Scammers conned both a mortgage firm and a bank to hit an IT director for £60,000. UK police are hunting the gang responsible for the scam, and at least nine others like it, that are estimated to have netted ID fraudsters hundreds of thousands of pounds, The Times reports. Phishing fraudsters are typically satisfied with milking …
Plastic Crime unit?
Whatever next? The Inflatable Fraud squad? The Cardboard Traffic Division? The Dehydrated Instant Serious Crime Agency? The "Paint by numbers" Art Fraud unit? Special wood-effect laminate? The hanging-from-a-hook-on-wires Squad?
Coat please - the artificial fur.
Inappropriate to comment
So it's inappropriate to comment during "an investigation". How about El Reg keeps tabs on this and asks Barclays to comment when "the investigation" is complete? My guess is the response then will be "we don't comment on security matters", hence keeping us all in the dark as to why their staff failed in their duties to obtain proper confirmation of identity before issuing a replacement card.
Meanwhile, what are the Post Office up to? Accepted forms of ID include a Tesco Clubcard now? It's hard enough to understand how they accept just "having a credit card" as ID. I questioned once how I was able to pick up a parcel for my next door neighbour (as a favour) and was able to do so just by proving that I was mature enough to have a credit card with my name on it. They didn't seem to care that the name on the "missed delivery" card wasn't the same name.
We pay for the convenience of being able to request new cards over the phone and having them delivered to our door by a corresponding drop in security. I'd much rather find ten minutes to go into my branch with proper photo and address ID to pick up a replacement card.
Re: Plastic Crime Unit?
shouldnt that be
Dehydrated Instant Serious Crime Organisation
...think of the acronym
taxi for one.
I suppose the only saving grace in this story is the fact that the guy got all his money back from the bank.
You assume these sorts of things happen when the victim has been stupid enough to blindly follow a URL in a phishing email or otherwise not perform the necessary due diligence, not when it all happens completely without his/her knowledge or participation.
Barclays and the PO need to be asking some serious questions of the staff involved in this as in my mind they are complicit in it. Banks should be especially resistant to social engineering scams. I'm also assuming that as an IT Director the guy doesn't move around tens of thousands of pounds around often - why weren't any red flags raised?
Scary really - could've happened to any of us.
Companies House and the banks HELP here..
I'm currently involved in a case where a crook changed owners and company details and used that filing at Companies House to adjust the bank mandate. Ridiculous as it sounds, the bank accepted the change of such details as name and directors/owners without any problem or question (despite having received prior warning that somewhat was afoul), and eventually paid the crook funds.
No, you didn't misread that. They paid funds without a valid mandate on the strength of Companies House records, and it now has to go to the Financial Ombudsman first to see just how insane this can get (you may imagine that the Bank declares full innocence here).
So we have a case where a bank accepts Companies House records as absolute proof despite it being well known that Companies House does not do ANY, repeat, ANY checking on anything filed. Sure, it's illegal to "knowingly file false information" but as Companies House "only holds the records" the only way this goes to court is if you do it yourself. Given the preparedness of the bank (who shall at present remain nameless until we have a judgement) to hand over your money on totally false information - with what money are you going to fight both criminal and bank?
As far as I can see the criminals have already won. Government systems are useless, police forces have a *serious* aversion against collaboration and are in any case virtually stopped by red tape instead of real oversight and if you eventually get to them they'll claim to be destitute and leave you with a huge legal bill..
Clever scam (i.e they thought something up reasonably new), but why even bother faking a bill?
The guy is on holiday, you presumably know where he lives, so break into his pad, take some bills, get the bank to replace the debit card and send a new PIN, then go get them and spend his dosh.
As a consumer it's pretty much impossible to stop that type of attack short of getting a house sitter in. Which means the banks need to get their houses in order - mine asks for characters X and Y from my secret pass phrase (so even the operator only sees those 2 chars) The numbers X and Y seem to be random so you'd need to know the full phrase (or most of it) to be able to talk about the account.
If they managed to trick his pass phrase out of him then you can't blame the bank, but if the bank just let a random guy report the card lost and allowed it to be picked up from a PO then we have a serious weakness.
Poor bloke - at least they paid up.
Doesn't surprise me either
When I changed the postal address for my bank account all I needed to give them was my bankcard. No questions, no ID, no utility bills, nothing.....
Post office and parcels
I'm home first from work in my house so I often pick up packages from the post office for family members. You go to offer ID and you get "oh I suppose I should."
That and they don't even bother knocking when you are home. Or leave registered post on your front door step. Or give you the package when you just happen to be standing in the front yard with no ID check and no way of proving that you even live there.The post office is definatly a week link in the security chain.
For an idea on post office security just look at how much cash they have in the draws next time you pay a bill in a peak time. This with no security guards/ barriers. Wonder why idiots bother with holding up servos and video stores.
PS this is in Australia so hopefully things are better else where.
"Glad the guy got the cash back though. Only fair."
They sort of have to cough up. The first bank to tell a defrauded customer to piss off will be the first bank to lose most of its other customers.
crime unit indeed!
so, i would like to know how much needs to be stolen before this crime unit will even investigate.
some months back, an internet fraudster used my wife's debit card to purchase stuff (and, unbelievably, pay CC charge) online.
fortunately she noticed the next day, and we only ended up loosing a few hundred pounds (which insurance paid back)...
We had a name and delivery address (in london), and also believe that the culprit can easily be traced through the CC charge transaction (against their vehicle registration, foolish person!), so we called the police who told me that they 'were too busy with serious crimes' and that our case would never even be investigated by them!!
the fraudsters were traced and we had iron clad evidence, but were they even 'disturbed' by the police. they were not, and no doubt continue to rip off others with impunity.
Why the bank paid up
Of course the bank paid up.
It cost them a few grand - and the PR gets all of us saying, "Well that's OK then, nothing to worry about, I'm safe because the bank will give me my money back."
ID fraud and its results are being hidden behind a screen of PR like this. The banks will never tell us how much is being stolen because that would be admiting that there is a problem and they haven't done much to stop it.
Actually they should get real systems in place to stop ID theft and the resultant fraud. But that might cost them more in the short term.
Yes 2 ID !
So we all have ID cards and have to take them to the post office or bank to identify ourselves.
Now, if it the registration process could only be outsourced to Tesco wouldn't that be good.?
In all probability, the crooks didn't need to hand over any ID to collect things from the Royal Mail because one of them worked at the sorting office. Royal Mail staff are responsible for thousands of items being "lost" on a daily basis, nearly always down to the staff recognising valuable packages, and there being nothing in the way of security to stop them.
As a lawyer, I have recently been involved in a case where the defendant in a civil case had a friend in the sorting office. He arranged for the claimant's mail to be held at the sorting office until he (the defendant) went to collect it. This included privileged correspondence from my firm.
You'd think that Royal Mail would be interested in stopping this sort of thing wouldn't you? Not a hope. They couldn't have cared less, and did absolutely nothing, even to the extent of telling the police that there was nothing to investigate.
For as long as RM have no interest in security, these sorts of frauds will be easy. As for how to get to know someone in the sorting ofice? Just join one of the many agencies they use to get temporary staff which don't check any credentials.