One click away, websites which mimic calls and text messages from your bank
SCAMMERS are using cheap and widely available technology to make calls and send texts which appear to come from your bank.
The deception, known as spoofing, lets the caller choose what phone number is displayed on the recipient’s phone when they call up.
It means a fraudster could find out the number of the victim’s bank and make it flash up on the recipient’s phone when they call – even though they are in fact calling from an entirely different number.
Text messages can also be ‘spoofed’ to make it look as if your bank is messaging when it is actually coming from a scammer’s phone.
A Daily Mail investigation has discovered that with a simple Google search anyone can access a host of online services which allow people to make spoof calls and text messages.
Experts warn that while these websites and mobile apps advertise themselves as a harmless way to ‘prank your friends’, they can just as easily be used by people for more sinister purposes.
Money Mail has heard from scores of bank transfer victims who said fraudsters had managed to convince them they were really calling from their bank. They told them to check the number they were calling from against the one on the back of their debit or credit card or on the firm’s official website.
When it matched, the victim was reassured the call was genuine and followed the caller’s instructions to transfer vast sums of money out of their account.
One provider of the spoofing service – CrazyCall – allows people to change their caller ID and alter the sound of their voice to make it higher or lower pitch.
On its website it says: ‘CrazyCall is the ultimate tool for making prank calls and fooling your friends. You can change your caller ID, so when you call someone he sees on his caller ID display the number you selected.’
It sounds like harmless fun but for just 75p per minute (plus an access charge) Money Mail was successfully able to use the site to call a landline from a mobile phone and make it look as though the call was coming from Lloyds’ customer service number.
So if someone picked up the phone they would think the call was coming from their bank. Some services block official numbers such as those belonging to certain banks and the taxman. But even then not all numbers are barred.
For example, British website Fakemyphone.co.uk prevented users from posing as most major UK banks.
But it was possible to make it look as though the HMRC income tax office was calling. And using the US version of that site – Spoofmyphone.com – Money Mail was still able to call a UK landline from a UK mobile phone and make the HSBC customer service number flash up on the caller ID.
Separately, experts said fraudsters can use other legitimate services – that allow people to make calls and send messages over the internet – to send texts which appear in the same chain as previous genuine messages from their bank.
It means it is often impossible for customers to tell if a text message is really from their bank.
As part of the Mail’s Stop The Bank Scammers campaign, we called on telecom providers to do more to identify and stop scam text messages getting through.
Just last month Money Mail revealed how even a top fraud chief at Britain’s biggest bank can sometimes not tell the difference between a fake and genuine text message.
Regarding the fake texts which appear in the same chain as past real messages from your bank, Scott McGready, from the National Cyber Security Tactical Advice team which aids law enforcement, said: ‘A fraudster only has to learn a few lines of basic code – rules that instruct a computer to do something – and they can use these systems to make it look as though a text message has been sent by a legitimate company such as a bank.
‘The infrastructure behind the whole mobile system needs overhauling. If Royal Mail can stop suspicious letters being posted through people’s letterboxes, why can’t mobile phone companies do the same thing? We need a spam folder for text messages like people have for their emails so people know to be cautious.’
Gareth Shaw, from consumer group Which?, said: ‘People lose life-changing sums of money after falling victim to this type of scam, which is becoming increasingly difficult to spot.’
Spoofmyphone.com and CrazyCall did not respond to requests for comment.
The City of London police said number spoofing apps and websites are legal. However, it is illegal to use them to commit a crime.
‘Increasingly difficult to spot’