Cybercriminals do their homework for latest banking scam A new social engineering scam is making the rounds, and this one is particularly insidious: It tricks users into sending money to what they think is their own account to reverse a fraudulent charge. The FBI's Internet Crime Complaint Center issued the warning, which it said involves cybercriminals who have definitely done …
Many years ago I paid in some cheques using the bank's self-service in-branch deposit machine. I naturally assumed that the credits hit my account, until a week later I got a letter through the post asking me to check my account to see if amounts that the bank "deduced" that I'd paid in had in fact been credited.
Turned out that the branch in question had had a robbery shortly after my visit.
Now the relevant bit: The bank insisted that I do the legwork in getting all of the cheques stopped and reissued by the companies issuing them. I gave the same line "you're the bank, do it yourself" but to no avail. I jokingly said it was bad enough trying to get cheques issued by customers once, let alone twice. I did extract a compromise from them: they wrote to my customers explaining the circumstances, and that they would reimburse charges made in stopping the original cheques.
One point I made to the bank was: surely you are insured against bank robberies, in which case the insurance company can pay out the amounts stolen. They maintained that they are not insured.
It is this type of convoluted procedure for something that sounds very questionable that someone could latch onto and exploit.
Soon after we were married, my wife and I bought a small amount of groceries from one of the (then) big supermarket chains. We only spent £10 as we were very short of money. I went to the checkout and wrote them a cheque for that amount. Some days later we received a letter from the supermarket asking me to issue another cheque for £10, because they had had a robbery and my original cheque was among those stolen. I refused to do so, and contacted my bank to stop the original cheque from being cashed. I explained to the supermarket that I would not issue a replacement cheque as I had completed the original transaction in good faith and to their satisfaction, and anything that had happened to the cheque thereafter was their problem, not mine. I posed the question, had I been mugged in the car park and my newly purchased goods stolen, would they have expected me to return to the store for replacement items? Had I known that the theft was going to happen, I would have kited considerably more than just £10.
The only time I've ever had an issue like this has been when I went into the bank to complain that my paycheck had not appeared in my account ... the bank apologized for entering the wrong account number and fixed it immediately ... Trusting the internet is like covering yourself in steak-sauce and walking through the Lion enclosure at the zoo while posting on Facebook.
What, you mean like most banks when they call you?
They're also completely unprepared, and quite stroppy, when you ask them a question they don't anticipate, such as "name three direct debits paid in the last fortnight", and really don't like being told that they failed to verify they were who they said.
Hello NatWest, looking directly at you.
With behaviour like that, it's not a great surprise people get scammed.
These days I keep telling my bank that I refuse to accept any "official" notification sent via text or email (including in their app). If it is important, written on headed paper, signed, and posted. Given that I've had numerous messages (SMS and email) about my unarranged overdraft at the Credit Agricole (who I'm not a client of), I simply cannot accept electronic communications for anything other than providing a code number in response to a known purchase.
'Standard Life keep calling me (it is them), but I utterly refuse to answer any questions "for security purposes".'
At least, you think it is Standard Life, but it could equally well be a scammer spoofing the Caller-ID of a known published Standard Life phone number…
There is no way to verify whether an incoming call is genuine, so, unless it's the number of a friend calling, I just ignore all unknown incoming calls. If it's not someone trying to scam me, it'll be someone trying to sell me something, and I don't want to hear from either of them.
The only sensible way for a bank to request you to contact them urgently (eg, to check a potentially fraudulent transaction) is for them to text you, and for you to contact them via secure messaging in their website/app or phoning their known trusted contact phone number. (If the text message contains a web link or phone number in it, those must be verified against those published on their website, etc, and never trusted as-is.)
My current policy is straightforward. If you initiate communication with me using an untraceable mean, I will not enter any agreement with you. That includes phone, unencrypted email, and non-tracked mail.
The actual content of the proposal is entirely irrelevant; I won't even listen to it. The entire purpose of the conversation is to convince me that you might actually be genuine, at which point I will politely hang up and separately contact your institution using a known-safe mean (a known-good phone number or address). Then we can discuss your proposal.
This is separate from spam calls; if you sound like a spam call, I'll just hang up immediately and blacklist the number. I might have some false positives this way. I don't care. Whatever happens can be fixed later.
(1) How "on line banking" is "convenient"
(2) How my sofa is SO much more convenient than an actual bank
(3) How my laptop is SO much better to deal with than a real person
(4) How waiting for a text message "security number" for so long that the on line transaction has timed out before the message arrives
(5) How sorting out glitches (like item #4) on the phone, and waiting for 30 minutes for someone to pick up....how this is "an improved service"
But of course this is all:
(a) Just marketing
(b) Just a cost reduction exercise.....where the data entry work has been moved from banking staff (expensive)........to the customer (much cheaper)
Ah...another marketing lie......"Customer service is our number one priority"..................NOT!!!!
"(2) How my sofa is SO much more convenient than an actual bank
(3) How my laptop is SO much better to deal with than a real person"
The reality these days is that actual bank branches are becoming increasingly remote and when you finally complete the treck to one the staff are disempowered and unable to do anything except tell you to go online or ring. Having dissuaded everyone that it's not worth visiting their "local" branch they can close if due to lack of business.
Trying to phone, of course, results in getting a recorded announcement that they're experience an unusual number of calls (for at least the last decade) and you should go online,
The fact that this exposes you to fraud is your problem, not theirs.
Personally I greatly prefer going online to having to bum a ride or take a bus to the bank.
Neanderthals may disagree with that viewpoint.
I also deal with a REPUTABLE bank, not one that keeps making the news with their shoddy security. Unliike some people, I didn't just pick a bank at random because it was "convenient."
Ok,
Really not sure why you are paranoid at disclosing the name of the establishment that surely has more then you as a customer, especially as we don’t know who you actually are.
I’m with Barclays and had an issue a long time ago when my card got cloned and I had to turn detective in order to get them to refund me as.
I’ve also had accounts at nationwide, Santander, RBS, Lloyds, tsb, and others I can’t remember.
They’ve all had their faults, the Barclays app seems very good compared to others I’ve seen and puts it and them above.
Ability to pay cash and cheques in via the outside machine was (3 local branches now closed) a huge bonus.
Stirling seems ok, app looks good,
Many people just use their phone to pay contactless now which is great, my missus has her cards actually locked in the safe.
AMEX was great at delivering new cards to random places when I used to constantly lose mine.
I should add that almost all uk accounts have 2 factor authentication meaning it’s very difficult for imposters to impersonate you, but not impossible.
Certainly difficult to get you across the internet when you need to put your card into a card reader and enter the code generated on your banks site or they text you a code to a known number.
It’s not impossible but certainly harder to get you today than 10 years ago.
Even contactless payments will be subjected to extra verification, not sure that applies to payments from phones though as typically thy must be unlocked using a pin or biometric before payment and each transaction is unique.
"Really not sure why you are paranoid at disclosing the name of the establishment"
How many customers said establishment has is irrelevant. The user's bank details are fair unique to him\her. Never give out any information that can be tied to any account you use, when it is completely unnecessary to do so. Who knows what information is being collected and collated now, or will be in the future.
Why take an unnecesary risk?
The "fraud specialists" contacting users reportedly "speak English without a discernible accent," and once they establish credibility with the victim they move on to "helping" them "reverse" the fake transaction.
I am pretty sure that that this is an incorrect assertion on the part of the FBI.
I think it much more likely that they speak Merkin without any discenible accent. We English all have accents and they are mostly discernible by other English speakers. Only a Merkin would think they all sound the same.
I think it much more likely that they speak Merkin without any discenible accent. We English all have accents and they are mostly discernible by other English speakers. Only a Merkin would think they all sound the same.
Yup, the closer you are to the source of a language the greater the rate of variation. Britain is a relatively small island but you only have to travel fifty miles to hear a different accent.
I had something like this happen last Thursday.
My wife was transferring some money from our chequing account and the balance dropped below $100. A little while later a text shows up on my phone saying "....Chq Acct ***1234 balance is below threshold amt. Charges may apply. Review and deposit $ if req'd. Std msg rates apply. Txt HELP=help|STOP=stop."
Clues that it was a fake notice.
1. The account doesn't have a minimum threshold.
2. The bank wouldn't use short forms like chq, acct, $, amt, std and msg.
3. We don't keep very much money in that account, it often drops below $100 and this sort of message has never appeared before.
I admit the text did catch me off guard for a few seconds and I can see how some people would fall for it.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
