Beware the bank calls

The Society’s Financial Crime Conference of 25 June included two sessions focused on the topic of vishing (voice-phishing scams), which is a common technique used by fraudsters to target solicitor firms in recent months. The Society has also issued a number of alerts to firms over this period, highlighting a wave of attempted frauds, mainly against client accounts.

DS Steven Wilson of Police Scotland highlighted the increasing threat and sophistication of cyber crime combined with social engineering techniques, and stressed that staff and managerial awareness is the best way of tackling the threat. He explained that small and medium-sized businesses are increasingly being targeted because awareness and controls in larger businesses have made them less vulnerable to such attacks. Smaller businesses are seen as an easier target.

Stewart Thom, a customer security business partner with RBS, took the conference through the fraudsters’ common methodology, which matches exactly the attacks which have been reported to the Society. He pointed out that the scams often start with a call purporting to be from the fraud department of the firm’s bank or credit card company.

The caller (fraudster) will use urgent language to convince personnel in the firm (e.g. in the cashroom or the cashroom manager) that the firm or client account bank account has been compromised, often claiming there are fraudulent transactions pending and compelling you to take immediate action to prevent these from being paid.

To gain trust, the fraudster may encourage you to verify the call by phoning the telephone number printed on the back of your card, or another trusted number you have for the bank.

Even though you hang up your phone, the fraudster leaves their end of the line open so that when you dial the genuine number, the fraudster can intercept and re-answer the call, claiming to be the bank or credit card department.

Now that they have your trust, they will ask you to transfer money to a new bank account that has been opened, to protect you from the alleged fraudulent transactions.

On other occasions, fraudsters have asked firms to provide the name of their bank relationship managers and have then called back pretending to be that person. They may also ask firms directly for unique security credentials so that they can make transfers directly.

“We would never ask a customer to transfer money to protect their account from fraud,” Thom said. “We would also never ask our customers for full security credentials over the phone. If you receive a call of this nature, or any call you are suspicious of, you should end the conversation and call your bank on a trusted number.

“Use a different phone line to make the call and, if that’s not possible, check that your phone line has not been held open by calling a family member or friend first of all. If a fraudster has intercepted the call, they will find it difficult to impersonate someone you know.”

Representatives from across the banking industry are working with Financial Fraud Action UK and telecommunication companies to reduce the amount of time a line can remain open, when it has not been disconnected at each end.

Thom concluded by noting that: “Customers of all UK banks have recently been targeted in this way.
“We’ve seen first hand the emotional and financial impact losing hard-earned money to scams such as this can have. That is why we want to make sure all members of the legal community are alert to this risk and can recognise the warning signs to prevent falling victim.”

• For further advice and information on current scams, please visit: www.rbs.co.uk/security or www.getsafeonline.org
• If you are concerned that your business has been affected by vishing or other scams, contact Action Fraud, the UK’s national reporting centre for fraud and internet crime on 0300 123 2040.