0:00:02 > 0:00:04We asked you to tell us what's left you feeling ripped off,
0:00:04 > 0:00:06and you contacted us in your thousands.
0:00:06 > 0:00:10You've told us about the companies you think get it wrong,
0:00:10 > 0:00:12and the customer service that is simply not up to scratch.
0:00:12 > 0:00:16They should be looking after their customers, and they don't.
0:00:16 > 0:00:20Loyalty to the customers is a very low priority.
0:00:20 > 0:00:23You've asked us to track down the scammers who stole your money,
0:00:23 > 0:00:27and investigate the extra charges you say are unfair.
0:00:27 > 0:00:30Big companies, big corporations, are more into the money and the numbers
0:00:30 > 0:00:31than they are about the people.
0:00:31 > 0:00:34And when you've lost out, but no-one else is to blame,
0:00:34 > 0:00:37you've come to us to stop others falling into the same trap.
0:00:37 > 0:00:40It genuinely feels like I'm getting ripped off.
0:00:40 > 0:00:44So, whether it's a blatant rip-off or a genuine mistake,
0:00:44 > 0:00:46we're here to find out why you're out of pocket,
0:00:46 > 0:00:49and what you can do about it.
0:00:49 > 0:00:53Your stories, your money. This is Rip-Off Britain.
0:00:55 > 0:00:59Hello and welcome to Rip-Off Britain, where it's our job to make sure
0:00:59 > 0:01:03your money stays very firmly where it belongs, in your pocket,
0:01:03 > 0:01:07and that it doesn't become easy pickings for unscrupulous crooks.
0:01:07 > 0:01:10But it's not always just your cash that the fraudsters are after.
0:01:10 > 0:01:12So, today, we're on the trail of the people
0:01:12 > 0:01:16determined to steal something just as valuable - your identity.
0:01:16 > 0:01:19And, as we'll see, they don't always have to go to great lengths
0:01:19 > 0:01:20to actually do it.
0:01:20 > 0:01:22But if all of that sounds a bit terrifying,
0:01:22 > 0:01:25don't worry too much, because we've been seeking out the best tips
0:01:25 > 0:01:28and advice to make sure that your personal details,
0:01:28 > 0:01:31not to mention your savings, can be kept safe.
0:01:33 > 0:01:37Coming up - phantom postboxes mysteriously stuck to your home
0:01:37 > 0:01:39with a sinister purpose.
0:01:39 > 0:01:42They were hanging around in the area,
0:01:42 > 0:01:44waiting for the post to be delivered,
0:01:44 > 0:01:49and were then going to remove the box with the stolen mail inside it.
0:01:49 > 0:01:53And what to do if scammers hold your computer to ransom.
0:01:53 > 0:01:56I decided that I wasn't going to give in to these cyber-terrorists,
0:01:56 > 0:01:58these people bullying.
0:01:58 > 0:02:00They're not going to get my money.
0:02:04 > 0:02:07Now, it seems that the days when cash was king
0:02:07 > 0:02:08are well and truly over.
0:02:08 > 0:02:13At the start of 2016, one in every ten card payments
0:02:13 > 0:02:17was made with one of these - a contactless payment card.
0:02:17 > 0:02:19Just six months later, that had shot up
0:02:19 > 0:02:21to one in every six payments,
0:02:21 > 0:02:24and they're getting more popular every day.
0:02:24 > 0:02:25But while for many people,
0:02:25 > 0:02:28going contactless is both simple and convenient,
0:02:28 > 0:02:30there are still those who remain rather sceptical,
0:02:30 > 0:02:33and I'm one of them, and after what I found out making this next film,
0:02:33 > 0:02:36I can't imagine changing my mind any time soon.
0:02:38 > 0:02:43They're quick, easy, and more people now shop with them than ever before.
0:02:43 > 0:02:47But quite a few people still have doubts about using them.
0:02:47 > 0:02:50Can I ask you if you ever use a contactless credit card
0:02:50 > 0:02:52- when you're...?- No.- You don't?
0:02:52 > 0:02:54- Why don't you use them? - I don't trust them.
0:02:54 > 0:02:57- Why don't you trust them? - Because I'm of a certain age.
0:02:57 > 0:03:00- They're dangerous. - Why are they dangerous?
0:03:00 > 0:03:03Because if you lose it, which I have on occasion,
0:03:03 > 0:03:08somebody else can pick it up and just tap, tap, tap, tap. £30 a time.
0:03:08 > 0:03:10They can just steal it, and then they can use my card,
0:03:10 > 0:03:12and I can't have that.
0:03:13 > 0:03:16A recent survey claimed that one in five people
0:03:16 > 0:03:18won't use a contactless card
0:03:18 > 0:03:22because of worries that they're not completely safe.
0:03:22 > 0:03:26Press reports have been quick to add fuel to that particular fire,
0:03:26 > 0:03:29suggesting the simplicity of the cards can make it easy
0:03:29 > 0:03:32for crooks to take advantage of them.
0:03:32 > 0:03:34And if you think that sounds far-fetched,
0:03:34 > 0:03:39well, I'm about to discover exactly how such a scam could work,
0:03:39 > 0:03:42indeed, how straightforward the process can be.
0:03:43 > 0:03:46I've been asked to come to this cafe here in East London,
0:03:46 > 0:03:49and my director has given me his contactless payment card.
0:03:49 > 0:03:52I'm not quite sure what I'm supposed to do with it,
0:03:52 > 0:03:53because I don't use these things
0:03:53 > 0:03:55but, I tell you what, now I've got it,
0:03:55 > 0:03:58this is going to buy me a very large slice of cake.
0:03:59 > 0:04:03Little did I know then that I was walking into a trap -
0:04:03 > 0:04:06one that would see the details from that contactless card
0:04:06 > 0:04:10in my pocket spirited away without the card so much as moving.
0:04:10 > 0:04:13The team told me they were just getting ready
0:04:13 > 0:04:14for us to start filming,
0:04:14 > 0:04:18and introduced me to a fraud expert called Gary Fenton,
0:04:18 > 0:04:21who I'd be interviewing later, but while I chatted to Gary,
0:04:21 > 0:04:25I was the target of a not entirely successful sting,
0:04:25 > 0:04:27as Gary brushed his phone against the pocket
0:04:27 > 0:04:30where I was keeping the contactless card.
0:04:32 > 0:04:34Now, it takes more than a few hidden cameras
0:04:34 > 0:04:37and an unusually prompt camera crew to fool me,
0:04:37 > 0:04:41because straightaway, I guessed that something fishy was going on.
0:04:41 > 0:04:44But not yet entirely sure of what it all meant,
0:04:44 > 0:04:46I didn't let on that I'd spotted anything.
0:04:46 > 0:04:50Instead, I went off to buy a drink with the director's card,
0:04:50 > 0:04:53leaving Gary mysteriously fiddling with his laptop.
0:04:53 > 0:04:58OK, so I've been using this contactless payment card.
0:04:58 > 0:04:59Tell me how they work.
0:04:59 > 0:05:04The card will talk to a scanner, and it just reads the information
0:05:04 > 0:05:07off the card without necessarily physically touching the card.
0:05:07 > 0:05:09But what are the drawbacks?
0:05:09 > 0:05:11You see, I won't have one of these,
0:05:11 > 0:05:14because I think... I think they're open to all kinds of abuse.
0:05:14 > 0:05:16Right, you're not wrong.
0:05:16 > 0:05:21The information can be read, and it can actually be read freely
0:05:21 > 0:05:25by a mobile app that anyone could actually download.
0:05:25 > 0:05:29The same technology that's built into contactless bank cards
0:05:29 > 0:05:33and card terminals is also built into many mobile phones.
0:05:33 > 0:05:37It's called Near Field Communication, or NFC for short.
0:05:37 > 0:05:39It allows card details to be read over short distances,
0:05:39 > 0:05:42which, when you're buying a coffee and a slice of cake,
0:05:42 > 0:05:44can make things relatively easy.
0:05:44 > 0:05:47But it also means that anyone with the right technology
0:05:47 > 0:05:51can make their phones act like a contactless card reader.
0:05:51 > 0:05:54When I met you, you made a point of bumping into me
0:05:54 > 0:05:56- when you had your telephone in your hand.- I did.
0:05:56 > 0:05:57You're very observant.
0:05:57 > 0:06:01And I do have your card information on my mobile phone,
0:06:01 > 0:06:06and I can check with you - are the last four digits 6008?
0:06:06 > 0:06:08Yes, they are. Let me have a look at the rest of it, though.
0:06:08 > 0:06:11I'm not going to read it out cos this is somebody else's card,
0:06:11 > 0:06:12but you're absolutely right.
0:06:12 > 0:06:17OK, you've got the app, I've got the card. Show me how you do it.
0:06:17 > 0:06:20OK, if you put the card onto the table...
0:06:21 > 0:06:24Phone just needs to hover itself above the card, and that's it.
0:06:24 > 0:06:27- As quick as that?!- Even quicker. It took less than half a second.
0:06:28 > 0:06:32Gary's phone has picked up the card number and expiry date
0:06:32 > 0:06:35from my director's card. It didn't take his name
0:06:35 > 0:06:38or the three-digit security code from the back of the card.
0:06:38 > 0:06:40And without that last figure, in particular,
0:06:40 > 0:06:43you'd be forgiven for thinking that no-one could do very much
0:06:43 > 0:06:46with stolen details, but you'd be wrong,
0:06:46 > 0:06:49because after he'd swiped them from the card in my pocket,
0:06:49 > 0:06:5220 minutes earlier, Gary had gone shopping.
0:06:52 > 0:06:56I actually went online and made a purchase using your card,
0:06:56 > 0:06:58and I bought something from Amazon.
0:06:58 > 0:07:02- For how much?- It was just under £30.
0:07:02 > 0:07:04- And they accepted that?- They did.
0:07:04 > 0:07:09It went through straightaway, and it said to wait for delivery now.
0:07:09 > 0:07:12Gary had used a fake Amazon account,
0:07:12 > 0:07:16a fake name, and the stolen details on the card to buy me a gift,
0:07:16 > 0:07:19which was due to be delivered to our offices the following day.
0:07:19 > 0:07:21And he'd done it without being asked
0:07:21 > 0:07:24for the three-digit security code on the back of the card.
0:07:24 > 0:07:26Why does a company like Amazon,
0:07:26 > 0:07:29which must do millions of transactions,
0:07:29 > 0:07:33not ask for that security number? That's why it's there.
0:07:33 > 0:07:35That's an important question,
0:07:35 > 0:07:37and I'm afraid you'll just have to ask Amazon,
0:07:37 > 0:07:40because I have no idea why they're not doing these security checks.
0:07:40 > 0:07:43So, we did just that, and Amazon assured us
0:07:43 > 0:07:46that it has sophisticated and rigorous measures in place
0:07:46 > 0:07:48to prevent and detect fraud,
0:07:48 > 0:07:51which provide layers of protection
0:07:51 > 0:07:54beyond the use of those three-digit security codes.
0:07:54 > 0:07:57But for what it called "obvious reasons,"
0:07:57 > 0:08:01it wouldn't comment on the specifics of what they are.
0:08:01 > 0:08:03So, I suppose the 64,000 question is
0:08:03 > 0:08:06how safe are these things, then, for people to be using?
0:08:06 > 0:08:08- And they're being used all over the place.- They are.
0:08:08 > 0:08:13They can be safe if they're used properly. If these are unprotected,
0:08:13 > 0:08:17then the card information can be scanned without people realising.
0:08:17 > 0:08:19So what sort of precautions can people take
0:08:19 > 0:08:21to make sure that their card stays safe?
0:08:21 > 0:08:25You could keep your card in a protective wallet or a shield
0:08:25 > 0:08:27to protect it from being scanned.
0:08:27 > 0:08:29So, for example...
0:08:29 > 0:08:31here's a shield here,
0:08:31 > 0:08:33and you would put your card into this,
0:08:33 > 0:08:35and it would be protected.
0:08:35 > 0:08:37It would be impossible to scan the card
0:08:37 > 0:08:40- if it's in one of these little wallets.- Right.
0:08:40 > 0:08:43Now, nobody can read that now with any kind of app?
0:08:43 > 0:08:44No, it's completely protected.
0:08:44 > 0:08:47If you wanted to make a genuine purchase, you would take it
0:08:47 > 0:08:51out of here and use it, put it back in here, and it can't be scanned.
0:08:51 > 0:08:54Prove to me that that really protects it. There we go.
0:08:54 > 0:08:57- Let's put it down.- OK. - Have another go.
0:08:57 > 0:09:02We just put the phone over it, and as you can see...
0:09:02 > 0:09:04- Nothing is happening. - Nothing at all.
0:09:04 > 0:09:08Gary's organisation, Online Watch Link,
0:09:08 > 0:09:11sells one version of this protective cover for £1,
0:09:11 > 0:09:15either online or from your local Neighbourhood Watch group.
0:09:15 > 0:09:18And there are plenty of similar products widely available.
0:09:20 > 0:09:22We spoke to the UK Cards Association
0:09:22 > 0:09:25about the potential risks contactless card users face.
0:09:25 > 0:09:27It stressed that...
0:09:30 > 0:09:32..adding that...
0:09:35 > 0:09:38It went on to say that there has never been an actual case
0:09:38 > 0:09:42of card details being obtained and used to make an online purchase
0:09:42 > 0:09:45in the way that we demonstrated in our test.
0:09:45 > 0:09:48And it was keen to reassure anyone with a contactless card
0:09:48 > 0:09:51that, even if someone did scan it in this way,
0:09:51 > 0:09:53only information from the front of the card could be obtained,
0:09:53 > 0:09:57and not the more sensitive details, like the security code
0:09:57 > 0:10:00on the back, which it pointed out IS required
0:10:00 > 0:10:03to make a purchase from the vast majority of retailers.
0:10:03 > 0:10:06And where it's not, as of course happened in our test,
0:10:06 > 0:10:09were a genuine fraud to take place, then the retailer would be liable.
0:10:10 > 0:10:13And if none of that reassures you,
0:10:13 > 0:10:16remember you don't HAVE to have a contactless card.
0:10:16 > 0:10:20You're perfectly entitled to ask your bank for an alternative
0:10:20 > 0:10:22that doesn't have that technology built in.
0:10:22 > 0:10:26If you remember, back in the cafe, Gary ordered something online
0:10:26 > 0:10:29with the details that he'd swiped from that card
0:10:29 > 0:10:32that was in my pocket. Well, here it is.
0:10:32 > 0:10:36He said it was a gift for me, so shall we see what it is?
0:10:36 > 0:10:38What is it? Oh!
0:10:38 > 0:10:40SHE LAUGHS
0:10:40 > 0:10:42Now, there's clever!
0:10:42 > 0:10:46Ooh, blimey, it weighs a ton! Ah, there you go.
0:10:48 > 0:10:50It's an electronic safe!
0:10:55 > 0:10:58You know, we've been doing this programme long enough
0:10:58 > 0:11:00for us to think that there weren't too many types of scam
0:11:00 > 0:11:02we hadn't heard of before,
0:11:02 > 0:11:04whether the fraudsters behind them were after your cash,
0:11:04 > 0:11:07your personal details, or both.
0:11:07 > 0:11:10But a few months ago, we came across something that is completely new,
0:11:10 > 0:11:14and indeed, dare I say it, quite extraordinarily inventive.
0:11:14 > 0:11:17The barefaced cheek of it, I think, is going to take your breath away.
0:11:17 > 0:11:19But when the residents affected
0:11:19 > 0:11:21first noticed something very odd happening,
0:11:21 > 0:11:24establishing exactly what was going on
0:11:24 > 0:11:26raised more questions than answers.
0:11:33 > 0:11:36A quiet, leafy suburb in Chorlton in Greater Manchester.
0:11:36 > 0:11:41But behind these peaceful surroundings lurks a crime spree.
0:11:44 > 0:11:50I'm mystified that anyone would think they could attach a postbox
0:11:50 > 0:11:54to someone's house, and get away with it.
0:11:54 > 0:11:58No-one knows how many people have been affected or even how much money
0:11:58 > 0:12:02may have been lost. In fact, one of the few things that is clear
0:12:02 > 0:12:06about this most mysterious of scams is that whoever was behind it
0:12:06 > 0:12:08had been watching the comings and goings
0:12:08 > 0:12:10on these streets very carefully indeed
0:12:10 > 0:12:14in order to use the residents' identities for their own ends.
0:12:17 > 0:12:22- Hello.- Good to meet you. Come in.- Thank you.
0:12:22 > 0:12:24Alan Dunn was the first to notice that something was amiss
0:12:24 > 0:12:28when he happened to be at home one afternoon.
0:12:28 > 0:12:30My daughter had been out for lunch,
0:12:30 > 0:12:34and she came back after about an hour, and as she walked up the path,
0:12:34 > 0:12:37there was somebody stood on the doorstep, and she said,
0:12:37 > 0:12:41"Oh, can I help you?" And he said, "Oh, I'm sorry,
0:12:41 > 0:12:44"I think I might be in the wrong place. Uh..."
0:12:44 > 0:12:47And left quite quickly.
0:12:47 > 0:12:50Alan's suspicions were aroused, and he popped outside to take a look,
0:12:50 > 0:12:54and immediately noticed that a small black letterbox had been stuck
0:12:54 > 0:12:56to the outside of his house.
0:12:56 > 0:12:59Baffled as to where it had come from and why,
0:12:59 > 0:13:03Alan prised the letterbox away from the wall and took it inside.
0:13:04 > 0:13:07He soon discovered that the postman had dropped the family's mail
0:13:07 > 0:13:10for the day inside the new box, rather than,
0:13:10 > 0:13:13as usual, through the letterbox on the front door,
0:13:13 > 0:13:16and amongst that mail was something very odd indeed.
0:13:17 > 0:13:19What sort of letters were they?
0:13:19 > 0:13:22It was a letter from the TSB saying
0:13:22 > 0:13:24I'd opened a new account with them,
0:13:24 > 0:13:27and I had negotiated an overdraft for £1,000.
0:13:29 > 0:13:32Neither Alan nor his partner Linda banks with TSB,
0:13:32 > 0:13:36and they knew for sure they hadn't opened a new account there.
0:13:36 > 0:13:37Putting two and two together,
0:13:37 > 0:13:41they deduced that Alan's identity had most likely been stolen,
0:13:41 > 0:13:45and the crooks behind it had applied to borrow money in his name.
0:13:45 > 0:13:48But of course, they couldn't activate the account
0:13:48 > 0:13:52or spend the overdraft without the cards, paperwork and PIN number
0:13:52 > 0:13:54that would all be sent through the post.
0:13:54 > 0:13:55So they'd added their own postbox
0:13:55 > 0:13:59to make sure they could get their hands on what they needed.
0:14:01 > 0:14:04At that moment, we realised that the letterbox had been put up
0:14:04 > 0:14:06to intercept the mail.
0:14:06 > 0:14:08In that letterbox, we had a confirmation letter
0:14:08 > 0:14:12and the online PIN number for internet banking,
0:14:12 > 0:14:16and we imagine that the person that Bethan encountered on the doorstep
0:14:16 > 0:14:19was probably in the process of retrieving the mail at that moment,
0:14:19 > 0:14:22- so she spooked him. - How did you feel when you realised
0:14:22 > 0:14:24you'd come very close to being scammed?
0:14:24 > 0:14:28Well, I was quite relieved, in a way, that we'd stopped it happening.
0:14:28 > 0:14:32They obviously knew the delivery times for the postman on that day.
0:14:32 > 0:14:36It was a little window of an hour where they stick it up,
0:14:36 > 0:14:40and the postman was still in the street as they are retrieving it.
0:14:40 > 0:14:43They're following him round, almost, retrieving the mail.
0:14:43 > 0:14:46But Linda and Alan weren't the only people that the scammers
0:14:46 > 0:14:49had in their sights, because guess what?
0:14:49 > 0:14:53Another box appeared round the corner just a couple of days later.
0:14:54 > 0:14:58Retired university professor Harold Somers lives one street away
0:14:58 > 0:15:02from Alan and Linda, and he too had initially been confused to find one
0:15:02 > 0:15:05of the strange and scruffily-numbered letterboxes
0:15:05 > 0:15:07outside his house.
0:15:07 > 0:15:10It was Saturday afternoon, and I was on my way out
0:15:10 > 0:15:14to an important show that we were doing that evening with my band,
0:15:14 > 0:15:18and as I went out the door, I noticed, stuck to the wall,
0:15:18 > 0:15:22was this metal postbox that I'd never seen before,
0:15:22 > 0:15:26and it had a crudely-painted house number on it,
0:15:26 > 0:15:31so my first instinct was that perhaps it had been put there
0:15:31 > 0:15:35by mistake, and the delivery people had installed it in the wrong house.
0:15:35 > 0:15:39Hoping to find out who the box really belonged to,
0:15:39 > 0:15:42Harold took to his local community's Facebook page, where he learned
0:15:42 > 0:15:45the same thing had happened to Alan and Linda.
0:15:45 > 0:15:49I was a bit worried that taking it down might damage the wall,
0:15:49 > 0:15:51because I had assumed it was screwed onto the wall,
0:15:51 > 0:15:53and I couldn't get inside it to unscrew it.
0:15:53 > 0:15:56And they said, "Oh, just pull it off,
0:15:56 > 0:15:59"get it off under any way possible."
0:15:59 > 0:16:01And how do you feel about it now?
0:16:01 > 0:16:04I'm mystified that...
0:16:04 > 0:16:08anyone would think they could attach a postbox
0:16:08 > 0:16:13to someone's house, and get away with it without anyone noticing,
0:16:13 > 0:16:16except that, I suppose, and this is the scary bit,
0:16:16 > 0:16:21what I suppose is that they were hanging around in the area,
0:16:21 > 0:16:23waiting for the post to be delivered,
0:16:23 > 0:16:27and were then going to remove the box, almost as quickly as they'd
0:16:27 > 0:16:31attached it, with the stolen mail inside it.
0:16:32 > 0:16:35And it seems that's exactly what happened,
0:16:35 > 0:16:38because, after we filmed with him, it turned out that a fraudster
0:16:38 > 0:16:41had opened up an account in Harold's name.
0:16:41 > 0:16:45They'd gone on to successfully apply for a £1,000 overdraft,
0:16:45 > 0:16:47which they'd spent.
0:16:47 > 0:16:49And it was Harold who the bank contacted to pay up.
0:16:49 > 0:16:52Luckily, it was accepted there'd been a fraud,
0:16:52 > 0:16:54and he wasn't held responsible.
0:16:56 > 0:16:59Tony Blake is a fraud prevention specialist who says that,
0:16:59 > 0:17:02though the goings-on in Chorlton are relatively new,
0:17:02 > 0:17:04they're certainly not isolated.
0:17:04 > 0:17:07The fraudsters may target some particular area,
0:17:07 > 0:17:10because they have customer information from somewhere.
0:17:10 > 0:17:13They may target a particular area
0:17:13 > 0:17:15because they feel it's more affluent than others.
0:17:15 > 0:17:18The numbers that I'm aware of are very low for this type of crime,
0:17:18 > 0:17:20but it's something we're definitely keeping an eye on.
0:17:20 > 0:17:23There is a risk to doing it, but the rewards are potentially high.
0:17:23 > 0:17:26You take out a loan for a few thousand pounds,
0:17:26 > 0:17:28then the rewards are quite high,
0:17:28 > 0:17:32so they see it that the risks are worth taking.
0:17:32 > 0:17:33Back in Chorlton,
0:17:33 > 0:17:38it seems the scammers have moved on to pastures new.
0:17:38 > 0:17:42But if a strange new postbox appears outside your house,
0:17:42 > 0:17:46watch out - it could mean someone's got their hands on your details too.
0:17:54 > 0:17:57Now, you may remember in May this year, the NHS was the target
0:17:57 > 0:18:01of a huge cyber-attack that saw its computers locked by a programme
0:18:01 > 0:18:05demanding a ransom payment before they could be accessed again.
0:18:05 > 0:18:09It was a story that completely dominated the news for days,
0:18:09 > 0:18:10and yet the crime behind it
0:18:10 > 0:18:13was one that we'd investigated on Rip-Off Britain before.
0:18:13 > 0:18:15And that's because it isn't
0:18:15 > 0:18:18something that just affects public services or industries,
0:18:18 > 0:18:22although criminals do still use the same tactics against both.
0:18:22 > 0:18:26It could be that your own computer suddenly is held to ransom.
0:18:26 > 0:18:29And the online outlaws responsible will say that you won't be able to
0:18:29 > 0:18:32open your precious files again until you come up with the cash.
0:18:35 > 0:18:39Gillian Pucci from Manchester is in a race against time.
0:18:39 > 0:18:40I just knew something was wrong.
0:18:42 > 0:18:45In four days, she'll be permanently locked out of the files
0:18:45 > 0:18:47on her own computer, thanks to cyber-criminals
0:18:47 > 0:18:51who found a way to control access to what she stored there,
0:18:51 > 0:18:53and are demanding a ransom to set it free.
0:18:53 > 0:18:55But I know they're there...
0:18:56 > 0:18:58..and that's what's heartbreaking.
0:19:00 > 0:19:03It's a scam that could target you, as well - but even if she pays up,
0:19:03 > 0:19:07Gillian can't be sure she will ever see her precious files again.
0:19:07 > 0:19:09With any kidnapping, there's no guarantee
0:19:09 > 0:19:13that, if you do pay the ransom, that you'd ever get them back.
0:19:15 > 0:19:17Gillian uses her computer for everything,
0:19:17 > 0:19:19from storing photos to running the accounts
0:19:19 > 0:19:21for the family's restaurant.
0:19:21 > 0:19:24She knows to avoid opening any suspicious e-mail,
0:19:24 > 0:19:27until in June last year, one caught her out.
0:19:28 > 0:19:33It was an e-mail addressed to me personally, and the heading said,
0:19:33 > 0:19:37"We would appreciate prompt payment of the attached invoice."
0:19:37 > 0:19:40Something inside me said, "Don't open it."
0:19:40 > 0:19:42But then I was thinking,
0:19:42 > 0:19:45"Well, have I ordered something, or has somebody cloned my card?
0:19:45 > 0:19:49"Has something happened, and I'm being asked to pay for something
0:19:49 > 0:19:50"that I haven't ordered?"
0:19:50 > 0:19:52So I did, I opened it.
0:19:53 > 0:19:55The attachment that Gillian clicked on was blank,
0:19:55 > 0:19:58so she closed it again, and thought nothing of it.
0:19:58 > 0:20:01But that one click would have disastrous consequences.
0:20:02 > 0:20:07When I opened the computer the next morning, there was just writing,
0:20:07 > 0:20:11information telling me that my computer had been infected
0:20:11 > 0:20:14with this Cerber ransomware,
0:20:14 > 0:20:20and that I would be unable to open any files or any documents.
0:20:20 > 0:20:23That innocuous-looking e-mail she clicked on had contained
0:20:23 > 0:20:27a software virus known as ransomware, which had encrypted
0:20:27 > 0:20:31every single file, document and photograph on her computer,
0:20:31 > 0:20:35converting them to a code that she simply couldn't unlock.
0:20:35 > 0:20:40My heart sank. There's years and years of photographs of my children,
0:20:40 > 0:20:42of my family, of my dogs.
0:20:42 > 0:20:45Go! Yay!
0:20:45 > 0:20:50It's devastating, it feels like you've been attacked.
0:20:50 > 0:20:52I know they're only photographs,
0:20:52 > 0:20:56but photographs contain memories, and they mean such a lot.
0:20:56 > 0:20:59The cyber-criminals demanded that Gillian pay up
0:20:59 > 0:21:03a ransom of about £600 within two weeks,
0:21:03 > 0:21:05or she would lose everything.
0:21:05 > 0:21:09She would need to pay using an internet currency called bitcoins,
0:21:09 > 0:21:11and every week she delayed, the price would go up.
0:21:11 > 0:21:15This, it's just a nightmare.
0:21:15 > 0:21:18You lose something that you really love,
0:21:18 > 0:21:21something that's really dear to you.
0:21:21 > 0:21:24I say lose, it's not lost, it's there,
0:21:24 > 0:21:28I just can't have it, can't open it.
0:21:28 > 0:21:31And it's devastating.
0:21:31 > 0:21:34But even with so much at stake, Gillian is refusing to pay.
0:21:35 > 0:21:39I decided that I wasn't going to give in to these cyberterrorists,
0:21:39 > 0:21:43these people bullying. They're not going to get my money.
0:21:43 > 0:21:46Instead, she was determined to somehow find a way
0:21:46 > 0:21:49to unlock the files before the ransom deadline.
0:21:49 > 0:21:53I sat at my PC, day after day,
0:21:53 > 0:21:56from the morning through to the night-time,
0:21:56 > 0:21:59reading up, looking, uninstalling, installing,
0:21:59 > 0:22:02for the past ten days.
0:22:02 > 0:22:04It's just taken over my life.
0:22:05 > 0:22:09But with the clock ticking, she came to us for help,
0:22:09 > 0:22:11and we arranged for her to take her computer
0:22:11 > 0:22:14to tech detective John Salt.
0:22:14 > 0:22:17Well, the first thing, you've done the right thing not to pay,
0:22:17 > 0:22:21because chances are, they won't repair your computer.
0:22:21 > 0:22:25And the second thing is they tend to send a list out of people
0:22:25 > 0:22:30who DO pay to other scammers, who will then send you scams.
0:22:30 > 0:22:33- Right.- So, you've done the right thing by bringing it in.
0:22:33 > 0:22:35I think the first thing we need to do
0:22:35 > 0:22:39is find out what type of ransomware it is that's on,
0:22:39 > 0:22:42because there's quite a variety.
0:22:42 > 0:22:43- That's great. Thank you.- Yeah?
0:22:43 > 0:22:45But I think, because time's of essence,
0:22:45 > 0:22:48we'll put it straight on to the bench.
0:22:48 > 0:22:50John's going to try and find a way to break the encryption
0:22:50 > 0:22:53that's locked Gillian's files away.
0:22:53 > 0:22:57Well, the first thing we need to do is we need to scan the system
0:22:57 > 0:23:01to see where the encryption came from, how deeply it's encrypted.
0:23:02 > 0:23:04And he soon discovers the cyber-criminals
0:23:04 > 0:23:07have modified almost every file on the computer.
0:23:07 > 0:23:09- They're little blank pages.- Yes.
0:23:09 > 0:23:12Now, that's because your computer doesn't know how to open them.
0:23:12 > 0:23:15- Right.- It doesn't know what programme they're going to use.
0:23:15 > 0:23:18- Yeah.- Whereas, if you look further up the list,
0:23:18 > 0:23:20it knows it's a photograph...
0:23:20 > 0:23:22- Yeah.- ..but, when you go into it,
0:23:22 > 0:23:25- it then... - "Windows can't open this file."
0:23:25 > 0:23:28It can't open this file because it doesn't quite know how to open it.
0:23:28 > 0:23:32Gillian is relieved that her computer is now in expert hands.
0:23:32 > 0:23:34The question is, can John save her files
0:23:34 > 0:23:37before the ransom runs out in four days' time?
0:23:37 > 0:23:42I always thought that I was too clever and too savvy,
0:23:42 > 0:23:45and I wouldn't open something like that, but that invoice,
0:23:45 > 0:23:47that e-mail, got me.
0:23:49 > 0:23:50I opened it, and...
0:23:52 > 0:23:53..I unleashed the beast.
0:23:55 > 0:23:57James Lyne is global head of security
0:23:57 > 0:24:00for the internet security firm Sophos.
0:24:00 > 0:24:05He says that while e-mails are one way the ransomware virus is spread,
0:24:05 > 0:24:08criminals may also have hidden it in the background
0:24:08 > 0:24:12of websites that we may not even begin to question.
0:24:12 > 0:24:14So the other extremely common way
0:24:14 > 0:24:16that cyber-criminals will infect people
0:24:16 > 0:24:20is by putting malicious code into legitimate websites,
0:24:20 > 0:24:21so that when you visit it,
0:24:21 > 0:24:24it deploys it silently in the background.
0:24:24 > 0:24:27So as soon as I browse to this web page here,
0:24:27 > 0:24:30in the background the attacker starts loading the nasty code,
0:24:30 > 0:24:34and a short while later, the browser will now crash.
0:24:34 > 0:24:36Of course, you'd think nothing of it.
0:24:36 > 0:24:39You'd just close it down, open it again, or go and make a cup of tea,
0:24:39 > 0:24:43but in the background, we're now starting to see files encrypted.
0:24:43 > 0:24:46And there's links to a series of payment pages
0:24:46 > 0:24:50where you can hand over money to get the information back.
0:24:50 > 0:24:54So, very quick and easy, just by browsing to a normal web page,
0:24:54 > 0:24:58I'm now in a position where all of my information is inaccessible to me
0:24:58 > 0:25:00throughout the computer.
0:25:00 > 0:25:02Web browsers are regularly updated
0:25:02 > 0:25:05to make sure they can stand up to dangerous viruses.
0:25:05 > 0:25:08But it's also worth backing up your files to a drive
0:25:08 > 0:25:11that's not permanently connected to your computer,
0:25:11 > 0:25:15so it can't be infected with the same type of malware.
0:25:15 > 0:25:20But really it's a question of when you'll run into ransomware, not if.
0:25:20 > 0:25:22Assume you're going to get infected,
0:25:22 > 0:25:25have a backup plan so that you can restore your data
0:25:25 > 0:25:29back to where you were, and not have to pay the cyber-criminals money.
0:25:30 > 0:25:33Back in Oldham, Gillian hadn't done that,
0:25:33 > 0:25:36and now, 13 days since her computer was infected,
0:25:36 > 0:25:39she has just 24 hours before the deadline
0:25:39 > 0:25:42given to her by the ransomware cyber-criminals.
0:25:43 > 0:25:44Today's the day we find out
0:25:44 > 0:25:48if John's managed to retrieve anything off my computer for me.
0:25:48 > 0:25:52I'm not holding out too much hope.
0:25:53 > 0:25:57So it's crunch time for Gillian and her precious computer.
0:25:57 > 0:25:59- Hello, Gillian. Nice to see you again.- Hi, John.- Well,
0:25:59 > 0:26:03the important thing is I've been able to retrieve a lot of the data
0:26:03 > 0:26:07- that you, that was important to you. - I'm so happy, so grateful.
0:26:07 > 0:26:08- Great.- Thank you so much.
0:26:08 > 0:26:10No, it's a pleasure, that's what we do.
0:26:10 > 0:26:13Good old John - he was able to beat the ransomware
0:26:13 > 0:26:14before the deadline expired
0:26:14 > 0:26:17by unlocking the files with specialist software.
0:26:17 > 0:26:20And while some files were lost for good,
0:26:20 > 0:26:21he was able to save the majority
0:26:21 > 0:26:25of Gillian's most precious documents, and her memories.
0:26:25 > 0:26:29I'm absolutely thrilled and so grateful to John
0:26:29 > 0:26:32for all his hard work that I've got the photographs back.
0:26:32 > 0:26:34It means such a lot to me.
0:26:34 > 0:26:35I never thought we'd be able to do it -
0:26:35 > 0:26:38I thought they were lost forever.
0:26:38 > 0:26:41And she'll be doubly careful in how she protects her photographs
0:26:41 > 0:26:43in the future.
0:26:43 > 0:26:46I'm going to learn from this mistake.
0:26:46 > 0:26:49The first thing I'm going to do is keep a backup of them,
0:26:49 > 0:26:53and secondly, I'm not going to open any more suspicious e-mails,
0:26:53 > 0:26:56and basically just learn a lesson from it.
0:27:02 > 0:27:04If you've got a story you would like us to investigate,
0:27:04 > 0:27:07get in touch with us via our Facebook page...
0:27:09 > 0:27:10Our website...
0:27:15 > 0:27:16Or e-mail...
0:27:19 > 0:27:22Or if you want to send us a letter, then our address is...
0:27:35 > 0:27:39Now, I have to say I was astonished by that story on contactless cards.
0:27:39 > 0:27:42After all those years of being told that they're perfectly secure,
0:27:42 > 0:27:45it was quite a shock to see how easily those details
0:27:45 > 0:27:46could be used by somebody else.
0:27:46 > 0:27:49Well, I don't use one at all, but my husband does,
0:27:49 > 0:27:51and I was really reassured to see
0:27:51 > 0:27:54that there is a very simple solution.
0:27:54 > 0:27:55So while it's clear this isn't something
0:27:55 > 0:27:57that any of us need to panic about,
0:27:57 > 0:27:59it probably is worth paying a couple of quid
0:27:59 > 0:28:02to keep your card in one of those protective holders.
0:28:02 > 0:28:04But don't forget, you'll find plenty more information
0:28:04 > 0:28:07on how to keep your identity safe on our website.
0:28:10 > 0:28:12But for now, that's all we've got time for today.
0:28:12 > 0:28:14It has been great having you with us,
0:28:14 > 0:28:16and I hope we'll see you again very soon.
0:28:16 > 0:28:19- Until then, from all of us, bye-bye. - Bye-bye.- Goodbye.