It all started one afternoon in April when Robert McGovern received a text message from Barclays asking if he had made a payment for £322.
Robert, from Romford, was told to respond with a simple “Y” for yes or “N” for no.
Recognising that the message appeared “dodgy”, the 51-year-old ignored it.
However, an hour later he received a phone call from an agent claiming to work at Barclays Fraud Department.
Robert was again asked if he’d made a transaction worth £322 in Liverpool on the same day.
He said: “It was strange but I thought nothing of it, I said no, I live in Romford a whole 230 miles away – that’s not possible.
“The agent said that they had stopped the payment, and I was grateful, but that’s when my nightmare began.”
Fast-forward 10 days, and the same “agent” rang Robert again, this time saying that there were still issues with his Barclays accounts and that they needed to check his PC for malware.
Within 10 minutes and after Robert admitted he “stupidly” agreed to install an application called “ANYDESK” the phone scammer had access to his accounts.
Robert said: “In the moment, you don’t have time to digest what’s going on.
“I didn’t have a problem with it because he was literally naming the exact accounts I held, including the account numbers before I logged into my online banking.
“He told me a serious fraud had been committed and somebody had taken out a £50,000 loan in my name and after logging in and out again – there it was…
“I was gobsmacked, the money practically appeared out of nowhere.”
At this point, Robert became concerned after the agent started asking him about other financial products he held, including crypto.
“I unplugged everything, it all dawned on me at this point. This guy wasn’t from Barclays at all.
“I felt so stupid,” he added.
Robert phoned Barclays straight away and told customer service everything that had happened.
After checking his accounts, Barclays put an immediate block on everything.
But Robert was furious that somebody could have taken out a loan in his name.
Just weeks before speaking to the scammers the same bank had denied him a loan of £4,000, which he’d wanted to renovate his bathroom.
He said: “I just had to complain. I have no idea how a scammer be accepted for a £50,000 loan, and I couldn’t get a £4,000 loan with the same lender just weeks before.”
REMOTE ACCESS FRAUD
ADVICE from Jake Moore, global cybersecurity advisor at ESET.
Some remote access software or, in some cases, malicious software disguised as a legitimate program can be used to compromise a computer.
Remote access screen sharing gives a stranger full control of your computer, laptop, or phone, and if a criminal gains access to your device, they may be able to see your files, data, and accounts.
Once installed on the victim’s device, it can also be manipulated to perform various malicious activities, such as downloading additional malware, stealing personal information, spying on the user, or enabling permanent remote access to the attacker.
At this point, the attacker can do anything from drain your account or even apply for things like credit cards and loans using your data.
This is then categorised as a form of ID fraud.
But there are a number of different steps you can take to prevent falling into this trap.
In addition to checking bank transactions daily, people need to be very aware of how much private data they hand over to companies or organisations.
For example, companies often request a lot of sensitive information when signing up for websites, but you don’t always have to provide it all.
If a date of birth is required, for example, unless it is an official form, consider entering a different year or date altogether.
The same goes for mobile numbers. Ensure you’re only giving these out if you absolutely need to.
It is also important to be aware of phishing emails, rogue text messages and especially unsolicited phone calls requesting information – even when they know so much about you already.
Unfortunately, as Robert had given the scammer access, Barclays said he was at fault and didn’t explain how it was possible for the scammer to take out the loan when he’d been recently rejected.
However, Barclays removed the loan amount from his account within six days of the issue being flagged.
The bank also gave Robert a £100 “gesture of goodwill” to compensate for the eleven days his account was blocked while it carried out its investigation.
A Barclays spokesperson said: “The protection of our customers’ funds and data is our highest priority, and we take every precaution to ensure our systems and processes are secure.
“We have every sympathy for our customer, who fell victim to a sophisticated impersonation scam.
“The scammer was granted access to our customer’s device after malware was installed, and this resulted in a loan being taken out in the customer’s name.
“We implemented temporary blocks on the account as a precaution whilst our customer installed antivirus software on their device.
“Once we were informed this had been completed, the blocks were lifted.”
The Sun asked Barclays to explain in more detail how a scammer could actually take out a loan in this scenario.
However, the bank refused to share any more details on its loan application checks.
NEW FRAUD RULES ARE COMING
Remote access ID fraud is on the decline, according to UK Finance.
Internet banking fraud losses decreased in 2022, falling 28% to £114.1 million when compared with 2021. Case volumes also fell by
56% to 32,036.
A main driver behind the reduction is the prevalence of this type during Covid-19 lockdowns when many people would have been working from home, spending longer online, and doing more internet shopping.
This gave criminals greater opportunities to trick people into revealing their security information.
These opportunities have, therefore, reduced as restrictions have ended.
The trade association reminds consumers that a genuine bank or organisation will never contact you out of the blue to ask for your PIN or full password.
It added that customers should always question uninvited approaches in case it’s a scam.
It says that you instead, contact the company directly using a known email or phone number.
In other news, fraud victims who have been tricked into transferring money in scams will be able to receive up to £415,000 back.
It will now also be mandatory for banks to repay scam victims, where before it had been voluntary.
The regulator, the Payment Systems Regulator (PSR), says the £415,000 amount which will come into force from October 7, 2024.
Specifically, the payment will cover authorised push payment (APP) fraud where scammers trick victims into sending them large amounts of money in bank transfers.
The regulator, the Payment Systems Regulator (PSR), says the £415,000 amount which will come into force from October 7, 2024.
Brits who fell victim to APP fraud lost a combined £485million in 2022, according to UK Finance.
How to protect yourself from scams
BY keeping these tips in mind, you can avoid getting caught up in a scam:
- Firstly, remember that if something seems too good to be true, it normally is.
- Check brands are “verified” on Facebook and Twitter pages – this means the company will have a blue tick on its profile.
- Look for grammatical and spelling errors; fraudsters are notoriously bad at writing proper English. If you receive a message from a “friend” informing you of a freebie, consider whether it’s written in your friend’s normal style.
- If you’re invited to click on a URL, hover over the link to see the address it will take you to – does it look genuine?
- To be on the really safe side, don’t click on unsolicited links in messages, even if they appear to come from a trusted contact.
- Be careful when opening email attachments too. Fraudsters are increasingly attaching files, usually PDFs or spreadsheets, which contain dangerous malware.
- If you receive a suspicious message then report it to the company, block the sender and delete it.
- If you think you’ve fallen for a scam, report it to Action Fraud on 0300 123 2040 or use its online fraud reporting tool.
REPORTS SCAMS
If you think you have been a victim of a scam, you should report it as soon as possible.
There is no guarantee you’ll get your money back, but banks will often compensate you if you can show you did not know the money would leave your account.
You can forward scam emails to report@phishing.gov.uk.
If you notice a website that doesn’t look quite right, you can also report it to the National Cyber Security Centre by visiting www.ncsc.gov.uk/section/about-this-website/report-scam-website.
You should also contact your provider and report it to Action Fraud, which will give you a crime reference number.
You can do this online by visiting actionfraud.police.uk or by calling 0300 123 2040.
If you’re in Scotland, report a scam through Advice Direct Scotland online by visiting www.consumeradvice.scot. You can also report scams to Police Scotland on 101.
If you need further help, contact Citizens Advice Scams Action by visiting www.citizensadvice.org.uk/consumer/scams/get-help-with-online-scams or calling 0808 223 1133.