I recently met convicted fraudster Elliot Castro at a fascinating event run by the Northern Ireland Fraud Academy.
The book of his life of crime (before he went to jail) is a good read, Other People's Money: The Rise and Fall of Britain's Boldest Credit Card Fraudster.
Just like the wonderful Leonardo DiCaprio film about the real life conman, Catch Me If You Can, Scotsman Elliot Castro travelled the World on £2 million of other people’s money.
In Elliot’s case, credit card details obtained in a number of ways.
Also on the platform were a Jonathan Wilson, Head of Special Investigations at AIB plc, and Charlie McMurdie - the woman who was until recently the Met’s Head of Cyber Crime. So we had former fraudster, victim and enforcer all there together.
Inspired by the talk, and aware from clients and daily life how easy it is to be conned, I have pulled together my top ten tips to help keep you safe from fraud.
Don’t regard a high credit limit on your card as a badge of honour. If the limit is £10,000 and you never go over £2,000, then ask your card company to reduce your card limit. I do this. That way if a crook tries to book a business class flight to Cape Town costing £3,500 the purchase will fail.
Be careful what you share on social media. I knew posting that I am on holiday could let burglars know to call at my house. What I didn’t think of was that Elliot Castro would use these times to phone your office and speak to a PA or colleague and persuade them to give him some useful information, like a mobile phone number etc.
Your friend is NOT stranded abroad in need of your help. If you get an email from a known contact saying they are in some far-flung place stuck with no money for an emergency operation/ flight home/ hotel bill, its 99.9% sure to be fake. I get one of these every month or so ‘from’ a friend or client. Nearly always they have had their BT email address hacked. Having a BT email myself I see regular things popping up on my phone or in emails tempting me to log in. Don’t do it. Once they have your email and password they can hack your email. And if you use part of that password in other sites your whole online life may be upset.
When someone rings you, how do you know who they are? Just because they say they are from your bank, don’t divulge to them any of your security details. For example if they ask for letters 1 and 3 of your password, then in a month’s time ring and ask for letters 2 and 4...you can see how they could build up a picture! Elliot would sometimes work for weeks on a person’s case before he actually tried to use their money. If someone is from your bank you should be able to ring back on their published phone number (not the one the person gives you!) and speak to someone.
Phishing – be very careful what links you click in emails. These emails are getting very sophisticated. For example HMRC will NEVER email you about a tax refund or tax bill to be paid. It is easy to be drawn into clicking a link and ending up in a fake website where you then put in your banking details, and overnight become very poor. Always go to your online bank by either following a ‘bookmark’ on your computer or typing from fresh the web address you already know. Those extra seconds could save you a fortune.
Online purchases – use just one card. The ex-detective advised that you keep just one credit card which you use for online purchases. Don’t use the others. Maybe also keep a low but suitable credit limit on it.
If someone phones you (say when you are in your hotel room) and says there is a problem with your card – they may be a crook. This was one of Elliot Castro’s techniques. Ring up and say the card they checked in with has a problem, and Bingo – the guest gives you all their card details!
Online shopping in public wifi zones is risky. The ex-detective warned that you could be attached to a proxy wifi-zone. In other words it looks legit but is taking a note as you browse of all your log-ins, passwords and card details – perhaps while you buy that fraud book by Elliot Castro on Amazon!.
Make a bit more effort with passwords. Put an odd character in the middle. Instead of piggy1474runs try pi6%ggy1474runs. Avoid using things people might find like your date of birth, your child’s name or your current pet. (Imagine the Facebook post – ‘look here’s a snap of wee Spot after he came back neutered & sad from the vet.’ Crook guesses password Spot2013 )
Be less trusting. Just because you hear a call centre in the background, it might just be a recording. If the girl calling you interrupts to ask her ‘colleague’ to “Get the porter to collect those bags” this does not confirm the girl works in your hotel. It just makes the call to you sound legit!
And finally I am sure you are wondering why Elliot Castro flew back to Belfast (where he once lived) to talk about his life before jail.
The answer is that he has turned his life around and now advises the police and lots of blue-chip companies about how businesses can beef up their security and prevent the fraudster making off their or their customers’ money.
I wish him all the best – we need his help.
Adrian Huston, a former tax inspector, is a director of Belfast tax and accountancy firm Huston & Co – www.huston.co.uk or 028 9080 6080.