UK Finance reveals huge rise in APP fraud

It never ceases to amaze me how fraudsters manage to be so convincing that they successfully influence their victims in to making these transfers. Especially given all the recent “are you sure?” warnings that adorn our banking apps.

So you know the Nigerian Prince scams? The reason they work despite typos and a stupid premise, is because they target the people who would fall for such a scam. Everyone else bar a few who finds it funny to mess with them, just ignore the scam entirely.

I imagine it’s similar to why APP scams work.

2 Likes

I’ve seen some examples at work whereby a customer’s email account gets compromised. The scammer then waits until a large invoice arrives, then intercepts the email, amends the bank details, and drops it back into their inbox. The customer sees an invoice they were expecting from what looks like someone they know, they pay the invoice et voilà - money gone.

2 Likes

A few solicitors I know have switched to confirmation payments for this reason. They get you to pay a £1, then confirm receipt via text and email before the big transfer. Coupled with confirmation of payee, this needs to become the standard. Maybe faster payments should even support some kind of trial transfer.

3 Likes

Santander’s break the spell team.

1 Like

They also pretend that they give some kind of services like make a cake, and ask for money for it. You never receive the cake. But you have paid your money for it.

1 Like

And I know British Banks also don’t always refund defrauded victims.

1 Like

Quite a few banks signed up to the authorised push payment (APP) fraud voluntary code, but not all of them. If a bank has signed up to the code, and the customer can be shown not to have acted negligently, they should get their money back. It’s a shame this code is just voluntary.

1 Like

That article is a bit of a smear piece on Revolut, frankly.

First of all, the whole “safe account” and TeamViewer download is the definition of a scam - it would never, ever, happen legitimately and obviously if it did have to freeze your account a bank would do it themselves at their end rather than get you to move money out. Everybody knows this.

Secondly, how can Revolut be held liable when the scam was to transfer to another account which was already compromised, and nothing to do with Revolut. How can Revolut be blamed for that when they had no idea what was going on at Virgin Money?

Thirdly, if the scam involves a computer, and Revolut is only accessible via an app, this is again a red flag.

Finally, the other case where the user’s card was stolen - it could have happened at any bank and was probably down to using an obvious easily-guessed PIN (like 1234) or having written the PIN down in a wallet in a “secret” note which was found. Again, how can a bank protect against that?

If banks stopped every single transfer to “protect the vulnerable”, it still wouldn’t even make a difference as the victim themselves says Revolut sent numerous warnings and they ignored them. There is no point adding further warnings if customers will ignore them anyway.

2 Likes

If this was true, then the scam wouldn’t be happening, especially on the industrial scale which it is.

It’s easy (but a mistake) to project one’s own knowledge upon the entirety of humanity. It’s also a mistake to believe scams are obvious, every challenge is easy to overcome if you know the answer.

2 Likes

OK - that was, perhaps, an unfairly blunt phrasing. I maybe should have said everybody should know this. But banks do tell you about these scams regularly; by email, notices on their websites and even paperwork included with statements - as well as TV adverts and so on.

As shown in the Santander video above, the reality is that these scams are a result of social engineering - not so much “vulnerabilities” in the system.

Also, I do believe that if this kind of common sense (which is all it is, really) is not in fact common then people need to take more responsibility to educate themselves - including actually reading anti-scam advice from banks to ensure they are being vigilant. Obviously you do feel for the woman in the article, but she did say, in a rather flippant way, that she “expected” Revolut would just give her all the money back. People should not “assume” or “expect” that - and they definitely are less vigilant as a result, I think, because they always think they won’t lose out personally.

My point is that people should “know the answer” by recognising the scam and then they will understand it’s a scam - but they need to have general knowledge of how to avoid scams first.

2 Likes

People need to know, but people do not know, and getting the populous sufficiently educated on this is the work of years, decades even.

I think “common sense” is a load of bumkum to be honest. You know what you know and you don’t know what you don’t know. Presumption helps nobody.

As an example, during Covid a very good family friend of ours was having trouble with their computer, so at the end of the first lockdown I prepared a new one for them and as part of that I installed TeamViewer on it so I could help them remotely even if they had to isolate or lockdown or whatnot. Eventually the time came that they needed some help so I logged on and did what I needed to.

I presumed that he’d know the nature of the software, if not from knowledge of it from the actual demo of the client side, but when I next saw him he was totally fascinated about how I was able to make the computer do the task without being there. It wasn’t until I took my laptop and demo’d what I could see that he understood I could see everything and do anything. (Obviously I used this as an opportunity to explain why it’s so important that he never gives the details to anyone over the phone other than those he would trust using the computer without him, and never anyone claiming to be a bank or company.)

This isn’t some fool we are talking about, he is one of the most intelligent and worldly people I know, he’s Cambridge educated and although he’s not a digital native he has used a computer (for his job as a film, television, radio and stage writer) for 30 years and he’s been online longer than me.