A major high street bank recently reported an attempted phishing scam in which fraudsters tried to deceive one of its employees into transferring money. The scam began when the employee responded to a text claiming to be from a delivery company. The text stated that an attempt to deliver a parcel had failed, and a small fee of £2.62 was requested to arrange re-delivery.
Familiarising yourself with the latest scams is essential in today’s digital age. Awareness is your first line of defence against fraud. By staying informed about new and evolving scams, you can better recognise suspicious activities and take appropriate actions to protect your personal and financial information. Understanding these threats empowers you to avoid falling victim to fraudsters, ensuring your security and peace of mind.
The Anatomy of the Phishing Scam
In this case, fraudsters aimed to exploit a member of Santander’s specialist fraud team. The fraudsters attempted to convince the employee to empty his account and transfer the money to a different account. Fortunately, the staff member had initiated the call with the fraudsters as part of an intelligence-gathering exercise, demonstrating proactive measures against fraud.
After responding to the initial phishing text, the staff member received another message purportedly from Santander. This message claimed that a large debit—£765.99—had been taken from his account. The message included a contact number for him to call if he had concerns about the transaction.
Fraudsters’ Deceptive Tactics
When the employee called the provided number, the fraudster on the other end took him through fake security protocols and claimed they had put several payments on hold pending verification. This part of the phishing scam involved asking a series of seemingly innocent questions designed to extract sensitive information.
The fraudster reassured the employee that the situation was not his fault, a common tactic to lower the victim’s guard. He then inquired about other banks the employee used and informed him that fraudsters had accessed his internet banking. The employee was told he would soon receive a call from a Santander manager with a unique reference number for verification.
The Follow-Up Call
The employee received a call from someone claiming to be Andy Lawson from the totally fictitious Financial Conduct Authority Fraud Prevention Team. The caller shared the reference code and alleged that fraudsters had installed malware on the employee’s device, enabling them to access his online banking and personal data.
The caller explained how malware could extract banking credentials and personal information from the employee’s phone. The fraudster suggested that the Santander banking app on the employee’s handset had been compromised by a phishing scam. He then asked for the balances across the employee’s accounts and inquired about his familiarity with cryptocurrencies.
Attempt to Move Funds
The fraudster advised the employee to change his daily transfer limit to prevent the alleged “fraudsters” from sending any money. He also recommended moving the money to a Revolut account, claiming it was the safest option.
To reach the daily transfer limit, the fraudster walked the employee through the process of transferring money from his Santander account to a Revolut account. The fraudster then attempted to get the employee to move the rest of his funds to other accounts, promising that the money would be returned to his Santander account later.
Key Takeaways
- Verify Sources: Always verify the source of any unexpected messages or calls, especially those requesting money or sensitive information.
- Be Sceptical of Urgency: Fraudsters often create a sense of urgency to prompt quick, unconsidered actions.
- Use Trusted Contact Methods: If in doubt, contact your bank or service provider using official contact methods rather than those provided in suspicious messages.
- Monitor Accounts Regularly: Monitor your bank accounts for unusual transactions and report suspicious activity immediately.
- Educate Yourself and Others: Staying informed about common fraud tactics can help you recognise and avoid scams.
Lessons Learned
Santander should be applauded for their proactive stance in combating fraud. Their recent effort to expose and prevent a sophisticated phishing scam demonstrates a commendable commitment to safeguarding customers. Highlighting such scams is crucial, as it shines a light on a pervasive issue affecting thousands of people every year. This awareness helps potential victims recognise and avoid similar fraudulent activities.
However, the fact that fraudsters favour Revolut accounts for their scams is concerning. Revolut must investigate why fraudsters prefer their accounts and take robust measures to enhance their security protocols. Addressing this issue is vital to protect their users and maintain trust in their platform.
