Dealing with a company called Regent Capital plc seemed completely safe because it was regulated by the Financial Conduct Authority.
The retired reader, who I’ll just call by his first name, Roy, was told that Regent Capital had discovered an old investment in his name, worth around £33,000.
It seemed plausible because Roy had dabbled in shares and it is possible to lose track of holdings as over time companies merge or get taken over.
To get hold of his investment Roy was informed that he needed to pay a “capital exchange procedure fee” of £3,648.
But since that payment last July, callers have come up with reason after reason why he can’t have his money until he pays for more supposed costs such as capital gains tax, escrow services fees and “international screening”.
The callers assured Roy that not only was his investment increasing in value, most of his payments were refundable.
Roy, who is 80 and has suffered a stroke, kept on paying until he ran out of money. He then told his son Simon what had happened.
By that time Roy and his wife had made 56 separate payments from their Lloyds Bank accounts coming to more than £160,000.
The phone numbers, email and web addresses given to Roy, regentcapitalholdings.co.uk and rch-ltd.com, had no connection with the genuine Regent Capital, a specialist boutique investment firm based in London.
“Whether my parents ever see their money again or not, what this has done to them on a physical and mental health level is awful, and I am incredibly angry that this has happened to them,” Simon told me.
Some of that anger is reserved for Lloyds, who Simon believes could have done more to protect their vulnerable customer.
He said the scammers coached his father to say that the withdrawals were for home improvements, should the bank enquire, and on the five or six occasions that it did ask, this answer was accepted and the payments were put through.
A Lloyds spokesman said the bank had a great deal of sympathy for Roy, adding: “We are urgently reviewing the details of this case and will update him as soon as our investigations have concluded.
“It’s crucial for people to remember that fraudsters can easily pretend to be someone else, clone websites and create fake documents to trick people into sending cash from their bank accounts.
“If you plan to invest large sums of money without seeking financial advice, always take time to check all the details are genuine as fraudsters will disappear as soon as they have their hands on your cash.”
The genuine Regent Capital has been fighting scammers hijacking its name for 10 months now.
“It is definitely distressing to get a call from a victim or a relative about this, though it can be positive if they haven’t yet paid and I’m able to say don’t do anything, this is a fraud,” said its chief executive Virginia Beckett.
“I’ve had 30 or 40 people come to me, but that will be the tip of the iceberg.
"It has involved a lot of speaking to people who had or might be defrauded, writing to them, emailing them, to say it's a fraud, don't send money, report it.
"We were really keen to be responsible even though they weren't our investors. I got calls while on holiday, in the evening, I would not dream of not helping.
"One of the guys was 85, ex-forces, a high-achieving guy but he really struggled with the idea that this was not real and he had paid money even though his bank had advised him not to. We did persuade him it was fraudulent, some people were quite reluctant to accept that.
"Action Fraud encourage you to report this online but there's no option on its site that matches what's happening here, a cloned firm looking for you to pay them money, that doesn't help."
Besides repeatedly contacting Action Fraud, she requested that domain providers and telecoms companies take down fake sites and phone numbers.
New sites with new numbers keep springing up but that does not make it a pointless exercise.
“It does mean that if someone tried to get hold of them on a number or website they’d previously been given and it was no longer working then they might track us down via Companies House, allowing us to tell them it’s a fraud,” Ms Beckett said.
Among the names listed by the Financial Conduct Authority as having been cloned in the past month alone are ING Bank, BNF Bank, Credit Suisse, JP Morgan, Bank of Scotland’s Capital Bank, Attica Bank and Money Saving Expert.
“Fraudsters are using the details of firms we authorise to try to convince people that they work for a genuine, authorised firm,” the watchdog warns.
The Mirror is not immune to this, having been cloned several times by crooks trying to lure victims to supposed Bitcoin trading sites.
The latest case I’ve seen purports to be an online Mirror report about a guest on This Morning, who told hosts Holly Willoughby and Phillip Schofield how he was making a fortune from cryptocurrency trading. The story even claims that a Mirror reporter tested the system he used, called Bitcoin Revolution, and turned a £200 deposit into £11,394.28 in four weeks.
One tell-tale sign that this is all fake is the url, which is not the genuine mirror.co.uk but onlyforyou114.club. I've requested that the domain provider Namecheap take it down.
Clicking on links in the fake story leads to the Bitcoin Revolution site thebtcsrevolution.com which gives the promise “You can become the next millionaire”.
Namecheap has been cited as hosting a huge number of clone scam sites.
Based in Los Angeles, the company offers .com addresses from as little as £6.29.
It has been shamed in a report published this week by the Government’s National Cyber Security Centre, which revealed that Namecheap hosted 60% of all phishing scams using clone websites of Government departments, such as HM Revenue & Customs.
Worse, Namecheap was slow to remove the scam sites after receiving fraud reports, with “take down” times often longer than 60 hours.
“This undoubtedly made Namecheap an attractive proposition to host phishing,” the report stated.
Namecheap insists that it investigates all fraud reports promptly and thoroughly and assists law enforcement agencies in the UK, US and elsewhere.
The problem of clone sites is made worse by the fact that they can be pushed to the top on online search results by GoogleAds.
Google trumpeted last week that it was the first tech firm to join Stop Scams UK, a trade body made up mainly of banks and telecoms firms.
The UK managing director of Google, Ronan Harris, announced that it was also offering £3.5million in “advertising credits” to support a scams public awareness campaign.
“We know how vital it is to protect people from fraud,” he said.
“Globally, Google has also introduced new advertiser identity verification and rolled this out across the UK beginning earlier this year.
“Advertisers now need to submit personal legal identification, business incorporation documents or other information, that proves who they are and the country in which they operate.”
So, how’s Google advertiser identity verification going?Not brilliantly, I’d suggest.
On Monday, a Google search for “compare best ISA rates” brought up an advert for findisasonline.com as the second result.
“Find the best ISAs online today in 20 seconds,” it read, adding that investors would be protected by the Financial Services Compensation Scheme.
This is the same promise made by four scam sites that I wrote about only a fortnight ago, all of which claimed to find you the best ISA or savings bond in 20 seconds.
Not only was the wording almost identical, this latest site used the same pictures as the earlier scams.
Those first four claimed to be regulated by the Financial Conduct Authority but had cloned the details of two genuine FCA-regulated firms, Northern Trust Global Investments Limited and SEI Investments (Europe) Limited.
The new example, findisasonline.com, uses the same ploy, this time claiming to be a landing page of FCA-regulated GMSA Investments Limited.
This is as fake as the phone number on the website, which doesn’t work.
“Thank you very much for bringing to our attention this fraud, we definitely have nothing to do with that site,” GMSA Investments director Angelo Rossetto told me.
“If from your experience, you could kindly let me know what the most efficient way of getting this removed and reported is, I will enact it immediately.”
I suggested notifying the FCA so that the fake site can be added to its scams alert list and contacting the domain supplier, Namecheap, to have it taken down.
A chance to tackle this persistent and ruthless crime has been missed by failing to include it in the Online Safety Bill. The Government has said that some aspects of online fraud will be included in the Bill, but that leaves huge gaps.
David Postings, chief executive of banking body UK Finance, said: "Whilst the Bill includes fraud via user generated content on social media sites and dating apps, it won’t cover cloned websites and online adverts which fraudsters pay for.
"We encourage government to include all economic crime within the Bill when it is formally introduced. Not doing so leaves a large proportion of the public at high risk of being scammed online, because criminals are experts in adapting their tactics to exploit any loopholes.”
Tim Fassam of wealth management trade association PIMFA praised some measures in the bill as "a great step forward", continuing: “But while the Bill attempts to tackle fraud via user generated content on social media sites and dating apps, paid for online adverts from fraudsters and cloned – and therefore fake – investment firm websites appear conspicuous by their absence from it.
“We are, however, encouraged that the Bill will face pre-legislative scrutiny before being formally introduced to the House of Commons and look forward to working with Ministers and MPs in order to ensure that all financial harms, which have a devastating impact on the financial and mental wellbeing of victims, are included in the Bill."
Mike Haley, chief executive at fraud prevention service Cifas, commented: "The Bill places responsibility on platforms with regards to user-generated content, but excludes other types of online fraud. I look forward to the release of the Home Office Fraud Action Plan and how this will address fraud currently excluded from the Online Safety Bill, such as through advertising, emails and cloned websites."
Here are a few tips for avoiding clone sites:
Don’t use phone numbers or email addresses on a suspect site – if it is a clone then these will go straight to the crooks.
Contact investment firms via details on the Financial Conduct Authority website, fca.org.uk. This however is not always easy because details on the FCA can be limited.
If the contact details are not on the FCA’s site, you can find registered office addresses at Companies House.
You can check when a website was created on sites such as https://who.is/ – if the company is long-established but the website is new then it’s likely to be a clone.
If in doubt, get advice from friends or family or an independent financial professional.
