A woman reported being scammed out of $15,000 in an elaborate con.
It began when she was contacted by a “wealthy grandmother” offering to give her more than $1 million, provided she pay some taxes upfront.
As is common in these kinds of scams, the woman was made to purchase gift cards and provide all the info to the criminals over the phone.
We’re going to tell you a little story about somebody who got scammed—and by what may seem like a very obvious scam. An “I’d never fall for that” kind of scam. So let’s make sure we start this out by getting one thing straight: You, too, will one day get scammed, if you haven’t already. And maybe it won’t be an elaborate con, or falling prey to a “pay your overdue taxes in gift cards by phone” kind of scam. But it will happen to every one of us, because we all share one trait: thinking we’re too clever to get conned.
As the Athens Banner-Herald rapporterar, a Jackson County woman was apparently confident enough in her abilities to sniff out a scam that she bought into one hook, line, and sinker. Whether she had initial trepidations or not when she got a Facebook message telling her a wealthy grandmother wanted to give her $1.5 million and a new house, she was confident enough in her judgement to go all in, even when she was told she would have to pay $15,000 in taxes up front.
“During the coming weeks,” the Banner-Herald reports, “…the Braselton woman went shopping for Foot Locker, Razer Gold and Apple gift cards.” She was prompted to give the activation numbers and pictures of the cards to her “grandmother” via WhatsApp. She interacted with two men over the phone who likely were the scammers. “They identified themselves as the brother and lawyer of the grandma,” the Banner-Herald notes, “…who had told the victim that she became rich by winning $343 million in a Powerball lottery.”
The woman in question was sent several checks by the “rich grandmother,” but they all bounced. And now, that Jackson County woman is out of money, and with little recourse for its return. Sheriff Janis Mangum said, “There is no hope” because the victim gave the scammers all the information they needed. “I feel like I’m beating a dead horse,” the sheriff added regarding how often she warns people about these kind of scams. “I put this out all the time.”
Dan Brownsword//Getty Images
In stories like these, our brains jump to blame the victim. “How stupid can you be?” we think. Why do we go there first, instead of being angry at those pulling the con? Get angrier at the folks who fall for the “wallet inspector” trick than the person who took the wallet? Not only is that mentality irrational, it can be downright harmful. As Michelle Singletary said in the Washington Post:
“We must remember that these people are victims and that our attitudes can keep them from reporting these crimes. If they’re too embarrassed or ashamed to admit what happened to them, it allows the scheme to continue or emboldens others to prey on people.”
So why do our brains do this? Tell us to be mad at victims of scams, instead of the scammers? Because our brains can talk us into just about anything. Heck, for the people pulling these scams, their brains have talked them into whatever they have to think to justify stealing people’s savings. “I gotta do what I gotta do to survive,” “It’s their fault for being so gullible,” “You know, technically one way to interpret Marx’s Debates on the Law on Thefts of Wood…” (Look, maybe they’ve got a Poli-Sci Masters, who can say? Not that you can pay down student loan debt with Foot Locker gift cards). Our brains can talk us into falling for cons, for committing cons, all while convincing us we’d never fall for one ourselves, and we’re better than the people who do.
But just this once, maybe don’t instantly decide you’re smarter than the Jackson County woman in question. Maybe take the time you’d spend chuckling at a person losing money, and use that time to call up your dad, call up your grandma, and make sure they know they’d never be asked to pay the government in gift cards. Let them know that if they get a suspicious message on social media, to check with you, and you’ll help them determine if it’s real. And that if they do get scammed, they should know that they can come to you for help, and you won’t make them feel worse about it.
But hey, why bother, right? You’re too smart to get fooled, and the people around you are all too smart for that. It’ll never happen to you. You’re too smart.
So smart, in fact, that we’ve got a great investment opportunity, just for you.
You just have to pay some taxes upfront…
Michael Natale is the news editor for Best Products, covering a wide range of topics like gifting, lifestyle, pop culture, and more. He has covered pop culture and commerce professionally for over a decade. His past journalistic writing can be found on sites such as Yahoo! och Comic Book Resources, his podcast appearances can be found wherever you get your podcasts, and his fiction can’t be found anywhere, because it’s not particularly good.
Lloyds Bank this weekend fired a salvo at Facebook-owner Meta, slamming it for failing to stop a ‘Wild West’ surge in online shopping scams. Britain’s biggest retail bank – which has 26 million customers – blasted the social media giant for enabling so-called ‘purchase’ frauds.
The banking group claimed two-thirds of the scams start on Meta-owned platforms, which also includes Instagram.
Banks and insurance groups have been frustrated for years that social media companies are not made to pay their fair share of compensation to victims for frauds hosted on their platforms.
But it is highly unusual for a lender like Lloyds to take aim at an individual tech firm like Meta.
The intervention puts Lloyds Banking Group boss Charlie Nunn at loggerheads with Facebook tycoon Mark Zuckerberg.
Face-off: Lloyds Banking Groups chef Charlie Nunn och Metas verkställande ordförande Mark Zuckerberg
British banks have previously urged ministers to tackle online financial scams amid concerns that criminals are using Facebook and Google to place fraudulent advertisements with impunity.
The failure of internet giants to check the authenticity of digital ads has led to a surge of scams, they claim. These include ‘brand cloning’, where criminals impersonate legitimate businesses to dupe victims into handing over their savings. Purchase fraud tends to target younger consumers who are tricked into paying for sought-after items that don’t actually exist.
Victims are lured by the offer of a cheap deal – often advertised on social media – and then asked to send money from their own secure online bank account direct to the seller via a transfer system known as faster payments.
However, this provides very little protection when things go wrong.
The scam is a small but growing part of online fraud, which now accounts for 40 per cent of all crime and costs £7 billion a year, according to latest government figures.
The number of purchase frauds has soared by 40 per cent since the start of the pandemic to over 117,000 cases in 2022, according to the UK Finance trade body. It coincided with a boom in online shopping, more time spent on social media and shortages of certain goods caused by supply chain issues.
Lloyds, whose brands include Hailfax and Bank of Scotland, estimates that someone falls victim to the scam on a Meta-owned platform every seven minutes, costing consumers £27 million this year alone.
The average amount lost by the victims of purchase scams is around £570. Clothes, trainers, gaming consoles and mobile phones are among the most common goods being falsely advertised for sale.
Lloyds said it reimburses ‘the majority’ of victims and has invested ‘hundreds of millions of pounds’ in security systems to beat the scammers.
But refunds don’t address the emotional trauma of being a victim of fraud or stop the flow of money to organised crime, it added.
‘Social media has become the Wild West of online shopping in recent years, with very few checks in place to verify who is selling what,’ said Liz Ziegler, fraud prevention director at Lloyds Banking Group.
The Government’s new national fraud strategy allows banks more time to slow down suspicious payments. But Ziegler said banks couldn’t fight the ‘epidemic of scams’ alone.
‘It’s high time tech companies stepped up to share responsibility for protecting their own customers,’ she said.
‘This means stopping scams at source and contributing to refunds when their platforms are used to defraud innocent victims.’
An amendment to the long-delayed Online Safety Bill requires social media firms to prevent paid-for fraudulent adverts, regardless of whether the ads are controlled by the platforms or an intermediary. It followed pressure from consumer groups, charities and the banking industry who claimed the Government’s approach to tackling online fraud was ‘flawed’.
But critics say the proposals still don’t go far enough. ‘Fraudsters don’t just pay for adverts or create fraudulent content that fits within the scope of the Bill,’ said a banking industry source. ‘The exclusion of online marketplaces like Facebook’s is therefore a significant loophole.’
Campaigners say only the threat of fines will force the social media companies to act.
‘Without penalties there’s nothing in it for them to stop the scams from happening,’ said consumer champion Baroness Altmann. She fears the Government is ‘absolutely terrified of upsetting the tech companies’ and of being seen to clamp down on the free market.
James Daley, founder of consumer campaign group Fairer Finance, said social media sites had become ‘a gateway for fraudsters’.
‘Firms like Meta have a clear responsibility to step up and protect their users,’ he said. ‘But if past experience is anything to go by, it’s unlikely these firms will do much if they don’t have to.
‘The Government announced plans to introduce new protections last year, but these have now been kicked into the long grass again.’
Meta said purchase fraud was ‘an industry-wide issue’ with scammers using ‘increasingly sophisticated methods’ to defraud people ‘in a range of ways, including email, text and offline’.
A spokesman said: ‘We don’t want anyone to fall victim to these criminals which is why our platforms have systems to block scams. Financial services advertisers now have to be authorised by the Financial Conduct Authority.’
The Department for Science, Innovation and Technology was approached for comment.
Some links in this article may be affiliate links. If you click on them we may earn a small commission. That helps us fund This Is Money, and keep it free to use. We do not write articles to promote products. We do not allow any commercial relationship to affect our editorial independence.
NHS trusts are sharing intimate details about patients’ medical conditions, appointments and treatments with Facebook without consent and despite promising never to do so.
En Observer investigation has uncovered a covert tracking tool in the websites of 20 NHS trusts which has for years collected browsing information and shared it with the tech giant in a major breach of privacy.
The data includes granular details of pages viewed, buttons clicked and keywords searched. It is matched to the user’s IP address – an identifier linked to an individual or household – and in many cases details of their Facebook account.
Information extracted by Meta Pixel can be used by Facebook’s parent company, Meta, for its own business purposes – including improving its targeted advertising services.
Records of information sent to the firm by NHS websites reveal it includes data which – when linked to an individual – could reveal personal medical details.
It was collected from patients who visited hundreds of NHS webpages about HIV, self-harm, gender identity services, sexual health, cancer, children’s treatment and more.
It also includes details of when web users clicked buttons to book an appointment, order a repeat prescription, request a referral or to complete an online counselling course. Millions of patients are potentially affected.
This weekend, 17 of the 20 NHS trusts that were using Meta Pixel confirmed they had pulled the tracking tool from their websites.
Eight issued apologies to patients. Multiple trusts said they had originally installed the tracking pixels to monitor recruitment or charity campaigns and were not aware that they were sending patient data to Facebook. The Information Commissioner’s Office (ICO) is investigating.
De Observer can reveal:
In one case, Buckinghamshire Healthcare NHS trust shared when a user viewed a patient handbook for HIV medication. The name of the drug and the NHS trust were sent to the company along with the user’s IP address and details of their Facebook user ID.
Alder Hey Children’s trust in Liverpool, sent Facebook details when users visited webpages for sexual development problems, crisis mental health services and eating disorders. It also shared data when users clicked to order repeat prescriptions.
The Tavistock and Portman NHS foundation trust in London shared data with Facebook when users clicked the information page for its gender identity service, which specialises in working with children who have gender dysphoria. Data was also shared when users viewed the webpage for the Portman Clinic, which “offers specialist help with disturbing sexual behaviours”, and clicked for details on how to be referred to the service.
Surrey and Borders Partnership NHS trust shared data with Facebook when a patient clicked buttons indicating they were under 18, lived in Brighton and wanted to access mental health services.
Other NHS trusts sent detailed receipts to Facebook when users accessed pages for appointment bookings or completed online self-help courses. Barts Health NHS trust, which serves a population of 2.5 million in London, shared data with Facebook when a user clicked to “cancel or change an appointment” or added a visit to a particular hospital to their itinerary.
The Royal Marsden, a specialist cancer centre, sent data on patients requesting referrals, viewing information about private care and browsing pages for particular cancer types.
Information sent to the company is likely to include special category health data, which has extra protection in law and is defined as information “about an individual’s past, current or future health status”, including medical conditions, tests and treatment and “any related data which reveals anything about the state of someone’s health”. Using or sharing it without explicit consent or another lawful basis is illegal.
Once the data reaches Facebook’s servers, it is not possible to track exactly how it is used. The company says it prohibits organisations from sending it sensitive health information and has filters to weed such data out when it is received by mistake.
Professor David Leslie, director of ethics at the Alan Turing Institute, said the transfer of data to third parties by the NHS risked damaging the “delicate relationship of trust” with patients. “Our reasonable expectation when we’re accessing an NHS website is that our data won’t be extracted and shared with third-party commercial entities that could [use it] for targeting ads or linking our personal identities to health conditions,” he said.
He accused Meta of doing too little to monitor what information it was being sent. “Meta says we don’t permit certain types of data being sent to us but they haven’t spent enough on resources to audit this,” Christl said.
In most cases, the information sent to Facebook during a test by the Observer was transferred automatically upon loading a website – before the user had selected to “accept” or “decline” cookies – and without explicit consent. Only three of the 20 trusts mentioned Facebook or Meta in their privacy policies at all. Several of the trusts had previously promised patients that their information would not be shared or used for marketing.
Collectively, the 20 NHS trusts found using the tracking tool serve a population of more than 22 million people in England, stretching from Devon to the Pennines. Some had been using it for several years.
In a statement, the trust apologised to patients and said the Meta Pixel had been active on its website in error. “It was installed in relation to a recruitment campaign, and we were not aware that Meta was using this information for marketing purposes,” a spokesperson said. “Immediate action has been taken to remove it.”
The Royal Marsden said it regularly reviewed its privacy policies but did not say whether it planned to remove the pixel. Barts said it was removing trackers from its website “following the disclosure that they were being used to extract personal information beyond the purpose for which they were originally installed, which was to measure responses to recruitment advertising campaigns.”
Several said they were unaware of how data would be used and apologised to patients for failing to get consent. Aside from the 17 who pulled or are pulling the tool, Hertfordshire Partnership trust and Royal Marsden said they were investigating the issues internally and only the Tavistock and Portman did not respond to requests for comment.
The ICO said it had “noted the findings” and was considering the matter. “People have the right to expect that organisations will handle their information securely and that it will only be used for the purpose they are told,” a spokesperson said.
Avslöjanden om NHS-användningen av Meta Pixel kommer efter att tillsynsmyndigheter i USA utfärdat varningar för användningen av spårningsverktyg där. Förra sommaren, teknisk webbplats The Markup avslöjade deras användning på vårdgivares webbplatser. I december varnade Biden-administrationen för att användning av spårningspixlar för att samla in patientdata utan samtycke var ett potentiellt brott mot federal lag.
Flera ledande amerikanska sjukhus stäms för närvarande av sina patienter för deras användning av pixlarna, som är små kodbitar som är osynliga under normal surfning.
Meta står också inför rättsliga åtgärder på grund av anklagelser om att ha tagit emot medvetet känslig hälsoinformation – inklusive från sidor inom patientportaler – och inte vidta åtgärder för att stoppa det. Klagandena hävdar att Meta kränkte deras medicinska integritet genom att fånga upp "individuellt identifierbar hälsoinformation" från sina partners webbplatser och "generera pengar" på den.
Jeffrey Koncius, en partner vid Kiesel Law i Kalifornien och en av advokaterna som leder åtgärden, sa att dataöverföringen från NHS-webbplatserna verkade likna vad som hände i USA. "Tänk om ett sjukhus skickade ett brev till Mark Zuckerberg och sa: 'Vi vill att du ska veta att Jeff Koncius är vår patient'", sa han. "Det är precis vad som händer här. Det sker bara elektroniskt.”
Liberaldemokraternas hälsotalesman Daisy Cooper beskrev fynden som en "chockerande upptäckt" som väckte allvarliga frågor om skyddet av patientinformation. "NHS måste undersöka hur detta hände och hur utbrett detta påstådda dataintrång är", sa hon.
NHS England sa att enskilda truster var ansvariga för att se till att de följde dataskyddslagarna. "NHS undersöker denna fråga och kommer att vidta ytterligare åtgärder om det behövs", sa en talesperson.
Meta sa att de hade kontaktat trusterna för att påminna dem om dess policy, som förbjöd organisationer att skicka hälsodata. "Vi utbildar annonsörer om att korrekt ställa in affärsverktyg för att förhindra att detta inträffar", sa talespersonen. De tillade att det var webbplatsägarens ansvar att se till att den överensstämde med dataskyddslagarna och hade fått samtycke innan data skickades.
Företaget svarade inte på frågor om effektiviteten av dess filter utformade för att sålla bort "potentiellt känslig data", eller vilka typer av information de skulle blockera från sjukhuswebbplatser - eller säga varför det tillät NHS-truster att skicka data överhuvudtaget, med tanke på hög risk kan det avslöja detaljer om webbanvändarens hälsa.
"Som all teknik kommer inte våra filter att kunna fånga upp allt hela tiden. Men vi förbättrar ständigt våra mekanismer för att se till att vi fångar så mycket vi kan”, sa en talesperson.
Företaget erbjuder sina affärsverktyg till annonsörer och säger att de kan hjälpa dem att använda hälsobaserad reklam för att "växa ditt företag". I en guide säger det att data som samlats in genom dess affärsverktyg kan förbättra användarnas Facebook-upplevelse genom att visa dem annonser som de "kan vara intresserade av". "Du kan se annonser för hotellerbjudanden om du besöker resewebbplatser", förklaras det.
Sam Smith, på medConfidential, en datasekretesskampanjgrupp, sa att det aldrig var lämpligt att verktygen skulle användas för att samla in hälsoinformation. "Det finns ingen fördel för NHS-förtroende att ge bort denna information. Det är som att be ett tobaksföretag att sponsra en canceravdelning”, sa han. "NHS England godkänner tyst detta genom att inte genomdriva något bättre."