Thomas Dickson walks us through a recent fraud case where a Wealthwide client almost lost £16,000 to a fraudster.
Last month one of our clients, who’s recently retired, nearly lost £16,000 to a fraudster. It was a slick and well-crafted scam involving email hacking, impersonation, and cloning a legitimate bank’s documents.
The only reason our client didn’t lose thousands of pounds, was because he read the small print. He had the foresight to pick up the phone to his financial adviser.
This is just the latest scam that has crossed my desk in recent months. In the UK, fraud has risen to a level where it poses a ‘national security threat’, according to the banking trade body, UK Finance.
In the first half of 2021, £754 million was stolen from consumers. That’s a rise of 30% on the same period in 2021.
Most of us think we’d be able to spot a scam. But criminals are employing increasingly sophisticated tactics, making it hard to tell if it’s a scam or not.
Although our client is happy for me to share his story, to help prevent others falling victim to fraud, he’d prefer to remain anonymous. So I’ll refer to him as Client A.
In September this year, Client A’s email account was hacked, allowing the criminals to trawl through his correspondence. They noticed that in July 2021, Client A had been working with one of our financial advisers, Ranjit Virk, and had made a sizeable investment.
The criminals worked quickly to set up a new domain (which looked very similar to our company name). They emailed Client A pretending to be our adviser Ranjit.
They took the trouble to copy and paste Ranjit’s signature, our company footer, and the logo of our professional association. The email was well-written and didn’t contain any grammatical or spelling mistakes. Everything seemed plausible.
By impersonating Ranjit, they were able to recommend Client A open a savings account with a bank called Allica. This is a genuine, bona fide, UK-registered bank.
The interest rate they were offering was 1.2% per annum. So it didn’t look too good to be true and therefore seemed genuine.
Assuming that his trusted financial adviser was keeping him up to date with good investment opportunities, Client A agreed to place £16,000 in the ‘savings account’. Thereby benefiting from a slightly higher rate of interest.
Confirmation of payee
The scammers were quick to follow through with an email explaining how Client A should make the transfer. They also attached a cloned Allica Bank pdf with all the terms and conditions you’d expect.
Although this looked genuine, our client became suspicious when he read the following: ‘Our payment processor Modulr is a private bank and clearinghouse. Hence it does not support CoP (confirmation of payee). Which is only mandatory for high street banks.
‘This means, when you add your [which should read ‘our’] account details as a new payee to your account, your bank will respond with a warning note “cannot verify payee”.
‘You may proceed with the transfer. This is the response you will get when a receiving bank does not support the confirmation of payee.’
Client A was correct to stop in his tracks. Confirmation of payee is a crucial banking defence against scammers. It is implausible that any financial professional or UK bank would suggest ignoring the warning note ‘cannot verify payee’, and carry on with a transfer.
The ‘instructions’ continue: ‘As you are transferring a large sum of money out of your account, you may experience some security checks with your bank.
‘These checks are come on and required to be performed by all banks randomly. [did you spot the mistake in this sentence “come on” instead of “common”? It’s an unlikely error for a genuine bank pdf document]. If you do, please call your bank and inform them you are transferring funds to your account. Then authorise and instruct them to process the transfer.’
This was the fraudsters attempt to circumvent the bank’s fraud prevention security checks and instruct Client A how to get round them.
Fortunately, alarm bells were now ringing in Client A’s ears. He called our adviser, Ranjit, and quickly established that his email account was hacked. And that the ‘investment opportunity’ was in fact a sophisticated scam.
A victim of fraud
This is just one of many scams our clients have endured in recent years.
One of the most distressing cases was the targeting of an elderly lady. She received a phone call from someone pretending to be a police officer. He claimed to need her help to catch a cashier at her local bank, who was suspected of embezzlement. The ‘officer’ then convinced her to withdraw £6,000 from her savings account, and pass the cash to a courier, which she did in good faith.
Clearly it was a scam. Although the bank rejected her claim for compensation, we encouraged her to go the financial ombudsman who ultimately ruled in her favour.
Several months ago, another of our dental clients received an email from his builder on a Saturday morning. The so-called builder, explained his van had been broken into and asked our client to immediately transfer £2,000 to his bank account, so he could re-stock and carry on with the building work. The new bank account details were on the email.
The client transferred the money before he called the tradesman who explained his email account was hacked.
Anyone can become a victim of fraud. Not only is it financially painful, it is a distressing and humiliating experience.
We encourage people to talk openly with their family and friends (especially elderly parents and children) about the possibility of scams and some of the scenarios and tactics scammers use.
Most importantly, if you feel you are being pressured or rushed to transfer money, it’s important to stop. Take stock of the situation and talk to a trusted professional or friend.
Wealthwide security checks
To ensure clients don’t fall victim to fraudsters, many financial institutions, have brought in additional security checks. At Wealthwide, we advise our clients:
- That we no longer send bank account details by email. We only use secure and trusted password protected portals
- If you are transferring a large amount of money, you should always call the payee whether it’s an institution or individual – on a number that you know to be correct – to double check
- To use password managers such as Lastpass or 1password so you can:
- Set up complex passwords with a mix of numbers, letters and characters
- Have different passwords for every company
- This helps protect your other sites/portals if one organisation does get hacked and reveal your password
- To read the Take Five website takefive-stopfraud.org.uk, which highlights the following steps:
- Stop – take a moment to stop and think before parting with your money
- Challenge – could it be fake? It’s ok to reject, refuse or ignore any requests. Only criminals will try to rush or panic you
- Protect – contact your bank immediately if you think you’ve fallen for a scam and report it to Action Fraud.