/ Money

Anyone can fall foul of a scam – and I’m proof of that

Phishing scam

One in 10 Which? members has been scammed in the past five years and with official figures showing that consumers lost a shocking £6.1bn to fraud in 2011, it’s clearly big business. I’ve found out the hard way.

I’ve worked at Which? for more than six years and I would say I’m pretty savvy when it comes to consumer issues. But that doesn’t mean I’m not susceptible to online scammers.

Indeed, only last week I found I’d become just another statistic in the world of the bank email phishing scam. Yes, I fell for the oldest trick in the book and my wallet was £240 lighter as a result.

Now, I know I shouldn’t respond to emails sent by my bank asking me to click on a link. And I know that when entering my personal details online I should make sure the site is secure (by checking it’s got a padlock sign in front of the web address). And, I also know that banks don’t ask you for these details via email. So, what went wrong? How was I so fooled so spectacularly?

Flurry of NatWest banking scams

Well, a number of coincidental events occurred to conspire against me that day. I’d tried to log in to my online NatWest account a few times and had entered the wrong password and PIN.

When I checked my emails I had one from my bank entitled: ‘Your account has been put on restricted status’. When I opened the email it went on to say that my online access had been ‘temporarily suspended’ and that this was due to ‘a number of incorrect log in attempts’.

As this happened to be true, I clicked on the link without thinking and began entering my online password and PIN. But then the alarm bells rang and before I’d entered all my details I promptly ceased what I was doing and closed down the page. But, it was too late.

£240 lost due to online phishing scam

That evening the fraudsters called NatWest pretending to be me, saying my card had been stolen and requested emergency cash. NatWest proceeded to give the scammers a PIN they could use in a cash machine whereupon they happily made a £240 dent in my bank balance.

When I filled up at the petrol station the following day I was told that my card was blocked (luckily I had just enough cash on me to pay for the fuel!). I contacted the bank and was informed that my account had been frozen.

After some further discussion, the fraudulent activity became clear. I was advised to make a claim for fraud, which to my surprise, has subsequently been turned down. I’m now in the process of appealing and do expect to have the money fully refunded.

Apart from the obvious financial loss my pride was also hugely dented. I felt really stupid especially as I work for Which?, and know about these things. Believe me, the irony is not lost on me. But it does just go to show that when your guard is down anyone can get scammed.

Have you been the victim of a scam? Did you report it and if so what response did you get?

Comments
Profile photo of John Ward
Member

Very sorry to hear your experience. Something similar nearly happened to me once but I stopped short just in time – I noticed the address code in the lower bar of the e-mail page that appeared as I hovered over the link and I hesitated long enough to realise it was not correct. It is so easy to be taken in by an unfortuitous combination of circumstances. My ISP’s e-mail filtering system is now much more effective and such a message would not drop into my in-box but go into the junk folder. My bank now puts my residential postcode on any e-mails it sends me with information about services – this is a further safeguard. I once requested the bank to improve the language used in their official e-mails to make it less casual; I noticed that the scammers were having difficulty composing literate English messages so anything the banks did to employ correct grammar, punctuation and sentence structure would minimise the risk of impersonation. I think there has been some improvement in this regard but we still have to be exceptionally wary – there are some clever criminals out there.

Profile photo of wavechange
Member

Maybe I don’t have complicated financial affairs but the only emails I can remember receiving from my bank have been to confirm appointments.

As John says, the standard of English betrays many scams. Most of those I have received are well known, with warnings on websites, but I have reported a few that are either new or not well publicised.

Amanda provides a good example of how, in certain circumstances, we can be less vigilant than usual. It does not surprise me that those who suffer frequent computer problems are easy to persuade that they have a problem with their computers and become victims of a scam.

I use NatWest online banking and had no idea what I would have done in Amanda’s position, where I could not log in. Having investigated, there is clear information on their website, but if that was not there I would phone the bank for advice, as I did when I was having a lot of trouble with a Halifax savings account.

Though I have never been victim of a scam, I think I have done something silly by placing a deposit on a car, which turned out to have been sold by another branch of a dealership. I cannot believe that I have been silly enough to have given a £300 deposit, via debit card, without getting something in writing. Normally I don’t have much sympathy with those who let themselves be cheated but I’m feeling rather humble at the moment.

Member
john mccolgan says:
14 July 2012

Not a scam as such (debatable) but certainly immoral business practice. As a disabled person my door entry system buzzed. The caller identified themselves as “wishing to discuss changes at the local BT exchange that may effect my service” Suspecting all was not well (distraction burglaries etc) I refused entry and told them to write to me. Unhappy with this I called the police who attended within 4 minutes. They detained the 2 people. It turns ot they were representing Talk Talk and trying to sell phone and broadband services. Although not ACTUALLY saying they were from BT they certainly gave me that impression, BEWARE of these sharp practces. I have written to Talk Talk to complain.

Member
jim says:
14 July 2012

This has just happened to me- The thing is i haven’t clicked any dodgy links or given out any info. In fact the card the fraud took place on is one I never use for withdrawing cash and don’t even know the pin of- It’s a joint account card just associated with housey direct debits and the occasional pizza delivery( no pin needed for that..) I only lost 60 pounds but both my cards have been cancelled and my online acount currently doesn’t work .

I’d really like to know the questions that are asked to verify the ID. Incidentally NATWEST flaged it up themselves (even though they gave the money…. dunno how that works) as they said the voice didn’t match my profile (I’m guessing foreign).

it’s not much money but it’s scarey- They said they’d refund the money, just got some forms to fill in. I also had the embarrassing experience at the petrol station!

Profile photo of william
Member

@amamda, Hands up all those who haven’t read my comments on the 26th June on https://conversation.which.co.uk/money/natwest-glitch-bank-account-meltdown-payment-problem-advice/

warning of Natwest phsihing emails. [That I’d cut and pasted from Action Frauds twitter feed, they’re definitely worth following as is your local Trading Standards]

And I’m sure I posted a warning on another convo when the RBS fiasco broke warning of it being a scammers paradise, but I can’t find that post 🙁

Profile photo of william
Member

The thing that annoys me about emails from legit companies is the fact that these days many companies outsource that stuff so when hovering your mouse over any links in the email they’ll point to a random collection of letters and out of principle I won’t click on them and in some cases have actually forwarded them onto the banks fraud email account warning of a fraudulent email. Is it really so difficult to have a routing page on the banks website which the email can point to [answer: no its not] that way people will clearly see the links going to the right address and therefore will hopefully never ever then click on a dummy address.

A fine example of what I’m referring to can be found in many Which Switch emails which were routed through prizewize dot nl when hovering your mouse over www dot whichbigswitch dot co dot uk or “personal page” .

Companies need to be trained to stop using scammer friendly methodologies.
Maybe Which? could start a campaign to tidy up emails like this. (starting with their own)

Member

Good point on outsourcing. I ignored three recent emails however saying my internet domain would be suspended unless confirmed as clicking on links in random emails where the email address does not co-relate to the entity they say they represent – in this case ICANN is always wise. Was not wise here!
My internet service provider who hosts my website/domain had not told customers that from about a year ago once a year you will receive an email from these people with the funny name which sounds very dodgy but unless you click on the link your whole website/business goes down! Wow. Emails I sent out for work were not received. Emails to me were not received. Thankfully on a Saturday my domain hosting company were around and got it all back up for me but the dodgy looking original emails I had never in 20 years had by email requring confirmation of domain name were absolutely genuine!

You can’t win, can you?

Profile photo of william
Member

Oh and I wouldn’t be surprised if there’s an O2 email scam doing the rounds at the moment either. Companies who fail to provide a reliable service just play into the hands of these fraudsters.

Profile photo of dyfnwal
Member

Please don’t assume that scams are necessarily the fault of the cardholder.

My credit card company informed me 6 years ago that there was a suspicious use of my card in Florida. I confirmed that I was in the UK (never having visited the USA). The several fraudulent puchases had been stopped, and the card cancelled. None of my other cards were affected.

Recently, by googling my mobile number, I discovered the full details of the above card published in a text file that had been “dumped” from a Russian web site (name ending in .ru). It also contained my then address, along with the delivery address and recipient’s name (a relative). This text file also contained 2 dates (again, from 6 years ago). When I checked the credit card statements, the dates corresponded to an internet purchase one evening with payment being accepted the following day.

As this file also listed similar details for 1000 other people and their credit/debit cards, I contacted the company (now under new ownership), and they admitted that the credit card details had not been properly secured at the time (under previous ownership). They promptly agreed to contact various search engines and any other relevant organisations to remove the offending internet file. However, the cache still left a trace, so I contacted them again, and they said they would recheck to see if the cache would be purged within another month or so. It now appears to have been purged. I suspect that the purchases in Florida and the above internet order were linked.

My efforts to report this matter to the Police and the Credit card company in the last 2 months met with no interest. I would recommend that everyone checks their telephone numbers/address/postal code on Google, Bing and DuckDuckGo. I would not suggest you directly check your card numbers in search engines on home computers – if it’s been hacked, you may have just given the hackers your credit card number.

Profile photo of richard
Member

A few years ago I noticed £3.75 was missing from my First Direct account – I had not clicked anything anywhere – I checked with First Direct and found the application was fraudulent – So I informed them – but a week later I found the same people had removed £350 from my account – I was livid because I had informed them. However they refunded the £353.75 and changed the card – I can only assume my card had been cloned in some way, Hasn’t happened again since – but I check often.

Member
Jess says:
20 July 2012

I have recently fallen victim to exactly the same as you Amanda. Although only £120 was taken out of my bank, I only had £140. I am a recent graduate unable to find work and attempting to live off JSA. I had this £140 from a £75 gift from my grandma for passing my degree and the rest from selling my possessions on eBay. I am now being faced with charges from O2 and my laptop company as I am unable to make the payments this month. This will obviously push me further into debt and over my overdraught, probably resulting in bank charges from Natwest!

Natwests response? My fault. My problem. To them, it looks like a small amount has gone out of my own stupidity. Yes, I shouldn’t have opened the email, but that small amount was practically all I had!

I am appealing this, does anyone have any advice for this process?

Member
Lorna Elwick says:
20 July 2012

I was surfing the net and I came across a link to someone who had discovered a cheap way of whitening her teeth and at the side of that page was an advert about getting a free delivery of some sort stuff to whiten teeth. I clicked “RUSH MY ORDER” , it didn’t ask for any details and I divulged absolutely no information. But from that click they got my bank details .Apparently, I had signed up for a regular, monthly amount of whitening agent. £70, then £44 disappearedfrom my account. I couldn’t get help from my bank because they said that only I could cancel the arrangement. There was paperwork with the product but I couldn’t see anything like a phone number. My husband found a name ACTIPRO and a phone number. After trying numerous times, he managed to cancel (he has POA over me)

Profile photo of greytech
Member

Another thing that banks could do to help stop scams is not ask for security details over the phone when they call you. More than once my credit card provider has called me about a potentially dodgy transaction and promptly started asking to check my security. I think they should just say that there is a possible fraudulent transaction and ask me to call the number on my card.

Member
RD Brunning says:
27 July 2012

My experience mirorred Amanda’s. I received a “Santander” email advising of changes to its website with links to view them. That didn’t interest me but as it had been sent to my work email address which I no longer wanted to be used I thought I’d use the link to delete it & register my private email on Santander’s web site. That was the scam because I had to input my security info to make the change which went straight to the crooks. They immediately emptied my current a/c plus the £1,000 overdraft facility. Santander didn’t even notice this was an extremely unusual & suspicious transaction & paid out in full, no questions asked!, even though I had never been in the red once during the many years of banking with them. My a/c was frozen for over a month, no access to any funds to pay STOs or DDs or pay any bills. Eventually Santander made a full refund but they were an absolute nightmare to deal with. I’ve since closed the a/c & opened elsewhere. The FSA told me banks were obligated to repay victims of scams unless they could prove you were negligent in giving your security info to others & neither Amanda nor I were negligent.

Member
Jatroa says:
29 July 2012

A most annoying thing is legitimate companies that ring up and ask you to identify yourself with your date of birth, mothers maiden name, postcode etc, due to the Data Protection Act.

…..If you ask them to prove who they are, they are most affronted. And just hiw any people, maybe some untrustworthy, know this information by now?

The same thing in Tesco’s.. When you pay them with a note, they test it.

If you hold their change notes up to the light , or are slow in checking your change..again affronted.

As to credit cards frauds. I change mine every six months by saying that i have it and get a new number. It’s free and could prevent a fraud but you do have to do without your card for around 4 days.

Profile photo of wavechange
Member

If a company called me and asked for information, I say that I will call them back, which I do after looking up their phone number.

I deliberately use a credit card with a small credit limit wherever possible, just in case there is a problem. I have not had a problem in 40 years and the number has never changed.

Member
Tina says:
1 August 2012

Amanda- I’ve just had the EXACT same thing happen to me with Natwest. I’ve just had £240 taken out of my account because I stupidly put my details into that email that looked like a legitimate Natwest email :(( I really hope I get my money back- I think the only difference with me is that it has been reported as a fraud case, they said they are investigating the matter but I just feel like such an idiot!!!

Member
Jess says:
1 August 2012

Exactly what happened to me Amanda. The scary part was that the whoever sent the email knew that id been traveling. They’re refusing to give me it back, ive just got Ombudsman forms to fill out… lets see how it goes. If that doesn’t work, I will be closing my accounts with them.

Member
Tina says:
4 August 2012

i’ve just received a letter form them refusing to pay it back as well! Did you have to complain to natwest first before you went to ombudsman service? this is such a pain….

Profile photo of william
Member

Hopefully something like this http://epetitions.direct.gov.uk/petitions/36154 will help reduce people’s susceptibility of falling for a phishing email. If you do agree and sign it , you’ll need to click on the confirmation email they send

Profile photo of william
Member

Just to prove my point about how legit companies don’t help the customer. I’ve just had an email from the Royal Mail. I can’t guarantee it is however as all the links in it route via list-manage dot com

I’ve forwarded to the Royal mail using the email address on their webpage as its not the same as the one in the email asking if its genuine. But I shouldn’t really have to should I. Just wish more would sign my petition.

Member
Jess says:
4 August 2012

Yes Tina. you need to have a final letter from the bank, refusing to pay you back, then you can call the Ombudsman, they will send you forms etc etc

Profile photo of william
Member

Do you poor souls who have been scammed still have the original email ? Suspect links and all ?

Member
Jess says:
5 August 2012

Yep, sent it to natwest and a copy will be going to the ombudsman!

Member
Louise says:
10 October 2012

Having read all the previous entries and hearing of similar scams, I thought I should share my experience of only last Monday. I very rarely remove cash from my account (April 2012 was my last) and I don’t subscribe to online or telephone banking. I was lodging some cheques at a local branch of the Nat West and casually requested a mini statement, to my horror £2750 had been withdrawn in amounts of £250 per day plus one emergency cash withdrawal..all via ATM!!! I immediately notified the bank and the card was very quickly cancelled. The amount has been re-credited to my account pending a full enquiry (I hope this remains the case). The fraud team told me that it appeared that an individual has registered for online banking to a mobile phone on my account…ashtonishing – as mobile phone aren’t EVEN registered to addresses (if SIM only) I questioned how this could possibly happen and they just questioned whether I had ever done online banking…I never have and confirmed to them that I now have no intention of doing so – I have had a block put on my account so that any future request to online bank will have to be confirmed by my attendance at a branch with photographic evidence…Hope it all turns out okay 🙂

Member
Robert Bridges says:
27 October 2012

I had a similar experience recently – on my email. The account was suspended after I was (first) required to enter a human recognition number, and then informed I had ‘exceeded the number of wrong log-in attempts’, and should re-enter my details below. I didn’t.

I have ‘lost’ my email account before, and it is a dispiriting and devastating experience to lose years of correspondece and all internet communication details. On this latest occasion I logged-off and closed the internet connection; then re-opened re-entered my email access details. No problem!!

The clever thing about this attempted fraud was the request to type the human recognition number (or whatever is the right technical term for one of these). This lends an air of authenticity to the apparent security system, but must have been a connection to the phishing site. I was lucky.

Member

Just a further warning. In the first post at the top of the page (by John Ward) he writes “My bank now puts my residential postcode on any e-mails it sends me with information about services – this is a further safeguard”.

Today I have received an email, purporting to be from the Halifax, which is clearly a phishing scam as it invites me to sign in to online banking using one of two embedded links. Also, the originator’s email address (hidden beneath the cover name of “Halifax Bank”) is definitely bogus.

However, the email does address me correctly using my surname and, what’s more, does include (correctly) the last 3 digits of my postcode. This is, as they say, to “confirm authenticity”.

So the moral is, don’t be fooled, as the scammers can even acquire this information to lull you into a false sense of security – though I’d be curious to know how?

Member

exact same thing happened to me they only took 40 pounds natwest should make a personal password with you that you would never forget to say over phone before letting any moneys to be transferred out of cash points,

Member
Cash savvy says:
11 January 2013

Just a word of warning. Had a call from Bank of England to say I had been scammed last April, knew I had not as I was living overseas, however, chap proceeded to tell me it was in connection with the Bank of Indian, warning bells!! Got quite aggressive when I asked for details and sort code of b of e (work in a bank too) would only send forms over the Internet and not via post – just love to keep them hopeful. Got quite cross when I would not give PayPal detail although never told I did. So, be warned if you have been scammed, they are scamming you again by offering to refund to original scam.

Member
Sammi Xoxo says:
6 February 2013

Hello im sorry to steal your thread 🙁 and sad to hear all this!! I am also looking for some advice.. I opened an account with rbs.. got sent card pin sort code account number customer number etc i went to the branch with my paying in book that was sent and paid in 1k paying in bool was stamped and signed and i also asked for a receipt i txt the number that came with the card to activate my card but kept getting declined.. I spoke to someone workibg at royal bank of scotland online and they said my name doesnt match with the sort code account number and card number i have and said they cant assist any further! So i called them verifyed the details again and was told the same thing! She put me on hold to look into it further the line then went dead!! Has anybody ever experianced this? Or offer any advice.. im 25 disabled this has had a major effect on my health, I have no extra money to live on and i dont no where to turn next.
Thank you

Profile photo of dyfnwal
Member

Contact the Police and the Council’s Trading Standards. If you have Trade Union membership, their lawyers may be able to assist you, but may charge for this service. Good luck.

Member
Julie says:
27 May 2014

Feeling like a complete idiot. I have opened an email which I thought was Barclays. it said my account was frozen due to suspicious activity. I dived straight in and opened the link, entered my full name and card details. I realised something was wrong almost immediately and telephoned the fraud department who explained that my online banking would now be stopped and I may not be compensated for any monies stolen from my account because I entered my details. I was told Barclays do not send e-mails only phone messages. As this has only happened this evening I am full of panic and not sure where I am going with this.

Member
Julia Tweedale says:
7 October 2014

I haven’t opened any emails but bank with the natwest and have been a victim of frsud … My nat west debit card has been reported 16 times in the last three months … I’m at my whits end I have been held hostage at my garage until my husband came to the rescue as my card declined!!… No matter what actions I have put into place with nat west customer services ignore !!!… I received card number 17 today at 4.00pm and used it to pay my phone bill … The card was reported list today and cancelled at 6.22om I am so angry and natwest will not accept any responsibility … I have reported it to the police they are not interested as they say I’m not the victim the bank is!!… Well I feel like the victim my card has been declined in asda and was swallowed by the ATM machine in Majorca … And now I wait for another card … Who can stop this happening .. I have stated that under no circumstances must any emergency cash be given out of my account .. That was a waste they have given it three times since to this fraudster … Any advice aoart from changing my account although that is all I feel I can do now

Member

Who reported card 17 lost? The fraudster?

If you can prove that you had an arrangement with customer services, and they ignored it to give your money to fraudsters, you might have a case against natwest in court.

Did card 16 have a different card number to card 17, and do you have an online banking account with natwest?

Member
Julia Tweedale says:
8 October 2014

Hi there all my cards had different numbers on them the fraud team recommended I close my account and open a new one and the fraudster gained access to that within ten days and was given emergency cash I do not have online banking I cancelled that after the first card was reported stolen the bank have compensated me £270.00 as a gesture of goodwill £100 of that was for my telephone calls but no matter what I have put into place they still cancel the card each time … The bank have said they are pretty sure it is the same person ringing and cancelling the cards but they Idont ask for the new security password that has been set up on the account the fraudster would have no idea of that .. In fact they don’t even ask me it when I ring … I’m really at my whits end it has caused me so much stress … Nat west give me suggestions as how to stop the fraudster ie don’t write your pun down don’t open emails keep your card with you at all times all of which I have done but still I’m in to card 17 since the 13 June … I had a card cancelled on Friday and now a card cancelled Tuesday my argument is that surely customer services can see that I have had all these cards reported lost ?

Member
Mike says:
15 June 2015

I had something similar with barclays last Friday, and I`ve just had the exact email purporting to come from Nat West: `We have detected suspicious activity etc.`. I didn`t click the link, but merely took a copy then deleted the email. I was going to phone the bank, but, after reading some of these comments, I`m going to drive the 15 miles to the bank first thing tomorrow.

Member
Taylor says:
28 September 2015

I am getting text massages saying that several people are setting up accounts on my natwest when I don’t even have a natwest account 😳😴

Profile photo of camilaparker
Member

It is now 2016 and this article helped me a lot to protect myself from Suspicious transactions in my account. Last week I continuously received phone calls and emails that they are speaking from NatWest bank and one of my relative has gifted me £ 50000 and they they want bank account number to deposit the amount in my account and they were also asking my credit card number and its password. This seems to me fraudulent call and to remove my doubt I called NatWest Customer Service and asked them about the matter. They replied that they have never made such calls and told me that other customers are also receiving similar calls and beware me about such calls. One of my friend who received similiar call, told them every thing and next day there was £ 10000 fraudulent transaction from his account. Best way to protect ourselves is to avoid such calls.

Member
Steve says:
2 May 2016

I clicked on a link in a txt message telling me that my I tunes account had been de-activated and that I needed to submit my details to re-activate it. I did start putting info in i.e. my email, DOB and part of my home address but something alerted me and I closed the message. A couple of hours later I was notified that the link was a phishing site. Hoping that the limited info I put in wont cause any fraudulent activity?

Member
LInda Long says:
11 February 2017

I have recently been scammed for £9000 the money was paid into a NatWest account. I informed my Bank Barclays and they evidently put a block on the account but I’m not sure if the fraudsters got the money out before this happened. The fraudsters then asked me to send proof of payment (not realising I know what they have done) as in a bank statement, showing the payment transfer with my details. Of course I’m not sending it but they claimed the bank asked them for proof of where the funds had come from – is that likely? Could the funds still be there and could they really still get it out if they prove where the money has come from? It could be another scam to get my bank details and also ID theft. I have since found out that they had another bank account with Natwest that was closed down last month for fraud – they used another name but even I was able to see it was the same people and scam. Does anyone think I might have a claim against that bank if my money has gone. I forgot to mention I went into Nat west and showed them the account and contract to try and check it out but was told it was a holding account from main office and not a branch sort code. They said the account wasn’t in that name either, they were aware I have already transferred the money and I had concerns but I don’t think they reported it or tried to look into it, all they said was your bank needs to do a trace – they took no responsibility that the account could be fraudulent and in their bank. Sorry its long but I’m desperately trying to look for answers and what I can do if my money has gone.

Profile photo of John Ward
Member

I certainly think you should contact Barclays Bank, Linda so that they can try to trace your money; there is a chance that it is in limbo somewhere between accounts. How did the scam work?