Sophisticated fraudsters cleared thousands of pounds from personal bank accounts last weekend after persuading victims to divulge their passwords.
The victims all made one crucial mistake.
The fraudsters telephoned their targets claiming to represent their bank and said there was a problem with a new debit card. They said the bank had sent a new card which had not been activated and then, after ‘confirming’ details such as the victim’s address and account number, asked for ‘confirmation’ of two digits from their password.
Worried about identity fraud? Use Credit Watch from Equifax
Two calls… one password
The fraudsters then phoned back a few minutes later claiming that another problem meant they needed to ask for three more digits of the password – so they now had the whole password, which they then used to access and empty the victim’s bank account.
One of the victims, whose account was looted of over £9,450, said, “They caught me when I was in a hurry, so I didn’t think it through properly. And they were very well-spoken and seemed to know a lot about me and the bank.
But now that I think about how they got the password I realise how stupid I was.”
The victim adds that his bank, Barclays, were on the case in a flash, and refunded his account immediately. Barclays confirmed that its fraud guarantee covers such cases. Almost certainly the fraudsters only got away with it because the transaction happened over a weekend when there are fewer staff on anti-fraud duties.
Three of the victims of this particular fraud were company directors familiar with online transactions. That just shows how easily people can be fooled if they haven’t prepared their defences.
Sign up to a free trial of Credit Expert and get free ID fraud alerts
You shall not pass
You can make yourself completely immune to this type of fraud. Simply programme yourself with this instruction: I WILL NEVER GIVE MY BANK PASSWORD TO ANYONE WHO PHONES ME.
In this case, the fraudsters already had details of the victim’s home address and bank account number – possibly gained from a mobile phone bill – without which they could not have succeeded.
Nor could they have succeeded if they had not already set up their own accounts with Barclays, because the only way they could get away with it was for the money transfer from the victim’s account to be instantaneous, which it wouldn’t have been if the transfer had been to another bank. So this was a highly sophisticated fraud by people who knew the banks’ processes extremely well.
Worried about identity fraud? Use Credit Watch from Equifax
You hold the key to your security
But in the end it still depended on the one crucial element that you can and always should control: your password.
Regardless of what other information someone has about your online/telephone account, they won’t be able to access it and remove money without the password.
The golden rule for this is never to divulge your password to anyone who phones you. If someone claiming to be from the bank calls you and asks for your password or part of it, say you’ll call them back and terminate the call.
Sign up to a free trial of Credit Expert and get free ID fraud alerts
Take control of the conversation and stay secure
Only divulge your password if you’ve made the call to the bank using the contact numbers you have for your branch or the call centre. Even if you shred every document you receive containing personal information, your bank account number is in the systems of every business you have a direct debit arrangement with, any phone company you have a monthly contract with, and so on.
This information should be and usually is held securely within those systems, but large sums of money are offered by fraudsters for exactly this kind of data and occasionally they will get hold of some.
But even if they do, without your password they won’t be able to get into your account. And the only way they can get the password is from you. Repeat after me:
I WILL NEVER GIVE MY BANK PASSWORD TO ANYONE WHO PHONES ME.
Worried about identity fraud? Use Credit Watch from Equifax
