CRIME BYTES: Banks and vishing frauds: who’s responsible?
This month Clare hears a story from a fraud victim, and takes a look at how banks sometimes react to victims of vishing frauds.
According to a 2015 report by the FOS, increased security in online banking has made fraudsters look for new ways to defraud. A key example of this is ‘vishing’ – whereby social engineering tactics are used over the telephone in order to elicit personal and/or financial details from a victim. Given that the victim hands over information that enables the fraud, this raises two key questions – who should take responsibility and who gets their money back?
Just last month, a friend of mine mentioned that somebody close to them had been a victim of vishing fraud. It was the description of the events that sparked my attention to this particular fraud type and how it’s dealt with by banks. In this case, the victim knew straight away that they had given out personal details over the telephone, so they called their bank to report the fraud. It took twenty minutes for the bank to connect the victim to the fraud department. Interestingly, according to my friend, when the victim was on the telephone to the bank, the bank was more interested in blaming the victim for giving out personal information when their immediate priority arguably should have been taking action to thwart the fraud.
Fortunately, my friend happened to be with the victim at the time, and assisted the victim to quickly: transfer all remaining money from the attacked account into a separate account; call their bank and the police; and subsequently call Action Fraud. Luckily fast actions in this case meant that their bank did realise that a fraud was in action, and the money was (eventually) safely returned. But not all people are so quick to notice, and not all banks react in the same way.
Indeed, according to one Telegraph report, almost half of all scam victims lose their money because banks claim that the victim is to blame. In one study reported in the same article, nearly 4 in 10 victims of frauds do not get their money back following the incident; although the Financial Ombudsman Service estimate this figure to be as high as 74% for vishing fraud victims. According to the same report, it can be in your banking T&Cs that any fraud against your bank account may be seen as carelessness on the part of the victim, and this is one of the reasons many people will never get their money back after a vishing scam. Similar reasons are given in other types of fraud, such that the victim may have been careless with pin numbers in cases where fraudsters take out cash with a victim’s card.
Specific advice on how to prevent/spot a vishing scam is limited even on Action Fraud’s website, however here are some steps Action Fraud do recommend:
- Never give out any personal details on the telephone
- Never reveal passwords or sensitive information
- Don’t ever assume that anybody who has sent you a text or an email is who they say they are
- If in doubt, check it’s genuine by asking the company itself. Find the official company (such as bank) customer support number. Use a different telephone if you can.
If you would like to know more about our current research on fraud, please click here. If you think you or anyone you know may have been a victim of fraud, please visit the Action Fraud website for details of how to report it.
Written by Clare Barrett, Researcher at Perpetuity Research.