/ Money

What will it take for a change in scams legislation?

Online bank fraud

Online banking scams are becoming increasingly sophisticated. No more so than the one that targeted our guest writer. Jane Caldwell, who has appeared on Rip-Off Britain this week, describes how fraudsters scammed her out of £100,000.

On Saturday 28 January at 4pm I was phoned by what I thought was NatWest’s fraud department asking if I’d made two transactions, for several thousand pounds. I hadn’t, so the person at the other end of the phone informed me my online accounts had been compromised. I was told a stop had been put on the accounts but I needed to take action. Querying this I was told the transactions had been carried out from a different IP address to the one I usually use.

The caller asked me to look on my phone for the customer number for the NatWest. I was told they would phone me on my mobile from that number so I would know they were bonafide.

False sense of security

They called me and the customer service number appeared so I felt I was speaking with the fraud team. I hadn’t given them my number either so I assumed they used bank’s records to contact me. Logging into my bank account the scammer began querying several transactions I’d carried out the day before, asking if these were part of the scam. So far everything led me to believe I was speaking to the fraud team of NatWest.

They instructed me to open a new payee account, in my name, using my card reader and to transfer money into this. When I questioned this I was assured that as it was in my name the monies weren’t going anywhere but were clearing the virus on my account.

Unsure, I used my son’s mobile phone to call the NatWest customer service number myself to check I was speaking to the fraud team. At this point the person on the other end of the phone asked why I was doing this. Later I would find out that my webcam had been hacked letting the person I was speaking to see everything I was doing.

£100,000 out of pocket

I also moved £85,000 from our Nationwide accounts to clear viruses, again all set up in our names.

By the end of the call, thinking I had checked on numerous occasions the validity of the call, I thought I’d prevented a scam only to realise the opposite on Sunday morning.

Our accounts had been cleared of all our money, savings, pension lump sum, my late father’s inheritance, to the sum of £100,000.

We have since discovered that malware was probably downloaded onto my laptop enabling the scammers to see what was on the computer as I typed and to watch me on the camera as I made calls to customer service.

Nationwide have retrieved £25,000 but all other accounts were cleared within minutes of me making the payments.

Current legislation states banks are not responsible for these push payments, but if this had happened in America we would have got all our money back. Isn’t it time for a change in legislation?

This is a guest post by Jane Caldwell. All views expressed here are her own and not necessarily those also shared by Which?

Watch Jane’s story as she told it on the BBC’s Rip-Off Britain.


Thanks for being brave enough to explain how you were victim of a scam, Jane. It might help protect others. The banks have encouraged us to use online banking and other services, and we regularly here about successful scams.

My approach is to avoid doing anything of a financial nature over the phone unless I have made the call. I’m beginning to wonder if that is enough.

Jane Caldwell says:
3 October 2017

The problem is that local bank branches are closing all the time, especially in the rural area I live in, so online and phone banking are increasingly becoming the only way to bank.

I agree, Jane. I am keen that the banks work together, as they do in providing ATMs, and have shared branches in rural areas.

bishbut says:
4 October 2017

I will not use a phone for anything except social calls I only ring companies etc. when the number is Freephone or when my calls are free from my provider I never give a decision over the phone Complaints are quickly dealt with by personal face to face contact virtually impossible now The phone is my servant I am not it’s slave as many are

The Post Office provide basic banking facilities for a range of banks’ customers.

Quite so malcolm but your timing of that post is immaculate. Last week I got upset at HMG government sending me a letter which “purported ” to say – get your pension transferred into a bank account, no ifs,buts, etc. . As my bank closes on October 12 th in my rural area and its a 12 mile country road journey , which in the Winter is snow covered and not always snow ploughed ,to the nearest branch I was very upset.. -quote- we are advising you to open a bank account and arrange to pay your OAP into it.-PLease call us with your account details or fill in the form and send it to us. If you dont have an account or bank use a Credit Union – yes RIGHT a 1340 population has a Credit Union – sure it has !! .NO options were provided. iT now costs to phone HMG although they state-we atre a “servant of the people ” – Bull ! luckily its a number thats included in my paid for call bundle ( but NOT -0843 ) . After going through tell us what you are calling for -etc- then options -1- 5 –then options 1-3 -then 10 minute wait – I GOT through –and spoke my mind -nicely – the female who took my call ADMITTED it has upset-shocked and made nervous many OAP,s she said it was quote “badly worded ” . NOw if ever there was a sly,devious effort to force OAP,s to bank their pensions this letter is it . I have the letter in my hand and can post it verbatim if you want ?–DISGRACEFUL !! at their time in life the last thing OAP,s need is 1930,s GErmany style official letters from a government . For those that can read German –have you read the letters issued to German citizens in the 30,s ? I know that the Tories+ Liberal’s reached an agreement with the Post Office Contract to allow the contract to be extended to 2020 at least. I have read it original document and the extension given after the first part expired.. IS this how HMG treats its citizens ??

Jane as you were not asked to download anything to access your computer but directed to access your account it looks like you were directed to a scam website . This could only happen if your browser had malware implanted in it or that a virus was already installed on it due to previous web surfing. I hope you either got a very good tech. virus remover or RE- installed your whole system and that includes losing your back-up as that will be infected too. To cut down this sort of thing requires various web blockers including – jscript protection/ malware server protection/ HTTPS only / scam website recognition apps etc OR a dear comprehensive malware protection program that covers BOTH your computer + Internet. Do not buy cheap , Kaspersky is good but there are others . I am sorry at your loss. For Jane and the British public here, in simple terms is how to avoid it : http://www.guard-privacy-and-online-security.com/phishing-and-how-to-block-it.html

TrevorD says:
7 October 2017

I note that the website “guard-privacy-and-online-security” to which you have linked seems to be completely anonymous – no physical location, address, nor even country, appears to be given anywhere on the site. (I have not looked over the whole site: just the normal obvious places + a web search.) From the website address (*.com) it’s quite likely to be a US site. Based on the ‘Copyright’ Notice (dated 2013), it appears not to have been updated for several years.

I’ve not saying that any of the info is incorrect or inappropriate, etc., as I haven’t studied it. But – in those circumstances – it certainly would not be my first port of call.

Scams, etc. have become more sophisticated in the last 4 years, and banking practices in the US are different from those in the UK. No doubt parts of the advice (probably many parts of the advice) will still be applicable – but other parts may not. So I would treat it with care and caution. Also, could that site itself be used as a ‘phishing’ or similar site, especially as its provenance seems to be hidden? I’m being super-cautious here, as we all need to be in these circumstances.

It would be helpful if Which? itself were able either to produce an advice site of their own on on-line security avoiding scams, or to recommend a suitable UK site that covers these issues in more detail.

Trevor I provided that website as information on scam avoidance – whats your problem with that ? IO have plenty of other websites to provided .I provided that one because I keep on being accused of being too technical but if you and anybody else now say – well it isn’t kosher placing doubt on its veracity I will from now on provide websites you cant criticise , but don’t dare anybody accuse mre from now on of being “too technical ” . Tell me where its wrong in its advice ?? I spent years giving advice on malware etc on US websites and a UK one . I will not accept being sniped from the edges . IF you think its wrong -SAY SO !!. Just because you cant get all the info on the website you think I CANT ??? . How many times have I said I use unconventional ,means of reaching some websites ? I have nothing of Google on my computer neither programme nor part program or app even non – Google apps containing Google All my processes are devoid of Google the worlds biggest tracker apart from the NSA/GCHQ and who has qa history of “diverting you to third party websites for gain . You do know Britain censors 1000,s of websites not for pron etc but for political reasons c–dont you ? and that legislation is going through in the UK to jail those who access far-right websites . This country is highly censored and if you don’t notice i then you are not asking the right sensitive question when you input in the box. What info do you wanton that website ?

Jolyon Kay says:
8 October 2017

it’s please

Hi Trevor,

We do have lots of advice about avoiding online scams please feel free to have look. Here are two articles you may find helpful.



These should help give you a bit more detail about online scams and ways to avoid them, Trevor, but if there was something more specific you’re looking for please let me know and I’ll try to find it for you 🙂

I really feel for Jane as this could so easily have been me.

I called into my local branch yesterday to check my accounts were intact – thankfully they were. I asked to speak to the branch manager but unfortunately there was no longer one at this branch, the nearest being 15 miles away. I explained to the cashier my experience and that I was not happy with being pressured into banking online nor agreeing over the phone to transfer money over into new accounts, which she agreed was not bank policy. She told me (coincidentally) that the banks fraud team would have picked up anything untoward on my accounts and notified me, but in Janes case, it actually was the fraudster posing as a member of the banks fraud team on the line, which illustrates the extent of the sophistication and skill scammers are now capable of.

Unfortunately, I may never know who called me that day but I intend to write to the bank HO to inform them of my experience.

Fraudsters are very sophisticated. The answer is to ignore calls coming in to your phone, and emails, and simply contact your bank on your normal contact number and explain any unusual contact. If the bank told you to go ahead with the transactions, then they would be liable; such a conversation would be recorded. If there were a virus on an account I would have thought this was the bank’s responsibility to clear, not yours.

I sympathise with your plight, but in view of all the publicity scams get, we must always be cautious. I do not see, when you have authorised payments into another account, why the bank should be held responsible, however much I feel for your situation.

Yahoo has just “fessed up ” as you would say in “Americana ” .The -2013 data breach didn’t expose 1 Billion customers data it exposed ALL their customers data ( over 3 Billion ) , thats “big ” of them . Meanwhile that other recent data breach in the USA where 143 Million customers data was exposed (Equifax ) , well they say its now “more than that ” . People wonder why I dont bank online . You do know OUR data is in US hands (big data )_ dont you -since last August , it was “approved ” to transfer it . You dont need to have an IQ of 140 to work out how scammers know all about you. But, never mind the government says-bank online its the “safest ” thing to do –sure it is ask all the security experts who dont. .

Make the receiving banks liable for financial scams. They would then have an incentive to go after the scammers.

bishbut says:
7 October 2017

To change it will need a MP or more to lose a large sum of money through a scam Does not affect them so they are not interested in doing anything at all as usual

Jane Caldwell says:
17 October 2017

I’m really pleased to say Tim Farron my local MP is taking up the matter after I met with him at a local surgery and he was interviewed by Which?. He’s proposing the FSA impose heavy fines on banks who don’t treat their customers well following a banking scam.

I am fortunate that in my locality there are a number of Banks, but I have made it quite plain to the staff in the bank that I use, that the only reason that the Banks encourage the use of Telephone and Online Banking is to reduce the bank head count in the bank branches, and to pay the Senior Bank Executives higher salaries.
I have indicated to the bank staff where I bank, that I would not use any ATM’s inside or outside the local branch because ATM’s are subject to “Software” failure, in fact about 6 months ago all the self service equipment was out of action and all the manned tills were in operation. The engineer who was on the bank premises was not able to sort out the problem, the ATM’s were out of action for a number days.

The banks and other organisations should be forced by law to provide an alternative means of communication other than the telephone. People think the internet is unsafe, but the telephone is far worse by orders of magnitude. But I agree with the other contributor who suggests that unless this happens to an MP nothing will change.

John if you are saying BT gets hacked could you provide the evidence ? the web/internet is infinitely worse than the telephone as more malware control can be exercised over it.

I’m not aware of security problems when a caller looks up the genuine number and makes the call. Just hang up on any calls about financial matters and never use phone numbers, websites or email addresses you may have been given over the phone.

Margaret Hook says:
8 October 2017

Reading about Jane’s loss of £100.00 and her apparent difficulty in banking other than through the internet wherever she lives there must be a shop or village post office who will be able to supply cash. We hve one in our village and our large town is about 10 miles away, take a look around Jane and I am sure you will find one.
Margaret H