We want to alert all customers to a recent scam perpetuated on one of our customers. This is almost led to a six-figure sum being taken from the business bank account.
This was an extremely clever scam attack which appeared to highjack the businesses phone and diverted an outbound call to an alternative number.
It started with a call purporting to be from the customers’ bank saying that the account had been compromised and that the account password needed changing. The customer sensibly terminated the call and visited the bank website for the telephone number which she then called back. The call was answered in the banks’ name and security checks carried out, the requirement for the password change was confirmed and the customer was directed to a website.
On the site, they were asked to enter the existing password, confirm it, and then enter a changed password.
The customer was still slightly suspicious and called us. Our operator was also suspicious and recommended that the customer call the bank again, using her mobile phone. This call did go through to the bank and they confirmed that they had not been in contact with the customer that day; they did confirm that there had been very recent activity on the account and that an attempt to transfer £115,000 had been made. The customers call had come just in time to block the transfer.
The customer didn’t do much wrong here, however, there are a couple of areas that may have prevented the scammers getting as far as they did.
It’s rare for banks to call; unexpected activity is usually communicated via text or email with a request to confirm that the activity is valid or to call the bank. If the call is unexpected, then they might not be who they say they are. If you’re not sure, say you’ll call back. Always use a trusted number, as the caller did here. The best number for a bank is usually the number on the back of your card. However, you need to ensure that you disconnect from the previous call. We suspect that the previous call did not disconnect and this is how the scammers diverted the call back to them. Leave a reasonable amount of time before calling back, give it 10 minutes or so, and ensure that you get a normal dial tone. If possible, the best option is to use an alternative phone such as a mobile.
Don’t log onto a computer or website suggested by a caller. Never tell a caller what you can see on your screen or allow anyone remote access (control of your machine) unless it’s a company that you called first and know well.
Fraudsters are very clever and the sophistication of these scams does make it very difficult but exercise caution, follow the above tips and those published by your bank and you will keep your money safe.