Fake 'BT' caller fleeces elderly victim of £30k in APP app scam Police have issued an urgent warning after an elderly man was scammed out of £30,000 by phone fraudsters pretending to be from BT. The incident happened last Thursday (23 September), prompting West Mercia Police to issue a bulletin warning people to be on their guard against suspicious phone calls. In this case, the victim …
This has got to be an inside job, someone who knows the inner workings of a particular bank, and what does and doesn’t raise flags. My 72 year old dad has a hobby of restoring old machinery (presses and lathes etc.). Every 3 to 4 months or so he goes into the bank to withdraw £2-3k to take to the auctions. He gets the Spanish Inquisition each time he does, “what will you be spending the money on, are you sure you haven’t received a telephone call asking you to withdraw money, are you really really sure?”. He finds it incredibly frustrating that they don’t give him access to his money, but after I pointed to a couple of stories like this he understands why it’s necessary.
I'd agree that at least a few of these scams are triggered by insider information, as evidenced by my wife paying a monthly care home bill for her mother via online banking, then at around 5pm the same day, getting a phone call from someone purporting to be from the bank saying that the payment hadn't gone through because the payee account details had changed and could she re-do the bank transfer but to a different account number.
Of course, being a council-estate girl made good, she was immediately suspicious and phoned the care home directly to confirm they'd received the original transfer, which they eventually confirmed they had.
> This has got to be an inside job, someone who knows the inner workings of a particular bank
Sadly no. They don't need to know the inner workings of the bank - only the inner workings of the bank's app. And they can study that at their leisure.
Any extra warnings that the bank's app put up were probably suppressed by the scammers own app which they tricked the victim into downloading and running.
One suggestion might be to make the ability to make transfers to non-UK accounts an option that has to be requested - in the same way that an overdraft has to be requested - and that request has to be by phone so the bank staff can ask why it's required. That way even if a scammer gets as far as this one did, the final transfer would fail.
You get more than few warnings you can just click ignore on though, I do my mums food shopping and just to transfer less than £100 between our accounts at regular intervals, you have to present access codes and then have more codes texted to you.everytime, plus follow all the warnings clicking you agree, and if you login via a different computer/ip address, it resets your security to basically you must hacking the account level and go through even more painful authentication.
So how the flip they transferred 30k with no red flags, or questions asked, hell even 20 years ago I couldnt shift that much money between bank accounts without a solicitors legal letter that was checked for authenticity, authorising that kind of payment.
So I feel there might be important information missing in this case, probably so as not to assist anyone along with similar scams
I'm in my mid-50s now, and look upon ALL youngsters (Not just Bank Clerks) as patronising knobs[1] who learnt their trade from either Reddit or the BS marketing stuff available[2].
Is it just me, or does anyone else think that all the majority of the younger generation know how to do is bullshit and then 'double-down'?
[1] Ever had anyone explain the workings of something you invented to you? Me, I string them along for as long as possible before dropping the bombshell. It's more of a laugh then cutting them off at the knees early in their musings.
[2] In fairness to the little darlings, it's hard to find anything other than this these days.
Sadly, it is. I sold my car for cash and paid it in to the local branch. A day letter, some officious twat from 'head office' called, asking me about the transfer and all sorts of other stuff - what sort of house did we have, what car did I drive...in the end, I told him that he was really pissing me off and hung up on him. I hate banks.
In the UK, I have found there are a few steps one has to take in order to add a new payee to one's account. And the banks now seem to want to know the address of the payee, as well as the basic sort code and account number info.
However, going into one's own bank and making a personal transfer is clearly a different way for the "crims" to carry out scam.
In this case though, it seems strange that the scammers were able to access the victims "savings" account without the victim knowing (in order to transfer funds into the victims current account) and to hoodwink them into thinking that they had an extra £30,000 in the account "so it must be legit" hence they went to the bank to make the transfer to the "crims"...)
you pay peanuts, you get monkeys. And I say that as, in the past, I was one such monkey (although in a different industry). Basically, sooner or later, most people in any shitty / unstable / underpaid / overstressed job, gets to realize their employer is not their friend, and they either leave, or switch into the 'fuckyoutoo' mode.
I always wonder in such cases how the purpotrator's bank account is set up as it's such a royal pain to find all the paperwork to get one normally as I can never remember who makes my underwear or what my great grandmother's dogs had for tea on a Thursday ... Then there'd be the little case of the direct bank transfer of £30k which surely should be questioned?
At RuffianXion, it still requires multiple forms of ID, including a photo ID issued by an approved source, to verify you are whom you claim to be. You can't just walk in, inform a teller "Please open me a fresh bank account with no ID check" & expect to get anything beyond laughed at. There has to be a registered Human to whom the account belongs. Follow the money, nab that person, & interrogate them with extreme prejudice until they either cough up the money or the name(s) of the people they sent the money along to. If they pay the money directly then they may "only" get life behind bars. If they refuse to give up the money/name(s) then they will *definitely* spend the rest of their life behind bars while the tax auditors go through every aspect of their lives in an attempt to find the money, reclaim the funds, & return the ill gotten gains to the victims.
TL;DR: Follow the money. Find the bad guys. Strap them down & force them to listen to Vogon poetry until they explode.
except the mark who owns the destination account is another victim - low paid single mum who thinks that by transferring cash from their account to another for a few 100 quid is paying their own bills.... 3 or 4 accounts around the world in the chain and you are effectively hidden
@Sub 20 Pilot - "they are still an accessory to the crime"
That's also my understanding, but still, the mastermind makes the big bucks and gets away. The intermediate criminal might not even realise they are assisting a crime, having been told some spiel about why the transfer must be made like this, and how it's perfectly legal. Vogon poetry as a punishment is rather harsh for the crime of being uneducated. Reserve that punishment for the mastermind.
I read that "new account fraud" (setting up a brand new account in the name of a real person but without their knowledge) is now very large and is relatively easy - particularly if you can intercept either post or just email (it used to be just students/flats/shared houses/people on long holidays/etc but now just a poor email password is enough). Note: I was reading about it because a mix-up meant I worried for a few hours that someone had done exactly that to me (it turned out just to be a confusion - not a new account in my name, fortunately).
It doesn't necessarily need to run for long - a few days would be plenty to move some money around then it can be burned. As soon as the money is paid into the account I am sure it is moved abroad to a money launderer.
The other day I got a phone call from someone purporting to be from O2. He asked me to confirm my name, and I wouldn't. I asked him to tell me some phone numbers on my account, and he said he couldn't because I haven't identified myself. In the end, he relented and gave me the last two digits of two of the phones on my account. He had successfully proven himself to me, but honestly I couldn't tell if it was a scam or not at the beginning.
Banks ought to send out large cards with big writing in bold to elderly or vulnerable people with simple advice like "never transfer money at the request of someone else unless you intend them to take that money" or "if you get a phone call from Microsoft or an internet provider, it's always, 100% of the time a scam". This does mean that some genuine calls will be rejected, but it's a small price to pay for avoidance of these scams.
It should be a criminal offence to phone someone up and ask them "security" questions.
I cannot upvote that enough. The same should apply to the gov. "Hi I'm from test & trace, before we can proceed can you confirm your personal details.... Sure, but only after you can prove to my satisfaction you really are from where you claim"
But here is the problem:
There is so much personal data now available to be bought, either legitimately or stuff that has been stolen it is very difficult to know what can be used for the recipient of the call to verify that the caller is real.
The only possible way I can see this working is if there is a rotated secret that only certain characters are revealed.
Asking for any personal information it pretty much an irrelevance now as so much is already in the public domain.
But this is where so many companies are their own worst enemy. We are told not to divulge all sorts of information yet they persist in ringing up and asking for the very same information.
All these scam rely on the victim being confused by techno-babble and bull. All sorts of key words are put in to try and give a sense of security that it is your bank helping you out.
The banks themselves are mostly to blames for the volume of fraud because they persist in letting completely out-of-band transaction be processed immediately.
Nationwide have finally woken up to this and are suggesting the high-risk payments be delayed. This requires industry wide cooperation..........
We are constantly bombarded with targets crap yet the banks are incapable of seeing that a new payee has been set up and is syphoning all the money our of an account. Given that they can block cards or refuse transactions if there is insufficient funds, this should be a doddle.
The trouble is that unlike a transaction that goes into overdraft, just allowing all the money out (usually) does not cost them anything or make them any money.
Some of this is due to the diminishing (Actually non-existent) level of trust you can have in the number showing on your screen as the calling party number. Thanks to the commercialisation of the telephony network (in the name of competition and innovation), it's easily possible for anyone originating a call outside your country's boundaries to appear as if they are in the same country as you, or even the same UK STD/area code.
My preference would be that all calls originating outside of the ${territorialBorder} are forcibly policed at the ingress of anything that can switch calls (No matter what the technology) in such a way that the probably 'forged' OLI is either replaced with 'Unknown', International' or a valid contact number of the organisation owning the ingress point i.e. traceable back to a known entity in the local territory. Forcing a valid and accurate OLI number used to happen as a matter of course in the PSTN (By default), or the ISDN (Policing was switchable, but on by default). Things went to rat shit when that restriction was lifted, and have got worse since. And no, the C7/SS7 network isn't to blame, just the ways that SS7/SIP providers try and make a quick buck.
I could whaffle on for hours about the ways 'trust' could be achieved for, however neither I nor you[1] have that much time spend here:-)
[1] Assumption on my part.
"Banks ought to send out large cards with big writing in bold to elderly or vulnerable people with simple advice like "never transfer money at the request of someone else unless you intend them to take that money" or "if you get a phone call from Microsoft or an internet provider, it's always, 100% of the time a scam"."
They do. I get a warning like that every time I log into my bank. I get another warning when I set up a payment, and further full-screen warning that forces me to tick a box confirming I'm approving the payment of my own free will and haven't just been talked into doing it by someone on the phone. The problem is that there's only so much warnings can actually achieve. If you're the sort of person who can be persuaded to transfer £30k to a random stranger who phones you up out of the blue, it's probably not going to take much more persuasion to convince you to skip over the warnings telling you it's a bad idea.
That's ultimately how scams continue to exist. Things that seem obvious to most of us actually aren't so obvious to many people. And simple warnings pointing out that clearly suspicious behaviour is clearly suspicious aren't heeded by the people who actually need them. It's easy to come up with easy ideas for how to warn people about scams, but if it was that easy to counter them, we'd have got rid of them thousands of years ago.
The point is that these people are not "random strangers". They sit behind the respectability of being from utility or bank. The scams are very skilled and for the victims, it is impossible to figure out what is going on.
It is easy to be critical from a position of knowledge and situational awareness, blaming the victim, but having been involved in the aftermath of two of these recently, one through work and one through a friend, it is usually only spotted when it is too late.
> The problem is that there's only so much warnings can actually achieve.
Absolutely! More than (say) one a fortnight simply accustoms you to ignore them and just tick OK. This was well-known years before the banks introduced these check, so the only conclusion to be drawn is that the box-ticking is merely to cover the bank's own - no doubt luxuriously-padded - arse.
@Cuddles What the bank should have done is flagged the transfer as unusual behaviour and not allow the transfer to proceed. Then phone the account owner and ask why they are making the the transfer. Only after they have conformation that the account owner wants to make the transfer will they let the transfer proceed. If they don't receive an answer they should text the account holder to contact the bank.
Doing that would almost certainly allowed the bank to spot it was a scam and persuade the account holder not to authorise the transfer.
I am pretty sure my UK bank would have done exactly that. It has happened to me for genuine transactions a lot less than 30 grand.
Recently, my bank sent me an email with a checklist for recognising suspicious messages. Two weeks later they sent me a message about password security.
I complained that their second message matched 3 of the 4 criteria listed in the first message. They have thanked me nicely:
"Thank you for bringing this matter to our attention. Providing convenient and excellent banking services to customers is always our prime aim. Your suggestions are most valuable to us and have been placed on record for consideration when we plan future possible enhancements. "
Which I think translates as, "we've binned it, now shut up, smartarse".
The more people that do this, they sooner they will stop that. There is no reason they need to present no number - they can present a suitable NHS number.
In fact, this could be a feature - licensed operators could be forced to verify the call is from a real NHS line before presenting that one particular number.
Oh, and don't tell me it is impossible. It is as impossible as it was back in the '90s when we had to suddenly make Childline calls not just free (that was relatively easy, although the non-standard length number was a small problem for the IN systems of the day) but invisible on bills!
[Yes, I know how the SS7 infrastructure works and I know how hard/expensive it would be - but it could be done. Feel free to engage in technical design discussion here if you wish].
I had a text recently on my Android One phone and was surprised it named who sent them even though they weren't in my contacts list (it was the NHS).
It's called "Verified SMS". Companies can register a number and name with Google.
When sending a particular text, a hashed version is also sent to Google. Your phone hashes the text it recieves and contacts Google, compares the hashes and if they match, it displays the registered name along with a 'verified' icon. Your phone number, the message and probably their phone number is used to create the unique hash.
Seems a good idea - worth blocking (or being suspicious of) all texts from non-contacts or non-verified.
Ten years ago my father was in hospital with his terminal illness and my mother was in a care home with advanced Alzheimers.
One day I was on a bus that could have taken me to the hospital when I got a call with number withheld. I didn't take it because someone else was harrassing me and also withholding their number.
I subsequently worked out that it was the hospital telling me that my father was in danger for his life, although in fact he survived that particular incident.
So I very nearly missed seeing my father for the last time because of this stupid and unprofessional NHS policy.
A few weeks ago, while I was visiting my father he got a phone call purporting to be from Amazon, saying that his order of an iPhone 7 was on its way. He hung up, eventually. It was, of course a recorded message, so presumably the scammers just cannot be bothered to update it to a more recent model.
(I have to say that if anyone is still ordering an iPhone 7 for £695, it is news to me.)
I get the Amazon calls almost daily on my land-line, generally they display an 020 number from my local area. Sometimes it's the 'security department from your bank'. Strange that it's the same voice each time!
I also get scam calls to my mobile - particularly 'from' Manchester and Liverpool.
The other day I had one from Rekyavik. So I answered it.
"Hello, am I speaking with Mr Ivan Headache?" said a sweet Asian voice.
" Yes. But why are you calling me from Iceland??
"I'm not, I'm in south-east Asia..."
I think the penny dropped for her.
Then last week. I was in Edinburgh and a call came though from Yeovil.
"Good Morning." in my stentorian voice - knowing what's likely to be coming.
There's a pause and noisy office sounds with female Asian voices chattering, then a male voice.
"Hello Am I speaking with Mr Ivan Headache?"
"Chief Inspector Ivan Headache speaking."
Slight pause, ".......ah!" then the line went dead.
I've always wanted to say:
"Umm, look, do you mind if I ask you some personal questions?
Basically I was wondering how you got into the telephone fraud business. Do you make a lot of money scamming people out of their savings? Are the hours ok? I'm at a loose end at the moment and could do with a bit of work."
what has always puzzled me in this, already 'classic' story, the loose end, i.e. how the offender(s) opened the bank account, in this day and age, where you're supposed to present a passport, or other form of id (or am I naive that you can upload any doctored passport scan, with any doctored bills, and you get a big, greeen OK - congrats! message from the bank?] and how - presumably - how they managed to withdraw 30K, presumably very fast and disappear. Where is the supposed 'robust' banking security systems that are supposed to flag suspicious behaviour, e.g. such as a bank account, presumably dormant, suddently receiving a large amount of money, withdraws it (clearly), and leaves a middle finger in mid-air? This part of the 'classic' story never comes up, and we're left with the 'police make [another] urgent appeal for people to be on the lookout', until the same story re-surfaces a couple of days later.
They find a mark. Usually a student or someone with not much money and offer them 1k maybe to let them do the transfer in and then out. Usually they split it over a few so withdrawing the cash isn't as suspicious. What the mark doesn't realise is that they get what is called a Cifas marker against their name and they now can't have a bank account for 6 years. It might not even be a mark it could be a so called friend who asks you to do it as a favour then disappears.
I don't think it's that plausible. I mean, it is, in theory, but presumaby the conmen, pardon ladies, con-persons, run it as a constant operation, and each such student is a one-off, and it's got to be quick, and 30K to withdraw quickly, even split into small(er) amounts, is supposed to raise red flags (well, clearly not!) How many such students (or 'students') do you need to find, each for just one job, before word gets round? Also, presumably, such a flagged person is flagged across the banking system, not just barred from this particular bank. Also, if they split 30K across several accounts, presumably all of those accounts are just as dodgy, and again, all need to be re-opened for each new scam? Unless the 'split' hits a certain level below which the bank / plod just don't investigate, because of some 'low-risk-crime alogorithm'?
I have three current accounts. The oldest required the least documentation, as you might expect, being opened with cash, in branch, in the 90s. The one that required the most documentation however was not the newest, which was opened online, fairly easily, with only scanned documents and photos uploaded. Nothing that couldn't be relatively easily faked if you know what you are doing. I'm sure there were other verification processes going on in the background.
As technology makes life easier for the honest, it also makes it easier for the dishonest.
Of course this assumes the fraudster opens a new bank account for committing fraud, and doesn't hi-jack someone else's account, or make use of an unsuspecting money mule (or even willing money mule). They're committing fraud, so they're probably not too fussed about being honest with the people they do business with.
I kept one scammer going for 10 minutes recently while feeding them complete bullshit. Then I walked into the kitchen and tapped my wife on the should so she could share the joy of what happened next. I politely asked the guy with the strong accent on the phone if I could ask him a question and when he paused to let me continue I said in a nice calm voice "Can you tell me? When was the last time you had sex with your mother?". He either didn't understand or couldn't get his head around the question so I asked it again. This time he hung up the phone ha ha :-D
Another time I gave some other guy so much abuse he started threatening me that Abdul (I forget the actual name but it was along those lines) was going to come and sort me out so I suggested this person was probably a paedophile etc. I am not ashamed in any way to say that I was highly racist to this person as I feel that anything goes as far as a scummer (deliberate mistype) is concerned.
I knew I would get a dumbass reply like this - so well done on being the "one".
I am NOT ashamed in any way that I was racist to a SCAMMER. So please get what I said in the correct context.
This is no different to shooting a burglar in your kitchen. When dealing with criminals normal rules no longer apply. And we are ALL naturally racist by birth - the difference is that as an enlightened society we override the nature and act differently. So stop trying to act all high and mighty as I bet if we had every word that came from your mouth recorded and analysed you would soon crawl away :-D
Dumbass reply number 2 awarded!! I will use all weapons available against scammers whatever they may be. Frankly I would like to be able to send a sharp pointy object down the phone and stick it in their eyes :-D
So to answer your silly question the reply is a clear "NO"!! Thank you for playing......
Well if I came across I burglar in my house then I would love to have an axe in my hand so I guess I am an axe murderer by nature :-D
Once again you go down this route of twisting my words to suit your agenda. Nowhere did I say it's my "go to attack" but if this weapon can dehumanise the scammer and damage them emotionally then I will do it without hesitation. Judging by the voting on this topic I think you are not in the majority camp of opinion either.
https://www.bbc.com/news/business-58546527
I suggest you have a read of that article before you start having morals and limiting topics when dealing with this kind of filth.
Have a downvote. I read the BBC article, and your previous comments, and I don't see how the article supports your view of escalating retaliation (from your examples of i) a person trying to trick you with words, you retaliating with racist abuse; ii) burglar entering your home, you retaliating with lethal force). The article is saying that a lot of people are getting scammed because they want to be polite, saying that you like to be abusive doesn't address that issue. Polite refuse with redirection is an alternative:
"My authority figure* says I should always check a caller's identity..."
"I would like to tell you, but my authority figure* says I should ask you..."
* - boss/security manager/bank/husband/wife/parent/hamster etc.
Maybe you feel better after your abusive outburst, but be honest, it's for your own satisfaction and no-one else's benefit. The caller is either going to shrug it off, or feel confirmed in their view that their victims are horrible people who deserve it. If you succeed in your intent of dehumanising and emotionally damaging the scammer, do you think they will be more or less likely to continue attacking the society that has hurt them?
I wanted to transfer funds after a house sale from one bank to another.... Found out that if the sum was above £10 000 , then it had to be reported and recorded in case I was moving the procedes of crime around.
So the bank should have looked at the account /sort codes and logged where the money was going..
But I've had 2 phone calls regarding bank stuff......... both times I was very rude to the caller because she could not identify herself to me as 'the bank'
Both times had to goto the bank to report attempted fraud , then go say sorry to Carol in accounts management for being very rude to her .. stupid bank. they need 2 factor ....
I wonder why most often we read that an elderly person got scammed and that police is looking into it.
I am asking because when my friend who is in her 30s got scammed, everyone said "it's your fault, you should be more careful" and they didn't even want to look into perpetrators.
I wonder what people pay taxes for...
First day in a new job abroad over twenty years ago and I was staying late to get to grips with their systems. Their security was lax to reckless.
An English guy phones up at 9pm asking for the address and home phone number of the managing director. His, and every employees, address and phone number were printed out above the receptionists desk - told you the security was shite.
I refused. The caller said he was the owner of the company worldwide and was currently driving to my MDs house from the airport. "Without knowing his address and phone number?"
"Everyone in the company knows me!" "Except me, it's my first day." "It'll be your last day unless you tell me his number and address!"
He was getting furious by now, which seemed kind of credible for a rich man refused so I offered the obvious solution. "Give me your number and I'll phone him, and if he wants to phone you he will."
Turned out it was the owner but I got brownie points for sticking up to him, which allowed me to introduce a fair few computer security upgrades.
Scammers sell "sucker lists" of people who've fallen for their scams between themselves so they can be targetted repeatedly. My elderly mum is obviously on one, but we've shame trained into hanging up fast, not answering suspicious numbers and not clicking on links. The UK police don't take it seriously due to cuts so they should be incentivised by getting to seize the wealth of the scammers for more dedicated officers.
It's been a while since I got these BT scam calls. They have been around using this tricks since years ago. I think people should have been aware of these scams. I can still read so many reports and complaints filed at complaint boards like http://phonebook.ai about these scams. We need to keep spreading the word about this, at least to our family.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
