You might think it’s only older people and technophobes who can fall victim to telephone fraud. But Lauren Bravo found out the hard way that scammers are getting smarter and smarter…
One Wednesday evening, I had a phone call from my bank’s fraud prevention team. It was one of those calls everyone dreads, but one you kind of expect to receive every so often in 2018, especially if you spend as much time as I do flinging your card details merrily around the internet. The man on the phone told me they’d detected unusual activity on my online account. It was ok, they’d caught the payments in time, but they needed to run through some security measures.
I sighed, rolled my eyes and settled in for the questioning. What was my address, post code and date of birth? What was my customer number, and the second, fourth and fifth digits of my password? Had I spent £7 at Itsu, £60 at Zara, £400 at an industrial hardware store (yes, yes, errrr no)? Did I mind if he put me on hold while he transferred me to his colleague in the account recovery department?
“Hang on,” I said at one point, half joking. “How do I know you really are from the fraud prevention team?”
Fair question, he replied, then told me to look at the phone number on the back of my debit card. It matched the number he was calling from. I relaxed.
Over the course of an hour, the helpful guys on the phone suspended my existing accounts, set up a new one, and talked me through transferring over all of my money, to keep it safe from the hackers. Eventually, with the assurance that my new card and PIN would arrive in 3-5 working days, I wished them a good night and rang off. “That was annoying,” I said to my boyfriend. “My dinner’s gone cold.”
A short while later, I was the one going cold. Because, obviously, in the plot twist you saw coming a mile off, the ‘Fraud Prevention Team’ were the fraudsters.
Except it wasn’t obvious! Not to me. I was shaken. I thought I was a savvy, cynical millennial who lives and breathes the internet – yet I hadn’t twigged that during that boring, bureaucratic hour, the helpful guys on the phone were hacking my account using details I gave them, reading out transactions from my statements, changing the nickname on all my accounts to “**Suspended**”, and convincing me to use my own card reader to transfer them almost every last penny of my money. Money from my current account (minimal), but also the account I use to put my freelance tax aside (not so minimal), and the ISA in which I’d been saving, slowly, almost my whole adult life, for a deposit on a flat (huge, at least to me).
After hanging up, I felt a niggle at the back of my mind. It was unsettling that nearly all of my worldly funds were now someplace where I couldn’t see them for 3-5 days. But they’d been so knowledgeable, and sounded so legit. Clearly I was just being paranoid.
Eventually – and I’ll be honest, mainly because I was putting off the washing up – I did what any savvy, cynical millennial who lives and breathes the internet would do. I went on Twitter, and DM’d the bank’s help team. “I’m sure I’m just being silly. Can I check that was the correct procedure?”
Within minutes I had a reply, telling me to call their fraud team immediately.
I was almost indignant. No no, they didn’t understand, I said, I had spoken to the fraud team. It wasn’t a scam, they’d called from the bank’s phone number!
“Ms Bravo,” they replied again. “Please call our fraud team immediately.”
Soon after, I was sobbing down the phone while a sympathetic woman from the real fraud team confirmed that yes, I’d been robbed of nearly every penny I had. But – and I have never wanted to kiss anyone more passionately than the moment I heard these words – they’d stopped the payment in time, and my money was safe in a holding account.
“You’ve been very, very lucky,” she told me, while I carried on sobbing. I didn’t feel lucky. I felt as though the floor had suddenly fallen from beneath me.
“Fraud can be completely devastating. It can wipe people out financially, and it can make them feel really vulnerable and violated in the same way a burglary can,” says Detective Chief Inspector Lara Xenoudakis from Action Fraud, the national fraud and cyber crime reporting centre.
Me, I felt anxious, stupid and scared for weeks – even after the money was safely back in my account. While everyone assured me I wasn’t to blame (and I wasn’t), the experience shone an unsettling light on how much in modern life I take for granted.
“People think it’s only the elderly who get scammed, but it can be anybody,” says DCI Xenoudakis. She explains that my age group is just as vulnerable, not least because we tend to feel “invincible” on the internet. “People are more brazen online. We lead such busy lives that people don’t pay full attention to all the emails and texts we get; we’re running around trying to do things quickly. We’re not changing our passwords, we’re not looking at the consent terms we’re agreeing to. We’ll take the risk.”
And in our whizzily efficient age of autofill passwords and one-click phone shopping, it’s so easy to be complacent about digital security; to imagine a kind of invisible software fairy is protecting our every move. But last year, hackers successfully took £4.6bn from British internet users, at a cost of more than £190bn to the UK economy, while each victim spent an average of two working days dealing with the aftermath. And in the past six months alone, Action Fraud has received 164,460 reports of ‘phishing, vishing and smishing’ (that’s scamming by email, phone and SMS, and nowhere near as cute as they sound). If even 10% of those targets take the bait, it’s enough to keep the crooks in business.
Online shopping fraud, rental fraud, charity fraud, conveyancing fraud, car insurance fraud, dating fraud, concert ticket fraud, holiday fraud… these days the scams are as varied and agile as we are. New systems and extra layers of security are being put in place all the time, but for the police, it’s like playing a grim game of whack-a-mole. “We can’t prevent everything, so we try to get the message out there and make sure the public are informed,” says DCI Xenoudakis, who has shared her need-to-know tips below.
That’s the reason I’ve re-told my scamming story at every dinner and party for the past few months, with all the dramatic gusto of a young Kenneth Branagh. And it’s the reason I’m writing this now.
Several months later, my boyfriend and I are about to move into the flat we’ve saved very hard for eight years to buy – and which the scammers almost cost us entirely. I still feel sick thinking about it. But I know better now. I know a bank will never call to report suspect activity; they’ll leave a message for me to call them. I know they’ll never ask for password details over the phone. I know to challenge everything, and double-check everyone. And I know to always trust that uneasy feeling in my gut. The washing up can wait.
Detective Chief Inspector Lara Xenoudakis from Action Fraud’s tips for spotting a scam:
Our slogan is: Take Five. Stop, think for five seconds, don’t panic.
No bank will ever ask you for the details of your pin or your card over the phone or in an email, even by tapping them into your phone keypad. No genuine organisation will ever ask you to move money to another account, withdraw money, or pressure you into making a transaction on the spot.
If you receive a phone call from someone claiming to be your bank, don’t give them any information. Hang up the phone, then call your bank using the number you’ll find on their website. Fraudsters can sometimes remain on the line, so ideally call from a different phone – or if you can, go to a branch in person. Don’t assume an incoming number is authentic, even if it looks correct.
Never be embarrassed about reporting a scam – fraudsters can be incredibly convincing! Always pass any scam or attempted scam on to Action Fraud, because it helps us see the whole landscape and tackle fraud more quickly. We all have a responsibility to help protect each other.
Images: Getty, Unsplash