This podcast isn’t personal advice. If you’re not sure what’s right for you, seek advice. Tax rules can change and benefits depend on personal circumstances.
(Music plays).
Susannah Streeter: Hello and welcome to the Switch Your Money On podcast with me – Susannah Streeter – here in the studio at Hargreaves Lansdown.
Sarah Coles: And me – Sarah Coles – Head of Personal Finance.
Susannah Streeter: So, we’ve made it to January and the bit of the year where nobody really knows whether to keep saying ‘New Year’ to each other or not!
Sarah Coles: Yes – but we are still firmly within everyone’s least favourite time of year – and that’s scams season.
Susannah Streeter: Yes – scams season ramps up while we’re Christmas shopping, but it also builds towards the self-assessment deadline at the end of this month – so that’s what we’re exploring in more detail in this episode of the podcast, ‘Scam Shockers.’
Sarah Coles: We’ll be talking to Richard Berry, Founder of the Goodmoneyguide.com – An Investor’s Guide.
So, Richard, you’ve been exploring the latest trends in financial scams – can you just tell us a little bit about the research that you’ve been doing?
Richard Berry: Absolutely – but, first of all, thank you very much for having me on. It’s nice to be asked some questions for a change instead of me asking them – so that we can share our research with Hargreaves and your users.
Sarah Coles: It’ll be great to explore those findings in more detail later in the podcast. We’ll also be talking to HL’s Lead Equity Analyst, Sophie Lund-Yates, about how scams should be part of the picture, where people are looking into listed companies.
Susannah Streeter: And Helen Morrissey – our Head of Retirement Analysis – will be outlining some of the pension scam risks people are facing. Plus, we’ll hear from ESG Analyst, Tara Clee, about why cybersecurity is an ESG issue – and we’ll be getting a funds perspective from Emma Wall – our Head of Investment Research and Analysis.
Sarah Coles: But, before we get stuck in, it’s worth starting with a snapshot of the scams season. In December, both NatWest and Santander issued warnings to their customers, highlighting the risks of being taken for a ride by scammers – and that’s with just under a fifth of people saying they face more scams at Christmas, and purchase scams in particular are up by more than a third.
Then there’s the rise of scams relating to shopping – including things like fake delivery scams and failed payment scams. Plus, scams taking advantage of the fact that money is likely to be scarce –and that includes loan fee scams.
Trade body, UK Finance, estimated that £100m would be stolen over the festive period, with the threats enhanced by artificial intelligence – according to GCHQ.
Susannah Streeter: As we have hit the New Year, attention has turned to tax scams. Back in October, HMRC warned that it had received more than 130,000 reports of tax scams in a year – of which almost half were tax rebate scams. Others tell customers they need to update their tax details or threaten immediate risk for tax evasion.
Sarah Coles: But scams aren’t just for Christmas – or for the New Year. So, criminals keep the pressure up throughout the year, with a number of scams that particularly target investors.
They might offer an investment which doesn’t actually exist, or one that exists but they have no intention of putting your money into – or they may pretend to be from a legitimate company to convince you to part with your money.
Susannah Streeter: The rise of cryptocurrency has added to the risks – where people are offered an investment in a cryptocurrency that doesn’t exist – or promises to invest in something like bitcoin and takes your money instead.
Of course, scammers are interested in getting their hands on as much cash as possible, so they target one of the biggest assets many people have – their pensions.
We’ve got Helen Morrissey on hand to tell us a bit more about what to look out for. What should we be on alert for?
Helen Morrissey: Thanks, Susannah. Yes – you’re absolutely right about pensions being a real target for scammers. It’s probably the biggest financial asset that many people have besides their home, and fraudsters will stop at nothing to get their hands on it. It’s been a real area of concern for government in recent years, with high profile advertising campaigns aimed at raising awareness around this activity.
Sarah Coles: What kind of tactics do they tend to take?
Helen Morrissey: Pension scammers – they’re the ultimate shape-shifters. They change their tactics – take advantage of the latest changes in pensions, and we’ve seen many of those in recent years.
So, for instance – when we had the introduction of ‘Pension freedom and choice,’ we saw people being offered free pension reviews out of the blue as a way of getting them to either cash-out their pensions or transfer them to a new arrangement.
Over the years, we’ve seen scams trying to entice people to access their pensions before the age of 55, as well as the offer of complex overseas investments delivering extremely high levels of return. They charge high fees in exchange for these so-called services and, once they’ve got their hands on your money, then they disappear leaving people with only a fraction – if any – of the pension that they’d spent years building up. It’s a huge issue, with recent figures taken from Action Fraud showing an estimated £120m was lost to pension fraud during 2023.
Susannah Streeter: I hear the financial costs can really add up to even more than what the fraudsters actually take – is that right?
Helen Morrissey: Absolutely. So, people can find themselves slapped with huge fines as well. For instance – with pension liberation fraud – people would get fined up to 55% by HMRC for accessing their pensions early. So, they’ve already lost money to the fraudster, and then they’ve got a fine which just compounds the initial loss. It’s a really tough situation and people can find their retirement dreams in tatters, with very little that they can do to make up ground.
Sarah Coles: What can people actually do to protect themselves – given the fact these scammers change tactics so often?
Helen Morrissey: The key thing is to beware of any contact that comes out of the blue – for instance offers to review your pension or the potential to invest in a high-yielding, often overseas investment. These can come by phone, email, text, or even through social media, so beware. Secondly, the scammer may put pressure on you to make a speedy decision. It’s important to say that no financial adviser would pressurise their client like this – so, if you feel that you’re being pushed into making a decision before you’re ready, then this is a real red flag. Don’t be scared to terminate contact with somebody if you feel that you’re being pressured. It’s your pension and you’ve got the right to make decisions in a timeframe that is right for you.
Finally, if something sounds too good to be true, then it often is and this should ring warning bells. If someone is offering you an investment with high returns, for instance, there is a real chance that it could be a scam as no level of investment return can ever be guaranteed. These people can be really plausible and will impersonate everyone from a financial adviser to HMRC in a bid to trick you. If you have any concerns, then terminate contact so you can check whether they are who they say they are before making any decisions. If you think you or a loved one has been contacted by a scammer, then be sure to contact Action Fraud.
Susannah Streeter: Any other advice for people who think they might have been scammed?
Helen Morrissey: Many scam victims don’t want to report what’s happened to the police. Many people feel ashamed that they’ve fallen for it, or they don’t want people to know that their money has been taken. However, it’s really important to report this activity, as it not only helps the police to track down the scammers – it will also help you to get the support that you need to deal with what’s happened to you.
Sarah Coles: Thank you, Helen – it is really good to know what to watch out for – especially when it comes to protecting something as important as our pensions.
Susannah Streeter: Let’s bring in Richard Berry now – the Founder of the Goodmoneyguide.com – who has been investigating the sophisticated ways in which scammers are looking to part people from their money. He has also produced some research looking into the most recent trends and those across social media as well.
So, Richard, how much of a risk are scams?
Richard Berry: They have always been a massive risk and I think – with the introduction of social media – and particularly videos on TikTok – they’re getting worse and worse. We looked at some official police data – over the last few years – and this is just reported losses on financial scams. There was £75m lost in one year – social media reports of people losing money have actually trebled over the last three years, with Instagram users reporting around about 1,800 scams to the police in one year. Facebook users reported losing £33m in one year, and TikTok scam reports to the police have gone up about 45-fold in the space of a year. There was even an instance of one user losing about £4m in one scam alone – and, sadly, these scams are targeting children as well. 24 children under the age of 10 were caught out by scams on social media. What’s interesting is the young are more susceptible to scams on social media than older people – because I think older people have a general mistrust of social media or anything on-line. My father-in-law, for example, still won’t buy anything on Amazon or put his credit card into a website. So, I think there’s a natural distrust with old people, but young people – the videos on social media are becoming so convincing – and, when people gain followers – you know, the more followers you have, the more believable you become.
Sarah Coles: The rise in TikTok scams sounds really alarming. Are there particular trends within social media that you’ve been able to pick up – or that you’re aware of – that people are falling foul of?
Richard Berry: There’s a few very consistent types of scams that people need to be aware of. The first is cloning existing brands. It’s very easy to replicate somebody’s website. The FCA Register, for example – which is where you can go to check if someone is a regulated provider – has been cloned by scammers who then put legitimate – or supposed legitimate – information to make them seem legitimate. So, if the FCA Register can be scammed, people don’t really stand a chance. It’s very easy to impersonate other people on social media – deepfakes are becoming particularly relevant on my feed. I don’t know why, but I see lots of Leonardo DiCaprio deepfake skits – that’s the main one to look out for – is fake profiles.
The other one is the classic ‘Pump-and-Dump’ scheme. It’s particularly relevant in crypto ‘cause there’s not a lot of liquidity – it’s not regulated at all – but this is very common. Someone will invent a cryptocurrency out of thin air – get it listed on an exchange – and then find some influencers with loads of followers – and they will then pay them to go, ‘I’ve just bought this amazing cryptocurrency – I think it’s going to go to the Moon.’ And then, of course, their million followers see that, and then they google, ‘Ooh, where can I buy this?’ – and then they go onto this exchange, which is probably unregulated and based in the Bahamas – and they see this tiny cryptocurrency worth about 5 cents and think, ‘I’ll put some money into that’ – and, of course, because there’s more buyers than sellers, the share price goes up, and the people who invented the cryptocurrency start selling it to buyers on the way up and then, when they’ve sold all of their cryptocurrency – and the influencers have stopped promoting it – most of the time, unwittingly – there’s no more buyers and then it just falls back down to earth and becomes worthless.
Susannah Streeter: What can people do to protect themselves from investment scams more broadly?
Richard Berry: Diversification is the foundation of investing. If something is too good to be true, it almost certainly is – so don’t put all your money into one investment just in case it is a scam. Research as well – you should check everywhere. The FCA Register is a great place to start – it’s not infallible because there have been many regulated firms that have turned out to be scams, but it’s a good place to start. They keep a list of all the regulated firms in the UK that are approved to conduct financial business – they also keep a list of cloned websites. So, if you suspect something is a little bit ‘Off,’ you can go to the FCA Register, and they will tell you whether or not it’s a legit website or a clone – and ask. Don’t think you can do it on your own – come onto social media and ask other people – or even come onto the Good Money Guide and ask. We actually get lots of people emailing into us – going, ‘Do you think this is legit?’
Susannah Streeter: Of course, social media has – in many ways – introduced more people to the world of investing, but there are real risks – aren’t there? – with people pretending to be somebody they just simply aren’t.
Richard Berry: You’re absolutely right – and, in fact, it’s now so easy to appear to give legitimate advice – a sort of ‘Warren Buffett’ effect – where you can just buy an S&P 500 tracker and you’ll be fine. There’s many clips of Warren Buffett on social media saying that’s actually what most investors should do – and, for scammers, in particular – or people who want to appear as gurus – it’s very easy to replicate that implied advice – and then that gains trust.
If you look at a few of the major Hollywood films about investment scams over the years – from ‘Wolf of Wall Street’ to ‘Boiler Room’ – the MO of those guys is to recommend a legitimate FTSE 100 or DOW 30 Stock to gain trust from people – and then, when that’s legitimised – or potentially legitimised – or hasn’t caused too much pain – they then come back with the really high-risk scam.
Sarah Coles: You talked about younger people being targeted. So, if older people – who have a bit more experience of these things and do know the sorts of risks that lie in wait – is there anything they can do to protect the younger people in their lives from this sort of thing?
Richard Berry: Just talk to them – and ask and press as well – because, obviously, people are deeply embarrassed about being scammed – or being taken in. And the other thing I think is worth mentioning as well is that we did a survey with YouGov about three years ago on attitudes towards scam – investments at the time. There were lots of fake ‘Dragons Den’ and Martin Lewis adverts around promoting cryptocurrency – and one of the things we were interested in is how people interact with scam adverts – when they see a scam.
We surveyed about 2,500 people – 44% said they’d seen an advert they thought was a scam. 11% clicked on that advert out of curiosity – 18% clicked on it without realising it was a scam – but, of all of those people, only 20% reported that fake advert as a scam – and this is really important because this is what people need to do.
Social media platforms need to be held accountable for the fake adverts that they’re showing, and the dodgy profiles – and they’re now obliged to provide a facility for people to report those adverts as scams or fake. I see them on all the social networks I use – LinkedIn, Facebook, Twitter, Instagram, TikTok. Next to any video or any advert, there is a little button – usually in the top-right or the top-left – that allows you to report an advert – and, if you see those adverts and you don’t report them, it’s potentially going to result in someone being scammed. So, we have to do our bit by reporting what we would consider a scam advert.
Susannah Streeter: Richard, thank you so much – it’s really good to get an idea of just what we can do to protect ourselves from these threats.
Richard Berry: Thank you very much for having me.
Sarah Coles: There are some additional ways that people can protect themselves from scams more generally.
It’s important to view any text or email as a potential scam – so the sender may say, for example, that they’re a retailer – or a bank – or even a police officer – and this is a common tactic. So, don’t believe them until you’ve hung up and contacted the organisation using details from their official website – or you can dial 101 for the police. If you’re worried that HMRC is trying to contact you, then you can call the self-assessment hotline or go into your Government Gateway account to check whether the reason they’re saying they’re contacting you is actually legitimate.
Susannah Streeter: It’s worth taking your time. One classic technique for scammers is to rush you into action – whether it’s asking for your bank details for fear of missing out on a deal or getting you to move your money because you’re under threat. They hope you’ll act before thinking, so take a breath and just really think through what they’re offering or claiming.
Sarah Coles: One of the tell-tale signs to look out for is to get an unexpected cold call – or email, or text – just out of the blue. Alarm bells should also be ringing even louder if it’s tied into something that everyone is talking about at the moment – that might be a news story, or it could be around the tax deadlines.
Never click on any link in an email or text message from senders you don’t already know.
Susannah Streeter: Never give out your bank details – however convincing the person at the other end of the line might sound.
Of course, it’s not just investors concerned about scams – it’s an issue for listed companies too.
Let’s bring in Sophie Lund-Yates now – our Lead Equity Analyst – who’s been looking through the lens of listed companies. What’s the main thing to consider?
Sophie Lund-Yates: Hi – so, perhaps unsurprisingly, the biggest consideration – sector-wise – is financial services, including banks.
These institutions have to be able to prove that they have strong enough controls in place to help prevent financial scams and fraud – that covers a broad spectrum from identity theft to financial abuse. The regulatory spotlight is a consideration for investors – or potential investors – in companies that operate in this space. It’s an ongoing risk, and any major missteps can result in not only significant fines, but negative share price movements as well.
Sarah Coles: How can investors best assess this risk? How should they go about thinking about scams?
Sophie Lund-Yates: There are a couple of ways to think about this. One thing investors should do is to take a look at a company’s annual report. These are readily available on corporate websites. You can really get a sense from this about how seriously a firm takes its anti-fraud obligations and the work that’s done to stay within regulatory guidelines, or not.
At the same time, scam activity is another reminder to focus on companies with strong balance sheets and cashflow. In the situation of lenders – or other financial companies – these markers are important all of the time when investing, but especially so through the lens of scams. That’s because companies with financial strength have more resources to throw behind prevention, but it also means that, if a fine were ever to come their way, they’re more likely to be able to stomach it.
Susannah Streeter: So, I suppose that covers some of the risks investors need to know, but what do scams mean for market opportunities?
Sophie Lund-Yates: This is a very valid question.
As we’ve been discussing, we’re living in a world where scams and broader cybercrime are becoming more mainstream – and that’s thanks to a big increase in our day-to-day use of technology. When new types of threat like this emerge, so too do novel preventions. There is a great deal of new tech surrounding things like data privacy and protection as well as broader cybersecurity – which is slightly different to all-out scams but is closely linked – especially when you look at some of the high-profile hacking that’s occurred in recent years.
Sarah Coles: Why does this matter?
Sophie Lund-Yates: The reason this matters is that there are exciting new technologies that only a few companies can truly afford to develop and scale. Surprise, surprise – I’m referring to big techs. The likes of Amazon and Microsoft, in particular, have leading cloud security solutions and infrastructure. With so few companies allowed a seat at this table – and with the addressable customer base only growing – this opens the door to lucrative and recurring revenue streams.
Artificial intelligence will also play a part in scam detection and prevention in the future, and AI is a notoriously expensive and highly technologically tough gig to fund and develop – which also lands big tech companies in the driving seat.
Susannah Streeter: Thanks very much, Sophie.
We want to chat a little bit more about this topic now, so let’s look at this with an ESG focus. It’s a good time to bring in Emma Wall – our Head of Investment Analysis and Research – and ESG Analyst, Tara Clee.
Emma Wall: Thanks, Susannah. So, Tara, why should investors consider the impact and potential risks poorly-managed cybersecurity could have on their investments?
Tara Clee: When assessing the risks in your investment portfolio, it’s important to consider environmental, social and governance risks – otherwise known as ESG.
In an increasingly digital world, cybersecurity is one of the most immediate and financially material ESG risks companies face today.
In simple terms, cybersecurity is the protection of networks, devices and data from unauthorised access and attacks.
For example, a bank may face a cyberattack which results in the loss of customer money or loss of customer personal data, leaving affected individuals vulnerable to follow-on fraud attempts.
When a company falls victim to a cyberattack, this can result in financial loss – from the breach and from subsequent fines from the regulator – as well as damage to reputation and brand, and loss of customer trust. All of this can ultimately impact share price and investor return. This is why it’s vital for companies to have robust cybersecurity controls in place to ensure the safety of their networks, devices and data.
Emma Wall: Thanks, Tara – it’s definitely an issue worth exploring. With that in mind, I have spoken to James Thomson from Rathbones about how he considers digital risks – including cybersecurity – when making investments.
James Thomson: Hello, Emma.
Emma Wall: I just wanted to take it back to basics here – ‘cause, ultimately, cybersecurity is a financial risk, and I wanted to understand – as an Equity Fund Manager, how has your analysis of financial risks changed over the years as businesses have digitalised?
James Thomson: Cyber incidents have grown significantly – have really been supercharged since the pandemic as the digitalisation trend accelerated. We’re thinking much more about the financial impact. The contagion and interdependence between systems have increased the damage – regulatory fines, lost business due to the interruption – significant litigation risk from those affected by it – and reputational damage are very real risks.
In 2024, cybercrime will cost the world over $300,000 a second – and cybersecurity consistently ranks in the top-five global risks in perception surveys – so global CEOs. Probably because, if there’s a major breach on their watch, they’re gonna lose their jobs.
My eyes were open to this back in 2017, when one of the investments in my fund – Equifax – was hit by a cyberattack. Equifax is a consumer credit reporting agency – they calculate your credit score. The hackers were in Equifax’s system for about 76 days – they accessed it through a known vulnerability that Equifax failed to patch, giving them access to the entire system. That intrusion led to the largest known theft of personally identifiable information ever carried out – addresses, birth dates, social security numbers on approximately 40% of the US population. The stock price collapsed by as much as 35% and the CEO resigned.
Investors don’t usually feel sorry for the corporate victims of cybercrime. It’s usually viewed as a governance failure – a governance failure that had a very real financial and reputational impact. I sold the stock after this incident back in 2017. But the damage can be repaired and reputations rebuilt.
Equifax has since spent more than $1.4bn updating its technology infrastructure – now, arguably, leading the pack. We bought the stock back last year – despite one of the worst mortgage markets in living memory.
Emma Wall: That’s a really interesting example of how cybersecurity can almost decimate a company.
I’m interested to know what you’ve [laughs] learnt from that experience, and how you now consider cybersecurity as part of your equity analysis. Are there sectors where this is particularly pertinent, or is this now something that all companies should be aware of?
James Thomson: Yes – cybersecurity is now a part of our investment process, but it’s not easy to benchmark cybersecurity resilience. Comparisons and standards are different and subjective – and disclosure is quite patchy because many firms are reluctant to give too much disclosure because it could attract more attacks.
We use some ESG consultants and sell-side firms that provide more granular information – but that’s not helpful for every investor because the analysis isn’t publicly available. I think, if investors want to look for more information on this, many public companies publish a sustainability report on their website – or they should feel free to email the Investor Relations Team at these companies.
I think the sectors most exposed would be those companies who are systemically important – where there is a significant knock-on impact on other industries, or they have infrastructure that’s critical to life and safety – and, of course, those companies that hold a lot of personally identifiable data which can be used for fraud or identity theft. Financial services is one obvious industry to scrutinise closely.
Examples of this – in my fund – would be Visa and MasterCard. They continually face the risk of a systemically significant event, should either of their payment networks face a breach. As such, it’s vital that both firms maintain strong and resilient cybersecurity controls.
My previous conversations with the CEO of Visa indicated that this is an area that has an unlimited budget and is a standing agenda item at every board meeting. The network itself cannot be breached using traditional cyber hacking techniques – and would need to be physically breached at their network data centre – which, unsurprisingly, the location is undisclosed – but the security there is not dissimilar to Fort Knox.
Visa has made excellent steps here – they’ve disclosed that they have over 1,000 employees dedicated to preventing fraud and breaches – and partnerships have just been announced with security companies that help their clients identify their own cyber risks.
Emma Wall: What about investment opportunities? – ‘cause this obviously is an industry in and of itself. Do you have any direct plays on cybersecurity within the portfolio?
James Thomson: The obvious pure plays on security are some American companies – Palo Alto Networks, CrowdStrike and Fortinet – but I’ve been reluctant to invest in them because the valuations are so high. The growth trends can be lumpy from one quarter to the next, and industry dominance can quickly change until their platform solution is fully rolled out.
I prefer to play it through Microsoft – the largest holding in the fund. Microsoft is already the vendor of choice for almost every large enterprise – so giving them additional workloads is a much shorter sales cycle. Even though they are a huge business, security is one of the fastest growing segments and it’s already a $20bn security business with real pedigree in the space – but businesses like using single vendors that provide end-to-end solutions. It consolidates to reduce risk, complexity and cost.
I suppose investors could also look at insurance companies. Cyber-insurance-uptake rates rose from 26% in 2016 to 47% in 2020 – and I’m sure that number is just gonna rise. The SEC has just put in very strict new rules around disclosure of cyber events, and the EU Court – just yesterday – set out grounds for compensation around the fear of misuse of personal data due to inadequate security measures. So, I think covered requirements for insurance are only gonna grow from here.
Emma Wall: James, thank you very much.
James Thomson: Great pleasure – thank you, Emma.
Susannah Streeter: That was Emma Wall – first with Tara Clee, and then with James Thomson from Rathbones.
Just to stress – that was the view of the Fund Manager and should not be taken as individual stock recommendations.
You’re listening to Switch Your Money On from Hargreaves Lansdown. To end this episode, I have another challenging stat for Sarah.
So, Sarah – are you ready?
Sarah Coles: I’m really never ready for your challenging stats, Susannah!
Susannah Streeter: The National Fraud Intelligence Bureau shows that fraud has cost a massive £2.5bn over the past 13 months – but which is responsible for more fraud? Is it online shopping and auctions or cheque cards and online banking fraud? Those are the two choices.
Sarah Coles: I have no idea – although, at the end of last year, I was personally [laughs] a victim of card fraud – so I am gonna go with that.
Susannah Streeter: I’m sorry to hear that, Sarah. You’re right! – so cheque card and online banking fraud is actually responsible for around £320m of fraud, which is more than three times as much as online shopping and auction fraud.
Sarah Coles: That makes me feel marginally better about being a victim.
Susannah Streeter: That’s all from us for now. Before we go, I do need to remind you that this was recorded on 8th January 2024 and all information was correct at the time of recording.
Sarah Coles: Nothing in this podcast is personal advice – you should seek advice if you’re not sure what’s right for you. Investments rise and fall in value, so you could get back less than you invest, and past performance is not a guide to the future.
Susannah Streeter: Yes – this is not advice or a recommendation to buy, sell or hold any investment. No view is given on the present or future value or price of any investment, and investors should form their own view on any proposed investment.
Sarah Coles: And this hasn’t been prepared in accordance with legal requirements designed to promote the independence of investment research and is considered a marketing communication.
Susannah Streeter: Non-independent research is not subject to FCA rules prohibiting dealing ahead of research – however, HL has put controls in place (including dealing restrictions, physical and information barriers) to manage potential conflicts of interest presented by such dealing.
Sarah Coles: You can see our full non-independent research disclosure on our website for more information. So, all that’s left is for me to thank our guests – Richard, Helen, Sophie, Tara, Emma, James, and our Producer, Elizabeth Hotson.
Susannah Streeter: Thank you so much for listening. We’ll be back again soon – goodbye!