What's The Catch?

Emma Watson

Vishing Scam Victim

Sophisticated criminals have a host of ways of scamming consumers out of their hard-won finances once they have a few basic details, including ‘vishing’ (voice phishing) and ‘smishing’ (SMS phishing). Nursery owner Emma Watson became a victim when she was conned out of £104,000 last June after being duped by an official sounding call from the ‘NatWest fraud team.’ Emma, from Wandsworth, London, had recently received a large sum into her account – but was persuaded to switch money into new accounts in her own name by a fraudster.

Although the bulk of the money was sent to the accounts of other NatWest customers, Emma and her husband Alexander were later told they stand to only get a fraction of the money back, unless they take legal action against the receiving banks. Police admit the twin scams of extorting money by ‘vishing’ (voice phishing over the phone) and ‘smishing’

(SMS phishing over text message) are rapidly increasing, while the number of stolen or fictitious bank accounts opening doubled to 23,000 last year, according to fraud prevention bureau Cifas.

“When the call came, it sounded so genuine,” Emma says. “It was my landline, which is a number I rarely give out. The woman I spoke to said: ‘This is the fraud team at NatWest, I’m very sorry to say we have detected some unusual activity on your account.

“She knew my name and that I banked with NatWest and told me her name was Angela. She gave me the impression she was looking at my account information in front of her. It was the exact patter you would expect from a bank call. She had a slight Scottish accent just like a NatWest call centre person would. There was none of those crackly lines and fumbling around.

“She asked me if I had recently shopped at Argos and Tesco and I said ‘No, I haven’t’ and she said: ‘Yes, I can see that you don’t usually shop there.’

“She said the bank had been alerted to some attempted payments saying somebody had made three separate attempts to take money from my account – first £1,000, then £600 and finally £400 – but none of the transactions had gone through.

“It was very convincing. It was so professional I thought later that it sounded like somebody who genuinely had been working in that role for a bank. They must have studied it in minute detail.

“‘Angela’ went through my accounts and she asked if I had any joint accounts. I thought she had access to one, but wasn’t seeing the others. When I told her I did, she wanted to call my father too who shares an account with me to let him know. So I gave her his number and she rang him on a withheld number.

“When she got through, he told her he didn’t take calls from numbers he didn’t know, so she told him to look at the back of his bank card and she would call back on that – the bank’s number – which she did.

“She called me back after the conversation and said to me, ‘What a lovely man.’

“‘Angela’ told me there had been some computer fraud on my account and she would be sending out a new anti-virus CD with software that the banks themselves use, so I shouldn’t have any more trouble.

“She warned me that because the fraudsters had my account details, I would need to move my funds. She said: ‘I’ll call you back in 10 minutes, I’m just setting up your temporary accounts.’

“On that day, a Friday, I moved some money across, and also on the Saturday and on the Monday morning. I did say to her at the time: ‘Why can’t the bank just do this – why do I have to make all these transfers?’ “But she told me the bank couldn’t make a single transfer until the sum got down to a certain amount.

“I was under a bit of pressure with my business and everything else I was doing at the time and I kept saying: ‘Isn’t there another way, because I’ve got all these calls every hour or so and I’ve just go so much to do,’ and she reassured me that they would be able to complete the rest of the transfer on Monday.

“I thought later that it sounded like somebody who genuinely had been working in that role for a bank”

“So I transferred the money at £15,000 and £20,000 at a time. It was deposited into about six or seven accounts, but because they were all in my name, I didn’t think there was anything wrong. It was only later I discovered that the name of the account makes no difference when the bank is making a transfer. If it wasn’t in my name I would have asked a few more questions.

“I had a card reader and I put in a new payee, which was in my name – as each account had already been set up. They were fast-track payments – you put in your name, the account number it’s going to, and you confirm that with a card reader and authorise it.

“Obviously, I now know that when she called back to say ‘We’ve set the account up so you can transfer the money in now’ they were just queuing up people to get ready to take it out, so as soon as that money was transferred, they were at the other end taking it out in Euros or Thomas Cook money orders for several hundred pounds at a time and the accounts were really in the name of financial mules, who will move money around, but often don’t want to help the police.

“It was only on the Tuesday morning that the penny really began to drop. Angela rang again, only this time, she just said: ‘It’s me’ and she even yawned.

“I thought: Oh gosh, that doesn’t sound very professional and that’s when I called my father and said ‘Can you just get hold of the bank manager and make sure Angela is who she says she is – because she sounds slightly unprofessional? But I still didn’t think she was a fraudster.

“Then that morning when I was meeting up with the architect to talk about the plans for the nursery, he told me he’d been listening to a radio programme over the weekend about fraud. When I told him what had happened, he said: ‘No, that’s not the bank stopping the fraud, that call was the fraud.”

Emma’s father quickly made 11 frantic phone calls to bank call centres and numbers without being transferred to a fraud specialist or even confirmed if there had been a fraud, although on the first call he was told the money was secure and it wasn’t a fraud.

“We had been trying to get to the bank all morning and they had been giving us conflicting advice. Strangely the fraudster I had been speaking to sounded more professional than the actual NatWest staff I was now trying to speak to.

“It was shortly after that we went straight to our local branch in Esher and the manager confirmed there had been a fraud and told us, ‘you won’t get your money back.’

“That was the worst point. It was sickening. But I still thought, it can be traced – it’s in my name, it can’t just go. There had been nine transfers in total – all NatWest and RBS accounts and one to Santander.

“We still had hope and we spoke to our business manager in our bank in Bury St Edmunds, which is where I’ve banked for 40 years and we were given the advice from the manager that ‘if we can prove it was a fraud and if the receiving banks agree, then you will get your money back.’

“We thought we could easily prove that, but it turned out that we were wrong. We wrote to the bank managers and the fraud teams of all the receiving banks that the police informed us of, but did not receive any letter of response from any of them.

“We were totally stonewalled by the banks. Finally we got through to a very senior executive at RBS, the owners of NatWest, but he didn’t have all the right facts and there was clearly no proper file on our case.

“The bank also failed to supply on request to the Ombudsman all the recordings of our telephone calls, which we believe would have showed the varying advice they gave to us.

“Having shared our story with the BBC Moneybox Program they followed up with the bank’s press office and it led to the full recordings of the calls being provided.

“NatWest has since agreed to pay us £16,000 because it didn’t act fast enough when we first alerted them. Meanwhile the Ombudsman has told the banks that they should repay a further £15,000, but we want to get the whole amount returned. We believe the bank is holding out because the issue of the names being checked on transfers is a security failure and they would have to pay out too much money to put it right.

“I will also always be curious how they knew my bank, my name and phone number”

“The banks also say verification of account holders’ names would never happen, because they just want fast payments – fast movement of money.

“I certainly thought if the name didn’t come up as being the same as the account payee it would have to match, but it didn’t. The name has no bearing on the transfer at all. They ignore it.

“That money represented years of saving and our house, which we had taken money out of.

“Thankfully,” Emma says, she has still been able to set up her nursery – Sapphires – in East Molesey, Surrey after opening a crowdfunding page.

“It wouldn’t have been possible if it wasn’t for the generosity of people around us. It was a long- standing plan to set up a nursery,”

Emma, whose husband is a marketing executive, adds: “I’ve been looking for premises for around three years and everything went into it. It managed to happen because of the support of everyone around us.

“I think it will take us about five years to pay it back – hopefully less – but it certainly has shaken my faith in human nature.

“I will also always be curious how they knew my bank, my name and phone number and how there was money in my account in the first place.

“I don’t know how many people have been hit by this kind of scam.

“But I have since heard that several City law firms have been hit for millions in money transfer scams, and now transfer £1 first, so the account can be checked before large payments are made.”

NatWest Chief Executive Ross McEwan later wrote to the couple to apologise and admit to a delay in the bank’s response. The bank has refused to say why it took longer than expected to stop the fraud, but pointed out Emma had transferred most of the money by her own free will, meaning the bank had no liability.

VISHING AND SMISHING

Vishing is an abbreviation of voice- phishing. It cons householders into handing over their bank or card details over the phone. Smishing – short for SMS phishing – is a similar scam worked by text messages. They often combine several common factors.

KEY DETAILS – The conmen and women have hacked or discovered enough to lead you to believe they are looking at your bank account. This is likely to include your name, address, phone number and bank details – just as a genuine call would have.

WAR DIALLER – This is a computer program that can be used to dial all the numbers in a locality or area or in a single institution. It is commonly used by both hackers and scammers. Sometimes they will use a text or speech synthesizer to warn of fraud on a bank card, before urging you to call a spoofed number and keying in your details on a phone keypad.

REQUESTS FOR QUICK ACTION – Fraudsters press upon a need for fast action, which can lead to some people not fully questioning their actions.

CALLER ID SPOOFING – Conmen can disguise or change their phone number to make you believe they are calling from an official organisation by using computer- aided Voice Over IP techniques.

HOLDING THE LINE – If you hang up, they can keep the line open. This way you are actually dialling straight back to the fraudster, while background or call centre noises can be faked.