The subject of copycat websites and services came up again this week when I received a call from a friend who explained that his wife had applied to update her driving licence details online, a service that is usually free of charge. The site asked her to pay a fee after entering all her personal information into the website. In this case, she realised something was wrong because she knew it was usually a free service and stopped before providing credit card details. No money exchanged hands, but this doesn’t change the quantity of personal information held by the website.
This call reminded me of an article (Copycat Services) I wrote last year about how fraudsters are still setting up websites which offer official services at potentially extortionate prices that are usually cheap or completely free of charge. This article is a follow-up to focus on what actions to take if you discover a copycat website at any stage from finding the site through to realising after the fact that you have paid for services using a fake website.
Copycat services are not necessarily illegal, and this depends on the circumstances. For example, accountants often process self-assessment tax returns on behalf of their customers. The problem, and the reason this is so much of an issue, is that in most cases, websites manipulate people into believing they are using a genuine service; when in reality they are using a 3rd party to act on their behalf.
Communicating directly with the copycat service provider to resolve issues may seem like a good idea, such as to process a refund or ask for personal data to be removed. However, depending on the level of fraud involved, this could be akin to asking a mugger to give you back your wallet. If a company is going to operate in this way to deceive you into parting with your money, it is reasonable to assume that they don’t care about your personal information or any other safeguards in connection with financial transactions.
- Action Fraud – https://www.actionfraud.police.uk – the UK’s national reporting centre for fraud and cybercrime. Contact Action Fraud on 0300 123 2040. Where appropriate, Action Fraud will pass along information to the National Fraud Intelligence Bureau.
- Google – If you found the website using Google, visit https://safebrowsing.google.com/safebrowsing/report_phish/ to report the website and have it removed from search results. Google announced several years ago that it would remove copycat websites from search results, so it is reasonable to expect that they will take action.
- Your Bank – Inform your bank about the transaction, report it as fraud and ask them to process a chargeback. Depending on the circumstances and the website used, the bank may cancel the financial transaction, but could equally reject the request on the basis that you were complicit. Challenge any instruction to communicate with the potentially fraudulent service provider directly in the interest of personal safety and to prevent further exposure to fraud.
- CIFAS (Credit Industry Fraud Avoidance System) – Protective registration is available, which logs information about you in the National Fraud Database used by financial services institutions to prevent fraud. Consequently, financial institutions take more comprehensive measures to verify your identity.
- Credit File – request a copy of your credit file from credit reference agencies such as Experian and Equifax. One-off credit reports are available for free and additional services are available to monitor changes on an ongoing basis actively.
Robert is an information security consultant with over 20 years of experience across a diverse range of organisations, both in the UK and internationally. Robert graduated in 1997 with an honours degree in software engineering for security and safety-critical systems. Robert is contactable directly through LinkedIn.