• 01525 331060
Woman with mobile phone

A Real-Life Banking Scam & How We Intervened

2nd May 2024
Banking scams are getting more sophisticated all the time – and anyone can potentially get caught out. But, what actually happens during a banking scam, and how serious can the consequences be? In this article, we’ve taken a real-life example of how a user of one of our clients came frighteningly close to having the company account ‘completely wiped out’ by a scammer, after receiving a very convincing telephone call. We also look at how these types of scams can affect your business, how you can guard against them (and train your team to guard against them), and what to do if you become victim to a similar scam.

A Real-Life Example of A Banking Scam

The following scam-attempt happened to a user of one of our clients. Thankfully, the scammer was unsuccessful, but from the story you’ll realise things could have gone very differently. Here’s a rundown of how it played out.

The Scam Attempt

The user had a highly convincing call (supposedly from Barclays) claiming there had been a fraudulent transaction on their company account that had been stopped. The user was then given a number by the caller to call back on.

However, before the user could call the number, the caller called back using a No Caller ID number and asked the user to visit barclays.net to find out if Mobile Device Access was disabled or not.

The caller then said that Mobile Device Access on her device should be disabled as they [Barclays] had blocked it due to the ‘fraudulent activity’ they’d detected earlier. Of course – Mobile Device Access hadn’t been disabled.

The caller went on to say that to resolve the issue, they’d need to remotely access the users device via AnyDesk, which they did, and once on the device requested elevated admin rights, at which point the user thankfully contacted us.

What We Did Next

After the user had made contact and told us what happened, our first action was to insist on the user contacting Barclays to clarify whether this was genuine or not.

Whilst the user was on a call which took around 30 minutes, we ran a virus scan on the device which didn’t find anything untoward.

The next vital step was to ensure the device had been switched off to prevent the scammer having any further access.

The user then confirmed (after the long call) that Barclays had assured her that there hadn’t been any fraudulent activity on the account, and also stated that -

“If they had given admin rights, the scammer could have potentially wiped out the company bank account." Once we had the confirmation we needed, our next step was to make a physical visit onsite, where we carried out the following essential steps:

  • Made sure the user had confirmed with Barclays if this was genuine or not

  • Made sure the affected computer WAS turned off and unplugged from the network to prevent any further access

  • Reset the accounts that the user had access to

  • Advised the user to reset any other passwords to websites that they use

  • Set the user up on a new device

  • Wiped the device and reinstalled the operating system

What This Incident Highlights

This incident and others similar is the importance of users within your organisation NOT having local admin rights on their computers, as the changes they can make could have dire consequences.

This is why, at JamCrackers we don’t allow managed clients to be their own local admins, and any changes must be approved by ourselves in order to prevent these types of potentially crippling cyber attacks.

What Barclays Says

The following text is taken directly from www.barclays.co.uk and explains exactly what happens if they contact you.

What to expect if we contact you

If we do call, we’ll never ask for your passcodes, passwords, PIN, card details, PINsentry codes or sensitive account information. If we send you a text message, we’ll only ask you to reply with a ‘Y’ or an ‘N’. (These text messages are free to reply to in the UK and will cost no more than a standard text from other countries).

If you get a call, voicemail or a text from someone claiming to be from our fraud team and you think it’s suspicious, call us back using the number on the back of your card. Always make sure the line is clear first, to ensure the fraudster isn’t still on the line.”

How Can Cyber Attacks Affect Your Business?

Cyber attacks, however they happen can have devasting effects on any business, such as:

Financial Losses

As in a banking scam, cyber attacks can result in direct financial losses through theft of funds, extortion payments, or fraudulent transactions. Additionally, businesses may incur expenses related to remediation efforts, regulatory fines, and legal fees.

Disruption of Operations

Downtime caused by cyber attacks, such as ransomware or distributed denial-of-service (DDoS) attacks, can disrupt business operations, leading to lost productivity, missed deadlines, and decreased revenue. In severe cases, prolonged downtime may even threaten the viability of the business.

Damage to Reputation

A cyber attack can tarnish a company's reputation and erode customer trust. Breaches involving the theft of sensitive customer data can result in public backlash, negative media coverage, and loss of goodwill. Restoring trust and rebuilding reputation can be a long and arduous process.

Intellectual Property Theft Cyber attacks targeting intellectual property (IP) can have long-term consequences for businesses, including loss of competitive advantage, compromised innovation, and damage to brand value. Stolen IP may be sold on the dark web or used by competitors, undermining the original company's market position.

Regulatory Compliance Issues

Many industries are subject to stringent data protection regulations, such as the General Data Protection Regulation (GDPR) or the Health Insurance Portability and Accountability Act (HIPAA). A cyber attack resulting in data breaches can lead to non-compliance penalties, regulatory investigations, and reputational damage.

Supply Chain Disruption

Businesses interconnected through supply chains are vulnerable to cyber attacks targeting suppliers or partners. A breach in one part of the supply chain can cascade through interconnected systems, disrupting operations and affecting multiple organizations.

Loss of Customer Trust

Customers expect businesses to safeguard their personal and financial information. A cyber attack that compromises customer data can lead to loss of trust, customer churn, and negative word-of-mouth publicity, impacting long-term relationships and revenue.

How To Guard Your Business Against Banking Scams

As with any type of scam, prevention is always better than cure, so here’s a short list strategies you could implement to help protect your business from banking fraud and scams.

✔Train Your Employees

Provide regular training to employees on cybersecurity best practices, including how to recognise phishing attempts, suspicious emails, and social engineering tactics. Educate them about the importance of protecting sensitive information and adhering to company security policies.

✔Implement Secure Banking Practices

Implement strong authentication measures for online banking, such as multi-factor authentication (MFA) and token-based authentication. Regularly review and update access controls to limit the number of employees with banking privileges.

✔Monitor Accounts

Monitor your business accounts regularly for any unusual or unauthorized transactions. Set up alerts with your bank to notify you of large or suspicious transactions.

✔Implement Dual Authorisation

Implement a dual authorisation process for large or high-risk transactions, requiring approval from multiple authorised individuals within the organization.

✔Segregate Duties

Segregate financial duties among multiple employees to prevent a single individual from having control over all aspects of financial transactions. This reduces the risk of internal fraud or collusion.

✔Conduct Vendor Due Diligence

Conduct due diligence on third-party vendors and service providers that have access to your financial systems or sensitive information. Ensure they have robust security measures in place to protect your data.

✔Have Regular Reviews

Conduct regular reviews of your financial systems, controls, and processes to identify and address any vulnerabilities or weaknesses. Keep software and systems up-to-date with the latest security patches and updates.

✔Install Fraud Detection Tools

Implement fraud detection tools and software that can help identify suspicious patterns or anomalies in financial transactions. Consider using artificial intelligence (AI) and machine learning technologies to enhance fraud detection capabilities.

✔Carry Out Employee Background Checks

Conduct thorough background checks on employees with access to financial systems or sensitive information. Screen for past criminal activity or financial fraud.

✔Get Cyber Insurance

Consider investing in cyber insurance to mitigate the financial impact of a data breach or cyber attack. Ensure the policy provides coverage for losses related to banking fraud and scams.

And, if you think you’ve been a victim of fraud…

Whether you’re a business, a charity or another type of organisation, if you’ve been a victim of fraud or cybercrime contact Action Fraud on 0300 123 2040 immediately, where specialist advisors are available 24/7.