The Law & its application

Picture the senario...

A client calls & says that they have received an email from you which looks suspicious, a phishing email scam.

When you recieve it, its looks just like your email that you sent 2 days ago, with an invoice for £12,600. BUT there is a subtle difference! The email address has an extra letter in the domain portion & the telephone numbers are 1 digit out. Other than that its identical! So being a dog with a bone, you set out to ensure that the people behind it are bought to justice.

How can I do that? well, I have telephone numbers & email addresses & domain name so lets check them:

Domain name registered in Bucarest Romania 2 days earlier. Now go back 3 years & when you lookup domain ownership, you saw where it was registered, who owns the domain, where they were located & contact addresses. But now because of GDPR all you can see is WHERE it was registered nothing else! So thats a blank

Telephone numbers - dial them it comes up invalid number

Email addresses, last port of call. So from a gmail account, I pretend to be the client (just by putting a footer on the email, other than that its a gmail account) & email them asking them to contact me, regarding the payment. Within the hour I get 2 phone calls from a with held number purporting to be our secretary who'se email account the original one was sent from. Now our secretary is a middle ages caucasian londoner, who I have known for 15 years. The person on the other end of the phone, was from the indian sub continent, but insisted she was our secretary. I asked that they email me their bank details, so that I can expedite payment & guess what, they did! I have voicemails from them, emails from them

So now, I have a contact email adddress that they respond from & details of a UK bank account where they want money paid into. Rubbing my hands I contact the police.

Initially, the PC I spoke to (lets call him Fred) was very helpful, as I explained I had a dialogue going with the fraudsters & needed help to ensure that they were aprehended.

That was last week, now fast forward to today......

Over the weekend I had 2 futher emails from the fraudsters chasing payment, which I ignored. I forwarded them along with voicemail recordings to Fred & got this response

"I’ll need you to report this incident to Action Fraud, (including the bank details and the spoofed web domain) before my colleagues can investigate it.

I will certainly grease the wheels from this side of things but the first port of call needs to be Action Fraud I’m afraid (as it’s on going, you should be able to report via telephone)

I will collate all you have sent me and liaise with the investigation hub."

Which I duely did, spending 40 odd minutes on the phone, detailing every conversation/email I have had. I was told that it would be reported to National Fraud Investigation. RESULT or so I thought. within an hour of putting the phone down to Action Fraud, I get an email

Dear DOG WITH A BONE,

You recently made a report which we recorded under NFRCNNNNNNNNN

Home Office Counting Rules set out the circumstances under which we can record a crime and on this occasion the matter you reported to us cannot be classified as a police recorded crime. Home Office Counting Rules for Fraud and Cyber Dependent Crime can be found online at https://www.gov.uk/government/publications/counting-rules-for-recorded-crime.

You have indicated within your report that the misuse of your personal details or that of a company trading style played a part in the matter you are reporting. The use of another person’s identity, often referred to as identity theft, is not a police recordable crime. Where the details are used to obtain goods or services, we can only record a crime on behalf of the person or organisation which was defrauded as a result of the misuse of an identity.

An example of a situation in which we could record a crime would be where details were used to obtain credit, the use of which left the provider of credit with a financial loss. In these circumstances we would record a crime for the provider of the credit and look to establish if there was scope for the matter to be investigated.

Whilst the misuse of your identity cannot be classified as a police recorded crime, we do recognise that identity theft can cause significant distress and inconvenience. For advice and support, please see www.actionfraud.police.uk/fraud_protection/identity_fraud.

What happens next?

Whilst we have not recorded this matter as a crime, we will still make use of the information you have provided. Information reports are utilised to enrich the overall intelligence picture which assists with the formulation and refinement of prevention strategies.

So I'm thinking WHAT?????? why?

Surely Fraud as defined by the Fraud Act 2006 section 2 Fraud by false representation?

Section 2 makes it an offence to commit fraud by false representation in any form. For a representation to be false, the representation being made must be wrong or misleading, and the person making it must know that it is, or might be, wrong or misleading.

The representation is wrong or misleading.... yep ticked that box

The person making it must know its wrong or misleading yep ticked that box

Now I'm not legally trained, I just have a good knowledge of how the Law works & what is required. I think I have met the requirements. I have them "banged to rights" waiting for me to pay them money, thats money they would be obtaining by fraud.

We know where the bank account is held (a certain place in Wales) & to open that account they would have had to present NAT WEST with all sorts of documents. How much more do the authorities need? Would be SO easy to set a sting operation up. But my hands are tied.......or are they??? we shall see....