fraud

by Laura Spencer Laura Spencer No Comments

Romance Fraud: A take on the ‘Tinder Swindler’

Starting with the basics, what is ‘romance fraud’?

According to Action Fraud (https://www.actionfraud.police.uk/a-z-of-fraud/dating-fraud) romance scams involve people being duped into sending money to criminals who go to great lengths to gain their trust and convince them that they are in a genuine relationship. They use language to manipulate, persuade and exploit so that requests for money do not raise alarm bells. These requests might be highly emotive, such as criminals claiming they need money for emergency medical care, or to pay for transport costs to visit the victim if they are overseas. Scammers will often build a relationship with their victims over time.

One of the best, current examples of romance fraud, is the hit Netflix documentary ‘The Tinder Swindler’ SPOILER ALERT!

If you have not watched it/read about it or simply have not seen any media outlets recently! The Tinder Swindler is about, Shimon Hayute aka Simon Leviev who poses as a man who has wealth and power. He seems to be able to corroborate this story, showing his victims himself and his family, who appear to own a diamond business. However, we learn that this is not his reality, this image has been photoshopped. The reality is, that Shimon Hayute came from an impoverished background – he is wanted in both Finland and Israel and possibly many other countries too for fraud as well as other crimes.

The Swindler manipulated women using his wealth to impress them at first, taking them on lavish dates and flying them around the world. However, months in, suddenly there are ‘enemies’ after Simon and he encourages his victims to send vast sums of money in order to help protect him and in turn their relationship. This money was alleged to cover the fact that the ‘enemies’ could track the Swindler through his bank accounts and therefore in some cases the victims were asked to physically bring him large sums of money in cash.

It’s worth mentioning here that the victims had been sent pictures of both the Swindler and his body guard in the back of an ambulance, with graphic injuries sustained. The Swindler would send these images to his victims (sending the same images to multiple victims) to prove the danger that he was in. It is interesting that he would build suspense when sending these messages by sending these images without an explanation for a number of minutes in order to gaslight his victims and send them into panic. This therefore, added credibility to the story as his ‘enemies’ had attacked him. This was a double pronged attack too, in the sense that because these ‘enemies’ were after him, he was using it as an excuse to stay away from his victims for prolonged periods of time in order to keep his victims ‘safe’.

But why is this guy not in jail?

The Tinder Swindler, had previously been in jail for 5 months, after being convicted for fraud in Israel. However, he was released early from his 18-month sentence.

However, in relation to the ‘crimes’ explored in the documentary, the trouble here is the fact each of these victims gave the Tinder Swindler money of their own volition. They believed that they were giving him money in order to protect him and their relationship – all the Tinder Swindler did was lie. While this lie resulted in these women losing large sums of money, it could be argued that at no point he committed a ‘crime’. It was all just a lie.

Unfortunately, therefore the Swindler has not faced charges in relation to his ‘crimes’ filmed in the Netflix documentary. This may be because the Swindler was never in once country for very long, when we are looking at carrying out an investigation, law enforcement does not have time to put a case together and establish the facts. Not to mention the fact that the Swindler is known to be using false identities when traveling, which adds an additional level of complexity to the case. In times where departments receive very little funding, it is easier to understand why the Swindler has not been charged.

You will also notice, if you have watched the documentary, that the investigation carried out by the newspaper containing the original story (https://www.vg.no/spesial/2019/tindersvindleren/english/) took months. When the Swindler is flitting from country to country it is distinctively harder to keep track of his movements. Not to mention the fact that in country hopping the Swindler will be operating in different jurisdictions.

From a digital law standpoint, the definition of fraud is not broad enough at this point to include cases such as the Tinder Swindler. Despite the fact that these victims, who have taken out huger personal loans and lost vast amounts of money to this catfish, will have to pay the money back. While to an extent the Consumer Credit Act 1974 (click here for an explanation of how this Act aims to protect consumers https://www.which.co.uk/consumer-rights/regulation/consumer-credit-act-ayvHZ8H0jVl8) may apply to a small amount of the lost funds, this however cannot be applied to the likes of the personal loans. Therefore victims, whether the victims involved in the documentary or other unknown victims will be left with a serious amount of debt which they will need to pay.

Romance Fraud

Going back to our initial definition of ‘romance fraud’ from Action Fraud, you can clearly see here that the Swindler is gaining his victim’s trust through these lavish gestures to convince them that their relationship is real. This is why then when he convinces his victims that he is in danger and by association, they are too, it is easier to ignore the serious red flags here. From an outsider looking in, it would seem obvious that this is a red flag. Who would give someone such a huge amount of money in order to stop some alleged ‘enemies’?

While this example is an extreme case of ‘romance fraud’, when a trusting relationship has been formed it is foreseeable that what may start as a small favour can then be built upon until criminals are ‘borrowing’ large sums of money.

In a report published by the UK’s National Cyber Security Centre (‘NCSC’), the average financial cost of romance fraud being conducted through social media apps such as Facebook, Tinder and Plenty of Fish, is estimated at £6100 per victim, according to a recent report by TSB Bank. Whilst all age groups are susceptible to romance fraud, the average age of victims is 47, with women losing on average £6,300, compared to £4,600 for men.

The TSB report reveals alarming details of romance fraud cases, with the average ‘relationship’ seeing victims of romance fraud making payments for two months (62 days) – and with over a third of all cases starting on Facebook. Across the banking industry, romance fraud almost doubled during the pandemic with a recorded increase in losses of 91 percent compared to pre-pandemic levels – and an average loss of £6,100.

TSB have revealed the online platforms that accounted for the highest number of fraud cases where a source of origin was recorded; these are:

  • Facebook – where fake profiles led to over a third (35%) of all fraud cases.
  • This is followed by almost a quarter (24%) on Tinder, over a fifth (21%) on Plenty of Fish and almost one in 10 (9%) from com.
  • The following platforms all account for three percent of cases in which the platform was recorded: com; Bumble and Instagram.

While this article has explored what romance fraud is, arguably the most important takeaway here is how to spot and avoid romance fraud.

Tips for avoiding romance fraud:

(https://www.msn.com/en-gb/lifestyle/relationships/understanding-romance-fraud-and-how-to-avoid-it/ss-AAUbNPL#image=30)

1.     Be careful of what information you share online; scammers will often try to gather as much information about you as possible so they can build their arsenal. The more they know about you as a person, the easier it is for them to gain your trust and manipulate you.

2.     Don’t link to your other profiles, it’s probably safer not to link your dating apps to your social media profiles. Whatever info you provide on the app can be supplemented with that from your social media accounts.

3.     Be sparing with personal information, it’s a good idea not to provide your full name, date of birth, workplace, or any other information that could be used to find you online. They may pretend to have shared interests or friends in common to gain your trust.

4.     Go slowly, when chatting with a new match on a dating app, don’t feel the need to tell them your life story straight away. They might ask you questions about where you work, live, or studied (certain answers might even help them guess your passwords).

5.     Background check, try searching the info they provide in their profile to see if it has been used elsewhere. For example, if you find the same name and job title with a different photo, that could mean they’ve stolen personal info and photos from different people to create a fake profile.

6.     Recognise the warning signs, a major red flag for romance scams (or even the less malicious but still dangerous catfishing) is that they make excuses not to meet up. There may be a long-lasting reason they can’t meet, or they frequently make excuses to cancel plans.

7.     NEVER send money, this might seem obvious, but never ever agree to send someone money or provide personal information like IDs or bank details for any reason. No matter how good the story is, you should never be asked to send money to someone you haven’t met.

8.     Speak to someone you trust, if you’ve developed a relationship with someone through a dating app but suspect that something is off, reach out to a loved one you know has your best interest at heart. It may help to see if they are concerned about your situation. A romance scammer will usually try to create an “us against the world” mentality with their victim. It’s ideal for them if you become isolated from friends and family, who are more likely to be able to point out inconsistencies and red flags because they aren’t caught up in the romance. It’s important to notice if a relationship with someone you’ve never met in person is getting in the way of your relationships with friends and family.

Online relationship tips: 

(https://www.hsbc.co.uk/help/security-centre/how-to-avoid-romance-scams/)

If several of the points below apply to an online relationship, you’re in, it could be a sign you’re actually dealing with a fraudster:

  1. They seem to have fallen in love with you rather quickly;
  2. They soon want to leave the dating site or app, to use instant messaging, email or text instead;
  3. They claim to be from the UK, but say they’re away working or travelling; and
  4. They plan a visit to see you, but something comes up at the last minute to prevent them from coming.

One of these points on its own may be innocent. But more than one, together with a request for money, can be a sign that it’s a romance scam.

While romance fraud is unfortunately growing in the UK, documentaries such as The Tinder Swindler shine a light on the dark side of online dating. Particularly as we look at the huge online reaction that the world has experienced as a result of this documentary, looking towards the future there may be hope for fraud victims. Using their story in the documentary in order to expose criminals such as Shimon Hayute and open the public’s eyes as well as the governments in order to protect others against romance fraud.

by Laura Spencer Laura Spencer No Comments

Diary of a Fraud Victim: Lessons for Apple Pay Users

You may have seen the recent press coverage surrounding people who have fallen victim to fraud; Ofcom’s recently published research – almost 45 million cases – during summer 2021 alone!

You never think that it will be you. As someone, who would like to think that they are well versed when it comes to spotting a phishing link, I was surprised, to find pending transactions on my account with purchases that I had not made.

Ultimately there is the inevitable wave of panic. Trying to rationalise what has happened – going back through my previous purchases just to check that there had not been a mistake made. Then going through my phone and checking websites that I have used; emails I have received as well as text messages.

It was here that I realised my mistake. I had received a text message from my mobile service provider, asking me to update my payment details. Typically, this type of message about changing payment information would fly red flags. However, this text came through under my previous legitimate SMS chain, seemingly under the same number with my provider. Therefore, I clicked the link in the message, proceeding to resubmit my personal details. At the time, although cautious the link seemed to work legitimately. Despite this, I set a reminder to call my provider on Monday morning in order to double check that the details had been received correctly.

Unfortunately, I had fallen for a scam…

If it were you, you see a message from your service provider, asking for an update of information – from a SMS chain, which had been used before – what would you do? Would you hesitate or stop to think whether the message was indeed genuinely from the provider?

I received the ‘pending transaction’ alert from my banking app, I tried to report the pending transactions, however, it was still unclear as to the next steps. I received a call from a ‘no caller ID’ number, which naively, I answered. It sounded legitimate, they seemed to be telling me all of the things that I wanted to hear, but nonetheless I still couldn’t shake the feeling that I was being scammed for a second time. I eventually put the phone down mid conversation in order to ring my bank directly, after researching online my banking guidelines for such situations.

The advice from NCSC in such a situation is to: ‘Go back to something you can trust. Visit the official website, log in to your account, or phone their advertised phone number. Don’t use the links or contact details in the message you have been sent or given over the phone.’ (https://www.ncsc.gov.uk/guidance/suspicious-email-actions). This advice, published on the NCSC website offers guidance to both those affected by scam artists as well as acting as a prevention.

Thankfully, calling the number my bank advised for dealing with fraud, they had already flagged my account for some unknown purchases and therefore, they were aware of the situation prior to my call. While the unexplained ‘no caller ID’ is believed to have been my bank however, even they were unclear if this had been the case due to the nature of the call and the messages that I had received seemingly from them.

The legitimate call with the bank helped me to arrange voice ID on my banking transaction to ensure that this did not happen again. They equally transferred me to an additional line, to speak to the right department in order to. I would encourage everyone to take the time to set up voice recognition with their bank in order to aid the prevention of situations like this from happening.

After which,  I was transferred to my bank’s fraud department who took me through some basic questions such as:

  • When was YOUR last transaction and for how much?
  • Has anyone had access to your card or bank details, this could be a family member or a carer,
  • Are you still in possession of your card?
  • Do you use Apple Pay?
  • Which devices do you use Apple Pay on?

While there were many other questions asked in order to gauge the situation, these were a few of the most memorable. What struck me as interesting was the fact that the questions were asked about Apple Pay, the platform while popular and typically very secure ‘Apple Pay is a very secure way to make payments. This is because your card numbers are not stored on your device, and are never shared by Apple Pay, or sent with your payment. Instead, Apple Pay gives you a unique Device Account Number, that’s encrypted and stored in a secure part of your iPhone, iPad or Apple Watch. So, when you use Apple Pay, your Device Account Number and a specially created security code are used to process your payment.’ (https://www.barclaycard.co.uk/personal/help/contactless-payments/secure-applePay) As it turns out there had been a separate account set up using my personal details, with the code mentioned above.

While on the phone the bank informed me that over the weekend, there had been tens of thousands of reports of phishing from mobile phone providers – this specific attack was on Apple iPhone users. This is because when the fraudulent messages were sent, they were automatically filtered into what seemed legitimate messages from providers. Hence, many, including myself, believed that the link circulated was genuine.

Thankfully I had caught the transactions early and my bank will be able to refund me the money that had been taken while also closing down the Apple Pay account that had been created using my details. Additionally, I will be sent a new card, with new banking details as well as being instructed to carefully watch my account over the next few days – reporting any changes to my account. Alongside this I was sent some useful advice for the future.

This was resolved mainly because I had my pending transactions set up on my account to receive a notification whenever my transactions were being processed. This means that whenever money is ____ my account I am ‘pinged’ with a notification and made aware regarding any payments in my account. I would strongly recommend to anyone who does not check their bank frequently to ensure that such notifications have been set up – otherwise for me, there may have been a very different outcome to this experience.

Lessons to be learned:

  1. People should be aware that phishing is becoming more and more evolved, exacerbated by the pandemic. While this seems like the obvious warning, estimates from the Telephone-operated Crime Survey for England and Wales (‘TCSEW’) showed that there were 4.6 million fraud offences in the year ending March 2021, a 24% increase compared with the year ending March 2019 (https://www.ons.gov.uk/peoplepopulationandcommunity/crimeandjustice/bulletins/crimeinenglandandwales/yearendingmarch2021). Demonstrating that despite advice given out, people are still being ‘scammed’.
  • Apple users need to be more cautious when receiving unexpected messages – since messages can be auto filled into seemingly legitimate contact numbers, already on your phone. In my experience this came in the form of my mobile service provider. To prevent this from happening Apple have produced an update where you can filter and block unknown messages (to find out more https://support.apple.com/en-gb/guide/iphone/iph203ab0be4/ios) which may help people avoid possible phishing messages.

Top