The subject of copycat websites and services came up again this week when I received a call from a friend who explained that his wife had applied to update her driving licence details online, a service that is normally free of charge. After all her personal details had been entered into the site, she was asked to pay a fee. In this case, she realised something was wrong because she knew it was normally a free service. The service was aborted before credit card details were provided so no money exchanged hands, but this doesn’t change the quantity of personal details held by the website.
This call reminded me of an article (Copycat Services) I wrote last year about how fraudsters are still setting up websites which offer official services at potentially extortionate prices that are normally cheap or completely free of charge. This article is a follow-up to focus on what actions can be taken if you discover a copycat website at any stage from finding the site through to realising after the fact that you have paid for services using a fake website.
Copycat services are not necessarily illegal and this depends on the circumstances. For example, a website that offers to process driving licence renewals and address changes on your behalf offered online, is not so dissimilar to an accountant processing your self‑assessment tax return; it can be done free or can be done by an agent on your behalf. The problem, and the reason this is so much of an issue, is that in most cases people are manipulated into believing they are using the genuine service.
Although communicating directly with the copycat service provider to resolve issues may seem like a good idea, such as to process a refund or ask for personal data to be removed, depending on the level of fraud involved, this could be akin to asking a mugger to give you back your wallet. If a company is going to operate in this way to deceive you into parting with your money, it is reasonable to assume that they don’t care about your personal data or any other safeguards in connection with financial transactions.
- Action Fraud – https://www.actionfraud.police.uk – the UK’s national reporting centre for fraud and cybercrime. Action Fraud can also be contacted on 0300 123 2040. Information you provide will be handed over to the National Fraud Intelligence Bureau.
- Google – If you found the site using Google, visit https://safebrowsing.google.com/safebrowsing/report_phish/ to report the site and have it removed from search results. Google announced several years ago that it would remove copycat websites from search results so it is reasonable to expect action to be taken if the site you found is reported.
- Your Bank – Inform your bank about the transaction, report it as fraud and ask them to process a ‘charge back’. Depending on the circumstances and the website used, the bank may cancel the transaction, but could equally reject the request on the basis that you were complicit in the transaction. Instructions to deal with the service provided directly should be rejected on the basis of fraud and personal safety issues.
- CIFAS (Credit Industry Fraud Avoidance System) – Protective registration is available which logs information about you in the National Fraud Database used by financial services institutions to prevent fraud. This will result in more comprehensive measures being taken to verify your identity.
- Credit File – request a copy of your credit file from credit reference agencies such as Experian and Equifax. One-off credit reports are available for free and additional services are available to actively monitor changes on an ongoing basis. Anything suspicious showing up in your credit file can be reported and investigated.
Information security consultant with over 20 years’ extensive experience gained across a diverse range of private and public industry sectors including insurance, banking, telecommunications, health services, charities and more, both in the UK and internationally. Graduated in 1997 with a software engineering degree and specialising in cyber security, risk analysis, compliance reporting and access management.