It happened to me!
A member of staff shares their experience of being targeted by a fraudster.
“It was a Friday morning in my new job, and I was doing some final prep for a meeting that was due to start in 15 minutes, when I received a text saying that a transaction needed authorisation from a building society account, and if this wasn’t me, to ring the number in the message. Now, I don’t have a ‘bank account’ with this building society but I do have my mortgage with them, so I rang the number.
I spoke to a gentleman who was very convincing and willing to help, making me drop into conversation about other bank accounts and credit cards I had so that they could make sure that the ‘scammers’ hadn’t accessed my other accounts. It happened to me!
Whilst all this is going on, I’m trying to cancel my meeting, explaining that I’m dealing with a personal fraud problem which shouldn’t take too long to sort out! The stress of being caught out to fraud, being new to the job and having to cancel a meeting lowered my guard and stopped me from thinking straight.
Over the next 2 hours, he convinced me that he was able to see all my accounts as, because he worked for the fraud department of a major building society, some financial regulatory body gave him access to all my accounts. As a way of confirming my accounts, I gave them the size of my credit limits and over drafts.
He informed me that he could see some activities on my bank account that were pending to being blocked, and got me to check on my on-line app to see if they were visible or not – he said they weren’t visible because he had stopped them from going through. He then said that he could see some similar activity on one of my credit cards.
He said he would cancel them, but in order for the cancellation to go through, he would need the last 3-digits on the back of my card, as well as the code that would come through to my phone from my credit card company (despite the messages saying not to give this code to anyone, even the police or bank staff!).
As said, I wasn’t thinking straight during this, so very merrily submitted the information. Every now and then, he’d tell me to check my account to make sure nothing had gone through. Sometimes my app wouldn’t open but it was OK, he was going to re-set it at his end - which he did.
Once he’d allegedly cancelled about £1,500 worth of transactions on that account, he moved onto my other credit card! I grew suspicious at this point and even called him out as a fraudster, at which point, he very calmly went through some pointers to reassure me and that he’d stop if I wanted, but that he could see these potential transactions that I couldn’t. We carried on and ‘cancelled’ another £1,500 from that card at which point, now that 2 hours had passed, he said that all was done and hoped I enjoyed my bank holiday weekend.
Throughout this process, something just wasn’t sitting correctly – I needed to speak to a human being. A quick call to my line manager to explain the situation and I was off into town to talk to a human to see if I’d actually spoken to the Fraud Department of the building society. On my walk, I ran through the morning’s phone call: confirming the size of my accounts could flag how much they could take off me; they didn’t need those codes for refunds but for buying; the resetting of my account is because they’d hacked into that and were changing details.
n the building society, I explained what I’d done and showed them my phone. She very politely pointed out that she didn’t think it was from them as sender of the message was a phone number, and messages from them would come up with their name. A conversation with another member of staff confirmed that it was a scam message, but that nothing had happened to my account.
Onto the bank next which confirmed that yes, there was £1,500 of activity that they had not authorised. I cancelled my card and proceeded to check my credit cards, both of which had to be done over the phone (one of which informed me that they required the 3-digit pin to confirm identity!).
I’d fortunately escaped losing money, but I’d cancelled all my cards on a bank holiday weekend and I needed to make up the best part of a day at work!
Months afterwards, I’m still checking my accounts (which I don’t usually do) just to make sure. I also keep a close eye on my post to make sure I haven’t ‘signed up’ for anything.”
Behind the scam - what really happened
The fraudster who targeted this staff member used the most effective tool in their arsenal by creating a sense of panic. As our friend describes above, they were busy at work and just wanted to get the problem sorted, which led to them making decisions they would not usually have made. The fraudster was very convincing, even offering to stop “helping” when he was challenged.
If you find yourself in a similar situation, remember these key points:
- Stop and think. Never feel pressured to respond immediately.
- Don’t contact your bank / building society using the number provided in any text / email. Look up the number online or on the back of your bank card and use that.
- Wait 20 minutes or use a different phone just in case the fraudster is jamming the line.
- Whilst you may be asked for a pre agreed PIN, a bank will not send you a code to enter into your phone or read back to them.
Other useful articles can be found in our Counter Fraud Newsletters on the Publications page