Table of Contents
It’s a scenario you’ve likely encountered on your mobile phones: You get a text, phone call or email from what looks to be your bank, telecoms provider or HM Revenue & Customs telling you there has been an issue with your account, you’ve missed a payment or have a tax rebate.
Fear and panic set in. You’re then told to make a payment or provide personal information to resolve the issue.
As convincing as these messages may sound, criminals are often behind these phone and text scams designed to trick you into handing over your personal and financial details so they can steal your money.
Bank impersonation scams typically start where many of us spend the bulk of our time: online.
In the first half of 2023, 77% of Authorised Push Payment (APP) fraud began online while 17% of fraud was initiated on telecoms channels, according to UK Finance, the trade association for the UK banking sector.
APP fraud is when criminals trick consumers or business employees into sending large sums via real-time payment to a bank account that the fraudster controls.
When criminals contact their victims via phone, text or email, their main goal is to create an air of authority and urgency, then trigger an emotional reaction from their victims – be it fear, anger or excitement, explained Paul Maskall, fraud and cybercrime prevention manager at UK Finance.
“What a criminal will then do is essentially ride that emotional wave to get you to either divulge personal information, or indeed, pay some money, whether that is through a direct transfer or [you giving] away [your] card details,” he added.
Bank scams by numbers
Wondering how pervasive financial fraud is today? Here are some key statistics from UK Finance on bank impersonation scams.
- In the first half of 2023, thieves stole £580 million through unauthorised and authorised fraud, down 2% from the same time period a year ago.
- UK banks stopped £651 million of unauthorised fraud during the same time period using advanced security monitoring.
- More than £1.2 billion was stolen through authorised and unauthorised fraud in 2022. That equates to over £2,300 each minute.
- Authorised push payment (APP) fraud losses were £239.3 million for the first six months of 2023, down 1% from the same time period in 2022. This comprised £196.7 million of personal losses and £42.6 million of business losses.
- APP cases rose 22% in the first half of 2023 to 116,324. This was driven by an increase in purchase scams, where consumers pay for goods they don’t receive.
The Payment Systems Regulator (PSR), which regulates payments, from cash machines, money transfers, and contactless payments, recently published its fraud research for 2022. Here are some highlights:
- Some of the country’s largest banks –TSB, Santander, Metro and Monzo – have the highest send-fraud rates.
- In 2022, for every £1 million in payments TSB customers sent, £348 was lost to APP fraud.
- Santander customers lost £322 per £1 million sent.
- Both Metro and Monzo banking customers lost £280 for every £1 million.
How bank impersonation scams work
One of the most common types of fraud, outlined in a research report telecoms regulator Ofcom released in March 2023, is impersonation fraud, where fraudsters pretend to be from a government agency, bank or other prominent organisation and request a payment or personal information from you.
And it’s not just consumers that are affected. Employees can fall prey to impersonation fraud with messages purporting to be from the CEO, finance directors or suppliers with fake invoices or other business-related scams, says Maskall.
How to protect yourself from bank scams
To avoid getting duped by fraudsters, experts suggest being cautious of unsolicited communications from what looks to be your bank or service provider. You should also be mindful of account security – especially on social media.
“With millions of people using apps like social media every day, scammers have a wide pool of potential victims to target and they often try and gain access to people’s online profile as a way to defraud others,” said Pauline Smith, head of Action Fraud, the UK’s national reporting centre for cybercrime and fraud, in an online statement.
“Keep your accounts secure and set up two-step verification. Under no circumstances should you ever share your two-step verification codes with anyone, and if you think something doesn’t seem right report the message and block the sender within the app itself,” she added.
Maskall says UK Finance encourages a three-step response when consumers and businesses are confronted with potential fraud, as follows:
Stop. Ask yourself if you can trust the communication you’re receiving and question if the person making contact is who they say they are. How can you verify what you’re being told and who you’re speaking to?
Challenge. Ask if you can call the contact back on the phone number you already have for the institution. “If they’re a genuine caller, they’re not going to have a problem with this,” says Maskall.
Protect. Report any suspected fraud to your bank immediately because they’re your first line of defence.
Do consumers and businesses ever get their money back?
The short answer is, yes, banks are increasingly refunding customers who are victims of APP fraud. And with new legislation on the books, reimbursement rates should go up in the future.
In June, the Financial Services and Markets Act 2023 was granted Royal Assent to put mandatory victim reimbursement into motion. Latest guidance for payment service providers on reporting and publishing APP scams data was published in early December.
A key part of the new measures is that sending and receiving firms will split reimbursement costs 50-50, which should incentivise them to act.
In 2022, PSR found that customers at some of the nation’s largest banks saw a significant portion of their losses from APP fraud refunded. The top six banks that fully refunded the highest percentage of reported APP fraud losses by value include: TSB (91%); Nationwide (78%); HSBC, First Direct (73%); Barclays (70%); Santander (63%); and NatWest, RBS, Ulster collectively (62%).
How to report fraud
Most banks have instructions on how to report suspected fraud on their website, while branch staff are trained to be aware of the telltale signs that a customer may be falling for a scam and can alert them and inform local police.
UK residents in England, Wales and Northern Ireland should report fraud or cybercrime online at www.actionfraud.police.uk or call 0300 123 2040. If you’re in Scotland, report to Police Scotland on 101.
Send suspicious emails to the National Cyber Security Centre’s (NCSC) Suspicious Email Reporting Service, at [email protected]. It also has an online guide for small businesses on how to prepare for a cyber attack.
For more resources and tips about preventing fraud, visit Action Fraud online.
Image source: Getty Images