Crooks using GDPR emails to raid banks
ONLINE fraud gangs are exploiting the new General Data Protection Regulations to swindle victims.
They are taking advantage of millions of legal emails asking people to opt in to marketing material under rules which came into force on Friday.
But their dodgy versions urge you to visit bogus websites to “verify” or “update” bank account details.
In one case, crooks sent fake NatWest emails claiming accounts would be terminated if customers didn’t update records on a swindle site. In another scam, customers were tricked by bogus bank staff into believing their accounts had been attacked and money needed to be trans- ferred to a new account – set up by the crooks – to protect it. Once the ‘authorised push payment’ bank transfer takes place a loophole means victims have no legal right to get their money back.
Only a quarter of £236million swindled using transfers last year was refunded.
Nathan Strefford, 39, of Worcester, lost £12,500 when crooks intercepted invoices from building contractors and changed payment transfer details. He says he was “disgusted” the banks where his money ended up refused to refund him or identify the crooks. Banking trade body UK Finance said banks could not do so “for data protection reasons”. It warned that GDPR should make everyone “vigilant of criminals”. Gareth Shaw of Which? said a reimbursement scheme for bank transfer victims “cannot come soon enough”.