Facility takeover fraud soared by 45% in the UK last year, as crooks hoovered up the personal data of victims and used it to gain control of bank and other accounts, says not-for-profit data sharing and prevention agency Cifas.
In a report based on information from nearly 400 organisations, Cifas says that last year there were 22,525 cases of facility takeover - where a fraudster poses as a genuine customer, gains control of an existing account and uses it for their own ends, such as making transactions or ordering new products or product upgrades.
The types of accounts targeted include bank, credit card, telephone, email and other services. Crooks first gather information from the web, finding stuff from data breaches, social media footprints and other open sources.
Then, they usually need more detailed information to conduct a successful takeover, and so contact their victims directly and manipulate them into revealing personal details. Once they have enough personal data, fraudsters go on to call the bank, phone retailer, or service provider armed with enough information to convince call centre staff that they are their genuine customer.
While facility takeovers saw a sharp increase in 2018, overall fraud levels rose just one per cent, to 325,000. Cifas claims that using non-competitive data sharing, UK organisations managed to prevent more than £1 billion in fraud losses.
Simon Dukes CEO, Cifas, says: "Working together, organisations prevented £1 billion worth of fraud last year, but we know that as one method gets harder, fraudsters change tactic rather than stop. We are now seeing that the advances made in securing online access to customer accounts have led to fraudsters targeting the human being at the end of the phone.
"Using old-fashioned but highly-effective con artistry, they are tricking individuals into giving away their personal details and deceiving call centre staff into making transactions on their victims’ accounts. The proliferation of personal data that is available either online or through data breaches only makes this easier."