Cyber Crime isn’t the only threat we’re facing today, as the incidence of telephone scams continues to rise. Here’s a true story of how a customer of ours was fooled – she hopes that by sharing her experience she can help others to avoid the same fate.
Abigail (not her real name) answered what looked like a local call to her home phone number.
A lady introduced herself as working for British Telecom and advised Abigail that engineers were in the telephone exchange in her local village and named the village.
With some conviction she explained that there were hackers on Abigail’s computer and that she needed to switch the computer on, so BT could fix it. The BT lady got Abigail to log onto the BT website, and then passed her quickly onto her manager.
The BT Manager went on to show Abigail how much malicious traffic was on a few of the websites she used frequently, including her online shopping and banks.
By this time, Abigail was convinced … BT had “proved” that she was in danger, so she was happy to switch to a different server when asked, to help BT to isolate the problem. They asked her to log onto shopping websites and her bank to check that the new connection was secure.
They also asked her to separately download an app (called Team Works) on her phone, assuring her that they could clean her phone too as that was also vulnerable to the same hackers.
Abigail finally got suspicious when she saw a text code come up on her phone authorising the release of money from one of her bank accounts. At that point, she hung up and called the bank to report her suspicion that she’d been subject to fraudulent action.
The fraudsters had kept Abigail on the phone for more than half an hour, and in that time had managed to transfer everything from her savings accounts into her current account, and then transfer it all to her business account in another bank.
From there they transferred the total of £9,000 into an external account, and also managed to get a loan of £25,000 authorised. Amazingly that part took only 2 minutes, and luckily for Abigail the fraudsters added a comma somewhere by mistake and the money didn’t go through.
So how did they manage to pull this off? Technically they had to do very little, they simply used a widely available remote access app that allowed them to see what Abigail was doing on her laptop and her phone. The rest was simply a confidence trick, playing on the common “fear” we have these days of being hacked.
Luckily for Abigail her bank managed to track down the money from the external bank account and return it to her account …. But the whole episode wasn’t without its cost.
She had a few fraught weeks when it was unclear whether she would recover her money. She spent over 2 weeks having her laptop rebuilt and security upgraded to ensure it was safe and virus-free, and her mobile phone needed to be secured too with additional malware protection. As an extra layer of security, she now has 2 factor authentication switched on for all her online accounts.
So how can you protect yourself from telephone scammers?
If an unexpected caller claims there is something wrong with your computer or asks you to download something this is almost certainly a con, and you should always be extremely cautious before allowing anyone to access your laptop or smartphone remotely.
Remote access is an extremely useful tool which we use to deliver technical help and support to our customers …. But give remote access to the wrong people and you may as well be handing them your unlocked laptop, and the consequences can be disastrous.
Check you’re the website of your bank to see what they advise. For example, Lloyds Bank confirm that they will never ask you to:
- share Internet Banking account details (like user ID, password and memorable information
- tell us your Personal Security Number (PSN) for Telephone Banking
- tell us your PIN code, expiry date, CVV number (the last 3 digits of the security code on the back)
- move money to a so-called secure account (or safe or holding account)
- move your money or ask you to transfer funds to a new sort code and account number that we provide
And Santander confirm that a genuine bank or organisation will never contact you out of the blue to ask for your PIN, full password or to move money to another account. Don’t give out personal or financial details unless it is to use a service that you have signed up to, and you’re sure that the request for your information is directly related.
Here are the links to the security advice pages for a few of the UK banks:
Lloyds Bank Security
Barclays Bank Security
Metro Bank Security