Scams have skyrocketed in recent years and since the start of the coronavirus crisis. Which? analysis of Action Fraud figures suggests victims lost £1.7 billion over 12 months - which works out at £3,234 reported lost to scams every minute. Many scams will also have gone unreported over this period, meaning the true figure is likely to be much higher.

Much of this growth in scams has been fuelled by criminals shifting their activities online - whether that’s scammers peddling bogus get-rich-quick schemes on social media or fake finance firms promising enticing returns to savers looking to boost their investments in an era of record-low interest rates and economic uncertainty.

A Which? survey of more than 200 investment scam victims found that while one in seven (15%) were targeted by phone, that number was dwarfed by those lured in via online methods. Four in 10 (39%) victims were targeted via email (12%), search engines (10%), adverts on Facebook (9%) or other non-social media or search engine online adverts (8%).

The consequences for victims can be devastating. Average losses to “clone” scams, those using websites that replicate legitimate firms, average £45,000 - but Which? has heard from victims who have lost six-figure sums.

The tech giants claim they are taking strong action to crack down on fraud. Yet a Which? investigation found search giants Google and Microsoft’s Bing are failing to get to grips with an explosion of fake and fraudulent adverts that lead to the scams, while the Financial Conduct Authority is unable to effectively police online fraudsters using these sites.

Google and Microsoft rake in significant sums of money from adverts that lead to scams or that are posted by unauthorised firms. These can remain live for weeks even after the financial regulator has issued public warnings about them.

Although legitimate investment comparison sites do exist - and may advertise on search engines - Which?’s investigation found dozens of investment comparison sites advertising on Google or Bing that were already on the FCA warning list or soon would be. This suggests there are significant flaws in the monitoring processes used by the search engines.

Consumer finance campaigner and former accountant Mark Taber told Which? that Google was still hosting adverts for bondcompare.org.uk, a website linked to a clone scam, almost four weeks after it was reported to the FCA on 17 November 2020. Although the financial watchdog added the site to an existing warning on 10 December, Google continued to carry the ads until 14 December and the site was not shut down until 4 February 2021.

Mia, an 83-year-old retired teacher, told Which? how she lost £70,000 to convincing clones of legitimate investment firms - Prudential and Macquarie Bank - after searching online for a better savings rate in April 2020. However an FCA warning about the cloned Macquarie Bank website was not published until May, several weeks too late, and it was a further four months before the regulator published a warning about the Prudential scam.

Mia said she was left “totally mortified” by the experience and had to seek help from her GP.

Her experience echoed the victims responding to Which?’s survey who reported a negative impact not only on their finances but on their mental health (47%), stress in general (44%), anxiety regarding their finances (43%) and physical health (29%).

One in five (20%) said they didn’t even contact their bank or card provider for a refund while 61 per cent said they did not submit a complaint to the Financial Ombudsman Service (FOS), in part because they were “too embarrassed” or thought they should “bear the burden”.

Separately, Which? has heard from some victims of these sophisticated scams that were initially refused reimbursement by their bank before Which? got involved on their behalf.

Which?’s investigation also uncovered how easy it is for rogue investment sites to continue operating by simply changing their web addresses and using Google or Bing to re-advertise. One company, Lead Generation Limited, has been linked to 28 sites on the FCA warning list.

Another site, comparebondrates.com, falsely claims to be regulated and was only subject to an FCA warning after Which? reported it. Shortly after that, potential victims reported receiving emails from fraudsters posing as regulated company MoneySuperMarket. These scam emails were sent from moneysuper@net-shopping.com and included links to a site called comparebestbondrates.com, also subject to an FCA warning, which closely resembled the website of comparebondrates.com.

Which? also found a further three sites that were still up and running, despite using a phone number known to the FCA - highlighting that the current “whack-a-mole” approach to tackling the issue is not working.

Figures from the FCA point to the sheer prevalence of investment scam firms. Its warning list of firms potentially running investment scams doubled from 573 in 2019 to 1,184 in 2020 - yet three in 10 (29%) of investors surveyed by Which? had never even heard of the warning list.

Given the scale and devastating effects of scams, online platforms, banks, regulators and the government, need to go much further in tackling this issue proactively.

Which? believes its latest findings are further evidence that the UK government must include online scams in the proposed Online Safety Bill, and give online platforms legal responsibility for preventing fake and fraudulent content that leads to scams appearing on their sites.

In response to the explosion of scams seen since the start of the coronavirus pandemic, Which? has also set up a free scam alert service, which provides regular updates on the latest scams and can help consumers familiarise themselves with the latest tactics used by fraudsters.

Gareth Shaw, Head of Money at Which?, said:

“The financial strain of the last year and record-low saving rates are pushing more people than ever to look for investments online, just as fraudsters are looking to exploit the uncertainty and confusion caused by the coronavirus crisis - resulting in a perfect storm for scams.

“Which? has launched a free scam alert service to help consumers spot the latest tactics used by fraudsters, but tech giants, banks, regulators and the government must all step up and do much more to stop victims from facing the devastating consequences of scams.

“Scams must be included in the proposed Online Safety Bill so that online platforms have legal responsibility for preventing fake and fraudulent content posted by scammers from appearing on their sites, and are forced to do more to protect their users.”

Case study

Mia, 83, a retired teacher from Hampshire, lost a total of £70,000 to scammers impersonating two legitimate firms, after searching online for a better savings rate. She told Which? that she was “totally mortified” by the experience and needed help from her GP.

In April 2020, she found what appeared to be a site for Prudential, inviting her to enter her details. After a representative rang and emailed her relevant information, she agreed to transfer £20,000.

Some time later, the contact Mia thought worked for Prudential recommended Macquarie Bank to her. She did some online research and saw that it is a well-established firm founded in Australia. It all seemed in order and she sent two deposits of £25,000 each.

“Little did I know that these were both clone websites. I had never heard that term,” says Mia.

The fraudsters had created convincing sites (macquariecap.co.uk and prunewenquiry.com) and sent glossy company-branded emails and documents. The FCA published a warning about the Macquarie Capital clone in May, several weeks too late. The Prudential warning didn’t come until September.

At the time, Mia’s current account provider, Nationwide, hadn’t yet implemented a new security check called Confirmation of Payee, which alerts you when a payee name doesn’t match the account number.

If this had been available, Mia would’ve seen a no-match warning when she sent payment to the Prudential impersonator.

Nationwide initially refused to refund the money Mia had sent to ‘Macquarie’ as it went to Clearbank, which is outside of the UK and therefore not within the scope of the CRM code. When Which? asked it to reassess the case, it conceded that Mia may not have made the additional payments if she had seen a no-match warning for the initial payments. It reimbursed her in full.

Which?’s advice on how consumers can stay safe from online investment scams:

1. Ignore unexpected offers

Opportunities that come to you out of the blue, whether via a cold call, online advert or through the post, are likely to be either very high-risk or an outright scam. Even if you initiated the contact yourself, don’t assume you’re dealing with a legitimate firm.

2. Check the FCA warning list

This can be found at fca.org.uk/scamsmart/warning-list, and it’s where the regulator records details of firms it knows are operating without permission or running scams. But even if a firm isn’t on the list, this doesn’t mean it’s not a scam.

3. Check the Financial Services Register

This can be found at fca.org.uk/register, and it will help you to see if you’re dealing with a genuine, authorised firm. Access the register via the FCA website, rather than via an email link or website of a firm you’ve been dealing with. Check the firm’s permissions match the service you’re being offered, and only use the contact details listed on the register, not ones you are given. If there are no contact details on the register or the firm claims they’re out of date, call the FCA on 0800 111 6768.

4. Consider getting independent financial advice or guidance

A financial adviser can recommend specific investments to you based on your situation and goals. They must be regulated by the FCA. For more general information about your investment options, you can use free guidance services, such as the Money Advice Service.

5. Be careful with your personal details

Avoid entering contact details on unknown sites, particularly those advertising on search engines and social media, as you risk being targeted with endless scams.