SCAM VICTIM WHO LOST £80,000 SET TO TAKE LEGAL ACTION AGAINST SANTANDER

The bank is accused of failing in its duty of care as thousands are duped into moving their cash. Santander stands accused of failing two customers who were duped by conmen to move their life savings into what they were told were new secure bank accounts and is facing a possible legal action from one customer who has lost £80,000.

In recent months, Guardian Money has highlighted a particularly nasty scam that sees customers rung up by fraudsters who pretend to be phoning from the bank. They are first warned they have been the victim of a bank card fraud, and are then persuaded to move all their money to a new "secure" account set up by the bank; one that turns out to be the scammer's account. Thousands of people have fallen for it, mostly because the victims are invited to call the telephone number on the back of their bank card, and therefore believe they are talking to their bank. The fraudsters rely on the UK's outdated phone system which allows the crooks to call you, and ask you to ring the bank's number. But when you dial it, the crooks have kept the line open by never putting the phone down at their end, and the call goes directly to them. It also relies on a banking system flaw; the fact that money can be moved between UK accounts even if users put a completely different name on the transfer request. Some older victims have lost life-changing sums more than £100,000.

However, victims are asking whether the financial regulators and banks have been negligent in not doing more to stop it going on, or to track the stolen money.

Sarah Moore was at home in February when she received a call from a man saying he was calling from Verified by Visa. He told her that her bank card was suspected of being used fraudulently. When asked which card, he said Santander, and suggested she call her bank using the number on her debit card. Unhappy about calling the 0845 number, she used the SayNoto0870 website to find an 0800 number, heard a dial tone and the call was answered by a woman with a Scottish accent. All the time, the fraudsters had simply kept her line open. She was then subjected to a convincing tale of how her card had been used in several shops being put on hold for several minutes at a time.

Eventually, she was told that the bank feared that the fraudster would try and make direct debit payments to a foreign account, and that she should move all her money to a secure account the bank had set up. As a result, she made several online payments to the account number and sort code she had been given; totalling just over £80,000. In each case she put her own name in the transfer request to what she thought was a Santander account, but was based at Lloyds. When she rang Santander at 8am the follow morning (initially the bank's fraud department would not speak to her) it soon became clear what had happened. She says fraud staff knew all about the con, and even asked if the fraudster had a Scottish accent. As with previous cases, Santander has refused to refund her saying that she voluntarily handed her money over.

In an almost carbon copy case in January, Phillip Clark from Bath lost £20,000. He realised very quickly he had been conned and rang Santander 15 minutes after making the transfer to halt it. Despite this, the bank did not contact Barclays – host of the fraudulent account – for a further 12 hours, by which time all but £6,000 had gone. Both he and Moore feel that Santander failed in its duty of care, and Moore is considering legal action to retrieve her money. Clark took his cases to the Financial Ombudsman (FO) but it sided with Santander having decided the 12-hour delay was not a factor in him losing the cash. He is now bringing a second case against Barclays. The FO is still looking at Moore's case. * Names have been changed.

Culled from Guardian

THE TELEPHONE FRAUDSTERS THAT JUST KEEP ON TAKING

As more cases emerge of readers who have been conned out of their life saving, we look at how the banks are responding. More victims of telephone fraudsters, who persuade the unwary to hand over their life savings, have come forward; one woman lost more than £100,000. It has also emerged that, in some rare cases, the banks have been refunding the money.

Last month Guardian Money highlighted how thousands of mostly older people had fallen victim to the so-called "courier fraud", which starts with a phone call out of blue. Callers pretend to be phoning from the bank investigating a fraud – in some cases they say they are police officers – and have been successful in conning people out of big sums. It works because potential victims are invited to call the bank back using the phone number on the back of their debit card. Having dialled that number, they naturally assume they are speaking to genuine bank staff and hand over the crucial personal details. But the conmen have simply kept the phone line open (see below for how this works) and wait for the bank call.

The two victims we featured in June had lost £23,000 and £7,000. Their banks, Barclays and NatWest, refused to help on the basis that they had personally asked to withdraw their money, and the banks had simply complied. Guardian Money has since been contacted by another victim who lost £68,000, but in this case has been refunded by Barclays. She was called by someone claiming to be from Tesco Finance, saying that he had reason to believe her Tesco credit card had been fraudulently used online, and that her bank account could also have been compromised. As this had happened to her husband about two years earlier, she took it more seriously than she might have. She was invited to call the number on the back of her Santander bank card and got straight through to what she thought was its fraud department. "I did not give any bank account details and he was extremely convincing, having answers for all my questions about security. I then transferred my life savings of £68,000 into what I thought were two 'Santander secure' accounts. I later discovered these were two Barclays’ accounts at a branch in East London." It was only when it emerged that Tesco had not called that she realised what had happened. But the genuine Santander fraud department made it clear that it was not responsible as she had made the transfer. "I was devastated and in shock; like many other victims, this money was all I had saved, including my pension lump sum. They took not just the money but my future hopes, dreams and the safety net for a time when I would possibly need extra funds." Three days later she was told the Barclays accounts were closed and all the money gone. The case was referred to the Metropolitan Police serious fraud department and she contacted the Financial Ombudsman Service for a judgment on the bank's decision. Six months later it notified her that Barclays would repay the £68,000 in a "full and final settlement of my complaint against them as a gesture of goodwill". She adds: "I was delighted. I have been extremely fortunate, but most do not get the same result. "You cannot believe what an impact this can have. I felt incredibly stupid and lost all confidence. I stopped going out at one point."

Barclays says the money was refunded because the account to which it was moved had already been flagged up as suspicious. It explains: "Where we are alerted to suspicious activity, or it is picked up by our transaction profiling, we will investigate and if we are satisfied that the accounts are being used to launder the proceeds of crime we act as quickly as possible to close the accounts. Customers who transferred funds into the account after a fraud has been detected would receive a refund." Last week, Warwickshire police warned about cold calls from people purporting to be a bank official or police officer after an 89-year-old from Atherstone lost more than £100,000. When Guardian Money ran its June story, one reader said the same thing had happened to his wife, and that she had been refunded by HSBC. He said he cited the case of Barclays Bank plc v Quincecare Ltd, 1992, and quoted this from the judgment: "Given that the bank owes a legal duty to exercise reasonable care in and about executing a customer's order to transfer money. If the bank executes the order knowing it to be dishonestly given, shutting its eyes to the obvious fact of the dishonesty, or acting recklessly in failing to make such inquiries as an honest and reasonable man would make, no problem arises: the bank will plainly be liable."

HSBC, without admitting liability, had replaced the £5,000 in his wife's account within a few days, he wrote. Money asked barrister Richard Colbey, of Lamb Chambers, to see whether this argument could work for other fraud victims, and he said not. "The citation he gives is one of trite and obvious law, but does not help with your cases where the bank has not closed its eyes to something obviously wrong."

 Culled from Guardian

TRICKS USE BY ONLINE HACKERS TO TAP INTO YOUR WORST FEAR

         

Yesterday, I published an article on how online hackers tap into internet users worst fears to unleash terrors on potential victims. Today’s publication will focus on tricks use by online hackers to swindle innocent victims.

THE ASSASSINATION THREAT

          Residents in Humberside were targeted with an email claiming to be from “Muhammed Yunus Jinnah”, in which he stated that he has been hired to assassinate the recipient. Local police say they were called by numerous terrified people. The emails were investigated and the recipients (who were not linked) were advised they were a hoax. A police spokesman said: “Sadly, these types of emails could easily scare someone who is unaware that they exist. If you receive an email from that address, delete it.” “Scammers have really started to look into human psychology,” says Roberts, who believes scammers use neuro-linguistics programming to help you to imagine a scenario, which then makes it seem more believable.

REPUTAIONAL DAMAGE

          Police warned that blackmailers are sending letters to residents in Thames Valley, threatening to expose innocent people as paedophiles unless they bought two bitcoins from a specific account within 72hours. The threats sent in the post, warned victims they would be subjected to a smear campaign at their local school and letters sent to their neighbours. The scammers boasted that their tactics had force other families to leave their homes and, despite repeated appeals for information by the police, they have yet to be arrested. “Scam like this makes you feel extremely unsettled, even if you are savvy and thinking rationally,” says Cary Cooper, professor of organisational psychology and health at Lancaster University Management School. “We do not expect other people to behave that way and that makes us worry about what these people are capable of.” But some of us also have a greater propensity to be influenced by other people and suffer from low self-confidence, so are more likely to believe such a threat would be carried out. If you are prone to worry and perceive the situation as out of your control; you would not know how to stop such a rumour. This kind of scam will make you feel very insecure and threatened.

THREATENING TO LOVED ONES

          Fear for others is regularly used as an emotional trigger. In January scammer began circulating a phishing email that looked as though it was from a legitimate funeral home, offering condolences on the death of “a friend” and asking them to open the attached invitation to the funeral. The attachment, statistically more likely to be opened by the elderly, contained malicious software. Other scammers try phone calls where you can hear someone screaming and they tell you that your child has been kidnapped and you need to send them money. Some threaten to shoot their “hostage” if you disconnect the call. Social media is also used to create more effective, personalised scams, according to John Colley, spokesperson for cybersecurity trade association ISC”. “A scammer looking to a particular organisation will find out the senior people are, and look at their profiles on Facebook or on LinkedIn to try to get information that they can use. Then, when they email, they will mention people you know or places you have worked, and ask you to click on an attachment, which will typically infect your computer and potentially give the scammers access to your employer’s data or network.”

          According to Robert of Pen Test Partners, threats about your friends and family are commonly used in these scams, known as “spear phishing.” He describes the process: “With your name, a scammer can find out your address from www.192.com or the electoral register in the UK, find out who else lives at that address and make judgement about whether that mighty be your husband or your children. Then they can go to Facebook or Twitter, get a bit of information about your children; their pictures, the Facebook group of their school, birthdays, from your posts you have made about them and email saying: Your children, Bob and Alice, go to a school down the road and their ages are X and Y; if you do not pay me a £1,000, little blonde Alice is going to wind up in a shallow grave. This scammer might not even be in the country but providing a few key bits of information that are publicly available, he can make it seem like he is watching your every move and that is really scary.”

“ILLEGAL DOWNLOADING”

          A message pops up on your screen which purports to be from the police, warning that the user’s computer has been locked because he or she has illegally downloaded porn or music. According to Warwickshire trading standards, some people have then complied with a demand of £100 to “unlock” their computer; handing over debit card details in the process. In Cheshire, emails were sent from the “Cheshire Police Authority” telling users they had breached “Article 128 of the Criminal Code of Great Britain” and the fine was between £200 and £500. To increase the likelihood that a particular scam will hit the right audience without having to personalise each email, scammers are also buying up legitimate marketing email lists, profiled to match their ideal victims. “For example, if you send an email to a 25-year-old single male, accusing him of watching porn, you are statistically likely to be right,” says Roberts.

HOW TO PROTECT YOURSELF

          Try not to react immediately to a threatening email, take five or ten minutes to calm down and think about it rationally. Where does the email come from? Why would this person be emailing you, specifically, about this all of a sudden? Never click on an attachment from someone you do not know, even if the email mentions someone you do know. Consider opting out of the edited register of the electoral roll, as otherwise your name and address can be sold to any person, organisation or company and used for any number of purposes, including direct marketing.

Check your privacy setting on Facebook, Twitter, and LinkedIn, consider the risks of using a very personal photo in your profile picture on Facebook, as this is always public.

Report scams to Action Fraud, on 0300 123 2040 or via its website. It will pass on the details of the crime to the National Fraud Intelligence Bureau.

Culled from Guardian

HOW ONLINE HACKERS TAP INTO YOUR WORST FEARS.

The latest dirty tricks involve sending emails saying you have cancer; threatening to spread rumours that you are a pedophile. The timing of the email diagnosing cancer was just right. Andrew Montlake, a 44-year-old mortgage broker from Hertfordshire, happened to have had a blood test just a few weeks earlier. The email purported to be from NICE, the National Institute of Clinical Excellence, and read: "We have the results of your blood test and we have noticed that you have a low level of white blood cells which could indicate that you have cancer. Please contact us immediately with full details on the attachment."

His mother died of cancer when she was 50, he says, and his father is currently undergoing cancer treatment: "I have certain paranoia about it." Upon opening the attachment, the Necurs virus began downloading on to his computer, as well as GOZeuS (which would give hackers open access to his computer) and Cryptolocker (which would lock him out of his computer until he paid a ransom to the scammers).

"I never fall for stuff like this but it caught me at a weak, tired and particularly busy moment at work, and knocked me for six," says Montlake. "I realise that no doctor would ever send an email like that but when I opened it, that initial moment of stress was horrible – things run through your head – and all the scammers need is a moment of doubt." His response was, in fact, a textbook example of how scammers want us to react. They tap straight into your worst fears, to push you into an instant fight or flight response, says Tom Roberts, a scams expert for ethical hackers Pen Test Partners: "When a piece of scareware lands directly in front of you and makes you feel afraid, an animal part of your brain that doesn't think logically takes control and you act instinctively, for self-preservation. Usually, that means doing as you are told, because the message in front of you is saying that if you do, then you stand the best chance of survival."  Other forms of internet crimes through which online hackers unleash terror on victims will be discussed in the subsequent publication.

Culled from Guardian

“BEWARE THE COURIER SCAM” AN EXPRESS WAY TO LOSE YOUR MONEY

When I agreed to hand over my bank cards after some fraudulent activity on my account there was no reason to be suspicious, especially as I was the one making the phone call "Hello Mr. Welch, Visa Card Services here." That was line with which my nightmare started one Sunday morning, hung over, sitting on the sofa trying to piece together the night before. The person on the other end of the phone, Mark, told me there had been a number of fraudulent transactions on my bank account since midnight, adding up to about £1,100. I have never heard of Visa Card Services before, but then I have never had money stolen like this before.

He then confirmed the last genuine withdrawal I made at the Barclays opposite Highbury & Islington station; gave me a reference number and told me to ring the number on the back of my bank card. I did just that, quoted the reference number and spoke to someone who knew all about the supposed fraud.

Some cunning tricksters had apparently cloned my card at an ATM I had used and then treated themselves to a few things in an Apple store. Something did not ring true about the whole thing; why would someone with a stolen bank card only spend £400 in the Apple store, for starters? But I watch enough consumers’ TV to know that these things happen. The person apparently helping me, Rajesh Khan in HSBC's card protection department, had all my details: full name, date of birth and, crucially, my address. When he said a courier was on the way to collect my bank card for further examination, I did not need to tell him where I lived. I initially flinched at the idea, but when he explained it was needed to properly analyse the chip it seemed to make sense. After all, I had called the bank myself, this was no cold call, and he had all my details already. That is probably why I also typed my pin into the keypad of my phone. "It is OK, Mr Welch, we cannot see it, but we need to perform a pin block." "I have never heard of that," I said, "but fair enough."

I packaged the card up as requested and waited for the courier to arrive. Rajesh called back twice, once to say the car was five minutes away, and again to say it was outside, quoting the car's number plate and describing the driver. He called again later that afternoon to say they had received the card and that I would have my money back in a few days. Sucked in by the efficiency, I went through exactly the same process the following day with my credit card. The same fraudsters had somehow hacked into my online account and maxed it out.

But then a few days went by and Rajesh stopped calling. Worried by this point I was, to my estimations, about £5,000 out of pocket. I called the bank, this time from my mobile. After explaining the situation to two or three people, I heard the most chilling phrase of all: "But Mr. Welch, your cards have not been reported stolen."

Realisations kept hitting me as I relayed the conversations, over and over and over. Why had I given my card to a stranger? Why had I typed my pin into the phone? How did they have my mother's maiden name? How did they have my address? And, most of all, why in the name of all things holy had not I checked my balance to see for myself what the damage was before I even called the bank that Sunday morning? Well, to answer the last question first, I suppose I did not want to see what was happening. When I did check, things were far worse than I had expected, and my rent had bounced to cap it all off nicely. The Apple store story was all a lie, they had in fact spent thousands in clothes shops and, best of all, treated themselves to a Dixie Fried Chicken each evening. Forget the fraud, who spends £95 over three days in a Kentish Town takeaway?

The rest of it comes down to good faith. Once you call the number on the back of a bank card and go through security stages, you enter into a world of trust where you are no longer the boss and the person on the other end takes over. "My national insurance number” Sure stranger I have never spoken to before, here you go." By now, I was really panicking. I called the police who put me on to their dedicated fraud line. After explaining my idiocy once again they went through the likely series of events that led to this theft. It all started, according to the police, on the Saturday night where one of this gang will have watched me take money from the cash point. That is the details of my last transaction taken care of. Sinister enough, the thought of being spied on while you are trying to enjoy yourself at a garage night at the Buffalo Bar, but not the worst of it; the police then believe I was followed home, which is how they got my address. As for the call: well, credit where it is due, it is pretty clever. If you call a landline it is up to you to end the call. If the other person, the person who receives the call, puts down the receiver, it does not hang up, meaning that when I attempted to hang up to go and find my bank card, the fraudster was still on the other end, waiting for me to pick up the phone and call "the bank". As I did this, he played a dial tone down the line, and then a ring tone, making me think it was a normal call.

Fortunately my real bank gave me all my money back within 10 days, although I did have to get new accounts and cards. It was a pretty lean spell, and by the time I got my money back I had spent my last 60p on a tin of beans. The feeling of total financial ruin, of utter helplessness, is not one I will forget in a hurry. Setting up all new direct debits was an unholy pain and, four months on, problems are still arising and my credit rating has taken a serious knock. I have had to sign up to a number of other bank schemes and government services to add further layers of protection. I get a monthly statement of credit checks in my name, for example, so I know if these people are using the information they have on me again. It took a few weeks to stop worrying about the same people coming back to my house, too, although spending hours online reading about the link between bank fraud and violent crime virtually non-existent, it would seem helped with that.

I like to think I am a tech-savvy, culturally aware person. I read about internet security, I know about phishing and all that, yet the knowledge left me when it counted and I handed over all my money like some wet-behind-the-ears yokel buying magic beans at a county fair. I'm surprised I didn't offer to help them spend the cash as well, get the job done properly. Bank fraud is a bigger problem than I had ever realised. Experts suggest one in four of us will be directly affected at one point or another, while millions and millions of pounds is pumped into funding departments such as the ones that sorted out my problem and for the insurance it took to cover the stolen money. That's our money, paid in extortionate overdraft arrangement fees and so on. Financial fraud is often deemed a victimless crime because, ultimately, it is only huge companies footing the bill, not individuals. Having suffered myself I can say that the stress, upset and countless hours spent sorting it out tell me it is anything but big scam on me!

Culled from Guardian