Criminals are increasingly using social media to carry out APP (Authorised Push Payment) scams, says the trade body UK Finance.
In an APP scam, fraudsters trick their victim into sending money directly from their account to an account which the criminal controls. Criminals use a range of social engineering tactics to commit this crime. Typically, this includes the criminal posing as a genuine individual or organisation and contacting the victim using a range of methods whether via the telephone, email or text message.
Losses due to APP scams reached £207.5m in the first half of 2019, split between personal (£146.5m) and non-personal or business (£61.0m). This makes a rise of 40 per cent compared to the same period in 2018, although the figures are not directly comparable, the trade body says, because two more members began reporting the data to UK Finance from early 2019. Intelligence suggests that more public awareness in the build-up to the launch of the APP Scams Voluntary Code has resulted in an increase in reporting by customers who fall victim to this type of fraud. In total there were 57,549 cases of APP fraud in the first six months of this year. Of this total 53,475 were on personal accounts while 4,074 were on non-personal or business accounts. One case can include several payments.
Where a customer authorises the payment themselves, they have no legal protection to cover them for losses – which is different for an unauthorised transaction. However, at the end of May the voluntary code was launched, which aims to offer greater protection for consumers who are victims of this form of fraud. Firms who have signed up to the code have committed to reimbursing the victims of these scams, provided the customer has met the standards expected of them under the code. Eight major providers covering 17 consumer brands, and over 85 per cent of authorised push payments, have so far signed up, including Barclays, HSBC, Lloyds, RBS and Santander
Losses overall due to unauthorised transactions on cards, cheques and remote banking reached £408.3m in the first half of this year, an increase of two per cent on the previous year. The number of recorded cases of unauthorised fraudulent transactions rose by 16 per cent to 1.39 million.
For the 37-page report visit the UK Finance website.
Counterfeit card fraud occurs when a criminal creates a fake card using information obtained from the magnetic stripe of a genuine card. This information is typically stolen using a device attached to an ATM or unattended payment terminal, such as at a car park. A fake magnetic stripe card is then created and used overseas in countries yet to upgrade to Chip and PIN. Losses from counterfeit card fraud fell 16 per cent in the first half of 2019 compared to the same period in 2018, a fall from £7.9m to £6.6m; the lowest half-year total ever reported. However, the number of reported cases rose by ten per cent, which means that the individual loss per case has fallen notably as bank systems detect potentially fraudulent transactions.
Comment
David Emm, Principal Security Researcher at cyber firm Kaspersky Lab said: “Social engineering and deceptive tactics used by cybercriminals remain amongst the most effective when it comes to successfully scamming people, and posing as banks continues to be an lucrative method for threat actors, since financial institutions are seen to be reliable and trustworthy. Despite the repeated awareness-raising campaigns, and the number of stories of this nature hitting the headlines, people remain dangerously unaware and unprepared to defend against scams of this nature. Cybercriminals will continuously develop their tactics to stay one step ahead of the authorities. That said, it is vital that more is done by organisations in the sector. Banks themselves should regularly review their procedures and examine possible vulnerabilities, to combat this epidemic before more people are affected.”
