Today we’re joined by Rupert Marais, our in-house Security Specialist, whose expertise in cybersecurity and device security gives him a unique perspective on how modern fraud operates. We’ll be exploring the surprising resurgence of old-school postal scams, delving into the sophisticated psychological tactics used by criminals in letters pretending to be from banks and tax authorities. Rupert will break down how to identify these fraudulent communications, the specific steps to take if you receive one, and the innovative community tools available to help fight back against these criminals.
Scammers are increasingly using physical letters, a method that can feel more trustworthy than email. What specific psychological tactics make these letters so convincing, and why are older or digitally excluded individuals particularly vulnerable to this kind of fraud?
It’s a fascinating and disturbing return to an older method. The core psychological trick is the tangible nature of a letter. In a world of fleeting emails and pop-ups, something you can hold in your hand feels more permanent and official. Scammers know this and exploit it. They also understand that sending a physical letter costs money, which creates a subconscious assumption of legitimacy in the recipient’s mind—why would a criminal spend money on postage? This tactic is particularly effective against older individuals or those who are digitally excluded. For many, the mail is still the primary channel for important, official business, so their guard is naturally lower. They haven’t been conditioned by years of spam filters and phishing emails to be inherently suspicious of every piece of correspondence.
The fraudulent Nationwide letters used realistic reference numbers and even cited the Financial Conduct Authority to appear legitimate. What step-by-step process should a person follow upon receiving such a letter, and what specific red flags should they look for in the provided contact details?
The most critical first step is to simply stop and put the letter down. Don’t act on any sense of urgency it tries to create. The second step is to completely ignore any contact information provided in the letter itself—no calling the phone number, no visiting the website listed. Those are traps designed to lead you directly to the scammer. Instead, you must verify the communication through a channel you know is legitimate. This means calling the official number on the back of your bank card, visiting your local branch in person, or logging into your account through the official app or website that you’ve used before. The biggest red flag is always the contact details. Scammers are experts at creating nearly identical phone numbers or web addresses, but they will never be the official ones. That’s the entire lynchpin of the scam.
With tax deadlines creating a sense of urgency, fake HMRC letters often use pressure tactics. Besides unusual payment requests, what other methods do fraudsters use to create panic, and how can people distinguish these from genuine, time-sensitive communications from HMRC?
Pressure is the scammer’s greatest tool, especially around tax season. Beyond demanding payment to a personal bank account, which is a massive red flag, they manufacture panic by threatening severe legal action or imposing incredibly short, unrealistic deadlines. The language is designed to make you feel cornered, as if immediate compliance is your only way out of serious trouble. We saw a case where a 96-year-old man nearly lost £6,000 because the letter was so convincing. A genuine communication from HMRC might be firm, but it won’t demand an immediate bank transfer or threaten you in a way that bypasses official procedure. The key difference is the emotional response they’re trying to provoke: genuine letters inform, while scam letters are engineered to trigger panic so you don’t have time to think critically or perform due diligence.
Instead of just throwing away a suspicious letter, people can use tools like the ‘Scam Marshal’ scheme or ‘Ask Silver’. How do these services practically help someone analyze a potential scam, and how does user participation contribute to the broader fight against these criminal operations?
These tools are fantastic because they empower people to move from being potential victims to active participants in the fight against fraud. The ‘Scam Marshal’ scheme is brilliant; by sending in the physical scam letters you receive, you’re providing investigators with invaluable intelligence. They can see the exact wording, track the evolution of tactics, identify patterns, and ultimately disrupt these criminal networks. It’s a way of turning the scammers’ own weapon against them. Tools like ‘Ask Silver’ work on a more personal level, acting as a digital sanity check. You can upload an image or describe the letter, and the service walks you through a logical analysis, highlighting common red flags like pressure tactics or odd payment methods. This not only helps the individual avoid a scam but also educates them for the future, building a more resilient and aware community.
What is your forecast for the evolution of postal scams?
I forecast that postal scams will become even more personalized and sophisticated. Criminals will continue to leverage data breaches, meaning the letters will contain more accurate personal information—not just your name and address, but perhaps details from past purchases or other breached data to make their claims seem hyper-relevant. We can also expect a greater blending of physical and digital tactics. A letter might direct you to a highly convincing but fraudulent website or ask you to scan a QR code that installs malware on your phone. The fundamental strategy of using the mail to establish a false sense of trust will remain, but the methods used to extract money or information will become increasingly integrated with digital fraud techniques, creating more complex, multi-stage scams.
