31 July 2020

Cyber crime case study #01

Veronica – 39, founder of small clothing business and mother of three children, 9, 7 & 5.


Being a fraud victim isn’t something you imagine will happen to you – it’s definitely something you read about and presume it’s only those more vulnerable members of society who get sucked in.  In hindsight, I still can’t believe how easy it was to be tricked into giving away £20,000 - a significant portion of our savings for the children’s school fees.

I was driving back from one of the boy’s football matches and I got a call from someone purporting to be from the bank. He sounded familiar and convincing and asked me to confirm several transactions, which isn’t unusual – their fraud prevention team is sometimes frustratingly efficient, ringing to confirm payments that are seemingly out of the ordinary. The last time they called was when I booked a hotel in Spain for a weekend trip.  So I thought nothing of it when the chap asked me if I’d tried to buy a Mercedes in Manchester for £10,000. 

Between us, we agreed this was definitely a fraudulent transaction and it was to be stopped.  We carried on the conversation and he went into quite a lot of detail about how my cards and other accounts had probably been compromised and he should have a look into it, which seemed the sensible thing to do.  Now I know to never give my PIN number to anyone but at some point in the conversation, I must have done.  Remember I was driving and I got a bit flustered so I asked him to call me back in half an hour by which time I would be home.

I got home and immediately logged into my online account and sure enough two new accounts had been set up each showing a balance of £10,000. He called me back at the appointed time by which point I was feeling properly concerned.  I asked him to prove his identity and he asked me to check the number on the back of my credit card with the number showing up on my mobile – and sure enough, they were the same, so he was definitely calling from the bank.

I asked him to prove his identity and he asked me to check the number on the back of my credit card with the number showing up on my mobile – and sure enough, they were the same. 

 

He then persuaded me, that to cancel the two new accounts, I needed to make a payment to the central bank account, details of which he gave me. By this time, I was completely falling for his advice and unwittingly paid £20,000 into an account, which I thought was the bank’s own account. It wasn’t until the next morning when we got a call from the real fraud team that I realised I had been completely duped and gone against all the advice I’d ever known. 

He had, by sounding knowledgeable about my account and talking like a bank manager, persuaded me to hand over my PIN.  Once in my account he had changed the names of two accounts by using the nickname function and made some internal transfers so these two accounts had £10,000 in each.  All he then needed to do was persuade me to make the payment.  Seeing that my accounts had been “hacked” I was convinced something had to be done.

I now know, and encourage anyone else in this situation, that what I should have done is called the bank back on a different line to verify their identity. Fingers crossed it won’t happen again and that no matter what I’m doing at the time, I am clear-headed enough to challenge any instructions.

Cyber crime - case study 01

Download

Related articles

I bought my first shares on the London Stock Exchange back in the mid-1960s.

Justice Ruth Bader Ginsburg (affectionately referred to as RBG) died last week after serving on the Supreme Court for 27 years.