Buyer, and Gmailer, beware


Buying online has never been easier, but be careful who you buy from. MIKE MILOTTE, attracted by an online ad on his Google account, spent €2,500 on a camera, but when the money disappeared the authorities did little to help

WHEN I REALISED a few weeks ago that I had become a victim of internet fraud – for a considerable sum of money – my first reaction was to keep it to myself. It is, after all, embarrassing to admit you have been suckered, duped, fooled and scammed, and left with an eggy face.

But at the back of my mind was the thought that even if I reported the fraud to the relevant authorities, I was more likely to encounter weary indifference than active concern, and less likely to get my money back or see justice done than to experience feelings of frustration, insignificance and powerlessness.

How right I was.

It was around the middle of January and I had mentioned in an email to a friend that I was on the point of investing in a top-end Canon camera that would also shoot high-definition video. Within seconds of sending this message, I was astonished to see an ad for my chosen camera pop up in the banner running across the top of my inbox. I’d never noticed this before.

And instead of the €5,000 or so I had expected to pay, the asking price was less than €2,500. How could I not be tempted?

I should have smelled a rat but was disarmed by the fact that the ad had come to me via Google, my email provider. Google, I naively imagined, would vet their advertisers thoroughly before granting them such privileged access to potential customers – customers who are identified by Google technology from the contents of private emails.

The ad linked to the vendor’s website, which was sophisticated and convincing. The company boasted an address in London where a lot of discount camera shops are located. I sent off an email asking if the price included VAT and customs duties and was assured it did.

A bevy of further questions received prompt and plausible replies.

So I submitted my order and felt as if I had achieved a major financial coup. As such, I was in no frame of mind to smell the next rat that scurried past: if I paid by credit card, they told me, there would be a 17.5 per cent surcharge, but I could save this by transferring funds directly from my bank to theirs.

If I had any doubts about this procedure, they were allayed by the fact that the bank account I was asked to transfer funds to was in a long-established British high-street bank, Natwest, a household name with an online ad of its own: “See how we’re working to keep your money safe from harm.”

And, if I’m honest, I didn’t want to be put off at this stage. The thought of missing a real bargain outweighed the fear of falling victim to fraud, so I trotted off to my AIB branch and did the electronic transfer. It took just 30 seconds.

ALL I HAD TO DO NOWwas wait for the postman. Ten days passed; 12; two weeks.

Feeling slightly foolish for my impatience, I emailed the vendor asking why the delay? But this time my mail came back marked “undeliverable”. Next day, the vendor’s website had disappeared.

My heart sank. I appeared to be the victim of a significant fraud. But should I keep quiet and avoid embarrassment or tell the authorities and risk a double dose of disappointment when they did nothing about it?

At least I could try to get my money back, so more in anger than in hope I wrote to the manager of the Natwest branch where my money had disappeared. But of course no one replied.

I contacted Natwest’s internal fraud team, actually run by their parent bank, Royal Bank of Scotland. They took my statement amid audible sighs. When I sought an update from them 10 days later, I was told they couldn’t discuss the matter. But they confirmed they hadn’t passed details of the fraud to the police. “We just don’t do that,” they said.

In the early days I contacted the Dublin office of the European Consumer Centre – an official Europe-wide consumer advice and protection body. “I am not seeking a refund at this stage,” I wrote, “but the fulfilment of my order. Can you help?”

In reply they told me that the “company” I was dealing with had never been registered in the UK and ran its website from Lithuania. But as they had “no enforcement or sanctioning powers” they advised me to contact my local branch of An Garda Síochána as well as the Irish financial-services ombudsman and the City of London Trading Standards Office, all of which I did.

The young garda I spoke to locally seemed quite excited by it all, but told me the case would be processed by the detective unit, a much more world-weary bunch, I reckoned. I’d hear from them in a day or two, he promised.

Two weeks later, I’m still waiting.

For its part, the financial-services ombudsman said it had no jurisdiction over UK banks but thoughtfully sent me a complaint form – just in case I had a grievance against AIB. And the City of London Trading Standards Office told me they already knew of this fraud – many others had been caught out too. But as they did “not have the resources to deal with a scam of this type” they suggested I contact a body called Action Fraud.

I felt myself buffeted by cold shoulders through a maze of pillars and posts, while the fraudsters were left with the loot. Before anyone paid heed, the trail would go cold.

The UK’s Action Fraud provides an interface between the public and the police, but it doesn’t have any authority to go after fraudsters, either. An official took a detailed statement from me and said it would be passed on to the National Fraud Intelligence Bureau. “But don’t expect to hear from them,” she warned.

Unlike the Garda Press Office, who had no current figures on Irish internet fraud, Action Fraud’s parent body, the National Fraud Authority, at least had an array of scary statistics on hand. Fraud against individuals in the UK amounted to £4 billion (€4.6 billion) last year when Action Fraud recorded 10,000 personal cases, 25 per cent of which were perpetrated online. Last week a new service was launched enabling concerned citizens to forward emails they suspected were promoting fraud, and 17,000 such emails were submitted in the first couple of days.

I had come full circle: the fraudsters who robbed me of nearly €2,500 had found their way into my Google mailbox, uninvited. “Our goal is to provide Gmail users with ads that are useful and relevant to their interests,” Google says of this “service”. So I turned to them for answers.

But first, I sent myself a few test emails, referring to the camera I had tried to buy at the outset. Each time I got an instant ad in my mailbox for the same camera. Wiser now to the ways of the fraudsters, I quickly determined that each of these ads was bogus. The fraudsters were still plying their lucrative trade via Google.

I wrote to Ronan Harris, chief executive of Google Ireland: “I would never have heard of the outfit that robbed me had Google not facilitated their scam by introducing them to my mailbox.”

A week later Harris phoned me. Google had done a lot to curtail fraud, he said, but there was more to do. He told me my complaint had been taken seriously and had been followed up and “actioned” already. This puzzled me because I hadn’t named the fraudulent advertisers in my original letter.

WHAT I REALLY WANTEDto know was how fraudulent advertisers consistently managed to get pride of place in the banner immediately above my incoming mail?

It was an auction process, Harris explained – automated, of course, so the ads appear in milliseconds. The auction “winner” was chosen by their “quality score” and how much they were prepared to pay to place their ads in prime locations. How a fraudulent trader could achieve a quality score wasn’t explained, although I could see how, with money flowing in and no goods being supplied, the fraudsters could easily outbid legitimate traders to buy the best-positioned ad slots.

I don’t doubt Harris’s expressions of regret, but Google will not accept any degree of responsibility for the frauds perpetrated by their paying guests. At the end of our conversation he asked me to name the fraudulent businesses I had encountered. I named them.

He said Google erred on the side of caution when vetting advertisers, but it didn’t look that way to me. At the time of writing – five days after our conversation – one of the outfits I named to Harris was still getting its ads into the strap above my inbox. I tried calling Google to tell him, but their automated telephone answering service didn’t recognise his name.

I may have learned my lesson but many thousands of others will fall victim to these scam merchants, some no doubt soothed into complacency, as I was, by the fraudsters’ respectable facilitators.

My advice to the victims: don’t waste your time seeking redress.