Scammers pose as banks ‘to get personal data’

Tips for spotting hackers include comparing the sender's email address. Picture: Getty/iStockphoto
Tips for spotting hackers include comparing the sender's email address. Picture: Getty/iStockphoto
Share this article
Have your say

Scammers are using the names of government departments and well-known banks and companies as they try to part consumers from their bank details, according to a new study.

Research by consumer group Which? found there are a range of frauds, varying in their sophistication.

In one of the “phishing” scams, the consumer is sent an email which looks as though it comes from a government department. In fact, it is designed to solicit personal information from the recipient.

Which? members monitoring scam communications received two versions of this type.

One claimed to be from Her Majesty’s Revenue and Customs and said that the recipient was due a tax rebate, and others claimed to be from Government Gateway. The genuine Government Gateway website is used to access government services, such as those for tax self-assessments.

The two versions had a document to download – which was likely to contain a virus – or a link to follow asking the person to fill in their details. The more sophisticated versions used the relevant government department logo.

Advice for spotting that this is a scam was to watch out for poor English and to check the genuine email address and compare it with the sender’s address, as this will be another giveaway.

In another scam, those behind it use well-known brands for their phishing and masquerade as a popular service or shop. The companies most commonly mimicked were Amazon, BT, Apple iTunes, Paypal and TalkTalk.

Common communications were to say the consumer’s account had been frozen, that they had ordered something they had not, or there was a security alert on their account.

All gave a link to a website asking for personal details.

When researchers clicked through to see where they would end up, they found fake websites which cleverly mimicked the originals. When a person fills in the relevant details, for example to verify their iTunes account, they inadvertently give the scammers access to the relevant account or their bank details.

People are advised to check URLs to spot a fake.

Scams involving the use of the names of banks feature the scammers saying there has been unusual activity on a bank account or card. The person is told they need to verify their details – if they do, they give the scammers access to their accounts.

The companies most commonly spoofed were Barclays, Lloyds and Santander.

The companies, government departments and banks which are used have nothing to do with the scams.

Other kinds of scam include fake lotteries and competitions, fake gift cards and fake debt collection.

Some 25 Which? members were asked to log all the scam calls, mailings and emails they received in the course of a month and the total number recorded was 477.

A Which? spokesman said: “Although our scam hunters were selected from a group of Which? members who said they already received some scam communications, we didn’t expect them to be bombarded by an average of nearly 20 each in just four weeks.”

Most scammers got in touch by email, but 5 per cent used phone calls and this figure excludes the many silent calls the panel also received.

The consequences for those who do fall for scams can be devastating. Experts from trading standards said one victim had lost £60,000 on fake competitions and another had lost £9,000 to a bogus lottery scheme.