We know everything about you. We know where you live.
It sounds like a threat straight out of a Hollywood thriller. Except I wasn’t at the cinema, I was in my kitchen on a Saturday evening and this wasn’t empty intimidation. A cocksure young man with an East London accent had just called my mobile and, indeed, read out my address.
My heart was racing. The threat felt as immediate as if he’d just broken through my front door in person.
Trying to control my breathing so it wouldn’t betray me, I asked what he wanted. ‘Fifty sovs [pounds] and we’ll leave you alone.’
Now, I am in my 50s, live in London and safeguard myself pretty successfully. I’ve been a victim of crime only once, 35 years ago, when my pocket was picked in Rome. I guessed that ‘50 sovs’ wouldn’t be the end of his demands.
Sarah Cottwood was called repeatedly by a scammer who said to her ‘we know where you live’ and that she didn’t ‘need to know’ who they were
How on earth did I find myself here, being threatened by a thief? It began with a pair of earrings by a Danish brand called Anni Lu, which is stocked by Liberty and Selfridges.
I wanted to treat myself and these were perfect. They were only £39, but out of habit I Googled them to see if I could find them cheaper. My search unearthed a website where they were (and still are) 223 Danish krone, or £25.60. If I had researched the site, I’d have discovered that it has a scant digital footprint.
Oddly, given that it has nothing to do with Anni Lu, it sells nothing but Anni Lu jewellery. It appears on no review websites and there are no social media mentions of this jewellery seller. On the site, there are no details about who owns the company or where it’s based.
If you Google the images from its holding pages — a woman in a flowery dress; a trio of teenagers — they appear to have been lifted from a French clothing catalogue called 3 Suisses and fashion firm Forever 21’s Facebook page.
Later, I found an old mention of the website on the Facebook page of a car workshop in Peru. But the domain was re-registered in the Cocos Islands (specks in the Indian Ocean) in 2022.
Its owner is unverifiable, as their details are shielded by an online privacy service called whoisprotection.cc.
But I was unaware of all of this. I was in a hurry as I was meeting a friend at the cinema and I didn’t stop to think about what I was doing. Despite never having heard of this website, I started filling in my debit card details, which were (presumably) sold on.
Fraud is now the most common offence in England and Wales, accounting for more than 40 per cent of crimes, and four out of five frauds are cyber-enabled, according to the National Crime Agency.
A survey by the Global Anti-Scam Alliance revealed that around ten per cent of UK adults fell prey to a scam in the year to September 2023.
In just the first six months of last year, £580 million was lost to financial fraud, says UK Finance. One type of cyber fraud is formjacking, where hackers insert malicious code into a legitimate website to copy the information that is supplied by customers.
I don’t think this was formjacking, though, because I never received the earrings and the transaction didn’t register in my bank account. One thing might have alerted me to the fact that I was being scammed: an odd-looking pop-up payment window. I hesitated and made a mental note of its URL: oats.allinpay.com.
OATS stands for Overseas Acquiring Treasure System. I’d been well and truly had. I discovered this three hours later, when I got home. My mobile rang, an 0345 number. A polite man said he was calling from my bank to verify a transaction.
Hurrah, I thought — HSBC sporadically checks my activity, and finally it was happening when something was niggling at me, too. He launched into a question about my account, the second half of which disappeared into a crackle. Even as I asked him to repeat it, my brain was screaming at me: ‘He hasn’t asked you any security questions!’ Panicking, I hung up, blaming the poor reception.
I fired up my mobile’s banking app and found £20 had been paid to an unknown Starling Bank account.
My phone rang again — a mobile number. I rejected the call. Feeling sick, I fumbled my way to the app’s ‘manage cards’ section and froze my debit card.
My phone was ringing repeatedly. I decided to front up to the challenge and answered. It was the man whose call began this story. He asked if I was Sarah Cottwood. ‘Who is this?’ I said.
His response of ‘You don’t need to know that’ made me hang up. After a volley of calls, I picked up again and he rattled off my address and demanded £50. My response? The first thing that came to mind: ‘F*** off.’
When I told a policeman this, he advised, funnily enough, against that. It’ll only antagonise a thief. And antagonise him it did.
For the next 72 hours, my phone rang incessantly. I had it on silent and didn’t respond. Each time an unknown mobile number appeared I’d block it, but they’d just find another phone to use.
I am not easily intimidated, but I was nervous about leaving the house, so called 101 (the police non-emergency number to report crimes). I wanted these mobile numbers on record, in case they flashed up in other crime reports.
When I mentioned the scammer saying ‘We know where you live’, the call handler made an appointment for a PC to visit me at home the next day. It was a reassuring response (although the Met did fail to send me the crime number assigned to my case).
The officer said it was unlikely that the caller would turn up at my house, as the people who commit ‘faceless’ fraud are not the sort to engage in direct confrontation. He predicted that once they realised that I had blocked their access to my money, they’d give up and move on to their next victim. And they did.
After several rather confusing conversations with HSBC, I was told that this is not considered theft because I volunteered my card details. Wanting to leave the sorry episode behind, I didn’t challenge this.
An HSBC UK spokesman says: ‘Scammers are devious criminals who use a range of techniques to steal money from people without any concern for their mental and financial wellbeing.
‘It is good that your reader didn’t share personal details [to the callers], which could have left her open to scams in the future.
‘If people think they’ve been a victim of fraud or a scam, they should call the number on the back of their bank card immediately.’
I may be £20 down, but I got off lightly — and learnt an important lesson.
Some links in this article may be affiliate links. If you click on them we may earn a small commission. That helps us fund This Is Money, and keep it free to use. We do not write articles to promote products. We do not allow any commercial relationship to affect our editorial independence.