Consumers are being targeted in a new bank transfer scam. Our guest author Emma Harper speaks out after losing nearly £20,000 to the scammers…
A pernicious type of ‘Authorised push-payment’ (APP) fraud is on the rise, where scammers, posing as your bank, attempt to trick you into giving away sensitive banking information, claiming your account has been hacked.
With this information the scammers can access bank accounts and steal your money.
Which? has been campaigning against these bank transfer scams for years, but last month their Money Helpline reported a large spike in calls about it.
Now Which? has spoken to several victims who have between them lost a staggering £350,000 to the scammers. I’m one of them.
Scammed of my life savings
On the evening of Monday 22 October 2018, I received a call from someone claiming to be from my bank’s fraud department.
The scammers were highly professional and believable. They had ‘spoofed’ my bank’s telephone number, so it looked like my bank were calling.
The man on the other end of the call said they’d received payment requests from my account.
They knew personal details about me, saying the payment requests were not from the local area where I live; they also knew I was a premier banking customer.
I said I hadn’t authorised any payments and asked if my bank account was secure – he said he would check and call me back.
One and a half hours later, a different person who called herself Katie, called back saying there had been large movements of money between my accounts. She said they were concerned that I was being scammed.
I was driving at the time, she said she would call me back when I was home – because, in an attempt to appear professional, she said it was bank policy not to speak to customers when they were driving.
When I got home, she called back and said to secure the account, I needed to give them some security details.
I was in a real panic at this point. I thought they were my bank – they knew where I lived, they knew I was a premier banking customer, and they had cloned my bank’s telephone number – I thought I was having thousands of pounds stolen. So of course I told them my details to try to stop this.
Accessing your accounts
First they asked for my telephone banking pin. I hadn’t used telephone banking for years, and gave them one number that I think may have been incorrect. They knew this, and said the pin was wrong.
They panicked me further by saying I only had one more attempt to secure my account.
They then asked for three digits of my nine digit online banking password, which I gave them.
To reassure me that the account was secure, they asked me to log on to my online bank account, which I did via Google and selected the main bank website. I never doubted that I was logging onto the legitimate site.
She said, ‘as you will see the account has been suppressed’ – and I could see the money had been moved internally within the accounts.
To stop the money going out of my accounts, she said, they needed to close the accounts down and transfer the money into an ‘internal safe account’.
Stealing your money
I was asked to make a payment to a payee, with the same name as me, and enter a specific figure: £19,756.
At no point did I enter any account number or other details – these had already been input by the scammers. I then authorised that figure using my card reader.
I was sent a text 14 hours later by my bank, advising me that there had been unusual online activity on my accounts. I then contacted the fraud department myself. I said to them I’d already dealt with the unusual online activity the previous evening. It was then they told me I’d been talking to scammers.
The scam has been life changing. I was in trauma initially and then became ill resulting in a cancer scare, which thankfully, was cleared before Christmas.
There are thousands of people like me who are currently falling victim to sophisticated scamming techniques.
My bank claims I authorised the payment and therefore refused to give me my money back. In my opinion, they took no responsibility for the scam and did nothing to protect my money.
In fact, 12 months previously my savings account had been hacked, and the bank had provided no information about how this had happened.
My bank claims that it uses a risk-based approach when deciding if a payment is suspicious. In my case: a new mobile device was registered, a new payee set up and the account effectively emptied within 20 minutes… and I’d been hacked 12 months previously. Sound suspicious? Apparently not.
It took my bank 14 hours to inform me of unusual activity on my account, making it impossible to recover any monies from the beneficiary bank account.
Banks need to do more to protect their customers and prevent fraud – because as it stands, when you are victim of the APP scam, you feel you are totally alone.
This is a guest post by Emma Harper. All views expressed are Emma’s own and not necessarily those also shared by Which?.
Have you been contacted by scammers claiming to be your bank? What do you do if fraudsters call you up? Do you think banks need to do more to protect their customers?