How Scammers Are Trying To Use Your Computer To Steal Your Cash

Financial Fraud Action UK (FFA UK) has raised the alarm ovr a new style of telephone scam in which fraudsters impersonate major companies in order to take over computers and steal money from online bank accounts.

FFA UK, a body set up by the financial services industry to combat fraud, said criminals are using technology to take control of victims’ computers from remote locations, after
telephoning them and offering to help with a slow computer or Internet connection. The organisation has noted a recent increase in reports of this type of scam.

Impersonating companies

To carry out the fraud, scammers are impersonating internet service providers, computer companies, banks, software firms and law enforcement. They are also claiming to be calling as a result of recent high-profile data breaches.

The scammers claim there is a problem with the victim’s computer or internet service which is causing it to run slowly. They say they can fix it but need to access their computer to do so.

Victims are then asked either to visit a website or enter a command prompt on their computer, which gives the scammers control of the machine remotely. The fraudster will take some time to ‘fix’ the problem, in some cases as long as 30 or 40 minutes.

During the call, the scammer will either tell the victim they are entitled to compensation or pretend to put them through to a supervisor, who will make the offer. The scammer will say they are sending the money and will ask the victim to log into their bank account to check it has arrived.

But the criminals will still have access to the computer and will put up a fake screen which makes it appear the money has arrived. Working in the background, they will take money from the victim’s bank account. Alternatively, the scammers may transfer money between accounts to make it look like payment has been made.

The fraudster may also ask for a bank passcode sent by text message or generated by a card reader, claiming that this is required to process the refund. But this code will actually enable them to set up a new payee and take funds from the victim’s account.

In an alternative version of this scam, fraudsters may say the money has been sent but they have accidentally sent thousands of pounds, rather than hundreds, an error which will cost them their job. They will transfer money between the victim’s bank accounts to make it seem as if they have sent too much. In this case, the fraudster will ask for the difference to be refunded via wire transfer.

How can you ensure you and you and your business don’t fall victim to the scam? Here’s what security specialists had to say:

Katy Worobec, director of Financial Fraud Action UK, FFA UK

“Fraudsters are cunning and will go to great lengths to steal your cash. This scam is just another example of the tricks they will use. You should never let someone else have access to your computer remotely, especially if they have contacted you via an unsolicited phone call. If you are in doubt, then call the organisation back on a number you trust; if they are legitimate they will understand.

“Do not share your bank account details with anyone and make sure any computer you use to log onto your internet banking is secure.

“To avoid falling victim to this scam, you:
• Should be wary of unsolicited approaches by phone claiming to offer a refund
• Should avoid letting someone you do not know or trust have access to their computer,
especially remotely
• Should never log onto your internet bank while someone else has access to your computer
• Should not share one-time passcodes or card reader codes with anyone
• Should not disclose your 4-digit card PIN or your online banking password, even by tapping
them into the telephone keypad.”

Jonathan Sander, Lieberman Software

“This is an attack on what’s been one of the weakest links in cybersecurity, the human being. There are, of course, computer elements to this attack. But the real trick is fooling the human. The only possible defenses are to educate the human and also make sure no human has more access than they need.

“No one would let someone walk up to their car and allow them to take the keys and drive it around the block to test it, unless that person was clearly from the car company or a trusted party like their roadside assistance provider. What’s happening here is a person walks up, talks a bit of IT sounding rubbish, and the victim’s fear of being seen as ignorant of IT becomes the psychological level to make them comply.

“Organisations need to make sure employees know that no one will ever call out of the blue with requests like this. Or, if the organisation’s processes are so chaotic that someone might, they need to button that down to make things more clear for everyone.”

Kevin Epstein, Proofpoint

“Proving that the weakest links in security remain all of us, this scam which was previously confined to tricking Senior Citizens uses a phone call to leverage the same social engineering tactics that have been so successful persuading users to click email links and open attachments.

“Regardless of the source, the result is the same – users volunteering access to their systems – and this ongoing challenge reemphasizes the need for modern targeted attack protection and threat response systems. Security professionals need to protect users not only against attackers but against their own human tendencies.”

Duncan Macrae

Duncan MacRae is former editor and now a contributor to TechWeekEurope. He previously edited Computer Business Review's print/digital magazines and CBR Online, as well as Arabian Computer News in the UAE.

View Comments

  • These computer related scams have been around since years ago. People should have been aware of that, since it easy to find warnings and reports about them throughout the internet. I even almost everyday can find people reporting these computer scams at sites like http://whycall.me. Beside that, there have been so many warnings issued by major computer/software companies like Windows and Microsoft since years ago. Read them all, people.

Recent Posts

Google Jarvis AI Extension Leaked On Chrome Store

Seemingly accidental leak reveals Google is developing Jarvis AI extension that can browse the web…

7 hours ago

Amazon Mulls New Multi-Billion Dollar Investment In Anthropic – Report

Amazon is reportedly in talks to pump billions of dollars more into AI start-up Anthropic,…

10 hours ago

FTX’s Caroline Ellison Begins Her Two Year Prison Sentence

Star witness for the US prosecution of FTX founder Sam Bankman-Fried, has begun her two…

11 hours ago

More Layoffs For iRobot Staff After Abandoned Amazon Deal

After axing 31 percent of its workforce when it failed to be acquired by Amazon,…

1 day ago

Mozilla Foundation Confirms Layoffs, Eliminates Advocacy Division

Mozilla Foundation axes 30 percent of its staff, and is eliminating its Advocacy Division that…

1 day ago

Google To Make MFA Mandatory Next Year

Improving security. Mandatory multi-factor authentication (MFA) is coming to the Google Cloud by the end…

1 day ago
  翻译: