All too often, Which? hears devastating stories from victims of fraud. The banking industry is stepping up measures to protect customers, but being aware of the risks to your money is key.
Fraudsters’ tactics range from the crude to the extremely sophisticated but, whether they target victims with a simple phishing email or trick them into giving access to their devices, the result is the same – innocent people lose money.
Banks have introduced better protections such as Confirmation of Payee (an account name-checking service) and fraud warnings at the point of payment, but this help often comes too late to ‘break the spell’.
So Which? has launched a scam alert service to inform and warn you about all types of fraud. Sign up and read on to discover the most common and emerging bank scams to watch out for in 2021.
1. Impersonation scams: is it really your bank calling?
Scammers will pose as any trusted organisation to win your confidence – your bank, a retailer, utility company, the police or even the government.
Almost 15,000 cases of impersonation fraud were reported to UK Finance between January and June 2020 – up 84% on the previous year. Victims lost a total of £58m.
Number spoofing technology enables scammers to easily clone a bank’s telephone number, meaning you can’t trust the caller ID alone. They often gather background information about you from social media, data breaches or phishing messages to make the call more convincing.
Action Fraud reported that criminals posing as Amazon stole more than £400,000 from 200 victims in just two months last year.
2. Remote access software scams
Once they have made contact, a scammer needs to get access to your money.
Common tactics include urging you to move money to a ‘safe account’ because yours has been compromised, or asking you to download software to your phone or computer so that they can ‘fix’ a spurious problem.
In 2020, the Amazon phone scam played out like this: you answer the phone and an automated message invites you to ‘press 1’ to cancel Amazon Prime or dispute a fictional transaction.
Now you’re through to an ‘Amazon call centre worker’ who convinces you to download a tool such as TeamViewer to ‘secure your account’ or ‘authorise a refund’. If you do so, you’ve unwittingly given the scam caller full access to your device.
Remote access tools are used by businesses and IT workers for legitimate purposes, but many people are unaware that scammers misuse them to gain access to their smartphones and computers, allowing them to steal personal data and hack into bank accounts.
3. Scam adverts on Google and social media
Criminals can pay for adverts to appear at the top of search results, so be on your guard when using Google and other search engines such as Bing.
In September, we reported that scammers had taken out malicious Google ads on at least three occasions to target Revolut users and trick them into calling a fake Revolut customer services number.
As you can see from the image below, these ads appeared at the top of Google search results when customers searched for ‘Revolut help desk’, above the genuine Revolut website.
It’s too easy for criminals to promote scams on social media platforms and search engines.
Last year, Which? created and advertised two fake companies – Remedii, a water brand, and Natural Hydration, an online service offering pseudo health and hydration advice.
Google approved our ads in less than an hour and they gained nearly 100,000 views in a month. We also paid Facebook to promote our page for Natural Hydration, filled with pseudo-advice posts on ‘health and hydration’ and gained more than 500 ‘likes’ in a week.
- Find out more: How scammers use Google to lure victims
4. Sim-swap fraud – has your number been hijacked?
Banks are increasingly sending security codes by text message when customers use online banking or make online card payments.
This does offer a layer of protection, by making it harder for scammers to hack into your account or use stolen card details online. But it also makes your phone number more valuable to criminals.
This is why the past five years have seen a 400% increase in reports of Sim-swap fraud, where a criminal takes control of your phone number by moving your number to a new Sim or network.
Once they have control of your number, they can intercept any text messages from your bank to steal your security codes.
- Find out more: Sim-swap fraud – how criminals hijack your phone number
5. Fake emails and texts from ‘your bank’
Phishing messages have sadly become a part of daily life, and the slickest examples can catch anyone out.
Clicking on a link in a fake bank email or text could take you a cloned website where fraudsters steal financial or personal details. Or the link might install malware on your computer as another means to capture details.
The National Cyber Security Centre launched the Suspicious Email Reporting Service this year, inviting the public to forward phishing messages to email@example.com. In just two months it had received 1m reports
We warned about a fake Barclays text directing victims to a cloned website in May 2020. Below are some more recent examples of scam bank texts sent to Which? members. These all linked to cloned bank websites, set up to steal their login details.
- Find out more: how to spot an email scam