Hotspots according to Which?

APTFilter CERT-LatestNews Malware Security News SocialEngineering ThreatsActivists ThreatsCybercrime ThreatsEconomic ThreatsStrategic VulnerabilitiesAll VulnerabilitiesHardware

Norfolk is the dating fraud capital of England and Wales, Surrey the hotspot for investment scams, according to new analysis from the consumer product testers Which?. It’s calling on the new government to prioritise fighting scams.

The consumer advice and campaigning body obtained thousands of fraud reports under the Freedom of Information Act to pinpoint areas where certain types of fraud are prevalent. They’ve also created an interactive map, so you can see the types of scam most commonly reported in your area. The data suggests Dorset as the capital of computer virus, malware and spyware scams, while Northamptonshire is the centre for online shopping and auction fraud reports.

Elsewhere, Dyfed-Powys was the capital for computer-repair fraud reports; in these scams, a fraudster phones you pretending there’s a fault with your computer and then demands a fee for fixing it. Our research suggests that this fraud – which has risen 47pc in two years – tends to target areas with an older population. Meanwhile, regular-payment fraud – where a fraudster persuades you to re-route a regular payment by posing as, say, your energy company – is reported more in areas with higher house prices, such as London and Surrey. Which? got figures for 2014-2016 from Action Fraud, the official reporting body for UK fraud. This data shows 264,204 frauds were reported in 2016 – up 10.7pc on 2015. But not every fraud is reported to Action Fraud; a survey by the Office for National Statistics (ONS) suggests there may be as many as 5.4m fraud and computer misuse cases a year.

Which? offers an online interactive fraud checker.

Which? advises, on computer fixing fraud:

Scammers pretend to be from well known companies such as Microsoft or BT, and claim to have identified a problem with your computer. The victim pays for the scammer to fix a non-existent problem, or in some cases has harmful malware installed on their machine. Don’t allow someone you don’t know to remotely access your computer. If someone requests personal information or payment, hang up the phone. If you think a company genuinely needs to contact you, ring it – but don’t use the number that the potential fraudster gave you.

And on fees for fake services:

Examples include fake employers offering jobs on the condition that money is sent for ‘security checks’, or cold callers offering to make PPI claims on behalf of a victim who must first pay a fee. You don’t need to pay to make a PPI claim – use our free tool Be wary if asked to pay upfront for any service – employment checks shouldn’t cost money.


Peter Carlisle, VP of EMEA at security and defence product company Thales e-Security, says: “These findings from Which? highlight not only how rife incidents of fraud are across the country but also how many different types of fraud there actually are. From retail fraud to social media hacking, fraudsters will stop at nothing in their quest to obtain valuable personal information for malicious purposes. Today, the challenge for businesses across industries is that they are ensuring that they are taking the necessary steps to protect customer data – extending their encryption policies to cover all personally identifiable information and account data to prevent it from falling into the wrong hands.

“For security professionals too the key challenge is the lack of consumer knowledge around what data they should ensure they are focussing on protecting. People are particularly careful with debit and credit card numbers but will regularly give up Personally Identifiable Information like date of birth and street address, and will often use the same password on multiple sites. Citizens must, therefore, ensure they show vigilance with their data, ensuring they rigorously verify the credentials of anyone they speak to on behalf of an organisation and that they vary their login details, especially passwords, across their accounts.”