News from 2022

December 2022 ~ CoHo still “dysfunctional and facilitating fraud”

Today at IPFGB we have been investigating a series of frauds in Italy. Punters have been duped into joining a Ponzi scheme; the ‘authenticity’ for the scammers being provided by a recently registered London-based company. Using a non-residential address is often the norm, [in the interests of data protection, of course]. But just a modicum of due diligence into this new UK company would have revealed that the sole director was a Scandinavian with a ‘postbox’ mailing address in Colorado, and the registered office was a flat above a massage parlour in the East End. Would any of that ring alarm bells for you? Not so for Companies House, apparently!

Two months ago, on this channel, we reported the new measures CoHo was introducing to tighten up on registration. A month ago, however, MPs were being told that there remained “less verification needed for someone to set up a fraudulent shell firm than to borrow a library book!

Risk managers at NatWest and HSBC, who rely on CoHo records to verify bank accounts, lined up behind UK Finance, the anti-fraud trade body, to take a swipe at the institution and urged government to “Get it right first time!”

The committee session examined fraudulent company registrations, again pointing out to MPs that fraudsters were stealing identities and continuing to use victims’ home addresses to register fake firms. As many as 50% of newly registered companies simply ‘disappear’ in a year or two, suggesting that the majority are totally bogus and have served their purpose in facilitating some form of crime.

The new economic crime bill is going through the House of Commons and proposes major changes to Companies House. However, one of its directors confessed to the committee it would be three or four years before they would be able to counter their negative press coverage.

November 2022 ~ ‘Fraud and the Justice System’ ~ new report / new measures!

“The impact of fraud cases upon victims should not be underestimated”, said Justice Committee Chair, Sir Bob Neill MP, as he published the ‘Fraud and the Justice System‘ report in which MPs complained of ‘an epidemic of fraud cases’, forecasting even further growth if there was not a considerable shift in the way they are investigated, prosecuted, and prevented.

With an estimated 4.6 million fraud offences for the year ending September 2021, CPS prosecuted only 7,609 defendants for fraud or forgery as the principal offence. Currently accounting for 40 per cent of crime, [and growing], the level of concern from law enforcement falls short of what is required. We know that Action Fraud will now be replaced, but the Justice Committee insisted its successor must meet the demands placed on it. However, the wider criminal justice system must also renew its focus. “Fraud prevention, investigation and prosecution is too often an afterthought, last in the queue for resources, monitoring and even court time.”

Amongst the valued witnesses presenting evidence to the committee was Adrian Darbishire KC, who described fraud as “catastrophically under-reported, under-investigated and under-prosecuted.” He claimed that there existed “no effective mechanism” for business enterprises to “work effectively with law enforcement authorities to address this endemic offending”. He denied that the problem was a lack of resources; rather, “a deep-seated refusal to face the problem; to recognise frankly its extent and its attendant harms; and then to think through, realistically and boldly, the measures needed to address it.”

SOCA/NCA came in for criticism, having missed the opportunity to tackle this thorny issue; content to counter drugs trafficking, “safe in the knowledge” that the responsibility had been laid at another’s doorstep . . . in the form of the hapless Action Fraud. The committee appeared to accept that OCG fraud presented “a degree of difficulty . . . that very few police officers could ever cope with.” The crime was, therefore, “screened out.”

It appeared to be accepted that law enforcement had lost both “the skill and the will” to investigate fraud; [the precisely-worded phenomenon which IPFGB has been shouting from rooftops for more than a decade]. Instead of viewing the private sector with suspicion, it was suggested that the police engage with those Association of British investigators [ABI] members who regularly tackle fraud cases. In reality, it is the norm for big business to approach specialist fraud investigation companies anyway. Sadly, this is a financial luxury which the individual fraud victim can rarely afford. In effect, it is only those victims who can afford to fund investigation who can expect action.

A new initiative designed to help cross-border fraud victims has been introduced, however, in the form of a new “jurisdictional gateway”, which seemingly makes it easier to seek disclosure of the identity of fraudsters and the whereabouts of stolen funds.

Cyber and cryptocurrency fraud victims invariably have no idea where their stolen assets have gone. In such cases, IPFGB has been involved where Norwich Pharmacal orders have been granted against third parties; typically to assist in identifying defendants. Bankers’ Trust orders are similar and typically granted to ensure banks or cryptocurrency exchanges comply in support of a proprietary claim. Until now, applicants had to persuade a judge that the application fell within one of the existing service gateways. As from 01-Oct-22, a new jurisdictional gateway came into force in England and Wales which, subject to the usual tests, will permit applicants to serve disclosure orders on third parties based outside England and Wales. This will apply where information is sought concerning the true identity of a defendant, and/or what has become of the applicant’s property. The application must be made for the purpose of proceedings that are intended to come before an English court.

Enforcement may not be that simple, however. It remains to be seen how effective these orders will be in practice, particularly if, for example, the respondent has no footprint or connection with England, or if he can hide behind Swiss banking secrecy laws.

October 2022 ~ Long-awaited CoHo reforms on the way

“Domestic and international criminals have for years laundered the proceeds of their crime and corruption by abusing UK company structures, and are increasingly using cryptocurrencies,” admitted Graeme Biggar, Director General of the National Crime Agency, as he welcomed the announcement of the long-awaited Economic Crime and Corporate Transparency Bill.

It is a sad fact that anyone who currently registers a company in the UK does not need to prove their identity. New, wide ranging reforms are at last to be put in place to pressure those organised criminals and terrorists who for years have abused the UK’s poorly administered Companies House; a woeful bureaucratic monster which presently considers the protection of fraudsters’ privacy above the rights of legitimate businesses who wish to conduct due diligence in their affairs.

Red tape around confidentiality liability will be eased to enable businesses to share information, to assist in preventing and detecting economic crime, including fraud and sanctions evasion. Tightening registration and transparency requirements will help drive dirty money out of the UK, and it is hoped the new Act will restore the UK’s reputation as a place where legitimate businesses can thrive.

September 2022 ~ British Policing has “lost its way” . . . report  

“British policing simply does not have the capability or the capacity to tackle online-based criminality.  As a result, these offences are in essence almost entirely decriminalised.” 

So reads a damning report, published today [31-Aug] by the think-tank Policy Exchange.   

It continues . . . “The Home Secretary should use their powers to reform ‘failing’ police forces and replace the chief constable if necessary.”  Some common offences are being ignored because policing has “lost its way”.  The report recognises the growing public perception that police officers are “more interested in being woke than solving crimes”. 

The government says more than 13,790 extra police officers have been hired across England and Wales as part of the PM’s pledge to put 20,000 additional officers on the streets by 2023.  But is that where they are needed?  The report suggests the move will fail to make a real contribution to tackling the tidal wave of online crime because they will be deployed to do traditional policing.  Solving crime is woefully low with only 3.5% of residential burglaries, 6.3% of robberies, and 4.1% of thefts solved during the past year.  Tackling online crime should be a priority for law enforcement and government yet fewer than 2% of all police officers in the UK are dedicated to the investigation of fraud or sexual abuse of children online. 

One force which is addressing this negative trend, however, and appears to be rising above the rest, is Greater Manchester Police, which in 2021 was put into ‘special measures’ due to its deplorable performance.  The Chief Constable given the task of rescuing the situation immediately bucked the system by courageously voicing his anti-woke views.  But Steve Watkins is also producing the goods.  In his first year at the helm, he has almost doubled the arrest-rate and has recaptured the true meaning of ‘pride’ amongst his officers.  This has, in no small way, been achieved by the hiring of around 100 former detectives, employed to investigate newly reported crimes.  The formation of that unit, and the success it is bringing, has proved that proactive policing really does work.     

[Extract from full article at https://www.theabi.org.uk/news.]   

August 2022 ~ So what happened to CoHo’s promise to tighten up?

It is almost two years since we reported on this blog [see October 2020] that, in response to the massive increase in UK fraud, Companies House would be introducing new countermeasures. The institution, which was set up in 1844, proudly announced that in future, directors whose identity has not been verified would not be appointed. Powers were being created to give CoHo the opportunity to question and investigate applicants and remove false information; Minister for Corporate Responsibility Lord Callanan saying, “We are committed to making the UK the best place in the world to start and grow a business.”

Sadly, it clearly did not happen, for today [12-Aug-22], we see the headline: ”Thousands of households have had their addresses unknowingly used by crime gangs to register bogus companies, a BBC investigation has revealed.”

Radio 4’s “You & Yours” programme has reported 150,000 false addresses have been registered with CoHo, with innocent residents having to cope with the aftermath; dealing with overdrafts, loans, insurance demands and credit card debts. According to the report, CoHo’s response was that they currently have “no legal powers to verify or validate” a firm’s details. One victim who reported the illicit use of her address, where she had lived since it was built, was told by CoHo that those, [the crooks, that is], who had registered the firm, would be given 28 days to object before her address was removed.

A Department for Business, Energy and Industrial Strategy spokesman told the BBC that the Economic Crime and Corporate Transparency Bill would help to “prevent fraudulent appointments by introducing identity verification” and give Companies House powers to “check, challenge and decline any dubious information”. In the meantime, the register continues to provide safe haven facilities for the fraudster; one security expert telling the BBC that he believed one-fifth of companies set up in the UK last year were fraudulent.

July 2022 ~ “Take Five to Stop Fraud”

In a move to counter the unwelcome limitations which GDPR imposed on law enforcement, commerce, and even the general public, in protecting themselves against fraud, the UK government is using its departure from the EU to introduce measures giving “new powers on information sharing and tracking stolen money.” The Economic Crime and Corporate Transparency Bill will provide an opportunity to try to reverse the 8% increase in recorded fraud, having reached a staggering £1.3bn in 2021; [figures revealed by BBC News]. The record figure has been fuelled by a hike in investment scams, where criminals set up fake cryptocurrency websites featuring celebrities supposedly endorsing them on social media.

Katy Worobec, managing director of economic crime at UK Finance said, “These are things we have long called for and will support efforts to work together and stop the fraud happening in the first place.” UK Finance is the collective voice of the banking industry, and it is urging customers to think before acting in its “Take Five to Stop Fraud” campaign.

It has been generally accepted that the less-computer-savvy old folk were easy meat for fraudsters. But having a fear, [or rather respect], for new technology can actually be the best defence. Instead of taking as gospel each and every “customer instruction” received on a phone or laptop, the doddery old duffer is more likely these days to take a second look and question the urgency in giving up passwords or moving their money from account to account. This “pause to consider” is in sharp contrast to the under-35s who, according to new research, have become the “prime targets” for the scammers; particularly on platforms such as WhatsApp. The young are more susceptible to being tricked into transferring money through social media platforms, especially WhatsApp.

UK Finance is the collective voice of the banking industry, and they are warning that energy bill and tax scams are becoming more common as the cost-of-living rises. Building on people’s fears of rising prices, as victims, it is the younger age groups which are often at the forefront of crime, and more likely to be subjected to impersonation scams.

Social media, shopping sites, and dating apps, being the preferred province of 21-30s, put them top of the victim list, according to Barclays’ data. There is some legal protection if you lose money from your account or your bank details are stolen, so banks have a big incentive to crack down on this type of crime. The number of unauthorised transactions is actually falling. What is growing fast is criminals posing as different organisations, ranging from NHS to banks and government departments, via phone calls, text messages, emails, fake websites, and social media posts. Before swiftly utilising those dextrous fingers and thumbs, it’s worth pausing a while, just like Grannie, and asking yourself, “Is this real?”

June 2022 ~ Caution needed over Chinese instructions

Those of us who regularly take on investigations on behalf of overseas clients will occasionally have encountered red flags when conducting due diligence in respect of prospective clients. At IPFGB, we follow ABI guidelines by automatically compiling a Data Protection Impact Assessment in respect of each case. Naturally, that takes into account not only our legitimate interest in processing the personal data of others without their consent, but also that of the potential client.

Our good friend and highly respected IP infringement investigator, Ron Alvarez, has once more warned his fellow-American PIs of a problem which has been dogging the industry there for some time. Very recently, the US Department of Justice indicted a number of people for harassing, threatening, and spying on US-resident Chinese dissidents on behalf of the Chinese government. What has emerged is of PIs in the US accepting instructions to provide background checks on Chinese victims legally living in the United States. One PI completed an OSINT profile for a $1500 fee, but was then further tasked to obtain IRS tax returns and to establish any links with the CIA or FBI; further, to dig up derogatory information and, if none existed, to invent it. The PI duly informed the FBI of the approach . . . it was established that the client was indeed an agent of the Chinese Ministry of State Security [MSS]. Ron has provided evidence that this was not an isolated case . . . in 2020, a PI and former law enforcement officer was arrested for conspiring with Chinese “foreign agents” to coerce a target to return to China.

In a press conference in March of this year, the FBI’s Assistant Director, Alan Kohler, made an official announcement to all US PIs, urging them to notify the FBI if approached by foreign governments.

So, could it be happening here in the UK? Quite simply, the answer is, “Yes.” Only last year, we at IPFGB were indirectly approached by a Chinese company, tasked to locate a sizeable number of Chinese nationals working in the UK; ostensibly as a ‘head-hunting’ exercise with a view to offering them lucrative employment. Immediately suspicious, we applied the ‘legitimate interest test’ and insisted that the potential client provided sufficient data to satisfy us that the approach was indeed warranted. As expected, the assignment instantly evaporated . . . we never heard another word from them. One was left to wonder what justifiable reason they would have produced in wanting to know where their nationals were living and working . . . other than to pressure them into spying. Was the task offered elsewhere . . . and accepted?

Also published at ABI News: https://www.theabi.org.uk/news

May 2022 ~ ABI award for Dick Smith

Having served the Governing Council of the Association of British Investigators for seven years, including Presidency in 2018 and latterly as Law Enforcement Liaison Officer, IPFGB’s Dick Smith was presented with the prestigious Frank Martin Award at the annual gala, this year held at Tortworth Court in Gloucestershire.

Full story: Click here

April 2022 ~ Ofcom crackdown on number spoofing

Around 45 million scam calls or texts were received in Britain during last summer alone. Cybercriminals pretending to be genuine individuals or organisations defrauded thousands of victims out of cash and sensitive data. Last year, on this news blog, we reported that it would be 2025 before a new VOiP system would create the opportunity for the UK to counter ‘number spoofing’ fraud.

Global e-retailer clients engage IPFGB to conduct international investigations across Europe, and invariably it is UK-based mobile and landline numbers being used. Number spoofing involves fraudsters changing their caller ID to disguise their true identity or trick the recipient into believing they are calling from their bank, or some other genuine entity.

Many victims say the most convincing element of the scam is the fraudsters’ ability to appear as though they are calling from trustworthy companies. The majority of spoof calls are made using a VoIP service or an IP phone that transmits calls over the internet; users being able to choose the number or name they want displayed on their caller ID.

In conjunction with phone companies, Ofcom is introducing new measures to reduce spoofing; compelling networks to block numbers that are clearly fraudulent. Networks could sift out spoof calls originating from within the UK by authenticating a caller’s ID information before connecting them to the dialled number. The UK’s transition to digital landlines within a few years should make this achievable. But most spoof calls originate from overseas and do not have a valid caller ID.

Ofcom is also aiming to prevent scammers from accessing valid phone numbers by ensuring phone companies run background checks on business customers. Once fraudulent numbers have been identified, phone companies should suspend and report them to the police and regulators.

“Many of these phone companies are also based overseas, however,” says Dick Smith. “With OCGs operating these scam call centres in Northern India, for example, one wonders if the substantial revenue arising from their business will in reality be sacrificed.”

March 2022 ~ Using QR Codes? . . . . beware!

This year will mark the seventieth anniversary of the patenting of barcodes, and two years later, a 10-pack of Wrigley’s Juicy Fruit chewing gum was the first product ever to be scanned . . . in an Ohio supermarket.

Surprisingly, the QR Code, a variation on that theme, has already been around for almost thirty years.

With ever-increasing applications for QR codes, particularly during Covid, when social distancing has been so essential, the public in general has embraced their use, taking advantage of instant connections and rapid transactions.

But do we all take a moment to check exactly what we are connecting to, or precisely where we could be sending our money or, more importantly, our data? Well, we should!

Since the start of 2022, the FBI has been repeating warnings that a second wave of QR code scams is sweeping the world. We cannot afford to be blasé, casually pointing our phones every time we are encouraged or even instructed to do so. False codes can lead you to websites which can then download malicious malware to obtain information on your phone, allowing scammers to hold your device hostage and demand payment.

Quick-draw mobile-users appear to be adopting a “shoot first – ask questions later” reaction to every QR code they encounter. During the recent Super Bowl, a colourful QR code bounced across TV screens worldwide and millions of viewers picked up the smartphones and engaged with the ad. They were taken to the website for Coinbase, a cryptocurrency exchange. The ad generated so much traffic that it crashed Coinbase’s app.

Whenever new technology simplifies the process of pulling in customers, before long it’s going to be abused. The problem here is that the QR code masks the site you are visiting. It is so easy for the scammers to mock-up a copycat website and take unsuspecting [or careless] punters to the cleaners.

The FBI cautioned, “Cybercriminals are taking advantage of this technology by directing QR code scans to malicious sites to steal victim data, embedding malware to gain access to the victim’s device, and redirecting payment for cybercriminal use.” They also warned that “malicious QR codes may also contain embedded malware, allowing a criminal to gain access to the victim’s mobile device and steal the victim’s location, as well as personal and financial information.” 

Suggested precautions:

  • Only scan a QR code from trusted sources; check the URL, and never enter personal information without verifying it is both official and secure.
  • if you receive an email with a QR code, that’s an immediate red flag. These codes are meant for interactions where you can’t just click on a link.  
  • If you use QR codes in your company, ensure the one your customers scan is the one you created. If you code is out there on the street, make sure no one has covered yours with a sticker! Best of all, add some text . . . for example: “This code takes you services@anycompany.com. If it doesn’t, don’t enter personal information and please let us know.” 

February 2022 ~ Processing Criminal Offence Data . . . in the 2020s

Investigating fraud being IPFGB’s core function, it is naturally necessary to provide our clients with a good understanding of the identity and background of those who are committing these offences. In order to provide evidence for civil litigation or prosecution in the courts, we are occasionally tasked to establish details of the bad actors’ criminal past. Under certain circumstances, that data which is in the public domain may potentially be legally processed once the data protection impact and legitimate interest assessments [D{IA and LIA] have been properly conducted. A good understanding of the law in this field is, therefore, essential.

Controlling and processing of personal data in general, and special category [sensitive] personal data in particular, is taken very seriously by members of the Association of British Investigators [ABI].

With ill-informed TV programmes only as a guide, a member of the public might be forgiven for having scant knowledge in this regard, but it is unforgivable that we are still approached by law-firms who seem to have no comprehension of DP compliance, or somehow believe that they [and we] are perhaps exempt. Such was the case recently, when a well-established firm blatantly asked us to quote for obtaining “full criminal convictions” of individuals with whom they were in litigation. We declined the opportunity.

Full story on the ABI website here.

January 2022 ~ Putting right a 20-year wrong

2022 marks the twentieth anniversary of the Enterprise Act, when a certain Chancellor of the Exchequer attempted to de-stigmatise bankruptcy. His idea was to encourage ‘risk-takers’ and allow failures to be back in business within a 12-month. Oft as not, of course, those risks were taken with other people’s money and the result was that within two years, personal bankruptcies almost doubled and respectability became a thing of the past.

A study by Kingston University revealed that only 16 per cent had anything to do with business; the vast majority being consumers who had got into trouble with their credit cards or wide-eyed home-improvers who had under-estimated the costs of doing up a mortgaged property; [source The Spectator].

During these 20 years, in conducting fraud investigations, IPFGB has regularly encountered company directors whose business history has been littered with a trail of failed enterprises; many of them having taken advantage of the situation and rooked people, and the taxman, out of millions.

HMG has now announced that rogues who dissolve their companies and avoid paying liabilities to staff, creditors, and the taxpayer, can now be disqualified from being a director. The Insolvency Service has been granted new powers to tackle these unfit directors.

Business Secretary Kwasi Kwarteng said: “We want the UK to be the best place in the world to do business . . . these new powers will curb those rogue directors who seek to avoid paying back their debts, including government loans provided to support businesses and save jobs. Government is committed to tackle those who seek to leave the British taxpayer out of pocket by abusing the covid financial support that has been so vital to businesses.”

If misconduct is found, directors can now face prosecution, be disqualified as a company director for up to 15 years, and be forced to pay compensation to creditors who have lost out due to their fraudulent behaviour.

The banking and finance industry is supporting this legislation which will provide additional deterrents and easier enforcement of the rules.