back to article 9 cuffed over £60 million banking scam targeting UK businesses

Nine people have been arrested in the UK over an alleged £60m fraud targeting business banking customers. The gang targeted business banking customers, tricking prospective marks into handing over confidential information over the phone while posing as bank employees. The voice-based phishing scam was disguised by using …

  1. Justicesays
    Unhappy

    Unfortunately

    The attitude of banks is, if you call them you have to validate who you are.

    But if they call you, you also have to validate who you are, and there is no process to validate them...

    Got a call a while back to "discuss my personal account", when they insisted on my answering security questions before continuing I told them I wasn't going to give out those details to an unvalidated caller, and to send me a letter regarding whatever they wanted to discuss. Which turned out to be pushing financial products, naturally.

    Lets just throw security out the window in favour of marketing eh.

    1. Anonymous John

      Re: Unfortunately

      My bank phoned me once and asked for my mother's maiden name to prove they were talking to the right person. They seemed genuinely baffled that I refused to give it.

    2. Stratman

      Re: Unfortunately

      I occasionally receive calls from utility companies wanting to "discuss my account", and asking me for proof that I'm the person to whom they wish to speak. Naturally I refuse and ask them for proof instead, such as the amount and date of my last payment. They usually quote the Data Protection Act in refusing to answer, at which point I tell them we have nothing further to discuss.

    3. Christine Munro Silver badge

      Re: Unfortunately

      Lets just throw security out the window in favour of marketing eh.

      My current "favourite" is Lloyds online banking's new trick of interfering with the logout process: I was quite surprised the first time I logged out and some time later looked back at my screen to see that it was still logged in: instead of doing something sane, there was a cheery message saying, "just a moment! Instead of letting you safely log out, let us try to sell you some shit you don't want." Sure enough, if I clicked back on my account I was still logged in. Although it was just 30 seconds, that's plenty of time for Something Bad™ to happen. I was astonished: seriously, who the bloody hell though that was a good idea? How on earth did it get approved? How come it's lasted for months apparently without anybody saying, seriously guys, that's totally fucking stupid.

      I guess banking security continues to be a curious oxymoron.

      1. Trigonoceps occipitalis

        Re: Unfortunately

        I wrote to my "Bank Manager" about exactly this. What reply did I get:

        1. A full explanation of the systems used to ensure security during the 30 seconds.

        2. Calm down dear, we don't think it is a problem.

        3. Thanks for your letter we are dealing/not dealing with it.

        4. None.

        To be fair it was the second of two requests in the same letter so I suppose 4 is fair enough.

  2. Tony S

    I upset a couple of credit card companies.

    They occasionally make marketing calls and I refuse to talk to them. Especially when their staff say that they need to confirm my identity. They call me, they have to prove that they are who they say they are, or I won't discuss anything. How they do that is not my problem.

    I won't give out my personal data to a random stranger on a phone line.

  3. Your alien overlord - fear me

    Are the police called FALCON because they swoop down on their victims? Or am I confusing them with Batman?

  4. John Smith 19 Gold badge
    Unhappy

    So basically fonejacker plaid for real.

    "Can I have you bank details please."

    I guess since none of the accused spoke with a Nigerian accent they were not expecting a scam.

    1. Anonymous Coward
      Anonymous Coward

      Re: So basically fonejacker plaid for real.

      You can always give them your bank details. Go down to the end of the road, turn left until you reach the high street. It's there on the right hand side etc. etc.

  5. TheTrouser
    Joke

    Whatever you do, Plod....

    ... don't allow them to make that one telephone call.....

  6. Aristotles slow and dimwitted horse

    I, err...

    I can't remember the last time I received a call from any of the service providers or banks etc that I use - whether that be from a real representative, or a cockwombling scammer.

    I'm starting to feel a bit left out now :-(

    1. Anonymous Coward
      Anonymous Coward

      Re: I, err...

      I'm starting to feel a bit left out now

      I'd count my blessings if I were you.

      Cold calling and phone fraud is probably one of the most virulent and aggressive crimes going exactly because there are no real measures in place to combat this. First of all it is nigh impossible to trace a call list abuser - as with the fraud in the article, all it takes is a VoIP setup to make the CLI whatever the crooks feel like and telcos are spectacularly unhelpful (not hard to guess why - who makes money here?), secondly law enforcement cannot really do something until a fraud has been committed so it always has to make victims first (enough to make it financially interesting for the CPS to catch them - the harm caused to you as tax payer doesn't really feature in that decision). Thirdly, they are well aware of the vagaries of law, quite a lot of them know how to operate in such a way that they remain in "reasonable doubt" territory, and that is if it ever gets to court in the first place.

      You'd almost wonder if this isn't going to provoke vigilantism. Like London's Angle Grinder Man who cuts off car clamps, I suspect Call Centre Baseball Bat man would be hard to catch as he'd only get encouragement from the public :).

  7. Anonymous Coward
    Anonymous Coward

    I have always said

    That organisations should hold a password or phrase, or photo of my own choosing so it can be presented back to me in a call or email.

    The fundamental refusal to divulge anything at all provides no consumer protection at all. Indeed it props the barn door firmly open so that you have no choice but to refuse a contact or diviulge all your security details.

    I note that HMRC and government organisations are also guilty as well as corporates...

    1. Justicesays

      Re: I have always said

      An alternative would be to provide a phone number on their regular contact method (Bills etc), that you can ring and give a reference number to, which puts you through to the person who wanted to speak to you in the first place, possibly via account security checks.

      Of course it would have to be an 0800 number or they can get knotted anyway (bloody 0870 numbers).

      1. Doctor Syntax Silver badge

        Re: I have always said

        "An alternative would be to provide a phone number on their regular contact method (Bills etc), that you can ring and give a reference number to, which puts you through to the person who wanted to speak to you in the first place, possibly via account security checks."

        The scammers have already thought of this. They invite the mark to call back to the number on the card & then pretend to hang up by putting a dial tone on the line. When the mark attempts to call the number they're still on the line to the scammers.

  8. AJ MacLeod

    I like the way that we're told they were arrested in the towns of Ilford, Watford, Slough and... Scotland.

    1. Anonymous Coward
      Anonymous Coward

      Town or country, the fuckers will now be out on bail. If successfully prosecuted they'll cop a maximum six year term, of which they'll serve 40% under Home Office guidelines.

      Some years ago, I worked for a £250m capitalised company, bankrupted by board level fraud. The turds responsible got four year sentences and were out inside two years. The chief executive who exposed this, and who at the time turned down an RBS-sponsored bribe to keep quiet hasn't worked full time for the subsequent seven years.

      The bizarre message that the UK legal system offers is: If you see fraud, keep quiet, say nothing (whistleblower protection laws will not protect you). But if you see the opportunity for fraud, fill your fucking boots.

    2. Anonymous Coward
      Anonymous Coward

      Somebody had to be in the pretend callcenter

      after all...

    3. AC Wilson

      Perhaps the meaning was ALL the towns in Scotland...(G)

  9. Sureo

    Why is it that caller id can be so easily spoofed? I get calls from scammers in Asia appearing to be from someone down the street. Time to redesign the security of the phone system.

  10. Rol

    Don't get mad, get totally postal on 'em

    In my youth I had an ex-GPO Marina van, very reliable, but not exactly fast off the mark or nimble through the corners, or as self satisfying as a Lotus, but it did for me.

    Problem was, I always felt a little put on by the big boys on the road, with their super dooper fast back whatevers and a huge sense of loss when I couldn't chase down the varmints and give them a tongue lashing. So, I fitted a dashboard accessory that sorted all my problems out:- A bank of four switches marked; machine gun, rocket launcher, flame thrower and bazooka (or something like that, I can't remember exactly)

    All my anxieties were sorted out, as minor and major infractions by the very casual motorists could be dealt with immediately, obviously, the switches didn't connect directly to said weapons, but instead inflicted punishments ranging from a huge spot on their nose to their entire family dying of the plague and it worked perfectly, if not instantly.

    Today I deploy a similar range of revenge buttons, that so far have killed twenty thousand Indian call centre workers, eighty bank employees and inflicted the pox on all PPI scammers and their immediate family.

    I assume the government has been employing a similar strategy, judging by their lack of interest in taking these miscreants through legal channels.

  11. Anonymous Coward
    Anonymous Coward

    I think it might be time to let the general public know if you give out your details over the phone on an incoming call then you're the only ones to blame. These idiots you hear of where their "bank" has called them to alert them to some fraud and due to a police investigation they need to send a courier/taxi to collect their bank card and oh by the way we need your pin number too.....II best the fraudsters couldn't believe it when they discovered that scam worked.

    1. Rol

      Most of the victims are quite elderly. They come from an era where it was normal to show deference to professionals and they wouldn't dream of challenging someone who projected an air of superiority whilst claiming to represent their bank.

      The same elderly victims also pay thousands for unnecessary and shoddy work on their roofs or drives.

      One day I'll most probably be too frazzled to notice my shoes and trousers are being stolen from me as I linger too long outside the post office, but then again I would most likely have shat in them several times over the course of the year and having them stolen would be a blessing.

      The only advice is to make arrangements for your decrepit years before you get there, but I can't help but wonder why banks don't offer a more robust and secure service for those in need of it. eg. cash point card with £50 limit and all transfers to be arranged in person at the branch and only after you have satisfied the bank it isn't to pay for 3mm of tarmac or a loose slate.

      1. Anonymous Coward
        Anonymous Coward

        Fully agree

        Aside a driving retest every 5 years after 70 (how many youngsters drive up motorways the wrong way without a police car behind them?)

        there should be the same sort of bank account restrictions we place on youngsters, as you say, limits on withdrawals per day, not able to sign a contract without a third party present as guarantor etc

        would stop a lot of it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like