UK businesses, charities and other high-value bank account holders are being targeted by fraudsters using software to steal tens of thousands of pounds. Thefts from some accounts exceed £1m, according to intelligence from the Cyber Defence Alliance (CDA).
The scam begins with a phone call and ends with criminals taking control of a victim’s computer and online banking. Targeted by fraudsters mimicking legitimate bank fraud teams, victims unwittingly grant access to their bank account and funds are swiftly drained; often before they realise they have lost control of their accounts. In the run-up to International Fraud Awareness Week (running from November 16 to 22), the CDA has again teamed up with UK fraud prevention trade body Cifas, and national banking trade body UK Finance, to raise awareness.
How the scam works
Victims are first contacted by phone – sometimes after receiving a text – by someone pretending to be from their bank. The caller claims there has been fraud on their account and they must act urgently, directing them to a website that looks like their bank’s, but is actually fake. Once on the site, the victim is asked to click a ‘chat’ button. This secretly installs software that gives the fraudster remote access to the victim’s device – including their online banking.
If the bank sends a security code (such as a one-time password – OTP – or similar) to the victim’s phone, the fraudster tricks them into sharing it. This allows the criminal to move money or set up new payees. In some cases, victims are even persuaded to set up call forwarding, which blocks genuine calls from their bank.
What to watch out for
- Calls claiming fraud has occurred on their account
- Instructions to visit a website and click a ‘chat’ button
- Requests for OTPs or to set up call forwarding
- Being asked to call back on a number provided by the caller
Garry Lilburn, Operations Director at CDA, said: “These sophisticated scams rely on psychological manipulation to bypass bank fraud controls. If you receive a message or call that feels unusual, take a moment to consider whether it matches how your bank normally communicates. If anything seems off, end the call and report it using your bank’s official contact methods.”
And Mike Haley, CEO of Cifas, said: “Fraudsters are creating a false sense of urgency to exploit people’s trust and steal large sums of money. Banks will never ask you to download software or transfer funds to protect your account. If you receive an unexpected request, take a step back and question it before responding.”
Dianne Doodnath, Principal of Remote Banking Channels at UK Finance, added: “Impersonation scams often begin with a message or call claiming to be from a trusted organisation. Criminals may try to rush you by saying your money is at risk. To protect yourself, follow the Take Five to Stop Fraud advice: pause, check the source, and only respond using verified contact details.”
Ways to protect yourself:
- Hang up and call your bank back using a number from your bank card or app
- Never trust a call just because it sounds professional – always verify the caller
- Use 159 to connect directly to your bank’s fraud team
- Never share OTPs or allow remote access to your device
- Report suspicious text messages by forwarding them to 7726
- Visit the Take Five to Stop Fraud website for further support and advice.
Anyone concerned they may have already been targeted, should contact their bank at once; and report to the UK police’s reporting line Action Fraud on 0300 123 2040.
Fake websites
Meanwhile according to a study by Featurespace, fake website scams are the most common type of scam that 18 to 34-year-olds have lost money to – a third (32pc) of fraud victims said they’d been hit by this method. Other common types of scams include those over social media (24pc of fraud victims lost money to this scam), investment opportunities (22pc) and cryptocurrency (22pc).
The survey found demand among consumers for protections from fraud – 80pc of people aged 18- to 34 want their bank to do more to keep them safe from fraud and scams while most, 78pc think the government should work more closely with banks and financial providers to tackle fraud.
Jason Blackhurst, SVP, Head of Featurespace and Acceptance Risk Solutions at Visa, says: “Young consumers are losing thousands to increasingly sophisticated scams. With Black Friday and Christmas around the corner, banks must act fast. AI-powered fraud prevention is becoming increasingly essential, with those who lag behind at risk of losing customer trust and market share. As scams evolve, so must our defences. It’s time for banks, tech providers, and regulators to collaborate and protect the next generation of consumers.”
