One bank transaction: six potential attacks

One of our colleagues had a call from their bank’s fraud team this week, because the fraud team were concerned that she was being scammed. We’re sharing the story because it covers a number of possible frauds that could happen to you, or to your business.

The payment she’d requested was to go to a newly set up payee at an unfamiliar bank, and followed a PIN reset. It’s not surprising that a red flag was triggered at the fraud team. Further red flags were clearly raised in the mind of the fraud expert during the conversation.

After the usual name and date of birth identification routine, the bank asked some unusual questions:

What kind of device had been used to make the payment (it had been a PC)
Whether our colleague knew that collaboration software was being run in the background of the PC used at the time of payment.

[Potential problem #1]

In this case, it was known software, installed at the request of a genuine Microsoft employee after a ticket had been raised with Microsoft support. The bank explained that this kind of software is often used to observe a potential victim’s activity before stealing personal information or taking control of a device—and we’ve surely all had calls from scammers pretending to be from Microsoft. But it is interesting that the bank knew that this software was running.

[Potential problem #2]

The bank didn’t ask about the PIN reset, but it is easy to see that a PIN reset might have been done by a fraudster in order to gain access to a bank account. They were more concerned about the bank that the payment was to go to, as the fraud team said they have seen many scammers using that bank.

The fraud team then asked for a description of the purpose of the payment.

As it happened, this was a private donation from a friend to a Ukrainian refugee to cover travel expenses to get to college every day.

This triggered a series of further, and repeated, questions:

Whether the payee was in the UK
How well the payee was known
Whether the payee had ever been met in person
Whether the payee had shared their bank details in person
Whether our colleague had been asked to lie to the bank
Where the money had come from to make the payment (and how well that person was known)

This is because there are a number of scams that rely on this kind of money transfer.

[Potential problem #3]

We’ve discussed the romance scam before, in which an online relationship turns into a request for money. This would be why the fraud team wanted to know how well the payee was known, and whether they’d ever met in person.

[Potential problem #4]

Another is the authorised push payment fraud, in which the victim thinks they are sending money for a genuine reason (buying something, perhaps) but they are actually sending it to a scammer. This is why the bank wanted to understand what the payment was for, and where the destination bank details had come from.

[Potential problem #5]

Yet another is the foreign money transfer scam, in which the fraudster asks for help to transfer money out of their country, often as the result of a war or a disaster, and promises to pay the victim a share of the money in exchange for their help. Again, given the scenario involved a Ukrainian refugee, it’s easy to see why the bank was concerned.

[Potential problem #6]

And then there is the money forwarding scam, in which the victim is asked to accept a payment into their bank account, and then to forward it to another account for a cut of the money. This is likely to be money laundering and this is probably to be the reason for the question: how did that money arrive in the bank account in the first place?

It’s a happy ending: there was no scam involved, just a very interesting conversation with a fraud expert. But it does highlight the range of potential scams that could be involved via a simple bank transfer. Whether involving a personal bank account or a business bank account, and why the bank fraud team might call to check on a particular transaction.

If you’d like to talk about any cyber security issues, do contact the Click and Protect team on 0113 733 6230, or use our web form, and we’ll get back to you as soon as we can.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

You might also be interested in: