Phone, text and online scams are on the rise. Data from Australia, the UK, and the US show a significant recent increase in fraud, resulting in losses for consumers of around £1.2bn in 2020 – a rise of 47% in Australia and 30% in the US compared to incidents before the coronavirus pandemic.
The most common way for scammers to make contact is by phone (33% of cases), usually because it can be harder for victims to ascertain the malicious nature of a call compared to a text (25% of cases) or email (16% of cases).
Scams can take different forms, but recently the most common ones have impersonated popular and trusted organisations such as delivery companies. Amazon-related scams have been found to be particularly problematic by regulators in Australia and the UK. This is perhaps unsurprising due to the widespread use of its services during the pandemic.
Regulators in the three countries we’ve looked at are helping consumers to try and recognise scams before they fall victim to them, and are running information campaigns, sometimes with the help of industry. Australia and the US are starting to make significant efforts to reduce malicious calls and texts, with telecoms operators playing a key role. Legislation to tackle online scams still needs to get up to speed. In the UK, the recent Online Safety Bill could be a missed opportunity to do so.
In one year, the cost to the consumer from online scams have increased by 47% in Australia, and by 30% in the US
Online and phone scams are a problem of increasingly large scale. In Australia, the Competition and Consumer Commission (ACCC) reports that consumers lost AUD851m (£459m) in 2020, considering the combined total of scams reported to three Government agencies and to banks. The ACCC’s own Scamwatch unit recorded losses for AUD176m (£95m) – a 23% increase compared to 2019. The phone call has been the most common way for scammers to make contact (48% of cases) followed by email (22%) and text (15%). In total, scams originating through some form of online communication (phone, email, text, internet, or social media) cost Australian’s AUD140.3m (£75.7m) – a 47% increase on the previous year.
The picture is similar elsewhere and shows the growing scale of the problem. In the UK, Action Fraud reports that losses as a result of consumer and cyber-related frauds reported by individuals were about £177m in 2020 (although the actual figure is likely to be far higher, since the data only includes the period between June and December 2020). The total is likely to increase in 2021, considering that losses in the same categories already amounted to £167m for the first half of the year. In the US, the Federal Trade Commission reports that online fraud resulted in a $1.4bn (£978.2m) loss to Americans in 2020 – an increase of about 30% on 2019. Similar to Australia, the most common way of contact is the phone call (31%) followed by text (27%) and email (15%). Across Australia, UK, and US, we estimate that losses from online scams amounted to about £1.2bn in 2020. Figure 1 shows how the problem has grown.
Scammers are commonly impersonating delivery companies
There are various types of online scam. Generally they tend to impersonate trusted organisations across the public and the private sector, to lure consumers into handing over personal or financial information or even money. Consumers are often told they can claim tax credits, or discounts for online shopping, or other types of benefits. The most common cases involve practices such as ‘spoofing’, where a malicious caller hides behind an apparently trustworthy phone number, or phishing, where a user receives a seemingly genuine link via email or other online communication and is then directed to a fake website, or required to install malware on their device. In the UK, there has been a deluge of complaints to Ofcom about text messages requesting the payment of a fee to release a parcel for delivery, typically impersonating Royal Mail, DHL or other couriers. The practice is defined as ‘smishing’ (i.e. phishing carried out via SMS).
Scams impersonating Amazon are increasingly common, perhaps due to the increasing use of it during the coronavirus pandemic. In Australia, the ACCC’s latest Targeting Scams report found scams related to Amazon to be among the five most reported types of scam. In 2020, phishing reports mentioning the company rose by about six times. This spike is a result of a new phone scam claiming that there is either a fraudulent purchase being made on a person’s Amazon account, or that their free Amazon Prime trial is running out and they are about to begin subscription payments. A similar scam has been very common in the US, where reportedly there has been a significant spike in the number of robocalls of this type in the three months between February and April, reaching about 150m per month compared to 10m to 30m per month previously. In the UK, Action Fraud warned consumers of this type of scam as early as October 2019. By January 2020, it estimated that it cost victims over £1m for a total of nearly 600 cases. Amazon is aware of the problem, and has resources on its website to advise consumers on what to do when they believe they are being targeted. The company warns it will never offer unexpected refunds, or ask to make payments outside of its website or to obtain remote access to a consumer’s device (e.g. by asking to install an app). The company advises consumers to report suspicious texts or calls to Action Fraud, and has activated an email address where it receives reports of possible phishing emails.
Regulators are working on blocking calls and texts, but more could be done for other scams
Realistically, regulators nor policymakers will be able to stop these scams entirely, but, as intervention in all three countries shows, there are positive steps that can be taken. These are principally around informing consumers of the risks and keeping the conversation going as to what can be done to receive fewer malicious calls, texts, or emails. Table 1 outlines common policy measures being used to mitigate online scams.
In all three countries, the regulators have made available resources for consumers to report scams and get help. However, this information often needs to be actively fed to consumers to make sure they are alert to risks before it is too late, which requires running information campaigns in the media and online. In the UK, these efforts are mainly publicly-led, with Action Fraud running frequent campaigns, although there are also consumer bodies such as Which? running their own campaigns and alerting consumers. In the US, there are industry-led efforts such as Utilities United, which groups together of more than 140 US and Canadian utility companies implementing initiatives to protect consumers against scams. In Australia, the ACCC runs campaigns every year during Scams Awareness Week, and podcasts have been produced by the makers of a consumer affairs TV show on the national broadcaster ABC.
The most challenging task is to reduce the number of scam calls, texts and online communications reaching consumers in the first place. This problem has been particularly evident in the US, where the FCC estimates that Americans received about 4bn robocalls a month in 2020. Recently, the FCC required telecoms operators to implement new Calling Line Identification standards, called STIR/SHAKEN, which make it harder for scammers to conceal their identity behind a different phone number, and ensure voice providers exchange accurate information about the source of calls on their networks. Ofcom in the UK is looking to implement elements of the same standard. In Australia, the Communications and Media Authority (ACMA) has developed a code with the telecoms industry to detect and block scam calls.
Involving the telecoms industry and fostering international cooperation will be important. In the UK, Ofcom is chairing a strategic working group with 11 operators, which submit monthly data about nuisance calls. Ofcom also shares information with industry about blocked numbers, or numbers from which calls should not originate (this helps prevent spoofing attempts). As part of its joint action plan with the ICO, Ofcom is also part of the Unsolicited Communications Enforcement Network (UCENet) which also includes Australia's ACMA and the US FTC. In June 2021, the FCC and the ACMA signed a Memorandum of Understanding to exchange information and best practices.
So far attempts to legislate against this type of fraud have not been forthcoming. In the UK, the recently proposed Online Safety Bill promises to be a pioneering piece of legislation to tackle online harms, but is almost entirely silent on online scams. Provisions to safeguard against investment and romance scams have been introduced at the last minute, but they apply to user-generated content and do not cover online advertising, which is generally a more common gateway to fraud. The ‘duty of care’ for online platforms proposed in the bill therefore does not include a responsibility to identify and remove fraudulent advertising. The effectiveness of the bill in tackling scams is likely to be limited if this is not addressed.