Phone scam targeting elderly Brits nets crooks £750k

Phone scam targeting elderly Brits nets crooks £750k

The UK banking industry is warning Brits about an old-style phone scam that has seen fraudsters con elderly people out of more than £750,000 this year.

The scam sees crooks phoning victims, claiming to be from their bank and saying either that their systems have flagged up a fraudulent transaction or that their card is due to expire and needs replacing.

The crooks offer assistance and gain the victim's trust before asking them to 'activate' or 'authorise' the replacement card in advance by keying their PIN into their phone's handset.

The fraudster then poses as a bank representative or a courier to pick up the customer's card from their home, sometimes also giving the victim a fake replacement.

Once they have the card and the PIN the fraudster uses them to withdraw cash and go on a spending spree.

The UK Cards Association says that more than three quarters of a million pounds has been lost to this type of fraud this year, with the criminals making off with around £10,000 per incident.

DCI Paul Barnard, head, Dedicated Cheque and Plastic Crime Unit, says: "You should never hand over your bank card to someone who turns up on your doorstep, however convinced you are that they are genuine. Likewise, you should never give anyone your PIN or punch the number into your phone as a result of someone contacting you out-of-the-blue - wherever they claim to be from.

Comments: (1)

Pat Carroll
Pat Carroll - ValidSoft - London 03 November, 2011, 10:50Be the first to give this comment the thumbs up 0 likes

This story shows how important it is to educate the general public about how to spot scams. Perhaps a consumer organisation like Which? could help to reach those in danger, backed up by an information campaign by the banks.

But longer term, there is a role for security technology here. I’m thinking of a system whereby a customer has the option to choose and record a meaningful phrase that is played back each time the bank calls, before any further communication happens, i.e. mutual authentication. This would be part of a completely automated customer security interaction. If you don’t hear your special phrase, it isn’t your bank, whatever the system at the other end of the line might claim.

Under the current access system, customers give up an increasing list of “credential” data to third parties, thereby potentially undermining the security system itself and legitimising fraud vectors such as Vishing that ultimately comes back to haunt the bank itself.