/ Money

BBA: what’s the worst example of fraud you’ve seen?

Know fraud, no fraud logo

The banks have launched a campaign to help you fight against fraud. Here’s Anthony Browne, chief exec of the British Bankers Association (BBA), to share the eight things banks would never say or do.

Being robbed is always a devastating experience. Increasingly though, reports are telling us that robberies and many other types of crime are on the decline. Criminals have resorted to a number of other tactics to steal from their customers.

Fraud is on the rise, and fraudsters have thought of many clever ways to con money from unsuspecting people. Often they will pose as a bank on the phone and convince a customer to hand over personal details. On other occasions they fake an official looking email with a bogus link that allows them to raid a bank account if clicked. Sometimes they are even bold enough to visit a customer’s home.

Banks see the pain this deceit causes – both financial and personal. Yet, while we all know how we can protect ourselves from household robbery, far fewer of us know the signs of fraud or how to protect ourselves from it.

Banks campaign against fraud

That is why the banks have launched a new public campaign and leaflet called ‘Know Fraud, No Fraud’. If people know fraud then no fraud can be committed against them. At the core of the campaign are some vital tips to help ordinary bank customers spot the difference between a genuine communication from their bank and an approach from a fraudster.

The leaflet sets out eight things a bank would never say or do that are typical of the methods used by scammers. Your bank would never:

1. Ask for your full PIN number or any online banking passwords over the phone or via email.
2. Send someone to your home to collect cash, bank cards or anything else.
3. Ask you to email or text personal or banking information.
4. Send an email with a link to a page which asks you to enter your online banking log-in details.
5. Ask you to authorise the transfer of funds to a new account or hand over cash.
6. Call to advise you to buy diamonds, land or other commodities.
7. Ask you to carry out a test transaction online.
8. Provide banking services through any mobile apps other than the bank’s official apps.

Don’t get caught out

Here’s just one real life example of someone who was drawn in by the clever tactics of these determined thieves.

Brian, a former civil servant: He was called by a persuasive man claiming to be a broker for a Japanese company selling shares. Brian was sceptical at first but a slick, professional looking website with a Japanese contact number convinced him to invest around £350,000. When Brian’s family became aware they contacted the police who could prove the man had operated other websites offering fraudulent investment deals, confirming suspicions that Brian had become this criminal’s latest victim.

The banks spend millions every year protecting customers using IT and intelligence, but we also want to make sure that customers are aware of the crime around them and that they know what they can do themselves to stop it happening.

Have you or someone you know been a victim of fraud? Have you spotted something suspicious?

Which? Conversation provides guest spots to external contributors. This is from  Anthony Browne, chief exec of the British Bankers Association (BBA). All opinions expressed here are Anthony’s own, not necessarily those of Which?. The Know Fraud, No Fraud leaflet is available online, and will also be in banks and police stations up and down the country.


It’s good that the banks are taking this initiative, but it still seems like lip service to me. Why don’t they advertise an email address to forward all phishing emails to? I find it hard to believe that these fraudsters can’t be traced. Their spam email gives you a link to a bogus website. Someone paid for that website using their credit card details. Surely they can trace that. If the website doesn’t belong to the fraudsters, but is one that has been hacked, they can still follow their tracks until they get caught. It seems all they are doing is attempting to frustrate the fraudsters’ efforts, with no real efforts to get them arrested.

Stewart says:
16 October 2014

all the major banks advertise email addresses on their web sites, specifically so that you can report scam/phishing emails.
As for tracing the fraudsters via their credit card details, they will normally set up web sites using stolen credit card details, or bitcoin. Neither will normally be traceable to the criminal.

NatWest have built this tool called the ‘how to fight fraud tool’:

It’s not the worst example, but a good example of what this bank is doing to prevent fraud.

I was in LLoyds Bank yesterday, and was asked if I would be interested in Internet Banking.

I’m aware of just how insecure it is, with absolutely huge amounts of crime, nearly all unreported, otherwise customers might take fright and abandon it.

But there are useful aspects, like being able to check bank balances (always less than you think!) and transactions – both of which would only require read-only access, with no possibility of fraud.

So I asked about read-only Internet Banking: sorry, not available!

Vivid says:
18 October 2014

Nationwide’s mobile app has a facility to view your balance and transfer funds to a nominated savings account without logging in, but I think you have to be registered for internet banking to use the app.

Internet banking and shopping for purchases is safe. Albeit you do have to be careful and be alert. It’s like a little bit playing poker, you will be fine if you keep your cards close to your chest….literally. Let’s be honest, scamming Emails so often look so dumb, I’m surprised they bother their time and resources to send them. I sometimes open them in “properties” and you can see the IP addresses they come from. Often these are East European or African in origin.

You are right about the phishing scam e-mails being so illiterate and suspicious, but the spammers only need a few per day to ring someone’s bell and get a response – and they are sending out millions. The scammers are being ripped off themselves, of course, because they are paying a higher level of fraudster to supply the e-mail address lists and the script or template that is “guaranteed” to open up innocent people’s bank accounts for them. The exploitation probably doesn’t stop there because the operation opens up the further possibility of blackmailing the scammers who were duped to engage in this crime. You can bet that very little of any proceeds will find its way into the scammers’ hands since it will be syphoned off by the master fraudsters in the background.

Shopping online and banking safe, I think really people mean is that we have not been hit yet. If they can crack the largest Bank in the world for some months the idea that they can crack the Internet for financial transactions seems likely.

Your on-line Banking may be safe – then again it may not be into the future. This article February 2014 “Cybercriminals compromise home routers to attack online banking users” for example:

Economist 28th June
“Given all of the sensitive data they handle, financial institutions tend to spend far more than most other firms on computer security. So breaking into their systems typically demands a great deal of effort and resources. Some criminal groups in Russia and elsewhere have now developed the scale and sophistication to be able to crack even the most robust cyber-defences.”

“By the time the bank’s security team discovered the breach in late July, hackers had already obtained the highest level of administrative privilege to dozens of the bank’s computer servers, according to the people with knowledge of the investigation. It is still unclear how hackers managed to gain such deep access.”
76 million accounts compromised.

Tony Osborne says:
21 October 2014

I have not read anywhere that, when money is transferred by defrauding a customer, the recipient’s Bank is held responsible.
I understand that some of the customers who have been conned into transferring substantial amounts of money to a fraudster have not been compensated.

All Banks have a legal responsibility to check the credentials by Passport/Utility Bill etc of every customer opening an account. If the account is abroad the money should not be transferred without checking with the sender.
If any Bank receives money which was obtained fraudulently they should give details of the recipient to the police.
If that recipient’s details are false then that Bank should refund the money because they have been negligent.

Tony Osborne

There have been many reports recently of fraudsters telephoning people, pretending to be from their bank, and asking those people to transfer money to the fraudster. These people expect their bank to compensate them for their loss, but this would be inappropriate. Similarly should a bank reimburse the victim of a 419 scam, for the sole reason that the victim paid the funds from their bank account? It doesn’t matter whom the fraudster impersonated; the bank didn’t act negligently. Too often people expect their bank to reimburse their losses when the bank was not at fault and could have done nothing to identify and prevent the fraud.

However, Tony Osborne raises a good point above in that the receiving bank (as opposed to the victim’s bank) is potentially at fault for not carrying out sufficient identity checks.

G Kirton says:
25 October 2014

Should all banks be urged to include in all communications, online and postal, information on the scams that customers might encounter, and instructions on how to respond and/or contact the bank safely?

We all seem to want to live life in the fast lane, so the banks have given us ‘faster payment services’, but perhaps we need to slow down.

How about …. after you create a new payee there is an enforced delay of 24 hours before you can actually transfer any money to them? During this time the bank would send you an email to confirm that you had created the new payee.

How about …. the banks also tell you who the new payee account actually belongs to? If I give my account details to someone so that they can pay some money to me then I’d be happy for them to see at least the full name on the account, and possibly either my address or my postcode.