Cally was the victim of a devastating bank transfer scam. Here she explains what happened, and how you can avoid falling into the same trap.
This is a guest post by Cally Ellison. All views expressed are Cally’s own and not necessarily shared by Which?.
My business partner and I built up a photographic agency in the east end of London over the past twenty years. As we were planning to wind up the agency, we decided to do one last project: building an extension on the roof of our office before selling the property.
In the midst of the building work, I received a genuine email from our builders attaching an invoice for the next payment of £125,000 I made a first payment of £50,000 into their usual account.
Which? News: Has your bank signed up to protect you?
But then I received a subsequent email requesting I pay the remaining funds into a subsidiary bank account with what seemed to be a plausible explanation. The email looked genuine – it had the same logo and the same people coped in – so I duly transferred £75,000 into the subsidiary account.
We first became aware that something was wrong when we were contacted by our builders four days later to say the funds had not landed in their account. It was then we realised we’d become the victims of a sophisticated fraud.
Email infiltration
The police explained what had probably happened. The fraudsters had infiltrated our builders’ email accounts and then monitored their emails to clients. They also set up a fake new account and copied all the details from the genuine one – including the email address, names, logos etc.
They then used this to email the companies’ clients to request money. So it looked as though the email I was receiving was from the builders. Nothing appeared untoward. I only realised this afterwards that it was a fake.
“The police said fraudsters like this tend to target smaller and medium sized builders and solicitors, who deal in large sums of money daily, but don’t have the security in place on their emails to prevent them from getting in”
The police also said that it was more than likely that the fraudster’s bank account was opened online and didn’t involve anyone actually going into a bank. They found the bank’s due diligence to be sub-standard.
Help for scam victims?
It took Action Fraud approximately three months before it told me it was closing my case – had it been faster we may well have caught the criminal on CCTV, as the fraudster spent £3,000+ in the Apple store in Aberdeen. Unfortunately Apple only keeps its CCTV footage for 30 days.
“The banks should absolutely be doing more to check and monitor large transactions like this from their customers to unknown payees”
It was only because I was so persistent and tenacious that the police got involved at all. I tried going down to my own police station 3 times, but they kept referring me back to Action Fraud, which I didn’t find helpful.
Should fraud be a police priority?
Had the account name been confirmed when I was trying to send the money, none of this would have happened. We’re so exposed to scams like this online and banks need to do a lot more. Fraudsters are so clever. And I get terrified now when I have to pay anybody online.
This was a guest post by Cally Ellison. All views expressed were Cally’s own and not necessarily shared by Which?.
With £434 per minute lost to authorised push payment scams, we don’t think banks can delay tackling fraud any longer. Do you back our calls?