The 4 most convincing scams we’ve seen in 2023, so far

Our experts shine a light on the most devious and convincing scams we've seen this year, so you can avoid them.

Every month that passes, online scammers get more sophisticated in their perpetual arms race with tech companies, law enforcement and ordinary internet users.

In 2023 even our scams experts have been shocked by the depths cybercriminals will plumb to steal our cash - for example by posting viral fake missing persons appeals on social media, and creating phoney apps loaded with malware.

That’s why forewarned is forearmed. For each scam we’ve exposed in this article (originally published in Which? Tech magazine), we also include tips on how to avoid becoming a victim by spotting red flags and doing your own checks. 

Do share this information with your friends, family and community, to, as it will help those you care about.

1. Fake appeals for help

Silver alert!’ says a post on your local Facebook page. An elderly man with dementia has gone missing – you’re asked to keep an eye out for him and also share the post more widely. 

Most of us wouldn’t think twice about sharing something like this, as it feels like a really helpful and useful thing to do, but, sadly, it often isn’t. 

There’s been a spate of viral fake posts in community pages worldwide about missing children or elderly people, plus bizarre community ‘warnings’ such as there being a rattlesnake on the loose. 

What’s the scam? 

Well, after the post has gained a large number of likes, the contents are edited into something completely different, such as a straightforward investment scam. 

The large number of likes and shares that stay on the post will then lend credibility to the fraud.

This despicable scam relies on responsible citizens liking and sharing posts in an attempt to help – which they do, in large numbers. 

What you can do

Derbyshire Police warns that you should never like or share a post that has the comments turned off.

2. Beware pig butchering

This horrible hybrid of romance and investment scams called ‘pig butchering’ by scammers. That's because fraudsters ‘fatten up’ the victim with loving words before executing the investment part of the scam. 

It begins as a dating scam, with the scammer and victim typically meeting on a dating site and the victim being ‘love-bombed’ over a period of weeks by someone who appears to take a great interest in their life. 

The scammer will often encourage their victim to move from the dating platform to a private messaging service, thus removing them from the protections of the dating site.

When the victim is sufficiently groomed, the scammer claims they’ve been having success investing – typically in property or cryptocurrency – and they offer to invest some of the victim’s money. 

If the victim consents, they’re sometimes shown a crypto trading platform controlled by the scammers, and encouraged to sign up and begin depositing funds.

One UK victim, a former Somerset police officer, lost £107k to such a scam, believing she was investing in retirement apartments in Cyprus. 

Those scammed aren't the only victims 

There, they are forced to work as scammers amid the threat of torture by the criminal gangs imprisoning them.

What you can do

When you’re dating online, one of the biggest red flags is ‘love-bombing’, where the scammer swiftly declares their love for you and bombards you with kindness and affection.

Others include attempts to move you onto a private messaging platform, reluctance to meet in person and requests for money or a concerted effort to get you to ‘invest’.

If you’re in an online relationship, it’s worth checking in with a friend or a member of your family on how it’s going. Sometimes people around us can help to spot warning signs and inconsistencies when we’re too caught up in the moment.

See all of our free 

3. PayPal Scam

Most of us have received fake emails claiming to be from PayPal. But what about scam emails being generated from a genuine PayPal address? 

That could trip up many of us, and it’s frighteningly easy to do – we replicated it easily.

The scam starts with you getting a ‘money request’ from a genuine PayPal email address – service@paypal.com. 

This might seem above board, but scammers are exploiting PayPal’s service to send out fake payment requests, often for high-value items, or posing as HMRC to demand ‘overdue’ tax payments. 

The latest email states: ‘HMRC Tax Payment Overdue. Please send a balance of [£] within 48 hours to avoid a warrant being issued for your arrest or call [phone number]’. 

In other versions of the scam, the fake invoice states the victim’s PayPal account has been compromised and urges them to call a fake fraud hotline.

If you call the phone number, you’ll be connected directly to the scammers, who then trick their victims into compromising their own PayPal account and personal details. 

We tested the money request function and found we could send a request for a payment to an email address with no associated PayPal account. We could even send requests to 20 different emails in one go. 

Our request claimed to be from HMRC and threatened the recipient with arrest if they didn’t pay.

We were then able to pay the invoice without creating a PayPal account and without encountering any on-screen fraud warnings. 

What did PayPal say?

We shared our findings with PayPal, which said it has a ‘zero-tolerance policy’ on fraud attempts, and its teams work ‘tirelessly’ to protect customers, adding: ‘We are aware of this phishing scam, and encourage customers to always be vigilant online and to contact Customer Service directly if they suspect they are a target of a scam.’PayPal added that it’s currently introducing fraud warnings to invoices and money requests.

What you can do

Don’t pay PayPal invoices you don’t recognise, and don’t call phone numbers in those invoices.

4. Fake app alert

With 96% of UK mobile users downloading apps from the Apple App Store or Google Play, you’d probably assume that these stores are safe places to be, and that the apps they stock can be trusted.

Unfortunately, that isn’t always the case. The stores do screen apps before they upload them, but that doesn’t stop a few malicious ones slipping through the net. These can install malware on your phone, steal your data and perpetuate scams. 

Last year, online security firm Praedo discovered a so-called security app on Google Play. Calling itself 2FA Authenticator, it actually stole users’ banking information – and had been installed more than 10,000 times before it was discovered. 

Also in 2022, Facebook’s parent company, Meta, found 400 Android and iOS apps stealing users’ Facebook login details.

What did Apple and Google say?

Google told us it removed the 2FA app from Play and banned the developer. It also said: ‘All the apps identified in the [Meta] report are no longer available on Google Play. Users are protected by Google Play Protect, which blocks these apps on Android.’

Apple said that of the 400 apps, only 45 were on iOS; it has since removed these from the App Store and the developer accounts were terminated.

What you can do

When installing an app, click on the developer’s name and check what other apps it’s made to see if these seem legitimate. See if there’s a privacy policy – legitimate apps will always have one – and read the section on data collection if you can.

Check reviews, but remember positive ones can be faked. Read the negative ones, too.

The app will likely ask you for permissions: to use your camera, for example. These need to be relevant and proportionate to the functions of the app – an app that only needs your rough location shouldn’t ask for a precise one.

source https://www.which.co.uk/news/article/the-4-most-convincing-scams-weve-seen-in-2023-so-far-a7bRP9s0KJvG