“Please read out the security code”
Bank robbers used to be fairly predictable. A masked man with some kind of firearm, or imitation of one at least, raiding the bank and demanding a sack full of cash. The getaway car is parked outside, driver at the ready, and all over and done with in a matter of a few minutes. Increased security, the reducing reliance on cash and the increase in telephone and internet banking mean that the bank robbers are changing tactics. No more brute force, a lot more technology and trickery. There are a number of telephone banking scams with slightly differing tactics, here we investigate the security code scam. One where you inadvertently give the scammers full access to your bank account.
The Background
In this example the scammers will already have access to part of your bank account. They will know a number of your personal details which they have probably gleaned from a data breach elsewhere. There have been several high profile data breaches over the last few years, with information like telephone numbers, addresses, dates of birth, email addresses and passwords amongst others. Most people use the same details and passwords for all of their online presence, including shopping, forums and clubs. In some cases they might get this detail physically, by rummaging through your bins. Once the scammers have access to this data they can select their targets.
The Phone Call
The scammers have enough detail now to select their target. They will probably know what bank you are with, they will probably know how to get MOST of the way into your account. Bank websites are usually very secure and often require two factor authentication. This is where, in addition to the usual account username and password, they require a security code sent in a text message. This is where it gets nasty. You will receive a phone call claiming to be from your bank. It may or may not show the banks number.
“There has been some fraudulent activity on your account. We need to go through the transactions with you and identify which ones are yours and which are fraudulent. For security purposes I am about to send you a text message with a security code. Please read it back to me”
Access Granted
So, you have now just given them full access to your bank account. In minutes they will have set up a new payee and started moving money out. During this time it’s likely that the scammer will keep you on the phone in case any further security codes are required. It’s a cheeky method of getting into your account and emptying it. The scammers don’t care if you’ve got hundreds, thousands or just a few quid. They’ll take whatever is there and plunge into your overdrafts for good measure.
What should I do?
First of all, DO NOT read out any codes over the phone. Receiving a call from the bank should always be treated with suspicion. If you decide to end the call and call back on a trusted number, such as that on the back of your bank card, the caller (if genuine) will understand. A scammer will likely start to get agitated and try to convince you not to.
At this point you should realise that your security has been breached. You should call your bank immediately and let them know what’s happened. You must log onto your internet banking and change your details. It’s usually a good idea to use separate email addresses and passwords for your internet banking.
The fight against scammers is something we can all be part of. Just raising awareness of these types of scams can help someone avoid the financial loss, stress and inconvenience of being a victim. Share this blog on your social media platforms to help spread the message. You might also want to take part in our e-learning, kindly provided by #Friendsagainstscams, at www.FriendsAgainstScams.org.uk/elearning/Litenet
