Protect Your Financial Information

Learn about vishing, smishing, and contactless card fraud to safeguard your assets.

What Is Vishing?

Criminals make money, tons of money by relieving us of ours. Criminals rely on the fact that for the most part us regular humans have a lazy streak. We like things to be easy. The easier something is and the more routine it is, the less notice we take. A fraudster knows this and exploits our apathy.

With vishing, the criminal will call your mobile or landline pretending to be from an official organisation and start the scam. The objective is to gain your confidence, certain details and ultimately your cash. Fraudsters are becoming increasingly more skilled at doing this

The calls typically come from an official source. It could be your bank, a government dept, or utility provider including telecoms, and recently callers claiming to be from Amazon, the list is endless.

If your phone has caller display you may notice that an official phone number is displayed. The fraudsters have the technology to ‘spoof’ any phone number. This tricks your phone into thinking that the call is being made by a certain phone number when in fact its probably an automated call made via a computer.

The Vishing attempts come in a variety of styles.

Automated Call

When you answer the call you may hear an automated voice. This is designed to grab your attention, and may unsettle you. You may hear a message that tells you your account has been compromised or a suspicious transaction has been spotted. If the call stays connected you are transferred through to a person purporting to be from the organisation and the conversation will be designed to trick you into providing personal details. These may be a simple and as direct as asking your card details, or you may have to provide ‘security’ details that can later be used to conduct identify theft.

Voice Call

These calls are when you answer the phone and instead of an automated message you get a person on the other end. More than likely they are sat in a room somewhere with a device that is randomly generating phone numbers until someone answers. The most common of these types of scam is someone saying you have issues with your computer, your Amazon account is going to be shut down, something to do with your bank account being compromised, or HMRC overdue tax bill.

The other type of Voice Vishing call is more direct and some would say convincing. This is where the fraudster knows a bit of information about you. They call you and use this to convince you into giving more information. For example I had a call from BT customer services to discuss my broadband renewal. I didn’t think anything of it as my contract was about due. The person calling could throw me a few personal details such as my name & phone number. It was only when they started asking me personal security details , such as date of birth that I realised something was up. After all they had called me. After a brief exchange of unpleasant words I hung up slightly annoyed that I hadn’t spotted it earlier.

What You Can Do To Combat Vishing

A few simple steps can help to protect you.

• Remember if its too good to be true, it probably is.

• If a company calls you unexpectedly, hang up. Locate an official number for the company from a document, or reverse of debit card and call them direct.

• Before calling the company back wait 5 minutes or use a different phone. This will ensure the fraudsters are not still listening

• If you are getting a lot of unsolicited calls, invest in a call blocking phone and register for TPS, this may help reduce the calls.

“Our ability to manufacture fraud now exceeds our ability to detect it.”

Al Pacino

Discover more about Vishing

UK Gov Support

TPS

Report a Scam Call

What Is Smishing?

No its not a bond villain’s organisation! Have you ever watched a magician? A Magician will trick you into believing something is real, even if it is not. Smishing is exactly like watching a magician. Your phone receives a text message that looks real, like it has been sent from a known company. In turn, you may be tricked into opening the text message and may even click on the link provided.

“The fraudulent practice of sending text messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords or credit card numbers.”
-The Oxford Dictionary

What does a typical Smishing scam look like?

Your phone receives a text message from a well-known organization, let us say a bank. The message looks authentic and may even appear to come from an official company phone number. The message itself will usually be some sort of scare message. Telling you something is wrong with an account and providing a link to click on, so that you rectify whatever the error is. The link will most likely redirect to a fake web page

What else do I need to be aware of?

Mostly all Smishing text messages follow the same themes:

They will play on your emotions. They will make you fear losing something, or put doubt in your mind causing you to question your trust in something.
They will almost certainly provide a web link or a phone number.
They will provide a scenario that needs an urgent response – or else.
If you follow the link they provide, the website will request and collect confidential data, or deposit viruses on your device. They may also provide a phone number that most likely will be a premium rate number.
It’s OK I use a messenger app, I don’t use text messages….

Well, just because you don’t use SMS doesn’t mean you should drop your guard. Statistically speaking you will use the SMS function on your mobile phone, so at some point you may see a SMS that may or may not be fraudulent. Smishing attacks can also be conducted via messaging apps such as Whatsapp. The delivery may be different, but the function is the same.

Tips to avoid Smishing scam

Great news, it’s easy to avoid being scammed by Smishermen – ok fraudsters!

First remember it’s absolutely fine to be suspicious! Fraudsters are playing on people’s apathy and general unwillingness to look deeper.
If you are worried about what the message is saying, get in contact with the company directly – do not use any numbers provided on the text message but find out if it’s genuine!

Don’t respond. The Fraudsters maintain a list of ‘suckers’. By replying you are declaring to the fraudster you are a sucker and your number will be on the list. This means you can expect more messages – so don’t do it! Unless like me you like laughing at the badly spelt, badly worded text messages before they promptly get deleted.

Forward the message! Yes you read that correctly. Your network operator has a duty to block the messages before they arrive. They can only do this if they know what numbers to block. So forward the suspected fraudulent message to this special number (this works for all networks apart from Vodafone – see below) : 7726 (Vodafone subscribers, 87726)

I have clicked on a dodgy SMS message – what do I do?

Firstly don’t panic and don’t be upset with yourself. These text messages and associated websites are designed to be super convincing. Just follow some steps to help you become secure again

Change your passwords. Do this as soon as you can for things like your online banking, email address, cloud storage etc.

Contact your bank. It’s a good idea to get in touch with your bank, just to make them aware of the situation. They’ll be able to let you know the best course of action.

If you have provided lots of personal info consider proactive registration with CIFAS, it will cost around £25 quid but well worth it in my eyes

If you have lost money as a result of a smishing text, or via any other fraudulent activity…

Report it to Action Fraud, the UK’s national fraud reporting centre by calling 0300 123 20 40 or by visiting www.actionfraud.police.uk. If you are in Scotland, contact Police Scotland on 101.

Discover more about Smishing

CIFAS

Get Safe Online

Book of Scams

Contactless Card Fraud

There is no doubt that the Covid pandemic has altered daily life dramatically since the beginning of 2020. Along with lockdowns, social distancing and the use of masks we have all been asked to use our cards to pay for goods and services instead of physical cash.

Although this is a major shift in how we use cash, it may surprise you to know that as early as 2018 contactless transactions had taken over chip and pin as the dominant form of card payment. Cash, it seems, is no longer king.

According to Finance UK, total spending on all debit and credit cards reached £829 billion in 2019, with 22 billion transactions made during the year. Interestingly fraud losses on UK-issued cards totalled £620.6 million in 2019, an eight percent decrease from £671.4 million in 2018 and out of that total contactless card fraud remains low, with £20.6 million in losses.

They are the same debit and credit cards we have been using since the 1980’s however in 2007 our cards got an upgrade. Here in the UK, Barclaycard integrated a small chip and an antenna into cards. This chip can communicate with a card reader and complete small value transactions instantly, without the input of a pin.

Since its launch, the technology has moved on at a rapid pace. Contactless payments can be made from technology such as mobile phones through to smart wristbands.

What security is in place with contactless payments?

All the major banks say that contactless payments use the same level of security as a traditional Chip & PIN transaction and have certain features that limit fraud. Although they do not go into detail on what the certain features are, they do say that they employ real-time fraud detection systems to detect potentially fraudulent activity, for any credit or debit card payment transaction. Basically, this means that all contactless payments are being monitored and if the transaction meets a known fraud pattern the transaction will be blocked.

The other weapon the bank has against fraud is your PIN. Have you ever tried to pay for a contactless payment only for it to decline and then had to switch to chip and pin to complete the transaction? This is because the bank is checking you still have your card! After a certain amount of consecutive contactless payments, the system will ask for your pin. So, if some ne’er do well steals your card and goes shopping they cannot spend too much of your hard-earned cash before they are stopped. The banks used to say that it was 6 consecutive contactless payments, however in September 2019 the second part of the EU’s payment directive kicked in. This means that your pin is required when 5 contactless payments have been made or your cumulative payments reach £130.

What happens if someone goes spending with your card?

Most of the high street banks operate a fraud protection guarantee that specifically covers for contactless payments. This typically puts you back to the position you had before the fraud. It is worth checking with your bank what protection is in place.

Finance UK actually states “Victims of unauthorised payment card fraud are legally protected against losses. Industry analysis indicates that banks and card companies refund customers in over 98 per cent of cases”.

Can someone scan my card to steal cash?

There have been reports that on the London underground people have had their cards scanned and subsequent money lost. However, this was proved to be false. Any thief would need a legitimate business account and a registered card reader to take any payments. Then they would need to be close, – really close- to your card (almost touching it). Card readers will not work if they encounter other objects, such as other cards, keys, and phones.

These facts have not stopped scare mongering around contactless card thefts and a rising number of companies and products reporting to prevent such theft! (I will leave it up to you to decide if buying such products is a theft in itself)

Contactless fraud has increased..

Whilst it is true that the banks have managed to reduce card fraud in the UK, fraud attributed to contactless cards has doubled over the last few years. This Is simply because more cards in circulation have a contactless chip and so are lumped under the contactless category. UK Finance told the independent in 2019 that “No contactless fraud has been recorded on cards still in the possession of the original owner.” So, for card/contactless fraud to take place the card has been placed in the possession of someone else.

What To Look Out For...

The biggest thing to remember is not to give your card to someone else. As we have seen fraudsters need your card and are finding very clever ways of ways of obtaining it. Here are some of the most common tactics:

ATM card entrapment (otherwise known as a Lebanese loop, shoulder surfing and PIN pad cameras.)

This is when the cash machine. is compromised by a fraudster with the purpose of obtaining your card. Typically, the cash machine may have been fitted with a device that is designed to capture your card. You would input your pin as normal (with it being recorded by the fraudster), once the transaction is completed you are unable to retrieve your card. Thinking it has a fault you walk away or go and seek help. The fraudster then removes the device that obtains your card. Over the years I have seen cash machines with false fronts, fake keypads and tiny cameras that are designed to record your pin presses. I have also witnessed shoulder surfing where a fraudster would stand behind you watching your keypad presses

Distraction thefts

Techniques vary from the simple ‘you’ve dropped something’, right through to more complex scams. Fraudsters are becoming more brazen and skilled in obtaining your cash.

Here is an example of a more complex distraction scam that did the rounds recently.

A courier delivered a parcel and told the recipient that extra payment was required. The recipient attempted to argue that no extra payment was required however the courier span a very convincing story as to why the payment was needed. The courier then handed the recipient a card reader to receive payment. The only issue is that unknown to the recipient the card reader was fake and did not work. After a few attempts the courier told yet another convincing story, in that both the card and the card reader needed to be returned to the van. The recipient agreed and the courier did indeed return to their van only to use a second reader that was fully working and relieve the card holder of £90 quid. The courier then returned the card to the owner and went on his way. The card holder only realised they had been conned once their statement had arrived. The recipient called the delivery company who had no knowledge of the driver, the police were then called, and the fraud was logged. The bank was then informed and took some convincing that it was fraud as the recipient had willingly handed over the card. In the end the bank backed down and refunded the recipient.

This illustrates those fraudsters will go to great lengths to access your card and in some cases, banks may take convincing that you are not complicit.

How To Keep Safe

• Always report any lost or stolen cards to your bank or card company straight away

• Check your statements regularly and if you spot any payments you don’t recognise then contact your card company immediately.

• Make sure you fully cover your PIN with your free hand or purse or wallet whenever you enter it. If you spot anything suspicious with an ATM, or someone is watching you, then do not use the machine and report it to your bank

• If you’re using an online retailer for the first time, always take time to research them before you give them any of your details. Be prepared to ask questions before making a payment.

• If an offer looks too good to believe then it probably is. Be suspicious of prices that are unfeasibly low.

• Only use retailers you trust, for example, ones you know or have been recommended to you. If you’re buying an item made by a major brand, you can often find a list of authorised sellers on their official website.

• Take the time to install / understand the built-in security measures most browsers offer

Discover more about Contactless Card Fraud

Take Five To Stop Fraud

Little Book Of Scams

UK Finance

You might like our other Features

Support our website with a coffee.