over a video call if you can’t see them in person. Use a secure payment method like PayPal or a credit card, and avoid paying by direct bank transfer.
- Fake refunds
As many people have had their holidays or flights cancelled due to COVID-19, there are concerns about holiday and travel refunds. Unfortunately, scammers are taking advantage of this.
People have received fake emails, social media posts and calls all claiming to be offering refunds from airlines, travel providers or banks. Often emails and posts will include links leading to fake websites, which they then use to steal your personal information or even download dangerous malware onto your computer.
Never click on a link in a social media post, text or email. Question uninvited approaches and contact the people who you booked through in the first place. They’ll be able to offer advice on whether you’re able to get a refund.
Buyers may be left with insurance that doesn’t provide adequate cover or even no insurance at all, and may also have their personal details sold on for fraudulent means in the process.
If you’re contacted via social media with an offer of reduced insurance or another service, you should contact the company allegedly offering the deal directly and double check the details of any schemes they may be offering to NHS workers.
LV= is investigating five scam HMRC reimbursement emails posing to be from LV= claims correspondence. The emails include a genuine LV= claim reference.
The aim is for the email recipient to click the links and add personal data to help process their ‘refund’. All the emails have the same elements:
A claim number in the LV= format
They are from email addresses with the domain ‘.jp’
All feature the same transaction numbers and reimbursement amount
They have all been sent to @hotmail.co.uk email addresses
If you receive an email like this, it is not related to LV=. We’re investigating the matter. We want to reassure you that your data is safe and we’ve not passed your details to anyone who is not directly related to your policy or a claim that you might have had. Please DO NOT respond to the email and DO NOT click any links. Delete the email or forward it to us at [email protected]
We’re also aware of a very similar email telling people they are due a Council Tax refund. They claim to be from the Department of Work and Pensions and try to gather your personal information. If you’re unsure about an email you’ve received, call your local Council Tax office and DO NOT enter any personal information via any links within the email.
The latest scam campaign focuses on self-employed professionals who may be receiving assistance through the government’s Self-Employment Income Support Scheme. You receive a text messages about your eligibility for a tax refund. Clicking the link in the text takes you to a very realistic page with full HMRC branding and asks for your personal details and your government gateway log-in details to calculate your supposed refund. After calculating the fake refund amount, it asks you for your bank details so they can send the money, but it also asks for your passport number for ‘verification’ purposes.
The HMRC will never contact you by text to tell you about any refund that you’re due. If you are unsure, contact the HMRC directly using a trusted telephone number.
Homeworking WebEx and Zoom scam emails
With many of us working from home and having virtual meetings via WebEx or Zoom, fraudsters have been targeting some users by sending genuine looking emails that contain harmful links. Some ask the user to sign in via a link or they will lose access to the platform, while others pose as Zoom notifications that take the user to a fake Microsoft login page with the name of the user’s organization and "Zoom" above the sign-in location. The purpose is to obtain personal, financial information and homeworker login details.
There are also fake links to install Zoom that can download harmful malware on your computer. Only download the system from a legitimate source.
If you receive emails like this, test the platform to check it’s working correctly and contact your IT department for advice.
Office 365 Phishing Attacks Use Fake Zoom Suspension Alerts
Microsoft Office 365 users are being targeted by a new phishing campaign using fake Zoom notifications warning you that your Zoom account has been suspended. The end goal is to steal Office 365 logins. This new scam has been sent to over 50,000 mailboxes. Do not click the links within this email as they’re malicious and will ask for your credentials. Your information is then most likely to be used to facilitate identity theft and schemes such as Business Email Compromise (BEC) attacks. The emails are signed off with "Happy Zooming!" at the end of the email.
Scammers targeting homeworkers via Zoom
The scam email claims to be from “Zoom Mail” which tells you that a “Zoom voicemail” has been received and you should call a number to get the message. The number is a premium rate number and charges £6 a minute plus the standard network rate.
Another email pretends to be a Zoom conference call invitation that asks you to click a link to “review invitation”. The link then leads to a fake login page, which asks you to put in your username and password, sending the information to fraudsters.
Zoom phishing attacks remain very prevalent due to the huge number of people now using the platform, so be very cautious and only click links in these emails if you’re 100% sure they’re genuinely from Zoom.
We’re also aware that some people have received emails “about the job”. The email has an attachment pretending to be an application form or a CV. The attachment is usually a Microsoft Excel file, and when opened it asks the person to ‘Enable Content’. It then downloads dangerous malware to the person’s computer, which then looks for passwords and other private financial information.
If you suspect a job you’re interested in is too good to be true, or that the website where the position is advertised is not the genuine company website, search for the real company website instead. Most will have a recruitment section. Alternatively, call their recruitment office or Human Resources team. If you find the position is fake, make sure you tell the company so they can investigate.
While we may occasionally use a recruitment agency to advertise vacancies we have available at LV=, we’ll always share details of all our positions on our careers website.
The websites used for this scam often use your company’s name plus: VPN, ticket, employee, or portal. This group involves at least two perpetrators: One who is social engineering the target over the phone, and another takes the credentials.
Be suspicious of unsolicited phone calls or messages. If you receive a vishing call, note down the telephone number as well as the website domain. Review and limit the amount of personal information you post on social network sites about the company you work for and what you do for them.
Do not send your bank details or a copy of a statement by clicking on any link in an email. Your child’s school will have all of the details you’ll need relating to any free school meals your child may be eligible for, and can offer advice on how to apply.
Only buy tickets from the venue’s box office, official promoter or agent, or a well-known and reputable ticket site, and avoid paying for tickets by bank transfer, especially if buying from a source you’re not familiar with. Credit card or payment services such as PayPal offer greater protection against fraud. Be cautious with unsolicited emails, texts or adverts offering unbelievably good deals on tickets. If it sounds too good to be true, it probably is. You can also check if the ticket vendor is a member of STAR. If they are, the company has signed up to their strict governing standards.
Never give personal or bank details to a person on your doorstep unless you are 100 per cent sure they’re genuine.
LV= doesn’t use door-to-door salespeople. The best way to buy one of our insurance products is through LV.com or from one of our reputable insurance brokers. If you need to make a home insurance claim or we need to inspect your car, we may need to send a tradesperson to help, but we’ll make sure you know who they are, what they plan to do and when to expect them.
The FCA will send emails from addresses ending in @fca.org.uk and @fcanewsletters.org.uk, but be aware that fraudsters can clone these email addresses to make their emails seem genuine. If you receive an email like this, search for the genuine FCA website and contact them before completing any forms with your personal information.
Social media notifications used to steal credentials
We’ve been made aware that scammers have been using Instagram, Facebook, and Twitter to steal personal details. With so many passwords to remember, people often use the same one across various platforms. Some people use the same passwords on their personal accounts and their work applications, which can be very dangerous.
If a scammer manages to get a password, they’re often able to use it on multiple applications. They get your password by sending you an email claiming to be from Instagram, Facebook, and Twitter, usually saying your account will be suspended if you don’t click the link to add your details. The link is fake and only exists to get your login details.
Social media websites will never send emails threatening suspension of services that contain links.
Make sure you keep separate passwords for work and personal applications. Use a reputable password manager to support this.
Compromised Facebook accounts used to lure victims into PayPal scam
We’ve been told about a new scam where a person has received messages through Facebook Messenger from a friend or family member asking if they can use their PayPal account to receive money from the sale of an item on EBay, most often a camera. The message usually says that they’ve sold a camera but can’t process the payment. They ask you to take payment via your PayPal account and then transfer it into their bank account before then transferring it via bank transfer into the ‘friends’ account which is actually an account controlled by the fraudster.
If the victim agrees, the payment is transferred into their PayPal account but, after the money is transferred out, the initial transaction is reversed leaving the account in negative balance. Multiple reports have also been received from victims stating that their Facebook Messenger accounts have been hacked and that these fraudulent messages have been sent to all their contacts.
Avoid becoming a victim of this scam by verify any financial requests. Be very wary of unusual messages asking for help with financial transactions. Even if the message appears to be from someone you know and trust. Call or text them and ask if they sent the message. Never respond to any requests to send money, or have money transferred through your account, by someone you don’t know and trust. You can protect your important online accounts by using a strong separate password and, where available, turn on two- factor authentication (2FA). Never use your username as a password.
If you’ve made a payment and been caught by this scam, tell your bank and PayPal, as soon as possible. They’ll help you prevent any further losses and you may even get the money back. You should also monitor your bank statements regularly for any unusual payments.
Be wary of any unsolicited emails and text messages about grants and refunds etc and report them to the Suspicious Email Reporting Service by emailing [email protected].
We’ve been warned of a gadget company that claims to offer heavily discounted and hard to find items. They only accept payment by direct bank transfer, which may leave the buyer without protection and makes it incredibly difficult to get a refund.
Shop online safely. Buy from legitimate sources that you trust, question offers that seem too good to be true and use a credit card or debit card that protects your purchases and cover you for fraud, or use PayPal which also has buyer protection. Large courier companies like Yodel, Hermes, DPD and DHL have their own apps where you’re able to track your parcels safely. They can all be downloaded from their official websites or from your app store. Find out more about how to shop online safely with our handy guide.
Also, be careful when receiving your parcels. We’ve been told that some courier companies have been impersonated in text messages and emails, telling you that a parcel will soon be delivered. The text or email contains a link for you to track your parcel or arrange a redelivery. The message will often say “Hey, here’s how to track your parcel” The link takes you to a legitimate looking spoofed website where you’re asked to enter your personal information.