Since before the dawn of time the world has been plagued with conmen. People who could spin a yarn so wild, yet so convincingly, you’d believe them anyway. The origin of the term ‘Ponzi Scheme’ that many will have a fleeting recognition of originated in the 1920′s with Charles Ponzi, arguably the grandfather of the pyramid scheme. Such tricks are nothing new and are even documented in The Bible. No matter your religious beliefs, it just goes to document the survivability and profitability of the confidence tricksters.
In our modern digital world with its checks, balances, security devices, chip and pin, complex password rules and more, physical attacks on your money are harder than ever. And yet we humans continue to be both the weakest chain in the security link, and the most effective attack against our modern security systems. Rather than attack the vault directly as in days of old with all the associated risks and equipment and expertise required; now attackers can sit in the luxury of their own homes, withhold their phone number on an unregistered pay as you go mobile phone, and dial unsuspecting victims and confidence trick their way through all the security in the world by getting you to do their bank robbery for them. One account at a time.
There are almost as many types of fraud as there are fraudsters, but time and time again the industry is seeing a small number of frauds along a theme routinely perpetuated by individuals and larger organised crime groups. The proceeds go from simply funding lavish lifestyles, to eventually being funnelled through to terrorist organisations.
It’s important to note that the majority of these frauds are targeted either by means of data the conmen have already obtained, or by combining electoral roll information with the phone book. It is often elderly people who receive the courier and transfer fraud calls, but anyone can potentially be a victim.
Courier Fraud is becoming big business. The scam first appeared 3 years ago, and there have been many variations on the theme in that time. However the scheme is always along the line: Someone in a position of automatic trust (your bank, a police officer, the fraud prevention officer in a high-end department store and so on) will telephone you and advise of potential or actual fraudulent spending on your card. They will advise you to hang up and immediately dial 999 or your bank to report the matter. They often tell you to ask to verify an officer and give you a reference to quote.
Sounds good so far?
The confidence trick has begun however. The problem is the telephone network will not immediately terminate a telephone call when you have received it (unless it was a call to your mobile – courier frauds do not target mobiles). Instead, the telephone network will hold the call open for a short period. In that time the fraudster passes his phone to someone else just as you pick the phone back up and dial 999. They then pretend to be the Operator. You ask for the police, they pretend to connect you, and pass you along to a third person.
This person pretends to be the police. You diligently explain you have been advised by PC 123 Simmonds of Kensington Borough Police that your card has been used fraudulently and you would like to verify that. Fraudster #3 is only too happy to tap away at a computer and confirm the information and that he can take a crime report there and then.
Bam. You pass over the card number of the ‘defrauded’ card, your personal details, date of birth, address, telephone numbers, and everything else necessary not only to make use of the card but also potentially to steal your identity.
The “call your bank” version of courier fraud is often quite similar. You may be asked to “type in your card pin on your telephone keypad to verify you” after they have asked for your card number. The fraudsters have a DTMF decoder on their end of the line and now have your card number and PIN. They whip off a duplicate card on their end, and go spend your money. Your bank will have a hard time deciding this was fraud as all transactions will be recorded and authorised with your PIN.
Sometimes, depending on the script, they will advise you that a courier will attend your address to collect your cancelled card but this does not always happen as more often the fraudsters are getting all the information they need to clone your card over the phone.
This fraud starts off along a similar theme to courier fraud. Someone in a supposed position of trust will call you and tell you that your money is at risk. They may know a lot about you (remember the intel gathering conducted under courier frauds to target their calls?), and will advise you perhaps that your online account has been compromised and you have only a few minutes to save your money by transferring it to a safe temporary holding account until your account can be re-secured.
This will be a high pressure call. They will not let up until you follow their instructions. “You will liable for all losses on your account unless you do this immediately!” – imagine you’re in your 60′s or 70′s and the convincing person on the phone is telling you your life savings are about to be stolen? The sad fact is they are about to be, but by the person on the phone.
How to Protect Yourself
Confidence trickers rely on conning you, gaining your confidence, adding a sense of urgency, and getting you to reveal information about yourself that under ordinary circumstances you’d never give out.
My golden rule? Just hang up.
Santander have a useful leaflet outlining some of the most popular frauds, as well as ways you can protect yourself and stay safe and secure online. You may think “I would never fall for such nonsense!” and as well you might not – but what about your elderly parents, or grandparents? Print the leaflet off and hand it to them and have a quick chat about this blog post with them. 3 million victims of fraud, and the power is in your hands to not make it 3 million and 1.
Combating Courier Fraud
These frauds rely on you (thinking) you are ringing someone else after an initial incoming call. Simply make the call from any phone other than the one you received the call on, and you’ll probably not fall victim to it. Courier Frauds will always ring your land line, because this type of fraud is not technologically possible to conduct on mobiles. When they tell you to dial 999 or call your bank when you hang up – do so – but do it from your mobile phone. That way you know you will really be speaking to the police or your bank, and not the person sitting next to the guy who just called you.
Combating Transfer Fraud
This one is harder to protect against from a technical point of view, as it is yourself doing all the work. The person on the end of the phone pretending to be your bank just needs to spin a convincing, pressured yarn about your money about to be stolen and only your actions can prevent it.
STOP. THINK. If your bank saw imminent fraud was about to be committed on your account, they would not waste time ringing you, talking for 5 minutes, get you to log in to your online banking, add a new payee, continue with the chip and pin faff for 5 minutes, and then provide you with an account to send the money to. They’d just block your account. Right there. Right then.
General Advice and Further Reading
The Metropolitan Police have produced a booklet called The Little Book of Big Scams and provides a wealth of information on the scams perpetuating, and ways to protect yourself. It’s a good download filled with useful information in its 48 pages.
Remember, if in doubt, do nothing other than wait with the phone on the hook for 10 minutes, and then ring your bank or Action Fraud. Even better make the call from your mobile if you have one.
If you use some common sense and step back from an incoming call, then maybe I’m not going to steal your life savings.