Victims of bank transfer scams could be left unprotected following a decision by Pay.UK to reject a proposal from seven banks and building societies to collectively fund a reimbursement pot for people who have been scammed. The proposal suggested that a 2.9p levy be placed on some types of payments. The collected monies would have gone into a fund to refund victims.

Pay.UK is the leading retail payment authority, which was tasked with making the decision. The organisation rejected the proposal following consultation. It said that there was no industry consensus to finance a central fund to reimburse victims.

Currently, if someone falls for a bank transfer scam their bank is not obliged to make a refund. Many banks and building societies take the position that it is the responsibility of the account holder to ensure they are making payments to bona fide recipients. That said, a voluntary code requiring banks to reimburse affected customers who meet specified criteria took effect on 28 May 2019. But the funding arrangement that bails out some of the victims of bank transfer scams is due to end on 31 December 2019.

Bank transfer scams

Bank transfer scams are common and take many forms. Here are just a few examples:

  • Four men conned 100 victims out of almost £552,000 by placing fake adverts for non-existent products and services online. They convinced the victims to make a payment via a bank transfer.
  • Scammers will use a familiar email address such as one that looks as though it comes from a friend, employee or boss. They will ask for money to be urgently transferred and it usually comes with an emotional plea of sorts, they’ve lost their payments card, purse or wallet and need to catch a flight or book a hotel.
  • Similarly, scammers may use an email from the head of a company to try and con employees into making a bank transfer. Financial departments can be particularly vulnerable if a scammer gets hold of real email accounts within a company and uses them to fake invoices. The fraudsters will also often use a company's letterhead or accounting forms to burnish the appearance of a genuine mail. Only last month a worker at a Japanese media giant Nikkei let $29 million of the company's money slip through his fingers after falling for one of these phishing emails.

Mounting losses

In the UK more than £1 million a day is lost to scams in which people are duped into authorising a payment to an account controlled by a criminal. The banking group UK Finance said fraudsters stole £616m from UK bank customers during the first six months of 2019. From this figure, £207 million was attributed to bank transfer scams. This represents a 40% increase on the same period in 2018.

How to stay safe

  • When making a purchase, be extremely wary of any requests to pay by bank transfer or virtual currency instead of safer methods, such as credit card or payment services such as PayPal.
  • Listen to your instincts, if something feels wrong then don’t hesitate to question it. Don’t pay for goods or services unless you know and trust the individual or business.
  • Personal information obtained from data breaches and hacks is making it increasingly easier for fraudsters to create highly targeted phishing messages and calls. On the surface, these mails and calls may seem legitimate so it's easy to fall for them. But rather than respond, find the contact details for the organisation the caller or mail claims to be from and contact them to verify the message.
  • You shouldn’t assume a caller is genuine just because they’re able to provide some basic details about you. This information could have easily been gathered from the dark web where there is a large underground trade in stolen ID details.
  • Finally, always be suspicious of unsolicited requests for your personal or financial information, for instance, an email that directs you to a website in which you are expected to enter your personal information.

Safeguards and cyber protection

It’s a fact that many bank transfer scams start with stolen ID data. Cyber criminals buy up hacked data from the dark web. This includes all sorts of information from loyalty card details, email addresses passwords, physical addresses, national ID information and more.

With this level of information, fraudsters can develop and launch elaborate scams that appear convincing. Perhaps one of the most potentially damaging is gaining access to email addresses.

  • In one example a house seller was set to receive £333,000 from a solicitor following a property sale. A hacker, who had access to the seller's email account, intercepted the email, and posing as the client sent new bank account details to the solicitor. The solicitor, as requested, transferred the money to the attacker’s account believing it to be the house seller. Thankfully the seller realised what had happened and was able to notify the bank before it was too late.

Being aware of how bank transfer frauds happen is critical to identifying and not falling for them. However, equally important is protecting personal data so hackers can’t get their hands on it in the first place.

BullGuard Premium Protection safeguards all the ID information you want to protect. It scans thousands of sources where stolen data is traded and should it find your information you receive an immediate notification allowing you to take protective measures before attackers can exploit it. Check it out here.