/ Scams

My experience of a bank transfer payee scam

Has a large sum of unsolicited money ever appeared in your account? It happened to me a couple of months ago. Here’s how the attempted scam worked.

One evening I got a notification from my bank that several thousand pounds had been deposited in my account, but I wasn’t expecting any payments.

I logged-in to find that a family member, Susan (name changed), had transferred the money. Confused – but with the words ‘scam alert’ quietly running through the back of my mind – I picked up the phone to call Susan.

At that very moment, she started calling me. I answered and she said in a panicked voice something along the lines of ‘my bank’s on the phone, they said my account isn’t secure, money has been sent to you, but you need to transfer it to a different safe account – they said you have to do it right now.’

Guide: identifying and dealing with phone scams

A push payment scam begins

Susan was incredibly stressed and out of breath – and obviously on the receiving end of a push payment scam, though of course she didn’t realise it yet.

I told her to hang up the phone on ‘the bank’ immediately, find her bank card and call the number on the back and explain what was going on to her actual bank.

Meanwhile I called my bank to report the payment as part of a scam and ask them to return it to the sender. By the next day, Susan’s bank had frozen her account and reassured her that the money would be returned. My account had also been frozen.

Scammers use an existing payee

Susan and I tried to piece together what had happened. We gathered that the scammers had somehow gained access to the account (possibly using malware that can read one’s screen to steal her two-factor code), and had made the transfer to me.

It seems the scammers were not able to add a new payee to the account (as presumably this would require greater scrutiny from the bank), so they picked an already existing payee at random to send the money to.

Then kicked in the tactics of a classic ‘push payment scam’; convince the victim that their account is compromised and that they need to send the money to a ‘new’ and ‘safe’ account, which of course is under the control of the scammers.

Huge emotional pressure

The difference here is that a third-party contact of the victim is involved – making it more likely for the scam to succeed. Why? Having several thousand pounds of somebody else’s money sitting in your account applies great emotional pressure to the third party.

It was hard enough for me to say ‘no’ when Susan had instructed me to forward the money on to a different account – ‘it’s their money after all, who am I to tell them?’ – but I suspected it was a scam.

But how many people who have no idea it’s a scam will simply do as their family member asks? Luckily I did say ‘no’. The money has been returned and both of our accounts unblocked.

Guide: how to get your money back after a scam

I suppose the old ‘if it seems too good to be true…’ rule applies. So if you get a large sum of money randomly deposited in your account, contact your bank and think twice before touching it. I hope sharing my experience here will help warn others and raise awareness.

Has this situation ever happened to you? How did you deal with it?

Comments

Exploiting family and friends to become part of the scam is no doubt done because many of us would now treat unsolicited calls as suspicious. My rule is not to engage in discussion of anything financial or provide any information to callers. Yesterday I had a call about an investment and although I was sure it was genuine, I took the name of the caller, looked up the company’s details and called them. In fact the caller suggested I look up the number on correspondence about my account.

Hi Oscar – I thought you had moved on, since it’s a while since you last posted. Thanks for warning us about this scam. I suppose that one of the perks of working for Which? is that you can learn a lot about how to avoid scams.

I’m surprised but impressed that Oscar’s bank notified him of the deposit into his account. It would be good if more banks were able to do the same.

Yes, Nicholas. I was also surprised by that, and my first thought was that it was an impostor purporting to be the bank; presumably not.

It would be interesting to know how widespread this is, or is it a personal service enhancement for a fee?

It would also be interesting to know if the bank representative who sent Oscar the notification provided any details of the payment — who it was from, how much it was, when it was made, etc. Also, what form did the notification take [e.g. text, e-mail, phone call to mobile or landline], was it personalised or generic, and was any advice provided?

Notably, the notification was issued during the evening, which again is unusual, so the bank must have regarded it as an extraordinary event. I should also appreciate this service as and when “a large sum of unsolicited money” [several thousand pounds] appears in my account. Did the bank know it was unsolicited, and how long did it take the bank to react after the time of the deposit?

More to this than meets the eye, methinks.

Hi John, with my Barclays accounts I pay no fees whatsoever and the text message notification service is also free.

The text messages advise of deposits and withdrawals, along the lines of “£800.00 was paid into a/c ending (shows the last 4 digits)” or “£800.00 was paid from a/c ending (shows the last 4 digits)”. The texts also provide low balance alerts which customers can set at whatever level they wish.

Kathy Jolly says:
15 May 2022

I had the proceeds of my house sale deposited into my bank by my solicitor… the bank (Lloyds) only took notice when I tried to transfer money into a savings account… I then had to jump through hoops for 4 days to get my new saver funded… Not one of the 4 people I spoke too… told me the same story… all I did glean from it was that they (Lloyds) would not help if it was a scam…

Karen Simcoe says:
16 May 2022

I have 3 Bank Accounts, all are on mobile App… and each of them notifies me of payments made using my Debit or Credit card, literally straight away… and also of any money being paid into the account… Eg Wages, bank transfers, etc. I get notifications 24/7 365 days Free of charge. You can also block your cards if you misplace them and act straight away if a transaction is not you.

D carr says:
16 May 2022

I have been having a similar situation as l wanted to send money to my son l went down to tell them what l wanted to do filling in paperwork as requested they said it was all ok and had gone though, l checked my account next day the money was still in my account. I phoned up to see what had happened and they said the security team had flagged it up as a scam . I said it was not a scam and to do the transfer that was 7days ago they have still not released my money and l am furious they won’t accept my word and my son has now had to find other mean’s to get the money and is now in debt

Anura says:
20 May 2022

My mum died a couple of years back and I was her (reluctant) executor. The majority of the estate would be a very substantial sum from the proceeds of the sale of her house and I opened an account to use primarily as an executor’s account until the estate was dealt with at which point it would revert to me (because I would need somewhere to keep my share of the money while I decided what to do with it).

A couple of days before the sale proceeds were due to arrive, I went into the branch to warn them of my intentions and a couple of days later I went back to effect the very large transfers to my sisters. I was surprised when the bank staff would not do this without proof of where the money had come from. This being in spite of keeping them informed at all stages, the fact that the money had obviously come from a local solicitor and the fact that I had with me copies of the house sale deeds “just in case”. I rang the solicitors, got them to type me a letter on headed notepaper (as requested by the bank); popped along the road to pick it up and then returned with it in hand. Once the bank staff had seen the letter they were only too happy to proceed – after, of course, running through the bank’s scam warning procedure.

The staff member who actually entered the transfer details got me and a further member of staff to double check all the details before the send button was pressed and while it all might seem a little OTT given everything that had occurred – the thought that anything in these transactions might to awry during the transfer process had worried me a lot so I was actually quite grateful that the bank staff had taken the time and trouble to make sure everything was present and correct. As I would be every time that this is done.

Michy says:
1 June 2022

I get push notifications from Halifax when money goes into either mine or my kids’ Halifax accounts

As a Barclays customer, I receive text message notifications for both deposits and withdrawals, which I find very reassuring. It’s comforting to know that any unexpected transactions are immediately brought to my attention. This is an excellent feature and as suggested it would be invaluable for customers if other Banks did the same. Well done Barclays.

So it’s just an automated depersonalised notification not related to transaction value, then Wingman? That doesn’t worry me so much. I don’t think my bank has my mobile number and so far I have not ben inclined to let them have it.

Hi John, yes, the texts do specify the amount deposited or withdrawn and which account/s it relates to.

If I was to withdraw funds from a cashpoint, I receive a text shortly thereafter advising how much was withdrawn and from which account (it only provides the last 4 digits of the account Number). If I transfer funds between accounts I receive a text advising of the amount transferred and which accounts the transfer relates to.

I can adjust the notifications via online banking, so if for example I only wish to be notified of transactions over £100.00, I would not receive a text for deposits or withdrawing or transferring amounts below this level.

Joe says:
16 June 2022

Don’t let them have it, if they haven’t already because, apart from the unwanted notifications, they’ll get to the stage of not letting you do transactions without your mobile present (to receive a confirmation text with a code).

I get calls from thieves constantly – I engage with them to study their methods, so they seem to keep me on their lists without removing me as a time-waster. Two long calls this week (plus silent calls). The latest technique is “Amazon Prime refund” or others. I let them connect to a safe “virtual computer”.

The latest technique (several times, latest today) is they get me to fill in a form for the “refund”, with amount £79.99. They then display a message saying that “£7,999 has been transferred to your account”, and say oops, we made a mistake, open your online bank account to see if the money has arrived. They want me to access my bank account while they’re connected to my computer (if I have a PINSentry machine or SMS text confirmation I’m supposed to accept it, no protection there). I obviously say I’ve checked on my phone and the money hasn’t arrived, then they try to persuade me to send the “overpayment” back to them “or they’ll be fired” (it didn’t show in my account because “it takes time and hasn’t arrived yet”).

I’ve given this detail to warn anyone about the current technique; they change over time. One piece of advice: never let anyone connect to your computer, except technical support people you know personally and would trust to to let them use it unsupervised. Also, don’t set up your computer to login to bank and similar sites with a saved password you don;t have to type in.

John Marsh says:
8 May 2022

It would interesting to hear what “Susan” had used to log into her bank account.
Was it a pc/laptop that had malware or a phone banking app, something somewhere read her password.

Following my detailed comment on thieves trying to access bank data, John Marsh said “It would interesting to hear what “Susan” had used to log into her bank account”.

While I don’t know what actually happened, a very likely scenario is as follows. (I won’t mention Susan by name, I don’t know the precise details). I probably know more about this than the police and authorities, as they hear what victims tell them, while I actually interact with thieves and watch their methods.

The victim will have had a phone call; nowadays it’s usually one of “We at Amazon Prime have charged you £85, do you want to continue or cancel + refund?”, “We as your Internet supplier have found hackers trying to get into your bank account”, VISA fraud department, “your bank (no name)”. Typically, “press 1 to cancel, 2 to speak to an advisor”. Sometimes they ask you to do things which falsely suggest a probleml for example, go to website “1p address” (one-p, not ip), which shows a message about someone in Mountain View, California who is supposedly accessing your bank account.

They then say that their “secure server” needs to connect to your computer or phone, and talk you through a simple process: you must connect to the Web site of Anydesk, Teamviewer, Supremo Control, or similar; these all offer free legitimate software designed for technical support. Whichever they use, you download a and run a program file (just by clicking “Download Now”). This shows a number and password intended to allow a technician control of your computer to control and repair its software; they say that it is your “refund code” and ask for it; they can then connect to your computer and control it just as if they were in front of it. They can also download files from your computer, try logging in to things you have saved passwords for, etc. In reality a thief is in control, but they say it is an “Amazon secure server” and they can’t see anything. Depending upon their cover story, they might display an “Amazon Refund form” which you fill in with your details, including bank name and 85 pounds for the refund. In the past they tried to get your bank login, but bank security has stopped that working. With one current attack they display a message “Amazon has refunded you £8500”, and are shocked – shocked – that this error has happened, they will be blamed and fired. Please log into your bank account and check if that sum has arrived. Now, you may have bank security in the form of a PINSentry machine that generates a code, or 2-factor authentication – the bank sends a text message to your mobile with a code. But you are checking your account, so you accept the security.

The situation now is that you are logged into your bank account, and the thief is in control of your computer. What I expect happens next (I don’t go beyond allowing control, so can’t say for sure) is probably that the thief blanks your screen while “the secure server is processing your refund” or some other excuse; now they can see your screen but you can’t. If they can they transfer money to an account they control. In the case discussed here it presumably wasn’t possible to set up a payment to a new payee without a security message, so they transferred money to an existing payee, hoping to be able to get it somehow (see the details in the article). If you have saved passwords on your machine so you don’t have to type them in, they could also log in to other bank accounts, and so on; the thieves are very flexible.

So, if you read my comment first and then the article you get a possible picture of the full attack.

Rosalind Stewart says:
14 May 2022

I always type in my password myself and always use my PIN while covering it at supermarket checkouts. The more complicated it is for me, hopefully the more complicated for any fraudster.

I love this

There was an excellent story on Rip Off Britain (BBC 1) this morning about an intelligent woman and her husband who were scammed out of more than half a million pounds.

It seems unlikely and, of course, the army of armchair scam specialists will be out in force, arguing that it’s the fault of the individual.

But I differ on that. This was a superbly executed crime, in which a very intelligent woman and her husband were convinced by the scammers that their help was necessary to deal with a ‘ring’ of crooked bank employees, steadily emptying the accounts of all the customers.

They were lured into an extremely sophisticated operation, in which the victim lost a truly huge amount of money.

Watching this does show how even very clever folk can become victims of dreadful crime.

Thanks for showing us this appalling story, Ian.

The criminals clearly invested heavily in that scam because presumably they knew there was a lot of money available in a number of bank accounts. Taking so much time setting up the con artists and paying so much attention to the victim paid off for them and I cannot think of anything that could have saved her once their psychological manoeuvres had locked her in. The lady took all sensible precautions to check the bona fide of the scammers but they had groomed her with convincing explanations at every stage. It’s easy with hindsight to see what could be done to avoid the scam but by the time anything could be done to protect her she was under the spell of the scammers who had convinced her that her bank staff could not be trusted, so she had committed the money unknowingly to false accounts. I was sad to learn that she had, in the process, lost the support of her family and was all alone with her sense of guilt; that is another psychological harm she is having to endure.

I don’t suppose the scammers can ever be traced but the worrying fact is that they had so much inside information about how banks worked [i.e. not very securely], and how people could be tricked into thinking how the FCA worked, so they were able to set up false FCA receiving accounts and empty them immediately that transfers were made into them without any alarm bells ringing within the banks they were using for those purposes.

“…the army of armchair scam specialists will be out in force, arguing that it’s the fault of the individual.” Well said, Ian.

This was a dreadful crime and I do sympathise with the couples significant loss and the impact it will have moving forward.

It is often the case that Banks and the Authorities receive criticism for not doing enough or not acting accordingly in these situations and having watched the episode, the Bank did have robust measures in place to prevent this from happening. The Bank raised their concerns with the customer in Branch, by telephone and by letter. The Bank also halted several of the transfers in an attempt to prevent this occurring. Becoming extremely concerned that the couple were being targeted by scammers, the Bank went as far to contact the Police, who visited the couple to establish whether anything sinister was occurring.

Although the couple were groomed to some extent and advised not to discuss the matter with anyone else, given the substantial funds involved, leaves me perplexed as to why the couple chose not to engage with their Bank or the Police.

I do not share the view this was a sophisticated scam or that the couple were not at fault.

I understand your point of view, Wingman, and I felt that way myself initially, but I think it underestimates the power of psychological manipulation. There was clearly some naïvety involved, for example relying on the FCA’s telephone number as authentication for the scammer’s call – but how many people know about number spoofing?

You referred to “couple”, but I sensed the victim was on her own in this case; I didn’t notice any mention of a partner. Circumstances of which we are not aware could well have affected the course of events. The targeting seemed quite sophisticated to me.

The sophistication of scams can only be measured by reference to the awareness state of the target, and it is surprising how many highly intelligent people capable of advanced reasoning in many matters can be innocent and trusting in other situations. Exploiting that lacuna is the scammer’s art.

There was a husband involved, John, who apparently agreed with his wife’s actions.

My wife and I watch Rip Off Britain over lunch every day it’s on, Wingman. I agree that some scams are so transparent you wonder how they could have happened. But this was sophisticated in the extreme.

The scammers were always charming and polite and they knew how to influence their marks. Now, it’s always easy for us to argue we’d never fall for something like that. But the fact remains that very highly intelligent people do, and do so frequently.

In this instance, the criminals had gone to some lengths to anticipate the problems that could arise. They had clearly created a situation not dissimilar to the Stockholm syndrome, by cleverly convincing the lead victim they could trust no one at their bank, and, by suggesting a network was involved, at no other bank, either.

It’s easy to dismiss the victim as a gullible fool when in fact the lady in question took a number of steps to ensure she was not being scammed. However, once the siltation had been manipulated to destroy any trust she might have had in her bank and the police she was, as she freely admits, trapped, partly by her own desire to ‘do the right thing’.

I also disagree that the couple were groomed ‘to some extent’. The criminals rang every day to reinforce the hold they had over her. Yes-we are all aware that the banks will never ask you to move money to a ‘safe account’. But perhaps she was unaware of just how skilled these criminals are. Even Holmes had his Moriarty.

Hi Ian, this was not an immediate transfer of funds due to a knee jerk reaction, state of panic or lack of rational thinking, but occurred over a period of weeks, allowing adequate time for the couple to consider exactly what was occurring.

It’s not a normal occurrence for the Police to arrive at your door with concerns you may be the target of a scam and at that stage I would have hoped the couple would have realised the severity of the situation. Yet they failed to inform the Police who had contacted them and instead chose to advise the Police they intended to transfer funds due to investment opportunities, which I find very irregular.

Given this scam evolved over a period of weeks and given the substantial funds involved, surely this would have been dropped into a conversation with a family member or friend, yet again they failed to disclose this.

Perhaps as John Ward suggested, the power of psychological manipulation is greater than I could imagine, but I remain perplexed this occurred.

High intelligence alone, without emotional intelligence/maturity is no guarantee you are safe from sophisticated scammers, who will play on a victims emotional responses to trick them into parting with their money. There are a few fundamental signs of emotional intelligence to help you to stay in control when engaging in the transfer of money from your bank account.

Getting along with others.
Self awareness of strengths and weaknesses.
Operating with integrity.
Self awareness of feelings.
Present-Focused.
Self motivated.
Well placed boundaries.
Internal motivation.
Self regulation.
Empathy.
Social awareness.

If you feel brave enough to take the whole
emotional intelligence questionnaire, you can find it at: https://www.psychologytoday.com/gb/tests/personality/emotional-intelligence-test

Wingman says on 11.5.22

Yet they failed to inform the Police who had contacted them and instead chose to advise the Police they intended to transfer funds

Under most circumstances, I might agree, Wingman. However, I’ve just made a purchase from a European country and this message has appeared (from my bank):

Never share this information with anyone including bank officials or the Police.

This is the first time I’ve seen this remarkably precise message but it’s starting to look a lot clearer now as to exactly how the criminals were able to control the lady so effectively.

Hi Ian, thanks for the reply.

You stated receiving this message having made a purchase from a European country, but could you clarify how this message was received? Did the message appear after making a Card payment on a website, on a banking App, through online banking after making a Bank transfer or by email?

As I see it, the message is advising not to share ‘specific’ financial details such as account numbers, Card numbers, passwords etc with ‘anyone’, which is advice we should all follow, but I don’t see the message as a suggestion that a consumer should not engage with the Police or avoid discussing any concerns about possible scams or being asked to transfer funds to unknown accounts.

The point I was making is there would have been no harm in the couple explaining to the Police that the reason they were transferring funds was because they had been contacted by the FCA, who had advised them their money could be at risk and had asked them to assist in identifying the crooked bank employees. The Police would have immediately realised this was suspicious and would have asked the couple for the details of the individual who had contacted them, in order to establish the identity of the caller and verify the story with the FCA. The Police would not have required the couples bank acccount details or any other sensitive financial information at this initial stage of an enquiry and I can’t imagine they would have asked for those details either.

We – well most – would sympathise with those who suffer losses such as this, whether or not the victim was at fault to any degree. However that should not detract from the circumstances being examined, particularly to see where better precautions might be put in place.

In this particular case, for example, the scammer invested considerable time and effort over weeks, it seems, to groom their victim. How did they know that the rewards would be worthwhile? They must have been aware that there was over half a million pounds in her bank. How did they know this?

Keeping so much money in accounts in one bank seems unusual when the compensatory limit is only £85k. Maybe it was the result of a house sale and, if so, maybe that is where the intelligence originated. But we don’t know.

The scam’s story seems to focus on corrupt employees within the bank’s branches. Did the victim believe also the whole of the bank was involved and corrupt and that prevented them contacting their head office and fraud department?

Wingman, not one of the supposed ” army of armchair scam specialists” out in force ( 🙁 ), made the key point of what more could the bank and authorities have done? This seems the issue to resolve if this case were to demonstrate weaknesses that could be strengthened.

The point is made about the intelligence of people when dealing with scammers and their vulnerability. These criminals are successful because they are very clever and skilled in their specific line of business. They will often have the advantage of knowing the systems and reactions of banks and other official bodies so, like knowing where your enemy is positioned in a war, be off to a good start.

When someone is so determined, for whatever reason, that they will part with their money despite advice from independent parties, what else could be done to stop them?

Hi Malcolm, all valid points you have raised.

To clarify, I certainly don’t take the view this couple were fools and sympathise with their situation, which will no doubt affect them for the rest of their lives.

I devote significant time to helping anyone affected by scams, both here and on other forums and particularly those relating to Home Appliance warranty or service plan scams. I hate to see anyone affected by scams or suffer a financial loss and will always assist anyone who does not have the confidence or know how in helping to recover their losses. This extends to offering advice, sharing details of how these companies operate, assisting with correspondence to recover their money and completion of Court claim documents where necessary.

Recently, a contributor here on Which? had suffered a financial loss due to a Home Appliance Service Plan scam and numerous requests for the money to be refunded had failed. Having made direct contact with the chap, advice was offered on how best to recover his money, which resulted in a full refund. Refusing to rest at obtaining the refund and with the aim of tackling these rogue companies, the customer was also put in direct contact with the Trading Standards officer investigating the company, to share the evidence that had been collated. Continuing to assist consumers and share intelligence with Trading Standards remains a priority and will hopefully assist the Authorities in achieving prosecutions.

I guess my opinions are based on a combination of natural sympathy for this couple and a frustration that what occurred was avoidable.

wingman, it is clear from your posts that you do a great deal for victims and admire that. I, too, sympathise with anyone who has lost money. My concern is to explore just how we can improve systems that will reduce the success of fraud but recognise the susceptibilty of some to the perpetrators. They are clever and convincing.

Malcolm, I think the last paragraph from your previous post is perhaps a good summary of the situation on this occasion “When someone is so determined, for whatever reason, that they will part with their money despite advice from independent parties, what else could be done to stop them?”

I would certainly be keen to hear any suggestions from other contributors as to what systems or practices could have been in place by the Bank, Police or any other Authority that would reduce or prevent fraud of this type.

Wingman said on 12.5.22:

You stated receiving this message having made a purchase from a European country, but could you clarify how this message was received?

It appeared as I was in the process of validating my credit card.

The point I was making was twofold: by this notice appearing from the bank it can cause ordinary folk who have little or no experience of current criminality online to assume keeping details from the Police is normal.

The second point is to press home the simple fact that we, as a society, become too obsessed with blame. By using criteria that may be of questionable relevance to decide the scammed are responsible for their plight we normalise a gut reaction to this sort of occurrence that is extremely unhelpful.

Looking at it from psychological viewpoint, Oscar evidently has sufficient emotional intelligence, coupled with his experience working with Which? to realise (a) this had to be a scam, and (b) keep a tight rein on his emotions at a crucial time that mattered. All credit to him for doing so.

Scammers will often use tactics to shock and confuse, putting their victim in a state of obfuscation and fear, when all rational thought dissipates. It’s at that moment they have not only got you, but your life savings as well.

Well done Oscar!

Hi Ian, I approach all of the topics here with an open mind and would like to think my views are fair and balanced. It’s equally important to consider both sides of the coin, even though this may not sit comfortably with everyone.

As someone that devotes a significant amount of time to helping those who have been scammed, resulting in recovering financial losses for many, it would seem a bit harsh to suggest the emphasis of my views are based on blame and deemed unhelpful.

I absorb, consider and respect the views and opinions of all contributors, but there will always be occasions when views differ, so I guess we will have to agree to disagree on this occasion.

Wingman, I apologise unreservedly if that’s the impression I conveyed. That’s not how I read your posts at all. My point was much broader, and aimed at those whose instant reaction to those scammed is to denigrate and accuse. I assumed I’d been sufficiently generic in my post so you would realise it was not you I was targeting. While it’s not an excuse by any means we were headed out this morning and I rather rushed the post.

But there is and remains a large body of those whose only instinct seem to be to argue by implication that many people are gullible fools, whom have only themselves to blame for being scammed.

Some of us spend a lot of time dealing with people who openly display these attitudes, and it’s not always easy to remain diplomatic.

Ian, an apology is not necessary.

I am happy to engage in a healthy exchange of opinions and regardless of whether I misinterpreted your comments, I value the views and opinions of others and at no point was I offended.

I take your point regarding those who take the blame approach. Too often people can be quick to judge and slow to listen, so I do understand the challenges when dealing with people who believe that anyone scammed only has themselves to blame.

As we both appreciate, scams vary considerably and perhaps those who take a single viewpoint may only learn to fully understand if it should happen to them.

With regard to the Rip Off Britain TV programme story [rather than Oscar’s case which is the starting point of this Conversation], Wingman has asked what systems or practices could have been put in place by the victim’s bank(s), the police, or any other authority that would reduce or prevent fraud of this type. This case was a particularly serious example of an Authorised Push Payment fraud that had highly damaging consequences.

My view is that the lady’s own bank [or banks — we do not know whether her different accounts were with one bank or a number of banks as I expect the story was simplified for broadcasting purposes] did as much as could reasonably be expected to pause some of the transfers, alert their customer, and involve the police [we don’t know which constabulary acted].

As I suggested previously, there is a worrying weakness in the system of bank transfer payments that allows scammers to open and operate bank accounts that can act as staging posts for large sums of money that are deposited and withdrawn in quick succession on their way to the scammers’ personal accounts [or, more likely, a chain of ‘business’ accounts, including possibly in other countries, with false trading names].

It is also intriguing that the scammers were able to set up their staging post account with a name that would convince the victim that it was a legitimate account under the control of the Financial Conduct Authority. We don’t know the date of this crime so it is possible that it was perpetrated before three-factor authorisation was introduced so that the customer would need to enter the payee’s name and account type [personal or business] and obtain verification before being able to proceed with the transfer. If that was a contributory factor that loophole has now been closed for most of the UK’s retail banks [in accordance with the Contingent Reimbursement Model (CRM) Code]. Breaking the payments down into twelve or more separate transfers possibly also facilitated the fraud because once an initial payment had been set up and verified others could follow with the click of a few keys.

Without knowing which police force was involved we cannot judge whether the police did all they could have done to detect and identify the perpetrators of the scam. Was the City of London Police consulted or involved [the force that hosts Action Fraud and deals with the largest number of cross-boundary fraud crimes]? Did the Serious Fraud Office have a role? Was this the first time a pretend FCA ruse was employed and was the FCA asked about it? — [there might have been previous such crimes and forensic evidence might have been available]. It is well known that the police [other than the City of London Police] struggle with this kind of criminal activity since it does not form a significant part of their training, intelligence gathering, physical resources [IT etc], and detection capability.

In terms of what other ‘authority’ has a bearing on this type of crime, I feel that the UK is not using its education and learning resources to the optimum extent to inform, educate and protect the population. Surely, out of the billions of pounds that are spent on further and higher education each year, some could be devoted to helping people to avoid being targeted and advising them on what to do if they are, possibly with a dedicated 24 hr help line [as easy to remember as 111 or 999] that they could contact when any unexpected money transfer request is received.

The fact that banks and other institutions do routinely make contact with customers by phone, e-mail or text, without necessarily going through a two-way security process, does enable scammers to pretend to represent their target’s bank and maybe this should be reviewed as well.

As Malcolm says, the scammers must have had some inside information on the amounts of instantly transferable money this particular customer had in her bank accounts, possibly through criminal activity within the bank or by intelligence-led hacking of some sort.

The key to the whole fraud was being able to convince a bank customer that the staff in her branch, or even the whole bank, were corrupt criminals so that it would be dangerous to contact anyone in the bank to check the scammer’s story since it would ‘blow’ their pretend investigation. Other than better knowledge and enlightenment I cannot suggest any means of combatting that.

It’s possible the funds might have been transferred to an account/s registered with a payment processor rather than a Bank.

Opening accounts with UK Banks is quite rigid and is likely to be difficult for a scam operation, whereas opening an account with a payment processor is effortless in comparison. There are numerous payment processors of which many of us will have never heard of. It has become clear that some of these payment processors have failed in their duty to undertake the required security checks, verification and due diligence for new account openings.

This is something I have touched on previously having identified payment processors who were not acting accordingly and even after advising one of the worlds largest payment processors they were processing payments for a rogue outfit, they failed to act and continued to do so.

Consumers continued to pay for goods they never received and last month the rogue retailer suffered a compulsory striking off by Companies House and are now dissolved, leaving consumers with no chance of recovering their losses. Worse still, the retailers website remains active and the payment processors logo remains dominant on the site. Hopefully a further conversation with Trading Standards yesterday will ensure the site is pulled down without further delay.

I think this highlights the ease at which scammers can open accounts and process funds, but also how the payment processors place profits over protecting consumers.

wingman, you clearly have knowledge in this area. One of the issues raised in bank transfer fraud concerns the receiving bank and their role in spotting suspicious payments and rapid withdrawals and their diligence in providing account facilities.

Your comment on payment processors sheds new light on this – to me, anyway. If they are a major part of the fraud process how can they be dealt with? Should banks provide a warning if some customer intends to make a transfer to an account under one of these organisations if they have a dubious security rating?

It could be very useful if you wrote a Convo based on your experience. Many of us can only debate based on available information and this can be inadequate to say the least.

I recall your previous comments on payment processors. Perhaps there is a case for transfers via payment processors not being permitted under the CRM Code, but that would presumably make things worse for scam victims who would not be able to get reimbursement and would reduce the incentive for the banking industry to clean out all the dodgy accounts from the system. On the other hand, perhaps the payment processors are outside the CRM Code process altogether.

It still baffles me how the victim in this case readily accepted that she was transferring her money to an FCA-authorised account that passed her bank’s validation process for making the transfers. Discovering how that account had been set up might be instructive but presumably after the target declined to follow the advice of the police no further investigation was undertaken and no attempt was ever made to trace her money’s onward path.

Malcolm, I completely agree that in circumstances where transfers are made between banks, the receiving bank should have systems in place to identify significant transfers or suspicious receipt of payments and rapid withdrawals. To my knowledge,this does occur and in most cases would address the issue of potential fraud.

Unlike the Banks, payment processors generate their income by taking a percentage of the revenue received from each transaction. This means they stand to generate significant revenue when large transactions are processed, which begs the question what motivation they would have to intervene? The Payment Processor immediately deducts their percentage leaving the remaining balance for the scammers to withdraw.

If you could advise on how to start a new convo, I would be happy to do so.

I’d suggest you contact George Martin, the Which? Conversation editor. I am sure he’d be pleased to discuss it with you to see if it is of interest.

John, as I understand it the CRM only covers transfers made between UK banks? I had suggested some time ago that banks should be rated for their diligence when opening accounts to ensure, as far as possible, that they were unlikely to be operated fraudulently. If any banks were suspect, customers attempting to transfer funds should be warned accordingly. Whether this is of any value I don’t know, nor indeed whether any UK banks might fall into the less-than-diligent category or whether that would be reserved for overseas banks.

Wingman’s information on payment processors sheds a new light on this, if they are UK based and fall within the scope of the CRM. Your (John’s) suggestion of excluding payment processors from the CRM follows that line.

Get in touch with conversation.comments@which.co.uk first and I’ll take a look as soon as I can 👍

Andrew says:
14 May 2022

But surely, if thieves were emptying your account, even a little at a time, a quick check of your account would show the withdrawals, wouldn’t you think so?

Not well said, at all. Both the bank and the Police warned the woman that it was a potential fraud (and warned her more than once), but she refused to believe them. Which is why she could not get most of the money back. She accepts she was ‘stupid’.

Rohan says:
14 May 2022

George, when you get this set up can you please let me, and other interested parties know (pref. by email) as I am very interested in following, and acting on, Wingman’s and others’ information. Thanks.

George, I would be grateful if you could let me know where and when you have this set up as I am very interested in this area and would like to follow, and act on, Wingman’s and others’ knowledge, experience and advice – as would others no doubt. Thank you.

Crusader says:
10 May 2022

Does anyone here know anything about this? Today I’ve just received an email supposedly from Adobe in California telling me that “my invoice has now been paid” and that I’ve been charged 18.50 US$, and at this stage I don’t know if I’ve been charged at all, but I will of course check up on it. And of course I’ve not clicked on it as I know better than to click on such a totally unexpected email, and there’s no mention of my name, but only my email address, and there’s a “view invoice” button on it, but I’ve just printed it out and then deleted it. And I’ve supposedly “bought” something called “Acrobat Pro DC” which I never ordered and I’ve never given Adobe any such authorisation. Has anyone else here ever received such a thing? It stinks of scam to me and I had better not have been charged anything as it would be blatant thieving. And surely if it was from Adobe then surely they would address me properly.

It must be a scam, Crusader. I place it in the “If this was not you . . .” category where they set up a falsehood as a hook to get their target to give them personal information. Afraid of being charged, people panic to reverse it.

YES, do check your bank statement, but NO don’t make any response to the e-mail.

(I’ve previously signed as “Mark”)
“From Adobe in California telling me that ‘your invoice has now been paid’.” Almost certainly an attempted exploit. If you want to find out more, examine the email headers carefully (or get someone who knows how to do it) to see where it ACTUALLY came from (it’s easy to display “From Adobe”). And if it doesn’t mention any payment details (bank or card name, number) it’s even more dodgy.

I’ve had thieves trying to get me to transfer money tell me that “thieves in my branch are stealing my money, so don’t say anything to them; help the police by making a ‘simulated’ transfer” (which is of course a real transfer of real money …) which lets them trace the money and find the purported thieves. Plus dozens of techniques too long to detail (e.g.: get my screen to display that I have received a Paypal payment of £7999 in proper Paypal format).

Re blaming people: anyone can fall for these things, it’s pointless to blame the victim (unless you’re the victim’s bank and don’t want to have to pay …) One thing that they do is scare people: if they’ve convinced you that your money is being stolen _right_now_, hackers are controlling the computer you do banking on, etc., you will enter a state of partial panic and switch off your rational brain to concentrate all your effort on saving yourself.

Best wishes

Irena says:
14 May 2022

I have always call about tax office,that i own them money and i have to pay to the acc nr isues?
Or my wiifi is in truble anything and everything they try,unbelivable

Sophie Ashford says:
14 May 2022

Fortunately for me I have yet to experience this problem. If all these are done via a phone call, then it will fall flat on its face as I am deaf and cannot hear anything on the phone. Any suspicious emails are reported then deleted. The main clue is the email is not addressed to me by name. Another way I check is to hover over the name to see what the email addy is. Hopefully I will not encounter any scammers in the future.

Sebastian says:
14 May 2022

You advised to end the conversation with the suspected scammers. (Good) You then advised to contact your bank on their telephone number as found on official correspondence from the bank. (Again, good)
BUT …
You failed to say that you must ring your bank from a DIFFERENT telephone …

Why do you need to do that? It is because a scam caller will remain on your line when you put down your receiver, because they won’t be putting down THEIR receiver …
Accordingly, when you ring your bank’s correct telephone number, you will be connected through to the scammer once more.

SO, if you were called on your landline by the scammer, use your mobile phone to call your bank ….

Bridget says:
15 May 2022

Yes this exact same scam happened to me and a relative. All our money was transferred to relatives bank account. Then ‘ my bank’ rang me and spoke with relative telling her I was in the bank with him and giving her ‘my’ account details instructing her to ‘send the money back and all would be well’. This happened 3 months ago and the bank repaid me. However changing my bank account number ( so I felt secure as scammer had my account details) is still causing problems ,so much so I am under my GP for anxiety. Why is it not possible for newspapers to have a column of scams that are going on to forewarn people of these?

gerry says:
16 May 2022

A call from Halifax about two payments to Domino’s pizza, same amount each time on my debit card, one week apart.
I had not used the card for some weeks and that was for an Amazon purchase,
so presumably, someone at Amazon stole my details.
Halifax reimbursed me and issued a new card, so I’m very careful when using Amazon sites now.
Well done Halifax, their timely actions probably thwarted a greater attack.

Anura says:
18 May 2022

I wanted to post here somewhere to warn people about a possible new scam purporting to be from Amazon.

I received an email which thanked me for “recently completing a purchase using Amazon Pay” and asked that I complete a short survey (via a button) to “help improve their services”. It stated that my response would go through to their survey companion site rather than Amazon itself. I have never used Amazon Pay.

I closed the email and checked my Amazon account via the usual route – there were no untoward purchases using anything other than my regular card; there were no transactions shown in Amazon Pay and the message itself did not appear in the Message Centre. Hovering over the links appeared to show a genuine Amazon email address, however, and the rest of the email looked so authentic that even I, with all the checks I’d done, still wasn’t sure that it might not be some sort of genuine error. If nothing else though, I don’t do surveys that randomly turn up in my inbox so I reported the matter to Amazon and forwarded the email to their fraud department.

I did wonder though whether this might not be linked to an incident that occurred a few days back. I was googling an item looking for something that wasn’t readily available so I was quite pleased to find it pop up apparently being sold by Amazon. My internet protection is pretty good and would normally warn me if anything iffy were about to occur. It didn’t so I carried on. Initially, I was quite pleased at the low price shown, however that, together with a subsequent message that the site was unable to ship to my address, raised a big red flag – there was no reason why a genuine Amazon site would have a problem with my location and I suspect, had I persisted, I would have been asked to log in and re-enter my address. Obviously I didn’t and I went to Amazon directly where, lo and behold, the item was not found no matter how I phrased my search. So yeah, that could have been entirely random but it did make me wonder whether there was any connection.

Richard says:
30 May 2022

Seen a variation on this scam targeting businesses. A ‘customer’ emails a large order or requests a quotation. Later they say that they have sent money by bank transfer and tell you to check your bank account. You will see that the ‘customer’ has ‘overpaid’ by by several thousand pounds.
Next comes the phone calls and emails pleading for you to send the ‘over payment’ back via CHAPS (virtually unreturnable funds transfer). They offer to pay the fees and time for the inconvenience caused. Tell you their boss is unhappy, they are potentially a lucrative customer and will never deal will again or their job is on the line.
Never be pressured into paying. Double check that funds have cleared. This scam works by making you believe a bank transfer has been made when the scammer has actually paid in a cheque, which of course will bounce!!!

Haggis says:
14 June 2022

There is one rule and one rule only to follow when it comes to bank accounts – be skeptical of anything unexpected!