The UK’s banks and card companies have joined forces in a rare show of unity to release advice to the public on how to spot phone scams, after new figures revealed a 17% increase in so-called ‘vishing’ attacks this year.
Financial Fraud Action (FFA) UK claimed on Tuesday that 58% of Brits were affected by phone fraud in 2014, a significant increase from the 41% of respondents to a study last year.
The financial services body also revealed that £23.9 million was lost to such scams over the past year, a £7m increase from the previous 12 months.
In response, the ‘Joint Declaration of the UK Banks,’ which will apparently be supported by a nationwide advertising campaign, will warn households about the dangers of cold call scams.
Typically the fraudsters pretend to be a police officer, bank employee or representative from another trusted organization and ask for personal and financial information which they can use to crack the victim’s bank account.
Other scams spotted by FFA UK apparently involve persuading the victim to transfer money into the fraudster’s account and handing cards or cash over to a ‘courier’.
Worryingly, a quarter of those surveyed by FFA UK said they didn’t challenge the identity of callers asking for their personal financial info, while over a third (36%) said they found it tricky to differentiate between genuine calls seeking information and fraudulent ones.
The survey also found that 10% said they would hand over cards or cash to a courier or transfer money to another account if instructed to by someone purporting to work for their bank.
Fraudsters typically use a trick whereby they encourage the victim to call their bank to verify their identity. However, they stay on the line at the other end so when the victim calls up ‘the bank’, they are unwittingly on the same call and talking to the same fraudster.
“Always be on your guard if you receive a cold call and are asked for personal or financial information, or to hand over your card or cash to someone,” said DCI Perry Stokes, head of the Dedicated Cheque and Plastic Crime Unit (DCPCU).
“The bank or the police will never tell you to take such actions, so if you’re asked it can only be a criminal attack. Wait five minutes and call your bank, preferably from a different telephone, if you have even the slightest doubt.”
Security consultant and Europol special advisor, Brian Honan, argued that in the rush to save money by rolling out online and telephone banking, financial institutions have failed to address the potential rise in fraud via these channels.
“What is required is better and more proactive awareness campaigns aimed at customers so they are more aware of these types of attacks,” he told Infosecurity. “Customers should be encouraged to challenge and verify who the caller is and not be afraid to refuse to take the call until they can contact the institution directly.”
It’s also wrong to think that criminals are moving on to vishing because the RoI from online fraud is reducing, he argued.
“It is simply an indication that criminal gangs are becoming more diverse in their attacks and more sophisticated in how they run these attacks,” said Honan.
“In particular those calls pretending to be from a financial institution regularly use social engineering techniques to get the victims to provide additional information to make the call seem more authentic.”
More consumer advice on how to avoid vishing can be found here.