Episode 2 Rip Off Britain

We asked you to tell us what's left you feeling totally ripped off,

and you've contacted us in your thousands.

You've told us about the companies that you think get it wrong,

and the customer service that simply is not up to scratch.

They just want to take money from people, that's what it's all about.

You've asked us to track down the scammers who stole your money

and investigate the extra charges that you say are unfair...

What kind of people could do this, to an innocent human being?

..and when you've lost out but no-one else is to blame,

you've come to us to stop others falling into the same trap.

You have to go through various levels of authority

and push your way through.

So whether it's a blatant rip-off or a genuine mistake,

we're here to find out why you're out of pocket,

and what you can do about it.

Your stories, your money - this is Rip-Off Britain.

Hello, and thank you so much for joining us

for another Rip-Off Britain,

where our team is beavering away on the stories

that you've asked us to look into on your behalf -

and today we're focusing on something that not so long ago

was the stuff of thrillers or even science fiction,

but I'm afraid it's all become practically an everyday reality,

and I'm talking about cybercrime.

And official figures estimate that more than 2 million people a year

in England and Wales have fallen victim to cybercriminals.

While research shows, rather worryingly,

that the UK is one of the most targeted countries in the world -

and, indeed, judging by all the letters and e-mails that you've sent

us on this subject, it is something about which many of you

really are seriously worried. Not least because you wonder

if the companies that we trust to protect our details

are really always doing enough to keep them safe.

Yeah, you've only got to think of some of the big-name businesses

who have been hacked to realise that's not the case,

and as the hackers become more and more proficient

at getting hold of and using our personal information,

it's becoming harder to stay one step ahead of the crooks.

So, as we investigate situations where things have gone wrong,

we'll also be asking,

what's being done to put any lapses in security right?

Coming up... The all too plausible scam that saw this couple tricked

into giving access to not just their computer,

but thousands of pounds of their money...

I felt my privacy had been invaded, threatened.

I feel depressed that somebody could try and invade my premises.

..and a reformed hacker spills the beans on how he used to do it.

Now I've managed to crack your password.

-What? Really?

-You used a very common password.

Well, blow me down.

Now, of all the factors that come into play when we're deciding

which companies to give our custom to, I'd be willing to bet

that how they store and handle personal information,

such as your bank account details, your address and date of birth,

isn't usually going to be on top of the list.

We're more likely to be swayed by the lowest price,

or what seems to be the best deal.

But, you know, getting a sense of the robustness of their security

is probably something that we all need

to start taking a lot more seriously -

and if there's one story that's shown why that's so crucial,

it's the major hacking incident that affected telecoms giant TalkTalk.

A major cyber attack

on the broadband and phone provider TalkTalk -

millions may have had their personal details stolen.

It remains one of the most audacious cyber attacks

ever to hit the headlines. In October 2015,

personal data relating to around 157,000 TalkTalk customers

was dramatically compromised,

including phone numbers, and, in some cases,

details of credit cards and bank accounts.

TalkTalk was fined a record £400,000

by the Information Commissioner's Office,

for failing to satisfactorily safeguard

its customers' information,

and ordered to tighten up its procedures -

and while it says it's done just that,

less than two years on

we're still hearing from customers of the company

who say the ramifications of the attack keep rumbling on.

I've come to Surrey to meet Philip Minty and his wife Leslie.

Last December, they ended up losing thousands of pounds

after receiving a call from a fraudster

they believe must have got their details during that hack.

Now take me back to that fateful day, what exactly happened?

Well, I was working on my laptop.

Then the phone rang...

..and a gentleman introduced himself as Kevin from TalkTalk,

and that he wanted to give me a refund of charges,

because my router had not been working properly.

As Philip did have a contract with TalkTalk,

he didn't question the call from this so-called Kevin.

The only people to know our information are TalkTalk,

so I had no reason to believe it was anybody else.

But when he said, "You're having problems with your router",

how did you react to that?

I'm not a terribly technical person.

I hadn't noticed any problems.

He assured me that there were, and I took him at his word.

Of course, Kevin wasn't from TalkTalk at all,

but his story was so plausible that Philip suspected nothing.

He wanted to make a refund of £200.

He asked me if I had internet banking, I confirmed that we did,

and he wanted to make the transfer immediately, to our bank.

So at this point, were you thinking to yourself, "Oh, well,

"this is quite nice, really"?

There was no reason for me to think it was not TalkTalk.

The fraudster explained to Philip

that he needed to download an attachment on an e-mail,

which would allow him to make the transfer automatically.

I logged into my bank

and he showed me that he was putting money into the account.

-How did he do that?

-By accessing my laptop.

Well, unfortunately, allowing that access to Philip's laptop

meant that money couldn't just be put into his account,

it could also be taken out.

I wasn't considering anything wrong was going on,

so I went along with it, and I saw this amount going into my account.

But then Philip started to notice things weren't quite right.

As well as the expected £200,

an extra £2,000 had appeared in his account as well.

Then he said to me that he'd put in an additional amount by mistake.

He asked me if I would assist him in reversing the money out...

Which I did.

Now you can probably guess what happened next.

Philip let the caller take money out of his account,

but I'm afraid he helped himself to almost three times as much as he was

supposed to, taking out a whopping £5,800.

On spotting this, Philip immediately called his bank,

to try and stop the transfer,

but they told him that not only had the £5,800 gone,

but there'd also been a second attempt to take another £5,000,

and given that Philip had logged in

and carried out the initial transaction,

the bank didn't see any reason to consider any of this fraudulent.

As far as they were concerned, it was down to us, then.

What, because you had willingly done it?

Yeah... Willingly, I don't think is...

It's an emotive word.

-No, but you had pressed the button to send?

-Yes.

Eight weeks later, quite shamelessly,

the same fraudster called Kevin left Philip a message,

presumably eager to steal from the couple again.

So it's definitely Kevin from TalkTalk, allegedly?

-Yes.

-Now that's very cheeky,

to actually ring you eight weeks after carrying out that scam.

So how did you feel?

I felt my privacy had been invaded, threatened.

I feel depressed that somebody could try and invade my premises.

TalkTalk tells us that helping protect its customers from scams

is a top priority,

and to do that it's launched a number of initiatives,

including a dedicated scam prevention team

and a nationwide awareness campaign called Beat The Scammers,

to provide guidance and tips,

as well as several times contacting all customers

with warning and advice.

It added that it was very sorry to hear what had happened

in this particular case, but pointed out that phone and e-mail scams

are a serious and growing problem,

affecting not just TalkTalk

but people and companies right across the UK.

It said it's determined to play its part

in ensuring that other customers

are not put in the same position as Philip -

but the company's name continues to be dragged into similar scams,

both online and over the phone.

Indeed, we've heard from a Post Office worker in Chapel-en-le-Frith

in Derbyshire who just in the nick of time

managed to stop one such fraud in his tracks,

after an elderly lady walked into her shop.

She approached the counter nervously.

So I said, "OK, then, have you filled the form in"?

"No, I didn't know I needed a form".

"Yeah, you needed a form".

So I said, "OK, then.

"Do you know who you are sending it to?"

"Yeah, a friend". I said, "OK,

"do you know this friend well?"

"Yeah, he keeps phoning me up".

It transpired that the elderly woman had received a call from someone

claiming to be, yet again, from TalkTalk.

They told her that the company had refunded too much money

into her account, but she was to send it back via a money transfer.

However, Linda was immediately sure this was a scam.

I explained to her, she was in tears, she was very upset,

very anxious. I managed to take her to one side

and hold her hands and say to her,

you know, "It's a scam, you know, you don't owe that amount of money.

"It's important you don't send it. Please believe me".

This wasn't the first time Linda had come across customers

tricked into sending money transfers to unknown fraudsters,

who'd got in touch with them over the phone.

One guy came in to me wanting to transfer £10,000.

This was his life savings that he was wanting to send back,

because he was under the impression

that they had put it into his account.

I find over the past 12 months at least

there's been 10-12 incidents of the scam,

that I have personally dealt with.

This is tragic, and it just shouldn't be.

You know, these people are vulnerable

and we are talking about their life savings.

Well, isn't it fantastic that the locals here have somebody like Linda

looking out for them? And she's got advice to keep in mind

should any of the rest of us be cold called with a similar scam.

They want your bank details, you go and speak to the bank first.

You never, ever give bank details out over the phone,

or even on the internet.

You know, companies are set up

that they don't ask for this sort of thing.

I love her -

but considering how many of her customers are being targeted,

Linda believes businesses could be doing more

to protect their customers from fraud.

I think companies should take more responsibility with their own data

and how they store it and what they do with it.

I mean, cyber attacks are one thing,

but they should really have more security on their own facilities

and their own policies and procedures.

In response to this growing problem,

the Post Office and other financial institutions have got together

with the police to roll out a national scheme

called The Banking Protocol,

which is hoped will mean that any time someone walks into a bank

or a Post Office to withdraw or transfer

significant or unusual amounts of cash,

staff will be expected to ask them a few simple questions about it,

in order to stop these types of fraud in their tracks.

If a potential fraud is found,

it will also be reported to a dedicated police response team,

who will be sent to investigate.

Back in Surrey, Philip and Leslie

wish that on the day they were scammed,

they'd asked themselves some of those questions.

Perhaps if they had,

they wouldn't now be thousands of pounds out of pocket,

with very little chance of getting any of their money back.

So, how are you feeling at this particular point,

realising what had happened?

A bit of a mug, really,

quite foolish, annoyed, robbed.

That's what happens, that's the feeling.

That somebody has...

walked into your house and stolen things.

All through today's programme we've been hearing how faceless criminals

will stop at nothing to get their hands on our personal information -

whether it's access to our companies,

our e-mails or even our homes,

we're all worried about becoming a soft touch for a determined hacker.

So, is there anything we can do to protect ourselves

from this type of crime?

Well, we're about to meet a crack team

who are being specially trained to fight back

against these anonymous crooks,

and who better to teach them how to do it than a former hacker himself?

He's now turned good guy,

but he's making good use of some of his old tricks

to come up with some very new advice

to make it much harder for the hackers to attack.

It's estimated that cybercrime costs the UK £34 billion a year,

but not all the people behind even the biggest attacks

are hardened career criminals. Back in 2015, it was a 17-year-old boy,

apparently operating from his bedroom, who hacked into TalkTalk.

He said in court he was just showing off to his mates...

..and Mustafa Al-Bassam was also a teenager when he was prosecuted

for hacking. Mustafa was caught hacking America's CIA,

as well as the UK's Serious Crime Agency.

Now, aged 22, he's on the side of the good guys,

based at the Department of Computer Science

at University College London.

I really want to find out what makes a hacker,

or in this case a reformed one, so I've arranged to meet him.

Mustafa, how did you get into hacking?

Well, when I was very young, about eight or nine,

I got my first computer, and I started learning

how to programme and learning how to make websites,

and when I started learning how to programme,

I started to realise the mistakes that allows hackers to take control.

So from that, I became sort of really interested

in computer security and hacking.

And it wasn't long before he got involved with a group of hackers

who, he says, led him into hacking websites belonging to government

or big business, just for fun.

So what was it like, when you were doing it?

Did it feel exciting, what was motivating you?

Well, I think it was a bit of a challenge, really.

It's kind of like puzzle solving, it's a bit of a game.

Once you've solved the problem or solved the puzzle,

when you finally get into the system,

you sort of get a thrill from it.

Nowadays Mustafa is poacher turned gamekeeper,

studying the way hackers behave,

and today he's going to reveal some of their secrets.

So, tell me how a hack begins.

So, it depends on the purpose of the hack.

If it's a financial hack,

the first thing they will do is they will try to find as much information

about you as possible.

By googling you, looking at your Facebook accounts,

finding your e-mail accounts, etc.

So the more exposed you are online,

the easier it is for them to find out about you, is that right?

Exactly.

So, information such as e-mail addresses,

mobile phone numbers or your date of birth are all useful to a hacker.

And to demonstrate what can be done with them,

Mustafa has set up a dummy shopping website that has what's apparently

a fairly common weakness in its security,

similar to the one TalkTalk used to have on its website,

and easy for hackers like him to exploit.

He's asked me to log on to the shopping site and create an account.

I'm on my computer and I'm shopping online, and while I'm doing that,

what are you doing?

So you've signed up for a vulnerable shopping website,

that has a security hole in it -

and you've signed up for this website

with a username and password.

Now what I can do, I can try to hack into this website

and extract your personal information.

And it doesn't take long before Mustafa successfully gets into first

the website, then my account.

And now I can see your e-mail address

and also I can see a protected version of your password.

I always thought my password would be hard to figure out,

but Mustafa says not.

Now I've managed to crack your password...

-What?

-Because you used a very common password.

-Is it?

-Yeah.

Well, blow me down.

That's upsetting!

I'm about to learn my first big mistake -

the password for this shopping account is the same one I use

for my e-mails, so Mustafa is immediately able to use it

to access all of those.

Now I'm logged into your Gmail account,

now I can see all your e-mails,

because you haven't used unique passwords.

-Guilty.

-I can see here you've got an e-mail

from someone called Gloria Hunniford,

asking you if you've seen the script for the next shoot.

This is very spooky.

So, now things get really serious.

The next stage in this hack is vital.

Sometimes hackers will create an e-mail address

from someone that you know, that looks very similar

that might have just one letter difference,

to trick you that that person is really them.

So, Mustafa does exactly that,

creating an e-mail account

with an almost identical address as Gloria's,

which he uses to send an e-mail that naturally I will go on to open.

On that e-mail is an attachment that looks like a programme script,

but is in fact a bit of computer software called malware.

Once opened, it gives Mustafa complete control over my computer.

So, now I can do all kinds of things to your machine.

For example, I can take a webcam photo.

I can, for example, record everything you're typing,

so if you were to type in your username and password somewhere,

I would get your username and password.

If you type in credit card information,

I will get your credit card information,

I can essentially retrieve or download any file on your computer.

If you've got any sensitive photos or documents there,

I can download them.

So, with the click of a button, you have taken over my life?

Exactly.

With access to my e-mails, Mustafa could cause utter havoc.

He could use my identity to rack up loans and credit cards in my name,

as well as gain access to my bank account -

but it seems the key to avoiding this type of situation

is simple advice that we've heard before.

There's a lot of basic steps that you can do to protect yourself.

It's very important that you use a unique password for every website,

because if one of those websites get compromised,

it means that hackers can't use that same password

to compromise your other accounts.

Secondly it's important to have some due diligence

when it comes to opening attachments from people.

So never, never open up a document that's contained within an e-mail

from somebody that you don't really know?

-Exactly.

-Is that correct?

-That's the best way to be safe, for sure.

Mustafa is clearly a whizz kid at the computer,

so it's a relief that he is now putting all his hacking knowledge

to good use, instead of disrupting big business and government...

..but in recent months,

a number of big companies and organisations have fallen victim

to cyber attacks, with Wonga, Airbnb, ABTA and Yahoo

just some of the high-profile names who've had their computers hacked,

and their customers' personal data compromised.

So it's no wonder that in the fight against the hackers,

the Government is eager to recruit

some of the country's brightest computer brains.

I've come to Bristol,

to meet the next generation of computer geniuses.

Right, so if I can get everybody else's IP addresses...

In this room are some of the UK's top computer whizz kids.

The moment of truth.

Brought together by big business and government agencies,

in an effort to find new talent

to plug what's been recognised as a skills gap

in the UK's cyber defences.

Looking around the room, I'm struck by how young they are.

They were born into a digital world, where things like tablets,

computers and smartphones are constant companions.

These teenagers all have the sort of in-depth computer knowledge

that would enable them to be hackers,

but it turns out they'd rather use their skills to help.

How long have you been doing this kind of thing?

I originally started this thing, probably about 14.

What are you hoping to do yourself in the future,

are you going to go to university

or are you going to go straight into business?

I'm looking to go the university route.

Ideally I want to study maths and computer science,

and then look at doing the cyber security thing once I graduate.

Yeah.

The Government recently announced the creation of a special training

college at Bletchley Park,

to teach cyber security to 16-19 year olds in an effort to build up

a talent pool for cyber defence...

..and last year a £1.9 billion cyber security strategy was launched,

with part of it aimed at stopping children becoming involved

in sophisticated computer hacking offences -

and it seems those of us who are slightly older

also have a role to play in the war against cyber crime.

The man running today's events in Bristol is Brian Lord,

a cyber security expert who spent 21 years working at GCHQ.

How do you actually make this world something that ordinary people

can be involved in and, therefore, to some extent, protect themselves?

There is a sense of personal accountability

that I think everybody can take.

The same way in which, if someone knocks at your door,

you don't automatically invite them in.

You don't leave your keys in the car with the door open

because you just can't be bothered to unlock it

and put the keys in the ignition.

So there's a lot of education,

and I think this is where there is a gap in what we do -

there is still a lot of education that needs to be made available.

As we've heard, taking care not to open unwanted e-mails

and attachments and, most important of all,

using totally unique passwords on websites

really do go a long way

to protecting ourselves from being hacked -

and it's reassuring to think that the teenagers in this room

in Bristol could one day be playing a key role

in keeping us all safe from cybercriminals.

The stereotype of a hacker sitting in his bedroom with his hoodie on

and hacking away at computers is not true.

You can see that from the people around us today.

What I would say is, for every bad hacker at there,

there is somebody doing good and doing the ethical thing.

Still to come on Rip-Off Britain, how safe is your home?

Could the latest hi-tech gadgets

be leaving you open to a cybercrime attack?

This is us upstairs, being filmed.

How does that make you feel?

Oh, good God.

It's more than scary,

it's horrifying that he could be watching your every move.

Manchester's Trafford Centre

was this year the venue for our annual pop-up shop,

where visitors took time out from the shops to wait for advice

from our top team of experts -

and while we tackled most of your problems indoors,

outside we were looking to help one of the sweetest faces to drop in -

seven-year-old shih-tzu Maisie.

She was joined by her owners, Marion and Tom Slavin,

who were hoping that Andy Webb from the Money Advice Service

could give them advice

on a pet insurance claim they made last year.

Well, this is Maisie - and aren't you a little cutie?

Absolutely! But, Tom, you and your wife have had problems, have you,

with a vet's bill over Maisie?

Yes, we did, yeah. She had a cyst on her back, on her shoulder,

which actually burst, and after about three visits with the vet,

we finally submitted the claim to the insurance company,

amounting to something like £226.

The insurance company agreed to pay the vet's bill,

and they deducted an excess fee of £89,

but the couple were shocked to also see a further deduction

of £38.50 for unrelated and unexplained items.

It was my contention that we paid the vet his fees,

which amounted to £226,

but now we are being deducted a further amount

because they don't want to pay it, basically.

Well, Tom, we've got Andy with us here -

what do you think is going on here with pet insurance?

We're always hearing that people are having problems

with their pet insurances.

Yeah, it's so frustrating, isn't it? Because you put in one claim

for one illness, as far as we're concerned,

and you expect that to be treated as one payment

minus the excess you spoke about.

Tom and Marion have requested further information

from the insurance provider to find out which part of the treatment

wasn't covered. They're still waiting for a response,

but what can they do in the meantime?

Now, I would definitely look at the policy documents,

just in case there's not any exclusions,

cos the thing with insurance

is there's so much small print, isn't there?

So what would your recommendation be, then?

That they'd first of all talk to the vet

and see if he or she can do something with the paperwork?

They might have seen this before,

they might know where insurers are doing this kind of thing

and something they can do to make sure, no, this is the same claim.

After they made the claim,

Tom and Marion were also surprised to find out

that the terms of their insurance policy would now change.

We got a letter from the insurance company, saying,

with effect August of next year,

which is the renewal date for Maisie's insurance,

we are excluded from claiming for anything relating to cysts.

Yeah. And it feels kind of unfair, because you paid so much money,

even if you try to shop around to another insurer,

it's still a pre-existing condition.

-Yeah.

-It's very unlikely you're going to be able to get cover

for Maisie now, if that was to come back.

But for anyone unhappy with changes or charges on their pet insurance,

Andy suggests an interesting alternative.

Obviously, the older a dog gets,

the more expensive the insurance premiums get anyway.

So you might want to consider self-insuring,

which is basically putting the money aside yourself.

You mean like a savings policy?

Yeah, it's an emergency fund that if any other illnesses come up,

you've got the cash there to pay for any other coverage,

including anything that might re-occur.

Well, there you go, Maisie,

so what do you reckon you're going to do, then?

We've already cancelled the insurance policy and put aside.

So, I mean, whatever happens, she'll be looked after anyway.

And she is an absolute cutie, so, hopefully, Maisie, stay well,

nothing more in the future for your mum and dad!

Back inside, technology expert David McClelland

is downloading his thoughts on the shelf life of some of our purchases.

So, David, we get a lot of e-mails to the office

about all things to do with technology,

you know, people will say, "I bought a new telephone,

"I have bought a laptop,

"what is the expectation of how long they may last?"

I think we're being conditioned to refresh the technology that we buy.

I mean, take smartphones, for example.

We buy them on a contract, that might be 12 months, 18 months,

two years long, and then we want to buy a new one.

Technology has become almost like a fashion item.

And yet the question that crops up a lot is,

do you think that manufacturers build in a kind of obsolete clause

to encourage you to buy new the latest technology?

I'm sure if you were to ask this to any manufacturer,

they would go, "Absolutely not, what a preposterous idea."

If you were to push me,

I would say that I think it would be a really bad thing

if manufacturers were to, essentially, hobble a device

once it got to a certain age

so that it would push us into buying a new one.

Can I say that it's never happened before?

I'm a suspicious so-and-so, that is why I'm in this job.

But leaving technology to the one side,

I find even with a dishwasher or a washing machine,

you get a chap who'll come out to fix it, and he'll go,

"It would cost you more for me to fix this in time

"than it would to buy a new machine."

When items, when devices are manufactured en masse,

the overall cost comes down, economies of scale.

But then if you're wanting a replacement part,

that part maybe isn't being manufactured any more,

so does cost more to buy that one individual part,

so it can be cheaper - as frustrating as it is,

it can be cheaper to buy a new device.

That's how it is, I'm afraid.

Meanwhile, many of you took the opportunity

to visit our gripe corner,

to get off your chest the consumer issues that wind you up the most.

What I get annoyed about is football merchandise.

It's so expensive, such a rip-off.

What makes me cross is that our bills keep going up all the time,

and the increase we get in the pension doesn't cover it whatsoever.

If I get one more call about PPI...

Stop calling!

Stop calling!

During the years that we've been making this series,

I've been able to see at first hand

just how fast the nature of scams has changed,

and how quickly the fraudsters behind them

are able to exploit the latest technology

to get their hands on your money.

Now, what makes that especially concerning is that, these days,

just about all of the clever gizmos and gadgets

that we have in our homes to make our lives run seamlessly

are, in some way, hooked into the internet.

So it's not just our laptops or our phone and tablets

that the crooks might be targeting -

all sorts of our personal data can be floating around

in a way that means that it could, quite conceivably,

fall into the wrong hands.

Russell Morris from Swansea runs a successful cleaning firm

with the help of his partner, Pauline,

which they manage using their Facebook account.

About 80% of our customers come from Facebook, you know,

they've been finding out via that method, basically.

Not only does he advertise on Facebook,

but his PayPal account is also linked to it,

so, once logged onto Facebook,

he can manage his bookings, make payments,

and receive money from his cleaning jobs.

That online account is pretty much a portal to his entire business.

We rely on social media a lot,

it has made a big impact on our business,

and I don't think we would have took off as well as we have without it.

Russell had never had any problems running his business this way

until one day, on his way to another cleaning job,

he tried to buy some petrol.

I went to use my bank card to pay for the fuel - declined.

I was thinking, "Oh, that's strange,

"I've only just been paid."

Russell called Pauline, as she had access to the bank's online account.

So I went on online banking on my phone,

and I saw the account was empty.

£800 had been cleared out of Russell's account.

Pauline then checked her own account,

and £400 had gone from there, too.

And a further 1,500 had gone from her mother's account!

They were baffled as to what was going on.

We just saw the money was gone, but we didn't know why it happened,

and we said, "Listen, Mam, we don't know where it's gone,

"but it's gone."

After long conversations with the bank,

it became apparent that they had been targeted by hackers.

The bank agreed to reimburse all that had been stolen,

pending an investigation to prove that a fraud had taken place -

but, by now, Russell was in no doubt as to the explanation.

They hacked into my Facebook account that was linked with PayPal,

and then they could do whatever they wanted to and empty as much money

that I had or Pauline had or her mother had linked into the account.

Russell and Pauline did receive a notification from Facebook

saying that their account had been suspended

as it had detected suspicious activity -

but their bank said that because PayPal told them that their password

had been used to access the Facebook and PayPal account,

it had been deemed a genuine transaction, which,

as far as the bank was concerned, meant there had been no fraud.

They basically said that we authorised it, didn't they?

Yeah, it looks as if we authorised it.

But the only proof you can get

is through Facebook, I would imagine,

and Facebook is hard to contact.

Russell says he tried to contact Facebook to ask for more details

about who had logged in and where from,

but says the company didn't respond -

and, in the meantime,

as the bank no longer considered that this was a fraud,

Russell was asked to pay back most of the money.

You feel like a criminal, that's basically it,

you feel like a criminal.

And when nobody is listening to you, the banks are believing PayPal,

PayPal are not coming back with anything...

Russell and Pauline still had no idea how the hackers

managed to get hold of their Facebook passwords,

which then automatically gave them access to their PayPal account.

They're very clever people...

and I wish I could get my hands on them.

We asked IT security expert David McClelland to have a look

at Russell and Pauline's story,

and he believes that linking accounts like PayPal

to one Facebook password had left them vulnerable to attack.

The lynchpin of the fraud here

is the fact that Russell's Facebook account

was connected to a PayPal account.

Not only that, but Russell's PayPal account

had three different bank accounts linked to it.

The fraudsters struck lucky - they got three for the price of one here.

As far as the bank is concerned, as far as the merchant here, PayPal,

is concerned, Russell authorised these payments -

you know, the hackers had a username and password.

David also believes that, given that Facebook has so many users,

it's near impossible to get them to invest the time it'll take

to help prove that this was a fraud.

I think that it needs to go to Facebook as the right place

to try and get these charges contested.

One would hope that Facebook

would be able to look at some login information

and notice when, all of a sudden,

someone was logging in from a different country

on to that Facebook account

to try to spot where these fraudulent logins happened

and try and ascertain and, you know,

make sense of where this fraud has actually happened.

Unfortunately, because it's one of the biggest internet companies

in the world, with well over a billion users,

that probably makes the job a little bit harder.

Well, we contacted Facebook about Russell and Pauline's case,

and it told us that it is still looking into what may have happened

in this instance - but, in the meantime,

the company suggested

that anyone else who thinks that they may have been hacked

should head to the help page on its website,

which enables users to change their passwords

and review suspicious activity.

We also spoke to PayPal, and they confirmed

that Russell had linked his Facebook and PayPal accounts

so that he could automatically pay for advertising

that he purchased on Facebook,

thereby approving a billing agreement which allowed Facebook

to deduct money automatically from his PayPal account -

but PayPal said when Russell got in touch

to report 25 unauthorised payments made from his PayPal account,

an investigation found no evidence of unauthorised access

or suspicious activity...

..but Russell and Pauline are adamant

that their accounts were hacked and, as a result,

they are now thousands of pounds out of pocket -

and with their confidence severely shaken,

they avoid using websites to make payments altogether.

But in this day and age, that's really hard -

as computers or mobile phones have become so vital.

And there are those who would find it impossible to function

without relying on some kind of technology.

So we've asked Pete Turner, a digital security expert,

to help Pauline and Russell become more technology savvy.

So, first of all,

what sort of technology do you have at home right now?

iPad, smartphone,

PCs, laptops.

With the new devices that are in our homes,

perhaps a lot of people are not aware of some of the risks

that come with them. We've got some things inside here

that can show you some of the new smart devices

that can help make your life easier,

and I'll help explain, perhaps, about how to make them secure

-for everyday use.

-Yeah.

This specially adapted house in South East London

is full of the sort of technology

that we can expect to see in houses of the future.

Heating, lighting, even coffee machines and kettles -

they're all connected to the household internet

so that they can be controlled by using a mobile phone.

That router connects to the internet, so that's the gateway,

if you like, to connect all those devices,

but it's also a gateway for the hackers.

While Pete shows Pauline and Russell around this house of the future,

we've arranged for a friendly computer hacker

to see if he can hack into the Wi-Fi

and take control of some of those household appliances.

Very soon, lots of devices are going to be connected to the internet.

Some of them may be more useful and more applicable to some people than

others and, you know, in a kitchen,

not just coffee machines and kettles,

but your fridge, for example, can be connected to the supermarket,

so when you run dry of things, it can order some more for you.

So if your fridge was connected to a supermarket to record food

when things run low, in the event of a successful hack,

criminals could potentially access all sorts of information -

most likely including bank details.

Why would someone want to hack my kettle?

Well, it's true, actually, it's not a particularly big risk to you,

there's no personal information on your kettle,

but what the hackers want to do is to control that device

because it can send a signal to other computers.

Pete says any device controlled by your Wi-Fi is a potential window

for hackers to get to other computers and devices in your house,

including televisions, laptops and tablets.

As Russell and Pauline leave the kitchen,

the hacker has successfully managed to hack into the coffee machine.

He even switches it on.

And it seems there are plenty of other gadgets and devices,

from security cameras to baby monitors,

that could face the same risk.

These devices are vulnerable because of the camera on them,

and there have been instances where people have access to baby monitors,

like this, and used it to actually communicate with the baby,

because some of them have voice control and a speaker where you can

actually talk to them. And that is really creepy.

Yeah, that's creepy, yeah.

However creepy, that is exactly what's happened

in the house right now.

Our hacker has managed to hack into the baby monitor, too,

and he's watching everything.

So when they make their way back to Pete's car,

Pauline and Russell are in for a bit of a shock.

So we've seen some great connected devices,

but what you won't know about is, whilst we've been filming today,

we've actually been hacking live into some of those devices.

And you can see here, this is us upstairs, being filmed.

How does that make you feel?

Oh, good God.

It's more than scary,

it's horrifying that he could be watching your every move.

With the possibility of so many of our household devices

being linked to the internet,

experts like Pete think it's become increasingly important

to really gen up on what's needed to protect yourself from hackers -

and there's three really simple bits of advice.

So, top ways in which you can stay safe at home is to make sure

you download the latest security updates for your operating system

on your computer and any other firmware updates for those devices.

Secondly, make sure you have up-to-date antivirus software

on all your machines - really, really important,

stop those hackers getting into you in the first place.

Thirdly, make sure you change your passwords regularly

and choose passwords that are different

for each of the different devices or services you use.

And that's particularly useful advice for Pauline and Russell.

When their password was hacked,

it gave criminals access to their bank account,

so they've learned that in future

they need to be much more careful online.

Scary, it's been a real eye-opener.

Yeah, you realise nothing's safe, you've got to be so cautious.

The biggest thing I'm going to take away from today

is changing the passwords -

to protect ourselves, we've got to change it.

Well, if you have a story you'd like us to investigate,

then we now have even more ways to get in touch.

You can join in a conversation on our Facebook page,

just look for BBC Rip-Off Britain.

As well as the most up-to-date news,

you'll also find exclusive behind-the-scenes clips

and pictures from the show.

Or you can log onto our website, bbc.co.uk/ripoffbritain,

where there's plenty of advice and fact sheets full of tips

on how you can avoid getting ripped off.

Or if you'd like to send us an e-mail,

then our address is [email protected]...

..and, of course, you can send a letter to our address...

Now, I must confess, and the girls will be nodding at this,

I'm not the most tech-savvy person you'll meet in life,

but I've always been worried

about some of the things that can happen online -

but hearing some of those stories today

has only made me more convinced

that the biggest names could be doing more to safeguard our details

against hackers so that our most valuable information

doesn't end up in the wrong hands.

I was so interested to meet our former hacker Mustafa

and hear what he had to say on this.

He really does feel that even some of the best-known businesses

are still leaving themselves vulnerable to attack,

which is a bit worrying, to say the least -

and he should know, because before he cleaned up his act,

he could well have been the one going after them.

So I think we'd all like to see the companies up their game considerably

in the fight against cybercriminals.

I think we all agree with that.

And while, of course, many of them are doing exactly that,

we've all got our own part to play in this, as well,

so maybe today we all picked up some tips on how to make sure

that we're doing our bit to protect ourselves - as well as others.

But I'm afraid that we're going to have to leave it for today.

We really loved having you with us and look forward to seeing you again

the next time we're back. So, until then, from all of us on the team,

-bye-bye.

-Bye-bye.

-Bye-bye.