"I went online and 'Frozen Account' was written across my screen"
The problem of push-payment fraud is not going away. I’m talking about the scam where crooks persuade their victims to transfer cash out of their account into a dodgy account. If you think it couldn’t happen to you, think again.
The techniques used are highly sophisticated and high-pressure. I believe that, given certain circumstances, any of us could fall prey to the fraudsters.
Take reader JS of Basingstoke. Last October, he got a phone call from someone who said he was from NatWest’s fraud team. The caller knew JS’s address, his date of birth, his mother’s maiden name and his wife’s name. He asked if JS had transferred £400 to PC World, which he hadn’t. The caller then warned that JS’s account had been breached and he needed to take action.
Naturally suspicious, JS asked for verification that the caller was genuinely from NatWest. He was told to check the number caller on his phone with that on the back of his credit card. It was the same. This is a trick that scammers can carry out – they can make phone calls appear as if they’ve been made from a different number.
The caller then said he needed to act fast to prevent further withdrawals, so he asked JS to go online and said the fraud team would freeze his account.
JS says: “When I went online, the words ‘Frozen Account’ were written in large print across the top of my account. This convinced me that he was an authentic member of the NatWest staff.
“He then said that the next step was to set up a new account for me; he used key phrases like ‘your account is still vulnerable’, ‘it is still at risk to being accessed’ and ‘we need to safeguard your funds’. Then he took me through the process of setting up a new account in my name.”
You can guess the rest. He was a crook, and JS ended up transferring £30,000 into a bogus account.
Now here is the story of MM of Oxford. She was on the bus when she got a phone call from what appeared to be NatWest’s fraud department. She checked on the web to confirm it was the right number and it was.
The caller warned her that they had seen some suspicious activity on her NatWest account.
MM was suspicious but the caller mentioned some of her direct debits and even knew the amounts paid out, which helped convince her he was whom he said he was.
She was told to log on to her online account, which had been frozen. When she got home, she logged on to see that the account was ‘under review’.
MM continues the story: “I was fretting. The caller told me to calm down and told me to transfer my money into a safe account.”
You know what happened next. MM lost more than £5,000 – all her savings.
Both victims have been given short shrift by NatWest.
The bank appears to believe that the victims have brought the situation on themselves by responding to a phishing email.
It told me: “We are aware fraudsters are using a new technique in an attempt to dupe customers into thinking the bank has suspended or frozen their accounts. Fraudsters do this by first obtaining the customer’s security credentials for digital banking by means of a phishing email, scam phone call or spoofed text.
“We continuously provide warning messages to digital banking users that this information should never be divulged. Once the fraudster is able to access the customer’s digital banking, they then change one or more of their account names to display words such as ‘Frozen’, ‘Suspended’ or ‘Blocked’. The account itself is not blocked or frozen at all.”
NatWest and RBS customers seem to be a chief target for these fraudsters.
Consumer group Which? reported that between May 2018 and the first week of January 2019, its helpline spoke to 19 victims where a fraudster impersonated a bank: all but one claimed to be from RBS and NatWest.
Which? reported: “Alarmingly, it appears criminals have been able to hack into NatWest/RBS online and mobile accounts, allowing fraudsters to confirm specific debit card transactions, move money between accounts and even mark them as ‘suspended’.”
RBS told me: “We invest heavily across all our channels to continuously enhance security features to protect our customers. Additionally, we continue to deliver educational messages to customers through all our channels and social media platforms, advising customers on how to stay safe and protect themselves from falling victim to fraud and scams.”
That puts all the responsibility on customers, which I think is unfair. Banks have a duty to protect their customers from crooks, not blame them for becoming victims of fraud. I’ve advised both victims to take their cases to the Financial Ombudsman where I hope they’ll get a more positive response.
But there is a clear warning for all customers of RBS and NatWest: if you become a victim of fraud, you may be left on your own.