Behind the headlines: The most sophisticated scam yet
a call comes from your bank’s number. the lady doesn’t ask for account details. Feel safe? Big mistake. Catherine downey explains how she lost thousands to the latest banking scam...
Afew weeks ago, I broke down in sobs in front of my bank manager. Other customers eyed me curiously as the blood pounded in my ears and nausea crept over me.
I had just been told I was £2,000 overdrawn, despite having transferred £4,000 into a new account the day before. I’d been scammed.
It’s not just pensioners and the vulnerable who fall victim to scammers these days. I’m a middle-aged mother-of-three, who considers herself to be sassy and alert. I thought I would always be safe from such cons: I know not to give bank details over the phone and scoff at emails purporting to be from HMRC or Paypal.
Plausible phone calls
But what my experience shows is we must be aware things have moved on from ‘phishing’ – the term for when criminals use fake emails or bogus websites. We’re now on to ‘vishing’ – phone calls where fraudsters impersonate bank staff so plausibly they are able to talk you into transferring money into their account. Officially known as ‘authorised push payment fraud’ or APP, this is how my money ended up being transferred into a random Barclays bank account, now empty.
APP is one of the fastest-growing types of fraud. There have been 19,370 reported cases in the past six months, with an estimated £101.2 million transferred to fraudsters in that period. Not long ago, I was cooking supper for my teenagers when I received an automated text saying a new phone number had just been registered with my Natwest online account. Five minutes later, the bank rang. The 0345 number that came up was the main switchboard number for Natwest – I’d saved it in my phone a while ago so I could be sure.
‘We suspect some suspicious activity on your account,’ said the lady, who introduced herself as one of the Natwest fraud investigation team. Her tone was calm and professional. ‘We’ve noticed a direct debit has been set up for John Lewis and one with the mobile phone network giffgaff.’ No, I hadn’t set them up, I gabbled. Also an IP address from Bristol has logged into your account. Was it you?’ ‘No it was not,’ I said, relieved that my bank was on the case. Four years earlier I’d been scammed when someone got hold of my bank details and £2,000 was taken from my account. Natwest refunded me on that occasion.
I’m aware many emails and phone calls are from scammers and so usually ignore them, but as it says on Natwest’s own website, ‘If we hold your mobile number, we will send you an SMS to confirm some activities on your account... If we suspect or become aware that your account may be subject to fraud, we will attempt to contact you.’ This was my follow-up call from the bank after that preliminary SMS warning, wasn’t it?
Still being cautious
It’s usually at this point in the story that friends ask, ‘But why did you give her your account details?’ And this is the strangest thing about it: I have never given my account details on the phone to anyone. The woman knew all my details already. At no point did she ask for my account number, sort code, even my name. The only thing she asked was for the first and third letter of my password — just as any bank does during a phone call. She was already in my account, looking at my transactions. ‘There’s one payment to DVLA at the end of December – was that you?’ Yes. I told her but, as ever, I wanted to err on the side of caution. ‘Sorry, but can I just check this is Natwest I’m talking to?’ ‘Of course,’ she said calmly. ‘We always advise people to call the number on the back of their bank
‘The woman knew all my details already’
‘My mission is to warn everyone i meet about my experience’
card. I’ll call you back in five minutes.’ So I rang the number on the back of my card from my landline, which corresponded to the number she’d phoned me from, and got though to the familiar Natwest switchboard welcome message, informing me I could be kept waiting ‘longer than usual’. Had I stayed on the line and spoken to an advisor perhaps the scam may have unravelled.
Five minutes later, she rang back and talked me through what Natwest could do to keep my money safe. As I set up a new ‘Natwest holding account’ under her instruction, I was given ‘my’ new sort code and account number and went online to transfer £4,000 into this new account under my name, while she remained on the line.
Modern bank robbery
But when I went into my branch on the Monday, the cashier frowned. ‘You’ve made a large transfer but no new account has been set up,’ she said. ‘You’re overdrawn by £2,000.’ That’s when the bank manager took me aside to explain — and I began to feel like an utter fool. Looking back, the woman had created a situation where I felt I was in control. At no point had I revealed any details about my account or myself. I had fallen victim to a modern type of bank robbery. I complained to the bank, who washed their hands of the matter. ‘As you made the transaction, we cannot be held liable for this and we will not be in the position to investigate this issue further.’
I complained to Barclays, where my money ended up. ‘The account into which you transferred money has been closed. Barclays is unable to return any money to you.’ The sense of a giant buck being passed persisted and I contacted the Financial Ombudsman Service (FOS), from whom I’m still waiting to hear.
I’m trying to come to terms with the fact that I may never get my money back. Meanwhile, I’ve made it my mission to warn everyone I know or meet about my experience. I don’t think people realise the true extent of this epidemic.