Fraudsters like confusing and disorienting people. Successful ones avoid obvious lines of approach and try things you wouldn't expect. A recent story highlights this, with a particularly devious method of parting someone from their money.
The Daily Record reportsscammers running off with an $11,000 haul from a lady in Scotland. They did this by subverting expectations and drawing attention to a theft that never happened.
Distraction and subterfuge
Impersonation fraud is a huge problem. It weaves into several forms of cybercrime, such as phishing, fake customer support agents, fake deliveries, and even bogus charity donations.
One of the most interesting choices fraudsters make is to run a scam that specifically draws the victim's attention to fraudulent activity, real or otherwise. It sounds counter-productive, but it's the last thing people would expect.
Someone calling and claiming to be your bank will raise multiple red flags, even before asking for banking details. Getting a call from someone saying they blocked a potential thief from stealing your savings? That will set many people at ease, which fraudsters are hoping for.
Borrowing from the tech support scam playbook
A scam such as this usually follows a pattern. The attacker:
- Calls, claiming to have spotted an attempted fraud or stopped an unauthorized transaction.
- Asks if you can help with inquiries related to the non-existent attack.
- Requests banking information.
The attack against the Scots lady splits off from this pattern somewhat, incorporating tactics more commonly seen in tech support scams. Instead of asking for banking information, the attacker says they can help prevent future fraud attempts and advises the target to download Any Desk, a legitimate app that acts as a remote access tool to someone's phone.
The end result is that the attacker used their access to steal a significant chunk of the victim's life savings. Inspector Laura Hamill, a member of the Paisley community policing team, told the Daily Record that the victim "...was left understandably distressed after having a large sum of cash stolen from her account through the use of an app which she was convinced to download to her device."
How to deal with fraud support
Banks tend to have strict rules about how their fraud team calls operate. Here are some things you can look out for when deciding if a call is genuine or not.
- If fraud is detected, banks will try outreach after putting a hold on your card. There may be automated calls, texts, or voicemails. These usually ask you to call a dedicated number on the bank’s website.
- Regardless of the outreach method, the bank never asks you for full passwords, PINS, security codes, passwords, or anything displayed on authenticator devices.
- Banks don't send fraud warnings via email. If you receive one, with or without a clickable link, don’t reply. Call your bank.
- Your bank may have its own banking app for online mobile banking. They will never ask you to download remote access tools.
- If you doubt the correct bank contact numbers, your bank should at least have a helpline number printed on the back of your card.