I have been the target of bank fraud three times, once successfully, in the last two years.
Based on recent articles in the media it appears that this type of fraud is reaching epidemic proportions in 2024. It really started during 2020, when people were stuck at home and some decided that, rather than watching Netflix or learning how to make sourdough bread, they would instead steal money digitally.
My first brush with this was in 2022, when someone obtained my personal debit card details, most likely from a data breach from a poorly secured online shop, and used it to purchase a variety of pieces of furniture from an online retailer.
My joint bank account with my wife is secured with two factor authentication and the way around this seemingly was to make a telephone order, thus bypassing the website’s and my bank’s use of this feature. Oddly the retailer didn’t question why someone couldn’t pay online, would want several sofas in different colours and materials sent to the same address, and gave my address in West London as the ‘invoice address’ but asked for the goods to be shipped to a housing estate in Manchester.
Unsurprisingly, I noticed the £4,000 payment quite quickly and the order was cancelled by the retailer and the money returned. If you saw the furniture they chose you would appreciate this was both a financial and an aesthetic crime.
The next attempt was a telephone call from an unknown number a few months back. They claimed to be calling from my bank and told me that I needed to speak to the fraud team, they then put me on hold and dialled in my own bank to the same call – in the expectation that I would give over my security details whilst they listened.
My bank uses voice recognition as their primary security feature and when that failed (I think because the scammers were jamming the line somehow) I became suspicious and instead of trotting out my security codes I put the phone down. I then called the bank using their published telephone number and of course they had no record of the supposed fraud I was being called about.
Last week I received a call on the main Praxis number from a person pretending to be from one of the practice’s two banks. Again, they told me about a ‘suspected fraudulent telephone banking payment’ on our account and gave me a number to call. This time the penny dropped much sooner because some of the details of the fraud didn’t accord with the security features we have for the business, such as transaction limits and multiple authorisations.
I tell you all of this, with a slightly tongue in cheek tone, because if someone with an audit and business background has been targeted, and didn’t always realise, then I think everyone is at risk.
Understanding the threats
Phishing emails and texts
Phishing emails or texts are fraudulent messages that appear to come from legitimate sources, such as your personal or business bank or other financial institutions. These emails typically urge you to click on a link or download an attachment, which then directs you to a fake website where your personal information can be captured.
Phone scams
Phone scams involve fraudsters calling you and posing as bank representatives. They may claim there is an urgent issue with your account and ask for sensitive information, such as your account number or password. These calls often sound convincing, as the scammers use professional language and tactics to gain your trust.
Social media
Social engineering involves manipulating individuals into performing actions or divulging confidential information. Fraudsters may gather information about you from social media or other sources and use it to then make contact with you.
Preventive measures
Verify communication
Always verify the authenticity of any communication claiming to be from your bank. If you receive an email or phone call asking for personal information, do not respond immediately. Instead, contact your bank directly using a known and trusted phone number or email address to confirm the request.
Use strong passwords
Ensure that your online banking accounts are protected with strong, unique passwords. Avoid using easily guessable passwords, such as your birthday or simple sequences like “123456.” Consider using a password manager to generate and store complex passwords securely.
Two-factor authentication
Two-factor authentication (2FA) adds an extra layer of security to your online accounts. With 2FA enabled, you will need to provide a second form of verification, such as a code sent to your mobile phone, in addition to your password. Personally, and professionally, I would not deal with any bank or financial institution that does not offer this protection.
Be cautious with links and attachments
Exercise caution when clicking on links or downloading attachments from emails, even if they appear to be from a trusted source. Hover over links to check their true destination before clicking and avoid opening attachments unless you are certain of their legitimacy. Consider using software to scan links for threats, such as Mimecast.
Monitor your accounts regularly
One would expect that for business accounts this is done at least weekly anyway! Regularly monitoring bank accounts allows you to quickly detect any unauthorised transactions. Set up account alerts to receive notifications of any suspicious activity, and review your statements carefully each month.
Protect your information
Be mindful of the personal information you share online and over the phone. Avoid disclosing sensitive information unless absolutely necessary, and never share your banking details with anyone who contacts you unsolicited.
Train people around you
In a business context, all staff regardless of their role have a part to play in preventing fraud. Given the level of fraud risk I think training should be mandatory in all businesses, and subject to occasional refreshers.
A final note
Luckily for me and for Praxis, none of the frauds described above resulted in any loss to us. I am aware that some of our clients have suffered losses in the past and my humour isn’t intended to underplay the effects of these losses on businesses or individuals affected.
The £3m a day being lost to fraud is ultimately a cost to business and passed back to customers through prices, and also to society if the money ends up in the hands of organised criminals, so the more we each do to prevent fraud the better for everyone.
About the author
Alex Shall is a general practice ICAEW Chartered Accountant and business advisor.
Alex works principally in the professional practices sector, advising architects, designers, engineers and other consultants on financial reporting, commercial and taxation matters. He also works on succession planning and dispute resolution for professional practices.
