Energy Scams

Mis-sold Energy Contracts – The Background

If you were asked to place a value on how much UK customers are being scammed for by rogue energy brokers, what would you guess? A few million…?

Mis-sold energy contracts and third-party intermediary (TPI) fraud is a booming business. It’s unlikely you have even heard about this type of scam before – it has been quite successfully kept under wraps for years now, with only a few speaking out against it. The most common way in which UK customers are scammed is by agreeing to pay a hidden ‘broker commission’ but malpractice is absolutely not limited to this.

Back to the burning question – how much money are we being scammed out of?

It may horrify you to find out that over 2 billion pounds are taken from UK customers every single year. That is enough to build the Wembley Stadium… twice.

Source – Metro

That is 2 billion pounds going directly into the back pocket of cold-calling, unscrupulous, morally bankrupt brokers. Can you believe this isn’t covered in the front pages of every single national newspaper?

There are numerous little loopholes in which TPIs can exploit to part you from your money. Even though they often don’t, suppliers and brokers must disclose whether you will pay a commission and how much it will be at the point of sale. If they do not – it is fraud.

Unfortunately, the fact that this practice is illegal does not seem to deter many. There are now well over 3,000 energy brokers within the UK – although many will operate within the regulations, there are also plenty who flaunt them.

If this has happened to you or anybody you know then you could be entitled to claim back your money from both supplier and broker. Keep reading to find out how.

Source – The Guardian

Mis-sold Energy Contracts – The Techniques

This article will mainly focus on commission-based mis-selling, although we have included some common ‘techniques’ to be aware of. This list is in no way exhaustive and there will be other methods employed.

Technique	About
Mis-Selling	It may be surprising to know that energy brokers are not legally obligated to offer the best deal to customers. This leaves rogue energy brokers free to pass off contracts that provide themselves with the most money as the ‘best’ for the customer. This can be through contracts that offer high broker’s commission, or unsuitably long contracts.
Lack of Transparency	Energy brokers will not clearly present their contractual fees and charges to customers – do you know how much rogue brokers will profit from your monthly energy bills? Most people don’t. They are also not obligated to present all available options and can present a select few as the only options. Often these are the ones that offer the largest margins for the broker.
Misrepresentation	A common tactic employed by rogue brokers is to falsely identify themselves so that customers believe they are operating on the behalf of a supplier. This is a good way of exerting pressure onto businesses to change contracts that suit rogue brokers.

How Commission Is Hidden Within Contracts

Most commonly, commissions will be hidden in contracts following an energy contract sale from an ‘agent’, ‘broker’, ‘introducer’ or ‘TPI’ over the phone. There are many different faces to this scam.

It is incredibly difficult to tell who you are actually speaking to over the phone, and it is not uncommon for brokers to disguise themselves as someone else in order to gain leverage over the customer. Most commonly this will be in the form of energy suppliers themselves.

Broker commissions or introduction fees are completely legal – it is only when the customer has not been made aware of them prior to agreeing on a contract that it crosses into illegal activity.

As a rule of thumb – never agree to anything over the phone. It is legally binding and often recorded by brokers for future evidence.

Source – Claim Experts

How Much Could Your Claim Be Worth To You

This varies from customer to customer. As the commission is almost always based upon consumption, there is little to no way to calculate without knowing this value (or an approximation).

We will run through a quick example to demonstrate how much your claim could be worth to you.

Energy cost: 20p per kWH

Broker Commission: 5p per kWH

Total Unit Cost: 25p per kWH

Estimated Monthly Consumption: 500kWH

We have outlined the parameters for this example above using completely fabricated values. Your bill and charges may look entirely different, so do not panic if this is the case.

By multiplying the total unit cost by monthly consumption, we can find the total billed amount that the customer will pay to their supplier.

0.25 x 500 = £125

However as 5 pence of the total unit price is made up of mis-sold commission, we can calculate exactly how much of this monthly bill goes directly to the broker.

0.05 x 500 = £25 a month

25 x 12 = £300 a year

It is worth remembering that this is a relatively small monthly consumption for this calculation. In the real world, consumption figures are much higher. For businesses (depending on industry) it is likely to be even farther still.

How To Begin A Claim?

If you are one of the thousands of people affected by this type of scam, then you may be able to claim back some of your money. More importantly, you may find a way out of your dodgy energy contract.

It is advised to reach out to a business that offers energy contract claims as part of their service. This is to maximise the potential for a successful claim, as-well as the likelihood of a faster result.

Before beginning your claim, you should spend some time sorting through any paperwork received from your broker/supplier to provide evidence for your claim. It will also make it easier to pass on this information to your claim’s provider.

Source – This Is Money

It’s Not All Doom And Gloom – Ofgem

In 2020 Ofgem announced new suggestions on how to improve the energy retail market, by tackling this issue. With smart-metering becoming commonplace, increased support for customers, and faster more reliable switching it is hoped that there will be a real impact in tackling rogue energy brokers. This includes a new two-week cooling-off period for any businesses with a new energy supplier, giving them the freedom to reconsider the terms of the contract. A new dispute resolution service for unhappy customers will mediate discussions between energy brokers and dissatisfied customers. These measures should hopefully redistribute the unequal power dynamic between rogue brokers and customers.

If you are worried that you may fall/have fallen victim to malpractice then it is important that you complete your own research – this should give a good idea of how much suppliers actually charge for their energy services. This should also make it easier to identify if and when there are hidden costs within a contract. Be vigilant for high-pressure sales pitches as often this is a good sign that you are being pushed a contract that is beneficial for the broker.

If you would like to learn more about the ins and outs of the energy sector, have a browse of the Ofgem website here: Ofgem.co.uk

Don’t Go It Alone – We Are Here To Help

It can be scary fighting your claim against a big company by yourself…

But who ever said you had to go it alone?

Energy Solutions have worked in the business of energy procurement for over twenty years now, so we know how things should be done the right way. Our trained experts know the business of energy like the backs of their hands, so if you are looking for someone knowledgeable to help fight in your corner – we will be there.

Take the first step today – contact us to find out how much money you could save.

If you are looking for some friendly advice or even just a chat about energy, you can call us on 0131 610 1688 during all normal UK office hours.

Alternatively, you can use our webform, email us at nick@energybrokers.co.uk, or WhatsApp us on 07757 400 788.

We look forward to hearing from you!

Google Snippets

Have I been mis-sold an energy contract?

If you operate a micro-business, it is incredibly likely that you have been – estimates of up to 90% of micro-businesses using a broker have fallen prey to mis-selling.

How to tell if I have been mis-sold an energy contract?

It is incredibly difficult to tell if you have been mis-sold an energy contract – but not impossible. Dig out your contract and invoices and scan for any charges or fees that look unusual. If in doubt, contact Ofgem, your supplier, or other intermediaries.

How to tell if an energy contract is a scam?

If you are being contacted over the phone – the likelihood is that an attempt to trap you into a verbal contract is being made. Be wary of ‘introduction fees’ or ‘commission’ as these (and similar terms) are buzzwords for energy mis-selling.

How do I claim energy contract commission back?

Most commonly you will need to begin a business energy hidden commission claim with an intermediary. There are many businesses out there who will help you claim your money back, for a fee.

How much is my hidden commission claim worth?

There is no real way of telling as often it is based on consumption and other unknown variables. Most commonly commission is worth a few pence per unit of energy used.

Extrapolate this over your total monthly consumption to figure out how much your claim could be worth. Claims can be worth anything from £1,000 to £500,000

How do I claim money back from an energy broker?

You will need to submit a business energy hidden commission claim if you are a victim of a hidden broker commission scam. This can be done through an intermediary company.

Checking the identity of your meter reader or meter engineer can greatly reduce the chance of crime and fraud in your area.

Energy suppliers take fraud very seriously, and do all within their power to help protect their customers, but there is only so much they can do regarding your home or business building, the rest is up to you. Energy suppliers often have approaches in place with trained staff that are able to recognise fraud and help you handle it when you are concerned.

Below, we put together a handful of useful tips and examples of where you may feel compelled to check the identity of those visiting your home on behalf of your supplier, and how to handle it if you are unsure. You can find a quick checklist below to simplify the information given in this piece.

As an industry, customers should know to expect four main things from their energy supplier when it comes around to that mandatory time that they will need to send a meter reader or engineer to your property. These expectations are outlined below, with the help of Energy UK’s Fraud prevention page;

When a meter reader or smart meter installer visits your property, you can take a number of steps to confirm their identity, by…

• Checking for a visible identification, such as a badge or lanyard that will often come alongside the uniform of your supplier. Some companies have it as standard that staff provide this to you on first meeting.
• Calling your supplier on a phone number that you are already familiar with, if you are at all hesitant or concerned. This means using contacts that you have found to be secure in the past, for example, the number listed on their website.
• Requesting additional security; many suppliers give you the option to agree on a password (that is valid both in person and on phone calls) for additional security for you. As the terminology states, this is usually something that you should ask for rather than something that is given to each and every individual.

Your password should only be shared with those who need to know it, such as yourself and/or an elected partner. The company will only share this with those whose is relevant to, such as the caller you will meet on the phone. This means that you may be given this personal password when you call the company; Some companies even offer a free password protection card to be sent out to you, so that you are able to write the password down so you do not forget.

You can call the Priority Services of most organisations if you would like to change your password for any reason; they will ask you for the previous password and a new one. Your card will also have tips on what steps to take when someone calls to your property.

What happens when I call my supplier to confirm an identity?

When you call your energy supplier, they should then confirm your identity through a variety of security questions; You will know these answers because they have been set in advance, on opening your account with them. Because the energy suppliers are likely to give you important information on your account, it is mandatory for them to ensure that they are speaking to the right person first. The supplier will never ask for your account passwords or security codes related to bank accounts, payment cards or other financial property. Instead, account details will be disclosed to you as the account holder once your identity has been verified.

Another important way to avoid fraudulent meets is taking care when you receive an unexpected email from your supplier. Before taking these correspondents as truth, you should always confirm that this message is coming from the same source as your previous contacts. For example, your monthly bills or promotional emails will be sent from the same address, and likely hold a similar layout, such as a masthead with their logo on it and its positioning. If you do not recognise the layout of the email, or the address that you are being contacted from, you may want to contact the supplier individually to ensure that this is not fraud before handing over details or inviting staff into your property.

An email should never ask for your personal details, unless this has been previously arranged with the supplier for a valid reason. An email will only be addressed to the account holder or an individual nominated in advance, and should contain your reference number where appropriate. Your bank details should not be listed, even by your supplier, in an email or letter.

As stated above, handful of different suppliers follow varying protocol made to ensure the safety of their customers, although we found that a handful of these will overlap as the are found to be the most secure way to access this information safely. As an example, SSE released a customer statement outlining how their own trained staff may handle accessing your property, and the correct way for you to contact them with any questions or concerns. You have every right to contact your supplier if they are not SSE to ask them for this protocol at any time.

SSE shared that they tend to arrange their visits directly over the phone, meaning that any email or text correspondence is likely to be fraudulent. Alongside this, they follow the same guidelines mentioned above regarding company uniform and logo; Most of SSE’s representatives wear clothing and drive vehicles that are clearly marked with the company logo, alongside carrying an identification card that includes…

• Their full name
• Their colour photo
• The company trading name

Their representatives should show you this card automatically, meaning that you do not need to ask for it when they approach you. They claim that it is easy to confirm that these details are correct due to the name and photo of their staff member is larger than the rest of this identity card, in order to make it easier to read from a distance. Every time a member of staff leaves this company, they are expected to return their identification card which is then destroyed, meaning that previous staff members should not be able to gain access to your home after their employer has been terminated for any reason.

While contractors are not always treated with the same care, this company has similar guidelines to ensure that you are as safe as possible. When a contractor is working on behalf of the company, they will carry a similar identity card. The difference here is that this card will show an expiry date

A collection company sent to claim payments owed to your supplier is also counted as a contractor. Unlike most groups who may visit you on behalf of your supplier, it is likely that this company will ask for payment. The company in question that have been asked to work on behalf of your supplier should contact you in advance f their visit, either by writing or by phone, this means that you should always be expecting them on the day and are made aware that the representative is not from the company you might expect. They will also carry an identity card that is marked with their own employers company name; you are welcome to contact them if you are concerned, and your supplier should know the details, too, if you are not entirely convinced.

If a contracted collector is not able to receive the full payment that you are in debt of, or arrange a suitable repayment plan with you, they will then apply for a Warrant of Entry in accordance with the Rights of Entry (Gas & Electricity) Act 1954. This allows the company to access your home for the purposes of fitting a Pay As You Go meter, if it is safe and practical to do so in your home, or disconnect your supply in accordance to the terms made in your contract.          

The warrant mentioned above gives the contractor the right to enter your premises even if you do not give them permission to do so, or if you are not at home. They will only do this as a last resort when other attempts to arrange payments have failed or been ignored long term.

Just like SSE, OVO Energy also produced guidelines for their customers covering what to expect when an OVO engineer visits their home, including frequently asked questions such as “How can I be sure that an engineer is really from OVO?”

Unlike SSE’s identification card, OVO requires a signature from their staff. These subtle differences can be the crucial point between safety and fraud.

How can I ensure that the engineer on my property is genuine?

Have you…

Asked their job role; engineer, meter reader, contractor?

You should always know why someone wants to enter your home before you allow it.

Received a call letting you know that someone will attend a visit to your home?

Depending on your supplier, you may be contacted another way.

Contacted your energy supplier to ask how to confirm an engineer is working for them?

Checked for a branded vehicle and/or uniform?

Checked the engineer’s identification card?

Including name, picture and company title.

Been given a previously established password from your engineer?

Seen any relevant paperwork?

For example, a Warrant of Entry or information regarding the work they are doing.

Been informed of what work they will carry out in your home, and how long it will take?

An estimated time is fine, but they should always be able to give you a summary of their work.

Fake refund emails 

Following our pieces looking to help keep you safe from scams and phishing, below is a short form guide explaining how to keep yourself safe from email scams and what to look out for when receiving unexpected emails of this type. 

2020 saw hundreds of scam emails offering refunds of up to £400 from the likes of British Gas. These emails provided a link to access your account that instead collect your data in order to gain access to your account and mine details like your card information and regular payment dates. 

The following year, British Gas warned customers that they are aware of such scam emails, and offered information to report this in the hope stop more customers from finding themselves in this difficult position. 

We're aware there is a fake email going around telling our customers they’ve overpaid and are entitled to more than £400 in refunds. If you’ve received this or another suspect phishing email from us, you can send it as an attachment to phishing@centrica.com and we’ll investigate. pic.twitter.com/FOSFV4unvP

— British Gas (@BritishGas) September 18, 2019

Edinburghlive reported that these fake refund emails on behalf of British Gas specifically have been dating back to 2016, and over a number of years, have the potential to have cost customers millions. They are known to claim that you will only be contacted by your provider via the scam email you have received in order to isolate you from the true provider and give the scammer faster access to your information, due to being able to acknowledge each question or email you may send to those acting as your provider for clarity.  

Many phishing contacts claim that without immediate payment (often within 24 hours to 2 days), the client may lose the rights to claim their money back, or alternatively be billed for a remaining small charge on their account. Truthfully, it is not likely that in the case of an overpayment, you will lose the rights to your money, and instead, this will either be carried on to your next bill, or you will be contacted in a number of different ways, such as by post or a direct call from the supplier. You will never lose the rights to your money as a consumer and most contacts claiming this is likely not to have your best interest at heart. 

Which.com shared a false DVLA email in an attempt to help customers recognise spam, that even threatened home visits to the recipient of these emails. This is unlikely to happen in a real-life scenario if you are not being met by a debt repayment company.  

How can I tell if these emails are fake?

Firstly, checking the email this information was sent from. If it was not one that you recognise and not one that you can find online under the company name, it is likely that you have fallen victim to a phishing email. 

Secondly, if it’s too good to be true, it probably is. You have likely heard this phrase across scam TV shows and other media, and have done so for a reason. If you are being offered free money or incredible discounts on your bills, for example, check with your provider to ensure that this is coming from a trusted source. 

Third, most phishing emails start with lines that are designed to make it feel more personal but fail to follow the company itself usual draft email. For example, starting with “Hello” and your name is not something you tend to see in a real email from your supplier. 

Forth, any genuine emails from your supplier should contain your energy account number; if you are not able to find this in your email, it is likely that the recipient is not your provider as they do not have access to that information. 

Lastly, you will never be asked to confirm, update or provide personal details without requesting such changes yourself, unless you believe there is active reason to, for example, recently alerting your provider of a move. 

• You can learn to identify phishing websites built to harvest your information in a number of ways, such as: 
  Checking the URL: You should look for a padlock symbol in the address bar, and check that the address you are using begins with https://“ or “shttp://“. This indicates that the website has been encrypted and secured with an SSL certificate. Without this, any data passed on to the site is not fully secure and could often be intercepted by criminals or third parties. Be aware, though, that this is not foolproof. Over the previous years there have been a number of false sites using an SSL certificate, and so we would not recommend using the padlock symbol as proof of security alone. Instead, look for a handful of signs that your details are safe, including; 

• Check that the spelling of the web address is correct – A simple brain trick shows that we often quickly skim what our brains believe we are about to read, so if your link says “britishgass.com”, we may not notice the extra s right away, and assume safety in the link that we have been sent. This is seen at www.yah00.org, or similar where fraudsters replace letters with numbers or other aspects such as replacing .com with .uk, in order to make it look as close as possible to the real thing. Creating an “official” looking site is the first step to committing the crime. 
• Check who owns the website; All domains must be registered with a website owner on the likes of WHOIS and other sites. The free site should provide contact details of the owner, which you can then compare to your utility provider online. If these details vary, it is likely you are on the receiving end of a scam. Websites are usually suspicious if they have been active for less than a year of if you think you’re on the website of a leading brand, that their website is registered to an individual in another country. Keeping these details to hand for reports is another way to ensure that others do not have to deal with the same problems you may. 

How can I protect myself?

If you are concerned that an email you have received may be genuine, a good way to ensure that you are right is to avoid links sent to you in the email itself, and instead log into your account from the supplier’s website as you always would. Here, any notifications or alerts should show on your account naturally. If they are not available to see, you have nothing to worry about. Any urgent information should come as a pop up when you first log in or will be highlighted on your account in one way or another so you should not miss it when you do access your details. 

• Visit NCSC’s top topics for staying secure online.  
• Learn about securing your deceives. 
• Research how to deal with suspicious messages and emails. 

If you have been a victim to phishing emails, contact your supplier to change your details immediately and lock any further opportunity for scammers to withdraw money from your account or change your details. You may also forward any British Gas specific emails to phishing@centrica.com so that they are able to investigate it further. 

Alternatively, you may report suspected phishing to the National Cyber Security Centre Through their Suspicious Email Reporting Centre (SERS) at report@phishing.gov.uk. Although the NCSC is not able to inform you of the outcome of each review, it can confirm that it investigates each individual report.  

If you have been a victim of cybercrimes in England, Wales or Northern Ireland, you should report this to Action Fraud at www.action fraud.police.uk or by calling 0300 123 2040. In Scotland, you can simply contact the police by calling 101. 

Secure sites checklist	Genuine email checklist
SSL certificates can be seen as a lock at the top of your website address	Your account number is added as part of the email
Website address is spelled correctly	You are addressed by name, not under “Dear Customer” or “Sir/Madam”.
You do not have to login to gain access to all parts of the website	There are no urgent warnings, claiming you will lose out if you do not respond within a number of days
The website link you are using was found organically; you are not following an email or text link	No claims that this is the only way your supplier will contact you
The website is registered to the company you expect, for example, “British Gas PLC” and is located in the correct country.	You are not being offered unbelievable deals or refunds that you were not expecting
Trusted payment methods are being used; credit cards, paypal or online transactions. NEVER A BANK TRANSFER.	You are not being asked for details that you have already given your provider in a secure environment, for example, on signing your contact.

A 2020 phishing benchmark report claims that 19.8% of employees click phishing email links, and an updated statistics report by tessian.com told us that in 2020, 75% of organisations around the world experienced some form of phishing attack in the previous year; another 35% experienced spear phishing and 65% faced BEC attacks. This, though, does not mean that each attack was successful. In the United States, 74% of phishing attacks on business organisations are successful.

Here at Energy Solutions, we want to give you the best information to avoid all types of scams and phishing, in order to keep you safe, whether on behalf of your utilities or your business.

So first, what is Phishing?

Phishing is the term used to describe a type of social strategy co-opted by scammers with the intention of stealing information and user data from businesses or customers, including login credentials and credit card details. Often, these scammers are falsely claiming to be the company you are already in contact with, and may reach you through a variety of emails, texts or phone calls.

Oil and gas companies, producers, nuclear power companies and electrical grid operations are among the most targeted groups of such attacks. These attacks have strategies through phishing emails that are found at the weakest point of security in many of these organizations security: their own staff.

Why do people do it?

Agari reported the annual cost of cyber attacks at 17.84million per utility company in 2018, a 17% jump from the previous year. At best, an energy company may see an average loss to rise to 13.77million dollars, though this nowhere close to the total damage that could be done by such attacks — Government and cyber security company investigations have shown that the state sponsored attackers have spent years phishing for nuclear reactor technology, login credentials for power plant control engineers, and a menu of other highly sensitive data. Not only could gaining this information risk the organizations themselves, but homes and businesses within the communities that they serve.

Unfortunately this is more than just fear, as we already know that phishers have successfully bypassed security protocol in the past, and that a 2017 report even found that a group of threat actors had succeeded in accessing UK and European Energy companies, gaining “hands on access to power grid operations”,  said Wired. This meant that they had the ability to shut down the lights that these power organizations operated. We do not know why they didn’t do this, but analysts claim concern that these attackers are waiting for the right moment to exploit their power, whether for amusement or in the time of international turmoil.

In some cases, hackers across the world may look for information to give them the upper hand in any future disputes between countries. This is a perfect example for what we know of hackers linked to Russia and Iran.

In 2018, an Aon report explains the concerns following an attack on a hydroelectric dam contractor. Ten days following the stealing of employee information and gaining access to the dams control network, it is known that attackers had the ability to open the dams floodgates all at once, which would cause catastrophic flooding.

On a more personal level, scammers may look to retain information such as usernames and passwords to the likes of your bank account or national identity information, to take money from you or clone your identity through the likes of a drivers license or ID.

How do scammers do it?

Scammers often use well-timed emails messages that appear to be sent by a known, trusted source. Older email gateways still used by some business organizations such as SEGs and first generation advanced threat protection (ATP) products are not designed to filter out these advanced email attacks, and as a result, employees are left to make the decision as to how they will react to an email that they may not understand as dangerous. After all, this may be seen as coming from a source that they have ongoing contact with.

Phishers do their homework; they know what types of emails you are expected to get and when. For example, your monthly gas statement comes to your email on the third month of every year, or your phone bill may come to you on the first Monday of each month. By using Google to find names, locations and basic information, it is easy for a phishing expert to gather information about what is important to you, for example, whether you have children or have recently moved home, whether you have recently been considering the options for pet insurance. You will then receive an email about something that they are aware directly interests you, and may even offer a near impossible low price. Surprisingly, this is because it is.

It is also common for those contacting you to pretend to be a senior authority at the business contacting you, making the interaction seem more personal and often more urgent. If an email is signed on behalf of a CEO or familiar name, you are more likely to be encouraged to follow links and hand over your information.

The reported cases of phishing are as high as they are for a reason, and may even lead to you losing access to your own personal information that has been stolen. For example, if your banks login details were recently changed by the attacker, is it going to be a lot more difficult for you to cancel the account, and the transactions going into it.

They work on not only trickery and carelessness, but also curiosity via offering information you do not know, for example, breaking news about the company you work for or flashy headlines about celebrities recent gossip, if this is something you often view on other sites.

How can I protect myself from Phishing?

Use up to date programmes at all times — Modern email security solutions consider the danger of an incoming email based on the past behaviour of the sender and a host of other signals to identify whether or not the messages you receive are authentic and trustworthy.

EDF Energy released this video to focus on a number of ways one may be able to avoid phishing, such as verifying the communication is genuine before you reply; this can be done by accessing a companies website to consider what emails addresses will be used to contact you, alongside looking through your correspondence with them in the past.

If you are still unsure, call your business provider directly and ask them about it. You can also ask colleagues if they received similar emails, and what they did.

Urgency is a common trope within phishing emails, encouraging you to give over your information immediately with threat of the result; what if you do not receive this months wage? Or your electricity is cut off for a week? Spear phishers often use tight deadlines to distract you from the flaws that may be in the message and make your response feel urgent. In most cases, you should always have the opportunity to receive more than one email about a problem in order to deal with it in the best way possible.

Lastly, report it. If you are at all concerned about an email you have received, there are a number of entities in place to do the work for you. You can report anything suspicious to Action Fraud, the National Fraud and Cyber Crime reporting centre by calling on 0300 123 2040, or submitting the form on their website.

EDF Energy also encourage looking into the Take Five and Cyber Aware campaigns, who offer more practical advice on their websites.

Although contacting your utility providers should be easy, it can also be all too easy for third parties to contact you, especially claiming to do so on behalf of your provider. Unfortunately, there are a variety of ways in which third parties may be able to gather enough of your details to act as though they are your utility provider; whether this is with the goal to harvest information from you, take your bank details or other payments, scams have disaster out effects on ourselves and our households. 

In this piece, we look to talk you through the most common scams and give you support in how to avoid risking your money and your safety by making sure that those contacting you are honest, reputable and focused on your wellbeing. 

The first step towards this is through recognising common techniques used by scammers, for example,  

The “rate too good to be true” scam 

As the title may show, this is a situation in which a party may contact you to offer an unbelievable rate for your utilities, whether through a colossal discount or straight forward switching scheme that your current supplier couldn’t possibly match. 

It is common that, following your acceptance of these offers, the rate will change almost immediately. Why? Well, although you may be told that this is due to a change in the market, it is in fact that these (usually unprofessional looking) websites were built to scam you. This can often happen following searches for “cheapest electricity rates” or using “are you paying too much?” links with little substance behind their pricing pages. 

The “Security Deposit” scam 

The Security Deposit scam usually requires an individual being contacted by someone claiming to work on behalf of their bank;  they will explain that a switch between suppliers has been unsuccessful, and therefore they are required to pay a large amount of money in the name of a “security deposit” that will then be passed onto the supplier. 

The scammer will usually claim this to be urgent, and will do all they can to keep you on the phone with them, possibly even claiming that your electricity or gas will be cut to your property if you do not provide the payment. Of course, this is untrue; Although some energy suppliers will ask a business for a security deposit if they are deemed to be high risk, for example, someone with a very low credit score or a start-up business, this request will always be made by the supplier as your contract is being discussed, and should never come at random after this.  

The request for a security deposit will always come from the supplier, to be paid to the supplier. Although your broker may be a messenger in this case, know that they will not be the one receiving payment. 

The “Utilities Registration Service” scam 

We have also heard reports of customers receiving calls from an official sounding source claiming that they are the “utilities registration service”, “metering registration service”, or something similar. The problem being that these bodies do not exist.  

Victims are often told that there is an issue with their energy supply and that they must immediately switch supplier, to then recommend a body for them to switch to. Whether or not this body exists, it is unlikely that both your energy supply is in danger, and that the suggested company would ever receive your contacted payment. These are simple cold calls with the goal of taking your information and using them to the benefit of the scammer. 

The “Editing Suite” Scam 

You may be aware that business energy contracts tend to be largely based around verbal contracts which are recorded for safety. A reputable TPI or supplier should record an entire call (with your knowledge) which will include full verbal acceptance of the contract, alongside details about it. By doing this, the supplier can refer back to ensure that they are aware exactly what you agreed to, what you were told, and what your expectations are as their customer.  

The problem here is that a number of parties look to edit call recordings, creating a false narrative and changing vital details that you believe to be a part of your contract. Some are even known to have deployed editing suites to fuse together affirmative responses to questions a business was never asked. 

While it is not easy to stop someone looking to commit fraud, you have a legal right to both request a copy of all recordings and be aware you they are being recorded each time. This is why many businesses have this information as part of an automated passover service before you speak to customer service teams. Telling a fraudster that you demand access to this recording before making any verbal (or otherwise) contract should slow the process and give you time to check in with your provider on the details. 

How can I prevent phishing and scams? 

Being aware of potential threats and why people may target you is the first step to protecting yourself and your business against fraud,  but there are a number of other ways that you can ensure you are speaking to who you wants to be, such as… 

• Visits to your property, or phone call identification. 

In any scenario, a provider should visit your business property occasionally to do a number of tasks from checking meter readings to collecting outstanding payments and doing maintenance. They will always have staff ID and branded uniforms, especially those from Morrison Data Services (MDS) who read meters on behalf of big companies such as EDF Energy. If you feel as though you are unsure and would like to check the identity of a worker with MDS, you can call them on 0191 201 3791. If the partner company is not MDS, you can call EDF directly to verify the information on 0333 200 5100. 

EDF also provide a password for you that the visitor is expected to provide before entering your property to ensure that they are who to claim to be. 

• Know where to reach out to for advice and guidance.

The Take Five and Cyber Aware campaigns have practical advice on their website, whilst suspicious activity can be reported to Action Fraud. The Centre for Protection on National Infrastructure also posted this useful video on phishing and spear phishing. 

Some simple tips to avoid scams; 

1. Don’t respond to cold calls from your supplier, or others that are unable to give you personal details that prove to them who they are.  
2. Don’t give out your bank details or your personal details: In most cases, a body you are contracted with should already have this information in a secure location. 
3. Check email addresses or phone numbers contacting you: Most businesses have one ongoing email used for contacting clients, for example consumeraffairs@ofgem.gov.uk – Ask yourself if the details you have now are the same as those you may have received confirmation emails or account updates from previously. 
4. Check letters for branding: Businesses should always send letters with a header attached. 
5. If in doubt, shout: If you are in any doubt, then call Citizens Advice on 0808 223 1133or online. 
6. If you are being offered a rate that is too good to be true, pause and consider whether or not it is likely to be a scam. You can always hang up and contact the supplier yourself to check whether the rate given is possible for you. 
7. Check the market yourself; do your research before signing contracts with any broker by checking in on recent market trends and rises or falls in prices that could impact bulk buying the product. 
8. Check for any letters or emails of notification on changes to your account; if you have not received these, it is likely you are the victim of phishing, but  
9. Consider whether you have been provided with security questions. While you may occasionally receive a phone call from your provider to discuss your account, they should always verify themselves through a variety of questions that have been set previously. This means that you should recognise them. You should never be asked for your passwords or bank details, and you will never be expected to make an upfront payment to sign up to a special tariff or contract. 
10. Don’t open attachments until you know it is reliable. 
11. Use reputable sources to ensure that the information you are being given is accurate and up to date.