As online banking fraud grows, the risk it presents is becoming more well known. But now fraudsters are taking advantage of this – by posing as fraud investigators.
“They were completely professional, it was a clear line, they knew my name, they called me on my landline, they used all the language,” said Emma Watson, a British businesswoman who lost £100,000 to the scam.
Speaking to the BBC last year, Watson said she received a phone call from what appeared to be her bank’s fraud team. They told her they had stopped some unusual transactions on her account, but because it had been compromised, she had to transfer her money into another account that they had set up in her name.
“They were very assuring, saying ‘I know this is a distressing time for you and I’m going to help you’.”
Despite the growing public awareness of how fraud campaigns work, online banking fraud grew by 128% between 2013 and 2015, according to a Financial Fraud Action UK report. This is because scammers are constantly adapting their methods and developing new skills and technologies. Almost as soon as one scam is exposed, another appears.
In this campaign, a form of ‘vishing’ (a telephone phishing scam), scammers are doubling down on their previous success. They are exploiting the publicity of online banking fraud, so when a victim receives a phone call telling them they’ve been defrauded, they are more prone to believe them.
Phishing for specific information
Because scammers already need a lot of the victim’s personal details to begin the attack, they are looking for very specific information. In some cases, they may even have the victim’s card number, meaning all the fraudster needs to complete the scam is the three- or four-digit security code on the back of the victim’s credit or debit card.
Following a recent re-emergence of this scam in South Carolina, Allie Teper of Carolina Foothills Federal Credit Union advised people on how to protect themselves. Being asked for “anything that has to do with an actual plastic card,” such as card numbers, expiration dates or security codes, should “send up a red flag,” she said.
Learn how to spot phishing attacks
If people give up their personal information to scammers, they only have themselves to blame when they fall victim to phishing attacks. But when scams strike in the workplace, as has been happening across the US during tax season, a company’s entire staff could be affected.
It only takes one untrained employee, or one momentary lapse in concentration from an otherwise informed employee, for a phishing attack to be successful. The danger of phishing attacks is that they target people – and people make mistakes.
The only true defence against them is an awareness of how they work. The more people know about phishing attacks, the less likely they are to fall for them. IT Governance’s Phishing Staff Awareness Course uses real-life examples and practical tips to help employees become an active part of their company’s cyber security strategy.
Find out more about our Phishing Staff Awareness Course >>