WHAT IS IT?
Banking fraud is when criminals gain access to your bank account using your personal details and passwords, and take money from your account.
Banking fraud can occur through three channels:
- Internet banking
- Telephone banking
- Mobile phone banking (in-app)
Criminals employ a range of social engineering techniques to trick you into giving away their personal and financial information, such as login details and one-time passcodes. They often impersonate trusted organisations – such as banks, HMRC, broadband providers – to get this information. They may also steal your personal information by intercepting your mail. The stolen details are then used to access your account and make a unauthorised payments.
Criminals may also try to gain access to your bank account through ‘remote access’, meaning they persuade you to give them control of your computer. Criminals claim to be providing support from an internet service provider, for example, and convince you to download programmes to your computer, giving them control of the device. They can then use this to access your accounts.
How to spot banking fraud
- Your account details have been changed and you may not be able to access your account
- Your bank account has new payees, direct debits and standing orders set up that you didn’t authorise
- There are transactions on your bank statement you don’t recognise
Examples of banking fraud
Adrian* was trying to keep his children entertained when he received an urgent text message from ‘his bank’ informing him about a problem with his bank account. He was told to ring the number provided immediately to update his personal details. Upon speaking to ‘an employee’ from his bank, who confirmed Adrian’s full name, address and recent transactions, he was told the bank had detected suspicious activity on his account and he needed to provide them with new personal information. The ‘employee’ informed Adrian that in order to process the change of details he would receive a One-Time Passcode which he was to share with them. Moments later, he was told the problem with his account had been resolved.
Unknowingly Adrian had given access to his bank account to a criminal.
A couple of days later, he logged into his internet banking and discovered new payees and direct debits set up which he had never authorised. He contacted his bank immediately to resolve the issue.
Jackie* was sorting out her household bills one day when she received a call from someone claiming to be from her energy provider. She was told that she was due a refund on a recent transaction due to an administrative error. Jackie questioned the caller’s credentials, but they were able to verify her personal details and her energy account information. The caller asked Jackie to confirm her bank account details so that company could process the refund.
Jackie had no idea how a criminal could have so much of her information so despite some reservations she read out her account details. The caller said it would take a few days for the refund to appear on her account.
The next week Jackie checked to see if the funds had come through but instead found many transactions that she did not recognise. Only then did she realise she had been scammed.
Sophie* was working from home one day when she received a call from her broadband provider. Her connection had been rather slow that day and although she was busy she thought it would be useful to take their call as it might speed things up. She knew that criminals made contact over the phone to try and scam people but the caller verified some of her personal information so she stayed on the line and followed their instructions.
The caller convinced Sophie to download some software to improve her broadband speed which she did. The download allowed the caller to take control of her device. The caller advised Sophie to log into her internet banking in order to check everything was working okay. Unfortunately, the fraudster was also able to see all of her information due to the software download and access her online banking information. Days later Sophie realised she’d been scammed when she checked her bank account.
*Case studies are based on insights from partners