The Authorised Push Payment Scam Code is a voluntary code that a number of banks signed up to several years ago. If the banks didn’t believe they had a part to play in helping the victims of fraud, they wouldn’t voluntarily sign up to it. Often, it isn’t a case that the money is gone and the bank has to fork out for the error. It could just be that they work closer with other banks and attempt to retrieve funds that have been obtained fraudulently.
It’s a tricky one imo. The man who set up iSpoof has been slung in prison quite rightly, but there are other pieces of software involved in scams like any desk or even the messaging services used to initiate contact who bear little to no responsibility for the scams conducted. Banks forking out every time appears a bit like a blank cheque to the scammers no?
Also - where is the scrutiny on where the fraudulent funds end up, the blame is always put on the sending bank not the receiving.
1 Like
Thanks Dan, it’s good to get an informed perspective.
1 Like
The regulator told them to work out something while they work out a regulatory framework to make it a duty - which is coming into force soon AND which doesn’t cover non-UK payments
The banks believe they have a role to assist in preventing customers making mistakes via signposting in app and by also making attempts to sort out push payment fraud with other banks (which I believe is a fair mantle to take) but I don’t think I’ve seen any bank say they should be personally liable for customer negligence
WhatsApp and others should probably require ID verification for messaging capabilities - end to end prevents usage of this in a case unless one party spills to begin with; so it won’t weaken any encryption standards but will allow non-repudiation for scammers
Could also start demanding ID of foreigners who purchase UK mobile lines. Wild that to get one in China I had to take my passport but a Chinese can buy one in cash at a vending machine in Heathrow.
The voluntary APP Scam Code specifically states that customers must prove that they have not acted negligently.
I think it is for the bank to establish that, among other things, the customer has acted “with gross negligence” if they wish to deny the customer reimbursement.
R2(1) and R2(1)e in this document.
This is what I’m saying. I feel a lot of people are under the impression the bank should assume liability for what I’d consider, not reasonable levels of negligence.
Also, the bank is the one to take an opinion on if the customer has acted with such negligence to not pay out (and subsequently the FoS every time they decide to not)
I believe the current FoS fee is about 750. So really most of these big firms will be taking a hit on any claim they don’t settle.
Edit: also, I do believe the bank is the one who should prove gross negligence on a basis of “believe X is more likely than Y” in the same way the Financial Ombudsman would, as customers then have to not try and justify themselves while under immense pressure post-victimisation
There is a school of thought that say these mistakes are semi deliberate - to weed out those who may be dubious
From a personal perspective, I receive so few old school text messages these days, any text appearing to originate from a bank, I would always view with immediate suspicion. Clearly I do get texts from my own banking providers occasionally, Amex send a balance update every Monday morning. I get the occasional text from Chase, but these are plainly obvious (to me) genuine communication.
A rule of thumb, any text throwing up a clear red flag such as the one Graham received, I would personally if I had the faintest suspicion, just contact my bank immediately via normal means.
It’s the same with phone calls, if you’re not in my contacts list, you don’t get a chance to speak with me unless you leave a message on my non personalised default voicemail. I’m on silence unknown callers 24/7, it’s fantastic for dealing with morons who have no right calling me in the first place.
3 Likes
A simple, effective strategy 
And as if by magic, today I received a message on my burner phone from a child I never knew I had 
"Hi Dad, I’ve changed my phone number. Click on the link and funnel me your wealth into my account at Mugmebank
Ok, hard to believe that I made the bank name up, 
but the text is so pathetic it was clearly thought up by a cretin. My point is, surely, surely no one could be suckered into responding to such an outrageously stupid text?
Well, it was worth a try……!! 
1 Like
I think that type of text is also a bit sick. Imagine if you were a parent whose child had passed away and you received that. You’d feel quite upset I would guess. Then again, I get emails from famous name retailers promoting Mother’s/Father’s Day and my parents are long deceased. I guess you just have to put up with it 
1 Like
Throw enough balls at enough coconuts, eventually you’ll win a goldfish. If they send that text to a million people, and just a hundred of those have a child that recently moved out, you’ve immediately got a pool of people for whom the text appears much more likely to be genuine.
Anyone else received the email from the professional hacker ?
Multiple times it appears in my Junk folder, from different email addresses, always verbatim with previous issues.
TLDR: It alleges it’s caught me watching porn on my computer and doing self-entertainment and I need to deposit money in their bitcoin account to make them go away. A rather reasonable $640
Hi there!
I am a professional hacker and have successfully managed to hack your operating system.
Currently I have gained full access to your account.
In addition, I was secretly monitoring all your activities and watching you for several months.
The thing is your computer was infected with harmful spyware due to the fact that you had visited a website with porn content previously.
╭ ᑎ ╮
Let me explain to you what that entails. Thanks to Trojan viruses, I can gain complete access to your computer or any other device that you own.
It means that I can see absolutely everything in your screen and switch on the camera as well as microphone at any point of time without your permission.
In addition, I can also access and see your confidential information as well as your emails and chat messages.
You may be wondering why your antivirus cannot detect my malicious software.
Let me break it down for you: I am using harmful software that is driver-based,
which refreshes its signatures on 4-hourly basis, hence your antivirus is unable to detect it presence.
I have made a video compilation, which shows on the left side the scenes of you happily masturbating,
while on the right side it demonstrates the video you were watching at that moment…ᵔ.ᵔ
All I need is just to share this video to all email addresses and messenger contacts of people you are in communication with on your device or PC.
Furthermore, I can also make public all your emails and chat history.
I believe you would definitely want to avoid this from happening.
Here is what you need to do - transfer the Bitcoin equivalent of 640 USD to my Bitcoin account
(that is rather a simple process, which you can check out online in case if you don’t know how to do that).
Below is my bitcoin account information (Bitcoin wallet):
. blah, blah, blah
Once the required amount is transferred to my account, I will proceed with deleting all those videos and disappear from your life once and for all.
Kindly ensure you complete the abovementioned transfer within 50 hours (2 days +).
I will receive a notification right after you open this email, hence the countdown will start.
Trust me, I am very careful, calculative and never make mistakes.
If I discover that you shared this message with others, I will straight away proceed with making your private videos public.
Good luck!
Right, considering there has never been porn on this device, and as I have now shared their message, I await contact from friends and family that my private videos are now public.
To$$ers! 
1 Like
Bloody hell !
Now THAT could really create some alarm. Ignoring some of the vocabulary, it’s detailed enough to cause folk to knee-jerk into what they’d consider to be remedial action ie. pay up.
As colleagues have reminded us earlier, pitch it often enough - you’ll hook someone.
Truly are bastards - they only expect to snare the vulnerable and unsuspecting. Hellish.
1 Like
I can only dream of getting emails like that 
Have you got a link I can sign up to?
You can’t watch it Topsy, otherwise you’ll have to pay the fine too!
If you enjoy this check out r/scambait though
1 Like
I’ll happily chuck a wad of cash down a public toilet for that level of excitement. 
Surely this is a scam. I know new iphones can be expensive, but six-figures for an old one!
Not intending to derail this topic though, so more for sharp-intake-of-breath entertainment than continued debate in this thread 
I do love the and eighty cents winning bid though