Fraudsters “stealing millions” through remote access bank scam

The scam begins with a phone call and ends with criminals taking full control of a victim’s computer and online banking. Targeted by fraudsters mimicking legitimate bank fraud teams, victims unwittingly grant access to their bank account and funds are then swiftly drained, often before the individual realises they’ve lost control of their account.

Given that International Fraud Awareness Week runs from 16-22 November, the Cyber Defence Alliance has again teamed up with fraud prevention service Cifas and national banking trade body UK Finance to raise awareness of this latest threat. 

Victims are first contacted by phone – sometimes after receiving a text – by someone pretending to be from their bank. The caller claims there has been fraudulent activity on their account and that they must act urgently, directing them to a website that looks like that of their bank, but in truth is fake.

Once on the fake site, the victim is asked to click a ‘chat’ button. This secretly installs software that gives the fraudster remote access to the victim’s device (including their online banking).

If the bank sends a security code (such as a One-Time Passcode or similar) to the victim’s phone, the fraudster tricks them into sharing it. This allows the criminal to move money or set up new payees. In some cases, victims are even persuaded to set up call forwarding, which blocks genuine calls from their bank.

Sophisticated scams

Garry Lilburn, operations director at the Cyber Defence Alliance, said: “These sophisticated scams rely on psychological manipulation to bypass bank fraud controls. If you receive a message or call that feels unusual, take a moment to consider whether it matches how your bank normally communicates. If anything seems awry, end the call immediately and report it using your bank’s official contact methods.”

Mike Haley, CEO of Cifas, commented: “Fraudsters are creating a false sense of urgency to exploit people’s trust and steal large sums of money. Banks will never ask you to download software or transfer funds to protect your account. If you receive an unexpected request, take a step back and question it before responding.”

Dianne Doodnath, principal of remote banking channels at UK Finance, added: “Impersonation scams often begin with a message or call claiming to be from a trusted organisation. Criminals may try to rush you by saying your money is at risk. To protect yourself, follow the Take Five to Stop Fraud advice: pause, check the source and only respond using verified contact details.”

Six ways to protect yourself from remote access-centred bank scams:

*hang up and call your bank back using a number from your bank card or app

*never trust a call just because it sounds professional: always verify the caller

*use 159 to connect directly to your bank’s fraud team

*never share One-Time Passcodes or allow remote access to your device

*report suspicious text messages by forwarding them to 7726

*visit the Take Five to Stop Fraud website for further support and advice

Anyone concerned that they may have already been targeted should contact their bank immediately and report the occurrence to Action Fraud by telephoning 0300 123 2040.