‘Robbed of £17,500, and the bank got me back 10p’

As fraud soars to new records, Your Money calls for banks to step up their cus­tomer pro­tec­tion. Richard Evans re­ports

The Daily Telegraph - Your Money - - FRONT PAGE -

NatWest cus­tomer An­nette Jef­ferys was tricked into send­ing £17,500 to fraud­sters af­ter they were able to gen­er­ate a gen­uine “ac­ti­va­tion code” for her on­line bank­ing ac­count. Ex­ploit­ing a fright­en­ing weak­ness in the pro­ce­dures of one of Bri­tain’s big­gest bank­ing groups, fraud­sters were able to first lock the vic­tim’s on­line ac­count and then ob­tain an ac­cess code to un­lock it – sim­ply by us­ing pub­licly avail­able in­for­ma­tion.

In a cruel twist, Ms Jef­ferys was later told by the fraud­sters’ bank that they had left some money be­hind. The sum turned out to be just 10p.

The case comes to light as new fig­ures show that fraud now ac­counts for more than half of all crime.

Tele­graph Money to­day calls on the banks, the po­lice and the Gov­ern­ment to dra­mat­i­cally in­crease the mea­sures they take to pro­tect bank cus­tomers and to de­feat fraud.

Wor­ry­ing new tac­tic: fraud­sters gen­er­ate gen­uine ac­ti­va­tion code

An­nette Jef­ferys lost £17,500 af­ter crim­i­nals tar­geted her in a wellplanned fraud per­pe­trated over the course of two days.

The ex­act se­quence of events that led to her losses is com­plex, so Tele­graph Money en­listed the help of fraud ex­pert James Freed­man to piece to­gether with Ms Jef­ferys what is likely to have hap­pened.

The crim­i­nals, who posed as NatWest em­ploy­ees, first called Ms Jef­ferys, a busi­ness­woman from north Lon­don, on a Fri­day night last month. They said her ac­count was un­der at­tack by fraud­sters and that she would need to trans­fer money to an­other ac­count.

This ruse is com­mon­place. What was dif­fer­ent this time is that they did not ask Ms Jef­ferys to make the trans­fer there and then. She was in any case sus­pi­cious, and chal­lenged the callers to prove that they re­ally were from the bank.

They pointed out that the num­ber from which they were call­ing, dis­played on her mo­bile phone, matched that on the back of her bank card. How­ever, soft­ware that al­lows crim­i­nals to dis­play a num­ber of their choos­ing is read­ily avail­able, ac­cord­ing to Mr Freed­man.

Ms Jef­ferys then did as ex­perts ad­vise in this sit­u­a­tion and tried to call the NatWest num­ber on the back of her card from her land­line. But she did not ac­tu­ally speak to any­one.

“It took ages to get through, be­cause there were so many op­tions, by which time the fraud­sters were call­ing me again on my mo­bile,” she said. “They phoned me on my land­line and mo­bile ap­prox­i­mately six times.”

Dur­ing th­ese calls they added to their plau­si­bil­ity: they asked Ms Jef­ferys to agree a “pass­word” that they could use in fu­ture to prove their iden­tity and told her that they would send a new bank card and iden­ti­fi­ca­tion num­ber be­cause her ac­count had been “com­pro­mised”.

In what was per­haps their most con­vinc­ing touch of all, the crim­i­nals also asked her to log in to her on­line bank­ing while they re­mained on the line. Be­cause the crim­i­nals had pre­vi­ously frozen her ser­vice she could not log in, and they were able to prom­ise that they would send Ms Jef­ferys an “ac­ti­va­tion code”, which would en­able her to re­gain ac­cess. This would come the fol­low­ing morn­ing by text mes­sage, they said.

Mean­while, the crim­i­nals had gen­er­ated the code them­selves by im­per­son­at­ing Ms Jef­ferys on NatWest’s web­site.

To do so they had al­most cer­tainly gleaned enough in­for­ma­tion about her from so­cial me­dia and other on­line sources, Mr Freed­man said.

Banks that al­low ac­ti­va­tion codes to be gen­er­ated in this way by some­one who lacks full se­cu­rity de­tails for on­line bank­ing rely on the fact that the code should be seen only by the ac­count holder, who will pre­vi­ously have reg­is­tered their mo­bile phone num­ber with the bank.

The code duly ar­rived in a text that was sent to Ms Jef­ferys’s phone the fol­low­ing morn­ing.

When the fraud­sters called Ms Jef­ferys a lit­tle later, they had con­vinced her that they were not im­pos­tors and given her the means to re­gain ac­cess to her ac­count.

All they had to do then was re­peat that her money was at risk and that she should move it to a “safe” ac­count, whose de­tails they gave her. This she duly did.

“Af­ter that, the caller said he would add com­pen­sa­tion to my ac­count, for all the in­con­ve­nience caused, of £1,000,” Ms Jef­ferys said. “It was then, af­ter I had done the trans­fer,

that I re­alised it was fraud as I could not be­lieve that NatWest would give £1,000 com­pen­sa­tion.”

She im­me­di­ately ran to her lo­cal NatWest branch. She was asked to call the bank’s fraud team from the branch but it proved too late to re­cover the funds from the Bar­clays ac­count to which they had been trans­ferred.

She turned to Bar­clays, which said in a let­ter: “We have been able to re­cover some of the funds that were in the ac­count and are there­fore in a po­si­tion to re­turn £0.10.”

A spokesman for Bar­clays told Tele­graph Money: “As soon as we were alerted by NatWest, we acted swiftly in or­der to re­cover any re­main­ing funds on the ac­count.

“Re­gret­tably by the time we were made aware of the fraud no money re­mained and the ac­count has since been closed.”

NatWest said: “Re­gret­tably our cus­tomer was a vic­tim of a scam. Un­for­tu­nately there was no op­por­tu­nity for the bank to in­ter­vene and the cus­tomer paid funds away to an­other bank.”

What the vic­tim should have done

Ms Jef­ferys’s key mis­take was to al­low the fraud­sters to harry her into giv­ing up her at­tempts to con­tact NatWest in­de­pen­dently.

Mr Freed­man added: “With th­ese frauds, there al­ways comes a point when the vic­tim ‘ buys’ the story. From that point, ev­i­dence to the con­trary is ig­nored or ex­plained away. It’s vi­tal to give your­self time to step back and ask your­self: ‘Is this rea­son­able?’

“In cases such as this, it is not the bank’s sys­tem that has been hacked, it is the vic­tim her­self.”

His other tips in­clude:

limit the per­sonal in­for­ma­tion you put on­line

Use a pass­word man­age­ment sys­tem and up­date pass­words fre­quently.

Con­sider whether you re­ally need on­line bank­ing. The eas­ier it is to use, the eas­ier it is to abuse.

What should banks and the author­i­ties do to pro­tect us from fraud?

Tele­graph Money calls on the Gov­ern­ment, the banks and the po­lice to step up their ef­forts to de­feat fraud.

The new joint fraud task force, which brings th­ese three bod­ies to­gether, should in­ves­ti­gate ways in which frauds in progress can be halted. An emer­gency num­ber along the lines of the 999 ser­vice could be one op­tion.

Where banks re­ceive out-of-the­o­r­di­nary pay­ment in­struc­tions from clients, they should phone or text to check – and check also whether clients have re­ceived un­so­licited calls from other “bank staff ”.

A far more com­pre­hen­sive and vis­i­ble pub­lic in­for­ma­tion cam­paign high­light­ing the dan­gers and ex­plain­ing how cus­tomers can pro­tect them­selves is needed.

An­nette Jef­ferys ran to NatWest to re­port the crime but her money had al­ready gone

Newspapers in English

Newspapers from UK

© PressReader. All rights reserved.