The rate at which individuals' personal details are being stolen by criminals is rising fast. Fraud experts say the public need to be more vigilant than ever.
Laura Shannon explains the different fraud types, how they are committed, and explains ways to keep your money safe.
Identity fraud claimed more than 148,000 victims last year – a 57 per cent rise compared to the year before. Cifas, the financial crime prevention service, says every demographic is being targeted – with fraud affecting all age groups.
But how it happens remains a mystery to many victims.
This was the case for retired couple Mike and Sheila Fairholm, both 67, who had £8,000 looted from their joint account with NatWest while they were on holiday in Berlin last December – and where they had not used their cards and only took cash.
When they returned to their home in Wallsend, Newcastle upon Tyne, they found Mike's log-in password for online banking had been changed.
After using Sheila's log-in, which was unaffected, they discovered £8,000 had been spent at a spread-betting company. Curiously the sum was returned to them in three instalments – all while they were still away.
The Fairholms also noticed £1,000 had been transferred from their savings account to their current account.
Despite not having lost any money, the couple are concerned about how this could happen and keen to get answers. Sheila says: 'The bank cancelled my husband's debit card, which had been compromised.
'But it seemed unconcerned that someone had been able to access our online banking details, change passwords and spend a huge amount of money leaving us overdrawn for a couple of days. We were astonished at its reaction and worried it was not taking the fraud seriously.'
It was suggested to the couple there was a virus or malware on their home computer. But they took it to PC World to be checked over, at a cost to themselves, only to be told the device was secure.
The Fairholms also use F-Secure software to help keep their information protected.
Mike visited his local NatWest branch to discuss the fraud with a manager, only to discover the couple also had a £10,000 overdraft on their account, which they weren't aware of and did not ask for. This has now been reduced.
The manager suggested Mike's card had been compromised in the run-up to Christmas when he had bought items online, but Sheila says this does not explain how someone could access their account and change passwords.
NatWest says: 'We take fraud extremely seriously. We are working with the Fairholms to ensure their accounts are kept secure.'
The different types of fraud
Identity fraud
Criminals glean personal information about an individual to open accounts in their name, order a mobile phone contract, request other goods in their name or empty their current account.
Investment fraud
Sometimes known as 'boiler room' fraud.
Savers are convinced by phone or email to invest in 'unbeatable opportunities' and with high yields 'guaranteed'.
The fraudsters will try to build a rapport with their victims over time, and may even produce sham brochures and make false claims about how the company is regulated.
The investment itself will often be a high-risk unregulated product – such as wine, art or diamonds – if it exists at all.
Scams
This is a general term covering a broad number of rip-offs affecting people in the UK on a daily basis.
They range from bookings for holiday homes advertised by fake landlords, a sham adviser promising to unlock money from a pension before the age of 55, or demands for payment by doorstep tradesmen for 'urgent' property repairs.
All scams and frauds combined are thought to cost individuals nearly £10billion a year – the equivalent of £202 for every UK adult and more than £300 per second.
This figure comes from the UK Fraud Costs Measurement Committee, and is based on academic research by the University of Portsmouth's Centre for Counter Fraud Studies.
Consumer group Citizens Advice is running Scams Awareness Month throughout July to help people learn more about common scams and how to spot them.
For more information visit citizensadvice.org.uk or call the charity's consumer helpline on 03454 040506.
The methods used
Social engineering
Specific details about victims are taken from information freely available online, such as addresses and ages posted on social media.
Often this will be all that is needed to open an account in that person's name or to tease more information needed from an account holder.
Phishing/ smishing
People are tricked into clicking on links in emails or texts – perhaps because it looks to be from an official source, such as Revenue & Customs, a popular shop or someone they know.
Clicking on the link downloads 'malware' on to a computer or phone. This is software that lets crooks see account numbers and passwords that have been used on that device.
Phone fraud
Skilled scammers impersonate bank employees or police to find out a person's account PIN or password.
The caller will suggest there is evidence of fraud on an account and recommend the person phones their bank's fraud department.
When the account holder hangs up and dials the number, the original call is never disconnected.
The fraudster then plays out a script pretending to be a bank employee and once they have the householder's trust, will ask for a PIN or password.
Hacking
Customer data, such as debit or credit card details, are traded by criminals in hidden corners of the internet not visible to the average computer user.
This information is available because of data breaches by companies or hackers targeting businesses – such as what happened with TalkTalk last October.
Hackers can also tap into public wi-fi hotspots.
Stephen Proffitt, deputy head of Action Fraud, the UK's national reporting centre for fraud and cybercrime, says: 'These internet connections are not secure and a fraudster would be able to see whatever other users are looking at – such as internet banking and passwords. It is better to use your mobile phone's data allowance for this as it is more secure.'
A flaw in NatWest's security was highlighted earlier this year by BBC Radio 4 programme You And Yours, which found it was possible to hack into a person's account using a stolen mobile phone, with no need for log-in or password information.
The programme demonstrated how a criminal could take a victim's phone, contact their bank claiming to have lost log-in details, and then be sent a unique activation code that gives access to the account.
The fraudster was then free to change the account password and PIN so only he or she could access it. NatWest consequently made changes to its security to address these concerns.
Card skimming and shoulder surfing
Cloning technology on debit and credit card terminals or on cashpoints copy a user's card details. A camera or someone hovering over a customer's shoulder at a till or ATM will then pick up what PIN is entered – giving them easy access to the account and its contents.
Proffitt says: 'There may be a device on a cash machine that you are unaware of. Always cover your hand when entering your PIN.'
Customer fraud and failure
Customers are often blamed for fraud as a result of being careless about their details. But sometimes the bank's lax security and crooked employees are responsible.
The Mail on Sunday has been told privately by a bank employee that staff need to be trained about the dangers of 'phishing' just as keenly as their customers.
In other words, customer details have been or could be compromised just as easily by bank employees falling for fraudsters' tricks.
Insider fraud is another problem, where rogue employees drain customer accounts.
Less than a fortnight ago a Barclays apprentice cashier working at the Kensington branch of the bank in London was sentenced to 33 months in prison at the Old Bailey for using details of 25 customer accounts to open new accounts, take out loans and request new cards and PINs.
He intercepted the post and used these new cards to empty customer accounts. Victims all received refunds but the loss to Barclays was £167,370.
Meanwhile, two bank insiders at Halifax and Lloyds were jailed on June 8 after working with a wider gang on a series of frauds to steal more than £400,000 from customers.
No comments:
Post a Comment