Criminals posing as banks’ anti-fraud teams to drain high-value accounts

UK businesses, charities and other high-value bank account holders are being warned about a scam which often starts with a phone call and ends with criminals taking control of victims’ computers and online banking to drain accounts.

Fraudsters are using software to steal tens of thousands of pounds, with the amounts stolen from some individual accounts exceeding £1 million, according to intelligence from the Cyber Defence Alliance (CDA).

In the run-up to international fraud awareness week (November 16 to 22), the CDA has teamed up with fraud prevention service Cifas and banking trade body UK Finance to raise awareness of the scam.

Criminals will pose as legitimate bank teams fighting fraud, so that victims unwittingly grant access to their bank account and funds are drained, often before they realise they have lost control of their accounts.

Victims are first contacted by phone, sometimes after receiving a text, by someone pretending to be from their bank.

The caller claims there has been fraud on their account and they must act urgently, directing them to a fake website that looks like it belongs to their bank.

The victim is then asked to click a “chat” button. This secretly installs software that gives the fraudster remote access to the victim’s device – including their online banking.

If the bank sends a security code such as a one-time password to the victim’s phone, the fraudster tricks them into sharing it. This allows the criminal to move money or set up new payees.

In some cases, victims are even persuaded to set up call forwarding, which blocks genuine calls from their bank.

Being asked to call back on a number provided by the caller could be among the red flags to watch out for.

Garry Lilburn, operations director at CDA, said: “If you receive a message or call that feels unusual, take a moment to consider whether it matches how your bank normally communicates.

“If anything seems off, end the call and report it using your bank’s official contact methods.”

Mike Haley, chief executive officer of Cifas, said: “Fraudsters are creating a false sense of urgency to exploit people’s trust and steal large sums of money.

“Banks will never ask you to download software or transfer funds to protect your account. If you receive an unexpected request, take a step back and question it before responding.”

Dianne Doodnath, principal of remote banking channels at UK Finance, said: “Impersonation scams often begin with a message or call claiming to be from a trusted organisation.

“Criminals may try to rush you by saying your money is at risk. To protect yourself, follow the Take Five to Stop Fraud advice: pause, check the source and only respond using verified contact details.”

Anyone who believes they may have been scammed should inform their bank and the police.

Here are some tips from the organisations to avoid remote access bank scams:

1. Hang up and call your bank back using a number from your bank card or app.

2. Never trust a call just because it sounds professional – always verify the caller.

3. Try using the 159 service to connect directly to your bank’s fraud team. Many banks have signed up to this.

4. Never share one-time passwords or allow remote access to your device.

5. Report suspect text messages by forwarding them to 7726.

6. Visit the Take Five to Stop Fraud website for further support and advice.