Episode 11 Rip Off Britain

We asked you to tell us what's left you feeling ripped off,

and you contacted us in your thousands.

You've told us about the companies you think get it wrong,

and the customer service that's simply not up to scratch.

I've complained and complained and nobody takes any notice of me.

In all honesty, I think it's just a way for the shops

to make more money.

You've asked us to track down the scammers who stole your money

and investigate the extra charges you say are unfair.

You don't want to spend any more but yet they're always trying to

offer you little things extra.

And when you've lost out but nobody else is to blame,

you've come to us to stop others from falling into the same trap.

Rang up the company and they went, "Oh, it isn't our fault."

So whose fault is it?

So, whether it's a blatant rip-off or a genuine mistake,

we're here to find out why you're out of pocket,

and what you can do about it.

Your stories, your money - this is Rip Off Britain.

Hello and welcome once again to Rip Off Britain,

where today we're doing our best

to beat the scammers trying to trick you out of your cash,

by arming you with all you need to know

as to how to spot them coming. Now, the team in our office

has been working really hard to try

and keep abreast of the fraudsters' latest tactics, which,

I have to tell you, are growing more audacious and shocking than ever.

Yes, you know, every series,

the scams we look at seem to get more sophisticated,

so to try to understand

exactly what's gone on and at what point alarm bells

should've rung isn't always easy,

and that's especially true of the stories we'll be looking at today.

And I tell you what, you'll think twice about your own security

after hearing how, in one case,

scammers were able to get into

not one but five of the same person's bank accounts,

which of course is a reminder

that it's not just down to all of us to keep our money safe,

but the banks have a responsibility, too.

So, we're going to be looking into what they're doing

to make sure that our money stays safe.

Coming up - how crooks used a new scam

linked to her phone to find their way into this woman's bank accounts,

and she had no idea they'd done it.

Someone going into your bank accounts...

I can't think of anything more personal.

And I can't get past that feeling that somebody has...

Has seen how I conduct my life.

And, "Hand over your cash

"or you'll never see your precious files again" -

what to do if scammers hold your computer to ransom.

I decided that I wasn't going to give in to these cyberterrorists,

these people bullying. They're not going to get my money.

Every year on Rip Off Britain,

we tell you about the latest tricks and tactics that are being used

by scammers who are dead set on getting their hands on your money.

And every year we tell you what to look out for to avoid being stung.

Well, of course, as the nation gets wise to their tricks,

the scammers also - unfortunately - seem to be one step ahead,

developing new and ever more audacious ways

of conning us out of our cash.

No sooner is one scam exposed than another pops up to take its place.

And we've been keeping you up to date

with the fraudsters' latest tactics for years.

Several times we've warned you about how they've been able to

keep your phone line open when you thought they'd hung up.

I feel that people have got to know about this business of being able

to hold the phone line open, which is where I feel I slipped up.

Next we revealed that criminals had started hijacking

genuine phone numbers to make an unexpected call

look reassuringly familiar.

The number that showed up on my phone

was the same number as the back of the Santander card,

and that convinced me he must be from the bank.

And in our last series, we showed you how you could even be

tricked into thinking you were working for the police

in an elaborate con that once again

is all about getting your bank details.

To use that term so many times -

"Don't forget you're working undercover."

But, as the scams keep evolving,

it's estimated that as much as £755 million

is stolen from British bank accounts every year.

And now there's a new twist,

because retired civil servant Mary Edgely

was targeted by a scam you will not see coming,

and she's not someone you'd expect to be caught out.

She's always tried to keep her bank account secure, and she's convinced

that her vigilance has proved essential to protecting her money.

I would say I'm deeply suspicious of calls and rogue e-mails.

I'm very, very careful about personal security,

and part of that is because I've been on the internet

for about 20-odd years now.

I've been on internet banking and I've found it

a great blessing, but not now.

The first inkling that Mary had that scammers had her in their sights

was when, out of the blue,

she was called by her credit card provider Tesco Bank.

Following the advice that we've often repeated,

she refused to believe the call was genuine

until she had called back to check.

In terms of calls,

I will not answer anybody who rings me and wants

to take ME through security.

They phoned me - how do I know who they are?

But when Mary called back, the bank had some bad news.

Someone had tried but failed

to transfer £5,000 from her credit card.

Fortunately, the security was tight and they had, for whatever reason,

been suspicious.

I suppose, if I'm being honest,

the fact that this hadn't gone through

was actually quite reassuring.

But the fraudsters hadn't stopped there.

When Mary logged on to check another of her accounts at Santander,

she saw to her horror that they'd found their way into there, too,

and this time more successfully.

Twice someone had managed to transfer sums of around £5,000.

This was the shock.

They'd been into my Santander accounts

and tried both of my credit cards.

Over the next 24 hours,

all Mary's bank accounts were bombarded with requests for

balance transfers that she did not make.

In total, the fraudsters tried to remove over £22,000

from her various accounts. But, thanks in part to her swift action,

containing what was happening,

they didn't get their hands on any more than that initial ten.

I phoned everyone I had a credit card with,

everyone I had a bank account with, and told them to freeze accounts.

I stopped everything dead at that point.

To make matters worse, when trying to call her banks,

Mary had realised that her mobile phone wasn't working,

and I'm afraid that was no coincidence.

Because when she contacted Vodafone to find out what the problem was,

it gradually became clear that the fraudsters had managed to access

her mobile phone account as well,

and in fact that had proved the key to the entire scam.

During the course of that chat, the person responding made reference to,

had I not got the SIM?

"I don't know what you're talking about, what SIM?"

Vodafone told Mary that her phone wasn't working because,

as she had apparently requested,

they deactivated her SIM card and sent out a new one.

But Mary never had requested a new SIM.

She immediately realised it must have been the scammers,

and to do it they would have had to bypass the security

on her Vodafone account, something Mary now realised

was actually not that hard.

Several people would know my mother's maiden name.

I'm sure several people would know my date of birth.

With the answers to simple questions like that,

it would've been relatively easy

to reset Mary's account and transfer her number to a new SIM card.

They could activate a blank SIM in my name.

What that did - and here's the real puzzle -

is that gives them the ability to go into bank accounts.

The reason taking over Mary's phone number was so essential

to the scammers' plan is that, these days, most bank accounts

come with an additional layer of security,

requiring the account holder to use a unique passcode for each

online transaction, and that passcode

is usually sent out via text message.

So, getting hold of her phone number and those vital text messages

was enough to help the fraudsters gain access

to what they really wanted - Mary's money.

Someone going into your bank accounts...

I can't think of anything more personal.

And I can't get past that feeling that somebody has...

Has seen how I conduct my life.

They've seen who I do business with, they've seen who I pay bills to,

and, of course, in doing so they're seeing

whatever other accounts that they could access.

Mary was lucky. Because there was clear evidence of fraud,

her bank gave her the stolen money back,

but fundamental to the success of this scam was that the criminals

had been able to get hold of just enough of her details

to find their way through various identification checks,

and as Mary's prided herself on

always being so careful with her personal information,

she's keen to know exactly how they did that.

I've racked my brains to think of what I could've done.

My security is as tight as anybody I know.

In fact, most of my friends would say

I am the person least likely to have this happen to,

because I've always been almost obsessive about security.

Well, there is a variety of ways that criminals can get hold of

your personal data, but one route

that we've reported on before is through the dark web -

the murky underworld of the internet,

where criminals and scammers openly trade individuals' details

and sell them on to the highest bidder.

One gang may find your e-mail and password and then they'll sell it

to another organisation who'll then use it

to start doing things like phishing e-mails,

where they try to get data off you,

or they'll use researchers to find things like your date of birth,

where you live, that kind of information,

and they build that up over a period of time,

and that process can take up to two years.

We'll never know for sure how Mary's information was stolen,

but it's likely that at least some of her data

WAS traded on the dark web.

So, to understand more about how even the most security-conscious

among us can fall foul to the criminal market in personal data,

we've brought Mary to meet digital forensic expert Keith Cottenden -

and a point that she's keen to establish from the off

is that, whatever else may have happened,

at no stage would she have fallen foul of any suspect spam e-mails.

Part of my frustration throughout this whole period is people saying,

"Did you click on an e-mail?"

I am pretty certain I didn't.

I don't think any of us can say definitely we didn't,

but I'm pretty certain I didn't do those things.

And that's what's puzzling me about this,

it's kind of, "Why me?"

Well, firstly,

people are picked not because of who they are,

just because a number, data.

And your data is as valuable as anybody else's data.

It could be down to an inadvertent action that you don't even realise

you've committed. There are international gangs out there

who mine data from systems over a period of time,

sometimes many years,

and sell this data on to smaller organisations or smaller fraudsters.

And as soon as those fraudsters decide to act, as Mary discovered,

they work fast and a lot can happen.

This particular fraud is possibly a one-off opportunity

and they might only have a window of 12 hours

to do serious damage.

But Keith is keen to reassure Mary

that it's not just her responsibility

to keep her data safe.

And I think the questions you need to be asking then

are perhaps of your financial institutions

and your service provider to ensure this doesn't happen.

"How are you protecting my data?

"How has this been allowed to happen?"

So it might not have been me, it could've been a breach elsewhere?

It could've been a breach... Any system can be compromised.

You might have been signed up at some point

to an organisation that has had a data breach

that you didn't even realise has happened.

And a data breach doesn't need to be at your bank or phone company.

Anywhere you've logged in personal details -

even something as simple as an online shopping account -

could be the start of a trail

that ends with fraudsters getting hold

of your personal information.

The meeting with Keith was deeply shocking, inasmuch as...

..people are trading my information.

Somebody perhaps sold my date of birth, my mother's maiden name,

and they're just gathering those bits,

but people are selling information.

Mary will probably never know for sure where her scam began,

only where it ended, and when we spoke to Vodafone,

where the fraudsters had somehow known enough about her to pass

the company's identification checks,

it confirmed that Mary had been a victim

of what it called...

Vodafone told us it has three levels of verification

on customer accounts,

but it realises how distressing this has been for Mary,

so it's now introduced special security measures on her account.

It's also refunded the cost of the fraudulent calls

and credited her account as a goodwill gesture.

And whenever we speak to the banks about cases such as this one,

they're always keen to stress how hard they work

to stop this sort of fraud before it happens.

Of course, in Mary's case,

most of the fraudulent transactions did ring alarm bells

and were prevented, but later in the programme

we'll take a closer look at what banks do to keep our money safe,

as one of them gives us exclusive access to its fraud protection team.

And we'll have crucial advice to make sure

that your details don't end up in the wrong hands.

Coming up next, a terrifying new scam

that doesn't actually involve criminals getting access

to your bank account or trying to take control of your cash,

but instead targets your computer,

swooping in to prevent access to your most precious files

and then holding them to ransom,

demanding cash so that you can get them back.

Now, it might all sound like something out of the Wild West,

but computer ransomware is very much a 21st century crime.

And the online outlaws behind it don't seem to care

who they go after next.

Gillian Pucci from Manchester is in a race against time.

I just knew something was wrong.

In four days, she'll be permanently locked out of the files

on her own computer, thanks to cyber-criminals

who found a way to control access to what she stored there,

and are demanding a ransom to set it free.

I know they're there.

And that's what's heartbreaking.

It's a scam that could target you, as well - but even if she pays up,

Gillian can't be sure she will ever see her precious files again.

With any kidnapping, there's no guarantee

that, if you do pay the ransom, that you'd ever get them back.

Gillian uses her computer for everything,

from storing photographs to running the accounts

for the family's Italian restaurant.

She prides herself in being security-conscious -

and until recently, Gillian was very confident

she could spot a dodgy e-mail when she saw one.

But in June this year,

Gillian was caught out by one e-mail that didn't look quite right.

It was an e-mail addressed to me personally, and the heading said,

"We would appreciate prompt payment of the attached invoice."

Something inside me said, "Don't open it."

But then I was thinking, "Well, have I ordered something,

"or has somebody cloned my card,

"has something happened and I'm being asked to pay for something

"that I haven't ordered?"

So I did, I opened it.

The attachment that Gillian clicked on was blank,

so she closed it again and thought nothing of it.

But that one click would have disastrous consequences.

When I opened the computer the next morning, there was just writing,

information telling me that my computer had been infected

with this Cerber ransomware

and that I would be unable to open any files or any documents.

Gillian's computer and all the data on it was being held hostage.

That innocuous-looking e-mail she clicked on had contained

a software virus known as ransomware, which had encrypted

every single file, document and photograph on her computer,

converting them to a code that she simply couldn't unlock.

My heart sank. There's years and years of photographs of my children,

of my family, of my dogs.

Go! Yay!

'It's devastating, it feels like'

you've been attacked.

I know they're only photographs,

but photographs contain memories and they mean such a lot.

The cybercriminals demanded that Gillian pay up

a ransom of about £600 within two weeks -

or she would lose everything.

She would need to pay using an internet currency called bitcoins,

and every week she delayed, the price would go up.

This, it's just a nightmare.

You lose something that you really love,

something that's really dear to you.

I say lose, it's not lost, it's there,

I just can't have it, can't open it.

And it's devastating.

But even with so much at stake, Gillian is refusing to pay.

But I decided that I wasn't going to give in to these cyberterrorists,

these people bullying. They're not going to get my money.

Instead, she's determined to somehow find a way

to unlock the files before the ransom deadline.

I sat at my PC, day after day,

from the morning through to the night-time,

reading up, looking, uninstalling, installing,

for the past ten days.

It's just taken over my life.

But with the clock still ticking,

Gillian is no closer to finding a solution,

so she's come to us for help.

We've arranged for her to take her computer

to tech detective John Salt.

He's been in the business for over 20 years,

and although this type of scam

is something he's become very familiar with,

he knows that even if Gillian

does pay the ransom, it doesn't mean

that she'll get her files back,

and it could open the door to even more scams.

Well, the first thing, you've done the right thing not to pay,

because chances are, they won't repair your computer.

And the second thing is they tend to send a list out of people

who do pay to other scammers, who will then send you scams.

-Right.

-So, you've done the right thing by bringing it in.

I think the first thing we need to do

is find out what type of ransomware it is that's on,

because there's quite a variety.

-That's great. Thank you.

-Yeah?

-Yes.

But I think, because time's of essence,

we'll put it straight on to the bench.

John's going to try and find a way to break the encryption

that's locked Gillian's files away.

Well, the first thing we need to do is we need to scan the system

to see where the encryption came from, how deeply it's encrypted.

And he soon discovers the

cyber-criminals have modified almost every file

-on the computer.

-They're little blank pages.

-Yes.

-Now that's because your

computer doesn't know how to open them.

-Right.

-It doesn't know what programme they're going to use.

-Yeah.

-Whereas, if you look further up the list,

it knows it's a photograph...

-Yeah.

-..but, when you go into it,

-it then...

-Windows can't open this file.

It can't open this file because it doesn't quite know how to open it.

Gillian is relieved that her computer is now in expert hands.

The question is, can John save her files

before the ransom runs out in four days' time?

I always thought that I was too clever and too savvy,

and I wouldn't open something like that, but that invoice,

that e-mail got me.

I opened it and...

..I unleashed the beast.

You know, it's an easy mistake to make,

but if attempts to unlock your files fail, the results can be disastrous,

as Charles and Sally Jones discovered in 2015

when the main computer at the nursing home they run in Lancashire

was also infected with ransomware.

Everything had gone, it wasn't just, say, some photos or a few files.

Everything that we had stored on that computer was encrypted.

I felt sick.

When we realised there was something going wrong,

then you start to worry about, what have they taken?

-Yeah.

-Have they got all the information?

-Have they got all the bank details? What have we lost?

-Yeah, yeah.

Goodness me, that is scary.

And then you suddenly realise you've put all your eggs in one pot.

A message came up telling Charles and Sally

that they needed to pay a 500 ransom to get their files back.

Like Gillian, they didn't pay up.

But when the ransom expired, all their business accounts,

invoices and contracts were lost,

and they no longer had access to the backups either.

They did enlist expert help,

but by then it was just too late to recover the data,

and it took them six months to get their business back on its feet.

It meant having to trawl through the files, the paperwork,

change all the passwords...

Just build the whole thing up all over again.

Back to Gillian, and she has just days to avoid the same fate,

and it all depends on whether John can find a way to unlock her files.

James Lyne is global head of security

for internet security firm Sophos.

The company's been dealing with corporate ransomware

for a couple of years, but has noticed that attacks

on personal computers have become much more common

in the last couple of months.

Really it's a question of when you'll run into ransomware, not if.

While most attacks come as viruses attached to e-mails,

which is what happened to Gillian and Charles and Sally,

James is seeing more and more ransomware hiding in the background

of websites that we might not even begin to question.

So the other extremely common way

that cyber-criminals will infect people

is by putting malicious code into legitimate websites,

so that when you visit it,

it deploys it silently in the background.

As soon as I browse to this web page here,

in the background the attacker starts loading the nasty code

and a short while later, the browser will now crash.

Of course, you'd think nothing of it.

You'd just close it down, open it again or go and make a cup of tea,

but in the background we're now starting to see files encrypted.

And just a few seconds after it's encrypted enough data that it knows

it can snare me into paying, it pops up these messages on the screen,

and at the top it just says, "What happened to my files?

"What do I do?"

And there's links to a series of payment pages

where you can hand over money to get the information back.

So, very quick and easy, just by browsing to a normal web page,

I'm now in a position where all of my information is inaccessible to me

throughout the computer.

Web browsers are regularly updated

to make sure they can stand up to dangerous viruses,

so make sure you don't ignore those update messages,

or you might be leaving the door wide open to attacks.

Unfortunately, though,

there's no software update that can protect you

against clicking on an infected e-mail attachment.

If you get an e-mail from someone you don't know,

claiming something to do with an

invoice or a payment that you weren't expecting,

treat it a little bit like you would in the real world -

be a little bit sceptical about who that person is

and maybe don't open the attachment if you're not sure.

But however cautious you are,

James says the best advice is to prepare for the worst.

Assume you're going to get infected,

have a backup plan so that you can restore your data

back to where you were and not have to pay the cyber-criminals money.

If you back up all your files

to a drive that's not permanently connected to your computer

so it can't be infected with the same ransomware,

it should be possible to restore your data

to the way it was before the attack.

Back in Oldham, Gillian hadn't done that

and now, 13 days since her computer was infected,

she has just 24 hours

before the deadline

given to her by the ransomware cyber-criminals.

Today's the day we find out

if John's managed to retrieve anything off my computer for me.

I'm not holding out too much hope.

So it's crunch time for Gillian and her precious computer.

-Hello, Gillian. Nice to see you again.

-Hi, John.

-Well,

the important thing is I've been able to retrieve a lot of the data

-that you, that was important to you.

-I'm so happy, so grateful.

-Great.

-Thank you so much.

No, it's a pleasure, that's what we do.

Good old John, he was able to beat the ransomware

before the deadline expired

by unlocking the files with specialist software.

And while some files were lost for good,

he was able to save the majority

of Gillian's most precious documents and her memories.

I'm absolutely thrilled and so grateful to John

for all his hard work that I've got the photographs back.

It means such a lot to me.

I never thought we'd be able to do it,

I thought they were lost forever.

And she'll be doubly careful in how she protects her photographs

in the future.

I'm going to learn from this mistake.

The first thing I'm going to do

is keep a backup of them,

and secondly I'm not going to open up any more suspicious e-mails,

and basically just learn a lesson from it.

Still to come on Rip Off Britain...

Behind the scenes of one of Britain's biggest banks

to see how its fraud team keeps your details safe.

We can always compare the transactions

that are presented to us with other customer spending

that's happened previously,

which will assist us in determining whether

this perhaps is fraudulent or not.

Welcome to the Rip Off Britain pop-up shop.

This year we were at Manchester's bustling Trafford centre,

meeting as many of you as we possibly could,

including some of our younger viewers.

I love that bag. That is beautiful.

I'm really loving this open plan pop-up shop.

It's actually the first time we've ever done it this way,

and the great thing about it is that everyone can see what we're doing -

we're getting lots and lots of people coming up

to see what we're all about, and that means more problems solved.

One family hoping to get their problem solved

were the Bamforths - Ian, Foni and four-year-old daughter Lizzy.

And it was a hitch with Lizzy's birthday party

that brought them to see Trading Standards officer Sylvia Rook.

Well, thank you both for coming in to see me this afternoon.

How can I help you?

Ian and Foni had booked and paid for an entertainer

well in advance of the big day, but with hours to go she rang to cancel.

She just cancelled because she is ill, so I said, "That's fine then,

"but can you please find a replacement for me?"

And then they keep saying, "I try,

"I try," but until seven o'clock that night, we're still not getting,

but her party's the next day which is making me all stressed out, so...

It was very stressful.

Foni was able it find a replacement in the nick of time,

but having forked out for two entertainers,

she was understandably keen to get back the £100 she'd paid to the one

who didn't show. Trouble is, almost a year on, she's still not had it.

So this person e-mailed me, saying, you know,

she's going to replace the money.

I said, "All right then," but it never arrived.

I e-mail her back, never get a reply.

I call her, never get pick-up.

I leave a voicemail, never get an answer.

Ian and Foni had almost given up

hope of recovering their money

until they saw that our pop-up shop was in town,

and Sylvia's sure the cash is recoverable

if the couple follows some simple steps.

Well, obviously, she's in breach of contract,

and therefore you are entitled to your money back from her.

You've done everything right in terms of e-mails,

but we would always recommend you put something in a letter.

Send a letter recorded delivery, keep a copy of it,

and now you need to say,

"If you don't credit my bank account within 14 days,"

then you'll be pursuing the matter through that small claims court.

Is there any time limit for pursuing this kind of...?

No. In terms of your consumer rights, any consumer rights,

if you want to make any civil action,

you've got up to six years to make a claim.

-All right.

-So there's no problem with the fact that it's over a year,

but I would say, if you're going to do something,

do it as soon as possible.

Do you think that will help?

-It will help, thank you very much.

-Well, I wish you the best of luck

with getting your money back, and I hope you have a lovely birthday.

Armed with Sylvia's advice,

the couple are now much more optimistic

about getting their money back,

and they know exactly how they'll be spending it.

If we get the money back, then all that money's going to go to Lizzy.

Maybe it'll go to a bigger and better birthday party next year,

-when you're five.

-Yeah.

Elsewhere in the shopping centre,

our lawyer Gary found an opportunity to catch up on some advice

that he gave Gloria on the programme last year,

and that he recommends everyone should think about putting in place.

So, Gloria, last year we talked about

making a lasting power of attorney

which is a way of appointing someone to make decisions for you

if you can't make them for yourself.

-Have you done anything about that?

-No, I'll tell you the truth,

there's something in my make-up that doesn't want to let go,

but I promise you I will seriously think about it, I will.

Gloria's not the only person still mulling it over.

Research shows that only 13% of over-50s

have set up a lasting power of attorney,

yet the official advice is that it's sensible

for every adult to get one sorted in case the worst happens

and you're unable to make financial decisions for yourself.

Hopefully there will be an opportunity

for you to put in hand arrangements.

What would be awful is if there was a sudden accident

or illness and it was too late,

because then it can be very expensive and very worrying

for your nearest and dearest.

You've made me think about that aspect again.

Gary wanted to see if this is something

passing shoppers have considered.

It is lovely to meet you.

Eva is 72 and considers herself very sensible

when it comes to putting her finances in order.

My life insurance is paid for, my funeral's paid for.

I don't believe in leaving my children or my grandchildren

to do anything.

Eva has also made a will,

but so far she hasn't done what Gary believes is so vital.

Now, the thing is we're talking about power of attorney.

-Are you familiar with the phrase?

-Yes, I am.

-And have you done that?

No. I...

-Would you do it?

-I would do it if I got to the state

where I couldn't do anything properly.

Actually, that's the wrong time to do it.

-I know.

-Yes, it's too late to sort this out when, for whatever reason,

you may have already lost the capacity to make the best decisions,

which is why Gary is so keen that we think about it in advance.

But it's estimated that two thirds of us

haven't spoken to family members

about how we'd like our finances managed

if we're unable to do it ourselves.

Well, now, the thing is that you and I could make a pact,

you see, because I've been told off

now today for not taking out my power of attorney.

And I think that is a point worth thinking about.

I think I'll just go sit with my eldest granddaughter

-and my son...

-Yeah.

-..and take power of attorney out.

Gary seems to have convinced Eva, and while, with luck,

it's something that she'll never need,

if a power of attorney did become necessary,

having one already in place

could save her family a great deal of trouble and expense.

I think it would just be the final piece of the jigsaw,

cos if you actually were lacking capacity,

the bank, the building society, the post office,

they wouldn't know how lovely your family are...

-No.

-And they wouldn't know that they are the right people

-to be dealing with things for you.

-Thanks very much indeed.

Thank you. OK.

-See you again.

-Thank you.

-Bye-bye.

-Bye.

-How fabulous is she?

-Wonderful.

I think one of my favourite parts of our pop-up shop event is this -

Gripe Corner - because it means you can just come along,

let off steam and tell us exactly

what you think about anything at all.

And that's exactly what this lady did after falling for an offer

that had a costly sting in the tail.

I got the promise of a voucher for £10 of petrol.

They wanted £2.78 from me in order to send me the voucher,

so I foolishly gave them my credit card number.

When my credit card statement arrived,

they'd also taken £78 and 90-odd pence to join their club.

I still haven't received my £10 voucher.

The whole thing has made me so furious

with myself more than anything.

Do never, ever, ever, never give your credit card number to anybody.

And I'm really, really furious,

and that's the end of my rant, thank you.

Earlier in the programme, we saw how the tactics being used by fraudsters

who are trying to steal your savings

get more and more elaborate all the time,

and, however much you may be on your guard,

they do keep finding all-too-plausible ways

to convince you to give them access to your cash.

One question that we're often asked is whether or not the banks

are actually doing enough to keep our money safe in these situations,

so we've had an exclusive look behind the scenes

at one of Britain's biggest and best known banks

to find out exactly what is being done

to stay one step ahead of the scammers.

The bad news is that bank fraud has rocketed in recent years,

with more than three million cases reported in 2015,

when scammers walked away with over £750 million of our money.

And the good news? Well, it could be a whole lot worse.

Because, over that same period, the banks managed to prevent

almost £1.8 billion being stolen

by stopping the scammers in their tracks.

But, however reassuring that may be,

it's small consolation for anyone whose account does get plundered

by the crooks, and those who have been scammed

frequently tell us they simply are not happy with the way

that their bank dealt with what happened.

In autumn 2015, consumer group Which?

explored that in more detail,

surveying victims of fraud to see what they made of the way

that the banks had handled the situation.

And in that report, there was one big name

that came in for particular criticism.

Barclays had the lowest score for its overall response

to fraud cases, and as a result it took a lot of flak in the press.

So I'm just heading off to their corporate headquarters

here in Canary Wharf in London,

to see not only what they're doing

to try and keep up with the fraudsters,

but also how to improve the way in which they handle fraud claims.

Barclays has invested millions in systems

to tackle and stay one step ahead of the ever-evolving threat of fraud,

and a key part of that is training front-line staff, like Daisy here,

to identify fraudulent transactions as they happen,

so the bank can stop the crime in its tracks

and protect customers' money.

What alerts you to the fact

that there's a problem on someone's account?

So the system itself will alert me as to...

That we need to check some transactions with a customer.

So, when we've received that call,

it will bring the details of the transactions in question on screen.

-Can we see that?

-Yes, of course.

We should say this isn't a real person, this is, as it were,

-a training exercise.

-Yes indeed, yeah.

Dummy system, so to speak.

So we're not actually looking at somebody's bank account.

We can always compare the transactions

that are presented to us with other customer spending

that's happened previously,

which will assist us in determining whether this is typical

of that customer, whether it's in their spending profile

and ultimately whether this is perhaps fraudulent or not.

The software that Daisy is using contains unique profiles

of every Barclays customer and tracks their spending habits,

so that it can flag anything out of the ordinary

which staff can then ring the customer to check.

Essentially we'll detect a transaction

that we'll need confirmation for from the customer,

so we're going to run through, you know,

some of their spending and check prospective fraudulent spending,

as well, so we can identify whether that is the case.

The software is designed to identify fraud

when there's still time to stop it happening,

but much of the recent criticism levelled at Barclays

has been about how it responds to customers

who've already lost money to criminals.

Between 2010 and 2015,

the financial ombudsman service received almost 15,000 complaints

about banks refusing to refund money

that customers had lost to fraudsters.

4,000 of those complaints were from Barclays customers,

and that's more than for any other bank.

Alex Grant is Barclays' head of fraud prevention.

Why is it that there are 4,000 of your customers

over the last five years who have not had their money refunded?

There are a small number of cases where we would say, actually,

it is not the bank's responsibility.

We will profile those transactions,

we will do our best to protect those customers,

we will spend many more millions of pounds on customer education

than any other bank to allow the customer to protect themselves.

But you will know that the fraudsters, the scammers,

get more and more convincing with their lies.

They do all sorts of tricks

that ensure that the person who is your customer

on the receiving end of their telephone call believes 100%

that they are talking to someone from Barclays,

and yet you are saying that if they do that

and they give away that information, they then are at fault

and you're not prepared to reimburse them their money.

Is that what you're saying?

In a very, very small number of cases...

4,000 in five years.

I'll repeat, small number of cases, we will not always refund,

but the vast, vast majority, and it is in the very high 99 percents,

we will refund.

Alex, across the banking system as a whole in this country

in the last year alone there were 3.2 million fraudulent cases online.

What's happening? Are the fraudsters upping their game?

Are you keeping in touch with that?

Absolutely the fraudsters are upping their game.

The level of attack across the industry has grown tremendously

in the last year. At Barclays, we are absolutely upping our game,

we have invested many millions of pounds in new technologies,

new systems to fight against the fraudsters,

so we are absolutely at the forefront

of protecting our customers and fighting fraud.

Of course Barclays isn't the only bank

constantly reviewing its security to keep the fraudsters at bay.

Over the coming months,

we'll all see the levels of security on our bank accounts change

dramatically, whether that's through fingerprint verification

on online accounts at NatWest,

voice recognition protection with HSBC,

or even selfie security that knows your face,

that's already in place at the new digital only banking service,

Atom Bank. Of course, even with all that technology,

if we as customers let our guard down even for a moment,

the fraudsters will still find a way into our accounts,

so it's up to each of us to deploy our own secret weapon

and be cynical about every communication we get,

asking us to do anything with our account.

And if that means questioning even genuine contact from your bank...

Well, better safe than sorry.

Daisy, when you ring somebody,

how does the person on the end of the phone

know that you are the genuine article?

Would you welcome it if people challenged you and said,

"Who are you? Prove to me that you're Barclays"?

There definitely have been occasions where customers have challenged me

and said, you know, "How do I know who I'm speaking to?"

And we always, you know, to an aspect, endorse that

and say it's wonderful that you do have that vigilance.

So you'd like everybody to do it, really.

-Yeah, ultimately!

-Thank you.

If you've got a story you would like us to investigate,

then you can get in touch with us via our Facebook page...

Our website...

Or e-mail...

And of course you can send a letter to our postal address...

You know, for years we've been saying that frauds

keep getting more ingenious and harder to see them coming,

but with some of the new techniques being employed to stop them,

it really does feel like the banks are being just as inventive

when it comes to keeping us all safe.

But of course that's absolutely no consolation to anyone who find their

money's been mysteriously spirited away,

so the message is, stay vigilant

and look out for even the slightest sign of anything suspicious.

Remember, it only takes a second to be taken in.

And we certainly hope that you've been able to pick up some tips

from our programme today

to ensure that it's your money

that stays very firmly under lock and key -

and please do keep telling us about any new scams

that you come across so that we can get the word out as soon as possible

to as many people as possible.

But I'm afraid that is where we have to leave it for today,

so thanks very much indeed, as always, for joining us,

and we hope to see you again very soon.

But until then, from all of us here...

-Bye-bye.

-Bye-bye.

-Goodbye.