More than £500,000,000 has been stolen from customers of British banks in scams in the first half of this year, according to data from UK Finance.
Customers are falling victim to various types of fraudulent activity: the majority being targeted by unauthorised fraud where account holders have no knowledge of what is happening and only discover the loss later on.
There are also a growing numbers of cases (approximately £145 million of the stolen funds) where people are unwittingly coerced into sending their own money to fraudsters - know as authorised push payments.
And it isn’t just Nigerian princes or fake HMRC tax returns - there are now a variety of complex and sophisticated ways that scammers win people’s trust.
What is an authorised push payment (APP)?
Authorised push payments and scams rely on people being persuaded to move money around to other accounts. So they do not hack into your account and steal money, you do the hard work for them.
What does an APP scam look like?
Two examples of APP scams include purchase scams (the most prevalent form of APP fraud reported this year) and impersonation scams.
A purchase scam means you pay for products or services that do not exist. For example, buying flights online through a third party who then never deliver the tickets - ruining your holiday and leaving you out of pocket.
Impersonation scams mean someone may call you and pretend to be from your bank. They will tell you that your account has been compromised and you need to move money elsewhere to keep it safe.
But surely I would notice a dodgy bank account?
Impersonation scams are particularly difficult because although you might have put the name of your bank or another legitimate institution in the transfer details, your bank only cross-checks the account number and sort code, so won’t have picked up the issue before sending the money over.
Why are APP scams so bad for customers?
The issue with APP scams is that banks do not usually refund people because they were complicit in the loss of the funds. Unlike those who are victims of undetected fraud you have actively facilitated the scam.
Once the money has been moved it is unlikely it’ll be retrievable or that you’ll be compensated.
So how do I avoid being scammed?
How to recognise a scam: In order to stop yourself being scammed, you need to know what you’re looking for first. The Money Advice Service says you should look out for signs of unsolicited or unexpected contact. If you have received any kind of contact, particularly a phone call, out of the blue then you should be wary of their intentions.
Double check who has sent any emails - if the email address is misspelled or has random numbers, it should be a red flag. Citizen’s Advice says if the website starts with https:// this does mean the information is secure, but it doesn’t mean that it isn’t fraudulent, so don’t necessarily be reassured by this. If the website has a green padlock in the website address bar - this means the information you send on the site is private.
What to do when you’re confronted with a potential scam: So you think you’ve noticed a scam come into your inbox - now what? If the contact claims to be from your bank, call your bank directly, using either the number on your card or by searching on Google. Don’t ring any numbers provided in the email.
For the time being you can either mark the sender as ‘spam’ or ‘junk’ so you don’t accidentally reply or download any attachments that might contain potential viruses - check your email settings for how to do this.
If you’ve already started correspondence before the penny has dropped, then UK Finance says you must make sure you haven’t disclosed any security details (your PIN or banking password). And don’t be rushed into giving a reply - your gut instinct is normally right.
I think I’ve been a victim of a scam: If you think you’ve been a victim of a scam then stop sending money straight away and call Action Fraud (0300 123 2040) to report what has happened. If the payment has been set up as a Direct Debit, get in touch with your bank to stop this immediately.
How to keep yourself secure in future: You should keep your operating systems and virus protection software up-to-date, says Money Advice Service. Don’t ignore updates as these can often include patches to protect against new kinds of scams, viruses and ransomware. This goes for mobile devices as well.
And make sure all your accounts have a strong password. Don’t use the same password for multiple accounts and change them regularly. Only use safe and secure WIFI connections and avoid public WIFI. Your 3G or 4G connection is often more secure than the one in the coffee shop.