Related Articles
How criminals get your passcode
Fraudsters have numerous ways of stealing this information.
As HSBC told us, criminals “often start by social engineering – sending fake emails, gathering data on social media with fake quizzes and competitions, creating fake merchants and fake goods… We’ve seen a rise in fraud emanating from online marketplaces, and a rise in WhatsApp and SMS-type messages seeking to elicit information or money too. It’s not just one fraud type or approach. Fraudsters and scammers use every trick in the book.”
Social engineering means manipulating people in order to deceive them, using knowledge of how people think and act. Criminals will start some kind of interaction that eventually tricks the person into giving away their bank details.
Mason agrees. “Criminals are shifting tactics,” he says. “We are seeing criminals increasingly using social engineering techniques to trick victims into handing over their personal and banking details so the criminal can authenticate fraudulent online card transactions.”
One popular way that remote purchase fraud happens is a fake text message about a delivery. It appears to be from a courier firm or Royal Mail. It usually says: “There’s a problem with a package; click here to arrange delivery.” That takes you to a fake website for the delivery service (which could be DPD, Evri, Royal Mail, or another delivery firm) where you’ll be asked to pay a small administration fee.
If you enter your card details and your billing address on the form – not realising it’s a fake website – that gives the criminals most of the details they need.
Shortly afterwards, you’ll get a call on the same number that the text message was sent to. It’s your bank, and they’ve detected fraudulent activity on your card. To refund that money, the caller says, we need to do a security check. Can you read out the six-digit code we’ve just sent to your phone, please? The code is real, and from your bank. But the person on the phone isn’t.
Giving the code will allow the criminals to do whatever they were trying to do, whether that’s log in to your bank, make a purchase, or add the card to their digital wallet.
In the case of the £7.5 million investigation and the arrests that were made in April this year, fraudsters had been using a specially designed OTP tool to make phone calls to victims, pretending to be from banks or cryptocurrency exchanges.
How to avoid getting scammed
The key to staying safe is to always keep OTPs to yourself. “If you receive an unexpected request to share personal information or a one-time passcode that has been sent to you, it is likely to be part of a scam that could lead to you becoming a victim of fraud,” warns HSBC’s David Callington. “Do not share one-time passcodes.”
Banks have teams working around the clock to spot potentially suspicious payments, but you can do your part too, says Callington. “People can help protect themselves by keeping abreast of the latest scams, taking note of fraud warnings when making payments, and not sharing one-time passcodes,” he says.
Assume that any unsolicited communication – a text, an email, a phone call from an unfamiliar number – could be fraudulent. Don’t click any links, download any attachments, or reply to the message. If you want to speak to your card issuer, call them directly on the number printed on your bank card. You can forward suspicious texts to 7726 and report emails to the National Suspicious Email Reporting Services (SERS).
Giles Mason says you should always follow the advice of the Take Five to Stop Fraud campaign: Stop, Challenge and Protect. Stop means “taking a moment to stop and think before parting with your money or information,” he explains.
Challenge means asking yourself: “Could it be fake? It’s OK to reject, refuse or ignore any requests. Only criminals will try to rush or panic you.”
What to do if you’ve been targeted
Protect means: “Contact your bank immediately if you think you’ve been scammed and report it to Action Fraud online or on 0300 123 2040,” Mason says. If you’re in Scotland, notify Police Scotland by calling 101 or visiting a police station.
The most urgent thing is to get your card stopped to prevent further fraud, so always contact your bank straight away.
Whether you get your money back depends on the nature of the scam and the information you shared. Banks consider handing over a one-time password as the same as giving fraudsters your bank card and pin.
So if you do this, unfortunately it’s unlikely you will be eligible for a refund.
If you didn’t hand over the OTP or do anything else to break your card issuer’s security rules, you’ll usually get your money back the next business day and your bank will send you a new card.
Source link
