Cybercriminals are developing and boosting their attacks at an alarming pace, exploiting the fear and uncertainty caused by COVID-19.
In March 2020, our home and work lives moved from in-person to remote.
We lived life through our screens and even post-pandemic, UK adults are now spending more than a quarter of their waking day online1.
The increase in online usage opened other, more sinister doors however. Cyber criminals found new opportunities to access our details – and our money.
At St. James’s Place, our Financial Crime team has tackled more cases of fraudulent emails and fake profiles using our credentials than in any other year.
Fraudulent emails – fake hype generates false hope
Jessica Grant works for St. James’s Place Financial Crime team. She’s seen an exponential rise in this type of cyber-scam.
“These fraudulent emails ‘pose’ as St. James’s Place emails or Partner emails; capitalising on the company’s brand but offering frankly absurd rates on savings accounts or investments. Offers such as ‘pay us just £250 as a starting fee and we can then invest it for you and start a great business relationship’ sound just too good to be true. And they always are. They show only a very basic knowledge of the investment industry. The bottom line is we never cold-contact in this manner.”
A scam email will also give itself away by poor English, punctuation or grammar. A quick ‘hover’ over the sender’s address often reveals a slight variant of the sjp.co.uk address, a technique called ‘domain spoofing’ which is widely used by hackers committing internet fraud.
You can search all St. James’s Place Partners here. If your apparent ‘contact’ doesn’t appear on this list and isn’t registered with the FCA, they are almost certainly not legitimate.
Fake LinkedIn profiles
Hand-in-hand with the growth of online usage is the increased activity on social media platforms, leaving another cyber ‘back door’ wide open to fraud and identity theft.
Fraudulent activity is particularly prevalent on the business professionals networking platform, LinkedIn, which now has 740 million users, up from 690 million a year ago.
The platform’s search facility allows users to conduct advanced searches to connect with legitimate likeminded professionals – but this also enables cyber criminals to search and target high-earning, high-achieving professionals close to pensionable age.
The more you’re worth as an individual, the more you’re worth to an investment cybercriminal.
Izzy Price is the Social Media Manager at St. James’s Place. This year, their team has doubled to cope with the rise in cybercrime.
“In May of this year alone we had 9 cases of faked St. James’s Place LinkedIn profiles – in the whole of last year there were none. A false profile can be almost indistinguishable from the real thing. Spotting that there’s a full stop missing after the ‘St’ in ‘St. James’s Place’ may be the only clue that something is not quite right.”
“They replicate our imagery, our logo, our Partner photos. The fake ‘About’ sections are often virtual copy-and-pastes from our Advisers’ existing sites.”
Over the last year, the St. James’s Place legal, social media and financial crime teams combined forces to track and trace these activities as soon as they’re detected. Often, they’re acting on a tip-off from a current client who has spotted a suspicious bulk email or LinkedIn message.
If the sender doesn’t respond to a request for further identification, then the legal team sends a cease-and-desist order. The social media team simultaneously contacts LinkedIn directly to report the activity and request the profile be taken down on the grounds of fraudulent activity.
The company has also added a third ‘safety net’ for investors by partnering with a cybersecurity platform, which monitors all St. James’s Place social media activity and flags up any attempted takeovers or suspicious activity, even down to an illegal download of the company logo.
Don’t fall for a clone
But the hardest cybercrime to spot is a complete clone of a Partner website. Izzy has first-hand experience of this.
“I was contacted by a St. James’s Place Partner last year when his website and his company identity were completely cloned. It wasn’t until he took a phone call from a man saying: “I sent you the money as we’d agreed but you’ve not come back to me?’ that everyone became suspicious. No such conversation had ever taken place.”
“The St. James’s Place financial crime team uncovered an exact cloned site originating in France, which acted as cover to persuade the victim to purchase cryptocurrency – a type of transaction that is contrary to company policy.”
The investor did not contact the Partner again and may have pursued the perpetrator through the police authorities. These cloning crimes are rarer than fake profiling and phishing email scams – but they are out there.
Combating cybercrime in the future
Maturity may have taught you to be wary of a proposition that’s too good to be true, but the young are softer targets.
St. James’s Place believes that investing is for long term gain, not short-term reward and spreading the message about financial cybercrime is an important part of that ethos. Young people should invest for their future securely, not based on a false opportunity they’ve seen on social media.
The bottom line is, if you’re staying connected, stay vigilant.
Consider what you are being asked to do and how you are being asked to do it. Never reveal your password, or any payment or credit card details over the phone, click on a link or enter personal details.
1 Ofcom, “UK internet use surges to record levels”, June 2020